{
"openapi": "3.0.0",
"info": {
"title": "Web Admin Backend services",
"version": "2.1",
"license": {}
},
"paths": {
"/wsfed/sso": {
"post": {
"description": "wsfed SSO.
\n:: Note for website ::
\n+ Default request body is {data: ecdsa_string}
\n\n\n| **Headers** |\n|----------------------------------------------|\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n### authorization (required)\nJWT\n\n| **Request Body** |\n|----------------------------------------------|\n\n### wtrealm (required)\nwtrealm : string\n\n### wreply (optional)\nwreply : string\n\n### wctx (optional)\nwctx : string\n\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns information to perform WSFED SSO.
\nThis API throw an error if something goes wrong.\n",
"tags": [
"Authenticate"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"license": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "authorization",
"in": "header",
"description": "JWT Access Token / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/WSFEDRequest"
}
}
}
},
"responses": {
"200": {
"description": "Success",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/EcdsaEncryptDecryptResponse"
}
}
}
},
"400": {
"description": "Invalid request"
},
"401": {
"description": "Unauthorized"
},
"420": {
"description": "Service Provider claims could not be fulfilled"
},
"500": {
"description": "Internal Server Error"
}
}
}
},
"/webauthn/assertion/options": {
"post": {
"summary": "Get Assertion Options",
"description": "Get Assertion Options for login with security keys.
\n:: Note for website ::
\n+ Default request body is {data: ecdsa_string}
\n\n| **Headers** |\n|----------------------------------------------|\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 60 seconds from now\n\n### publickey (required)\nPublic key\n\n| **Request Body** |\n|----------------------------------------------|\n\n### username (required)\nusername : string\n\n### communityId (required)\ncommunityId : string\n\n### tenantId (required)\ntenantId : string\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns the assertion options for login with security keys.
\nThis API throw an error if something goes wrong.\n",
"tags": [
"WebAuthn"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"license": []
}
],
"parameters": [
{
"name": "licensekey",
"in": "header",
"description": "License key encrypted with ECDSA / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 60 seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/GetAssertionChallengeRequest"
}
}
}
},
"responses": {
"200": {
"description": "Success",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/GetAssertionChallengeResponse"
}
}
}
},
"400": {
"description": "Invalid request"
},
"401": {
"description": "Unauthorized"
},
"500": {
"description": "Internal Server Error"
}
}
}
},
"/webauthn/attestation/options": {
"post": {
"summary": "Get Attestation Options",
"description": "Get Attestation Options.
\nThis endpoint must be accessed by a logged in user.
\nUsername provided must match username stored in JWT.
\n:: Note for website ::
\n+ Default request body is {data: ecdsa_string}
\n\n| **Headers** |\n|----------------------------------------------|\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n### authorization (required)\nJWT\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns object containing properties for registering security key\n",
"tags": [
"WebAuthn"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"license": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "authorization",
"in": "header",
"description": "JWT Access Token / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"description": "\nIMPORTANT - you can send unencrypted data and you will get unecrypted data as well, it is only a preview available in Swagger\n\nFor Fido Key:\n```\n{\n \"attestation\": \"direct\",\n \"authenticatorSelection\": {\n \"requireResidentKey\": true\n }\n}\n```\n\nFor Platform:\n```\n{\n \"attestation\": \"direct\",\n \"authenticatorSelection\": {\n \"authenticatorAttachment\": \"platform\"\n }\n}\n```\n\nFor Macbook:\n```\n{\n \"attestation\": \"none\"\n}\n```\n",
"required": true,
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/AttestationOptionsRequest"
}
}
}
},
"responses": {
"200": {
"description": "Success\n\npublicKey is publicKey of User Management API, useful for decryption response\n\ndata is ECDSA encrypted object represents created auth module:\n\n```\n{\n \"rp\": \"object\",\n \"user\": \"object\",\n \"attestation\": \"direct\",\n \"pubKeyCredParams\": \"array object\",\n \"timeout\": 60000,\n \"authenticatorSelection\": {\n \"requireResidentKey\": true\n }\n \"challenge\": \"string\",\n \"excludeCredentials\": \"array object\"\n \"status\": \"ok\",\n \"errorMessage\": \"\"\n}\n```\n",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/EcdsaEncryptDecryptResponse"
}
}
}
},
"400": {
"description": "Validation data error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ValidationError"
}
}
}
},
"401": {
"description": "Unauthorized"
},
"500": {
"description": "Internal Server Error"
}
}
}
},
"/webauthn/security_key": {
"post": {
"summary": "Register security key or platform authenticator",
"description": "Register security key or platform authenticator
\nThis endpoint must be accessed by a logged in user.
\n:: Note for website ::
\n+ Default request body is {data: ecdsa_string}
\n\n| **Headers** |\n|----------------------------------------------|\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n### authorization (required)\nJWT\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns message if device has been linked successfully\n",
"tags": [
"WebAuthn"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"license": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "authorization",
"in": "header",
"description": "JWT Access Token / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"description": "\nIMPORTANT - you can send unencrypted data and you will get unecrypted data as well, it is only a preview available in Swagger\n\nRequest body should accept data from navigator.credentials.create() and tenantId and communityId\n",
"required": true,
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/RegisterSecurityKeyRequest"
}
}
}
},
"responses": {
"200": {
"description": "Success\n",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/RegisterSecurityKeyResponse"
}
}
}
},
"400": {
"description": "Validation data error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ValidationError"
}
}
}
},
"401": {
"description": "Unauthorized"
},
"500": {
"description": "Internal Server Error"
}
}
}
},
"/webauthn/authenticate_with_security_key": {
"post": {
"summary": "authenticate with security keys",
"description": "authenticate with security keys.
\n:: Note for website ::
\n+ Default request body is {data: ecdsa_string}
\n\n| **Headers** |\n|----------------------------------------------|\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 60 seconds from now\n\n### publickey (required)\nPublic key\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns the authentication information.
\nThis API throw an error if something goes wrong.\n",
"tags": [
"WebAuthn"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"license": []
}
],
"parameters": [
{
"name": "licensekey",
"in": "header",
"description": "License key encrypted with ECDSA / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 60 seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"description": "IMPORTANT - you can send unencrypted data and you will get unecrypted data as well, it is only a preview available in Swagger\n\nFor Fido Key:\n```\n{\n \"username\":\"string required\",\n \"tenant\":{\n \"id\":\"string required\",\n \"name\":\"string required\",\n \"tag\":\"string required\",\n \"type\":\"string required\"\n },\n \"community\":{\n \"id\":\"string required\",\n \"name\":\"string required\",\n \"publicKey\":\"string required\"\n },\n \"rawId\": \"string required\",\n \"authenticatorData\": \"string required\",\n \"signature\":\"string required\",\n \"userHandle\": \"string | null optional (can be empty or null)\",\n \"clientDataJSON\": \"string required\", // base64 string\n \"getClientExtensionResults\":{},\n \"id\":\"string required\",\n \"type\":\"public-key\"\n}\n```\n",
"required": true,
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/SecurityKeyLoginRequest"
}
}
}
},
"responses": {
"200": {
"description": "Success",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/AuthenticateResponse"
}
}
}
},
"400": {
"description": "Invalid request"
},
"401": {
"description": "Unauthorized"
},
"500": {
"description": "Internal Server Error"
}
}
}
},
"/webauthn/vendormetadata/{communityId}": {
"put": {
"summary": "add the security keys",
"description": "add the security keys.
\n",
"tags": [
"WebAuthn"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"license": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"name": "communityId",
"in": "path",
"description": "Community Id",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "authorization",
"in": "header",
"description": "JWT Access Token / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"description": "IMPORTANT - you can send unencrypted data and you will get unecrypted data as well, it is only a preview available in Swagger\n\n```\n{\n \"aaguid\": \"string required\",\n \"metadata\": \"string required\",\n \"name\":\"string required\",\n \"disabled\": \"boolean required\",\n \"updatedBy\": \"string required\"\n}\n```\n",
"required": true,
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/CreateSecurityKeyRequest"
}
}
}
},
"responses": {
"200": {
"description": "Success",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/CreateSecurityKeyResponse"
}
}
}
},
"400": {
"description": "Invalid request"
},
"401": {
"description": "Unauthorized"
},
"500": {
"description": "Internal Server Error"
}
}
}
},
"/webauthn/vendormetadata/{communityId}/fetch": {
"post": {
"summary": "fetch the security keys",
"description": "fetch the security keys.
\n",
"tags": [
"WebAuthn"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"license": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"name": "communityId",
"in": "path",
"description": "Community Id",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "authorization",
"in": "header",
"description": "JWT Access Token / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"description": "IMPORTANT - you can send unencrypted data and you will get unecrypted data as well, it is only a preview available in Swagger\n\n```\n{\n \"aaguids\": [\n \"string\"\n ]\n}\n```\n",
"required": true,
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/FetchSecurityKeyRequest"
}
}
}
},
"responses": {
"200": {
"description": "Success",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/FetchSecurityKeyResponse"
}
}
}
},
"400": {
"description": "Invalid request"
},
"401": {
"description": "Unauthorized"
},
"500": {
"description": "Internal Server Error"
}
}
}
},
"/webauthn/vendormetadata/{communityId}/aaguid/{aaguid}": {
"patch": {
"summary": "update the security keys",
"description": "add the security keys.
\n",
"tags": [
"WebAuthn"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"license": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"name": "communityId",
"in": "path",
"description": "Community Id",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "aaguid",
"in": "path",
"description": "aagu Id",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "authorization",
"in": "header",
"description": "JWT Access Token / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"description": "IMPORTANT - you can send unencrypted data and you will get unecrypted data as well, it is only a preview available in Swagger\n\n```\n{\n \"metadata\": \"string required\",\n \"name\":\"string required\",\n \"disabled\": \"boolean required\",\n \"updatedBy\": \"string required\"\n}\n```\n",
"required": true,
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/UpdateSecurityKeyRequest"
}
}
}
},
"responses": {
"200": {
"description": "Success",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/UpdateSecurityKeyResponse"
}
}
}
},
"400": {
"description": "Invalid request"
},
"401": {
"description": "Unauthorized"
},
"500": {
"description": "Internal Server Error"
}
}
}
},
"/verifyuser": {
"post": {
"description": "Verify user.
\n:: Note for website ::
\n+ Default request body is {data: ecdsa_string}
\n\n\n| **Headers** |\n|----------------------------------------------|\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n\n| **Request Body** |\n|----------------------------------------------|\n\n\n### tenantId (required)\ntenantId : string\n\n### communityId (required)\ncommunityId : string\n\n### username (required)\nusername : string\n\n### password (optional)\npassword : string\n\n### otp (optional)\notp : string\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns the user info, user_token and next. (password)
\nOr the user info, pon_data and jwt token. (otp)
\nThis API throw an error if something goes wrong.\n",
"tags": [
"Authenticate"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "authorization",
"in": "header",
"description": "JWT Access Token / Try Authorize 🔒",
"required": false,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/VerifyUserRequest"
}
}
}
},
"responses": {
"200": {
"description": "Success",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/VerifyUserResponse"
}
}
}
},
"400": {
"description": "Invalid request"
},
"401": {
"description": "Unauthorized"
},
"500": {
"description": "Internal Server Error"
}
}
}
},
"/users/fetch": {
"post": {
"summary": "Fetch users",
"description": "Fetch list of users.
\nThis endpoint must be accessed by an administrator.
\n:: Note for website ::
\n+ Default request body is {data: ecdsa_string}
\n\n| **Headers** |\n|----------------------------------------------|\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n### authorization (required)\nJWT\n\n| **Request Body** |\n|----------------------------------------------|\n\n\n### tenantId (required)\ntenantId : string\n\n### communityId (required)\ncommunityId : string\n\n### moduleId (required)\nmoduleId : string\n\n### pSize (default to 25) / max 100\npSize : number\n\n### pIndex (default 0)\npIndex : number\n\n### query (optional)\nquery : object\n\n### attributes (optional)\nattributes : array\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns the users info.
\nThis API throw an error if something goes wrong.\n",
"tags": [
"Users"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"license": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "authorization",
"in": "header",
"description": "JWT Access Token / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/UserRequest"
}
}
}
},
"responses": {
"200": {
"description": "Success",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/UserResponse"
}
}
}
},
"400": {
"description": "Invalid request"
},
"401": {
"description": "Unauthorized"
},
"500": {
"description": "Internal Server Error"
}
}
}
},
"/users/count": {
"post": {
"summary": "Count all basic users.",
"description": "- Any valid key can be used to count users.\n- Auth module must be available for the community.\n\n\n| **Headers** |\n|----------------------------------------------|\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n### authorization (required)\nJWT\n\n| **Request Body** |\n|----------------------------------------------|\n\n\n### tenantId (required)\ntenantId : string\n\n### communityId (required)\ncommunityId : string\n\n### moduleId (required)\nmoduleId : string\n\n### query (optional)\nquery : object
\nThe query to filter users.
\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns number of users.
\nThis API throw an error if something goes wrong.\n",
"tags": [
"Users"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"license": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "authorization",
"in": "header",
"description": "JWT Access Token / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"description": "Request body contains object below:\n\n```\n{\n \"tenantId\": \"ObjectId required, ID of Tenant\",\n \"communityId\": \"ObjectId required, ID of Community\",\n \"moduleId\": \"ObjectId required, ID of authModule\",\n \"query\": \"object (optional)\",\n}\n```\n",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/CountUsersRequest"
}
}
}
},
"responses": {
"200": {
"description": "Success\n\nUsers count result.\n\n```\n{\n \"count\": 50,\n \"id\": \"ObjectID\",\n \"type\": \"azuread\",\n}\n```\n",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/CountUsersResponse"
}
}
}
},
"400": {
"description": "Invalid request"
},
"401": {
"description": "Unauthorized"
}
}
}
},
"/users/invite": {
"put": {
"summary": "Invite User",
"description": "Send invitation to the user.
\nThis endpoint must be accessed by an administrator.
\n:: Note for website ::
\n+ Default request body is {data: ecdsa_string}
\n\n| **Headers** |\n|----------------------------------------------|\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n### authorization (required)\nJWT\n\n\n| **Request Body** |\n|----------------------------------------------|\n\n### tenantId (required)\ntenantId : string\n\n### communityId (required)\ncommunityId : string\n\n### authModuleId (required)\nauthModuleId : string\n\n### userId (required)\nuserId : string\n\n### emailTo (optional) // Required when 'smsTo' attribute not provided otherwise optional\nemailTo : string\n\n### smsTo (optional) // Required when 'emailTo' attribute not provided otherwise optional\nsmsTo : string\n\n### firstname (required)\nfirstname : string\n\n### lastname (required)\nlastname : string\n\n### uid (required)\nuid : string\n\n### templateKeyPath (required)\ntemplateKeyPath : string\n\n### createdby (optional)\ncreatedby : string\n\n### createdbyemail (optional)\ncreatedbyemail : string\n\n### captchaToken (required unless a valid license is provided)\ncaptchaToken : string\n\n### license (optional - if provided and valid, CAPTCHA is bypassed)\nlicense : string\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns the invited users object.
\nThis API throw an error if something goes wrong.\n",
"tags": [
"Users"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"license": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "authorization",
"in": "header",
"description": "JWT Access Token / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/InviteUserRequest"
}
}
}
},
"responses": {
"200": {
"description": "Success",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/InviteUserResponse"
}
}
}
},
"400": {
"description": "Invalid request"
},
"401": {
"description": "Unauthorized"
},
"500": {
"description": "Internal Server Error"
}
}
}
},
"/users/accesscodes/fetch": {
"post": {
"summary": "Fetch list of Accesscodes",
"description": "Fetch accesscode list based on uids.
\n:: Note for website ::
\n+ Default request body is {data: ecdsa_string}
\n\n| **Headers** |\n|----------------------------------------------|\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n### authorization (required)\nJWT\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns the list of users invited accesscodes.
\nThis API throw an error if something goes wrong.\n\n| **Permissions** |\n|-------------------------------------------|\n\nAdministrators can get any access codes of any user within their own community. Basic users can only fetch their own access codes.\n",
"tags": [
"Users"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"license": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "authorization",
"in": "header",
"description": "JWT Access Token / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/GetAccessCodesRequest"
}
}
}
},
"responses": {
"200": {
"description": "Success",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/GetAccessCodesResponse"
}
}
}
},
"400": {
"description": "Invalid request"
},
"401": {
"description": "Unauthorized"
},
"500": {
"description": "Internal Server Error"
}
}
}
},
"/users/accesscode/{code}": {
"delete": {
"summary": "Delete an access code",
"description": "Delete an access code.
\nThis endpoint must be accessed by an administrator.
\n:: Note for website ::
\n+ Default request body is {data: ecdsa_string}
\n\n| **Headers** |\n|----------------------------------------------|\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n### authorization (required)\nJWT\n\n| **Returns** |\n|-------------------------------------------|\n\n204 No Content\nThis API throw an error if something goes wrong.\n",
"tags": [
"Users"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"license": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"name": "code",
"in": "path",
"description": "Name of service provider item",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "authorization",
"in": "header",
"description": "JWT Access Token / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"responses": {
"204": {
"description": "No Content"
},
"401": {
"description": "Unauthorized"
},
"404": {
"description": "Not Found"
},
"500": {
"description": "Internal Server Error"
}
}
}
},
"/users/create": {
"put": {
"description": "Create User.
\nThis endpoint must be accessed by an administrator.
\n:: Note for website ::
\n+ Default request body is {data: ecdsa_string}
\n\n| **Headers** |\n|----------------------------------------------|\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n### authorization (required)\nJWT\n\n| **Request Body** |\n|----------------------------------------------|\n\n### moduleId (required)\nmoduleId : string\n\n### username (required)\nusername : string\n\n### status (required)\nstatus : string\n\n### disabled (optional)\ndisabled : boolean\n\n### role (required)\nrole : string\n\n### firstname (required)\nfirstname : string\n\n### middlename (optional)\nmiddlename : string\n\n### lastname (required)\nlastname : string\n\n### email1 (required)\nemail1 : string\n\n### email1_verified (optional)\nemail1_verified : boolean\n\n### email2 (optional)\nemail1 : string\n\n### email2_verified (optional)\nemail2_verified : boolean\n\n### phone1 (optional)\nphone1 : string\n\n### phone1_verified (optional)\nphone1_verified : boolean\n\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns the counts of requested, created, failed, and the number of errors.
\nThis API throw an error if something goes wrong.\n",
"tags": [
"Users"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"license": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "authorization",
"in": "header",
"description": "JWT Access Token / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/CreateUserRequest"
}
}
}
},
"responses": {
"200": {
"description": "Success",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/CreateUserResponse"
}
}
}
},
"400": {
"description": "Invalid request"
},
"401": {
"description": "Unauthorized"
},
"500": {
"description": "Internal Server Error"
}
}
}
},
"/users/user/devices/fetch": {
"post": {
"summary": "Fetch devices linked to user",
"description": "Fetch devices linked to user.
\n:: Note for website ::
\n+ Default request body is {data: ecdsa_string}
\n\n| **Headers** |\n|----------------------------------------------|\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n### authorization (required)\nJWT\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns the devices information that linked to a user\nThis API throw an error if something goes wrong.\n",
"tags": [
"Users"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"license": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "authorization",
"in": "header",
"description": "JWT Access Token / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"description": "```\n{\n \"user\": {\n \"uid\": \"required string\",\n \"username\": \"required string\",\n \"authModuleId\": \"required string\"\n },\n \"community\": {\n \"id\": \"required string\",\n \"name\": \"required string\",\n \"publicKey\": \"required string\"\n }\n}\n```\n",
"required": true,
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/FetchUserDeviceRequest"
}
}
}
},
"responses": {
"200": {
"description": "Success",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/FetchDevicesResponse"
}
}
}
},
"401": {
"description": "Unauthorized"
},
"404": {
"description": "Not Found"
},
"500": {
"description": "Internal Server Error"
}
}
}
},
"/users/unlinkuser": {
"patch": {
"summary": "Unlink user device",
"description": "Unlink user device by user did.
\n:: Note for website ::
\n+ Default request body is {data: ecdsa_string}
\n\n| **Headers** |\n|----------------------------------------------|\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n### authorization (required)\nJWT\n\n| **Returns** |\n|-------------------------------------------|\n\nReturn a success message for unlink device.
\nThis API throw an error if something goes wrong.\n\n| **Permissions** |\n|-------------------------------------------|\n\nAdministrators can unlink any device from any user within their own community. Basic users can only unlink their own device.\n",
"tags": [
"Users"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"license": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "authorization",
"in": "header",
"description": "JWT Access Token / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/UnlinkUserDeviceRequest"
}
}
}
},
"responses": {
"200": {
"description": "Success",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/UnlinkUserDeviceResponse"
}
}
}
},
"401": {
"description": "Unauthorized"
},
"404": {
"description": "Not Found"
},
"500": {
"description": "Internal Server Error"
}
}
}
},
"/users/find": {
"post": {
"summary": "Find User",
"description": "Find User.
\n:: Note for website ::
\n+ Default request body is {data: ecdsa_string}
\n\n| **Headers** |\n|----------------------------------------------|\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n| **Request Body** |\n|----------------------------------------------|\n\n\n### tenantId (required)\ntenantId : string\n\n### communityId (required)\ncommunityId : string\n\n### email (optional)\nemail : string\n\n### username (optional)\nusername : string\n\n### checkAliases (optional)\ncheckAliases : boolean\n\n### fetchFromExternalSources (optional)\nfetchFromExternalSources: boolean\n\n\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns the matched users.
\nThis API throw an error if something goes wrong.\n",
"tags": [
"Users"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"license": []
}
],
"parameters": [
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/UserVerifyRequest"
}
}
}
},
"responses": {
"200": {
"description": "Success",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/UserVerifyResponse"
}
}
}
},
"400": {
"description": "Invalid request"
},
"401": {
"description": "Unauthorized"
},
"500": {
"description": "Internal Server Error"
}
}
}
},
"/users/resend/invite": {
"post": {
"summary": "Resend Invite to user",
"description": "Resend Invite to same user.
\n:: Note for website ::
\n+ Default request body is {data: ecdsa_string}
\n\n| **Headers** |\n|----------------------------------------------|\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n### authorization (required)\nJWT\n\n\n| **Request Body** |\n|----------------------------------------------|\n\n### code (required)\ncode : string\n\n### emailTo (required)\nemailTo : string\n\n### firstname (required)\nfirstname : string\n\n### lastname (required)\nlastname : string\n\n### captchaToken (required unless a valid license is provided)\ncaptchaToken : string\n\n### license (optional - if provided and valid, CAPTCHA is bypassed)\nlicense : string\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns the resend invited users object.
\nThis API throw an error if something goes wrong.\n",
"tags": [
"Users"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"license": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "authorization",
"in": "header",
"description": "JWT Access Token / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ResendInviteUserRequest"
}
}
}
},
"responses": {
"200": {
"description": "Success",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/InviteUserResponse"
}
}
}
},
"400": {
"description": "Invalid request"
},
"401": {
"description": "Unauthorized"
},
"500": {
"description": "Internal Server Error"
}
}
}
},
"/users/request/invite": {
"post": {
"summary": "User Request invites",
"description": "Send invitation to user.
\n:: Note for website ::
\n+ Default request body is {data: ecdsa_string}
\n\n| **Headers** |\n|----------------------------------------------|\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n| **Request Body** |\n|----------------------------------------------|\n\n\n### tenantId (required)\ntenantId : string\n\n### communityId (required)\ncommunityId : string\n\n### user_token (required)\nuser_token : string\n\n### deliveryMethod (required)\ndeliveryMethod : string\n\n### google_token (required)\ngoogle_token : string\n\n### license (optional, if valid license was provided, bypass captcha checking)\nlicense : string\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns invitation object.
\nThis API throw an error if something goes wrong.\n",
"tags": [
"Users"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"license": []
}
],
"parameters": [
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/UserInviteRequest"
}
}
}
},
"responses": {
"200": {
"description": "Success",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/InviteUserResponse"
}
}
}
},
"400": {
"description": "Invalid request"
},
"401": {
"description": "Unauthorized"
},
"500": {
"description": "Internal Server Error"
}
}
}
},
"/users/user/profile/fetch": {
"post": {
"summary": "Fetch User profile",
"description": "Fetch User own profile details.
\n:: Note for website ::
\n+ Default request body is {data: ecdsa_string}
\n\n| **Headers** |\n|----------------------------------------------|\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n### authorization (required)\nJWT\n\n| **Request Body** |\n|----------------------------------------------|\n\n### attributes (optional)\nattributes : array\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns the user info.
\nThis API throw an error if something goes wrong.\n",
"tags": [
"Users"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "authorization",
"in": "header",
"description": "JWT Access Token / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/UserProfileRequest"
}
}
}
},
"responses": {
"200": {
"description": "Success",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/UserProfileResponse"
}
}
}
},
"400": {
"description": "Invalid request"
},
"401": {
"description": "Unauthorized"
},
"500": {
"description": "Internal Server Error"
}
}
}
},
"/users/user/update": {
"patch": {
"summary": "Update user details",
"description": "Update User details.
\nThis endpoint must be accessed by an administrator.
\n:: Note for website ::
\n+ Default request body is {data: ecdsa_string}
\n+ Admin can remove middlename, email2 and phone1 fields, so for remove this fields admin should pass empty string { middlename: \"\"}
\n\n| **Headers** |\n|----------------------------------------------|\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n### authorization (required)\nJWT\n\n| **Request Body** |\n|----------------------------------------------|\n\n### tenantId (required)\ntenantId : string\n\n### communityId (required)\ncommunityId : string\n\n### moduleId (required)\nmoduleId : string\n\n### username (required)\nusername : string\n\n### uid (required)\nuid : string\n\n### status (optional)\nstatus : string - active or locked or disabled\n\n### disabled (optional)\ndisabled : boolean\n\n### role (optional)\nrole : string\n\n### firstname (optional)\nfirstname : string\n\n### middlename (optional)\nmiddlename : string\n\n### lastname (optional)\nlastname : string\n\n### email1 (optional)\nemail1 : string\n\n### email1_verified (optional)\nemail1_verified : boolean\n\n### email2 (optional)\nemail1 : string\n\n### email2_verified (optional)\nemail2_verified : boolean\n\n### phone1 (optional)\nphone1 : string\n\n### phone1_verified (optional)\nphone1_verified : boolean\n\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns the updated user profile
\nThis API throw an error if something goes wrong.\n",
"tags": [
"Users"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"license": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "authorization",
"in": "header",
"description": "JWT Access Token / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/UpdateUserRequest"
}
}
}
},
"responses": {
"200": {
"description": "Success",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/UpdateUserResponse"
}
}
}
},
"400": {
"description": "Invalid request"
},
"401": {
"description": "Unauthorized"
},
"500": {
"description": "Internal Server Error"
}
}
}
},
"/users/user/role/update": {
"patch": {
"summary": "Update user role",
"description": "Update User roles.
\nThis endpoint must be accessed by an administrator.
\n:: Note for website ::
\n+ Default request body is {data: ecdsa_string}
\n+ Admin can remove middlename, email2 and phone1 fields, so for remove this fields admin should pass empty string { middlename: \"\"}
\n\n| **Headers** |\n|----------------------------------------------|\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n### authorization (required)\nJWT\n\n| **Request Body** |\n|----------------------------------------------|\n\n### tenantId (required)\ntenantId : string\n\n### communityId (required)\ncommunityId : string\n\n### moduleId (required)\nmoduleId : string\n\n### username (required)\nusername : string\n\n### uid (required)\nuid : string\n\n\n### disabled (optional)\ndisabled : boolean\n\n### oldRole (required)\noldRole : string\n\n### newRole (required)\nnewRole : string\n\n\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns the updated user profile
\nThis API throw an error if something goes wrong.\n",
"tags": [
"Users"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"license": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "authorization",
"in": "header",
"description": "JWT Access Token / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/UpdateUserRoleRequest"
}
}
}
},
"responses": {
"200": {
"description": "Success",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/UpdateUserRoleResponse"
}
}
}
},
"400": {
"description": "Invalid request"
},
"401": {
"description": "Unauthorized"
},
"500": {
"description": "Internal Server Error"
}
}
}
},
"/users/user/devices/has_security_key": {
"post": {
"summary": "Check if user has any security keys registered",
"description": "Update User details.
\nThis endpoint can be accessed by everyone.
\n:: Note for website ::
\n+ Default request body is {data: ecdsa_string}
\n\n| **Headers** |\n|----------------------------------------------|\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n| **Request Body** |\n|----------------------------------------------|\n\n### communityName (required)\ncommunityName : string\n\n### communityPublicKey (required)\ncommunityPublicKey : string\n\n### tenantTag (required)\ntenantTag : string\n\n### username (required)\nusername : string\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns hasSecurityKeys = true/false
\nThis API throw an error if something goes wrong.\n",
"tags": [
"Users"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
}
],
"parameters": [
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/HasSecurityKeyRequest"
}
}
}
},
"responses": {
"200": {
"description": "Success\n\ndata is ECDSA encrypted following object:\n```\n{\n hasSecurityKey: true/false\n}\n```\n\npublicKey is public key of adminapi\n",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/EcdsaEncryptDecryptResponse"
}
}
}
},
"400": {
"description": "Invalid request"
},
"401": {
"description": "Unauthorized"
},
"500": {
"description": "Internal Server Error"
}
}
}
},
"/users/user/wallet/create": {
"post": {
"summary": "Create account owned managed wallet for user",
"description": "Creates web account owned managed wallet for user with given PIN. PIN must have 8 characters either numbers or letter.
\nThis endpoint can be accessed by logged in user
\n:: Note for website ::
\n+ Default request body is {data: ecdsa_string}
\n\n| **Headers** |\n|----------------------------------------------|\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n### authorization (required)\nJWT\n\n| **Request Body** |\n|----------------------------------------------|\n\n### pin (required)\npin : string\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns jwt_token = string (token-hash)
\nThis API throw an error if something goes wrong.\n",
"tags": [
"Users"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/CreateWalletKeyRequest"
}
}
}
},
"responses": {
"201": {
"description": "Success\n\ndata is ECDSA encrypted following object:\n```\n{\n jwt_token: \"token_hash\"\n}\n```\n\npublicKey is public key of adminapi\n",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/EcdsaEncryptDecryptResponse"
}
}
}
},
"400": {
"description": "Invalid request"
},
"401": {
"description": "Unauthorized"
},
"500": {
"description": "Internal Server Error"
}
}
}
},
"/users/user/wallet/fetch": {
"post": {
"summary": "Fetch account owned managed wallet for user",
"description": "Fetches web account owned managed wallet for user with given PIN. PIN must have 8 characters either numbers or letter.
\nThis endpoint can be accessed by logged in user
\n:: Note for website ::
\n+ Default request body is {data: ecdsa_string}
\n\n| **Headers** |\n|----------------------------------------------|\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n### authorization (required)\nJWT\n\n| **Request Body** |\n|----------------------------------------------|\n\n### pin (required)\npin : string\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns jwt_token = string (token-hash)
\nThis API throw an error if something goes wrong.\n",
"tags": [
"Users"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/CreateWalletKeyRequest"
}
}
}
},
"responses": {
"200": {
"description": "Success\n\ndata is ECDSA encrypted following object:\n```\n{\n jwt_token: \"token_hash\"\n}\n```\n\npublicKey is public key of adminapi\n",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/EcdsaEncryptDecryptResponse"
}
}
}
},
"400": {
"description": "Invalid request"
},
"401": {
"description": "Unauthorized"
},
"404": {
"description": "Not Found"
},
"500": {
"description": "Internal Server Error"
}
}
}
},
"/users/user/wallet/has_wallet/fetch": {
"post": {
"summary": "Check if user has web account managed wallet",
"description": "Checks if user has web account managed wallet and returns object with field has_wallet = .
\nThis endpoint can be accessed by logged in user
\n\n| **Headers** |\n|----------------------------------------------|\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n### authorization (required)\nJWT\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns info if user has wallet.\nThis API throw an error if something goes wrong.\n",
"tags": [
"Users"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"responses": {
"200": {
"description": "Success\n\ndata is ECDSA encrypted following object:\n```\n{\n has_wallet: true/false\n}\n```\n\npublicKey is public key of adminapi\n",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/EcdsaEncryptDecryptResponse"
}
}
}
},
"400": {
"description": "Invalid request"
},
"401": {
"description": "Unauthorized"
},
"404": {
"description": "Not Found"
},
"500": {
"description": "Internal Server Error"
}
}
}
},
"/users/user/documents": {
"get": {
"summary": "Fetch documents from user wallet",
"description": "Returns array of user documents.
\nThis endpoint can be accessed by logged in user
\n\n| **Headers** |\n|----------------------------------------------|\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n### authorization (required)\nJWT\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns array of user documents.\nThis API throw an error if something goes wrong.\n",
"tags": [
"Users"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"responses": {
"200": {
"description": "Success\n\ndata is ECDSA encrypted following array:\n```\n[\n {\n \"type\": \"type\",\n \"id\": \"id\",\n \"proofedBy\": \"proofedBy\",\n \"category\": \"identity_document\",\n \"doe\": \"12345678\",\n \"proofs\": [\"array\", \"of\", \"proofs\"]\n }\n]\n```\n\npublicKey is public key of adminapi\n",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/EcdsaEncryptDecryptResponse"
}
}
}
},
"400": {
"description": "Invalid request"
},
"401": {
"description": "Unauthorized"
},
"404": {
"description": "Not Found"
},
"500": {
"description": "Internal Server Error"
}
}
}
},
"/users/user/ip": {
"get": {
"summary": "Returns ip address of caller",
"description": "Returns ip address of caller. Caller must be a tenant or community admin with active jwt in authorization header.
\nThis endpoint can be accessed by logged in user
\n\n| **Headers** |\n|----------------------------------------------|\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n### authorization (required)\nJWT\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns the ip address of the calling client.\nThis API throws an error if something goes wrong.\n",
"tags": [
"Users"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"responses": {
"200": {
"description": "Success\n\ndata is ECDSA encrypted following array:\n```\n{\n \"ip\": \"192.68.24.56\",\n}\n```\n\npublicKey is public key of adminapi\n",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/EcdsaEncryptDecryptResponse"
}
}
}
},
"400": {
"description": "Invalid request"
},
"401": {
"description": "Unauthorized"
},
"404": {
"description": "Not Found"
},
"500": {
"description": "Internal Server Error"
}
}
}
},
"/users/user/phoneverify/session/create": {
"put": {
"summary": "Create UWL2.0 session for phone verification",
"description": "Returns session data.
\nThis endpoint can be accessed by logged in user
\n\n| **Headers** |\n|----------------------------------------------|\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n### authorization (required)\nJWT\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns session data.\nThis API throw an error if something goes wrong.\n",
"tags": [
"Users"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "authorization",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"responses": {
"200": {
"description": "Success\n\ndata is ECDSA encrypted following array:\n```\n{\n \"sessionId\": \"sessionId\",\n \"sessionEnv\": \"sessionEnv\",\n \"smsServiceNumber\": \"smsServiceNumber\",\n \"smsTemplateB64\": \"smsTemplateB64\",\n}\n```\n\npublicKey is public key of adminapi\n",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/EcdsaEncryptDecryptResponse"
}
}
}
},
"401": {
"description": "Unauthorized"
},
"500": {
"description": "Internal Server Error"
}
}
}
},
"/users/user/phoneverify/session/{sessionId}/poll": {
"post": {
"summary": "Poll UWL2.0 session for phone verification",
"description": "Returns updated user object.
\nThis endpoint can be accessed by logged in user
\n\n| **Headers** |\n|----------------------------------------------|\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n### authorization (required)\nJWT\n\n| **Params** |\n|----------------------------------------------|\n\n### sessionId (required)\nuuid of session\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns array of user documents.\nThis API throw an error if something goes wrong.\n",
"tags": [
"Users"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"name": "sessionId",
"in": "path",
"description": "sessionId for polling",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "authorization",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"responses": {
"200": {
"description": "Success\n\ndata is ECDSA encrypted following array:\n```\n{\n \"authModule\": \"string required, ObjectId of auth module\",\n \"username\": \"string required\",\n \"type\": \"string optional - systemuser or basic\",\n \"status\": \"string optional - active or locked or disabled\",\n \"firstname\": \"string optional\",\n \"middlename\": \"string optional\",\n \"lastname\": \"string optional\",\n \"email1\": \"string optional - valid email address\",\n \"email1_verified\": \"boolean optional\",\n \"email2\": \"string optional - valid email address\",\n \"email2_verified\": \"boolean optional\",\n \"phone1\": \"string optional - only digits\",\n \"phone1_verified\": \"boolean optional\",\n \"address\": {\n \"house\": \"string optional\",\n \"streetname\": \"string optional\",\n \"city\": \"string optional\",\n \"state\": \"string optional\",\n \"country\": \"string optional\",\n \"zip\": \"string optional\"\n },\n \"address_verified\": \"boolean optional\",\n \"disabled\": \"boolean optional\"\n}\n```\n\npublicKey is public key of adminapi\n",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/EcdsaEncryptDecryptResponse"
}
}
}
},
"400": {
"description": "Invalid request"
},
"401": {
"description": "Unauthorized"
},
"404": {
"description": "Not Found"
},
"500": {
"description": "Internal Server Error"
}
}
}
},
"/users/user/alternate_mfa/session/create": {
"put": {
"summary": "Create UWL2.0 session for alternate MFA option",
"description": "Returns session data.
\nThis endpoint can be accessed by logged in user
\n\n| **Headers** |\n|----------------------------------------------|\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n### authorization (required)\nJWT\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns session data.\nThis API throw an error if something goes wrong.\n",
"tags": [
"Users"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "authorization",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"description": "Request body contains encrypted data object:\n\n```\n{\n \"authModuleId\": \"authModuleId optional\",\n \"username\" : \"username optional\"\n}\n```\nproperty is optional\n",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/AlternateMfaCreateRequest"
}
}
}
},
"responses": {
"200": {
"description": "Success\n\ndata is ECDSA encrypted following array:\n```\n{\n \"acrUrl\": \"xxxxxx\",\n}\n```\n\npublicKey is public key of adminapi\n",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/EcdsaEncryptDecryptResponse"
}
}
}
},
"401": {
"description": "Unauthorized"
},
"500": {
"description": "Internal Server Error"
}
}
}
},
"/users/user/alternate_mfa/session/{code}/poll": {
"post": {
"summary": "Poll UWL2.0 session for alternate MFA option",
"description": "Returns OK status.
\nThis endpoint can be accessed by logged in user
\n\n| **Headers** |\n|----------------------------------------------|\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n### authorization (required)\nJWT\n\n| **Params** |\n|----------------------------------------------|\n\n### code (required)\nACR code of this session\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns array of user documents.\nThis API throw an error if something goes wrong.\n",
"tags": [
"Users"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"name": "code",
"in": "path",
"description": "code for polling",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "authorization",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"responses": {
"200": {
"description": "Success\n\ndata is ECDSA encrypted object:\n```\n{\n \"ttl_seconds\": 60,\n \"type\": \"user_invitation\",\n \"phoneRequired\": false,\n \"uuid\": \"c2c003e2-221b-44de-93cb-f2d388265490\",\n \"ttl\": 0,\n \"createdBy\": \"sasha\",\n \"tenantId\": \"5f3d8d0cd866fa61019cf968\",\n \"createdTime\": 1731676868,\n \"id\": \"67374ac4e1107a584374b28e\",\n \"communityId\": \"5f3d8d0cd866fa61019cf969\",\n \"redeem_result\": {\n \"client_ip\": \"188.26.211.129\",\n \"publicKey\": \"xxxxxxxxxxxxxxxxxx\",\n \"deviceId\": \"4EC9816C-236B-4B02-B826-56A4E4C563B4\",\n \"deviceName\": \"iPhone sasha\",\n \"did\": \"b6f752963b368c91a120d15828ae6c08cd7f230e\"\n },\n \"accesscodepayload\": {\n \"authModuleId\": \"659c0b3e7fa8735a60fd33d1\",\n \"uid\": \"andrii1\",\n \"otp_email\": \"xxxxxxxxxx@1kosmos.com\",\n \"dns\": \"1k-dev.1kosmos.net\",\n \"authType\": \"none\",\n \"userid\": \"andrii1\",\n \"invite_email\": \"xxxxxxxxx@1kosmos.com\"\n },\n \"status\": \"redeemed\"\n }\n```\n\npublicKey is public key of adminapi\n",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/EcdsaEncryptDecryptResponse"
}
}
}
},
"400": {
"description": "Invalid request"
},
"401": {
"description": "Unauthorized"
},
"404": {
"description": "Not Found"
},
"500": {
"description": "Internal Server Error"
}
}
}
},
"/users/user/ial": {
"get": {
"summary": "Get IAL of the user",
"description": "Get IAL of the user.
\nThis endpoint can be accessed by logged in user
\n\n| **Headers** |\n|----------------------------------------------|\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n### authorization (required)\nJWT\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns ial of the user.\nThis API throw an error if something goes wrong.\n",
"tags": [
"Users"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "authorization",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"responses": {
"200": {
"description": "Success\n"
},
"401": {
"description": "Unauthorized"
},
"500": {
"description": "Internal Server Error"
}
}
}
},
"/users/user/document": {
"post": {
"summary": "Fetch document from user wallet by id and type",
"description": "Returns user document.
\nThis endpoint can be accessed by logged in user
\n\n| **Headers** |\n|----------------------------------------------|\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n### authorization (required)\nJWT\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns user document.\nThis API throw an error if something goes wrong.\n",
"tags": [
"Users"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "authorization",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"description": "Request body contains encrypted data object:\n\n```\n{\n \"type\": \"document_type\",\n \"id\": \"document_id\"\n}\n```\nEvery property is required\n",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/GetDocByTypeAndIdRequest"
}
}
}
},
"responses": {
"200": {
"description": "Success\n\ndata is ECDSA encrypted object:\n```\n{\n \"type\": \"type\",\n \"id\": \"id\",\n \"proofedBy\": \"proofedBy\",\n \"category\": \"identity_document\",\n \"doe\": \"12345678\",\n \"proofs\": [\"array\", \"of\", \"proofs\"],\n \"data\": {}\n}\n```\n\npublicKey is public key of adminapi\n",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/EcdsaEncryptDecryptResponse"
}
}
}
},
"400": {
"description": "Invalid request"
},
"401": {
"description": "Unauthorized"
},
"404": {
"description": "Not Found"
},
"500": {
"description": "Internal Server Error"
}
}
}
},
"/users/countAll": {
"post": {
"summary": "Get users counts",
"description": "Get users counts for all authmodules .
\nThis endpoint must be accessed by an administrator.
\n:: Note for website ::
\n+ Default request body is {data: ecdsa_string}
\n\n| **Headers** |\n|----------------------------------------------|\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n### authorization (required)\nJWT\n\n| **Request Body** |\n|----------------------------------------------|\n\n\n### tenantId (required)\ntenantId : string\n\n### communityId (required)\ncommunityId : string\n\n### moduleId (required)\nmoduleId : string\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns the users info.
\nThis API throw an error if something goes wrong.\n",
"tags": [
"Users"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"license": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "authorization",
"in": "header",
"description": "JWT Access Token / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/countAllRequest"
}
}
}
},
"responses": {
"200": {
"description": "Success\n\n The publicKey of WebServer API used in decrypting\n\n Response body contains *data* field with encrypted object below:\n\n ```\n {\n \"count\": 50\n }\n ```\n",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/countAllResponse"
}
}
}
},
"400": {
"description": "Invalid request"
},
"401": {
"description": "Unauthorized"
},
"500": {
"description": "Internal Server Error"
}
}
}
},
"/users/user/unlock": {
"post": {
"summary": "Unlock locked user.",
"description": "Unlock locked user. A user maybe locked due to OTP mistakes or because he was locked by an administrator.
\nThis endpoint must be accessed by Help Desk admin and Community administrator.
\n:: Note for website ::
\n+ Default request body is {data: ecdsa_string}
\n\n| **Headers** |\n|----------------------------------------------|\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n### authorization (required)\nJWT\n\n| **Request Body** |\n|----------------------------------------------|\n\n\n### tenantId (required)\ntenantId : string\n\n### communityId (required)\ncommunityId : string\n\n| **Returns** |\n|-------------------------------------------|\n\n204 No Content\nThis API throw an error if something goes wrong.\n",
"tags": [
"Users"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"license": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "authorization",
"in": "header",
"description": "JWT Access Token / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/unlockUserRequest"
}
}
}
},
"responses": {
"204": {
"description": "No Content"
},
"401": {
"description": "Unauthorized"
},
"404": {
"description": "Not Found"
},
"500": {
"description": "Internal Server Error"
}
}
}
},
"/users/user/lock": {
"post": {
"summary": "Lock user.",
"description": "Lock a user. A user can be locked by an administrator.
\nThis endpoint must be accessed by Help Desk admin and Community administrator.
\n:: Note for website ::
\n+ Default request body is {data: ecdsa_string}
\n\n| **Headers** |\n|----------------------------------------------|\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n### authorization (required)\nJWT\n\n| **Request Body** |\n|----------------------------------------------|\n\n\n### username (required)\nusername : string\n\n### lock_duration (required)\nlock_duration : number\n\n| **Returns** |\n|-------------------------------------------|\n\n204 No Content\nThis API throw an error if something goes wrong.\n",
"tags": [
"Users"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"license": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "authorization",
"in": "header",
"description": "JWT Access Token / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/lockUserRequest"
}
}
}
},
"responses": {
"204": {
"description": "No Content"
},
"401": {
"description": "Unauthorized"
},
"404": {
"description": "Not Found"
},
"500": {
"description": "Internal Server Error"
}
}
}
},
"/users/user/wallet_recovery/method/fetch": {
"post": {
"summary": "Fetch wallet recovery method",
"description": "Fetch wallet recovery method.
\n:: Note for website ::
\n+ Default request body is {data: ecdsa_string}
\n\n| **Headers** |\n|----------------------------------------------|\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 60 seconds from now\n\n### publickey (required)\nPublic key\n\n### authorization (required)\nJWT\n\n| **Request Body** |\n|----------------------------------------------|\n\n### tenantId (required)\ntenantId : string\n\n### communityId (required)\ncommunityId : string\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns the wallet recovery method. By default, \"liveid_selfie\" will be returned.
\nThis API throw an error if something goes wrong.\n",
"tags": [
"Users"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 60 seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "authorization",
"in": "header",
"description": "JWT Access Token / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/FetchWalletRecoveryRequest"
}
}
}
},
"responses": {
"200": {
"description": "Success",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/FetchWalletRecoveryResponse"
}
}
}
},
"400": {
"description": "Invalid request"
},
"401": {
"description": "Unauthorized"
},
"500": {
"description": "Internal Server Error"
}
}
}
},
"/users/user/wallet_recovery/session/create": {
"put": {
"summary": "Create UWL2.0 session for wallet recovery method",
"description": "Returns session data.
\nThis endpoint can be accessed by logged in user
\n\n| **Headers** |\n|----------------------------------------------|\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n### authorization (required)\nJWT\n\n| **Request Body** |\n|----------------------------------------------|\n\n### purpose (required)\npurpose : string\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns session data.\nThis API throw an error if something goes wrong.\n",
"tags": [
"Users"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "authorization",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"description": "Request body contains encrypted data object:\n\n```\n{\n \"purpose\": \"enroll | authenticate\",\n \"biometricConsentAccepted\": true\n}\n```\npurpose is required\n",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/CreateWalletRecoverySessionRequest"
}
}
}
},
"responses": {
"200": {
"description": "Success\n\ndata is ECDSA encrypted following object:\n```\n{\n \"sessionId\": \"sessionId\",\n \"sessionEnv\": \"sessionEnv\",\n \"sessionUrl\": \"sessionUrl\",\n \"authenticateWalletUrl\": \"authenticateWalletUrl\",\n}\n```\n\npublicKey is public key of adminapi\n",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/CreateWalletRecoverySessionResponse"
}
}
}
},
"401": {
"description": "Unauthorized"
},
"500": {
"description": "Internal Server Error"
}
}
}
},
"/users/user/wallet_recovery/session/{sessionId}/poll": {
"post": {
"summary": "Poll UWL2.0 session for wallet recovery method verification",
"description": "Returns updated user JWT object.
\nThis endpoint can be accessed by logged in user
\n\n| **Headers** |\n|----------------------------------------------|\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n### authorization (required)\nJWT\n\n| **Params** |\n|----------------------------------------------|\n\n### sessionId (required)\nuuid of session\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns updated JWT token.\nThis API throw an error if something goes wrong.\n",
"tags": [
"Users"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"name": "sessionId",
"in": "path",
"description": "sessionId for polling",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "authorization",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"responses": {
"200": {
"description": "Success\n\ndata is ECDSA encrypted following array:\n```\n{\n \"jwt_token\": \"string\",\n}\n```\n\npublicKey is public key of adminapi\n",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/PollWallatRecoveryMethodResponse"
}
}
}
},
"400": {
"description": "Invalid request"
},
"401": {
"description": "Unauthorized"
},
"404": {
"description": "Not Found"
},
"500": {
"description": "Internal Server Error"
}
}
}
},
"/users/user/detailProfile/fetch": {
"post": {
"summary": "Fetch user Profile details",
"description": "Fetch user detail.
\nThis endpoint must be accessed by all users to get user profile details.
\n:: Note for website ::
\n+ Default request body is {data: ecdsa_string}
\n\n| **Headers** |\n|----------------------------------------------|\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n### authorization (required)\nJWT\n\n| **Request Body** |\n|----------------------------------------------|\n\n\n### tenantId (required)\ntenantId : string\n\n### communityId (required)\ncommunityId : string\n\n### moduleId (required)\nmoduleId : string\n\n### user (required)\nquery : object\n\n### attributes (optional)\nattributes : array\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns the user details.
\nThis API throw an error if something goes wrong.\n",
"tags": [
"Users"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"license": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "authorization",
"in": "header",
"description": "JWT Access Token / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/UserdetailProfileRequest"
}
}
}
},
"responses": {
"200": {
"description": "Success",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/UserdetailProfileResponse"
}
}
}
},
"400": {
"description": "Invalid request"
},
"401": {
"description": "Unauthorized"
},
"500": {
"description": "Internal Server Error"
}
}
}
},
"/users/user/update_phone_numbers": {
"post": {
"summary": "Update user mobiles and landlines",
"description": "Update user properties.
\nThis endpoint must be accessed by all users to update there mobiles and landlines.
\n:: Note for website ::
\n+ Default request body is {data: ecdsa_string}
\n\n| **Headers** |\n|----------------------------------------------|\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n### authorization (required)\nJWT\n\n| **Request Body** |\n|----------------------------------------------|\n\n\n### tenantId (required)\ntenantId : string\n\n### communityId (required)\ncommunityId : string\n\n### user (required)\nuser : object\n\n### updatePhones (optional, object of new mobiles and landlines)\nupdatePhones : { mobiles: [], landlines: [] }\n\n### removePhones (optional, object of remove mobiles and landlines )\nremovePhones : { mobiles: [], landlines: [] }\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns the user properties.
\nThis API throw an error if something goes wrong.\n",
"tags": [
"Users"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"license": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "authorization",
"in": "header",
"description": "JWT Access Token / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/UpdatePhoneNumberRequest"
}
}
}
},
"responses": {
"200": {
"description": "Success",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/UpdatePhoneNumberResponse"
}
}
}
},
"400": {
"description": "Invalid request"
},
"401": {
"description": "Unauthorized"
},
"500": {
"description": "Internal Server Error"
}
}
}
},
"/users/unlink_login_options": {
"patch": {
"summary": "Unlink login options",
"description": "Unlink user device by user did or unlink behavior auth typing phrase or unlink user pin.
\n:: Note for website ::
\n+ Default request body is {data: ecdsa_string}
\n\n| **Headers** |\n|----------------------------------------------|\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n### authorization (required)\nJWT\n\n| **Returns** |\n|-------------------------------------------|\n\nReturn a success message for unlink device or typing phrase or user pin.
\nThis API throw an error if something goes wrong.\n\n| **Permissions** |\n|-------------------------------------------|\n\nAdministrators can unlink any device from any user within their own community. Basic users can only unlink their own device or user pin or typing phrase.\\\nCommunity Administrator or Helpdesk Administrator can delete user pin or typing phrase of basic user.\n",
"tags": [
"Users"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "authorization",
"in": "header",
"description": "JWT Access Token / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/UnlinkLoginOptionsRequest"
}
}
}
},
"responses": {
"200": {
"description": "Success",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/UnlinkLoginOptionsResponse"
}
}
}
},
"401": {
"description": "Unauthorized"
},
"404": {
"description": "Not Found"
},
"500": {
"description": "Internal Server Error"
}
}
}
},
"/users/user/user_pin/update": {
"put": {
"summary": "Update user pin",
"description": "Update user pin only for own user.
\n:: Note for website ::
\n+ Default request body is {data: ecdsa_string}
\n\n| **Headers** |\n|----------------------------------------------|\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n### authorization (required)\nJWT\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns the status of updated user pin .
\nThis API throw an error if something goes wrong.\n",
"tags": [
"Users"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "authorization",
"in": "header",
"description": "JWT Access Token / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/UpdateUserPinRequest"
}
}
}
},
"responses": {
"200": {
"description": "Success",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/UpdateUserPinResponse"
}
}
}
},
"400": {
"description": "Invalid request"
},
"401": {
"description": "Unauthorized"
},
"500": {
"description": "Internal Server Error"
}
}
}
},
"/users/user/login_options/fetch": {
"post": {
"summary": "Fetch login options linked to user",
"description": "Fetch login options linked to user.
\n:: Note for website ::
\n+ Default request body is {data: ecdsa_string}
\n\n| **Headers** |\n|----------------------------------------------|\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n### authorization (required)\nJWT\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns both the devices information linked to a user and the user's login options - user pin and typing phrases.\nThis API throw an error if something goes wrong.\n",
"tags": [
"Users"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "authorization",
"in": "header",
"description": "JWT Access Token / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"description": "```\n{\n \"user\": {\n \"uid\": \"required string\",\n \"username\": \"required string\",\n \"authModuleId\": \"required string\"\n },\n \"community\": {\n \"id\": \"required string\",\n \"name\": \"required string\",\n \"publicKey\": \"required string\"\n }\n}\n```\n",
"required": true,
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/FetchLoginOptionsRequest"
}
}
}
},
"responses": {
"200": {
"description": "Success",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/FetchLoginOptionsResponse"
}
}
}
},
"401": {
"description": "Unauthorized"
},
"404": {
"description": "Not Found"
},
"500": {
"description": "Internal Server Error"
}
}
}
},
"/user_properties/update": {
"post": {
"summary": "Update user properties",
"description": "Update user properties.
\nThis endpoint must be accessed by an administrator.
\n:: Note for website ::
\n+ Default request body is {data: ecdsa_string}
\n\n| **Headers** |\n|----------------------------------------------|\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n### authorization (required)\nJWT\n\n| **Request Body** |\n|----------------------------------------------|\n\n\n### tenantId (required)\ntenantId : string\n\n### communityId (required)\ncommunityId : string\n\n### user (required)\nuser : object\n\n### mobiles (optional, array of strings)\nmobiles : array\n\n### landlines (optional, array of strings)\nlandlines : array\n\n### aliases (optional, object)\naliases : object\n\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns the user properties.
\nThis API throw an error if something goes wrong.\n",
"tags": [
"User Properties"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"license": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "authorization",
"in": "header",
"description": "JWT Access Token / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/UpdateUserPropertiesRequest"
}
}
}
},
"responses": {
"200": {
"description": "Success",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/UpdateUserPropertiesResponse"
}
}
}
},
"400": {
"description": "Invalid request"
},
"401": {
"description": "Unauthorized"
},
"500": {
"description": "Internal Server Error"
}
}
}
},
"/user_properties/check_unique/alias": {
"post": {
"summary": "Check if the alias provided is unique",
"description": "Check if the alias provided is unique.
\nThis endpoint must be accessed by an administrator.
\n:: Note for website ::
\n+ Default request body is {data: ecdsa_string}
\n\n| **Headers** |\n|----------------------------------------------|\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n### authorization (required)\nJWT\n\n| **Request Body** |\n|----------------------------------------------|\n\n\n### tenantId (required)\ntenantId : string\n\n### communityId (required)\ncommunityId : string\n\n### alias (required)\nuser : object\n\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns a boolean indicating if alias is unique.
\nThis API throw an error if something goes wrong.\n",
"tags": [
"User Properties"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"license": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "authorization",
"in": "header",
"description": "JWT Access Token / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/CheckAliasUniquenessRequest"
}
}
}
},
"responses": {
"200": {
"description": "Success",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/CheckAliasUniquenessResponse"
}
}
}
},
"400": {
"description": "Invalid request"
},
"401": {
"description": "Unauthorized"
},
"500": {
"description": "Internal Server Error"
}
}
}
},
"/user_pin/register": {
"post": {
"summary": "Register user PIN",
"description": "Register a new PIN for the authenticated user.
\n:: Note for website ::
\n+ Default request body is {data: ecdsa_string}
\n\n| **Headers** |\n|----------------------------------------------|\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n### authorization (required)\nJWT\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns the status of registered user pin.
\nThis API throw an error if something goes wrong.\n",
"tags": [
"User PIN"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "authorization",
"in": "header",
"description": "JWT Access Token / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/RegisterUserPinRequest"
}
}
}
},
"responses": {
"200": {
"description": "Success",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/RegisterUserPinResponse"
}
}
}
},
"400": {
"description": "Invalid request"
},
"401": {
"description": "Unauthorized"
},
"405": {
"description": "PIN already enrolled"
},
"500": {
"description": "Internal Server Error"
}
}
}
},
"/user_pin": {
"delete": {
"summary": "Delete user PIN",
"description": "Delete the PIN for the authenticated user.
\n:: Note for website ::
\n+ Default request body is {data: ecdsa_string}
\n\n| **Headers** |\n|----------------------------------------------|\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n### authorization (required)\nJWT\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns a confirmation message on successful deletion.
\nThis API throw an error if something goes wrong.\n",
"tags": [
"User PIN"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "authorization",
"in": "header",
"description": "JWT Access Token / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"data": {
"type": "string"
}
}
}
}
}
},
"responses": {
"200": {
"description": "Success",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/DeleteUserPinResponse"
}
}
}
},
"401": {
"description": "Unauthorized"
},
"404": {
"description": "Not Found"
},
"500": {
"description": "Internal Server Error"
}
}
}
},
"/user_consent": {
"put": {
"summary": "Create User Consent",
"description": "Create User Consent.
\nThis endpoint can be access by any logged in user. User should have wallet in his token
\n:: Note for website ::
\n+ Default request body is {data: ecdsa_string}
\n\n| **Headers** |\n|----------------------------------------------|\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n### authorization (required)\nJWT with wallet\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns object with public key and encrypted data containing consent's uuid and consentStatus\n",
"tags": [
"User Consent"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "authorization",
"in": "header",
"description": "JWT Access Token / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"description": "Request body contains 'data' field with encrypted object below:\n```\n{\n version: \"string - required\",\n transactionId: \"string - optional\",\n uuid: \"string - required\",\n ts: \"integer - optional, default is epoch time which is now in seconds\"\n method: \"web | mobile - required\",\n authenticator: \"object - required\":\n {\n name: \"string - required\",\n id: \"string - required\",\n version: \"string - required\",\n os: \"string - required\",\n },\n controller: \"object - required\":\n {\n type: \"string - required\",\n name: \"string - required\",\n id: \"string - required\",\n entityId: \"string - required\"\n }\n scopes: \"array - required, at least 1 item\"\n [\n {\n name: \"string - required\",\n uuid: \"string - required\",\n claims: \"array of objects - optional\",\n }\n ],\n signature: \"string - required\",\n type: \"explicit | implicit - required\",\n status: \"'granted', 'denied' or 'revoked' - required\",\n ssoMethod: \"string optional\"\n}\n```\nIMPORTANT - you can send unencrypted data and you will get unecrypted data as well, it is only a preview available in Swagger\n",
"required": true,
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/UserConsentCreateRequest"
}
}
}
},
"responses": {
"200": {
"description": "Success\n\npublicKey is publicKey of Adminapi API, useful for decryption response\n\ndata is ECDSA encrypted object represents following:\n```\n{\n \"uuid\": \"string\"\n \"consentStatus\": \"string\",\n}\n```\n",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/EcdsaEncryptDecryptResponse"
}
}
}
},
"400": {
"description": "Validation data error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ValidationError"
}
}
}
},
"401": {
"description": "Unauthorized"
}
}
}
},
"/user_consent/check": {
"post": {
"summary": "Check User Consent",
"description": "Check User Consent.
\nThis endpoint can be access by any logged in user.
\n:: Note for website ::
\n+ Default request body is {data: ecdsa_string}
\n\n| **Headers** |\n|----------------------------------------------|\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n### authorization (required)\nJWT with wallet\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns object with public key and encrypted data containing information whether consent is granted\n",
"tags": [
"User Consent"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "authorization",
"in": "header",
"description": "JWT Access Token / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"description": "Request body contains 'data' field with encrypted object below:\n```\n{\n spId: \"string - required\",\n scopeIds: \"array of scope uuid fields - required (at least 1 element)\",\n}\n```\nIMPORTANT - you can send unencrypted data and you will get unecrypted data as well, it is only a preview available in Swagger\n",
"required": true,
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/UserConsentCheckRequest"
}
}
}
},
"responses": {
"200": {
"description": "Success\n\npublicKey is publicKey of Adminapi API, useful for decryption response\n\ndata is ECDSA encrypted object represents following:\n```\n{\n \"nonGrantedScopes\": [\n {\n \"uuid\": \"string\",\n \"name\": \"string\",\n \"claims\": [\"string\", ...]\n }\n ],\n ...\n}\n```\n",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/EcdsaEncryptDecryptResponse"
}
}
}
},
"400": {
"description": "Validation data error or missing at least one of scopes with given scopeIds",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ValidationError"
}
}
}
},
"401": {
"description": "Unauthorized"
}
}
}
},
"/test-connection": {
"post": {
"summary": "Test auth module connection by moduleId.",
"description": "test auth module.
\n- Key must be authorized for community.\n\n| **Headers** |\n|----------------------------------------------|\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n| **Returns** |\n|-------------------------------------------|\n\nTest Connection rules with descriptions.
