{
  "openapi": "3.0.0",
  "info": {
    "title": "User Management Service",
    "version": "2.0",
    "license": {}
  },
  "paths": {
    "/tenant/{tenantId}/community/{communityId}/user/lock": {
      "put": {
        "summary": "lock a user.",
        "description": "lock a user.<br />\n- Only a **system**, **service** and **service_ext** key can be used to lock a user.\n- lock reason can be ['Admin Action'].\n\n|              **Headers**                     |\n|----------------------------------------------|\n\n### licensekey (required)\nLicense key encrypted with ECDSA\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n|            **Request Body**                  |\n|----------------------------------------------|\n\n\n### username (required)\nusername. <br />\n\n### reason (required)\nreasonCode: 0 and message: ['Admin Action']. <br />\n\n### initiatedby (required)\ninitiatedby: [system] <br />\n\n\n|            **Returns**                    |\n|-------------------------------------------|\n\nReturns empty response. <br />\nThis API throw an error if something goes wrong.\n",
        "tags": [
          "Account Lockout"
        ],
        "security": [
          {
            "keyId": []
          },
          {
            "keySecret": []
          },
          {
            "license": []
          }
        ],
        "parameters": [
          {
            "in": "path",
            "name": "tenantId",
            "description": "ID of tenant",
            "required": true,
            "schema": {
              "type": "string",
              "example": "xxxxxxxxxx"
            }
          },
          {
            "in": "path",
            "name": "communityId",
            "required": true,
            "description": "ID of community",
            "schema": {
              "type": "string",
              "example": "xxxxxxxxxxxxxxxxxxxxxxxx"
            }
          },
          {
            "name": "licensekey",
            "in": "header",
            "description": "License key encrypted with ECDSA / Try Authorize &#128274;",
            "required": true,
            "schema": {
              "type": "string",
              "example": "Do not enter anything, use 'Authorize' fields"
            }
          },
          {
            "name": "requestid",
            "in": "header",
            "description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize &#128274;",
            "required": true,
            "schema": {
              "type": "string",
              "example": "Do not enter anything, use 'Authorize' fields"
            }
          },
          {
            "name": "publickey",
            "in": "header",
            "description": "Public Key  / Try Authorize &#128274;",
            "required": true,
            "schema": {
              "type": "string",
              "example": "Do not enter anything, use 'Authorize' fields"
            }
          }
        ],
        "requestBody": {
          "description": "Request body contains below fields to lock user.\n\n```\n{\n    \"username\": \"string required\",\n    \"reason\": {\n    \t\"reasonCode\": number required,  // 0 - Admin Action\n        \"message\": \"string required\"    // ['Admin Action']\n    },\n    initiatedby: \"string required\"\n}\n```\n",
          "content": {
            "application/json": {
              "schema": {
                "$ref": "#/components/schemas/LockUnlockUserRequest"
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "Success\n\nEmpty response\n"
          },
          "400": {
            "description": "Invalid request"
          },
          "401": {
            "description": "Unauthorized"
          },
          "404": {
            "description": "Not Found"
          }
        }
      }
    },
    "/tenant/{tenantId}/community/{communityId}/user/unlock": {
      "put": {
        "summary": "unlock a user.",
        "description": "unlock a user.<br />\n- Only a **system**, **service** and **service_ext** key can be used to unlock a user.\n- lock reason can be ['Admin Action'].\n\n|              **Headers**                     |\n|----------------------------------------------|\n\n### licensekey (required)\nLicense key encrypted with ECDSA\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n|            **Request Body**                  |\n|----------------------------------------------|\n\n### username (required)\nusername. <br />\n\n### reason (required)\nreasonCode: 0/1 and message: ['Admin Action'].\n\n### initiatedby (required)\ninitiatedby: [system] <br />\n\n\n|            **Returns**                    |\n|-------------------------------------------|\n\nReturns empty response. <br />\nThis API throw an error if something goes wrong.\n",
        "tags": [
          "Account Lockout"
        ],
        "security": [
          {
            "keyId": []
          },
          {
            "keySecret": []
          },
          {
            "license": []
          }
        ],
        "parameters": [
          {
            "in": "path",
            "name": "tenantId",
            "description": "ID of tenant",
            "required": true,
            "schema": {
              "type": "string",
              "example": "xxxxxxxxxx"
            }
          },
          {
            "in": "path",
            "name": "communityId",
            "required": true,
            "description": "ID of community",
            "schema": {
              "type": "string",
              "example": "xxxxxxxxxxxxxxxxxxxxxxxx"
            }
          },
          {
            "name": "licensekey",
            "in": "header",
            "description": "License key encrypted with ECDSA / Try Authorize &#128274;",
            "required": true,
            "schema": {
              "type": "string",
              "example": "Do not enter anything, use 'Authorize' fields"
            }
          },
          {
            "name": "requestid",
            "in": "header",
            "description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize &#128274;",
            "required": true,
            "schema": {
              "type": "string",
              "example": "Do not enter anything, use 'Authorize' fields"
            }
          },
          {
            "name": "publickey",
            "in": "header",
            "description": "Public Key  / Try Authorize &#128274;",
            "required": true,
            "schema": {
              "type": "string",
              "example": "Do not enter anything, use 'Authorize' fields"
            }
          }
        ],
        "requestBody": {
          "description": "Request body contains below fields to lock user.\n\n```\n{\n    \"username\": \"string required\",\n    \"reason\": {\n    \t\"reasonCode\": number required,  // 0 - Admin Action\n        \"message\": \"string required\"    // ['Admin Action']\n    },\n    initiatedby: \"string required\"\n}\n```\n",
          "content": {
            "application/json": {
              "schema": {
                "$ref": "#/components/schemas/LockUnlockUserRequest"
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "Success\nEmpty response\n"
          },
          "400": {
            "description": "Invalid request"
          },
          "401": {
            "description": "Unauthorized"
          },
          "404": {
            "description": "Not Found"
          }
        }
      }
    },
    "/tenant/{tenantId}/community/{communityId}/user/status": {
      "post": {
        "summary": "get user status.",
        "description": "get user status.<br />\n- Only a **system**, **service** and **service_ext** key can be used to fetch a user status.\n\n|              **Headers**                     |\n|----------------------------------------------|\n\n### licensekey (required)\nLicense key encrypted with ECDSA\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n|            **Request Body**                  |\n|----------------------------------------------|\n\n\n### username (required)\nusername. <br />\n\n|            **Returns**                    |\n|-------------------------------------------|\n\nReturns get user statuses response. <br />\nThis API throw an error if something goes wrong.\n",
        "tags": [
          "Account Lockout"
        ],
        "security": [
          {
            "keyId": []
          },
          {
            "keySecret": []
          },
          {
            "license": []
          }
        ],
        "parameters": [
          {
            "in": "path",
            "name": "tenantId",
            "description": "ID of tenant",
            "required": true,
            "schema": {
              "type": "string",
              "example": "xxxxxxxxxx"
            }
          },
          {
            "in": "path",
            "name": "communityId",
            "required": true,
            "description": "ID of community",
            "schema": {
              "type": "string",
              "example": "xxxxxxxxxxxxxxxxxxxxxxxx"
            }
          },
          {
            "name": "licensekey",
            "in": "header",
            "description": "License key encrypted with ECDSA / Try Authorize &#128274;",
            "required": true,
            "schema": {
              "type": "string",
              "example": "Do not enter anything, use 'Authorize' fields"
            }
          },
          {
            "name": "requestid",
            "in": "header",
            "description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize &#128274;",
            "required": true,
            "schema": {
              "type": "string",
              "example": "Do not enter anything, use 'Authorize' fields"
            }
          },
          {
            "name": "publickey",
            "in": "header",
            "description": "Public Key  / Try Authorize &#128274;",
            "required": true,
            "schema": {
              "type": "string",
              "example": "Do not enter anything, use 'Authorize' fields"
            }
          }
        ],
        "requestBody": {
          "description": "Request body contains below fields to lock user.\n\n```\n{\n    \"username\": \"string required\"\n}\n```\n",
          "content": {
            "application/json": {
              "schema": {
                "$ref": "#/components/schemas/GetUserStatusRequest"
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "Success\n\nget user status:\n```\n{\n    \"reasons\": [{}]\n}\n```\n",
            "content": {
              "application/json": {
                "schema": {
                  "$ref": "#/components/schemas/GetUserStatusResponse"
                }
              }
            }
          },
          "400": {
            "description": "Invalid request"
          },
          "401": {
            "description": "Unauthorized"
          },
          "404": {
            "description": "Not Found"
          }
        }
      }
    },
    "/tenant/{tenantId}/community/{communityId}/user_properties/update": {
      "post": {
        "summary": "update user properties.",
        "description": "update user properties.<br />\n- Only a **system**, **service** and **service_ext** valid with community key can be used to update a user properties.\n\n|              **Headers**                     |\n|----------------------------------------------|\n\n### licensekey (required)\nLicense key encrypted with ECDSA\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n|            **Request Body**                  |\n|----------------------------------------------|\n\n### data (required)\nuser properties data encrypted with ECDSA. <br />\n\n|            **Returns**                    |\n|-------------------------------------------|\n\nReturns the ECDSA encrypted updated user properties. <br />\nThis API throw an error if something goes wrong.\n",
        "tags": [
          "User Properties"
        ],
        "security": [
          {
            "keyId": []
          },
          {
            "keySecret": []
          },
          {
            "license": []
          }
        ],
        "parameters": [
          {
            "in": "path",
            "name": "tenantId",
            "description": "ID of tenant",
            "required": true,
            "schema": {
              "type": "string",
              "example": "xxxxxxxxxx"
            }
          },
          {
            "in": "path",
            "name": "communityId",
            "required": true,
            "description": "ID of community",
            "schema": {
              "type": "string",
              "example": "xxxxxxxxxxxxxxxxxxxxxxxx"
            }
          },
          {
            "name": "licensekey",
            "in": "header",
            "description": "License key encrypted with ECDSA / Try Authorize &#128274;",
            "required": true,
            "schema": {
              "type": "string",
              "example": "Do not enter anything, use 'Authorize' fields"
            }
          },
          {
            "name": "requestid",
            "in": "header",
            "description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize &#128274;",
            "required": true,
            "schema": {
              "type": "string",
              "example": "Do not enter anything, use 'Authorize' fields"
            }
          },
          {
            "name": "publickey",
            "in": "header",
            "description": "Public Key  / Try Authorize &#128274;",
            "required": true,
            "schema": {
              "type": "string",
              "example": "Do not enter anything, use 'Authorize' fields"
            }
          }
        ],
        "requestBody": {
          "description": "Request body contains 'data' field with encrypted object below:\n\nIMPORTANT - you can send unencrypted data and you will get unecrypted data as well, it is only a preview available in Swagger.\n\n```\n{\n    \"data\": {\n        \"user\": {\n            \"username\": \"\",\n             \"uid\": \"\",\n             \"authModuleId\": \"\"\n        },\n         \"mobiles\": [],\n        \"landlines\": [],\n        \"aliases\": {\n            \"alias1\": \"string\",\n            \"alias2\": null,\n            \"alias3\": \"string\",\n            \"alias4\": \"string\",\n            \"alias5\": null,\n            \"alias6\": null,\n            \"alias7\": null,\n            \"alias8\": null\n        }\n    }\n}\n```\n",
          "content": {
            "application/json": {
              "schema": {
                "$ref": "#/components/schemas/UpdateUserPropertiesRequest"
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "Success\n\nupdated user properties:\n```\n{\n    \"data\":{\n      \"_id\": \"\",\n      \"tenantId\": \"\",\n      \"communityId\": \"\",\n      \"user\": {\n          \"uid\": \"\",\n          \"username\": \"\",\n          \"authModuleId\": \"\"\n      },\n      \"mobiles\": [],\n      \"landlines\": [],\n      \"aliases\": {\n          \"alias1\": \"string\",\n          \"alias2\": null,\n          \"alias3\": \"string\",\n          \"alias4\": \"string\",\n          \"alias5\": null,\n          \"alias6\": null,\n          \"alias7\": null,\n          \"alias8\": null\n      }\n    },\n    \"publicKey\": \"xxxxxx\"\n}\n```\n",
            "content": {
              "application/json": {
                "schema": {
                  "$ref": "#/components/schemas/UpdateUserPropertiesResponse"
                }
              }
            }
          },
          "400": {
            "description": "Invalid request"
          },
          "401": {
            "description": "Unauthorized"
          },
          "404": {
            "description": "Not Found"
          }
        }
      }
    },
    "/tenant/{tenantId}/community/{communityId}/user/fetch_by_oid": {
      "post": {
        "summary": "Fetch user by Azure AD OID",
        "description": "Resolves a user by their Azure AD object ID (oid) and tenant ID (tid).\nSearches AzureAD auth modules where config.tenantId matches the provided tid.\nReturns the mapped user object or 404 if not found.\nRequires ECDSA service-to-service authentication and a valid SERVICE or SYSTEM license.\n",
        "tags": [
          "EAM"
        ],
        "security": [
          {
            "keyId": []
          },
          {
            "keySecret": []
          },
          {
            "license": []
          }
        ],
        "parameters": [
          {
            "name": "tenantId",
            "in": "path",
            "required": true,
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "communityId",
            "in": "path",
            "required": true,
            "schema": {
              "type": "string"
            }
          }
        ],
        "requestBody": {
          "required": true,
          "content": {
            "application/json": {
              "schema": {
                "type": "object",
                "required": [
                  "oid",
                  "tid"
                ],
                "properties": {
                  "oid": {
                    "type": "string",
                    "description": "Azure AD object ID"
                  },
                  "tid": {
                    "type": "string",
                    "description": "Azure AD tenant ID"
                  }
                }
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "User found and mapped"
          },
          "401": {
            "description": "Unauthorized \u2014 missing or invalid service authentication"
          },
          "404": {
            "description": "No matching user found"
          }
        }
      }
    },
    "/tenant/{tenantId}/community/{communityId}/users/create": {
      "put": {
        "summary": "Create bulk users.",
        "description": "Create bulk users.<br />\n- Only a **system**, **service** and **service_ext** key can be used to create bulk users.\n- A **app**, **app_ext** key can be used to create single user as long as an otp is provided.\n- Use app | app_ext key w/ OTP to support \"self-registration\" from an app (eg: mobile app)\n- User {adminconsole}/r2 OTP api to request an otp for the user\n- Created users will be the type of **basic** with the role **none**.\n- Auth module must be available and enabled for the community.\n- Username is unique by community.\n\n\n|              **Headers**                     |\n|----------------------------------------------|\n\n### licensekey (required)\nLicense key encrypted with ECDSA\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n\n|            **Request Body**                  |\n|----------------------------------------------|\n\n\n### authModule (required)\nID of auth module. <br />\n\n### users (required)\nList of users to import.\n\n\n|            **Returns**                    |\n|-------------------------------------------|\n\nReturns the counts of requested, created, failed, and the number of errors. <br />\nThis API throw an error if something goes wrong.\n",
        "tags": [
          "User Management"
        ],
        "security": [
          {
            "keyId": []
          },
          {
            "keySecret": []
          },
          {
            "license": []
          }
        ],
        "parameters": [
          {
            "in": "path",
            "name": "tenantId",
            "description": "ID of tenant",
            "required": true,
            "schema": {
              "type": "string",
              "example": "xxxxxxxxxx"
            }
          },
          {
            "in": "path",
            "name": "communityId",
            "required": true,
            "description": "ID of community",
            "schema": {
              "type": "string",
              "example": "xxxxxxxxxxxxxxxxxxxxxxxx"
            }
          },
          {
            "name": "licensekey",
            "in": "header",
            "description": "License key encrypted with ECDSA / Try Authorize &#128274;",
            "required": true,
            "schema": {
              "type": "string",
              "example": "Do not enter anything, use 'Authorize' fields"
            }
          },
          {
            "name": "requestid",
            "in": "header",
            "description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize &#128274;",
            "required": true,
            "schema": {
              "type": "string",
              "example": "Do not enter anything, use 'Authorize' fields"
            }
          },
          {
            "name": "publickey",
            "in": "header",
            "description": "Public Key  / Try Authorize &#128274;",
            "required": true,
            "schema": {
              "type": "string",
              "example": "Do not enter anything, use 'Authorize' fields"
            }
          }
        ],
        "requestBody": {
          "description": "Request body contains below fields to create users.\n\n```\n{\n    \"authModule\": \"ObjectId required, ID of auth module.\",\n    \"users\": [\n        {\n            \"username\": \"string required\",\n            \"password\": \"string required\",\n            \"status\": \"string optional - active or locked or disabled, default = active\",\n            \"firstname\": \"string required\",\n            \"middlename\": \"string optional\",\n            \"lastname\": \"string required\",\n            \"email1\": \"string required - valid email address\",\n            \"email1_verified\": \"boolean optional\",\n            \"email2\": \"string optional - valid email address\",\n            \"email2_verified\": \"boolean optional\",\n            \"phone1\": \"string optional - only digits\",\n            \"phone1_verified\": \"boolean optional\",\n            \"address\": {\n                \"house\": \"string optional\",\n                \"streetname\": \"string optional\",\n                \"city\": \"string optional\",\n                \"state\": \"string optional\",\n                \"country\": \"string optional\",\n                \"zip\": \"string optional\"\n            },\n            \"address_verified\": \"boolean optional\",\n            \"disabled\": \"boolean optional\",\n            \"otp\": \"string optional\",\n            \"idpId\": \"string optional\"\n        }\n    ]\n}\n```\n",
          "content": {
            "application/json": {
              "schema": {
                "$ref": "#/components/schemas/CreateBulkUsersRequest"
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "Success\n\nUser import statistics, errors (if any):\n\n```\n{\n    \"requested\": \"number of user requested\",\n    \"created\": \"number of user created successfully\",\n    \"failed\": \"number of user import failed\",\n    \"errors\": []\n}\n```\n",
            "content": {
              "application/json": {
                "schema": {
                  "$ref": "#/components/schemas/CreateBulkUsersResponse"
                }
              }
            }
          },
          "400": {
            "description": "Invalid request"
          },
          "401": {
            "description": "Unauthorized"
          },
          "405": {
            "description": "Method Not Allowed"
          }
        }
      }
    },
    "/tenant/{tenantId}/community/{communityId}/user/update": {
      "patch": {
        "summary": "Update user by username.",
        "description": "Update user by username.<br />\n- Only a **system**, **service** and **service_ext** key can be used to update user.\n- Auth module must be available and enabled for the community.\n- Only **basic** user will be updated.\n- **roleValue, uid, username, password** cannot be updated.\n- Only provided attributes will be updated.\n\n\n|              **Headers**                     |\n|----------------------------------------------|\n\n### licensekey (required)\nLicense key encrypted with ECDSA\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n\n|            **Request Body**                  |\n|----------------------------------------------|\n\n\n### authModule (required)\nID of auth module. <br />\n\n<br />\n### username (required)\nUsername of user, used to identify user.\n\n<br />\n### type (optional)\nThis key sets the type of a user. The type key only accept these values (\"systemuser\", \"basic\").\n\n<br />\n### status (optional)\nThis key sets the status of a user. The type key only accept these values (\"active\", \"locked\", \"disabled\").\n\n<br />\n### firstname (optional)\nThis key sets the first name of a user.\n\n<br />\n### middlename (optional)\nThis key sets the middle name of a user.\n\n<br />\n### lastname (optional)\nThis key sets the last name of a user.\n\n<br />\n### email1 (optional)\nThis key sets the first email of a user.\n\n<br />\n### email1_verified (optional)\nThis key sets the verification status of the first email.\n\n<br />\n### email2 (optional)\nThis key sets the second email of the user.\n\n<br />\n### emaild_verified (optional)\nThis key sets the verification status of the second email.\n\n<br />\n### phone1 (optional)\nThis key sets the phone number of a user.\n\n<br />\n### phone1_verified (optional)\nThis key sets the verification status of the phone number.\n\n<br />\n### address (optional object)\nThis key sets the address of the user.\n\n<br />\n### address_verified (optional)\nThis key sets the verification status of the address.\n\n<br />\n### disabled (optional)\nThis key set disabled status of a user. The disabled key only accept these values (true, false).\n\n<br />\n### attributes (optional)\nThis key accepts an array of attributes that need to return in the response.\n\n\n|            **Returns**                    |\n|-------------------------------------------|\n\nReturns the updated system user.<br />\nThis API throw an error if something goes wrong.\n",
        "tags": [
          "User Management"
        ],
        "security": [
          {
            "keyId": []
          },
          {
            "keySecret": []
          },
          {
            "license": []
          }
        ],
        "parameters": [
          {
            "in": "path",
            "name": "tenantId",
            "description": "ID of tenant",
            "required": true,
            "schema": {
              "type": "string",
              "example": "xxxxxxxxxx"
            }
          },
          {
            "in": "path",
            "name": "communityId",
            "description": "ID of community",
            "required": true,
            "schema": {
              "type": "string",
              "example": "xxxxxxxxxxxxxxxxxxxxxxxx"
            }
          },
          {
            "name": "licensekey",
            "in": "header",
            "description": "License key encrypted with ECDSA / Try Authorize &#128274;",
            "required": true,
            "schema": {
              "type": "string",
              "example": "Do not enter anything, use 'Authorize' fields"
            }
          },
          {
            "name": "requestid",
            "in": "header",
            "description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize &#128274;",
            "required": true,
            "schema": {
              "type": "string",
              "example": "Do not enter anything, use 'Authorize' fields"
            }
          },
          {
            "name": "publickey",
            "in": "header",
            "description": "Public Key  / Try Authorize &#128274;",
            "required": true,
            "schema": {
              "type": "string",
              "example": "Do not enter anything, use 'Authorize' fields"
            }
          }
        ],
        "requestBody": {
          "description": "Request body contains below fields to update user.\n\n```\n{\n    \"authModule\": \"string required, ObjectId of auth module\",\n    \"username\": \"string required\",\n    \"type\": \"string optional - systemuser or basic\",\n    \"status\": \"string optional - active or locked or disabled\",\n    \"firstname\": \"string optional\",\n    \"middlename\": \"string optional\",\n    \"lastname\": \"string optional\",\n    \"email1\": \"string optional - valid email address\",\n    \"email1_verified\": \"boolean optional\",\n    \"email2\": \"string optional - valid email address\",\n    \"email2_verified\": \"boolean optional\",\n    \"phone1\": \"string optional - only digits\",\n    \"phone1_verified\": \"boolean optional\",\n    \"address\": {\n        \"house\": \"string optional\",\n        \"streetname\": \"string optional\",\n        \"city\": \"string optional\",\n        \"state\": \"string optional\",\n        \"country\": \"string optional\",\n        \"zip\": \"string optional\"\n    },\n    \"address_verified\": \"boolean optional\",\n    \"disabled\": \"boolean optional\"\n    \"attributes\": []\n}\n```\n",
          "content": {
            "application/json": {
              "schema": {
                "$ref": "#/components/schemas/UserUpdateRequest"
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "Success\n\nUpdated user object:\n- default returning attribute: username, uid, status, moduleId\n- all other attributes will be returned based on supplied attributes\n```\n{\n    \"uid\": \"748da031-c45e-4abd-930e-75b4929e6503\",\n    \"tenantId\": \"123-456\",\n    \"communityId\": \"any\",\n    \"roleValue\": \"none\",\n    \"username\": \"Username\",\n    \"type\": \"systemuser\",\n    \"status\": \"active\",\n    \"firstname\": \"First name\",\n    \"middlename\": \"Middle name\",\n    \"lastname\": \"Last name\",\n    \"email1\": \"bu-1@gmail.com\",\n    \"email1_verified\": true,\n    \"email2\": \"bu-11@gmail.com\",\n    \"email2_verified\": true,\n    \"phone1\": \"11111111\",\n    \"phone1_verified\": true,\n    \"address\": {\n        \"house\": \"House\",\n        \"streetname\": \"Street name\",\n        \"city\": \"City\",\n        \"state\": \"State\",\n        \"country\": \"Country\",\n        \"zip\": \"11111\"\n    },\n    \"address_verified\": true,\n    \"disabled\": false,\n    \"urn\": \"urn:dns:blockid.1kosmos.net:community:any:mod:123-456:uid:748da031-c45e-4abd-930e-75b4929e6503\"\n}\n```\n",
            "content": {
              "application/json": {
                "schema": {
                  "$ref": "#/components/schemas/UserUpdateResponse"
                }
              }
            }
          },
          "400": {
            "description": "Invalid request"
          },
          "401": {
            "description": "Unauthorized"
          },
          "404": {
            "description": "No user found"
          },
          "405": {
            "description": "Method Not Allowed"
          }
        }
      }
    },
    "/tenant/{tenantId}/community/{communityId}/user/authenticate": {
      "post": {
        "summary": "Authenticate user (password, otp, ktoken, or pin)",
        "description": "Authenticate a user using at least one of the following factors: password, otp, ktoken, or pin.<br />\n- Any valid community license key can be used.\n- If an otp code is provided, it will be verified for username against {adminconsole}/r2 OTP apis.\n- This API now generates \"proof_of_authentication\" which can be encrypted for a referrer  using ECDSA\n- IIF user type is **basic** - Auth module must be available and enabled for the community.\n- PIN is compared as sha512 hash with the stored value.<br />\n- At least one factor is required.<br />\n- If PIN is validated, \"user_pin\" will be included in the JWT methods array.\n- If OTP is generated by serviceName then pass serviceName as optional.\n\n|              **Headers**                     |\n|----------------------------------------------|\n\n### licensekey (required)\nLicense key encrypted with ECDSA\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n|            **Request Body**                  |\n|----------------------------------------------|\n\nRequest body contains 'data' field with encrypted object below:\n\n```\n{\n  \"authModule\": \"ObjectId optional, ID of auth module\",\n  \"authModules\": [\"ObjectId of auth module Optional\"],\n  \"username\": \"string optional\",\n  \"password\": \"string optional\",\n  \"ktoken\": \"string optional\",\n  \"otp\": \"string optional\",\n  \"pin\": \"string optional\",\n  \"referrerPublicKey\": \"string optional\",\n  \"scep\": \"boolean optional\",\n  \"serviceName\": \"string optional\"\n}\n```\n",
        "tags": [
          "User Management"
        ],
        "security": [
          {
            "keyId": []
          },
          {
            "keySecret": []
          },
          {
            "license": []
          }
        ],
        "parameters": [
          {
            "in": "path",
            "name": "tenantId",
            "description": "ID of tenant",
            "required": true,
            "schema": {
              "type": "string",
              "example": "xxxxxxxxxx"
            }
          },
          {
            "in": "path",
            "name": "communityId",
            "description": "ID of community",
            "required": true,
            "schema": {
              "type": "string",
              "example": "xxxxxxxxxxxxxxxxxxxxxxxx"
            }
          },
          {
            "name": "licensekey",
            "in": "header",
            "description": "License key encrypted with ECDSA / Try Authorize &#128274;",
            "required": true,
            "schema": {
              "type": "string",
              "example": "Do not enter anything, use 'Authorize' fields"
            }
          },
          {
            "name": "requestid",
            "in": "header",
            "description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize &#128274;",
            "required": true,
            "schema": {
              "type": "string",
              "example": "Do not enter anything, use 'Authorize' fields"
            }
          },
          {
            "name": "publickey",
            "in": "header",
            "description": "Public Key  / Try Authorize &#128274;",
            "required": true,
            "schema": {
              "type": "string",
              "example": "Do not enter anything, use 'Authorize' fields"
            }
          }
        ],
        "requestBody": {
          "description": "Request body contains 'data' field with encrypted object below:\n\nIMPORTANT - you can send unencrypted data and you will get unecrypted data as well, it is only a preview available in Swagger.\n\n```\n{\n    \"authModule\": \"ObjectId optional, ID of auth module\",\n    \"authModules\": [\"ObjectId of auth module Optional\"],\n    \"username\": \"string optional\",\n    \"password\": \"string optional\",\n    \"ktoken\": \"string optional\",\n    \"otp\": \"string optional\",\n    \"pin\": \"string optional\",\n    \"referrerPublicKey\": \"string optional\",\n    \"scep\": \"boolean optional\",\n    \"serviceName\": \"string optional\"\n}\n```\n",
          "content": {
            "application/json": {
              "schema": {
                "type": "object",
                "properties": {
                  "data": {
                    "type": "object",
                    "properties": {
                      "authModule": {
                        "type": "string"
                      },
                      "authModules": {
                        "type": "array",
                        "items": {
                          "type": "string"
                        }
                      },
                      "username": {
                        "type": "string"
                      },
                      "password": {
                        "type": "string"
                      },
                      "ktoken": {
                        "type": "string"
                      },
                      "otp": {
                        "type": "string"
                      },
                      "pin": {
                        "type": "string",
                        "description": "PIN to authenticate (will be sha512 hashed and compared)"
                      },
                      "referrerPublicKey": {
                        "type": "string"
                      },
                      "scep": {
                        "type": "boolean"
                      },
                      "serviceName": {
                        "type": "string"
                      }
                    }
                  }
                }
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "Success\n\nAuthenticated user object:\n\n```\n{\n    \"data\":{\n              \"username\": \"username\",\n              \"uid\": \"xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx\",\n              \"dguid\": \"xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx\",\n              \"status\": \"active\",\n              \"roleValue\": \"none\",\n              \"type\": \"basic\",\n              \"moduleId\": \"moduleId\",\n              \"onboarding_status\": \"tbd\",\n              \"email\": \"email\",\n              \"firstname\": \"Firstname\",\n              \"lastname\": \"Lastname\",\n              \"phone\": \"xxxxxx\",\n              \"urn\": \"xxx:xxx:xxxxxxxxxxxx:xxx:xxxxxxxxxxxxxxxxxxxx:xxx:xxxxxxxxxxxxxx:xxx:xxxxxxxxxxx:xxx:xxxxxxxxxxxx\",\n              \"proof_of_authentication_jwt\":\"xxx\"\n         },\n    \"publicKey\": \"xxxxxx\"\n}\n```\n",
            "content": {
              "application/json": {
                "schema": {
                  "$ref": "#/components/schemas/UserAuthenticateResponse"
                }
              }
            }
          },
          "400": {
            "description": "Invalid request"
          },
          "401": {
            "description": "Unauthorized"
          }
        }
      }
    },
    "/tenant/{tenantId}/community/{communityId}/user/scepcredentials": {
      "post": {
        "summary": "scep credentials for user.",
        "description": "Obtain the scep credentials for given userName without password authentication.<br />\n- Only permit **system** or **service** key to request a user's scep credentials\n\n|              **Headers**                     |\n|----------------------------------------------|\n\n### licensekey (required)\nLicense key encrypted with ECDSA\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n\n|            **Request Body**                  |\n|----------------------------------------------|\n\n\n### data (required)\nauthModule, username json, encrypted with ECDSA. <br />\n\n\n|            **Returns**                    |\n|-------------------------------------------|\n\nReturns the ECDSA encrypted scep credentials. <br />\nThis API throw an error if something goes wrong.\n",
        "tags": [
          "User Management"
        ],
        "security": [
          {
            "keyId": []
          },
          {
            "keySecret": []
          },
          {
            "license": []
          }
        ],
        "parameters": [
          {
            "in": "path",
            "name": "tenantId",
            "description": "ID of tenant",
            "required": true,
            "schema": {
              "type": "string",
              "example": "xxxxxxxxxx"
            }
          },
          {
            "in": "path",
            "name": "communityId",
            "description": "ID of community",
            "required": true,
            "schema": {
              "type": "string",
              "example": "xxxxxxxxxxxxxxxxxxxxxxxx"
            }
          },
          {
            "name": "licensekey",
            "in": "header",
            "description": "License key encrypted with ECDSA / Try Authorize &#128274;",
            "required": true,
            "schema": {
              "type": "string",
              "example": "Do not enter anything, use 'Authorize' fields"
            }
          },
          {
            "name": "requestid",
            "in": "header",
            "description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize &#128274;",
            "required": true,
            "schema": {
              "type": "string",
              "example": "Do not enter anything, use 'Authorize' fields"
            }
          },
          {
            "name": "publickey",
            "in": "header",
            "description": "Public Key  / Try Authorize &#128274;",
            "required": true,
            "schema": {
              "type": "string",
              "example": "Do not enter anything, use 'Authorize' fields"
            }
          }
        ],
        "requestBody": {
          "description": "Request body contains 'data' field with encrypted object below:\n\nIMPORTANT - you can send unencrypted data and you will get unecrypted data as well, it is only a preview available in Swagger.\n\n```\n{\n    \"authModule\": \"ObjectId required, ID of auth module\",\n    \"username\": \"string required\"\n}\n```\n",
          "content": {
            "application/json": {
              "schema": {
                "$ref": "#/components/schemas/ScepCredentialsRequest"
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "Success\n\nAuthenticated user object:\n\n```\n{\n  scepCredentials\": {\n       \"certificate\": \"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\n       \"privatekey\" : \"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\",\n       \"publickey\": \"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\"\n}\n```\n",
            "content": {
              "application/json": {
                "schema": {
                  "$ref": "#/components/schemas/ScepCredentialsResponse"
                }
              }
            }
          },
          "400": {
            "description": "Invalid request"
          },
          "401": {
            "description": "Unauthorized"
          }
        }
      }
    },
    "/tenant/{tenantId}/community/{communityId}/users/fetch": {
      "post": {
        "summary": "Fetch all basic users.",
