openapi: 3.0.1
info:
title: Beyond Identity API
version: 1.1.0
description: |
# Introduction
The Beyond Identity API defines methods for managing realms, directories,
credentials, and applications.
All of the functionality available in the Beyond Identity Admin Console is
also available through the API.
This API is currently in the early-access stage and is under active
development. Feedback and suggestions are encouraged and should be directed
to the [Beyond Identity Developer Slack Channel](https://join.slack.com/t/byndid/shared_invite/zt-1anns8n83-NQX4JvW7coi9dksADxgeBQ).
# Authentication
All Beyond Identity API endpoints require authentication using an access token. The access token is generated through OAuth 2.0 using the client credentials flow. The simplest way to acquire an access token is through the Beyond Identity Secure Workforce Admin Console.
1. Go to the **Settings** tab in the side panel, select the **API Access** tab, and create a set of client credentials.
2. Next, select the created client credentials, navigate to the **Tokens** tab, and click **Create token**.
Alternatively, an access token may also be generated directly via the API by requesting a token using the client credentials created above.
```
curl https://auth-us.beyondidentity.com/v1/tenants/$TENANT_ID/realms/$REALM_ID/applications/$APPLICATION_ID/token \
-X POST \
-u "$CLIENT_ID:$CLIENT_SECRET" --basic \
-H "Content-Type: application/x-www-form-urlencoded" \
-d "grant_type=client_credentials&scope=$SCOPES"
```
This will work for any application that you have configured to provide
access to the Beyond Identity Management API Resource Server. The "Beyond
Identity Management API" application is provided by default as part of the
tenant onboarding process.
The access token must be provided in the `Authorization` header of the
API request.
```
curl https://api-us.beyondidentity.com/v1/... \
-X $HTTP_METHOD -H "Authorization: Bearer $TOKEN"
```
## Requests and Responses
To interact with the Beyond Identity API, all requests should be made over
HTTPS.
The Beyond Identity API is generally structured as a resource-oriented API.
Resources are represented as JSON objects and are used as both inputs to
and outputs from API methods.
Resource fields may be described as read-only and immutable. A read-only
field is only provided on the response. An immutable field is only assigned
once and may not be changed after. For example, system-generated IDs are
described as both read-only and immutable.
To create a new resource, requests should use the `POST` method. Create
requests include all of the necessary attributes to create a new resource.
Create operations return the created resource in the response.
To retrieve a single resource or a collection of resources, requests should
use the `GET` method. When retrieving a collection of resources, the
response will include an array of JSON objects keyed on the plural name of
the requested resource.
To update an resource, requests should use the `PATCH` method. Update
operations support partial updating so requests may specify only the
attributes which should be updated. Update operations return the updated
resource in the response.
To delete a resource, requests should use the `DELETE` method. Note that
delete operations return an empty response instead of returning the
resource in the response.
### Example Response for a Realm
```
{
"id": "a448fe493e02fa9f",
"tenant_id": "000168dc50bdce49",
"display_name": "Test Realm",
"create_time": "2022-06-22T21:46:08.930278Z",
"update_time": "2022-06-22T21:46:08.930278Z"
}
```
### Example Response for a Collection of Realms
```
{
"realms": [
{
"id": "a448fe493e02fa9f",
"tenant_id": "000168dc50bdce49",
"display_name": "Test Realm",
"create_time": "2022-06-22T21:46:08.930278Z",
"update_time": "2022-06-22T21:46:08.930278Z"
}
],
"total_size": 1
}
```
## HTTP Statuses
The API returns standard HTTP statuses and error codes.
Statuses in the 200 range indicate that the request was successfully
fulfilled and there were no errors.
Statuses in the 400 range indicate that there was an issue with the request
that may be addressed by the client. For example, client errors may
indicate that the request was missing proper authorization or that the
request was malformed.
Statuses in the 500 range indicate that the server encountered an internal
issue and was unable to fulfill the request.
All error responses include a JSON object with a `code` field and a
`message` field. `code` contains a human-readable name for the HTTP status
code and `message` contains a high-level description of the error. The
error object may also contain additional error details which may be used by
the client to determine the exact cause of the error. Refer to each API
method's examples to determine the specific error detail types supported
for that method.