\nThis API throw an error if something goes wrong.\n",
"tags": [
"Test Connection"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"license": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"name": "licensekey",
"in": "header",
"description": "License key encrypted with ECDSA / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"description": "Request body contains *data* field with encrypted object below:\n```\n{\n \"tenantId\": \"required string\",\n \"communityId\": \"required string\",\n \"moduleId\": \"required string\"\n}\n```\n\nIMPORTANT - you can send unencrypted data and you will get unecrypted data as well, it is only a preview available in Swagger\n",
"required": true,
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/TestConnectionRequest"
}
}
}
},
"responses": {
"200": {
"description": "Success\n\npublicKey is publicKey of User Management API, useful for decryption response\n\ndata is ECDSA encrypted object represents updated auth module:\n\n```\n{\n \"_id\": \"ObjectID\",\n \"communityId\": \"ObjectID\",\n \"type\": \"db\", // ad | ldap | db | azuread\n \"subtype\": \"datastore\", // for ad | ldap | azuread: \"directory\", for db: \"datastore\"\n \"method\": \"authn\", // for ad | ldap | db | azuread : \"authn\"\n \"name\": \"Auth Module Name\",\n \"enabled\": true,\n \"mode\": \"broker/direct\",\n \"status\": true,\n \"message\": \"connection success/failed\",\n \"config\": {} // see below config response samples\n}\n```\n\nconfig object for type **azuread**:\n```\n{\n \"appName\": \"string\",\n \"tenantId\": \"string\",\n \"tenantName\": \"string\",\n \"clientId\": \"string\",\n \"clientSecret\": \"string\",\n \"loginBasePath\": \"string\",\n \"graphApiBasePath\": \"string\"\n}\n```\n",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/TestConnectionResponse"
}
}
}
},
"400": {
"description": "Invalid request"
},
"401": {
"description": "Unauthorized"
}
}
}
},
"/spcatalog/list": {
"get": {
"summary": "get list of Service Provider Catalog item",
"description": "Get Service Provider Catalog item.
\nThis endpoint must be accessed by an administrator.
\n:: Note for website ::
\n+ Default request body is {data: ecdsa_string}
\n\n| **Headers** |\n|----------------------------------------------|\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n### authorization (required)\nJWT\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns object represents list of service providers catalog items\n",
"tags": [
"Service Provider Catalog"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"license": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "authorization",
"in": "header",
"description": "JWT Access Token / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"responses": {
"200": {
"description": "Response body contains 'data' field with encrypted object below:\n```\n{\n \"spCatalogItemOne\": {\n name: \"name\",\n logo: \"logo\",\n sso_url: \"sso_url\",\n template: \"template\"\n },\n \"spCatalogItemTwo\": {\n name: \"name\",\n logo: \"logo\",\n sso_url: \"sso_url\",\n template: \"template\"\n }\n}\n```\n",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/EcdsaEncryptDecryptResponse"
}
}
}
},
"401": {
"description": "Unauthorized"
},
"404": {
"description": "Not found"
}
}
}
},
"/session/new": {
"put": {
"summary": "Create a new session",
"description": "Creates a new **AuthSession** object.
\n- verify the license (with license management API)\n- create a new **sessionId** = new uuid()\n- create entry into the DB\n- **publicKey** is in the request headers\n- return created **sessionId**\n\n| **Headers** |\n|----------------------------------------------|\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n| **Request Body** |\n|----------------------------------------------|\n\n### tag (required)\nThe tag key is type of string and required.\n\n### url (required)\nThe url key is type of string and required.\n\n### communityName (required)\nThe communityName key is type of string and required.\n\n### tenantId (required)\nThe tenantId key is type of string and required.\n\n### communityId (required)\nThe communityId key is type of string and required.\n\n### authPage (optional)\nThe authPage key is type of string and optional.\n\n### scopes (optional)\nThe scopes key is type of string and optional.\n\n### authtype (required)\nThe authtype key is type of string and required.\n\n### metadata (optional)\nMetadata object which supports \"saml\", \"oidc\" and \"authenticationType\" properties\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns created sessionId\n",
"tags": [
"Session"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"license": []
}
],
"parameters": [
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"description": "New session data",
"required": true,
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/NewSessionRequest"
}
}
}
},
"responses": {
"200": {
"description": "Success",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/NewSessionResponse"
}
}
}
},
"400": {
"description": "Success",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ValidationError"
}
}
}
},
"401": {
"description": "Unauthorized"
},
"403": {
"description": "License is not valid for this community"
},
"404": {
"description": "Not found"
}
}
}
},
"/session/response/fetch": {
"post": {
"summary": "Fetch session response",
"description": "Get Authenticate info.
\n - verify license (with license mgmt API)\n - **sessionId** must not be expired\n - caller's **publicKey** must match **SessionAuth.publicKey**\n - return associated **SessionAuthResponse**\n - note:\n - **SessionAuthResponse** object must get deleted after successfully fetch\n - If session has expired, return appropriate error/message and delete both **AuthSession** and **SessionAuthResponse** entries.\n\n\n| **Headers** |\n|----------------------------------------------|\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n### authorization (optional)\nBearer JWT\n\n| **Request Body** |\n|----------------------------------------------|\n\n### sessionId (required)\nThe sessionId key is type of string and required.\n\n### tenantId (required)\nThe tenantId key is type of string and required.\n\n### communityId (required)\nThe communityId key is type of string and required.\n\n### transient (optional)\nThe transient key is type of boolean and optional.\n\n### authenticateMethod (optional)\nIs type of string ['qr', 'stepUp', 'push'] (optional).\n\n### aliasUsed (optional)\nThe aliasUsed key is type of boolean and optional.\n\n| **Returns** |\n|----------------------------------------------|\n\nReturns the Authenticate info.\n",
"tags": [
"Session"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"license": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "authorization",
"in": "header",
"description": "JWT",
"required": false,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"description": "Auth session data",
"required": true,
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/SessionAuthResponseRequest"
}
}
}
},
"responses": {
"200": {
"description": "Success",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/AuthenticateResponse"
}
}
}
},
"400": {
"description": "Success",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ValidationError"
}
}
}
},
"401": {
"description": "Unauthorized"
},
"403": {
"description": "License is not valid for this community"
},
"404": {
"description": "Not found"
}
}
}
},
"/serviceprovider/fetch": {
"post": {
"summary": "Fetch Service Providers",
"description": "Fetch service providers.
\nThis endpoint must be accessed by an administrator.
\n:: Note for website ::
\n+ Default request body is {data: ecdsa_string}
\n\n| **Headers** |\n|----------------------------------------------|\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n### authorization (required)\nJWT\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns ECDSA encrypted array of service providers
\nThis API throw an error if something goes wrong.\n",
"tags": [
"Service Providers"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"license": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "authorization",
"in": "header",
"description": "JWT Access Token / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"responses": {
"200": {
"description": "Success",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/EcdsaEncryptDecryptResponse"
}
}
}
},
"400": {
"description": "Invalid request"
},
"401": {
"description": "Unauthorized"
},
"500": {
"description": "Internal Server Error"
}
}
}
},
"/serviceprovider": {
"put": {
"summary": "Create Service Provider",
"description": "Create Service Provider.
\nThis endpoint must be accessed by an administrator.
\n:: Note for website ::
\n+ Default request body is {data: ecdsa_string}
\n\n| **Headers** |\n|----------------------------------------------|\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n### authorization (required)\nJWT\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns object with public key and encrypted data containing service provider config\n",
"tags": [
"Service Providers"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"license": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "authorization",
"in": "header",
"description": "JWT Access Token / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"description": "Request body contains 'data' field with encrypted object below:\n```\n{\n name: \"string required\",\n environment: \"string optional (default: empty string)\",\n logo: \"string optional - allowed for type = oidc or saml, can be empty string\"\n type: \"string required\",\n saml_config: \"object - required only if type = saml\":\n {\n idpInitiated: \"boolean optional (default: false) - enables IDP-initiated SSO for this SP\",\n accessUrl: \"string required\",\n entityId: \"string required\",\n assertionMethod: \"string required\",\n assertionConsumerServiceURL: \"string required\",\n logoutRequestSignRequired: \"boolean required\",\n logoutResponseSignRequired: \"boolean required\",\n authRequestSignRequired: \"boolean required\",\n assertionSignRequired: \"boolean required\",\n signingCert: \"string optional\",\n signingAlgo: \"string optional (default: RSA_SHA256). Valid: RSA_SHA1, RSA_SHA256\",\n encryptAssertion: \"boolean optional\",\n encryptionCert: \"string optional\",\n encryptionAlgorithm: \"string optional\",\n keyTransportAlgorithm: \"string optional\",\n nameid: \"object required\":\n {\n format: \"string required\",\n value: \"string required\",\n attribute_type: \"string required - session, ledger or identity\"\n },\n relayState: \"string optional (default: empty string) - URL where user is redirected after IDP-initiated login\",\n attributes: [\n {\n claim_name: \"string required\",\n attribute_name: \"string required\",\n attribute_type: \"string required - session, ledger or identity\",\n value_type: \"string optional - static or null or default\",\n value: \"can be anything: object, string, bool, array, number, etc - optional if value_type === null\"\n }\n ],\n metadata: \"string optional\" // XML string by 'escape('XML string')' javascript function\n },\n oidc_config: \"object - required only if type = oidc\":\n {\n grant_types: \"array of strings required\",\n redirect_uris: \"array of URIs required\",\n scope: \"array of strings required\",\n id_token_signed_response_alg: \"string required\"\n },\n forceReauthentication:\"true/false\"\n}\n```\nIMPORTANT - you can send unencrypted data and you will get unecrypted data as well, it is only a preview available in Swagger\n",
"required": true,
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ServiceProviderRequest"
}
}
}
},
"responses": {
"200": {
"description": "Success\n\npublicKey is publicKey of Adminapi API, useful for decryption response\n\ndata is ECDSA encrypted object represents created service provider:\n```\n{\n \"_id\": \"6070951e8dfc7f29228126c9\",\n \"name\": \"Service provider's name\",\n \"environment\": \"Environment name\",\n \"logo\": \"string - only if type = oidc\"\n \"type\": \"saml\",\n \"saml_config\": {\n \"_id\": \"6070951e8dfc7f29228126ca\",\n \"accessUrl\": \"http://google.com\",\n \"entityId\": \"http://google.com\",\n \"assertionMethod\": \"post\",\n \"assertionConsumerServiceURL\": \"http://google.com\",\n \"logoutRequestSignRequired\": true,\n \"logoutResponseSignRequired\": true,\n \"authRequestSignRequired\": true,\n \"assertionSignRequired\": true,\n \"signingCert\": \"signingCert optional\",\n \"signingAlgo\": \"http://www.w3.org/2000/09/xmldsig#rsa-sha256\"\n \"encryptAssertion\": true,\n \"encryptionCert\": \"encryptionCert optional\",\n \"encryptionAlgorithm\": \"http://www.w3.org/2001/04/xmlenc#aes128-gcm\",\n \"keyTransportAlgorithm\": \"http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p\",\n \"idpInitiated\": false,\n \"relayState\": \"\",\n \"nameid\": {\n \"_id\": \"6070951e8dfc7f29228126cb\",\n \"format\": \"emailAddress\",\n \"value\": \"one of session_scope\",\n \"attribute_type\": \"session/ledger/identity\"\n },\n \"attributes\": [\n {\n \"_id\": \"6070951e8dfc7f29228126cc\"\n \"uuid\": \"string\",\n \"claim_name\": \"string\",\n \"attribute_name\": \"string\",\n \"attribute_type\": \"session\",\n \"value_type\": \"static\",\n \"value\": \"value\"\n }\n ],\n \"metadata\": \"\\\\nT\\\\nF\\\\nR\\\\nDF\\\\n\"\n },\n \"oidc_config\": \"object - only if type = oidc\":\n \"communityId\": \"community\",\n \"logo\": \"logo\",\n \"__v\": 0\n}\n```\n",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/EcdsaEncryptDecryptResponse"
}
}
}
},
"400": {
"description": "Validation data error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ValidationError"
}
}
}
},
"401": {
"description": "Unauthorized"
}
}
}
},
"/serviceprovider/{type}": {
"put": {
"summary": "Create Service Provider for featured applications",
"description": "Create Service Provider for featured applications.
\nThis endpoint must be accessed by an administrator.
\n:: Note for website ::
\n+ Default request body is {data: ecdsa_string}
\n\n| **Headers** |\n|----------------------------------------------|\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n### authorization (required)\nJWT\n\n| **Parameters** |\n|----------------------------------------------|\n\n### type (required)\nSupported types: auth0, okta, salesforce, forgerock, gsuite, zendesk\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns object with public key and encrypted data containing service provider config\n",
"tags": [
"Service Providers"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"license": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"name": "type",
"in": "path",
"description": "Supported types - auth0, okta, salesforce, forgerock, gsuite, zendesk",
"required": true,
"schema": {
"type": "string",
"enum": [
"auth0",
"okta",
"forgerock",
"salesforce",
"gsuite",
"zendesk"
]
}
},
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "authorization",
"in": "header",
"description": "JWT Access Token / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"description": "Request body contains 'data' field with one of encrypted objects below:\n```\nFor Auth0:\n{\n \"name\": \"string\",\n \"domain\": \"string\",\n \"ssoUrl\": \"string\",\n \"clientId\": \"onlyForAuthO\",\n \"clientSecret\": \"onlyForAuth0\"\n}\n\nFor Okta:\n{\n \"name\": \"string\",\n \"domain\": \"string\",\n \"ssoUrl\": \"string\",\n \"apiToken\": \"onlyForOkta\"\n}\n\nFor Forgerock:\n{\n \"name\": \"string\",\n \"domain\": \"string\",\n \"ssoUrl\": \"string\",\n \"username\": \"onlyForForgerockSalesforce\",\n \"password\": \"olnyForForgerockSalesforce\",\n \"useExistingCOT\": \"boolean - true/false - onlyForForgerock\",\n \"COT\": \"onlyForForgerock - optional if useExistingCOT === false\",\n \"hostedSP\": \"onlyForForgerock - optional if useExistingCOT === true\"\n}\n\nFor Salesforce:\n{\n \"name\": \"string\",\n \"domain\": \"string\",\n \"ssoUrl\": \"string\",\n \"username\": \"onlyForForgerockSalesforce\",\n \"password\": \"olnyForForgerockSalesforce\",\n \"securityToken\": \"onlyForSalesforce\"\n}\n\nFor GSuite:\n{\n \"name\": \"string\",\n \"domain\": \"string\",\n \"ssoUrl\": \"string\",\n \"sloUrl\": \"string\",\n \"serviceAccountEmail\": \"onlyForGSuite\",\n \"adminEmail\": \"onlyForGSuite\",\n \"serviceAccountPrivateKey\": \"onlyForGSuite\"\n}\n\nFor Zendesk:\n{\n \"name\": \"string\",\n \"domain\": \"string\",\n}\n```\nIMPORTANT - you can send unencrypted data and you will get unecrypted data as well, it is only a preview available in Swagger\n",
"required": true,
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ApplicationCreateRequest"
}
}
}
},
"responses": {
"200": {
"description": "Success\n\npublicKey is publicKey of Adminapi API, useful for decryption response\n\ndata is ECDSA encrypted object represents created service provider:\n```\n{\n \"_id\": \"6070951e8dfc7f29228126c9\",\n \"name\": \"Service provider's name\",\n \"environment\": \"Environment name\",\n \"logo\": \"string - only if type = oidc\"\n \"type\": \"saml\",\n \"saml_config\": {\n \"_id\": \"6070951e8dfc7f29228126ca\",\n \"accessUrl\": \"http://google.com\",\n \"entityId\": \"http://google.com\",\n \"assertionMethod\": \"post\",\n \"assertionConsumerServiceURL\": \"http://google.com\",\n \"logoutRequestSignRequired\": true,\n \"logoutResponseSignRequired\": true,\n \"authRequestSignRequired\": true,\n \"assertionSignRequired\": true,\n \"signingCert\": \"signingCert optional\",\n \"signingAlgo\": \"http://www.w3.org/2000/09/xmldsig#rsa-sha256\",\n \"encryptAssertion\": false,\n \"encryptionCert\": \"encryptionCert optional\",\n \"encryptionAlgorithm\": \"http://www.w3.org/2001/04/xmlenc#aes128-gcm\",\n \"keyTransportAlgorithm\": \"http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p\",\n \"nameid\": {\n \"_id\": \"6070951e8dfc7f29228126cb\",\n \"format\": \"emailAddress\",\n \"value\": \"one of session_scope\",\n \"attribute_type\": \"session/ledger/identity\"\n },\n \"attributes\": [\n {\n \"_id\": \"6070951e8dfc7f29228126cc\"\n \"uuid\": \"string\",\n \"claim_name\": \"string\",\n \"attribute_name\": \"string\",\n \"attribute_type\": \"session\",\n \"value_type\": \"static\",\n \"value\": \"value\"\n }\n ],\n \"metadata\": \"\\\\nT\\\\nF\\\\nR\\\\nDF\\\\n\"\n },\n \"communityId\": \"community\",\n \"logo\": \"logo\",\n \"__v\": 0\n}\n```\n",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/EcdsaEncryptDecryptResponse"
}
}
}
},
"400": {
"description": "Validation data error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ValidationError"
}
}
}
},
"401": {
"description": "Unauthorized"
}
}
}
},
"/serviceprovider/{id}": {
"patch": {
"summary": "Update Service Provider",
"description": "Update Service Provider.
\nThis endpoint must be accessed by an administrator.
\n:: Note for website ::
\n+ Default request body is {data: ecdsa_string}
\n\n| **Headers** |\n|----------------------------------------------|\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n### authorization (required)\nJWT\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns object with public key and encrypted data containing service provider config\n",
"tags": [
"Service Providers"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"license": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"name": "id",
"in": "path",
"schema": {
"type": "string"
},
"required": true
},
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "authorization",
"in": "header",
"description": "JWT Access Token / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"description": "Request body contains 'data' field with encrypted object below:\n```\n{\n name: \"string required\",\n environment: \"string optional (default: empty string)\",\n logo: \"string optional - allowed for type = oidc or saml, can be empty string\",\n type: \"string required\",\n saml_config: \"object not required - required only if type = saml\":\n {\n idpInitiated: \"boolean optional (default: false) - enables IDP-initiated SSO for this SP\",\n accessUrl: \"string required\",\n entityId: \"string required\",\n assertionMethod: \"string required\",\n assertionConsumerServiceURL: \"string required\",\n logoutRequestSignRequired: \"boolean required\",\n logoutResponseSignRequired: \"boolean required\",\n authRequestSignRequired: \"boolean required\",\n assertionSignRequired: \"boolean required\",\n signingCert: \"string optional\",\n signingAlgo: \"string optional (default: RSA_SHA256). Valid: RSA_SHA1, RSA_SHA256\",\n encryptAssertion: \"boolean optional\",\n encryptionCert: \"string optional\",\n encryptionAlgorithm: \"string optional\",\n keyTransportAlgorithm: \"string optional\",\n nameid: \"object required\":\n {\n format: \"string required\",\n value: \"string required\",\n attribute_type: \"string required - session, ledger or identity\"\n },\n relayState: \"string optional (default: empty string) - URL where user is redirected after IDP-initiated login\",\n attributes: [\n {\n _id: \"string\",\n uuid: \"string\",\n claim_name: \"string required\",\n attribute_name: \"string required\",\n attribute_type: \"string required - session, ledger or identity\",\n value_type: \"string optional - static or null or default\",\n value: \"can be anything: object, string, bool, array, number, etc - optional if value_type === null\"\n }\n ],\n metadata: \"string optional\"\n }\n oidc_config: \"object - required only if type = oidc\":\n {\n grant_types: \"array of strings required\",\n redirect_uris: \"array of URIs required\",\n scope: \"array of strings required\",\n id_token_signed_response_alg: \"string required (HS256 or RS256)\"\n }\n}\n```\nIMPORTANT - you can send unencrypted data and you will get unecrypted data as well,it is only a preview available in Swagger\n",
"required": true,
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ServiceProviderRequest"
}
}
}
},
"responses": {
"200": {
"description": "Success\n\npublicKey is publicKey of Adminapi API, useful for decryption response\n\ndata is ECDSA encrypted object represents created service provider:\n```\n{\n \"_id\": \"6070951e8dfc7f29228126c9\",\n \"name\": \"Service provider's name\",\n \"environment\": \"Environment name\",\n \"type\": \"saml\",\n \"saml_config\": {\n \"_id\": \"6070951e8dfc7f29228126ca\",\n \"accessUrl\": \"http://google.com\",\n \"entityId\": \"http://google.com\",\n \"assertionMethod\": \"post\",\n \"assertionConsumerServiceURL\": \"http://google.com\",\n \"logoutRequestSignRequired\": true,\n \"logoutResponseSignRequired\": true,\n \"authRequestSignRequired\": true,\n \"assertionSignRequired\": true,\n \"signingCert\": \"signingCert optional\",\n \"signingAlgo\": \"http://www.w3.org/2000/09/xmldsig#rsa-sha256\",\n \"encryptAssertion\": true,\n \"encryptionCert\": \"encryptionCert optional\",\n \"encryptionAlgorithm\": \"http://www.w3.org/2001/04/xmlenc#aes128-gcm\",\n \"keyTransportAlgorithm\": \"http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p\",\n \"idpInitiated\": false,\n \"relayState\": \"\",\n \"nameid\": {\n \"_id\": \"6070951e8dfc7f29228126cb\",\n \"format\": \"emailAddress\",\n \"value\": \"one of session_scope\",\n \"attribute_type\": \"session/ledger/identity\"\n },\n \"attributes\": [\n {\n \"_id\": \"6070951e8dfc7f29228126cc\",\n \"uuid\": \"string\",\n \"claim_name\": \"string\",\n \"attribute_name\": \"string\",\n \"attribute_type\": \"session\",\n \"value_type\": \"static\",\n \"value\": \"value\"\n }\n ],\n \"metadata\": \"\\\\nT\\\\nF\\\\nR\\\\nDF\\\\n\"\n },\n \"oidc_config\": { ...oidc_config } //object only if type = oidc\n \"communityId\": \"community\",\n \"logo\": \"logo\",\n \"__v\": 0\n}\n```\n",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/EcdsaEncryptDecryptResponse"
}
}
}
},
"400": {
"description": "Validation data error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ValidationError"
}
}
}
},
"401": {
"description": "Unauthorized"
}
}
},
"delete": {
"summary": "Delete Service Provider",
"description": "Delete Service Providers.
\nThis endpoint must be accessed by an administrator.
\n:: Note for website ::
\n+ Default request body is {data: ecdsa_string}
\n\n| **Headers** |\n|----------------------------------------------|\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n### authorization (required)\nJWT\n\n| **Returns** |\n|-------------------------------------------|\n\nDoesn't return anything\n",
"tags": [
"Service Providers"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"license": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"name": "id",
"in": "path",
"description": "ObjectId of existing service provider",
"required": true,
"schema": {
"type": "string",
"example": "xxxxxxxxxxxxxxxxxxxx"
}
},
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "authorization",
"in": "header",
"description": "JWT Access Token / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"responses": {
"204": {
"description": "Success\n\nService provider has beed deleted successfully\n",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/EcdsaEncryptDecryptResponse"
}
}
}
},
"400": {
"description": "Validation data error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ValidationError"
}
}
}
},
"401": {
"description": "Unauthorized"
},
"403": {
"description": "Forbidden"
}
}
},
"get": {
"summary": "Get Service Provider by ID",
"description": "Get Service Provider by ID.
\nThis endpoint must be accessed by an administrator.
\n:: Note for website ::
\n+ Default request body is {data: ecdsa_string}
\n\n| **Parameters** |\n|----------------------------------------------|\n\n### id (required)\nId of MongoDB object\n\n| **Headers** |\n|----------------------------------------------|\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n### authorization (required)\nJWT\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns ECDSA encoded service provider object\n",
"tags": [
"Service Providers"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"license": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"name": "id",
"in": "path",
"description": "Id of service provider",
"required": true,
"schema": {
"type": "string",
"example": "xxxxxxxxxxxxxxxxxxxx"
}
},
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "authorization",
"in": "header",
"description": "JWT Access Token / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"responses": {
"200": {
"description": "Success\n\npublicKey is publicKey of Adminapi API, useful for decryption response\n\ndata is ECDSA encrypted object represents service provider:\n```\n{\n \"_id\": \"6070951e8dfc7f29228126c9\",\n \"name\": \"Service provider's name\",\n \"environment\": \"Environment name\",\n \"logo\": \"string\" // only if type = oidc\n \"type\": \"saml/oidc\",\n \"saml_config\": {{ // only if type = saml\n \"_id\": \"6070951e8dfc7f29228126ca\",\n \"accessUrl\": \"http://google.com\",\n \"entityId\": \"http://google.com\",\n \"assertionMethod\": \"post\",\n \"assertionConsumerServiceURL\": \"http://google.com\",\n \"logoutRequestSignRequired\": true,\n \"logoutResponseSignRequired\": true,\n \"authRequestSignRequired\": true,\n \"assertionSignRequired\": true,\n \"signingCert\": \"signingCert optional\",\n \"signingAlgo\": \"http://www.w3.org/2000/09/xmldsig#rsa-sha256\",\n \"encryptAssertion\": true,\n \"encryptionCert\": \"encryptionCert optional\",\n \"encryptionAlgorithm\": \"http://www.w3.org/2001/04/xmlenc#aes128-gcm\",\n \"keyTransportAlgorithm\": \"http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p\",\n \"idpInitiated\": false,\n \"relayState\": \"\",\n \"nameid\": {\n \"_id\": \"6070951e8dfc7f29228126cb\",\n \"format\": \"emailAddress\",\n \"value\": \"one of session_scope\",\n \"attribute_type\": \"session/ledger/identity\"\n },\n \"attributes\": [\n {\n \"_id\": \"6070951e8dfc7f29228126cc\",\n \"uuid\": \"string\",\n \"claim_name\": \"string\",\n \"attribute_name\": \"string\",\n \"attribute_type\": \"session\",\n \"value_type\": \"static\",\n \"value\": \"value\"\n }\n ],\n \"metadata\": \"\\\\nT\\\\nF\\\\nR\\\\nDF\\\\n\"\n },\n \"oidc_config\": { ...oidc_config } //object only if type = oidc\n \"communityId\": \"community\",\n \"logo\": \"logo\",\n \"__v\": 0\n}\n```\n",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/EcdsaEncryptDecryptResponse"
}
}
}
},
"400": {
"description": "Validation path error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ValidationError"
}
}
}
},
"401": {
"description": "Unauthorized"
},
"403": {
"description": "Forbidden"
},
"404": {
"description": "Not Found"
}
}
}
},
"/serviceprovider/idp-initiated": {
"get": {
"summary": "Fetch IDP-Initiated Apps",
"description": "Fetch all SAML service providers that have IDP-initiated login enabled (`saml_config.idpInitiated: true`).
\nThis endpoint is accessible to all authenticated users (no admin-only authorization check).
\nUsed by the \"My Apps\" tab in the user profile to display apps available for IDP-initiated SSO.\n\n| **Headers** |\n|----------------------------------------------|\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds\n\n### publickey (required)\nPublic key\n\n### authorization (required)\nJWT\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns ECDSA encrypted array of IDP-initiated service providers\n",
"tags": [
"Service Providers"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"license": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "authorization",
"in": "header",
"description": "JWT Access Token / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"responses": {
"200": {
"description": "Success\n\nReturns ECDSA encrypted array of IDP-initiated apps:\n```\n[\n {\n \"_id\": \"6070951e8dfc7f29228126c9\",\n \"name\": \"App Name\",\n \"logo\": \"string or null\",\n \"type\": \"saml\",\n \"idpInitiated\": true\n }\n]\n```\n",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/EcdsaEncryptDecryptResponse"
}
}
}
},
"401": {
"description": "Unauthorized"
},
"500": {
"description": "Internal Server Error"
}
}
}
},
"/serviceprovider/publicinfo/fetch": {
"post": {
"summary": "Get Service Provider public info by SAML request or OIDC request",
"description": "Get Service Provider public info by SAML request or OIDC request.
\nThis endpoint is open.
\n:: Note for website ::
\n+ Default request body is {data: ecdsa_string}
\n\n| **Headers** |\n|----------------------------------------------|\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n### authorization (optional)\nJWT\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns ECDSA encoded service provider object\n",
"tags": [
"Service Providers"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "authorization",
"in": "header",
"description": "JWT Access Token / Try Authorize 🔒",
"required": false,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"description": "Request body contains 'data' field with encrypted object below:\n```\n{\n \"tenantId\": \"string required\",\n \"communityId\": \"string required\",\n // For searching by SAML request, put this field only:\n \"SAMLRequest\": \"SAMLRequest\"\n // For searching by OIDC request, put this field only:\n \"OIDCRequest\": \"OIDCRequest\"\n}\n```\nIMPORTANT - you can send unencrypted data and you will get unecrypted data as well,it is only a preview available in Swagger\n",
"required": true,
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ServiceProviderPublicInfoRequest"
}
}
}
},
"responses": {
"200": {
"description": "Success\n\npublicKey is publicKey of Adminapi, useful for decryption response\n\ndata is ECDSA encrypted object represents service provider:\n```\n{\n \"_id\": \"Service provider id\",\n \"name\": \"Service provider's name\",\n \"logo\": \"logo\",\n \"attributes\": [ // ONLY FOR SAML\n {\n \"_id\": \"6070951e8dfc7f29228126cc\",\n \"uuid\": \"string\",\n \"claim_name\": \"string\",\n \"attribute_name\": \"string\",\n \"attribute_type\": \"session\",\n \"value_type\": \"static\",\n \"value\": \"value\"\n }\n ],\n \"entityId\": \"xxxxx (only for SAML)\",\n \"scope\": [ // ONLY FOR OIDC\n \"profile\",\n \"email\",\n \"openid\"\n ],\n \"requestedAuthnContext\": {\n \"class\": \"IAL1\"\n }\n}\n```\n",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/EcdsaEncryptDecryptResponse"
}
}
}
},
"400": {
"description": "Validation path error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ValidationError"
}
}
}
},
"401": {
"description": "Unauthorized"
},
"403": {
"description": "Forbidden"
},
"404": {
"description": "Not Found"
}
}
}
},
"/servicekeys": {
"get": {
"summary": "Get service keys",
"description": "This endpoint returns available service keys.\nThe license you are using must be of authLevel 'system'\n\n| **Headers** |\n|----------------------------------------------|\n\n### licensekey (required)\nLicense key encrypted with ECDSA\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n| **Returns** |\n|----------------------------------------------|\n\nReturns array with service keys\n",
"tags": [
"Service Key"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"license": []
}
],
"parameters": [
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "licensekey",
"in": "header",
"description": "License key encrypted with ECDSA / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"responses": {
"200": {
"description": "Success",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ServiceKeysResponse"
}
}
}
},
"400": {
"description": "Invalid request"
},
"401": {
"description": "Unauthorized"
},
"500": {
"description": "Internal Server Error"
}
}
}
},
"/servicekey/{keyId}": {
"delete": {
"summary": "Reset Service Key",
"description": "This endpoint resets service key for given keyId. Deletes current one and recreates a new one.\nThe license you are using must be of authLevel 'system'\n\n| **Parameters** |\n|----------------------------------------------|\n\n### keyId (required)\nThe keyId of service key to reset\n\n| **Headers** |\n|----------------------------------------------|\n\n### licensekey (required)\nLicense key encrypted with ECDSA\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n| **Returns** |\n|----------------------------------------------|\n\nReturns re-created service key\n",
"tags": [
"Service Key"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"license": []
}
],
"parameters": [
{
"name": "keyId",
"in": "path",
"description": "keyId of service key to reset",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "licensekey",
"in": "header",
"description": "License key encrypted with ECDSA / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"responses": {
"200": {
"description": "Success",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ServiceKeysResponse"
}
}
}
},
"400": {
"description": "Invalid request"
},
"401": {
"description": "Unauthorized"
},
"500": {
"description": "Internal Server Error"
}
}
}
},
"/sd": {
"get": {
"summary": "Get all service directories.",
"description": "Get all service directories.\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns all service directories.\n",
"tags": [
"Service Directory"
],
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/GetServiceComponentsResponse"
}
}
}
}
}
}
},
"/secret-store/fetch": {
"post": {
"summary": "Get secret store list",
"description": "Get list of secrets for a tenant-community. Returns metadata only (tag, createdBy, createdTs) without secret values.
\nThis endpoint must be accessed by a community administrator.\n\n | **Headers** |\n |----------------------------------------------|\n\n ### requestid (required)\n JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds\n\n ### publickey (required)\n Public key\n\n ### authorization (required)\n JWT\n\n | **Returns** |\n |-------------------------------------------|\n\n Response gives list of secrets metadata (no values)\n",
"tags": [
"Secret Store"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "authorization",
"in": "header",
"description": "JWT Access Token / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"description": "\n```\n{\n \"tenantId\": \"string\",\n \"communityId\": \"string\"\n}\n```\n\nIMPORTANT - you can send unencrypted data and you will get unencrypted data as well, it is only a preview available in Swagger\n",
"required": true,
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/FetchSecretsListRequest"
}
}
}
},
"responses": {
"200": {
"description": "Success",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/FetchSecretsListResponse"
}
}
}
},
"400": {
"description": "Validation data error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ValidationError"
}
}
}
},
"401": {
"description": "Unauthorized"
},
"403": {
"description": "Forbidden"
}
}
}
},
"/secret-store/create": {
"post": {
"summary": "Create a new secret",
"description": "Create a new secret with encrypted value storage.
\nThis endpoint must be accessed by a community administrator.\n\n | **Headers** |\n |----------------------------------------------|\n\n ### requestid (required)\n JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds\n\n ### publickey (required)\n Public key\n\n ### authorization (required)\n JWT\n\n | **Returns** |\n |-------------------------------------------|\n\n Response gives created secret metadata (no value)\n",
"tags": [
"Secret Store"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "authorization",
"in": "header",
"description": "JWT Access Token / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"description": "\n```\n{\n \"tenantId\": \"required string\",\n \"communityId\": \"required string\",\n \"tag\": \"required string - must start with letter [a-zA-Z] and contain only [a-zA-Z0-9_]\",\n \"value\": \"required string - secret value to encrypt\"\n}\n```\n\nIMPORTANT - you can send unencrypted data and you will get unencrypted data as well, it is only a preview available in Swagger\n",
"required": true,
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/CreateSecretRequest"
}
}
}
},
"responses": {
"201": {
"description": "Secret created successfully",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/CreateSecretResponse"
}
}
}
},
"400": {
"description": "Validation data error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ValidationError"
}
}
}
},
"401": {
"description": "Unauthorized"
},
"403": {
"description": "Forbidden"
},
"409": {
"description": "Secret with this tag already exists"
}
}
}
},
"/secret-store/delete": {
"post": {
"summary": "Delete a secret",
"description": "Delete a secret by tag.
\nThis endpoint must be accessed by a community administrator.\n\n | **Headers** |\n |----------------------------------------------|\n\n ### requestid (required)\n JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds\n\n ### publickey (required)\n Public key\n\n ### authorization (required)\n JWT\n\n | **Returns** |\n |-------------------------------------------|\n\n Response gives success message\n",
"tags": [
"Secret Store"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "authorization",
"in": "header",
"description": "JWT Access Token / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"description": "```\n{\n \"tenantId\": \"required string\",\n \"communityId\": \"required string\",\n \"tag\": \"required string - secret identifier to delete\"\n}\n```\nIMPORTANT - you can send unencrypted data, it is only available in Swagger\n",
"required": true,
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/DeleteSecretRequest"
}
}
}
},
"responses": {
"200": {
"description": "Success",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/DeleteSecretResponse"
}
}
}
},
"400": {
"description": "Validation data error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ValidationError"
}
}
}
},
"401": {
"description": "Unauthorized"
},
"403": {
"description": "Forbidden"
},
"404": {
"description": "Secret not found"
}
}
}
},
"/saml/sso": {
"post": {
"description": "Saml SSO.
\n:: Note for website ::
\n+ Default request body is {data: ecdsa_string}
\n\n\n| **Headers** |\n|----------------------------------------------|\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n### authorization (required)\nJWT\n\n| **Request Body** |\n|----------------------------------------------|\n\n### SAMLRequest (required)\nSAMLRequest\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns information to perform SAML SSO.
\nThis API throw an error if something goes wrong.\n",
"tags": [
"Authenticate"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"license": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "authorization",
"in": "header",
"description": "JWT Access Token / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/SAMLRequest"
}
}
}
},
"responses": {
"200": {
"description": "Success",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/EcdsaEncryptDecryptResponse"
}
}
}
},
"400": {
"description": "Invalid request"
},
"401": {
"description": "Unauthorized"
},
"420": {
"description": "Service Provider claims could not be fulfilled"
},
"500": {
"description": "Internal Server Error"
}
}
}
},
"/saml/idp-init/{serviceProviderId}": {
"post": {
"description": "IDP-Initiated SAML SSO.
\nGenerates a SAML assertion without a prior SAMLRequest (unsolicited response).
\nThe service provider must be of type `saml` with `saml_config.idpInitiated: true`.
\n:: Note for website ::
\n+ No request body required, service provider ID is passed as a path parameter.
\n\n| **Headers** |\n|----------------------------------------------|\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds\n\n### publickey (required)\nPublic key\n\n### authorization (required)\nJWT\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns ECDSA encrypted object with SAMLResponse, relayState, and SP info for IDP-initiated SSO.
\nThis API throws an error if something goes wrong.\n",
"tags": [
"Authenticate"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"license": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"name": "serviceProviderId",
"in": "path",
"description": "The ID of the SAML service provider (must have saml_config.idpInitiated = true)",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "authorization",
"in": "header",
"description": "JWT Access Token / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"responses": {
"200": {
"description": "Success\n\nReturns ECDSA encrypted object:\n```\n{\n \"SAMLResponse\": \"base64 string\",\n \"relayState\": \"string (optional)\",\n \"sp\": {\n \"assertionConsumerServiceURL\": \"string - url\",\n \"assertionMethod\": \"string - post or get\"\n }\n}\n```\n",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/EcdsaEncryptDecryptResponse"
}
}
}
},
"400": {
"description": "Invalid request or no SAML SP found for IDP-initiated SSO"
},
"401": {
"description": "Unauthorized"
},
"403": {
"description": "IDP-initiated SSO is not enabled for this service provider"
},
"404": {
"description": "Service provider not found"
},
"500": {
"description": "Internal Server Error"
}
}
}
},
"/saml/samlRequest/generate": {
"post": {
"description": "Generate SAML Request.
\n:: Note for website ::
\n+ Default request body is {data: ecdsa_string}
\n\n\n| **Headers** |\n|----------------------------------------------|\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n### authorization (required)\nJWT\n\n| **Request Body** |\n|----------------------------------------------|\n\n### SAMLRequest (required)\nSAMLRequest\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns information to perform SAML SSO.
\nThis API throw an error if something goes wrong.\n",
"tags": [
"SAML"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"license": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "authorization",
"in": "header",
"description": "JWT Access Token / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/GenerateSamlRequest"
}
}
}
},
"responses": {
"200": {
"description": "Success",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/EcdsaEncryptDecryptResponse"
}
}
}
},
"400": {
"description": "Invalid request"
},
"401": {
"description": "Unauthorized"
},
"420": {
"description": "Service Provider claims could not be fulfilled"
},
"500": {
"description": "Internal Server Error"
}
}
}
},
"/reports/events": {
"post": {
"summary": "Fetch Events",
"description": "Get Reports Raw Events.
\nThis endpoint must be accessed by an administrator
\n\n | **Headers** |\n |----------------------------------------------|\n\n ### requestid (required)\n JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n ### publickey (required)\n Public key\n\n ### authorization (required)\n JWT\n\n | **Returns** |\n |-------------------------------------------|\n\n Response give list of events and pagination info\n",
"tags": [
"Reports"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "authorization",
"in": "header",
"description": "JWT Access Token / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"description": "Success\n\nThe publicKey of WebServer API used in decrypting\n\nRequest body contains *data* field with encrypted object below:\n\nALL fields below except tenantId and communityId are optional:\n\n```\n{\n \"tenantId\": \"string\",\n \"communityId\": \"string\",\n \"pSize\": \"integer, default is 10\",\n \"pIndex\": \"integer, default is 0\",\n \"from\": \"string with date in format YYYY-MM-DD HH:mm:ss.SSS, should be from now to (now - 90 days), default is now - 30 days\",\n \"to\": \"string with date in format YYYY-MM-DD HH:mm:ss.SSS, default is now\",\n \"user_id\": \"string\",\n \"eventName\": \"string\",\n \"outcome\": \"string\"\n \"broker_id\": \"string\",\n \"download\": {\n \"notificationList\": [\"array\", \"of\", \"emails\"]\n }\n}\n```\n\"download\" parameter is optional, if provided notificationList also should be provided\n\nIMPORTANT - you can send unencrypted data and you will get unecrypted data as well, it is only a preview available in Swagger\n",
"required": true,
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/GetEventsRequest"
}
}
}
},
"responses": {
"200": {
"description": "Success\n\nThe publicKey of WebServer API used in decrypting\n\nResponse body contains *data* field with encrypted object below:\n\n```\n{\n \"page\": {\n \"pSize\": 10,\n \"pIndex\": 0,\n \"total\": 3\n },\n \"data\": [\n {\n ...allFieldsFromElasticEvent\n },\n {\n ...allFieldsFromElasticEvent\n },\n {\n ...allFieldsFromElasticEvent\n }\n ]\n}\n```\n\nIf you send \"download\" parameter, then only jobId will be returned:\n\n```\n{\n \"jobId\": \"123-456-789-0000\"\n}\n```\n\nIMPORTANT - you can send unencrypted data and you will get unecrypted data as well, it is only a preview available in Swagger\n",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/GetEventsResponse"
}
}
}
},
"400": {
"description": "Validation data error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ValidationError"
}
}
}
},
"401": {
"description": "Unauthorized"
},
"500": {
"description": "Internal Server Error"
}
}
}
},
"/reports/login_activity": {
"post": {
"summary": "Fetch Login Activity Report",
"description": "Fetch list of E_SP_REDIRECT_SUCCEEDED events and their respective 1 E_LOGIN_SUCCEEDED event for each unique session_id from SP redirects.
\nIf this endpoint is called by basic user, only that user's events will be returned. If it is called by an administrator, then he tenantId, communityId and user_id filters are applied.\nThis endpoint must be accessed by logged in user
\n\n | **Headers** |\n |----------------------------------------------|\n\n ### requestid (required)\n JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n ### publickey (required)\n Public key\n\n ### authorization (required)\n JWT\n\n | **Returns** |\n |-------------------------------------------|\n\n Response give list of E_SP_REDIRECT_SUCCEEDED and E_LOGIN_SUCCEEDED events\n",
"tags": [
"Reports"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "authorization",
"in": "header",
"description": "JWT Access Token / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"description": "Success\n\nThe publicKey of WebServer API used in decrypting\n\nRequest body contains *data* field with encrypted object below:\n\nALL fields below except tenantId and communityId are optional:\n\n```\n{\n \"tenantId\": \"string\",\n \"communityId\": \"string\",\n \"pSize\": \"integer, default is 10\",\n \"pIndex\": \"integer, default is 0\",\n \"from\": \"string with date in format YYYY-MM-DD HH:mm:ss.SSS, should be from now to (now - 90 days), default is now - 30 days\",\n \"to\": \"string with date in format YYYY-MM-DD HH:mm:ss.SSS, default is now\",\n \"user_id\": \"string\",\n \"auth_method\": \"otp | qr etc.\",\n \"application\": \"gsuite\"\n \"download\": {\n \"notificationList\": [\"array\", \"of\", \"emails\"]\n }\n}\n```\n\"download\" parameter is optional, if provided notificationList also should be provided\n\nIMPORTANT - you can send unencrypted data and you will get unecrypted data as well, it is only a preview available in Swagger\n",
"required": true,
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/FetchLoginActivityReportRequest"
}
}
}
},
"responses": {
"200": {
"description": "Success\n\nThe publicKey of WebServer API used in decrypting\n\nResponse body contains *data* field with encrypted object below:\n\n```\n{\n \"page\": {\n \"pSize\": 10,\n \"pIndex\": 0,\n \"total\": 100\n },\n \"data\": [\n \"activityEvents\": [ sp_redirect_event_1, sp_redirect_event_2, ...sp_redirect_event_100 ],\n \"loginEvents\": {\n session_id_1: { e_login_succeeded_event_1 },\n session_id_2: { e_login_succeeded_event_2 },\n ...\n session_id_100: { e_login_succeeded_event_100 }\n }\n ]\n}\n```\n\nIf you send \"download\" parameter, then only jobId will be returned:\n\n```\n{\n \"jobId\": \"123-456-789-0000\"\n}\n```\n\nIMPORTANT - you can send unencrypted data and you will get unecrypted data as well, it is only a preview available in Swagger\n",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/FetchLoginActivityReportResponse"
}
}
}
},
"400": {
"description": "Validation data error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ValidationError"
}
}
}
},
"401": {
"description": "Unauthorized"
},
"500": {
"description": "Internal Server Error"
}
}
}
},
"/reports/event": {
"put": {
"summary": "Store Event",
"description": "Store one event to Reports.
\n\n | **Headers** |\n |----------------------------------------------|\n\n ### requestid (required)\n JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n ### publickey (required)\n Public key\n\n | **Returns** |\n |-------------------------------------------|\n\n Response gives status OK if everything is ok\n",
"tags": [
"Reports"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
}
],
"parameters": [
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"description": "Success\n\nThe publicKey of WebServer API used in decrypting\n\nRequest body contains *data* field with encrypted object below:\n\nALL fields below except tenantId and communityId are optional:\n\n```\n{\n \"tenantId\": \"strin - required\",\n \"communityId\": \"string - required\",\n \"eventData\": {\n \"type\": \"string - required\",\n \"eventName\": \"E_LOGIN_VISITED\",\n \"event_id\": \"string - required\",\n \"caller_user_agent\": \"string - required\",\n \"version\": \"string - required\",\n \"event_ts\": \"number - optional\",\n \"redirect_from\": \"string - optional\",\n },\n \"serverEventData\": {\n \"caller_ip\": \"boolean - optional\", // if true, will use IP detected by server and will overwrite caller_ip from eventData if provided\n \"event_ts\": \"boolean - optional\" // if true, will generate event_ts in miliseconds and will overwrite event_ts from eventData if provided\n }\n}\n```\n\nIMPORTANT - you can send unencrypted data and you will get unecrypted data as well, it is only a preview available in Swagger\n",
"required": true,
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/StoreEventRequest"
}
}
}
},
"responses": {
"200": {
"description": "Success\n"
},
"400": {
"description": "Validation data error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ValidationError"
}
}
}
},
"401": {
"description": "Unauthorized"
},
"500": {
"description": "Internal Server Error"
}
}
}
},
"/reports/download/jobs": {
"post": {
"summary": "Fetch download jobs",
"description": "Fetch download jobs.
\n\n | **Headers** |\n |----------------------------------------------|\n\n ### requestid (required)\n JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n ### publickey (required)\n Public key\n\n ### authorization (required)\n JWT\n\n | **Returns** |\n |-------------------------------------------|\n\n Response give list of download jobs\n",
"tags": [
"Reports"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "authorization",
"in": "header",
"description": "JWT Access Token / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"description": "Success\n\nThe publicKey of WebServer API used in decrypting\n\nRequest body contains *data* field with encrypted object below:\n\nALL fields below are optional:\n\n```\n{\n \"sort\": [\n {\n \"field\": \"field\",\n \"order\": \"desc/asc\"\n }\n ],\n \"pSize\": 10,\n \"pIndex\": 0\n}\n```\n\nIMPORTANT - you can send unencrypted data and you will get unecrypted data as well, it is only a preview available in Swagger\n",
"required": true,
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/GetDownloadJobsRequest"
}
}
}
},
"responses": {
"200": {
"description": "Success\n\nThe publicKey of WebServer API used in decrypting\n\nResponse body contains *data* field with encrypted object below:\n\n```\n{\n \"page\": {\n \"pSize\": 10,\n \"pIndex\": 0,\n \"total\": 100,\n \"sort\": [\n {\n \"field\": \"field\",\n \"order\": \"desc/asc\"\n }\n ],\n },\n \"data\": [\n {\n \"jobId\": \"18518ebc-9820-4b3d-b5f7-e99eae7ba108\",\n \"createdAt\": 1677528772342,\n \"completedAt\": 1677528772342/undefined,\n \"status\": \"Pending\",\n \"requestedBy\": \"email\",\n \"sendNotificationTo\": [\"email@email.com\"],\n \"size\": 1234\n \"downloadLink\": \"https:///downloads/reports/tenant//community//job//report.csv\"\n }\n ]\n}\n```\n\nIMPORTANT - you can send unencrypted data and you will get unecrypted data as well, it is only a preview available in Swagger\n",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/EcdsaEncryptDecryptResponse"
}
}
}
},
"400": {
"description": "Validation data error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ValidationError"
}
}
}
},
"401": {
"description": "Unauthorized"
},
"500": {
"description": "Internal Server Error"
}
}
}
},
"/reports/download/jobs/{jobId}": {
"patch": {
"summary": "Cancel download job",
"description": "Cancel download job.
\nThis endpoint must be accessed by an administrator
\n\n | **Headers** |\n |----------------------------------------------|\n\n ### requestid (required)\n JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n ### publickey (required)\n Public key\n\n ### authorization (required)\n JWT\n\n | **Returns** |\n |-------------------------------------------|\n\n 204 No Content\n",
"tags": [
"Reports"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"in": "path",
"name": "jobId",
"description": "id of job to cancel",
"required": true,
"schema": {
"type": "string",
"example": "xxxxxxxxxxxxxxxxxxxxx"
}
},
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "authorization",
"in": "header",
"description": "JWT Access Token / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"responses": {
"204": {
"description": "No Content"
},
"401": {
"description": "Unauthorized"
},
"404": {
"description": "Job not found"
},
"500": {
"description": "Internal Server Error"
}
}
}
},
"/reports/metrics": {
"post": {
"summary": "Fetch metrics",
"description": "Get metrics.
\nThis endpoint must be accessed by an administrator
\n\n | **Headers** |\n |----------------------------------------------|\n\n ### requestid (required)\n JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n ### publickey (required)\n Public key\n\n ### authorization (required)\n JWT\n\n | **Returns** |\n |-------------------------------------------|\n\n Response give count or list of metrics for each day/hour from date range\n",
"tags": [
"Reports"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "authorization",
"in": "header",
"description": "JWT Access Token / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"description": "Success\n\nThe publicKey of WebServer API used in decrypting\n\nRequest body contains *data* field with encrypted object below:\n\nALL fields below except tenantId and communityId are optional:\n\n```\n{\n \"tenantId\": \"string\",\n \"communityId\": \"string\",\n \"from\": \"string with date in format YYYY-MM-DD HH:mm:ss.SSS, should be from now to (now - 90 days), default is now - 30 days\",\n \"to\": \"string with date in format YYYY-MM-DD HH:mm:ss.SSS, default is now, can be equal to from, then you will get hourly metrics\",\n \"metricsName\": \"string, one of: M_C_ACTIVE_USER, M_C_LOGIN_FAILED, M_C_LOGINS, M_C_NEW_DEVICES, M_G_APPLICATION_USAGE, M_G_LOGIN_FAILED, M_GT_SUCCESSFUL_AUTHENTICATIONS or M_T_NEW_DEVICES\",\n \"responseTimezone\": \"UTC - string optional\" ,\n \"download\":{\n \"requestBy\": \"string, email (required)\",\n \"notificationList\": [ \"string, email (required, 1-5 emails)\" ],\n \"eventData\": {\n \"tenant_dns\": \"string (required)\",\n \"user_id\": \"string (required)\"\n }\n }\n}\n```\n\nIMPORTANT - you can send unencrypted data and you will get unecrypted data as well, it is only a preview available in Swagger\n",
"required": true,
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/GetMetricsRequest"
}
}
}
},
"responses": {
"200": {
"description": "Success\n\nThe publicKey of WebServer API used in decrypting\n\nResponse body contains *data* field with encrypted object below:\n\n```\n// for metricsName starting with M_C_, response is object with count:\n{\n \"count\": \"number\"\n}\n\n// for metricsName not starting with M_C_, response is object with count:\n[\n {\n ...data\n },\n ...moreObjects\n]\n\n// for requests with download object present, response will contain a job id:\n {\n \"jobId\": \"2345612\"\n }\n```\n\nIMPORTANT - you can send unencrypted data and you will get unecrypted data as well, it is only a preview available in Swagger\n",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/GetMetricsResponse"
}
}
}
},
"400": {
"description": "Validation data error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ValidationError"
}
}
}
},
"401": {
"description": "Unauthorized"
},
"500": {
"description": "Internal Server Error"
}
}
}
},
"/reports/userenrollment": {
"post": {
"summary": "Last login report",
"description": "Get Last Login Report.
\nThis endpoint must be accessed by an administrator
\n\n | **Headers** |\n |----------------------------------------------|\n\n ### requestid (required)\n JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n ### publickey (required)\n Public key\n\n ### authorization (required)\n JWT\n\n | **Returns** |\n |-------------------------------------------|\n\n Response give list of events and pagination info\n",
"tags": [
"Reports"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "authorization",
"in": "header",
"description": "JWT Access Token / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"description": "Success\n\nThe publicKey of WebServer API used in decrypting\n\nRequest body contains *data* field with encrypted object below:\n\nALL fields below except tenantId and communityId are optional:\n\n```\n{\n \"tenantId\": \"string\",\n \"communityId\": \"string\",\n \"pSize\": \"integer, default is 10\",\n \"pIndex\": \"integer, default is 0\",\n \"moduleId\": \"string\",\n \"query\": {}\n}\n```\n\nIMPORTANT - you can send unencrypted data and you will get unecrypted data as well, it is only a preview available in Swagger\n",
"required": true,
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/lastLoginReportRequest"
}
}
}
},
"responses": {
"200": {
"description": "Success\n\nThe publicKey of WebServer API used in decrypting\n\nResponse body contains *data* field with encrypted object below:\n\n```\n{\n \"page\": {\n \"pSize\": 10,\n \"pIndex\": 0,\n \"total\": 3\n },\n \"data\": [\n {\n \"username\": \"abc\",\n \"status\": \"active\",\n \"email\": \"abc@email.com\",\n \"lastLoginTime\": \"2023-06-12 14:03:59.450\",\n },\n {\n \"username\": \"test\",\n \"status\": \"disabled\",\n \"email\": \"test@email.com\",\n \"lastLoginTime\": \"2023-06-12 14:03:59.450\",\n },\n ]\n}\n```\n\nIMPORTANT - you can send unencrypted data and you will get unecrypted data as well, it is only a preview available in Swagger\n",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/GetEventsResponse"
}
}
}
},
"400": {
"description": "Validation data error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ValidationError"
}
}
}
},
"401": {
"description": "Unauthorized"
},
"500": {
"description": "Internal Server Error"
}
}
}
},
"/reports/role_assignment": {
"post": {
"summary": "Request role_assignment download job",
"description": "Request role_assignment download job.
\nThis endpoint must be accessed by an administrator
\n\n | **Headers** |\n |----------------------------------------------|\n\n ### requestid (required)\n JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n ### publickey (required)\n Public key\n\n ### authorization (required)\n JWT\n\n | **Returns** |\n |-------------------------------------------|\n\n Response give list of events and pagination info\n",
"tags": [
"Reports"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "authorization",
"in": "header",
"description": "JWT Access Token / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"description": "Success\n\nThe publicKey of WebServer API used in decrypting\n\nRequest body contains *data* field with encrypted object below:\n\nALL fields below except tenantId and communityId are optional:\n\n```\n{\n \"tenantId\": \"string\",\n \"communityId\": \"string\",\n \"roleIds\": [\"234\", \"46576\", \"34565\"],\n \"download\": {\n \"notificationList\": [\"array\", \"of\", \"emails\"]\n }\n}\n```\n\nIMPORTANT - you can send unencrypted data and you will get unecrypted data as well, it is only a preview available in Swagger\n",
"required": true,
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/RoleAssignmentRequest"
}
}
}
},
"responses": {
"200": {
"description": "Success\n\nThe publicKey of WebServer API used in decrypting\n\nResponse body contains *data* field with encrypted object below:\n\n```\n{\n \"page\": {\n \"pSize\": 10,\n \"pIndex\": 0,\n \"total\": 3\n },\n \"data\": [\n {\n ...allFieldsFromElasticEvent\n },\n {\n ...allFieldsFromElasticEvent\n },\n {\n ...allFieldsFromElasticEvent\n }\n ]\n}\n```\n\nIf you send \"download\" parameter, then only jobId will be returned:\n\n```\n{\n \"jobId\": \"123-456-789-0000\"\n}\n```\n\nIMPORTANT - you can send unencrypted data and you will get unecrypted data as well, it is only a preview available in Swagger\n",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/RoleAssignmentResponse"
}
}
}
},
"400": {
"description": "Validation data error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ValidationError"
}
}
}
},
"401": {
"description": "Unauthorized"
},
"500": {
"description": "Internal Server Error"
}
}
}
},
"/reports/audit_log": {
"post": {
"summary": "Fetch Audit log Report",
"description": "This endpont should return events where eventCategory = 'AUDIT_LOG'
\nIt is access by an tenant/community administrator.
\n\n| **AUDIT_LOG events** |\n|----------------------------------------------|\n \n E_BROKER_DISCONNECTED,\n E_DIRECTORY_ADDED,\n E_DIRECTORY_MODIFIED,\n E_DIRECTORY_REMOVED,\n E_DIRECTORY_BROKER_ENABLED,\n E_DIRECTORY_BROKER_DISABLED,\n E_DIRECTORY_BROKER_DELETED,\n E_DIRECTORY_BROKER_MODIFIED,\n E_DIRECTORY_ATTRIBUTE_ADDED,\n E_DIRECTORY_ATTRIBUTE_MODIFIED,\n E_DIRECTORY_ATTRIBUTE_DELETED,\n E_DIRECTORY_ADVANCED_CONFIGURATION_MODIFIED,\n E_IDP_CONFIGURATION_MODIFIED,\n E_ROLE_CHANGED,\n E_SP_CREATED,\n E_SP_MODIFIED,\n E_SP_DELETED,\n E_PREFERREDSTORES_MODIFIED,\n E_BRANDING_MODIFIED,\n E_ADAPTIVEAUTH_MODIFIED,\n\n
\n\n | **Headers** |\n |----------------------------------------------|\n\n ### requestid (required)\n JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n ### publickey (required)\n Public key\n\n ### authorization (required)\n JWT\n\n | **Returns** |\n |-------------------------------------------|\n\n Response give list of events where eventCategory = 'AUDIT_LOG'\n",
"tags": [
"Reports"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "authorization",
"in": "header",
"description": "JWT Access Token / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"description": "Success\n\nThe publicKey of WebServer API used in decrypting\n\nRequest body contains *data* field with encrypted object below:\n\nALL fields below except tenantId and communityId are optional:\n\n```\n{\n \"tenantId\": \"string\",\n \"communityId\": \"string\",\n \"pSize\": \"integer, default is 10\",\n \"pIndex\": \"integer, default is 0\",\n \"from\": \"string with date in format YYYY-MM-DD HH:mm:ss.SSS, should be from now to (now - 90 days), default is now - 30 days\",\n \"to\": \"string with date in format YYYY-MM-DD HH:mm:ss.SSS, default is now\",\n \"user_id\": \"string\",\n \"download\": {\n \"notificationList\": [\"array of emails\"]\n }\n}\n```\n\"download\" parameter is optional, if provided notificationList also should be provided\n\nIMPORTANT - you can send unencrypted data and you will get unecrypted data as well, it is only a preview available in Swagger\n",
"required": true,
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/AuditLogReportRequest"
}
}
}
},
"responses": {
"200": {
"description": "Success\n\nThe publicKey of WebServer API used in decrypting\n\nResponse body contains *data* field with encrypted object below:\n\n```\n{\n \"page\": {\n \"pSize\": 10,\n \"pIndex\": 0,\n \"total\": 100\n },\n \"data\": [\n \"auditLogEvents\": [\n { audit_log_event_1 },\n { audit_log_event_1 },\n ...\n { audit_log_event_100 }\n ]\n ]\n}\n```\n\nIf you send \"download\" parameter, then only jobId will be returned:\n\n```\n{\n \"jobId\": \"123-456-789-0000\"\n}\n```\n\nIMPORTANT - you can send unencrypted data and you will get unecrypted data as well, it is only a preview available in Swagger\n",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/AuditLogReportRequestResponse"
}
}
}
},
"400": {
"description": "Validation data error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ValidationError"
}
}
}
},
"401": {
"description": "Unauthorized"
},
"500": {
"description": "Internal Server Error"
}
}
}
},
"/reports/hardwaretokens_export": {
"post": {
"summary": "Export token data",
"description": "Exports token data based on the provided query and requested report type.
\nThe type can be either `\"hardware_tokens\"` or `\"user_hardwaretokens\"`.
\nThis endpoint must be accessed by a user with the appropriate permissions to export data.
\n\n\n| **Headers** |\n|----------------------------------------------|\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n### authorization (required)\nJWT access token\n\n\n| **Request body** |\n|----------------------------------------------|\n ### reports_type (required)\n reports_type : string\n\n ### query (optional)\n query : object\n\n ### download (required)\n download : object\n\n\n| **Returns** |\n|----------------------------------------------|\n Returns a Job ID created for the export request.\n",
"tags": [
"Reports"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA. Should contain \"appid\" (string), \"uuid\" (string), and \"ts\" (number). The timestamp must be within 'environment.allowed_time_span' seconds from the current time. / Try Authorize \ud83d\udd10",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize \ud83d\udd10",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "authorization",
"in": "header",
"description": "JWT Access Token / Try Authorize \ud83d\udd10",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"description": "JSON object containing the report type, query, and download notification list.
",
"required": true,
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ExportHardwareTokensRequest"
}
}
}
},
"responses": {
"200": {
"description": "Success. The `publicKey` of the WebServer API is used for decryption.
\nThe response contains an encrypted `data` field:\n\n```\n{\n \"jobId\": \"123-456-789-0000\"\n}\n```\n\n\u26a0\ufe0f Note: You can send unencrypted data and receive unencrypted data as well. This is only for preview in Swagger.\n",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ExportHardwareTokensResponse"
}
}
}
},
"400": {
"description": "Validation error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ValidationError"
}
}
}
},
"401": {
"description": "Unauthorized"
},
"500": {
"description": "Internal Server Error"
}
}
}
},
"/register/sendverify": {
"put": {
"description": "Send account creation verification magic link.
\n:: Notes for website ::
\n+ Default request body is {data: ecdsa_string}
\n+ This API can accept any query params which will be passed to template
\n\n\n| **Headers** |\n|----------------------------------------------|\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n\n| **Request Body** |\n|----------------------------------------------|\n\n\n### email (required)\nemail : string\n\n### tenantId (required)\ntenantId : string\n\n### communityId (required)\ncommunityId : string\n\n### captchaToken (required)\ncaptchaToken : string\n\n\n| **Returns** |\n|-------------------------------------------|\n\nSend account creation verification magic link via email.
