{
"openapi": "3.0.0",
"info": {
"title": "Authn service API",
"version": "2.1",
"description": "API documentation for Authn service API"
},
"servers": [
{
"url": "https://pilot-root.1kosmos.net/authn/"
}
],
"paths": {
"/tenant/{tenantId}/community/{communityId}/serviceprovider/{type}": {
"put": {
"summary": "Create Service Provider for featured applications",
"description": "Create Service Provider for featured applications\n\nLicense must be of authLevel = system/service\n\n| **Parameters** |\n|----------------------------------------------|\n\n### tenantId (required)\nId of tenant\n\n### communityId (required)\nId of community\n\n### type (required)\nSupported types: auth0, okta, salesforce, forgerock, gsuite, zendesk\n\n| **Headers** |\n|----------------------------------------------|\n\n### licensekey (required)\nLicense key encrypted with ECDSA\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 60 seconds from now\n\n### publickey (required)\nPublic key\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns ECDSA encoded object represents created service provider and public key\n",
"tags": [
"Service Providers"
],
"security": [
{
"authMyPublicKey": []
},
{
"authMyPrivateKey": []
},
{
"authLicense": []
}
],
"parameters": [
{
"name": "tenantId",
"in": "path",
"description": "Id of tenant",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "communityId",
"in": "path",
"description": "Id of community",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "type",
"in": "path",
"description": "Supported types - auth0, okta, salesforce, forgerock, gsuite, zendesk",
"required": true,
"schema": {
"type": "string",
"enum": [
"auth0",
"okta",
"forgerock",
"salesforce",
"gsuite",
"zendesk"
]
}
},
{
"name": "licensekey",
"in": "header",
"description": "License key encrypted with ECDSA / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 60 seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"description": "Request body contains 'data' field with encrypted object below:\n```\n{\n \"name\": \"string required\",\n \"domain\": \"url required / for GSuite: string required\",\n \"ssoUrl\": \"url required / for Zendesk: optional\",\n \"config\": \"object required - see available configs below\"\n}\n```\n\nConfigs:\n```\nFor Auth0:\n{\n \"clientId\": \"string required\",\n \"clientSecret\": \"string required\"\n}\n\nFor Okta:\n{\n \"apiToken\": \"string required\"\n}\n\nFor Forgerock:\n{\n \"username\": \"string required\",\n \"password\": \"string required\",\n \"useExistingCOT\": \"boolean required\",\n \"COT\": \"string optional if useExistingCOT === false\",\n \"hostedSP\": \"string optional if useExistingCOT === true\"\n}\n\nFor Salesforce:\n{\n \"username\": \"string required\",\n \"password\": \"string required\",\n \"securityToken\": \"string required\"\n}\n\nFor GSuite\n{\n \"serviceAccountEmail\": \"string required\",\n \"adminEmail\": \"string required\",\n \"serviceAccountPrivateKey\": \"string required\",\n \"sloUrl\": \"string required\"\n}\n\nFor Zendesk:\n{}\n```\nIMPORTANT - you can send unencrypted data and you will get unecrypted data as well, it is only a preview available in Swagger\n",
"required": true,
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ApplicationCreateRequest"
}
}
}
},
"responses": {
"200": {
"description": "Success\n\npublicKey is publicKey of Authn API, useful for decryption response\n\ndata is ECDSA encrypted object represents created service provider:\n```\n{\n \"_id\": \"6070951e8dfc7f29228126c9\",\n \"name\": \"Service provider's name\",\n \"environment\": \"Environment name\",\n \"type\": \"saml\",\n \"saml_config\": {\n \"_id\": \"6070951e8dfc7f29228126ca\",\n \"accessUrl\": \"http://google.com\",\n \"entityId\": \"http://google.com\",\n \"assertionMethod\": \"post\",\n \"assertionConsumerServiceURL\": \"http://google.com\",\n \"logoutRequestSignRequired\": true,\n \"logoutResponseSignRequired\": true,\n \"authRequestSignRequired\": true,\n \"assertionSignRequired\": true,\n \"signingCert\": \"signingCert\",\n \"encryptionCert\": \"encryptionCert\"\n \"encryptionAlgo\": \"ecdsa\",\n \"nameid\": {\n \"_id\": \"6070951e8dfc7f29228126cb\",\n \"format\": \"emailAddress\",\n \"value\": \"one of session_scope\",\n \"attribute_type\": \"session/ledger/identity\"\n },\n \"attributes\": [\n {\n \"_id\": \"6070951e8dfc7f29228126cc\",\n \"uuid\": \"xxxx-xxxxxxx-xxxxxxxxxx-xxxxxxxxxx\"\n \"claim_name\": \"string\",\n \"attribute_name\": \"string\",\n \"attribute_type\": \"session\",\n \"value_type\": \"static\",\n \"value\": \"value\"\n }\n ],\n \"metadata\": \"\\\\nT\\\\nF\\\\nR\\\\nDF\\\\n\"\n },\n \"forceReauthentication\": \"true/false\"\n \"communityId\": \"community\",\n \"logo\": \"logo\",\n \"__v\": 0\n}\n```\n",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ECDSADataResponse"
}
}
}
},
"400": {
"description": "Validation data error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ValidationError"
}
}
}
},
"403": {
"$ref": "#/components/schemas/ForbiddenError"
}
}
}
},
"/tenant/{tenantId}/community/{communityId}/serviceprovider/{id}": {
"delete": {
"summary": "Delete Service Provider",
"description": "Delete Service Provider\n\nLicense must be of authLevel = system/service\n\n| **Parameters** |\n|----------------------------------------------|\n\n### tenantId (required)\nId of tenant\n\n### communityId (required)\nId of community\n\n### id (required)\nId of MongoDB object\n\n| **Headers** |\n|----------------------------------------------|\n\n### licensekey (required)\nLicense key encrypted with ECDSA\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 60 seconds from now\n\n### publickey (required)\nPublic key\n\n| **Returns** |\n|-------------------------------------------|\n\n204 No Content\n",
"tags": [
"Service Providers"
],
"security": [
{
"authMyPublicKey": []
},
{
"authMyPrivateKey": []
},
{
"authLicense": []
}
],
"parameters": [
{
"name": "tenantId",
"in": "path",
"description": "Id of tenant",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "communityId",
"in": "path",
"description": "Id of community",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "id",
"in": "path",
"description": "Id of service provider",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "licensekey",
"in": "header",
"description": "License key encrypted with ECDSA / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 60 seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"description": "Request body contains 'data' field with encrypted object below:\n\nIMPORTANT - you can send unencrypted data and you will get unecrypted data as well, it is only a preview available in Swagger\n\n```\n {\n \"data\": \"\"\n }\n```\n",
"required": true,
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/DeleteSPRequest"
}
}
}
},
"responses": {
"204": {
"description": "Success"
},
"400": {
"description": "Validation path error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ValidationPathError"
}
}
}
},
"403": {
"$ref": "#/components/schemas/ForbiddenError"
}
}
},
"patch": {
"summary": "Update Service Provider",
"description": "Update Service Provider\n\nLicense must be of authLevel = system/service\n\n| **Parameters** |\n|----------------------------------------------|\n\n### tenantId (required)\nId of tenant\n\n### communityId (required)\nId of community\n\n### id (required)\nId of MongoDB object\n\n| **Headers** |\n|----------------------------------------------|\n\n### licensekey (required)\nLicense key encrypted with ECDSA\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 60 seconds from now\n\n### publickey (required)\nPublic key\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns ECDSA encoded object represents updated service provider and public key\n",
"tags": [
"Service Providers"
],
"security": [
{
"authMyPublicKey": []
},
{
"authMyPrivateKey": []
},
{
"authLicense": []
}
],
"parameters": [
{
"name": "tenantId",
"in": "path",
"description": "Id of tenant",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "communityId",
"in": "path",
"description": "Id of community",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "id",
"in": "path",
"description": "Id of service provider",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "licensekey",
"in": "header",
"description": "License key encrypted with ECDSA / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string"
},
"example": "Do not enter anything, use 'Authorize' fields"
},
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 60 seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string"
},
"example": "Do not enter anything, use 'Authorize' fields"
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string"
},
"example": "Do not enter anything, use 'Authorize' fields"
}
],
"requestBody": {
"description": "IMPORTANT - you can send unencrypted data and you will get unecrypted data as well, it is only a preview available in Swagger\n\nIn real application, you have to send encrypted data as follow:\n```\n{\n \"data\": \"\"\n}\n```\nFor type SAML: send only saml_config\n\nFor type OIDC: send only oidc_config\n",
"required": true,
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/CreateOrUpdateSpObjectRequest"
}
}
}
},
"responses": {
"200": {
"description": "SUCCESS\n\nIMPORTANT - Unencrypted response is only available in Swagger\n\nIn real application, you will get data as follow:\n```\n{\n \"data\": \"\",\n \"publicKey\": \"\"\n}\n```\n",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/SpObjectResponse"
}
}
}
},
"400": {
"description": "Validation data error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ValidationError"
}
}
}
},
"403": {
"$ref": "#/components/schemas/ForbiddenError"
},
"404": {
"$ref": "#/components/schemas/NotFoundError"
}
}
},
"get": {
"summary": "Get Service Provider by ID or entityId or client_id",
"description": "Get Service Provider by ID or entityId. If service with given id will not be found, then API will try to find by saml_config.entityId\n\nLicense must be of authLevel = system/service\n\n| **Parameters** |\n|----------------------------------------------|\n\n### tenantId (required)\nId of tenant\n\n### communityId (required)\nId of community\n\n### id (required)\nId of MongoDB object or saml_config.entityId or oidc_config.client_id\n\n| **Headers** |\n|----------------------------------------------|\n\n### licensekey (required)\nLicense key encrypted with ECDSA\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 60 seconds from now\n\n### publickey (required)\nPublic key\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns ECDSA encoded service provider object\n",
"tags": [
"Service Providers"
],
"security": [
{
"authMyPublicKey": []
},
{
"authMyPrivateKey": []
},
{
"authLicense": []
}
],
"parameters": [
{
"name": "tenantId",
"in": "path",
"description": "Id of tenant",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "communityId",
"in": "path",
"description": "Id of community",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "id",
"in": "path",
"description": "Id of service provider or saml_config.entityId",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "licensekey",
"in": "header",
"description": "License key encrypted with ECDSA / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 60 seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"responses": {
"200": {
"description": "SUCCESS\n\nIMPORTANT - Unencrypted response is only available in Swagger\n\nIn real application, you will get data as follow:\n```\n{\n \"data\": \"\",\n \"publicKey\": \"\"\n}\n```\n",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/SpObjectResponse"
}
}
}
},
"400": {
"description": "Validation path error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ValidationPathError"
}
}
}
},
"404": {
"$ref": "#/components/schemas/NotFoundError"
}
}
}
},
"/tenant/{tenantId}/community/{communityId}/scheme": {
"put": {
"summary": "Create Auth Scheme",
"description": "Create Auth Scheme\n\nLicense must be of authLevel = system/service\n\nNotice that creating new schema there are some conditions:\n\n- You can't create second auth scheme with the same exact pair of 'tag' and 'communityId'\n- Array with modules should have unique id for each module\n- Each community can have only 1 auth scheme with 'isDefault === true', setting authScheme with 'isDefault === false' will reset the one that is default to not default.\n\n| **Parameters** |\n|----------------------------------------------|\n\n### tenantId (required)\nId of tenant\n\n### communityId (required)\nId of community\n\n| **Headers** |\n|----------------------------------------------|\n\n### licensekey (required)\nLicense key encrypted with ECDSA\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 60 seconds from now\n\n### publickey (required)\nPublic key\n\n| **Returns** |\n|-------------------------------------------|\n\n Returns created Auth Scheme\n",
"tags": [
"Schemes"
],
"security": [
{
"authMyPublicKey": []
},
{
"authMyPrivateKey": []
},
{
"authLicense": []
}
],
"parameters": [
{
"name": "tenantId",
"in": "path",
"description": "Id of tenant",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "communityId",
"in": "path",
"description": "Id of community",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "licensekey",
"in": "header",
"description": "License key encrypted with ECDSA / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 60 seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"required": true,
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/AuthSchemeRequest"
}
}
}
},
"responses": {
"201": {
"description": "Success\n\nA newly created Auth Scheme is returned\n",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/AuthSchemeResponse"
}
}
}
},
"400": {
"description": "Validation data error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ValidationError"
}
}
}
},
"403": {
"$ref": "#/components/schemas/ForbiddenError"
}
}
}
},
"/tenant/{tenantId}/community/{communityId}/scheme/{id}": {
"patch": {
"summary": "Update Auth Scheme",
"description": "Update Auth Scheme\n\nLicense must be of authLevel = system/service\n\nNotice that updating new schema there are some conditions:\n\n- You can't create second auth scheme with the same exact pair of 'tag' and 'communityId'\n- Array with modules should have unique id for each module\n- Each community can have only 1 auth scheme with 'isDefault === true', setting authScheme with 'isDefault === false' will reset the one that is default to not default.\n\nIMPORTANT: Only full object can be updated\n\n| **Parameters** |\n|----------------------------------------------|\n\n### id (required)\nId of MongoDB object\n\n### tenantId (required)\nId of tenant\n\n### communityId (required)\nId of community\n\n| **Headers** |\n|----------------------------------------------|\n\n### licensekey (required)\nLicense key encrypted with ECDSA\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 60 seconds from now\n\n### publickey (required)\nPublic key\n\n| **Returns** |\n|-------------------------------------------|\n\n Returns updated Auth Scheme\n",
"tags": [
"Schemes"
],
"security": [
{
"authMyPublicKey": []
},
{
"authMyPrivateKey": []
},
{
"authLicense": []
}
],
"parameters": [
{
"name": "tenantId",
"in": "path",
"description": "Id of tenant",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "communityId",
"in": "path",
"description": "Id of community",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "id",
"in": "path",
"description": "Id of MongoDB object to update",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "licensekey",
"in": "header",
"description": "License key encrypted with ECDSA / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 60 seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"required": true,
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/AuthSchemeRequest"
}
}
}
},
"responses": {
"200": {
"description": "Success\n\nUpdated Auth Module is returned\n",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/AuthSchemeResponse"
}
}
}
},
"400": {
"description": "Validation data error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ValidationError"
}
}
}
},
"403": {
"$ref": "#/components/schemas/ForbiddenError"
}
}
},
"delete": {
"summary": "Delete Auth Scheme",
"description": "Delete Auth Scheme\n\n| **Parameters** |\n|----------------------------------------------|\n\n### id (required)\nId of MongoDB object\n\n### tenantId (required)\nId of tenant\n\n### communityId (required)\nId of community\n\n| **Headers** |\n|----------------------------------------------|\n\n### licensekey (required)\nLicense key encrypted with ECDSA\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 60 seconds from now\n\n### publickey (required)\nPublic key\n\n| **Returns** |\n|-------------------------------------------|\n\n No content\n",
"tags": [
"Schemes"
],
"security": [
{
"authMyPublicKey": []
},
{
"authMyPrivateKey": []
},
{
"authLicense": []
}
],
"parameters": [
{
"name": "tenantId",
"in": "path",
"description": "Id of tenant",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "communityId",
"in": "path",
"description": "Id of community",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "id",
"in": "path",
"description": "Id of MongoDB object to delete",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "licensekey",
"in": "header",
"description": "License key encrypted with ECDSA / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 60 seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"responses": {
"204": {
"description": "No information\n\nDeleted auth scheme\n"
},
"400": {
"description": "Validation path error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ValidationPathError"
}
}
}
},
"403": {
"$ref": "#/components/schemas/ForbiddenError"
}
}
}
},
"/tenant/{tenantId}/community/{communityId}/scheme/fetch": {
"post": {
"summary": "Get Auth Schemes list",
"description": "Get Auth Schemes list\n\nLicense must be of authLevel = system/service\n\n| **Parameters** |\n|----------------------------------------------|\n\n### tenantId (required)\nId of tenant\n\n### communityId (required)\nId of community\n\n| **Headers** |\n|----------------------------------------------|\n\n### licensekey (required)\nLicense key encrypted with ECDSA\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 60 seconds from now\n\n### publickey (required)\nPublic key\n\n| **Returns** |\n|-------------------------------------------|\n\n Array of Auth Schemes\n",
"tags": [
"Schemes"
],
"security": [
{
"authMyPublicKey": []
},
{
"authMyPrivateKey": []
},
{
"authLicense": []
}
],
"parameters": [
{
"name": "tenantId",
"in": "path",
"description": "Id of tenant",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "communityId",
"in": "path",
"description": "Id of community",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "licensekey",
"in": "header",
"description": "License key encrypted with ECDSA / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 60 seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"required": false,
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/AuthSchemeFetchRequest"
}
}
}
},
"responses": {
"200": {
"description": "Success\n\nList of Auth Schemes is returned (can be empty array if not found)\n",
"content": {
"application/json": {
"schema": {
"type": "array",
"items": {
"type": "object",
"allOf": [
{
"$ref": "#/components/schemas/AuthSchemeResponse"
}
]
}
}
}
}
},
"400": {
"description": "Validation path error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ValidationPathError"
}
}
}
},
"403": {
"$ref": "#/components/schemas/ForbiddenError"
}
}
}
},
"/tenant/{tenantId}/community/{communityId}/idp_config": {
"put": {
"summary": "Set IDP Config",
"description": "Create or update Indentity Provider's config\n\nLicense must be of authLevel = system/service\n\n| **Headers** |\n|----------------------------------------------|\n\n### licensekey (required)\nLicense key encrypted with ECDSA\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 60 seconds from now\n\n### publickey (required)\nPublic key\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns object with public key and encrypted data containing IDP config\n\nIMPORTANT: You can see unencrypted data, it is only a preview available in Swagger\n",
"tags": [
"IDP Config"
],
"security": [
{
"authMyPublicKey": []
},
{
"authMyPrivateKey": []
},
{
"authLicense": []
}
],
"parameters": [
{
"name": "tenantId",
"in": "path",
"description": "Id of tenant",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "communityId",
"in": "path",
"description": "Id of community",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "licensekey",
"in": "header",
"description": "License key encrypted with ECDSA / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 60 seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"description": "Request body contains 'data' field with encrypted object below:\n\nIMPORTANT - you can send unencrypted data and you will get unecrypted data as well, it is only a preview available in Swagger\n\n```\n{\n signingCert: \"string required\",\n signingKey: \"string required\",\n entityId: \"string required\",\n authnRequestsSigned: \"boolean required\",\n encryptionCert: \"string required\",\n encryptionKey: \"string required\",\n sso_bindings: ['string'],\n slo_bindings: ['string'],\n identifier: \"string (required during update call)\"\n}\n```\n",
"required": true,
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/SetIDPConfigRequest"
}
}
}
},
"responses": {
"200": {
"description": "Success",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ECDSADataResponse"
}
}
}
},
"400": {
"description": "Validation data error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ValidationError"
}
}
}
},
"403": {
"$ref": "#/components/schemas/ForbiddenError"
},
"404": {
"$ref": "#/components/schemas/NotFoundError"
}
}
},
"get": {
"summary": "Get IDP Config",
"description": "Fetch Indentity Provider's config\n\nLicense must be of authLevel = system/service\n\n| **Headers** |\n|----------------------------------------------|\n\n### licensekey (required)\nLicense key encrypted with ECDSA\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 60 seconds from now\n\n### publickey (required)\nPublic key\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns object with public key and encrypted data field containing IDP config\n\nIMPORTANT: You can see unencrypted data, it is only a preview available in Swagger\n",
"tags": [
"IDP Config"
],
"security": [
{
"authMyPublicKey": []
},
{
"authMyPrivateKey": []
},
{
"authLicense": []
}
],
"parameters": [
{
"name": "tenantId",
"in": "path",
"description": "Id of tenant",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "communityId",
"in": "path",
"description": "Id of community",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "licensekey",
"in": "header",
"description": "License key encrypted with ECDSA / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 60 seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"responses": {
"200": {
"description": "Success",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ECDSADataResponse"
}
}
}
},
"400": {
"description": "Validation data error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ValidationError"
}
}
}
},
"403": {
"$ref": "#/components/schemas/ForbiddenError"
}
}
}
},
"/spcatalog/item/{name}": {
"delete": {
"summary": "Delete Service Provider Catalog item",
"description": "Delete Service Provider Catalog item\n\nLicense must be of authLevel = system/service\n\n| **Parameters** |\n|----------------------------------------------|\n\n### name (required)\nName of deleting item\n\n| **Headers** |\n|----------------------------------------------|\n\n### licensekey (required)\nLicense key encrypted with ECDSA\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 60 seconds from now\n\n### publickey (required)\nPublic key\n\n| **Returns** |\n|-------------------------------------------|\n\n204 No Content\n",