        "description": "Fetch all basic users. <br />\n- Any valid key can be used to fetch users.\n- If scep is true, basic key cannot be used\n- Auth module must be available and enabled for the community.\n- If includeProperties is requested true, it will add userProperties in response.\n- Returned users will be the type of **'basic'**.\n\n---\n**SCEP/JWT Mandate (effective Jan 20, 2026):**\n- When called with a system/service key, behavior is unchanged.\n- When called with an service/app/app_ext key and `scep: true`:\n  - If current date is after Jan 20, 2026 (or the value of `scep_jwt_mandate_epoch` from CaaS config), a JWT is **mandatory** in the request body (`data.jwt`).\n  - If JWT is missing or invalid, returns 401 Unauthorized.\n  - JWT is validated via `/authn/jwt/verifyToken` and must have `isAuthenticated: true`.\n  - If current date is before the mandate, JWT is not required and behavior is unchanged.\n- Response format remains unchanged.\n---\n\n|              **Headers**                     |\n|----------------------------------------------|\n\n### licensekey (required)\nLicense key encrypted with ECDSA\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n\n|            **Request Body**                  |\n|----------------------------------------------|\n\n### authModule (optional)\nID of auth module is optional.\nIf authModule is provided, fetch users from that particular authModule only.\nIf authModule is not provided OR is null OR empty string THEN\n   - fetch default AUTHSCHEME(enabled: true && isDefault: true) from AuthN\n   - If no authScheme found, return ZERO results in the response.\n   - If authScheme is found, collect authModules in following order\n       - dbModule goes at location 0.\n       - other modules: [] get added IN ORDER.\n\n### pIndex (optional)\nThe pIndex key is a cursor for the pagination.\n\n### pSize (optional)\nA limit on the number of objects to be returned. The range between 1 to 100 and the default is 25.\n\n### query (optional)\nThe query to filter users.<br />\n\n### attributes (optional)\nThis will drive response_user.dir_attributes.\n\n### scep (optional Boolean)\nIf scep provided true. then it will return scep if requested query contains only username or uid.\n- For service/app/app_ext keys after mandate date, JWT is required in `data.jwt`.\n\n### maximumCount (optional)\nIf maximumCount (>= 1) attribute is provided, then it will return quickly - as soon as it finds maximumCount number of users, without fetching all users count among all available directories(authSchemes)\n\n### includeBrokerConnectionId (optional)\nIf includeBrokerConnectionId is provided, then request should forward to that specific broker and fetch the user using that specific broker.\n\n### excludeBrokerConnectionId (optional)\nIf excludeBrokerConnectionId is provided, then request should not forward to that specific broker\n\n### includeProperties (optional)\nIf includeProperties is requested true, then it will return the user properties in response.\n\n|            **Returns**                    |\n|-------------------------------------------|\n\nReturns the users with pagination. <br />\nThis API throw an error if something goes wrong.\n",
        "tags": [
          "User Management"
        ],
        "security": [
          {
            "keyId": []
          },
          {
            "keySecret": []
          },
          {
            "license": []
          }
        ],
        "parameters": [
          {
            "in": "path",
            "name": "tenantId",
            "description": "ID of tenant",
            "required": true,
            "schema": {
              "type": "string",
              "example": "xxxxxxxxxx"
            }
          },
          {
            "in": "path",
            "name": "communityId",
            "description": "ID of community",
            "required": true,
            "schema": {
              "type": "string",
              "example": "xxxxxxxxxxxxxxxxxxxxxxxx"
            }
          },
          {
            "name": "licensekey",
            "in": "header",
            "description": "License key encrypted with ECDSA / Try Authorize &#128274;",
            "required": true,
            "schema": {
              "type": "string",
              "example": "Do not enter anything, use 'Authorize' fields"
            }
          },
          {
            "name": "requestid",
            "in": "header",
            "description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize &#128274;",
            "required": true,
            "schema": {
              "type": "string",
              "example": "Do not enter anything, use 'Authorize' fields"
            }
          },
          {
            "name": "publickey",
            "in": "header",
            "description": "Public Key  / Try Authorize &#128274;",
            "required": true,
            "schema": {
              "type": "string",
              "example": "Do not enter anything, use 'Authorize' fields"
            }
          }
        ],
        "requestBody": {
          "description": "Request body contains object below:\n\n```\n{\n    \"authModule\": \"ObjectId optional, ID of authModule\",\n    \"pIndex\": \"number optional, default = 0\",\n    \"pSize\": \"number optional, default = 25, min = 1, max = 100\",\n    \"query\": \"query object optional\",\n    \"attributes\": \"array of user attributes, optional\",\n    \"scep\": \"boolean optional\",\n    \"maximumCount\": \"number optional\",\n    \"includeBrokerConnectionId\": [\"optional\"],\n    \"excludeBrokerConnectionId\": [\"optional\"],\n    \"checkAliases\": boolean optional\n    \"includeProperties\": boolean optional,\n    \"jwt\": \"string, required for app/app_ext keys with scep after mandate date\"\n}\n```\n",
          "content": {
            "application/json": {
              "schema": {
                "$ref": "#/components/schemas/FetchUsersRequest"
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "Success\n\nUsers fetch result with pagination details.\n\n```\n{\n    \"page\": {\n        \"index\": 0,      page number, starting from 0\n        \"total\": 50,     total number of records\n        \"size\": 10       number of records, per page\n    },\n    \"data\": [\n      {\n        \"username\": \"username\",\n        \"uid\": \"xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx\",\n        \"dguid\": \"xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx\",\n        \"status\": \"active\",\n        \"roleValue\": \"none\",\n        \"type\": \"basic\",\n        \"moduleId\": \"moduleId\",\n        \"onboarding_status\": \"tbd\",\n        \"email\": \"email\",\n        \"firstname\": \"Firstname\",\n        \"lastname\": \"Lastname\",\n        \"phone\": \"xxxxxx\",\n        \"forcePasswordReset\": true/false, // it return, if forcePasswordResetEnabled for AD Broker Auth module\n        \"urn\": \"xxx:xxx:xxxxxxxxxxxx:xxx:xxxxxxxxxxxxxxxxxxxx:xxx:xxxxxxxxxxxxxx:xxx:xxxxxxxxxxx:xxx:xxxxxxxxxxxx\",\n        \"scepCredentials\": {} // if scep is true and system/service level licensekey used\n        \"user_certificate\": ecdsa($scepCredentials) // if scep is true and service_ext/app/app_ext level licensekey used,\n        \"typing_phrase\": \"typing phrase\",\n        \"is_user_pin_enrolled\": true/false,\n        \"userProperties\": { mobiles: [], landlines: [], aliases: {} } // if includeProperties is true\n      }\n    ],\n    publicKey: \"servicekey's publickey\"\n}\n```\n",
            "content": {
              "application/json": {
                "schema": {
                  "$ref": "#/components/schemas/FetchUsersResponse"
                }
              }
            }
          },
          "400": {
            "description": "Invalid request"
          },
          "401": {
            "description": "Unauthorized"
          }
        }
      }
    },
    "/tenant/{tenantId}/community/{communityId}/users/count": {
      "post": {
        "summary": "Count all basic users.",
        "description": "Count all basic users for AzureAD only. <br />\n- Any valid key can be used to count users.\n- Auth module must be available for the community.\n\n\n|              **Headers**                     |\n|----------------------------------------------|\n\n### licensekey (required)\nLicense key encrypted with ECDSA\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n\n|            **Request Body**                  |\n|----------------------------------------------|\n\n### authModule (required)\nID of auth module.\n\n### query (optional)\nThe query to filter users.<br />\n\n\n|            **Returns**                    |\n|-------------------------------------------|\n\nReturns the users with pagination. <br />\nThis API throw an error if something goes wrong.\n",
        "tags": [
          "User Management"
        ],
        "security": [
          {
            "keyId": []
          },
          {
            "keySecret": []
          },
          {
            "license": []
          }
        ],
        "parameters": [
          {
            "in": "path",
            "name": "tenantId",
            "description": "ID of tenant",
            "required": true,
            "schema": {
              "type": "string",
              "example": "xxxxxxxxxx"
            }
          },
          {
            "in": "path",
            "name": "communityId",
            "description": "ID of community",
            "required": true,
            "schema": {
              "type": "string",
              "example": "xxxxxxxxxxxxxxxxxxxxxxxx"
            }
          },
          {
            "name": "licensekey",
            "in": "header",
            "description": "License key encrypted with ECDSA / Try Authorize &#128274;",
            "required": true,
            "schema": {
              "type": "string",
              "example": "Do not enter anything, use 'Authorize' fields"
            }
          },
          {
            "name": "requestid",
            "in": "header",
            "description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize &#128274;",
            "required": true,
            "schema": {
              "type": "string",
              "example": "Do not enter anything, use 'Authorize' fields"
            }
          },
          {
            "name": "publickey",
            "in": "header",
            "description": "Public Key  / Try Authorize &#128274;",
            "required": true,
            "schema": {
              "type": "string",
              "example": "Do not enter anything, use 'Authorize' fields"
            }
          }
        ],
        "requestBody": {
          "description": "Request body contains object below:\n\n```\n{\n    \"authModule\": \"ObjectId required, ID of authModule\",\n    \"query\": \"query object optional\",\n}\n```\n",
          "content": {
            "application/json": {
              "schema": {
                "$ref": "#/components/schemas/CountUsersRequest"
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "Success\n\nUsers count result.\n\n```\n{\n    \"count\": 50,\n    \"id\": \"ObjectID\",\n    \"type\": \"azuread\",\n}\n```\n",
            "content": {
              "application/json": {
                "schema": {
                  "$ref": "#/components/schemas/CountUsersResponse"
                }
              }
            }
          },
          "400": {
            "description": "Invalid request"
          },
          "401": {
            "description": "Unauthorized"
          }
        }
      }
    },
    "/tenant/{tenantId}/community/{communityId}/user/changepassword": {
      "post": {
        "summary": "Change user password (role = none).",
        "description": "Change user password (role = none).<br />\n- Only a **system**, **service**, **service_ext**, **app** and **app_ext** key can be used.\n- A user must provide an existing password OR an OTP code which can be verified against username with {adminconsole}/r2 OTP apis\n- If APP or APP_EXT licenses provided, A caller should provide an user did AND user publicKey which can be verified against username PON data {adminconsole} fetch userinfo apis\n- Auth module must be available and enabled for the community.\n- User with role **'none'** is allowed.\n\n|              **Headers**                     |\n|----------------------------------------------|\n\n### licensekey (required)\nLicense key encrypted with ECDSA\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n\n|            **Request Body**                  |\n|----------------------------------------------|\n\n\n### data (required)\nauthModule, username, currentPassword and newPassword json, encrypted with ECDSA. <br />\n\n|            **Returns**                    |\n|-------------------------------------------|\n\nReturns empty response. <br />\nThis API throw an error if something goes wrong.\n",
        "tags": [
          "User Management"
        ],
        "security": [
          {
            "keyId": []
          },
          {
            "keySecret": []
          },
          {
            "license": []
          }
        ],
        "parameters": [
          {
            "in": "path",
            "name": "tenantId",
            "description": "ID of tenant",
            "required": true,
            "schema": {
              "type": "string",
              "example": "xxxxxxxxxx"
            }
          },
          {
            "in": "path",
            "name": "communityId",
            "description": "ID of community",
            "required": true,
            "schema": {
              "type": "string",
              "example": "xxxxxxxxxxxxxxxxxxxxxxxx"
            }
          },
          {
            "name": "licensekey",
            "in": "header",
            "description": "License key encrypted with ECDSA / Try Authorize &#128274;",
            "required": true,
            "schema": {
              "type": "string",
              "example": "Do not enter anything, use 'Authorize' fields"
            }
          },
          {
            "name": "requestid",
            "in": "header",
            "description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize &#128274;",
            "required": true,
            "schema": {
              "type": "string",
              "example": "Do not enter anything, use 'Authorize' fields"
            }
          },
          {
            "name": "publickey",
            "in": "header",
            "description": "Public Key  / Try Authorize &#128274;",
            "required": true,
            "schema": {
              "type": "string",
              "example": "Do not enter anything, use 'Authorize' fields"
            }
          }
        ],
        "requestBody": {
          "description": "Request body contains 'data' field with encrypted object below:\n\nIMPORTANT - you can send unencrypted data and you will get unecrypted data as well, it is only a preview available in Swagger.\n\n```\n{\n    \"authModule\": \"ObjectId required, ID of auth module\",\n    \"username\": \"string required\",\n    \"currentPassword\": \"string optional: only one of currentPassword | otp is required\",\n    \"otp\": \"string optional: only one of currentPassword | otp is required\",\n    \"userDid\": \"string optional, required for app/app_ext authLevel keys\",\n    \"userPublicKey\": \"string optional, required for app/app_ext authLevel keys\",\n    \"newPassword\": \"string required\"\n    \"eventData\": \"object optional. Key: `mode` \u2014 string. Allowed values: email_link_with_otp, email_link, id_proofing, authenticator, other.\"\n}\n```\n",
          "content": {
            "application/json": {
              "schema": {
                "$ref": "#/components/schemas/UserChangePasswordRequest"
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "Success\n\nEmpty response\n"
          },
          "400": {
            "description": "Invalid request"
          },
          "401": {
            "description": "Unauthorized"
          }
        }
      }
    },
    "/tenant/{tenantId}/community/{communityId}/admin/changepassword": {
      "post": {
        "summary": "Change user password (role = none and type = basic).",
        "description": "Change user password (role = none and type = basic).<br />\n- Only a **system**, **service** and **service_ext** key can be used.\n- Auth module must be available and enabled for the community.\n\n|              **Headers**                     |\n|----------------------------------------------|\n\n### licensekey (required)\nLicense key encrypted with ECDSA\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n\n|            **Request Body**                  |\n|----------------------------------------------|\n\n\n### data (required)\nauthModule, username and newPassword json, encrypted with ECDSA. <br />\n\n|            **Returns**                    |\n|-------------------------------------------|\n\nReturns empty response. <br />\nThis API throw an error if something goes wrong.\n",
        "tags": [
          "User Management"
        ],
        "security": [
          {
            "keyId": []
          },
          {
            "keySecret": []
          },
          {
            "license": []
          }
        ],
        "parameters": [
          {
            "in": "path",
            "name": "tenantId",
            "description": "ID of tenant",
            "required": true,
            "schema": {
              "type": "string",
              "example": "xxxxxxxxxx"
            }
          },
          {
            "in": "path",
            "name": "communityId",
            "description": "ID of community",
            "required": true,
            "schema": {
              "type": "string",
              "example": "xxxxxxxxxxxxxxxxxxxxxxxx"
            }
          },
          {
            "name": "licensekey",
            "in": "header",
            "description": "License key encrypted with ECDSA / Try Authorize &#128274;",
            "required": true,
            "schema": {
              "type": "string",
              "example": "Do not enter anything, use 'Authorize' fields"
            }
          },
          {
            "name": "requestid",
            "in": "header",
            "description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize &#128274;",
            "required": true,
            "schema": {
              "type": "string",
              "example": "Do not enter anything, use 'Authorize' fields"
            }
          },
          {
            "name": "publickey",
            "in": "header",
            "description": "Public Key  / Try Authorize &#128274;",
            "required": true,
            "schema": {
              "type": "string",
              "example": "Do not enter anything, use 'Authorize' fields"
            }
          }
        ],
        "requestBody": {
          "description": "Request body contains 'data' field with encrypted object below:\n\nIMPORTANT - you can send unencrypted data and you will get unecrypted data as well, it is only a preview available in Swagger.\n\n```\n{\n    \"authModule\": \"ObjectId required, ID of auth module\",\n    \"username\": \"string required\",\n    \"newPassword\": \"string required\",\n    \"eventData\": \"object optional. Key: `mode` \u2014 string. Allowed values: email_link_with_otp, email_link, id_proofing, authenticator, other.\"\n}\n```\n",
          "content": {
            "application/json": {
              "schema": {
                "$ref": "#/components/schemas/AdminUserChangePasswordRequest"
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "Success\n\nEmpty response\n"
          },
          "400": {
            "description": "Invalid request"
          },
          "401": {
            "description": "Unauthorized"
          }
        }
      }
    },
    "/tenant/{tenantId}/community/{communityId}/attributes": {
      "put": {
        "summary": "Create user attribute for auth module.",
        "description": "Create user attribute for auth module. <br />\n- Key must be authorized for community.\n- Only a **system**, **service** and **service_ext** key can be used to create user attributes.\n\n|              **Headers**                     |\n|----------------------------------------------|\n\n### licensekey (required)\nLicense key encrypted with ECDSA\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n\n|            **Request Body**                  |\n|----------------------------------------------|\n\n\n### attributes (required)\nList of user attributes to add for auth module. <br />\n\n|            **Returns**                    |\n|-------------------------------------------|\n\nReturns the created user attributes and errors if any. <br />\nThis API throw an error if something goes wrong.\n",
        "tags": [
          "User Attribute"
        ],
        "security": [
          {
            "keyId": []
          },
          {
            "keySecret": []
          },
          {
            "license": []
          }
        ],
        "parameters": [
          {
            "in": "path",
            "name": "tenantId",
            "description": "ID of tenant",
            "required": true,
            "schema": {
              "type": "string",
              "example": "xxxxxxxxxx"
            }
          },
          {
            "in": "path",
            "name": "communityId",
            "description": "ID of community",
            "required": true,
            "schema": {
              "type": "string",
              "example": "xxxxxxxxxxxxxxxxxxxxxxxx"
            }
          },
          {
            "in": "query",
            "name": "moduleId",
            "description": "ID of auth module",
            "required": true,
            "schema": {
              "type": "string",
              "example": "xxxxxxxxxxxxxxxxxxxxxxxx"
            }
          },
          {
            "name": "licensekey",
            "in": "header",
            "description": "License key encrypted with ECDSA / Try Authorize &#128274;",
            "required": true,
            "schema": {
              "type": "string",
              "example": "Do not enter anything, use 'Authorize' fields"
            }
          },
          {
            "name": "requestid",
            "in": "header",
            "description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize &#128274;",
            "required": true,
            "schema": {
              "type": "string",
              "example": "Do not enter anything, use 'Authorize' fields"
            }
          },
          {
            "name": "publickey",
            "in": "header",
            "description": "Public Key  / Try Authorize &#128274;",
            "required": true,
            "schema": {
              "type": "string",
              "example": "Do not enter anything, use 'Authorize' fields"
            }
          }
        ],
        "requestBody": {
          "description": "List of user attributes to add for auth module.\n\n```\n{\n    \"attributes\": [\n        {\n            \"name\": \"string required, name of attribute\",\n            \"attribute\": \"string required, attribute in data source\"\n        }\n    ]\n}\n```\n",
          "content": {
            "application/json": {
              "schema": {
                "$ref": "#/components/schemas/UserAttributeCreateRequest"
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "Success\n\nCreated user attributes and list of errors (if any):\n\n```\n{\n    \"created\": [\n        {\n            \"_id\": \"ObjectID\",\n            \"name\": \"first_name\",\n            \"attribute\": \"firstname\",\n            \"moduleId\": \"ObjectId\"\n        },\n        {\n            \"_id\": \"ObjectID\",\n            \"name\": \"last_name\",\n            \"attribute\": \"lastname\",\n            \"moduleId\": \"ObjectId\"\n        }\n    ]\n    \"errors\": [\n    ]\n}\n```\n",
            "content": {
              "application/json": {
                "schema": {
                  "$ref": "#/components/schemas/UserAttributeCreateResponse"
                }
              }
            }
          },
          "400": {
            "description": "Invalid request"
          },
          "401": {
            "description": "Unauthorized"
          }
        }
      },
      "get": {
        "summary": "Get all user attribute of auth module.",
        "description": "Get all user attribute for auth module. <br />\n- Key must be authorized for community.\n- Only a **system**, **service** and **service_ext** key can be used to create user attributes.\n\n|              **Headers**                     |\n|----------------------------------------------|\n\n### licensekey (required)\nLicense key encrypted with ECDSA\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n\n|            **Returns**                    |\n|-------------------------------------------|\n\nReturns all user attributes of auth module. <br />\nThis API throw an error if something goes wrong.\n",
        "tags": [
          "User Attribute"
        ],
        "security": [
          {
            "keyId": []
          },
          {
            "keySecret": []
          },
          {
            "license": []
          }
        ],
        "parameters": [
          {
            "in": "path",
            "name": "tenantId",
            "description": "ID of tenant",
            "required": true,
            "schema": {
              "type": "string",
              "example": "xxxxxxxxxx"
            }
          },
          {
            "in": "path",
            "name": "communityId",
            "description": "ID of community",
            "required": true,
            "schema": {
              "type": "string",
              "example": "xxxxxxxxxxxxxxxxxxxxxxxx"
            }
          },
          {
            "in": "query",
            "name": "moduleId",
            "description": "ID of auth module",
            "required": true,
            "schema": {
              "type": "string",
              "example": "xxxxxxxxxxxxxxxxxxxxxxxx"
            }
          },
          {
            "name": "licensekey",
            "in": "header",
            "description": "License key encrypted with ECDSA / Try Authorize &#128274;",
            "required": true,
            "schema": {
              "type": "string",
              "example": "Do not enter anything, use 'Authorize' fields"
            }
          },
          {
            "name": "requestid",
            "in": "header",
            "description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize &#128274;",
            "required": true,
            "schema": {
              "type": "string",
              "example": "Do not enter anything, use 'Authorize' fields"
            }
          },
          {
            "name": "publickey",
            "in": "header",
            "description": "Public Key  / Try Authorize &#128274;",
            "required": true,
            "schema": {
              "type": "string",
              "example": "Do not enter anything, use 'Authorize' fields"
            }
          }
        ],
        "requestBody": {
          "description": "Empty request body\n\n```\n{\n}\n```\n"
        },
        "responses": {
          "200": {
            "description": "Success\n\nUser attributes list:\n\n```\n[\n    {\n        \"_id\": \"ObjectID\",\n        \"name\": \"first_name\",\n        \"attribute\": \"firstname\",\n        \"moduleId\": \"ObjectId\"\n    }\n]\n```\n\nUser attributes list not found:\n\n```\n[]\n```\n",
            "content": {
              "application/json": {
                "schema": {
                  "$ref": "#/components/schemas/UserAttributeFetchResponse"
                }
              }
            }
          },
          "400": {
            "description": "Invalid request"
          },
          "401": {
            "description": "Unauthorized"
          }
        }
      },
      "patch": {
        "summary": "Bulk update user attributes.",
        "description": "Bulk update user attributes. <br />\n- Key must be authorized for community.\n- Only a **system**, **service** and **service_ext** key can be used to update user attributes.\n\n|              **Headers**                     |\n|----------------------------------------------|\n\n### licensekey (required)\nLicense key encrypted with ECDSA\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n\n|            **Returns**                    |\n|-------------------------------------------|\n\nReturns updated attributes of auth module and errors (if any). <br />\nThis API throw an error if something goes wrong.\n",
        "tags": [
          "User Attribute"
        ],
        "security": [
          {
            "keyId": []
          },
          {
            "keySecret": []
          },
          {
            "license": []
          }
        ],
        "parameters": [
          {
            "in": "path",
            "name": "tenantId",
            "description": "ID of tenant",
            "required": true,
            "schema": {
              "type": "string",
              "example": "xxxxxxxxxx"
            }
          },
          {
            "in": "path",
            "name": "communityId",
            "description": "ID of community",
            "required": true,
            "schema": {
              "type": "string",
              "example": "xxxxxxxxxxxxxxxxxxxxxxxx"
            }
          },
          {
            "name": "licensekey",
            "in": "header",
            "description": "License key encrypted with ECDSA / Try Authorize &#128274;",
            "required": true,
            "schema": {
              "type": "string",
              "example": "Do not enter anything, use 'Authorize' fields"
            }
          },
          {
            "name": "requestid",
            "in": "header",
            "description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize &#128274;",
            "required": true,
            "schema": {
              "type": "string",
              "example": "Do not enter anything, use 'Authorize' fields"
            }
          },
          {
            "name": "publickey",
            "in": "header",
            "description": "Public Key  / Try Authorize &#128274;",
            "required": true,
            "schema": {
              "type": "string",
              "example": "Do not enter anything, use 'Authorize' fields"
            }
          }
        ],
        "requestBody": {
          "description": "List of user attributes to add for auth module.\n\n```\n{\n    \"attributes\": [\n        {\n            \"id\": \"string required\",\n            \"name\": \"string required, name of attribute\",\n            \"attribute\": \"string required, attribute in data source\"\n        }\n    ]\n}\n",
          "content": {
            "application/json": {
              "schema": {
                "$ref": "#/components/schemas/UserAttributeBulkUpdateRequest"
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "Success\n\nCreated user attributes and list of errors (if any):\n\n```\n{\n    \"updated\": [\n        {\n            \"_id\": \"ObjectID\",\n            \"name\": \"first_name\",\n            \"attribute\": \"firstname\",\n            \"moduleId\": \"ObjectId\"\n        },\n        {\n            \"_id\": \"ObjectID\",\n            \"name\": \"last_name\",\n            \"attribute\": \"lastname\",\n            \"moduleId\": \"ObjectId\"\n        }\n    ]\n    \"errors\": [\n    ]\n}\n```\n",
            "content": {
              "application/json": {
                "schema": {
                  "$ref": "#/components/schemas/UserAttributeBulkUpdateResponse"
                }
              }
            }
          },
          "400": {
            "description": "Invalid request"
          },
          "401": {
            "description": "Unauthorized"
          },
          "404": {
            "description": "No user attributes found"
          }
        }
      }
    },
    "/tenant/{tenantId}/community/{communityId}/attribute/{attributeId}": {
      "patch": {
        "summary": "Update user attribute.",
        "description": "Update user attribute. <br />\n- Key must be authorized for community.\n- Only a **system**, **service** and **service_ext** key can be used to create user attributes.\n\n|              **Headers**                     |\n|----------------------------------------------|\n\n### licensekey (required)\nLicense key encrypted with ECDSA\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n\n|            **Request Body**                  |\n|----------------------------------------------|\n\n### name (optional)\nName of attribute.\n\n<br />\n### attribute (optional)\nIdentifier of attribute\n\n\n|            **Returns**                    |\n|-------------------------------------------|\n\nReturns the updated user attributes. <br />\nThis API throw an error if something goes wrong.\n",
        "tags": [
          "User Attribute"
        ],
        "security": [
          {
            "keyId": []
          },
          {
            "keySecret": []
          },
          {
            "license": []
          }
        ],
        "parameters": [
          {
            "in": "path",
            "name": "tenantId",
            "description": "ID of tenant",
            "required": true,
            "schema": {
              "type": "string",
              "example": "xxxxxxxxxx"
            }
          },
          {
            "in": "path",
            "name": "communityId",
            "description": "ID of community",
            "required": true,
            "schema": {
              "type": "string",
              "example": "xxxxxxxxxxxxxxxxxxxxxxxx"
            }
          },
          {
            "in": "path",
            "name": "attributeId",
            "description": "ID of user attribute",
            "required": true,
            "schema": {
              "type": "string",
              "example": "xxxxxxxxxxxxxxxxxxxxxxxx"
            }
          },
          {
            "name": "licensekey",
            "in": "header",
            "description": "License key encrypted with ECDSA / Try Authorize &#128274;",
            "required": true,
            "schema": {
              "type": "string",
              "example": "Do not enter anything, use 'Authorize' fields"
            }
          },
          {
            "name": "requestid",
            "in": "header",
            "description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize &#128274;",
            "required": true,
            "schema": {
              "type": "string",
              "example": "Do not enter anything, use 'Authorize' fields"
            }
          },
          {
            "name": "publickey",
            "in": "header",
            "description": "Public Key  / Try Authorize &#128274;",
            "required": true,
            "schema": {
              "type": "string",
              "example": "Do not enter anything, use 'Authorize' fields"
            }
          }
        ],
        "requestBody": {
          "description": "User attribute fields to update.\n\n```\n{\n    \"name\": \"string required, name of attribute\",\n    \"attribute\": \"string required, attribute in data source\"\n}\n```\n",
          "content": {
            "application/json": {
              "schema": {
                "$ref": "#/components/schemas/UserAttributeUpdateRequest"
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "Success\n\nUpdated user attribute:\n\n```\n{\n    \"_id\": \"ObjectID\",\n    \"name\": \"first_name\",\n    \"attribute\": \"firstname\",\n    \"moduleId\": \"ObjectId\"\n}\n```\n",
            "content": {
              "application/json": {
                "schema": {
                  "$ref": "#/components/schemas/UserAttributeUpdateResponse"
                }
              }
            }
          },
          "400": {
            "description": "Invalid request"
          },
          "401": {
            "description": "Unauthorized"
          },
          "404": {
            "description": "No user attribute found"
          }
        }
      },
      "delete": {
        "summary": "Delete user attribute.",
        "description": "Remove user attribute. <br />\n- Key must be authorized for community.\n- Only a **system**, **service** and **service_ext** key can be used to create user attributes.\n\n|              **Headers**                     |\n|----------------------------------------------|\n\n### licensekey (required)\nLicense key encrypted with ECDSA\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n\n|            **Request Body**                  |\n|----------------------------------------------|\n\n### name (optional)\nName of attribute.\n\n<br />\n### attribute (optional)\nIdentifier of attribute\n\n\n|            **Returns**                    |\n|-------------------------------------------|\n\nNo content. <br />\nThis API throw an error if something goes wrong.\n",
        "tags": [
          "User Attribute"
        ],
        "security": [
          {
            "keyId": []
          },
          {
            "keySecret": []
          },
          {
            "license": []
          }
        ],
        "parameters": [
          {
            "in": "path",
            "name": "tenantId",
            "description": "ID of tenant",
            "required": true,
            "schema": {
              "type": "string",
              "example": "xxxxxxxxxx"
            }
          },
          {
            "in": "path",
            "name": "communityId",
            "description": "ID of community",
            "required": true,
            "schema": {
              "type": "string",
              "example": "xxxxxxxxxxxxxxxxxxxxxxxx"
            }
          },
          {
            "in": "path",
            "name": "attributeId",
            "description": "ID of user attribute",
            "required": true,
            "schema": {
              "type": "string",
              "example": "xxxxxxxxxxxxxxxxxxxxxxxx"
            }
          },
          {
            "name": "licensekey",
            "in": "header",
            "description": "License key encrypted with ECDSA / Try Authorize &#128274;",
            "required": true,
            "schema": {
              "type": "string",
              "example": "Do not enter anything, use 'Authorize' fields"
            }
          },
          {
            "name": "requestid",
            "in": "header",
            "description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize &#128274;",
            "required": true,
            "schema": {
              "type": "string",
              "example": "Do not enter anything, use 'Authorize' fields"
            }
          },
          {
            "name": "publickey",
            "in": "header",
            "description": "Public Key  / Try Authorize &#128274;",
            "required": true,
            "schema": {
              "type": "string",
              "example": "Do not enter anything, use 'Authorize' fields"
            }
          }
        ],
        "responses": {
          "204": {
            "description": "Success\n\nNo Content\n"
          },
          "400": {
            "description": "Invalid request"
          },
          "401": {
            "description": "Unauthorized"
          },
          "404": {
            "description": "No user attribute found"
          }
        }
      }
    },
    "/tenant/{tenantId}/community/{communityId}/attribute/{attributeId}/attributes": {
      "get": {
        "summary": "Get attributes shared authModule with attributeId.",
        "description": "Get all user attributes of the same directory/authModule as to the attribute identified by attributId. <br />\n- Key must be authorized for community.\n- Only a **system**, **service** and **service_ext** key can be used to create user attributes.\n\n|              **Headers**                     |\n|----------------------------------------------|\n\n### licensekey (required)\nLicense key encrypted with ECDSA\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n\n|            **Returns**                    |\n|-------------------------------------------|\n\nReturns all user attributes of auth module. <br />\nThis API throw an error if something goes wrong.\n",
        "tags": [
          "User Attribute"
        ],
        "security": [
          {
            "keyId": []
          },
          {
            "keySecret": []
          },
          {
            "license": []
          }
        ],
        "parameters": [
          {
            "in": "path",
            "name": "tenantId",
            "description": "ID of tenant",
            "required": true,
            "schema": {
              "type": "string",
              "example": "xxxxxxxxxx"
            }
          },
          {
            "in": "path",
            "name": "communityId",
            "description": "ID of community",
            "required": true,
            "schema": {
              "type": "string",
              "example": "xxxxxxxxxxxxxxxxxxxxxxxx"
            }
          },
          {
            "in": "path",
            "name": "attributeId",
            "description": "ID of an User Attribute",
            "required": true,
            "schema": {
              "type": "string",
              "example": "xxxxxxxxxxxxxxxxxxxxxxxx"
            }
          },
          {
            "name": "licensekey",
            "in": "header",
            "description": "License key encrypted with ECDSA / Try Authorize &#128274;",
            "required": true,
            "schema": {
              "type": "string",
              "example": "Do not enter anything, use 'Authorize' fields"
            }
          },
          {
            "name": "requestid",
            "in": "header",
            "description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize &#128274;",
            "required": true,
            "schema": {
              "type": "string",
              "example": "Do not enter anything, use 'Authorize' fields"
            }
          },
          {
            "name": "publickey",
            "in": "header",
            "description": "Public Key  / Try Authorize &#128274;",
            "required": true,
            "schema": {
              "type": "string",
              "example": "Do not enter anything, use 'Authorize' fields"
            }
          }
        ],
        "requestBody": {
          "description": "Empty request body\n\n```\n{\n}\n```\n"
        },
        "responses": {
          "200": {
            "description": "Success\n\nUser attributes list:\n\n```\n[\n    {\n        \"_id\": \"ObjectID\",\n        \"name\": \"first_name\",\n        \"attribute\": \"firstname\",\n        \"moduleId\": \"ObjectId\"\n    }\n]\n```\n\nUser attributes list not found:\n\n```\n[]\n```\n",
            "content": {
              "application/json": {
                "schema": {
                  "$ref": "#/components/schemas/UserAttributeFetchResponse"
                }
              }
            }
          },
          "400": {
            "description": "Invalid request"
          },
          "401": {
            "description": "Unauthorized"
          }
        }
      }
    },
    "/tenant/{tenantId}/community/{communityId}/directoryattributes": {
      "post": {
        "summary": "Get Directory Attributes for the auth module.",
        "description": "Get directory attributes for the auth module. <br />\n- Key must be authorized for community.\n- Only a **system**, **service** and **service_ext** key can be used to create user attributes.\n\n|              **Headers**                     |\n|----------------------------------------------|\n\n### licensekey (required)\nLicense key encrypted with ECDSA\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n\n|            **Request Body**                  |\n|----------------------------------------------|\n\n### pIndex (optional)\nThe pIndex key is a cursor for the pagination.\n\n### pSize (optional)\nA limit on the number of objects to be returned. The range between 1 to 100 and the default is 25.\n\n\n\n|            **Returns**                    |\n|-------------------------------------------|\n\nReturns directory attributes of auth module. <br />\nThis API throw an error if something goes wrong.\n",
        "tags": [
          "User Attribute"
        ],
        "security": [
          {
            "keyId": []
          },
          {
            "keySecret": []
          },
          {
            "license": []
          }
        ],
        "parameters": [
          {
            "in": "path",
            "name": "tenantId",
            "description": "ID of tenant",
            "required": true,