\nThis API throw an error if something goes wrong.\n",
"tags": [
"Self Registration"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
}
],
"parameters": [
{
"name": "SAMLRequest",
"in": "query",
"description": "SAML SAMLRequest",
"required": false,
"schema": {
"type": "string"
}
},
{
"name": "RelayState",
"in": "query",
"description": "SAML RelayState",
"required": false,
"schema": {
"type": "string"
}
},
{
"name": "SigAlg",
"in": "query",
"description": "SAML SigAlg",
"required": false,
"schema": {
"type": "string"
}
},
{
"name": "Signature",
"in": "query",
"description": "SAML Signature",
"required": false,
"schema": {
"type": "string"
}
},
{
"name": "ForceAuthn",
"in": "query",
"description": "SAML ForceAuthn",
"required": false,
"schema": {
"type": "string"
}
},
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/SendVerifyRequest"
}
}
}
},
"responses": {
"200": {
"description": "Success",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/SendVerifyResponse"
}
}
}
},
"400": {
"description": "Invalid request"
},
"401": {
"description": "Unauthorized"
},
"409": {
"description": "Conflict"
},
"500": {
"description": "Internal Server Error"
}
}
}
},
"/register/verifyemail": {
"post": {
"description": "Verify email by uuid code.
\n:: Note for website ::
\n+ Default request body is {data: ecdsa_string}
\n\n\n| **Headers** |\n|----------------------------------------------|\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n\n| **Request Body** |\n|----------------------------------------------|\n\n\n### tenantId (required)\ntenantId : string\n\n### communityId (required)\ncommunityId : string\n\n### code (required)\ncode : string\n\n\n| **Returns** |\n|-------------------------------------------|\n\nUser email.
\nThis API throw an error if something goes wrong.\n",
"tags": [
"Self Registration"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
}
],
"parameters": [
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/VerifyEmailRequest"
}
}
}
},
"responses": {
"200": {
"description": "Success",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/VerifyEmailResponse"
}
}
}
},
"400": {
"description": "Invalid request"
},
"401": {
"description": "Unauthorized"
},
"404": {
"description": "Not Found"
},
"410": {
"description": "Gone"
},
"429": {
"description": "Too Many Requests"
},
"500": {
"description": "Internal Server Error"
}
}
}
},
"/register/user": {
"put": {
"description": "Register user.
\n:: Note for website ::
\n+ Default request body is {data: ecdsa_string}
\n\n\n| **Headers** |\n|----------------------------------------------|\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n\n| **Request Body** |\n|----------------------------------------------|\n\n\n### tenantId (required)\ntenantId : string\n\n### communityId (required)\ncommunityId : string\n\n### moduleId (required)\nmoduleId : string\n\n### firstname (required)\nfirstname : string\n\n### lastname (required)\nlastname : string\n\n### email (required)\nemail : string\n\n### password (required)\npassword : string\n\n### code (required)\ncode : string\n\n### captchaToken (required)\ncaptchaToken : string\n\n### phoneNumber (required)\nphoneNumber : string\n\n### phoneToken (required)\nphoneToken : string\n\n\n| **Returns** |\n|-------------------------------------------|\n\nUser object and pon data and jwt.
\nThis API throw an error if something goes wrong.\n",
"tags": [
"Self Registration"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
}
],
"parameters": [
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/RegisterRequest"
}
}
}
},
"responses": {
"200": {
"description": "Success",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/AuthenticateResponse"
}
}
}
},
"400": {
"description": "Invalid request"
},
"401": {
"description": "Unauthorized"
},
"404": {
"description": "Not Found"
},
"410": {
"description": "Gone"
},
"429": {
"description": "Too Many Requests"
},
"500": {
"description": "Internal Server Error"
}
}
}
},
"/register/phoneverify/session/create": {
"put": {
"description": "Create phone verification session during registration.
\n:: Note for website ::
\n+ Default request body is {data: ecdsa_string}
\n\n\n| **Headers** |\n|----------------------------------------------|\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n\n| **Request Body** |\n|----------------------------------------------|\n\n\n### tenantId (required)\ntenantId : string\n\n### communityId (required)\ncommunityId : string\n\n### tenantTag (required)\ntenantTag : string\n\n### communityName (required)\ncommunityName : string\n\n### communityPublicKey (required)\ncommunityPublicKey : string\n\n### phoneNumber (required)\nphoneNumber : string\n\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns object with sessionId, sessionUrl, serviceEnv, smsServiceNumber, smsTemplateB64 and phoneToken needed for registering phone number\n",
"tags": [
"Self Registration"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
}
],
"parameters": [
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/CreateRegistrationPhoneVerificationSessionRequest"
}
}
}
},
"responses": {
"201": {
"description": "Successfully created",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/CreateRegistrationPhoneVerificationSessionResponse"
}
}
}
},
"400": {
"description": "Invalid request"
},
"401": {
"description": "Unauthorized"
},
"500": {
"description": "Internal Server Error"
}
}
}
},
"/register/phoneverify/session/{sessionId}/poll": {
"post": {
"description": "Poll for phone verification session during registration.
\n:: Note for website ::
\n+ Default request body is {data: ecdsa_string}
\n\n\n| **Headers** |\n|----------------------------------------------|\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n\n| **Request Body** |\n|----------------------------------------------|\n\n\n### phoneToken (required)\nphoneToken : string\n\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns new phone token needed for completing registration\n",
"tags": [
"Self Registration"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
}
],
"parameters": [
{
"name": "sessionId",
"in": "path",
"description": "sessionId of created session",
"required": true,
"schema": {
"type": "string",
"example": "xxxxxxx"
}
},
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/PollRegistrationPhoneVerificationSessionRequest"
}
}
}
},
"responses": {
"200": {
"description": "Success",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/PollRegistrationPhoneVerificationSessionResponse"
}
}
}
},
"400": {
"description": "Invalid request"
},
"401": {
"description": "Unauthorized"
},
"404": {
"description": "Not Found"
},
"500": {
"description": "Internal Server Error"
}
}
}
},
"/radius/fetch": {
"post": {
"summary": "Fetch radius configurations",
"description": "Fetch radius configurations.
\nThis endpoint must be accessed by an administrator.
\n:: Note for website ::
\n+ Default request body is {data: ecdsa_string}
\n\n| **Headers** |\n|----------------------------------------------|\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n### authorization (required)\nJWT\n\n| **Request Body** |\n|----------------------------------------------|\n\n\n### tenantId (required)\ntenantId : string\n\n### communityId (required)\ncommunityId : string\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns radius configurations.
\nThis API throw an error if something goes wrong.\n",
"tags": [
"Radius"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"license": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "authorization",
"in": "header",
"description": "JWT Access Token / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/FetchRadiusConfigurationsRequest"
}
}
}
},
"responses": {
"200": {
"description": "Success",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/EcdsaEncryptDecryptResponse"
}
}
}
},
"400": {
"description": "Invalid Request"
},
"401": {
"description": "Unauthorized"
},
"404": {
"description": "Not Found"
},
"500": {
"description": "Internal Server Error"
}
}
}
},
"/radius/config/{uid}": {
"put": {
"summary": "Set radius configuration",
"description": "Set radius configuration.
\nThis endpoint must be accessed by an administrator.
\n:: Note for website ::
\n+ Default request body is {data: ecdsa_string}
\n\n| **Headers** |\n|----------------------------------------------|\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n### authorization (required)\nJWT\n\n| **Request Body** |\n|----------------------------------------------|\n\n\n### name (required)\nname : string\n\n### authScheme (required)\nauthScheme : array\n\n### pushKeyword (required)\npushKeyword : string\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns Set radius configuration.
\nThis API throw an error if something goes wrong.\n",
"tags": [
"Radius"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"license": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"name": "uid",
"in": "path",
"description": "uid for creating configuration;",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "authorization",
"in": "header",
"description": "JWT Access Token / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/CreateRadiusRequest"
}
}
}
},
"responses": {
"200": {
"description": "Success",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/EcdsaEncryptDecryptResponse"
}
}
}
},
"400": {
"description": "Invalid Request"
},
"401": {
"description": "Unauthorized"
},
"404": {
"description": "Not Found"
},
"500": {
"description": "Internal Server Error"
}
}
},
"delete": {
"summary": "Delete radius configuration",
"description": "Delete radius configuration.
\nThis endpoint must be accessed by an administrator.
\n:: Note for website ::
\n+ Default request body is {data: ecdsa_string}
\n\n| **Headers** |\n|----------------------------------------------|\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n### authorization (required)\nJWT\n\n| **Request Body** |\n|----------------------------------------------|\n\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns Set radius configuration.
\nThis API throw an error if something goes wrong.\n",
"tags": [
"Radius"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"license": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"name": "uid",
"in": "path",
"description": "uid for creating configuration;",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "authorization",
"in": "header",
"description": "JWT Access Token / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"responses": {
"200": {
"description": "Success",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/EcdsaEncryptDecryptResponse"
}
}
}
},
"400": {
"description": "Invalid Request"
},
"401": {
"description": "Unauthorized"
},
"404": {
"description": "Not Found"
},
"500": {
"description": "Internal Server Error"
}
}
}
},
"/pwd-policy/fetch": {
"post": {
"summary": "Get password policy by moduleId.",
"description": "Get password policy by moduleId.
\n- Any license.\n\n| **Headers** |\n|----------------------------------------------|\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n| **Returns** |\n|-------------------------------------------|\n\nPassword policy rules with descriptions.
\nThis API throw an error if something goes wrong.\n",
"tags": [
"Password Policy"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
}
],
"parameters": [
{
"name": "licensekey",
"in": "header",
"description": "License key encrypted with ECDSA / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"description": "Request body contains *data* field with encrypted object below:\n```\n{\n \"tenantId\": \"required string\",\n \"communityId\": \"required string\",\n \"moduleId\": \"required string\"\n}\n```\n\nIMPORTANT - you can send unencrypted data and you will get unecrypted data as well, it is only a preview available in Swagger\n",
"required": true,
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/FetchPwdPolicyRequest"
}
}
}
},
"responses": {
"200": {
"description": "Success\n\ndata is ECDSA encrypted object returns rules and descriptions:\n\n```\n{\n \"rules\": {\n \"min\": N,\n \"special\": true,\n \"number\": true,\n \"noUsername\": false,\n \"noSpaces\": true,\n \"allowInRow\": N\n },\n \"descriptions\": [\n \"xxxxx xxxx xxxxx N xxxxxxx\"\n ]\n}\n```\n",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/EcdsaEncryptDecryptResponse"
}
}
}
},
"400": {
"description": "Bad request, Auth Module type not Supported"
},
"404": {
"description": "Module Not found"
}
}
}
},
"/authenticate_via_push": {
"post": {
"summary": "Send push notification",
"description": "authenticate user via push notification.
\n:: Note for website ::
\n+ Default request body is {data: ecdsa_string}
\n\n\n| **Headers** |\n|----------------------------------------------|\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n\n| **Request Body** |\n|----------------------------------------------|\n\n\n### tenantId (required)\ntenantId : string\n\n### communityId (required)\ncommunityId : string\n\n### username (optional)\nusername : string\n\n### user_token (optional)\nuser_token : string\n\n### sessionUrl (required)\nsessionUrl : string\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns the push notification info.
\nThis API throw an error if something goes wrong.\n",
"tags": [
"Authenticate"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"license": []
}
],
"parameters": [
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/SendPushNotificationRequest"
}
}
}
},
"responses": {
"200": {
"description": "Success",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/SendPushNotificationResponse"
}
}
}
},
"400": {
"description": "Invalid request"
},
"401": {
"description": "Unauthorized"
},
"429": {
"description": "Too Many Requests. User has exceeded the push notification rate limit.\nResponse includes retryAfterSeconds in the response body.\n"
},
"500": {
"description": "Internal Server Error"
}
}
}
},
"/publickeys": {
"get": {
"description": "Returns ecdsa public key for this service.\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns a public key object\n",
"tags": [
"Public Key"
],
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/PublicKeyResponse"
}
}
}
},
"401": {
"description": "Invalid hawk signature / ID found."
}
}
}
},
"/platform_health": {
"get": {
"summary": "Get Platform Health.",
"description": "Get healthz
\n\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns a healthz object\n - ```version = ..```
\n\n - ```git-tag```: When code is compiled from a git-tag, this must carry the tag name. This should match one of the git tags.\n - ```commit-id```: This is the git-commit-id. eg: When code is built from this, the hex code, in the end, is the commit it.\n - ```dob```: Date Of Build. This is epoc-time-in-se\tconds that tell the time when the build was created.\n - \u200bif the code is not built from a git-tag, then the ```version =\ufffc.```\n",
"tags": [
"Healthz"
],
"responses": {
"200": {
"description": "Success\n\n```\n{\n \"status\": \"all services operational\",\n \"publicKey\": \"string\" //same as /publickeys endpoint,\n \"code\": \"200\",\n \"version\": \"\" //as defined above\n}\n```\n",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/HealthzResponse"
}
}
}
}
}
}
},
"/permission/fetch": {
"post": {
"summary": "Fetch permissions.",
"description": "Fetch permissions.
\nThis endpoint must be accessed by an administrator.
\n:: Note for website ::
\n+ Default request body is {data: ecdsa_string}
\n\n| **Headers** |\n|----------------------------------------------|\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 60 seconds from now\n\n### publickey (required)\nPublic key\n\n### authorization (required)\nJWT\n\n| **Request Body** |\n|----------------------------------------------|\n\n### tenantId (required)\ntenantId : string\n\n### communityId (required)\ncommunityId : string\n\n### moduleId (required)\nmoduleId : string\n\n### uid (required)\nuid : string\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns the list of permissions.
\nThis API throw an error if something goes wrong.\n",
"tags": [
"Permission"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"license": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"name": "licensekey",
"in": "header",
"description": "License key encrypted with ECDSA / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 60 seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "authorization",
"in": "header",
"description": "JWT Access Token / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/FetchPermissionRequest"
}
}
}
},
"responses": {
"200": {
"description": "Success",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/FetchPermissionResponse"
}
}
}
},
"400": {
"description": "Invalid request"
},
"401": {
"description": "Unauthorized"
},
"500": {
"description": "Internal Server Error"
}
}
}
},
"/password_reset/user/fetch": {
"post": {
"description": "Fetch user object and user_token with acr code for self password reset.
\n:: Notes for website ::
\n+ Default request body is {data: ecdsa_string}
\n+ This API can accept any query params which will be passed to template
\n\n\n| **Headers** |\n|----------------------------------------------|\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n\n| **Request Body** |\n|----------------------------------------------|\n\n### tenantId (required)\ntenantId : string\n\n### communityId (required)\ncommunityId : string\n\n### code (required)\ncode : string\n\n| **Returns** |\n|-------------------------------------------|\n\nSend account creation verification magic link via email.
\nThis API throw an error if something goes wrong.\n",
"tags": [
"Reset Password"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
}
],
"parameters": [
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/PasswordResetUserFetchRequest"
}
}
}
},
"responses": {
"200": {
"description": "Success",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/PasswordResetUserFetchResponse"
}
}
}
},
"400": {
"description": "Invalid request"
},
"401": {
"description": "Unauthorized"
},
"404": {
"description": "Not Found"
},
"410": {
"description": "Gone"
},
"429": {
"description": "Too Many Requests"
},
"500": {
"description": "Internal Server Error"
}
}
}
},
"/password_reset/sendverify": {
"put": {
"description": "Sends self reset password verification magic link email.
\n:: Notes for website ::
\n+ Default request body is {data: ecdsa_string}
\n+ This API can accept any query params which will be passed to template
\n\n\n| **Headers** |\n|----------------------------------------------|\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n\n| **Request Body** |\n|----------------------------------------------|\n\n\n### destination (required)\ndestination : string\n\n### user_token (required)\nuser_token : string\n\n### tenantId (required)\ntenantId : string\n\n### communityId (required)\ncommunityId : string\n\n### captchaToken (required)\ncaptchaToken : string\n\n### license (optional, if valid license was provided, bypass captcha checking)\nlicense : string\n\n| **Returns** |\n|-------------------------------------------|\n\nSend account creation verification magic link via email.
\nThis API throw an error if something goes wrong.\n",
"tags": [
"Reset Password"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
}
],
"parameters": [
{
"name": "SAMLRequest",
"in": "query",
"description": "SAML SAMLRequest",
"required": false,
"schema": {
"type": "string"
}
},
{
"name": "RelayState",
"in": "query",
"description": "SAML RelayState",
"required": false,
"schema": {
"type": "string"
}
},
{
"name": "SigAlg",
"in": "query",
"description": "SAML SigAlg",
"required": false,
"schema": {
"type": "string"
}
},
{
"name": "Signature",
"in": "query",
"description": "SAML Signature",
"required": false,
"schema": {
"type": "string"
}
},
{
"name": "ForceAuthn",
"in": "query",
"description": "SAML ForceAuthn",
"required": false,
"schema": {
"type": "string"
}
},
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/PasswordResetSendVerifyRequest"
}
}
}
},
"responses": {
"200": {
"description": "Success",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/PasswordResetSendVerifyResponse"
}
}
}
},
"400": {
"description": "Invalid request"
},
"401": {
"description": "Unauthorized"
},
"500": {
"description": "Internal Server Error"
}
}
}
},
"/password_reset": {
"post": {
"description": "Self reset user's own password based on code and otp and id proofing.
\n code and otp are sent to user via email and phone respectively.
\n ID proofing URL sent to user via email and phone respectively.
\n:: Notes for website ::
\n+ Default request body is {data: ecdsa_string}
\n+ This API can accept any query params which will be passed to template
\n\n\n| **Headers** |\n|----------------------------------------------|\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n\n| **Request Body** |\n|----------------------------------------------|\n\n\n### tenantId (required)\ntenantId : string\n\n### communityId (required)\ncommunityId : string\n\n### code (optional) // if SSPR is enabled, this is not required\ncode : string\n\n### otp (optional)\notp : string\n\n### newPassword (required)\nnewPassword : string\n\n### user_token (required)\nuser_token : string\n\n| **Returns** |\n|-------------------------------------------|\n\nSend reset password link via email or SMS.
\nThis API throw an error if something goes wrong.\n",
"tags": [
"Reset Password"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
}
],
"parameters": [
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/PasswordResetRequest"
}
}
}
},
"responses": {
"200": {
"description": "Success",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/PasswordResetResponse"
}
}
}
},
"400": {
"description": "Invalid request"
},
"401": {
"description": "Unauthorized"
},
"500": {
"description": "Internal Server Error"
}
}
}
},
"/oidc/sso": {
"post": {
"description": "Oidc SSO.
\n:: Note for website ::
\n+ Default request body is {data: ecdsa_string}
\n\n\n| **Headers** |\n|----------------------------------------------|\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n### authorization (required)\nJWT\n\n| **Request Body** |\n|----------------------------------------------|\n\n### OIDCRequest (required)\nOIDCRequest\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns information to perform OIDC SSO.
\nThis API throw an error if something goes wrong.\n",
"tags": [
"Authenticate"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"license": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "authorization",
"in": "header",
"description": "JWT Access Token / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/OIDCRequest"
}
}
}
},
"responses": {
"200": {
"description": "Success",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/EcdsaEncryptDecryptResponse"
}
}
}
},
"400": {
"description": "Invalid request"
},
"401": {
"description": "Unauthorized"
},
"420": {
"description": "Service Provider claims could not be fulfilled"
},
"500": {
"description": "Internal Server Error"
}
}
}
},
"/nonce/sign": {
"post": {
"summary": "Sign a nonce",
"description": "Sign a nonce sent by the UI.
\n:: Note for website ::
\n+ Default request body is {data: ecdsa_string}
\n\n\n| **Headers** |\n|----------------------------------------------|\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n### licensekey (optional)\nLicense key auth-type is a service/system, encrypted using ECDSA\n\n\n| **Request Body** |\n|----------------------------------------------|\n\n\n### tenantId (required)\ntenantId : string\n\n### communityId (required)\ncommunityId : string\n\n### nonce (required)\nnonce : string\n\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns a singed nonce value.
\nThis API throw an error if something goes wrong.\n",
"tags": [
"Sign nonce"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"license": []
}
],
"parameters": [
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA containing \"appid\", \"uuid\", and \"ts\" (epoch timestamp in seconds).",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"required": true,
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/NonceSignRequest"
}
}
}
},
"responses": {
"200": {
"description": "Successfully signed nonce",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/NonceSignResponse"
}
}
}
},
"400": {
"description": "Invalid request"
},
"401": {
"description": "Unauthorized"
},
"500": {
"description": "Internal Server Error"
}
}
}
},
"/msg_gateway/fetch": {
"post": {
"summary": "Get message gateway configs",
"description": "Get message gateway configs.
\nThis endpoint must be accessed by an administrator
\n\n | **Headers** |\n |----------------------------------------------|\n\n ### requestid (required)\n JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n ### publickey (required)\n Public key\n\n ### authorization (required)\n JWT\n\n | **Returns** |\n |-------------------------------------------|\n\n Response give list of message gateways info\n",
"tags": [
"MSG Gateway"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "authorization",
"in": "header",
"description": "JWT Access Token / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"description": "\n```\n{\n \"tenantId\": \"string\",\n \"communityId\": \"string\"\n}\n```\n\nIMPORTANT - you can send unencrypted data and you will get unecrypted data as well, it is only a preview available in Swagger\n",
"required": true,
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/GetMsgGatewayRequest"
}
}
}
},
"responses": {
"200": {
"description": "Success",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/GetMsgGatewayResponse"
}
}
}
},
"400": {
"description": "Validation data error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ValidationError"
}
}
}
},
"401": {
"description": "Unauthorized"
},
"500": {
"description": "Internal Server Error"
}
}
}
},
"/msg_gateway/fetch/{id}": {
"post": {
"summary": "Get message gateway configs by id",
"description": "Get message gateway configs.
\nThis endpoint must be accessed by an administrator
\n\n | **Headers** |\n |----------------------------------------------|\n\n ### requestid (required)\n JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n ### publickey (required)\n Public key\n\n ### authorization (required)\n JWT\n\n | **Returns** |\n |-------------------------------------------|\n\n Response give list of message gateways info\n",
"tags": [
"MSG Gateway"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"name": "id",
"in": "path",
"description": "id of gateway;",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'id' fields"
}
},
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "authorization",
"in": "header",
"description": "JWT Access Token / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"description": "\n```\n{\n \"tenantId\": \"string\",\n \"communityId\": \"string\"\n}\n```\n\nIMPORTANT - you can send unencrypted data and you will get unecrypted data as well, it is only a preview available in Swagger\n",
"required": true,
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/GetMsgGatewayRequest"
}
}
}
},
"responses": {
"200": {
"description": "Success",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/GetMsgGatewayResponse"
}
}
}
},
"400": {
"description": "Validation data error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ValidationError"
}
}
}
},
"401": {
"description": "Unauthorized"
},
"500": {
"description": "Internal Server Error"
}
}
}
},
"/msg_gateway/create": {
"post": {
"summary": "Create message gateway configs",
"description": "Create message gateway configs.
\nThis endpoint must be accessed by an administrator
\n\n | **Headers** |\n |----------------------------------------------|\n\n ### requestid (required)\n JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n ### publickey (required)\n Public key\n\n ### authorization (required)\n JWT\n\n | **Returns** |\n |-------------------------------------------|\n\n Response give created message gateway id and status\n",
"tags": [
"MSG Gateway"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "authorization",
"in": "header",
"description": "JWT Access Token / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"description": "\nfor type **email**:\n```\n{\n \"tenantId\": \"required string\",\n \"communityId\": \"required string\",\n \"type\": \"required string\",\n \"channels\": [\"email\"],\n \"protocol\": \"smtp\",\n \"auth\": \"true\",\n \"name\": \"Default Email Gateway\",\n \"username\": \"required string\",\n \"password\": \"required string\",\n \"serviceUrl\": \"required string\",\n \"senderEmail\": \"required string\",\n \"port\": \"465\",\n \"awsRegion\" : \"required string for aws gateway\"\n}\n```\n\nfor type **sms**:\n```\n{\n \"tenantId\": \"required string\",\n \"communityId\": \"required string\",\n \"type\": \"required string\",\n \"channels\": [\"sms\"],\n \"auth\": \"true\",\n \"name\": \"Default SMS Gateway\",\n \"username\": \"required string\",\n \"password\": \"required string\",\n \"serviceUrl\": \"required string\",\n \"senderPhone\": \"required string\",\n \"smstemplateid\": \"required string\",\n \"entityId\": \"required string\",\n \"authTokenRequestUrl\": \"required string for Coalesce gateway\",\n \"authClientId\": \"required string for Coalesce gateway\",\n \"authClientSecret\":\"required string for Coalesce gateway\",\n \"authGrantType\":\"required string for Coalesce gateway\",\n \"authScope\":\"required string for Coalesce gateway\",\n \"principalEntityId\": \"required string for Gupshup gateway\",\n \"dltTemplateId\": \"required string for Gupshup gateway\",\n \"awsRegion\" : \"required string for aws gateway\",\n \"appCategory\" : \"required string for sandesh gateway\",\n \"gstFlag\" : \"required string for sandesh gateway\",\n \"msgType\" : \"required string for sandesh gateway\"\n}\n```\n\nfor type **voice**:\n```\n{\n \"tenantId\": \"required string\",\n \"communityId\": \"required string\",\n \"type\": \"required string\",\n \"channels\": [\"voice\"],\n \"auth\": \"true\",\n \"name\": \"Default Voice Gateway\",\n \"username\": \"required string\",\n \"password\": \"required string\",\n \"serviceUrl\": \"required string\",\n \"senderPhone\": \"required string\"\n}\n```\n\nIMPORTANT - you can send unencrypted data and you will get unecrypted data as well, it is only a preview available in Swagger\n",
"required": true,
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/CreateMsgGatewayRequest"
}
}
}
},
"responses": {
"200": {
"description": "Success",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/CreateMsgGatewayResponse"
}
}
}
},
"400": {
"description": "Validation data error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ValidationError"
}
}
}
},
"401": {
"description": "Unauthorized"
},
"500": {
"description": "Internal Server Error"
}
}
}
},
"/msg_gateway": {
"delete": {
"summary": "Delete message gateway configs",
"description": "Delete message gateway configs.
\nThis endpoint must be accessed by an administrator
\n\n | **Headers** |\n |----------------------------------------------|\n\n ### requestid (required)\n JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n ### publickey (required)\n Public key\n\n ### authorization (required)\n JWT\n\n | **Returns** |\n |-------------------------------------------|\n\n 204 No Content\n",
"tags": [
"MSG Gateway"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "authorization",
"in": "header",
"description": "JWT Access Token / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"description": "```\n{\n \"tenantId\": \"required string\",\n \"communityId\": \"required string\",\n \"gatewayId\": \"required string\"\n}\n```\nIMPORTANT - you can send unencrypted data, it is only available in Swagger\n",
"required": true,
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/DeleteMsgGatewayRequest"
}
}
}
},
"responses": {
"204": {
"description": "Success"
},
"400": {
"description": "Validation data error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ValidationError"
}
}
}
},
"401": {
"description": "Unauthorized"
},
"500": {
"description": "Internal Server Error"
}
}
}
},
"/msg_gateway/update": {
"post": {
"summary": "Update message gateway configs",
"description": "Update message gateway configs.
\nThis endpoint must be accessed by an administrator
\n\n | **Headers** |\n |----------------------------------------------|\n\n ### requestid (required)\n JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n ### publickey (required)\n Public key\n\n ### authorization (required)\n JWT\n\n | **Returns** |\n |-------------------------------------------|\n\n Response give created message gateway id and status\n",
"tags": [
"MSG Gateway"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "authorization",
"in": "header",
"description": "JWT Access Token / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"description": "\nfor type **email**:\n```\n{\n \"id\": \"required string\",\n \"tenantId\": \"required string\",\n \"communityId\": \"required string\",\n \"type\": \"required string\",\n \"channels\": [\"email\"],\n \"protocol\": \"smtp\",\n \"auth\": \"true\",\n \"name\": \"Default Email Gateway\",\n \"username\": \"required string\",\n \"password\": \"required string\",\n \"serviceUrl\": \"required string\",\n \"senderEmail\": \"required string\",\n \"port\": \"465\",\n \"awsRegion\" : \"required string for aws gateway\"\n}\n```\n\nfor type **sms**:\n```\n{\n \"id\": \"required string\",\n \"tenantId\": \"required string\",\n \"communityId\": \"required string\",\n \"type\": \"required string\",\n \"channels\": [\"sms\"],\n \"name\": \"Default SMS Gateway\",\n \"username\": \"required string\",\n \"password\": \"required string\",\n \"serviceUrl\": \"required string\",\n \"senderPhone\": \"required string\",\n \"otpDelimiter\": \"optional string\",\n \"timeoutValue\": \"optional number\",\n \"smstemplateid\": \"required string\"\n \"entityId\": \"required string\",\n \"authTokenRequestUrl\": \"required string for Coalesce gateway\",\n \"authClientId\": \"required string for Coalesce gateway\",\n \"authClientSecret\":\"required string for Coalesce gateway\",\n \"authGrantType\":\"required string for Coalesce gateway\",\n \"authScope\":\"required string for Coalesce gateway\",\n \"smstemplateid\": \"required string\",\n \"principalEntityId\": \"required string for Gupshup gateway\",\n \"dltTemplateId\": \"required string for Gupshup gateway\",\n \"awsRegion\" : \"required string for aws gateway\",\n \"appCategory\" : \"required string for sandesh gateway\",\n \"gstFlag\" : \"required string for sandesh gateway\",\n \"msgType\" : \"required string for sandesh gateway\"\n}\n```\n\nfor type **voice**:\n```\n{\n \"id\": \"required string\",\n \"tenantId\": \"required string\",\n \"communityId\": \"required string\",\n \"type\": \"required string\",\n \"channels\": [\"voice\"],\n \"auth\": \"true\",\n \"name\": \"Default Voice Gateway\",\n \"username\": \"required string\",\n \"password\": \"required string\",\n \"serviceUrl\": \"required string\",\n \"senderPhone\": \"required string\",\n \"otpDelimiter\": \"optional string\",\n \"timeoutValue\": \"optional number\"\n}\n```\n\nIMPORTANT - you can send unencrypted data and you will get unecrypted data as well, it is only a preview available in Swagger\n",
"required": true,
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/UpdateMsgGatewayRequest"
}
}
}
},
"responses": {
"200": {
"description": "Success",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/UpdateMsgGatewayResponse"
}
}
}
},
"400": {
"description": "Validation data error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ValidationError"
}
}
}
},
"401": {
"description": "Unauthorized"
},
"500": {
"description": "Internal Server Error"
}
}
}
},
"/logout": {
"get": {
"summary": "Logout current user",
"description": "Logout currently logged in user user and remove session
\nThis endpoint can be called only by logged in user.\n\n| **Headers** |\n|----------------------------------------------|\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n### authorization (required)\nJWT\n\n| **Returns** |\n|-------------------------------------------|\n\nStatus NO_CONTENT\n",
"tags": [
"Authenticate"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "authorization",
"in": "header",
"description": "JWT Access Token / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"responses": {
"204": {
"description": "Successfully logged out
\n"
},
"400": {
"description": "Invalid request"
},
"401": {
"description": "Unauthorized"
},
"500": {
"description": "Internal Server Error"
}
}
}
},
"/loginsessions/user/other": {
"delete": {
"summary": "Delete user\u2019s other sessions (keeps current session active).",
"description": "Allows user terminates all the other active sessions
\n| **Headers** |\n|----------------------------------------------|\n\n ### requestid (required)\n JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n ### publickey (required)\n Public key\n\n ### authorization (required)\n JWT\n\n\n | **Request Body** |\n |----------------------------------------------|\n\n\n ### username (required)\n username : string\n\n ### moduleId (required)\n moduleId : string\n\n | **Returns** |\n |-------------------------------------------|\n\n - Nothing to return\n - Throws an error if something goes wrong.\n",
"tags": [
"Login sessions"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "authorization",
"in": "header",
"description": "JWT Access Token / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"responses": {
"204": {
"description": "No Content"
},
"401": {
"description": "Unauthorized"
},
"500": {
"description": "Internal Server Error"
}
}
}
},
"/loginsessions/admin/user/all": {
"delete": {
"summary": "Delete user's all active sessions.",
"description": "Allows Administrator with necessary permissions to delete all existing sessions for the specified user.
\n| **Headers** |\n|----------------------------------------------|\n\n ### requestid (required)\n JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n ### publickey (required)\n Public key\n\n ### authorization (required)\n JWT\n\n | **Returns** |\n |-------------------------------------------|\n- Nothing to return\n- Throws an error if something goes wrong.\n",
"tags": [
"Login sessions"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "authorization",
"in": "header",
"description": "JWT Access Token / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"required": true,
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/DeleteUserSesssionsRequest"
}
}
}
},
"responses": {
"204": {
"description": "No Content"
},
"400": {
"description": "Validation data error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ValidationError"
}
}
}
},
"401": {
"description": "Unauthorized"
},
"404": {
"description": "Not found"
},
"500": {
"description": "Internal Server Error"
}
}
}
},
"/tenant/{tenantId}/community/{communityId}/request_access_with_kerberos": {
"get": {
"summary": "Authenticate with kerberos",
"description": "authenticate user with kerberos.
\n:: Note for website ::
\n+ Default request body is {data: ecdsa_string}
\n\n\n| **Headers** |\n|----------------------------------------------|\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n### authorization (required)\nNegotiate {ktoken}\n\n### x-jwt-token (optional, for reauthentication)\nBearer {ktoken}\n\n| **Returns** |\n|-------------------------------------------|\n\nThis API throw an error if something goes wrong.\n",
"tags": [
"Authenticate"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"ktokenAuth": []
},
{
"jwtHeaderAuth": []
}
],
"parameters": [
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "authorization",
"in": "header",
"description": "JWT Access Token / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "tenantId",
"in": "path",
"description": "Tenant Id",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "communityId",
"in": "path",
"description": "Community Id",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "reauthentication",
"in": "query",
"description": "boolean indicating whether this is a reauthentication attempt (should also include x-jwt-token header if true)",
"required": false,
"schema": {
"type": "string"
}
}
],
"responses": {
"400": {
"description": "Invalid request"
},
"401": {
"description": "Unauthorized optionally with Authorization Negotiate header"
},
"500": {
"description": "Internal Server Error"
}
}
}
},
"/jwt/verifyToken": {
"post": {
"description": "Verify JWT token\nAnybody can use this endpoint\nThis endpoint also checks if user has active login session, if user exists, is not disabled and is active, otherwise it destroys all user login sessions\n\n| **Headers** |\n|----------------------------------------------|\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n| **Request Body** |\n|----------------------------------------------|\n\n### token (required)\ntoken : string\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns a decoded token value.\n",
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"license": []
}
],
"parameters": [
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"tags": [
"JWT"
],
"requestBody": {
"description": "Request body contains 'data' field with encrypted object below:\n\nIMPORTANT - you can send unencrypted data and you will get unecrypted data as well, it is only a preview available in Swagger\n\n```\n{\n token: \"string required\"\n}\n```\n",
"required": true,
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/JwtVerifyTokenRequest"
}
}
}
},
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/JwtVerifyTokenResponse"
}
}
}
},
"401": {
"description": "Invalid / Expired Token."
}
}
}
},
"/instance_config/self_registration_config": {
"put": {
"summary": "Set Instance Self Registration config",
"description": "Create or update Instance Self Registration config.
\nThis endpoint must be accessed by an super admin.
\n:: Note for website ::
\n+ Default request body is {data: ecdsa_string}
\n\n| **Headers** |\n|----------------------------------------------|\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n### authorization (required)\nJWT\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns object with public key and encrypted data containing Self Registration Config\n",
"tags": [
"Instance Config"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"license": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "authorization",
"in": "header",
"description": "JWT Access Token / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"description": "Request body contains 'data' field with encrypted object below:\n\nIMPORTANT - you can send unencrypted data and you will get unecrypted data as well, it is only a preview available in Swagger\n\n```\n{\n allowed: \"boolean required\"\n}\n```\n",
"required": true,
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/SetInstanceSelfRegistrationConfigRequest"
}
}
}
},
"responses": {
"200": {
"description": "Success",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/SelfRegistrationConfigResponse"
}
}
}
},
"400": {
"description": "Validation data error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ValidationError"
}
}
}
},
"401": {
"description": "Unauthorized"
},
"500": {
"description": "Internal Server Error"
}
}
},
"get": {
"summary": "Get Instance Self Registration config",
"description": "Fetch Instance Self Registration config.
\nThis endpoint must be accessed by an super admin.
\n:: Note for website ::
\n+ Default request body is {data: ecdsa_string}
\n\n| **Headers** |\n|----------------------------------------------|\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n### authorization (required)\nJWT\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns object with public key and encrypted data containing Self Registration Config\n",
"tags": [
"Instance Config"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"license": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "authorization",
"in": "header",
"description": "JWT Access Token / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"responses": {
"200": {
"description": "Success",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/SelfRegistrationConfigResponse"
}
}
}
},
"401": {
"description": "Unauthorized"
},
"500": {
"description": "Internal Server Error"
}
}
}
},
"/image/upload": {
"post": {
"summary": "Upload Image",
"description": "Upload Image
\nThis endpoint must be accessed by an administrator
\n\n | **Headers** |\n |----------------------------------------------|\n\n ### requestid (required)\n JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n ### publickey (required)\n Public key\n\n ### authorization (required)\n JWT\n\n | **Returns** |\n |-------------------------------------------|\n\n Returns object with url of the image\n",
"tags": [
"Image"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "authorization",
"in": "header",
"description": "JWT Access Token / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"content": {
"multipart/form-data": {
"schema": {
"$ref": "#/components/schemas/UploadImageRequest"
}
}
}
},
"responses": {
"200": {
"description": "Success\n\nThe publicKey of WebServer API used in decrypting\n\nResponse body contains *data* field with encrypted object below:\n\n```\n{\n \"url\": \"image url - string\",\n}\n```\n\nIMPORTANT - you can send unencrypted data and you will get unecrypted data as well, it is only a preview available in Swagger\n",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/UploadImageResponse"
}
}
}
},
"400": {
"description": "Validation data error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ValidationError"
}
}
}
},
"401": {
"description": "Unauthorized"
},
"500": {
"description": "Internal Server Error"
}
}
}
},
"/idproofing/session/create": {
"put": {
"summary": "Create ID Proofing Session",
"description": "Create an Id Proofing session to verify identity to reset password.
\nThis endpoint must be accessed by an all users
\n\n | **Headers** |\n |----------------------------------------------|\n\n ### requestid (required)\n JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n ### publickey (required)\n Public key\n\n | **Returns** |\n |-------------------------------------------|\n\n Returns object with user_token\n",
"tags": [
"Idproofing Session"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
}
],
"parameters": [
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"description": "Request body contains 'data' field with encrypted object below:\n ```\n {\n tenantId: xxxxxx, // required\n communityId: xxxxxx, // required\n destinationHash: \"xxxxxxxxxx\", // hash of email or phone number required\n destinationChannel: \"email\" // or \"sms\" required\n user_token: \"xxxxxxxxxx\", // encrypted user token required\n captchaToken: \"xxxxxxxxxx\", // captcha token optional\n license: \"xxxxxxxx-xxxx\" // license optional\n }\n ```\nIMPORTANT - you can send unencrypted data and you will get unecrypted data as well, it is only a preview available in Swagger\n",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/CreateIdProofingSessionRequest"
}
}
}
},
"responses": {
"200": {
"description": "Success\n\nThe publicKey of WebServer API used in decrypting\n\nResponse body contains *data* field with encrypted object below:\n\n```\n{\n \"sessionId\": \"sessionId\", // id of the session\n \"user_token\": \"xxxxxxxxxx\", // encrypted user token\n}\n```\n\nIMPORTANT - you can send unencrypted data and you will get unecrypted data as well, it is only a preview available in Swagger\n",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/CreateIdProofingSessionResponse"
}
}
}
},
"400": {
"description": "Validation data error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ValidationError"
}
}
}
},
"401": {
"description": "Unauthorized"
},
"500": {
"description": "Internal Server Error"
}
}
}
},
"/idproofing/session/{sessionId}/poll": {
"post": {
"summary": "Poll ID Proofing Session",
"description": "This endpoint will poll the idproofing session result and return the success/fail status.
\nThis endpoint must be accessed by an all users
\n\n | **Headers** |\n |----------------------------------------------|\n\n ### requestid (required)\n JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n ### publickey (required)\n Public key\n\n | **Returns** |\n |-------------------------------------------|\n\n Returns object with user_token\n",
"tags": [
"Idproofing Session"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
}
],
"parameters": [
{
"name": "sessionId",
"in": "path",
"description": "ID of the Id Proofing session",
"required": true,
"schema": {
"type": "string",
"example": "xxxxxxxxxxxxxxx-xxx-xxxxx"
}
},
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"description": "Request body contains 'data' field with encrypted object below:\n ```\n {\n tenantId: xxxxxx,\n communityId: xxxxxx,\n user_token: \"xxxxxxxxxx\" // encrypted user token\n }\n ```\nIMPORTANT - you can send unencrypted data and you will get unecrypted data as well, it is only a preview available in Swagger\n",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/PollIdProofingSessionRequest"
}
}
}
},
"responses": {
"200": {
"description": "Success\n\nThe publicKey of WebServer API used in decrypting\n\nResponse body contains *data* field with encrypted object below:\n\n```\n{\n \"username\": \"username\", // username of the user\n \"user_token\": \"xxxxxxxxxx\", // encrypted user token\n}\n```\n\nIMPORTANT - you can send unencrypted data and you will get unecrypted data as well, it is only a preview available in Swagger\n",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/PollIdProofingSessionResponse"
}
}
}
},
"400": {
"description": "Validation data error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ValidationError"
}
}
}
},
"401": {
"description": "Unauthorized"
},
"500": {
"description": "Internal Server Error"
}
}
}
},
"/idp": {
"put": {
"summary": "Create Identity Provider",
"description": "Create Identity Provider.
\nThis endpoint must be accessed by an administrator.
\nOnly one type of config can be created for one community. You can't create two configs with type=\"oidc\" for one community.\n:: Note for website ::
\n+ Default request body is {data: ecdsa_string}
\n\n| **Headers** |\n|----------------------------------------------|\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n### authorization (required)\nJWT\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns object with public key and encrypted data containing identity provider\n",
"tags": [
"Identity Providers"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "authorization",
"in": "header",
"description": "JWT Access Token / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"description": "Request body contains 'data' field with encrypted object below:\n```\n{\n tenantId: xxxxxx,\n communityId: xxxxxx,\n type: \"oidc\",\n oidc_config: \"object, required\":\n {\n name: \"string required\",\n description: \"string required\",\n scopes: [\n {\n name: \"string required\",\n display_name: \"string required\",\n consent_required: \"boolean required\"\n claims: [\n {\n claim_name: \"string required\",\n attribute_name: \"string required\"\n attribute_type: \"string required - one of 'session', 'ledger', 'identity'\"\n value_type: \"string required - one of 'static', 'default', 'null'\"\n value: \"string required if value_type is not 'static' or 'default'\"\n }\n ]\n }\n ]\n }\n}\n```\nIMPORTANT - you can send unencrypted data and you will get unecrypted data as well, it is only a preview available in Swagger\n",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/CreateIdpObjectRequest"
}
}
}
},
"responses": {
"200": {
"description": "SUCCESS\n\nIMPORTANT - Unencrypted response is only available in Swagger\n\nIn real application, you will get data as follow:\n```\n{\n \"data\": \"\",\n \"publicKey\": \"\"\n}\n```\n",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/IdpObjectResponse"
}
}
}
},
"400": {
"description": "Validation data error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ValidationError"
}
}
}
},
"401": {
"description": "Unauthorized"
}
}
}
},
"/idp/{id}": {
"patch": {
"summary": "Update Identity Provider",
"description": "Update Identity Provider.
\nThis endpoint must be accessed by an administrator.
\nOnly one type of config can exist for one community. You can't have two configs with type=\"oidc\" for one community.\n:: Note for website ::
\n+ Default request body is {data: ecdsa_string}
\n\n| **Headers** |\n|----------------------------------------------|\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n### authorization (required)\nJWT\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns object with public key and encrypted data containing updated identity provider\n",
"tags": [
"Identity Providers"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"name": "id",
"in": "path",
"description": "Mongo objectId of identity provider to update",
"required": true,
"schema": {
"type": "string",
"example": "xxxxxxxxx"
}
},
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "authorization",
"in": "header",
"description": "JWT Access Token / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"description": "Request body contains 'data' field with encrypted object below:\n```\n{\n tenantId: xxxxxx,\n communityId: xxxxxx,\n type: \"oidc\",\n oidc_config: \"object, required\":\n {\n name: \"string required\",\n description: \"string required\",\n scopes: [\n {\n name: \"string required\",\n display_name: \"string required\",\n consent_required: \"boolean required\"\n claims: [\n {\n claim_name: \"string required\",\n attribute_name: \"string required\"\n attribute_type: \"string required - one of 'session', 'ledger', 'identity'\"\n value_type: \"string required - one of 'static', 'default', 'null'\"\n value: \"string required if value_type is not 'static' or 'default'\"\n }\n ]\n }\n ]\n }\n}\n```\nIMPORTANT - you can send unencrypted data and you will get unecrypted data as well, it is only a preview available in Swagger\n",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/CreateIdpObjectRequest"
}
}
}
},
"responses": {
"200": {
"description": "SUCCESS\n\nIMPORTANT - Unencrypted response is only available in Swagger\n\nIn real application, you will get data as follow:\n```\n{\n \"data\": \"\",\n \"publicKey\": \"\"\n}\n```\n",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/IdpObjectResponse"
}
}
}
},
"400": {
"description": "Validation data error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ValidationError"
}
}
}
},
"401": {
"description": "Unauthorized"
}
}
},
"delete": {
"summary": "Delete Identity Provider",
"description": "Delete Identity Provider.
\nThis endpoint must be accessed by an administrator.
\n:: Note for website ::
\n+ Default request body is {data: ecdsa_string}
\n\n| **Headers** |\n|----------------------------------------------|\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n### authorization (required)\nJWT\n\n| **Returns** |\n|-------------------------------------------|\n\nNothing to return\n",
"tags": [
"Identity Providers"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"name": "id",
"in": "path",
"description": "Mongo objectId of identity provider to delete",
"required": true,
"schema": {
"type": "string",
"example": "xxxxxxxxx"
}
},
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "authorization",
"in": "header",
"description": "JWT Access Token / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"description": "Request body contains 'data' field with encrypted object below:\n```\n{\n tenantId: xxxxxx,\n communityId: xxxxxx\n}\n```\nIMPORTANT - you can send unencrypted data and you will get unecrypted data as well, it is only a preview available in Swagger\n",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/DeleteIdpObjectRequest"
}
}
}
},
"responses": {
"204": {
"description": "SUCCESS\n\nNo Content\n"
},
"400": {
"description": "Validation data error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ValidationError"
}
}
}
},
"401": {
"description": "Unauthorized"
}
}
}
},
"/idp/fetch": {
"post": {
"summary": "Fetch Identity Providers",
"description": "Fetch Identity Providers.
\nThis endpoint must be accessed by an administrator.
\nIf identity provider for this tenant/community doesn't exist, then default one is created and returned here.\n:: Note for website ::
\n+ Default request body is {data: ecdsa_string}
\n\n| **Headers** |\n|----------------------------------------------|\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n### authorization (required)\nJWT\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns object with public key and encrypted data containing identity providers' array\n",
"tags": [
"Identity Providers"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "authorization",
"in": "header",
"description": "JWT Access Token / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"description": "Request body contains 'data' field with encrypted object below:\n```\n{\n tenantId: xxxxxx,\n communityId: xxxxxx,\n id: xxxxxx,\n type: xxxxxx,\n}\n```\nIMPORTANT - you can send unencrypted data and you will get unecrypted data as well, it is only a preview available in Swagger\n",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/FetchIdpObjectRequest"
}
}
}
},
"responses": {
"200": {
"description": "SUCCESS\n\nIMPORTANT - Unencrypted response is only available in Swagger\n\nIn real application, you will get data as follow:\n```\n{\n \"data\": \"\",\n \"publicKey\": \"\"\n}\n```\n",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/IdpObjectArrayResponse"
}
}
}
},
"400": {
"description": "Validation data error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ValidationError"
}
}
}
},
"401": {
"description": "Unauthorized"
}
}
}
},
"/identity_enroll/session/create": {
"put": {
"summary": "Create new session for identity enrollment",
"description": "Create new session for identity enrollment.
\nThis endpoint must be accessed by logged in user with wallet
\n\n | **Headers** |\n |----------------------------------------------|\n\n ### requestid (required)\n JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n ### publickey (required)\n Public key\n\n ### authorization (required)\n JWT\n\n | **Returns** |\n |-------------------------------------------|\n\n Response gives necessary session info for retrieving session response\n",
"tags": [
"Identity Enroll"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "authorization",
"in": "header",
"description": "JWT Access Token / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"description": "Request body contains *data* field with encrypted object below:\n\n```\n{\n \"smsTo\": \"required string\",\n \"smsISDCode\": \"required string\",\n \"documentType\": \"dl_object\"\n}\n```\n\nIMPORTANT - you can send unencrypted data and you will get unecrypted data as well, it is only a preview available in Swagger\n",
"required": true,
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/CreateIdentityEnrollSessionRequest"
}
}
}
},
"responses": {
"201": {
"description": "Success",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/CreateIdentityEnrollSessionResponse"
}
}
}
},
"400": {
"description": "Validation data error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ValidationError"
}
}
}
},
"401": {
"description": "Unauthorized"
},
"500": {
"description": "Internal Server Error"
}
}
}
},
"/identity_enroll/session/{sessionId}/poll": {
"post": {
"summary": "Enroll Driver License and LiveId from docuverify-authenticID session",
"description": "Enroll Driver License and LiveId from docuverify-authenticID session.
\nThis endpoint can be accessed by any logged user with loaded wallet.
\n:: Note for website ::
\n+ Default request body is {data: ecdsa_string}
\n\n| **Headers** |\n|----------------------------------------------|\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n### authorization (required)\nJWT\n\n| **Path Parameters** |\n|----------------------------------------------|\n\n### sessionId (required)\nSessionId from authenticID\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns ECDSA encoded liveid_object and dl_object\n",
"tags": [
"Identity Enroll"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"name": "sessionId",
"in": "path",
"description": "authenticID sessionId",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "authorization",
"in": "header",
"description": "JWT Access Token / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"responses": {
"200": {
"description": "Success\n\npublicKey is publicKey of Adminapi, useful for decryption response\n\ndata is ECDSA encrypted object represents liveid object and dl object:\n```\n{\n \"dl\": { // full dl object },\n \"liveid\": { // full liveid object },\n \"ial\": \"ial\" // new ial level after liveid enrollment\n}\n```\n",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/EcdsaEncryptDecryptResponse"
}
}
}
},
"400": {
"description": "Bad Request"
},
"401": {
"description": "Unauthorized"
},
"404": {
"description": "Not Found"
}
}
}
},
"/identity_enroll/dl_validate": {
"post": {
"summary": "Validate dl with AAMVA connector",
"description": "Validate dl with AAMVA connector.
\nThis endpoint can be accessed by any logged user with loaded wallet.
\n:: Note for website ::
\n+ Default request body is {data: ecdsa_string}
\n\n| **Headers** |\n|----------------------------------------------|\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n### authorization (required)\nJWT\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns ECDSA encoded AAMVA response with verification status\n",
"tags": [
"Identity Enroll"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "authorization",
"in": "header",
"description": "JWT Access Token / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"description": "Request body contains *data* field with encrypted object below:\n\n```\n{\n \"dl\": {} // full dl_object\n}\n```\n\nIMPORTANT - you can send unencrypted data and you will get unecrypted data as well, it is only a preview available in Swagger\n",
"required": true,
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/VerifyDlRequest"
}
}
}
},
"responses": {
"200": {
"description": "Success\n\npublicKey is publicKey of Adminapi, useful for decryption response\n\ndata is ECDSA encrypted object represents verified status and aamva response:\n```\n{\n \"verified\": \"boolean\",\n \"aamva_response\": {\n \"docId\": \"DLDVSTRUCTUREDTEST12\",\n \"docType\": \"dl\",\n \"certifications\": [\n {\n \"docType\": \"dl\",\n \"docId\": \"DLDVSTRUCTUREDTEST12\",\n \"type\": \"aamva\",\n \"authority\": \"aamva\",\n \"ts\": 1651752506,\n \"verified\": true,\n \"result\": {\n \"dl_number_matched\": \"boolean\",\n \"dob_match\": \"boolean\",\n \"last_name_exact_match\": \"boolean\",\n \"last_name_fuzzy_match\": \"boolean\",\n \"first_name_exact_match\": \"boolean\",\n \"first_name_fuzzy_match\": \"boolean\",\n \"middle_name_exact_match\": \"boolean\",\n \"middle_name_fuzzy_match\": \"boolean\",\n \"person_suffix_match\": \"boolean\",\n \"doc_category_match\": \"boolean\",\n \"doi_match\": \"boolean\",\n \"doe_match\": \"boolean\",\n \"person_sex_match\": \"boolean\",\n \"person_height_match\": \"boolean\",\n \"person_eye_color_match\": \"boolean\",\n \"city_match\": \"boolean\",\n \"state_match\": \"boolean\",\n \"zip_match\": \"boolean\"\n },\n \"metadata\": {\n \"s:Envelope\": {\n \"xmlns:a\": \"http://www.w3.org/2005/08/addressing\",\n \"xmlns:s\": \"http://www.w3.org/2003/05/soap-envelope\",\n \"s:Body\": {\n \"xmlns:xsd\": \"http://www.w3.org/2001/XMLSchema\",\n \"xmlns:xsi\": \"http://www.w3.org/2001/XMLSchema-instance\",\n \"VerifyDriverLicenseDataResponse\": {\n \"xmlns\": \"http://aamva.org/dldv/wsdl/2.1\",\n \"VerifyDriverLicenseDataResult\": {\n \"PersonNameSuffixMatchIndicator\": {\n \"xmlns\": \"http://aamva.org/niem/extensions/1.0\",\n \"content\": \"boolean\"\n },\n \"ControlData\": {\n \"xmlns\": \"http://aamva.org/niem/extensions/1.0\",\n \"MessageAddress\": {\n \"MessageOriginatorId\": \"P6\",\n \"TransactionLocatorId\": 347547659039083300,\n \"MessageDestinationId\": \"KOS\"\n }\n },\n \"DriverLicenseExpirationDateMatchIndicator\": {\n \"xmlns\": \"http://aamva.org/niem/extensions/1.0\",\n \"content\": \"boolean\"\n },\n \"PersonFirstNameExactMatchIndicator\": {\n \"xmlns\": \"http://aamva.org/niem/extensions/1.0\",\n \"content\": \"boolean\"\n },\n \"AddressCityMatchIndicator\": {\n \"xmlns\": \"http://aamva.org/niem/extensions/1.0\",\n \"content\": \"boolean\"\n },\n \"PersonHeightMatchIndicator\": {\n \"xmlns\": \"http://aamva.org/niem/extensions/1.0\",\n \"content\": \"boolean\"\n },\n \"PersonLastNameExactMatchIndicator\": {\n \"xmlns\": \"http://aamva.org/niem/extensions/1.0\",\n \"content\": \"boolean\"\n },\n \"DriverLicenseNumberMatchIndicator\": {\n \"xmlns\": \"http://aamva.org/niem/extensions/1.0\",\n \"content\": \"boolean\"\n },\n \"PersonFirstNameFuzzyAlternateMatchIndicator\": {\n \"xmlns\": \"http://aamva.org/niem/extensions/1.0\",\n \"content\": \"boolean\"\n },\n \"DocumentCategoryMatchIndicator\": {\n \"xmlns\": \"http://aamva.org/niem/extensions/1.0\",\n \"content\": \"boolean\"\n },\n \"AddressStateCodeMatchIndicator\": {\n \"xmlns\": \"http://aamva.org/niem/extensions/1.0\",\n \"content\": \"boolean\"\n },\n \"AddressLine1MatchIndicator\": {\n \"xmlns\": \"http://aamva.org/niem/extensions/1.0\",\n \"content\": \"boolean\"\n },\n \"AddressZIP5MatchIndicator\": {\n \"xmlns\": \"http://aamva.org/niem/extensions/1.0\",\n \"content\": \"boolean\"\n },\n \"DriverLicenseIssueDateMatchIndicator\": {\n \"xmlns\": \"http://aamva.org/niem/extensions/1.0\",\n \"content\": \"boolean\"\n },\n \"PersonSexCodeMatchIndicator\": {\n \"xmlns\": \"http://aamva.org/niem/extensions/1.0\",\n \"content\": \"boolean\"\n },\n \"PersonLastNameFuzzyPrimaryMatchIndicator\": {\n \"xmlns\": \"http://aamva.org/niem/extensions/1.0\",\n \"content\": \"boolean\"\n },\n \"PersonLastNameFuzzyAlternateMatchIndicator\": {\n \"xmlns\": \"http://aamva.org/niem/extensions/1.0\",\n \"content\": \"boolean\"\n },\n \"PersonBirthDateMatchIndicator\": {\n \"xmlns\": \"http://aamva.org/niem/extensions/1.0\",\n \"content\": \"boolean\"\n },\n \"PersonEyeColorMatchIndicator\": {\n \"xmlns\": \"http://aamva.org/niem/extensions/1.0\",\n \"content\": \"boolean\"\n },\n \"PersonFirstNameFuzzyPrimaryMatchIndicator\": {\n \"xmlns\": \"http://aamva.org/niem/extensions/1.0\",\n \"content\": \"boolean\"\n }\n }\n }\n },\n \"s:Header\": {\n \"a:Action\": {\n \"s:mustUnderstand\": 1,\n \"content\": \"http://aamva.org/dldv/wsdl/2.1/IDLDVService21/VerifyDriverLicenseDataResponse\"\n },\n \"a:MessageID\": \"uuid:2205051208270001 1UNISG\"\n }\n }\n },\n \"token\": \"token\",\n \"fault\": null,\n \"reason\": null,\n \"error\": null\n }\n ]\n },\n \"proofs\": [\"proof1\", \"proof2\", \"etc\"],\n \"invalidState\": \"boolean/undefined\"\n}\n```\n",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/EcdsaEncryptDecryptResponse"
}
}
}
},
"400": {
"description": "Bad Request"
},
"401": {
"description": "Unauthorized"
}
}
}
},
"/identity_enroll/ssn_enroll": {
"post": {
"summary": "Enroll SSN",
"description": "Enroll SSN.
\nThis endpoint can be accessed by any logged user with loaded wallet.
\n:: Note for website ::
\n+ Default request body is {data: ecdsa_string}
\n\n| **Headers** |\n|----------------------------------------------|\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n### authorization (required)\nJWT\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns ECDSA encoded ssn_object\n",
"tags": [
"Identity Enroll"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "authorization",
"in": "header",
"description": "JWT Access Token / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/EnrollSSNRequest"
}
}
}
},
"responses": {
"200": {
"description": "Success\n\npublicKey is publicKey of Adminapi, useful for decryption response\n\ndata is ECDSA encrypted object represents enrolled ssn object:\n```\n{\n \"ssn_object\": {\n \"id\": \"id\",\n \"type\": \"ssn\",\n \"documentId\": \"id\",\n \"documentType\": \"SSN\",\n \"image\": \"dummy b64\",\n \"category\": \"identity_document\",\n \"ssn\": \"ssn_number\",\n \"proofedBy\": \"blockid\",\n \"firstName\": \"firstName\",\n \"middleName\": \"middleName\",\n \"lastName\": \"lastName\",\n \"dob\": \"yyyyMMdd\",\n \"doe\": \"yyyyMMdd\",\n \"face\": \"faceB64\",\n \"address\": \"\",\n \"street\": \"\",\n \"city\": \"\",\n \"state\": \"\",\n \"zipCode\": \"\",\n \"country\": \"\",\n \"phoneNumber\": \"phoneNumber\",\n \"email\": \"email\",\n \"doi\": \"yyyyMMdd\",\n \"verifiedScan\": true,\n \"certificate_token\": \"certificate_token\"\n },\n \"ial\": \"ial\" // new ial level after ssn enrollment\n}\n```\n",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/EcdsaEncryptDecryptResponse"
}
}
}
},
"400": {
"description": "Bad Request"
},
"401": {
"description": "Unauthorized"
}
}
}
},
"/identity_enroll/id_doc_enroll": {
"post": {
"summary": "Enroll identity document",
"description": "Enroll DL.
\nThis endpoint can be accessed by any logged user with loaded wallet.
\n:: Note for website ::
\n+ Default request body is {data: ecdsa_string}
\n\n| **Headers** |\n|----------------------------------------------|\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n### authorization (required)\nJWT\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns ECDSA encoded document object\n",
"tags": [
"Identity Enroll"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "authorization",
"in": "header",
"description": "JWT Access Token / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"description": "Request body contains *data* field with encrypted object below:\n\n```\n{\n \"doc\": \"full document object\",\n \"selfie\": \"full selfie/liveid object\",\n \"proofs\": \"array of strings (optional)\"\n}\n```\n\nIMPORTANT - you can send unencrypted data and you will get unecrypted data as well, it is only a preview available in Swagger\n",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/EnrollDocRequest"
}
}
}
},
"responses": {
"200": {
"description": "Success\n\npublicKey is publicKey of Adminapi, useful for decryption response\n\ndata is ECDSA encrypted object represents enrolled dl object:\n```\n{\n \"doc\": {}, // full document object\n \"ial\": \"ial\" // new ial level after dl enrollment\n}\n```\n",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/EcdsaEncryptDecryptResponse"
}
}
}
},
"400": {
"description": "Bad Request"
},
"401": {
"description": "Unauthorized"
}
}
}
},
"/identity_enroll/affidavit": {
"post": {
"summary": "Enroll affidavit document",
"description": "Enroll DL.
\nThis endpoint can be accessed by any logged user with loaded wallet.
\n:: Note for website ::
\n+ Default request body is {data: ecdsa_string}
\n\n| **Headers** |\n|----------------------------------------------|\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n### authorization (required)\nJWT\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns ECDSA encoded document object\n",
"tags": [
"Identity Enroll"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "authorization",
"in": "header",
"description": "JWT Access Token / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"description": "Request body contains *data* field with encrypted object below:\n\n```\n{\n \"doc\":{\n \"document_type\": \"required, one of [dl_affidavit, ppt_affidavit, ssn_affidavit]\",\n \"expiry\": \"required, date string in format YYYYMMDD\",\n \"document_number\": \"required, alphanumeric string\",\n \"username\":\"required, username we are adding affidavit for\"}\n \"moduleId\": \"required, moduleId of user\"\n },\n```\n\nIMPORTANT - you can send unencrypted data and you will get unecrypted data as well, it is only a preview available in Swagger\n",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/EnrollAffidavitRequest"
}
}
}
},
"responses": {
"200": {
"description": "Success\n\npublicKey is publicKey of Adminapi, useful for decryption response\n\ndata is ECDSA encrypted object represents enrolled dl object:\n```\n{\n \"doc\": {}, // full document object\n \"ial\": \"ial\" // new ial level after dl enrollment\n}\n```\n",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/EcdsaEncryptDecryptResponse"
}
}
}
},
"400": {
"description": "Bad Request"
},
"401": {
"description": "Unauthorized"
}
}
}
},
"/identity_enroll/remove_doc": {
"delete": {
"summary": "Un enroll document from identity wallet",
"description": "Remove enrolled document from wallet.