### Invalid Access Token Example
If the provided access token is invalid, you will receive a 401 error.
This error indicates that the token is not recognized and was not generated
by Beyond Identity.
```
HTTP/1.1 401 Unauthorized
{
"code": "unauthorized",
"message": "unauthorized"
}
```
### Permission Denied Example
If the provided access token does not have access to the requested resource,
you will receive a 403 error. Access tokens are scoped at a minimum to your
tenant. Any request for resources outside of your tenant will result in this
error.
```
HTTP/1.1 403 Forbidden
{
"code": "forbidden",
"message": "forbidden"
}
```
### Missing Resource Example
If the requested resource does not exist, you will receive a 404 error. The
specific API method may return additional details about the missing
resource.
```
HTTP/1.1 404 Not Found
{
"code": "not_found",
"message": "group not found"
"details": [
{
"type": "ResourceInfo",
"resource_type": "Group",
"id": "4822738be6b7f658",
"description": "group not found"
}
],
}
```
### Invalid Parameters Example
If the request body contains invalid parameters, you will receive a 400
error. The specific API method may return additional details about the
invalid parameter.
```
HTTP/1.1 400 Bad Request
{
"code": "bad_request",
"message": "invalid parameters"
"details": [
{
"type": "FieldViolations"
"field_violations": [
{
"description": "missing",
"field": "group.display_name"
}
],
}
],
}
```
servers:
- url: 'https://api-us.beyondidentity.com'
tags:
- name: Tenants
description: |
A tenant represents an organization in the Beyond Identity Cloud. Tenants contain all data necessary for that organization to operate.
- name: Realms
description: |
A realm is a unique administrative domain within a tenant. Realms may be used to define multiple development environments or for isolated administrative domains.
- name: Groups
description: |
A group is a logical collection of identities. Groups are commonly used as a predicate in a policy rule.
- name: Identities
description: |
An identity is a unique identifier that may be used by an end-user to gain access governed by Beyond Identity.
- name: Credentials
description: |
A credential is also known as a passkey. This is the public-private key pair that belongs to an identity.
- name: Credential Binding Jobs
description: |
A credential binding job defines the state of binding a new credential to an identity. The state includes creation of the credential binding job to delivery of the credential binding method to completion of the credential binding.
- name: Themes
description: |
A theme is a collection of configurable assets that unifies the end user login experience with your brand and products. It is primarily used to change the styling of the credential binding email.
- name: Applications
description: |
An application represents a client application that uses Beyond Identity for authentication. This could be a native app, a single-page application, regular web application, or machine-to-machine application credentials.
- name: Authenticator Configurations
description: |
A authenticator configuration prescribes how an end user may authenticate themselves to Beyond Identity. Beyond Identity provides a Hosted Web Authenticator which will work out-of-the-box, as well as SDKs that can be embedded into an end user application.
- name: Resource Servers
description: |
A resource server represents an API server that hosts a set of protected resources and is capable of accepting and responding to protected resource requests using access tokens. Clients can enable these APIs to be consumed from authorized applications.
paths:
'/v1/tenants/{tenant_id}':
get:
tags:
- Tenants
operationId: GetTenant
summary: Retrieve an Existing Tenant
description: |
To retrieve an existing tenant, send a GET request to `/v1/tenants/$TENANT_ID`.
security:
- BearerAuth:
- 'tenants:read'
parameters:
- $ref: '#/components/parameters/tenant_id'
responses:
'200':
description: |
The response will be a JSON object containing the standard attributes associated with a tenant.