"tags": [
"Service Provider Catalog"
],
"security": [
{
"authMyPublicKey": []
},
{
"authMyPrivateKey": []
},
{
"authLicense": []
}
],
"parameters": [
{
"name": "name",
"in": "path",
"description": "Name of service provider item",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "licensekey",
"in": "header",
"description": "License key encrypted with ECDSA / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 60 seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"responses": {
"204": {
"description": "Success"
},
"400": {
"description": "Validation path error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ValidationError"
}
}
}
},
"403": {
"$ref": "#/components/schemas/ForbiddenError"
}
}
}
},
"/spcatalog/list": {
"get": {
"summary": "Get list of service provider catalog items",
"description": "Returns object containing service provider catalog items\n\nLicense must be of authLevel = system/service\n\n| **Headers** |\n|----------------------------------------------|\n\n### licensekey (required)\nLicense key encrypted with ECDSA\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 60 seconds from now\n\n### publickey (required)\nPublic key\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns object containing service provider catalog items\n",
"tags": [
"Service Provider Catalog"
],
"security": [
{
"authMyPublicKey": []
},
{
"authMyPrivateKey": []
},
{
"authLicense": []
}
],
"parameters": [
{
"name": "licensekey",
"in": "header",
"description": "License key encrypted with ECDSA / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 60 seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"responses": {
"200": {
"description": "Success",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/SPCatalogListResponse"
}
}
}
},
"403": {
"$ref": "#/components/schemas/ForbiddenError"
},
"404": {
"$ref": "#/components/schemas/NotFoundError"
}
}
}
},
"/spcatalog/item": {
"put": {
"summary": "Create or update Service Provider Catalog item",
"description": "Create or update Service Provider Catalog item\n\nLicense must any but valid\n\n| **Request Body** |\n|----------------------------------------------|\n\n### name (required)\nName of this SP Catalog item\n\n### logo (required)\nLogo of SP Catalog item\n\n### sso_url (required)\nSSO using during Single Sign On process\n\n### template (require)\nTemplate\n\n| **Headers** |\n|----------------------------------------------|\n\n### licensekey (required)\nLicense key encrypted with ECDSA\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 60 seconds from now\n\n### publickey (required)\nPublic key\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns object represents created or updated catalog item\n",
"tags": [
"Service Provider Catalog"
],
"security": [
{
"authMyPublicKey": []
},
{
"authMyPrivateKey": []
},
{
"authLicense": []
}
],
"parameters": [
{
"name": "licensekey",
"in": "header",
"description": "License key encrypted with ECDSA / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 60 seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"required": true,
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/CreateSPCatalogItemRequest"
}
}
}
},
"responses": {
"200": {
"description": "Success",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/CreateSPCatalogItemResponse"
}
}
}
},
"400": {
"description": "Validation data error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ValidationError"
}
}
}
},
"403": {
"$ref": "#/components/schemas/ForbiddenError"
}
}
}
},
"/sd": {
"get": {
"summary": "Get all service directories.",
"description": "Get all service directories.\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns all service directories.\n",
"tags": [
"Service Directory"
],
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/GetServiceDirectoryResponse"
}
}
}
}
}
}
},
"/publickeys": {
"get": {
"summary": "Get system's public key",
"description": "Get system's public key.\nNo authorization\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns a public key object\n",
"tags": [
"Public Key"
],
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/PublicKeyResponse"
}
}
}
},
"404": {
"$ref": "#/components/schemas/NotFoundError"
}
}
}
},
"/jwt/verifyToken": {
"post": {
"description": "Verify JWT Token.\n\n| **Request Body** |\n|----------------------------------------------|\n\n\n### token (required)\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns a decoded token value.\n",
"tags": [
"JWT"
],
"parameters": [
{
"name": "x-forwarded-for",
"in": "header",
"description": "client ip address that can be forwarded through n service layers",
"required": false,
"schema": {
"type": "string",
"example": "10.0.11.209"
}
}
],
"requestBody": {
"required": true,
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/JWTVerifyRequest"
}
}
}
},
"responses": {
"200": {
"description": "Success"
},
"401": {
"description": "Invalid/Expired token"
}
}
}
},
"/healthz": {
"get": {
"summary": "Get healthz.",
"description": "Get healthz\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns a healthz object\n - ```version = ..```\n\n - ```git-tag```: When code is compiled from a git-tag, this must carry the tag name. This should match one of the git tags.\n\n - ```commit-id```: This is the git-commit-id. eg: When code is built from this, the hex code, in the end, is the commit it.\n\n - ```dob```: Date Of Build. This is epoc-time-in-seconds that tell the time when the build was created.\n\n - \u200bif the code is not built from a git-tag, then the ```version =\ufffc.```\n",
"tags": [
"Healthz"
],
"responses": {
"200": {
"description": "Success\n\n```\n{\n \"status\": \"all services operational\",\n \"publicKey\": \"string\" //same as /publickeys endpoint,\n \"code\": \"200\",\n \"version\": \"\" //as defined above\n}\n```\n",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/HealthzResponse"
}
}
}
}
}
}
},
"/environment": {
"get": {
"description": "Provide details regarding the environments.\n| **Returns** |\n|-------------------------------------------|\n\nReturns an environment object\n",
"tags": [
"Environment"
],
"security": [
{
"authLicense": []
}
],
"responses": {
"200": {
"description": "Success"
}
}
}
},
"/ecdsa_helper/{method}": {
"post": {
"summary": "Encrypt and decrypt the data string by public key and private key",
"description": "Encrypt and decrypt the data string by public key and private key.\n\n| **Parameters** |\n|----------------------------------------------|\n\n### method (optional)\nThe method parameter is type of enum. Default value is encrypt.
\nThis parameter only accepts following values
\n **encrypt**, **decrypt**\n\n\n| **Request Body** |\n|----------------------------------------------|\n\n\n### dataStr (required)\nThe dataStr key is type of string.\n\n
\n### publicKey (required)\nThe publicKey is type of string.\n\n
\n### privateKey (required)\nThe privateKey is type of string.\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns the encrypted/decrypted string.
\nThis API throw an error if something goes wrong. A common source of error is public or private key is not valid.\n",
"tags": [
"ECDSA Helper"
],
"requestBody": {
"required": true,
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/EcdsaEncryptDecryptRequest"
}
}
}
},
"parameters": [
{
"in": "path",
"name": "method",
"schema": {
"type": "string",
"enum": [
"encrypt",
"decrypt"
],
"default": "encrypt"
}
}
],
"responses": {
"200": {
"422": {
"$ref": "#/components/schemas/UnsupportedStateError"
},
"description": "Success",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/EcdsaEncryptDecryptResponse"
}
}
}
}
}
}
},
"/v2/jwt/verifyToken": {
"post": {
"description": "Verifies the JWT token and validates the caller's IP address.\n\n| **Request Body** |\n|----------------------------------------------|\n\n\n### token (required)\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns a decoded token value.\n",
"tags": [
"JWT"
],
"parameters": [
{
"name": "x-forwarded-for",
"in": "header",
"description": "client ip address that can be forwarded through n service layers",
"required": false,
"schema": {
"type": "string",
"example": null
}
}
],
"requestBody": {
"required": true,
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/JWTVerifyRequest"
}
}
}
},
"responses": {
"200": {
"description": "Success"
},
"401": {
"description": "Invalid/Expired token"
}
}
}
},
"/tenant/{tenantId}/community/{communityId}/user_consent": {
"put": {
"summary": "Create User Consent",
"description": "Create User Consent\n\nLicense must be of authLevel = system/service\n\nNotice that creating new schema there are some conditions:\n\n- You can't create second auth scheme with the same exact pair of 'tag' and 'communityId'\n- Array with modules should have unique id for each module\n- Each community can have only 1 auth scheme with 'isDefault === true', setting authScheme with 'isDefault === false' will reset the one that is default to not default.\n\n| **Parameters** |\n|----------------------------------------------|\n\n### tenantId (required)\nId of tenant\n\n### communityId (required)\nId of community\n\n| **Headers** |\n|----------------------------------------------|\n\n### licensekey (required)\nLicense key encrypted with ECDSA\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 60 seconds from now\n\n### publickey (required)\nPublic key\n\n| **Returns** |\n|-------------------------------------------|\n\n Returns created Auth Scheme\n",
"tags": [
"User Consent"
],
"security": [
{
"authMyPublicKey": []
},
{
"authMyPrivateKey": []
},
{
"authLicense": []
}
],
"parameters": [
{
"name": "tenantId",
"in": "path",
"description": "Id of tenant",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "communityId",
"in": "path",
"description": "Id of community",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "licensekey",
"in": "header",
"description": "License key encrypted with ECDSA / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 60 seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"required": true,
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/UserConsentRequest"
}
}
}
},
"responses": {
"201": {
"description": "Success\n\nA User Consent record has been created\n",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/UserConsentResponse"
}
}
}
},
"400": {
"description": "Validation data error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ValidationError"
}
}
}
},
"403": {
"$ref": "#/components/schemas/ForbiddenError"
},
"404": {
"description": "Not Found"
},
"500": {
"description": "Internal Server Error"
}
}
}
},
"/tenant/{tenantId}/community/{communityId}/user_consent/fetch": {
"post": {
"summary": "Fetch user consents",
"description": "Fetch user consents\n\nLicense must be of authLevel = system, service, service_ext, app or app_ext\n\n| **Headers** |\n|----------------------------------------------|\n\n### licensekey (required)\nLicense key encrypted with ECDSA - system or service level key is required\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than CaaS.environment.allowed_time_span from now\n\n### publickey (required)\nPublic key\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns object with consents array\n",
"tags": [
"User Consent"
],
"security": [
{
"authMyPublicKey": []
},
{
"authMyPrivateKey": []
},
{
"authLicense": []
}
],
"parameters": [
{
"name": "tenantId",
"in": "path",
"description": "Id of tenant",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "communityId",
"in": "path",
"description": "Id of community",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "licensekey",
"in": "header",
"description": "License key encrypted with ECDSA / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 60 seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"description": "Request body is unencrypted\n",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/UserConsentsFetchRequest"
}
}
}
},
"responses": {
"200": {
"description": "SUCCESS\n",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/UserConsentsFetchResponse"
}
}
}
},
"400": {
"description": "Validation data error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ValidationError"
}
}
}
},
"403": {
"$ref": "#/components/schemas/ForbiddenError"
}
}
}
},
"/tenant/{tenantId}/community/{communityId}/user_consent/check": {
"post": {
"summary": "Check user consents",
"description": "Check user consents\n\nLicense must be of authLevel = system, service, service_ext, app or app_ext\n\n| **Headers** |\n|----------------------------------------------|\n\n### licensekey (required)\nLicense key encrypted with ECDSA - system or service level key is required\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than CaaS.environment.allowed_time_span from now\n\n### publickey (required)\nPublic key\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns object with consents array\n",
"tags": [
"User Consent"
],
"security": [
{
"authMyPublicKey": []
},
{
"authMyPrivateKey": []
},
{
"authLicense": []
}
],
"parameters": [
{
"name": "tenantId",
"in": "path",
"description": "Id of tenant",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "communityId",
"in": "path",
"description": "Id of community",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "licensekey",
"in": "header",
"description": "License key encrypted with ECDSA / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 60 seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"description": "Request body is unencrypted\n",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/UserConsentsCheckRequest"
}
}
}
},
"responses": {
"200": {
"description": "SUCCESS\n",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/UserConsentsCheckResponse"
}
}
}
},
"400": {
"description": "Validation data error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ValidationError"
}
}
}
},
"403": {
"$ref": "#/components/schemas/ForbiddenError"
},
"404": {
"description": "Not Found"
}
}
}
},
"/tenant/{tenantId}/community/{communityId}/user_consent/{uuid}/revoke": {
"patch": {
"summary": "Revoke user consent",
"description": "Revokes user consent by consent uuid\n\nLicense must be of authLevel = system, service, service_ext, app or app_ext\n\n| **Headers** |\n|----------------------------------------------|\n\n### licensekey (required)\nLicense key encrypted with ECDSA - system or service level key is required\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than CaaS.environment.allowed_time_span from now\n\n### publickey (required)\nPublic key\n\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns uuid and consent status\n",
"tags": [
"User Consent"
],
"security": [
{
"authMyPublicKey": []
},
{
"authMyPrivateKey": []
},
{
"authLicense": []
}
],
"parameters": [
{
"name": "tenantId",
"in": "path",
"description": "Id of tenant",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "communityId",
"in": "path",
"description": "Id of community",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "uuid",
"in": "path",
"description": "uuid of consent",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "licensekey",
"in": "header",
"description": "License key encrypted with ECDSA / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 60 seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"description": "Request body is unencrypted\n",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/UserConsentsRevokeRequest"
}
}
}
},
"responses": {
"200": {
"description": "SUCCESS\n",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/UserConsentsRevokeResponse"
}
}
}
},
"400": {
"description": "Validation data error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ValidationError"
}
}
}
},
"403": {
"$ref": "#/components/schemas/ForbiddenError"
}
}
}
},
"/tenant/{tenantId}/community/{communityId}/user_consent/fetch_by_scope": {
"post": {
"summary": "Fetch latest user consent by controller type and scope name",
"description": "Fetch the latest consent record for a user filtered by controller type and scope name.\nReturns the most recent record sorted by updatedTs descending, or null if no match.\n\nLicense must be of authLevel = system, service, service_ext, app or app_ext\n\n| **Headers** |\n|----------------------------------------------|\n\n### licensekey (required)\nLicense key encrypted with ECDSA\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number)\n\n### publickey (required)\nPublic key\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns object with consent (latest record or null)\n",
"tags": [
"User Consent"
],
"security": [
{
"authMyPublicKey": []
},
{
"authMyPrivateKey": []
},
{
"authLicense": []
}
],
"parameters": [
{
"name": "tenantId",
"in": "path",
"description": "Id of tenant",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "communityId",
"in": "path",
"description": "Id of community",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "licensekey",
"in": "header",
"description": "License key encrypted with ECDSA / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"description": "Request body is unencrypted\n",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/UserConsentsFetchByScopeRequest"
}
}
}
},
"responses": {
"200": {
"description": "Returns the latest consent record or null\n",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/UserConsentsFetchByScopeResponse"
}
}
}
},
"400": {
"description": "Validation data error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ValidationError"
}
}
}
},
"403": {
"$ref": "#/components/schemas/ForbiddenError"
},
"500": {
"description": "Internal Server Error"
}
}
}
},
"/tenant/{tenantId}/community/{communityId}/serviceprovider": {
"put": {
"summary": "Create Service Provider",
"description": "Create Service Provider\n\nLicense must be of authLevel = system/service\n\n| **Parameters** |\n|----------------------------------------------|\n\n ### tenantId (required)\nId of tenant\n\n### communityId (required)\nId of community\n\n| **Headers** |\n|----------------------------------------------|\n\n### licensekey (required)\nLicense key encrypted with ECDSA\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 60 seconds from now\n\n### publickey (required)\nPublic key\n\n| **Returns** |\n|-------------------------------------------|\n\n Returns ECDSA encoded object represents created service provider and public key\n",
"tags": [
"Service Providers"
],
"security": [
{
"authMyPublicKey": []
},
{
"authMyPrivateKey": []
},
{
"authLicense": []
}
],
"parameters": [
{
"name": "tenantId",
"in": "path",
"description": "Id of tenant",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "communityId",
"in": "path",
"description": "Id of community",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "licensekey",
"in": "header",
"description": "License key encrypted with ECDSA / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 60 seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"description": "IMPORTANT - you can send unencrypted data and you will get unecrypted data as well, it is only a preview available in Swagger\n\nIn real application, you have to send encrypted data as follow:\n```\n{\n \"data\": \"\"\n}\n```\nFor type SAML: send only saml_config\n\nFor type OIDC: send only oidc_config\n",
"required": true,
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/CreateOrUpdateSpObjectRequest"
}
}
}
},
"responses": {
"200": {
"description": "SUCCESS\n\nIMPORTANT - Unencrypted response is only available in Swagger\n\nIn real application, you will get data as follow:\n```\n{\n \"data\": \"\",\n \"publicKey\": \"\"\n}\n```\n",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/SpObjectResponse"
}
}
}
},
"400": {
"description": "Validation data error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ValidationError"
}
}
}
},
"403": {
"$ref": "#/components/schemas/ForbiddenError"
}
}
}
},
"/tenant/{tenantId}/community/{communityId}/serviceprovider/fetch": {
"post": {
"summary": "Get list of service providers",
"description": "Get list of service providers\n\nLicense must be of authLevel = system/service\n\n| **Parameters** |\n|----------------------------------------------|\n\n### tenantId (required)\nId of tenant\n\n### communityId (required)\nId of community\n\n| **Headers** |\n|----------------------------------------------|\n\n### licensekey (required)\nLicense key encrypted with ECDSA\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 60 seconds from now\n\n### publickey (required)\nPublic key\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns ECDSA encoded array of service provider objects\n",
"tags": [
"Service Providers"
],
"security": [
{
"authMyPublicKey": []
},
{
"authMyPrivateKey": []
},
{
"authLicense": []
}
],
"parameters": [
{
"name": "tenantId",
"in": "path",
"description": "Id of tenant",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "communityId",
"in": "path",
"description": "Id of community",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "licensekey",
"in": "header",
"description": "License key encrypted with ECDSA / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 60 seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"responses": {
"200": {
"description": "SUCCESS\n\nIMPORTANT - Unencrypted response is only available in Swagger\n\nIn real application, you will get data as follow:\n```\n{\n \"data\": \"\",\n \"publicKey\": \"\"\n}\n```\n",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/SpObjectsListResponse"
}
}
}
},
"400": {
"description": "Validation path error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ValidationPathError"
}
}
}
},
"403": {
"$ref": "#/components/schemas/ForbiddenError"
}
}
}
},
"/tenant/{tenantId}/community/{communityId}/idp": {
"put": {
"summary": "Create IDP",
"description": "Create IDP\n\nLicense must be of authLevel = system/service\n\n| **Headers** |\n|----------------------------------------------|\n\n### licensekey (required)\nLicense key encrypted with ECDSA - system or service level key is required\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 60 seconds from now\n\n### publickey (required)\nPublic key\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns object with public key and encrypted data containing created IDP\n\nIMPORTANT: You can see unencrypted data, it is only a preview available in Swagger\n",
"tags": [
"Identity Providers"
],
"security": [
{
"authMyPublicKey": []
},
{
"authMyPrivateKey": []
},
{
"authLicense": []
}
],
"parameters": [
{
"name": "tenantId",
"in": "path",
"description": "Id of tenant",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "communityId",
"in": "path",
"description": "Id of community",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "licensekey",
"in": "header",
"description": "License key encrypted with ECDSA / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 60 seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"description": "IMPORTANT - you can send unencrypted data and you will get unecrypted data as well, it is only a preview available in Swagger\n\nIn real application, you have to send encrypted data as follow:\n```\n{\n \"data\": \"\"\n}\n```\n",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/CreateIdpObjectRequest"
}
}
}
},
"responses": {
"200": {
"description": "SUCCESS\n\nIMPORTANT - Unencrypted response is only available in Swagger\n\nIn real application, you will get data as follow:\n```\n{\n \"data\": \"\",\n \"publicKey\": \"\"\n}\n```\n",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/IdpObjectResponse"
}
}
}
},
"400": {
"description": "Validation data error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ValidationError"
}
}
}
},
"403": {
"$ref": "#/components/schemas/ForbiddenError"
}
}
}
},
"/tenant/{tenantId}/community/{communityId}/idp/fetch": {
"post": {
"summary": "Fetch IDPs",