\nThis endpoint must be accessed by logged in user with wallet
\n\n | **Headers** |\n |----------------------------------------------|\n\n ### requestid (required)\n JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n ### publickey (required)\n Public key\n\n ### authorization (required)\n JWT\n\n | **Returns** |\n |-------------------------------------------|\n\n Response gives necessary session info for retrieving session response\n",
"tags": [
"Identity Enroll"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "authorization",
"in": "header",
"description": "JWT Access Token / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"description": "Request body contains *data* field with encrypted object below:\n\n```\n{\n \"docId\": \"required string\",\n \"docType\": \"required string\"\n}\n```\n\nIMPORTANT - you can send unencrypted data and you will get unecrypted data as well, it is only a preview available in Swagger\n",
"required": true,
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/UnEnrollDocumentRequest"
}
}
}
},
"responses": {
"204": {
"description": "No Content"
},
"400": {
"description": "Validation data error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ValidationError"
}
}
}
},
"401": {
"description": "Unauthorized"
},
"500": {
"description": "Internal Server Error"
}
}
}
},
"/helpdesk-passcode/generate": {
"post": {
"summary": "Generate Helpdesk Passcode",
"description": "Generate a one-time passcode for a user on behalf of helpdesk admin.
\nThis endpoint allows administrators with appropriate permissions to generate\ntemporary passcodes for users who need assistance accessing their accounts.
\nThe passcode is returned encrypted and is not sent to the user via email/SMS.\nThe admin provides the passcode to the user through other means (phone, in-person, etc.).
\n\n| **Headers** |\n|----------------------------------------------|\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds\n\n### publickey (required)\nPublic key for ECDSA encryption\n\n### authorization (required)\nBearer JWT token with 'user.helpdesk-passcode.generate' permission\n\n\n| **Request Body** |\n|----------------------------------------------|\n\n### userId (required)\nUser identifier (email or username) : string\n\n### communityId (required)\nCommunity ID (MongoDB ObjectId) : string\n\n### tenantId (required)\nTenant ID (MongoDB ObjectId) : string\n\n### validitySeconds (required)\nPasscode validity period in seconds (60-86400) : number\n\n### serviceName (required)\nService name (must be \"1KosmosHelpdeskAdminCode\") : string\n\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns encrypted passcode with expiration details.
\nThe response includes the generated passcode, validity period, and expiration timestamp.\n",
"tags": [
"Helpdesk"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "authorization",
"in": "header",
"description": "Bearer JWT token / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"type": "object",
"required": [
"data"
],
"properties": {
"data": {
"type": "string",
"description": "ECDSA encrypted request data",
"example": "encrypted_string_here"
}
}
}
}
}
},
"responses": {
"200": {
"description": "Success.
\nReturns encrypted passcode response.\n",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"data": {
"type": "string",
"description": "ECDSA encrypted response containing passcode details"
},
"publicKey": {
"type": "string",
"description": "Server's public key for decryption"
}
}
}
}
}
},
"400": {
"description": "Bad Request - Invalid data or fallback authentication not enabled"
},
"401": {
"description": "Unauthorized - Invalid or missing JWT token"
},
"403": {
"description": "Forbidden - User lacks required permission"
},
"429": {
"description": "Too Many Requests. User has exceeded the OTP rate limit.\nResponse includes retryAfterSeconds in the response body.\n"
},
"500": {
"description": "Internal Server Error"
}
}
}
},
"/healthz": {
"get": {
"summary": "Get healthz.",
"description": "Get healthz
\n\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns a healthz object\n - ```version = ..```
\n\n - ```git-tag```: When code is compiled from a git-tag, this must carry the tag name. This should match one of the git tags.\n - ```commit-id```: This is the git-commit-id. eg: When code is built from this, the hex code, in the end, is the commit it.\n - ```dob```: Date Of Build. This is epoc-time-in-se\tconds that tell the time when the build was created.\n - \u200bif the code is not built from a git-tag, then the ```version =\ufffc.```\n",
"tags": [
"Healthz"
],
"responses": {
"200": {
"description": "Success\n\n```\n{\n \"status\": \"all services operational\",\n \"publicKey\": \"string\" //same as /publickeys endpoint,\n \"code\": \"200\",\n \"version\": \"\" //as defined above\n}\n```\n",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/HealthzResponse"
}
}
}
}
}
}
},
"/hardwaretokens/fetch": {
"post": {
"summary": "Fetch all the Hardware tokens.",
"description": "To list all the hardware tokens
\nThis endpoint must be accessed by an administrator
\n:: Note for website ::
\n + Default request body is {data: ecdsa_string}
\n\n| **Headers** |\n|----------------------------------------------|\n\n ### requestid (required)\n JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n ### publickey (required)\n Public key\n\n ### authorization (required)\n JWT\n\n\n | **Request Body** |\n |----------------------------------------------|\n\n\n ### pSize (optional)\n pSize : number\n\n ### pIndex (optional)\n pIndex : number\n\n ### query (optional)\n query : object\n\n ### returnAssignedUserCount (optional)\n returnAssignedUserCount : boolean\n\n ### returnActivityStatus (optional)\n returnActivityStatus : boolean\n\n | **Returns** |\n |-------------------------------------------|\n\n - returns list of tokens in paginated structure\n - Throws an error if something goes wrong.\n",
"tags": [
[
"Hardware tokens"
]
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "authorization",
"in": "header",
"description": "JWT Access Token / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/FetchHardwareTokensRequest"
}
}
}
},
"responses": {
"200": {
"description": "Success",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/FetchHardwareTokensResponse"
}
}
}
},
"400": {
"description": "Validation data error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ValidationError"
}
}
}
},
"401": {
"description": "Unauthorized"
},
"500": {
"description": "Internal Server Error"
}
}
}
},
"/hardwaretokens/import_csv": {
"post": {
"summary": "Upload hardware tokens CSV file",
"description": "To upload a list of Hardware Tokens via a CSV file.
\n\n\n| **Headers** |\n|----------------------------------------------|\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string), and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n### authorization (required)\nJWT\n\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns a success message or an error response\n",
"tags": [
[
"Hardware tokens"
]
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "authorization",
"in": "header",
"description": "JWT Access Token / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"required": true,
"content": {
"multipart/form-data": {
"schema": {
"$ref": "#/components/schemas/UploadCsvRequest"
}
}
}
},
"responses": {
"200": {
"description": "Success",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"data": {
"type": "object"
},
"publicKey": {
"type": "string"
}
}
}
}
}
},
"400": {
"description": "Validation data error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ValidationError"
}
}
}
},
"401": {
"description": "Unauthorized"
},
"500": {
"description": "Internal Server Error"
}
}
}
},
"/hardwaretokens/tokens": {
"put": {
"summary": "Create Hardware tokens from CSV text.",
"description": "To create a list of hardware tokens from CSV text
\nThis endpoint must be accessed by an administrator
\n:: Note for website ::
\n + Default request body is {data: ecdsa_string}
\n\n| **Headers** |\n|----------------------------------------------|\n\n ### requestid (required)\n JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n ### publickey (required)\n Public key\n\n ### authorization (required)\n JWT\n\n | **Request Body** |\n |----------------------------------------------|\n\n\n ### csv_text (required)\n csv_text : string\n\n\n | **Returns** |\n |-------------------------------------------|\n\n - returns success of failure response\n - Throws an error if something goes wrong.\n",
"tags": [
[
"Hardware tokens"
]
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "authorization",
"in": "header",
"description": "JWT Access Token / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/CreateHardwareTokensRequest"
}
}
}
},
"responses": {
"200": {
"description": "Success",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/CreateHardwareTokensResponse"
}
}
}
},
"400": {
"description": "Validation data error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ValidationError"
}
}
}
},
"401": {
"description": "Unauthorized"
},
"500": {
"description": "Internal Server Error"
}
}
},
"delete": {
"summary": "Delete Hardware tokens.",
"description": "To delete a list of hardware tokens by serial number
\nThis endpoint must be accessed by an administrator
\n:: Note for website ::
\n + Default request body is {data: ecdsa_string}
\n\n| **Headers** |\n|----------------------------------------------|\n\n ### requestid (required)\n JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n ### publickey (required)\n Public key\n\n ### authorization (required)\n JWT\n\n | **Request Body** |\n |----------------------------------------------|\n\n\n ### serialNumbers (required)\n serialNumbers : array\n\n\n | **Returns** |\n |-------------------------------------------|\n\n - returns success of failure response\n - Throws an error if something goes wrong.\n",
"tags": [
[
"Hardware tokens"
]
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "authorization",
"in": "header",
"description": "JWT Access Token / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/DeleteHardwareTokensRequest"
}
}
}
},
"responses": {
"200": {
"description": "Success",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/DeleteHardwareTokensResponse"
}
}
}
},
"400": {
"description": "Validation data error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ValidationError"
}
}
}
},
"401": {
"description": "Unauthorized"
},
"500": {
"description": "Internal Server Error"
}
}
}
},
"/hardwaretokens/tokens/{id}": {
"patch": {
"summary": "Edit Hardware tokens.",
"description": "To edit hardware token's seed and counter
\nThis endpoint must be accessed by an administrator
\n:: Note for website ::
\n + Default request body is {data: ecdsa_string}
\n\n| **Headers** |\n|----------------------------------------------|\n\n ### requestid (required)\n JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n ### publickey (required)\n Public key\n\n ### authorization (required)\n JWT\n\n ### id (required)\n id\n\n\n | **Request Body** |\n |----------------------------------------------|\n\n\n ### seed (optional)\n seed : string\n\n ### counter (optional)\n counter : number\n\n\n | **Returns** |\n |-------------------------------------------|\n\n - returns success of failure response\n - returns bad request if none of the attributes provided\n - Throws an error if something goes wrong.\n",
"tags": [
[
"Hardware tokens"
]
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "authorization",
"in": "header",
"description": "JWT Access Token / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "id",
"in": "path",
"description": "The Id of hardware token",
"required": true,
"schema": null,
"type": "string"
}
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/EditHardwareTokensRequest"
}
}
}
},
"responses": {
"200": {
"description": "Success",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/EditHardwareTokensResponse"
}
}
}
},
"400": {
"description": "Validation data error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ValidationError"
}
}
}
},
"401": {
"description": "Unauthorized"
},
"500": {
"description": "Internal Server Error"
}
}
}
},
"/hardwaretokens/usertokens/fetch": {
"post": {
"summary": "Fetch all the Users or Tokens assigned",
"description": "To List all users or tokens assigned to hardware tokens or users.
\nThis endpoint must be accessed by an administrator
\n:: Note for website ::
\n + Default request body is {data: ecdsa_string}
\n\n| **Headers** |\n|----------------------------------------------|\n\n ### requestid (required)\n JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n ### publickey (required)\n Public key\n\n ### authorization (required)\n JWT\n\n\n | **Request Body** |\n |----------------------------------------------|\n\n\n ### pSize (optional)\n pSize : number\n\n ### pIndex (optional)\n pIndex : number\n\n ### query (optional)\n query : object\n\n\n | **Returns** |\n |-------------------------------------------|\n\n - returns success of failure response\n - Throws an error if something goes wrong.\n",
"tags": [
[
"Hardware tokens"
]
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "authorization",
"in": "header",
"description": "JWT Access Token / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/FetchUserOrTokensRequest"
}
}
}
},
"responses": {
"200": {
"description": "Success",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/FetchUserOrTokensResponse"
}
}
}
},
"400": {
"description": "Validation data error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ValidationError"
}
}
}
},
"401": {
"description": "Unauthorized"
},
"500": {
"description": "Internal Server Error"
}
}
}
},
"/hardwaretokens/usertokens": {
"put": {
"summary": "Assign users to tokens",
"description": "Assign a list of users to tokens.
\nThis endpoint must be accessed by an administrator.
\n:: Note for website ::
\n+ The default request body is: {data: ecdsa_string}
\n\n| **Headers** |\n|---------------------------------------|\n\n### requestid (required)\nA JSON string encrypted with ECDSA, containing:\n- \"appid\" (string)\n- \"uuid\" (string)\n- \"ts\" (number): epoch timestamp in seconds\n\nThe timestamp must be within the range defined by 'environment.allowed_time_span'.\n\n### publickey (required)\nPublic key\n\n### authorization (required)\nJWT token\n\n\n| **Request Body** |\n|---------------------------------------|\n\n### list (required)\nAn array of user-token mappings.\n\n\n| **Returns** |\n|---------------------------------------|\n\n- Returns success of failure response\n- Throws an error if the request fails.\n",
"tags": [
[
"Hardware tokens"
]
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"name": "requestid",
"in": "header",
"description": "A JSON string encrypted with ECDSA containing \"appid\", \"uuid\", and \"ts\" (epoch timestamp in seconds). The timestamp must be within 'environment.allowed_time_span'. / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything; use the 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything; use the 'Authorize' fields"
}
},
{
"name": "authorization",
"in": "header",
"description": "JWT Access Token / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything; use the 'Authorize' fields"
}
}
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/AssignUsersRequest"
}
}
}
},
"responses": {
"200": {
"description": "Success",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/AssignUsersResponse"
}
}
}
},
"400": {
"description": "Validation data error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ValidationError"
}
}
}
},
"401": {
"description": "Unauthorized"
},
"500": {
"description": "Internal Server Error"
}
}
},
"delete": {
"summary": "Unassign users from the tokens",
"description": "Unassign a list of users from tokens.
\nThis endpoint must be accessed by an administrator.
\n:: Note for website ::
\n+ The default request body is: {data: ecdsa_string}
\n\n| **Headers** |\n|---------------------------------------|\n\n### requestid (required)\nA JSON string encrypted with ECDSA, containing:\n- \"appid\" (string)\n- \"uuid\" (string)\n- \"ts\" (number): epoch timestamp in seconds\n\nThe timestamp must be within the range defined by 'environment.allowed_time_span'.\n\n### publickey (required)\nPublic key\n\n### authorization (required)\nJWT token\n\n\n| **Request Body** |\n|---------------------------------------|\n\n### list (required)\nAn array of user-token mappings.\n\n\n| **Returns** |\n|---------------------------------------|\n\n- Returns success of failure response.\n- Throws an error if the request fails.\n",
"tags": [
[
"Hardware tokens"
]
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"name": "requestid",
"in": "header",
"description": "A JSON string encrypted with ECDSA containing \"appid\", \"uuid\", and \"ts\" (epoch timestamp in seconds). The timestamp must be within 'environment.allowed_time_span'. / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything; use the 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything; use the 'Authorize' fields"
}
},
{
"name": "authorization",
"in": "header",
"description": "JWT Access Token / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything; use the 'Authorize' fields"
}
}
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/AssignUsersRequest"
}
}
}
},
"responses": {
"204": {
"description": "No contnent"
},
"400": {
"description": "Validation data error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ValidationError"
}
}
}
},
"401": {
"description": "Unauthorized"
},
"500": {
"description": "Internal Server Error"
}
}
}
},
"/hardwaretokens/usertokens/csv_text": {
"put": {
"summary": "Assign users to tokens from CSV text.",
"description": "Assign users to tokens from a valid CSV text
\nThis endpoint must be accessed by an administrator
\n:: Note for website ::
\n + Default request body is {data: ecdsa_string}
\n\n| **Headers** |\n|----------------------------------------------|\n\n ### requestid (required)\n JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n ### publickey (required)\n Public key\n\n ### authorization (required)\n JWT\n\n | **Request Body** |\n |----------------------------------------------|\n\n\n ### csv_text (required)\n csv_text : string\n\n\n | **Returns** |\n |-------------------------------------------|\n\n - returns success of failure response\n - Throws an error if something goes wrong.\n",
"tags": [
[
"Hardware tokens"
]
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "authorization",
"in": "header",
"description": "JWT Access Token / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/AssignUsersCsvTextRequest"
}
}
}
},
"responses": {
"200": {
"description": "Success",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/AssignUsersCsvTextResponse"
}
}
}
},
"400": {
"description": "Validation data error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ValidationError"
}
}
}
},
"401": {
"description": "Unauthorized"
},
"500": {
"description": "Internal Server Error"
}
}
}
},
"/hardwaretokens/usertokens/import_csv": {
"post": {
"summary": "Upload CSV file to assign users to tokens",
"description": "Upload a list of user-token assignments using a CSV file.
\n\n | **Headers** |\n |----------------------------------------------|\n\n ### requestid (required)\n JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string), and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n ### publickey (required)\n Public key\n\n ### authorization (required)\n JWT\n\n\n | **Returns** |\n |-------------------------------------------|\n\n Returns a success message or an error response\n",
"tags": [
[
"Hardware tokens"
]
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "authorization",
"in": "header",
"description": "JWT Access Token / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"required": true,
"content": {
"multipart/form-data": {
"schema": {
"$ref": "#/components/schemas/UploadCsvRequest"
}
}
}
},
"responses": {
"200": {
"description": "Success",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"data": {
"type": "object"
},
"publicKey": {
"type": "string"
}
}
}
}
}
},
"400": {
"description": "Validation data error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ValidationError"
}
}
}
},
"401": {
"description": "Unauthorized"
},
"500": {
"description": "Internal Server Error"
}
}
}
},
"/hardwaretokens/resync": {
"post": {
"summary": "Re-sync Hardware token.",
"description": "To re-sync a token by using 3 sequential OTP values with Serial Number
\nThis endpoint must be accessed by an administrator.
\n:: Note for website ::
\n+ The default request body is: {data: ecdsa_string}
\n\n| **Headers** |\n|---------------------------------------|\n\n### requestid (required)\nA JSON string encrypted with ECDSA, containing:\n- \"appid\" (string)\n- \"uuid\" (string)\n- \"ts\" (number): epoch timestamp in seconds\n\nThe timestamp must be within the range defined by 'environment.allowed_time_span'.\n\n### publickey (required)\nPublic key\n\n### authorization (required)\nJWT token\n\n\n| **Request Body** |\n|---------------------------------------|\n\n### code1 (required)\ncode1: string\n\n### code2 (required)\ncode2: string\n\n### code3 (required)\ncode3: string\n\n### serialNumber (required)\nserialNumber: string\n\n| **Returns** |\n|---------------------------------------|\n\n- Returns success of failure response\n- Throws an error if the request fails.\n",
"tags": [
[
"Hardware tokens"
]
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"name": "requestid",
"in": "header",
"description": "A JSON string encrypted with ECDSA containing \"appid\", \"uuid\", and \"ts\" (epoch timestamp in seconds). The timestamp must be within 'environment.allowed_time_span'. / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything; use the 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything; use the 'Authorize' fields"
}
},
{
"name": "authorization",
"in": "header",
"description": "JWT Access Token / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything; use the 'Authorize' fields"
}
}
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ResyncTokenRequest"
}
}
}
},
"responses": {
"200": {
"description": "Success",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ResyncTokenResponse"
}
}
}
},
"400": {
"description": "Validation data error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ValidationError"
}
}
}
},
"401": {
"description": "Unauthorized"
},
"500": {
"description": "Internal Server Error"
}
}
}
},
"/hardwareotp/onespan/test": {
"post": {
"summary": "Test OneSpan Connection",
"description": "Test OneSpan server Connection.
\nThis endpoint must be accessed by an administrator
\n\n | **Headers** |\n |----------------------------------------------|\n\n ### requestid (required)\n JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n ### publickey (required)\n Public key\n\n ### authorization (required)\n JWT\n\n | **Returns** |\n |-------------------------------------------|\n\n Returns object with branding colors and images\n",
"tags": [
"Hardwareotp"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try to Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "authorization",
"in": "header",
"description": "JWT Access Token / Try to Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"description": "Request should contain *publicKey* field with caller's public key\n\nRequest body contains *data* field with encrypted object below:\n\n```\n{\n \"user_name\": \"string (required)\",\n \"otp\": \"number (required)\",\n}\n```\n\nIMPORTANT - you can send unencrypted data, and you will get unecrypted data as well, it is only a preview available in Swagger\n",
"required": true,
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/testOneSpanConnectionRequest"
}
}
}
},
"responses": {
"200": {
"description": "Success\n\nThe publicKey of WebServer API used in decrypting\n\nResponse body contains *data* field with encrypted object below:\n\nIMPORTANT - you can send unencrypted data, and you will get unecrypted data as well, it is only a preview available in Swagger\n",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/testOneSpanConnectionResponse"
}
}
}
},
"400": {
"description": "Validation data error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ValidationError"
}
}
}
},
"401": {
"description": "Unauthorized"
},
"500": {
"description": "Internal Server Error"
}
}
}
},
"/generate/otp": {
"put": {
"description": "Create OTP for user.
\n:: Note for website ::
\n+ Default request body is {data: ecdsa_string}
\n\n\n| **Headers** |\n|----------------------------------------------|\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n\n| **Request Body** |\n|----------------------------------------------|\n\n### communityId (required)\ncommunityId : string\n\n### tenantId (required)\ntenantId : string\n\n### user_token (required)\nuser_token : string\n\n### deliveryMethod (required)\ndeliveryMethod : string\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns the Adminconsole response (reencrypted).
\nThis API throw an error if something goes wrong.\n",
"tags": [
"Authenticate"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"license": []
}
],
"parameters": [
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/CreateOtpRequest"
}
}
}
},
"responses": {
"200": {
"description": "Success.
\nReturns reencrypted response from Adminconsole.\n",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/EcdsaEncryptDecryptResponse"
}
}
}
},
"400": {
"description": "Invalid request"
},
"401": {
"description": "Unauthorized"
},
"429": {
"description": "Too Many Requests. User has exceeded the OTP rate limit.\nResponse includes retryAfterSeconds in the response body.\n"
},
"500": {
"description": "Internal Server Error"
}
}
}
},
"/generate/account_otp": {
"put": {
"summary": "Create Account OTP",
"description": "Create Account OTP for user and return cycle time remaining seconds with OTP.
\n\n| **Headers** |\n|----------------------------------------------|\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n### authorization (required)\nJWT\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns the Account OTP with cycle time.
\nThis API throw an error if something goes wrong.\n",
"tags": [
"Account OTP"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "authorization",
"in": "header",
"description": "JWT Access Token / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"responses": {
"200": {
"description": "Success.
\nReturns reencrypted response from Adminconsole.\n",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/CreateAccountOtpResponse"
}
}
}
},
"400": {
"description": "Invalid request"
},
"401": {
"description": "Unauthorized"
},
"429": {
"description": "Too Many Requests. User has exceeded the OTP rate limit.\nResponse includes retryAfterSeconds in the response body.\n"
},
"500": {
"description": "Internal Server Error"
}
}
}
},
"/external_idp": {
"put": {
"summary": "Create ExternalIdp",
"description": "Create ExternalIdp
\nThis endpoint must be accessed by an administrator.
\n:: Note for website ::
\n+ Default request body is {data: ecdsa_string}
\n\n| **Headers** |\n|----------------------------------------------|\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n### authorization (required)\nJWT\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns object with public key and encrypted data containing identity provider\n",
"tags": [
"ExternalIdp"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "authorization",
"in": "header",
"description": "JWT Access Token / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"description": "Must contain all fields to create a valid ExternalIdp IMPORTANT - you can send unencrypted data and you will get unecrypted data as well, it is only a preview available in Swagger",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/CreateOrUpdateExternalIdpRequest"
}
}
}
},
"responses": {
"200": {
"description": "SUCCESS\n\nIMPORTANT - Unencrypted response is only available in Swagger\n\nIn real application, you will get data as follow:\n```\n{\n \"data\": \"\",\n \"publicKey\": \"\"\n}\n```\n",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/CreateOrUpdateExternalIdpResponse"
}
}
}
},
"400": {
"description": "Validation data error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ValidationError"
}
}
}
},
"401": {
"description": "Unauthorized"
}
}
}
},
"/external_idp/fetch": {
"post": {
"summary": "fetch ExternalIdp",
"description": "fetch ExternalIdp
\nThis endpoint must be accessed by an administrator.
\n:: Note for website ::
\n+ Default request body is {data: ecdsa_string}
\n\n| **Headers** |\n|----------------------------------------------|\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n### authorization (required)\nJWT\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns object with public key and encrypted data containing identity provider\n",
"tags": [
"ExternalIdp"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "authorization",
"in": "header",
"description": "JWT Access Token / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"description": "Must contain all fields to create a valid ExternalIdp IMPORTANT - you can send unencrypted data and you will get unecrypted data as well, it is only a preview available in Swagger",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/FetchExternalIdpRequest"
}
}
}
},
"responses": {
"200": {
"description": "SUCCESS\n\nIMPORTANT - Unencrypted response is only available in Swagger\n\nIn real application, you will get data as follow:\n```\n{\n \"data\": \"\",\n \"publicKey\": \"\"\n}\n```\n",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/CreateOrUpdateExternalIdpResponse"
}
}
}
},
"400": {
"description": "Validation data error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ValidationError"
}
}
}
},
"401": {
"description": "Unauthorized"
}
}
}
},
"/external_idp/{id}": {
"patch": {
"summary": "Update ExternalIdp",
"description": "Update ExternalIdp
\nThis endpoint must be accessed by an administrator.
\n:: Note for website ::
\n+ Default request body is {data: ecdsa_string}
\n\n| **Headers** |\n|----------------------------------------------|\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n### authorization (required)\nJWT\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns object with public key and encrypted data containing identity provider\n",
"tags": [
"ExternalIdp"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"name": "id",
"in": "path",
"description": "Mongo objectId of external idp to update",
"required": true,
"schema": {
"type": "string",
"example": "xxxxxxxxx"
}
},
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "authorization",
"in": "header",
"description": "JWT Access Token / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"description": "Must contain all fields to create a valid ExternalIdp IMPORTANT - you can send unencrypted data and you will get unecrypted data as well, it is only a preview available in Swagger",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/CreateOrUpdateExternalIdpRequest"
}
}
}
},
"responses": {
"200": {
"description": "SUCCESS\n\nIMPORTANT - Unencrypted response is only available in Swagger\n\nIn real application, you will get data as follow:\n```\n{\n \"data\": \"\",\n \"publicKey\": \"\"\n}\n```\n",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/CreateOrUpdateExternalIdpResponse"
}
}
}
},
"400": {
"description": "Validation data error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ValidationError"
}
}
}
},
"401": {
"description": "Unauthorized"
}
}
},
"delete": {
"summary": "Delete External idp",
"description": "Delete External idp.
\nThis endpoint must be accessed by an administrator.
\n:: Note for website ::
\n+ Default request body is {data: ecdsa_string}
\n\n| **Headers** |\n|----------------------------------------------|\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n### authorization (required)\nJWT\n\n| **Returns** |\n|-------------------------------------------|\n\nNothing to return\n",
"tags": [
"ExternalIdp"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"name": "id",
"in": "path",
"description": "Mongo objectId of External idp to delete",
"required": true,
"schema": {
"type": "string",
"example": "xxxxxxxxx"
}
},
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "authorization",
"in": "header",
"description": "JWT Access Token / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"description": "Request body contains 'data' field with encrypted object below:\n```\n{\n tenantId: xxxxxx,\n communityId: xxxxxx\n}\n```\nIMPORTANT - you can send unencrypted data and you will get unecrypted data as well, it is only a preview available in Swagger\n",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/DeleteExternalIdpRequest"
}
}
}
},
"responses": {
"204": {
"description": "SUCCESS\n\nNo Content\n"
},
"400": {
"description": "Validation data error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ValidationError"
}
}
}
},
"401": {
"description": "Unauthorized"
}
}
}
},
"/environment": {
"get": {
"description": "Provide details regarding the environments.\n| **Returns** |\n|-------------------------------------------|\n\nReturns an environment object\n",
"tags": [
"Environment"
],
"security": [
{
"license": []
}
],
"responses": {
"200": {
"description": "Success"
}
}
},
"patch": {
"summary": "Update environment attributes",
"description": "Set environment configuration at the platform internal level.
\nThis endpoint must be accessed by a community administrator.
\n:: Note for website ::
\n+ Default request body is {data: ecdsa_string}
\n| **Headers* |\n|----------------------------------------------|\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n### authorization (required)\nJWT\n\n| **Returns* |\n|-------------------------------------------|\n\nReturns object with public key and encrypted data containing platform environment config data\n",
"tags": [
"Environment"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "authorization",
"in": "header",
"description": "JWT Access Token / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"description": "IMPORTANT - you can send unencrypted data and you will get unecrypted data as well, it is only a preview available in Swagger\n```\n{\n sessionMaxAgeMinutes: 60\n}\n```\n",
"required": true,
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/UpdateEnvironmentConfigRequest"
}
}
}
},
"responses": {
"200": {
"description": "Success",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/UpdateEnvironmentConfigResponse"
}
}
}
},
"400": {
"description": "Validation data error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ValidationError"
}
}
}
},
"401": {
"description": "Unauthorized"
},
"500": {
"description": "Internal Server Error"
}
}
}
},
"/ecdsa_helper/{method}": {
"post": {
"description": "Encrypt and decrypt the data string by public key and private key.\n\n| **Parameters** |\n|----------------------------------------------|\n\n### method (optional)\nThe method parameter is type of enum. Default value is encrypt.
\nThis parameter only accepts following values
\n **encrypt**, **decrypt**\n\n\n| **Request Body** |\n|----------------------------------------------|\n\n\n### dataStr (required)\nThe dataStr key is type of string.\n\n
\n### publicKey (required)\nThe publicKey is type of string.\n\n
\n### privateKey (required)\nThe privateKey is type of string.\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns the encrypted/decrypted string.
\nThis API throw an error if something goes wrong. A common source of error is public or private key is not valid.\n",
"tags": [
"ECDSA Helper"
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/HelperEcdsaEncryptDecryptRequest"
}
}
}
},
"parameters": [
{
"in": "path",
"name": "method",
"schema": {
"type": "string",
"enum": [
"encrypt",
"decrypt"
],
"default": "encrypt"
}
}
],
"responses": {
"200": {
"description": "successful operation",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/HelperEcdsaEncryptDecryptResponse"
}
}
}
}
}
}
},
"/downloadables/versions/fetch": {
"post": {
"summary": "Get software download info",
"description": "Download software (broker, radius).
\nThis endpoint must be accessed by an administrator.
\n\n| **Headers** |\n|----------------------------------------------|\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n### authorization (required)\nJWT\n\n| **Returns** |\n|-------------------------------------------|\n\nSoftware version info.
\nThis API throw an error if something goes wrong.\n",
"tags": [
"Downloadables"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "authorization",
"in": "header",
"description": "JWT Access Token / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"description": "Request body contains 'data' field with encrypted object below:\n\nIMPORTANT - you can send unencrypted data and you will get unecrypted data as well, it is only a preview available in Swagger\n\n```\n{\n software: [\"string required\"],\n latest: \"boolean optional, defaults to true\",\n os: [\"string required\"]\n}\n```\n",
"required": true,
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/DownloadablesVersionRequest"
}
}
}
},
"responses": {
"200": {
"description": "Success",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/DownloadablesVersionResponse"
}
}
}
},
"401": {
"description": "Unauthorized"
},
"404": {
"description": "Broker Not Found"
},
"500": {
"description": "Internal Server Error"
}
}
}
},
"/downloadables/artifact/fetch": {
"post": {
"summary": "Download artifacts",
"description": "Download specified artifacts.
\nThis endpoint must be accessed by an administrator.
\n:: Note for website ::
\n+ Default request body is {data: ecdsa_string}
\n\n| **Headers** |\n|----------------------------------------------|\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n### authorization (required)\nJWT\n\n| **Request Body** |\n|----------------------------------------------|\n\n\n### tenantId (required)\ntenantId : string\n\n### communityId (required)\ncommunityId : string\n\n### moduleId (required)\nmoduleId : string\n\n| **Returns** |\n|-------------------------------------------|\n\nDownloads broker.
\nThis API throw an error if something goes wrong.\n",
"tags": [
"Downloadables"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"license": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "authorization",
"in": "header",
"description": "JWT Access Token / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/DownloadArtifactsRequest"
}
}
}
},
"responses": {
"200": {
"description": "Success.",
"content": {
"application/octet-stream": {
"schema": {
"type": "file",
"format": "binary"
}
}
}
},
"400": {
"description": "Invalid Request"
},
"401": {
"description": "Unauthorized"
},
"404": {
"description": "Software Not Found"
},
"500": {
"description": "Internal Server Error"
}
}
}
},
"/config/idp_config": {
"put": {
"summary": "Set IDP Config",
"description": "Create or update Indentity Provider's config.
\nThis endpoint must be accessed by an administrator.
\n:: Note for website ::
\n+ Default request body is {data: ecdsa_string}
\n\n| **Headers** |\n|----------------------------------------------|\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n### authorization (required)\nJWT\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns object with public key and encrypted data containing IDP config\n",
"tags": [
"IDP Config"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"license": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "authorization",
"in": "header",
"description": "JWT Access Token / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"description": "Request body contains 'data' field with encrypted object below:\n\nIMPORTANT - you can send unencrypted data and you will get unecrypted data as well, it is only a preview available in Swagger\n\n```\n{\n tenantId: \"string required\",\n communityId: \"string required\",\n signingCert: \"string required\",\n signingKey: \"string required\",\n encryptionCert: \"string required\",\n encryptionKey: \"string required\",\n entityId: \"string required\",\n authnRequestsSigned: \"boolean required\",\n sso_bindings: ['string required'],\n slo_bindings: ['string required'],\n identifier: \"string optional\"\n}\n```\n",
"required": true,
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/SetIDPConfigRequest"
}
}
}
},
"responses": {
"200": {
"description": "Success",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/EcdsaEncryptDecryptResponse"
}
}
}
},
"400": {
"description": "Validation data error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ValidationError"
}
}
}
},
"401": {
"description": "Unauthorized"
},
"500": {
"description": "Internal Server Error"
}
}
}
},
"/config/idp_config/fetch": {
"post": {
"summary": "get IDP Config",
"description": "Get Indentity Provider's config.
\nThis endpoint must be accessed by an administrator.
\n:: Note for website ::
\n+ Default request body is {data: ecdsa_string}
\n\n| **Headers** |\n|----------------------------------------------|\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n### authorization (required)\nJWT\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns object with public key and encrypted data containing IDP config\n",
"tags": [
"IDP Config"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"license": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "authorization",
"in": "header",
"description": "JWT Access Token / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"description": "Request body contains 'data' field with encrypted object below:\n\nIMPORTANT - you can send unencrypted data and you will get unecrypted data as well, it is only a preview available in Swagger\n\n```\n{\n tenantId: \"string required\",\n communityId: \"string required\"\n}\n```\n",
"required": true,
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/GetIDPConfigRequest"
}
}
}
},
"responses": {
"200": {
"description": "Success",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/EcdsaEncryptDecryptResponse"
}
}
}
},
"400": {
"description": "Validation data error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ValidationError"
}
}
}
},
"401": {
"description": "Unauthorized"
},
"500": {
"description": "Internal Server Error"
}
}
}
},
"/config/template": {
"put": {
"summary": "create/update template",
"description": "Create or update template config.
\nThis endpoint must be accessed by an administrator.
\n:: Note for website ::
\n+ Default request body is {data: ecdsa_string}
\n\n| **Headers** |\n|----------------------------------------------|\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n### authorization (required)\nJWT\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns object with public key and encrypted data containing template config\n",
"tags": [
"Template Config"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"license": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try to Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "authorization",
"in": "header",
"description": "JWT Access Token / Try to Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"description": "Request body contains 'data' field with encrypted object below:\n\nIMPORTANT - you can send unencrypted data and you will get unecrypted data as well, it is only a preview available in Swagger\n",
"required": true,
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/SetTemplateConfigRequest"
}
}
}
},
"responses": {
"200": {
"description": "Success",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/EcdsaEncryptDecryptResponse"
}
}
}
},
"400": {
"description": "Validation data error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ValidationError"
}
}
}
},
"401": {
"description": "Unauthorized"
},
"500": {
"description": "Internal Server Error"
}
}
},
"delete": {
"summary": "delete template",
"description": "Delete template config.
\nThis endpoint must be accessed by an administrator.
\n:: Note for website ::
\n+ Default request body is {data: ecdsa_string}
\n\n| **Headers** |\n|----------------------------------------------|\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n### authorization (required)\nJWT\n\n| **Returns** |\n|-------------------------------------------|\n\n204 No Content\n",
"tags": [
"Template Config"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"license": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "authorization",
"in": "header",
"description": "JWT Access Token / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"description": "Request body contains 'data' field with encrypted object below:\n\nIMPORTANT - you can send unencrypted data and you will get unecrypted data as well, it is only a preview available in Swagger\n\n```\n{\n tenantId: \"string required\",\n communityId: \"string required\",\n key_paths: [\"string required\"]\n}\n```\n",
"required": true,
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/DeleteTemplateConfigRequest"
}
}
}
},
"responses": {
"200": {
"description": "Success",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/EcdsaEncryptDecryptResponse"
}
}
}
},
"400": {
"description": "Validation data error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ValidationError"
}
}
}
},
"401": {
"description": "Unauthorized"
},
"500": {
"description": "Internal Server Error"
}
}
}
},
"/config/template/fetch": {
"post": {
"summary": "get templates",
"description": "Get templates config.
\nThis endpoint must be accessed by an administrator.
\n:: Note for website ::
\n+ Default request body is {data: ecdsa_string}
\n\n| **Headers** |\n|----------------------------------------------|\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n### authorization (required)\nJWT\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns object with public key and encrypted data containing templates config\n",
"tags": [
"Template Config"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"license": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "authorization",
"in": "header",
"description": "JWT Access Token / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"description": "Request body contains 'data' field with encrypted object below:\n\nIMPORTANT - you can send unencrypted data and you will get unecrypted data as well, it is only a preview available in Swagger\n\n```\n{\n tenantId: \"string required\",\n communityId: \"string required\",\n purposes: [\"string\"] //array is optional\n}\n```\n",
"required": true,
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/GetTemplateConfigRequest"
}
}
}
},
"responses": {
"200": {
"description": "Success",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/EcdsaEncryptDecryptResponse"
}
}
}
},
"400": {
"description": "Validation data error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ValidationError"
}
}
}
},
"401": {
"description": "Unauthorized"
},
"500": {
"description": "Internal Server Error"
}
}
}
},
"/config/session_attributes": {
"put": {
"summary": "Set BlockID session attributes Config",
"description": "Create or update BlockID session attributes Config.
\nThis endpoint must be accessed by an administrator.
\n:: Note for website ::
\n+ Default request body is {data: ecdsa_string}
\n\n| **Headers** |\n|----------------------------------------------|\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n### authorization (required)\nJWT\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns object with public key and encrypted data containing session attributes config\n",
"tags": [
"Session Attributes Config"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"license": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "authorization",
"in": "header",
"description": "JWT Access Token / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"description": "\nIMPORTANT - you can send unencrypted data and you will get unecrypted data as well, it is only a preview available in Swagger\n\n```\n{\n tenantId: \"string required\",\n communityId: \"string required\",\n data: [\"string\", \"string\"],\n}\n```\n",
"required": true,
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/SetSessionAttributeConfigRequest"
}
}
}
},
"responses": {
"200": {
"description": "Success",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/EcdsaEncryptDecryptResponse"
}
}
}
},
"400": {
"description": "Validation data error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ValidationError"
}
}
}
},
"401": {
"description": "Unauthorized"
},
"500": {
"description": "Internal Server Error"
}
}
}
},
"/config/session_attributes/fetch": {
"post": {
"summary": "get BlockID session attributes Config",
"description": "Get BlockID session, ledger, identity attributes Config.
\nThis endpoint can be accessed by everyone.
\nThis endpoint returns every data when accessed by administrator.
\nThis endpoint returns partial data when accessed by normal user (only identity attributes).
\n:: Note for website ::
\n+ Default request body is {data: ecdsa_string}
\n\n| **Headers** |\n|----------------------------------------------|\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n### authorization (required)\nJWT\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns object with public key and encrypted data containing session, ledger, identity attributes config\n",
"tags": [
"Session Attributes Config"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"license": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "authorization",
"in": "header",
"description": "JWT Access Token / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"description": "\nIMPORTANT - you can send unencrypted data and you will get unecrypted data as well, it is only a preview available in Swagger\nGetting community session attribute pass tenant id and community id in request\n```\n{\n tenantId: \"string required\",\n communityId: \"string required\",\n local_key_paths: [\"blockid_session_attributes\"] // always this value or empty array\n global_key_paths: [\"blockid_session_attributes\", \"blockid_ledger_attributes\", \"identity_attributes\"] // always one or more of these values or empty array\n}\n```\n",
"required": true,
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/GetSessionAttributeConfigRequest"
}
}
}
},
"responses": {
"200": {
"description": "Success\n\nFollowing ECDSA encrypted object is returned:\n```\n{\n custom: localCaas.blockid_session_attributes, // array of strings: [\"a1\", \"a2\"]\n baseline: globalCaas.blockid_session_attributes, // array of strings: [\"a3\", \"a4\"]\n ledger: globalCaas.blockid_ledger_attributes // array of strings [\"a5\", \"a6\"],\n identity: globalCaas.identity_attributes // array of objects [{ \"attribute\": \"a7\", \"displayName: \"A7\" }],\n}\n```\n",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/EcdsaEncryptDecryptResponse"
}
}
}
},
"400": {
"description": "Validation data error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ValidationError"
}
}
}
},
"401": {
"description": "Unauthorized"
},
"500": {
"description": "Internal Server Error"
}
}
}
},
"/config/fetch": {
"post": {
"summary": "Get Global Caas Config",
"description": "Get Global Caas Config.
\nThis endpoint must be accessed by an administrator.
\n:: Note for website ::
\n+ Default request body is {data: ecdsa_string}
\n\n| **Headers** |\n|----------------------------------------------|\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n### authorization (required)\nJWT\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns object with public key and encrypted data containing global Caas config\n",
"tags": [
"Caas Config"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"license": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "authorization",
"in": "header",
"description": "JWT Access Token / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"description": "\nIMPORTANT - you can send unencrypted data and you will get unecrypted data as well, it is only a preview available in Swagger\n```\n{\n tenantId: \"string required\",\n communityId: \"string required\",\n key_paths: [\"string required\"]\n}\n```\n",
"required": true,
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/getCaasConfigRequest"
}
}
}
},
"responses": {
"200": {
"description": "Success",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/getCaasConfigResponse"
}
}
}
},
"400": {
"description": "Validation data error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ValidationError"
}
}
}
},
"401": {
"description": "Unauthorized"
},
"500": {
"description": "Internal Server Error"
}
}
}
},
"/config/self_registration_config/fetch": {
"post": {
"summary": "Get self registration config for community",
"description": "Get self registration config for community.
\nThis endpoint must be accessed by an administrator.
\n:: Note for website ::
\n+ Default request body is {data: ecdsa_string}
\n\n| **Headers** |\n|----------------------------------------------|\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n### authorization (required)\nJWT\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns object with public key and encrypted data containing self registration config for community\n",
"tags": [
"Self Registration Config"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"license": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "authorization",
"in": "header",
"description": "JWT Access Token / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"description": "\nIMPORTANT - you can send unencrypted data and you will get unecrypted data as well, it is only a preview available in Swagger\n```\n{\n tenantId: \"string required\",\n communityId: \"string required\"\n}\n```\n",
"required": true,
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/GetCommunitySelfRegistrationConfigRequest"
}
}
}
},
"responses": {
"200": {
"description": "Success",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/SelfRegistrationConfigResponse"
}
}
}
},
"400": {
"description": "Validation data error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ValidationError"
}
}
}
},
"401": {
"description": "Unauthorized"
},
"500": {
"description": "Internal Server Error"
}
}
}
},
"/config/self_registration_config": {
"put": {
"summary": "Set self registration config for community",
"description": "Set self registration config for community.
\nThis endpoint must be accessed by an administrator.
\n:: Note for website ::
\n+ Default request body is {data: ecdsa_string}
\n\n| **Headers** |\n|----------------------------------------------|\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n### authorization (required)\nJWT\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns object with public key and encrypted data containing self registration config for community\n",
"tags": [
"Self Registration Config"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"license": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "authorization",
"in": "header",
"description": "JWT Access Token / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"description": "\nIMPORTANT - you can send unencrypted data and you will get unecrypted data as well, it is only a preview available in Swagger\n```\n{\n tenantId: \"string required\",\n communityId: \"string required\",\n allowed: \"boolean\"\n}\n```\n",
"required": true,
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/SetCommunitySelfRegistrationConfigRequest"
}
}
}
},
"responses": {
"200": {
"description": "Success",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/SelfRegistrationConfigResponse"
}
}
}
},
"400": {
"description": "Validation data error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ValidationError"
}
}
}
},
"401": {
"description": "Unauthorized"
},
"500": {
"description": "Internal Server Error"
}
}
}
},
"/config/authentication/password_reset": {
"put": {
"summary": "Set Password reset settings for community",
"description": "Set Password reset Authentication settings for community.
\nThis endpoint must be accessed by an administrator.
\n:: Note for website ::
\n+ Default request body is {data: ecdsa_string}
\n\n| **Headers** |\n|----------------------------------------------|\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n### authorization (required)\nJWT\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns object with public key and encrypted data containing self registration config for community\n",
"tags": [
"Login Settings"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"license": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try to Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "authorization",
"in": "header",
"description": "JWT Access Token / Try to Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"description": "\nIMPORTANT - you can send unencrypted data, and you will get unecrypted data as well, it is only a preview available in Swagger\n```\n{\n default_input_method: \"string required\"\n tenantId: \"string required\",\n communityId: \"string required\",\n adminx_via_email_enabled: boolean,\n adminx_require_otp: boolean,\n mobile_enabled: boolean,\n sspr: object optional\n}\n```\n",
"required": true,
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/setPasswordResetSettingsRequest"
}
}
}
},
"responses": {
"200": {
"description": "Success",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/setPasswordResetSettingsResponse"
}
}
}
},
"400": {
"description": "Validation data error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ValidationError"
}
}
}
},
"401": {
"description": "Unauthorized"
},
"500": {
"description": "Internal Server Error"
}
}
},
"get": {
"summary": "Get password reset Authentication settings for community",
"description": "Get password reset Authentication settings for community.
\nThis endpoint must be accessed by an administrator.
\n:: Note for website ::
\n+ Default request body is {data: ecdsa_string}
\n\n| **Headers** |\n|----------------------------------------------|\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n### authorization (required)\nJWT\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns object with public key and encrypted data containing self registration config for community\n",
"tags": [
"Login Settings"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"license": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try to Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "authorization",
"in": "header",
"description": "JWT Access Token / Try to Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"responses": {
"200": {
"description": "Success",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/GetPasswordResetSettingsResponse"
}
}
}
},
"401": {
"description": "Unauthorized"
},
"500": {
"description": "Internal Server Error"
}
}
}
},
"/config/authentication/mfa_settings": {
"put": {
"summary": "Set Multi-Factor Authentication settings for community",
"description": "Set Multi-Factor Authentication settings for community.
\nThis endpoint must be accessed by an administrator.
\n:: Note for website ::
\n+ Default request body is {data: ecdsa_string}
\n\n| **Headers** |\n|----------------------------------------------|\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n### authorization (required)\nJWT\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns object with public key and encrypted data containing self registration config for community\n",
"tags": [
"Login Settings"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"license": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try to Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "authorization",
"in": "header",
"description": "JWT Access Token / Try to Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"description": "\nIMPORTANT - you can send unencrypted data, and you will get unecrypted data as well, it is only a preview available in Swagger\n```\n{\n tenantId: \"string required\",\n communityId: \"string required\",\n show_otp_email: \"boolean required\",\n show_otp_phone: \"boolean required\"\n show_otp_voice: \"boolean required\"\n show_otp_hardware: \"boolean required\"\n otp_prompt_text: \"string required\"\n accountLockEnabled: true,\n otpMaxAttempts: 2,\n lockDurationMinutes: 60\n onespan_domain: \"string required\"\n onespan_url: \"string required\",\n self_enroll_phone_allowed: \"boolean required\"\n sync_window_for_first_usage: \"number required\"\n}\n```\n",
"required": true,
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/setMFASettingsRequest"
}
}
}
},
"responses": {
"200": {
"description": "Success",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/setMFASettingsResponse"
}
}
}
},
"400": {
"description": "Validation data error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ValidationError"
}
}
}
},
"401": {
"description": "Unauthorized"
},
"500": {
"description": "Internal Server Error"
}
}
},
"get": {
"summary": "Get Multi-Factor Authentication settings for community",
"description": "Get Multi-Factor Authentication settings for community.
\nThis endpoint must be accessed by an administrator.
\n:: Note for website ::
\n+ Default request body is {data: ecdsa_string}
\n\n| **Headers** |\n|----------------------------------------------|\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n### authorization (required)\nJWT\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns object with public key and encrypted data containing self registration config for community\n",
"tags": [
"Login Settings"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"license": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try to Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "authorization",
"in": "header",
"description": "JWT Access Token / Try to Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"responses": {
"200": {
"description": "Success",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/GetMFASettingsResponse"
}
}
}
},
"401": {
"description": "Unauthorized"
},
"500": {
"description": "Internal Server Error"
}
}
}
},
"/config/authentication/pwdless_settings": {
"put": {
"summary": "Set pwdless settings for community",
"description": "Set pwdless settings for community.
\nThis endpoint must be accessed by an administrator.
\n:: Note for website ::
\n+ Default request body is {data: ecdsa_string}
\n\n| **Headers** |\n|----------------------------------------------|\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n### authorization (required)\nJWT\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns object with public key and encrypted data containing self registration config for community\n",
"tags": [
"Login Settings"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"license": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "authorization",
"in": "header",
"description": "JWT Access Token / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"description": "\nIMPORTANT - you can send unencrypted data and you will get unecrypted data as well, it is only a preview available in Swagger\n```\n{\n tenantId: \"string required\",\n communityId: \"string required\",\n primaryMethod: \"string required, default Fingerprint\",\n secondaryMethod: \"string\",\n selfOnBoard: \"boolean required\"\n selfOnBoardFromUserProfile: \"boolean required\"\n accountsPerPerson : \"number required\",\n personsPerAccount : \"number required\",\n personLimitRule : \"string required\",\n passwordless_disabled : \"boolean required\",\n qr_disabled : \"boolean required\",\n push_disabled : \"boolean required\",\n push_number_challenge_enabled : \"boolean optional\",\n dns : \"string required\",\n communityName : \"string required\"\n}\n```\n",
"required": true,
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/SetCommunityPwdlessSettingsRequest"
}
}
}
},
"responses": {
"200": {
"description": "Success",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/SetCommunityPwdlessSettingsResponse"
}
}
}
},
"400": {
"description": "Validation data error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ValidationError"
}
}
}
},
"401": {
"description": "Unauthorized"
},
"500": {
"description": "Internal Server Error"
}
}
}
},
"/config/authentication/pwdless_settings/{dns}/{communityName}": {
"get": {
"summary": "Fetch pwdless setting auth info",
"description": "Fetch pwdless setting auth info.
\n\n| **Headers** |\n|----------------------------------------------|\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n### authorization (required)\nJWT\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns object with public key and encrypted data containing self registration config for community\n",
"tags": [
"Login Settings"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"license": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "authorization",
"in": "header",
"description": "JWT Access Token / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "dns",
"in": "path",
"description": "DNS Name (string)",
"required": true,
"schema": {
"type": "string",
"example": "xxxxxxxxxx"
}
},
{
"name": "communityName",
"in": "path",
"description": "communityName (string)",
"required": true,
"schema": {
"type": "string",
"example": "xxxxxxxxxx"
}
}
],
"requestBody": null,
"responses": {
"200": {
"description": "Success",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/PwdlessSettingsInfoResponse"
}
}
}
},
"400": {
"description": "Validation data error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ValidationError"
}
}
}
},
"401": {
"description": "Unauthorized"
},
"500": {
"description": "Internal Server Error"
}
}
}
},
"/config/authentication/fido_settings": {
"put": {
"summary": "Set Fido settings for community",
"description": "Set Fido settings for community.
\nThis endpoint must be accessed by an administrator.
\n:: Note for website ::
\n+ Default request body is {data: ecdsa_string}
\n\n| **Headers** |\n|----------------------------------------------|\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n### authorization (required)\nJWT\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns object with public key and encrypted data containing self registration config for community\n",
"tags": [
"Login Settings"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"license": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try to Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "authorization",
"in": "header",
"description": "JWT Access Token / Try to Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"description": "\nIMPORTANT - you can send unencrypted data, and you will get unecrypted data as well, it is only a preview available in Swagger\n```\n{\n tenantId: \"string required\",\n communityId: \"string required\",\n fido_disabled: \"boolean required\",\n fido_platform_authenticator_disabled: \"boolean required\"\n fido_security_key_disabled: \"boolean required\"\n}\n```\n",
"required": true,
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/setFidoSettingsRequest"
}
}
}
},
"responses": {
"200": {
"description": "Success",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/setFidoSettingsResponse"
}
}
}
},
"400": {
"description": "Validation data error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ValidationError"
}
}
}
},
"401": {
"description": "Unauthorized"
},
"500": {
"description": "Internal Server Error"
}
}
},
"get": {
"summary": "Fetch Fido settings for community",
"description": "Fetch Fido settings for community.
\nThis endpoint must be accessed by an administrator.
\n:: Note for website ::
\n+ Default request body is {data: ecdsa_string}
\n\n| **Headers** |\n|----------------------------------------------|\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n### authorization (required)\nJWT\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns object with public key and encrypted data containing self registration config for community\n",
"tags": [
"Login Settings"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"license": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try to Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "authorization",
"in": "header",
"description": "JWT Access Token / Try to Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"responses": {
"200": {
"description": "Success",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/GetFidoSettingsResponse"
}
}
}
},
"401": {
"description": "Unauthorized"
},
"500": {
"description": "Internal Server Error"
}
}
}
},
"/config/authentication/orion_settings": {
"put": {
"summary": "Set Orion settings for community",
"description": "Set Orion settings for community.
\nThis endpoint must be accessed by an administrator.
\n:: Note for website ::
\n+ Default request body is {data: ecdsa_string}
\n\n| **Headers** |\n|----------------------------------------------|\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n### authorization (required)\nJWT\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns object with public key and encrypted data containing self registration config for community\n",
"tags": [
"Login Settings"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"license": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try to Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "authorization",
"in": "header",
"description": "JWT Access Token / Try to Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"description": "\nIMPORTANT - you can send unencrypted data, and you will get unecrypted data as well, it is only a preview available in Swagger\n```\n{\n tenantId: \"string required\",\n communityId: \"string required\",\n orion_authenticator_enabled: \"boolean required\",\n}\n```\n",
"required": true,
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/setOrionSettingsRequest"
}
}
}
},
"responses": {
"200": {
"description": "Success",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/setOrionSettingsResponse"
}
}
}
},
"400": {
"description": "Validation data error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ValidationError"
}
}
}
},
"401": {
"description": "Unauthorized"
},
"500": {
"description": "Internal Server Error"
}
}
},
"get": {
"summary": "Fetch Orion settings for community",
"description": "Fetch Orion settings for community.
\nThis endpoint must be accessed by an administrator.
\n:: Note for website ::
\n+ Default request body is {data: ecdsa_string}
\n\n| **Headers** |\n|----------------------------------------------|\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n### authorization (required)\nJWT\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns object with public key and encrypted data containing self registration config for community\n",
"tags": [
"Login Settings"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"license": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try to Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "authorization",
"in": "header",
"description": "JWT Access Token / Try to Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"responses": {
"200": {
"description": "Success",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/GetOrionSettingsResponse"
}
}
}
},
"401": {
"description": "Unauthorized"
},
"500": {
"description": "Internal Server Error"
}
}
}
},
"/config/authentication/liveid_selfie_settings": {
"put": {
"summary": "Set LiveID Selfie login settings for community",
"description": "Set LiveID Selfie login settings for community.
\nThis endpoint must be accessed by an administrator.
\n:: Note for website ::
\n+ Default request body is {data: ecdsa_string}
\n\n| **Headers** |\n|----------------------------------------------|\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n### authorization (required)\nJWT\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns object with public key and encrypted data containing self registration config for community\n",
"tags": [
"Login Settings"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"license": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try to Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "authorization",
"in": "header",
"description": "JWT Access Token / Try to Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"description": "\nIMPORTANT - you can send unencrypted data, and you will get unecrypted data as well, it is only a preview available in Swagger\n```\n{\n tenantId: \"string required\",\n communityId: \"string required\",\n liveid_selfie_enabled: \"boolean required\"\n}\n```\n",
"required": true,
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/liveIdSelfieSettingsRequest"
}
}
}
},
"responses": {
"200": {
"description": "Success",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/liveIdSelfieSettingsResponse"
}
}
}
},
"400": {
"description": "Validation data error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ValidationError"
}
}
}
},
"401": {
"description": "Unauthorized"
},
"500": {
"description": "Internal Server Error"
}
}
},
"get": {
"summary": "Get LiveID Selfie login settings for community",
"description": "Get LiveID Selfie login settings for community.
\nThis endpoint must be accessed by an administrator.
\n\n| **Headers** |\n|----------------------------------------------|\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n### authorization (required)\nJWT\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns object with public key and encrypted data containing self registration config for community\n",
"tags": [
"Login Settings"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"license": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try to Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "authorization",
"in": "header",
"description": "JWT Access Token / Try to Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"responses": {
"200": {
"description": "Success",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/liveIdSelfieSettingsResponse"
}
}
}
},
"400": {
"description": "Validation data error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ValidationError"
}
}
}
},
"401": {
"description": "Unauthorized"
},
"500": {
"description": "Internal Server Error"
}
}
}
},
"/config/authentication/first_time_enrollment_settings": {
"get": {
"summary": "Fetch first time enrollment settings",
"description": "Fetch first time enrollment settings.
\n\n| **Headers** |\n|----------------------------------------------|\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n### authorization (required)\nJWT\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns object with public key and encrypted data containing self registration config for community\n",
"tags": [
"Login Settings"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"license": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "authorization",
"in": "header",
"description": "JWT Access Token / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": null,
"responses": {
"200": {
"description": "Success",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/FirstTimeEnrollmentResponse"
}
}
}
},
"400": {
"description": "Validation data error"
},
"401": {
"description": "Unauthorized"
},
"500": {
"description": "Internal Server Error"
}
}
},
"put": {
"summary": "Set first time enrollment settings for community",
"description": "Set first time enrollment settings for community.
\nThis endpoint must be accessed by an administrator.
\n:: Note for website ::
\n+ Default request body is {data: ecdsa_string}
\n\n| **Headers** |\n|----------------------------------------------|\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n### authorization (required)\nJWT\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns object with public key and encrypted data containing self registration config for community\n",
"tags": [
"Login Settings"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"license": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "authorization",
"in": "header",
"description": "JWT Access Token / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"description": "\nIMPORTANT - you can send unencrypted data and you will get unecrypted data as well, it is only a preview available in Swagger\n```\n{\n tenantId: \"string required\",\n communityId: \"string required\",\n first_time_login_enrollment: \"boolean\"\n allowed_factors: []\n}\n```\n",
"required": true,
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/SetFirstTimeEnrollmentSettingRequest"
}
}
}
},
"responses": {
"200": {
"description": "Success",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/SetFirstTimeEnrollmentSettingResponse"
}
}
}
},
"400": {
"description": "Validation data error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ValidationError"
}
}
}
},
"401": {
"description": "Unauthorized"
},
"500": {
"description": "Internal Server Error"
}
}
}
},
"/config/authentication/sspr/execute_transformation_script": {
"post": {
"summary": "Test the transformation",
"description": "Test the provided transformation script with given config.
\nThis endpoint must be accessed by an administrator.
\n:: Note for website ::
\n+ Default request body is {data: ecdsa_string}
\n\n| **Headers** |\n|----------------------------------------------|\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n### authorization (required)\nJWT\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns object with public key and encrypted data containing self registration config for community\n",
"tags": [
"Login Settings"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"license": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "authorization",
"in": "header",
"description": "JWT Access Token / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"description": "\nIMPORTANT - you can send unencrypted data and you will get unecrypted data as well, it is only a preview available in Swagger\n```\n{\n username: \"string required\"\n}\n```\n",
"required": true,
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/testTransformationScriptRequest"
}
}
}
},
"responses": {
"200": {
"description": "Success",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/testTransformationScriptResponse"
}
}
}
},
"400": {
"description": "Validation data error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ValidationError"
}
}
}
},
"401": {
"description": "Unauthorized"
},
"500": {
"description": "Internal Server Error"
}
}
}
},
"/config/authentication/windows_mfa_settings": {
"put": {
"summary": "Set Multi-Factor Windows Authentication settings for community",
"description": "Set Multi-Factor Windows Authentication settings for community.
\nThis endpoint must be accessed by an administrator.
\n:: Note for website ::
\n+ Default request body is {data: ecdsa_string}
\n\n| **Headers** |\n|----------------------------------------------|\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n### authorization (required)\nJWT\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns object with public key and encrypted data containing Windows MFA settings config for community\n",
"tags": [
"Login Settings"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try to Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "authorization",
"in": "header",
"description": "JWT Access Token / Try to Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"description": "\nIMPORTANT - you can send unencrypted data, and you will get unencrypted data as well, it is only a preview available in Swagger\n```\n{\n allowed_enrollments: {\n behavior_auth: boolean required,\n user_pin: boolean required\n },\n enableFallbackAuth: boolean optional,\n maxAuthAttemptsBeforeFallback: number optional\n}\n```\n",
"required": true,
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/setWindowsMFASettingsRequest"
}
}
}
},
"responses": {
"200": {
"description": "Success",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/setWindowsMFASettingsResponse"
}
}
}
},
"400": {
"description": "Validation data error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ValidationError"
}
}
}
},
"401": {
"description": "Unauthorized"
},
"500": {
"description": "Internal Server Error"
}
}
},
"get": {
"summary": "Get Multi-Factor Windows Authentication settings for community",
"description": "Get Multi-Factor Authentication settings for community.
\nThis endpoint must be accessed by an administrator.
\n:: Note for website ::
\n+ Default request body is {data: ecdsa_string}
\n\n| **Headers** |\n|----------------------------------------------|\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n### authorization (required)\nJWT\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns object with public key and encrypted data containing Windows MFA settings config for community\n",
"tags": [
"Login Settings"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try to Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "authorization",
"in": "header",
"description": "JWT Access Token / Try to Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"responses": {
"200": {
"description": "Success",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/GetWindowsMFASettingsResponse"
}
}
}
},
"401": {
"description": "Unauthorized"
},
"500": {
"description": "Internal Server Error"
}
}
}
},
"/config/consents/ipfs/{ipfsHash}": {
"get": {
"summary": "Get historical consent by IPFS hash",
"description": "Retrieve a historical consent document by its IPFS hash.
\nThis endpoint must be accessed by an administrator (tenant_admin or community_admin).
\nAdminAPI proxies this request to CaaS, which fetches the document from IPFS.