content:
application/json:
schema:
$ref: '#/components/schemas/Tenant'
examples:
Success:
value:
id: 000176d94fd7b4d1
display_name: Test Tenant
create_time: 2022-01-28T12:00:02.423Z
update_time: 2022-04-19T15:17:21.186Z
'401':
description: Unauthorized.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Missing Authorization:
value:
code: unauthorized
message: unauthorized
'403':
description: Forbidden.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Insufficient Authorization:
value:
code: forbidden
message: forbidden
'500':
description: Server error.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Internal Error:
value:
code: internal_server_error
message: internal server error
patch:
tags:
- Tenants
operationId: UpdateTenant
summary: Patch a Tenant
description: |
To update only specific attributes of an existing tenant, send a PATCH request to `/v1/tenants/$TENANT_ID`. Values in the request body for immutable or read-only fields will be ignored. Fields that are omitted from the request body will be left unchanged.
security:
- BearerAuth:
- 'tenants:update'
parameters:
- $ref: '#/components/parameters/tenant_id'
requestBody:
description: Updates to the specified tenant.
content:
application/json:
schema:
title: Update Tenant Request
description: Request for UpdateTenant.
type: object
properties:
tenant:
$ref: '#/components/schemas/Tenant'
required:
- tenant
examples:
Update Display Name:
value:
tenant:
display_name: Test Tenant
responses:
'200':
description: |
The response will be a JSON object containing the standard attributes associated with a tenant.
content:
application/json:
schema:
$ref: '#/components/schemas/Tenant'
examples:
Success:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/200/content/application~1json/examples/Success'
'400':
description: Bad request.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Malformed Request:
value:
code: bad_request
message: invalid request
Invalid Parameters:
value:
code: bad_request
message: invalid parameters
details:
- type: FieldViolations
field_violations:
- field: tenant.display_name
description: empty string
'401':
description: Unauthorized.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Missing Authorization:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/401/content/application~1json/examples/Missing%20Authorization'
'403':
description: Forbidden.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Insufficient Authorization:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/403/content/application~1json/examples/Insufficient%20Authorization'
'500':
description: Server error.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Internal Error:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/500/content/application~1json/examples/Internal%20Error'
'/v1/tenants/{tenant_id}/realms':
post:
tags:
- Realms
operationId: CreateRealm
summary: Create a New Realm
description: |
To create a realm, send a POST request to `/v1/tenants/$TENANT_ID/realms`. Values in the request body for read-only fields will be ignored.
security:
- BearerAuth:
- 'realms:create'
parameters:
- $ref: '#/components/parameters/tenant_id'
requestBody:
content:
application/json:
schema:
title: Create Realm Request
description: Request for CreateRealm.
type: object
properties:
realm:
$ref: '#/components/schemas/Realm'
required:
- realm
responses:
'200':
description: |
The response will be a JSON object containing the standard attributes associated with a realm.
content:
application/json:
schema:
$ref: '#/components/schemas/Realm'
examples:
Success:
value:
id: 19a95130480dfa79
tenant_id: 0001f1f460b1ace6
display_name: Test Realm
create_time: 2022-05-18T18:00:01.167Z
update_time: 2022-05-19T14:23:01.327Z
'400':
description: Bad request.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Malformed Request:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/patch/responses/400/content/application~1json/examples/Malformed%20Request'
Invalid Parameters:
value:
code: bad_request
message: invalid parameters
details:
- type: FieldViolations
field_violations:
- field: realm.display_name
description: empty string
'401':
description: Unauthorized.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Missing Authorization:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/401/content/application~1json/examples/Missing%20Authorization'
'403':
description: Forbidden.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Insufficient Authorization:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/403/content/application~1json/examples/Insufficient%20Authorization'
'500':
description: Server error.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Internal Error:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/500/content/application~1json/examples/Internal%20Error'
get:
tags:
- Realms
operationId: ListRealms
summary: List All Realms for a Tenant
description: |
To list all realms for a tenant, send a GET request to
`/v1/tenants/$TENANT_ID/realms`.
The response will contain at most 200 items and may contain a page token to
query the remaining items. If page size is not specified, the response will
contain 20 items. There is no defined ordering of the list of realms in the
response. Note that the maximum and default page sizes are subject to
change.
When paginating, the page size is maintained by the page token but may be
overridden on subsequent requests. The skip is not maintained by the page
token and must be specified on each subsequent request.