            "schema": {
              "type": "string",
              "example": "xxxxxxxxxx"
            }
          },
          {
            "in": "path",
            "name": "communityId",
            "description": "ID of community",
            "required": true,
            "schema": {
              "type": "string",
              "example": "xxxxxxxxxxxxxxxxxxxxxxxx"
            }
          },
          {
            "in": "query",
            "name": "moduleId",
            "description": "ID of auth module",
            "required": true,
            "schema": {
              "type": "string",
              "example": "xxxxxxxxxxxxxxxxxxxxxxxx"
            }
          },
          {
            "name": "licensekey",
            "in": "header",
            "description": "License key encrypted with ECDSA / Try Authorize &#128274;",
            "required": true,
            "schema": {
              "type": "string",
              "example": "Do not enter anything, use 'Authorize' fields"
            }
          },
          {
            "name": "requestid",
            "in": "header",
            "description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize &#128274;",
            "required": true,
            "schema": {
              "type": "string",
              "example": "Do not enter anything, use 'Authorize' fields"
            }
          },
          {
            "name": "publickey",
            "in": "header",
            "description": "Public Key  / Try Authorize &#128274;",
            "required": true,
            "schema": {
              "type": "string",
              "example": "Do not enter anything, use 'Authorize' fields"
            }
          }
        ],
        "requestBody": {
          "description": "Request body contains object below:\n\n```\n{\n    \"pIndex\": \"number optional, default = 0\",\n    \"pSize\": \"number optional, default = 25, min = 1, max = 100\"\n}\n```\n",
          "content": {
            "application/json": {
              "schema": {
                "$ref": "#/components/schemas/DirectoryAttributesRequest"
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "Success\n\nDirectory attributes of auth module:\n\n```\n{\n    \"page\": {\n        \"index\": 0,\n        \"total\": 19,\n        \"size\": 19\n    },\n    \"data\": [\n        \"uid\",\n        \"tenantId\",\n        \"communityId\",\n        \"username\",\n        \"type\",\n        \"roleValue\",\n        \"status\",\n        \"firstname\",\n        \"middlename\",\n        \"lastname\",\n        \"email1\",\n        \"email1_verified\",\n        \"email2\",\n        \"email2_verified\",\n        \"phone1\",\n        \"phone1_verified\",\n        \"address\",\n        \"address_verified\",\n        \"disabled\"\n    ]\n}\n```\n",
            "content": {
              "application/json": {
                "schema": {
                  "$ref": "#/components/schemas/DirectoryAttributesResponse"
                }
              }
            }
          },
          "400": {
            "description": "Invalid request"
          },
          "401": {
            "description": "Unauthorized"
          },
          "404": {
            "description": "No user attribute found"
          }
        }
      }
    },
    "/systemusers/fetch": {
      "post": {
        "summary": "Fetch all system users.",
        "description": "Fetch all system users. <br />\n- Only a **system** and a **service** key can be used to fetch system users.\n- Returned users will be the type of **'systemuser'**.\n\n|              **Headers**                     |\n|----------------------------------------------|\n\n### licensekey (required)\nLicense key encrypted with ECDSA\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n\n|            **Request Body**                  |\n|----------------------------------------------|\n\n\n### pIndex (optional)\nThe pIndex key is a cursor for the pagination. Default is 0.\n\n### pSize (optional)\nA limit on the number of objects to be returned. The range between 1 to 100 and the default is 25.\n\n### query (optional)\nThe query to filter users.<br />\n\n### attributes (optional)\nThis will drive response_user.dir_attributes.\n\n### authModule (optional)\nThis tells what auth module should be used for attribute mapping.\n\n|            **Returns**                    |\n|-------------------------------------------|\n\nReturns the system users with pagination. <br />\nThis API throw an error if something goes wrong.\n",
        "tags": [
          "System User"
        ],
        "security": [
          {
            "keyId": []
          },
          {
            "keySecret": []
          },
          {
            "license": []
          }
        ],
        "parameters": [
          {
            "name": "licensekey",
            "in": "header",
            "description": "License key encrypted with ECDSA / Try Authorize &#128274;",
            "required": true,
            "schema": {
              "type": "string",
              "example": "Do not enter anything, use 'Authorize' fields"
            }
          },
          {
            "name": "requestid",
            "in": "header",
            "description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize &#128274;",
            "required": true,
            "schema": {
              "type": "string",
              "example": "Do not enter anything, use 'Authorize' fields"
            }
          },
          {
            "name": "publickey",
            "in": "header",
            "description": "Public Key  / Try Authorize &#128274;",
            "required": true,
            "schema": {
              "type": "string",
              "example": "Do not enter anything, use 'Authorize' fields"
            }
          }
        ],
        "requestBody": {
          "description": "Request body contains object below:\n\n```\n{\n    \"pIndex\": \"number optional, default = 0\",\n    \"pSize\": \"number optional, default = 25, min = 1, max = 100\",\n    \"query\": \"query object optional\",\n    \"attributes\": \"array of attributes, optional\",\n    \"authModule\": \"string optional\"\n}\n```\n",
          "content": {
            "application/json": {
              "schema": {
                "$ref": "#/components/schemas/FetchSystemUsersRequest"
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "Success\n\nSystem users fetch result with pagination details.\n\n```\n{\n    \"page\": {\n        \"index\": 0,      page number, starting from 0\n        \"total\": 50,     total number of records\n        \"size\": 10       number of records, per page\n    },\n    \"data\": [{\n        \"username\": \"username\",\n        \"uid\": \"xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx\",\n        \"dguid\": \"xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx\",\n        \"status\": \"active\",\n        \"roleValue\": \"none\",\n        \"type\": \"basic\",\n        \"moduleId\": \"moduleId\",\n        \"onboarding_status\": \"tbd\",\n        \"email\": \"email\",\n        \"firstname\": \"Firstname\",\n        \"lastname\": \"Lastname\",\n        \"phone\": \"xxxxxx\"\n    }]\n}\n```\n",
            "content": {
              "application/json": {
                "schema": {
                  "$ref": "#/components/schemas/FetchSystemUsersResponse"
                }
              }
            }
          },
          "400": {
            "description": "Invalid request"
          },
          "401": {
            "description": "Unauthorized"
          }
        }
      }
    },
    "/systemuser": {
      "put": {
        "summary": "Create system user.",
        "description": "Create system user.<br />\n- Only a **system** and a **service** key can be used to create a system user.\n- Created user will be the type of **'systemuser'**.\n- The communityId will be set to **'any'** for the created user.\n- The roleValue will be set to **'none'**\n\n\n|              **Headers**                     |\n|----------------------------------------------|\n\n### licensekey (required)\nLicense key encrypted with ECDSA\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n\n|            **Request Body**                  |\n|----------------------------------------------|\n\n\n### data (required)\nUser data encrypted with ECDSA <br />\n\n\n|            **Returns**                    |\n|-------------------------------------------|\n\nReturns the created system user, encrypted with ECDSA and public key. <br />\nThis API throw an error if something goes wrong.\n",
        "tags": [
          "System User"
        ],
        "security": [
          {
            "keyId": []
          },
          {
            "keySecret": []
          },
          {
            "license": []
          }
        ],
        "parameters": [
          {
            "name": "licensekey",
            "in": "header",
            "description": "License key encrypted with ECDSA / Try Authorize &#128274;",
            "required": true,
            "schema": {
              "type": "string",
              "example": "Do not enter anything, use 'Authorize' fields"
            }
          },
          {
            "name": "requestid",
            "in": "header",
            "description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize &#128274;",
            "required": true,
            "schema": {
              "type": "string",
              "example": "Do not enter anything, use 'Authorize' fields"
            }
          },
          {
            "name": "publickey",
            "in": "header",
            "description": "Public Key  / Try Authorize &#128274;",
            "required": true,
            "schema": {
              "type": "string",
              "example": "Do not enter anything, use 'Authorize' fields"
            }
          }
        ],
        "requestBody": {
          "description": "Request body contains 'data' field with encrypted object below:\n\nIMPORTANT - you can send unencrypted data and you will get unecrypted data as well, it is only a preview available in Swagger.\n\n```\n{\n    \"tenantId\": \"string required\",\n    \"username\": \"string required\",\n    \"password\": \"string required\",\n    \"status\": \"string optional - active or locked or disabled, default = active\",\n    \"firstname\": \"string required\",\n    \"middlename\": \"string optional\",\n    \"lastname\": \"string required\",\n    \"email1\": \"string required - valid email address\",\n    \"email1_verified\": \"boolean required\",\n    \"email2\": \"string optional - valid email address\",\n    \"email2_verified\": \"boolean optional\",\n    \"phone1\": \"string optional - only digits\",\n    \"phone1_verified\": \"boolean optional\",\n    \"address\": {\n        \"house\": \"string optional\",\n        \"streetname\": \"string optional\",\n        \"city\": \"string optional\",\n        \"state\": \"string optional\",\n        \"country\": \"string optional\",\n        \"zip\": \"string optional\"\n    },\n    \"address_verified\": \"boolean optional\",\n    \"disabled\": \"boolean optional\",\n    \"roleValue\": \"string optional\"\n}\n```\n",
          "content": {
            "application/json": {
              "schema": {
                "$ref": "#/components/schemas/SystemUserCreateRequest"
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "Success\n\npublicKey is publicKey of User Management API, useful for decryption response\n\ndata is ECDSA encrypted object represents created user:\n\n```\n{\n    \"uid\": \"748da031-c45e-4abd-930e-75b4929e6503\",\n    \"tenantId\": \"123-456\",\n    \"communityId\": \"any\",\n    \"roleValue\": \"none\",\n    \"username\": \"Username\",\n    \"type\": \"systemuser\",\n    \"status\": \"active\",\n    \"firstname\": \"First name\",\n    \"middlename\": \"Middle name\",\n    \"lastname\": \"Last name\",\n    \"email1\": \"bu-1@gmail.com\",\n    \"email1_verified\": true,\n    \"email2\": \"bu-11@gmail.com\",\n    \"email2_verified\": true,\n    \"phone1\": \"11111111\",\n    \"phone1_verified\": true,\n    \"address\": {\n        \"house\": \"House\",\n        \"streetname\": \"Street name\",\n        \"city\": \"City\",\n        \"state\": \"State\",\n        \"country\": \"Country\",\n        \"zip\": \"11111\"\n    },\n    \"address_verified\": true,\n    \"disabled\": false\n}\n```\n",
            "content": {
              "application/json": {
                "schema": {
                  "$ref": "#/components/schemas/SystemUserCreateResponse"
                }
              }
            }
          },
          "400": {
            "description": "Invalid request"
          },
          "401": {
            "description": "Unauthorized"
          }
        }
      }
    },
    "/systemuser/{uid}": {
      "patch": {
        "summary": "Update system user.",
        "description": "Update system user.<br />\n- Only a **system** and a **service** key can be used to update system user.\n- Only **systemuser** user will be updated.\n- **roleValue, uid, username, password** cannot be updated.\n- Only provided attributes will be updated.\n\n\n|              **Parameters**                  |\n|----------------------------------------------|\n\n### uid (required)\nThe uid of system user.<br />\n\n\n|              **Headers**                     |\n|----------------------------------------------|\n\n### licensekey (required)\nLicense key encrypted with ECDSA\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n\n|            **Request Body**                  |\n|----------------------------------------------|\n\n\n### tenantId (optional)\nThis key sets the tenant id of a user.\n\n<br />\n### type (optional)\nThis key sets the type of a user. The type key only accept these values (\"systemuser\", \"basic\").\n\n<br />\n### status (optional)\nThis key sets the status of a user. The type key only accept these values (\"active\", \"locked\", \"disabled\").\n\n<br />\n### firstname (optional)\nThis key sets the first name of a user.\n\n<br />\n### middlename (optional)\nThis key sets the middle name of a user.\n\n<br />\n### lastname (optional)\nThis key sets the last name of a user.\n\n<br />\n### email1 (optional)\nThis key sets the first email of a user.\n\n<br />\n### email1_verified (optional)\nThis key sets the verification status of the first email.\n\n<br />\n### email2 (optional)\nThis key sets the second email of the user.\n\n<br />\n### emaild_verified (optional)\nThis key sets the verification status of the second email.\n\n<br />\n### phone1 (optional)\nThis key sets the phone number of a user.\n\n<br />\n### phone1_verified (optional)\nThis key sets the verification status of the phone number.\n\n<br />\n### address (optional object)\nThis key sets the address of the user.\n\n<br />\n### address_verified (optional)\nThis key sets the verification status of the address.\n\n<br />\n### disabled (optional)\nThis key sets disabled status of a user. The disabled key only accept these values (true, false).\n\n<br />\n### roleValue (optional)\nThis key sets roleValue of the user\n\n\n|            **Returns**                    |\n|-------------------------------------------|\n\nReturns the updated system user.<br />\nThis API throw an error if something goes wrong.\n",
        "tags": [
          "System User"
        ],
        "security": [
          {
            "keyId": []
          },
          {
            "keySecret": []
          },
          {
            "license": []
          }
        ],
        "parameters": [
          {
            "in": "path",
            "name": "uid",
            "description": "UID of user.",
            "required": true,
            "schema": {
              "type": "string",
              "example": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
            }
          },
          {
            "name": "licensekey",
            "in": "header",
            "description": "License key encrypted with ECDSA / Try Authorize &#128274;",
            "required": true,
            "schema": {
              "type": "string",
              "example": "Do not enter anything, use 'Authorize' fields"
            }
          },
          {
            "name": "requestid",
            "in": "header",
            "description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize &#128274;",
            "required": true,
            "schema": {
              "type": "string",
              "example": "Do not enter anything, use 'Authorize' fields"
            }
          },
          {
            "name": "publickey",
            "in": "header",
            "description": "Public Key  / Try Authorize &#128274;",
            "required": true,
            "schema": {
              "type": "string",
              "example": "Do not enter anything, use 'Authorize' fields"
            }
          }
        ],
        "requestBody": {
          "description": "Request body contains below fields to update system user.\n\n```\n{\n    \"tenantId\": \"string optional\",\n    \"type\": \"string optional - systemuser or basic\",\n    \"status\": \"string optional - active or locked or disabled\",\n    \"firstname\": \"string optional\",\n    \"middlename\": \"string optional\",\n    \"lastname\": \"string optional\",\n    \"email1\": \"string optional - valid email address\",\n    \"email1_verified\": \"boolean optional\",\n    \"email2\": \"string optional - valid email address\",\n    \"email2_verified\": \"boolean optional\",\n    \"phone1\": \"string optional - only digits\",\n    \"phone1_verified\": \"boolean optional\",\n    \"address\": {\n        \"house\": \"string optional\",\n        \"streetname\": \"string optional\",\n        \"city\": \"string optional\",\n        \"state\": \"string optional\",\n        \"country\": \"string optional\",\n        \"zip\": \"string optional\"\n    },\n    \"address_verified\": \"boolean optional\",\n    \"disabled\": \"boolean optional\",\n    \"roleValue\": \"none\"\n}\n```\n",
          "content": {
            "application/json": {
              "schema": {
                "$ref": "#/components/schemas/SystemUserUpdateRequest"
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "Success\n\nUpdated user object:\n\n```\n{\n    \"uid\": \"748da031-c45e-4abd-930e-75b4929e6503\",\n    \"communityId\": \"any\",\n    \"roleValue\": \"none\",\n    \"tenantId\": \"123-456\",\n    \"username\": \"Username\",\n    \"type\": \"systemuser\",\n    \"status\": \"active\",\n    \"firstname\": \"First name\",\n    \"middlename\": \"Middle name\",\n    \"lastname\": \"Last name\",\n    \"email1\": \"bu-1@gmail.com\",\n    \"email1_verified\": true,\n    \"email2\": \"bu-11@gmail.com\",\n    \"email2_verified\": true,\n    \"phone1\": \"11111111\",\n    \"phone1_verified\": true,\n    \"address\": {\n        \"house\": \"House\",\n        \"streetname\": \"Street name\",\n        \"city\": \"City\",\n        \"state\": \"State\",\n        \"country\": \"Country\",\n        \"zip\": \"11111\"\n    },\n    \"address_verified\": true,\n    \"disabled\": false\n}\n```\n",
            "content": {
              "application/json": {
                "schema": {
                  "$ref": "#/components/schemas/SystemUserUpdateResponse"
                }
              }
            }
          },
          "400": {
            "description": "Invalid request"
          },
          "401": {
            "description": "Unauthorized"
          },
          "404": {
            "description": "No system user found."
          }
        }
      }
    },
    "/systemuser/authenticate": {
      "post": {
        "summary": "Verify system user password.",
        "description": "Verify system user password.<br />\n- Any valid key can be used to verify system user password.\n- Only **systemuser** type user will be verified.\n\n|              **Headers**                     |\n|----------------------------------------------|\n\n### licensekey (required)\nLicense key encrypted with ECDSA\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n\n|            **Request Body**                  |\n|----------------------------------------------|\n\n\n### data (required)\nusername and password json, encrypted with ECDSA. <br />\n\n\n|            **Returns**                    |\n|-------------------------------------------|\n\nReturns the verification status. <br />\nThis API throw an error if something goes wrong.\n",
        "tags": [
          "System User"
        ],
        "security": [
          {
            "keyId": []
          },
          {
            "keySecret": []
          },
          {
            "license": []
          }
        ],
        "parameters": [
          {
            "name": "licensekey",
            "in": "header",
            "description": "License key encrypted with ECDSA / Try Authorize &#128274;",
            "required": true,
            "schema": {
              "type": "string",
              "example": "Do not enter anything, use 'Authorize' fields"
            }
          },
          {
            "name": "requestid",
            "in": "header",
            "description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize &#128274;",
            "required": true,
            "schema": {
              "type": "string",
              "example": "Do not enter anything, use 'Authorize' fields"
            }
          },
          {
            "name": "publickey",
            "in": "header",
            "description": "Public Key  / Try Authorize &#128274;",
            "required": true,
            "schema": {
              "type": "string",
              "example": "Do not enter anything, use 'Authorize' fields"
            }
          }
        ],
        "requestBody": {
          "description": "Request body contains 'data' field with encrypted object below:\n\nIMPORTANT - you can send unencrypted data and you will get unecrypted data as well, it is only a preview available in Swagger.\n\n```\n{\n    \"username\": \"string required\",\n    \"password\": \"string required\"\n}\n```\n",
          "content": {
            "application/json": {
              "schema": {
                "$ref": "#/components/schemas/SystemUserAuthenticateRequest"
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "Success",
            "content": {
              "application/json": {
                "schema": {
                  "$ref": "#/components/schemas/SystemUserAuthenticateResponse"
                }
              }
            }
          },
          "400": {
            "description": "Invalid request"
          },
          "401": {
            "description": "Unauthorized"
          }
        }
      }
    },
    "/systemuser/changepassword": {
      "post": {
        "summary": "Change system user password.",
        "description": "Change system user password.<br />\n- Only a **system** and a **service** key can be used to change system user password.\n\n\n|              **Headers**                     |\n|----------------------------------------------|\n\n### licensekey (required)\nLicense key encrypted with ECDSA\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n\n|            **Request Body**                  |\n|----------------------------------------------|\n\n\n### data (required)\nusername and newPassword json, encrypted with ECDSA. <br />\n\n\n|            **Returns**                    |\n|-------------------------------------------|\n\nReturns empty response. <br />\nThis API throw an error if something goes wrong.\n",
        "tags": [
          "System User"
        ],
        "security": [
          {
            "keyId": []
          },
          {
            "keySecret": []
          },
          {
            "license": []
          }
        ],
        "parameters": [
          {
            "name": "licensekey",
            "in": "header",
            "description": "License key encrypted with ECDSA / Try Authorize &#128274;",
            "required": true,
            "schema": {
              "type": "string",
              "example": "Do not enter anything, use 'Authorize' fields"
            }
          },
          {
            "name": "requestid",
            "in": "header",
            "description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize &#128274;",
            "required": true,
            "schema": {
              "type": "string",
              "example": "Do not enter anything, use 'Authorize' fields"
            }
          },
          {
            "name": "publickey",
            "in": "header",
            "description": "Public Key  / Try Authorize &#128274;",
            "required": true,
            "schema": {
              "type": "string",
              "example": "Do not enter anything, use 'Authorize' fields"
            }
          }
        ],
        "requestBody": {
          "description": "Request body contains 'data' field with encrypted object below:\n\nIMPORTANT - you can send unencrypted data and you will get unecrypted data as well, it is only a preview available in Swagger.\n\n```\n{\n    \"username\": \"string required\",\n    \"newPassword\": \"string required\"\n}\n```\n",
          "content": {
            "application/json": {
              "schema": {
                "$ref": "#/components/schemas/SystemUserChangePasswordRequest"
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "Success\n\nEmpty response\n"
          },
          "400": {
            "description": "Invalid request"
          },
          "401": {
            "description": "Unauthorized"
          }
        }
      }
    },
    "/servicekeys": {
      "get": {
        "summary": "Get service keys",
        "description": "This endpoint returns available service keys.\nThe license you are using must be of authLevel 'system'\n\n|              **Headers**                     |\n|----------------------------------------------|\n\n### licensekey (required)\nLicense key encrypted with ECDSA\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n|              **Returns**                     |\n|----------------------------------------------|\n\nReturns array with service keys\n",
        "tags": [
          "Service Key"
        ],
        "security": [
          {
            "keyId": []
          },
          {
            "keySecret": []
          },
          {
            "license": []
          }
        ],
        "parameters": [
          {
            "name": "requestid",
            "in": "header",
            "description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize &#128274;",
            "required": true,
            "schema": {
              "type": "string",
              "example": "Do not enter anything, use 'Authorize' fields"
            }
          },
          {
            "name": "publickey",
            "in": "header",
            "description": "Public Key  / Try Authorize &#128274;",
            "required": true,
            "schema": {
              "type": "string",
              "example": "Do not enter anything, use 'Authorize' fields"
            }
          },
          {
            "name": "licensekey",
            "in": "header",
            "description": "License key encrypted with ECDSA / Try Authorize &#128274;",
            "required": true,
            "schema": {
              "type": "string",
              "example": "Do not enter anything, use 'Authorize' fields"
            }
          }
        ],
        "responses": {
          "200": {
            "description": "Success",
            "content": {
              "application/json": {
                "schema": {
                  "$ref": "#/components/schemas/ServiceKeysResponse"
                }
              }
            }
          },
          "400": {
            "description": "Invalid request"
          },
          "401": {
            "description": "Unauthorized"
          },
          "500": {
            "description": "Internal Server Error"
          }
        }
      }
    },
    "/servicekey/{keyId}": {
      "delete": {
        "summary": "Reset Service Key",
        "description": "This endpoint resets service key for given keyId. Deletes current one and recreates a new one.\nThe license you are using must be of authLevel 'system'\n\n|              **Parameters**                  |\n|----------------------------------------------|\n\n### keyId (required)\nThe keyId of service key to reset\n\n|              **Headers**                     |\n|----------------------------------------------|\n\n### licensekey (required)\nLicense key encrypted with ECDSA\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n|              **Returns**                     |\n|----------------------------------------------|\n\nReturns re-created service key\n",
        "tags": [
          "Service Key"
        ],
        "security": [
          {
            "keyId": []
          },
          {
            "keySecret": []
          },
          {
            "license": []
          }
        ],
        "parameters": [
          {
            "name": "keyId",
            "in": "path",
            "description": "keyId of service key to reset",
            "required": true,
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "requestid",
            "in": "header",
            "description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize &#128274;",
            "required": true,
            "schema": {
              "type": "string",
              "example": "Do not enter anything, use 'Authorize' fields"
            }
          },
          {
            "name": "publickey",
            "in": "header",
            "description": "Public Key  / Try Authorize &#128274;",
            "required": true,
            "schema": {
              "type": "string",
              "example": "Do not enter anything, use 'Authorize' fields"
            }
          },
          {
            "name": "licensekey",
            "in": "header",
            "description": "License key encrypted with ECDSA / Try Authorize &#128274;",
            "required": true,
            "schema": {
              "type": "string",
              "example": "Do not enter anything, use 'Authorize' fields"
            }
          }
        ],
        "responses": {
          "200": {
            "description": "Success",
            "content": {
              "application/json": {
                "schema": {
                  "$ref": "#/components/schemas/ServiceKeysResponse"
                }
              }
            }
          },
          "400": {
            "description": "Invalid request"
          },
          "401": {
            "description": "Unauthorized"
          },
          "500": {
            "description": "Internal Server Error"
          }
        }
      }
    },
    "/sd": {
      "get": {
        "summary": "Get all service directories.",
        "description": "Get all service directories.\n\n|            **Returns**                    |\n|-------------------------------------------|\n\nReturns all service directories.\n",
        "tags": [
          "Service Directory"
        ],
        "responses": {
          "200": {
            "content": {
              "application/json": {
                "schema": {
                  "$ref": "#/components/schemas/GetServiceComponentsResponse"
                }
              }
            }
          }
        }
      }
    },
    "/publickeys": {
      "get": {
        "summary": "Get system's public key.",
        "description": "Get system's public key.\n\n|            **Returns**                    |\n|-------------------------------------------|\n\nReturns a public key object\n",
        "tags": [
          "Public Key"
        ],
        "responses": {
          "200": {
            "content": {
              "application/json": {
                "schema": {
                  "$ref": "#/components/schemas/PublicKeyResponse"
                }
              }
            }
          },
          "401": {
            "description": "Invalid hawk signature / ID found."
          }
        }
      }
    },
    "/tenant/{tenantId}/community/{communityId}/user/user_pin/register": {
      "post": {
        "summary": "Register User PIN",
        "description": "Register a new PIN for a user.<br />\n- Only a **system**, **service**, **service_ext**, **app**, **app_ext**, or **basic** key can be used.\n- **system**, **service**, and **service_ext** keys can register PIN without JWT.\n- For **app/app_ext/basic** keys, a valid JWT is required.\n- PIN is stored as SHA512 hash.\n\n|              **Headers**                     |\n|----------------------------------------------|\n\n### licensekey (required)\nLicense key encrypted with ECDSA\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n|            **Request Body**                  |\n|----------------------------------------------|\n\nRequest body contains 'data' field with encrypted object below:\n\nIMPORTANT - you can send unencrypted data and you will get unencrypted data as well, it is only a preview available in Swagger.\n\n```\n{\n  \"data\": {\n    \"user\": {\n      \"username\": \"string (required)\",\n      \"authModule\": \"string (required)\"\n    },\n    \"pin\": \"string (required)\",\n    \"jwt\": \"string (optional, required for app/app_ext/basic)\"\n  }\n}\n```\n",
        "tags": [
          "User PIN"
        ],
        "security": [
          {
            "keyId": []
          },
          {
            "keySecret": []
          },
          {
            "license": []
          }
        ],
        "parameters": [
          {
            "in": "path",
            "name": "tenantId",
            "required": true,
            "schema": {
              "type": "string"
            }
          },
          {
            "in": "path",
            "name": "communityId",
            "required": true,
            "schema": {
              "type": "string"
            }
          }
        ],
        "requestBody": {
          "required": true,
          "content": {
            "application/json": {
              "schema": {
                "type": "object",
                "properties": {
                  "data": {
                    "type": "object",
                    "properties": {
                      "user": {
                        "type": "object",
                        "properties": {
                          "username": {
                            "type": "string"
                          },
                          "authModule": {
                            "type": "string"
                          }
                        },
                        "required": [
                          "username",
                          "authModule"
                        ]
                      },
                      "pin": {
                        "type": "string"
                      },
                      "jwt": {
                        "type": "string",
                        "description": "JWT (required for app/app_ext/basic)"
                      }
                    },
                    "required": [
                      "user",
                      "pin"
                    ]
                  }
                },
                "required": [
                  "data"
                ]
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "PIN registered successfully",
            "content": {
              "application/json": {
                "schema": {
                  "type": "object",
                  "properties": {
                    "status": {
                      "type": "boolean"
                    }
                  }
                }
              }
            }
          },
          "400": {
            "description": "Bad request"
          },
          "401": {
            "description": "Unauthorized or invalid JWT"
          },
          "405": {
            "description": "PIN already enrolled"
          }
        }
      }
    },
    "/tenant/{tenantId}/community/{communityId}/user/user_pin/update": {
      "patch": {
        "summary": "Update User PIN",
        "description": "Update a user's PIN.<br />\n- **system**, **service**, or **service_ext** keys can update PIN without further checks.<br />\n- For all other key types, one of the following is required:<br />\n  &nbsp;&nbsp;\u2022 A valid JWT (must be present and pass verification)<br />\n  &nbsp;&nbsp;\u2022 OR the correct currentPin (must match the user's existing PIN)<br />\n- PIN is stored as SHA512 hash.\n\n|              **Headers**                     |\n|----------------------------------------------|\n\n### licensekey (required)\nLicense key encrypted with ECDSA\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n|            **Request Body**                  |\n|----------------------------------------------|\n\nRequest body contains 'data' field with encrypted object below:\n\nIMPORTANT - you can send unencrypted data and you will get unencrypted data as well, it is only a preview available in Swagger.\n\n```\n{\n  \"data\": {\n    \"user\": {\n      \"username\": \"string (required)\",\n      \"authModule\": \"string (required)\"\n    },\n    \"currentPin\": \"string (optional, required if no JWT)\",\n    \"newPin\": \"string (required)\",\n    \"jwt\": \"string (optional, required for app/app_ext/basic)\"\n  }\n}\n```\n",
        "tags": [
          "User PIN"
        ],
        "security": [
          {
            "keyId": []
          },
          {
            "keySecret": []
          },
          {
            "license": []
          }
        ],
        "parameters": [
          {
            "in": "path",
            "name": "tenantId",
            "required": true,
            "schema": {
              "type": "string"
            }
          },
          {
            "in": "path",
            "name": "communityId",
            "required": true,
            "schema": {
              "type": "string"
            }
          }
        ],
        "requestBody": {
          "required": true,
          "content": {
            "application/json": {
              "schema": {
                "type": "object",
                "properties": {
                  "data": {
                    "type": "object",
                    "properties": {
                      "user": {
                        "type": "object",
                        "properties": {
                          "username": {
                            "type": "string"
                          },
                          "authModule": {
                            "type": "string"
                          }
                        },
                        "required": [
                          "username",
                          "authModule"
                        ]
                      },
                      "currentPin": {
                        "type": "string",
                        "description": "Required if no JWT. Must match the user's current PIN."
                      },
                      "newPin": {
                        "type": "string"
                      },
                      "jwt": {
                        "type": "string",
                        "description": "JWT (required for app/app_ext/basic). Must be valid and isAuthenticated true."
                      }
                    },
                    "required": [
                      "user",
                      "newPin"
                    ]
                  }
                },
                "required": [
                  "data"
                ]
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "PIN updated successfully",
            "content": {
              "application/json": {
                "schema": {
                  "type": "object",
                  "properties": {
                    "status": {
                      "type": "boolean"
                    }
                  }
                }
              }
            }
          },
          "400": {
            "description": "Bad request"
          },
          "401": {
            "description": "Unauthorized. Must provide a valid JWT or correct currentPin for non-system/service keys."
          },
          "404": {
            "description": "User not found"
          }
        }
      }
    },
    "/tenant/{tenantId}/community/{communityId}/user/user_pin": {
      "delete": {
        "summary": "Delete User PIN",
        "description": "Delete (unenroll) a user's PIN.<br />\n- **system**, **service**, or **service_ext** keys can delete PIN without further checks.<br />\n- For all other key types, one of the following is required:<br />\n  &nbsp;&nbsp;\u2022 A valid JWT (must be present and pass verification)<br />\n  &nbsp;&nbsp;\u2022 OR the correct currentPin (must match the user's existing PIN)<br />\n- Emits E_USER_PIN_UNENROLLED event.\n\n|              **Headers**                     |\n|----------------------------------------------|\n\n### licensekey (required)\nLicense key encrypted with ECDSA\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n|            **Request Body**                  |\n|----------------------------------------------|\n\nRequest body contains 'data' field with encrypted object below:\n\n```\n{\n  \"data\": {\n    \"user\": {\n      \"username\": \"string (required)\",\n      \"authModule\": \"string (required)\"\n    },\n    \"currentPin\": \"string (optional, required if no JWT)\",\n    \"jwt\": \"string (optional, required for app/app_ext/basic)\",\n    \"eventInfo\": {\n      \"clientIp\": \"string (optional)\",\n      \"userAgent\": \"string (optional)\",\n      \"initiatedBy\": \"string (optional, username of the initiator)\"\n    }\n  }\n}\n```\n- Optional `eventInfo` allows passing client IP, user agent, and initiator username for event logging.\n",
        "tags": [
          "User PIN"
        ],
        "security": [
          {
            "keyId": []
          },
          {
            "keySecret": []
          },
          {
            "license": []
          }
        ],
        "parameters": [
          {
            "in": "path",
            "name": "tenantId",
            "required": true,
            "schema": {
              "type": "string"
            }
          },
          {
            "in": "path",
            "name": "communityId",
            "required": true,
            "schema": {
              "type": "string"
            }
          }
        ],
        "requestBody": {
          "required": true,
          "content": {
            "application/json": {
              "schema": {
                "type": "object",
                "properties": {
                  "data": {
                    "type": "object",
                    "properties": {
                      "user": {
                        "type": "object",
                        "properties": {
                          "username": {
                            "type": "string"
                          },
                          "authModule": {
                            "type": "string"
                          }
                        },
                        "required": [
                          "username",
                          "authModule"
                        ]
                      },
                      "currentPin": {
                        "type": "string",
                        "description": "Required if no JWT. Must match the user's current PIN."