"description": "Fetch IDPs\n\nLicense must be of authLevel = system/service\n\n| **Headers** |\n|----------------------------------------------|\n\n### licensekey (required)\nLicense key encrypted with ECDSA - system or service level key is required\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 60 seconds from now\n\n### publickey (required)\nPublic key\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns object with public key and encrypted data containing list of IDPs\n\nIMPORTANT: You can see unencrypted data, it is only a preview available in Swagger\n",
"tags": [
"Identity Providers"
],
"security": [
{
"authMyPublicKey": []
},
{
"authMyPrivateKey": []
},
{
"authLicense": []
}
],
"parameters": [
{
"name": "tenantId",
"in": "path",
"description": "Id of tenant",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "communityId",
"in": "path",
"description": "Id of community",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "licensekey",
"in": "header",
"description": "License key encrypted with ECDSA / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 60 seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"description": "IMPORTANT - you can send unencrypted data and you will get unecrypted data as well, it is only a preview available in Swagger\n\nIn real application, you have to send encrypted data as follow:\n```\n{\n \"data\": \"\"\n}\n```\n",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/FetchIdpsRequest"
}
}
}
},
"responses": {
"200": {
"description": "SUCCESS\n\nIMPORTANT - Unencrypted response is only available in Swagger\n\nIn real application, you will get data as follow:\n```\n{\n \"data\": \"\",\n \"publicKey\": \"\"\n}\n```\n",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/IdpObjectListResponse"
}
}
}
},
"400": {
"description": "Validation data error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ValidationError"
}
}
}
},
"403": {
"$ref": "#/components/schemas/ForbiddenError"
}
}
}
},
"/tenant/{tenantId}/community/{communityId}/idp/{id}": {
"patch": {
"summary": "Update IDP",
"description": "Update IDP\n\nLicense must be of authLevel = system/service\n\n| **Headers** |\n|----------------------------------------------|\n\n### licensekey (required)\nLicense key encrypted with ECDSA - system or service level key is required\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 60 seconds from now\n\n### publickey (required)\nPublic key\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns object with public key and encrypted data containing updated\n\nIMPORTANT: You can see unencrypted data, it is only a preview available in Swagger\n",
"tags": [
"Identity Providers"
],
"security": [
{
"authMyPublicKey": []
},
{
"authMyPrivateKey": []
},
{
"authLicense": []
}
],
"parameters": [
{
"name": "tenantId",
"in": "path",
"description": "Id of tenant",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "communityId",
"in": "path",
"description": "Id of community",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "id",
"in": "path",
"description": "Id of idp",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "licensekey",
"in": "header",
"description": "License key encrypted with ECDSA / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 60 seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"description": "IMPORTANT - you can send unencrypted data and you will get unecrypted data as well, it is only a preview available in Swagger\n\nIn real application, you have to send encrypted data as follow:\n```\n{\n \"data\": \"\"\n}\n```\n",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/UpdateIdpObjectRequest"
}
}
}
},
"responses": {
"200": {
"description": "SUCCESS\n\nIMPORTANT - Unencrypted response is only available in Swagger\n\nIn real application, you will get data as follow:\n```\n{\n \"data\": \"\",\n \"publicKey\": \"\"\n}\n```\n",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/IdpObjectResponse"
}
}
}
},
"400": {
"description": "Validation data error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ValidationError"
}
}
}
},
"403": {
"$ref": "#/components/schemas/ForbiddenError"
},
"404": {
"$ref": "#/components/schemas/NotFoundError"
}
}
},
"delete": {
"summary": "Delete IDP",
"description": "Delete IDP\n\nLicense must be of authLevel = system/service\n\n| **Headers** |\n|----------------------------------------------|\n\n### licensekey (required)\nLicense key encrypted with ECDSA - system or service level key is required\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 60 seconds from now\n\n### publickey (required)\nPublic key\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns 204 No Content\n",
"tags": [
"Identity Providers"
],
"security": [
{
"authMyPublicKey": []
},
{
"authMyPrivateKey": []
},
{
"authLicense": []
}
],
"parameters": [
{
"name": "tenantId",
"in": "path",
"description": "Id of tenant",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "communityId",
"in": "path",
"description": "Id of community",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "id",
"in": "path",
"description": "Id of idp",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "licensekey",
"in": "header",
"description": "License key encrypted with ECDSA / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 60 seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"responses": {
"204": {
"description": "No Content - SUCCESS\n"
},
"400": {
"description": "Validation data error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ValidationPathError"
}
}
}
},
"403": {
"$ref": "#/components/schemas/ForbiddenError"
}
}
}
},
"/tenant/{tenantId}/community/{communityId}/idp/{idpIdentifier}/metadata": {
"post": {
"summary": "Get IDP saml metadata",
"description": "Get IDP saml metadata\n\nLicense must be of authLevel = system/service\n\n| **Headers** |\n|----------------------------------------------|\n\n### licensekey (required)\nLicense key encrypted with ECDSA\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 60 seconds from now\n\n### publickey (required)\nPublic key\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns object with public key and encrypted data containing IDP Metadata\n\nIMPORTANT: You can see unencrypted data, it is only a preview available in Swagger\n",
"tags": [
"Identity Providers"
],
"security": [
{
"authMyPublicKey": []
},
{
"authMyPrivateKey": []
},
{
"authLicense": []
}
],
"parameters": [
{
"name": "tenantId",
"in": "path",
"description": "Id of tenant",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "communityId",
"in": "path",
"description": "Id of community",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "idpIdentifier",
"in": "path",
"description": "Unique identifier of idp",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "licensekey",
"in": "header",
"description": "License key encrypted with ECDSA / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 60 seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"description": "Request body contains 'data' field with encrypted object below:\n\nIMPORTANT - you can send unencrypted data and you will get unecrypted data as well, it is only a preview available in Swagger\n\n```\n{\n ssoUrl: \"string required\",\n sloUrl: \"string required\"\n}\n```\n",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/SamlMetadataRequest"
}
}
}
},
"responses": {
"200": {
"description": "Success",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ECDSADataResponse"
}
}
}
},
"400": {
"description": "Validation data error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ValidationError"
}
}
}
},
"403": {
"$ref": "#/components/schemas/ForbiddenError"
},
"404": {
"$ref": "#/components/schemas/NotFoundError"
}
}
}
},
"/tenant/{tenantId}/community/{communityId}/samlRequest/generate": {
"post": {
"summary": "Generate SAML Request",
"description": "Generate SAML Request\n\nLicense must be of authLevel = system/service\n\n| **Headers** |\n|----------------------------------------------|\n\n### licensekey (required)\nLicense key encrypted with ECDSA - system or service level key is required\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 60 seconds from now\n\n### publickey (required)\nPublic key\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns object with public key and encrypted data containing generated saml request\n\nIMPORTANT: You can see unencrypted data, it is only a preview available in Swagger\n",
"tags": [
"Identity Providers"
],
"security": [
{
"authMyPublicKey": []
},
{
"authMyPrivateKey": []
},
{
"authLicense": []
}
],
"parameters": [
{
"name": "tenantId",
"in": "path",
"description": "Id of tenant",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "communityId",
"in": "path",
"description": "Id of community",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "licensekey",
"in": "header",
"description": "License key encrypted with ECDSA / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 60 seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"description": "IMPORTANT - you can send unencrypted data and you will get unecrypted data as well, it is only a preview available in Swagger\n\nIn real application, you have to send encrypted data as follow:\n```\n{\n \"data\": \"\"\n}\n```\n",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/GenerateSAMLRequest"
}
}
}
},
"responses": {
"200": {
"description": "SUCCESS\n\nIMPORTANT - Unencrypted response is only available in Swagger\n\nIn real application, you will get data as follow:\n```\n{\n \"data\": \"\",\n \"publicKey\": \"\"\n}\n```\n",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/GenerateSAMLRequestResponse"
}
}
}
},
"400": {
"description": "Validation data error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ValidationError"
}
}
}
},
"403": {
"$ref": "#/components/schemas/ForbiddenError"
}
}
}
},
"/tenant/{tenantId}/community/{communityId}/external_idp": {
"put": {
"summary": "Create ExternalIdp",
"description": "Create ExternalIdp\n\nLicense must be of authLevel = system/service\n\n| **Headers** |\n|----------------------------------------------|\n\n### licensekey (required)\nLicense key encrypted with ECDSA - system or service level key is required\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 60 seconds from now\n\n### publickey (required)\nPublic key\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns object with public key and encrypted data containing created IDP\n\nIMPORTANT: You can see unencrypted data, it is only a preview available in Swagger\n",
"tags": [
"ExternalIdp"
],
"security": [
{
"authMyPublicKey": []
},
{
"authMyPrivateKey": []
},
{
"authLicense": []
}
],
"parameters": [
{
"name": "tenantId",
"in": "path",
"description": "Id of tenant",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "communityId",
"in": "path",
"description": "Id of community",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "licensekey",
"in": "header",
"description": "License key encrypted with ECDSA / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 60 seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"description": "Request body contains 'data' field with encrypted object below:\n\nIMPORTANT - you can send unencrypted data and you will get unecrypted data as well, it is only a preview available in Swagger\n```\n{\n data: {\n connection: {\n idpName: \"string, required\",\n idpEntityId: \"string, required\",\n samlLoginUrl: \"string, required\",\n samlLogoutUrl: \"string, required\",\n ssoBinding: \"string, required\",\n sloBinding: \"string, required\",\n forceAuthn: \"boolean, required\",\n spEntityId: \"string, required\",\n spSigningCertificate: \"string, required\",\n spPrivateKey: \"string, required\",\n idpSigningCertificate: \"string, required\"\n },\n routingPolicy: { //optional object\n enabled: \"boolean, required\",\n groups: { //optional object\n value: [\"string, required\"]\n operator: \"string, required (one of overlap, nooverlap)\"\n },\n usernames: { //optional object\n value: [\"string, required\"]\n operator: \"string, required (one of overlap, nooverlap)\"\n },\n usersInIdpStore: \"boolean, optional (defaults to false)\"\n },\n }\n}\n```\n",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/CreateExternalIdpRequest"
}
}
}
},
"responses": {
"200": {
"description": "SUCCESS\n\nIMPORTANT - Unencrypted response is only available in Swagger\n\nIn real application, you will get data as follow:\n```\n{\n \"data\": \"\",\n \"publicKey\": \"\"\n}\n```\n",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/CreateExternalIdpResponse"
}
}
}
},
"400": {
"description": "Validation data error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ValidationError"
}
}
}
},
"403": {
"$ref": "#/components/schemas/ForbiddenError"
}
}
}
},
"/tenant/{tenantId}/community/{communityId}/external_idp/fetch": {
"post": {
"summary": "Fetch ExternalIdp",
"description": "Fetch ExternalIdp\n\nLicense must be of authLevel = system/service\n\n| **Headers** |\n|----------------------------------------------|\n\n### licensekey (required)\nLicense key encrypted with ECDSA - system or service level key is required\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 60 seconds from now\n\n### publickey (required)\nPublic key\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns object with public key and encrypted data containing created IDP\n\nIMPORTANT: You can see unencrypted data, it is only a preview available in Swagger\n",
"tags": [
"ExternalIdp"
],
"security": [
{
"authMyPublicKey": []
},
{
"authMyPrivateKey": []
},
{
"authLicense": []
}
],
"parameters": [
{
"name": "tenantId",
"in": "path",
"description": "Id of tenant",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "communityId",
"in": "path",
"description": "Id of community",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "licensekey",
"in": "header",
"description": "License key encrypted with ECDSA / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 60 seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"description": "IMPORTANT - you can send unencrypted data and you will get unecrypted data as well, it is only a preview available in Swagger\n\nIn real application, you have to send encrypted data as follow:\n```\n{\n data: {\n ids: [string, optional]\n }\n}\n```\n",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/FetchExternalIdpRequest"
}
}
}
},
"responses": {
"200": {
"description": "SUCCESS\n\nIMPORTANT - Unencrypted response is only available in Swagger\n\nIn real application, you will get data as follow:\n```\n{\n \"data\": \"\",\n \"publicKey\": \"\"\n}\n```\n",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/FetchExternalIdpResponse"
}
}
}
},
"400": {
"description": "Validation data error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ValidationError"
}
}
}
},
"403": {
"$ref": "#/components/schemas/ForbiddenError"
}
}
}
},
"/tenant/{tenantId}/community/{communityId}/external_idp/{id}": {
"delete": {
"summary": "Delete external idp",
"description": "Delete external idp\n\nLicense must be of authLevel = system/service\n\n| **Headers** |\n|----------------------------------------------|\n\n### licensekey (required)\nLicense key encrypted with ECDSA - system or service level key is required\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 60 seconds from now\n\n### publickey (required)\nPublic key\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns 204 No Content\n",
"tags": [
"ExternalIdp"
],
"security": [
{
"authMyPublicKey": []
},
{
"authMyPrivateKey": []
},
{
"authLicense": []
}
],
"parameters": [
{
"name": "tenantId",
"in": "path",
"description": "Id of tenant",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "communityId",
"in": "path",
"description": "Id of community",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "id",
"in": "path",
"description": "Id of external idp",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "licensekey",
"in": "header",
"description": "License key encrypted with ECDSA / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 60 seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"description": "IMPORTANT - you can send unencrypted data and you will get unecrypted data as well, it is only a preview available in Swagger\n\nIn real application, you have to send encrypted data as follow:\n```\n{\n data: {\n username: string, optional,\n ip: string, optional,\n userAgent: string, optional\n }\n}\n```\n",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/DeleteExternalIdpRequest"
}
}
}
},
"responses": {
"204": {
"description": "No Content - SUCCESS\n"
},
"400": {
"description": "Validation data error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ValidationPathError"
}
}
}
},
"403": {
"$ref": "#/components/schemas/ForbiddenError"
}
}
},
"patch": {
"summary": "Update ExternalIdp, does a replacement of the external idp config with the provided data",
"description": "Update ExternalIdp\n\nLicense must be of authLevel = system/service\n\n| **Headers** |\n|----------------------------------------------|\n\n### licensekey (required)\nLicense key encrypted with ECDSA - system or service level key is required\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 60 seconds from now\n\n### publickey (required)\nPublic key\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns object with public key and encrypted data containing created IDP\n\nIMPORTANT: You can see unencrypted data, it is only a preview available in Swagger\n",
"tags": [
"ExternalIdp"
],
"security": [
{
"authMyPublicKey": []
},
{
"authMyPrivateKey": []
},
{
"authLicense": []
}
],
"parameters": [
{
"name": "tenantId",
"in": "path",
"description": "Id of tenant",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "communityId",
"in": "path",
"description": "Id of community",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "id",
"in": "path",
"description": "Id of external idp",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "licensekey",
"in": "header",
"description": "License key encrypted with ECDSA / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 60 seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"description": "Request body contains 'data' field with encrypted object below:\n\nIMPORTANT - you can send unencrypted data and you will get unecrypted data as well, it is only a preview available in Swagger\n```\n{\n data: {\n connection: { //required object\n idpName: \"string, required\",\n idpEntityId: \"string, required\",\n samlLoginUrl: \"string, required\",\n samlLogoutUrl: \"string, required\",\n ssoBinding: \"string, required\",\n sloBinding: \"string, required\",\n forceAuthn: \"boolean, required\",\n spEntityId: \"string, required\",\n spSigningCertificate: \"string, required\",\n spPrivateKey: \"string, required\",\n idpSigningCertificate: \"string, required\"\n },\n routingPolicy: { //optional object\n enabled: \"boolean, required\",\n groups: { //optional object\n value: [\"string, required\"]\n operator: \"string, required (one of overlap, nooverlap)\"\n },\n usernames: { //optional object\n value: [\"string, required\"]\n operator: \"string, required (one of overlap, nooverlap)\"\n },\n usersInIdpStore: \"boolean, optional (defaults to false)\"\n },\n }\n}\n```\n",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/UpdateExternalIdpRequest"
}
}
}
},
"responses": {
"200": {
"description": "SUCCESS\n\nIMPORTANT - Unencrypted response is only available in Swagger\n\nIn real application, you will get data as follow:\n```\n{\n \"data\": \"\",\n \"publicKey\": \"\"\n}\n```\n",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/UpdateExternalIdpRequest"
}
}
}
},
"400": {
"description": "Validation data error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ValidationError"
}
}
}
},
"403": {
"$ref": "#/components/schemas/ForbiddenError"
}
}
}
},
"/tenant/{tenantId}/community/{communityId}/authenticationJourney": {
"put": {
"summary": "Create AuthenticationJourney",
"description": "Create AuthenticationJourney\n\nLicense must be of authLevel = system/service\n\n| **Headers** |\n|----------------------------------------------|\n\n### licensekey (required)\nLicense key encrypted with ECDSA - system or service level key is required\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 60 seconds from now\n\n### publickey (required)\nPublic key\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns object with public key and encrypted data containing created IDP\n\nIMPORTANT: You can see unencrypted data, it is only a preview available in Swagger\n",
"tags": [
"AuthenticationJourney"
],
"security": [
{
"authMyPublicKey": []
},
{
"authMyPrivateKey": []
},
{
"authLicense": []
}
],
"parameters": [
{
"name": "tenantId",
"in": "path",
"description": "Id of tenant",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "communityId",
"in": "path",
"description": "Id of community",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "licensekey",
"in": "header",
"description": "License key encrypted with ECDSA / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 60 seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"description": "IMPORTANT - you can send unencrypted data and you will get unecrypted data as well, it is only a preview available in Swagger\n\nIn real application, you have to send encrypted data as follow:\n```\n{\n \"data\": \"\"\n}\n```\n",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/CreateAuthenticationJourneyRequest"
}
}
}
},
"responses": {
"200": {
"description": "SUCCESS\n\nIMPORTANT - Unencrypted response is only available in Swagger\n\nIn real application, you will get data as follow:\n```\n{\n \"data\": \"\",\n \"publicKey\": \"\"\n}\n```\n",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/CreateAuthenticationJourneyResponse"
}
}
}
},
"400": {
"description": "Validation data error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ValidationError"
}
}
}
},
"403": {
"$ref": "#/components/schemas/ForbiddenError"
}
}
}
},
"/tenant/{tenantId}/community/{communityId}/authenticationJourney/fetch": {
"post": {
"summary": "Fetch AuthenticationJourney",
"description": "Fetch AuthenticationJourney\n\nLicense must be of authLevel = system/service\n\n| **Headers** |\n|----------------------------------------------|\n\n### licensekey (required)\nLicense key encrypted with ECDSA - system or service level key is required\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 60 seconds from now\n\n### publickey (required)\nPublic key\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns object with public key and encrypted data containing created IDP\n\nIMPORTANT: You can see unencrypted data, it is only a preview available in Swagger\n",
"tags": [
"AuthenticationJourney"
],
"security": [
{
"authMyPublicKey": []
},
{
"authMyPrivateKey": []
},
{
"authLicense": []
}
],
"parameters": [
{
"name": "tenantId",
"in": "path",
"description": "Id of tenant",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "communityId",
"in": "path",
"description": "Id of community",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "licensekey",
"in": "header",
"description": "License key encrypted with ECDSA / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 60 seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"description": "IMPORTANT - you can send unencrypted data and you will get unecrypted data as well, it is only a preview available in Swagger\n\nIn real application, you have to send encrypted data as follow:\n```\n{\n \"data\": \"\"\n}\n```\n",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/FetchAuthenticationJourneyRequest"
}
}
}
},
"responses": {
"200": {
"description": "SUCCESS\n\nIMPORTANT - Unencrypted response is only available in Swagger\n\nIn real application, you will get data as follow:\n```\n{\n \"data\": \"\",\n \"publicKey\": \"\"\n}\n```\n",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/FetchAuthenticationJourneyResponse"
}
}
}
},
"400": {
"description": "Validation data error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ValidationError"
}
}
}
},
"403": {
"$ref": "#/components/schemas/ForbiddenError"
}
}
}
},
"/tenant/{tenantId}/community/{communityId}/authenticationJourney/{id}": {
"delete": {
"summary": "Delete Authentication Journey",