Page tokens expire after one week. Requests which specify an expired page
token will result in undefined behavior.
security:
- BearerAuth:
- 'realms:read'
parameters:
- $ref: '#/components/parameters/tenant_id'
- $ref: '#/components/parameters/page_size'
- $ref: '#/components/parameters/page_token'
- $ref: '#/components/parameters/skip'
responses:
'200':
description: |
The response will be a JSON object with a key called `realms` and `total_size`. `realms` will be set to an array of realm objects, each of which contain the standard realm attributes. `total_size` will be set to the total number of items matched by the list request. If there are more items to be returned by the requested query, the response will also contain a key called `next_page_token`.
content:
application/json:
schema:
$ref: '#/components/schemas/ListRealmsResponse'
examples:
Success:
value:
realms:
- id: 19a95130480dfa79
tenant_id: 0001f1f460b1ace6
display_name: Test Realm
create_time: 2022-05-18T18:00:01.167Z
update_time: 2022-05-19T14:23:01.327Z
total_size: 1
'400':
description: Bad request.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Invalid Parameters:
value:
code: bad_request
message: invalid parameters
details:
- type: FieldViolations
field_violations:
- field: page_token
description: invalid page token
'401':
description: Unauthorized.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Missing Authorization:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/401/content/application~1json/examples/Missing%20Authorization'
'403':
description: Forbidden.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Insufficient Authorization:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/403/content/application~1json/examples/Insufficient%20Authorization'
'500':
description: Server error.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Internal Error:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/500/content/application~1json/examples/Internal%20Error'
'/v1/tenants/{tenant_id}/realms/{realm_id}':
get:
tags:
- Realms
operationId: GetRealm
summary: Retrieve an Existing Realm
description: |
To retrieve an existing realm, send a GET request to `/v1/tenants/$TENANT_ID/realms/$REALM_ID`.
security:
- BearerAuth:
- 'realms:read'
parameters:
- $ref: '#/components/parameters/tenant_id'
- $ref: '#/components/parameters/realm_id'
responses:
'200':
description: |
The response will be a JSON object containing the standard attributes associated with a realm.
content:
application/json:
schema:
$ref: '#/components/schemas/Realm'
examples:
Success:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms/post/responses/200/content/application~1json/examples/Success'
'401':
description: Unauthorized.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Missing Authorization:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/401/content/application~1json/examples/Missing%20Authorization'
'403':
description: Forbidden.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Insufficient Authorization:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/403/content/application~1json/examples/Insufficient%20Authorization'
'404':
description: The resource was not found.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Realm Not Found:
value:
code: not_found
message: realm not found
details:
- type: ResourceInfo
resource_type: Realm
id: 19a95130480dfa79
description: realm not found
'500':
description: Server error.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Internal Error:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/500/content/application~1json/examples/Internal%20Error'
patch:
tags:
- Realms
operationId: UpdateRealm
summary: Patch a Realm
description: |
To update only specific attributes of an existing realm, send a PATCH request to `/v1/tenants/$TENANT_ID/realms/$REALM_ID`. Values in the request body for immutable or read-only fields will be ignored. Fields that are omitted from the request body will be left unchanged.
security:
- BearerAuth:
- 'realms:update'
parameters:
- $ref: '#/components/parameters/tenant_id'
- $ref: '#/components/parameters/realm_id'
requestBody:
content:
application/json:
schema:
title: Update Realm Request
description: Request for UpdateRealm.
type: object
properties:
realm:
$ref: '#/components/schemas/Realm'
required:
- realm
examples:
Update Display Name:
value:
realm:
display_name: Test Realm
responses:
'200':
description: |
The response will be a JSON object containing the standard attributes associated with a realm.