                      },
                      "jwt": {
                        "type": "string",
                        "description": "JWT (required for app/app_ext/basic). Must be valid and isAuthenticated true."
                      },
                      "eventInfo": {
                        "type": "object",
                        "properties": {
                          "clientIp": {
                            "type": "string",
                            "description": "Optional custom client IP address for event logging"
                          },
                          "userAgent": {
                            "type": "string",
                            "description": "Optional custom user agent for event logging"
                          },
                          "initiatedBy": {
                            "type": "string",
                            "description": "Username of the person who initiated the action (for event logging)"
                          }
                        }
                      }
                    },
                    "required": [
                      "user"
                    ]
                  }
                },
                "required": [
                  "data"
                ]
              }
            }
          }
        },
        "responses": {
          "204": {
            "description": "PIN deleted successfully (no content)"
          },
          "400": {
            "description": "Bad request"
          },
          "401": {
            "description": "Unauthorized. Must provide a valid JWT or correct currentPin for non-system/service keys."
          },
          "404": {
            "description": "User not found"
          }
        }
      }
    },
    "/tenant/{tenantId}/community/{communityId}/passkey/register": {
      "post": {
        "summary": "Register a passkey credential for a user.",
        "description": "Register a passkey credential for a given user.<br />\n- Only permit **system**, **service**, or **service_ext** key to register a passkey without JWT.\n- For all other key types (**app**, **app_ext**, **basic**), a valid JWT is required.\n\n|              **Headers**                     |\n|----------------------------------------------|\n\n### licensekey (required)\nLicense key encrypted with ECDSA\n\n### requestid (required)\nJSON string encrypted with ECDSA\n\n### publickey (required)\nPublic key\n\n|            **Request Body**                  |\n|----------------------------------------------|\n\nRequest body contains 'data' field with encrypted object below:\n\nIMPORTANT - you can send unencrypted data and you will get unencrypted data as well, it is only a preview available in Swagger.\n\n### credentialId (required)\nCredential ID string\n\n### privateKey (required)\nPrivate key object containing JWK\n\n### rpId (required)\nRelying party ID\n\n### userId (required)\nUser handle / identifier\n\n### userName (required)\nUsername (email)\n\n### userDisplayName (optional)\nDisplay name\n\n### entraAuthMethodId (optional)\nEntra auth method ID\n\n### createdAt (optional)\nCreation timestamp\n\n|            **Returns**                    |\n|-------------------------------------------|\n\nReturns success status and credentialId.<br />\nThis API throws an error if something goes wrong.\n",
        "tags": [
          "Passkey Management"
        ],
        "security": [
          {
            "keyId": []
          },
          {
            "keySecret": []
          },
          {
            "license": []
          }
        ],
        "parameters": [
          {
            "in": "path",
            "name": "tenantId",
            "description": "ID of tenant",
            "required": true,
            "schema": {
              "type": "string",
              "example": "xxxxxxxxxx"
            }
          },
          {
            "in": "path",
            "name": "communityId",
            "required": true,
            "description": "ID of community",
            "schema": {
              "type": "string",
              "example": "xxxxxxxxxxxxxxxxxxxxxxxx"
            }
          },
          {
            "name": "licensekey",
            "in": "header",
            "description": "License key encrypted with ECDSA / Try Authorize &#128274;",
            "required": true,
            "schema": {
              "type": "string",
              "example": "Do not enter anything, use 'Authorize' fields"
            }
          },
          {
            "name": "requestid",
            "in": "header",
            "description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds / Try Authorize &#128274;",
            "required": true,
            "schema": {
              "type": "string",
              "example": "Do not enter anything, use 'Authorize' fields"
            }
          },
          {
            "name": "publickey",
            "in": "header",
            "description": "Public Key / Try Authorize &#128274;",
            "required": true,
            "schema": {
              "type": "string",
              "example": "Do not enter anything, use 'Authorize' fields"
            }
          }
        ],
        "requestBody": {
          "description": "Request body contains 'data' field with encrypted object below:\n\nIMPORTANT - you can send unencrypted data and you will get unencrypted data as well, it is only a preview available in Swagger.\n\n```\n{\n    \"data\": {\n        \"credentialId\": \"string required, credential ID\",\n        \"privateKey\": {\n            \"jwk\": {\n                \"kty\": \"EC\",\n                \"crv\": \"P-256\",\n                \"key_ops\": [\"sign\"],\n                \"ext\": true,\n                \"d\": \"string\",\n                \"x\": \"string\",\n                \"y\": \"string\"\n            },\n            \"algorithm\": \"ES256\",\n            \"curve\": \"P-256\"\n        },\n        \"rpId\": \"string required, relying party ID\",\n        \"userId\": \"string required, user handle / identifier\",\n        \"userName\": \"string required, username (email)\",\n        \"userDisplayName\": \"string optional, display name\",\n        \"entraAuthMethodId\": \"string optional, Entra auth method ID\",\n        \"createdAt\": \"string optional, ISO 8601 timestamp\"\n    }\n}\n```\n",
          "required": true,
          "content": {
            "application/json": {
              "schema": {
                "type": "object",
                "required": [
                  "data"
                ],
                "properties": {
                  "data": {
                    "type": "object",
                    "required": [
                      "credentialId",
                      "privateKey",
                      "rpId",
                      "userId",
                      "userName"
                    ],
                    "properties": {
                      "credentialId": {
                        "type": "string"
                      },
                      "privateKey": {
                        "type": "object",
                        "properties": {
                          "jwk": {
                            "type": "object",
                            "properties": {
                              "kty": {
                                "type": "string"
                              },
                              "crv": {
                                "type": "string"
                              },
                              "key_ops": {
                                "type": "array",
                                "items": {
                                  "type": "string"
                                }
                              },
                              "ext": {
                                "type": "boolean"
                              },
                              "d": {
                                "type": "string"
                              },
                              "x": {
                                "type": "string"
                              },
                              "y": {
                                "type": "string"
                              }
                            }
                          },
                          "algorithm": {
                            "type": "string"
                          },
                          "curve": {
                            "type": "string"
                          }
                        }
                      },
                      "rpId": {
                        "type": "string"
                      },
                      "userId": {
                        "type": "string"
                      },
                      "userName": {
                        "type": "string"
                      },
                      "userDisplayName": {
                        "type": "string"
                      },
                      "entraAuthMethodId": {
                        "type": "string"
                      },
                      "createdAt": {
                        "type": "string",
                        "format": "date-time"
                      }
                    }
                  }
                }
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "Success",
            "content": {
              "application/json": {
                "schema": {
                  "type": "object",
                  "properties": {
                    "success": {
                      "type": "boolean"
                    },
                    "credentialId": {
                      "type": "string"
                    }
                  }
                }
              }
            }
          },
          "400": {
            "description": "Bad Request"
          },
          "401": {
            "description": "Unauthorized"
          },
          "500": {
            "description": "Internal Server Error"
          }
        }
      }
    },
    "/tenant/{tenantId}/community/{communityId}/passkey": {
      "post": {
        "summary": "Get passkey credential for a user.",
        "description": "Fetch passkey credential for a given user.<br />\n- Only permit **system**, **service**, or **service_ext** key to fetch a passkey without JWT.\n- For all other key types (**app**, **app_ext**, **basic**), a valid JWT is required.\n\n|              **Headers**                     |\n|----------------------------------------------|\n\n### licensekey (required)\nLicense key encrypted with ECDSA\n\n### requestid (required)\nJSON string encrypted with ECDSA\n\n### publickey (required)\nPublic key\n\n|            **Request Body**                  |\n|----------------------------------------------|\n\nRequest body contains 'data' field with encrypted object below:\n\nIMPORTANT - you can send unencrypted data and you will get unencrypted data as well, it is only a preview available in Swagger.\n\n### userName (required)\nUsername (email)\n\n|            **Returns**                    |\n|-------------------------------------------|\n\nReturns the passkey credential matching the request.<br />\nThis API throws an error if something goes wrong.\n",
        "tags": [
          "Passkey Management"
        ],
        "security": [
          {
            "keyId": []
          },
          {
            "keySecret": []
          },
          {
            "license": []
          }
        ],
        "parameters": [
          {
            "in": "path",
            "name": "tenantId",
            "description": "ID of tenant",
            "required": true,
            "schema": {
              "type": "string",
              "example": "xxxxxxxxxx"
            }
          },
          {
            "in": "path",
            "name": "communityId",
            "required": true,
            "description": "ID of community",
            "schema": {
              "type": "string",
              "example": "xxxxxxxxxxxxxxxxxxxxxxxx"
            }
          },
          {
            "name": "licensekey",
            "in": "header",
            "description": "License key encrypted with ECDSA / Try Authorize &#128274;",
            "required": true,
            "schema": {
              "type": "string",
              "example": "Do not enter anything, use 'Authorize' fields"
            }
          },
          {
            "name": "requestid",
            "in": "header",
            "description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds / Try Authorize &#128274;",
            "required": true,
            "schema": {
              "type": "string",
              "example": "Do not enter anything, use 'Authorize' fields"
            }
          },
          {
            "name": "publickey",
            "in": "header",
            "description": "Public Key / Try Authorize &#128274;",
            "required": true,
            "schema": {
              "type": "string",
              "example": "Do not enter anything, use 'Authorize' fields"
            }
          }
        ],
        "requestBody": {
          "required": true,
          "content": {
            "application/json": {
              "schema": {
                "type": "object",
                "required": [
                  "data"
                ],
                "properties": {
                  "data": {
                    "type": "object",
                    "required": [
                      "userName"
                    ],
                    "properties": {
                      "userName": {
                        "type": "string"
                      }
                    }
                  }
                }
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "Success",
            "content": {
              "application/json": {
                "schema": {
                  "type": "object",
                  "properties": {
                    "success": {
                      "type": "boolean"
                    },
                    "credential": {
                      "type": "object",
                      "properties": {
                        "id": {
                          "type": "string"
                        },
                        "privateKey": {
                          "type": "object"
                        },
                        "rpId": {
                          "type": "string"
                        },
                        "userHandle": {
                          "type": "string"
                        },
                        "userName": {
                          "type": "string"
                        },
                        "userDisplayName": {
                          "type": "string"
                        },
                        "signCount": {
                          "type": "number"
                        }
                      }
                    }
                  }
                }
              }
            }
          },
          "400": {
            "description": "Bad Request"
          },
          "401": {
            "description": "Unauthorized"
          },
          "500": {
            "description": "Internal Server Error"
          }
        }
      }
    },
    "/jwt/verifyToken": {
      "post": {
        "description": "Verify JWT token.\n\n|            **Request Body**                  |\n|----------------------------------------------|\n\n### token (required)\ntoken : string\n\n|            **Returns**                    |\n|-------------------------------------------|\n\nReturns a decoded token value.\n",
        "tags": [
          "JWT"
        ],
        "requestBody": {
          "content": {
            "application/json": {
              "schema": {
                "$ref": "#/components/schemas/JwtVerifyTokenRequest"
              }
            }
          }
        },
        "responses": {
          "200": {
            "content": {
              "application/json": {
                "schema": {
                  "$ref": "#/components/schemas/JwtVerifyTokenResponse"
                }
              }
            }
          },
          "401": {
            "description": "Invalid / Expired Token."
          }
        }
      }
    },
    "/internal_call/broker_request": {
      "post": {
        "summary": "Make a broker request via socket",
        "description": "This endpoint only called internally from the one pod to another pod. <br />\n\n|              **Returns**                     |\n|----------------------------------------------|\n\nReturn a response from broker.\n",
        "tags": [
          "Internal Broker Call"
        ],
        "requestBody": {
          "content": {
            "application/json": {
              "schema": {
                "$ref": "#/components/schemas/InternalCallRequest"
              }
            }
          }
        },
        "responses": {
          "200": {
            "content": {
              "application/json": {
                "schema": {
                  "$ref": "#/components/schemas/InternalCallResponse"
                }
              }
            }
          }
        }
      }
    },
    "/infra/checkBrokerStatusAndSendNotifications": {
      "post": {
        "summary": "Check broker connection status and send email.",
        "description": "Check broker connection status and send email.<br />\n- Only a **INFRA_LICENSE_KEY** can be used.\n\n|              **Headers**                     |\n|----------------------------------------------|\n\n### licensekey (required)\nUnencrypted infra key\n\n|              **Returns**                     |\n|----------------------------------------------|\n\n204 No Content\n",
        "tags": [
          "Infra"
        ],
        "parameters": [
          {
            "name": "licensekey",
            "in": "header",
            "description": "Infra key",
            "required": true,
            "schema": {
              "type": "string"
            }
          }
        ],
        "responses": {
          "204": {
            "description": "Success\n\nNo Content\n"
          },
          "401": {
            "description": "Unauthorized"
          }
        }
      }
    },
    "/healthz": {
      "get": {
        "summary": "Get healthz.",
        "description": "Get health information\n",
        "tags": [
          "Healthz"
        ],
        "security": [
          {
            "license": []
          }
        ],
        "parameters": [
          {
            "name": "synthetic-heartbeat",
            "in": "header",
            "description": "If this field is set then additional health information is collection (will not be displayed). Valid values are all, onUserCreated, userStateEvents",
            "required": false,
            "schema": {
              "type": "string"
            }
          },
          {
            "name": "licensekey",
            "in": "header",
            "description": "plain text license key;",
            "required": false,
            "schema": {
              "type": "string"
            }
          }
        ],
        "responses": {
          "200": {
            "description": "Success\n\n```\n{\n    \"status\": \"all services operational\",\n    \"publicKey\": \"string\" //same as <service>/publickeys endpoint,\n    \"code\": \"200\",\n    \"version\": \"<git-tag>.<commit-id>.<dob>\"\n}\n\nVersion value contains the following value if the code is build from a git-tag\n\n- ```git-tag```: When code is compiled from a git-tag, this must carry the tag name. This should match one of the git tags.\n- ```commit-id```: This is the git-commit-id. eg: When code is built from this, the hex code, in the end, is the commit it.\n- ```dob```: Date Of Build. This is epoc-time-in-se\tconds that tell the time when the build was created.\n\nOtherwise\n\n- ```commit-id```: This is the git-commit-id. eg: When code is built from this, the hex code, in the end, is the commit it.\n- ```dob```: Date Of Build. This is epoc-time-in-se\tconds that tell the time when the build was created.\n",
            "content": {
              "application/json": {
                "schema": {
                  "$ref": "#/components/schemas/HealthzResponse"
                }
              }
            }
          }
        }
      }
    },
    "/tenant/{tenantId}/community/{communityId}/user/fetch_single_user_by_username": {
      "post": {
        "summary": "Fetch single basic user.",
        "description": "Fetch single basic user. <br />\n- Any valid key can be used to fetch user.\n- If scep is true, basic key cannot be used\n- Auth module must be available and enabled for the community.\n- Returned users will be the type of **'basic'**.\n\n\n|              **Headers**                     |\n|----------------------------------------------|\n\n### licensekey (required)\nLicense key encrypted with ECDSA\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n|            **Request Body**                  |\n|----------------------------------------------|\n\n### authModule (optional)\nID of auth module is optional.\nIf authModule is provided, fetch users from that particular authModule only.\nIf authModule is not provided OR is null OR empty string THEN\n   - fetch default AUTHSCHEME(enabled: true && isDefault: true) from AuthN\n   - If no authScheme found, return ZERO results in the response.\n   - If authScheme is found, collect authModules in following order\n       - dbModule goes at location 0.\n       - other modules: [] get added IN ORDER.\n\n### username (required)\n\n### attributes (optional)\nThis will drive response_user.dir_attributes.\n\n### checkAliases (optional)\nIf it's true, first it will be search w/ username and if it's not found, then search username as alias in user-properties. default is false\n\n### do_transformation (optional)\nIF it's true, THEN only transaform user object. default is true\n\n### check_locks (optional)\nIF it's true, THEN only it will check for user locks status in DB default is true\n\n### load_props (optional)\nIF it's true, THEN only it will fetch user-properties default is true\n\n### includeProperties (optional)\nIF it's true, THEN only it will fetch user-properties, default is false\n\n|            **Returns**                    |\n|-------------------------------------------|\n\nReturns the single user. <br />\nThis API throw an error if something goes wrong.\n",
        "tags": [
          "User Management"
        ],
        "security": [
          {
            "keyId": []
          },
          {
            "keySecret": []
          },
          {
            "license": []
          }
        ],
        "parameters": [
          {
            "in": "path",
            "name": "tenantId",
            "description": "ID of tenant",
            "required": true,
            "schema": {
              "type": "string",
              "example": "xxxxxxxxxx"
            }
          },
          {
            "in": "path",
            "name": "communityId",
            "description": "ID of community",
            "required": true,
            "schema": {
              "type": "string",
              "example": "xxxxxxxxxxxxxxxxxxxxxxxx"
            }
          },
          {
            "name": "licensekey",
            "in": "header",
            "description": "License key encrypted with ECDSA / Try Authorize &#128274;",
            "required": true,
            "schema": {
              "type": "string",
              "example": "Do not enter anything, use 'Authorize' fields"
            }
          },
          {
            "name": "requestid",
            "in": "header",
            "description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize &#128274;",
            "required": true,
            "schema": {
              "type": "string",
              "example": "Do not enter anything, use 'Authorize' fields"
            }
          },
          {
            "name": "publickey",
            "in": "header",
            "description": "Public Key  / Try Authorize &#128274;",
            "required": true,
            "schema": {
              "type": "string",
              "example": "Do not enter anything, use 'Authorize' fields"
            }
          }
        ],
        "requestBody": {
          "description": "Request body contains object below:\n\n```\n{\n    \"authModule\": \"ObjectId optional, ID of authModule\",\n    \"username\": \"username of user required\",\n    \"attributes\": \"array of user attributes, optional\",\n    \"checkAliases\": boolean optional - default false,\n    \"do_transformation\": boolean optional - default true,\n    \"check_locks\": boolean optional - default true,\n    \"load_props\": boolean optional - default true,\n    \"includeProperties\": boolean optional - default false\n}\n```\n",
          "content": {
            "application/json": {
              "schema": {
                "$ref": "#/components/schemas/FetchSingleUserRequest"
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "Success\n\nSingle user fetch result.\n\n```\n{\n    \"data\": {\n        \"username\": \"username\",\n        \"uid\": \"xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx\",\n        \"dguid\": \"xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx\",\n        \"status\": \"active\",\n        \"roleValue\": \"none\",\n        \"type\": \"basic\",\n        \"moduleId\": \"moduleId\",\n        \"onboarding_status\": \"tbd\",\n        \"email\": \"email\",\n        \"firstname\": \"Firstname\",\n        \"lastname\": \"Lastname\",\n        \"phone\": \"xxxxxx\",\n        \"forcePasswordReset\": true/false, // it return, if forcePasswordResetEnabled for AD Broker Auth module\n        \"urn\": \"xxx:xxx:xxxxxxxxxxxx:xxx:xxxxxxxxxxxxxxxxxxxx:xxx:xxxxxxxxxxxxxx:xxx:xxxxxxxxxxx:xxx:xxxxxxxxxxxx\",\n        \"scepCredentials\": {} // if scep is true and system/service level licensekey used\n        \"user_certificate\": ecdsa($scepCredentials) // if scep is true and service_ext/app/app_ext level licensekey used\n        \"typing_phrase\": \"typing phrase\",\n        \"is_user_pin_enrolled\": true/false,\n        \"userProperties\": { mobiles: [], landlines: [], aliases: {} } // if includeProperties is true\n    },\n    publicKey: \"servicekey's publickey\"\n}\n```\n",
            "content": {
              "application/json": {
                "schema": {
                  "$ref": "#/components/schemas/FetchSingleUsersResponse"
                }
              }
            }
          },
          "400": {
            "description": "Invalid request"
          },
          "401": {
            "description": "Unauthorized"
          },
          "404": {
            "description": "Not Found"
          },
          "500": {
            "description": "Internal Server Error"
          }
        }
      }
    },
    "/tenant/{tenantId}/community/{communityId}/user/validate_user_password": {
      "post": {
        "summary": "Verify user password.",
        "description": "Verify user password.<br />\n- Any valid community license key can be used.\n- This API now generates \"proof_of_authentication\" which can be encrypted for a referrer using ECDSA\n\n|              **Headers**                     |\n|----------------------------------------------|\n\n### licensekey (required)\nLicense key encrypted with ECDSA\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n\n|            **Request Body**                  |\n|----------------------------------------------|\n\n\n### data (required)\nauthModule, username, password encrypted with ECDSA. <br />\n\n\n|            **Returns**                    |\n|-------------------------------------------|\n\nReturns the ECDSA encrypted user, and public key. <br />\nThis API throw an error if something goes wrong.\n",
        "tags": [
          "User Management"
        ],
        "security": [
          {
            "keyId": []
          },
          {
            "keySecret": []
          },
          {
            "license": []
          }
        ],
        "parameters": [
          {
            "in": "path",
            "name": "tenantId",
            "description": "ID of tenant",
            "required": true,
            "schema": {
              "type": "string",
              "example": "xxxxxxxxxx"
            }
          },
          {
            "in": "path",
            "name": "communityId",
            "description": "ID of community",
            "required": true,
            "schema": {
              "type": "string",
              "example": "xxxxxxxxxxxxxxxxxxxxxxxx"
            }
          },
          {
            "name": "licensekey",
            "in": "header",
            "description": "License key encrypted with ECDSA / Try Authorize &#128274;",
            "required": true,
            "schema": {
              "type": "string",
              "example": "Do not enter anything, use 'Authorize' fields"
            }
          },
          {
            "name": "requestid",
            "in": "header",
            "description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize &#128274;",
            "required": true,
            "schema": {
              "type": "string",
              "example": "Do not enter anything, use 'Authorize' fields"
            }
          },
          {
            "name": "publickey",
            "in": "header",
            "description": "Public Key  / Try Authorize &#128274;",
            "required": true,
            "schema": {
              "type": "string",
              "example": "Do not enter anything, use 'Authorize' fields"
            }
          }
        ],
        "requestBody": {
          "description": "Request body contains 'data' field with encrypted object below:\n\nIMPORTANT - you can send unencrypted data and you will get unecrypted data as well, it is only a preview available in Swagger.\n\n```\n{\n    \"authModule\": \"ObjectId required, ID of auth module\",\n    \"username\": \"string required\",\n    \"dn\": \"string optional\",\n    \"password\": \"string required\"\n}\n```\n",
          "content": {
            "application/json": {
              "schema": {
                "$ref": "#/components/schemas/UserAuthenticateRequest"
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "Success\n\nAuthenticated user object:\n```\n{\n    \"data\":{\n              \"username\": \"username\",\n              \"moduleId\": \"moduleId\",\n              \"proof_of_authentication_jwt\":\"xxx\"\n         },\n    \"publicKey\": \"xxxxxx\"\n}\n```\n",
            "content": {
              "application/json": {
                "schema": {
                  "$ref": "#/components/schemas/UsernamePasswordAuthenticateResponse"
                }
              }
            }
          },
          "400": {
            "description": "Invalid request"
          },
          "401": {
            "description": "Unauthorized"
          },
          "404": {
            "description": "Not Found"
          },
          "500": {
            "description": "Internal Server Error"
          }
        }
      }
    },
    "/tenant/{tenantId}/community/{communityId}/user/verify_user_ktoken": {
      "post": {
        "summary": "Verify user ktoken.",
        "description": "Verify user ktoken.<br />\n- Any valid community license key can be used.\n- This API now generates \"proof_of_authentication\" which can be encrypted for a referrer using ECDSA\n\n|              **Headers**                     |\n|----------------------------------------------|\n\n### licensekey (required)\nLicense key encrypted with ECDSA\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n\n|            **Request Body**                  |\n|----------------------------------------------|\n\n\n### data (required)\nktoken, attributes encrypted with ECDSA. <br />\n\n\n|            **Returns**                    |\n|-------------------------------------------|\n\nReturns the ECDSA encrypted user, and public key. <br />\nThis API throw an error if something goes wrong.\n",
        "tags": [
          "User Management"
        ],
        "security": [
          {
            "keyId": []
          },
          {
            "keySecret": []
          },
          {
            "license": []
          }
        ],
        "parameters": [
          {
            "in": "path",
            "name": "tenantId",
            "description": "ID of tenant",
            "required": true,
            "schema": {
              "type": "string",
              "example": "xxxxxxxxxx"
            }
          },
          {
            "in": "path",
            "name": "communityId",
            "description": "ID of community",
            "required": true,
            "schema": {
              "type": "string",
              "example": "xxxxxxxxxxxxxxxxxxxxxxxx"
            }
          },
          {
            "name": "licensekey",
            "in": "header",
            "description": "License key encrypted with ECDSA / Try Authorize &#128274;",
            "required": true,
            "schema": {
              "type": "string",
              "example": "Do not enter anything, use 'Authorize' fields"
            }
          },
          {
            "name": "requestid",
            "in": "header",
            "description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize &#128274;",
            "required": true,
            "schema": {
              "type": "string",
              "example": "Do not enter anything, use 'Authorize' fields"
            }
          },
          {
            "name": "publickey",
            "in": "header",
            "description": "Public Key  / Try Authorize &#128274;",
            "required": true,
            "schema": {
              "type": "string",
              "example": "Do not enter anything, use 'Authorize' fields"
            }
          }
        ],
        "requestBody": {
          "description": "Request body contains 'data' field with encrypted object below:\n\nIMPORTANT - you can send unencrypted data and you will get unecrypted data as well, it is only a preview available in Swagger.\n\n```\n{\n    \"ktoken\": \"string required\",\n    \"attributes\": [] // optional\n}\n```\n",
          "content": {
            "application/json": {
              "schema": {
                "$ref": "#/components/schemas/UserAuthenticateRequest"
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "Success\n\nAuthenticated user object:\n```\n{\n    \"data\":{\n              \"username\": \"\",\n              \"uid\": \"\",\n              \"dguid\": \"\",\n              \"status\": \"\",\n              \"roleValue\": \"\",\n              \"type\": \"\",\n              \"moduleId\": \"\",\n              \"onboarding_status\": \"tbd\",\n              \"email\": \"\",\n              \"firstname\": \"\",\n              \"lastname\": \"\",\n              \"phone\": \"\",\n              \"urn\": \"\",\n              \"proof_of_authentication_jwt\":\"\"\n         },\n    \"publicKey\": \"\"\n}\n```\n",
            "content": {
              "application/json": {
                "schema": {
                  "$ref": "#/components/schemas/UsernamePasswordAuthenticateResponse"
                }
              }
            }
          },
          "400": {
            "description": "Invalid request"
          },
          "401": {
            "description": "Unauthorized"
          },
          "404": {
            "description": "Not Found"
          },
          "500": {
            "description": "Internal Server Error"
          }
        }
      }
    },
    "/tenant/{tenantId}/community/{communityId}/factor_lock": {
      "delete": {
        "summary": "Delete FactorLock and FactorMistakes by communityId, tenantId, factor and userId.",
        "description": "Delete FactorLock and FactorMistakes by communityId and tenantId, factor and userId. <br />\n- License Key must be authorized for community.\n- Only a **system** and **service** key can be used to delete user factor of communityId,tenantId.\n\n\n|              **Headers**                     |\n|----------------------------------------------|\n\n### licensekey (required)\nLicense key encrypted with ECDSA\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n|            **Request Body**                  |\n|----------------------------------------------|\n\n### userId (required)\nuserId of user.\n\n### factor (required)\nName of the factor\n\n### authModuleId (required)\nmoduleId\n\n|            **Returns**                    |\n|-------------------------------------------|\n\nNo content. <br />\nThis API throw an error if something goes wrong.\n",
        "tags": [
          "Factor"
        ],
        "security": [
          {
            "keyId": []
          },
          {
            "keySecret": []
          },
          {
            "license": []
          }
        ],
        "parameters": [
          {
            "name": "tenantId",
            "in": "path",
            "description": "ID of tenant",
            "required": true,
            "schema": {
              "type": "string",
              "example": "xxxxxxxxxx"
            }
          },
          {
            "name": "communityId",
            "in": "path",
            "description": "ID of community",
            "required": true,
            "schema": {
              "type": "string",
              "example": "xxxxxxxxxxxxxxxxxxxxxxxx"
            }
          },
          {
            "name": "licensekey",
            "in": "header",
            "description": "License key encrypted with ECDSA / Try Authorize &#128274;",
            "required": true,
            "schema": {
              "type": "string",
              "example": "Do not enter anything, use 'Authorize' fields"
            }
          },
          {
            "name": "requestid",
            "in": "header",
            "description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize &#128274;",
            "required": true,
            "schema": {
              "type": "string",
              "example": "Do not enter anything, use 'Authorize' fields"
            }
          },
          {
            "name": "publickey",
            "in": "header",
            "description": "Public Key  / Try Authorize &#128274;",
            "required": true,
            "schema": {
              "type": "string",
              "example": "Do not enter anything, use 'Authorize' fields"
            }
          }
        ],
        "requestBody": {
          "description": "Request body contains below fields to delete user factor.\n\n```\n{\n    \"userId\": \"string required\",\n    \"factor\": \"string required\",\n    \"authModuleId\" : \"string required\",\n    \"eventData\": \"object optional\"\n}\n```\n",
          "content": {
            "application/json": {
              "schema": {
                "$ref": "#/components/schemas/UserFactorUpdateRequest"
              }
            }
          }
        },
        "responses": {
          "204": {
            "description": "Success\n\nNo Content\n"
          },
          "400": {
            "description": "Invalid request"
          },
          "401": {
            "description": "Unauthorized"
          },
          "404": {
            "description": "Data is not found."