\n:: Note for website ::
\n+ Response is ECDSA encrypted in production
\n\n| **Headers** |\n|----------------------------------------------|\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n### authorization (required)\nJWT\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns object with public key and encrypted data containing the historical consent document stored in IPFS\n",
"tags": [
"Consent"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"name": "ipfsHash",
"in": "path",
"description": "The IPFS content hash (CID) of the consent document",
"required": true,
"schema": {
"type": "string",
"minLength": 1
}
},
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "authorization",
"in": "header",
"description": "JWT Access Token / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"responses": {
"200": {
"description": "Success\n\npublicKey is publicKey of AdminAPI, useful for decryption response\n\ndata is ECDSA encrypted object containing the historical consent document\n",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/EcdsaEncryptDecryptResponse"
}
}
}
},
"400": {
"description": "Validation data error (e.g. missing or empty ipfsHash)",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ValidationError"
}
}
}
},
"401": {
"description": "Unauthorized"
},
"403": {
"description": "Forbidden - insufficient permissions (requires tenant_admin or community_admin)"
},
"404": {
"description": "Consent document not found for the given IPFS hash"
},
"500": {
"description": "Internal Server Error"
}
}
}
},
"/config/consents/{type}": {
"get": {
"summary": "Get consent configuration by type",
"description": "Get the current consent configuration for the specified type.
\nThis endpoint must be accessed by an administrator (tenant_admin or community_admin).
\nAdminAPI proxies this request to CaaS, which owns the consent data.
\nSupported types: biometric (more types can be added to CONSENT_TYPES).
\n:: Note for website ::
\n+ Response is ECDSA encrypted in production
\n\n| **Headers** |\n|----------------------------------------------|\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n### authorization (required)\nJWT\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns object with public key and encrypted data containing the consent configuration for the given type\n",
"tags": [
"Consent"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"name": "type",
"in": "path",
"description": "The consent type",
"required": true,
"schema": {
"type": "string",
"enum": [
"biometric"
]
}
},
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "authorization",
"in": "header",
"description": "JWT Access Token / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"responses": {
"200": {
"description": "Success\n\npublicKey is publicKey of AdminAPI, useful for decryption response\n\ndata is ECDSA encrypted object containing the consent configuration:\n```\n{\n \"type\": \"string (e.g. biometric)\",\n \"isEnabled\": \"boolean\",\n \"title\": \"string\",\n \"subtitle\": \"string\",\n \"body\": \"string (base64 encoded)\",\n \"acknowledgeText\": \"string\",\n \"ipfsHash\": \"string (current IPFS hash)\",\n \"history\": [\n {\n \"ipfsHash\": \"string\",\n \"updatedAt\": \"string\"\n }\n ]\n}\n```\n",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/EcdsaEncryptDecryptResponse"
}
}
}
},
"400": {
"description": "Validation data error (e.g. invalid type value)",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ValidationError"
}
}
}
},
"401": {
"description": "Unauthorized"
},
"403": {
"description": "Forbidden - insufficient permissions (requires tenant_admin or community_admin)"
},
"500": {
"description": "Internal Server Error"
}
}
}
},
"/config/consents": {
"put": {
"summary": "Create or update consent configuration",
"description": "Create or update consent configuration for the community.
\nThis endpoint must be accessed by an administrator (tenant_admin or community_admin).
\nAdminAPI validates the request and proxies to CaaS, which handles IPFS storage and hash computation.
\nThe type field determines which consent is being updated.
\nWhen isEnabled is true, title, body, and acknowledgeText are required.
\nWhen isEnabled is false, content fields are optional (can be empty strings).
\nThe body field must be base64 encoded when isEnabled is true.
\nAudit events are fired by CaaS conditionally based on type (currently only biometric fires E_BIOMETRIC_CONSENT_UPDATED events).\nThe event includes admin user's IP address and user-agent (from eventData), consent document ID (ipfsHash), and a list of actions describing what changed (e.g. enabled, disabled, changed_title, changed_subtitle, changed_body, changed_acknowledge_text).
\n:: Note for website ::
\n+ Default request body is {data: ecdsa_string}
\n\n| **Headers** |\n|----------------------------------------------|\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n### authorization (required)\nJWT\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns object with public key and encrypted data containing the updated consent configuration\n",
"tags": [
"Consent"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "authorization",
"in": "header",
"description": "JWT Access Token / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"description": "Request body contains 'data' field with encrypted object below:\n\nIMPORTANT - you can send unencrypted data and you will get unencrypted data as well, it is only a preview available in Swagger\n\n```\n{\n type: \"string required - consent type (e.g. 'biometric')\",\n isEnabled: \"boolean required (strict) - enable or disable the consent\",\n title: \"string required when isEnabled=true, optional otherwise\",\n body: \"string required when isEnabled=true (must be base64 encoded), optional otherwise\",\n subtitle: \"string optional\",\n acknowledgeText: \"string required when isEnabled=true, optional otherwise\"\n}\n```\n",
"required": true,
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/EncryptedUpdateConsentRequest"
}
}
}
},
"responses": {
"200": {
"description": "Success\n\npublicKey is publicKey of AdminAPI, useful for decryption response\n\ndata is ECDSA encrypted object containing the updated consent configuration\n",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/EcdsaEncryptDecryptResponse"
}
}
}
},
"400": {
"description": "Validation data error (e.g. missing required fields, invalid type, body not base64 when isEnabled=true)",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ValidationError"
}
}
}
},
"401": {
"description": "Unauthorized"
},
"403": {
"description": "Forbidden - insufficient permissions (requires tenant_admin or community_admin)"
},
"500": {
"description": "Internal Server Error"
}
}
}
},
"/community_auth_info/fetch": {
"post": {
"description": "Fetch community auth info.
\n:: Note for website ::
\n+ Default request body is {data: ecdsa_string}
\n\n\n| **Headers** |\n|----------------------------------------------|\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n\n| **Request Body** |\n|----------------------------------------------|\n\n\n### dns (required)\ndns : string\n\n### communityName (required)\ncommunityName : string\n\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns the community auth info.
\nThis API throw an error if something goes wrong.\n",
"tags": [
"Community Auth Info"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"license": []
}
],
"parameters": [
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/CommunityAuthInfoRequest"
}
}
}
},
"responses": {
"200": {
"description": "Success",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/CommunityAuthInfoResponse"
}
}
}
},
"400": {
"description": "Invalid request"
},
"401": {
"description": "Unauthorized"
},
"500": {
"description": "Internal Server Error"
}
}
}
},
"/community/{communityName}/sso": {
"post": {
"description": "Redirect to Admin UI SSO page.
\n\n| **Request Body** |\n|----------------------------------------------|\n\n### SAMLRequest (required)\nSAMLRequest : string\n\n### RelayState (optional)\nRelayState : string\n\n### ForceAuthn (optional)\nForceAuthn : boolean\n\n| **Query** |\n|----------------------------------------------|\n\n### RelayState (optional)\nRelayState : string\n\n### ForceAuthn (optional)\nForceAuthn : boolean\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns 302 Found and Location header.
\nThis API throw an error if something goes wrong.\n",
"tags": [
"Community SAML"
],
"parameters": [
{
"name": "communityName",
"in": "path",
"description": "Community Name",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "RelayState",
"in": "query",
"description": "RelayState",
"schema": {
"type": "string"
}
},
{
"name": "ForceAuthn",
"in": "query",
"description": "ForceAuthn",
"schema": {
"type": "string"
}
}
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/CommunityPostSSORequest"
}
}
}
},
"responses": {
"302": {
"description": "Success, but UI cannot display it properly (you will get 404 Not Found or CORS problems). You need to inspect Network in developer tools."
},
"400": {
"description": "Bad Request"
},
"500": {
"description": "Internal Server Error"
}
}
},
"get": {
"description": "Redirect to Admin UI SSO page.
\n\n| **Query** |\n|----------------------------------------------|\n\n### SAMLRequest (required)\nSAMLRequest : string\n\n### RelayState (optional)\nRelayState : string\n\n### ForceAuthn (optional)\nForceAuthn : boolean\n\n### SigAlg (optional)\nSigAlg : string\n\n### Signature (optional)\nSignature : string\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns 302 Found and Location header.
\nThis API throw an error if something goes wrong.\n",
"tags": [
"Community SAML"
],
"parameters": [
{
"name": "communityName",
"in": "path",
"description": "Community Name",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "SAMLRequest",
"in": "query",
"description": "SAMLRequest",
"schema": {
"type": "string"
}
},
{
"name": "RelayState",
"in": "query",
"description": "RelayState",
"schema": {
"type": "string"
}
},
{
"name": "ForceAuthn",
"in": "query",
"description": "ForceAuthn",
"schema": {
"type": "string"
}
},
{
"name": "SigAlg",
"in": "query",
"description": "SigAlg",
"schema": {
"type": "string"
}
},
{
"name": "Signature",
"in": "query",
"description": "Signature",
"schema": {
"type": "string"
}
}
],
"responses": {
"302": {
"description": "Success, but UI cannot display it properly (you will get 404 Not Found or CORS problems). You need to inspect Network in developer tools."
},
"400": {
"description": "Bad Request"
},
"500": {
"description": "Internal Server Error"
}
}
}
},
"/community/{communityName}/wsfed": {
"post": {
"description": "Redirect to Admin UI WSFED SSO page.
\n\n| **Request Body** |\n|----------------------------------------------|\n\n### wtrealm (required)\nwtrealm : string\n\n### wa (required)\nwa : string\n\n### whr (optional)\nwhr : string\n\n### wfresh (optional)\nwfresh : string\n\n### wctx (optional)\nwctx : string\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns 302 Found and Location header.
\nThis API throw an error if something goes wrong.\n",
"tags": [
"Community SAML"
],
"parameters": [
{
"name": "communityName",
"in": "path",
"description": "Community Name",
"required": true,
"schema": {
"type": "string"
}
}
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/CommunityPostWsfedRequest"
}
}
}
},
"responses": {
"302": {
"description": "Success, but UI cannot display it properly (you will get 404 Not Found or CORS problems). You need to inspect Network in developer tools."
},
"400": {
"description": "Bad Request"
},
"500": {
"description": "Internal Server Error"
}
}
},
"get": {
"description": "Redirect to Admin UI WSFED SSO page.
\n\n| **Query** |\n|----------------------------------------------|\n\n### wtrealm (required)\nwtrealm : string\n\n### wa (required)\nwa : string\n\n### whr (optional)\nwhr : string\n\n### wfresh (optional)\nwfresh : string\n\n### wctx (optional)\nwctx : string\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns 302 Found and Location header.
\nThis API throw an error if something goes wrong.\n",
"tags": [
"Community SAML"
],
"parameters": [
{
"name": "communityName",
"in": "path",
"description": "Community Name",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "wtrealm",
"in": "query",
"description": "wtrealm",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "wa",
"in": "query",
"description": "wa",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "whr",
"in": "query",
"description": "wa",
"schema": {
"type": "string"
}
},
{
"name": "wfresh",
"in": "query",
"description": "wfresh",
"schema": {
"type": "string"
}
},
{
"name": "wctx",
"in": "query",
"description": "wfresh",
"schema": {
"type": "string"
}
}
],
"responses": {
"302": {
"description": "Success, but UI cannot display it properly (you will get 404 Not Found or CORS problems). You need to inspect Network in developer tools."
},
"400": {
"description": "Bad Request"
},
"500": {
"description": "Internal Server Error"
}
}
}
},
"/community/{communityName}/slo": {
"post": {
"description": "Redirect to Admin UI SLO page.
\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns 302 Foud and Location header.
\n",
"tags": [
"Community SAML"
],
"parameters": [
{
"name": "communityName",
"in": "path",
"description": "Community Name",
"required": true,
"schema": {
"type": "string"
}
}
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/CommunityPostSLORequest"
}
}
}
},
"responses": {
"302": {
"description": "Success, but UI cannot display it properly (you will get 404 Not Found or CORS problems). You need to inspect Network in developer tools."
}
}
},
"get": {
"description": "Redirect to Admin UI SLO page.
\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns 302 Found and Location header.
\n",
"tags": [
"Community SAML"
],
"parameters": [
{
"name": "communityName",
"in": "path",
"description": "Community Name",
"required": true,
"schema": {
"type": "string"
}
}
],
"responses": {
"302": {
"description": "Success, but UI cannot display it properly (you will get 404 Not Found or CORS problems). You need to inspect Network in developer tools."
}
}
}
},
"/community/{communityName}/saml/acs": {
"post": {
"description": "Redirect to RelayState or AdminUI login page (if no RelayState present).
\n\n| **Request Body** |\n|----------------------------------------------|\n\n### SAMLResponse (required)\nSAMLResponse : string\n\n### RelayState (optional)\nRelayState : string\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns 302 Found and Location header.
\nThis API throw an error if something goes wrong.\n",
"tags": [
"Community SAML"
],
"parameters": [
{
"name": "communityName",
"in": "path",
"description": "Community Name",
"required": true,
"schema": {
"type": "string"
}
}
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/CommunityPostSamlAcsRequest"
}
}
}
},
"responses": {
"302": {
"description": "Success, but UI cannot display it properly (you will get 404 Not Found or CORS problems). You need to inspect Network in developer tools."
},
"400": {
"description": "Bad Request"
},
"500": {
"description": "Internal Server Error"
}
}
},
"get": {
"description": "Redirect to Admin UI SSO page.
\n\n| **Query** |\n|----------------------------------------------|\n\n### SAMLResponse (required)\nSAMLRequest : string\n\n### RelayState (optional)\nRelayState : string\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns 302 Found and Location header.
\nThis API throw an error if something goes wrong.\n",
"tags": [
"Community SAML"
],
"parameters": [
{
"name": "communityName",
"in": "path",
"description": "Community Name",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "SAMLResponse",
"in": "query",
"description": "SAMLResponse",
"schema": {
"type": "string"
}
},
{
"name": "RelayState",
"in": "query",
"description": "RelayState",
"schema": {
"type": "string"
}
}
],
"responses": {
"302": {
"description": "Success, but UI cannot display it properly (you will get 404 Not Found or CORS problems). You need to inspect Network in developer tools."
},
"400": {
"description": "Bad Request"
},
"500": {
"description": "Internal Server Error"
}
}
}
},
"/community/{communityName}/idp/{idpIdentifier}/metadata": {
"get": {
"description": "Fetch IDP metadata.
\n\n| **Query** |\n|----------------------------------------------|\n\n### download (optional)\ndownload : boolean\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns 200 OK and xml metadata
\nThis API throw an error if something goes wrong.\n",
"tags": [
"Community SAML"
],
"parameters": [
{
"name": "communityName",
"in": "path",
"description": "Community Name",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "idpIdentifier",
"in": "path",
"description": "Unique identifier of idp",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "download",
"in": "query",
"description": "Flag - if set to true, api will produce content disposition header",
"schema": {
"type": "boolean"
}
}
],
"responses": {
"200": {
"description": "Success"
},
"400": {
"description": "Bad Request"
},
"401": {
"description": "Unauthorized"
},
"404": {
"description": "Not Found"
},
"500": {
"description": "Internal Server Error"
}
}
},
"post": {
"description": "Fetch IDP metadata.
\n\n| **Query** |\n|----------------------------------------------|\n\n### download (optional)\ndownload : boolean\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns 200 OK and xml metadata
\nThis API throw an error if something goes wrong.\n",
"tags": [
"Community SAML"
],
"parameters": [
{
"name": "communityName",
"in": "path",
"description": "Community Name",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "idpIdentifier",
"in": "path",
"description": "Unique identifier of idp",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "download",
"in": "query",
"description": "Flag - if set to true, api will produce content disposition header",
"schema": {
"type": "boolean"
}
}
],
"responses": {
"200": {
"description": "Success"
},
"400": {
"description": "Bad Request"
},
"401": {
"description": "Unauthorized"
},
"404": {
"description": "Not Found"
},
"500": {
"description": "Internal Server Error"
}
}
}
},
"/certificate/generate": {
"post": {
"summary": "Generate certificate and private key",
"description": "Generate certificate and private key.
\nThis endpoint must be accessed by admin
\n\n | **Headers** |\n |----------------------------------------------|\n\n ### requestid (required)\n JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n ### publickey (required)\n Public key\n\n ### authorization (required)\n Bearer JWT\n\n | **Returns** |\n |-------------------------------------------|\n\n Returns object with generated certificate and privateKey\n",
"tags": [
"Certificate"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "authorization",
"in": "header",
"description": "JWT Access Token / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"description": "Request body contains *data* field with encrypted object below:\n\n ```\n {\n \"keySize\": \"number, required\",\n \"algorithm\": \"string, required\",\n \"expirationDays\": \"number, required\"\n }\n ```\n",
"required": true,
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/GenerateCertificateRequest"
}
}
}
},
"responses": {
"200": {
"description": "Success\n\nThe publicKey of WebServer API used in decrypting\n\nResponse body contains *data* field with encrypted object below:\n\n```\n{\n \"cert\": \"cert\",\n \"privateKey\": \"privateKey\",\n \"fingerprints\": {\n \"sha1\": \"sha1\",\n \"sha256\": \"sha256\",\n \"sha384\": \"sha384\",\n \"sha512\": \"sha512\"\n },\n \"keySize\": \"keySize\",\n \"algorithm\": \"algorithm\",\n \"expirationDate\": \"expirationDate\",\n}\n```\n\nIMPORTANT - you can send unencrypted data and you will get unecrypted data as well, it is only a preview available in Swagger\n",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/EcdsaEncryptDecryptResponse"
}
}
}
},
"401": {
"description": "Unauthorized"
},
"500": {
"description": "Internal Server Error"
}
}
}
},
"/branding/fetch": {
"post": {
"summary": "Get Branding Config",
"description": "Get Branding Config.
\nThis endpoint must be accessed without login.
\n\n | **Headers** |\n |----------------------------------------------|\n\n ### requestid (required)\n JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n ### publickey (required)\n Public key\n\n | **Returns** |\n |-------------------------------------------|\n\n Returns object with branding colors and images\n",
"tags": [
"Branding"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
}
],
"parameters": [
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"required": true,
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/GetBrandingRequest"
}
}
}
},
"responses": {
"200": {
"description": "Success\n\nThe publicKey of WebServer API used in decrypting\n\nResponse body contains *data* field with encrypted object below:\n\n```\n{\n \"bg_color_left_panel\": \"hex color - string\",\n \"bg_color_right_panel\": \"hex color - string\",\n \"heading_text_color\": \"hex color - string\",\n \"primary_button_color\": \"hex color - string\",\n \"active_tab_text_color\": \"hex color - string\",\n \"links_color\": \"hex color - string\",\n \"community_logo_img\": \"base64 image string\",\n \"bg_img_left_panel\": \"base64 image string\",\n \"default_login_method\": \"qr | username\",\n \"username_label\": \"string\",\n \"disclaimer_message\": \"string (optional)\",\n \"heading_label\": \"string\",\n \"app_download_override\": {\n \"enabled\": \"boolean\",\n \"content\": \"string\",\n \"url\": \"string\"\n },\n \"bg_img_fullscreen_enabled\": \"boolean\",\n \"username_hidden_on_desktop\": \"boolean\",\n \"copyright_message_disabled\": \"boolean\"\n}\n```\n\nIMPORTANT - you can send unencrypted data and you will get unecrypted data as well, it is only a preview available in Swagger\n",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/GetBrandingResponse"
}
}
}
},
"400": {
"description": "Validation data error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ValidationError"
}
}
}
},
"401": {
"description": "Unauthorized"
},
"500": {
"description": "Internal Server Error"
}
}
}
},
"/branding": {
"put": {
"summary": "Set Branding Config",
"description": "Set Branding Config.
\nThis endpoint must be accessed by an administrator
\n\n | **Headers** |\n |----------------------------------------------|\n\n ### requestid (required)\n JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n ### publickey (required)\n Public key\n\n ### authorization (required)\n JWT\n\n | **Returns** |\n |-------------------------------------------|\n\n Returns object with branding colors and images\n",
"tags": [
"Branding"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "authorization",
"in": "header",
"description": "JWT Access Token / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"description": "Request should contain *publicKey* field with caller's public key\n\nRequest body contains *data* field with encrypted object below:\n\n```\n{\n \"bg_color_left_panel\": \"hex color - string (required)\",\n \"bg_color_right_panel\": \"hex color - string (required)\",\n \"heading_text_color\": \"hex color - string (required)\",\n \"primary_button_color\": \"hex color - string (required)\",\n \"active_tab_text_color\": \"hex color - string (required)\",\n \"links_color\": \"hex color - string (required)\",\n \"community_logo_img\": \"base64 image string (required)\",\n \"bg_img_left_panel\": \"base64 image string (required)\",\n \"qr_code_corner_squares_color\": \"hex color - string (optional),\n \"qr_code_dots_color\": \"hex color - string (optional),\n \"qr_code_logo\": \"image url string (optional)\",\n \"default_login_method\": \"qr | username (optional)\",\n \"username_label\": \"string (optional)\",\n \"helpDeskButtonEnabled\": \"boolean (optional)\",\n \"helpDeskButtonData\" : \"object (optional)\",\n \"disclaimer_message\": \"string (optional)\",\n \"heading_label\": \"string (optional)\",\n \"bg_img_fullscreen_enabled\": \"boolean (optional)\",\n \"app_download_override\": {\n \"enabled\": \"boolean (optional)\",\n \"content\": \"string (required when enabled is true)\",\n \"url\": \"string (required when enabled is true, must be valid URL)\"\n },\n \"username_hidden_on_desktop\": \"boolean (optional)\",\n \"copyright_message_disabled\": \"boolean (optional)\"\n}\n```\n\nIMPORTANT - you can send unencrypted data and you will get unecrypted data as well, it is only a preview available in Swagger\n",
"required": true,
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/SetBrandingRequest"
}
}
}
},
"responses": {
"200": {
"description": "Success\n\nThe publicKey of WebServer API used in decrypting\n\nResponse body contains *data* field with encrypted object below:\n\n```\n{\n \"bg_color_left_panel\": \"hex color - string\",\n \"bg_color_right_panel\": \"hex color - string\",\n \"heading_text_color\": \"hex color - string\",\n \"primary_button_color\": \"hex color - string\",\n \"active_tab_text_color\": \"hex color - string\",\n \"links_color\": \"hex color - string\",\n \"community_logo_img\": \"base64 image string\",\n \"bg_img_left_panel\": \"base64 image string\",\n \"default_login_method\": \"qr | username\",\n \"username_label\": \"string\",\n \"helpDeskButtonEnabled\": \"boolean\",\n \"helpDeskButtonData\" : \"object\",\n \"heading_label\": \"string\",\n \"bg_img_fullscreen_enabled\": \"boolean\",\n \"app_download_override\": {\n \"enabled\": \"boolean\",\n \"content\": \"string\",\n \"url\": \"string\"\n },\n \"username_hidden_on_desktop\": \"boolean\",\n \"copyright_message_disabled\": \"boolean\"\n}\n```\n\nIMPORTANT - you can send unencrypted data and you will get unecrypted data as well, it is only a preview available in Swagger\n",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/GetBrandingResponse"
}
}
}
},
"400": {
"description": "Validation data error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ValidationError"
}
}
}
},
"401": {
"description": "Unauthorized"
},
"500": {
"description": "Internal Server Error"
}
}
}
},
"/behavior_auth/random_phrase/fetch": {
"post": {
"summary": "Fetch random phrase",
"description": "Fetch a random phrase for behavior auth enrollment.
\n:: Note for website ::
\n+ Default request body is {data: ecdsa_string}
\n\n| **Headers** |\n|----------------------------------------------|\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n### authorization (required)\nJWT\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns a random phrase and a user_token for enrollment.
\nThis API throw an error if something goes wrong.\n",
"tags": [
"Behavior Auth"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "authorization",
"in": "header",
"description": "JWT Access Token / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/FetchRandomPhraseRequest"
}
}
}
},
"responses": {
"200": {
"description": "Success",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/FetchRandomPhraseResponse"
}
}
}
},
"401": {
"description": "Unauthorized"
},
"404": {
"description": "No active phrases found"
},
"500": {
"description": "Internal Server Error"
}
}
}
},
"/behavior_auth/register": {
"post": {
"summary": "Register behavior auth pattern",
"description": "Register a typing pattern for behavior auth.
\nMultiple registration attempts are required (configurable, default 5).
\nEach call returns a next_step indicating whether more attempts are needed.
\n:: Note for website ::
\n+ Default request body is {data: ecdsa_string}
\n\n| **Headers** |\n|----------------------------------------------|\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n### authorization (required)\nJWT\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns next_step, user_token, and typing_data.
\nThis API throw an error if something goes wrong.\n",
"tags": [
"Behavior Auth"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "authorization",
"in": "header",
"description": "JWT Access Token / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/RegisterBehaviorAuthRequest"
}
}
}
},
"responses": {
"200": {
"description": "Success",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/RegisterBehaviorAuthResponse"
}
}
}
},
"401": {
"description": "Unauthorized"
},
"405": {
"description": "Typing phrase already enrolled"
},
"500": {
"description": "Internal Server Error"
}
}
}
},
"/behavior_auth/validate": {
"post": {
"summary": "Validate behavior auth pattern",
"description": "Validate a typing pattern for behavior auth login.
\n:: Note for website ::
\n+ Default request body is {data: ecdsa_string}
\n\n| **Headers** |\n|----------------------------------------------|\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n### authorization (required)\nJWT\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns user details and a proof_of_authentication_jwt with methods: [\"behavior_auth\"].
\nThis API throw an error if something goes wrong.\n",
"tags": [
"Behavior Auth"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "authorization",
"in": "header",
"description": "JWT Access Token / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ValidateBehaviorAuthRequest"
}
}
}
},
"responses": {
"200": {
"description": "Success",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ValidateBehaviorAuthResponse"
}
}
}
},
"401": {
"description": "Unauthorized"
},
"423": {
"description": "User is locked"
},
"500": {
"description": "Internal Server Error"
}
}
}
},
"/behavior_auth/deregister": {
"delete": {
"summary": "Deregister behavior auth pattern",
"description": "Deregister the typing pattern for behavior auth.
\n:: Note for website ::
\n+ Default request body is {data: ecdsa_string}
\n\n| **Headers** |\n|----------------------------------------------|\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n### authorization (required)\nJWT\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns a confirmation message on successful deregistration.
\nThis API throw an error if something goes wrong.\n",
"tags": [
"Behavior Auth"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "authorization",
"in": "header",
"description": "JWT Access Token / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"data": {
"type": "string"
}
}
}
}
}
},
"responses": {
"200": {
"description": "Success",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/DeregisterBehaviorAuthResponse"
}
}
}
},
"401": {
"description": "Unauthorized"
},
"404": {
"description": "Not Found"
},
"500": {
"description": "Internal Server Error"
}
}
}
},
"/authz/role/fetch": {
"get": {
"summary": "Fetch All Roles",
"description": "Get all available roles for community.
\n\n| **Headers** |\n|----------------------------------------------|\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n### authorization (required)\nJWT\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns object with public key and encrypted data containing self registration config for community\n",
"tags": [
"Authz"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"license": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "authorization",
"in": "header",
"description": "JWT Access Token / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"responses": {
"200": {
"description": "Success",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/RolesFetchResponse"
}
}
}
},
"400": {
"description": "Validation data error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ValidationError"
}
}
}
},
"401": {
"description": "Unauthorized"
},
"500": {
"description": "Internal Server Error"
}
}
}
},
"/authz/role/fetch/{roleName}": {
"get": {
"summary": "Fetch One Role",
"description": "Get a role object with given roleId.
\n\n| **Headers** |\n|----------------------------------------------|\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n### authorization (required)\nJWT\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns object with public key and encrypted data containing self registration config for community\n",
"tags": [
"Authz"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"license": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "authorization",
"in": "header",
"description": "JWT Access Token / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "roleName",
"in": "path",
"description": "Role Name (string)",
"required": true,
"schema": {
"type": "string",
"example": "xxxxxxxxxx"
}
}
],
"requestBody": null,
"responses": {
"200": {
"description": "Success",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/RoleFetchResponse"
}
}
}
},
"400": {
"description": "Validation data error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ValidationError"
}
}
}
},
"401": {
"description": "Unauthorized"
},
"500": {
"description": "Internal Server Error"
}
}
}
},
"/authz/authorization/fetch": {
"post": {
"summary": "Authorizations by userId",
"description": "Get authorizations for user. Only for admins
\n\n| **Headers** |\n|----------------------------------------------|\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n### authorization (required)\nJWT\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns object with public key and encrypted data containing self registration config for community\n",
"tags": [
"Authz"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"license": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "authorization",
"in": "header",
"description": "JWT Access Token / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"description": "Request Authorizations for given userId:\n\n```\n{\n \"objectType\": \"string, required\", // \"user\"\n \"objectId\": \"string, required\", // userUid\n \"subjectType\": \"string, required\", // \"community\"\n \"subjectId\": \"objectId, required\" // communityId\n}\n```\n\nIMPORTANT - you can send unencrypted data and you will get unecrypted data as well, it is only a preview available in Swagger\n",
"required": true,
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/AuthorizationFetchRequest"
}
}
}
},
"responses": {
"200": {
"description": "Success",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/AuthorizationFetchResponse"
}
}
}
},
"400": {
"description": "Validation data error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ValidationError"
}
}
}
},
"401": {
"description": "Unauthorized"
},
"500": {
"description": "Internal Server Error"
}
}
}
},
"/authenticationJourney": {
"put": {
"summary": "Create AuthenticationJourney",
"description": "Create AuthenticationJourney
\nThis endpoint must be accessed by an administrator.
\n:: Note for website ::
\n+ Default request body is {data: ecdsa_string}
\n\n| **Headers** |\n|----------------------------------------------|\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n### authorization (required)\nJWT\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns object with public key and encrypted data containing identity provider\n",
"tags": [
"AuthenticationJourney"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "authorization",
"in": "header",
"description": "JWT Access Token / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"description": "Must contain all fields to create a valid AuthenticationJourney IMPORTANT - you can send unencrypted data and you will get unecrypted data as well, it is only a preview available in Swagger",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/CreateOrUpdateAuthenticationJourneyRequest"
}
}
}
},
"responses": {
"200": {
"description": "SUCCESS\n\nIMPORTANT - Unencrypted response is only available in Swagger\n\nIn real application, you will get data as follow:\n```\n{\n \"data\": \"\",\n \"publicKey\": \"\"\n}\n```\n",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/CreateOrUpdateAuthenticationJourneyResponse"
}
}
}
},
"400": {
"description": "Validation data error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ValidationError"
}
}
}
},
"401": {
"description": "Unauthorized"
}
}
}
},
"/authenticationJourney/fetch": {
"post": {
"summary": "Fetch AuthenticationJourney",
"description": "Fetch AuthenticationJourney
\nThis endpoint must be accessed by an administrator.
\n:: Note for website ::
\n+ Default request body is {data: ecdsa_string}
\n\n| **Headers** |\n|----------------------------------------------|\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n### authorization (required)\nJWT\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns object with public key and encrypted data containing identity provider\n",
"tags": [
"AuthenticationJourney"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "authorization",
"in": "header",
"description": "JWT Access Token / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"description": "Must contain all fields to create a valid AuthenticationJourney IMPORTANT - you can send unencrypted data and you will get unecrypted data as well, it is only a preview available in Swagger",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/FetchAuthenticationJourneyRequest"
}
}
}
},
"responses": {
"200": {
"description": "SUCCESS\n\nIMPORTANT - Unencrypted response is only available in Swagger\n\nIn real application, you will get data as follow:\n```\n{\n \"data\": \"\",\n \"publicKey\": \"\"\n}\n```\n",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/FetchAuthenticationJourneyResponse"
}
}
}
},
"400": {
"description": "Validation data error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ValidationError"
}
}
}
},
"401": {
"description": "Unauthorized"
}
}
}
},
"/authenticationJourney/{id}": {
"delete": {
"summary": "Delete AuthenticationJourney",
"description": "Delete AuthenticationJourney.
\nThis endpoint must be accessed by an administrator.
\n:: Note for website ::
\n+ Default request body is {data: ecdsa_string}
\n\n| **Headers** |\n|----------------------------------------------|\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n### authorization (required)\nJWT\n\n| **Returns** |\n|-------------------------------------------|\n\nNothing to return\n",
"tags": [
"AuthenticationJourney"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"name": "id",
"in": "path",
"description": "Mongo objectId of identity provider to delete",
"required": true,
"schema": {
"type": "string",
"example": "xxxxxxxxx"
}
},
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "authorization",
"in": "header",
"description": "JWT Access Token / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"description": "Request body contains 'data' field with encrypted object below:\n```\n{\n tenantId: xxxxxx,\n communityId: xxxxxx\n}\n```\nIMPORTANT - you can send unencrypted data and you will get unecrypted data as well, it is only a preview available in Swagger\n",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/DeleteIdpObjectRequest"
}
}
}
},
"responses": {
"204": {
"description": "SUCCESS\n\nNo Content\n"
},
"400": {
"description": "Validation data error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ValidationError"
}
}
}
},
"401": {
"description": "Unauthorized"
}
}
},
"patch": {
"summary": "Update AuthenticationJourney",
"Update": "Create AuthenticationJourney
\nThis endpoint must be accessed by an administrator.
\n:: Note for website ::
\n+ Default request body is {data: ecdsa_string}
\n\n| **Headers** |\n|----------------------------------------------|\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n### authorization (required)\nJWT\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns object with public key and encrypted data containing identity provider\n",
"tags": [
"AuthenticationJourney"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"name": "id",
"in": "path",
"description": "Mongo objectId of authenticationJourney to update",
"required": true,
"schema": {
"type": "string",
"example": "xxxxxxxxx"
}
},
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "authorization",
"in": "header",
"description": "JWT Access Token / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"description": "Must contain all fields to create a valid AuthenticationJourney IMPORTANT - you can send unencrypted data and you will get unecrypted data as well, it is only a preview available in Swagger",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/CreateOrUpdateAuthenticationJourneyRequest"
}
}
}
},
"responses": {
"200": {
"description": "SUCCESS\n\nIMPORTANT - Unencrypted response is only available in Swagger\n\nIn real application, you will get data as follow:\n```\n{\n \"data\": \"\",\n \"publicKey\": \"\"\n}\n```\n",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/CreateOrUpdateAuthenticationJourneyResponse"
}
}
}
},
"400": {
"description": "Validation data error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ValidationError"
}
}
}
},
"401": {
"description": "Unauthorized"
}
}
}
},
"/authenticate": {
"post": {
"description": "Authenticate user.
\n:: Note for website ::
\n+ Default request body is {data: ecdsa_string}
\n\n\n| **Headers** |\n|----------------------------------------------|\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n\n| **Request Body** |\n|----------------------------------------------|\n\n\n### tenantId (required)\ntenantId : string\n\n### communityId (required)\ncommunityId : string\n\n### user_token (required), encrypted user object\nuser_token : string\n\n### passcode (required)\npasscode : string\n\n### aliasUsed (optinal)\naliasUsed: string\n\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns the authentication information.
\nThis API throw an error if something goes wrong.\n",
"tags": [
"Authenticate"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"license": []
}
],
"parameters": [
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/AuthenticateRequest"
}
}
}
},
"responses": {
"200": {
"description": "Success",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/AuthenticateResponse"
}
}
}
},
"400": {
"description": "Invalid request"
},
"401": {
"description": "Unauthorized"
},
"500": {
"description": "Internal Server Error"
}
}
}
},
"/authenticate/otp": {
"put": {
"description": "Create OTP for user.
\n:: Note for website ::
\n+ Default request body is {data: ecdsa_string}
\n\n\n| **Headers** |\n|----------------------------------------------|\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n\n| **Request Body** |\n|----------------------------------------------|\n\n### communityId (required)\ncommunityId : string\n\n### tenantId (required)\ntenantId : string\n\n### user_token (required)\nuser_token : string\n\n### deliveryMethod (required)\ndeliveryMethod : string\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns the Adminconsole response (reencrypted).
\nThis API throw an error if something goes wrong.\n",
"tags": [
"Authenticate"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"license": []
}
],
"parameters": [
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/CreateOtpRequest"
}
}
}
},
"responses": {
"200": {
"description": "Success.
\nReturns reencrypted response from Adminconsole.\n",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/EcdsaEncryptDecryptResponse"
}
}
}
},
"400": {
"description": "Invalid request"
},
"401": {
"description": "Unauthorized"
},
"429": {
"description": "Too Many Requests. User has exceeded the OTP rate limit.\nResponse includes retryAfterSeconds in the response body.\n"
},
"500": {
"description": "Internal Server Error"
}
}
}
},
"/authscheme/default/modules": {
"patch": {
"summary": "Set modules for default auth scheme",
"description": "Set modules for default auth scheme.
\nThis endpoint must be accessed by community or tenant admin.
\n\n | **Headers** |\n |----------------------------------------------|\n\n ### requestid (required)\n JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n ### publickey (required)\n Public key\n\n ### authorization (required)\n Bearer JWT\n\n | **Returns** |\n |-------------------------------------------|\n\n Returns updated auth scheme\n",
"tags": [
"Auth Scheme"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "authorization",
"in": "header",
"description": "JWT Access Token / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"required": true,
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/UpdateAuthSchemeModulesRequest"
}
}
}
},
"responses": {
"200": {
"description": "Success\n\nThe publicKey of WebServer API used in decrypting\n\nResponse body contains *data* field with encrypted object below:\n\n```\n{\n \"_id\": \"_id\",\n \"tag\": \"tag\",\n \"enabled\": true,\n \"isDefault\": true,\n \"dbModule\": {\n \"_id\": \"_id\",\n \"id\": \"id\",\n \"type\": \"db\",\n \"method\": \"authn\",\n \"name\": \"Internal User Store\",\n \"criteria\": \"criteria\"\n }\n \"modules\": [\n {\n \"_id\": \"_id\",\n \"id\": \"id\",\n \"type\": \"type\",\n \"method\": \"method\",\n \"name\": \"name\",\n \"criteria\": \"criteria\"\n }\n ]\n}\n```\n\nIMPORTANT - you can send unencrypted data and you will get unecrypted data as well, it is only a preview available in Swagger\n",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/EcdsaEncryptDecryptResponse"
}
}
}
},
"400": {
"description": "Validation data error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ValidationError"
}
}
}
},
"401": {
"description": "Unauthorized"
},
"404": {
"description": "Not Found"
},
"500": {
"description": "Internal Server Error"
}
}
}
},
"/authproxy/config/{id}": {
"put": {
"summary": "Set AuthProxy Config",
"description": "Set AuthProxy endpoint set the authproxy config on instance caas
\nThis endpoint must be accessed without login.
\n\n | **Headers** |\n |----------------------------------------------|\n\n ### requestid (required)\n JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n ### publickey (required)\n Public key\n\n ### authorization (required)\n JWT\n\n | **Request Body** |\n |----------------------------------------------|\n\n\n ### name (required)\n name : string\n\n ### authScheme (required)\n authScheme : array\n\n ### pushKeyword (required)\n pushKeyword : string\n\n ### ivrKeyword (optional)\n ivrKeyword : string\n\n ### isDefaultAuthMethodEnable (optional)\n isDefaultAuthMethodEnable : boolean (default: false)\n\n ### defaultAuthMethod (optional)\n defaultAuthMethod : string (push or ivr) - only saved when isDefaultAuthMethodEnable is true\n\n | **Returns** |\n |-------------------------------------------|\n\n Returns object with configured authProxy\n",
"tags": [
"AuthProxy"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"name": "id",
"in": "path",
"description": "uid for creating configuration;",
"required": true,
"schema": {
"type": "string",
"example": "xxxxxxxxxxx"
}
},
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "authorization",
"in": "header",
"description": "JWT Access Token / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"description": "Request should contain *publicKey* field with caller's public key\n\nRequest body contains *data* field with encrypted object below:\n\n```\n{\n \"name\": \"authproxy name - string (required)\",\n \"authScheme\": \"authproxy auth scheme - array (required)\",\n \"pushKeyword\": \"authproxy push keyword (required)\",\n \"ivrKeyword\": \"authproxy ivr keyword - string (optional)\",\n \"isDefaultAuthMethodEnable\": \"enable default auth method - boolean (optional, default: false)\",\n \"defaultAuthMethod\": \"default auth method - string (optional, push or ivr, only saved when isDefaultAuthMethodEnable is true)\",\n \"groups\": {\n \"value\": [\"group1\", \"group2\"],\n \"operator\": \"eq - string, required, one of 'overlap', 'nooverlap', 'contains', 'notcontains'\"\n }\n}\n```\nIMPORTANT - you can send unencrypted data and you will get unecrypted data as well, it is only a preview available in Swagger\n",
"required": true,
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/SetAuthProxyConfigRequest"
}
}
}
},
"responses": {
"200": {
"description": "Success\n\nThe publicKey of WebServer API used in decrypting\n\nResponse body contains *data* field with encrypted object below:\n\n```\n{\n \"name\": \"string\",\n \"authScheme\": \"array\",\n \"pushKeyword\": \"string\",\n \"ivrKeyword\": \"string\",\n \"isDefaultAuthMethodEnable\": \"boolean\",\n \"defaultAuthMethod\": \"string\"\n}\n```\n\nIMPORTANT - you can send unencrypted data and you will get unecrypted data as well, it is only a preview available in Swagger\n",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/SetAuthProxyConfigResponse"
}
}
}
},
"400": {
"description": "Validation data error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ValidationError"
}
}
}
},
"401": {
"description": "Unauthorized"
},
"500": {
"description": "Internal Server Error"
}
}
},
"delete": {
"summary": "Delete authproxy config",
"description": "Delete authproxy config from the instance caas.
\nThis endpoint must be accessed by an administrator.
\n:: Note for website ::
\n+ Default request body is {data: ecdsa_string}
\n\n| **Headers** |\n|----------------------------------------------|\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n### authorization (required)\nJWT\n\n| **Request Body** |\n|----------------------------------------------|\n\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns 204 status code on success.
\nThis API throw an error if something goes wrong.\n",
"tags": [
"AuthProxy"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"name": "id",
"in": "path",
"description": "uid for creating configuration;",
"required": true,
"schema": {
"type": "string",
"example": "xxxxxxxxxxx"
}
},
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "authorization",
"in": "header",
"description": "JWT Access Token / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"responses": {
"204": {
"description": "Success",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/EcdsaEncryptDecryptResponse"
}
}
}
},
"400": {
"description": "Invalid Request"
},
"401": {
"description": "Unauthorized"
},
"404": {
"description": "Not Found"
},
"500": {
"description": "Internal Server Error"
}
}
}
},
"/authproxy/fetch": {
"post": {
"summary": "Fetch AuthProxy config",
"description": "Fetch AuthProxy endpoint fetch the authproxy config form the instance caas by tenant and community id.
\nThis endpoint must be accessed by an administrator.
\n:: Note for website ::
\n+ Default request body is {data: ecdsa_string}
\n\n| **Headers** |\n|----------------------------------------------|\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n### authorization (required)\nJWT\n\n| **Request Body** |\n|----------------------------------------------|\n\n### tenantId (required)\ntenantId : string\n\n### communityId (required)\ncommunityId : string\n\n### ids (optional)\nids : array\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns authProxy configurations.
\nThis API throw an error if something goes wrong.\n",
"tags": [
"AuthProxy"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "authorization",
"in": "header",
"description": "JWT Access Token / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/FetchAuthProxyConfigRequest"
}
}
}
},
"responses": {
"200": {
"description": "Success",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/EcdsaEncryptDecryptResponse"
}
}
}
},
"400": {
"description": "Invalid Request"
},
"401": {
"description": "Unauthorized"
},
"404": {
"description": "Not Found"
},
"500": {
"description": "Internal Server Error"
}
}
}
},
"/attributes": {
"put": {
"summary": "Create User Attributes",
"description": "Create User Attributes.
\nThis endpoint must be accessed by an administrator.
\n:: Note for website ::
\n+ Default request body is {data: ecdsa_string}
\n\n| **Headers** |\n|----------------------------------------------|\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n### authorization (required)\nJWT\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns encrypted object represents creation result\n",
"tags": [
"User Attributes"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"license": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "authorization",
"in": "header",
"description": "JWT Access Token / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"description": "Request body contains 'data' field with encrypted object below:\n```\n{\n \"moduleId\": \"xxx\",\n \"attributes\": [\n {\n \"name\": \"xxx\",\n \"attribute\": \"xxx\"\n }\n ]\n}\n```\nIMPORTANT - you can send unencrypted data and you will get unecrypted data as well, it is only a preview available in Swagger\n",
"required": true,
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/UserAttributesCreateRequest"
}
}
}
},
"responses": {
"200": {
"description": "Success\n\npublicKey is publicKey of Users Mgmt API, useful for decryption response\n\ndata is ECDSA encrypted object represents creation result:\n```\n{\n \"created\": [\n {\n \"_id\": \"ObjectId\",\n \"name\": \"name\",\n \"attribute\": \"attribute\",\n \"moduleId\": \"ObjectId\"\n }\n ],\n \"errors\": []\n}\n```\n",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/EcdsaEncryptDecryptResponse"
}
}
}
},
"400": {
"description": "Validation data error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ValidationError"
}
}
}
},
"401": {
"description": "Unauthorized"
}
}
},
"get": {
"summary": "Fetch User Attributes",
"description": "Fetch User Attributes.
\nThis endpoint must be accessed by an administrator.
\n:: Note for website ::
\n+ Default request body is {data: ecdsa_string}
\n\n| **Headers** |\n|----------------------------------------------|\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n### authorization (required)\nJWT\n\n| **Query** |\n|----------------------------------------------|\n\n### moduleId (required)\nObjectID - id of module to fetch attributes from\n\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns encrypted array of user attributes objects\n",
"tags": [
"User Attributes"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"license": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"name": "moduleId",
"in": "query",
"description": "ObjectID - id of module to fetch attributes from",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "authorization",
"in": "header",
"description": "JWT Access Token / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"responses": {
"200": {
"description": "Success\n\npublicKey is publicKey of Users Mgmt API, useful for decryption response\n\ndata is ECDSA encrypted object represents array of user attributes:\n```\n[\n {\n \"_id\": \"ObjectId\",\n \"name\": \"name\",\n \"attribute\": \"attribute\",\n \"moduleId\": \"ObjectId\"\n }\n]\n```\n",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/EcdsaEncryptDecryptResponse"
}
}
}
},
"400": {
"description": "Validation data error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ValidationError"
}
}
}
},
"401": {
"description": "Unauthorized"
},
"404": {
"description": "No attributes found"
}
}
}
},
"/attributes/{attributeId}": {
"patch": {
"summary": "Update User Attribute",
"description": "Update User Attribute.
\nThis endpoint must be accessed by an administrator.
\n:: Note for website ::
\n+ Default request body is {data: ecdsa_string}
\n\n| **Headers** |\n|----------------------------------------------|\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n### authorization (required)\nJWT\n\n| **Params** |\n|----------------------------------------------|\n\n### attributeId (required)\nObjectID - id of user attribute to update\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns encrypted object represents updated user attribute\n",
"tags": [
"User Attributes"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"license": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"name": "attributeId",
"in": "path",
"description": "ObjectID - id of user attribute to update",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "authorization",
"in": "header",
"description": "JWT Access Token / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"description": "Request body contains 'data' field with encrypted object below:\n```\n{\n \"name\": \"xxx\",\n \"attribute\": \"xxx\"\n \"moduleId\": \"xxxxxxxxxxxxxxxxxxxxx\"\n}\n```\nIMPORTANT - you can send unencrypted data and you will get unecrypted data as well, it is only a preview available in Swagger\n",
"required": true,
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/UserAttributeUpdateRequest"
}
}
}
},
"responses": {
"200": {
"description": "Success\n\npublicKey is publicKey of Users Mgmt API, useful for decryption response\n\ndata is ECDSA encrypted object represents updated user atrribute:\n```\n{\n \"_id\": \"ObjectId\",\n \"name\": \"name\",\n \"attribute\": \"attribute\",\n \"moduleId\": \"ObjectId\"\n}\n```\n",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/EcdsaEncryptDecryptResponse"
}
}
}
},
"400": {
"description": "Validation data error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ValidationError"
}
}
}
},
"401": {
"description": "Unauthorized"
},
"404": {
"description": "No attribute found"
}
}
},
"delete": {
"summary": "Delete User Attribute",
"description": "Update User Attribute.
\nThis endpoint must be accessed by an administrator.
\n:: Note for website ::
\n+ Default request body is {data: ecdsa_string}
\n\n| **Headers** |\n|----------------------------------------------|\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n### authorization (required)\nJWT\n\n| **Params** |\n|----------------------------------------------|\n\n### attributeId (required)\nObjectID - id of user attribute to delete\n\n| **Returns** |\n|-------------------------------------------|\n\n204 No Content\n",
"tags": [
"User Attributes"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"license": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"name": "attributeId",
"in": "path",
"description": "ObjectID - id of user attribute to delete",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "authorization",
"in": "header",
"description": "JWT Access Token / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"description": "Request body contains 'data' field with encrypted object below:\n```\n{\n \"moduleId\": \"xxxxxxxxxxxxxxxxxxxxx\"\n}\n```\nIMPORTANT - you can send unencrypted data and you will get unecrypted data as well, it is only a preview available in Swagger\n",
"required": true,
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/UserAttributeDeleteRequest"
}
}
}
},
"responses": {
"204": {
"description": "Success\n"
},
"400": {
"description": "Validation path error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ValidationError"
}
}
}
},
"401": {
"description": "Unauthorized"
},
"404": {
"description": "No attribute found"
}
}
}
},
"/broker/fetch": {
"post": {
"summary": "Fetch broker connections",
"description": "Fetch broker connections.
\nThis endpoint must be accessed by an administrator.
\n:: Note for website ::
\n+ Default request body is {data: ecdsa_string}
\n\n| **Headers** |\n|----------------------------------------------|\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n### authorization (required)\nJWT\n\n| **Request Body** |\n|----------------------------------------------|\n\n\n### tenantId (required)\ntenantId : string\n\n### communityId (required)\ncommunityId : string\n\n### moduleId (required)\nmoduleId : string\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns broker connections.
\nThis API throw an error if something goes wrong.\n",
"tags": [
"Broker"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"license": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "authorization",
"in": "header",
"description": "JWT Access Token / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/FetchBrokerConnectionsRequest"
}
}
}
},
"responses": {
"200": {
"description": "Success",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/EcdsaEncryptDecryptResponse"
}
}
}
},
"400": {
"description": "Invalid Request"
},
"401": {
"description": "Unauthorized"
},
"404": {
"description": "Not Found"
},
"500": {
"description": "Internal Server Error"
}
}
}
},
"/broker/{uid}": {
"delete": {
"summary": "Delete broker connection",
"description": "Delete broker connection.
\nThis endpoint must be accessed by an administrator.
\n:: Note for website ::
\n+ Default request body is {data: ecdsa_string}
\n\n| **Headers** |\n|----------------------------------------------|\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n### authorization (required)\nJWT\n\n| **Request Body** |\n|----------------------------------------------|\n\n\n### tenantId (required)\ntenantId : string\n\n### communityId (required)\ncommunityId : string\n\n### moduleId (required)\nmoduleId : string\n",
"tags": [
"Broker"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"license": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"name": "uid",
"in": "path",
"description": "Broker connection uid",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "authorization",
"in": "header",
"description": "JWT Access Token / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/DeleteBrokerConnectionRequest"
}
}
}
},
"responses": {
"204": {
"description": "Success"
},
"400": {
"description": "Invalid Request"
},
"401": {
"description": "Unauthorized"
},
"404": {
"description": "Not Found"
},
"500": {
"description": "Internal Server Error"
}
}
}
},
"/broker/changestatus": {
"patch": {
"summary": "Change status of broker connection",
"description": "Change status of broker connection.
\nThis endpoint must be accessed by an administrator.
\n:: Note for website ::
\n+ Default request body is {data: ecdsa_string}
\n\n| **Headers** |\n|----------------------------------------------|\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n### authorization (required)\nJWT\n\n| **Request Body** |\n|----------------------------------------------|\n\n\n### tenantId (required)\ntenantId : string\n\n### communityId (required)\ncommunityId : string\n\n### moduleId (required)\nmoduleId : string\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns updated broker connection.
\nThis API throw an error if something goes wrong.\n",
"tags": [
"Broker"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"license": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "authorization",
"in": "header",
"description": "JWT Access Token / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ChangeStatusBrokerConnectionRequest"
}
}
}
},
"responses": {
"200": {
"description": "Success",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/EcdsaEncryptDecryptResponse"
}
}
}
},
"400": {
"description": "Invalid Request"
},
"401": {
"description": "Unauthorized"
},
"404": {
"description": "Not Found"
},
"500": {
"description": "Internal Server Error"
}
}
}
},
"/broker/update": {
"patch": {
"summary": "Update broker connection (only name is allowed to be updated by this api)",
"description": "Update broker connection.
\nThis endpoint must be accessed by an administrator.
\n:: Note for website ::
\n+ Default request body is {data: ecdsa_string}
\n\n| **Headers** |\n|----------------------------------------------|\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n### authorization (required)\nJWT\n\n| **Request Body** |\n|----------------------------------------------|\n\n\n### tenantId (required)\ntenantId : string\n\n### communityId (required)\ncommunityId : string\n\n### moduleId (required)\nmoduleId : string\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns updated broker connection.
\nThis API throw an error if something goes wrong.\n",
"tags": [
"Broker"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"license": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "authorization",
"in": "header",
"description": "JWT Access Token / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/UpdateBrokerConnectionRequest"
}
}
}
},
"responses": {
"200": {
"description": "Success",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/EcdsaEncryptDecryptResponse"
}
}
}
},
"400": {
"description": "Invalid Request"
},
"401": {
"description": "Unauthorized"
},
"404": {
"description": "Not Found"
},
"500": {
"description": "Internal Server Error"
}
}
}
},
"/auth_modules/fetch": {
"post": {
"summary": "Fetch Auth Modules.",
"description": "Fetch Auth Modules.
\nThis endpoint must be accessed by an administrator.
\n:: Note for website ::
\n+ Default request body is {data: ecdsa_string}
\n\n| **Headers** |\n|----------------------------------------------|\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n### authorization (required)\nJWT\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns the auth modules.
\nThis API throw an error if something goes wrong.\n",
"tags": [
"Auth Modules"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"license": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "authorization",
"in": "header",
"description": "JWT Access Token / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"responses": {
"200": {
"description": "Success",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/AuthModuleResponse"
}
}
}
},
"400": {
"description": "Invalid request"
},
"401": {
"description": "Unauthorized"
},
"500": {
"description": "Internal Server Error"
}
}
}
},
"/auth_modules/{moduleId}": {
"patch": {
"summary": "Update Auth Module.",
"description": "Update Auth Modules.
\nThis endpoint must be accessed by an administrator.
\n:: Note for website ::
\n+ Default request body is {data: ecdsa_string}
\n\n| **Headers** |\n|----------------------------------------------|\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n### authorization (required)\nJWT\n\n| **Request Body** |\n|----------------------------------------------|\n\n### data (required)\nAuth module data encrypted with ECDSA.
\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns updated auth module.
\nThis API throw an error if something goes wrong.\n",
"tags": [
"Auth Modules"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"license": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"name": "moduleId",
"in": "path",
"description": "The id of auth module to update",
"required": true,
"schema": {
"type": "string",
"example": "xxxxxxxxxxxxxxxx"
}
},
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "authorization",
"in": "header",
"description": "JWT Access Token / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"description": "Request body contains 'data' field with encrypted object below:\n\nIMPORTANT - you can send unencrypted data and you will get unecrypted data as well, it is only a preview available in Swagger.\n\nNOTE - for each type you can send \"mode\" parameter, but it will be skipped.\n\nfor type **db**:\n```\n{\n \"name\": \"string optional\",\n \"enabled\": \"boolean optional\",\n \"type\": \"db - only for dynamic validation\",\n \"mode\": \"direct - only for dynamic validation\"\n \"config\": {\n \"passwordPolicy\": { // object optional\n \"authtype\": \"Fingerprint|Face\",\n \"description\": \"string required\",\n \"rules\": {\n \"min\": \"number required\",\n \"min_enabled\": \"boolean required\",\n \"min_special\": \"number required\",\n \"min_special_enabled\": \"boolean required\",\n \"min_numbers\": \"number required\",\n \"min_numbers_enabled\": \"boolean required\",\n \"special_chars_allowed\": \"string required\",\n \"special_chars_allowed_enabled\": \"boolean required\",\n \"min_alpha_caps\": \"number required\",\n \"min_alpha_caps_enabled\": \"boolean required\",\n \"noUsername\": \"boolean required\",\n \"noUsername_enabled\": \"boolean required\",\n \"noSpaces\": \"boolean required\",\n \"noSpaces_enabled\": \"boolean required\",\n \"allowInRow\": \"number required\",\n \"allowInRow_enabled\": \"boolean required\"\n }\n }\n }\n}\n```\n\nfor type **ad**:\n```\n{\n \"name\": \"string optional\",\n \"enabled\": \"boolean optional\",\n \"type\": \"ad - only for dynamic validation\",\n \"mode\": \"direct/broker - only for dynamic validation\"\n \"config\": {\n \"serverprotocol\": \"string required/optional - ldap or ldaps\",\n \"server\": \"string required/optional\",\n \"serverport\": \"string required\"/optional,\n \"binddn\": \"string required/optional\",\n \"bindpassword\": \"string required/optional\",\n \"basedn\": \"string required\"/optional,\n \"securityauthentication\": \"string required/optional - Simple or Secure or Sealing or Encryption or SecureSocketLayer or ServerBind\",\n \"filter\": \"string required/optional\",\n \"serviceacctreadonly\": \"boolean optional - default false\",\n \"scepenabled\": \"boolean optional (only broker)\",\n \"scepurl\": \"string optional (only broker)\",\n \"challengeurl\": \"string optional (only broker)\",\n \"scepagent\": \"string optional (only broker)\",\n \"logfilesizemb\": number optional, // it's only for BROKER\n \"logfilecount\": number optional, // it's only for BROKER\n \"cert_enabled\": \"boolean optional\",\n \"cert_template\": \"string optional\", // Alphabets, numerals, spaces, special characters allowed\n \"dc_dns\": \"string optional\", // DNS names can contain only alphabetic characters (A-Z, a-z), numeric characters (0-9), the minus sign (-), and the period (.)\n \"dc_ca\": \"string optional\", // up to 64 characters, ANSI character set\n \"ldapqueryfilter\": \"string optional\",\n \"passwordPolicy\": { // object optional\n \"authtype\": \"Fingerprint|Face\",\n \"description\": \"string required\",\n \"rules\": {\n \"min\": \"number required\",\n \"min_enabled\": \"boolean required\",\n \"min_special\": \"number required\",\n \"min_special_enabled\": \"boolean required\",\n \"min_numbers\": \"number required\",\n \"min_numbers_enabled\": \"boolean required\",\n \"special_chars_allowed\": \"string required\",\n \"special_chars_allowed_enabled\": \"boolean required\",\n \"min_alpha_caps\": \"number required\",\n \"min_alpha_caps_enabled\": \"boolean required\",\n \"noUsername\": \"boolean required\",\n \"noUsername_enabled\": \"boolean required\",\n \"noSpaces\": \"boolean required\",\n \"noSpaces_enabled\": \"boolean required\",\n \"allowInRow\": \"number required\",\n \"allowInRow_enabled\": \"boolean required\"\n }\n },\n \"caList\": [{\n \"cert_template\": \"string required\",\n \"dc_dns\": \"string required\",\n \"dc_ca\": \"string required\",\n \"lastSuccessAt\": \"date optional\",\n \"lastNotifiedAt\": \"date optional\"\n }],\n \"caTimeoutSeconds\": \"number optional - default = 10s\",\n \"caRetryAfterMinutes\": \"number optional - default = 30m\",\n \"caStatusChangeNotificationsTo\": \"array optional\",\n \"caStatusChangeNotificationsEnabled\": \"boolean optional\",\n },\n \"kerberos_config\": { // optional\n \"enabled\": \"boolean optional\",\n \"keytab_file\": \"string optional\"\n },\n \"enhanced_security_on\": true/false\n}\n```\n\nfor type **ldap**:\n```\n{\n \"name\": \"string optional\",\n \"enabled\": \"boolean optional\",\n \"type\": \"ldap - only for dynamic validation\",\n \"mode\": \"direct/broker - only for dynamic validation\"\n \"config\": {\n \"serverprotocol\": \"string required/optional - ldap or ldaps\",\n \"server\": \"string required/optional\",\n \"serverport\": \"string required/optional\",\n \"binddn\": \"string required/optional\",\n \"bindpassword\": \"string required/optional\",\n \"basedn\": \"string required/optional\",\n \"securityauthentication\": \"string required/optional - Simple or Secure or Sealing or Encryption or SecureSocketLayer or ServerBind\",\n \"filter\": \"string required/optional\",\n \"serviceacctreadonly\": \"boolean optional - default false\",\n \"scepenabled\": \"boolean optional (only broker)\",\n \"scepurl\": \"string optional (only broker)\",\n \"challengeurl\": \"string optional (only broker)\",\n \"scepagent\": \"string optional (only broker)\",\n \"ldapqueryfilter\": \"string optional\",\n \"passwordPolicy\": { // object optional\n \"authtype\": \"Fingerprint|Face\",\n \"description\": \"string required\",\n \"rules\": {\n \"min\": \"number required\",\n \"min_enabled\": \"boolean required\",\n \"min_special\": \"number required\",\n \"min_special_enabled\": \"boolean required\",\n \"min_numbers\": \"number required\",\n \"min_numbers_enabled\": \"boolean required\",\n \"special_chars_allowed\": \"string required\",\n \"special_chars_allowed_enabled\": \"boolean required\",\n \"min_alpha_caps\": \"number required\",\n \"min_alpha_caps_enabled\": \"boolean required\",\n \"noUsername\": \"boolean required\",\n \"noUsername_enabled\": \"boolean required\",\n \"noSpaces\": \"boolean required\",\n \"noSpaces_enabled\": \"boolean required\",\n \"allowInRow\": \"number required\",\n \"allowInRow_enabled\": \"boolean required\"\n }\n },\n \"caList\": [{\n \"cert_template\": \"string required\",\n \"dc_dns\": \"string required\",\n \"dc_ca\": \"string required\",\n \"lastSuccessAt\": \"date optional\",\n \"lastNotifiedAt\": \"date optional\"\n }],\n \"caTimeoutSeconds\": \"number optional - default = 10s\",\n \"caRetryAfterMinutes\": \"number optional - default = 30m\",\n \"caStatusChangeNotificationsTo\": \"array optional\",\n \"caStatusChangeNotificationsEnabled\": \"boolean optional\",\n },\n \"kerberos_config\": { // optional\n \"enabled\": \"boolean optional\",\n \"keytab_file\": \"string optional\"\n }\n}\n```\n\nfor type **azuread**:\n```\n{\n \"name\": \"string optional\",\n \"enabled\": true,\n \"config\": {\n \"appName\": \"string\",\n \"tenantId\": \"string\",\n \"tenantName\": \"string\",\n \"clientId\": \"string\",\n \"clientSecret\": \"string\",\n \"loginBasePath\": \"string\",\n \"graphApiBasePath\": \"string\",\n \"passwordPolicy\": { // object optional\n \"authtype\": \"Fingerprint|Face\",\n \"description\": \"string required\",\n \"rules\": {\n \"min\": \"number required\",\n \"min_enabled\": \"boolean required\",\n \"min_special\": \"number required\",\n \"min_special_enabled\": \"boolean required\",\n \"min_numbers\": \"number required\",\n \"min_numbers_enabled\": \"boolean required\",\n \"special_chars_allowed\": \"string required\",\n \"special_chars_allowed_enabled\": \"boolean required\",\n \"min_alpha_caps\": \"number required\",\n \"min_alpha_caps_enabled\": \"boolean required\",\n \"noUsername\": \"boolean required\",\n \"noUsername_enabled\": \"boolean required\",\n \"noSpaces\": \"boolean required\",\n \"noSpaces_enabled\": \"boolean required\",\n \"allowInRow\": \"number required\",\n \"allowInRow_enabled\": \"boolean required\"\n }\n }\n }\n}\n```\n",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/AuthModuleUpdateRequest"
}
}
}
},
"responses": {
"200": {
"description": "Success\n\npublicKey is publicKey of User Management API, useful for decryption response\n\ndata is ECDSA encrypted object represents updated auth module:\n\n```\n{\n \"_id\": \"ObjectID\",\n \"communityId\": \"ObjectID\",\n \"type\": \"db\", // ad | ldap | db\n \"subtype\": \"datastore\", // for ad | ldap: \"directory\", for db: \"datastore\"\n \"method\": \"authn\", // for ad | ldap | db : \"authn\"\n \"name\": \"Auth Module Name\",\n \"enabled\": true,\n \"mode\": \"broker/direct\"\n \"config\": {}, // see below config response samples\n \"kerberos_config\": { // optional\n \"enabled\": \"boolean optional\",\n \"keytab_file\": \"string optional\"\n }\n}\n```\n\nconfig object for type **ad** or **ldap**:\n```\n{\n \"serverprotocol\": \"ldap\",\n \"server\": \"string\"\n \"serverport\": \"string\"\n \"binddn\": \"string\"\n \"bindpassword\": \"string\",\n \"basedn\": \"string\",\n \"securityauthentication\": \"Simple\",\n \"filter\": \"string\",\n \"serviceacctreadonly\": true,\n \"scepenabled\": \"boolean optional\",\n \"scepurl\": \"string optional\",\n \"challengeurl\": \"string optional\",\n \"scepagent\": \"string optional\",\n \"ldapqueryfilter\": \"string optional\",\n \"cert_enabled\": \"boolean\",\n \"cert_template\": \"string\",\n \"dc_dns\": \"string\",\n \"dc_ca\": \"string\",\n \"logfilesizemb\": \"number\", // it's only for AD BROKER\n \"logfilecount\": \"number\", // it's only for AD BROKER\n \"passwordPolicy\": {\n \"allowed\": \"boolean required\",\n \"authtype\": \"Fingerprint|Face\",\n \"description\": \"string required\",\n \"rules\": {\n \"min\": \"number required\",\n \"min_enabled\": \"boolean required\",\n \"min_special\": \"number required\",\n \"min_special_enabled\": \"boolean required\",\n \"min_numbers\": \"number required\",\n \"min_numbers_enabled\": \"boolean required\",\n \"special_chars_allowed\": \"string required\",\n \"special_chars_allowed_enabled\": \"boolean required\",\n \"min_alpha_caps\": \"number required\",\n \"min_alpha_caps_enabled\": \"boolean required\",\n \"noUsername\": \"boolean required\",\n \"noUsername_enabled\": \"boolean required\",\n \"noSpaces\": \"boolean required\",\n \"noSpaces_enabled\": \"boolean required\",\n \"allowInRow\": \"number required\",\n \"allowInRow_enabled\": \"boolean required\"\n }\n },\n \"caList\": [{\n \"cert_template\": \"string required\",\n \"dc_dns\": \"string required\",\n \"dc_ca\": \"string required\",\n \"lastSuccessAt\": \"date optional\",\n \"lastNotifiedAt\": \"date optional\"\n }],\n \"caTimeoutSeconds\": \"number optional - default = 10s\",\n \"caRetryAfterMinutes\": \"number optional - default = 30m\",\n \"caStatusChangeNotificationsTo\": \"array optional\",\n \"caStatusChangeNotificationsEnabled\": \"boolean optional\",\n}\n```\n\nconfig object for type **azuread**:\n```\n{\n \"appName\": \"string\",\n \"tenantId\": \"string\",\n \"tenantName\": \"string\",\n \"clientId\": \"string\",\n \"clientSecret\": \"string\",\n \"loginBasePath\": \"string\",\n \"graphApiBasePath\": \"string\",\n \"passwordPolicy\": {\n \"allowed\": \"boolean required\",\n \"authtype\": \"Fingerprint|Face\",\n \"description\": \"string required\",\n \"rules\": {\n \"min\": \"number required\",\n \"min_enabled\": \"boolean required\",\n \"min_special\": \"number required\",\n \"min_special_enabled\": \"boolean required\",\n \"min_numbers\": \"number required\",\n \"min_numbers_enabled\": \"boolean required\",\n \"special_chars_allowed\": \"string required\",\n \"special_chars_allowed_enabled\": \"boolean required\",\n \"min_alpha_caps\": \"number required\",\n \"min_alpha_caps_enabled\": \"boolean required\",\n \"noUsername\": \"boolean required\",\n \"noUsername_enabled\": \"boolean required\",\n \"noSpaces\": \"boolean required\",\n \"noSpaces_enabled\": \"boolean required\",\n \"allowInRow\": \"number required\",\n \"allowInRow_enabled\": \"boolean required\"\n }\n }\n}\n```\n\nconfig for type **db**:\n```\n{\n \"passwordPolicy\": {\n \"allowed\": \"boolean required\",\n \"authtype\": \"Fingerprint|Face\",\n \"description\": \"string required\",\n \"rules\": {\n \"min\": \"number required\",\n \"min_enabled\": \"boolean required\",\n \"min_special\": \"number required\",\n \"min_special_enabled\": \"boolean required\",\n \"min_numbers\": \"number required\",\n \"min_numbers_enabled\": \"boolean required\",\n \"special_chars_allowed\": \"string required\",\n \"special_chars_allowed_enabled\": \"boolean required\",\n \"min_alpha_caps\": \"number required\",\n \"min_alpha_caps_enabled\": \"boolean required\",\n \"noUsername\": \"boolean required\",\n \"noUsername_enabled\": \"boolean required\",\n \"noSpaces\": \"boolean required\",\n \"noSpaces_enabled\": \"boolean required\",\n \"allowInRow\": \"number required\",\n \"allowInRow_enabled\": \"boolean required\"\n }\n }\n}\n```\n",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/AuthModuleUpdateResponse"
}
}
}
},
"400": {
"description": "Invalid request"
},
"401": {
"description": "Unauthorized"
}
}
},
"get": {
"summary": "Get auth module by moduleId.",
"description": "Get auth module by moduleId.