content:
application/json:
schema:
$ref: '#/components/schemas/Realm'
examples:
Success:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms/post/responses/200/content/application~1json/examples/Success'
'400':
description: Bad request.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Malformed Request:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/patch/responses/400/content/application~1json/examples/Malformed%20Request'
Invalid Parameters:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms/post/responses/400/content/application~1json/examples/Invalid%20Parameters'
'401':
description: Unauthorized.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Missing Authorization:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/401/content/application~1json/examples/Missing%20Authorization'
'403':
description: Forbidden.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Insufficient Authorization:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/403/content/application~1json/examples/Insufficient%20Authorization'
'404':
description: The resource was not found.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Realm Not Found:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D/get/responses/404/content/application~1json/examples/Realm%20Not%20Found'
'500':
description: Server error.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Internal Error:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/500/content/application~1json/examples/Internal%20Error'
delete:
tags:
- Realms
operationId: DeleteRealm
summary: Delete a Realm
description: |
To delete a realm, send a DELETE request to `/v1/tenants/$TENANT_ID/realms/$REALM_ID`. To be deleted, a realm must not have any identities or groups. All associated resources must first be deleted or you will receive a 409 error.
A successful request will receive a 200 status code with no body in the response. This indicates that the request was processed successfully.
security:
- BearerAuth:
- 'realms:delete'
parameters:
- $ref: '#/components/parameters/tenant_id'
- $ref: '#/components/parameters/realm_id'
responses:
'200':
description: The action was successful and the response body is empty.
'401':
description: Unauthorized.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Missing Authorization:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/401/content/application~1json/examples/Missing%20Authorization'
'403':
description: Forbidden.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Insufficient Authorization:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/403/content/application~1json/examples/Insufficient%20Authorization'
'404':
description: The resource was not found.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Realm Not Found:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D/get/responses/404/content/application~1json/examples/Realm%20Not%20Found'
'409':
description: Conflict.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Realm Has Resources:
value:
code: conflict
message: realm has children
'500':
description: Server error.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Internal Error:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/500/content/application~1json/examples/Internal%20Error'
'/v1/tenants/{tenant_id}/realms/{realm_id}/groups':
post:
tags:
- Groups
operationId: CreateGroup
summary: Create a New Group
description: |
To create a group, send a POST request to `/v1/tenants/$TENANT_ID/realms/$REALM_ID/groups`. Values in the request body for read-only fields will be ignored.
security:
- BearerAuth:
- 'groups:create'
parameters:
- $ref: '#/components/parameters/tenant_id'
- $ref: '#/components/parameters/realm_id'
requestBody:
content:
application/json:
schema:
title: Create Group Request
description: Request for CreateGroup.
type: object
properties:
group:
$ref: '#/components/schemas/Group'
required:
- group
examples:
Create Group:
value:
group:
display_name: Realm Administrators
description: A group of realm administrators.
responses:
'200':
description: |
The response will be a JSON object containing the standard attributes associated with a group.
content:
application/json:
schema:
$ref: '#/components/schemas/Group'
examples:
Success:
value:
id: 81490afab171aef0
realm_id: 7df92e4a38ba0993
tenant_id: 0001b42d80372976
display_name: Realm Administrators
description: A group of realm administrators.
create_time: 2022-03-14T03:42:52.905Z
update_time: 2022-06-14T05:55:23.823Z
'400':
description: Bad request.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Malformed Request:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/patch/responses/400/content/application~1json/examples/Malformed%20Request'
Invalid Parameters:
value:
code: bad_request
message: invalid parameters
details:
- type: FieldViolations
field_violations:
- field: group.description
description: empty string
'401':
description: Unauthorized.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Missing Authorization:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/401/content/application~1json/examples/Missing%20Authorization'
'403':
description: Forbidden.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Insufficient Authorization:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/403/content/application~1json/examples/Insufficient%20Authorization'
'404':
description: The resource was not found.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Realm Not Found:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D/get/responses/404/content/application~1json/examples/Realm%20Not%20Found'
'500':
description: Server error.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Internal Error:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/500/content/application~1json/examples/Internal%20Error'
get:
tags:
- Groups
operationId: ListGroups
summary: List All Groups for a Realm
description: |
To list all groups for a realm, send a GET request to
`/v1/tenants/$TENANT_ID/realms/$REALM_ID/groups`.
The response will contain at most 200 items and may contain a page token to
query the remaining items. If page size is not specified, the response will contain 20 items.
There is no defined ordering of the list of groups in the response. Note that the maximum and default page sizes are subject to change.