          }
        }
      }
    },
    "/environment": {
      "get": {
        "description": "Provide details regarding the environments.\n|            **Returns**                    |\n|-------------------------------------------|\n\nReturns an environment object\n",
        "tags": [
          "Environment"
        ],
        "security": [
          {
            "license": []
          }
        ],
        "responses": {
          "200": {
            "description": "Success"
          }
        }
      }
    },
    "/ecdsa_helper/{method}": {
      "post": {
        "summary": "Encrypt and decrypt the data string by public key and private key.",
        "description": "Encrypt and decrypt the data string by public key and private key.\n\n|              **Parameters**                  |\n|----------------------------------------------|\n\n### method (optional)\nThe method parameter is type of enum. Default value is encrypt. <br />\nThis parameter only accepts following values <br />\n   **encrypt**, **decrypt**\n\n\n|            **Request Body**                  |\n|----------------------------------------------|\n\n\n### dataStr (required)\nThe dataStr key is type of string.\n\n<br />\n### publicKey (required)\nThe publicKey is type of string.\n\n<br />\n### privateKey (required)\nThe privateKey is type of string.\n\n|            **Returns**                    |\n|-------------------------------------------|\n\nReturns the encrypted/decrypted string. <br />\nThis API throw an error if something goes wrong. A common source of error is public or private key is not valid.\n",
        "tags": [
          "ECDSA Helper"
        ],
        "requestBody": {
          "content": {
            "application/json": {
              "schema": {
                "$ref": "#/components/schemas/EcdsaEncryptDecryptRequest"
              }
            }
          }
        },
        "parameters": [
          {
            "in": "path",
            "name": "method",
            "schema": {
              "type": "string",
              "enum": [
                "encrypt",
                "decrypt"
              ],
              "default": "encrypt"
            }
          }
        ],
        "responses": {
          "200": {
            "description": "successful operation",
            "content": {
              "application/json": {
                "schema": {
                  "$ref": "#/components/schemas/EcdsaEncryptDecryptResponse"
                }
              }
            }
          }
        }
      }
    },
    "/tenant/{tenantId}/community/{communityId}/module/{moduleId}/broker/fetch": {
      "get": {
        "summary": "Fetch Broker Connections by CommunityId and AuthModuleId",
        "description": "Fetch Broker Connections by CommunityId and AuthModuleId <br />\n- License Key must be authorized for community.\n- Only a **system** and **service** key can be used to fetch brokerConnection of communityId and authModuleId.\n\n|              **Headers**                     |\n|----------------------------------------------|\n\n### licensekey (required)\nLicense key encrypted with ECDSA\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n\n|            **Returns**                    |\n|-------------------------------------------|\n\nReturns all broker connections of community and authModule. <br />\nThis API throw an error if something goes wrong.\n",
        "tags": [
          "Broker Connection"
        ],
        "security": [
          {
            "keyId": []
          },
          {
            "keySecret": []
          },
          {
            "license": []
          }
        ],
        "parameters": [
          {
            "name": "tenantId",
            "in": "path",
            "description": "ID of tenant",
            "required": true,
            "schema": {
              "type": "string",
              "example": "xxxxxxxxxx"
            }
          },
          {
            "name": "communityId",
            "in": "path",
            "description": "ID of community",
            "required": true,
            "schema": {
              "type": "string",
              "example": "xxxxxxxxxxxxxxxxxxxxxxxx"
            }
          },
          {
            "name": "moduleId",
            "in": "path",
            "description": "ID of auth module",
            "required": true,
            "schema": {
              "type": "string",
              "example": "xxxxxxxxxxxxxxxxxxxxxxxx"
            }
          },
          {
            "name": "licensekey",
            "in": "header",
            "description": "License key encrypted with ECDSA / Try Authorize &#128274;",
            "required": true,
            "schema": {
              "type": "string",
              "example": "Do not enter anything, use 'Authorize' fields"
            }
          },
          {
            "name": "requestid",
            "in": "header",
            "description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize &#128274;",
            "required": true,
            "schema": {
              "type": "string",
              "example": "Do not enter anything, use 'Authorize' fields"
            }
          },
          {
            "name": "publickey",
            "in": "header",
            "description": "Public Key  / Try Authorize &#128274;",
            "required": true,
            "schema": {
              "type": "string",
              "example": "Do not enter anything, use 'Authorize' fields"
            }
          }
        ],
        "responses": {
          "200": {
            "description": "Success\n\nList of Broker connection:\n\n```\n[\n    {\n        \"_id\": \"6144aa82eebec1d23cca4f2c\",\n        \"uid\": \"6144aa82eebec1d23cca4f2c\",\n        \"name\": \"Broker\",\n        \"communityId\": \"5f3d8d0cd866fa61019cf969\",\n        \"authModuleId\": \"614084282494d47759868179\",\n        \"enabled\": true,\n        \"authorized\": true,\n        \"connected\": true,\n        \"version\": \"V 13.3\",\n        \"connectedAt\": \"2021-09-15T08:33:02.900Z\"\n        \"lastPingAt\": \"2021-09-15T08:33:02.900Z\",\n        \"lastDisconnectedAt\": \"2021-09-15T08:33:02.900Z\",\n        \"lastNotificationSentAt\": \"2021-09-15T08:33:02.900Z\",\n        \"ip\": \"123.123.123.123\",\n        \"port\": \"1234\"\n    }\n]\n```\n",
            "content": {
              "application/json": {
                "schema": {
                  "$ref": "#/components/schemas/BrokerConnectionFetchResponse"
                }
              }
            }
          },
          "400": {
            "description": "Invalid request"
          },
          "401": {
            "description": "Unauthorized"
          }
        }
      }
    },
    "/tenant/{tenantId}/community/{communityId}/module/{moduleId}/broker/update": {
      "patch": {
        "summary": "Update broker connection name.",
        "description": "Update broker connection name. <br />\n- Key must be authorized for community.\n- Only a **system** and **service** key can be used to enable/disable broker by the community & auth module & uid.\n- Broker with requested uid must be for requested community/authModule.\n- Only broker name can be edited via this API.\n\n|              **Headers**                     |\n|----------------------------------------------|\n\n### licensekey (required)\nLicense key encrypted with ECDSA\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n\n|            **Request Body**                  |\n|----------------------------------------------|\n\n### uuid (required)\nUUID of broker connection.\n\n### name (required)\nName of broker connection.\n\n\n|            **Returns**                    |\n|-------------------------------------------|\n\nReturns the updated broker connection. <br />\nThis API throw an error if something goes wrong.\n",
        "tags": [
          "Broker Connection"
        ],
        "security": [
          {
            "keyId": []
          },
          {
            "keySecret": []
          },
          {
            "license": []
          }
        ],
        "parameters": [
          {
            "name": "tenantId",
            "in": "path",
            "description": "ID of tenant",
            "required": true,
            "schema": {
              "type": "string",
              "example": "xxxxxxxxxx"
            }
          },
          {
            "name": "communityId",
            "in": "path",
            "description": "ID of community",
            "required": true,
            "schema": {
              "type": "string",
              "example": "xxxxxxxxxxxxxxxxxxxxxxxx"
            }
          },
          {
            "name": "moduleId",
            "in": "path",
            "description": "ID of auth module",
            "required": true,
            "schema": {
              "type": "string",
              "example": "xxxxxxxxxxxxxxxxxxxxxxxx"
            }
          },
          {
            "name": "licensekey",
            "in": "header",
            "description": "License key encrypted with ECDSA / Try Authorize &#128274;",
            "required": true,
            "schema": {
              "type": "string",
              "example": "Do not enter anything, use 'Authorize' fields"
            }
          },
          {
            "name": "requestid",
            "in": "header",
            "description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize &#128274;",
            "required": true,
            "schema": {
              "type": "string",
              "example": "Do not enter anything, use 'Authorize' fields"
            }
          },
          {
            "name": "publickey",
            "in": "header",
            "description": "Public Key  / Try Authorize &#128274;",
            "required": true,
            "schema": {
              "type": "string",
              "example": "Do not enter anything, use 'Authorize' fields"
            }
          }
        ],
        "requestBody": {
          "description": "Broker connection name to update.\n\n```\n{\n    \"uid\": \"required\",\n    \"name\": \"string required\"\n}\n```\n",
          "content": {
            "application/json": {
              "schema": {
                "$ref": "#/components/schemas/BrokerConnectionUpdateRequest"
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "Success\n\nUpdated broker connection:\n\n```\n{\n    \"_id\": \"ObjectID\",\n    \"uid\": \"614084282494d47759868178\",\n    \"name\": \"Broker name\",\n    \"communityId\": \"5f3d8d0cd866fa61019cf969\",\n    \"authModuleId\": \"614084282494d47759868179\",\n    \"enabled\": true,\n    \"authorized\": true,\n    \"connected\": true,\n    \"version\": \"V 13.3\",\n    \"connectedAt\": \"2021-09-15T08:33:02.900Z\"\n    \"lastPingAt\": \"2021-09-15T08:33:02.900Z\",\n    \"lastDisconnectedAt\": \"2021-09-15T08:33:02.900Z\",\n    \"lastNotificationSentAt\": \"2021-09-15T08:33:02.900Z\",\n    \"ip\": \"123.123.123.123\",\n    \"port\": \"1234\"\n}\n```\n",
            "content": {
              "application/json": {
                "schema": {
                  "$ref": "#/components/schemas/BrokerConnectionUpdateResponse"
                }
              }
            }
          },
          "400": {
            "description": "Invalid request"
          },
          "401": {
            "description": "Unauthorized"
          },
          "404": {
            "description": "Data is not found."
          },
          "500": {
            "description": "Internal server error"
          }
        }
      }
    },
    "/tenant/{tenantId}/community/{communityId}/module/{moduleId}/broker/changestatus": {
      "patch": {
        "summary": "enable/disable broker by the community & auth module & uid",
        "description": "enable/disable broker by the community & auth module & uid. <br />\n- Key must be authorized for community.\n- Only a **system** and **service** key can be used to enable/disable broker by the community & auth module & uid.\n- Broker with requested uid must be for requested community/authModule.\n- Only Authorized brokers (authorized = true) can be enabled.\n\n|              **Headers**                     |\n|----------------------------------------------|\n\n### licensekey (required)\nLicense key encrypted with ECDSA\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n\n|            **Request Body**                  |\n|----------------------------------------------|\n\n### uuid (required)\nUUID of broker connection.\n\n### enabled (required)\nThis key sets the enable status of broker connection.\n\n\n|            **Returns**                    |\n|-------------------------------------------|\n\nReturns the updated broker connection. <br />\nThis API throw an error if something goes wrong.\n",
        "tags": [
          "Broker Connection"
        ],
        "security": [
          {
            "keyId": []
          },
          {
            "keySecret": []
          },
          {
            "license": []
          }
        ],
        "parameters": [
          {
            "name": "tenantId",
            "in": "path",
            "description": "ID of tenant",
            "required": true,
            "schema": {
              "type": "string",
              "example": "xxxxxxxxxx"
            }
          },
          {
            "name": "communityId",
            "in": "path",
            "description": "ID of community",
            "required": true,
            "schema": {
              "type": "string",
              "example": "xxxxxxxxxxxxxxxxxxxxxxxx"
            }
          },
          {
            "name": "moduleId",
            "in": "path",
            "description": "ID of auth module",
            "required": true,
            "schema": {
              "type": "string",
              "example": "xxxxxxxxxxxxxxxxxxxxxxxx"
            }
          },
          {
            "name": "licensekey",
            "in": "header",
            "description": "License key encrypted with ECDSA / Try Authorize &#128274;",
            "required": true,
            "schema": {
              "type": "string",
              "example": "Do not enter anything, use 'Authorize' fields"
            }
          },
          {
            "name": "requestid",
            "in": "header",
            "description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize &#128274;",
            "required": true,
            "schema": {
              "type": "string",
              "example": "Do not enter anything, use 'Authorize' fields"
            }
          },
          {
            "name": "publickey",
            "in": "header",
            "description": "Public Key  / Try Authorize &#128274;",
            "required": true,
            "schema": {
              "type": "string",
              "example": "Do not enter anything, use 'Authorize' fields"
            }
          }
        ],
        "requestBody": {
          "description": "Broker connection status to update.\n\n```\n{\n    \"uid\": \"required\"\n    \"enabled\": \"boolean, true or false\"\n}\n```\n",
          "content": {
            "application/json": {
              "schema": {
                "$ref": "#/components/schemas/BrokerConnectionStatusUpdateRequest"
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "Success\n\nUpdated broker connection:\n\n```\n{\n    \"_id\": \"xxxxxxxxxxxxxxxxxxxxxxxx\",\n    \"uid\": \"xxxxxxxxxxxxxxxxxxxxxxxx\",\n    \"name\": \"xxxxxx\",\n    \"communityId\": \"xxxxxxxxxxxxxxxxxxxxxxxx\",\n    \"authModuleId\": \"xxxxxxxxxxxxxxxxxxxxxxxx\",\n    \"enabled\": true,\n    \"authorized\": true,\n    \"connected\": true,\n    \"version\": \"V 13.3\",\n    \"connectedAt\": \"xxxx-xx-xxTxx:xx:xx.xxxx\"\n    \"lastPingAt\": \"xxxx-xx-xxTxx:xx:xx.xxxx\",\n    \"lastDisconnectedAt\": \"xxxx-xx-xxTxx:xx:xx.xxxx\",\n    \"lastNotificationSentAt\": \"xxxx-xx-xxTxx:xx:xx.xxxx\",\n    \"ip\": \"xxxx\",\n    \"port\": \"xxx\"\n}\n```\n",
            "content": {
              "application/json": {
                "schema": {
                  "$ref": "#/components/schemas/BrokerConnectionStatusUpdateResponse"
                }
              }
            }
          },
          "400": {
            "description": "Invalid request"
          },
          "401": {
            "description": "Unauthorized"
          },
          "404": {
            "description": "Data is not found"
          },
          "500": {
            "description": "Internal server error"
          }
        }
      }
    },
    "/tenant/{tenantId}/community/{communityId}/module/{moduleId}/broker/{uid}": {
      "delete": {
        "summary": "Delete broker connection by communityId and authModuleId and uid of broker.",
        "description": "Delete broker connection by communityId and authModuleId and uid of broker. <br />\n- License Key must be authorized for community.\n- Only a **system** and **service** key can be used to delete brokerConnection of communityId and authModuleId and uid of broker.\n- Broker with requested uid must be for requested community/authModule.\n\n|              **Headers**                     |\n|----------------------------------------------|\n\n### licensekey (required)\nLicense key encrypted with ECDSA\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n\n|            **Returns**                    |\n|-------------------------------------------|\n\nNo content. <br />\nThis API throw an error if something goes wrong.\n",
        "tags": [
          "Broker Connection"
        ],
        "security": [
          {
            "keyId": []
          },
          {
            "keySecret": []
          },
          {
            "license": []
          }
        ],
        "parameters": [
          {
            "name": "tenantId",
            "in": "path",
            "description": "ID of tenant",
            "required": true,
            "schema": {
              "type": "string",
              "example": "xxxxxxxxxx"
            }
          },
          {
            "name": "communityId",
            "in": "path",
            "description": "ID of community",
            "required": true,
            "schema": {
              "type": "string",
              "example": "xxxxxxxxxxxxxxxxxxxxxxxx"
            }
          },
          {
            "name": "moduleId",
            "in": "path",
            "description": "ID of auth module",
            "required": true,
            "schema": {
              "type": "string",
              "example": "xxxxxxxxxxxxxxxxxxxxxxxx"
            }
          },
          {
            "name": "uid",
            "in": "path",
            "description": "UID of broker connection",
            "required": true,
            "schema": {
              "type": "string",
              "example": "xxxxxxxxxxxxxxxxxxxxxxxx"
            }
          },
          {
            "name": "licensekey",
            "in": "header",
            "description": "License key encrypted with ECDSA / Try Authorize &#128274;",
            "required": true,
            "schema": {
              "type": "string",
              "example": "Do not enter anything, use 'Authorize' fields"
            }
          },
          {
            "name": "requestid",
            "in": "header",
            "description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize &#128274;",
            "required": true,
            "schema": {
              "type": "string",
              "example": "Do not enter anything, use 'Authorize' fields"
            }
          },
          {
            "name": "publickey",
            "in": "header",
            "description": "Public Key  / Try Authorize &#128274;",
            "required": true,
            "schema": {
              "type": "string",
              "example": "Do not enter anything, use 'Authorize' fields"
            }
          }
        ],
        "responses": {
          "204": {
            "description": "Success\n\nNo Content\n"
          },
          "400": {
            "description": "Invalid request"
          },
          "401": {
            "description": "Unauthorized"
          },
          "404": {
            "description": "Data is not found."
          }
        }
      }
    },
    "/tenant/{tenantId}/community/{communityId}/user/behavior_auth/random_phrase/fetch": {
      "post": {
        "summary": "Fetch random phrase for behavior authentication",
        "description": "Fetch a random phrase for behavior authentication.<br />\n**Authorization:**<br />\n- System and infra_license_key callers do not require a JWT.<br />\n- All other license auth levels (service, app, app_ext, etc.) must include a valid JWT.<br />\n**Encrypted payload:**<br />\nRequest body must contain a `data` field (encrypted string) and a decrypted preview:<br />\n```\n{\n  \"data\": {\n    \"jwt\": \"string (optional \u2014 required for non-system/non-infra license)\",\n    \"language\": \"string (optional \u2014 one of: en, es, pt, fr, de. Defaults to en if not provided)\"\n  }\n}\n```\n- If JWT is required, it must be verified and have \"isAuthenticated: true\".\n- If language is not provided or unsupported, defaults to \"en\". Empty string is not accepted.\n",
        "tags": [
          "Behavior Auth"
        ],
        "security": [
          {
            "keyId": []
          },
          {
            "keySecret": []
          },
          {
            "license": []
          }
        ],
        "parameters": [
          {
            "in": "path",
            "name": "tenantId",
            "required": true,
            "schema": {
              "type": "string"
            }
          },
          {
            "in": "path",
            "name": "communityId",
            "required": true,
            "schema": {
              "type": "string"
            }
          }
        ],
        "requestBody": {
          "required": true,
          "content": {
            "application/json": {
              "schema": {
                "type": "object",
                "properties": {
                  "data": {
                    "type": "object",
                    "properties": {
                      "jwt": {
                        "type": "string",
                        "description": "Optional \u2014 required for non-system/non-infra license auth levels"
                      },
                      "language": {
                        "type": "string",
                        "enum": [
                          "en",
                          "es",
                          "pt",
                          "fr",
                          "de"
                        ],
                        "description": "Optional \u2014 language for phrase selection. Defaults to \"en\""
                      }
                    }
                  }
                },
                "required": [
                  "data"
                ]
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "Encrypted response containing random phrase and user token. Decrypted preview",
            "content": {
              "application/json": {
                "schema": {
                  "type": "object",
                  "properties": {
                    "data": {
                      "type": "object",
                      "properties": {
                        "phrase": {
                          "type": "string"
                        },
                        "user_token": {
                          "type": "string"
                        },
                        "language": {
                          "type": "string",
                          "description": "The language of the phrase served (e.g. \"en\", \"fr\")"
                        }
                      }
                    },
                    "publicKey": {
                      "type": "string"
                    }
                  }
                }
              }
            }
          },
          "400": {
            "description": "Bad request"
          },
          "401": {
            "description": "Unauthorized or invalid JWT"
          }
        }
      }
    },
    "/tenant/{tenantId}/community/{communityId}/user/behavior_auth/register": {
      "post": {
        "summary": "Register behavior authentication (phrase/pattern)",
        "description": "Register a phrase and typing pattern for a user.<br />\n**Authorization:**<br />\n- Requires system/service level key.<br />\n- If app/app_ext/service_ext key is used, request body must include a valid JWT.<br />\n**Encrypted payload:**<br />\nRequest body must contain a `data` field (encrypted string) and a decrypted preview:<br />\n```\n{\n  \"authModule\": \"string (required)\",\n  \"username\": \"string (required)\",\n  \"phrase\": \"string (required)\",\n  \"pattern\": \"string (base64, required)\",\n  \"jwt\": \"string (required for app/app_ext/service_ext)\",\n  \"user_token\": \"string (required)\",\n  \"eventInfo\": {\n    \"clientIp\": \"string (optional)\",\n    \"userAgent\": \"string (optional)\"\n  }\n}\n```\n- JWT must be verified and have \"isAuthenticated: true\".<br />\n- Username in JWT must match username in request body.<br />\n- user_token must be valid (private decryption).<br />\n- If user already has a phrase registered, call fails (NOT_ALLOWED).<br />\n- If first attempt, user-token.attempts = 0.<br />\n- Calls Typing to delete and register pattern.<br />\n- If attempts === required attempts (from CaaS config), updates user props.<br />\n- If more attempts needed, bakes new user token.<br />\n- Returns next_step: done | try again, user_token: encrypted.<br />\n- Optional `eventInfo` allows passing custom client IP and user agent for event logging.<br />\n- Emits E_BEHAVIOR_AUTH_ENROLLED event on success.\n",
        "tags": [
          "Behavior Auth"
        ],
        "security": [
          {
            "keyId": []
          },
          {
            "keySecret": []
          },
          {
            "license": []
          }
        ],
        "parameters": [
          {
            "in": "path",
            "name": "tenantId",
            "required": true,
            "schema": {
              "type": "string"
            }
          },
          {
            "in": "path",
            "name": "communityId",
            "required": true,
            "schema": {
              "type": "string"
            }
          }
        ],
        "requestBody": {
          "required": true,
          "content": {
            "application/json": {
              "schema": {
                "type": "object",
                "properties": {
                  "data": {
                    "type": "object",
                    "properties": {
                      "authModule": {
                        "type": "string"
                      },
                      "username": {
                        "type": "string"
                      },
                      "phrase": {
                        "type": "string"
                      },
                      "pattern": {
                        "type": "string",
                        "description": "base64 string"
                      },
                      "jwt": {
                        "type": "string"
                      },
                      "user_token": {
                        "type": "string"
                      },
                      "eventInfo": {
                        "type": "object",
                        "properties": {
                          "clientIp": {
                            "type": "string",
                            "description": "Optional custom client IP address for event logging"
                          },
                          "userAgent": {
                            "type": "string",
                            "description": "Optional custom user agent for event logging"
                          }
                        }
                      }
                    },
                    "required": [
                      "authModule",
                      "username",
                      "phrase",
                      "pattern",
                      "user_token"
                    ]
                  }
                },
                "required": [
                  "data"
                ]
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "Registration successful. Encrypted response with next_step and user_token.",
            "content": {
              "application/json": {
                "schema": {
                  "type": "object",
                  "properties": {
                    "next_step": {
                      "type": "string",
                      "enum": [
                        "done",
                        "try again"
                      ]
                    },
                    "user_token": {
                      "type": "string"
                    }
                  }
                }
              }
            }
          },
          "400": {
            "description": "Bad request"
          },
          "401": {
            "description": "Unauthorized or invalid JWT/user_token"
          },
          "405": {
            "description": "Not allowed (already registered)"
          }
        }
      }
    },
    "/tenant/{tenantId}/community/{communityId}/user/behavior_auth/validate": {
      "post": {
        "summary": "Validate behavior authentication (typing pattern)",
        "description": "Validate a user's typing pattern for behavior authentication.<br />\n**Authorization:**<br />\n- Any valid community license key can be used. <br />\n**Encrypted payload:**<br />\nRequest body must contain a `data` field (encrypted string) and a decrypted preview:<br />\n```\n{\n  \"authModule\": \"string (required)\",\n  \"username\": \"string (required)\",\n  \"pattern\": \"string (base64, required)\",\n  \"eventInfo\": {\n    \"clientIp\": \"string (optional)\",\n    \"userAgent\": \"string (optional)\"\n  }\n}\n```\n- Validates caller and user (must not be locked or disabled).<br />\n- Calls Typing to validate pattern using userId = SHA512(user.urn).<br />\n- On any validation failure, returns 401 Unauthorized.<br />\n- On success, returns same payload as user authenticate API, with JWT containing `\"methods\": [\"behavior_auth\"]`.<br />\n- Optional `eventInfo` allows passing custom client IP and user agent for event logging.\n",
        "tags": [
          "Behavior Auth"
        ],
        "security": [
          {
            "keyId": []
          },
          {
            "keySecret": []
          },
          {
            "license": []
          }
        ],
        "parameters": [
          {
            "in": "path",
            "name": "tenantId",
            "required": true,
            "schema": {
              "type": "string"
            }
          },
          {
            "in": "path",
            "name": "communityId",
            "required": true,
            "schema": {
              "type": "string"
            }
          }
        ],
        "requestBody": {
          "required": true,
          "content": {
            "application/json": {
              "schema": {
                "type": "object",
                "properties": {
                  "data": {
                    "type": "object",
                    "properties": {
                      "authModule": {
                        "type": "string"
                      },
                      "username": {
                        "type": "string"
                      },
                      "pattern": {
                        "type": "string",
                        "description": "base64 string"
                      },
                      "eventInfo": {
                        "type": "object",
                        "properties": {
                          "clientIp": {
                            "type": "string",
                            "description": "Optional custom client IP address for event logging"
                          },
                          "userAgent": {
                            "type": "string",
                            "description": "Optional custom user agent for event logging"
                          }
                        }
                      }
                    },
                    "required": [
                      "authModule",
                      "username",
                      "pattern"
                    ]
                  }
                },
                "required": [
                  "data"
                ]
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "Validation successful. Encrypted response with JWT and user info.",
            "content": {
              "application/json": {
                "schema": {
                  "type": "object",
                  "properties": {
                    "data": {
                      "type": "object",
                      "properties": {
                        "jwt": {
                          "type": "string"
                        },
                        "user": {
                          "type": "object"
                        },
                        "methods": {
                          "type": "array",
                          "items": {
                            "type": "string"
                          }
                        }
                      }
                    },
                    "publicKey": {
                      "type": "string"
                    }
                  }
                }
              }
            }
          },
          "400": {
            "description": "Bad request"
          },
          "401": {
            "description": "Unauthorized or validation failed"
          }
        }
      }
    },
    "/tenant/{tenantId}/community/{communityId}/user/behavior_auth/deregister": {
      "delete": {
        "summary": "Deregister (unenroll) behavior authentication for a user",
        "description": "Deregisters (unenrolls) a user's behavior authentication (typing phrase/pattern).<br />\n**Authorization:**<br />\n- Requires system/service key for the community, OR<br />\n- A valid JWT in the request body (with `isAuthenticated: true`) and service_ext/app/app_ext license key.<br />\n**Encrypted payload:**<br />\nRequest body must contain a `data` field (encrypted string) and a decrypted preview:<br />\n```\n{\n  \"authModule\": \"string (required)\",\n  \"username\": \"string (required)\",\n  \"jwt\": \"string (required for app/app_ext license)\",\n  \"eventInfo\": {\n    \"clientIp\": \"string (optional)\",\n    \"userAgent\": \"string (optional)\",\n    \"initiatedBy\": \"string (optional, username of the initiator)\"\n  }\n}\n```\n- If JWT is required, it must be present, valid (via AuthN), and have `isAuthenticated: true`.<br />\n- Optional `eventInfo.initiatedBy` specifies the username who initiated the action (for event logging).<br />\n- Calls Typing to delete pattern using userId = SHA512(user.urn).<br />\n- If no phrase is registered, returns 204 No Content.<br />\n- If phrase is registered, deletes and returns 204 No Content.<br />\n- Optional `eventInfo` allows passing custom client IP and user agent for event logging.<br />\n- Emits `E_BEHAVIOR_AUTH_UNENROLLED` event with full context.\n",
        "tags": [
          "Behavior Auth"
        ],
        "security": [
          {
            "keyId": []
          },
          {
            "keySecret": []
          },
          {
            "license": []
          }
        ],
        "parameters": [
          {
            "in": "path",
            "name": "tenantId",
            "required": true,
            "schema": {
              "type": "string"
            }
          },
          {
            "in": "path",
            "name": "communityId",
            "required": true,
            "schema": {
              "type": "string"
            }
          }
        ],
        "requestBody": {
          "required": true,
          "content": {
            "application/json": {
              "schema": {
                "type": "object",
                "properties": {
                  "data": {
                    "type": "object",
                    "properties": {
                      "authModule": {
                        "type": "string"
                      },
                      "username": {
                        "type": "string"
                      },
                      "jwt": {
                        "type": "string"
                      },
                      "eventInfo": {
                        "type": "object",
                        "properties": {
                          "clientIp": {
                            "type": "string",
                            "description": "Optional custom client IP address for event logging"
                          },
                          "userAgent": {
                            "type": "string",
                            "description": "Optional custom user agent for event logging"
                          },
                          "initiatedBy": {
                            "type": "string",
                            "description": "Username of the person who initiated the action (for event logging)"
                          }
                        }
                      }
                    },
                    "required": [
                      "authModule",
                      "username"
                    ]
                  }
                },
                "required": [
                  "data"
                ]
              }
            }
          }
        },
        "responses": {
          "204": {
            "description": "Unenrollment successful. No content."