"description": "Delete Authentication Journey\n\nLicense must be of authLevel = system/service\n\n| **Headers** |\n|----------------------------------------------|\n\n### licensekey (required)\nLicense key encrypted with ECDSA - system or service level key is required\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 60 seconds from now\n\n### publickey (required)\nPublic key\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns 204 No Content\n",
"tags": [
"AuthenticationJourney"
],
"security": [
{
"authMyPublicKey": []
},
{
"authMyPrivateKey": []
},
{
"authLicense": []
}
],
"parameters": [
{
"name": "tenantId",
"in": "path",
"description": "Id of tenant",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "communityId",
"in": "path",
"description": "Id of community",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "id",
"in": "path",
"description": "Id of authenticationJourney",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "licensekey",
"in": "header",
"description": "License key encrypted with ECDSA / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 60 seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"responses": {
"204": {
"description": "No Content - SUCCESS\n"
},
"400": {
"description": "Validation data error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ValidationPathError"
}
}
}
},
"403": {
"$ref": "#/components/schemas/ForbiddenError"
}
}
},
"patch": {
"summary": "Update AuthenticationJourney",
"description": "Update AuthenticationJourney - this does a full delete and replace of all rules, then updates the authenticationJourney\n\nLicense must be of authLevel = system/service\n\n| **Headers** |\n|----------------------------------------------|\n\n### licensekey (required)\nLicense key encrypted with ECDSA - system or service level key is required\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 60 seconds from now\n\n### publickey (required)\nPublic key\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns object with public key and encrypted data containing created IDP\n\nIMPORTANT: You can see unencrypted data, it is only a preview available in Swagger\n",
"tags": [
"AuthenticationJourney"
],
"security": [
{
"authMyPublicKey": []
},
{
"authMyPrivateKey": []
},
{
"authLicense": []
}
],
"parameters": [
{
"name": "tenantId",
"in": "path",
"description": "Id of tenant",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "communityId",
"in": "path",
"description": "Id of community",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "id",
"in": "path",
"description": "Id of authenticationJourney",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "licensekey",
"in": "header",
"description": "License key encrypted with ECDSA / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 60 seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"description": "IMPORTANT - you can send unencrypted data and you will get unecrypted data as well, it is only a preview available in Swagger\n\nIn real application, you have to send encrypted data as follow:\n```\n{\n \"data\": \"\"\n}\n```\n",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/CreateAuthenticationJourneyRequest"
}
}
}
},
"responses": {
"200": {
"description": "SUCCESS\n\nIMPORTANT - Unencrypted response is only available in Swagger\n\nIn real application, you will get data as follow:\n```\n{\n \"data\": \"\",\n \"publicKey\": \"\"\n}\n```\n",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/CreateAuthenticationJourneyResponse"
}
}
}
},
"400": {
"description": "Validation data error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ValidationError"
}
}
}
},
"403": {
"$ref": "#/components/schemas/ForbiddenError"
}
}
}
},
"/tenant/{tenantId}/community/{communityId}/authenticate": {
"post": {
"summary": "Authenticate users",
"description": "Authenticate users\n\nLicense must be authorized for community\n\n| **Parameters** |\n|----------------------------------------------|\n\n### tenantId (required)\nId of tenant\n\n### communityId (required)\nId of community\n\n| **Headers** |\n|----------------------------------------------|\n\n### licensekey (required)\nLicense key encrypted with ECDSA\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 60 seconds from now\n\n### publickey (required)\nPublic key\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns ECDSA encoded object represents authenticated user and public key\n",
"tags": [
"Authenticate"
],
"security": [
{
"authMyPublicKey": []
},
{
"authMyPrivateKey": []
},
{
"authLicense": []
}
],
"parameters": [
{
"name": "tenantId",
"in": "path",
"description": "Id of tenant",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "communityId",
"in": "path",
"description": "Id of community",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "licensekey",
"in": "header",
"description": "License key encrypted with ECDSA / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 60 seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"description": "IMPORTANT - you can send unencrypted data and you will get unecrypted data as well, it is only a preview available in Swagger\n\nIn real application, you have to send encrypted data as follow:\n```\n{\n \"data\": \"\"\n}\n```\nValidation:\n 1. Username is required\n 2. At least one of password, pin, or otp should be provided\n",
"required": true,
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/AuthenticateRequest"
}
}
}
},
"responses": {
"200": {
"description": "SUCCESS\n\nIMPORTANT - Unencrypted response is only available in Swagger\n\nIn real application, you will get data as follow:\n```\n{\n \"data\": \"\",\n \"publicKey\": \"\",\n \"signature_token\": \"\"\n}\n```\n",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/AuthenticateResponse"
}
}
}
},
"400": {
"description": "Validation data error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ValidationAuthenticateError"
}
}
}
},
"401": {
"description": "Failed to authenticate user"
},
"403": {
"$ref": "#/components/schemas/ForbiddenError"
}
}
}
},
"/tenant/{tenantId}/community/{communityId}/authenticate_with_ktoken": {
"post": {
"summary": "Authenticate users with ktoken",
"description": "Authenticate users with ktoken\n\nLicense must be authorized for community\n\n| **Parameters** |\n|----------------------------------------------|\n\n### tenantId (required)\nId of tenant\n\n### communityId (required)\nId of community\n\n| **Headers** |\n|----------------------------------------------|\n\n### licensekey (required)\nLicense key encrypted with ECDSA\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 60 seconds from now\n\n### publickey (required)\nPublic key\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns ECDSA encoded object represents authenticated user and public key\n",
"tags": [
"Authenticate"
],
"security": [
{
"authMyPublicKey": []
},
{
"authMyPrivateKey": []
},
{
"authLicense": []
}
],
"parameters": [
{
"name": "tenantId",
"in": "path",
"description": "Id of tenant",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "communityId",
"in": "path",
"description": "Id of community",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "licensekey",
"in": "header",
"description": "License key encrypted with ECDSA / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 60 seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"description": "IMPORTANT - you can send unencrypted data and you will get unecrypted data as well, it is only a preview available in Swagger\n\nIn real application, you have to send encrypted data as follow:\n```\n{\n \"data\": \"\"\n}\n```\nValidation:\n 1. ktoken is required\n",
"required": true,
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/AuthenticateWithKtokenRequest"
}
}
}
},
"responses": {
"200": {
"description": "SUCCESS\n\nIMPORTANT - Unencrypted response is only available in Swagger\n\nIn real application, you will get data as follow:\n```\n{\n \"data\": \"\",\n \"publicKey\": \"\",\n \"signature_token\": \"\"\n}\n```\n",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/AuthenticateResponse"
}
}
}
},
"400": {
"description": "Validation data error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ValidationAuthenticateError"
}
}
}
},
"401": {
"description": "Failed to authenticate user"
},
"403": {
"$ref": "#/components/schemas/ForbiddenError"
}
}
}
},
"/tenant/{tenantId}/community/{communityId}/authenticate_with_uwl": {
"post": {
"summary": "Authenticate users with UWL",
"description": "Authenticate users with UWL\n\nLicense must be authorized for community\n\n| **Parameters** |\n|----------------------------------------------|\n\n### tenantId (required)\nId of tenant\n\n### communityId (required)\nId of community\n\n| **Headers** |\n|----------------------------------------------|\n\n### licensekey (required)\nLicense key encrypted with ECDSA\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 60 seconds from now\n\n### publickey (required)\nPublic key\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns ECDSA encoded object represents authenticated user and public key\n",
"tags": [
"Authenticate"
],
"security": [
{
"authMyPublicKey": []
},
{
"authMyPrivateKey": []
},
{
"authLicense": []
}
],
"parameters": [
{
"name": "tenantId",
"in": "path",
"description": "Id of tenant",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "communityId",
"in": "path",
"description": "Id of community",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "licensekey",
"in": "header",
"description": "License key encrypted with ECDSA / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 60 seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"description": "IMPORTANT - you can send unencrypted data and you will get unecrypted data as well, it is only a preview available in Swagger\n\nIn real application, you have to send encrypted data as follow:\n```\n{\n \"data\": \"\"\n}\n```\nValidation:\n 1. ktoken is required\n",
"required": true,
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/AuthenticateWithUwlRequest"
}
}
}
},
"responses": {
"200": {
"description": "SUCCESS\n\nIMPORTANT - Unencrypted response is only available in Swagger\n\nIn real application, you will get data as follow:\n```\n{\n \"data\": \"\",\n \"publicKey\": \"\",\n \"signature_token\": \"\"\n}\n```\n",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/AuthenticateResponse"
}
}
}
},
"400": {
"description": "Validation data error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ValidationAuthenticateError"
}
}
}
},
"401": {
"description": "Failed to authenticate user"
},
"403": {
"$ref": "#/components/schemas/ForbiddenError"
}
}
}
},
"/tenant/{tenantId}/community/{communityId}/saml/sso": {
"post": {
"summary": "Authenticate users for Service Provider by SAML SSO mechanism",
"description": "Authenticate users\n\nLicense must be of authLevel = system/service\n\n| **Parameters** |\n|----------------------------------------------|\n\n### tenantId (required)\nId of tenant\n\n### communityId (required)\nId of community\n\n| **Headers** |\n|----------------------------------------------|\n\n### licensekey (required)\nLicense key encrypted with ECDSA\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 60 seconds from now\n\n### publickey (required)\nPublic key\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns ECDSA encoded object represents SAMLResponse and other data to complete SSO and public key\n",
"tags": [
"Authenticate"
],
"security": [
{
"authMyPublicKey": []
},
{
"authMyPrivateKey": []
},
{
"authLicense": []
}
],
"parameters": [
{
"name": "tenantId",
"in": "path",
"description": "Id of tenant",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "communityId",
"in": "path",
"description": "Id of community",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "licensekey",
"in": "header",
"description": "License key encrypted with ECDSA / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 60 seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"description": "Request body contains 'data' field with encrypted object below:\n\nIMPORTANT - you can send unencrypted data and you will get unecrypted data as well, it is only a preview available in Swagger\n\n```\n{\n SAMLPayload: \"object required\":\n {\n SAMLRequest: \"string required\",\n Signature: \"string optional\",\n SigAlg: \"string optional\",\n RelayState: \"string optional\",\n },\n userSession: \"object required\":\n {\n pon_data: \"object required\",\n authenticator_data: \"object required\",\n user: \"object required\":\n {\n uid: \"string required\"\n },\n wallet: {\n publicKey: \"string optional\",\n privateKey: \"string optional\",\n id: \"string optional\",\n }\n }\n}\n```\n",
"required": true,
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/SAMLRequest"
}
}
}
},
"responses": {
"200": {
"description": "Success\n\npublicKey is publicKey of Authn API, useful for decryption response\n\ndata is ECDSA encrypted object represents SAMLResponse and other properties useful for perform SAML SSO:\n```\n{\n \"SAMLResponse\": \"base64 string\",\n \"sp\": {\n \"assertionConsumerServiceURL\": \"string - url\"\n \"assertionMethod\": \"string - post or get\"\n }\n}\n```\n",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ECDSADataResponse"
}
}
}
},
"400": {
"description": "Validation data error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ValidationSAMLError"
}
}
}
},
"401": {
"description": "Failed to process SAML request"
},
"403": {
"$ref": "#/components/schemas/ForbiddenError"
},
"420": {
"description": "Service Provider claims could not be fulfilled"
}
}
}
},
"/tenant/{tenantId}/community/{communityId}/saml/idp-init": {
"post": {
"summary": "IDP-Initiated SAML SSO",
"description": "Generate a SAML assertion without a prior SAMLRequest (unsolicited response).\n\nThe service provider must be of type `saml` with `saml_config.idpInitiated: true`.\nThe SP's own saml_config is used for ACS URL, audience, signing, nameid, and attributes.\n\nLicense must be of authLevel = system/service\n\n| **Parameters** |\n|----------------------------------------------|\n\n### tenantId (required)\nId of tenant\n\n### communityId (required)\nId of community\n\n| **Headers** |\n|----------------------------------------------|\n\n### licensekey (required)\nLicense key encrypted with ECDSA\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 60 seconds from now\n\n### publickey (required)\nPublic key\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns ECDSA encoded object with SAMLResponse, relayState, and SP info\n",
"tags": [
"Authenticate"
],
"security": [
{
"authMyPublicKey": []
},
{
"authMyPrivateKey": []
},
{
"authLicense": []
}
],
"parameters": [
{
"name": "tenantId",
"in": "path",
"description": "Id of tenant",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "communityId",
"in": "path",
"description": "Id of community",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "licensekey",
"in": "header",
"description": "License key encrypted with ECDSA / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 60 seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"description": "Request body contains 'data' field with encrypted object below:\n\nIMPORTANT - you can send unencrypted data and you will get unencrypted data as well, it is only a preview available in Swagger\n\n```\n{\n serviceProviderId: \"string required - ID of the SAML service provider with idpInitiated: true\",\n idpInitConfig: \"object optional\":\n {\n relayState: \"string optional - relay state to pass through\"\n },\n userSession: \"object required\":\n {\n pon_data: \"object required\",\n authenticator_data: \"object required\",\n user: \"object required\":\n {\n uid: \"string required\",\n moduleId: \"string required\"\n },\n wallet: {\n publicKey: \"string optional\",\n privateKey: \"string optional\",\n id: \"string optional\"\n },\n aal: \"string required\"\n }\n}\n```\n",
"required": true,
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"data": {
"type": "string",
"description": "ECDSA encrypted request data"
}
}
}
}
}
},
"responses": {
"200": {
"description": "Success\n\npublicKey is publicKey of Authn API, useful for decryption response\n\ndata is ECDSA encrypted object:\n```\n{\n \"SAMLResponse\": \"base64 string\",\n \"relayState\": \"string (optional)\",\n \"sp\": {\n \"assertionConsumerServiceURL\": \"string - url\",\n \"assertionMethod\": \"string - post or get\"\n }\n}\n```\n",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ECDSADataResponse"
}
}
}
},
"400": {
"description": "Validation data error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ValidationSAMLError"
}
}
}
},
"401": {
"description": "Unauthorized"
},
"403": {
"$ref": "#/components/schemas/ForbiddenError"
},
"404": {
"description": "Service provider not found or IDP-initiated SSO not enabled for this service provider"
}
}
}
},
"/tenant/{tenantId}/community/{communityId}/wsfed/sso": {
"post": {
"summary": "Authenticate users for Service Provider by WSFED SSO mechanism",
"description": "Authenticate users\n\nLicense must be of authLevel = system/service\n\n| **Parameters** |\n|----------------------------------------------|\n\n### tenantId (required)\nId of tenant\n\n### communityId (required)\nId of community\n\n| **Headers** |\n|----------------------------------------------|\n\n### licensekey (required)\nLicense key encrypted with ECDSA\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 60 seconds from now\n\n### publickey (required)\nPublic key\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns ECDSA encoded object represents SAMLResponse and other data to complete SSO and public key\n",
"tags": [
"Authenticate"
],
"security": [
{
"authMyPublicKey": []
},
{
"authMyPrivateKey": []
},
{
"authLicense": []
}
],
"parameters": [
{
"name": "tenantId",
"in": "path",
"description": "Id of tenant",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "communityId",
"in": "path",
"description": "Id of community",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "licensekey",
"in": "header",
"description": "License key encrypted with ECDSA / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 60 seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"description": "Request body contains 'data' field with encrypted object below:\n\nIMPORTANT - you can send unencrypted data and you will get unecrypted data as well, it is only a preview available in Swagger\n\n```\n{\n WSfedPayload: \"object required\":\n {\n wtrealm: \"string required\",\n wa: \"string required\",\n wreply: \"string optional\",\n wctx: \"string optional\",\n },\n userSession: \"object required\":\n {\n pon_data: \"object required\",\n authenticator_data: \"object required\",\n user: \"object required\":\n {\n uid: \"string required\"\n },\n wallet: {\n publicKey: \"string optional\",\n privateKey: \"string optional\",\n id: \"string optional\",\n }\n }\n}\n```\n",
"required": true,
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/WSFEDRequest"
}
}
}
},
"responses": {
"200": {
"description": "Success\n\npublicKey is publicKey of Authn API, useful for decryption response\n\ndata is ECDSA encrypted object represents SAMLResponse and other properties useful for perform SAML SSO:\n```\n{\n \"wresult\": \"string\",\n \"wctx\": \"string\",\n \"sp\": {\n \"assertionConsumerServiceURL\": \"string - url\"\n \"assertionMethod\": \"string - post or get\"\n }\n}\n```\n",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ECDSADataResponse"
}
}
}
},
"400": {
"description": "Validation data error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ValidationSAMLError"
}
}
}
},
"401": {
"description": "Failed to process SAML request"
},
"403": {
"$ref": "#/components/schemas/ForbiddenError"
},
"420": {
"description": "Service Provider claims could not be fulfilled"
}
}
}
},
"/tenant/{tenantId}/community/{communityId}/oidc/sso": {
"post": {
"summary": "Authenticate users for Service Provider by OIDC SSO mechanism",
"description": "Authenticate users\n\nLicense must be of authLevel = system/service\n\n| **Parameters** |\n|----------------------------------------------|\n\n### tenantId (required)\nId of tenant\n\n### communityId (required)\nId of community\n\n| **Headers** |\n|----------------------------------------------|\n\n### licensekey (required)\nLicense key encrypted with ECDSA\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 60 seconds from now\n\n### publickey (required)\nPublic key\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns ECDSA encoded object represents oidc_token and other data to complete SSO and public key\n",
"tags": [
"Authenticate"
],
"security": [
{
"authMyPublicKey": []
},
{
"authMyPrivateKey": []
},
{
"authLicense": []
}
],
"parameters": [
{
"name": "tenantId",
"in": "path",
"description": "Id of tenant",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "communityId",
"in": "path",
"description": "Id of community",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "licensekey",
"in": "header",
"description": "License key encrypted with ECDSA / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 60 seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"description": "IMPORTANT - you can send unencrypted data and you will get unecrypted data as well, it is only a preview available in Swagger\n\nIn real application, you have to send encrypted data as follow:\n```\n{\n \"data\": \"\"\n}\n```\n",
"required": true,
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/OIDCRequest"
}
}
}
},
"responses": {
"200": {
"description": "SUCCESS\n\nIMPORTANT - Unencrypted response is only available in Swagger\n\nIn real application, you will get data as follow:\n```\n{\n \"data\": \"\",\n \"publicKey\": \"\"\n}\n```\n",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/OIDCResponse"
}
}
}
},
"400": {
"description": "Validation data error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ValidationOIDCError"
}
}
}
},
"401": {
"description": "Failed to process SAML request"
},
"403": {
"$ref": "#/components/schemas/ForbiddenError"
},
"404": {
"description": "Client has not been found or user has not been found or oidc server config has not been found"
},
"420": {
"description": "Service Provider claims could not be fulfilled"
}
}
}
},
"/tenant/{tenantId}/community/{communityId}/request/proof_of_authentication": {
"post": {
"summary": "Gets jwt proof of authentication",
"description": "Gets the proof of users authentication encoded in a jwt.\n\nLicense must be authorized for community with authLevel = system, service, service_ext\n\n| **Parameters** |\n|----------------------------------------------|\n\n### tenantId (required)\nId of tenant\n\n### communityId (required)\nId of community\n\n| **Headers** |\n|----------------------------------------------|\n\n### licensekey (required)\nLicense key encrypted with ECDSA\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 60 seconds from now\n\n### publickey (required)\nPublic key\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns ECDSA encoded object represents authenticated user and public key\n",
"tags": [
"Authenticate"
],
"security": [
{
"authMyPublicKey": []
},
{
"authMyPrivateKey": []
},
{
"authLicense": []
}
],
"parameters": [
{
"name": "tenantId",
"in": "path",
"description": "Id of tenant",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "communityId",
"in": "path",
"description": "Id of community",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "licensekey",
"in": "header",
"description": "License key encrypted with ECDSA / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 60 seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "x-forwarded-for",
"in": "header",
"description": "client ip address that can be forwarded through n service layers",
"required": false,
"schema": {
"type": "string",
"example": "10.0.11.209"
}
}
],
"requestBody": {