\nThis endpoint must be accessed by an administrator.
\n:: Note for website ::
\n+ Default request body is {data: ecdsa_string}
\n\n| **Headers** |\n|----------------------------------------------|\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n### authorization (required)\nJWT\n\n| **Parameters** |\n|----------------------------------------------|\n\n\nNo Parameters\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns the auth module, encrypted with ECDSA and public key.
\nThis API throw an error if something goes wrong.\n",
"tags": [
"Auth Modules"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"license": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"in": "path",
"name": "moduleId",
"required": true,
"schema": {
"type": "string",
"example": "xxxxxxxxxxxxxxxxxxxxxxxx"
}
},
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "authorization",
"in": "header",
"description": "JWT Access Token / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"responses": {
"200": {
"description": "Success\n\ndata is ECDSA encrypted object represents auth module:\n\n```\n{\n \"_id\": \"ObjectID\",\n \"communityId\": \"ObjectID\",\n \"type\": \"db\",\n \"subtype\": \"datastore\",\n \"method\": \"authn\",\n \"name\": \"Auth Module Name\",\n \"enabled\": true,\n \"mode\": \"broker/direct\",\n \"config\": {}, // see below config response samples\n \"kerberos_config\": { // optional\n \"enabled\": \"boolean optional\",\n \"keytab_file\": \"string optional\"\n }\n}\n```\n\nconfig object for type **ad** or **ldap**:\n```\n{\n \"serverprotocol\": \"ldap\",\n \"server\": \"string\",\n \"serverport\": \"string\",\n \"binddn\": \"string\",\n \"bindpassword\": \"string\",\n \"basedn\": \"string\",\n \"securityauthentication\": \"Simple\",\n \"filter\": \"string\",\n \"serviceacctreadonly\": true,\n \"scepenabled\": \"boolean optional (only broker)\",\n \"scepurl\": \"string optional (only broker)\",\n \"challengeurl\": \"string optional (only broker)\",\n \"scepagent\": \"string optional (only broker)\",\n \"cert_enabled\": \"boolean optional\",\n \"cert_template\": \"string optional\", // Alphabets, numerals, spaces, special characters allowed\n \"dc_dns\": \"string optional\", // DNS names can contain only alphabetic characters (A-Z, a-z), numeric characters (0-9), the minus sign (-), and the period (.)\n \"dc_ca\": \"string optional\", // up to 64 characters, ANSI character set\n \"logfilesizemb\": \"number (only broker)\",\n \"logfilecount\": \"number (only broker)\",\n \"ldapqueryfilter\": \"string optional\",\n \"passwordPolicy\": {\n \"allowed\": \"boolean required\",\n \"authtype\": \"Fingerprint|Face\",\n \"description\": \"string required\",\n \"rules\": {\n \"min\": \"number required\",\n \"min_enabled\": \"boolean required\",\n \"min_special\": \"number required\",\n \"min_special_enabled\": \"boolean required\",\n \"min_numbers\": \"number required\",\n \"min_numbers_enabled\": \"boolean required\",\n \"special_chars_allowed\": \"string required\",\n \"special_chars_allowed_enabled\": \"boolean required\",\n \"min_alpha_caps\": \"number required\",\n \"min_alpha_caps_enabled\": \"boolean required\",\n \"noUsername\": \"boolean required\",\n \"noUsername_enabled\": \"boolean required\",\n \"noSpaces\": \"boolean required\",\n \"noSpaces_enabled\": \"boolean required\",\n \"allowInRow\": \"number required\",\n \"allowInRow_enabled\": \"boolean required\"\n }\n },\n \"caList\": [{\n \"cert_template\": \"string required\",\n \"dc_dns\": \"string required\",\n \"dc_ca\": \"string required\",\n \"lastSuccessAt\": \"date optional\",\n \"lastNotifiedAt\": \"date optional\"\n }],\n \"caTimeoutSeconds\": \"number optional - default = 10s\",\n \"caRetryAfterMinutes\": \"number optional - default = 30m\",\n \"caStatusChangeNotificationsTo\": \"array optional\",\n \"caStatusChangeNotificationsEnabled\": \"boolean optional\",\n}\n```\n\nconfig object for type **azuread**:\n```\n{\n \"appName\": \"string\",\n \"tenantId\": \"string\",\n \"tenantName\": \"string\",\n \"clientId\": \"string\",\n \"clientSecret\": \"string\",\n \"loginBasePath\": \"string\",\n \"graphApiBasePath\": \"string\",\n \"passwordPolicy\": {\n \"allowed\": \"boolean required\",\n \"authtype\": \"Fingerprint|Face\",\n \"description\": \"string required\",\n \"rules\": {\n \"min\": \"number required\",\n \"min_enabled\": \"boolean required\",\n \"min_special\": \"number required\",\n \"min_special_enabled\": \"boolean required\",\n \"min_numbers\": \"number required\",\n \"min_numbers_enabled\": \"boolean required\",\n \"special_chars_allowed\": \"string required\",\n \"special_chars_allowed_enabled\": \"boolean required\",\n \"min_alpha_caps\": \"number required\",\n \"min_alpha_caps_enabled\": \"boolean required\",\n \"noUsername\": \"boolean required\",\n \"noUsername_enabled\": \"boolean required\",\n \"noSpaces\": \"boolean required\",\n \"noSpaces_enabled\": \"boolean required\",\n \"allowInRow\": \"number required\",\n \"allowInRow_enabled\": \"boolean required\"\n }\n }\n}\n```\n\nconfig object for type **db**:\n```\n{\n \"passwordPolicy\": {\n \"allowed\": \"boolean required\",\n \"authtype\": \"Fingerprint|Face\",\n \"description\": \"string required\",\n \"rules\": {\n \"min\": \"number required\",\n \"min_enabled\": \"boolean required\",\n \"min_special\": \"number required\",\n \"min_special_enabled\": \"boolean required\",\n \"min_numbers\": \"number required\",\n \"min_numbers_enabled\": \"boolean required\",\n \"special_chars_allowed\": \"string required\",\n \"special_chars_allowed_enabled\": \"boolean required\",\n \"min_alpha_caps\": \"number required\",\n \"min_alpha_caps_enabled\": \"boolean required\",\n \"noUsername\": \"boolean required\",\n \"noUsername_enabled\": \"boolean required\",\n \"noSpaces\": \"boolean required\",\n \"noSpaces_enabled\": \"boolean required\",\n \"allowInRow\": \"number required\",\n \"allowInRow_enabled\": \"boolean required\"\n }\n }\n}\n```\n",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/AuthModuleGetResponse"
}
}
}
},
"400": {
"description": "Invalid request"
},
"401": {
"description": "Unauthorized"
},
"404": {
"description": "Not found"
}
}
},
"delete": {
"summary": "Delete auth module by moduleId.",
"description": "Delete auth module by moduleId.
\nThis endpoint must be accessed by an administrator.
\n:: Note for website ::
\n+ Default request body is {data: ecdsa_string}
\n\n| **Headers** |\n|----------------------------------------------|\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n### authorization (required)\nJWT\n\n\n| **Parameters** |\n|----------------------------------------------|\n\n\nNo Parameters\n\n\n| **Returns** |\n|-------------------------------------------|\n\nNo content.
\nThis API throw an error if something goes wrong.\n",
"tags": [
"Auth Modules"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"license": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"in": "path",
"name": "moduleId",
"required": true,
"schema": {
"type": "string",
"example": "xxxxxxxxxxxxxxxxxxxxxxxx"
}
},
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "authorization",
"in": "header",
"description": "JWT Access Token / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"responses": {
"204": {
"description": "Success\n\nEmpty response\n"
},
"400": {
"description": "Invalid request"
},
"401": {
"description": "Unauthorized"
},
"404": {
"description": "Not found"
}
}
}
},
"/auth_modules/create": {
"put": {
"summary": "Create Auth Modules.",
"description": "Create Auth Modules.
\nThis endpoint must be accessed by an administrator.
\n:: Note for website ::
\n+ Default request body is {data: ecdsa_string}
\n\n| **Headers** |\n|----------------------------------------------|\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n### authorization (required)\nJWT\n\n| **Request Body** |\n|----------------------------------------------|\n\n### data (required)\nAuth module data encrypted with ECDSA.
\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns the created auth module.
\nThis API throw an error if something goes wrong.\n",
"tags": [
"Auth Modules"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"license": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "authorization",
"in": "header",
"description": "JWT Access Token / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"description": "Request body contains 'data' field with encrypted object below:\n\nIMPORTANT - you can send unencrypted data and you will get unecrypted data as well, it is only a preview available in Swagger.\n\nfor type **db**:\n```\n{\n \"type\": \"db\",\n \"subtype\": \"datastore\",\n \"method\": \"authn\",\n \"name\": \"string required\",\n \"enabled\": true,\n \"mode\": \"direct\",\n \"config\": {\n \"passwordPolicy\": { // object optional\n \"authtype\": \"Fingerprint|Face\",\n \"description\": \"string required\",\n \"rules\": {\n \"min\": \"number required\",\n \"min_enabled\": \"boolean required\",\n \"min_special\": \"number required\",\n \"min_special_enabled\": \"boolean required\",\n \"min_numbers\": \"number required\",\n \"min_numbers_enabled\": \"boolean required\",\n \"special_chars_allowed\": \"string required\",\n \"special_chars_allowed_enabled\": \"boolean required\",\n \"min_alpha_caps\": \"number required\",\n \"min_alpha_caps_enabled\": \"boolean required\",\n \"noUsername\": \"boolean required\",\n \"noUsername_enabled\": \"boolean required\",\n \"noSpaces\": \"boolean required\",\n \"noSpaces_enabled\": \"boolean required\",\n \"allowInRow\": \"number required\",\n \"allowInRow_enabled\": \"boolean required\"\n }\n }\n }\n}\n```\n\nfor type **ad**:\n```\n{\n \"type\": \"ad\",\n \"subtype\": \"directory\",\n \"method\": \"authn\",\n \"name\": \"string required\",\n \"enabled\": true,\n \"mode\": \"direct/broker\",\n \"config\": {\n \"serverprotocol\": \"string required/optional - ldap or ldaps\",\n \"server\": \"string required/optional\",\n \"serverport\": \"string required/optional\",\n \"binddn\": \"string required/optional\",\n \"bindpassword\": \"string optional/optional\",\n \"basedn\": \"string required/optional\",\n \"securityauthentication\": \"string required/optional - Simple or Secure or Sealing or Encryption or SecureSocketLayer or ServerBind\",\n \"filter\": \"string required/optional\",\n \"serviceacctreadonly\": \"boolean optional - default false\",\n \"scepenabled\": \"boolean optional (only broker)\",\n \"scepurl\": \"string optional (only broker)\",\n \"challengeurl\": \"string optional (only broker)\",\n \"scepagent\": \"string optional (only broker)\",\n \"ldapqueryfilter\": \"string optional\",\n \"cert_enabled\": \"boolean optional\",\n \"cert_template\": \"string optional\", // Alphabets, numerals, spaces, special characters allowed\n \"dc_dns\": \"string optional\", // DNS names can contain only alphabetic characters (A-Z, a-z), numeric characters (0-9), the minus sign (-), and the period (.)\n \"dc_ca\": \"string optional\", // up to 64 characters, ANSI character set\n \"logfilesizemb\": number optional, // it's only for BROKER, default is 10\n \"logfilecount\": number optional, // it's only for BROKER, default is 10\n \"passwordPolicy\": { // object optional\n \"authtype\": \"Fingerprint|Face\",\n \"description\": \"string required\",\n \"rules\": {\n \"min\": \"number required\",\n \"min_enabled\": \"boolean required\",\n \"min_special\": \"number required\",\n \"min_special_enabled\": \"boolean required\",\n \"min_numbers\": \"number required\",\n \"min_numbers_enabled\": \"boolean required\",\n \"special_chars_allowed\": \"string required\",\n \"special_chars_allowed_enabled\": \"boolean required\",\n \"min_alpha_caps\": \"number required\",\n \"min_alpha_caps_enabled\": \"boolean required\",\n \"noUsername\": \"boolean required\",\n \"noUsername_enabled\": \"boolean required\",\n \"noSpaces\": \"boolean required\",\n \"noSpaces_enabled\": \"boolean required\",\n \"allowInRow\": \"number required\",\n \"allowInRow_enabled\": \"boolean required\"\n }\n },\n \"caList\": [{\n \"cert_template\": \"string required\",\n \"dc_dns\": \"string required\",\n \"dc_ca\": \"string required\",\n \"lastSuccessAt\": \"date optional\",\n \"lastNotifiedAt\": \"date optional\",\n }],\n \"caTimeoutSeconds\": \"number optional - default = 10s\",\n \"caRetryAfterMinutes\": \"number optional - default = 30m\",\n \"caStatusChangeNotificationsTo\": \"array optional\",\n \"caStatusChangeNotificationsEnabled\": \"boolean optional\",\n },\n \"kerberos_config\": { // optional\n \"enabled\": \"boolean optional\",\n \"keytab_file\": \"string optional\"\n },\n \"enhanced_security_on\": true/false\n}\n```\n\nfor **direct azuread**:\n```\n{\n \"type\": \"azuread\",\n \"subtype\": \"directory\",\n \"method\": \"authn\",\n \"name\": \"string required\",\n \"enabled\": true,\n \"mode\": \"direct\",\n \"config\": {\n \"appName\": \"string required\",\n \"tenantId\": \"string required\",\n \"tenantName\": \"string required\",\n \"clientId\": \"string required\",\n \"clientSecret\": \"string required\",\n \"loginBasePath\": \"string required\",\n \"graphApiBasePath\": \"string required\",\n \"passwordPolicy\": { // object optional\n \"authtype\": \"Fingerprint|Face\",\n \"description\": \"string required\",\n \"rules\": {\n \"min\": \"number required\",\n \"min_enabled\": \"boolean required\",\n \"min_special\": \"number required\",\n \"min_special_enabled\": \"boolean required\",\n \"min_numbers\": \"number required\",\n \"min_numbers_enabled\": \"boolean required\",\n \"special_chars_allowed\": \"string required\",\n \"special_chars_allowed_enabled\": \"boolean required\",\n \"min_alpha_caps\": \"number required\",\n \"min_alpha_caps_enabled\": \"boolean required\",\n \"noUsername\": \"boolean required\",\n \"noUsername_enabled\": \"boolean required\",\n \"noSpaces\": \"boolean required\",\n \"noSpaces_enabled\": \"boolean required\",\n \"allowInRow\": \"number required\",\n \"allowInRow_enabled\": \"boolean required\"\n }\n }\n }\n}\n```\n\nfor type **ldap**:\n```\n{\n \"type\": \"ldap\",\n \"subtype\": \"directory\",\n \"method\": \"authn\",\n \"name\": \"string required\",\n \"enabled\": true,\n \"mode\": \"direct/broker\",\n \"config\": {\n \"serverprotocol\": \"string required/optional - ldap or ldaps\",\n \"server\": \"string required/optional\",\n \"serverport\": \"string required/optional\",\n \"binddn\": \"string required/optional\",\n \"bindpassword\": \"string optional/optional\",\n \"basedn\": \"string required/optional\",\n \"securityauthentication\": \"string required/optional - Simple or Secure or Sealing or Encryption or SecureSocketLayer or ServerBind\",\n \"filter\": \"string required/optional\",\n \"serviceacctreadonly\": \"boolean optional - default false\",\n \"scepenabled\": \"boolean optional (only broker)\",\n \"scepurl\": \"string optional (only broker)\",\n \"challengeurl\": \"string optional (only broker)\",\n \"scepagent\": \"string optional (only broker)\",\n \"ldapqueryfilter\": \"string optional\",\n \"passwordPolicy\": { // object optional\n \"authtype\": \"Fingerprint|Face\",\n \"description\": \"string required\",\n \"rules\": {\n \"min\": \"number required\",\n \"min_enabled\": \"boolean required\",\n \"min_special\": \"number required\",\n \"min_special_enabled\": \"boolean required\",\n \"min_numbers\": \"number required\",\n \"min_numbers_enabled\": \"boolean required\",\n \"special_chars_allowed\": \"string required\",\n \"special_chars_allowed_enabled\": \"boolean required\",\n \"min_alpha_caps\": \"number required\",\n \"min_alpha_caps_enabled\": \"boolean required\",\n \"noUsername\": \"boolean required\",\n \"noUsername_enabled\": \"boolean required\",\n \"noSpaces\": \"boolean required\",\n \"noSpaces_enabled\": \"boolean required\",\n \"allowInRow\": \"number required\",\n \"allowInRow_enabled\": \"boolean required\"\n }\n },\n \"caList\": [{\n \"cert_template\": \"string required\",\n \"dc_dns\": \"string required\",\n \"dc_ca\": \"string required\",\n \"lastSuccessAt\": \"date optional\",\n \"lastNotifiedAt\": \"date optional\"\n }],\n \"caTimeoutSeconds\": \"number optional - default = 10s\",\n \"caRetryAfterMinutes\": \"number optional - default = 30m\",\n \"caStatusChangeNotificationsTo\": \"array optional\",\n \"caStatusChangeNotificationsEnabled\": \"boolean optional\",\n },\n \"kerberos_config\": { // optional\n \"enabled\": \"boolean optional\",\n \"keytab_file\": \"string optional\"\n }\n}\n```\n",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/AuthModuleCreateRequest"
}
}
}
},
"responses": {
"200": {
"description": "Success\n\npublicKey is publicKey of User Management API, useful for decryption response\n\ndata is ECDSA encrypted object represents created auth module:\n\n```\n{\n \"_id\": \"ObjectID\",\n \"communityId\": \"ObjectID\",\n \"type\": \"db\", // ad | ldap | db\n \"subtype\": \"datastore\", // for ad | ldap: \"directory\", for db: \"datastore\"\n \"method\": \"authn\", // for ad | ldap | db : \"authn\"\n \"name\": \"Auth Module Name\",\n \"enabled\": true,\n \"mode\": \"broker/direct\",\n \"config\": {}, // see below config response samples\n \"kerberos_config\": { // optional\n \"enabled\": \"boolean optional\",\n \"keytab_file\": \"string optional\"\n }\n}\n```\n\nconfig object for type **ad** or **ldap**:\n```\n{\n \"serverprotocol\": \"ldap\",\n \"server\": \"string\"\n \"serverport\": \"string\"\n \"binddn\": \"string\"\n \"bindpassword\": \"string\",\n \"basedn\": \"string\",\n \"securityauthentication\": \"Simple\",\n \"filter\": \"string\",\n \"serviceacctreadonly\": true,\n \"scepenabled\": \"boolean optional\",\n \"scepurl\": \"string optional\",\n \"challengeurl\": \"string optional\",\n \"scepagent\": \"string optional\",\n \"ldapqueryfilter\": \"string optional\",\n \"cert_enabled\": \"boolean\",\n \"cert_template\": \"string\",\n \"dc_dns\": \"string\",\n \"dc_ca\": \"string\",\n \"logfilesizemb\": \"number\", // it's only for AD BROKER\n \"logfilecount\": \"number\", // it's only for AD BROKER\n \"passwordPolicy\": {\n \"allowed\": \"boolean required\",\n \"authtype\": \"Fingerprint|Face\",\n \"description\": \"string required\",\n \"rules\": {\n \"min\": \"number required\",\n \"min_enabled\": \"boolean required\",\n \"min_special\": \"number required\",\n \"min_special_enabled\": \"boolean required\",\n \"min_numbers\": \"number required\",\n \"min_numbers_enabled\": \"boolean required\",\n \"special_chars_allowed\": \"string required\",\n \"special_chars_allowed_enabled\": \"boolean required\",\n \"min_alpha_caps\": \"number required\",\n \"min_alpha_caps_enabled\": \"boolean required\",\n \"noUsername\": \"boolean required\",\n \"noUsername_enabled\": \"boolean required\",\n \"noSpaces\": \"boolean required\",\n \"noSpaces_enabled\": \"boolean required\",\n \"allowInRow\": \"number required\",\n \"allowInRow_enabled\": \"boolean required\"\n }\n },\n \"caList\": [{\n \"cert_template\": \"string required\",\n \"dc_dns\": \"string required\",\n \"dc_ca\": \"string required\",\n \"lastSuccessAt\": \"date optional\",\n \"lastNotifiedAt\": \"date optional\"\n }],\n \"caTimeoutSeconds\": \"number optional - default = 10s\",\n \"caRetryAfterMinutes\": \"number optional - default = 30m\",\n \"caStatusChangeNotificationsTo\": \"array optional\",\n \"caStatusChangeNotificationsEnabled\": \"boolean optional\",\n}\n```\n\nconfig object for type **azuread** :\n```\n{\n \"appName\": \"string\",\n \"tenantId\": \"string\",\n \"tenantName\": \"string\",\n \"clientId\": \"string\",\n \"clientSecret\": \"string\",\n \"loginBasePath\": \"string\",\n \"graphApiBasePath\": \"string\",\n \"passwordPolicy\": {\n \"allowed\": \"boolean required\",\n \"authtype\": \"Fingerprint|Face\",\n \"description\": \"string required\",\n \"rules\": {\n \"min\": \"number required\",\n \"min_enabled\": \"boolean required\",\n \"min_special\": \"number required\",\n \"min_special_enabled\": \"boolean required\",\n \"min_numbers\": \"number required\",\n \"min_numbers_enabled\": \"boolean required\",\n \"special_chars_allowed\": \"string required\",\n \"special_chars_allowed_enabled\": \"boolean required\",\n \"min_alpha_caps\": \"number required\",\n \"min_alpha_caps_enabled\": \"boolean required\",\n \"noUsername\": \"boolean required\",\n \"noUsername_enabled\": \"boolean required\",\n \"noSpaces\": \"boolean required\",\n \"noSpaces_enabled\": \"boolean required\",\n \"allowInRow\": \"number required\",\n \"allowInRow_enabled\": \"boolean required\"\n }\n }\n}\n```\n\nconfig for type **db**:\n```\n{\n \"passwordPolicy\": {\n \"allowed\": \"boolean required\",\n \"authtype\": \"Fingerprint|Face\",\n \"description\": \"string required\",\n \"rules\": {\n \"min\": \"number required\",\n \"min_enabled\": \"boolean required\",\n \"min_special\": \"number required\",\n \"min_special_enabled\": \"boolean required\",\n \"min_numbers\": \"number required\",\n \"min_numbers_enabled\": \"boolean required\",\n \"special_chars_allowed\": \"string required\",\n \"special_chars_allowed_enabled\": \"boolean required\",\n \"min_alpha_caps\": \"number required\",\n \"min_alpha_caps_enabled\": \"boolean required\",\n \"noUsername\": \"boolean required\",\n \"noUsername_enabled\": \"boolean required\",\n \"noSpaces\": \"boolean required\",\n \"noSpaces_enabled\": \"boolean required\",\n \"allowInRow\": \"number required\",\n \"allowInRow_enabled\": \"boolean required\"\n }\n }\n}\n```\n"
},
"400": {
"description": "Invalid request"
},
"401": {
"description": "Unauthorized"
}
}
}
},
"/auth_modules/updateJs/{moduleId}": {
"patch": {
"summary": "Update JS script Auth Modules.",
"description": "Update JS script Auth Modules..
\nThis endpoint must be accessed by an administrator.
\n:: Note for website ::
\n+ Default request body is {data: ecdsa_string}
\n\n| **Headers** |\n|----------------------------------------------|\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n### authorization (required)\nJWT\n\n| **Request Body** |\n|----------------------------------------------|\n\n### data (required)\nAuth module data encrypted with ECDSA.
\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns the created auth module.
\nThis API throw an error if something goes wrong.\n",
"tags": [
"Auth Modules"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"license": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"in": "path",
"name": "moduleId",
"required": true,
"schema": {
"type": "string",
"example": "xxxxxxxxxxxxxxxxxxxxxxxx"
}
},
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "authorization",
"in": "header",
"description": "JWT Access Token / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"description": "Request body contains 'data' field with encrypted object below:\n\nIMPORTANT - you can send unencrypted data and you will get unecrypted data as well, it is only a preview available in Swagger.\n\n\n```\n",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/AuthModuleCreateRequest"
}
}
}
},
"responses": {
"200": {
"description": "Success\n\npublicKey is publicKey of User Management API, useful for decryption response\n\ndata is ECDSA encrypted object represents created auth module:\n"
},
"400": {
"description": "Invalid request"
},
"401": {
"description": "Unauthorized"
}
}
}
},
"/v2/request_access": {
"post": {
"description": "Request access with facts
\n:: Note for website ::
\n+ Default request body is {data: ecdsa_string}
\n\n\n| **Headers** |\n|----------------------------------------------|\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns the user info, user_token and next. (password)
\nOr the user info, pon_data and jwt token. (otp)
\nThis API throw an error if something goes wrong.\n",
"tags": [
"Authenticate V2"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "authorization",
"in": "header",
"description": "JWT Access Token / Try Authorize 🔒",
"required": false,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "facts",
"in": "header",
"description": "(encrypted) json object containing \"deviceId\", \"deviceDomain\"",
"required": false,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/RequestAccessRequest"
}
}
}
},
"responses": {
"200": {
"description": "Success",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/RequestAccessResponse"
}
}
}
},
"400": {
"description": "Invalid request"
},
"401": {
"description": "Unauthorized"
},
"500": {
"description": "Internal Server Error"
}
}
}
},
"/v2/authz/roles/fetch": {
"get": {
"summary": "Fetch All Roles",
"description": "Get all available roles for community.
\n\n| **Headers** |\n|----------------------------------------------|\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n### authorization (required)\nJWT\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns object with public key and encrypted data containing self registration config for community\n",
"tags": [
"Authz V2"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"license": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "authorization",
"in": "header",
"description": "JWT Access Token / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"responses": {
"200": {
"description": "Success",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/RolesFetchResponse"
}
}
}
},
"400": {
"description": "Validation data error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ValidationError"
}
}
}
},
"401": {
"description": "Unauthorized"
},
"500": {
"description": "Internal Server Error"
}
}
}
},
"/v2/authenticationJourney": {
"put": {
"summary": "Create V2 Authentication Journey",
"description": "Create V2 Authentication Journey
\nThis endpoint must be accessed by an administrator.
\n:: Note for website ::
\n+ Default request body is {data: ecdsa_string}
\n\n| **Headers** |\n|----------------------------------------------|\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n### authorization (required)\nJWT\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns object with public key and encrypted data containing identity provider\n",
"tags": [
"AuthenticationJourney V2"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "authorization",
"in": "header",
"description": "JWT Access Token / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"description": "Must contain all fields to create a valid linux cp journey IMPORTANT - you can send unencrypted data and you will ge t unecrypted data as well, it is only a preview available in Swagger",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/CreateOrUpdateAuthenticationJourneyV2Request"
}
}
}
},
"responses": {
"200": {
"description": "SUCCESS\n\nIMPORTANT - Unencrypted response is only available in Swagger\n\nIn real application, you will get data as follow:\n```\n{\n \"data\": \"\",\n \"publicKey\": \"\"\n}\n```\n",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/CreateOrUpdateLinuxCPJourneyResponse"
}
}
}
},
"400": {
"description": "Validation data error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ValidationError"
}
}
}
},
"401": {
"description": "Unauthorized"
}
}
}
},
"/v2/authenticationJourney/{id}": {
"patch": {
"summary": "Update V2 Authentication Journey",
"description": "Update V2 Authentication Journey
\nThis endpoint must be accessed by an administrator.
\n:: Note for website ::
\n+ Default request body is {data: ecdsa_string}
\n\n| **Headers** |\n|----------------------------------------------|\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n### authorization (required)\nJWT\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns object with public key and encrypted data containing identity provider\n",
"tags": [
"AuthenticationJourney V2"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"name": "id",
"in": "path",
"description": "Mongo objectId of linux authenticationJourney to update",
"required": true,
"schema": {
"type": "string",
"example": "xxxxxxxxx"
}
},
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "authorization",
"in": "header",
"description": "JWT Access Token / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"description": "Must contain all fields to update a valid linux cp journey IMPORTANT - you can send unencrypted data and you will ge t unecrypted data as well, it is only a preview available in Swagger",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/CreateOrUpdateAuthenticationJourneyV2Request"
}
}
}
},
"responses": {
"200": {
"description": "SUCCESS\n\nIMPORTANT - Unencrypted response is only available in Swagger\n\nIn real application, you will get data as follow:\n```\n{\n \"data\": \"\",\n \"publicKey\": \"\"\n}\n```\n",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/CreateOrUpdateLinuxCPJourneyResponse"
}
}
}
},
"400": {
"description": "Validation data error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ValidationError"
}
}
}
},
"401": {
"description": "Unauthorized"
}
}
},
"delete": {
"summary": "Delete AuthenticationJourney",
"description": "Delete AuthenticationJourney.
\nThis endpoint must be accessed by an administrator.
\n:: Note for website ::
\n+ Default request body is {data: ecdsa_string}
\n\n| **Headers** |\n|----------------------------------------------|\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n### authorization (required)\nJWT\n\n| **Returns** |\n|-------------------------------------------|\n\nNothing to return\n",
"tags": [
"AuthenticationJourney V2"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"name": "id",
"in": "path",
"description": "Mongo objectId of identity provider to delete",
"required": true,
"schema": {
"type": "string",
"example": "xxxxxxxxx"
}
},
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "authorization",
"in": "header",
"description": "JWT Access Token / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"description": "Request body contains 'data' field with encrypted object below:\n```\n{\n tenantId: xxxxxx,\n communityId: xxxxxx\n}\n```\nIMPORTANT - you can send unencrypted data and you will get unecrypted data as well, it is only a preview available in Swagger\n",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/DeleteIdpObjectRequest"
}
}
}
},
"responses": {
"204": {
"description": "SUCCESS\n\nNo Content\n"
},
"400": {
"description": "Validation data error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ValidationError"
}
}
}
},
"401": {
"description": "Unauthorized"
}
}
}
},
"/v2/authenticationJourney/fetch": {
"post": {
"summary": "Fetch AuthenticationJourney",
"description": "Fetch AuthenticationJourney
\nThis endpoint must be accessed by an administrator.
\n:: Note for website ::
\n+ Default request body is {data: ecdsa_string}
\n\n| **Headers** |\n|----------------------------------------------|\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n### authorization (required)\nJWT\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns object with public key and encrypted data containing identity provider\n",
"tags": [
"AuthenticationJourney V2"
],
"security": [
{
"keyId": []
},
{
"keySecret": []
},
{
"bearerAuth": []
}
],
"parameters": [
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "authorization",
"in": "header",
"description": "JWT Access Token / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"description": "Must contain all fields to create a valid AuthenticationJourney IMPORTANT - you can send unencrypted data and you will get unecrypted data as well, it is only a preview available in Swagger",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/FetchAuthenticationJourneyRequestV2"
}
}
}
},
"responses": {
"200": {
"description": "SUCCESS\n\nIMPORTANT - Unencrypted response is only available in Swagger\n\nIn real application, you will get data as follow:\n```\n{\n \"data\": \"\",\n \"publicKey\": \"\"\n}\n```\n",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/FetchAuthenticationJourneyResponseV2"
}
}
}
},
"400": {
"description": "Validation data error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ValidationError"
}
}
}
},
"401": {
"description": "Unauthorized"
}
}
}
}
},
"components": {
"schemas": {
"PublicKeyResponse": {
"type": "object",
"properties": {
"publicKey": {
"type": "string"
}
},
"example": {
"publicKey": ""
}
},
"HealthzResponse": {
"type": "object",
"properties": {
"status": {
"type": "string"
},
"publicKey": {
"type": "string"
},
"code": {
"type": "string"
},
"version": {
"type": "string"
}
},
"example": {
"status": "all services operational",
"publicKey": "//same as /publickeys endpoint",
"code": "200",
"version": "xxxx.xxxx.xxxx"
}
},
"HelperEcdsaEncryptDecryptRequest": {
"type": "object",
"properties": {
"dataStr": {
"type": "string"
},
"publicKey": {
"type": "string"
},
"privateKey": {
"type": "string"
}
},
"example": {
"dataStr": "Hey, This is example data string.",
"publicKey": "xxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxx=",
"privateKey": "xxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxx="
}
},
"HelperEcdsaEncryptDecryptResponse": {
"type": "object",
"properties": {
"data": {
"type": "array"
}
},
"example": {
"data": "xxxxxxxxxxxxxxxxxxxx"
}
},
"EcdsaEncryptDecryptResponse": {
"type": "object",
"properties": {
"publicKey": {
"type": "string"
},
"data": {
"type": "array"
}
},
"example": {
"data": "xxxxxxxxxxxxxxxxxxxx",
"publicKey": "xxxxxxxxxxxxxxxxxxxx"
}
},
"CommunityAuthInfoRequest": {
"type": "object",
"properties": {
"dns": {
"type": "string"
},
"communityName": {
"type": "string"
}
},
"example": {
"dns": "string",
"communityName": "string"
}
},
"PwdlessSettingsInfoRequest": {
"type": "object",
"properties": {
"dns": {
"type": "string"
},
"communityName": {
"type": "string"
}
},
"example": {
"dns": "string",
"communityName": "string"
}
},
"CommunityAuthInfoResponse": {
"type": "object",
"properties": {
"community": {
"type": "object"
},
"tenant": {
"type": "object"
},
"authScheme": {
"type": "object"
},
"settings": {
"type": "object"
},
"branding": {
"type": "object"
},
"password_reset_options": {
"type": "object"
}
},
"example": {
"community": "object",
"tenant": "object",
"authScheme": "object",
"settings": "object",
"branding": "object",
"password_reset_options": "object"
}
},
"PwdlessSettingsInfoResponse": {
"type": "object",
"properties": {
"primaryMethod": {
"type": "string",
"example": "Fingerprint"
},
"secondaryMethod": {
"type": "string",
"example": "Pin"
},
"selfOnBoard": {
"type": "boolean",
"example": true
},
"selfOnBoardFromUserProfile": {
"type": "boolean",
"example": true
},
"accountsPerPerson": {
"type": "number",
"example": 5
},
"personsPerAccount": {
"type": "number",
"example": 1
},
"personLimitRule": {
"type": "string",
"example": "cleanup"
},
"passwordless_disabled": {
"type": "boolean",
"example": true
},
"qr_disabled": {
"type": "boolean",
"example": true
},
"push_disabled": {
"type": "boolean",
"example": "true"
},
"push_number_challenge_enabled": {
"type": "boolean",
"example": true
},
"defaultMethods": {
"type": "string",
"example": "Fingerprint"
}
}
},
"FirstTimeEnrollmentResponse": {
"type": "object",
"properties": {
"first_time_login_enrollment": {
"type": "boolean",
"example": false
},
"allowed_factors": {
"type": "array",
"example": []
}
}
},
"VerifyUserRequest": {
"type": "object",
"properties": {
"tenantId": {
"type": "string"
},
"communityId": {
"type": "string"
},
"username": {
"type": "string"
},
"password": {
"type": "string"
},
"otp": {
"type": "string"
}
},
"example": {
"tenantId": "string",
"communityId": "string",
"username": "string",
"password": "string optional",
"otp": "string optional"
}
},
"RequestAccessRequest": {
"type": "object",
"properties": {
"tenantId": {
"type": "string"
},
"communityId": {
"type": "string"
},
"username": {
"type": "string"
},
"web_otp": {
"type": "string"
},
"hw_otp": {
"type": "string"
},
"mobile_totp": {
"type": "string"
},
"any_otp": {
"type": "string"
},
"profile_otp": {
"type": "string"
},
"password": {
"type": "string"
},
"uwlSessionId": {
"type": "string"
},
"SAMLResponse": {
"type": "string"
},
"mobile": {
"type": "string"
},
"landline": {
"type": "string"
},
"challengeHash": {
"type": "string"
},
"biometricConsentAccepted": {
"type": "boolean"
},
"webauthnAssertion": {
"type": "object",
"properties": {
"rawId": {
"type": "string",
"example": "xxxxxx"
},
"authenticatorData": {
"type": "number",
"example": "xxxxxx"
},
"signature": {
"type": "string",
"example": "xxxxxx"
},
"userHandle": {
"type": "string",
"nullable": true,
"example": "xxxx"
},
"clientDataJSON": {
"type": "number",
"example": "xxxxxx"
},
"getClientExtensionResults": {
"type": "object"
},
"id": {
"type": "string",
"example": "xxxx"
},
"type": {
"type": "string",
"example": "public-key"
}
}
},
"isPreauthenticated": {
"type": "boolean",
"description": "EAM flag \u2014 true when user arrives via Entra EAM id_token_hint flow"
},
"interactionUid": {
"type": "string",
"description": "OIDC interaction UID \u2014 used to fetch oid/tid from the server-side interaction record during EAM flow"
},
"behavior_auth": {
"type": "object",
"description": "Behavior auth (typing biometrics) data for behavior_auth_and_user_pin journey",
"properties": {
"pattern": {
"type": "string",
"description": "TypingDNA pattern string captured from user typing"
},
"phrase": {
"type": "string",
"description": "The phrase the user typed (echoed back from previous response)"
},
"user_token": {
"type": "string",
"description": "User token from previous response (for session continuity)"
}
}
},
"user_pin": {
"type": "string",
"description": "User PIN for behavior_auth_and_user_pin journey (second factor)"
}
},
"example": {
"tenantId": "string",
"communityId": "string",
"username": "string",
"web_otp": "string",
"mobile_totp": "string",
"hw_otp": "string",
"any_otp": "string",
"profile_otp": "string",
"password": "string",
"uwlSessionId": "string",
"challengeHash": "some string",
"SAMLResponse": "string, b64 encoded xml",
"isPreauthenticated": true,
"interactionUid": "OIDC interaction UID",
"behavior_auth": {
"pattern": "TypingDNA pattern string",
"phrase": "notoriety pink holly puppy",
"user_token": "token from previous response"
},
"user_pin": "1234"
}
},
"RequestAccessResponse": {
"type": "object",
"properties": {
"jwt": {
"type": "string"
},
"next": {
"type": "object",
"properties": {
"step": {
"type": "string"
},
"allowed_factors": {
"type": "array"
},
"step_token": {
"type": "string"
},
"consentDocument": {
"type": "object"
},
"phrase": {
"type": "string",
"description": "Enrolled behavior auth phrase the user must type \u2014 only present when allowed_factors includes behavior_auth"
}
}
}
},
"example": {
"jwt": "string",
"next": {
"step": "need_mfa",
"allowed_factors": [
"behavior_auth"
],
"step_token": "string",
"phrase": "notoriety pink holly puppy"
}
}
},
"SendPushNotificationRequest": {
"type": "object",
"properties": {
"tenantId": {
"type": "string"
},
"communityId": {
"type": "string"
},
"username": {
"type": "string"
},
"user_token": {
"type": "string"
},
"sessionUrl": {
"type": "string"
}
},
"example": {
"tenantId": "string",
"communityId": "string",
"username": "string optional",
"user_token": "string optional",
"sessionUrl": "string"
}
},
"SendPushNotificationResponse": {
"type": "object",
"properties": {
"code": {
"type": "object"
},
"message": {
"type": "string"
},
"data": {
"type": "string"
},
"sessionStatus": {
"type": "string"
}
},
"example": {
"code": "200",
"message": "SUCCESS",
"data": "",
"sessionStatus": null
}
},
"SAMLRequest": {
"type": "object",
"properties": {
"SAMLRequest": {
"type": "string"
},
"Signature": {
"type": "string"
},
"SigAlg": {
"type": "string"
},
"RelayState": {
"type": "string"
}
},
"example": {
"SAMLRequest": "string",
"Signature": "string optional",
"SigAlg": "string optional",
"RelayState": "string optional"
}
},
"WSFEDRequest": {
"type": "object",
"properties": {
"wtrealm": {
"type": "string"
},
"wa": {
"type": "string"
},
"wreply": {
"type": "string"
},
"wctx": {
"type": "string"
}
},
"example": {
"wtrealm": "string required",
"wa": "string required",
"wreply": "string optional",
"wctx": "string optional"
}
},
"OIDCRequest": {
"type": "object",
"properties": {
"OIDCRequest": {
"type": "string"
},
"acr": {
"type": "string"
}
},
"example": {
"OIDCRequest": "string",
"acr": "string optional"
}
},
"VerifyUserResponse": {
"type": "object",
"properties": {
"user": {
"type": "object"
},
"pon_data": {
"type": "object"
},
"user_token": {
"type": "string"
},
"jwt_token": {
"type": "string"
},
"next": {
"type": "string"
}
},
"example": {
"user": "object",
"pon_data": "object",
"user_token": "string",
"jwt_token": "string",
"next": "otp"
}
},
"AuthenticateRequest": {
"type": "object",
"properties": {
"tenantId": {
"type": "string"
},
"communityId": {
"type": "string"
},
"user_token": {
"type": "string"
},
"passcode": {
"type": "string"
},
"aliasUsed": {
"type": "string"
}
},
"example": {
"tenantId": "string",
"communityId": "string",
"user_token": "string",
"passcode": "string",
"aliasUsed": "string"
}
},
"AuthenticateResponse": {
"type": "object",
"properties": {
"user": {
"type": "object"
},
"pon_data": {
"type": "object"
},
"jwt_token": {
"type": "string"
}
},
"example": {
"user": "object",
"pon_data": "object",
"jwt_token": "string"
}
},
"AuthModuleRequest": {
"type": "object",
"properties": {
"tenantId": {
"type": "string"
},
"communityId": {
"type": "string"
}
},
"example": {
"tenantId": "string",
"communityId": "string"
}
},
"AuthModuleResponse": {
"type": "object",
"properties": {
"modules": {
"type": "array"
}
},
"example": {
"modules": [
{
"_id": "string",
"communityId": "string",
"type": "string",
"subtype": "string",
"method": "string",
"name": "string",
"enabled": true,
"mode": "broker",
"config": {
"passwordPolicy": {
"allowed": "boolean required",
"authtype": "Fingerprint|Face",
"description": "string required",
"rules": {
"min": "number required",
"min_enabled": "boolean required",
"min_special": "number required",
"min_special_enabled": "boolean required",
"min_numbers": "number required",
"min_numbers_enabled": "boolean required",
"special_chars_allowed": "string required",
"special_chars_allowed_enabled": "boolean required",
"min_alpha_caps": "number required",
"min_alpha_caps_enabled": "boolean required",
"noUsername": "boolean required",
"noUsername_enabled": "boolean required",
"noSpaces": "boolean required",
"noSpaces_enabled": "boolean required",
"allowInRow": "number required",
"allowInRow_enabled": "boolean required"
}
}
}
},
{
"_id": "string",
"communityId": "string",
"type": "string",
"subtype": "string",
"method": "string",
"name": "string",
"enabled": true,
"mode": "direct",
"config": {
"passwordPolicy": {
"allowed": "boolean required",
"authtype": "Fingerprint|Face",
"description": "string required",
"rules": {
"min": "number required",
"min_enabled": "boolean required",
"min_special": "number required",
"min_special_enabled": "boolean required",
"min_numbers": "number required",
"min_numbers_enabled": "boolean required",
"special_chars_allowed": "string required",
"special_chars_allowed_enabled": "boolean required",
"min_alpha_caps": "number required",
"min_alpha_caps_enabled": "boolean required",
"noUsername": "boolean required",
"noUsername_enabled": "boolean required",
"noSpaces": "boolean required",
"noSpaces_enabled": "boolean required",
"allowInRow": "number required",
"allowInRow_enabled": "boolean required"
}
}
},
"kerberos_config": {
"enabled": "boolean optional",
"keytab_file": "string optional"
}
},
{
"_id": "string",
"communityId": "string",
"type": "string",
"subtype": "string",
"method": "string",
"name": "string",
"enabled": true,
"mode": "direct",
"config": {
"cert_enabled": "boolean",
"cert_template": "string",
"dc_dns": "string",
"dc_ca": "string",
"logfilesizemb": "number",
"logfilecount": "number",
"ldapqueryfilter": "someLdapQueryFilter",
"passwordPolicy": {
"allowed": "boolean required",
"authtype": "Fingerprint|Face",
"description": "string required",
"rules": {
"min": "number required",
"min_enabled": "boolean required",
"min_special": "number required",
"min_special_enabled": "boolean required",
"min_numbers": "number required",
"min_numbers_enabled": "boolean required",
"special_chars_allowed": "string required",
"special_chars_allowed_enabled": "boolean required",
"min_alpha_caps": "number required",
"min_alpha_caps_enabled": "boolean required",
"noUsername": "boolean required",
"noUsername_enabled": "boolean required",
"noSpaces": "boolean required",
"noSpaces_enabled": "boolean required",
"allowInRow": "number required",
"allowInRow_enabled": "boolean required"
}
}
}
}
]
}
},
"AuthModuleUpdateRequest": {
"type": "object",
"properties": {
"name": {
"type": "string"
},
"enabled": {
"type": "boolean"
},
"type": {
"type": "string"
},
"mode": {
"type": "string"
}
},
"example": {
"name": "string",
"enabled": true,
"type": "string",
"mode": "string"
}
},
"UserRequest": {
"type": "object",
"properties": {
"tenantId": {
"type": "string"
},
"communityId": {
"type": "string"
},
"moduleId": {
"type": "string"
},
"pSize": {
"type": "number"
},
"pIndex": {
"type": "number"
},
"attributes": {
"type": "array"
}
},
"example": {
"tenantId": "string",
"communityId": "string",
"moduleId": "string",
"pSize": 25,
"pIndex": 0,
"attributes": [
"firstname"
]
}
},
"UserResponse": {
"type": "object",
"properties": {
"page": {
"type": "object"
},
"data": {
"type": "array"
}
},
"example": {
"data": "object",
"publicKey": "string"
}
},
"UpdateUserPropertiesRequest": {
"type": "object",
"properties": {
"tenantId": {
"type": "string"
},
"communityId": {
"type": "string"
},
"user": {
"type": "object",
"properties": {
"username": {
"type": "string"
},
"uid": {
"type": "string"
},
"authModuleId": {
"type": "string"
}
}
},
"aliases": {
"type": "object",
"properties": {
"alias1": {
"type": "string"
},
"alias2": {
"type": "string"
},
"alias3": {
"type": "string"
},
"alias4": {
"type": "string"
},
"alias5": {
"type": "string"
},
"alias6": {
"type": "string"
},
"alias7": {
"type": "string"
},
"alias8": {
"type": "string"
}
}
},
"mobiles": {
"type": "array"
},
"landlines": {
"type": "array"
}
},
"example": {
"tenantId": "string",
"communityId": "string",
"user": {
"username": "string",
"uid": "string",
"authModuleId": "string"
},
"aliases": {
"alias1": "test-alias1",
"alias2": "test-alias2",
"alias3": "test-alias3",
"alias4": "test-alias4",
"alias5": "test-alias5",
"alias6": "test-alias6",
"alias7": "test-alias7",
"alias8": "test-alias8"
},
"mobiles": [
"4075156743"
],
"landlines": [
"4075156743",
"4075156712"
]
}
},
"UpdateUserPropertiesResponse": {
"type": "object",
"properties": {
"tenantId": {
"type": "string"
},
"communityId": {
"type": "string"
},
"user": {
"type": "object",
"properties": {
"username": {
"type": "string"
},
"uid": {
"type": "string"
},
"authModuleId": {
"type": "string"
}
}
},
"aliases": {
"type": "object",
"properties": {
"alias1": {
"type": "string"
},
"alias2": {
"type": "string"
},
"alias3": {
"type": "string"
},
"alias4": {
"type": "string"
},
"alias5": {
"type": "string"
},
"alias6": {
"type": "string"
},
"alias7": {
"type": "string"
},
"alias8": {
"type": "string"
}
}
},
"mobiles": {
"type": "array"
},
"landlines": {
"type": "array"
}
},
"example": {
"tenantId": "string",
"communityId": "string",
"user": {
"username": "string",
"uid": "string",
"authModuleId": "string"
},
"aliases": {
"alias1": "test-alias1",
"alias2": "test-alias2",
"alias3": "test-alias3",
"alias4": "test-alias4",
"alias5": "test-alias5",
"alias6": "test-alias6",
"alias7": "test-alias7",
"alias8": "test-alias8"
},
"mobiles": [
"4075156743"
],
"landlines": [
"4075156743",
"4075156712"
]
}
},
"CheckAliasUniquenessRequest": {
"type": "object",
"properties": {
"alias": {
"type": "string"
}
},
"example": {
"alias": "test-alias"
}
},
"CheckAliasUniquenessResponse": {
"type": "object",
"properties": {
"isUnique": {
"type": "boolean"
}
},
"example": {
"isUnique": false
}
},
"UserdetailProfileRequest": {
"type": "object",
"properties": {
"tenantId": {
"type": "string"
},
"communityId": {
"type": "string"
},
"moduleId": {
"type": "string"
},
"user": {
"type": "object",
"properties": {
"username": {
"type": "string"
},
"uid": {
"type": "string"
},
"urn": {
"type": "string"
}
}
},
"attributes": {
"type": "array"
}
},
"example": {
"tenantId": "string",
"communityId": "string",
"moduleId": "string",
"user": {
"username": "string",
"uid": "string",
"urn": "string"
},
"attributes": [
"firstname"
]
}
},
"UserdetailProfileResponse": {
"type": "object",
"properties": {
"uid": {
"type": "string"
},
"dguid": {
"type": "string"
},
"urn": {
"type": "string"
},
"moduleId": {
"type": "string"
},
"isLocked": {
"type": "boolean"
},
"username": {
"type": "string"
},
"mobiles": {
"type": "array"
},
"landlines": {
"type": "array"
},
"aliases": {
"type": "object"
},
"type": {
"type": "string"
},
"roleValue": {
"type": "string"
},
"status": {
"type": "string"
},
"firstname": {
"type": "string"
},
"middlename": {
"type": "string"
},
"lastname": {
"type": "string"
},
"email": {
"type": "string"
},
"phone": {
"type": "string"
},
"disabled": {
"type": "string"
},
"ial": {
"type": "string"
},
"nonEditablePhones": {
"type": "array"
},
"userProperties": {
"type": "object",
"properties": {
"mobiles": {
"type": "array"
},
"landlines": {
"type": "array"
},
"aliases": {
"type": "object"
}
}
}
},
"example": {
"uid": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
"username": "xxxxxx",
"moduleId": "xxxxxxx",
"dguid": "xxxxxx",
"urn": "xxxxx",
"type": "xxxxx",
"mobiles": [],
"landlines": [],
"aliases": {},
"roleValue": "xxxxx",
"status": "xxxxxx",
"firstname": "xxxxxxxx",
"middlename": "xxxxxxxx",
"lastname": "xxxxxxxx",
"email": "xxxxx@xxxxxxxx.xxx",
"phone": "xxxxxxxxxx",
"disabled": false,
"isLocked": false,
"ial": "xxxxx",
"userProperties": {
"mobiles": [],
"landlines": [],
"aliases": {}
}
}
},
"ServiceProviderResponse": {
"type": "object",
"properties": {
"data": {
"type": "string"
},
"publicKey": {
"type": "string"
}
},
"example": {
"data": "object",
"publicKey": "string"
}
},
"JwtVerifyTokenRequest": {
"type": "object",
"properties": {
"token": {
"type": "string"
}
},
"example": {
"token": "xxxx"
}
},
"JwtVerifyTokenResponse": {
"type": "object",
"properties": {
"data": {
"type": "string"
},
"publicKey": {
"type": "string"
}
},
"example": {
"data": "object",
"publicKey": "string"
}
},
"SetIDPConfigRequest": {
"type": "object",
"properties": {
"tenantId": {
"type": "string",
"example": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
},
"communityId": {
"type": "string",
"example": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
},
"signingCert": {
"type": "string",
"example": "xxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
},
"signingKey": {
"type": "string",
"example": "xxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
},
"encryptionCert": {
"type": "string",
"example": "xxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
},
"encryptionKey": {
"type": "string",
"example": "xxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
},
"entityId": {
"type": "string",
"example": "xxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
},
"authnRequestsSigned": {
"type": "boolean",
"example": true
},
"sso_bindings": {
"type": "array",
"items": {
"type": "string"
}
},
"slo_bindings": {
"type": "array",
"items": {
"type": "string"
}
},
"identifier": {
"type": "string",
"example": "string"
}
}
},
"ValidationError": {
"type": "object",
"properties": {
"message": {
"type": "string",
"example": "This field should not be empty"
}
}
},
"GetIDPConfigRequest": {
"type": "object",
"properties": {
"tenantId": {
"type": "string",
"example": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
},
"communityId": {
"type": "string",
"example": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
}
}
},
"SetTemplateConfigRequest": {
"type": "object",
"properties": {
"tenantId": {
"type": "string",
"example": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
},
"communityId": {
"type": "string",
"example": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
},
"templateData": {
"type": "object",
"properties": {
"self_onboarding": {
"type": "object",
"properties": {
"email": {
"type": "object",
"properties": {
"uuid": {
"type": "object",
"properties": {
"name": {
"type": "string",
"example": "xyz"
},
"subject": {
"type": "string",
"example": "Abc"
},
"data": {
"type": "string",
"example": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
},
"isDefault": {
"type": "boolean",
"example": true
}
}
}
}
},
"sms": {
"type": "object",
"properties": {
"uuid": {
"type": "object",
"properties": {
"name": {
"type": "string",
"example": "xyz"
},
"isDefault": {
"type": "boolean",
"example": true
},
"data": {
"type": "string",
"example": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
}
}
}
}
}
}
}
}
}
}
},
"DeleteTemplateConfigRequest": {
"type": "object",
"properties": {
"tenantId": {
"type": "string",
"example": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
},
"communityId": {
"type": "string",
"example": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
},
"key_paths": {
"type": "array",
"items": {
"type": "string",
"example": "xxxxxxxx"
}
}
}
},
"GetTemplateConfigRequest": {
"type": "object",
"properties": {
"tenantId": {
"type": "string",
"example": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
},
"communityId": {
"type": "string",
"example": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
},
"purposes": {
"type": "array",
"items": {
"type": "string",
"example": "xxxxxxxx"
}
}
}
},
"SetSessionAttributeConfigRequest": {
"type": "object",
"properties": {
"tenantId": {
"type": "string",
"example": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
},
"communityId": {
"type": "string",
"example": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
},
"data": {
"type": "array",
"items": {
"type": "string",
"example": "first_name"
}
}
}
},
"GetSessionAttributeConfigRequest": {
"type": "object",
"properties": {
"tenantId": {
"type": "string",
"example": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
},
"communityId": {
"type": "string",
"example": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
},
"local_key_paths": {
"type": "array",
"items": {
"type": "string"
},
"example": [
"blockid_session_attributes"
]
},
"global_key_paths": {
"type": "array",
"items": {
"type": "string"
},
"example": [
"blockid_session_attributes",
"blockid_ledger_attributes",
"identity_attributes"
]
}
}
},
"ServiceProviderRequest": {
"type": "object",
"properties": {
"name": {
"type": "string",
"example": "string"
},
"environment": {
"type": "string",
"example": "string"
},
"type": {
"type": "string",
"example": "saml"
},
"saml_config": {
"type": "object",
"properties": {