          },
          "400": {
            "description": "Bad request"
          },
          "401": {
            "description": "Unauthorized or invalid JWT"
          }
        }
      }
    },
    "/tenant/{tenantId}/community/{communityId}/module/create": {
      "put": {
        "summary": "Create auth module.",
        "description": "Create auth module. <br />\n- Only a **system**, **service** and **service_ext** key can be used to create auth module.\n- Key must be authorized for community.\n- Uniquey by type and community.\n- A keytab_uuid is issued if and when a kerberos.keytab_file is added\n\n|              **Headers**                     |\n|----------------------------------------------|\n\n### licensekey (required)\nLicense key encrypted with ECDSA\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n\n|            **Request Body**                  |\n|----------------------------------------------|\n\n\n### data (required)\nAuth module data encrypted with ECDSA. <br />\n\n\n|            **Returns**                    |\n|-------------------------------------------|\n\nReturns the created auth module, encrypted with ECDSA and public key. <br />\nThis API throw an error if something goes wrong.\n",
        "tags": [
          "Auth Module"
        ],
        "security": [
          {
            "keyId": []
          },
          {
            "keySecret": []
          },
          {
            "license": []
          }
        ],
        "parameters": [
          {
            "in": "path",
            "name": "tenantId",
            "description": "ID of tenant",
            "required": true,
            "schema": {
              "type": "string",
              "example": "xxxxxxxxxx"
            }
          },
          {
            "in": "path",
            "name": "communityId",
            "description": "ID of community",
            "required": true,
            "schema": {
              "type": "string",
              "example": "xxxxxxxxxxxxxxxxxxxxxxxx"
            }
          },
          {
            "name": "licensekey",
            "in": "header",
            "description": "License key encrypted with ECDSA / Try Authorize &#128274;",
            "required": true,
            "schema": {
              "type": "string",
              "example": "Do not enter anything, use 'Authorize' fields"
            }
          },
          {
            "name": "requestid",
            "in": "header",
            "description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize &#128274;",
            "required": true,
            "schema": {
              "type": "string",
              "example": "Do not enter anything, use 'Authorize' fields"
            }
          },
          {
            "name": "publickey",
            "in": "header",
            "description": "Public Key  / Try Authorize &#128274;",
            "required": true,
            "schema": {
              "type": "string",
              "example": "Do not enter anything, use 'Authorize' fields"
            }
          }
        ],
        "requestBody": {
          "description": "Request body contains 'data' field with encrypted object below:\n\nIMPORTANT - you can send unencrypted data and you will get unecrypted data as well, it is only a preview available in Swagger.\n\nfor type **db**:\n```\n{\n    \"type\": \"db\",\n    \"subtype\": \"datastore\",\n    \"method\": \"authn\",\n    \"name\": \"string required\",\n    \"enabled\": true,\n    \"mode\": \"direct\",\n    \"config\": {\n        \"passwordPolicy\": {\n           \"authtype\": \"string required\", // Face | Fingerprint\n           \"rules\": {\n           \t\"min\": \"number required\",\n           \t\"min_enabled\": boolean required,\n           \t\"min_special\": \"number required\",\n           \t\"min_special_enabled\": boolean required,\n           \t\"min_numbers\": \"number required\",\n           \t\"min_numbers_enabled\": boolean required,\n           \t\"special_chars_allowed\": \"string required\",\n           \t\"special_chars_allowed_enabled\": boolean required,\n           \t\"min_alpha_caps\": \"number required\",\n           \t\"min_alpha_caps_enabled\": boolean required,\n           \t\"noUsername\": boolean required,\n           \t\"noUsername_enabled\": boolean required,\n           \t\"allowInRow\": \"number required\",\n           \t\"allowInRow_enabled\": boolean required\n           },\n           \"descriptions\": [\n               \"string required\"\n           ]\n        }\n    }\n}\n```\n\nfor **direct ad/ldap**:\n```\n{\n    \"type\": \"ad/ldap\",\n    \"subtype\": \"directory\",\n    \"method\": \"authn\",\n    \"name\": \"string required\",\n    \"enabled\": true,\n    \"mode\": \"direct\",\n    \"config\": {\n        \"hosts\": [{\n            \"server\": \"string optional\",\n            \"port\": \"string optional\",\n        }],\n        \"hostTimeoutSeconds\": \"number optional - default = 10s\",\n        \"hostRetryAfterMinutes\": \"number optional - default = 30m\",\n        \"caList\": [{\n            \"cert_template\": \"string optional\",\n            \"dc_dns\": \"string optional\",\n            \"dc_ca\": \"string optional\"\n        }],\n        \"caTimeoutSeconds\": \"number optional - default = 10s\",\n        \"caRetryAfterMinutes\": \"number optional - default = 30m\",\n        \"serverprotocol\": \"string required - ldap or ldaps\",\n        \"server\": \"string required\",\n        \"serverport\": \"string required\",\n        \"binddn\": \"string required\",\n        \"bindpassword\": \"string required\",\n        \"basedn\": \"string required\",\n        \"securityauthentication\": \"string required - Simple or Secure or Sealing or Encryption or SecureSocketLayer or ServerBind\",\n        \"forcePasswordResetEnabled\": \"boolean optional\",\n        \"filter\": \"string required\",\n        \"serviceacctreadonly\": \"boolean required\",\n        \"ldapqueryfilter\": \"string optional\",\n        \"passwordPolicy\": {\n           \"authtype\": \"string required\", // Face | Fingerprint\n           \"rules\": {\n           \t\"min\": \"number required\",\n           \t\"min_enabled\": boolean required,\n           \t\"min_special\": \"number required\",\n           \t\"min_special_enabled\": boolean required,\n           \t\"min_numbers\": \"number required\",\n           \t\"min_numbers_enabled\": boolean required,\n           \t\"special_chars_allowed\": \"string required\",\n           \t\"special_chars_allowed_enabled\": boolean required,\n           \t\"min_alpha_caps\": \"number required\",\n           \t\"min_alpha_caps_enabled\": boolean required,\n           \t\"noUsername\": boolean required,\n           \t\"noUsername_enabled\": boolean required,\n           \t\"allowInRow\": \"number required\",\n           \t\"allowInRow_enabled\": boolean required\n           },\n           \"descriptions\": [\n               \"string required\"\n           ]\n        }\n    }\n}\n```\n\nfor **direct azuread**:\n```\n{\n    \"type\": \"azuread\",\n    \"subtype\": \"directory\",\n    \"method\": \"authn\",\n    \"name\": \"string required\",\n    \"enabled\": true,\n    \"mode\": \"direct\",\n    \"config\": {\n        \"appName\": \"string required\",\n        \"tenantId\": \"string required\",\n        \"tenantName\": \"string required\",\n        \"clientId\": \"string required\",\n        \"clientSecret\": \"string required\",\n        \"loginBasePath\": \"string required\",\n        \"graphApiBasePath\": \"string required\"\n    }\n}\n```\n\nfor **broker ad/ldap**:\n```\n{\n    \"type\": \"ad/ldap\",\n    \"subtype\": \"directory\",\n    \"method\": \"authn\",\n    \"name\": \"string required\",\n    \"enabled\": true,\n    \"mode\": \"broker\",\n    \"config\": {\n        \"hosts\": [{\n            \"server\": \"string optional\",\n            \"port\": \"string optional\",\n        }],\n        \"hostTimeoutSeconds\": \"number optional - default = 10s\",\n        \"hostRetryAfterMinutes\": \"number optional - default = 30m\",\n        \"caList\": [{\n            \"cert_template\": \"string optional\",\n            \"dc_dns\": \"string optional\",\n            \"dc_ca\": \"string optional\"\n        }],\n        \"caTimeoutSeconds\": \"number optional - default = 10s\",\n        \"caRetryAfterMinutes\": \"number optional - default = 30m\",\n        \"serverprotocol\": \"string optional - ldap or ldaps\",\n        \"server\": \"string optional\",\n        \"serverport\": \"string optional\",\n        \"binddn\": \"string optional\",\n        \"basedn\": \"string optional\",\n        \"securityauthentication\": \"string optional - Simple or Secure or Sealing or Encryption or SecureSocketLayer or ServerBind\",\n        \"forcePasswordResetEnabled\": \"boolean optional\",\n        \"filter\": \"string optional\",\n        \"serviceacctreadonly\": \"boolean optional\",\n        \"scepenabled\": \"boolean optional\",\n        \"scepurl\": \"string optional\",\n        \"challengeurl\": \"string optional\",\n        \"scepagent\": \"string optional\",\n        \"cert_enabled\": \"boolean optional\",\n        \"cert_template\": \"string optional\", // Alphabets, numerals, spaces, special characters allowed\n        \"dc_dns\": \"string optional\",  // DNS names can contain only alphabetic characters (A-Z, a-z), numeric characters (0-9), the minus sign (-), and the period (.)\n        \"dc_ca\": \"string optional\", // up to 64 characters, ANSI character set\n        \"ldapqueryfilter\": \"string optional\",\n        \"transformationJSB64\": \"string optional\",\n        \"logfilesizemb\": number optional, // default is 10, it's only for BROKER\n        \"logfilecount\": number optional,  // default is 10, it's only for BROKER, floating values like 0.2 or 10.3  will be considered 0 or 10 respectively\n        \"notificationAfterNoOfMinsDisconnect\": \"number optional\", // default 5\n        \"brokerDisconnectNotificationTo\": \"array optional\",\n        \"brokerNotificationsEnabled\": \"boolean optional\",         // default false\n        \"hostStatusChangeNotificationsTo\": \"array optional\",\n        \"hostStatusChangeNotificationsEnabled\": \"boolean optional\",         // default false\n        \"caStatusChangeNotificationsTo\": \"array optional\",\n        \"caStatusChangeNotificationsEnabled\": \"boolean optional\",         // default false\n        \"passwordPolicy\": {\n           \"authtype\": \"string required\", // Face | Fingerprint\n           \"rules\": {\n           \t\"min\": \"number required\",\n           \t\"min_enabled\": boolean required,\n           \t\"min_special\": \"number required\",\n           \t\"min_special_enabled\": boolean required,\n           \t\"min_numbers\": \"number required\",\n           \t\"min_numbers_enabled\": boolean required,\n           \t\"special_chars_allowed\": \"string required\",\n           \t\"special_chars_allowed_enabled\": boolean required,\n           \t\"min_alpha_caps\": \"number required\",\n           \t\"min_alpha_caps_enabled\": boolean required,\n           \t\"noUsername\": boolean required,\n           \t\"noUsername_enabled\": boolean required,\n           \t\"allowInRow\": \"number required\",\n           \t\"allowInRow_enabled\": boolean required\n           },\n           \"descriptions\": [\n               \"string required\"\n           ]\n        }\n    },\n    \"kerberos_config\": {\n        \"enabled\": \"boolean, required if kerberos_config is included\",\n        \"keytab_file\": \"string (base64) required if kerberos_config is included\",\n    }\n}\n```\n",
          "content": {
            "application/json": {
              "schema": {
                "$ref": "#/components/schemas/AuthModuleCreateRequest"
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "Success\n\npublicKey is publicKey of User Management API, useful for decryption response\n\ndata is ECDSA encrypted object represents created auth module:\n\n```\n{\n    \"_id\": \"ObjectID\",\n    \"communityId\": \"ObjectID\",\n    \"type\": \"db\",            // ad | ldap | db | azuread\n    \"subtype\": \"datastore\",  // for ad | ldap | azuread : \"directory\", for db: \"datastore\"\n    \"method\": \"authn\",       // for ad | ldap | db : \"authn\"\n    \"name\": \"Auth Module Name\",\n    \"enabled\": true,\n    \"mode\": \"broker/direct\",\n    \"lastEnabledAt\": \"date optional\",\n    \"enhanced_security_on\": false,\n    \"config\": {}             // see below config response samples\n}\n```\n\nconfig object for type **ad** or **ldap**:\n```\n{\n      \"hosts\": [{\n          \"server\": \"string\",\n          \"port\": \"string\",\n          \"lastSuccessAt\": date,\n          \"lastNotifiedAt\": date\n      }],\n      \"hostTimeoutSeconds\": \"number optional - default = 10s\",\n      \"hostRetryAfterMinutes\": \"number optional - default = 30m\",\n      \"caList\": [{\n          \"cert_template\": \"string optional\",\n          \"dc_dns\": \"string optional\",\n          \"dc_ca\": \"string optional\"\n      }],\n      \"caTimeoutSeconds\": \"number optional - default = 10s\",\n      \"caRetryAfterMinutes\": \"number optional - default = 30m\",\n      \"serverprotocol\": \"ldap\",\n      \"server\": \"string\"\n      \"serverport\": \"string\"\n      \"binddn\": \"string\",\n      \"bindpassword\": \"string\",\n      \"basedn\": \"string\",\n      \"securityauthentication\": \"Simple\",\n      \"forcePasswordResetEnabled\": false,\n      \"forcePasswordResetEnabled\" : false,\n      \"filter\": \"string\",\n      \"serviceacctreadonly\": true,\n      \"scepenabled\": \"boolean\",\n      \"scepurl\": \"string\",\n      \"challengeurl\": \"string\",\n      \"scepagent\": \"string\",\n      \"cert_enabled\": \"boolean\",\n      \"cert_template\": \"string\",\n      \"dc_dns\": \"string\",\n      \"dc_ca\": \"string\",\n      \"ldapqueryfilter\": \"string\",\n      \"transformationJSB64\": \"string optional\",\n      \"logfilesizemb\": number,          // it's only for BROKER\n      \"logfilecount\": number,           // it's only for BROKER\n      \"modified_at\": date,              // it's only for BROKER\n      \"etag\": uuid,                     // it's only for BROKER\n      \"notificationAfterNoOfMinsDisconnect\": \"number optional\", // default 5\n      \"brokerDisconnectNotificationTo\": \"array optional\",\n      \"brokerNotificationsEnabled\": \"boolean optional\",        // default false\n      \"hostStatusChangeNotificationsTo\": \"array optional\",\n      \"hostStatusChangeNotificationsEnabled\": \"boolean optional\",         // default false\n      \"caStatusChangeNotificationsTo\": \"array optional\",\n      \"caStatusChangeNotificationsEnabled\": \"boolean optional\",         // default false\n      \"passwordPolicy\": {\n         \"authtype\": \"string required\", // Face | Fingerprint\n         \"allowed\": boolean required,\n         \"rules\": {\n         \t\"min\": \"number required\",\n         \t\"min_enabled\": boolean required,\n         \t\"min_special\": \"number required\",\n         \t\"min_special_enabled\": boolean required,\n         \t\"min_numbers\": \"number required\",\n         \t\"min_numbers_enabled\": boolean required,\n         \t\"special_chars_allowed\": \"string required\",\n         \t\"special_chars_allowed_enabled\": boolean required,\n         \t\"min_alpha_caps\": \"number required\",\n         \t\"min_alpha_caps_enabled\": boolean required,\n         \t\"noUsername\": boolean required,\n         \t\"noUsername_enabled\": boolean required,\n         \t\"allowInRow\": \"number required\",\n         \t\"allowInRow_enabled\": boolean required\n         },\n         \"descriptions\": [\n             \"string required\"\n         ]\n      }\n}\n```\n\nconfig object for type **azuread** :\n```\n{\n      \"appName\": \"string\",\n      \"tenantId\": \"string\",\n      \"tenantName\": \"string\",\n      \"clientId\": \"string\",\n      \"clientSecret\": \"string\",\n      \"loginBasePath\": \"string\",\n      \"graphApiBasePath\": \"string\"\n}\n```\n\nconfig for type **db**:\n```\n{\n      \"passwordPolicy\": {\n         \"authtype\": \"string required\", // Face | Fingerprint\n         \"allowed\": boolean required,\n         \"rules\": {\n         \t\"min\": \"number required\",\n         \t\"min_enabled\": boolean required,\n         \t\"min_special\": \"number required\",\n         \t\"min_special_enabled\": boolean required,\n         \t\"min_numbers\": \"number required\",\n         \t\"min_numbers_enabled\": boolean required,\n         \t\"special_chars_allowed\": \"string required\",\n         \t\"special_chars_allowed_enabled\": boolean required,\n         \t\"min_alpha_caps\": \"number required\",\n         \t\"min_alpha_caps_enabled\": boolean required,\n         \t\"noUsername\": boolean required,\n         \t\"noUsername_enabled\": boolean required,\n         \t\"allowInRow\": \"number required\",\n         \t\"allowInRow_enabled\": boolean required\n         },\n         \"descriptions\": [\n             \"string required\"\n         ]\n      }\n}\n```\n",
            "content": {
              "application/json": {
                "schema": {
                  "$ref": "#/components/schemas/AuthModuleCreateResponse"
                }
              }
            }
          },
          "400": {
            "description": "Invalid request"
          },
          "401": {
            "description": "Unauthorized"
          }
        }
      }
    },
    "/tenant/{tenantId}/community/{communityId}/module/{moduleId}": {
      "patch": {
        "summary": "Update auth module.",
        "description": "Update auth module. <br />\n- Key must be authorized for community.\n- Only a **system**, **service** and **service_ext** key can be used to update auth module.\n- A keytab_uuid is issued if and when a kerberos.keytab_file is added\n\n|              **Headers**                     |\n|----------------------------------------------|\n\n### licensekey (required)\nLicense key encrypted with ECDSA\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n\n|            **Request Body**                  |\n|----------------------------------------------|\n\n\n### data (required)\nAuth module data encrypted with ECDSA. <br />\n\n\n|            **Returns**                    |\n|-------------------------------------------|\n\nReturns the updated auth module, encrypted with ECDSA and public key. <br />\nThis API throw an error if something goes wrong.\n",
        "tags": [
          "Auth Module"
        ],
        "security": [
          {
            "keyId": []
          },
          {
            "keySecret": []
          },
          {
            "license": []
          }
        ],
        "parameters": [
          {
            "in": "path",
            "name": "tenantId",
            "description": "ID of tenant",
            "required": true,
            "schema": {
              "type": "string",
              "example": "xxxxxxxxxx"
            }
          },
          {
            "in": "path",
            "name": "communityId",
            "description": "ID of community",
            "required": true,
            "schema": {
              "type": "string",
              "example": "xxxxxxxxxxxxxxxxxxxxxxxx"
            }
          },
          {
            "in": "path",
            "name": "moduleId",
            "required": true,
            "schema": {
              "type": "string",
              "example": "xxxxxxxxxxxxxxxxxxxxxxxx"
            }
          },
          {
            "name": "licensekey",
            "in": "header",
            "description": "License key encrypted with ECDSA / Try Authorize &#128274;",
            "required": true,
            "schema": {
              "type": "string",
              "example": "Do not enter anything, use 'Authorize' fields"
            }
          },
          {
            "name": "requestid",
            "in": "header",
            "description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize &#128274;",
            "required": true,
            "schema": {
              "type": "string",
              "example": "Do not enter anything, use 'Authorize' fields"
            }
          },
          {
            "name": "publickey",
            "in": "header",
            "description": "Public Key  / Try Authorize &#128274;",
            "required": true,
            "schema": {
              "type": "string",
              "example": "Do not enter anything, use 'Authorize' fields"
            }
          }
        ],
        "requestBody": {
          "description": "Request body contains 'data' field with encrypted object below:\n\nIMPORTANT - you can send unencrypted data and you will get unecrypted data as well, it is only a preview available in Swagger.\n\nIMPORTANT - you can set enabled = true only if config is valid\n\nfor type **db**:\n```\n{\n    \"name\": \"string optional\",\n    \"enabled\": true,\n    \"config\": {\n        \"passwordPolicy\": {\n           \"authtype\": \"string required\", // Face | Fingerprint\n           \"rules\": {\n           \t\"min\": \"number required\",\n           \t\"min_enabled\": boolean required,\n           \t\"min_special\": \"number required\",\n           \t\"min_special_enabled\": boolean required,\n           \t\"min_numbers\": \"number required\",\n           \t\"min_numbers_enabled\": boolean required,\n           \t\"special_chars_allowed\": \"string required\",\n           \t\"special_chars_allowed_enabled\": boolean required,\n           \t\"min_alpha_caps\": \"number required\",\n           \t\"min_alpha_caps_enabled\": boolean required,\n           \t\"noUsername\": boolean required,\n           \t\"noUsername_enabled\": boolean required,\n           \t\"allowInRow\": \"number required\",\n           \t\"allowInRow_enabled\": boolean required\n           },\n           \"descriptions\": [\n               \"string required\"\n           ]\n        }\n    }\n}\n```\n\nfor **direct ad/ldap**:\n```\n{\n    \"name\": \"string optional\",\n    \"enabled\": true,\n    \"config\": {\n        \"hosts\": [{\n            \"server\": \"string optional\",\n            \"port\": \"string optional\",\n        }],\n        \"hostTimeoutSeconds\": \"number optional - default = 10s\",\n        \"hostRetryAfterMinutes\": \"number optional - default = 30m\",\n        \"serverprotocol\": \"string required - ldap or ldaps\",\n        \"server\": \"string required\",\n        \"serverport\": \"string required\",\n        \"binddn\": \"string required\",\n        \"bindpassword\": \"string required\",\n        \"basedn\": \"string required\",\n        \"securityauthentication\": \"string required - Simple or Secure or Sealing or Encryption or SecureSocketLayer or ServerBind\",\n        \"forcePasswordResetEnabled\": \"boolean optional\",\n        \"filter\": \"string required\",\n        \"serviceacctreadonly\": \"boolean required\",\n        \"ldapqueryfilter\": \"string optional\",\n        \"passwordPolicy\": {\n           \"authtype\": \"string required\", // Face | Fingerprint\n           \"rules\": {\n           \t\"min\": \"number required\",\n           \t\"min_enabled\": boolean required,\n           \t\"min_special\": \"number required\",\n           \t\"min_special_enabled\": boolean required,\n           \t\"min_numbers\": \"number required\",\n           \t\"min_numbers_enabled\": boolean required,\n           \t\"special_chars_allowed\": \"string required\",\n           \t\"special_chars_allowed_enabled\": boolean required,\n           \t\"min_alpha_caps\": \"number required\",\n           \t\"min_alpha_caps_enabled\": boolean required,\n           \t\"noUsername\": boolean required,\n           \t\"noUsername_enabled\": boolean required,\n           \t\"allowInRow\": \"number required\",\n           \t\"allowInRow_enabled\": boolean required\n           },\n           \"descriptions\": [\n               \"string required\"\n           ]\n        }\n    }\n}\n```\n\nfor **direct azuread**:\n```\n{\n    \"name\": \"string optional\",\n    \"enabled\": true,\n    \"config\": {\n        \"appName\": \"string\",\n        \"tenantId\": \"string\",\n        \"tenantName\": \"string\",\n        \"clientId\": \"string\",\n        \"clientSecret\": \"string\",\n        \"loginBasePath\": \"string\",\n        \"graphApiBasePath\": \"string\"\n    }\n}\n```\n\nfor type **broker ad/ldap**:\n```\n{\n    \"name\": \"string optional\",\n    \"enabled\": true,\n    \"config\": {\n        \"hosts\": [{\n            \"server\": \"string optional\",\n            \"port\": \"string optional\",\n        }],\n        \"hostTimeoutSeconds\": \"number optional - default = 10s\",\n        \"hostRetryAfterMinutes\": \"number optional - default = 30m\",\n        \"caList\": [{\n            \"cert_template\": \"string optional\",\n            \"dc_dns\": \"string optional\",\n            \"dc_ca\": \"string optional\"\n        }],\n        \"caTimeoutSeconds\": \"number optional - default = 10s\",\n        \"caRetryAfterMinutes\": \"number optional - default = 30m\",\n        \"serverprotocol\": \"string optional - ldap or ldaps\",\n        \"server\": \"string optional\",\n        \"serverport\": \"string optional\",\n        \"binddn\": \"string optional\",\n        \"basedn\": \"string optional\",\n        \"securityauthentication\": \"string optional - Simple or Secure or Sealing or Encryption or SecureSocketLayer or ServerBind\",\n        \"forcePasswordResetEnabled\" : \"boolean optional\",\n        \"filter\": \"string optional\",\n        \"serviceacctreadonly\": \"boolean optional\",\n        \"scepenabled\": \"boolean optional\",\n        \"scepurl\": \"string optional\",\n        \"challengeurl\": \"string optional\",\n        \"scepagent\": \"string optional\",\n        \"cert_enabled\": \"boolean optional\",\n        \"cert_template\": \"string optional\", // Alphabets, numerals, spaces, special characters allowed\n        \"dc_dns\": \"string optional\",  // DNS names can contain only alphabetic characters (A-Z, a-z), numeric characters (0-9), the minus sign (-), and the period (.)\n        \"dc_ca\": \"string optional\", // up to 64 characters, ANSI character set\n        \"ldapqueryfilter\": \"string optional\",\n        \"transformationJSB64\": \"string optional\",\n        \"logfilesizemb\": number optional, // default is 10, it's only for BROKER\n        \"logfilecount\": number optional,  // default is 10, it's only for BROKER\n        \"notificationAfterNoOfMinsDisconnect\": \"number optional\", // default 5\n        \"brokerDisconnectNotificationTo\": \"array optional\",\n        \"brokerNotificationsEnabled\": \"boolean optional\",        // default false\n        \"hostStatusChangeNotificationsTo\": \"array optional\",\n        \"hostStatusChangeNotificationsEnabled\": \"boolean optional\",         // default false\n        \"caStatusChangeNotificationsTo\": \"array optional\",\n        \"caStatusChangeNotificationsEnabled\": \"boolean optional\",         // default false\n        \"passwordPolicy\": {\n           \"authtype\": \"string required\", // Face | Fingerprint\n           \"rules\": {\n           \t\"min\": \"number required\",\n           \t\"min_enabled\": boolean required,\n           \t\"min_special\": \"number required\",\n           \t\"min_special_enabled\": boolean required,\n           \t\"min_numbers\": \"number required\",\n           \t\"min_numbers_enabled\": boolean required,\n           \t\"special_chars_allowed\": \"string required\",\n           \t\"special_chars_allowed_enabled\": boolean required,\n           \t\"min_alpha_caps\": \"number required\",\n           \t\"min_alpha_caps_enabled\": boolean required,\n           \t\"noUsername\": boolean required,\n           \t\"noUsername_enabled\": boolean required,\n           \t\"allowInRow\": \"number required\",\n           \t\"allowInRow_enabled\": boolean required\n           },\n           \"descriptions\": [\n               \"string required\"\n           ]\n        }\n    },\n    \"kerberos_config\": {\n        \"enabled\": \"boolean optional\",\n        \"keytab_file\": \"base64 string optional\"\n    }\n}\n```\n",
          "content": {
            "application/json": {
              "schema": {
                "$ref": "#/components/schemas/AuthModuleUpdateRequest"
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "Success\n\npublicKey is publicKey of User Management API, useful for decryption response\n\ndata is ECDSA encrypted object represents updated auth module:\n\n```\n{\n    \"_id\": \"ObjectID\",\n    \"communityId\": \"ObjectID\",\n    \"type\": \"db\",            // ad | ldap | db\n    \"subtype\": \"datastore\",  // for ad | ldap: \"directory\", for db: \"datastore\"\n    \"method\": \"authn\",       // for ad | ldap | db : \"authn\"\n    \"name\": \"Auth Module Name\",\n    \"enabled\": true,\n    \"mode\": \"broker/direct\",\n    \"lastEnabledAt\": \"date optional\",\n    \"enhanced_security_on\": false,\n    \"config\": {}             // see below config response samples\n}\n```\n\nconfig object for type **ad** or **ldap**:\n```\n{\n      \"hosts\": [{\n          \"server\": \"string optional\",\n          \"port\": \"string optional\",\n          \"lastSuccessAt\": date,\n          \"lastNotifiedAt\": date\n      }],\n      \"hostTimeoutSeconds\": \"number optional - default = 10s\",\n      \"hostRetryAfterMinutes\": \"number optional - default = 30m\",\n      \"caList\": [{\n          \"cert_template\": \"string optional\",\n          \"dc_dns\": \"string optional\",\n          \"dc_ca\": \"string optional\"\n      }],\n      \"caTimeoutSeconds\": \"number optional - default = 10s\",\n      \"caRetryAfterMinutes\": \"number optional - default = 30m\",\n      \"serverprotocol\": \"ldap\",\n      \"server\": \"string\",\n      \"serverport\": \"string\",\n      \"binddn\": \"string\",\n      \"bindpassword\": \"string\",\n      \"basedn\": \"string\",\n      \"securityauthentication\": \"Simple\",\n      \"forcePasswordResetEnabled\": false,\n      \"forcePasswordResetEnabled\": false,\n      \"filter\": \"string\",\n      \"serviceacctreadonly\": true,\n      \"ldapqueryfilter\": \"string optional\",\n      \"scepenabled\": \"boolean optional\",\n      \"scepurl\": \"string optional\",\n      \"challengeurl\": \"string optional\",\n      \"scepagent\": \"string optional\",\n      \"cert_enabled\": \"boolean optional\",\n      \"cert_template\": \"string optional\", // Alphabets, numerals, spaces, special characters allowed\n      \"dc_dns\": \"string optional\",  // DNS names can contain only alphabetic characters (A-Z, a-z), numeric characters (0-9), the minus sign (-), and the period (.)\n      \"dc_ca\": \"string optional\", // up to 64 characters, ANSI character set\n      \"ldapqueryfilter\": \"string optional\",\n      \"transformationJSB64\": \"string optional\",\n      \"logfilesizemb\": number,          // it's only for BROKER\n      \"logfilecount\": number,           // it's only for BROKER\n      \"modified_at\": date,              // it's only for BROKER\n      \"etag\": uuid,                     // it's only for BROKER\n      \"notificationAfterNoOfMinsDisconnect\": \"number optional\", // default 5\n      \"brokerDisconnectNotificationTo\": \"array optional\",\n      \"brokerNotificationsEnabled\": \"boolean optional\",        // default false\n      \"hostStatusChangeNotificationsTo\": \"array optional\",\n      \"hostStatusChangeNotificationsEnabled\": \"boolean optional\",         // default false\n      \"caStatusChangeNotificationsTo\": \"array optional\",\n      \"caStatusChangeNotificationsEnabled\": \"boolean optional\",         // default false\n      \"passwordPolicy\": {\n         \"authtype\": \"string required\", // Face | Fingerprint\n         \"allowed\": boolean required,\n         \"rules\": {\n         \t\"min\": \"number required\",\n         \t\"min_enabled\": boolean required,\n         \t\"min_special\": \"number required\",\n         \t\"min_special_enabled\": boolean required,\n         \t\"min_numbers\": \"number required\",\n         \t\"min_numbers_enabled\": boolean required,\n         \t\"special_chars_allowed\": \"string required\",\n         \t\"special_chars_allowed_enabled\": boolean required,\n         \t\"min_alpha_caps\": \"number required\",\n         \t\"min_alpha_caps_enabled\": boolean required,\n         \t\"noUsername\": boolean required,\n         \t\"noUsername_enabled\": boolean required,\n         \t\"allowInRow\": \"number required\",\n         \t\"allowInRow_enabled\": boolean required\n         },\n         \"descriptions\": [\n             \"string required\"\n         ]\n      }\n}\n```\n\nconfig object for type **azuread**:\n```\n{\n      \"appName\": \"string\",\n      \"tenantId\": \"string\",\n      \"tenantName\": \"string\",\n      \"clientId\": \"string\",\n      \"clientSecret\": \"string\",\n      \"loginBasePath\": \"string\",\n      \"graphApiBasePath\": \"string\"\n}\n```\n\nconfig for type **db**:\n```\n{\n      \"passwordPolicy\": {\n         \"authtype\": \"string required\", // Face | Fingerprint\n         \"allowed\": boolean required,\n         \"rules\": {\n         \t\"min\": \"number required\",\n         \t\"min_enabled\": boolean required,\n         \t\"min_special\": \"number required\",\n         \t\"min_special_enabled\": boolean required,\n         \t\"min_numbers\": \"number required\",\n         \t\"min_numbers_enabled\": boolean required,\n         \t\"special_chars_allowed\": \"string required\",\n         \t\"special_chars_allowed_enabled\": boolean required,\n         \t\"min_alpha_caps\": \"number required\",\n         \t\"min_alpha_caps_enabled\": boolean required,\n         \t\"noUsername\": boolean required,\n         \t\"noUsername_enabled\": boolean required,\n         \t\"allowInRow\": \"number required\",\n         \t\"allowInRow_enabled\": boolean required\n         },\n         \"descriptions\": [\n             \"string required\"\n         ]\n      }\n}\n```\n",
            "content": {
              "application/json": {
                "schema": {
                  "$ref": "#/components/schemas/AuthModuleUpdateResponse"
                }
              }
            }
          },
          "400": {
            "description": "Invalid request"
          },
          "401": {
            "description": "Unauthorized"
          }
        }
      },
      "get": {
        "summary": "Get auth module by moduleId.",
        "description": "Get auth module by moduleId. <br />\n- Key must be authorized for community.\n- Only a **system**, **service** and **service_ext** key can be used to fetch auth module.\n\n|              **Headers**                     |\n|----------------------------------------------|\n\n### licensekey (required)\nLicense key encrypted with ECDSA\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n\n|            **Parameters**                    |\n|----------------------------------------------|\n\n\nNo Parameters\n\n\n\n|            **Returns**                    |\n|-------------------------------------------|\n\nReturns the auth module, encrypted with ECDSA and public key. <br />\nThis API throw an error if something goes wrong.\n",
        "tags": [
          "Auth Module"
        ],
        "security": [
          {
            "keyId": []
          },
          {
            "keySecret": []
          },
          {
            "license": []
          }
        ],
        "parameters": [
          {
            "in": "path",
            "name": "tenantId",
            "required": true,
            "schema": {
              "type": "string",
              "example": "xxxxxxxxxx"
            }
          },
          {
            "in": "path",
            "name": "communityId",
            "required": true,
            "schema": {
              "type": "string",
              "example": "xxxxxxxxxxxxxxxxxxxxxxxx"
            }
          },
          {
            "in": "path",
            "name": "moduleId",
            "required": true,
            "schema": {
              "type": "string",
              "example": "xxxxxxxxxxxxxxxxxxxxxxxx"
            }
          },
          {
            "name": "licensekey",
            "in": "header",
            "description": "License key encrypted with ECDSA / Try Authorize &#128274;",
            "required": true,
            "schema": {
              "type": "string",
              "example": "Do not enter anything, use 'Authorize' fields"
            }
          },
          {
            "name": "requestid",
            "in": "header",
            "description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize &#128274;",
            "required": true,
            "schema": {
              "type": "string",
              "example": "Do not enter anything, use 'Authorize' fields"
            }
          },
          {
            "name": "publickey",
            "in": "header",
            "description": "Public Key  / Try Authorize &#128274;",
            "required": true,
            "schema": {
              "type": "string",
              "example": "Do not enter anything, use 'Authorize' fields"
            }
          }
        ],
        "responses": {
          "200": {
            "description": "Success\n\npublicKey is publicKey of User Management API, useful for decryption response\n\ndata is ECDSA encrypted object represents auth module:\n\n```\n{\n    \"_id\": \"ObjectID\",\n    \"communityId\": \"ObjectID\",\n    \"type\": \"db\",\n    \"subtype\": \"datastore\",\n    \"method\": \"authn\",\n    \"name\": \"Auth Module Name\",\n    \"enabled\": true,\n    \"mode\": \"broker/direct\",\n    \"lastEnabledAt\": \"date optional\",\n    \"enhanced_security_on\": false,\n    \"config\": {}             // see below config response samples\n}\n```\n\nconfig object for type **ad** or **ldap**:\n```\n{\n      \"hosts\": [{\n          \"server\": \"string\",\n          \"port\": \"string\",\n          \"lastSuccessAt\": date,\n          \"lastNotifiedAt\": date\n      }],\n      \"hostTimeoutSeconds\": \"number optional - default = 10s\",\n      \"hostRetryAfterMinutes\": \"number optional - default = 30m\",\n      \"serverprotocol\": \"ldap\",\n      \"server\": \"string\",\n      \"serverport\": \"string\",\n      \"binddn\": \"string\",\n      \"bindpassword\": \"string\",\n      \"basedn\": \"string\",\n      \"securityauthentication\": \"Simple\",\n      \"forcePasswordResetEnabled\": false,\n      \"filter\": \"string\",\n      \"serviceacctreadonly\": true,\n      \"scepenabled\": \"boolean optional\",\n      \"scepurl\": \"string optional\",\n      \"challengeurl\": \"string optional\",\n      \"scepagent\": \"string optional\",\n      \"cert_enabled\": \"boolean optional\",\n      \"cert_template\": \"string optional\", // Alphabets, numerals, spaces, special characters allowed\n      \"dc_dns\": \"string optional\",  // DNS names can contain only alphabetic characters (A-Z, a-z), numeric characters (0-9), the minus sign (-), and the period (.)\n      \"dc_ca\": \"string optional\", // up to 64 characters, ANSI character set\n      \"ldapqueryfilter\": \"string optional\",\n      \"transformationJSB64\": \"string optional\",\n      \"logfilesizemb\": number,          // it's only for BROKER\n      \"logfilecount\": number,           // it's only for BROKER\n      \"modified_at\": date,              // it's only for BROKER\n      \"etag\": uuid,                     // it's only for BROKER\n      \"notificationAfterNoOfMinsDisconnect\": \"number optional\", // default 5\n      \"brokerDisconnectNotificationTo\": \"array optional\",\n      \"brokerNotificationsEnabled\": \"boolean optional\",        // default false\n      \"hostStatusChangeNotificationsTo\": \"array optional\",\n      \"hostStatusChangeNotificationsEnabled\": \"boolean optional\",         // default false\n      \"passwordPolicy\": {\n         \"authtype\": \"string required\", // Face | Fingerprint\n         \"allowed\": boolean required,\n         \"rules\": {\n         \t\"min\": \"number required\",\n         \t\"min_enabled\": boolean required,\n         \t\"min_special\": \"number required\",\n         \t\"min_special_enabled\": boolean required,\n         \t\"min_numbers\": \"number required\",\n         \t\"min_numbers_enabled\": boolean required,\n         \t\"special_chars_allowed\": \"string required\",\n         \t\"special_chars_allowed_enabled\": boolean required,\n         \t\"min_alpha_caps\": \"number required\",\n         \t\"min_alpha_caps_enabled\": boolean required,\n         \t\"noUsername\": boolean required,\n         \t\"noUsername_enabled\": boolean required,\n         \t\"allowInRow\": \"number required\",\n         \t\"allowInRow_enabled\": boolean required\n         },\n         \"descriptions\": [\n             \"string required\"\n         ]\n      }\n}\n```\nconfig object for type **azuread**:\n```\n{\n      \"appName\": \"string\",\n      \"tenantId\": \"string\",\n      \"tenantName\": \"string\",\n      \"clientId\": \"string\",\n      \"clientSecret\": \"string\",\n      \"loginBasePath\": \"string\",\n      \"graphApiBasePath\": \"string\"\n}\n```\n\nconfig object for type **db**:\n```\n{\n      \"passwordPolicy\": {\n         \"authtype\": \"string required\", // Face | Fingerprint\n         \"allowed\": boolean required,\n         \"rules\": {\n         \t\"min\": \"number required\",\n         \t\"min_enabled\": boolean required,\n         \t\"min_special\": \"number required\",\n         \t\"min_special_enabled\": boolean required,\n         \t\"min_numbers\": \"number required\",\n         \t\"min_numbers_enabled\": boolean required,\n         \t\"special_chars_allowed\": \"string required\",\n         \t\"special_chars_allowed_enabled\": boolean required,\n         \t\"min_alpha_caps\": \"number required\",\n         \t\"min_alpha_caps_enabled\": boolean required,\n         \t\"noUsername\": boolean required,\n         \t\"noUsername_enabled\": boolean required,\n         \t\"allowInRow\": \"number required\",\n         \t\"allowInRow_enabled\": boolean required\n         },\n         \"descriptions\": [\n             \"string required\"\n         ]\n      }\n}\n```\n",
            "content": {
              "application/json": {
                "schema": {
                  "$ref": "#/components/schemas/AuthModuleGetResponse"
                }
              }
            }
          },
          "400": {
            "description": "Invalid request"
          },
          "401": {
            "description": "Unauthorized"
          },
          "404": {
            "description": "Not found"
          }
        }
      },
      "delete": {
        "summary": "Delete auth module by moduleId.",
        "description": "Delete auth module by moduleId. <br />\n- Key must be authorized for community.\n- Only a **system**, **service** and **service_ext** key can be used to delete auth modules.\n- <b>WARNING: When deleting auth module of type db, All users of the related community will be deleted from DB.</b>\n\n|              **Headers**                     |\n|----------------------------------------------|\n\n### licensekey (required)\nLicense key encrypted with ECDSA\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n\n|            **Parameters**                    |\n|----------------------------------------------|\n\n\nNo Parameters\n\n\n\n|            **Returns**                    |\n|-------------------------------------------|\n\nNo content.<br />\nThis API throw an error if something goes wrong.\n",
        "tags": [
          "Auth Module"
        ],
        "security": [
          {
            "keyId": []
          },
          {
            "keySecret": []
          },
          {
            "license": []
          }
        ],
        "parameters": [
          {
            "in": "path",
            "name": "tenantId",
            "schema": {
              "type": "string",
              "example": "xxxxxxxxxx"
            }
          },
          {
            "in": "path",
            "name": "communityId",
            "required": true,
            "schema": {
              "type": "string",