When paginating, the page size is maintained by the page token but may be
overridden on subsequent requests. The skip is not maintained by the page
token and must be specified on each subsequent request.
Page tokens expire after one week. Requests which specify an expired page
token will result in undefined behavior.
security:
- BearerAuth:
- 'groups:read'
parameters:
- $ref: '#/components/parameters/tenant_id'
- $ref: '#/components/parameters/realm_id'
- $ref: '#/components/parameters/page_size'
- $ref: '#/components/parameters/page_token'
- $ref: '#/components/parameters/skip'
responses:
'200':
description: |
The response will be a JSON object with a key called `groups` and `total_size`. `groups` will be set to an array of group objects, each of which contain the standard group attributes. `total_size` will be set to the total number of items matched by the list request. If there are more items to be returned by the requested query, the response will also contain a key called `next_page_token`.
content:
application/json:
schema:
$ref: '#/components/schemas/ListGroupsResponse'
examples:
Success:
value:
groups:
- id: 81490afab171aef0
realm_id: 7df92e4a38ba0993
tenant_id: 0001b42d80372976
display_name: Realm Administrators
description: A group of realm administrators.
create_time: 2022-03-14T03:42:52.905Z
update_time: 2022-06-14T05:55:23.823Z
total_size: 1
'400':
description: Bad request.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Invalid Parameters:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms/get/responses/400/content/application~1json/examples/Invalid%20Parameters'
'401':
description: Unauthorized.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Missing Authorization:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/401/content/application~1json/examples/Missing%20Authorization'
'403':
description: Forbidden.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Insufficient Authorization:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/403/content/application~1json/examples/Insufficient%20Authorization'
'404':
description: The resource was not found.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Realm Not Found:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D/get/responses/404/content/application~1json/examples/Realm%20Not%20Found'
'500':
description: Server error.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Internal Error:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/500/content/application~1json/examples/Internal%20Error'
'/v1/tenants/{tenant_id}/realms/{realm_id}/groups/{group_id}':
get:
tags:
- Groups
operationId: GetGroup
summary: Retrieve an Existing Group
description: |
To retrieve an existing group, send a GET request to `/v1/tenants/$TENANT_ID/realms/$REALM_ID/groups/$GROUP_ID`.
security:
- BearerAuth:
- 'groups:read'
parameters:
- $ref: '#/components/parameters/tenant_id'
- $ref: '#/components/parameters/realm_id'
- $ref: '#/components/parameters/group_id'
responses:
'200':
description: |
The response will be a JSON object containing the standard attributes associated with a group.
content:
application/json:
schema:
$ref: '#/components/schemas/Group'
examples:
Success:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1groups/post/responses/200/content/application~1json/examples/Success'
'401':
description: Unauthorized.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Missing Authorization:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/401/content/application~1json/examples/Missing%20Authorization'
'403':
description: Forbidden.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Insufficient Authorization:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/403/content/application~1json/examples/Insufficient%20Authorization'
'404':
description: The resource was not found.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Group Not Found:
value:
code: not_found
message: group not found
details:
- type: ResourceInfo
resource_type: Group
id: 4822738be6b7f658
description: group not found
'500':
description: Server error.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Internal Error:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/500/content/application~1json/examples/Internal%20Error'
patch:
tags:
- Groups
operationId: UpdateGroup
summary: Patch a Group
description: |
To update only specific attributes of an existing group, send a PATCH request to `/v1/tenants/$TENANT_ID/realms/$REALM_ID/groups/$GROUP_ID`. Values in the request body for immutable or read-only fields will be ignored. Fields that are omitted from the request body will be left unchanged.
security:
- BearerAuth:
- 'groups:update'
parameters:
- $ref: '#/components/parameters/tenant_id'
- $ref: '#/components/parameters/realm_id'
- $ref: '#/components/parameters/group_id'
requestBody:
content:
application/json:
schema:
title: Update Group Request
description: Request for UpdateGroup.
type: object
properties:
group:
$ref: '#/components/schemas/Group'
required:
- group
examples:
Update Display Name:
value:
group:
display_name: Realm Administrators
responses:
'200':
description: |
The response will be a JSON object containing the standard attributes associated with a group.