"accessUrl": {
"type": "string",
"example": "string"
},
"entityId": {
"type": "string",
"example": "string"
},
"assertionMethod": {
"type": "string",
"example": "string"
},
"assertionConsumerServiceURL": {
"type": "string",
"example": "string"
},
"logoutRequestSignRequired": {
"type": "boolean",
"example": true
},
"logoutResponseSignRequired": {
"type": "boolean",
"example": true
},
"authRequestSignRequired": {
"type": "boolean",
"example": true
},
"assertionSignRequired": {
"type": "boolean",
"example": true
},
"signingCert": {
"type": "string",
"example": "string"
},
"signingAlgo": {
"type": "string",
"example": "string"
},
"metadata": {
"type": "string",
"example": "string"
},
"nameid": {
"type": "object",
"properties": {
"format": {
"type": "string",
"example": "unspecified"
},
"value": {
"type": "string",
"example": "string"
},
"attribute_type": {
"type": "string",
"example": "string"
}
}
},
"attributes": {
"type": "array",
"items": {
"type": "object",
"properties": {
"claim_name": {
"type": "string",
"example": "string"
},
"attribute_name": {
"type": "string",
"example": "string"
},
"attribute_type": {
"type": "string",
"example": "string"
},
"value_type": {
"type": "string",
"example": "string"
},
"value": {
"type": "any",
"example": "string"
}
}
}
}
}
},
"forceReauthentication": {
"type": "boolean",
"example": true
},
"hideBanner": {
"type": "boolean",
"description": "Hide the banner on the OIDC login page",
"example": false
},
"hideMobileLinks": {
"type": "boolean",
"description": "Hide mobile app download links on the OIDC login page",
"example": false
},
"mobileAppLabel": {
"type": "string",
"description": "Custom mobile app name label (max 15 characters, OIDC only)",
"maxLength": 15,
"example": "MyApp"
}
}
},
"getCaasConfigRequest": {
"type": "object",
"properties": {
"tenantId": {
"type": "string",
"example": "string"
},
"communityId": {
"type": "string",
"example": "string"
},
"key_paths": {
"type": "array",
"items": {
"type": "string",
"example": "string"
}
}
}
},
"getCaasConfigResponse": {
"type": "object"
},
"ServiceKeysResponse": {
"type": "array",
"description": "Service keys array",
"items": {
"type": "object",
"required": [
"tag",
"keyId",
"keySecret",
"type"
],
"properties": {
"tag": {
"type": "string",
"description": "service ecdsa"
},
"keyId": {
"type": "string",
"description": "ecdsa publicKey"
},
"keySecret": {
"type": "string",
"description": "ecdsa private key"
},
"type": {
"type": "string",
"description": "default = ecdsa | hawk"
}
},
"example": {
"tag": "xxxxx",
"keyId": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxx",
"keySecret": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxx",
"type": "xxxxx"
}
}
},
"UserAttributesCreateRequest": {
"type": "object",
"properties": {
"moduleId": {
"type": "string",
"example": "xxx"
},
"attributes": {
"type": "array",
"items": {
"type": "object",
"properties": {
"name": {
"type": "string"
},
"attribute": {
"type": "string"
}
},
"example": {
"name": "xxx",
"attribute": "xxx"
}
}
}
}
},
"UserAttributesBulkUpdateRequest": {
"type": "object",
"properties": {
"attributes": {
"type": "array",
"items": {
"type": "object",
"properties": {
"_id": {
"type": "string"
},
"name": {
"type": "string"
},
"attribute": {
"type": "string"
}
},
"example": {
"_id": "objectId",
"name": "xxx",
"attribute": "xxx"
}
}
}
}
},
"UserAttributeUpdateRequest": {
"type": "object",
"properties": {
"name": {
"type": "string"
},
"attribute": {
"type": "string"
},
"moduleId": {
"type": "string"
}
},
"example": {
"name": "xxx",
"attribute": "xxx",
"moduleId": "xxxxxxxxxxxxxx"
}
},
"UserAttributeDeleteRequest": {
"type": "object",
"properties": {
"moduleId": {
"type": "string"
}
},
"example": {
"moduleId": "xxxxxxxxxxxxxx"
}
},
"InviteUserRequest": {
"type": "object",
"properties": {
"tenantId": {
"type": "string"
},
"communityId": {
"type": "string"
},
"authModuleId": {
"type": "string"
},
"userId": {
"type": "string"
},
"emailTo": {
"type": "string"
},
"smsTo": {
"type": "string"
},
"firstname": {
"type": "string"
},
"lastname": {
"type": "string"
},
"uid": {
"type": "string"
},
"templateKeyPath": {
"type": "string"
},
"createdby": {
"type": "string"
},
"createdbyemail": {
"type": "string"
},
"captchaToken": {
"type": "string"
},
"license": {
"type": "string"
}
}
},
"InviteUserResponse": {
"type": "object",
"properties": {
"emailResult": {
"type": "object",
"properties": {
"status": {
"type": "boolean",
"example": true
},
"statusCode": {
"type": "number",
"example": 200
},
"message": {
"type": "string",
"example": "https://1k-dev.1kosmos.net/acr,"
},
"error": {
"type": "string"
},
"gatewatId": {
"type": "string"
},
"resultId": {
"type": "string"
},
"messageId": {
"type": "string"
},
"ts": {
"type": "string"
}
}
},
"link": {
"type": "string"
},
"code": {
"type": "string"
}
}
},
"GetAccessCodesRequest": {
"type": "object",
"required": [
"user",
"did",
"community"
],
"properties": {
"user": {
"type": "object",
"properties": {
"uid": {
"type": "string"
},
"username": {
"type": "string"
},
"authModuleId": {
"type": "string"
}
},
"required": [
"uid",
"username",
"authModuleId"
],
"example": {
"uid": "string",
"username": "string",
"authModuleId": "string"
}
},
"community": {
"type": "object",
"properties": {
"id": {
"type": "string"
},
"name": {
"type": "string"
},
"publicKey": {
"type": "string"
}
},
"requied": [
"id",
"name",
"publicKey"
],
"example": {
"id": "string",
"name": "string",
"publicKey": "string"
}
},
"uids": {
"type": "array",
"items": {
"type": "string"
},
"example": [
"string optional",
"property 'uids' optional"
]
}
}
},
"GetAccessCodesResponse": {
"type": "object",
"properties": {
"status": {
"type": "string"
}
}
},
"AuthModuleCreateRequest": {
"type": "object",
"properties": {
"data": {
"type": "string"
}
},
"example": {
"data": "xxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxx="
}
},
"AuthModuleCreateResponse": {
"type": "object",
"properties": {
"data": {
"type": "string"
}
},
"example": {
"data": "xxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxx="
}
},
"AuthModuleUpdateResponse": {
"type": "object",
"properties": {
"data": {
"type": "string"
}
},
"example": {
"data": "xxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxx="
}
},
"AuthModuleGetResponse": {
"type": "object",
"properties": {
"data": {
"type": "string"
}
},
"example": {
"data": "xxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxx="
}
},
"SessionAuthenticateRequest": {
"type": "object",
"properties": {
"data": {
"type": "string",
"example": "string"
},
"appid": {
"type": "string",
"example": "string"
},
"ial": {
"type": "string",
"example": "string"
},
"eventData": {
"type": "string",
"example": "string"
},
"publicKey": {
"type": "string",
"example": "string"
},
"did": {
"type": "string",
"example": "string"
}
}
},
"SessionAuthenticateResponse": {
"type": "object",
"properties": {
"id": {
"type": "string",
"example": "xxxxxxxxxxxx"
}
}
},
"NewSessionRequest": {
"type": "object",
"required": [
"communityName",
"communityId",
"tenantId",
"tag",
"url",
"authtype"
],
"properties": {
"tag": {
"type": "string",
"example": "tagName"
},
"url": {
"type": "string",
"example": "url"
},
"communityName": {
"type": "string",
"example": "communityName"
},
"tenantId": {
"type": "string",
"example": "tenant id"
},
"communityId": {
"type": "string",
"example": "community id"
},
"authPage": {
"type": "string"
},
"scopes": {
"type": "string"
},
"authtype": {
"type": "string"
},
"metadata": {
"type": "object",
"properties": {
"purpose": {
"type": "string",
"example": "authentication"
},
"username": {
"type": "string",
"example": "username"
},
"saml": {
"type": "string",
"example": "saml request - optional"
},
"oidc": {
"type": "string",
"example": "oidc request - optional"
},
"authenticationType": {
"type": "string",
"example": "liveid_selfie - optional"
}
}
}
}
},
"NewSessionResponse": {
"type": "object",
"properties": {
"sessionId": {
"type": "string",
"example": "xxxxxxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
},
"sessionEnv": {
"type": "string",
"example": "XXXXXXXXXXXXXXXXX"
},
"sessionUrl": {
"type": "string",
"example": "XXXXXXXXXXXXXXXXX"
}
}
},
"GetSessionInfoResponse": {
"type": "object",
"properties": {
"scopes": {
"type": "string",
"example": "xxxxxxxxxxxxxx"
},
"authtype": {
"type": "string",
"example": "xxxxxxxxxxxxxx"
},
"_id": {
"type": "string",
"example": "xxxxxxxxxxxxxx"
},
"sessionId": {
"type": "string",
"example": "xxxxx-xxxx-xxxx-xxxxx-xxxxx"
},
"origin": {
"type": "object",
"properties": {
"tag": {
"type": "string",
"example": "xxxxxxxxxx"
},
"url": {
"type": "string",
"example": "xxxxxxxxxx"
},
"communityName": {
"type": "string",
"example": "xxxxxxxxxx"
},
"authPage": {
"type": "string",
"example": "xxxxxxxxxx"
},
"communityId": {
"type": "string",
"example": "xxxxxxxxxxxxxxxxx"
}
}
},
"publicKey": {
"type": "string",
"example": "xxxxxxxxxxxxxxxxxxxxx/xxxxxx"
},
"createdTS": {
"type": "number",
"example": 1624378501
},
"expiryTS": {
"type": "number",
"example": 1624378621
},
"expiresDate": {
"type": "string",
"example": "xxxxxxxxxxxxxxxxx"
},
"__v": {
"type": "number",
"example": 0
}
}
},
"SessionAuthResponseRequest": {
"type": "object",
"properties": {
"sessionId": {
"type": "string",
"example": "xxxxxxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
},
"communityId": {
"type": "string",
"example": "XXXXXXXXXXXXXXXXX"
},
"tenantId": {
"type": "string",
"example": "XXXXXXXXXXXXXXXXX"
},
"transient": {
"type": "boolean",
"example": "true/false"
},
"authenticateMethod": {
"type": "string",
"example": "xxxxxx"
},
"aliasUsed": {
"type": "string",
"example": "xxxxxx"
}
}
},
"ApplicationCreateRequest": {
"type": "object",
"properties": {
"name": {
"type": "string",
"example": "string"
},
"domain": {
"type": "string",
"example": "string"
},
"ssoUrl": {
"type": "string",
"example": "string"
},
"sloUrl": {
"type": "string",
"example": "string"
},
"clientId": {
"type": "string",
"example": "onlyForAuthO"
},
"clientSecret": {
"type": "string",
"example": "onlyForAuth0"
},
"apiToken": {
"type": "string",
"example": "onlyForOkta"
},
"username": {
"type": "string",
"example": "onlyForForgerockSalesforce"
},
"password": {
"type": "string",
"example": "olnyForForgerockSalesforce"
},
"useExistingCOT": {
"type": "string",
"example": "boolean - true/false - onlyForForgerock"
},
"COT": {
"type": "string",
"example": "onlyForForgerock"
},
"hostedSP": {
"type": "string",
"example": "onlyForForgerock"
},
"securityToken": {
"type": "string",
"example": "onlyForSalesforce"
},
"serviceAccountEmail": {
"type": "string",
"example": "onlyForGSuite"
},
"adminEmail": {
"type": "string",
"example": "onlyFormGSuite"
},
"serviceAccountPrivateKey": {
"type": "string",
"example": "onlyForGSuite"
}
}
},
"CreateOtpRequest": {
"type": "object",
"properties": {
"communityId": {
"type": "string",
"example": "string"
},
"tenantId": {
"type": "string",
"example": "string"
},
"user_token": {
"type": "string",
"example": "string"
},
"jwt_token": {
"type": "string",
"example": "string"
},
"deliveryMethod": {
"type": "string",
"example": "string"
},
"isResetPassword": {
"type": "boolean",
"example": "true/false - optional"
},
"destination": {
"type": "string",
"example": "string"
}
}
},
"CreateUserRequest": {
"type": "object",
"properties": {
"moduleId": {
"type": "string"
},
"username": {
"type": "string"
},
"status": {
"type": "string"
},
"role": {
"type": "string"
},
"firstname": {
"type": "string"
},
"middlename": {
"type": "string"
},
"lastname": {
"type": "string"
},
"email1": {
"type": "string"
},
"email1_verified": {
"type": "boolean"
},
"email2": {
"type": "string"
},
"email2_verified": {
"type": "boolean"
},
"phone1": {
"type": "string"
},
"phone1_verified": {
"type": "boolean"
},
"disabled": {
"type": "boolean"
},
"idpId": {
"type": "string"
}
},
"example": {
"moduleId": "xxxxxxxxxx",
"username": "xxxxxxxxxx",
"status": "xxxxxx",
"firstname": "xxxxxxxx",
"middlename": "xxxxxxxx",
"lastname": "xxxxxxxx",
"email1": "xxxxx@xxxxxxxx.xxx",
"email1_verified": true,
"email2": "xxxxx@xxxxxxxx.xxx",
"email2_verified": true,
"phone1": "xxxxxxxxxx",
"phone1_verified": true,
"role": "xxxxx",
"disabled": false,
"idpId": "xxxxx"
}
},
"CreateUserResponse": {
"type": "object",
"properties": {
"requested": {
"type": "number"
},
"created": {
"type": "number"
},
"failed": {
"type": "number"
},
"errors": {
"type": "array"
}
},
"example": {
"requested": "1,",
"created": "1,",
"failed": "0,",
"errors": []
}
},
"FetchDevicesResponse": {
"type": "object",
"properties": {
"list": {
"type": "array",
"items": {
"type": "object",
"properties": {
"personId": {
"type": "string"
},
"userIdList": {
"type": "array"
},
"communityId": {
"type": "string"
},
"publicKey": {
"type": "string"
},
"poi_ial": {
"type": "string"
},
"pon_ial": {
"type": "string"
},
"updatedTS": {
"type": "number"
},
"id": {
"type": "string"
}
},
"example": {
"personId": "xxxxxxxx",
"userIdList": [
"xxxxxxxx"
],
"communityId": "xxxxxxxx",
"publickey": "xxxxxxxx",
"poi_ial": "xxxxxxxx",
"pon_ial": "xxxxxxxx",
"updatedTS": "xxxxxxxx",
"id": "xxxxxxxx"
}
}
},
"devices": {
"type": "array",
"items": {
"type": "object",
"properties": {
"moduleId": {
"type": "string"
},
"username": {
"type": "string"
},
"status": {
"type": "string"
},
"role": {
"type": "string"
},
"firstname": {
"type": "string"
},
"middlename": {
"type": "string"
},
"lastname": {
"type": "string"
},
"email1": {
"type": "string"
},
"email1_verified": {
"type": "boolean"
},
"email2": {
"type": "string"
},
"email2_verified": {
"type": "boolean"
},
"phone1": {
"type": "string"
},
"phone1_verified": {
"type": "boolean"
}
},
"example": {
"uid": "xxxxxxxx",
"did": "xxxxxxxx",
"os": "xxxxxxxx",
"publickey": "xxxxxxxx",
"deviceName": "xxxxxxxx",
"authenticatorId": "xxxxxxxx",
"authenticatorVersion": "xxxxxxxx",
"authenticatorName": "xxxxxxxx",
"clientIp": "xxxxxxxx",
"userAgent": "xxxxxxxx",
"locLat": "xxxxxxxx",
"locLon": "xxxxxxxx",
"id": "xxxxx"
}
}
}
}
},
"FetchLoginOptionsResponse": {
"type": "object",
"properties": {
"list": {
"type": "array",
"items": {
"type": "object",
"properties": {
"personId": {
"type": "string"
},
"userIdList": {
"type": "array"
},
"communityId": {
"type": "string"
},
"publicKey": {
"type": "string"
},
"poi_ial": {
"type": "string"
},
"pon_ial": {
"type": "string"
},
"updatedTS": {
"type": "number"
},
"id": {
"type": "string"
}
},
"example": {
"personId": "xxxxxxxx",
"userIdList": [
"xxxxxxxx"
],
"communityId": "xxxxxxxx",
"publicKey": "xxxxxxxx",
"poi_ial": "xxxxxxxx",
"pon_ial": "xxxxxxxx",
"updatedTS": "xxxxxxxx",
"id": "xxxxxxxx"
}
}
},
"devices": {
"type": "array",
"items": {
"type": "object",
"properties": {
"moduleId": {
"type": "string"
},
"username": {
"type": "string"
},
"status": {
"type": "string"
},
"role": {
"type": "string"
},
"firstname": {
"type": "string"
},
"middlename": {
"type": "string"
},
"lastname": {
"type": "string"
},
"email1": {
"type": "string"
},
"email1_verified": {
"type": "boolean"
},
"email2": {
"type": "string"
},
"email2_verified": {
"type": "boolean"
},
"phone1": {
"type": "string"
},
"phone1_verified": {
"type": "boolean"
}
},
"example": {
"uid": "xxxxxxxx",
"did": "xxxxxxxx",
"os": "xxxxxxxx",
"publickey": "xxxxxxxx",
"deviceName": "xxxxxxxx",
"authenticatorId": "xxxxxxxx",
"authenticatorVersion": "xxxxxxxx",
"authenticatorName": "xxxxxxxx",
"clientIp": "xxxxxxxx",
"userAgent": "xxxxxxxx",
"locLat": "xxxxxxxx",
"locLon": "xxxxxxxx",
"id": "xxxxx"
}
}
},
"is_user_pin_enrolled": {
"type": "boolean"
},
"is_typing_phrase_enrolled": {
"type": "boolean"
}
}
},
"UnlinkUserDeviceRequest": {
"type": "object",
"required": [
"user",
"did",
"community"
],
"properties": {
"user": {
"type": "object",
"properties": {
"uid": {
"type": "string"
},
"username": {
"type": "string"
},
"authModuleId": {
"type": "string"
}
},
"required": [
"uid",
"username",
"authModuleId"
],
"example": {
"uid": "string",
"username": "string",
"authModuleId": "string"
}
},
"community": {
"type": "object",
"properties": {
"id": {
"type": "string"
},
"name": {
"type": "string"
},
"publicKey": {
"type": "string"
}
},
"requied": [
"id",
"name",
"publicKey"
],
"example": {
"id": "string",
"name": "string",
"publicKey": "string"
}
},
"did": {
"type": "string",
"example": "string"
}
}
},
"UnlinkUserDeviceResponse": {
"type": "object",
"properties": {
"username": {
"type": "string"
}
},
"example": {
"message": "xxxxxxxx"
}
},
"UserVerifyRequest": {
"type": "object",
"properties": {
"tenantId": {
"type": "string"
},
"communityId": {
"type": "string"
},
"email": {
"type": "string"
},
"username": {
"type": "string"
},
"checkAliases": {
"type": "boolean"
},
"fetchFromExternalSources": {
"type": "boolean"
}
},
"example": {
"tenantId": "string",
"communityId": "string",
"email": "string optional",
"username": "string optional",
"checkAliases": false,
"fetchFromExternalSources": false
}
},
"UnlinkLoginOptionsRequest": {
"type": "object",
"required": [
"user",
"did",
"community"
],
"properties": {
"user": {
"type": "object",
"properties": {
"uid": {
"type": "string"
},
"username": {
"type": "string"
},
"authModuleId": {
"type": "string"
}
},
"required": [
"uid",
"username",
"authModuleId"
],
"example": {
"uid": "string",
"username": "string",
"authModuleId": "string"
}
},
"community": {
"type": "object",
"properties": {
"id": {
"type": "string"
},
"name": {
"type": "string"
},
"publicKey": {
"type": "string"
}
},
"required": [
"id",
"name",
"publicKey"
],
"example": {
"id": "string",
"name": "string",
"publicKey": "string"
}
},
"did": {
"type": "string",
"example": "string"
},
"unlink_user_pin": {
"type": "boolean"
},
"unlink_typingPhrase": {
"type": "boolean"
}
}
},
"UnlinkLoginOptionsResponse": {
"type": "object",
"properties": {
"username": {
"type": "string"
}
},
"example": {
"message": "xxxxxxxx"
}
},
"UserVerifyResponse": {
"type": "object",
"properties": {
"users": {
"type": "array",
"items": {
"type": "object",
"properties": {
"username": {
"type": "string"
},
"usernameHash": {
"type": "string"
},
"email1": {
"type": "string"
},
"email1Hash": {
"type": "string"
},
"email2": {
"type": "string"
},
"email2Hash": {
"type": "string"
},
"phone": {
"type": "string"
},
"phoneHash": {
"type": "string"
},
"deviceName": {
"type": "string"
},
"aliasUsed": {
"type": "string"
},
"user_token": {
"type": "string"
}
},
"example": {
"username": "xxxxx",
"usernameHash": "xxxxx",
"email1": "xxxxx",
"email1Hash": "xxxxx",
"email2": "xxxxx",
"email2Hash": "xxxxx",
"phone": "xxxxx",
"phoneHash": "xxxxx",
"deviceName": "xxxxx",
"aliasUsed": "xxxxxx",
"user_token": "xxxxx"
}
}
}
}
},
"FetchPermissionRequest": {
"type": "object",
"properties": {
"tenantId": {
"type": "string"
},
"communityId": {
"type": "string"
},
"moduleId": {
"type": "string"
},
"uid": {
"type": "string"
}
},
"example": {
"tenantId": "xxxxx",
"communityId": "xxxxx",
"moduleId": "xxxxx",
"uid": "xxxxx"
}
},
"FetchPermissionResponse": {
"type": "array",
"items": {
"type": "object",
"properties": {
"_id": {
"type": "string"
},
"permission": {
"type": "string"
},
"objectId": {
"type": "string"
},
"objectType": {
"type": "string"
},
"subjectId": {
"type": "string"
},
"subjectType": {
"type": "string"
},
"createdBy": {
"type": "string"
}
},
"example": {
"_id": "xxxxx",
"permission": "xxxxx",
"objectId": "xxxxx",
"objectType": "user",
"subjectId": "xxxxx",
"subjectType": "xxxxx",
"createdBy": "xxxxx"
}
}
},
"ResendInviteUserRequest": {
"type": "object",
"properties": {
"code": {
"type": "string"
},
"emailTo": {
"type": "string"
},
"firstname": {
"type": "string"
},
"lastname": {
"type": "string"
},
"captchaToken": {
"type": "string"
},
"license": {
"type": "string"
}
}
},
"UserInviteRequest": {
"type": "object",
"properties": {
"tenantId": {
"type": "string"
},
"communityId": {
"type": "string"
},
"user_token": {
"type": "string"
},
"deliveryMethod": {
"type": "string"
},
"google_token": {
"type": "string"
},
"license": {
"type": "string"
}
},
"example": {
"tenantId": "string",
"communityId": "string",
"user_token": "string",
"deliveryMethod": "email1|email2",
"google_token": "string",
"license": "string"
}
},
"UserProfileRequest": {
"type": "object",
"properties": {
"attributes": {
"type": "array"
}
},
"example": {
"attributes": [
"firstname"
]
}
},
"UserProfileResponse": {
"type": "object",
"properties": {
"data": {
"type": "array"
}
},
"example": {
"data": "object",
"publicKey": "string"
}
},
"FetchLoginOptionsRequest": {
"type": "object",
"properties": {
"user": {
"type": "object",
"properties": {
"uid": {
"type": "string"
},
"username": {
"type": "string"
},
"authModuleId": {
"type": "string"
}
}
},
"community": {
"type": "object",
"properties": {
"id": {
"type": "string"
},
"name": {
"type": "string"
},
"publicKey": {
"type": "string"
}
}
}
},
"example": {
"user": {
"uid": "xxxxxxxx",
"username": "xxxxxxxx",
"authModuleId": "xxxxxxxx"
},
"community": {
"id": "xxxxxxxx",
"name": "xxxxxxx",
"publicKey": "xxxxxxx"
}
}
},
"FetchUserDeviceRequest": {
"type": "object",
"properties": {
"user": {
"type": "object",
"properties": {
"uid": {
"type": "string"
},
"username": {
"type": "string"
},
"authModuleId": {
"type": "string"
}
}
},
"community": {
"type": "object",
"properties": {
"id": {
"type": "string"
},
"name": {
"type": "string"
},
"publicKey": {
"type": "string"
}
}
}
},
"example": {
"user": {
"uid": "xxxxxxxx",
"username": "xxxxxxxx",
"authModuleId": "xxxxxxxx"
},
"community": {
"id": "xxxxxxxx",
"name": "xxxxxxx",
"publicKey": "xxxxxxx"
}
}
},
"GetBrandingRequest": {
"type": "object",
"properties": {
"tenantId": {
"type": "string",
"example": "string"
},
"communityId": {
"type": "string",
"example": "string"
}
}
},
"GetBrandingResponse": {
"type": "object",
"properties": {
"data": {
"type": "string",
"example": "xxxxxxxxxxxxxxxxxxxxxxxxx"
},
"publicKey": {
"type": "string",
"example": "xxxxxxxxx/xxxx"
}
}
},
"UpdateUserRequest": {
"type": "object",
"properties": {
"tenantId": {
"type": "string"
},
"communityId": {
"type": "string"
},
"moduleId": {
"type": "string"
},
"username": {
"type": "string"
},
"uid": {
"type": "string"
},
"status": {
"type": "string"
},
"oldRole": {
"type": "string"
},
"newRole": {
"type": "string"
},
"firstname": {
"type": "string"
},
"middlename": {
"type": "string"
},
"lastname": {
"type": "string"
},
"email1": {
"type": "string"
},
"email1_verified": {
"type": "boolean"
},
"email2": {
"type": "string"
},
"email2_verified": {
"type": "boolean"
},
"phone1": {
"type": "string"
},
"phone1_verified": {
"type": "boolean"
},
"disabled": {
"type": "boolean"
}
},
"example": {
"tenantId": "xxxxxxxxxx",
"communityId": "xxxxxxxxxx",
"moduleId": "xxxxxxxxxx",
"username": "xxxxxxxxxx",
"uid": "xxxxxxxxxx",
"status": "xxxxxx",
"firstname": "xxxxxxxx",
"middlename": "xxxxxxxx",
"lastname": "xxxxxxxx",
"email1": "xxxxx@xxxxxxxx.xxx",
"email1_verified": true,
"email2": "xxxxx@xxxxxxxx.xxx",
"email2_verified": true,
"phone1": "xxxxxxxxxx",
"phone1_verified": true,
"oldRole": "xxxxx",
"newRole": "xxxxxx",
"disabled": false
}
},
"UpdateUserResponse": {
"type": "object",
"properties": {
"uid": {
"type": "string"
},
"tenantId": {
"type": "string"
},
"communityId": {
"type": "string"
},
"username": {
"type": "string"
},
"type": {
"type": "string"
},
"roleValue": {
"type": "string"
},
"status": {
"type": "string"
},
"firstname": {
"type": "string"
},
"middlename": {
"type": "string"
},
"lastname": {
"type": "string"
},
"email1": {
"type": "string"
},
"email1_verified": {
"type": "string"
},
"email2": {
"type": "string"
},
"email2_verified": {
"type": "string"
},
"phone1": {
"type": "string"
},
"phone1_verified": {
"type": "string"
},
"address": {
"type": "string"
},
"address_verified": {
"type": "string"
},
"disabled": {
"type": "string"
}
},
"example": {
"uid": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
"tenantId": "xxxxxxxxxx",
"communityId": "xxxxxxxxxxxxxxxxxxxxxxxx",
"username": "xxxxxx",
"type": "xxxxx",
"roleValue": "xxxxx",
"status": "xxxxxx",
"firstname": "xxxxxxxx",
"middlename": "xxxxxxxx",
"lastname": "xxxxxxxx",
"email1": "xxxxx@xxxxxxxx.xxx",
"email1_verified": true,
"email2": "xxxxx@xxxxxxxx.xxx",
"email2_verified": true,
"phone1": "xxxxxxxxxx",
"phone1_verified": true,
"address": {},
"address_verified": false,
"disabled": false
}
},
"UpdateUserRoleRequest": {
"type": "object",
"properties": {
"tenantId": {
"type": "string"
},
"communityId": {
"type": "string"
},
"moduleId": {
"type": "string"
},
"username": {
"type": "string"
},
"uid": {
"type": "string"
},
"oldRole": {
"type": "string"
},
"newRole": {
"type": "string"
},
"disabled": {
"type": "boolean"
}
},
"example": {
"tenantId": "xxxxxxxxxx",
"communityId": "xxxxxxxxxx",
"moduleId": "xxxxxxxxxx",
"username": "xxxxxxxxxx",
"uid": "xxxxxxxxxx",
"oldRole": "xxxxx",
"newRole": "xxxxx",
"disabled": false
}
},
"UpdateUserRoleResponse": {
"type": "object",
"properties": {
"status": {
"type": "boolean"
}
},
"example": {
"status": true
}
},
"SetBrandingRequest": {
"type": "object",
"properties": {
"tenantId": {
"type": "string",
"example": "ABC123"
},
"communityId": {
"type": "string",
"example": "ABC123"
},
"bg_color_left_panel": {
"type": "string",
"example": "ABC123"
},
"bg_color_right_panel": {
"type": "string",
"example": "ABC123"
},
"primary_button_color": {
"type": "string",
"example": "ABC123"
},
"heading_text_color": {
"type": "string",
"example": "ABC123"
},
"links_color": {
"type": "string",
"example": "ABC123"
},
"active_tab_text_color": {
"type": "string",
"example": "ABC123"
},
"bg_img_left_panel": {
"type": "string",
"example": "xxxxxxxxxxxxxxxxxxxx"
},
"qr_code_logo": {
"type": "string",
"example": "https://1k-dev.1kosmos.net/image.png"
},
"qr_code_corner_squares_color": {
"type": "string",
"example": "ABC123"
},
"qr_code_dots_color": {
"type": "string",
"example": "ABC123"
},
"community_logo_img": {
"type": "string",
"example": "xxxxxxxxxxxxxxxxxxxxxxxxx"
},
"default_login_method": {
"type": "string",
"example": "username"
},
"username_label": {
"type": "string",
"example": "Corporate Username"
},
"disclaimer_message": {
"type": "string",
"example": "string"
}
}
},
"SetBrandingResponse": {
"type": "object",
"properties": {
"data": {
"type": "string",
"example": "xxxxxxxxxxxxxxxxxxxxxxxxx"
},
"publicKey": {
"type": "string",
"example": "xxxxxxxxx/xxxx"
}
}
},
"FetchBrokerConnectionsRequest": {
"type": "object",
"properties": {
"tenantId": {
"type": "string",
"example": "tenantId"
},
"communityId": {
"type": "string",
"example": "communityId"
},
"moduleId": {
"type": "string",
"example": "moduleId"
}
}
},
"DeleteBrokerConnectionRequest": {
"type": "object",
"properties": {
"tenantId": {
"type": "string",
"example": "tenantId"
},
"communityId": {
"type": "string",
"example": "communityId"
},
"moduleId": {
"type": "string",
"example": "moduleId"
}
}
},
"ChangeStatusBrokerConnectionRequest": {
"type": "object",
"properties": {
"tenantId": {
"type": "string",
"example": "tenantId"
},
"communityId": {
"type": "string",
"example": "communityId"
},
"moduleId": {
"type": "string",
"example": "moduleId"
},
"uid": {
"type": "string",
"example": "xxx"
},
"enabled": {
"type": "string",
"example": "true/false"
}
}
},
"UpdateBrokerConnectionRequest": {
"type": "object",
"properties": {
"tenantId": {
"type": "string",
"example": "tenantId"
},
"communityId": {
"type": "string",
"example": "communityId"
},
"moduleId": {
"type": "string",
"example": "moduleId"
},
"uid": {
"type": "string",
"example": "xxx"
},
"name": {
"type": "string",
"example": "xxx"
}
}
},
"CreateRadiusRequest": {
"type": "object",
"properties": {
"name": {
"type": "string",
"example": "name"
},
"authScheme": {
"type": "array",
"items": {
"type": "string",
"example": "push"
}
},
"pushKeyword": {
"type": "string",
"example": "pushKeyword"
},
"ivrKeyword": {
"type": "string",
"example": "phone"
},
"ivrLine": {
"type": "string",
"example": "phone"
}
}
},
"FetchRadiusConfigurationsRequest": {
"type": "object",
"properties": {
"tenantId": {
"type": "string",
"example": "tenantId"
},
"communityId": {
"type": "string",
"example": "communityId"
},
"ids": {
"type": "array",
"items": {
"type": "string",
"example": "ids"
}
}
}
},
"GetEventsRequest": {
"type": "object",
"properties": {
"tenantId": {
"type": "string",
"example": "xxxxxxxxxx"
},
"communityId": {
"type": "string",
"example": "xxxxxxxxxx"
},
"pSize": {
"type": "number",
"example": 10
},
"pIndex": {
"type": "number",
"example": 0
},
"from": {
"type": "string",
"example": "2021-09-01 00:00:00.000"
},
"to": {
"type": "string",
"example": "2021-09-28 00:00:00.000"
},
"user_id": {
"type": "string",
"example": "username"
},
"eventName": {
"type": "string",
"example": "E_LOGIN_SUCCEEDED"
}
}
},
"GetEventsResponse": {
"type": "object",
"properties": {
"data": {
"type": "string",
"example": "xxxxxxxxxxxxxxxxxxxxxxxxx"
},
"publicKey": {
"type": "string",
"example": "xxxxxxxxx/xxxx"
}
}
},
"RoleAssignmentRequest": {
"type": "object",
"properties": {
"tenantId": {
"type": "string",
"example": "xxxxxxxxxx"
},
"communityId": {
"type": "string",
"example": "xxxxxxxxxx"
},
"roleIds": {
"type": "array",
"example": [
"34545",
"232",
"3545"
]
},
"download": {
"type": "object",
"properties": {
"notificationList": {
"type": "array",
"example": [
"email1@1kosmos.com"
]
}
}
}
}
},
"RoleAssignmentResponse": {
"type": "object",
"properties": {
"jobId": {
"type": "string",
"example": "2343-5657-8787-4543"
}
}
},
"GetMetricsRequest": {
"type": "object",
"properties": {
"tenantId": {
"type": "string",
"example": "xxxxxxxxxx"
},
"communityId": {
"type": "string",
"example": "xxxxxxxxxx"
},
"from": {
"type": "string",
"example": "2021-09-01 00:00:00.000"
},
"to": {
"type": "string",
"example": "2021-09-28 00:00:00.000"
},
"metricsName": {
"type": "string",
"example": "M_C_ACTIVE_USER"
},
"responseTimezone": {
"type": "string",
"example": "UTC - string optional"
},
"download": {
"type": "object",
"properties": {
"requestBy": {
"type": "string",
"example": "test@email.com"
},
"notificationList": {
"type": "array",
"items": {
"type": "string",
"example": "https://1k-dev.1kosmos.net"
}
},
"eventData": {
"type": "object",
"properties": {
"tenant_dns": {
"type": "string",
"example": "https://1k-dev.1kosmos.net"
},
"user_id": {
"type": "string",
"example": "test_user"
}
}
}
}
}
}
},
"GetMetricsResponse": {
"type": "object",
"properties": {
"data": {
"type": "string",
"example": "xxxxxxxxxxxxxxxxxxxxxxxxx"
},
"publicKey": {
"type": "string",
"example": "xxxxxxxxx/xxxx"
}
}
},
"FetchLoginActivityReportRequest": {
"type": "object",
"properties": {
"tenantId": {
"type": "string",
"example": "xxxxxxxxxx"
},
"communityId": {
"type": "string",
"example": "xxxxxxxxxx"
},
"pSize": {
"type": "number",
"example": 10
},
"pIndex": {
"type": "number",
"example": 0
},
"from": {
"type": "string",
"example": "2021-09-01 00:00:00.000"
},
"to": {
"type": "string",
"example": "2021-09-28 00:00:00.000"
},
"user_id": {
"type": "string",
"example": "username"
},
"auth_method": {
"type": "string",
"example": "otp"
},
"application": {
"type": "string",
"example": "gsuite"
}
}
},
"FetchLoginActivityReportResponse": {
"type": "object",
"properties": {
"data": {
"type": "string",
"example": "xxxxxxxxxxxxxxxxxxxxxxxxx"
},
"publicKey": {
"type": "string",
"example": "xxxxxxxxx/xxxx"
}
}
},
"DownloadArtifactsRequest": {
"type": "object",
"properties": {
"tenantId": {
"type": "string",
"example": "tenant1"
},
"communityId": {
"type": "string",
"example": "community1"
},
"moduleId": {
"type": "string",
"example": "module1"
},
"type": {
"type": "string",
"example": "broker"
},
"os": {
"type": "string",
"example": "windows"
},
"version": {
"type": "string",
"example": "latest"
}
}
},
"DownloadablesVersionRequest": {
"type": "object",
"properties": {
"software": {
"type": "array",
"items": {
"type": "string",
"example": "broker"
}
},
"latest": {
"type": "boolean",
"example": true
},
"os": {
"type": "array",
"items": {
"type": "string",
"example": "windows"
}
}
}
},
"DownloadablesVersionResponse": {
"type": "object",
"properties": {
"artifacts": {
"type": "array",
"items": {
"type": "object",
"properties": {
"software": {
"type": "string",
"example": "radius"
},
"os": {
"type": "string",
"example": "linux"
},
"displayVersion": {
"type": "string",
"example": "pl_gr_1.07.02"
},
"version": {
"type": "string",
"example": "pl_gr_1.07.02"
}
}
}
}
}
},
"AttestationOptionsRequest": {
"type": "object",
"properties": {
"attestation": {
"type": "string",
"example": "attestation"
},
"authenticatorSelection": {
"type": "object",
"properties": {
"requireResidentKey": {
"type": "boolean",
"example": true
},
"authenticatorAttachment": {
"type": "string",
"example": "authenticatorAttachment"
}
}
}
}
},
"GetAssertionChallengeRequest": {
"type": "object",
"properties": {
"username": {
"type": "string",
"example": "xxxxxx"
},
"communityId": {
"type": "string",
"example": "xxxxxx"
},
"tenantId": {
"type": "string",
"example": "xxxxxx"
}
}
},
"GetAssertionChallengeResponse": {
"type": "object",
"properties": {
"challenge": {
"type": "string",
"example": "xxxxxx"
},
"rpId": {
"type": "string",
"example": "xxxxxx"
},
"timeout": {
"type": "number",
"example": "xxxxxx"
},
"UserVerification": {
"type": "string",
"example": "xxxxxx"
},
"allowCredentials": {
"type": "array",
"items": {
"type": "object",
"properties": {
"type": {
"type": "string",
"example": "public-key"
},
"id": {
"type": "string",
"example": "xxxxxxxx"
}
}
}
},
"status": {
"type": "string",
"example": "xxxx"
},
"errorMessage": {
"type": "string",
"example": ""
}
}
},
"RegisterSecurityKeyRequest": {
"type": "object",
"properties": {
"navigator_credentials_create_data": {
"type": "string",
"example": "Don't send string. Send properties using spread operator like '...data'"
},
"deviceName": {
"type": "string",
"example": "xxxxxxxx"
},
"keyType": {
"type": "string",
"example": "xxxxxxxx"
}
}
},
"RegisterSecurityKeyResponse": {
"type": "object",
"properties": {
"device": {
"type": "object",
"properties": {
"name": {
"type": "string",
"example": "Somebody's FIDO key"
},
"type": {
"type": "string",
"example": "FIDO"
}
}
},
"deviceId": {
"type": "string",
"example": "xxxxxxxxx"
},
"type": {
"type": "string",
"example": "xxxxxx"
}
}
},
"CommunityPostSSORequest": {
"type": "object",
"properties": {
"SAMLRequest": {
"type": "string",
"example": "SAMLRequest"
},
"RelayState": {
"type": "string",
"example": "RelayState"
},
"ForceAuthn": {
"type": "boolean",
"example": false
}
}
},
"CommunityPostWsfedRequest": {
"type": "object",
"properties": {
"wtrealm": {
"type": "string",
"example": "urn:wsfed-app"
},
"wa": {
"type": "string",
"example": "wsignin1.0"
},
"whr": {
"type": "string",
"example": "whr"
},
"wfresh": {
"type": "number",
"example": 0
},
"wctx": {
"type": "string",
"example": "some context"
}
}
},
"CommunityPostSamlAcsRequest": {
"type": "object",
"properties": {
"SAMLResponse": {
"type": "string",
"example": "SAMLResponse"
},
"RelayState": {
"type": "string",
"example": "RelayState"
}
}
},
"CommunityPostSLORequest": {
"type": "object"
},
"GenerateCertificateRequest": {
"type": "object",
"properties": {
"keySize": {
"type": "number",
"example": 1024
},
"algorithm": {
"type": "string",
"example": "sha256"
},
"expirationDays": {
"type": "number",
"example": 365
}
}
},
"GetMsgGatewayRequest": {
"type": "object",
"properties": {
"tenantId": {
"type": "string",
"example": "xxxxxxxxxx"
},
"communityId": {
"type": "string",
"example": "xxxxxxxxxx"
}
}
},
"GetMsgGatewayResponse": {
"type": "array",
"items": {
"type": "object",
"properties": {
"id": {
"type": "string",
"example": "xxxxxxxx"
},
"tenantId": {
"type": "string",
"example": "xxxxxxxxxx"
},
"communityId": {
"type": "string",
"example": "xxxxxxxxxx"
},
"type": null,
"channels": {
"type": "array",
"items": {
"type": "string",
"example": "email"
}
},
"protocol": {
"type": "string",
"example": "xxxxxxxxxx"
},
"auth": {
"type": "string",
"example": "true"
},
"name": {
"type": "string",
"example": "xxxxxxxxxx"
},
"username": {
"type": "string",
"example": "xxxxxxxxxx"
},
"password": {
"type": "string",
"example": "xxxxxxxxxx"
},
"serviceUrl": {
"type": "string",
"example": "xxxxxxxxxx"
},
"senderEmail": {
"type": "string",
"example": "xxxxxxxxxx"
},
"active": {
"type": "boolean",
"example": "xxxxxxxxxx"
},
"port": {
"type": "string",
"example": "xxxxxxxxxx"
},
"principalEntityId": {
"type": "string",
"example": "xxxxxxxxxx"
},
"dltTemplateId": {
"type": "string",
"example": "xxxxxxxxxx"
},
"awsRegion": {
"type": "string",
"example": "xxxxxxxxxx"
},
"appCategory": {
"type": "string",
"example": "xxxxxxxxxx"
},
"gstFlag": {
"type": "string",
"example": "xxxxxxxxxx"
},
"msgType": {
"type": "string",
"example": "xxxxxxxxxx"
}
}
}
},
"SecurityKeyLoginRequest": {
"type": "object",
"properties": {
"tenant": {
"type": "object",
"properties": {
"id": {
"type": "string",
"example": "xxxxxx"
},
"name": {
"type": "string",
"example": "xxxxxx"
},
"tag": {
"type": "string",
"example": "xxxxxx"
},
"type": {
"type": "string",
"example": "xxxxxx"
}
}
},
"community": {
"type": "object",
"properties": {
"id": {
"type": "string",
"example": "xxxxxx"
},
"name": {
"type": "string",
"example": "xxxxxx"
},
"publicKey": {
"type": "string",
"example": "xxxxxx"
}
}
},
"username": {
"type": "string",
"example": "xxxxxx"
},
"rawId": {
"type": "string",
"example": "xxxxxx"
},
"authenticatorData": {
"type": "number",
"example": "xxxxxx"
},
"signature": {
"type": "string",
"example": "xxxxxx"
},
"userHandle": {
"type": "string",
"nullable": true,
"example": "xxxx"
},
"clientDataJSON": {
"type": "number",
"example": "xxxxxx"
},
"getClientExtensionResults": {
"type": "object"
},
"id": {
"type": "string",
"example": "xxxx"
},
"type": {
"type": "string",
"example": "public-key"
}
}
},
"CreateSecurityKeyRequest": {
"type": "object",
"properties": {
"aaguid": {
"type": "string",
"example": "xxxxxx"
},
"metadata": {
"type": "string",
"example": "xxxxxx"
},
"name": {
"type": "string",
"example": "xxxxxx"
},
"disabled": {
"type": "boolean",
"example": false
},
"updatedBy": {
"type": "string",
"example": "xxxx"
}
}
},
"UpdateSecurityKeyRequest": {
"type": "object",
"properties": {
"metadata": {
"type": "string",
"example": "xxxxxx"
},
"name": {
"type": "string",
"example": "xxxxxx"
},
"disabled": {
"type": "boolean",
"example": false
},
"updatedBy": {
"type": "string",
"example": "xxxx"
}
}
},
"FetchSecurityKeyRequest": {
"type": "object",
"properties": {
"aaguid": {
"type": "array",
"items": {
"type": "string"
}
}
}
},
"CreateMsgGatewayRequest": {
"type": "object",
"properties": {
"tenantId": {
"type": "string",
"example": "xxxxxxxxxx"
},
"communityId": {
"type": "string",
"example": "xxxxxxxxxx"
},
"type": {
"type": "string",
"example": "xxxxxxxxxx"
},
"channels": {
"type": "array",
"items": {
"type": "string",
"example": "email"
}
},
"protocol": {
"type": "string",
"example": "xxxxxxxxxx"
},
"auth": {
"type": "string",
"example": "xxxxxxxxxx"
},
"name": {
"type": "string",
"example": "xxxxxxxxxx"
},
"username": {
"type": "string",
"example": "xxxxxxxxxx"
},
"password": {
"type": "string",
"example": "xxxxxxxxxx"
},
"serviceUrl": {
"type": "string",
"example": "xxxxxxxxxx"
},
"senderEmail": {
"type": "string",
"example": "xxxxxxxxxx"
},
"port": {
"type": "string",
"example": "xxxxxxxxxx"
},
"smstemplateid": {
"type": "string",
"example": "xxxxxxxxxx"
},
"entityId": {
"type": "string",
"example": "xxxxxxxxxx"
},
"authTokenRequestUrl": {
"type": "string",
"example": "xxxxxxxxxx"
},
"authClientId": {
"type": "string",
"example": "xxxxxxxxxx"
},
"authClientSecret": {
"type": "string",
"example": "xxxxxxxxxx"
},
"authGrantType": {
"type": "string",
"example": "xxxxxxxxxx"
},
"authScope": {
"type": "string",
"example": "xxxxxxxxxx"
},
"principalEntityId": {
"type": "string",
"example": "xxxxxxxxxx"
},
"dltTemplateId": {
"type": "string",
"example": "xxxxxxxxxx"
},
"awsRegion": {
"type": "string",
"example": "xxxxxxxxxx"
},
"appCategory": {
"type": "string",
"example": "xxxxxxxxxx"
},
"gstFlag": {
"type": "string",
"example": "xxxxxxxxxx"
},
"msgType": {
"type": "string",
"example": "xxxxxxxxxx"
}
}
},
"UpdateMsgGatewayRequest": {
"type": "object",
"properties": {
"id": {
"type": "string",
"example": "xxxxxxxxxx"
},
"tenantId": {
"type": "string",
"example": "xxxxxxxxxx"
},
"communityId": {
"type": "string",
"example": "xxxxxxxxxx"
},
"type": {
"type": "string",
"example": "xxxxxxxxxx"
},
"channels": {
"type": "array",
"items": {
"type": "string",
"example": "email"
}
},
"protocol": {
"type": "string",
"example": "xxxxxxxxxx"
},
"auth": {
"type": "string",
"example": "xxxxxxxxxx"
},
"name": {
"type": "string",
"example": "xxxxxxxxxx"
},
"username": {
"type": "string",
"example": "xxxxxxxxxx"
},
"password": {
"type": "string",
"example": "xxxxxxxxxx"
},
"serviceUrl": {
"type": "string",
"example": "xxxxxxxxxx"
},
"senderEmail": {
"type": "string",
"example": "xxxxxxxxxx"
},
"port": {
"type": "string",
"example": "xxxxxxxxxx"
},
"otpDelimiter": {
"type": "string",
"example": "xxxxxxxxxx"
},
"timeoutValue": {
"type": "number",
"example": "xxxxx"
},
"smstemplateid": {
"type": "string",
"example": "xxxxxxxxxx"
},
"entityId": {
"type": "string",
"example": "xxxxxxxxxx"
},
"authTokenRequestUrl": {
"type": "string",
"example": "xxxxxxxxxx"
},
"authClientId": {
"type": "string",
"example": "xxxxxxxxxx"
},
"authClientSecret": {
"type": "string",
"example": "xxxxxxxxxx"
},
"authGrantType": {
"type": "string",
"example": "xxxxxxxxxx"
},
"authScope": {
"type": "string",
"example": "xxxxxxxxxx"
},
"principalEntityId": {
"type": "string",
"example": "xxxxxxxxxx"
},
"dltTemplateId": {
"type": "string",
"example": "xxxxxxxxxx"
},
"awsRegion": {
"type": "string",
"example": "xxxxxxxxxx"
},
"appCategory": {
"type": "string",
"example": "xxxxxxxxxx"
},
"gstFlag": {
"type": "string",
"example": "xxxxxxxxxx"
},
"msgType": {
"type": "string",
"example": "xxxxxxxxxx"
}
}
},
"CreateMsgGatewayResponse": {
"type": "object",
"properties": {
"id": {
"type": "string",
"example": "xxxxxxxx"
},
"status": {
"type": "string",
"example": "xxxxxxxx"
}
}
},
"UpdateMsgGatewayResponse": {
"type": "object",
"properties": {
"id": {
"type": "string",
"example": "xxxxxxxx"
},
"status": {
"type": "string",
"example": "xxxxxxxx"
}
}
},
"DeleteMsgGatewayRequest": {
"type": "object",
"properties": {
"communityId": {
"type": "string",
"example": "xxxxxxxx"
},
"tenantId": {
"type": "string",
"example": "xxxxxxxx"
},
"gatewayId": {
"type": "string",
"example": "xxxxxxxx"
}
}
},
"HasSecurityKeyRequest": {
"type": "object",
"properties": {
"communityName": {
"type": "string",
"example": "xxxxxxxx"
},
"communityPublicKey": {
"type": "string",
"example": "xxxxxxxx"
},
"tenantTag": {
"type": "string",
"example": "xxxxxxxx"
},
"username": {
"type": "string",
"example": "xxxxxxxx"
}
}
},
"UploadImageRequest": {
"type": "object",
"properties": {
"image": {
"type": "string",
"format": "binary"
},
"tenantId": {
"type": "string",
"example": "xxxxxxxx"
},
"communityId": {
"type": "string",
"example": "xxxxxxxx"
}
}
},
"UploadImageResponse": {
"type": "object",
"properties": {
"url": {
"type": "string",
"example": "xxxxxxxxxx"
}
}
},
"UpdateAuthSchemeModulesRequest": {
"type": "object",
"properties": {
"tenantId": {
"type": "string",
"example": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
},
"communityId": {
"type": "string",
"example": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
},
"modules": {
"type": "array",
"items": {
"type": "string"
}
}
}
},
"GetServiceComponentsResponse": {
"type": "object",
"properties": {
"name1": {
"type": "string"
},
"name2": {
"type": "string"
},
"name3": {
"type": "string"
}
},
"example": {
"name1": "https://xxx.xxxxxx.xxx/xxxxx",
"name2": "https://xxx.xxxxxx.xxx/xxxxx",
"name3": "https://xxx.xxxxxx.xxx/xxxxx"
}
},
"SetInstanceSelfRegistrationConfigRequest": {
"type": "object",
"properties": {
"allowed": {
"type": "boolean",
"example": true
}
}
},
"SelfRegistrationConfigResponse": {
"type": "object",
"properties": {
"allowed": {
"type": "boolean",
"example": true
}
}
},
"SetFirstTimeEnrollmentSettingResponse": {
"type": "object",
"properties": {
"first_time_login_enrollment": {
"type": "boolean",
"example": true
},
"allowed_factors": {
"type": "array",
"example": [
"mobile",
"landline",
"smartphone"
]
}
}
},
"CreateWalletKeyRequest": {
"type": "object",
"properties": {
"pin": {
"type": "string",
"example": "12345678"
}
}
},
"FetchWalletKeyRequest": {
"type": "object",
"properties": {
"pin": {
"type": "string",
"example": "12345678"
}
}
},
"GetCommunitySelfRegistrationConfigRequest": {
"type": "object",
"properties": {
"tenantId": {
"type": "string",
"example": "string"
},
"communityId": {
"type": "string",
"example": "string"
}
}
},
"SetCommunitySelfRegistrationConfigRequest": {
"type": "object",
"properties": {
"tenantId": {
"type": "string",
"example": "string"
},
"communityId": {
"type": "string",
"example": "string"
},
"allowed": {
"type": "boolean",
"example": true
}
}
},
"SetFirstTimeEnrollmentSettingRequest": {
"type": "object",
"properties": {
"tenantId": {
"type": "string",
"example": "string"
},
"communityId": {
"type": "string",
"example": "string"
},
"first_time_login_enrollment": {
"type": "boolean",
"example": true
},
"allowed_factors": {
"type": "array",
"example": [
"mobile",
"landline",
"smartphone"
]
}
}
},
"SendVerifyRequest": {
"type": "object",
"properties": {
"email": {
"type": "string"
},
"tenantId": {
"type": "string"
},
"communityId": {
"type": "string"
},
"captchaToken": {
"type": "string"
}
},
"example": {
"email": "string",
"tenantId": "string",
"communityId": "string",
"captchaToken": "string"
}
},
"SendVerifyResponse": {
"type": "object",
"properties": {
"code": {
"type": "string"
},
"message": {
"type": "string"
}
},
"example": {
"code": 200,
"message": "Ok"
}
},
"VerifyEmailRequest": {
"type": "object",
"properties": {
"tenantId": {
"type": "string"
},
"communityId": {
"type": "string"
},
"code": {
"type": "string"
}
},
"example": {
"tenantId": "string",
"communityId": "string",
"code": "string"
}
},
"VerifyEmailResponse": {
"type": "object",
"properties": {
"email": {
"type": "string"
}
},
"example": {
"email": "string"
}
},
"RegisterRequest": {
"type": "object",
"properties": {
"tenantId": {
"type": "string"
},
"communityId": {
"type": "string"
},
"moduleId": {
"type": "string"
},
"firstname": {
"type": "string"
},
"lastname": {
"type": "string"
},
"email": {
"type": "string"
},
"phoneNumber": {
"type": "string"
},
"phoneToken": {
"type": "string"
},
"password": {
"type": "string"
},
"code": {
"type": "string"
},
"captchaToken": {
"type": "string"
}
},
"example": {
"tenantId": "string",
"communityId": "string",
"moduleId": "string",
"firstname": "string",
"lastname": "string",
"email": "string",
"phoneNumber": "string",
"phoneToken": "string",
"password": "string",
"code": "string",
"captchaToken": "string"
}
},
"CreateIdentityEnrollSessionRequest": {
"type": "object",
"properties": {
"smsTo": {
"type": "number"
},
"smsISDCode": {
"type": "number"
},
"documentType": {
"type": "string",
"example": "dl_object"
}
}
},
"CreateIdentityEnrollSessionResponse": {
"type": "object",
"properties": {
"sessionId": {
"sessionId": "string",
"example": "xxxxxxxx"
},
"sessionUrl": {
"sessionEnv": "string",
"example": "xxxxxxxx"
}
}
},
"ServiceProviderPublicInfoRequest": {
"type": "object",
"properties": {
"tenantId": {
"type": "string"
},
"communityId": {
"type": "string"
},
"SAMLRequest": {
"type": "string"
},
"OIDCRequest": {
"type": "string"
}
},
"example": {
"tenantId": "string",
"communityId": "string",
"SAMLRequest": "string",
"OIDCRequest": "string"
}
},
"FetchPwdPolicyRequest": {
"type": "object",
"properties": {
"tenantId": {
"type": "string"
},
"communityId": {
"type": "string"
},
"moduleId": {
"type": "string"
}
},
"example": {
"tenantId": "string",
"communityId": "string",
"moduleId": "string"
}
},
"EnrollSSNRequest": {
"type": "object",
"properties": {
"ssn": null
},
"example": {
"ssn": "string"
}
},
"OidcConfigObject": {
"type": "object",
"properties": {
"name": {
"type": "string",
"example": "name"
},
"description": {
"type": "string",
"example": "description"
},
"scopes": {
"type": "array",
"items": {
"type": "object",
"properties": {
"name": {
"type": "string",
"example": "name"
},
"display_name": {
"type": "string",
"example": "Display Name"
},
"consent_required": {
"type": "boolean",
"example": true
},
"claims": {
"type": "array",
"items": {
"type": "object",
"properties": {
"claim_name": {
"type": "string",
"example": "claim_name"
},
"attribute_name": {
"type": "string",
"example": "attribute_name"
},
"attribute_type": {
"type": "string",
"example": "attribute_type"
},
"value_type": {
"type": "string",
"example": "value_type"
},
"value": {
"type": "string",
"example": "value"
}
}
}
}
}
}
}
}
},
"IdpObject": {
"type": "object",
"properties": {
"type": {
"type": "string",
"example": "oidc"
},
"oidc_config": {
"$ref": "#/components/schemas/OidcConfigObject"
}
}
},
"IdpObjectWithOidcOptions": {
"type": "object",
"properties": {
"type": {
"type": "string",
"example": "oidc"
},
"oidc_config": {
"allOf": [
{
"$ref": "#/components/schemas/OidcConfigObject"
},
{
"type": "object",
"properties": {
"options": {
"type": "object",
"properties": {
"grant_types": {
"type": "array",
"items": {
"type": "object"
}
}
}
}
}
}
]
}
}
},
"CreateIdpObjectRequest": {
"allOf": [
{
"type": "object",
"properties": {
"tenantId": {
"type": "string",
"example": "xxxxx"
},
"communityId": {
"type": "string",
"example": "xxxxx"
}
}
},
{
"$ref": "#/components/schemas/IdpObject"
}
]
},
"FetchIdpObjectRequest": {
"type": "object",
"properties": {
"tenantId": {
"type": "string",
"example": "xxxxx"
},
"communityId": {
"type": "string",
"example": "xxxxx"
},
"id": {
"type": "string",
"example": "mongoId"
},
"type": {
"type": "string",
"example": "oidc"
}
}
},
"DeleteIdpObjectRequest": {
"type": "object",
"properties": {
"tenantId": {
"type": "string",
"example": "xxxxx"
},
"communityId": {
"type": "string",
"example": "xxxxx"
}
}
},
"DeleteExternalIdpRequest": {
"type": "object",
"properties": {
"tenantId": {
"type": "string",
"example": "xxxxx"
},
"communityId": {
"type": "string",
"example": "xxxxx"
}
}
},
"IdpObjectResponse": {
"allOf": [
{
"type": "object",
"properties": {
"_id": {
"type": "string",
"example": "xxxxxxxxxxxx"
}
}
},
{
"$ref": "#/components/schemas/IdpObject"
},
{
"type": "object",
"properties": {
"__v": {
"type": "number",
"example": 0
}
}
}
]
},
"IdpObjectArrayResponse": {
"type": "array",
"items": {
"allOf": [
{
"type": "object",
"properties": {
"_id": {
"type": "string",
"example": "xxxxxxxxxxxx"
}
}
},
{
"$ref": "#/components/schemas/IdpObjectWithOidcOptions"
},
{
"type": "object",
"properties": {
"__v": {
"type": "number",
"example": 0
}
}
}
]
}
},
"AuthenticationJourneyObject": {
"type": "object",
"properties": {
"name": {
"type": "string",
"example": "auth-journey-1"
},
"enabled": {
"type": "boolean",
"example": true
},
"groups": {
"type": "object",
"properties": {
"value": {
"type": "array",
"example": [
"group a",
"group b"
]
},
"operator": {
"type": "string",
"example": "overlap"
}
}
},
"deviceIds": {
"type": "object",
"properties": {
"value": {
"type": "array",
"example": [
"device-id-1",
"device-id-2"
]
},
"operator": {
"type": "string",
"example": "overlap"
}
}
},
"applications": {
"type": "object",
"properties": {
"value": {
"type": "array",
"example": [
"salesforce",
"gsuite"
]
},
"operator": {
"type": "string",
"example": "in"
}
}
},
"usernames": {
"type": "object",
"properties": {
"value": {
"type": "array",
"example": [
"username_1",
"username_2"
]
},
"operator": {
"type": "string",
"example": "in"
}
}
},
"ip": {
"type": "object",
"properties": {
"value": {
"type": "array",
"example": [
"71.237.6.10-71.237.6.80",
"192.237.6.10-71.237.6.80",
"71.237.70.10/32"
]
},
"operator": {
"type": "string",
"example": "eq"
}
}
},
"domain": {
"type": "object",
"properties": {
"value": {
"type": "array",
"example": [
"google.com",
"1kosmos.com"
]
},
"operator": {
"type": "string",
"example": "in"
}
}
},
"decision": {
"type": "object",
"properties": {
"action": {
"type": "string",
"example": "mfa_required"
},
"authenticationMethods": {
"type": "array",
"example": [
"password_and_otp",
"fido",
"liveid_selfie"
]
}
}
},
"machineNames": {
"type": "object",
"properties": {
"value": {
"type": "array",
"example": [
"qa-win2016-0"
]
},
"operator": {
"type": "string",
"example": "in"
}
}
},
"machineIds": {
"type": "object",
"properties": {
"value": {
"type": "array",
"example": [
"xxxxxxxxx"
]
},
"operator": {
"type": "string",
"example": "in"
}
}
},
"machineUsers": {
"type": "object",
"properties": {
"value": {
"type": "array",
"example": [
"user@qa-win2016-0"
]
},
"operator": {
"type": "string",
"example": "in"
}
}
},
"mobileLocation": {
"type": "object",
"properties": {
"value": {
"type": "number",
"example": 100
},
"operator": {
"type": "string",
"example": "gt"
}
}
}
}
},
"AuthenticationJourneyV2Object": {
"type": "object",
"properties": {
"name": {
"type": "string",
"example": "auth-journey-1"
},
"enabled": {
"type": "boolean",
"example": true
},
"category": {
"type": "string",
"example": "adaptive_auth_fallback_policy_v2",
"description": "Optional category for fallback journeys. When set to adaptive_auth_fallback_policy_v2, decision action must be mfa_required"
},
"groups": {
"type": "object",
"properties": {
"value": {
"type": "array",
"example": [
"group a",
"group b"
]
},
"operator": {
"type": "string",
"example": "overlap"
}
}
},
"deviceIds": {
"type": "object",
"properties": {
"value": {
"type": "array",
"example": [
"device-id-1",
"device-id-2"
]
},
"operator": {
"type": "string",
"example": "overlap"
}
}
},
"requestingAppId": {
"type": "object",
"properties": {
"value": {
"type": "string",
"example": "adminx"
},
"operator": {
"type": "string",
"example": "eq"
}
}
},
"relyingAppId": {
"type": "object",
"properties": {
"value": {
"type": "string",
"example": "gsuite"
},
"operator": {
"type": "string",
"example": "eq"
}
}
},
"appConfigId": {
"type": "object",
"properties": {
"value": {
"type": "string",
"example": "1345465"
},
"operator": {
"type": "string",
"example": "eq"
}
}
},
"usernames": {
"type": "object",
"properties": {
"value": {
"type": "array",
"example": [
"username_1",
"username_2"
]
},
"operator": {
"type": "string",
"example": "in"
}
}
},
"ip": {
"type": "object",
"properties": {
"value": {
"type": "array",
"example": [
"71.237.6.10-71.237.6.80",
"192.237.6.10-71.237.6.80",
"71.237.70.10/32"
]
},
"operator": {
"type": "string",
"example": "in"
}
}
},
"domain": {
"type": "object",
"properties": {
"value": {
"type": "array",
"example": [
"google.com",
"1kosmos.com"
]
},
"operator": {
"type": "string",
"example": "in"
}
}
},
"machineNames": {
"type": "object",