              "example": "xxxxxxxxxxxxxxxxxxxxxxxx"
            }
          },
          {
            "in": "path",
            "name": "moduleId",
            "required": true,
            "schema": {
              "type": "string",
              "example": "xxxxxxxxxxxxxxxxxxxxxxxx"
            }
          },
          {
            "name": "licensekey",
            "in": "header",
            "description": "License key encrypted with ECDSA / Try Authorize &#128274;",
            "required": true,
            "schema": {
              "type": "string",
              "example": "Do not enter anything, use 'Authorize' fields"
            }
          },
          {
            "name": "requestid",
            "in": "header",
            "description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize &#128274;",
            "required": true,
            "schema": {
              "type": "string",
              "example": "Do not enter anything, use 'Authorize' fields"
            }
          },
          {
            "name": "publickey",
            "in": "header",
            "description": "Public Key  / Try Authorize &#128274;",
            "required": true,
            "schema": {
              "type": "string",
              "example": "Do not enter anything, use 'Authorize' fields"
            }
          }
        ],
        "responses": {
          "204": {
            "description": "Success\n\nEmpty response\n"
          },
          "400": {
            "description": "Invalid request"
          },
          "401": {
            "description": "Unauthorized"
          },
          "404": {
            "description": "Not found"
          }
        }
      }
    },
    "/tenant/{tenantId}/community/{communityId}/module/{moduleId}/test-connection": {
      "get": {
        "summary": "test auth module.",
        "description": "test auth module. <br />\n- Key must be authorized for community.\n- Only a **system**, **service** and **service_ext** key can be used to update auth module.\n\n|              **Headers**                     |\n|----------------------------------------------|\n\n### licensekey (required)\nLicense key encrypted with ECDSA\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n\n\n|            **Returns**                    |\n|-------------------------------------------|\n\nReturns the updated auth module, encrypted with ECDSA and public key. <br />\nThis API throw an error if something goes wrong.\n",
        "tags": [
          "Auth Module"
        ],
        "security": [
          {
            "keyId": []
          },
          {
            "keySecret": []
          },
          {
            "license": []
          }
        ],
        "parameters": [
          {
            "in": "path",
            "name": "tenantId",
            "description": "ID of tenant",
            "required": true,
            "schema": {
              "type": "string",
              "example": "xxxxxxxxxx"
            }
          },
          {
            "in": "path",
            "name": "communityId",
            "description": "ID of community",
            "required": true,
            "schema": {
              "type": "string",
              "example": "xxxxxxxxxxxxxxxxxxxxxxxx"
            }
          },
          {
            "in": "path",
            "name": "moduleId",
            "description": "ID of module",
            "required": true,
            "schema": {
              "type": "string",
              "example": "xxxxxxxxxxxxxxxxxxxxxxxx"
            }
          },
          {
            "name": "licensekey",
            "in": "header",
            "description": "License key encrypted with ECDSA / Try Authorize &#128274;",
            "required": true,
            "schema": {
              "type": "string",
              "example": "Do not enter anything, use 'Authorize' fields"
            }
          },
          {
            "name": "requestid",
            "in": "header",
            "description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize &#128274;",
            "required": true,
            "schema": {
              "type": "string",
              "example": "Do not enter anything, use 'Authorize' fields"
            }
          },
          {
            "name": "publickey",
            "in": "header",
            "description": "Public Key  / Try Authorize &#128274;",
            "required": true,
            "schema": {
              "type": "string",
              "example": "Do not enter anything, use 'Authorize' fields"
            }
          }
        ],
        "requestBody": {
          "description": "Request body contains 'data' field with encrypted object below:\n\nIMPORTANT - you can send unencrypted data and you will get unecrypted data as well, it is only a preview available in Swagger.\n"
        },
        "responses": {
          "200": {
            "description": "Success\n\npublicKey is publicKey of User Management API, useful for decryption response\n\ndata is ECDSA encrypted object represents updated auth module:\n\n```\n{\n    \"_id\": \"ObjectID\",\n    \"communityId\": \"ObjectID\",\n    \"type\": \"db\",            // ad | ldap | db | azuread\n    \"subtype\": \"datastore\",  // for ad | ldap | azuread: \"directory\", for db: \"datastore\"\n    \"method\": \"authn\",       // for ad | ldap | db | azuread : \"authn\"\n    \"name\": \"Auth Module Name\",\n    \"enabled\": true,\n    \"mode\": \"broker/direct\",\n    \"status\": true,\n    \"message\": \"connection success/failed\",\n    \"config\": {}             // see below config response samples\n}\n```\n\nconfig object for type **azuread**:\n```\n{\n      \"appName\": \"string\",\n      \"tenantId\": \"string\",\n      \"tenantName\": \"string\",\n      \"clientId\": \"string\",\n      \"clientSecret\": \"string\",\n      \"loginBasePath\": \"string\",\n      \"graphApiBasePath\": \"string\"\n}\n```\n",
            "content": {
              "application/json": {
                "schema": {
                  "$ref": "#/components/schemas/AuthModuleTestConnectionResponse"
                }
              }
            }
          },
          "400": {
            "description": "Invalid request"
          },
          "401": {
            "description": "Unauthorized"
          }
        }
      }
    },
    "/tenant/{tenantId}/community/{communityId}/modules/fetch": {
      "post": {
        "summary": "Fetch all auth modules.",
        "description": "Fetch all auth modules. <br />\n- Key must be authorized for community.\n- Only a **system**, **service** and **service_ext** key can be used to fetch auth modules.\n\n\n|              **Headers**                     |\n|----------------------------------------------|\n\n### licensekey (required)\nLicense key encrypted with ECDSA\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n\n|            **Parameters**                    |\n|----------------------------------------------|\n\n\nNo Parameters\n\n\n\n|            **Returns**                    |\n|-------------------------------------------|\n\nReturns all auth modules, encrypted with ECDSA and public key. <br />\nThis API throw an error if something goes wrong.\n",
        "tags": [
          "Auth Module"
        ],
        "security": [
          {
            "keyId": []
          },
          {
            "keySecret": []
          },
          {
            "license": []
          }
        ],
        "parameters": [
          {
            "in": "path",
            "name": "tenantId",
            "required": true,
            "schema": {
              "type": "string",
              "example": "xxxxxxxxxx"
            }
          },
          {
            "in": "path",
            "name": "communityId",
            "required": true,
            "schema": {
              "type": "string",
              "example": "xxxxxxxxxxxxxxxxxxxxxxxx"
            }
          },
          {
            "name": "licensekey",
            "in": "header",
            "description": "License key encrypted with ECDSA / Try Authorize &#128274;",
            "required": true,
            "schema": {
              "type": "string",
              "example": "Do not enter anything, use 'Authorize' fields"
            }
          },
          {
            "name": "requestid",
            "in": "header",
            "description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize &#128274;",
            "required": true,
            "schema": {
              "type": "string",
              "example": "Do not enter anything, use 'Authorize' fields"
            }
          },
          {
            "name": "publickey",
            "in": "header",
            "description": "Public Key  / Try Authorize &#128274;",
            "required": true,
            "schema": {
              "type": "string",
              "example": "Do not enter anything, use 'Authorize' fields"
            }
          }
        ],
        "requestBody": {
          "description": "request body\n\n```\n{\n   \"moduleIds\": []  //optional\n}\n```\n",
          "content": {
            "application/json": {
              "schema": {
                "type": "object"
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "Success\n\npublicKey is publicKey of User Management API, useful for decryption response\n\ndata is ECDSA encrypted object represents auth modules:\n\n```\n{\n    \"modules\": [\n        {\n            \"_id\": \"ObjectID\",\n            \"communityId\": \"ObjectID\",\n            \"type\": \"db\",\n            \"subtype\": \"datastore\",\n            \"method\": \"authn\",\n            \"name\": \"Auth Module Name\",\n            \"enabled\": true,\n            \"lastEnabledAt\": \"date optional\",\n            \"enhanced_security_on\": false,\n            \"mode\": \"broker/direct\",\n            \"config\": {}             // see below config response samples\n        }\n    ]\n}\n```\n\nconfig object for type **ad** or **ldap**:\n```\n{\n      \"hosts\": [{\n          \"server\": \"string\",\n          \"port\": \"string\",\n          \"lastSuccessAt\": date,\n          \"lastNotifiedAt\": date\n      }],\n      \"hostTimeoutSeconds\": \"number optional - default = 10s\",\n      \"hostRetryAfterMinutes\": \"number optional - default = 30m\",\n      \"serverprotocol\": \"ldap\",\n      \"server\": \"string\",\n      \"serverport\": \"string\",\n      \"binddn\": \"string\",\n      \"bindpassword\": \"string\",\n      \"basedn\": \"string\",\n      \"securityauthentication\": \"Simple\",\n      \"forcePasswordResetEnabled\": false,\n      \"filter\": \"string\",\n      \"serviceacctreadonly\": true,\n      \"scepenabled\": \"boolean optional\",\n      \"scepurl\": \"string optional\",\n      \"challengeurl\": \"string optional\",\n      \"scepagent\": \"string optional\",\n      \"cert_enabled\": \"boolean optional\",\n      \"cert_template\": \"string optional\", // Alphabets, numerals, spaces, special characters allowed\n      \"dc_dns\": \"string optional\",  // DNS names can contain only alphabetic characters (A-Z, a-z), numeric characters (0-9), the minus sign (-), and the period (.)\n      \"dc_ca\": \"string optional\", // up to 64 characters, ANSI character set\n      \"ldapqueryfilter\": \"string optional\",\n      \"transformationJSB64\": \"string optional\",\n      \"logfilesizemb\": number,          // it's only for BROKER\n      \"logfilecount\": number,           // it's only for BROKER\n      \"modified_at\": date,              // it's only for BROKER\n      \"etag\": uuid,                     // it's only for BROKER\n      \"notificationAfterNoOfMinsDisconnect\": \"number optional\", // default 5\n      \"brokerDisconnectNotificationTo\": \"array optional\",\n      \"brokerNotificationsEnabled\": \"boolean optional\",        // default false\n      \"hostStatusChangeNotificationsTo\": \"array optional\",\n      \"hostStatusChangeNotificationsEnabled\": \"boolean optional\",         // default false\n      \"passwordPolicy\": {\n         \"authtype\": \"string required\", // Face | Fingerprint\n         \"allowed\": boolean required,\n         \"rules\": {\n         \t\"min\": \"number required\",\n         \t\"min_enabled\": boolean required,\n         \t\"min_special\": \"number required\",\n         \t\"min_special_enabled\": boolean required,\n         \t\"min_numbers\": \"number required\",\n         \t\"min_numbers_enabled\": boolean required,\n         \t\"special_chars_allowed\": \"string required\",\n         \t\"special_chars_allowed_enabled\": boolean required,\n         \t\"min_alpha_caps\": \"number required\",\n         \t\"min_alpha_caps_enabled\": boolean required,\n         \t\"noUsername\": boolean required,\n         \t\"noUsername_enabled\": boolean required,\n         \t\"allowInRow\": \"number required\",\n         \t\"allowInRow_enabled\": boolean required\n         },\n         \"descriptions\": [\n             \"string required\"\n         ]\n      }\n}\n```\n\nconfig object for type **azuread**:\n```\n{\n      \"appName\": \"string\",\n      \"tenantId\": \"string\",\n      \"tenantName\": \"string\",\n      \"clientId\": \"string\",\n      \"clientSecret\": \"string\",\n      \"loginBasePath\": \"string\",\n      \"graphApiBasePath\": \"string\"\n}\n```\n\nconfig for type **db**:\n```\n{\n      \"passwordPolicy\": {\n         \"authtype\": \"string required\", // Face | Fingerprint\n         \"allowed\": boolean required,\n         \"rules\": {\n         \t\"min\": \"number required\",\n         \t\"min_enabled\": boolean required,\n         \t\"min_special\": \"number required\",\n         \t\"min_special_enabled\": boolean required,\n         \t\"min_numbers\": \"number required\",\n         \t\"min_numbers_enabled\": boolean required,\n         \t\"special_chars_allowed\": \"string required\",\n         \t\"special_chars_allowed_enabled\": boolean required,\n         \t\"min_alpha_caps\": \"number required\",\n         \t\"min_alpha_caps_enabled\": boolean required,\n         \t\"noUsername\": boolean required,\n         \t\"noUsername_enabled\": boolean required,\n         \t\"allowInRow\": \"number required\",\n         \t\"allowInRow_enabled\": boolean required\n         },\n         \"descriptions\": [\n             \"string required\"\n         ]\n      }\n}\n```\n",
            "content": {
              "application/json": {
                "schema": {
                  "$ref": "#/components/schemas/AuthModulesFetchResponse"
                }
              }
            }
          },
          "400": {
            "description": "Invalid request"
          },
          "401": {
            "description": "Unauthorized"
          },
          "404": {
            "description": "Not found"
          }
        }
      }
    },
    "/tenant/{tenantId}/community/{communityId}/module/{moduleId}/update-hosts-status": {
      "post": {
        "summary": "Update auth module hosts status",
        "description": "Update the status of hosts in an auth module.",
        "tags": [
          "Auth Module"
        ],
        "security": [
          {
            "keyId": []
          },
          {
            "keySecret": []
          },
          {
            "license": []
          }
        ],
        "parameters": [
          {
            "in": "path",
            "name": "tenantId",
            "required": true,
            "schema": {
              "type": "string",
              "example": "xxxxxxxxxxxxxxxxxxxxxxxx"
            }
          },
          {
            "in": "path",
            "name": "communityId",
            "required": true,
            "schema": {
              "type": "string",
              "example": "xxxxxxxxxxxxxxxxxxxxxxxx"
            }
          },
          {
            "in": "path",
            "name": "moduleId",
            "required": true,
            "schema": {
              "type": "string",
              "example": "xxxxxxxxxxxxxxxxxxxxxxxx"
            }
          },
          {
            "name": "licensekey",
            "in": "header",
            "required": true,
            "schema": {
              "type": "string",
              "example": "Do not enter anything, use 'Authorize' fields"
            }
          },
          {
            "name": "requestid",
            "in": "header",
            "required": true,
            "schema": {
              "type": "string",
              "example": "Do not enter anything, use 'Authorize' fields"
            }
          },
          {
            "name": "publickey",
            "in": "header",
            "required": true,
            "schema": {
              "type": "string",
              "example": "Do not enter anything, use 'Authorize' fields"
            }
          }
        ],
        "requestBody": {
          "required": true,
          "content": {
            "application/json": {
              "schema": {
                "type": "object",
                "required": [
                  "data"
                ],
                "properties": {
                  "data": {
                    "type": "object",
                    "required": [
                      "hosts",
                      "app_name",
                      "app_id"
                    ],
                    "properties": {
                      "hosts": {
                        "type": "object",
                        "required": [
                          "attempts"
                        ],
                        "properties": {
                          "attempts": {
                            "type": "array",
                            "items": {
                              "type": "object",
                              "required": [
                                "host",
                                "status",
                                "ts"
                              ],
                              "properties": {
                                "host": {
                                  "type": "object",
                                  "required": [
                                    "server",
                                    "port"
                                  ],
                                  "properties": {
                                    "server": {
                                      "type": "string",
                                      "example": "ldap.example.com"
                                    },
                                    "port": {
                                      "type": "string",
                                      "example": "389"
                                    }
                                  }
                                },
                                "status": {
                                  "type": "string",
                                  "example": "failed"
                                },
                                "ts": {
                                  "type": "string",
                                  "format": "date-time",
                                  "example": "2025-12-05T10:30:00Z"
                                }
                              }
                            }
                          }
                        }
                      },
                      "app_name": {
                        "type": "string",
                        "example": "My Application"
                      },
                      "app_id": {
                        "type": "string",
                        "example": "app-123456"
                      }
                    }
                  }
                }
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "Success",
            "content": {
              "application/json": {
                "schema": {
                  "type": "object",
                  "properties": {
                    "message": {
                      "type": "string",
                      "example": "success"
                    }
                  }
                }
              }
            }
          },
          "400": {
            "description": "Bad Request - Invalid input data"
          },
          "401": {
            "description": "Unauthorized - Invalid credentials"
          },
          "404": {
            "description": "Not Found - Auth module not found"
          }
        }
      }
    },
    "/tenant/{tenantId}/community/{communityId}/module/{moduleId}/pwd-policy": {
      "get": {
        "summary": "Get password policy by moduleId.",
        "description": "Get password policy by moduleId. <br />\n- Any license. <br />\n\n|            **Returns**                    |\n|-------------------------------------------|\n\nPassword policy rules with descriptions.<br />\nThis API throw an error if something goes wrong.\n",
        "tags": [
          "Auth Module"
        ],
        "parameters": [
          {
            "in": "path",
            "name": "tenantId",
            "required": true,
            "schema": {
              "type": "string",
              "example": "xxxxxxxxxx"
            }
          },
          {
            "in": "path",
            "name": "communityId",
            "required": true,
            "schema": {
              "type": "string",
              "example": "xxxxxxxxxxxxxxxxxxxxxxxx"
            }
          },
          {
            "in": "path",
            "name": "moduleId",
            "required": true,
            "schema": {
              "type": "string",
              "example": "xxxxxxxxxxxxxxxxxxxxxxxx"
            }
          },
          {
            "name": "requestid",
            "in": "header",
            "description": "JSON string",
            "schema": {
              "type": "string"
            }
          }
        ],
        "responses": {
          "200": {
            "description": "Success\n\ndata is an object which returns rules and descriptions:\n\n```\n{\n      \"passwordPolicy\": {\n         \"authtype\": \"string required\", // Face | Fingerprint\n         \"allowed\": boolean required,\n         \"rules\": {\n         \t\"min\": \"number required\",\n         \t\"min_enabled\": boolean required,\n         \t\"min_special\": \"number required\",\n         \t\"min_special_enabled\": boolean required,\n         \t\"min_numbers\": \"number required\",\n         \t\"min_numbers_enabled\": boolean required,\n         \t\"special_chars_allowed\": \"string required\",\n         \t\"special_chars_allowed_enabled\": boolean required,\n         \t\"min_alpha_caps\": \"number required\",\n         \t\"min_alpha_caps_enabled\": boolean required,\n         \t\"noUsername\": boolean required,\n         \t\"noUsername_enabled\": boolean required,\n         \t\"allowInRow\": \"number required\",\n         \t\"allowInRow_enabled\": boolean required\n         },\n         \"descriptions\": [\n             \"string required\"\n         ]\n      }\n}\n```\n",
            "content": {
              "application/json": {
                "schema": {
                  "$ref": "#/components/schemas/AuthModPwdPolicyResponse"
                }
              }
            }
          },
          "400": {
            "description": "Bad request, Auth Module type not Supported"
          },
          "404": {
            "description": "Module Not found"
          }
        }
      }
    },
    "/v2/tenant/{tenantId}/community/{communityId}/user/lock": {
      "put": {
        "summary": "lock a user account.",
        "description": "lock a user account.<br />\n- Only a **system** and **service** key can be used to lock a user.\n\n|              **Headers**                     |\n|----------------------------------------------|\n\n### licensekey (required)\nLicense key encrypted with ECDSA\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n|            **Request Body**                  |\n|----------------------------------------------|\n\n\n### userId (required)\nuserId. <br />\n\n### message (optinal)\nmessage: 'Admin Action'. <br />\n\n### initiatedby (required)\ninitiatedby: [Admin userId] <br />\n\n### expiryInMunites (optional)\nexpiryInMunites: Auto expiry time // expiryInMunites must be greater than current time.\nIf Admin dont want to set auto expiry time then pass 0  <br />\n\n|            **Returns**                    |\n|-------------------------------------------|\n\nReturns success message response. <br />\nThis API throw an error if something goes wrong.\n",
        "tags": [
          "Account Lockout V2"
        ],
        "security": [
          {
            "keyId": []
          },
          {
            "keySecret": []
          },
          {
            "license": []
          }
        ],
        "parameters": [
          {
            "in": "path",
            "name": "tenantId",
            "description": "ID of tenant",
            "required": true,
            "schema": {
              "type": "string",
              "example": "xxxxxxxxxx"
            }
          },
          {
            "in": "path",
            "name": "communityId",
            "required": true,
            "description": "ID of community",
            "schema": {
              "type": "string",
              "example": "xxxxxxxxxxxxxxxxxxxxxxxx"
            }
          },
          {
            "name": "licensekey",
            "in": "header",
            "description": "License key encrypted with ECDSA / Try Authorize &#128274;",
            "required": true,
            "schema": {
              "type": "string",
              "example": "Do not enter anything, use 'Authorize' fields"
            }
          },
          {
            "name": "requestid",
            "in": "header",
            "description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize &#128274;",
            "required": true,
            "schema": {
              "type": "string",
              "example": "Do not enter anything, use 'Authorize' fields"
            }
          },
          {
            "name": "publickey",
            "in": "header",
            "description": "Public Key  / Try Authorize &#128274;",
            "required": true,
            "schema": {
              "type": "string",
              "example": "Do not enter anything, use 'Authorize' fields"
            }
          }
        ],
        "requestBody": {
          "description": "Request body contains below fields to lock user.\n\n```\n{\n    \"userId\": \"string required\",\n    \"message\": \"string optinal\",   // ['Admin Action']\n    \"initiatedby\": \"string required\",\n    \"expiryInMunites\": 60\n\n}\n```\n",
          "content": {
            "application/json": {
              "schema": {
                "$ref": "#/components/schemas/LockUserAccountRequest"
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "Success\n",
            "content": {
              "application/json": {
                "schema": {
                  "$ref": "#/components/schemas/LockUnlockUserAccountResponse"
                }
              }
            }
          },
          "400": {
            "description": "Invalid request"
          },
          "401": {
            "description": "Unauthorized"
          },
          "404": {
            "description": "Not Found"
          }
        }
      }
    },
    "/v2/tenant/{tenantId}/community/{communityId}/user/unlock": {
      "put": {
        "summary": "unlock a user account.",
        "description": "unlock a user.<br />\n- Only a **system** and **service** key can be used to unlock a user.\n\n|              **Headers**                     |\n|----------------------------------------------|\n\n### licensekey (required)\nLicense key encrypted with ECDSA\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n|            **Request Body**                  |\n|----------------------------------------------|\n\n### userId (required)\nuserId. <br />\n\n### message (optinal)\nmessage: 'Admin Action'.\n\n### initiatedby (required)\ninitiatedby: [system] <br />\n\n\n|            **Returns**                    |\n|-------------------------------------------|\n\nReturns success response. <br />\nThis API throw an error if something goes wrong.\n",
        "tags": [
          "Account Lockout V2"
        ],
        "security": [
          {
            "keyId": []
          },
          {
            "keySecret": []
          },
          {
            "license": []
          }
        ],
        "parameters": [
          {
            "in": "path",
            "name": "tenantId",
            "description": "ID of tenant",
            "required": true,
            "schema": {
              "type": "string",
              "example": "xxxxxxxxxx"
            }
          },
          {
            "in": "path",
            "name": "communityId",
            "required": true,
            "description": "ID of community",
            "schema": {
              "type": "string",
              "example": "xxxxxxxxxxxxxxxxxxxxxxxx"
            }
          },
          {
            "name": "licensekey",
            "in": "header",
            "description": "License key encrypted with ECDSA / Try Authorize &#128274;",
            "required": true,
            "schema": {
              "type": "string",
              "example": "Do not enter anything, use 'Authorize' fields"
            }
          },
          {
            "name": "requestid",
            "in": "header",
            "description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize &#128274;",
            "required": true,
            "schema": {
              "type": "string",
              "example": "Do not enter anything, use 'Authorize' fields"
            }
          },
          {
            "name": "publickey",
            "in": "header",
            "description": "Public Key  / Try Authorize &#128274;",
            "required": true,
            "schema": {
              "type": "string",
              "example": "Do not enter anything, use 'Authorize' fields"
            }
          }
        ],
        "requestBody": {
          "description": "Request body contains below fields to lock user.\n\n```\n{\n    \"userId\": \"string required\",\n    \"message\": \"string optinal\"    // ['Admin Action']\n    \"initiatedby\": \"string required\"\n}\n```\n",
          "content": {
            "application/json": {
              "schema": {
                "$ref": "#/components/schemas/UnlockUserAccountRequest"
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "Success\n",
            "content": {
              "application/json": {
                "schema": {
                  "$ref": "#/components/schemas/LockUnlockUserAccountResponse"
                }
              }
            }
          },
          "400": {
            "description": "Invalid request"
          },
          "401": {
            "description": "Unauthorized"
          },
          "404": {
            "description": "Not Found"
          }
        }
      }
    },
    "/v2/tenant/{tenantId}/community/{communityId}/user/lock/status": {
      "post": {
        "summary": "get user account status.",
        "description": "get user status.<br />\n- Only a **system** and **service** key can be used to fetch a user status.\n\n|              **Headers**                     |\n|----------------------------------------------|\n\n### licensekey (required)\nLicense key encrypted with ECDSA\n\n### requestid (required)\nJSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now\n\n### publickey (required)\nPublic key\n\n|            **Request Body**                  |\n|----------------------------------------------|\n\n\n### userId (required)\nuserId. <br />\n\n|            **Returns**                    |\n|-------------------------------------------|\n\nReturns get user statuses response. <br />\nThis API throw an error if something goes wrong.\n",
        "tags": [
          "Account Lockout V2"
        ],
        "security": [
          {
            "keyId": []
          },
          {
            "keySecret": []
          },
          {
            "license": []
          }
        ],
        "parameters": [
          {
            "in": "path",
            "name": "tenantId",
            "description": "ID of tenant",
            "required": true,
            "schema": {
              "type": "string",
              "example": "xxxxxxxxxx"
            }
          },
          {
            "in": "path",
            "name": "communityId",
            "required": true,
            "description": "ID of community",
            "schema": {
              "type": "string",
              "example": "xxxxxxxxxxxxxxxxxxxxxxxx"
            }
          },
          {
            "name": "licensekey",
            "in": "header",
            "description": "License key encrypted with ECDSA / Try Authorize &#128274;",
            "required": true,
            "schema": {
              "type": "string",
              "example": "Do not enter anything, use 'Authorize' fields"
            }
          },
          {
            "name": "requestid",
            "in": "header",
            "description": "JSON string encrypted with ECDSA which should contain \"appid\" (string), \"uuid\" (string) and \"ts\" (number) representing epoch timestamp in seconds - it shouldn't be more or less than 'environment.allowed_time_span' seconds from now / Try Authorize &#128274;",
            "required": true,
            "schema": {
              "type": "string",
              "example": "Do not enter anything, use 'Authorize' fields"
            }
          },
          {
            "name": "publickey",
            "in": "header",
            "description": "Public Key  / Try Authorize &#128274;",
            "required": true,
            "schema": {
              "type": "string",
              "example": "Do not enter anything, use 'Authorize' fields"
            }
          }
        ],
        "requestBody": {
          "description": "Request body contains below fields to lock user.\n\n```\n{\n    \"userId\": \"string required\"\n}\n```\n",
          "content": {
            "application/json": {
              "schema": {
                "$ref": "#/components/schemas/GetUserStatusRequestv2"
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "Success\n\nget user status:\n```\n{\n    \"_id\": \"xxxxxxxxxxxx\",\n    \"tenantId\": \"xxxxxxxxxx\",\n    \"communityId\": \"xxxxxxxxxx\",\n    \"userId\": \"xxxxxxxxxx\",\n    \"lockedAt\": \"2023-10-03T14:38:49.708Z\"\n    \"lockedBy\": \"xxxxxxxxxx\",\n    \"locked\": true,\n    \"message\": \"xxxxxxxxxxx\",\n    \"expiryDate\" : \"2023-10-03T14:59:56.844Z\",\n    \"updatedAt\": \"2023-10-03T14:38:49.708Z\",\n}\n```\n",
            "content": {
              "application/json": {
                "schema": {
                  "$ref": "#/components/schemas/GetUserStatusResponseV2"
                }
              }
            }
          },
          "400": {
            "description": "Invalid request"
          },
          "401": {
            "description": "Unauthorized"
          },
          "404": {
            "description": "Not Found"
          }
        }
      }
    }
  },
  "components": {
    "schemas": {
      "PublicKeyResponse": {
        "type": "object",
        "properties": {
          "publicKey": {
            "type": "string"
          }
        },
        "example": {
          "publicKey": ""
        }
      },
      "HealthzResponse": {
        "type": "object",
        "properties": {
          "status": {
            "type": "string"
          },
          "publicKey": {
            "type": "string"
          },
          "code": {
            "type": "string"
          },
          "version": {
            "type": "string"
          }
        },
        "example": {
          "status": "all services operational",
          "publicKey": "//same as <service>/publickeys endpoint",
          "code": "200",
          "version": "xxxx.xxxx.xxxx"
        }
      },
      "EcdsaEncryptDecryptRequest": {
        "type": "object",
        "properties": {
          "dataStr": {
            "type": "string"
          },
          "publicKey": {
            "type": "string"
          },
          "privateKey": {
            "type": "string"
          }
        },
        "example": {
          "dataStr": "Hey, This is example data string.",
          "publicKey": "xxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxx=",
          "privateKey": "xxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxx="
        }
      },
      "EcdsaEncryptDecryptResponse": {
        "type": "object",
        "properties": {
          "data": {
            "type": "string"
          }
        },
        "example": {
          "data": "xxxxxxxxxxxxxxxxxxxx"
        }
      },
      "ServiceKeysResponse": {
        "type": "array",
        "description": "Service keys array",
        "items": {
          "type": "object",
          "required": [
            "tag",
            "keyId",
            "keySecret",
            "type"
          ],
          "properties": {
            "tag": {
              "type": "string",
              "description": "service ecdsa"
            },
            "keyId": {
              "type": "string",
              "description": "ecdsa publicKey"
            },
            "keySecret": {
              "type": "string",
              "description": "ecdsa private key"
            },
            "type": {
              "type": "string",
              "description": "default = ecdsa | hawk"
            }
          },
          "example": {
            "tag": "xxxxx",
            "keyId": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxx",
            "keySecret": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxx",
            "type": "xxxxx"
          }
        }
      },
      "JwtVerifyTokenRequest": {
        "type": "object",
        "properties": {
          "token": {
            "type": "string"
          }
        },
        "example": {
          "token": "xxxx"
        }
      },
      "JwtVerifyTokenResponse": {
        "type": "object"
      },
      "SystemUserCreateRequest": {
        "type": "object",
        "properties": {
          "data": {
            "type": "string"
          }
        },
        "example": {
          "data": "xxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxx="
        }
      },
      "SystemUserCreateResponse": {
        "type": "object",
        "properties": {
          "data": {
            "type": "string"
          }
        },
        "example": {
          "data": "xxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxx="
        }
      },
      "SystemUserUpdateRequest": {
        "type": "object",
        "properties": {
          "tenantId": {
            "type": "string"
          },
          "status": {
            "type": "string"
          },
          "firstname": {
            "type": "string"
          },
          "middlename": {
            "type": "string"
          },
          "lastname": {
            "type": "string"
          },
          "email1": {
            "type": "string"
          },
          "email1_verified": {
            "type": "string"
          },
          "email2": {
            "type": "string"
          },
          "email2_verified": {
            "type": "string"
          },
          "phone1": {
            "type": "string"
          },
          "phone1_verified": {
            "type": "string"
          },
          "address": {
            "type": "string"
          },
          "address_verified": {
            "type": "string"
          },
          "disabled": {
            "type": "string"
          },
          "roleValue": {
            "type": "string"
          }
        },
        "example": {
          "tenantId": "xxxxxxxxxx",
          "status": "xxxxxx",
          "firstname": "xxxxxxxx",
          "middlename": "xxxxxxxx",
          "lastname": "xxxxxxxx",
          "email1": "xxxxx@xxxxxxxx.xxx",
          "email1_verified": true,
          "email2": "xxxxx@xxxxxxxx.xxx",
          "email2_verified": true,
          "phone1": "xxxxxxxxxx",
          "phone1_verified": true,
          "address": {},
          "address_verified": false,
          "disabled": false,
          "roleValue": "xxxxxx"
        }
      },
      "SystemUserUpdateResponse": {
        "type": "object",
        "properties": {
          "uid": {
            "type": "string"
          },
          "tenantId": {
            "type": "string"
          },
          "communityId": {
            "type": "string"
          },
          "username": {
            "type": "string"
          },
          "type": {
            "type": "string"
          },
          "roleValue": {
            "type": "string"
          },
          "status": {
            "type": "string"
          },
          "firstname": {
            "type": "string"
          },
          "middlename": {
            "type": "string"
          },
          "lastname": {
            "type": "string"
          },
          "email1": {
            "type": "string"
          },
          "email1_verified": {
            "type": "string"
          },
          "email2": {
            "type": "string"
          },
          "email2_verified": {
            "type": "string"
          },
          "phone1": {
            "type": "string"
          },
          "phone1_verified": {
            "type": "string"
          },
          "address": {
            "type": "string"
          },
          "address_verified": {
            "type": "string"
          },
          "disabled": {
            "type": "string"
          }
        },
        "example": {
          "uid": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
          "tenantId": "xxxxxxxxxx",
          "communityId": "xxxxxxxxxxxxxxxxxxxxxxxx",
          "username": "xxxxxx",
          "type": "xxxxx",
          "roleValue": "xxxxx",
          "status": "xxxxxx",
          "firstname": "xxxxxxxx",
          "middlename": "xxxxxxxx",
          "lastname": "xxxxxxxx",
          "email1": "xxxxx@xxxxxxxx.xxx",
          "email1_verified": true,
          "email2": "xxxxx@xxxxxxxx.xxx",
          "email2_verified": true,
          "phone1": "xxxxxxxxxx",
          "phone1_verified": true,
          "address": {},
          "address_verified": false,
          "disabled": false
        }
      },
      "SystemUserAuthenticateRequest": {
        "type": "object",
        "properties": {
          "data": {
            "type": "string"
          }
        },
        "example": {
          "data": "xxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxx="
        }
      },
      "SystemUserAuthenticateResponse": {
        "type": "object",
        "properties": {
          "status": {
            "type": "boolean"
          }
        },
        "example": {
          "status": true
        }
      },
      "SystemUserChangePasswordRequest": {
        "type": "object",
        "properties": {
          "data": {
            "type": "string"
          }
        },
        "example": {
          "data": "xxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxx="
        }
      },
      "FetchSystemUsersRequest": {
        "type": "object",
        "properties": {
          "pIndex": {
            "type": "number"
          },
          "pSize": {
            "type": "number"
          },
          "query": {
            "type": "object"
          },
          "attributes": {
            "type": "array"
          },
          "authModule": {
            "type": "string"
          }
        },
        "example": {
          "pIndex": 0,
          "pSize": 25,
          "query": {},
          "attributes": [],
          "authModule": "xxxxxxxxxxx"
        }
      },
      "FetchSystemUsersResponse": {
        "type": "object",
        "properties": {
          "page": {
            "type": "object",
            "properties": {
              "index": {
                "type": "number",
                "description": "Current page index"
              },
              "total": {
                "type": "number",
                "description": "Total number of records in database"
              },