"description": "IMPORTANT - you can send unencrypted data and you will get unecrypted data as well, it is only a preview available in Swagger\n\nIn real application, you have to send encrypted data as follow:\n```\n{\n \"data\": \"\"\n}\n```\nValidation:\n 1. If ktoken is provided, then username, password, pin and otp are not allowed\n 2. If ktoken is not provided, then username is required\n 3. If ktoken is not provided, then at least one of password or otp or pin should be provided\n",
"required": true,
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ProofOfAuthenticationRequest"
}
}
}
},
"responses": {
"200": {
"description": "SUCCESS\n\nIMPORTANT - Unencrypted response is only available in Swagger\n\nIn real application, you will get data as follow:\n```\n{\n \"data\": \"\",\n \"publicKey\": \"\",\n \"signature_token\": \"\"\n}\n```\n",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ProofOfAuthenticationResponse"
}
}
}
},
"400": {
"description": "Validation data error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ValidationAuthenticateError"
}
}
}
},
"401": {
"description": "Failed to authenticate user"
},
"403": {
"$ref": "#/components/schemas/ForbiddenError"
}
}
}
},
"/tenant/{tenantId}/community/{communityId}/authenticate_with_fido": {
"post": {
"summary": "Authenticate users with FIDO",
"description": "Authenticate users with FIDO\n\nLicense must be authorized for community\n\n| **Parameters** |\n|----------------------------------------------|\n\n### tenantId (required)\nId of tenant\n\n### communityId (required)\nId of community\n\n| **Headers** |\n|----------------------------------------------|\n\n### licensekey (required)\nLicense key encrypted with ECDSA\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 60 seconds from now\n\n### publickey (required)\nPublic key\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns ECDSA encoded object represents authenticated user and public key\n",
"tags": [
"Authenticate"
],
"security": [
{
"authMyPublicKey": []
},
{
"authMyPrivateKey": []
},
{
"authLicense": []
}
],
"parameters": [
{
"name": "tenantId",
"in": "path",
"description": "Id of tenant",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "communityId",
"in": "path",
"description": "Id of community",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "licensekey",
"in": "header",
"description": "License key encrypted with ECDSA / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 60 seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"description": "IMPORTANT - you can send unencrypted data and you will get unecrypted data as well, it is only a preview available in Swagger\n\nIn real application, you have to send encrypted data as follow:\n```\n{\n \"data\": \"\"\n}\n```\nValidation:\n 1. assertionResults {} is required\n",
"required": true,
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/AuthenticateWithFidoRequest"
}
}
}
},
"responses": {
"200": {
"description": "SUCCESS\n\nIMPORTANT - Unencrypted response is only available in Swagger\n\nIn real application, you will get data as follow:\n```\n{\n \"data\": \"\",\n \"publicKey\": \"\",\n \"signature_token\": \"\"\n}\n```\n",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/AuthenticateWithFidoResponse"
}
}
}
},
"400": {
"description": "Validation data error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ValidationAuthenticateError"
}
}
}
},
"401": {
"description": "Failed to authenticate user"
},
"403": {
"$ref": "#/components/schemas/ForbiddenError"
}
}
}
},
"/tenant/{tenantId}/community/{communityId}/authenticate_with_behavior_auth": {
"post": {
"summary": "Authenticate users with behavior (typing pattern)",
"description": "Authenticate users using typing pattern.\nLicense must be authorized for community.\nReturns user object and JWT with behavior_auth method if successful.\n",
"tags": [
"Authenticate"
],
"security": [
{
"authMyPublicKey": []
},
{
"authMyPrivateKey": []
},
{
"authLicense": []
}
],
"parameters": [
{
"name": "tenantId",
"in": "path",
"description": "Id of tenant",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "communityId",
"in": "path",
"description": "Id of community",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "licensekey",
"in": "header",
"description": "License key encrypted with ECDSA / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 60 seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"description": "IMPORTANT - you can send unencrypted data and you will get unecrypted data as well, it is only a preview available in Swagger\nIn real application, you have to send encrypted data as follow:\n```\n{\n \"data\": \"\"\n}\n```\nValidation:\n 1. Username is required\n 2. TypingPattern is required\n",
"required": true,
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"username": {
"type": "string"
},
"authModule": {
"type": "string"
},
"pattern": {
"type": "string"
},
"jwt": {
"type": "string"
}
}
}
}
}
},
"responses": {
"200": {
"description": "SUCCESS\nIMPORTANT - Unencrypted response is only available in Swagger\nIn real application, you will get data as follow:\n```\n{\n \"data\": \"\",\n \"publicKey\": \"\",\n \"signature_token\": \"\"\n}\n```\n",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/AuthenticateResponse"
}
}
}
},
"400": {
"description": "Validation data error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ValidationAuthenticateError"
}
}
}
},
"401": {
"description": "Typing pattern not registered or invalid"
},
"403": {
"$ref": "#/components/schemas/ForbiddenError"
}
}
}
},
"/tenant/{tenantId}/community/{communityId}/authenticate_with_liveid": {
"post": {
"summary": "Authenticate users with LiveId [V2 CP]",
"description": "Authenticate users with LiveId Selfie\n\nLicense must be authorized for community\n\n| **Parameters** |\n|----------------------------------------------|\n\n### tenantId (required)\nId of tenant\n\n### communityId (required)\nId of community\n\n| **Headers** |\n|----------------------------------------------|\n\n### licensekey (required)\nLicense key encrypted with ECDSA\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 60 seconds from now\n\n### publickey (required)\nPublic key\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns ECDSA encoded object represents authenticated user and public key\n",
"tags": [
"Authenticate"
],
"security": [
{
"authMyPublicKey": []
},
{
"authMyPrivateKey": []
},
{
"authLicense": []
}
],
"parameters": [
{
"name": "tenantId",
"in": "path",
"description": "Id of tenant",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "communityId",
"in": "path",
"description": "Id of community",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "licensekey",
"in": "header",
"description": "License key encrypted with ECDSA / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 60 seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"description": "IMPORTANT - you can send unencrypted data and you will get unecrypted data as well, it is only a preview available in Swagger\nIn real application, you have to send encrypted data as follow:\n\nRequest object If **PIN** not needed:\n```\n{\n \"selfie\": \"b64 string, required\", // \"user selfie\"\n \"dns\": \"string, required\", // \"dns\"\n \"deviceInfo\": {},\n \"userInfo\": {},\n \"userAgent\": \"string optional\",\n \"jwt\": \"string optional\",\n \"skip_liveid\": \"boolean optional, default false\" // if true, skips liveness check and face compare (face search still runs)\n}\n```\n\nRequest object If **PIN** needed:\n```\n{\n \"pin\": \"string, required\", // \"user PIN\"\n \"userToken\": \"string, required\", // \"user token\"\n \"dns\": \"string, required\", // \"dns\"\n \"isTrustedDevice\": \"boolean, required\", // \"isTrustedDevice\",\n \"deviceInfo\": {},\n \"userInfo\": {},\n \"skip_liveid\": \"boolean optional, default false\" // if true, skips liveness check and face compare (face search still runs)\n}\n```\n",
"required": true,
"content": {
"application/json": {
"schema": {
"oneOf": [
{
"$ref": "#/components/schemas/AuthenticateLiveIdRequest"
},
{
"$ref": "#/components/schemas/AuthenticateWithPinRequest"
}
]
}
}
}
},
"responses": {
"200": {
"description": "SUCCESS\n\nIMPORTANT - Unencrypted response is only available in Swagger\n\nIn real application, you will get data as follow:\n```\n{\n \"data\": \"\",\n \"publicKey\": \"\",\n \"signature_token\": \"\"\n}\n\nResponse object If **PIN** not needed:\n{\n \"data\": {\n \"publicKey\": \"\",\n \"did\": \"\",\n \"publicKey\": \"$wallet.publicKey\",\n \"username\": \"\",\n \"uid\": \"\",\n \"dguid\": \"\",\n \"status\": \"\",\n \"roleValue\": \"\",\n \"type\": \"\",\n \"moduleId\": \"\",\n \"onboarding_status\": \"\",\n \"email\": \"\",\n \"firstname\": \"\",\n \"lastname\": \"\",\n \"phone\": \"\",\n \"urn\": \"\",\n \"proof_of_authentication_jwt\": \"xxx\"\n \"pon_data\": {}\n },\n \"publicKey\": \"\"\n}\n\nResponse object If **PIN** needed:\n{\n \"data\": {\n \"user_token\": \"\",\n \"next\": {\n \"step\": \"need_mfa\",\n \"allowed_factors\": [ \"pin\" ]\n }\n },\n \"publicKey\": \"\"\n}\n\n```\n",
"content": {
"application/json": {
"schema": {
"oneOf": [
{
"$ref": "#/components/schemas/AuthenticateResponse"
},
{
"$ref": "#/components/schemas/AuthenticateWithPinResponse"
}
]
}
}
}
},
"400": {
"description": "Validation data error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ValidationAuthenticateError"
}
}
}
},
"401": {
"description": "Failed to authenticate user"
},
"403": {
"$ref": "#/components/schemas/ForbiddenError"
}
}
}
},
"/tenant/{tenantId}/community/{communityId}/auth_policy/evaluate": {
"post": {
"summary": "Evaluate adaptive authentication policy",
"description": "Fetch decision after evaluating facts against adaptive authentication policy\n\nLicense must be a valid license authorized for the community\n\n| **Headers** |\n|----------------------------------------------|\n\n### licensekey (required)\nLicense key encrypted with ECDSA - system or service level key is required\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 60 seconds from now\n\n### publickey (required)\nPublic key\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns decision from rules evaluation. Possible decisions are \"mfa_needed\", \"grant_access\", \"deny_access\".\n",
"tags": [
"AuthPolicy"
],
"security": [
{
"authMyPublicKey": []
},
{
"authMyPrivateKey": []
},
{
"authLicense": []
}
],
"parameters": [
{
"name": "tenantId",
"in": "path",
"description": "Id of tenant",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "communityId",
"in": "path",
"description": "Id of community",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "licensekey",
"in": "header",
"description": "License key encrypted with ECDSA / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 60 seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"description": "",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/EvaluateAuthPolicyRequest"
}
}
}
},
"responses": {
"200": {
"description": "SUCCESS\n",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/EvaluateAuthPolicyResponse"
}
}
}
},
"400": {
"description": "Validation data error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ValidationError"
}
}
}
},
"403": {
"$ref": "#/components/schemas/ForbiddenError"
}
}
}
},
"/v2/tenant/{tenantId}/community/{communityId}/authenticationJourney": {
"put": {
"summary": "Create V2 AuthenticationJourney",
"description": "This Endpoint will create an authentication journey under the authenticationjourney_v2 collection, as well as rules for that authentication journey in rules engine.\n\nLicense must be of authLevel = system/service\n\n| **Headers** |\n|----------------------------------------------|\n\n### licensekey (required)\nLicense key encrypted with ECDSA - system or service level key is required\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 60 seconds from now\n\n### publickey (required)\nPublic key\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns object with public key and encrypted data containing created IDP\n\nIMPORTANT: You can see unencrypted data, it is only a preview available in Swagger\n",
"tags": [
"AuthenticationJourneyV2"
],
"security": [
{
"authMyPublicKey": []
},
{
"authMyPrivateKey": []
},
{
"authLicense": []
}
],
"parameters": [
{
"name": "tenantId",
"in": "path",
"description": "Id of tenant",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "communityId",
"in": "path",
"description": "Id of community",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "licensekey",
"in": "header",
"description": "License key encrypted with ECDSA / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 60 seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"description": "IMPORTANT - you can send unencrypted data and you will get unecrypted data as well, it is only a preview available in Swagger\n\nIn real application, you have to send encrypted data as follow:\n```\n{\n \"data\": \"\"\n}\n```\n",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/CreateAuthenticationJourneyRequestV2"
}
}
}
},
"responses": {
"200": {
"description": "SUCCESS\n\nIMPORTANT - Unencrypted response is only available in Swagger\n\nIn real application, you will get data as follow:\n```\n{\n \"data\": \"\",\n \"publicKey\": \"\"\n}\n```\n",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/CreateAuthenticationJourneyResponseV2"
}
}
}
},
"400": {
"description": "Validation data error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ValidationError"
}
}
}
},
"403": {
"$ref": "#/components/schemas/ForbiddenError"
}
}
}
},
"/v2/tenant/{tenantId}/community/{communityId}/authenticationJourney/{id}": {
"patch": {
"summary": "Update AuthenticationJourney V2",
"description": "This Endpoint will updates an authentication journey under the authenticationjourney_v2 collection, as well as this does a full delete and replace of all related rules in rules engine.\n\nLicense must be of authLevel = system/service\n\n| **Headers** |\n|----------------------------------------------|\n\n### licensekey (required)\nLicense key encrypted with ECDSA - system or service level key is required\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 60 seconds from now\n\n### publickey (required)\nPublic key\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns object with public key and encrypted data containing created IDP\n\nIMPORTANT: You can see unencrypted data, it is only a preview available in Swagger\n",
"tags": [
"AuthenticationJourneyV2"
],
"security": [
{
"authMyPublicKey": []
},
{
"authMyPrivateKey": []
},
{
"authLicense": []
}
],
"parameters": [
{
"name": "tenantId",
"in": "path",
"description": "Id of tenant",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "communityId",
"in": "path",
"description": "Id of community",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "id",
"in": "path",
"description": "Id of authenticationJourney",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "licensekey",
"in": "header",
"description": "License key encrypted with ECDSA / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 60 seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"description": "IMPORTANT - you can send unencrypted data and you will get unecrypted data as well, it is only a preview available in Swagger\n\nIn real application, you have to send encrypted data as follow:\n```\n{\n \"data\": \"\"\n}\n```\n",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/CreateAuthenticationJourneyRequestV2"
}
}
}
},
"responses": {
"200": {
"description": "SUCCESS\n\nIMPORTANT - Unencrypted response is only available in Swagger\n\nIn real application, you will get data as follow:\n```\n{\n \"data\": \"\",\n \"publicKey\": \"\"\n}\n```\n",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/CreateAuthenticationJourneyResponseV2"
}
}
}
},
"400": {
"description": "Validation data error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ValidationError"
}
}
}
},
"403": {
"$ref": "#/components/schemas/ForbiddenError"
}
}
},
"delete": {
"summary": "Delete V2 Authentication Journey",
"description": "This Endpoint will deletes an authentication journey under the authenticationjourney_v2 collection by Id, as well as delete rules based on an authentication journey Ids from rules engine.\n\nLicense must be of authLevel = system/service\n\n| **Headers** |\n|----------------------------------------------|\n\n### licensekey (required)\nLicense key encrypted with ECDSA - system or service level key is required\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 60 seconds from now\n\n### publickey (required)\nPublic key\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns 204 No Content\n",
"tags": [
"AuthenticationJourneyV2"
],
"security": [
{
"authMyPublicKey": []
},
{
"authMyPrivateKey": []
},
{
"authLicense": []
}
],
"parameters": [
{
"name": "tenantId",
"in": "path",
"description": "Id of tenant",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "communityId",
"in": "path",
"description": "Id of community",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "id",
"in": "path",
"description": "Id of authenticationJourney",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "licensekey",
"in": "header",
"description": "License key encrypted with ECDSA / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 60 seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"responses": {
"204": {
"description": "No Content - SUCCESS\n"
},
"400": {
"description": "Validation data error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ValidationPathError"
}
}
}
},
"403": {
"$ref": "#/components/schemas/ForbiddenError"
}
}
}
},
"/v2/tenant/{tenantId}/community/{communityId}/authenticationJourney/fetch": {
"post": {
"summary": "Fetch AuthenticationJourneyV2",
"description": "This Endpoint will fetch an authentication journey under the authenticationjourney_v2 collection by provided filters.\n\nLicense must be of authLevel = system/service\n\n| **Headers** |\n|----------------------------------------------|\n\n### licensekey (required)\nLicense key encrypted with ECDSA - system or service level key is required\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 60 seconds from now\n\n### publickey (required)\nPublic key\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns object with public key and encrypted data containing created IDP\n\nIMPORTANT: You can see unencrypted data, it is only a preview available in Swagger\n",
"tags": [
"AuthenticationJourneyV2"
],
"security": [
{
"authMyPublicKey": []
},
{
"authMyPrivateKey": []
},
{
"authLicense": []
}
],
"parameters": [
{
"name": "tenantId",
"in": "path",
"description": "Id of tenant",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "communityId",
"in": "path",
"description": "Id of community",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "licensekey",
"in": "header",
"description": "License key encrypted with ECDSA / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 60 seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"description": "IMPORTANT - you can send unencrypted data and you will get unecrypted data as well, it is only a preview available in Swagger\n\nIn real application, you have to send encrypted data as follow:\n```\n{\n \"data\": \"\"\n}\n```\n",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/FetchV2AuthenticationJourneyRequest"
}
}
}
},
"responses": {
"200": {
"description": "SUCCESS\n\nIMPORTANT - Unencrypted response is only available in Swagger\n\nIn real application, you will get data as follow:\n```\n{\n \"data\": \"\",\n \"publicKey\": \"\"\n}\n```\n",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/FetchAuthenticationJourneyResponse"
}
}
}
},
"400": {
"description": "Validation data error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ValidationError"
}
}
}
},
"403": {
"$ref": "#/components/schemas/ForbiddenError"
}
}
}
},
"/v2/tenant/{tenantId}/community/{communityId}/auth_policy/evaluate": {
"post": {
"summary": "Evaluate adaptive authentication policy",
"description": "Fetch decision after evaluating facts against adaptive authentication policy\n\nLicense must be a valid license authorized for the community\n\n| **Headers** |\n|----------------------------------------------|\n\n### licensekey (required)\nLicense key encrypted with ECDSA - system or service level key is required\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 60 seconds from now\n\n### publickey (required)\nPublic key\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns decision from rules evaluation. Possible decisions are \"mfa_needed\", \"grant_access\", \"deny_access\".\n",
"tags": [
"AuthPolicyV2"
],
"security": [
{
"authMyPublicKey": []
},
{
"authMyPrivateKey": []
},
{
"authLicense": []
}
],
"parameters": [
{
"name": "tenantId",
"in": "path",
"description": "Id of tenant",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "communityId",
"in": "path",
"description": "Id of community",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "licensekey",
"in": "header",
"description": "License key encrypted with ECDSA / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 60 seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"description": "",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/EvaluateAuthPolicyRequestV2"
}
}
}
},
"responses": {
"200": {
"description": "SUCCESS\n",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/EvaluateAuthPolicyResponse"
}
}
}
},
"400": {
"description": "Validation data error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ValidationError"
}
}
}
},
"403": {
"$ref": "#/components/schemas/ForbiddenError"
}
}
}
},
"/v2/tenant/{tenantId}/community/{communityId}/auth_policy/auth_schemes": {
"post": {
"summary": "Evaluate adaptive authentication policy and returning schemes",
"description": "Fetch auth schemes after evaluating facts against adaptive authentication policies\n\nLicense must be a valid license authorized for the community\n\n| **Headers** |\n|----------------------------------------------|\n\n### licensekey (required)\nLicense key encrypted with ECDSA - system or service level key is required\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 60 seconds from now\n\n### publickey (required)\nPublic key\n\n| **Returns** |\n|-------------------------------------------|\n\nReturns decision from rules evaluation. Possible decisions are \"mfa_needed\", \"grant_access\", \"deny_access\".\n",
"tags": [
"AuthPolicyV2"
],
"security": [
{
"authMyPublicKey": []
},
{
"authMyPrivateKey": []
},
{
"authLicense": []
}
],
"parameters": [
{
"name": "tenantId",
"in": "path",
"description": "Id of tenant",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "communityId",
"in": "path",
"description": "Id of community",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "licensekey",
"in": "header",
"description": "License key encrypted with ECDSA / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "requestid",
"in": "header",
"description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 60 seconds from now / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
},
{
"name": "publickey",
"in": "header",
"description": "Public Key / Try Authorize 🔒",
"required": true,
"schema": {
"type": "string",
"example": "Do not enter anything, use 'Authorize' fields"
}
}
],
"requestBody": {
"description": "",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/GetAuthSchemesRequestV2"
}
}
}
},
"responses": {
"200": {
"description": "SUCCESS\n",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/GetAuthSchemesResponse"
}
}
}
},
"400": {
"description": "Validation data error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ValidationError"
}
}
}
},
"403": {
"$ref": "#/components/schemas/ForbiddenError"
}
}
}
}
},
"components": {
"schemas": {
"DefaultResponse": {
"type": "object",
"properties": {
"message": {
"type": "string",
"example": "API is working"
}
}
},
"EcdsaEncryptDecryptRequest": {
"type": "object",
"required": [
"dataStr",
"publicKey",
"privateKey"
],
"properties": {
"dataStr": {
"required": true,
"type": "string",
"description": "Message to encrypt or decrypt",
"example": "Hey, This is example data string."