"properties": {
"value": {
"type": "array",
"example": [
"qa-win2016-0"
]
},
"operator": {
"type": "string",
"example": "in"
}
}
},
"machineIds": {
"type": "object",
"properties": {
"value": {
"type": "array",
"example": [
"xxxxxxx"
]
},
"operator": {
"type": "string",
"example": "in"
}
}
},
"machineUsers": {
"type": "object",
"properties": {
"value": {
"type": "array",
"example": [
"user@qa-win2016-0"
]
},
"operator": {
"type": "string",
"example": "in"
}
}
},
"decision": {
"type": "object",
"properties": {
"action": {
"type": "string",
"example": "mfa_required"
},
"authenticationMethods": {
"type": "array",
"example": [
"password_and_otp",
"fido",
"helpdesk_otp"
],
"description": "Supported methods include password, kerberos, uwl, push, qr, fido, mobile_totp, hw_otp, otp, email_otp, sms_otp, voice_otp, fido_and_shared_id_password, password_and_otp, password_and_web_otp, password_and_email_otp, password_and_sms_otp, password_and_voice_otp, password_and_push, kerberos_and_push, password_and_fido, password_and_mobile_totp, password_and_hw_otp, password_and_orion_otp, password_and_profile_otp, kerberos_and_otp, behavior_auth_and_user_pin, password_and_shared_id_password, helpdesk_otp"
}
}
}
}
},
"CreateOrUpdateAuthenticationJourneyRequest": {
"allOf": [
{
"type": "object",
"properties": {
"tenantId": {
"type": "string",
"example": "5f3d8d0cd866fa61019cf968"
},
"communityId": {
"type": "string",
"example": "5f3d8d0cd866fa61019cf969"
},
"authenticationJourney": {
"$ref": "#/components/schemas/AuthenticationJourneyObject"
}
}
}
]
},
"CreateOrUpdateAuthenticationJourneyV2Request": {
"allOf": [
{
"type": "object",
"properties": {
"tenantId": {
"type": "string",
"example": "5f3d8d0cd866fa61019cf968"
},
"communityId": {
"type": "string",
"example": "5f3d8d0cd866fa61019cf969"
},
"authenticationJourney": {
"$ref": "#/components/schemas/AuthenticationJourneyV2Object"
}
}
}
]
},
"CreateOrUpdateAuthenticationJourneyResponse": {
"allOf": [
{
"type": "object",
"properties": {
"_id": {
"type": "string",
"example": "xxxxxxxxxxxx"
}
}
},
{
"$ref": "#/components/schemas/AuthenticationJourneyObject"
},
{
"type": "object",
"properties": {
"__v": {
"type": "number",
"example": 0
}
}
}
]
},
"CountUsersRequest": {
"type": "object",
"properties": {
"tenantId": {
"type": "string"
},
"communityId": {
"type": "string"
},
"moduleId": {
"type": "string"
},
"query": {
"type": "object"
}
},
"example": {
"tenantId": "xxxxxxxxxxxxxxxxxxxxxxxx",
"communityId": "xxxxxxxxxxxxxxxxxxxxxxxx",
"moduleId": "xxxxxxxxxxxxxxxxxxxxxxxx",
"query": {}
}
},
"CountUsersResponse": {
"type": "object",
"properties": {
"id": {
"type": "string"
},
"type": {
"type": "string"
},
"count": {
"type": "string"
}
},
"example": {
"id": "xxxxxxxxxxxxxxxxxxxxxxxx",
"type": "azuread",
"count": 12
}
},
"TestConnectionRequest": {
"type": "object",
"properties": {
"tenantId": {
"type": "string"
},
"communityId": {
"type": "string"
},
"moduleId": {
"type": "string"
}
},
"example": {
"tenantId": "xxxxxxxxxxxxxxxxxxxxxxxx",
"communityId": "xxxxxxxxxxxxxxxxxxxxxxxx",
"moduleId": "xxxxxxxxxxxxxxxxxxxxxxxx"
}
},
"TestConnectionResponse": {
"type": "object",
"properties": {
"data": {
"type": "string"
}
},
"example": {
"data": "xxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxx="
}
},
"CreateRegistrationPhoneVerificationSessionRequest": {
"type": "object",
"properties": {
"tenantId": {
"type": "string",
"example": "xxxxxxxxxxxx"
},
"communityId": {
"type": "string",
"example": "xxxxxxxxxxxx"
},
"tenantTag": {
"type": "string",
"example": "xxxxxxxxxxxx"
},
"communityName": {
"type": "string",
"example": "xxxxxxxxxxxx"
},
"communityPublicKey": {
"type": "string",
"example": "xxxxxxxxxxxx"
},
"phoneNumber": {
"type": "string",
"example": "xxxxxxxxxxxx"
}
}
},
"CreateRegistrationPhoneVerificationSessionResponse": {
"type": "object",
"properties": {
"sessionId": {
"type": "string",
"example": "xxxxxxxxxxxx"
},
"sessionUrl": {
"type": "string",
"example": "xxxxxxxxxxxx"
},
"serviceEnv": {
"type": "string",
"example": "xxxxxxxxxxxx"
},
"smsServiceNumber": {
"type": "string",
"example": "xxxxxxxxxxxx"
},
"smsTemplateB64": {
"type": "string",
"example": "xxxxxxxxxxxx"
},
"phoneToken": {
"type": "string",
"example": "xxxxxxxxxxxx"
}
}
},
"PollRegistrationPhoneVerificationSessionRequest": {
"type": "object",
"properties": {
"phoneToken": {
"type": "string",
"example": "xxxxxxxxxxxx"
}
}
},
"PollRegistrationPhoneVerificationSessionResponse": {
"type": "object",
"properties": {
"newPhoneToken": {
"type": "string",
"example": "xxxxxxxxxxxx"
}
}
},
"SoftwareDownloadInfoResponse": {
"type": "object",
"properties": {
"displayVersion": {
"type": "string",
"example": "xxxxxx"
},
"version": {
"type": "string",
"example": "xxxxxx"
}
}
},
"VerifyDlRequest": {
"type": "object",
"properties": {
"dl": {
"type": "object"
}
}
},
"EnrollDocRequest": {
"type": "object",
"properties": {
"doc": {
"type": "string"
},
"selfie": {
"type": "string"
},
"proofs": {
"type": "array",
"items": {
"type": "string"
}
}
},
"example": {
"doc": {
"id": "id",
"firstName": "firstName",
"lastName": "lastName",
"type": "dl",
"face": "face",
"dob": "yyyyMMdd",
"doe": "yyyyMMdd"
},
"selfie": {
"face": "face"
},
"proofs": [
"proof1",
"proof2",
"etc"
]
}
},
"EnrollAffidavitRequest": {
"type": "object",
"properties": {
"doc": {
"type": "object",
"properties": {
"document_type": {
"type": "string"
},
"expiry": {
"type": "string"
},
"document_number": {
"type": "string"
},
"username": {
"type": "string"
},
"moduleId": {
"type": "string"
}
}
}
}
},
"GetDecisionRequest": {
"type": "object",
"properties": {
"tenantId": {
"type": "string"
},
"communityId": {
"type": "string"
}
},
"example": {
"tenantId": "xxxxxxxx",
"communityId": "xxxxxxxx"
}
},
"GetDecisionResponse": {
"type": "object",
"properties": {
"decision": {
"type": "boolean"
}
}
},
"CreateStepupOtpRequest": {
"type": "object",
"properties": {
"communityId": {
"type": "string",
"example": "string"
},
"tenantId": {
"type": "string",
"example": "string"
},
"oidcRequest": {
"type": "string",
"example": "string"
},
"type": {
"type": "string",
"example": "string"
}
}
},
"VerifyStepupOtpRequest": {
"type": "object",
"properties": {
"tenantId": {
"type": "string"
},
"communityId": {
"type": "string"
},
"user_token": {
"type": "string"
},
"passcode": {
"type": "string"
}
},
"example": {
"tenantId": "string",
"communityId": "string",
"user_token": "string",
"passcode": "string"
}
},
"StepupUserInfoRequest": {
"type": "object",
"properties": {
"tenantId": {
"type": "string",
"example": "tenantId"
},
"communityId": {
"type": "string",
"example": "communityId"
},
"oidcRequest": {
"type": "string",
"example": "oidcRequest"
}
}
},
"StepupUserInfoResponse": {
"type": "object",
"properties": {
"firstName": {
"type": "string",
"example": "firstName"
},
"email": {
"type": "string",
"example": "email"
},
"phone": {
"type": "string",
"example": "phone"
},
"deviceName": {
"type": "string",
"example": "deviceName"
}
}
},
"UserConsentCreateRequest": {
"type": "object",
"properties": {
"version": {
"type": "string",
"example": "xxxxxxx"
},
"transactionId": {
"type": "string",
"example": "xxxxxxx"
},
"uuid": {
"type": "string",
"example": "xxxxxxx"
},
"ts": {
"type": "number",
"example": 1234567890
},
"method": {
"type": "string",
"example": "web"
},
"authenticator": {
"type": "object",
"properties": {
"name": {
"type": "string",
"example": "xxxxxxx"
},
"id": {
"type": "string",
"example": "xxxxxxx"
},
"version": {
"type": "string",
"example": "xxxxxxx"
},
"os": {
"type": "string",
"example": "xxxxxxx"
}
}
},
"controller": {
"type": "object",
"properties": {
"type": {
"type": "string",
"example": "xxxxxxx"
},
"name": {
"type": "string",
"example": "xxxxxxx"
},
"id": {
"type": "string",
"example": "xxxxxxx"
},
"entityId": {
"type": "string",
"example": "xxxxxxx"
}
}
},
"scopes": {
"type": "array",
"items": {
"type": "object",
"properties": {
"name": {
"type": "string",
"example": "xxxxx"
},
"uuid": {
"type": "string",
"example": "xxxxx"
},
"claims": {
"type": "array",
"items": {
"type": "object"
}
}
}
}
},
"type": {
"type": "string",
"example": "explicit"
},
"status": {
"type": "string",
"example": "granted"
},
"ssoMethod": {
"type": "string",
"example": "string optional"
}
}
},
"UserConsentCheckRequest": {
"type": "object",
"properties": {
"spId": {
"type": "string",
"example": "xxxxxx"
},
"scopeIds": {
"type": "array",
"items": {
"type": "string",
"example": "uuid of scope"
}
}
}
},
"PasswordResetSendVerifyRequest": {
"type": "object",
"properties": {
"destination": {
"type": "string"
},
"user_token": {
"type": "string"
},
"tenantId": {
"type": "string"
},
"communityId": {
"type": "string"
},
"captchaToken": {
"type": "string"
},
"license": {
"type": "string"
}
},
"example": {
"destination": "string",
"user_token": "string",
"tenantId": "string",
"communityId": "string",
"captchaToken": "string",
"license": "string"
}
},
"PasswordResetSendVerifyResponse": {
"type": "object",
"properties": {
"code": {
"type": "string"
},
"message": {
"type": "string"
}
},
"example": {
"code": 200,
"message": "Ok"
}
},
"PasswordResetUserFetchRequest": {
"type": "object",
"properties": {
"tenantId": {
"type": "string"
},
"communityId": {
"type": "string"
},
"code": {
"type": "string"
}
},
"example": {
"tenantId": "xxxxxxxxxxxxxxxx",
"communityId": "xxxxxxxxxxxxxxxx",
"code": "xxxx-xxxx-xxxxx-xxxxxxx"
}
},
"PasswordResetUserFetchResponse": {
"type": "object",
"properties": {
"user": {
"type": "object"
},
"user_token": {
"type": "string"
}
},
"example": {
"user": {
"username": "string",
"uid": "string",
"type": "basic",
"disbaled": false,
"firstname": "string",
"email": "string",
"phone": "string",
"urn": "string"
},
"user_token": "ecdsa_encryted_string"
}
},
"PasswordResetRequest": {
"type": "object",
"properties": {
"tenantId": {
"type": "string"
},
"communityId": {
"type": "string"
},
"code": {
"type": "string"
},
"otp": {
"type": "string"
},
"newPassword": {
"type": "string"
},
"user_token": {
"type": "string"
}
},
"example": {
"tenantId": "xxxxxxxxxxxxxx",
"communityId": "xxxxxxxxxxxxxx",
"code": "xxxxxxxx-xxxx-xxxx-xxxxxxxxxxxx",
"otp": "NNNN",
"newPassword": "xxXX@#$XXxx",
"user_token": "ecdsa_encryted_string"
}
},
"PasswordResetResponse": {
"type": "object",
"properties": {
"code": {
"type": "string"
},
"message": {
"type": "string"
}
},
"example": {
"code": 200,
"message": "Ok"
}
},
"SetCommunityPwdlessSettingsRequest": {
"type": "object",
"properties": {
"tenantId": {
"type": "string",
"example": "string"
},
"communityId": {
"type": "string",
"example": "string"
},
"primaryMethod": {
"type": "string",
"example": "Fingerprint"
},
"secondaryMethod": {
"type": "string",
"example": "Pin"
},
"selfOnBoard": {
"type": "boolean",
"example": true
},
"selfOnBoardFromUserProfile": {
"type": "boolean",
"example": true
},
"accountsPerPerson": {
"type": "number",
"example": 5
},
"personsPerAccount": {
"type": "number",
"example": 1
},
"personLimitRule": {
"type": "string",
"example": "cleanup"
},
"passwordless_disabled": {
"type": "boolean",
"example": true
},
"qr_disabled": {
"type": "boolean",
"example": true
},
"push_disabled": {
"type": "boolean",
"example": true
},
"dns": {
"type": "string",
"example": "string"
},
"communityName": {
"type": "string",
"example": "string"
}
}
},
"SetCommunityPwdlessSettingsResponse": {
"type": "object",
"properties": {
"primaryMethod": {
"type": "string",
"example": "Fingerprint"
},
"secondaryMethod": {
"type": "string",
"example": "Pin"
},
"accountsPerPerson": {
"type": "number",
"example": 5
},
"personsPerAccount": {
"type": "number",
"example": 1
},
"personLimitRule": {
"type": "string",
"example": "cleanup"
},
"passwordless_disabled": {
"type": "boolean",
"example": true
},
"qr_disabled": {
"type": "boolean",
"example": true
},
"push_disabled": {
"type": "boolean",
"example": true
},
"fido_disabled": {
"type": "boolean",
"example": true
},
"fido_security_key_disabled": {
"type": "boolean",
"example": true
},
"fido_platform_authenticator_disabled": {
"type": "boolean",
"example": true
}
}
},
"UpdateEnvironmentConfigRequest": {
"type": "object",
"properties": {
"sessionMaxAgeMinute": {
"type": "number",
"example": 60
}
}
},
"UpdateEnvironmentConfigResponse": {
"type": "object",
"properties": {
"sessionMaxAgeMinute": {
"type": "number",
"example": 60
}
}
},
"RolesFetchResponse": {
"type": "array",
"example": [
"role1",
"role2",
"role3"
]
},
"RoleFetchResponse": {
"type": "object",
"properties": {
"id": {
"type": "string"
},
"name": {
"type": "string"
},
"description": {
"type": "string"
},
"createdBy": {
"type": "string"
},
"permissions": {
"type": "array"
},
"tenantId": {
"type": "string"
},
"communityId": {
"type": "string"
}
},
"example": {
"id": "xxxxxxxxxxx",
"name": "xxxxxxxxxxxxxxxx",
"description": "xxxxx",
"createdBy": "xxxxxxxxx",
"permissions": [],
"tenantId": "xxxxxxxxxxx",
"communityId": "xxxxxxxxxxx"
}
},
"StoreEventRequest": {
"type": "object",
"properties": {
"tenantId": {
"type": "string",
"example": "xxxxxxx"
},
"communityId": {
"type": "string",
"example": "xxxxxxx"
},
"eventData": {
"type": "object",
"properties": {
"type": {
"type": "string",
"example": "event"
},
"eventName": {
"type": "string",
"example": "E_LOGIN_VISITED"
},
"event_id": {
"type": "string",
"example": "xxxxxxxx"
},
"browser_agent": {
"type": "string",
"example": "xxxxxxxx"
},
"was_redirected": {
"type": "boolean",
"example": false
},
"version": {
"type": "string",
"example": "xxxxxxxx"
}
}
},
"serverEventData": {
"type": "object",
"properties": {
"remote_address": {
"type": "boolean",
"example": true
},
"event_ts": {
"type": "boolean",
"example": true
}
}
}
}
},
"AuthorizationFetchRequest": {
"type": "object",
"properties": {
"objectType": {
"type": "string",
"example": "user"
},
"objectId": {
"type": "string",
"example": "xxxxxxxxxxxxxxxx"
},
"subjectType": {
"type": "string",
"example": "community"
},
"subjectId": {
"type": "objectId",
"example": "xxxxxxxxxxxxxxxx"
}
}
},
"AuthorizationFetchResponse": {
"type": "array",
"example": [
{
"id": "id",
"subjectType": "community",
"subjectId": "communityId",
"objectType": "objectType",
"objectId": "objectId",
"role": {
"name": "name",
"createdBy": "createdBy",
"description": "description",
"permissions": [
"p1",
"p2"
]
}
}
]
},
"GetDownloadJobsRequest": {
"type": "object",
"properties": {
"sort": {
"type": "array",
"items": {
"type": "object",
"properties": {
"field": {
"type": "string",
"example": "status"
},
"order": {
"type": "string",
"example": "desc"
}
}
}
},
"pSize": {
"type": "number",
"example": 10
},
"pIndex": {
"type": "number",
"example": 0
}
}
},
"GetDocByTypeAndIdRequest": {
"type": "object",
"properties": {
"type": {
"type": "string",
"example": "document_type"
},
"id": {
"type": "string",
"example": "document_id"
}
}
},
"UnEnrollDocumentRequest": {
"type": "object",
"properties": {
"docId": {
"type": "string",
"example": "xxxxxxxxxxxxxxxxxxxx"
},
"docType": {
"type": "string",
"example": "ppt | dl | ssn | xxx"
}
}
},
"lastLoginReportRequest": {
"type": "object",
"properties": {
"tenantId": {
"type": "string",
"example": "xxxxxxxxxx"
},
"communityId": {
"type": "string",
"example": "xxxxxxxxxx"
},
"moduleId": {
"type": "string",
"example": "xxxxxxxxxx"
},
"pSize": {
"type": "number",
"example": 10
},
"pIndex": {
"type": "number",
"example": 0
},
"query": {
"type": "object",
"example": {}
}
}
},
"lastLoginReportResponse": {
"type": "object",
"properties": {
"data": {
"type": "string",
"example": "xxxxxxxxxxxxxxxxxxxxxxxxx"
},
"publicKey": {
"type": "string",
"example": "xxxxxxxxx/xxxx"
}
}
},
"countAllRequest": {
"type": "object",
"properties": {
"tenantId": {
"type": "string"
},
"communityId": {
"type": "string"
},
"moduleId": {
"type": "string"
}
},
"example": {
"tenantId": "string",
"communityId": "string",
"moduleId": "string"
}
},
"countAllResponse": {
"type": "object",
"properties": {
"data": {
"type": "string",
"example": "xxxxxxxxxxxxxxxxxxxxxxxxx"
},
"publicKey": {
"type": "string",
"example": "xxxxxxxxx/xxxx"
}
}
},
"CreateSecurityKeyResponse": {
"type": "object",
"properties": {
"aaguid": {
"type": "string",
"example": "xxxxxx"
},
"id": {
"type": "string",
"example": "xxxxxx"
}
}
},
"UpdateSecurityKeyResponse": {
"type": "object",
"properties": {
"status": {
"type": "string",
"example": "ok"
}
}
},
"FetchSecurityKeyResponse": {
"type": "array",
"items": {
"type": "object",
"properties": {
"aaguid": {
"type": "string",
"example": "xxxxxx"
},
"metadata": {
"type": "string",
"example": "xxxxxx"
},
"name": {
"type": "string",
"example": "xxxxxx"
},
"disabled": {
"type": "boolean",
"example": false
},
"updatedBy": {
"type": "string",
"example": "xxxx"
}
}
}
},
"ChangePasswordRequest": {
"type": "object",
"properties": {
"tenantId": {
"type": "string"
},
"communityId": {
"type": "string"
},
"authModule": {
"type": "string"
},
"username": {
"type": "string"
},
"currentPassword": {
"type": "string"
},
"newPassword": {
"type": "string"
},
"captchaToken": {
"type": "string"
}
},
"example": {
"tenantId": "xxxxxxxxxxxxxx",
"communityId": "xxxxxxxxxxxxxx",
"authModule": "xxxxxxxx-xxxx-xxxx-xxxxxxxxxxxx",
"username": "NNNN",
"currentPassword": "xxXX@#$XXxx",
"newPassword": "ABC@#$XXxx",
"captchaToken": "string"
}
},
"ChangePasswordResponse": {
"type": "object",
"properties": {
"code": {
"type": "string"
},
"message": {
"type": "string"
}
},
"example": {
"code": 200,
"message": "Ok"
}
},
"GetMFASettingsResponse": {
"type": "object",
"properties": {
"show_otp_email": {
"type": "boolean"
},
"show_otp_phone": {
"type": "boolean"
},
"show_otp_voice": {
"type": "boolean"
},
"show_otp_hardware": {
"type": "boolean"
},
"otp_prompt_text": {
"type": "string"
},
"accountLockEnabled": {
"type": "boolean"
},
"otpMaxAttempts": {
"type": "number"
},
"lockDurationMinutes": {
"type": "number"
},
"onespan_domain": {
"type": "string"
},
"onespan_url": {
"type": "string"
},
"self_enroll_phone_allowed": {
"type": "boolean"
}
},
"example": {
"show_otp_email": "boolean,",
"show_otp_phone": "boolean,",
"show_otp_voice": "boolean,",
"show_otp_hardware": "boolean,",
"otp_prompt_text": "string,",
"accountLockEnabled": "boolean,",
"otpMaxAttempts": "number,",
"lockDurationMinutes": "number,",
"onespan_domain": "string,",
"onespan_url": "string",
"self_enroll_phone_allowed": "boolean"
}
},
"GetWindowsMFASettingsResponse": {
"type": "object",
"properties": {
"allowed_enrollments": {
"type": "object",
"properties": {
"behavior_auth": {
"type": "boolean"
},
"user_pin": {
"type": "boolean"
}
}
},
"enableFallbackAuth": {
"type": "boolean",
"example": true
},
"maxAuthAttemptsBeforeFallback": {
"type": "number",
"example": 4
}
}
},
"GetPasswordResetSettingsResponse": {
"type": "object",
"properties": {
"default_input_method": {
"type": "string",
"example": "string"
},
"adminx_via_email_enabled": {
"type": "boolean",
"example": true
},
"adminx_require_otp": {
"type": "boolean",
"example": true
},
"mobile_enabled": {
"type": "boolean",
"example": true
},
"sspr": {
"type": "object",
"properties": {
"enabled": {
"type": "boolean"
},
"via_idproofing": {
"type": "object",
"properties": {
"enabled": {
"type": "boolean"
}
}
},
"dvcId": {
"type": "string"
},
"user_profile_api": {
"type": "object",
"properties": {
"enabled": {
"type": "boolean"
},
"provider": {
"type": "string"
},
"api": {
"type": "object",
"properties": {
"url": {
"type": "string"
},
"type": {
"type": "string"
},
"auth": {
"type": "string"
},
"credential": {
"type": "object",
"example": {
"username": "string",
"password": "string",
"token": "string"
}
}
}
},
"transformationB64": {
"type": "string"
}
}
}
}
}
}
},
"setMFASettingsRequest": {
"type": "object",
"properties": {
"tenantId": {
"type": "string",
"example": "string"
},
"communityId": {
"type": "string",
"example": "string"
},
"show_otp_email": {
"type": "boolean",
"example": true
},
"show_otp_phone": {
"type": "boolean",
"example": true
},
"show_otp_voice": {
"type": "boolean",
"example": true
},
"show_otp_hardware": {
"type": "boolean",
"example": true
},
"otp_prompt_text": {
"type": "string",
"example": "string"
},
"accountLockEnabled": {
"type": "boolean",
"example": true
},
"otpMaxAttempts": {
"type": "number",
"example": 2
},
"lockDurationMinutes": {
"type": "number",
"example": 60
},
"onespan_domain": {
"type": "string",
"example": "string"
},
"onespan_url": {
"type": "string",
"example": "string"
},
"self_enroll_phone_allowed": {
"type": "string",
"example": false
},
"sync_window_for_first_usage": {
"type": "number",
"example": 60000
}
}
},
"setMFASettingsResponse": {
"type": "object",
"properties": {
"show_otp_email": {
"type": "boolean",
"example": true
},
"show_otp_phone": {
"type": "boolean",
"example": true
}
}
},
"setWindowsMFASettingsRequest": {
"type": "object",
"properties": {
"allowed_enrollments": {
"type": "object",
"properties": {
"behavior_auth": {
"type": "boolean"
},
"user_pin": {
"type": "boolean"
}
}
},
"enableFallbackAuth": {
"type": "boolean",
"example": true
},
"maxAuthAttemptsBeforeFallback": {
"type": "number",
"example": 4
}
}
},
"setWindowsMFASettingsResponse": {
"type": "object",
"properties": {
"allowed_enrollments": {
"type": "object",
"properties": {
"behavior_auth": {
"type": "boolean"
},
"user_pin": {
"type": "boolean"
}
}
},
"enableFallbackAuth": {
"type": "boolean",
"example": true
},
"maxAuthAttemptsBeforeFallback": {
"type": "number",
"example": 4
}
}
},
"setPasswordResetSettingsRequest": {
"type": "object",
"properties": {
"tenantId": {
"type": "string",
"example": "string"
},
"communityId": {
"type": "string",
"example": "string"
},
"default_input_method": {
"type": "string",
"example": "string"
},
"adminx_via_email_enabled": {
"type": "boolean",
"example": true
},
"adminx_require_otp": {
"type": "boolean",
"example": true
},
"mobile_enabled": {
"type": "boolean",
"example": true
},
"sspr": {
"type": "object",
"properties": {
"enabled": {
"type": "boolean"
},
"via_idproofing": {
"type": "object"
},
"otp": {
"type": "string",
"example": "string optional"
},
"dvcId": {
"type": "string"
},
"user_profile_api": {
"type": "object",
"properties": {
"enabled": {
"type": "boolean"
},
"provider": {
"type": "string"
},
"api": {
"type": "object",
"properties": {
"url": {
"type": "string"
},
"type": {
"type": "string"
},
"auth": {
"type": "string"
},
"credential": {
"type": "object",
"example": {
"username": "string",
"password": "string",
"token": "string"
}
}
}
},
"transformationB64": {
"type": "string"
}
}
}
}
}
}
},
"setPasswordResetSettingsResponse": {
"type": "object",
"properties": {
"tenantId": {
"type": "string",
"example": "string"
},
"communityId": {
"type": "string",
"example": "string"
},
"default_input_method": {
"type": "string",
"example": "string"
},
"adminx_via_email_enabled": {
"type": "boolean",
"example": true
},
"adminx_require_otp": {
"type": "boolean",
"example": true
},
"mobile_enabled": {
"type": "boolean",
"example": true
},
"sspr": {
"type": "object",
"properties": {
"enabled": {
"type": "boolean"
},
"via_idproofing": {
"type": "object"
},
"dvcId": {
"type": "string"
},
"user_profile_api": {
"type": "object",
"properties": {
"enabled": {
"type": "boolean"
},
"provider": {
"type": "string"
},
"api": {
"type": "object",
"properties": {
"url": {
"type": "string"
},
"type": {
"type": "string"
},
"auth": {
"type": "string"
}
}
},
"transformationB64": {
"type": "string"
}
}
}
}
}
}
},
"setFidoSettingsRequest": {
"type": "object",
"properties": {
"tenantId": {
"type": "string"
},
"communityId": {
"type": "string"
},
"fido_disabled": {
"type": "boolean"
},
"fido_platform_authenticator_disabled": {
"type": "boolean"
},
"fido_security_key_disabled": {
"type": "boolean"
}
},
"example": {
"tenantId": "xxxxxxxxxxxxxx",
"communityId": "xxxxxxxxxxxxxx",
"fido_disabled": "false",
"fido_platform_authenticator_disabled": "false",
"fido_security_key_disabled": "false"
}
},
"setFidoSettingsResponse": {
"type": "object",
"properties": {
"fido_disabled": {
"type": "boolean"
},
"fido_platform_authenticator_disabled": {
"type": "boolean"
},
"fido_security_key_disabled": {
"type": "boolean"
}
},
"example": {
"fido_disabled": "false",
"fido_platform_authenticator_disabled": "false",
"fido_security_key_disabled": "false"
}
},
"setOrionSettingsRequest": {
"type": "object",
"properties": {
"tenantId": {
"type": "string"
},
"communityId": {
"type": "string"
},
"orion_authenticator_enabled": {
"type": "boolean"
},
"orion_authenticator_wait_time_ms": {
"type": "number"
}
},
"example": {
"tenantId": "5f3d8d0cd866fa61019cf968",
"communityId": "5f3d8d0cd866fa61019cf969",
"orion_authenticator_enabled": true,
"orion_authenticator_wait_time_ms": 1500
}
},
"setOrionSettingsResponse": {
"type": "object",
"properties": {
"orion_authenticator_enabled": {
"type": "boolean"
},
"orion_authenticator_wait_time_ms": {
"type": "number"
}
},
"example": {
"orion_authenticator_enabled": true,
"orion_authenticator_wait_time_ms": 1500
}
},
"GetFidoSettingsResponse": {
"type": "object",
"properties": {
"fido_disabled": {
"type": "boolean"
},
"fido_platform_authenticator_disabled": {
"type": "boolean"
},
"fido_security_key_disabled": {
"type": "boolean"
}
},
"example": {
"fido_disabled": "false",
"fido_platform_authenticator_disabled": "false",
"fido_security_key_disabled": "false"
}
},
"GetOrionSettingsResponse": {
"type": "object",
"properties": {
"orion_authenticator_enabled": {
"type": "boolean"
},
"orion_authenticator_wait_time_ms": {
"type": "number"
}
},
"example": {
"orion_authenticator_enabled": true,
"orion_authenticator_wait_time_ms": 1500
}
},
"liveIdSelfieSettingsRequest": {
"type": "object",
"properties": {
"tenantId": {
"type": "string"
},
"communityId": {
"type": "string"
},
"liveid_selfie_enabled": {
"type": "boolean"
}
},
"example": {
"tenantId": "xxxxxxxxxxxxxx",
"communityId": "xxxxxxxxxxxxxx",
"liveid_selfie_enabled": false
}
},
"liveIdSelfieSettingsResponse": {
"type": "object",
"properties": {
"liveid_selfie_enabled": {
"type": "boolean"
}
},
"example": {
"liveid_selfie_enabled": false
}
},
"testOneSpanConnectionRequest": {
"type": "object",
"properties": {
"user_name": {
"type": "string"
},
"otp": {
"type": "number"
}
},
"example": {
"user_name": "XYZ",
"otp": "123456"
}
},
"testOneSpanConnectionResponse": {
"type": "object",
"properties": {
"code": {
"type": "number"
},
"message": {
"type": "string"
},
"recommendation": {
"type": "string"
}
},
"example": {
"code": "200",
"message": "Success."
}
},
"unlockUserRequest": {
"type": "object",
"properties": {
"username": {
"type": "string",
"example": "xxxxx"
}
}
},
"lockUserRequest": {
"type": "object",
"properties": {
"username": {
"type": "string",
"example": "xxxxx"
},
"lock_duration": {
"type": "number",
"example": 30
}
}
},
"FetchAuthenticationJourneyRequest": {
"type": "object",
"properties": {
"tenantId": {
"type": "string",
"example": "tenantId"
},
"communityId": {
"type": "string",
"example": "communityId"
},
"ids": {
"type": "array",
"items": {
"type": "string",
"example": "xxxxxxxx"
}
}
}
},
"FetchAuthenticationJourneyResponse": {
"type": "object",
"properties": {
"id": {
"type": "string",
"example": "uuid"
},
"tenantId": {
"type": "string",
"example": "tenantId"
},
"communityId": {
"type": "string",
"example": "communityId"
},
"journeyName": {
"type": "string",
"example": "journeyName"
},
"enabled": {
"type": "boolean",
"example": true
},
"groups": {
"type": "object",
"properties": {
"value": {
"type": "array",
"items": {
"value": "string",
"example": "groups"
}
},
"operator": {
"type": "string",
"example": "overlap"
}
}
},
"deviceId": {
"type": "object",
"properties": {
"value": {
"type": "array",
"items": {
"value": "string",
"example": "deviceId"
}
},
"operator": {
"type": "string",
"example": "overlap"
}
}
},
"application": {
"type": "object",
"properties": {
"value": {
"type": "array",
"items": {
"value": "string",
"example": "Salesforce"
}
},
"operator": {
"type": "string",
"example": "in"
}
}
},
"username": {
"type": "object",
"properties": {
"value": {
"type": "array",
"items": {
"value": "string",
"example": "username"
}
},
"operator": {
"type": "string",
"example": "in"
}
}
},
"ip": {
"type": "object",
"properties": {
"value": {
"type": "array",
"items": {
"value": "string",
"example": "10.10.10.10"
}
},
"operator": {
"type": "string",
"example": "in_range"
}
}
},
"domain": {
"type": "string",
"example": "1k-dev.com"
},
"decision": {
"type": "object",
"properties": {
"action": {
"type": "string",
"example": "mfa_required"
},
"authenticationMethods": {
"type": "array",
"items": {
"value": "string",
"example": "password_and_otp"
}
}
}
}
}
},
"ExternalIdpObject": {
"type": "object",
"properties": {
"connection": {
"type": "object",
"properties": {
"idpName": {
"type": "string",
"example": "Okta"
},
"idpEntityId": {
"type": "string",
"example": "Okta"
},
"samlLoginUrl": {
"type": "string",
"example": "Okta"
},
"samlLogoutUrl": {
"type": "string",
"example": "Okta"
},
"ssoBinding": {
"type": "string",
"example": "Okta"
},
"sloBinding": {
"type": "string",
"example": "Okta"
},
"forceAuthn": {
"type": "boolean",
"example": true
},
"spEntityId": {
"type": "string",
"example": "Okta"
},
"spSigningCertificate": {
"type": "string",
"example": "Okta"
},
"spPrivateKey": {
"type": "string",
"example": "Okta"
},
"idpSigningCertificate": {
"type": "string",
"example": "Okta"
}
}
},
"routingPolicy": {
"type": "object",
"properties": {
"enabled": {
"type": "boolean",
"example": true
},
"groups": {
"type": "object",
"properties": {
"value": {
"type": "array",
"example": [
"group-a",
"group-b"
]
},
"operator": {
"type": "string",
"example": "overlap"
}
}
},
"usernames": {
"type": "object",
"properties": {
"value": {
"type": "array",
"example": [
"user_a",
"user_b"
]
},
"operator": {
"type": "string",
"example": "overlap"
}
}
},
"usersInIdpStore": {
"type": "boolean",
"example": true
}
}
}
}
},
"CreateOrUpdateExternalIdpRequest": {
"allOf": [
{
"type": "object",
"properties": {
"tenantId": {
"type": "string",
"example": "5f3d8d0cd866fa61019cf968"
},
"communityId": {
"type": "string",
"example": "5f3d8d0cd866fa61019cf969"
},
"externalIdp": {
"$ref": "#/components/schemas/ExternalIdpObject"
}
}
}
]
},
"CreateOrUpdateExternalIdpResponse": {
"allOf": [
{
"type": "object",
"properties": {
"_id": {
"type": "string",
"example": "xxxxxxxxxxxx"
}
}
},
{
"$ref": "#/components/schemas/ExternalIdpObject"
},
{
"type": "object",
"properties": {
"__v": {
"type": "number",
"example": 0
}
}
}
]
},
"FetchWalletRecoveryRequest": {
"type": "object",
"properties": {
"tenantId": {
"type": "string",
"example": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
},
"communityId": {
"type": "string",
"example": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
}
}
},
"FetchWalletRecoveryResponse": {
"type": "object",
"properties": {
"wallet_recovery_method": {
"type": "string",
"example": "xxxxxxxx"
}
}
},
"PollWallatRecoveryMethodResponse": {
"type": "object",
"properties": {
"jwt_token": {
"type": "string",
"example": "xxxxxxxxxxxx"
}
}
},
"FetchExternalIdpRequest": {
"type": "object",
"properties": {
"tenantId": {
"type": "string",
"example": "xxxxx"
},
"communityId": {
"type": "string",
"example": "xxxxx"
},
"ids": {
"type": "array",
"example": [
"xxxxxxx"
]
}
}
},
"GenerateSamlRequest": {
"type": "object",
"properties": {
"tenantId": {
"type": "string",
"example": "5f3d8d0cd866fa61019cf968"
},
"communityId": {
"type": "string",
"example": "5f3d8d0cd866fa61019cf969"
},
"idpId": {
"type": "string",
"example": "65c4ec704fc64768749ee0b3"
}
}
},
"AuditLogReportRequest": {
"type": "object",
"properties": {
"tenantId": {
"type": "string",
"example": "xxxxxxxxxx"
},
"communityId": {
"type": "string",
"example": "xxxxxxxxxx"
},
"pSize": {
"type": "number",
"example": 10
},
"pIndex": {
"type": "number",
"example": 0
},
"from": {
"type": "string",
"example": "2021-09-01 00:00:00.000"
},
"to": {
"type": "string",
"example": "2021-09-28 00:00:00.000"
},
"user_id": {
"type": "string",
"example": "username"
}
}
},
"AuditLogReportRequestResponse": {
"type": "object",
"properties": {
"data": {
"type": "string",
"example": "xxxxxxxxxxxxxxxxxxxxxxxxx"
},
"publicKey": {
"type": "string",
"example": "xxxxxxxxx/xxxx"
}
}
},
"CreateWalletRecoverySessionRequest": {
"type": "object",
"properties": {
"purpose": {
"type": "string",
"example": "xxxxxxxxxxx"
},
"biometricConsentAccepted": {
"type": "boolean"
}
}
},
"AlternateMfaCreateRequest": {
"type": "object",
"properties": {
"authModuleId": {
"type": "string",
"example": "xxxxxxxxxxx"
},
"username": {
"type": "string",
"example": "xxxxxxxxxxx"
}
}
},
"CreateWalletRecoverySessionResponse": {
"type": "object",
"properties": {
"sessionId": {
"type": "string",
"example": "xxxxxxxxxxxx"
},
"sessionEnv": {
"type": "string",
"example": "xxxxxxxxxxx"
},
"sessionUrl": {
"type": "string",
"example": "xxxxxxxxxxxx"
},
"authenticateWalletUrl": {
"type": "string",
"example": "xxxxxxxxxxx"
}
}
},
"LinuxCPJourneyObject": {
"type": "object",
"properties": {
"name": {
"type": "string",
"example": "auth-journey-1"
},
"enabled": {
"type": "boolean",
"example": true
},
"category": {
"type": "string",
"example": "adaptive_auth_fallback_policy_v2",
"description": "Optional category for fallback journeys. When set to adaptive_auth_fallback_policy_v2, decision action must be mfa_required"
},
"groups": {
"type": "object",
"properties": {
"value": {
"type": "array",
"example": [
"group a",
"group b"
]
},
"operator": {
"type": "string",
"example": "overlap"
}
}
},
"requestingAppId": {
"type": "object",
"properties": {
"value": {
"type": "string",
"example": "linux_cp"
},
"operator": {
"type": "string",
"example": "eq"
}
}
},
"usernames": {
"type": "object",
"properties": {
"value": {
"type": "array",
"example": [
"username_1",
"username_2"
]
},
"operator": {
"type": "string",
"example": "in"
}
}
},
"decision": {
"type": "object",
"properties": {
"action": {
"type": "string",
"example": "mfa_required"
},
"authenticationMethods": {
"type": "array",
"example": [
"password_and_otp",
"helpdesk_otp"
],
"description": "Supported methods include password, kerberos, uwl, push, qr, fido, mobile_totp, hw_otp, otp, email_otp, sms_otp, voice_otp, fido_and_shared_id_password, password_and_otp, password_and_web_otp, password_and_email_otp, password_and_sms_otp, password_and_voice_otp, password_and_push, kerberos_and_push, password_and_fido, password_and_mobile_totp, password_and_hw_otp, password_and_orion_otp, password_and_profile_otp, kerberos_and_otp, behavior_auth_and_user_pin, password_and_shared_id_password, helpdesk_otp"
}
}
}
}
},
"FetchAuthenticationJourneyRequestV2": {
"type": "object",
"properties": {
"tenantId": {
"type": "string",
"example": "tenantId"
},
"communityId": {
"type": "string",
"example": "communityId"
},
"ids": {
"type": "array",
"items": {
"type": "string",
"example": "xxxxxxxx"
}
},
"requestingAppId": {
"type": "string",
"example": "linux_cp"
},
"category": {
"type": "string",
"example": "adaptive_auth_fallback_policy_v2",
"description": "Optional filter to fetch journeys by category"
}
}
},
"FetchAuthenticationJourneyResponseV2": {
"type": "array",
"items": {
"type": "object",
"$ref": "#/components/schemas/LinuxCPJourneyObject"
}
},
"CreateOrUpdateLinuxCPJourneyRequest": {
"allOf": [
{
"type": "object",
"properties": {
"tenantId": {
"type": "string",
"example": "5f3d8d0cd866fa61019cf968"
},
"communityId": {
"type": "string",
"example": "5f3d8d0cd866fa61019cf969"
},
"authenticationJourney": {
"$ref": "#/components/schemas/LinuxCPJourneyObject"
}
}
}
]
},
"CreateOrUpdateLinuxCPJourneyResponse": {
"allOf": [
{
"type": "object",
"properties": {
"_id": {
"type": "string",
"example": "xxxxxxxxxxxx"
}
}
},
{
"$ref": "#/components/schemas/LinuxCPJourneyObject"
},
{
"type": "object",
"properties": {
"__v": {
"type": "number",
"example": 0
}
}
}
]
},
"AuthProxyConfig": {
"type": "object",
"properties": {
"name": {
"type": "string",
"example": "my proxy"
},
"pushKeyword": {
"type": "string",
"example": "push"
},
"authScheme": {
"type": "array",
"items": {
"type": "string",
"example": "push"
}
},
"ivrKeyword": {
"type": "string",
"example": "phone"
},
"isDefaultAuthMethodEnable": {
"type": "boolean",
"example": false,
"description": "Toggle to enable/disable default authentication method"
},
"defaultAuthMethod": {
"type": "string",
"enum": [
"push",
"ivr"
],
"example": "push",
"description": "Default authentication method to use (push or ivr) - only saved when isDefaultAuthMethodEnable is true"
},
"groups": {
"type": "object",
"properties": {
"value": {
"type": "array",
"example": [
"group1",
"group2"
]
},
"operator": {
"type": "string",
"example": "overlap"
}
}
}
}
},
"SetAuthProxyConfigRequest": {
"type": "object",
"$ref": "#/components/schemas/AuthProxyConfig"
},
"SetAuthProxyConfigResponse": {
"type": "object",
"$ref": "#/components/schemas/AuthProxyConfig"
},
"FetchAuthProxyConfigRequest": {
"type": "object",
"properties": {
"tenantId": {
"type": "string",
"example": "xxxxxx"
},
"communityId": {
"type": "string",
"example": "xxxxxx"
},
"ids": {
"type": "array",
"items": {
"type": "string",
"example": "xxxxx"
}
}
}
},
"CreateAccountOtpResponse": {
"type": "object",
"properties": {
"data": {
"type": "object",
"properties": {
"code": {
"type": "string",
"example": "000001"
},
"secondsRemaining": {
"type": "number",
"example": 25
}
}
},
"publicKey": {
"type": "string",
"example": "xxxxxx"
}
}
},
"UpdatePhoneNumberRequest": {
"type": "object",
"properties": {
"tenantId": {
"type": "string"
},
"communityId": {
"type": "string"
},
"otp": {
"type": "string"
},
"user": {
"type": "object",
"properties": {
"username": {
"type": "string"
},
"uid": {
"type": "string"
},
"authModuleId": {
"type": "string"
}
}
},
"updatePhones": {
"type": "object",
"properties": {
"mobiles": {
"type": "array"
},
"landlines": {
"type": "array"
}
}
},
"removePhones": {
"type": "object",
"properties": {
"mobiles": {
"type": "array"
},
"landlines": {
"type": "array"
}
}
}
},
"example": {
"tenantId": "string",
"communityId": "string",
"otp": "001001",
"user": {
"username": "string",
"uid": "string",
"authModuleId": "string"
},
"updatePhones": {
"mobiles": [
"4075156743"
],
"landlines": [
"4075156743"
]
},
"removePhones": {
"mobiles": [
"4075156743"
],
"landlines": [
"4075156743"
]
}
}
},
"UpdatePhoneNumberResponse": {
"type": "object",
"properties": {
"tenantId": {
"type": "string"
},
"communityId": {
"type": "string"
},
"user": {
"type": "object",
"properties": {
"username": {
"type": "string"
},
"uid": {
"type": "string"
},
"authModuleId": {
"type": "string"
}
}
},
"mobiles": {
"type": "array"
},
"landlines": {
"type": "array"
}
},
"example": {
"tenantId": "string",
"communityId": "string",
"user": {
"username": "string",
"uid": "string",
"authModuleId": "string"
},
"mobiles": [
"4075156743"
],
"landlines": [
"4075156743",
"5075156712"
]
}
},
"UpdateUserPinRequest": {
"type": "object",
"properties": {
"newPin": {
"type": "string"
}
}
},
"UpdateUserPinResponse": {
"type": "object",
"properties": {
"data": {
"type": "object",
"properties": {
"status": {
"type": "boolean"
}
}
}
}
},
"RegisterUserPinRequest": {
"type": "object",
"properties": {
"pin": {
"type": "string"
}
}
},
"RegisterUserPinResponse": {
"type": "object",
"properties": {
"data": {
"type": "object",
"properties": {
"status": {
"type": "boolean"
}
}
}
}
},
"DeleteUserPinResponse": {
"type": "object",
"properties": {
"data": {
"type": "object",
"properties": {
"message": {
"type": "string"
}
}
}
}
},
"FetchRandomPhraseRequest": {
"type": "object",
"description": "No body fields required - JWT is derived from the Authorization header"
},
"FetchRandomPhraseResponse": {
"type": "object",
"properties": {
"data": {
"type": "object",
"properties": {
"phrase": {
"type": "string"
},
"user_token": {
"type": "string"
}
}
}
}
},
"RegisterBehaviorAuthRequest": {
"type": "object",
"properties": {
"phrase": {
"type": "string"
},
"pattern": {
"type": "string"
},
"user_token": {
"type": "string"
}
}
},
"RegisterBehaviorAuthResponse": {
"type": "object",
"properties": {
"data": {
"type": "object",
"properties": {
"next_step": {
"type": "string"
},
"user_token": {
"type": "string"
},
"typing_data": {
"type": "object"
}
}
}
}
},
"ValidateBehaviorAuthRequest": {
"type": "object",
"properties": {
"pattern": {
"type": "string"
}
}
},
"ValidateBehaviorAuthResponse": {
"type": "object",
"properties": {
"data": {
"type": "object",
"properties": {
"username": {
"type": "string"
},
"proof_of_authentication_jwt": {
"type": "string"
},
"typing_data": {
"type": "object"
}
}
}
}
},
"DeregisterBehaviorAuthResponse": {
"type": "object",
"properties": {
"data": {
"type": "object",
"properties": {
"message": {
"type": "string"
}
}
}
}
},
"NonceSignRequest": {
"type": "object",
"properties": {
"tenantId": {
"type": "string"
},
"communityId": {
"type": "string"
},
"nonce": {
"type": "string"
}
},
"example": {
"tenantId": "string",
"communityId": "string",
"nonce": "string"
}
},
"NonceSignResponse": {
"type": "object",
"properties": {
"signed_nonce": {
"type": "string"
}
},
"example": {
"signed_nonce": "string"
}
},
"DeleteUserSesssionsRequest": {
"type": "object",
"properties": {
"username": {
"type": "string"
},
"moduleId": {
"type": "string"
}
},
"example": {
"username": "string",
"moduleId": "string"
}
},
"FetchHardwareTokensRequest": {
"type": "object",
"properties": {
"pSize": {
"type": "number"
},
"pIndex": {
"type": "number"
},
"query": {
"type": "object",
"properties": {
"serialNumbers": {
"type": "array",
"items": {
"type": "string"
}
}
}
},
"returnAssignedUserCount": {
"type": "boolean"
},
"returnActivityStatus": {
"type": "boolean"
}
},
"example": {
"pIndex": 0,
"pSize": 25,
"query": {
"serialNumbers": [
"sr001",
"/sr002/"
]
},
"returnAssignedUserCount": true,
"returnActivityStatus": true
}
},
"FetchHardwareTokensResponse": {
"type": "object",
"properties": {
"page": {
"type": "object"
},
"data": {
"type": "array"
}
},
"example": {
"data": "object",
"publicKey": "string"
}
},
"UploadCsvRequest": {
"type": "object",
"properties": {
"file": {
"type": "string",
"format": "binary"
}
}
},
"CreateHardwareTokensRequest": {
"type": "object",
"properties": {
"csv_text": "array"
},
"example": {
"csv_text": "string"
}
},
"CreateHardwareTokensResponse": {
"type": "object",
"properties": {
"page": {
"type": "object"
},
"data": {
"type": "array"
}
},
"example": {
"data": "object",
"publicKey": "string"
}
},
"EditHardwareTokensRequest": {
"type": "object",
"properties": {
"seed": {
"type": "string"
},
"counter": {
"type": "number"
}
},
"example": {
"seed": "string",
"counter": 0
}
},
"EditHardwareTokensResponse": {
"type": "object",
"properties": {
"page": {
"type": "object"
},
"data": {
"type": "array"
}
},
"example": {
"data": "object",
"publicKey": "string"
}
},
"DeleteHardwareTokensRequest": {
"type": "object",
"properties": {
"serialNumbers": {
"type": "array"
}
},
"example": {
"serialNumbers": [
"sr001",
"sr002"
]
}
},
"DeleteHardwareTokensResponse": {
"type": "object",
"properties": {
"deletedCount": {
"type": "number"
}
},
"example": {
"deletedCount": 1
}
},
"FetchUserOrTokensRequest": {
"type": "object",
"properties": {
"pSize": {
"type": "number"
},
"pIndex": {
"type": "number"
},
"query": {
"type": "object",
"properties": null,
"username": {
"type": "string"
},
"serialNumber": {
"type": "string"
}
}
},
"example": {
"pIndex": 0,
"pSize": 25,
"query": {
"username": "string",
"serialNumber": "string"
}
}
},
"FetchUserOrTokensResponse": {
"type": "object",
"properties": {
"page": {
"type": "object"
},
"data": {
"type": "object"
}
},
"example": {
"data": "object",
"publicKey": "string"
}
},
"AssignUsersRequest": {
"type": "object",
"properties": {
"list": {
"type": "array",
"items": {
"type": "object",
"properties": {
"username": {
"type": "string"
},
"serialNumber": {
"type": "string"
}
}
}
}
},
"example": {
"list": [
{
"username": "string",
"serialNumber": "string"
}
]
}
},
"AssignUsersResponse": {
"type": "object",
"properties": {
"page": {
"type": "object"
},
"data": {
"type": "object"
}
},
"example": {
"data": "object",
"publicKey": "string"
}
},
"AssignUsersCsvTextRequest": {
"type": "object",
"properties": {
"csv_text": {
"type": "string"
}
},
"example": {
"csv_text": "serialNumber,username\nsn00001,elamaran"
}
},
"AssignUsersCsvTextResponse": {
"type": "object",
"properties": {
"data": {
"type": "object"
},
"publickey": {
"type": "string"
}
},
"example": {
"data": "object",
"publicKey": "string"
}
},
"ResyncTokenRequest": {
"type": "object",
"properties": {
"code1": {
"type": "string"
},
"code2": {
"type": "string"
},
"code3": {
"type": "string"
},
"serialNumber": {
"type": "string"
}
},
"example": {
"code1": "string",
"code2": "string",
"code3": "string",
"serialNumber": "string"
}
},
"ResyncTokenResponse": {
"type": "object",
"properties": {
"data": {
"type": "object"
},
"publickey": {
"type": "string"
}
},
"example": {
"data": "object",
"publicKey": "string"
}
},
"ExportHardwareTokensRequest": {
"type": "object",
"properties": {
"reports_type": {
"type": "string",
"example": "hardware_tokens | user_hardwaretokens"
},
"query": {
"type": "object",
"example": {
"serialNumbers": [
"sr001",
"/sr002/"
]
}
},
"download": {
"type": "object",
"example": {
"notificationList": [
"email1@1kosmos.com"
]
}
}
}
},
"ExportHardwareTokensResponse": {
"type": "object",
"properties": {
"data": {
"type": "string",
"example": "xxxxxxxxxxxxxxxxxxxxxxxxx"
},
"publicKey": {
"type": "string",
"example": "xxxxxxxxx/xxxx"
}
}
},
"CreateIdProofingSessionRequest": {
"type": "object",
"properties": {
"tenantId": {
"type": "string",
"example": "xxxxxxxxx"
},
"communityId": {
"type": "string",
"example": "xxxxxxxxx"
},
"destinationHash": {
"type": "string",
"example": "sha512_encrypted_string"
},
"destinationChannel": {
"type": "string",
"example": "email"
},
"user_token": {
"type": "string",
"example": "ecdsa_encrypted_string"
},
"captchaToken": {
"type": "string",
"example": "captcha_token_string"
},
"license": {
"type": "string",
"example": "license_key_string"
}
}
},
"CreateIdProofingSessionResponse": {
"type": "object",
"properties": {
"sessionId": {
"type": "string",
"example": "session_id_string"
},
"user_token": {
"type": "string",
"example": "ecdsa_encrypted_string"
}
}
},
"PollIdProofingSessionRequest": {
"type": "object",
"properties": {
"tenantId": {
"type": "string",
"example": "xxxxxx"
},
"communityId": {
"type": "string",
"example": "xxxxxx"
},
"user_token": {
"type": "string",
"example": "ecdsa_encrypted_string"
}
}
},
"PollIdProofingSessionResponse": {
"type": "object",
"properties": {
"username": {
"type": "string",
"example": "username_string"
},
"user_token": {
"type": "string",
"example": "ecdsa_encrypted_string"
}
}
},
"testTransformationScriptRequest": {
"type": "object",
"properties": {
"username": {
"type": "string",
"description": "optional"
}
}
},
"testTransformationScriptResponse": {
"type": "object",
"properties": {
"firstname": {
"type": "string",
"example": "xxxxx"
},
"lastname": {
"type": "string",
"example": "xxxxxxxxxxxx"
},
"dob": {
"type": "string",
"example": "xxxx"
}
}
},
"FetchSecretsListRequest": {
"type": "object",
"required": [
"tenantId",
"communityId"
],
"properties": {
"tenantId": {
"type": "string",
"description": "Tenant identifier"
},
"communityId": {
"type": "string",
"description": "Community identifier"
}
},
"example": {
"tenantId": "tenant_123",
"communityId": "community_456"
}
},
"FetchSecretsListResponse": {
"type": "array",
"items": {
"type": "object",
"properties": {
"tag": {
"type": "string",
"description": "Secret identifier"
},
"createdBy": {
"type": "string",
"description": "User or service that created the secret"
},
"createdTs": {
"type": "number",
"description": "Unix timestamp in seconds"
},
"tenantId": {
"type": "string",
"description": "Tenant identifier"
},
"communityId": {
"type": "string",
"description": "Community identifier"
}
}
},
"example": [
{
"tag": "stripe_api_key",
"createdBy": "admin@example.com",
"createdTs": 1704067200,
"tenantId": "tenant_123",
"communityId": "community_456"
}
]
},
"CreateSecretRequest": {
"type": "object",
"required": [
"tenantId",
"communityId",
"tag",
"value"
],
"properties": {
"tenantId": {
"type": "string",
"description": "Tenant identifier"
},
"communityId": {
"type": "string",
"description": "Community identifier"
},
"tag": {
"type": "string",
"description": "Secret identifier. Must start with a letter [a-zA-Z] and contain only [a-zA-Z0-9_]",
"pattern": "^[a-zA-Z][a-zA-Z0-9_]*$"
},
"value": {
"type": "string",
"description": "Secret value to be encrypted and stored"
}
},
"example": {
"tenantId": "tenant_123",
"communityId": "community_456",
"tag": "stripe_api_key",
"value": "sk_test_4eC39HqLyjWDarjtT1zdp7dc"
}
},
"CreateSecretResponse": {
"type": "object",
"properties": {
"tag": {
"type": "string",
"description": "Secret identifier"
},
"createdBy": {
"type": "string",
"description": "User or service that created the secret"
},
"createdTs": {
"type": "number",
"description": "Unix timestamp in seconds"
},
"tenantId": {
"type": "string",
"description": "Tenant identifier"
},
"communityId": {
"type": "string",
"description": "Community identifier"
}
},
"example": {
"tag": "stripe_api_key",
"createdBy": "admin@example.com",
"createdTs": 1704067200,
"tenantId": "tenant_123",
"communityId": "community_456"
}
},
"DeleteSecretRequest": {
"type": "object",
"required": [
"tenantId",
"communityId",
"tag"
],
"properties": {
"tenantId": {
"type": "string",
"description": "Tenant identifier"
},
"communityId": {
"type": "string",
"description": "Community identifier"
},
"tag": {
"type": "string",
"description": "Secret identifier to delete"
}
},
"example": {
"tenantId": "tenant_123",
"communityId": "community_456",
"tag": "stripe_api_key"
}
},
"DeleteSecretResponse": {
"type": "object",
"properties": {
"message": {
"type": "string",
"description": "Success message"
}
},
"example": {
"message": "Secret deleted successfully"
}
},
"ConsentResponse": {
"type": "object",
"properties": {
"type": {
"type": "string",
"description": "Consent type",
"example": "biometric"
},
"title": {
"type": "string",
"description": "Consent document title",
"example": "Biometric Data Consent"
},
"subtitle": {
"type": "string",
"description": "Consent document subtitle",
"example": "Please review the following"
},
"body": {
"type": "string",
"format": "byte",
"description": "Base64-encoded HTML consent body",
"example": "PGgzPkJpb21ldHJpYyBDb25zZW50PC9oMz48cD5Db250ZW50Li4uPC9wPg=="
},
"acknowledgeText": {
"type": "string",
"description": "Acknowledgement text shown to the user",
"example": "I agree to the terms above"
},
"updatedAt": {
"type": "number",
"description": "Epoch seconds timestamp of last update",
"example": 1750012345
},
"updatedBy": {
"type": "string",
"description": "Username of the admin who last updated",
"example": "admin@example.com"
},
"docUpdatedAt": {
"type": "number",
"description": "Epoch seconds timestamp of when the document content was last changed",
"example": 1750012345
},
"consentId": {
"type": "string",
"description": "Current IPFS hash (content-addressable identifier)",
"example": "QmCurrentHash123"
},
"prevConsentId": {
"type": "string",
"description": "Previous IPFS hash for chain linking",
"example": "QmPreviousHash456"
},
"isEnabled": {
"type": "boolean",
"description": "Whether consent is enabled for the community",
"example": true
},
"version": {
"type": "string",
"description": "Version string computed from IPFS timestamp (v + epoch ms)",
"example": "v1750012345678"
}
}
},
"UpdateConsentPayload": {
"type": "object",
"required": [
"type",
"isEnabled"
],
"properties": {
"type": {
"type": "string",
"description": "Consent type",
"enum": [
"biometric"
],
"example": "biometric"
},
"isEnabled": {
"type": "boolean",
"description": "Whether to enable or disable consent",
"example": true
},
"title": {
"type": "string",
"description": "Consent document title (required when isEnabled=true)",
"example": "Biometric Data Consent"
},
"body": {
"type": "string",
"format": "byte",
"description": "Base64-encoded HTML consent body (required when isEnabled=true)",
"example": "PGgzPkJpb21ldHJpYyBDb25zZW50PC9oMz48cD5Db250ZW50Li4uPC9wPg=="
},
"subtitle": {
"type": "string",
"description": "Consent document subtitle (optional)",
"example": "Please review the following"
},
"acknowledgeText": {
"type": "string",
"description": "Acknowledgement text (required when isEnabled=true)",
"example": "I agree to the terms above"
}
}
},
"EncryptedUpdateConsentRequest": {
"type": "object",
"required": [
"data"
],
"properties": {
"data": {
"type": "string",
"description": "ECDSA encrypted JSON string containing the consent data (see UpdateConsentPayload for decrypted shape). In Swagger preview mode, send the unencrypted object directly.",
"example": "ecdsa_encrypted_string"
}
}
}
},
"securitySchemes": {
"keyId": {
"type": "apiKey",
"name": "keyId",
"in": "header",
"description": "ECDSA Public Key"
},
"keySecret": {
"type": "apiKey",
"name": "keySecret",
"in": "header",
"description": "Hawk Key Secret / ECDSA Private Key"
},
"bearerAuth": {
"type": "http",
"scheme": "bearer",
"bearerFormat": "JWT"
},
"ktokenAuth": {
"type": "apiKey",
"in": "header",
"name": "Authorization"
},
"jwtHeaderAuth": {
"type": "apiKey",
"in": "header",
"name": "x-jwt-token"
},
"basicAuth": {
"type": "basic"
},
"license": {
"type": "apiKey",
"name": "license",
"in": "header",
"description": "License key from License Microservice"
}
}
},
"tags": [
{
"name": "Authenticate"
},
{
"name": "Users"
},
{
"name": "User Properties"
},
{
"name": "User PIN",
"description": "User PIN management"
},
{
"name": "User Consent"
},
{
"name": "Test Connection"
},
{
"name": "Service Provider Catalog"
},
{
"name": "Session"
},
{
"name": "Service Providers"
},
{
"name": "Service Key"
},
{
"name": "Self Registration"
},
{
"name": "Radius"
},
{
"name": "Password Policy"
},
{
"name": "Public Key"
},
{
"name": "Healthz"
},
{
"name": "Reset Password"
},
{
"name": "Sign nonce",
"description": "API for signing nonce"
},
{
"name": "Login sessions",
"description": "API for terminating sessions"
},
{
"name": "JWT"
},
{
"name": "Instance Config"
},
{
"name": "Identity Providers"
},
{
"name": "Helpdesk"
},
{
"name": "ExternalIdp"
},
{
"name": "ECDSA Helper"
},
{
"name": "Downloadables"
},
{
"name": "IDP Config"
},
{
"name": "Consent"
},
{
"name": "Community Auth Info"
},
{
"name": "Behavior Auth",
"description": "Behavior authentication (typing biometrics) management"
},
{
"name": "Authz"
},
{
"name": "AuthenticationJourney"
},
{
"name": "User Attributes"
},
{
"name": "Broker"
},
{
"name": "Auth Modules"
},
{
"name": "Authenticate V2"
},
{
"name": "AuthenticationJourney V2"
}
],
"servers": [
{
"url": "https://pilot-root.1kosmos.net/adminapi/"
}
]
}