              "size": {
                "type": "number",
                "description": "Total count in this response"
              }
            }
          },
          "data": {
            "type": "array",
            "items": {
              "properties": {
                "username": {
                  "type": "string"
                },
                "uid": {
                  "type": "string"
                },
                "dguid": {
                  "type": "string"
                },
                "status": {
                  "type": "string"
                },
                "roleValue": {
                  "type": "string"
                },
                "type": {
                  "type": "string"
                },
                "moduleId": {
                  "type": "string"
                },
                "onboarding_status": {
                  "type": "string"
                },
                "email": {
                  "type": "string"
                },
                "firstname": {
                  "type": "string"
                },
                "lastname": {
                  "type": "string"
                },
                "phone": {
                  "type": "string"
                }
              }
            }
          }
        },
        "example": {
          "page": {
            "index": 0,
            "total": 50,
            "size": 25
          },
          "data": [
            {
              "username": "xxxxx",
              "uid": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
              "dguid": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
              "status": "xxxxxx",
              "roleValue": "xxxxx",
              "type": "xxxxx",
              "moduleId": "xxxxxx",
              "onboarding_status": "tbd",
              "email": "xxxxxx",
              "firstname": "xxxxxx",
              "lastname": "xxxxxx",
              "phone": "xxxxxx"
            }
          ]
        }
      },
      "CreateBulkUsersRequest": {
        "type": "object",
        "properties": {
          "authModule": {
            "type": "string"
          },
          "users": {
            "type": "array"
          }
        },
        "example": {
          "authModule": "xxxxxxxxxxxxxxxxxxxxxxxx",
          "users": [
            {
              "username": "string",
              "password": "string",
              "status": "string",
              "firstname": "string",
              "middlename": "string-optional",
              "lastname": "string",
              "email1": "string",
              "email1_verified": true,
              "email2": "string-optional",
              "email2_verified": true,
              "phone1": "string-only-digits",
              "phone1_verified": true,
              "address": {},
              "address_verified": true,
              "disabled": false,
              "idpId": "string"
            }
          ]
        }
      },
      "CreateBulkUsersResponse": {
        "type": "object",
        "properties": {
          "requested": {
            "type": "number"
          },
          "created": {
            "type": "number"
          },
          "failed": {
            "type": "number"
          },
          "errors": {
            "type": "array"
          }
        },
        "example": {
          "requested": 10,
          "created": 10,
          "failed": 0,
          "errors": []
        }
      },
      "UserUpdateRequest": {
        "type": "object",
        "properties": {
          "authModule": {
            "type": "string"
          },
          "username": {
            "type": "string"
          },
          "type": {
            "type": "string"
          },
          "status": {
            "type": "string"
          },
          "firstname": {
            "type": "string"
          },
          "middlename": {
            "type": "string"
          },
          "lastname": {
            "type": "string"
          },
          "email1": {
            "type": "string"
          },
          "email1_verified": {
            "type": "string"
          },
          "email2": {
            "type": "string"
          },
          "email2_verified": {
            "type": "string"
          },
          "phone1": {
            "type": "string"
          },
          "phone1_verified": {
            "type": "string"
          },
          "address": {
            "type": "string"
          },
          "address_verified": {
            "type": "string"
          },
          "disabled": {
            "type": "string"
          }
        },
        "example": {
          "authModule": "xxxxxxxxxxxxxxxxxxxxxxxx",
          "username": "xxxxx",
          "status": "xxxxxx",
          "firstname": "xxxxxxxx",
          "middlename": "xxxxxxxx",
          "lastname": "xxxxxxxx",
          "email1": "xxxxx@xxxxxxxx.xxx",
          "email1_verified": true,
          "email2": "xxxxx@xxxxxxxx.xxx",
          "email2_verified": true,
          "phone1": "xxxxxxxxxx",
          "phone1_verified": true,
          "address": {},
          "address_verified": false,
          "disabled": false
        }
      },
      "UserUpdateResponse": {
        "type": "object",
        "properties": {
          "uid": {
            "type": "string"
          },
          "tenantId": {
            "type": "string"
          },
          "communityId": {
            "type": "string"
          },
          "username": {
            "type": "string"
          },
          "type": {
            "type": "string"
          },
          "roleValue": {
            "type": "string"
          },
          "status": {
            "type": "string"
          },
          "firstname": {
            "type": "string"
          },
          "middlename": {
            "type": "string"
          },
          "lastname": {
            "type": "string"
          },
          "email1": {
            "type": "string"
          },
          "email1_verified": {
            "type": "string"
          },
          "email2": {
            "type": "string"
          },
          "email2_verified": {
            "type": "string"
          },
          "phone1": {
            "type": "string"
          },
          "phone1_verified": {
            "type": "string"
          },
          "address": {
            "type": "string"
          },
          "address_verified": {
            "type": "string"
          },
          "disabled": {
            "type": "string"
          },
          "urn": {
            "type": "string"
          }
        },
        "example": {
          "uid": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
          "tenantId": "xxxxxxxxxx",
          "communityId": "xxxxxxxxxxxxxxxxxxxxxxxx",
          "username": "xxxxxx",
          "type": "xxxxx",
          "roleValue": "xxxxx",
          "status": "xxxxxx",
          "firstname": "xxxxxxxx",
          "middlename": "xxxxxxxx",
          "lastname": "xxxxxxxx",
          "email1": "xxxxx@xxxxxxxx.xxx",
          "email1_verified": true,
          "email2": "xxxxx@xxxxxxxx.xxx",
          "email2_verified": true,
          "phone1": "xxxxxxxxxx",
          "phone1_verified": true,
          "address": {},
          "address_verified": false,
          "disabled": false,
          "urn": "xxx:xxx:xxxxxxxxxxxx:xxx:xxxxxxxxxxxxxxxxxxxx:xxx:xxxxxxxxxxxxxx:xxx:xxxxxxxxxxx:xxx:xxxxxxxxxxxx"
        }
      },
      "UserAuthenticateRequest": {
        "type": "object",
        "properties": {
          "data": {
            "type": "string"
          }
        },
        "example": {
          "data": "xxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxx="
        }
      },
      "UserAuthenticateResponse": {
        "type": "object",
        "properties": {
          "data": {
            "type": "object",
            "properties": {
              "username": {
                "type": "string"
              },
              "uid": {
                "type": "string"
              },
              "dguid": {
                "type": "string"
              },
              "status": {
                "type": "string"
              },
              "roleValue": {
                "type": "string"
              },
              "type": {
                "type": "string"
              },
              "moduleId": {
                "type": "string"
              },
              "onboarding_status": {
                "type": "string"
              }
            },
            "example": {
              "username": "xxxxxx",
              "uid": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
              "dguid": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
              "status": "xxxxxx",
              "roleValue": "xxxxx",
              "type": "xxxxx",
              "moduleId": "xxxxxx",
              "onboarding_status": "tbd",
              "email": "xxxxx",
              "firstname": "xxxxx",
              "lastname": "xxxxx",
              "phone": "xxxxx",
              "urn": "xxx:xxx:xxxxxxxxxxxx:xxx:xxxxxxxxxxxxxxxxxxxx:xxx:xxxxxxxxxxxxxx:xxx:xxxxxxxxxxx:xxx:xxxxxxxxxxxx",
              "proof_of_authentication_jwt": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
            }
          },
          "publicKey": {
            "type": "string",
            "example": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
          }
        }
      },
      "UsernamePasswordAuthenticateResponse": {
        "type": "object",
        "properties": {
          "data": {
            "type": "object",
            "properties": {
              "username": {
                "type": "string"
              },
              "moduleId": {
                "type": "string"
              },
              "proof_of_authentication_jwt": {
                "type": "string"
              }
            },
            "example": {
              "username": "xxxxxx",
              "moduleId": "xxxxxx",
              "proof_of_authentication_jwt": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
            }
          },
          "publicKey": {
            "type": "string",
            "example": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
          }
        }
      },
      "ScepCredentialsRequest": {
        "type": "object",
        "properties": {
          "data": {
            "type": "string"
          }
        },
        "example": {
          "authModule": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
          "username": "xxxxxxxxxx"
        }
      },
      "ScepCredentialsResponse": {
        "type": "object",
        "properties": {
          "scepCredentials": {
            "type": "string"
          }
        },
        "example": {
          "scepCredentials": {
            "certificate": "xxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxx=",
            "privatekey": "xxxxxxx/xxxxxxxxxxxxxxxxx=",
            "publickey": "xx/xxxxxxxxxxxxx="
          }
        }
      },
      "FetchUsersRequest": {
        "type": "object",
        "properties": {
          "authModule": {
            "type": "string"
          },
          "pIndex": {
            "type": "number"
          },
          "pSize": {
            "type": "number"
          },
          "query": {
            "type": "object"
          },
          "attributes": {
            "type": "array"
          },
          "includeBrokerConnectionId": {
            "type": "array"
          },
          "excludeBrokerConnectionId": {
            "type": "array"
          },
          "checkAliases": {
            "type": "boolean"
          },
          "includeProperties": {
            "type": "boolean"
          }
        },
        "example": {
          "authModule": "xxxxxxxxxxxxxxxxxxxxxxxx",
          "pIndex": 0,
          "pSize": 25,
          "query": {},
          "attributes": [],
          "includeBrokerConnectionId": [],
          "excludeBrokerConnectionId": [],
          "checkAliases": false,
          "includeProperties": false
        }
      },
      "FetchUsersResponse": {
        "type": "object",
        "properties": {
          "page": {
            "type": "object",
            "properties": {
              "index": {
                "type": "number",
                "description": "Current page index"
              },
              "total": {
                "type": "number",
                "description": "Total number of records in database"
              },
              "size": {
                "type": "number",
                "description": "Total count in this response"
              }
            }
          },
          "publicKey": {
            "type": "string"
          },
          "data": {
            "type": "array",
            "items": {
              "properties": {
                "username": {
                  "type": "string"
                },
                "uid": {
                  "type": "string"
                },
                "dguid": {
                  "type": "string"
                },
                "status": {
                  "type": "string"
                },
                "roleValue": {
                  "type": "string"
                },
                "type": {
                  "type": "string"
                },
                "moduleId": {
                  "type": "string"
                },
                "onboarding_status": {
                  "type": "string"
                },
                "email": {
                  "type": "string"
                },
                "firstname": {
                  "type": "string"
                },
                "lastname": {
                  "type": "string"
                },
                "phone": {
                  "type": "string"
                },
                "urn": {
                  "type": "string"
                },
                "typing_phrase": {
                  "type": "string"
                },
                "is_user_pin_enrolled": {
                  "type": "boolean"
                },
                "userProperties": {
                  "type": "object"
                }
              }
            }
          }
        },
        "example": {
          "page": {
            "index": 0,
            "total": 50,
            "size": 25
          },
          "publicKey": "xxxxxxx",
          "data": [
            {
              "username": "xxxxx",
              "uid": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
              "dguid": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
              "status": "xxxxxx",
              "roleValue": "xxxxx",
              "type": "xxxxx",
              "moduleId": "xxxxxx",
              "onboarding_status": "tbd",
              "email": "xxxxxx",
              "firstname": "xxxxxx",
              "lastname": "xxxxxx",
              "phone": "xxxxxx",
              "urn": "xxx:xxx:xxxxxxxxxxxx:xxx:xxxxxxxxxxxxxxxxxxxx:xxx:xxxxxxxxxxxxxx:xxx:xxxxxxxxxxx:xxx:xxxxxxxxxxxx",
              "typing_phrase": "xxx",
              "is_user_pin_enrolled": true,
              "userProperties": {
                "mobiles": [],
                "landlines": [],
                "aliases": {}
              }
            }
          ]
        }
      },
      "FetchSingleUserRequest": {
        "type": "object",
        "properties": {
          "authModule": {
            "type": "string"
          },
          "username": {
            "type": "string"
          },
          "attributes": {
            "type": "array"
          },
          "checkAliases": {
            "type": "boolean"
          },
          "do_transformation": {
            "type": "boolean"
          },
          "check_locks": {
            "type": "boolean"
          },
          "load_props": {
            "type": "boolean"
          },
          "includeProperties": {
            "type": "boolean"
          }
        },
        "example": {
          "authModule": "xxxxxxxxxxxxxxxxxxxxxxxx",
          "username": "",
          "attributes": [],
          "checkAliases": false,
          "do_transformation": true,
          "check_locks": true,
          "load_props": true,
          "includeProperties": false
        }
      },
      "FetchSingleUsersResponse": {
        "type": "object",
        "properties": {
          "data": {
            "type": "object",
            "items": {
              "properties": {
                "username": {
                  "type": "string"
                },
                "uid": {
                  "type": "string"
                },
                "dguid": {
                  "type": "string"
                },
                "status": {
                  "type": "string"
                },
                "roleValue": {
                  "type": "string"
                },
                "type": {
                  "type": "string"
                },
                "moduleId": {
                  "type": "string"
                },
                "onboarding_status": {
                  "type": "string"
                },
                "email": {
                  "type": "string"
                },
                "firstname": {
                  "type": "string"
                },
                "lastname": {
                  "type": "string"
                },
                "phone": {
                  "type": "string"
                },
                "urn": {
                  "type": "string"
                },
                "typing_phrase": {
                  "type": "string"
                },
                "is_user_pin_enrolled": {
                  "type": "boolean"
                },
                "userProperties": {
                  "type": "object"
                }
              }
            }
          }
        },
        "example": {
          "data": {
            "username": "xxxxx",
            "uid": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
            "dguid": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
            "status": "xxxxxx",
            "roleValue": "xxxxx",
            "type": "xxxxx",
            "moduleId": "xxxxxx",
            "onboarding_status": "tbd",
            "email": "xxxxxx",
            "firstname": "xxxxxx",
            "lastname": "xxxxxx",
            "phone": "xxxxxx",
            "urn": "xxx:xxx:xxxxxxxxxxxx:xxx:xxxxxxxxxxxxxxxxxxxx:xxx:xxxxxxxxxxxxxx:xxx:xxxxxxxxxxx:xxx:xxxxxxxxxxxx",
            "typing_phrase": "xxx",
            "is_user_pin_enrolled": true,
            "userProperties": {
              "mobiles": [],
              "landlines": [],
              "aliases": {}
            }
          }
        }
      },
      "UserChangePasswordRequest": {
        "type": "object",
        "properties": {
          "data": {
            "type": "string"
          }
        },
        "example": {
          "data": "xxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxx="
        }
      },
      "AdminUserChangePasswordRequest": {
        "type": "object",
        "properties": {
          "data": {
            "type": "string"
          }
        },
        "example": {
          "data": "xxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxx="
        }
      },
      "AuthModuleCreateRequest": {
        "type": "object",
        "properties": {
          "data": {
            "type": "string"
          }
        },
        "example": {
          "data": "xxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxx="
        }
      },
      "AuthModuleCreateResponse": {
        "type": "object",
        "properties": {
          "data": {
            "type": "string"
          }
        },
        "example": {
          "data": "xxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxx="
        }
      },
      "AuthModuleUpdateRequest": {
        "type": "object",
        "properties": {
          "data": {
            "type": "string"
          }
        },
        "example": {
          "data": "xxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxx="
        }
      },
      "AuthModuleUpdateResponse": {
        "type": "object",
        "properties": {
          "data": {
            "type": "string"
          }
        },
        "example": {
          "data": "xxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxx="
        }
      },
      "AuthModuleTestConnectionResponse": {
        "type": "object",
        "properties": {
          "data": {
            "type": "string"
          }
        },
        "example": {
          "data": "xxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxx="
        }
      },
      "AuthModuleGetResponse": {
        "type": "object",
        "properties": {
          "data": {
            "type": "string"
          }
        },
        "example": {
          "data": "xxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxx="
        }
      },
      "AuthModulesFetchResponse": {
        "type": "object",
        "properties": {
          "data": {
            "type": "string"
          }
        },
        "example": {
          "data": "xxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxx="
        }
      },
      "AuthModPwdPolicyResponse": {
        "type": "object",
        "properties": {
          "rules": {
            "type": "object",
            "properties": {
              "min": {
                "type": "number"
              },
              "special": {
                "type": "boolean"
              },
              "number": {
                "type": "boolean"
              },
              "noUsername": {
                "type": "boolean"
              },
              "noSpace": {
                "type": "boolean"
              },
              "allowInRow": {
                "type": "number"
              }
            }
          },
          "descriptions": null,
          "type": "array"
        },
        "example": {
          "data": "xxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxx="
        }
      },
      "UserAttributeCreateRequest": {
        "type": "object",
        "properties": {
          "attributes": {
            "type": "array"
          }
        },
        "example": {
          "attributes": [
            {
              "name": "xxxx",
              "attribute": "xxxx"
            }
          ]
        }
      },
      "UserAttributeCreateResponse": {
        "type": "object",
        "properties": {
          "created": {
            "type": "array"
          },
          "errors": {
            "type": "array"
          }
        },
        "example": {
          "created": [
            {
              "_id": "xxxxxxxxxxxxxxxxxxxxxxxx",
              "name": "xxxx",
              "attribute": "xxxx",
              "moduleId": "xxxxxxxxxxxxxxxxxxxxxxxx"
            },
            {
              "_id": "xxxxxxxxxxxxxxxxxxxxxxxx",
              "name": "xxxx",
              "attribute": "xxxx",
              "moduleId": "xxxxxxxxxxxxxxxxxxxxxxxx"
            }
          ],
          "errors": [
            {
              "code": 401,
              "message": "xxxxxxxxxxx"
            }
          ]
        }
      },
      "UserAttributeBulkUpdateRequest": {
        "type": "object",
        "properties": {
          "attributes": {
            "type": "array"
          }
        },
        "example": {
          "attributes": [
            {
              "id": "xxxx",
              "name": "xxxx",
              "attribute": "xxxx"
            }
          ]
        }
      },
      "UserAttributeBulkUpdateResponse": {
        "type": "object",
        "properties": {
          "created": {
            "type": "array"
          },
          "errors": {
            "type": "array"
          }
        },
        "example": {
          "updated": [
            {
              "_id": "xxxxxxxxxxxxxxxxxxxxxxxx",
              "name": "xxxx",
              "attribute": "xxxx",
              "moduleId": "xxxxxxxxxxxxxxxxxxxxxxxx"
            },
            {
              "_id": "xxxxxxxxxxxxxxxxxxxxxxxx",
              "name": "xxxx",
              "attribute": "xxxx",
              "moduleId": "xxxxxxxxxxxxxxxxxxxxxxxx"
            }
          ],
          "errors": [
            {
              "code": 401,
              "message": "xxxxxxxxxxx"
            }
          ]
        }
      },
      "UserAttributeUpdateRequest": {
        "type": "object",
        "properties": {
          "name": {
            "type": "string"
          },
          "attribute": {
            "type": "string"
          }
        },
        "example": {
          "name": "xxxx",
          "attribute": "xxxx"
        }
      },
      "UserAttributeUpdateResponse": {
        "type": "object",
        "properties": {
          "_id": {
            "type": "string"
          },
          "name": {
            "type": "string"
          },
          "attribute": {
            "type": "string"
          },
          "moduleId": {
            "type": "string"
          }
        },
        "example": {
          "_id": "xxxxxxxxxxxxxxxxxxxxxxxx",
          "name": "xxxx",
          "attribute": "xxxx",
          "moduleId": "xxxxxxxxxxxxxxxxxxxxxxxx"
        }
      },
      "UserAttributeFetchResponse": {
        "type": "array",
        "items": {
          "_id": "string",
          "name": "string",
          "attribute": "string",
          "moduleId": "string"
        },
        "example": [
          {
            "_id": "xxxxxxxxxxxxxxxxxxxxxxxx",
            "name": "xxxx",
            "attribute": "xxxx",
            "moduleId": "xxxxxxxxxxxxxxxxxxxxxxxx"
          }
        ]
      },
      "DirectoryAttributesRequest": {
        "type": "object",
        "properties": {
          "pIndex": {
            "type": "number"
          },
          "pSize": {
            "type": "number"
          }
        },
        "example": {
          "pIndex": 0,
          "pSize": 25
        }
      },
      "DirectoryAttributesResponse": {
        "type": "object",
        "properties": {
          "page": {
            "type": "object",
            "properties": {
              "index": {
                "type": "number",
                "description": "Current page index"
              },
              "total": {
                "type": "number",
                "description": "Total number of records in database"
              },
              "size": {
                "type": "number",
                "description": "Total count in this response"
              }
            }
          },
          "data": {
            "type": "array",
            "items": [
              "attr1",
              "attr2"
            ]
          }
        },
        "example": {
          "page": {
            "index": 0,
            "total": 50,
            "size": 25
          },
          "data": [
            "attr1",
            "attr2"
          ]
        }
      },
      "BrokerConnectionFetchResponse": {
        "type": "array",
        "items": {
          "_id": "string",
          "uid": "string",
          "name": "string",
          "communityId": "string",
          "authModuleId": "string",
          "enabled": "string",
          "authorized": "string",
          "connected": "string",
          "version": "string",
          "connectedAt": "datetime",
          "lastPingAt": "datetime",
          "lastDisconnectedAt": "datetime",
          "lastNotificationSentAt": "datetime",
          "ip": "string",
          "port": "string"
        },
        "example": [
          {
            "_id": "xxxxxxxxxxxxxxxxxxxxxxxx",
            "uid": "xxxxxxxxxxxxxxxxxxxxxxxx",
            "name": "xxxxxx",
            "communityId": "xxxxxxxxxxxxxxxxxxxxxxxx",
            "authModuleId": "xxxxxxxxxxxxxxxxxxxxxxxx",
            "enabled": true,
            "authorized": true,
            "connected": true,
            "version": "xxxxx",
            "connectedAt": "xxxx-xx-xxTxx:xx:xx.xxxx",
            "lastPingAt": "xxxx-xx-xxTxx:xx:xx.xxxx",
            "lastDisconnectedAt": "xxxx-xx-xxTxx:xx:xx.xxxx",
            "lastNotificationSentAt": "xxxx-xx-xxTxx:xx:xx.xxxx",
            "ip": "xxxxx",
            "port": "xxxxx"
          }
        ]
      },
      "BrokerConnectionStatusUpdateRequest": {
        "type": "object",
        "properties": {
          "uid": {
            "type": "string"
          },
          "enabled": {
            "type": "boolean"
          }
        },
        "example": {
          "uid": "xxxxxxxxxxxxxxxxxxxxxxxx",
          "enabled": true
        }
      },
      "BrokerConnectionStatusUpdateResponse": {
        "type": "object",
        "properties": {
          "_id": {
            "type": "string"
          },
          "uid": {
            "type": "string"
          },
          "name": {
            "type": "string"
          },
          "communityId": {
            "type": "string"
          },
          "authModuleId": {
            "type": "string"
          },
          "enabled": {
            "type": "boolean"
          },
          "authorized": {
            "type": "boolean"
          },
          "connected": {
            "type": "boolean"
          },
          "version": {
            "type": "string"
          },
          "connectedAt": {
            "type": "datetime"
          },
          "lastPingAt": {
            "type": "datetime"
          },
          "lastDisconnectedAt": {
            "type": "datetime"
          },
          "lastNotificationSentAt": {
            "type": "datetime"
          },
          "ip": {
            "type": "string"
          },
          "port": {
            "type": "string"
          }
        },
        "example": {
          "_id": "xxxxxxxxxxxxxxxxxxxxxxxx",
          "uid": "xxxxxxxxxxxxxxxxxxxxxxxx",
          "name": "xxxxxx",
          "communityId": "xxxxxxxxxxxxxxxxxxxxxxxx",
          "authModuleId": "xxxxxxxxxxxxxxxxxxxxxxxx",
          "enabled": true,
          "authorized": true,
          "connected": true,
          "version": "xxxxx",
          "connectedAt": "xxxx-xx-xxTxx:xx:xx.xxxx",
          "lastPingAt": "xxxx-xx-xxTxx:xx:xx.xxxx",
          "lastDisconnectedAt": "xxxx-xx-xxTxx:xx:xx.xxxx",
          "lastNotificationSentAt": "xxxx-xx-xxTxx:xx:xx.xxxx",
          "ip": "xxxxx",
          "port": "xxxxx"
        }
      },
      "BrokerConnectionUpdateRequest": {
        "type": "object",
        "properties": {
          "uid": {
            "type": "string"
          },
          "name": {
            "type": "string"
          }
        },
        "example": {
          "uid": "xxxxxxxxxxxxxxxxxxxxxxxx",
          "name": "xxxxxx"
        }
      },
      "BrokerConnectionUpdateResponse": {
        "type": "object",
        "properties": {
          "_id": {
            "type": "string"
          },
          "uid": {
            "type": "string"
          },
          "name": {
            "type": "string"
          },
          "communityId": {
            "type": "string"
          },
          "authModuleId": {
            "type": "string"
          },
          "enabled": {
            "type": "boolean"
          },
          "authorized": {
            "type": "boolean"
          },
          "connected": {
            "type": "boolean"
          },
          "version": {
            "type": "string"
          },
          "connectedAt": {
            "type": "datetime"
          },
          "lastPingAt": {
            "type": "datetime"
          },
          "lastDisconnectedAt": {
            "type": "datetime"
          },
          "lastNotificationSentAt": {
            "type": "datetime"
          },
          "ip": {
            "type": "string"
          },
          "port": {
            "type": "string"
          }
        },
        "example": {
          "_id": "xxxxxxxxxxxxxxxxxxxxxxxx",
          "uid": "xxxxxxxxxxxxxxxxxxxxxxxx",
          "name": "xxxxxx",
          "communityId": "xxxxxxxxxxxxxxxxxxxxxxxx",
          "authModuleId": "xxxxxxxxxxxxxxxxxxxxxxxx",
          "enabled": true,
          "authorized": true,
          "connected": true,
          "version": "xxxxx",
          "connectedAt": "xxxx-xx-xxTxx:xx:xx.xxxx",
          "lastPingAt": "xxxx-xx-xxTxx:xx:xx.xxxx",
          "lastDisconnectedAt": "xxxx-xx-xxTxx:xx:xx.xxxx",
          "lastNotificationSentAt": "xxxx-xx-xxTxx:xx:xx.xxxx",
          "ip": "xxxxx",
          "port": "xxxx"
        }
      },
      "GetServiceComponentsResponse": {
        "type": "object",
        "properties": {
          "name1": {
            "type": "string"
          },
          "name2": {
            "type": "string"
          },
          "name3": {
            "type": "string"
          }
        },
        "example": {
          "name1": "https://xxx.xxxxxx.xxx/xxxxx",
          "name2": "https://xxx.xxxxxx.xxx/xxxxx",
          "name3": "https://xxx.xxxxxx.xxx/xxxxx"
        }
      },
      "CountUsersRequest": {
        "type": "object",
        "properties": {
          "authModule": {
            "type": "string"
          },
          "query": {
            "type": "object"
          }
        },
        "example": {
          "authModule": "xxxxxxxxxxxxxxxxxxxxxxxx",
          "query": {}
        }
      },
      "CountUsersResponse": {
        "type": "object",
        "properties": {
          "id": {
            "type": "string"
          },
          "type": {
            "type": "string"
          },
          "count": {
            "type": "string"
          }
        },
        "example": {
          "id": "xxxxx",
          "type": "xxxxxxxx",
          "count": "XX"
        }
      },
      "LockUserAccountRequest": {
        "type": "object",
        "properties": {
          "userId": {
            "type": "string"
          },
          "message": {
            "type": "string"
          },
          "initiatedby": {
            "type": "string"
          },
          "expiryInMunites": {
            "type": "string"
          }
        },
        "example": {
          "userId": "xxxxxx",
          "message": "Admin Action",
          "initiatedby": "xxxxxxxx",
          "expiryInMunites": 30
        }
      },
      "UnlockUserAccountRequest": {
        "type": "object",
        "properties": {
          "userId": {
            "type": "string"
          },
          "message": {
            "type": "string"
          },
          "initiatedby": {
            "type": "string"
          }
        },
        "example": {
          "userId": "xxxxxx",
          "message": "Admin Action",
          "initiatedby": "xxxxxxxx"
        }
      },
      "LockUnlockUserAccountResponse": {
        "type": "object",
        "properties": {
          "message": {
            "type": "string"
          }
        },
        "example": {
          "message": "xxxxxxxxxxx"
        }
      },
      "GetUserStatusRequestv2": {
        "type": "object",
        "properties": {
          "userId": {
            "type": "string"
          }
        },
        "example": {
          "userId": "xxxxxx"
        }
      },
      "GetUserStatusResponseV2": {
        "type": "object",
        "properties": {
          "_id": {
            "type": "string"
          },
          "tenantId": {
            "type": "string"
          },
          "communityId": {
            "type": "string"
          },
          "userId": {
            "type": "string"
          },
          "message": {
            "type": "string"
          },
          "lockedBy": {
            "type": "string"
          },
          "lockedAt": {
            "type": "date"
          },
          "expiresDate": {
            "type": "date"
          },
          "locked": {
            "type": "boolean"
          },
          "updatedAt": {
            "type": "date"
          }
        },
        "example": {
          "_id": "xxxxxxxxx",
          "tenantId": "xxxxxxxx",
          "communityId": "xxxxxxxxx",
          "userId": "xxxxxx",
          "message": "Admin Action",
          "lockedBy": "xxxxxxxx",
          "locked": "true,",
          "lockedAt": "xxxxxxxxxxx",
          "expiresDate": "xxxxxxxxxxx",
          "updatedAt": "xxxxxxxxxxx"
        }
      },
      "LockUnlockUserRequest": {
        "type": "object",
        "properties": {
          "username": {
            "type": "string"
          },
          "reason": {
            "type": "object",
            "properties": {
              "reasonCode": "number",
              "message": "string"
            }
          },
          "initiatedby": {
            "type": "string"
          }
        },
        "example": {
          "username": "xxxxxx",
          "reason": {
            "reasonCode": 0,
            "message": "Admin Action"
          },
          "initiatedby": "xxxxxxxx"
        }
      },
      "GetUserStatusRequest": {
        "type": "object",
        "properties": {
          "username": {
            "type": "string"
          }
        },
        "example": {
          "username": "xxxxxx"
        }
      },
      "GetUserStatusResponseV1": {
        "type": "object",
        "properties": {
          "reasons": {
            "type": "array",
            "items": {
              "type": "object",
              "properties": {
                "reasonCode": "number",
                "message": "string"
              }
            }
          }
        }
      },
      "UpdateUserPropertiesRequest": {
        "type": "object",
        "properties": {
          "data": {
            "type": "object",
            "properties": {
              "user": {
                "type": "object",
                "properties": {
                  "uid": {
                    "type": "string"
                  },
                  "username": {
                    "type": "string"
                  },
                  "authModuleId": {
                    "type": "string"
                  }
                }
              },
              "mobiles": {
                "type": "array",
                "items": {
                  "type": "string"
                }
              },
              "landlines": {
                "type": "array",
                "items": {
                  "type": "string"
                }
              },
              "aliases": {
                "type": "object",
                "properties": {
                  "alias1": {
                    "type": "string"
                  },
                  "alias2": {
                    "type": "string"
                  },
                  "alias3": {
                    "type": "string"
                  },
                  "alias4": {
                    "type": "string"
                  },
                  "alias5": {
                    "type": "string"
                  },
                  "alias6": {
                    "type": "string"
                  },
                  "alias7": {
                    "type": "string"
                  },
                  "alias8": {
                    "type": "string"
                  }
                }
              }
            }
          }
        },
        "example": {
          "data": {
            "user": {
              "username": "",
              "uid": "",
              "authModuleId": ""
            },
            "mobiles": [],
            "landlines": [],
            "aliases": {
              "alias1": "string",
              "alias2": null,
              "alias3": "string",
              "alias4": "string",
              "alias5": null,
              "alias6": null,
              "alias7": null,
              "alias8": null
            }
          }
        }
      },
      "UpdateUserPropertiesResponse": {
        "type": "object",
        "properties": {
          "_id": {
            "type": "string"
          },
          "tenantId": {
            "type": "string"
          },
          "communityId": {
            "type": "string"
          },
          "user": {
            "type": "object",
            "properties": {
              "uid": {
                "type": "string"
              },
              "username": {
                "type": "string"
              },
              "authModuleId": {
                "type": "string"
              }
            }
          },
          "mobiles": {
            "type": "array",
            "items": {
              "type": "string"
            }
          },
          "landlines": {
            "type": "array",
            "items": {
              "type": "string"
            }
          },
          "aliases": {
            "type": "object",
            "properties": {
              "alias1": {
                "type": "string"
              },
              "alias2": {
                "type": null
              },
              "alias3": {
                "type": "string"
              },
              "alias4": {
                "type": "string"
              },
              "alias5": {
                "type": null
              },
              "alias6": {
                "type": null
              },
              "alias7": {
                "type": null
              },
              "alias8": {
                "type": null
              }
            }
          }
        },
        "example": {
          "_id": "",
          "tenantId": "",
          "communityId": "",
          "user": {
            "uid": "",
            "username": "",
            "authModuleId": ""
          },
          "mobiles": [],
          "landlines": [],
          "aliases": {
            "alias1": "string",
            "alias2": null,
            "alias3": "string",
            "alias4": "string",
            "alias5": null,
            "alias6": null,
            "alias7": null,
            "alias8": null
          }
        }
      },
      "InternalCallRequest": {
        "type": "object",
        "properties": {
          "communityId": {
            "type": "string"
          },
          "authModule": {
            "type": "object"
          },
          "dataPayload": {
            "type": "object"
          }
        }
      },
      "InternalCallResponse": {
        "type": "array",
        "items": {
          "type": "object",
          "properties": {
            "metadata": {
              "type": "object"
            },
            "operationstatus": {
              "type": "object"
            },
            "totalRecords": {
              "type": "string"
            }
          }
        },
        "example": [
          {
            "metadata": {},
            "operationstatus": {},
            "totalRecords": null
          },
          {
            "cn": "string",
            "samaccountname": "string",
            "sn": "string"
          }
        ]
      },
      "UserFactorUpdateRequest": {
        "type": "object",
        "properties": {
          "userId": {
            "type": "string"
          },
          "factor": {
            "type": "string"
          },
          "authModuleId": {
            "type": "string"
          },
          "eventData": {
            "type": "object"
          }
        },
        "example": {
          "userId": "xxxxxxxxxx",
          "factor": "xxxxxx",
          "authModuleId": "xxxxxxx",
          "eventData": {}
        }
      }
    },
    "securitySchemes": {
      "keyId": {
        "type": "apiKey",
        "name": "keyId",
        "in": "header",
        "description": "ECDSA Public Key"
      },
      "keySecret": {
        "type": "apiKey",
        "name": "keySecret",
        "in": "header",
        "description": "ECDSA Private Key"
      },
      "license": {
        "type": "apiKey",
        "name": "license",
        "in": "header",
        "description": "License key from License Microservice"
      }
    }
  },
  "tags": [
    {
      "name": "Service Key"
    },
    {
      "name": "Public Key"
    },
    {
      "name": "Passkey Management"
    },
    {
      "name": "JWT"
    },
    {
      "name": "Healthz"
    },
    {
      "name": "Environment"
    },
    {
      "name": "ECDSA Helper"
    }
  ],
  "servers": [
    {
      "url": "https://pilot-root.1kosmos.net/users-mgmt/"
    }
  ]
}