},
"publicKey": {
"required": true,
"type": "string",
"example": "xxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
},
"privateKey": {
"required": true,
"type": "string",
"example": "xxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
}
}
},
"EcdsaEncryptDecryptResponse": {
"type": "object",
"properties": {
"data": {
"type": "string"
}
},
"example": {
"data": "xxxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxx"
}
},
"ValidationError": {
"type": "array",
"items": {
"type": "object",
"properties": {
"message": {
"type": "string",
"example": "This field should not be empty"
},
"param": {
"type": "string",
"example": "name"
}
}
}
},
"ValidationAuthenticateError": {
"type": "array",
"items": {
"type": "object",
"properties": {
"message": {
"type": "string",
"example": "This field should not be empty"
},
"param": {
"type": "string",
"example": "username"
}
}
}
},
"ValidationSAMLError": {
"type": "array",
"items": {
"type": "object",
"properties": {
"message": {
"type": "string",
"example": "This field should not be empty"
},
"param": {
"type": "string",
"example": "SAMLRequest"
}
}
}
},
"ValidationOIDCError": {
"type": "array",
"items": {
"type": "object",
"properties": {
"message": {
"type": "string",
"example": "This field should not be empty"
},
"param": {
"type": "string",
"example": "OIDCRequest"
}
}
}
},
"ValidationPathError": {
"type": "array",
"items": {
"type": "object",
"properties": {
"message": {
"type": "string",
"example": "This field should not be empty"
},
"param": {
"type": "string",
"example": "tenantId"
}
}
}
},
"PublicKeyResponse": {
"type": "object",
"properties": {
"publicKey": {
"type": "string"
}
},
"example": {
"publicKey": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
}
},
"SPCatalogListResponse": {
"type": "object",
"properties": {
"spCatalogItemOne": {
"type": "object",
"properties": {
"name": {
"type": "string",
"example": "spCatalogItemOne"
},
"logo": {
"type": "string",
"example": "logo1"
},
"template": {
"type": "string",
"example": "template1"
},
"sso_url": {
"type": "string",
"example": "http://sso1.test"
},
"type": {
"type": "string",
"example": "salesforce"
},
"description": {
"type": "string",
"example": "string"
}
}
},
"spCatalogItemTwo": {
"type": "object",
"properties": {
"name": {
"type": "string",
"example": "spCatalogItemTwo"
},
"logo": {
"type": "string",
"example": "logo2"
},
"template": {
"type": "string",
"example": "template2"
},
"sso_url": {
"type": "string",
"example": "http://sso2.test"
},
"type": {
"type": "string",
"example": "salesforce"
},
"description": {
"type": "string",
"example": "string"
}
}
}
}
},
"CreateSPCatalogItemRequest": {
"type": "object",
"properties": {
"name": {
"type": "string",
"example": "spCatalogItemOne"
},
"logo": {
"type": "string",
"example": "logo"
},
"sso_url": {
"type": "string",
"example": "http://sso.test"
},
"template": {
"type": "string",
"example": "template"
},
"type": {
"type": "string",
"example": "salesforce"
},
"description": {
"type": "string",
"example": "string"
}
}
},
"CreateSPCatalogItemResponse": {
"type": "object",
"properties": {
"sp_catalog.spCatalogItemOne": {
"type": "object",
"properties": {
"name": {
"type": "string",
"example": "spCatalogItemOne"
},
"logo": {
"type": "string",
"example": "logo"
},
"sso_url": {
"type": "string",
"example": "http://sso.test"
},
"template": {
"type": "string",
"example": "template"
},
"type": {
"type": "string",
"example": "salesforce"
},
"description": {
"type": "string",
"example": "string"
}
}
}
}
},
"AuthenticateRequest": {
"type": "object",
"properties": {
"data": {
"type": "object",
"properties": {
"schemeId": {
"type": "string",
"example": "string optional"
},
"moduleId": {
"type": "string",
"example": "string optional"
},
"SAMLResponse": {
"type": "string",
"example": "string optional"
},
"credentials": {
"type": "object",
"properties": {
"username": {
"type": "string",
"example": "string optional"
},
"password": {
"type": "string",
"example": "string optional"
},
"dn": {
"type": "string",
"example": "string optional"
},
"otp": {
"type": "string",
"example": "string optional"
},
"isPasswordDeferred": {
"type": "boolean",
"example": "boolean optional"
},
"isSharedPasswordDeferred": {
"type": "boolean",
"example": "boolean optional"
},
"pin": {
"type": "string",
"example": "string optional"
},
"isOtpFromUwl": {
"type": "boolean",
"example": "boolean optional"
}
}
},
"jwt": {
"type": "string",
"example": "string optional"
}
}
}
}
},
"AuthenticateResponse": {
"type": "object",
"properties": {
"data": {
"type": "object",
"properties": {
"user": {
"type": "object",
"properties": {
"type": {
"type": "string",
"example": "basic"
},
"email_verified": {
"type": "boolean",
"example": true
},
"disabled": {
"type": "boolean",
"example": false
},
"username": {
"type": "string",
"example": "Username"
},
"status": {
"type": "string",
"example": "active"
},
"firstname": {
"type": "string",
"example": "Fname"
},
"middlename": {
"type": "string",
"example": "Mname"
},
"lastname": {
"type": "string",
"example": "Lname"
},
"email": {
"type": "string",
"example": "email@email.email"
},
"phone": {
"type": "string",
"example": "111111111"
},
"phone_verified": {
"type": "boolean",
"example": true
},
"address": {
"type": "object",
"properties": {
"house": {
"type": "string",
"example": "House"
},
"streetname": {
"type": "string",
"example": "Streetname"
},
"city": {
"type": "string",
"example": "City"
},
"country": {
"type": "string",
"example": "Country"
},
"zip": {
"type": "string",
"example": "Zip"
}
}
},
"address_verified": {
"type": "boolean",
"example": true
},
"uid": {
"type": "string",
"example": "6cc4cc4e-eac9-478f-a871-976ff007ee29"
},
"dguid": {
"type": "string",
"example": "6cc4cc4e-eac9-478f-a871-976ff007ee29"
},
"tenantId": {
"type": "string",
"example": "607714223fc37d72a2422e86"
},
"communityId": {
"type": "string",
"example": "607714223fd37d72a2422e87"
},
"roleValue": {
"type": "string",
"example": "none"
}
}
},
"proof_of_authentication_jwt": {
"type": "string",
"example": "jwt"
}
}
},
"publicKey": {
"type": "string",
"example": "xxxxxxx"
},
"signature_token": {
"type": "string",
"example": "xxxxxxx"
}
}
},
"AuthenticateWithFidoResponse": {
"type": "object",
"properties": {
"data": {
"type": "object",
"properties": {
"status": {
"type": "string",
"example": "Ok"
},
"errorMessage": {
"type": "string",
"example": ""
},
"sub": {
"type": "string",
"example": "xxxxx"
},
"user": {
"type": "object",
"example": "{ \"username\" : \"xxxxx\"}"
},
"authenticatorId": {
"type": "string",
"example": "xxxxxx"
},
"authselection": {
"type": "string",
"example": "xxxxxx"
},
"proof_of_authentication_jwt": {
"type": "string",
"example": "xxxx.xxxx.xxxx"
}
}
},
"publicKey": {
"type": "string",
"example": "xxxxxxx"
},
"signature_token": {
"type": "string",
"example": "xxxxxxx"
}
}
},
"AuthenticateWithKtokenRequest": {
"type": "object",
"properties": {
"data": {
"type": "object",
"properties": {
"ktoken": {
"type": "string",
"example": "g56hrstyj6i7je5jstbsr65jeh"
},
"attributes": {
"type": "array",
"example": [
"groups",
"uid",
"username"
]
},
"jwt": {
"type": "string",
"example": "jwt optional"
}
}
}
}
},
"AuthenticateWithFidoRequest": {
"type": "object",
"properties": {
"data": {
"type": "object",
"properties": {
"username": {
"type": "string"
},
"authModule": {
"type": "string"
},
"assertionResults": {
"type": "object"
},
"jwt": {
"type": "string",
"example": "jwt optional"
}
}
}
}
},
"ProofOfAuthenticationRequest": {
"type": "object",
"properties": {
"data": {
"type": "object",
"properties": {
"user": {
"type": "object",
"properties": {
"username": {
"type": "string",
"example": "string required"
},
"uid": {
"type": "string",
"example": "string optional"
},
"moduleId": {
"type": "string",
"example": "string optional"
},
"urn": {
"type": "string",
"example": "string optional"
}
}
},
"methods": {
"type": "array",
"items": {
"type": "string",
"example": "string required"
}
},
"ttl": {
"type": "number",
"example": 30
}
}
}
}
},
"ProofOfAuthenticationResponse": {
"type": "object",
"properties": {
"proof_of_authentication": {
"type": "string",
"example": "jwt"
}
}
},
"SAMLRequest": {
"type": "object",
"properties": {
"data": {
"type": "object",
"properties": {
"SAMLPayload": {
"type": "object",
"properties": {
"SAMLRequest": {
"type": "string",
"example": "string"
},
"Signature": {
"type": "string",
"example": "xxxxxxxxxxxxx"
},
"RelayState": {
"type": "string",
"example": "xxxxxxxxxxxxx"
},
"SigAlg": {
"type": "string",
"example": "xxxxxxxxxxxxx"
}
}
},
"userSession": {
"type": "object",
"properties": {
"pon_data": {
"type": "object",
"properties": {
"key": {
"type": "string",
"example": "value"
}
}
},
"authenticator_data": {
"type": "object",
"properties": {
"key": {
"type": "string",
"example": "value"
}
}
},
"user": {
"type": "object",
"properties": {
"uid": {
"type": "string",
"example": "uid"
},
"moduleId": {
"type": "string",
"example": "moduleId"
}
}
},
"wallet": {
"type": "object",
"properties": {
"publicKey": {
"type": "string",
"example": "publicKey"
},
"privateKey": {
"type": "string",
"example": "privateKey"
},
"id": {
"type": "string",
"example": "id"
}
}
},
"aal": {
"type": "string",
"example": "xxxxxxxxxxxxx"
}
}
}
}
}
}
},
"WSFEDRequest": {
"type": "object",
"properties": {
"data": {
"type": "object",
"properties": {
"WSFedPayload": {
"type": "object",
"properties": {
"wtrealm": {
"type": "string",
"example": "string"
},
"wa": {
"type": "string",
"example": "xxxxxxxxxxxxx"
},
"wreply": {
"type": "string",
"example": "xxxxxxxxxxxxx"
},
"wctx": {
"type": "string",
"example": "xxxxxxxxxxxxx"
}
}
},
"userSession": {
"type": "object",
"properties": {
"pon_data": {
"type": "object",
"properties": {
"key": {
"type": "string",
"example": "value"
}
}
},
"authenticator_data": {
"type": "object",
"properties": {
"key": {
"type": "string",
"example": "value"
}
}
},
"user": {
"type": "object",
"properties": {
"uid": {
"type": "string",
"example": "uid"
},
"moduleId": {
"type": "string",
"example": "moduleId"
}
}
},
"wallet": {
"type": "object",
"properties": {
"publicKey": {
"type": "string",
"example": "publicKey"
},
"privateKey": {
"type": "string",
"example": "privateKey"
},
"id": {
"type": "string",
"example": "id"
}
}
},
"aal": {
"type": "string",
"example": "xxxxxxxxxxxxx"
}
}
}
}
}
}
},
"AuthenticateWithUwlRequest": {
"type": "object",
"properties": {
"data": {
"type": "object",
"properties": {
"username": {
"type": "string",
"example": "string required"
},
"authenticator_did": {
"type": "string",
"example": "string required"
},
"authenticator_publickey": {
"type": "string",
"example": "string required"
},
"nonce": {
"type": "string",
"example": "string required"
},
"nonce_signature": {
"type": "string",
"example": "string required"
},
"jwt": {
"type": "string",
"example": "jwt optional"
}
}
}
}
},
"SpObject": {
"type": "object",
"properties": {
"name": {
"type": "string",
"example": "string"
},
"environment": {
"type": "string",
"example": "string"
},
"type": {
"type": "string",
"example": "saml"
},
"logo": {
"type": "string",
"example": "string"
},
"saml_config": {
"type": "object",
"properties": {
"accessUrl": {
"type": "string",
"example": "string"
},
"entityId": {
"type": "string",
"example": "string"
},
"assertionMethod": {
"type": "string",
"example": "string"
},
"assertionConsumerServiceURL": {
"type": "string",
"example": "string"
},
"logoutRequestSignRequired": {
"type": "boolean",
"example": true
},
"logoutResponseSignRequired": {
"type": "boolean",
"example": true
},
"authRequestSignRequired": {
"type": "boolean",
"example": true
},
"assertionSignRequired": {
"type": "boolean",
"example": true
},
"signingCert": {
"type": "string",
"example": "string optional"
},
"signingAlgo": {
"type": "string",
"example": "string"
},
"encryptAssertion": {
"type": "boolean",
"example": true
},
"encryptionCert": {
"type": "string",
"example": "string"
},
"encryptionAlgorithm": {
"type": "string",
"example": "string"
},
"keyTransportAlgorithm": {
"type": "string",
"example": "string"
},
"encryptionAlgo": {
"type": "string",
"example": "string"
},
"nameid": {
"type": "object",
"properties": {
"format": {
"type": "string",
"example": "unspecified"
},
"value": {
"type": "string",
"example": "string"
},
"attribute_type": {
"type": "string",
"example": "string"
}
}
},
"attributes": {
"type": "array",
"items": {
"type": "object",
"properties": {
"claim_name": {
"type": "string",
"example": "string"
},
"attribute_name": {
"type": "string",
"example": "string"
},
"attribute_type": {
"type": "string",
"example": "string"
},
"value_type": {
"type": "string",
"example": "string"
},
"value": {
"type": "any",
"example": "string"
}
}
}
}
}
},
"oidc_config": {
"type": "object",
"properties": {
"application_type": {
"type": "string",
"example": "string"
},
"grant_types": {
"type": "array",
"items": {
"type": "string",
"example": "string"
}
},
"id_token_signed_response_alg": {
"type": "string",
"example": "string"
},
"post_logout_redirect_uris": {
"type": "array",
"items": {
"type": "string",
"example": "string"
}
},
"require_auth_time": {
"type": "boolean",
"example": false
},
"response_types": {
"type": "array",
"items": {
"type": "string",
"example": "string"
}
},
"subject_type": {
"type": "string",
"example": "string"
},
"token_endpoint_auth_method": {
"type": "string",
"example": "string"
},
"introspection_endpoint_auth_method": {
"type": "string",
"example": "string"
},
"require_signed_request_object": {
"type": "boolean",
"example": false
},
"request_uris": {
"type": "array",
"items": {
"type": "string",
"example": "string"
}
},
"client_name": {
"type": "string",
"example": "string"
},
"client_secret_expires_at": {
"type": "number",
"example": 0
},
"redirect_uris": {
"type": "array",
"items": {
"type": "string",
"example": "string"
}
},
"scope": {
"type": "array",
"items": {
"type": "string",
"example": "string"
}
}
}
},
"eventData": {
"type": "object"
}
}
},
"SpObjectResponseRef": {
"type": "object",
"properties": {
"name": {
"type": "string",
"example": "string"
},
"environment": {
"type": "string",
"example": "string"
},
"type": {
"type": "string",
"example": "saml"
},
"logo": {
"type": "string",
"example": "string"
},
"saml_config": {
"type": "object",
"properties": {
"accessUrl": {
"type": "string",
"example": "string"
},
"entityId": {
"type": "string",
"example": "string"
},
"assertionMethod": {
"type": "string",
"example": "string"
},
"assertionConsumerServiceURL": {
"type": "string",
"example": "string"
},
"logoutRequestSignRequired": {
"type": "boolean",
"example": true
},
"logoutResponseSignRequired": {
"type": "boolean",
"example": true
},
"authRequestSignRequired": {
"type": "boolean",
"example": true
},
"assertionSignRequired": {
"type": "boolean",
"example": true
},
"signingCert": {
"type": "string",
"example": "string optional"
},
"signingAlgo": {
"type": "string",
"example": "string"
},
"encryptionCert": {
"type": "string",
"example": "string"
},
"encryptionAlgo": {
"type": "string",
"example": "string"
},
"nameid": {
"type": "object",
"properties": {
"format": {
"type": "string",
"example": "unspecified"
},
"value": {
"type": "string",
"example": "string"
},
"attribute_type": {
"type": "string",
"example": "string"
}
}
},
"attributes": {
"type": "array",
"items": {
"type": "object",
"properties": {
"uuid": {
"type": "string",
"example": "xxxxx-xxxxxx-xxxxxxxxxxxx-xxxxxxxx"
},
"claim_name": {
"type": "string",
"example": "string"
},
"attribute_name": {
"type": "string",
"example": "string"
},
"attribute_type": {
"type": "string",
"example": "string"
},
"value_type": {
"type": "string",
"example": "string"
},
"value": {
"type": "any",
"example": "string"
}
}
}
}
}
},
"oidc_config": {
"type": "object",
"properties": {
"application_type": {
"type": "string",
"example": "string"
},
"grant_types": {
"type": "array",
"items": {
"type": "string",
"example": "string"
}
},
"id_token_signed_response_alg": {
"type": "string",
"example": "string"
},
"post_logout_redirect_uris": {
"type": "array",
"items": {
"type": "string",
"example": "string"
}
},
"require_auth_time": {
"type": "boolean",
"example": false
},
"response_types": {
"type": "array",
"items": {
"type": "string",
"example": "string"
}
},
"subject_type": {
"type": "string",
"example": "string"
},
"token_endpoint_auth_method": {
"type": "string",
"example": "string"
},
"introspection_endpoint_auth_method": {
"type": "string",
"example": "string"
},
"require_signed_request_object": {
"type": "boolean",
"example": false
},
"request_uris": {
"type": "array",
"items": {
"type": "string",
"example": "string"
}
},
"client_name": {
"type": "string",
"example": "string"
},
"client_secret_expires_at": {
"type": "number",
"example": 0
},
"redirect_uris": {
"type": "array",
"items": {
"type": "string",
"example": "string"
}
},
"scope": {
"type": "array",
"items": {
"type": "string",
"example": "string"
}
}
}
}
}
},
"CreateOrUpdateSpObjectRequest": {
"type": "object",
"properties": {
"data": {
"allOf": [
{
"$ref": "#/components/schemas/SpObject"
}
]
}
}
},
"SpObjectResponse": {
"type": "object",
"properties": {
"data": {
"allOf": [
{
"type": "object",
"properties": {
"_id": {
"type": "string",
"example": "xxxxxxxxxxxx"
},
"communityId": {
"type": "string",
"example": "xxxxxxxxxxxx"
}
}
},
{
"$ref": "#/components/schemas/SpObjectResponseRef"
},
{
"type": "object",
"properties": {
"__v": {
"type": "number",
"example": 0
}
}
}
]
}
}
},
"SpObjectsListResponse": {
"type": "object",
"properties": {
"data": {
"type": "array",
"items": {
"type": "object",
"allOf": [
{
"type": "object",
"properties": {
"_id": {
"type": "string",
"example": "xxxxxxxxxxxx"
},
"communityId": {
"type": "string",
"example": "xxxxxxxxxxxx"
}
}
},
{
"$ref": "#/components/schemas/SpObjectResponseRef"
},
{
"type": "object",
"properties": {
"__v": {
"type": "number",
"example": 0
}
}
}
]
}
}
}
},
"ApplicationCreateRequest": {
"type": "object",
"properties": {
"data": {
"type": "object",
"properties": {
"name": {
"type": "string",
"example": "string"
},
"domain": {
"type": "string",
"example": "string"
},
"ssoUrl": {
"type": "string",
"example": "https://1k-dev.1kosmos.net/newui/default/sso"
},
"config": {
"type": "object"
}
}
}
}
},
"SetIDPConfigRequest": {
"type": "object",
"properties": {
"data": {
"type": "object",
"properties": {
"signingCert": {
"type": "string",
"example": "xxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
},
"signingKey": {
"type": "string",
"example": "xxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
},
"encryptionCert": {
"type": "string",
"example": "xxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
},
"entityId": {
"type": "string",
"example": "xxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
},
"authnRequestsSigned": {
"type": "boolean",
"example": true
},
"encryptionKey": {
"type": "string",
"example": "xxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
},
"sso_bindings": {
"type": "array",
"items": {
"type": "string"
}
},
"slo_bindings": {
"type": "array",
"items": {
"type": "string"
}
},
"identifier": {
"type": "string",
"example": "string"
}
}
}
}
},
"ECDSADataResponse": {
"type": "object",
"properties": {
"data": {
"type": "string",
"example": "xxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
},
"publicKey": {
"type": "string",
"example": "xxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
}
}
},
"AuthSchemeRequest": {
"type": "object",
"properties": {
"tag": {
"type": "string",
"example": "ExampleTag"
},
"enabled": {
"type": "boolean",
"example": true
},
"isDefault": {
"type": "boolean",
"example": false
},
"dbModule": {
"type": "object",
"$ref": "#/components/schemas/AuthSchemeModule"
},
"modules": {
"type": "array",
"items": {
"type": "object",
"allOf": [
{
"$ref": "#/components/schemas/AuthSchemeModule"
}
]
}
}
}
},
"AuthSchemeResponse": {
"type": "object",
"properties": {
"_id": {
"type": "string",
"example": "6051d2a5ba947f531d5760e1"
},
"tag": {
"type": "string",
"example": "ExampleTag"
},
"communityId": {
"type": "string",
"communityId": "6051d2a5ba947f531d5760e1"
},
"enabled": {
"type": "boolean",
"example": true
},
"isDefault": {
"type": "boolean",
"example": false
},
"dbModule": {
"type": "object",
"$ref": "#/components/schemas/AuthSchemeModule"
},
"modules": {
"type": "array",
"items": {
"type": "object",
"allOf": [
{
"$ref": "#/components/schemas/AuthSchemeModuleResponse"
}
]
}
},
"__v": {
"type": "number",
"example": 0
}
}
},
"AuthSchemeModuleResponse": {
"type": "object",
"properties": {
"_id": {
"type": "string",
"example": "6051d2a5ba947f531d5760e1"
},
"id": {
"type": "string",
"example": "id123456"
},
"type": {
"type": "string",
"example": "Example type"
},
"method": {
"type": "string",
"example": "Example type"
},
"name": {
"type": "string",
"example": "Example name"
},
"criteria": {
"type": "string",
"description": "Criteria is one of these words - required | optional | requisite | sufficient",
"example": "required"
}
}
},
"HealthzResponse": {
"type": "object",
"properties": {
"status": {
"type": "string",
"example": "all services operational"
},
"publicKey": {
"type": "string",
"example": "//same as /publickeys endpoint"
},
"code": {
"type": "string",
"example": "200"
},
"version": {
"type": "string",
"example": "xxxx.xxxx.xxxx"
}
}
},
"AuthSchemeModule": {
"type": "object",
"properties": {
"id": {
"type": "string",
"example": "id123456"
},
"type": {
"type": "string",
"example": "Example type"
},
"method": {
"type": "string",
"example": "Example type"
},
"name": {
"type": "string",
"example": "Example name"
},
"criteria": {
"type": "string",
"description": "Criteria is one of these words - required | optional | requisite | sufficient",
"example": "required"
}
}
},
"SamlMetadataRequest": {
"type": "object",
"properties": {
"data": {
"type": "object",
"properties": {
"ssoUrl": {
"type": "string",
"example": "string"
},
"sloUrl": {
"type": "string",
"example": "string"
}
}
}
}
},
"AuthSchemeFetchRequest": {
"type": "object",
"properties": {
"default": {
"type": "boolean",
"example": true
},
"fetchModules": {
"type": "boolean",
"example": false
}
}
},
"ForbiddenError": {
"description": "API doesn't have right permissions to call this API"
},
"BadRequestError": {
"description": "Bad request",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"errors": {
"type": "array",
"items": {
"type": "object",
"allOf": [
{
"$ref": "#/components/schemas/ValidationError"
}
]
}
}
}
}
}
}
},
"UnauthorizedError": {
"description": "API is not authorized to call this API"
},
"NotFoundError": {
"description": "Not found"
},
"UnsupportedStateError": {
"description": "Unsupported state or unable to authenticate data",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"error": {
"type": "string",
"example": "Unsupported state or unable to authenticate data"
}
}
}
}
}
},
"GetServiceDirectoryResponse": {
"type": "object",
"properties": {
"name1": {
"type": "string"
},
"name2": {
"type": "string"
},
"name3": {
"type": "string"
}
},
"example": {
"name1": "https://xxx.xxxxxx.xxx/xxxxx",
"name2": "https://xxx.xxxxxx.xxx/xxxxx",
"name3": "https://xxx.xxxxxx.xxx/xxxxx"
}
},
"OidcConfigObject": {
"type": "object",
"properties": {
"name": {
"type": "string",
"example": "name"
},
"description": {
"type": "string",
"example": "description"
},
"scopes": {
"type": "array",
"items": {
"type": "object",
"properties": {
"name": {
"type": "string",
"example": "name"
},
"display_name": {
"type": "string",
"example": "Display Name"
},
"consent_required": {
"type": "boolean",
"example": true
},
"claims": {
"type": "array",
"items": {
"type": "object",
"properties": {
"claim_name": {
"type": "string",
"example": "claim_name"
},
"attribute_name": {
"type": "string",
"example": "attribute_name"
},
"attribute_type": {
"type": "string",
"example": "attribute_type"
},
"value_type": {
"type": "string",
"example": "value_type"
},
"value": {
"type": "string",
"example": "any_value"
}
}
}
}
}
}
}
}
},
"OidcConfigObjectResponseRef": {
"type": "object",
"properties": {
"name": {
"type": "string",
"example": "name"
},
"description": {
"type": "string",
"example": "description"
},
"scopes": {
"type": "array",
"items": {
"type": "object",
"properties": {
"name": {
"type": "string",
"example": "name"
},
"display_name": {
"type": "string",
"example": "Display Name"
},
"consent_required": {
"type": "boolean",
"example": true
},
"uuid": {
"type": "boolean",
"example": "xxxxx-xxxxxx-xxxxxxxxxxxx-xxxxxxxx"
},
"claims": {
"type": "array",
"items": {
"type": "object",
"properties": {
"uuid": {
"type": "string",
"example": "xxxxx-xxxxxx-xxxxxxxxxxxx-xxxxxxxx"
},
"claim_name": {
"type": "string",
"example": "claim_name"
},
"attribute_name": {
"type": "string",
"example": "attribute_name"
},
"attribute_type": {
"type": "string",
"example": "attribute_type"
},
"value_type": {
"type": "string",
"example": "value_type"
},
"value": {
"type": "string",
"example": "any_value"
}
}
}
}
}
}
}
}
},
"IdpObject": {
"type": "object",
"properties": {
"type": {
"type": "string",
"example": "oidc"
},
"oidc_config": {
"$ref": "#/components/schemas/OidcConfigObject"
}
}
},
"CreateIdpObjectRequest": {
"type": "object",
"properties": {
"data": {
"$ref": "#/components/schemas/IdpObject"
}
}
},
"UpdateIdpObjectRequest": {
"type": "object",
"properties": {
"data": {
"type": "object",
"properties": {
"oidc_config": {
"$ref": "#/components/schemas/OidcConfigObject"
}
}
}
}
},
"IdpObjectResponse": {
"allOf": [
{
"type": "object",
"properties": {
"_id": {
"type": "string",
"example": "xxxxxxxxxxxx"
},
"communityId": {
"type": "string",
"example": "xxxxxxxxxxxx"
},
"type": {
"type": "string",
"example": "oidc"
},
"oidc_config": {
"$ref": "#/components/schemas/OidcConfigObjectResponseRef"
}
}
},
{
"type": "object",
"properties": {
"__v": {
"type": "number",
"example": 0
}
}
}
]
},
"FetchIdpsRequest": {
"type": "object",
"properties": {
"data": {
"type": "object",
"properties": {
"id": {
"type": "string",
"example": "id"
},
"type": {
"type": "string",
"example": "oidc"
}
}
}
}
},
"IdpObjectListResponse": {
"type": "array",
"items": {
"oneOf": [
{
"$ref": "#/components/schemas/IdpObjectResponse"
}
]
}
},
"AuthenticationJourneyObject": {
"type": "object",
"properties": {
"name": {
"type": "string",
"example": "auth-journey-1"
},
"enabled": {
"type": "boolean",
"example": true
},
"groups": {
"type": "object",
"properties": {
"value": {
"type": "array",
"example": [
"group a",
"group b"
]
},
"operator": {
"type": "string",
"example": "overlap"
}
}
},
"deviceIds": {
"type": "object",
"properties": {
"value": {
"type": "array",
"example": [
"device-id-1",
"device-id-2"
]
},
"operator": {
"type": "string",
"example": "overlap"
}
}
},
"applications": {
"type": "object",
"properties": {
"value": {
"type": "array",
"example": [
"salesforce",
"gsuite"
]
},
"operator": {
"type": "string",
"example": "in"
}
}
},
"usernames": {
"type": "object",
"properties": {
"value": {
"type": "array",
"example": [
"username_1",
"username_2"
]
},
"operator": {
"type": "string",
"example": "in"
}
}
},
"ip": {
"type": "object",
"properties": {
"value": {
"type": "string",
"example": "192.136.456.200-192.136.456.300"
},
"operator": {
"type": "string",
"example": "in"
}
}
},
"domain": {
"type": "object",
"properties": {
"value": {
"type": "array",
"example": [
"google.com",
"1kosmos.com"
]
},
"operator": {
"type": "string",
"example": "in"
}
}
},
"decision": {
"type": "object",
"properties": {
"action": {
"type": "string",
"example": "mfa_required"
},
"authenticationMethods": {
"type": "array",
"example": [
"password_and_otp",
"fido"
]
}
}
},
"machineNames": {
"type": "object",
"properties": {
"value": {
"type": "array",
"example": [
"qa-win2016-0"
]
},
"operator": {
"type": "string",
"example": "in"
}
}
},
"machineIds": {
"type": "object",
"properties": {
"value": {
"type": "array",
"example": [
"B324123"
]
},
"operator": {
"type": "string",
"example": "in"
}
}
},
"machineUsers": {
"type": "object",
"properties": {
"value": {
"type": "array",
"example": [
"user@qa-win2016-0"
]
},
"operator": {
"type": "string",
"example": "in"
}
}
},
"mobileLocation": {
"type": "object",
"properties": {
"value": {
"type": "number",
"example": 100
},
"operator": {
"type": "string",
"example": "gt"
}
}
}
}
},
"AuthenticationJourneyObjectV2": {
"type": "object",
"properties": {
"name": {
"type": "string",
"example": "auth-journey-1"
},
"enabled": {
"type": "boolean",
"example": true
},
"category": {
"type": "string",
"example": "adaptive_auth_fallback_policy_v2",
"description": "Optional category field. Only set for fallback journeys. Regular journeys should not have this field."
},
"groups": {
"type": "object",
"properties": {
"value": {
"type": "array",
"example": [
"group a",
"group b"
]
},
"operator": {
"type": "string",
"example": "overlap"
}
}
},
"deviceIds": {
"type": "object",
"properties": {
"value": {
"type": "array",
"example": [
"device-id-1",
"device-id-2"
]
},
"operator": {
"type": "string",
"example": "overlap"
}
}
},
"requestingAppId": {
"type": "object",
"properties": {
"value": {
"type": "string",
"example": "adminx"
},
"operator": {
"type": "string",
"example": "eq"
}
}
},
"relyingAppId": {
"type": "object",
"properties": {
"value": {
"type": "string",
"example": "gsuite"
},
"operator": {
"type": "string",
"example": "eq"
}
}
},
"appConfigId": {
"type": "object",
"properties": {
"value": {
"type": "string",
"example": "124356656"
},
"operator": {
"type": "string",
"example": "eq"
}
}
},
"usernames": {
"type": "object",
"properties": {
"value": {
"type": "array",
"example": [
"username_1",
"username_2"
]
},
"operator": {
"type": "string",
"example": "in"
}
}
},
"ip": {
"type": "object",
"properties": {
"value": {
"type": "string",
"example": "192.136.456.200-192.136.456.300"
},
"operator": {
"type": "string",
"example": "in"
}
}
},
"domain": {
"type": "object",
"properties": {
"value": {
"type": "array",
"example": [
"google.com",
"1kosmos.com"
]
},
"operator": {
"type": "string",
"example": "in"
}
}
},
"decision": {
"type": "object",
"properties": {
"action": {
"type": "string",
"example": "mfa_required"
},
"authenticationMethods": {
"type": "array",
"example": [
"password_and_otp",
"fido"
]
}
}
},
"machineNames": {
"type": "object",
"properties": {
"value": {
"type": "array",
"example": [
"qa-win2016-0"
]
},
"operator": {
"type": "string",
"example": "in"
}
}
},
"machineIds": {
"type": "object",
"properties": {
"value": {
"type": "array",
"example": [
"B324123"
]
},
"operator": {
"type": "string",
"example": "in"
}
}
},
"machineUsers": {
"type": "object",
"properties": {
"value": {
"type": "array",
"example": [
"user@qa-win2016-0"
]
},
"operator": {
"type": "string",
"example": "in"
}
}
}
}
},
"CreateAuthenticationJourneyRequest": {
"type": "object",
"properties": {
"data": {
"$ref": "#/components/schemas/AuthenticationJourneyObject"
}
}
},
"CreateAuthenticationJourneyRequestV2": {
"type": "object",
"properties": {
"data": {
"$ref": "#/components/schemas/AuthenticationJourneyObjectV2"
}
}
},
"CreateAuthenticationJourneyResponse": {
"type": "object",
"properties": {
"data": {
"$ref": "#/components/schemas/AuthenticationJourneyObject"
}
}
},
"CreateAuthenticationJourneyResponseV2": {
"type": "object",
"properties": {
"data": {
"$ref": "#/components/schemas/AuthenticationJourneyObjectV2"
}
}
},
"ExternalIdpObject": {
"type": "object",
"properties": {
"connection": {
"type": "object",
"properties": {
"idpName": {
"type": "string",
"example": "Okta"
},
"idpEntityId": {
"type": "string",
"example": "Okta"
},
"samlLoginUrl": {
"type": "string",
"example": "Okta"
},
"samlLogoutUrl": {
"type": "string",
"example": "Okta"
},
"ssoBinding": {
"type": "string",
"example": "Okta"
},
"sloBinding": {
"type": "string",
"example": "Okta"
},
"forceAuthn": {
"type": "boolean",
"example": true
},
"spEntityId": {
"type": "string",
"example": "Okta"
},
"spSigningCertificate": {
"type": "string",
"example": "Okta"
},
"spPrivateKey": {
"type": "string",
"example": "Okta"
},
"idpSigningCertificate": {
"type": "string",
"example": "Okta"
}
}
},
"routingPolicy": {
"type": "object",
"properties": {
"enabled": {
"type": "boolean",
"example": true
},
"groups": {
"type": "object",
"properties": {
"value": {
"type": "array",
"example": [
"group-a",
"group-b"
]
},
"operator": {
"type": "string",
"example": "overlap"
}
}
},
"usernames": {
"type": "object",
"properties": {
"value": {
"type": "array",
"example": [
"user_a",
"user_b"
]
},
"operator": {
"type": "string",
"example": "overlap"
}
}
},
"usersInIdpStore": {
"type": "boolean",
"example": true
}
}
}
}
},
"CreateExternalIdpRequest": {
"type": "object",
"properties": {
"data": {
"$ref": "#/components/schemas/ExternalIdpObject"
}
}
},
"CreateExternalIdpResponse": {
"type": "object",
"properties": {
"data": {
"$ref": "#/components/schemas/ExternalIdpObject"
}
}
},
"OIDCRequest": {
"type": "object",
"properties": {
"data": {
"type": "object",
"properties": {
"OIDCPayload": {
"type": "object",
"properties": {
"OIDCRequest": {
"type": "string",
"example": "xxxxxxxxxxxxx"
},
"acr": {
"type": "string",
"example": "string optional"
}
}
},
"userSession": {
"type": "object",
"properties": {
"pon_data": {
"type": "object"
},
"authenticator_data": {
"type": "object"
},
"user": {
"type": "object",
"properties": {
"uid": {
"type": "string",
"example": "xxxxxxxxxxxxx"
},
"moduleId": {
"type": "string",
"example": "xxxxxxxxxxxxx"
}
}
},
"jit": {
"type": "string",
"example": "xxxxxxxxxxxxx"
},
"aal": {
"type": "string",
"example": "xxxxxxxxxxxxx"
},
"wallet": {
"type": "object",
"properties": {
"publicKey": {
"type": "string",
"example": "xxxxxxxxxxxxx"
},
"privateKey": {
"type": "string",
"example": "xxxxxxxxxxxxx"
},
"id": {
"type": "string",
"example": "xxxxxxxxxxxxx"
}
}
}
}
}
}
}
}
},
"OIDCResponse": {
"type": "object",
"properties": {
"sid": {
"type": "string",
"example": "xxxxxxxxxxxxx"
},
"oidc_token": {
"type": "string",
"example": "xxxxxxxxxxxxx"
},
"oidc_url_response": {
"type": "string",
"example": "xxxxxxxxxxxxx"
}
}
},
"UserConsentRequest": {
"type": "object",
"properties": {
"version": {
"type": "string",
"example": "BID-CR-v1.0.0"
},
"uuid": {
"type": "string",
"example": "b208a1a7-a5f7-4e40-be00-fc9c5032853f"
},
"transactionId": {
"type": "string",
"example": "b208a1a7-a5f7-4e40-be00-fc9c5032853f"
},
"ts": {
"type": "number",
"example": 1661397718
},
"method": {
"type": "string",
"example": "web"
},
"authenticator": {
"type": "object",
"properties": {
"name": {
"type": "string"
},
"id": {
"type": "string"
},
"version": {
"type": "string"
},
"os": {
"type": "string"
}
}
},
"principal": {
"type": "object",
"properties": {
"did": {
"type": "string"
},
"publicKey": {
"type": "string"
},
"urn": {
"type": "string",
"example": ""
},
"username": {
"type": "string"
}
}
},
"controller": {
"type": "object",
"properties": {
"type": {
"type": "string",
"example": "sp"
},
"name": {
"type": "string"
},
"id": {
"type": "string"
},
"entityId": {
"type": "string"
}
}
},
"scopes": {
"type": "array",
"items": {
"type": "object",
"properties": {
"name": {
"type": "string",
"example": "xxxxxx"
},
"uuid": {
"type": "string",
"example": "xxxxxx-xxxxx-xxxxxxx"
},
"claims": {
"type": "array",
"items": {
"type": "string"
},
"example": [
"firstname",
"lastname",
"..."
]
}
}
}
},
"request": {
"type": "object",
"properties": {
"uuid": {
"type": "string",
"example": "45b67275-8c23-4830-889e-89fc36a047f7"
},
"clientIP": {
"type": "string"
},
"user_agent": {
"type": "string"
}
}
},
"signature": {
"type": "string"
},
"type": {
"type": "string",
"example": "explicit"
},
"status": {
"type": "string",
"example": "granted"
},
"signedBy": {
"type": "string",
"example": "user"
}
}
},
"UserConsentResponse": {
"type": "object",
"properties": {
"uuid": {
"type": "string",
"example": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
},
"status": {
"type": "string",
"example": "granted"
}
}
},
"UserConsentsFetchRequest": {
"type": "object",
"properties": {
"userUrn": {
"type": "string",
"example": "xxxxxxxxxxxxx"
},
"spId": {
"type": "string",
"example": "xxxxxxxxxxxxx"
}
}
},
"UserConsentsFetchResponse": {
"type": "object",
"properties": {
"consents": {
"type": "array",
"items": {
"type": "object",
"properties": {
"version": {
"type": "string",
"example": "xxxxxxx"
},
"jurisdiction": {
"type": "string",
"example": "xxxxxxx"
},
"consentTimestamp": {
"type": "number",
"example": 123456789
},
"collectionMethod": {
"type": "string",
"example": "xxxxxxx"
},
"consentReceiptID": {
"type": "string",
"example": "xxxxxxx"
},
"publicKey": {
"type": "string",
"example": "xxxxxxx"
},
"piiPrincipal": {
"type": "object",
"properties": {
"urn": {
"type": "string",
"example": "xxxxxxx"
},
"username": {
"type": "string",
"example": "xxxxxxx"
},
"did": {
"type": "string",
"example": "xxxxxxx"
},
"publicKey": {
"type": "string",
"example": "xxxxxxx"
}
}
},
"piiProcessor": {
"type": "array",
"items": {
"type": "object",
"properties": {
"tenantDns": {
"type": "string",
"example": "xxxxxxx"
},
"tenantId": {
"type": "string",
"example": "xxxxxxx"
},
"communityName": {
"type": "string",
"example": "xxxxxxx"
},
"communityId": {
"type": "string",
"example": "xxxxxxx"
}
}
}
},
"policyUrl": {
"type": "string",
"example": "xxxxxxx"
},
"scopes": {
"type": "array",
"items": {
"type": "object",
"properties": {
"name": {
"type": "string",
"example": "xxxxxxx"
},
"uuid": {
"type": "string",
"example": "xxxxxxx"
},
"claims": {
"type": "array",
"items": {
"type": "string",
"example": "xxxxxxx"
}
},
"consentType": {
"type": "string",
"example": "xxxxxxx"
}
}
}
},
"requestID": {
"type": "string",
"example": "xxxxxxx"
},
"user_agent": {
"type": "string",
"example": "xxxxxxx"
},
"clientIP": {
"type": "string",
"example": "xxxxxxx"
},
"signature": {
"type": "string",
"example": "xxxxxxx"
},
"services": {
"type": "array"
}
}
}
}
}
},
"UserConsentsCheckRequest": {
"type": "object",
"properties": {
"userUrn": {
"type": "string",
"example": "xxxxxxxxxxxxx"
},
"spId": {
"type": "string",
"example": "xxxxxxxxxxxxx"
},
"scopeIds": {
"type": "array",
"items": {
"type": "string",
"example": "xxxxxxxx"
}
}
}
},
"UserConsentsCheckResponse": {
"type": "object",
"properties": {
"consents": {
"type": "array",
"items": {
"type": "object",
"properties": {
"version": {
"type": "string",
"example": "xxxxxxx"
},
"jurisdiction": {
"type": "string",
"example": "xxxxxxx"
},
"consentTimestamp": {
"type": "number",
"example": 123456789
},
"collectionMethod": {
"type": "string",
"example": "xxxxxxx"
},
"consentReceiptID": {
"type": "string",
"example": "xxxxxxx"
},
"publicKey": {
"type": "string",
"example": "xxxxxxx"
},
"piiPrincipal": {
"type": "object",
"properties": {
"urn": {
"type": "string",
"example": "xxxxxxx"
},
"username": {
"type": "string",
"example": "xxxxxxx"
},
"did": {
"type": "string",
"example": "xxxxxxx"
},
"publicKey": {
"type": "string",
"example": "xxxxxxx"
}
}
},
"piiProcessor": {
"type": "array",
"items": {
"type": "object",
"properties": {
"tenantDns": {
"type": "string",
"example": "xxxxxxx"
},
"tenantId": {
"type": "string",
"example": "xxxxxxx"
},
"communityName": {
"type": "string",
"example": "xxxxxxx"
},
"communityId": {
"type": "string",
"example": "xxxxxxx"
}
}
}
},
"policyUrl": {
"type": "string",
"example": "xxxxxxx"
},
"scopes": {
"type": "array",
"items": {
"type": "object",
"properties": {
"name": {
"type": "string",
"example": "xxxxxxx"
},
"uuid": {
"type": "string",
"example": "xxxxxxx"
},
"claims": {
"type": "array",
"items": {
"type": "string",
"example": "xxxxxxx"
}
},
"consentType": {
"type": "string",
"example": "xxxxxxx"
}
}
}
},
"requestID": {
"type": "string",
"example": "xxxxxxx"
},
"user_agent": {
"type": "string",
"example": "xxxxxxx"
},
"clientIP": {
"type": "string",
"example": "xxxxxxx"
},
"signature": {
"type": "string",
"example": "xxxxxxx"
},
"services": {
"type": "array"
}
}
}
}
}
},
"UserConsentsRevokeRequest": {
"type": "object",
"properties": {
"method": {
"type": "string",
"example": "web | mobile"
},
"transactionId": {
"type": "string",
"example": "b208a1a7-a5f7-4e40-be00-fc9c5032853f"
},
"authenticator": {
"type": "object",
"properties": {
"name": {
"type": "string",
"example": "xxxxxxx"
},
"id": {
"type": "string",
"example": "xxxxxxx"
},
"version": {
"type": "string",
"example": "xxxxxxx"
},
"os": {
"type": "string",
"example": "xxxxxxx"
}
}
},
"principal": {
"type": "object",
"properties": {
"did": {
"type": "string"
},
"publicKey": {
"type": "string"
}
}
},
"signature": {
"type": "string",
"example": "xxxxxxxx"
},
"ts": {
"type": "number",
"example": 1661397718
}
}
},
"UserConsentsRevokeResponse": {
"type": "object",
"properties": {
"uuid": {
"type": "string",
"example": "xxxxxxxx"
},
"consentStatus": {
"type": "string",
"example": "xxxxxxxx"
}
}
},
"UserConsentsFetchByScopeRequest": {
"type": "object",
"required": [
"userUrn",
"controllerType",
"scopeName"
],
"properties": {
"userUrn": {
"type": "string",
"example": "xxxxxxxxxxxxx"
},
"controllerType": {
"type": "string",
"example": "xxxxxxxxxxxxx"
},
"scopeName": {
"type": "string",
"example": "xxxxxxxxxxxxx"
}
}
},
"UserConsentsFetchByScopeResponse": {
"type": "object",
"properties": {
"consent": {
"type": "object",
"nullable": true
}
}
},
"JWTVerifyRequest": {
"type": "object",
"properties": {
"token": {
"type": "string",
"example": "XXXXXX.yyyyy.zzzzzzzzzzzzzzz"
}
}
},
"FetchAuthenticationJourneyRequest": {
"type": "object",
"properties": {
"data": {
"type": "object",
"properties": {
"ids": {
"type": "array",
"items": {
"type": "string",
"example": "xxxxxxxx"
}
}
}
}
}
},
"FetchV2AuthenticationJourneyRequest": {
"type": "object",
"properties": {
"data": {
"type": "object",
"properties": {
"ids": {
"type": "array",
"items": {
"type": "string",
"example": "xxxxxxxx"
}
},
"requestingAppId": {
"type": "string",
"example": "adminx"
},
"appConfigIds": {
"type": "array",
"example": [
"123456",
"22222"
]
},
"category": {
"type": "string",
"example": "adaptive_auth_fallback_policy_v2",
"description": "Optional category filter. Use \"adaptive_auth_policy_v2\" for regular journeys or \"adaptive_auth_fallback_policy_v2\" for fallback journeys. If not provided, only regular journeys (without category) are returned."
}
}
}
}
},
"FetchAuthenticationJourneyResponse": {
"type": "object",
"properties": {
"id": {
"type": "string",
"example": "uuid"
},
"tenantId": {
"type": "string",
"example": "tenantId"
},
"communityId": {
"type": "string",
"example": "communityId"
},
"journeyName": {
"type": "string",
"example": "journeyName"
},
"enabled": {
"type": "boolean",
"example": true
},
"groups": {
"type": "object",
"properties": {
"value": {
"type": "array",
"items": {
"value": "string",
"example": "groups"
}
},
"operator": {
"type": "string",
"example": "overlap"
}
}
},
"deviceId": {
"type": "object",
"properties": {
"value": {
"type": "array",
"items": {
"value": "string",
"example": "deviceId"
}
},
"operator": {
"type": "string",
"example": "overlap"
}
}
},
"application": {
"type": "object",
"properties": {
"value": {
"type": "array",
"items": {
"value": "string",
"example": "Salesforce"
}
},
"operator": {
"type": "string",
"example": "in"
}
}
},
"username": {
"type": "object",
"properties": {
"value": {
"type": "array",
"items": {
"value": "string",
"example": "username"
}
},
"operator": {
"type": "string",
"example": "in"
}
}
},
"ip": {
"type": "object",
"properties": {
"value": {
"type": "array",
"items": {
"value": "string",
"example": "10.10.10.10"
}
},
"operator": {
"type": "string",
"example": "in_range"
}
}
},
"domain": {
"type": "object",
"properties": {
"value": {
"type": "array",
"items": {
"value": "string",
"example": "1k-dev.com"
}
},
"operator": {
"type": "string",
"example": "in"
}
}
},
"machineNames": {
"type": "object",
"properties": {
"value": {
"type": "array",
"example": [
"qa-win2016-0"
]
},
"operator": {
"type": "string",
"example": "in"
}
}
},
"machineIds": {
"type": "object",
"properties": {
"value": {
"type": "array",
"example": [
"B324123"
]
},
"operator": {
"type": "string",
"example": "in"
}
}
},
"machineUsers": {
"type": "object",
"properties": {
"value": {
"type": "array",
"example": [
"user@qa-win2016-0"
]
},
"operator": {
"type": "string",
"example": "in"
}
}
},
"mobileLocation": {
"type": "object",
"properties": {
"value": {
"type": "number",
"example": 100
},
"operator": {
"type": "string",
"example": "gt"
}
}
},
"decision": {
"type": "object",
"properties": {
"action": {
"type": "string",
"example": "mfa_required"
},
"authenticationMethods": {
"type": "array",
"items": {
"value": "string",
"example": "password_and_otp"
}
}
}
}
}
},
"EvaluateAuthPolicyRequest": {
"type": "object",
"properties": {
"facts": {
"type": "object",
"properties": {
"groups": {
"type": "array",
"example": [
"groupA",
"groupB"
]
},
"applicationId": {
"type": "string",
"example": "application1"
},
"IP": {
"type": "string",
"example": "10.0.0.7"
},
"machine_domain": {
"type": "string",
"example": "someDomain.com"
},
"username": {
"type": "string",
"example": "userA"
},
"deviceId": {
"type": "string",
"example": "someDomain.com"
},
"machine_name": {
"type": "string",
"example": "userA"
},
"machine_id": {
"type": "string",
"example": "B324123"
},
"machine_user": {
"type": "string",
"example": "someDomain.com"
},
"authenticationMethods": {
"type": "array",
"example": [
"password",
"otp"
]
}
}
},
"enforceFallbackPolicy": {
"type": "boolean",
"example": true
}
}
},
"EvaluateAuthPolicyRequestV2": {
"type": "object",
"properties": {
"facts": {
"type": "object",
"properties": {
"groups": {
"type": "array",
"example": [
"groupA",
"groupB"
]
},
"requestingAppId": {
"type": "string",
"example": "adminx"
},
"IP": {
"type": "string",
"example": "10.0.0.7"
},
"machine_domain": {
"type": "string",
"example": "someDomain.com"
},
"username": {
"type": "string",
"example": "userA"
},
"deviceId": {
"type": "string",
"example": "someDomain.com"
},
"machine_name": {
"type": "string",
"example": "userA"
},
"machine_id": {
"type": "string",
"example": "B324123"
},
"machine_user": {
"type": "string",
"example": "someDomain.com"
},
"authenticationMethods": {
"type": "array",
"example": [
"password",
"otp"
]
}
}
},
"enforceFallbackPolicy": {
"type": "boolean",
"example": true
},
"jwt": {
"type": "string",
"example": "jwt optional"
},
"type": {
"type": "string",
"example": "fallback",
"description": "Optional type parameter. Set to \"fallback\" to request fallback authentication journey."
}
}
},
"EvaluateAuthPolicyResponse": {
"type": "object",
"properties": {
"next": {
"type": "object",
"properties": {
"step": {
"type": "string",
"example": "need_mfa"
},
"allowed_factors": {
"type": "array",
"items": {
"type": "string",
"example": "idp_redirect"
}
},
"idps": {
"type": "array",
"items": {
"type": "string",
"example": "idp-1"
}
}
}
},
"proof_of_authentication_jwt": {
"type": "string",
"example": "xxxxxx-xxxxx-xxxxxxx"
},
"signature_token": {
"type": "string",
"example": "xxxxxxx"
}
}
},
"AuthenticateLiveIdRequest": {
"type": "object",
"required": [
"selfie",
"dns",
"deviceInfo",
"userInfo",
"userAgent"
],
"properties": {
"selfie": {
"type": "string",
"description": "Base64 encoded selfie"
},
"dns": {
"type": "string",
"description": "DNS of the user"
},
"deviceInfo": {
"type": "object"
},
"userInfo": {
"type": "object"
},
"userAgent": {
"type": "string"
},
"jwt": {
"type": "string",
"example": "string optional"
}
}
},
"AuthenticateWithPinRequest": {
"type": "object",
"required": [
"pin",
"userToken",
"dns",
"isTrustedDevice"
],
"properties": {
"pin": {
"type": "string",
"description": "User's PIN"
},
"userToken": {
"type": "string",
"description": "User JWT token"
},
"dns": {
"type": "string",
"description": "DNS of the user"
},
"isTrustedDevice": {
"type": "boolean",
"description": "Is the device trusted"
}
}
},
"AuthenticateWithPinResponse": {
"type": "object",
"properties": {
"data": {
"type": "object",
"properties": {
"user_token": {
"type": "string",
"description": "User JWT token"
},
"next": {
"type": "object",
"properties": {
"step": {
"type": "string",
"example": [
"need_mfa"
]
},
"allowed_factors": {
"type": "array",
"items": {
"type": "string",
"example": [
"pin"
]
}
}
}
}
}
},
"publicKey": {
"type": "string",
"description": "Service key's public key"
}
}
},
"GetAuthSchemesRequestV2": {
"type": "object",
"properties": {
"facts": {
"type": "object",
"properties": {
"groups": {
"type": "array",
"example": [
"groupA",
"groupB"
]
},
"requestingAppId": {
"type": "string",
"example": "adminx"
},
"appConfigId": {
"type": "string",
"example": "123-546-7868-3454"
}
}
},
"enforceFallbackPolicy": {
"type": "boolean",
"example": true
}
}
},
"GetAuthSchemesResponse": {
"type": "object",
"properties": {
"schemes": {
"type": "array",
"items": {
"type": "object",
"properties": {
"factors": {
"type": "array",
"example": [
"password"
]
},
"authenticationJourneyV2Id": {
"type": "string",
"example": "13435667"
},
"result": {
"type": "string",
"example": "grant_access"
}
}
}
}
}
},
"GenerateSAMLRequest": {
"type": "object",
"properties": {
"data": {
"type": "object",
"properties": {
"idpId": {
"type": "string",
"example": "uuid"
},
"dns": {
"type": "string",
"example": "1k-dev.1kosmos.net"
}
}
}
}
},
"GenerateSAMLRequestResponse": {
"type": "object",
"properties": {
"SAMLRequest": {
"type": "string",
"example": "string"
},
"RedirectUrl": {
"type": "string",
"example": "www.google.com"
},
"RequestBinding": {
"type": "string",
"example": "string"
},
"ForceAuthn": {
"type": "boolean",
"example": true
}
}
},
"DeleteExternalIdpRequest": {
"type": "object",
"properties": {
"data": {
"type": "object",
"properties": {
"username": {
"type": "string",
"example": "xxxxxxxxxxxxx"
},
"ip": {
"type": "string",
"example": "xxxxxxxxxxxxx"
},
"userAgent": {
"type": "string",
"example": "xxxxxxxxxxxxx"
}
}
}
}
},
"FetchExternalIdpRequest": {
"type": "object",
"properties": {
"data": {
"type": "object",
"properties": {
"ids": {
"type": "array",
"items": {
"type": "string",
"example": "xxxxxxxx"
}
}
}
}
}
},
"FetchExternalIdpResponse": {
"type": "object",
"properties": {
"data": {
"$ref": "#/components/schemas/ExternalIdpObject"
}
}
},
"UpdateExternalIdpRequest": {
"type": "object",
"properties": {
"data": {
"$ref": "#/components/schemas/ExternalIdpObject"
}
}
},
"UpdateExternalIdpResponse": {
"type": "object",
"properties": {
"data": {
"$ref": "#/components/schemas/ExternalIdpObject"
}
}
},
"DeleteSPRequest": {
"type": "object",
"properties": {
"data": {
"type": "object",
"eventData": {
"type": "object"
}
}
}
}
},
"securitySchemes": {
"authMyPublicKey": {
"type": "apiKey",
"name": "authMyPublicKey",
"in": "header",
"description": "Caller's ECDSA publicKey"
},
"authMyPrivateKey": {
"type": "apiKey",
"name": "authMyPrivateKey",
"in": "header",
"description": "Caller's ECDSA privateKey"
},
"authLicense": {
"type": "apiKey",
"name": "authLicense",
"in": "header",
"description": "License key from License API"
}
}
},
"tags": []
}