content:
application/json:
schema:
$ref: '#/components/schemas/Group'
examples:
Success:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1groups/post/responses/200/content/application~1json/examples/Success'
'400':
description: Bad request.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Malformed Request:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/patch/responses/400/content/application~1json/examples/Malformed%20Request'
Invalid Parameters:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1groups/post/responses/400/content/application~1json/examples/Invalid%20Parameters'
'401':
description: Unauthorized.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Missing Authorization:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/401/content/application~1json/examples/Missing%20Authorization'
'403':
description: Forbidden.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Insufficient Authorization:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/403/content/application~1json/examples/Insufficient%20Authorization'
'404':
description: The resource was not found.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Group Not Found:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1groups~1%7Bgroup_id%7D/get/responses/404/content/application~1json/examples/Group%20Not%20Found'
'500':
description: Server error.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Internal Error:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/500/content/application~1json/examples/Internal%20Error'
delete:
tags:
- Groups
operationId: DeleteGroup
summary: Delete a Group
description: |
To delete a group, send a DELETE request to `/v1/tenants/$TENANT_ID/realms/$REALM_ID/groups/$GROUP_ID`. To be deleted, a group must not have any members. Any existing members must first be deleted or you will receive a 409 error.
A successful request will receive a 200 status code with no body in the response. This indicates that the request was processed successfully.
security:
- BearerAuth:
- 'groups:delete'
parameters:
- $ref: '#/components/parameters/tenant_id'
- $ref: '#/components/parameters/realm_id'
- $ref: '#/components/parameters/group_id'
responses:
'200':
description: The action was successful and the response body is empty.
'401':
description: Unauthorized.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Missing Authorization:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/401/content/application~1json/examples/Missing%20Authorization'
'403':
description: Forbidden.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Insufficient Authorization:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/403/content/application~1json/examples/Insufficient%20Authorization'
'404':
description: The resource was not found.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Group Not Found:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1groups~1%7Bgroup_id%7D/get/responses/404/content/application~1json/examples/Group%20Not%20Found'
'409':
description: Conflict.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Group Has Members:
value:
code: conflict
message: group has children
'500':
description: Server error.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Internal Error:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/500/content/application~1json/examples/Internal%20Error'
'/v1/tenants/{tenant_id}/realms/{realm_id}/groups/{group_id}:listMembers':
get:
tags:
- Groups
operationId: ListGroupMembers
summary: List All Members for a Group
description: |
To list members belonging to a group, send a GET request to
`/v1/tenants/$TENANT_ID/realms/$REALM_ID/groups/$GROUP_ID:listMembers`.
The response will contain at most 200 items and may contain a page token to
query the remaining items. If page size is not specified, the response will
contain 20 items. There is no defined ordering of the list of members in the
response. Note that the maximum and default page sizes are subject to
change.
When paginating, the page size is maintained by the page token but may be
overridden on subsequent requests. The skip is not maintained by the page
token and must be specified on each subsequent request.
Page tokens expire after one week. Requests which specify an expired page
token will result in undefined behavior.
security:
- BearerAuth:
- 'groups:read'
- 'identities:read'
parameters:
- $ref: '#/components/parameters/tenant_id'
- $ref: '#/components/parameters/realm_id'
- $ref: '#/components/parameters/group_id'
- $ref: '#/components/parameters/page_size'
- $ref: '#/components/parameters/page_token'
- $ref: '#/components/parameters/skip'
responses:
'200':
description: |
The response will be a JSON object with a key called `identities` and `total_size`. `identities` will be set to an array of identity objects, each of which contain the standard identity attributes. `total_size` will be set to the total number of items matched by the list request. If there are more items to be returned by the requested query, the response will also contain a key called `next_page_token`.
content:
application/json:
schema:
$ref: '#/components/schemas/ListGroupMembersResponse'
examples:
Success:
value:
identities:
- id: e372db224c06e850
realm_id: 8f5bec58229e6f29
tenant_id: 0001f1f460b1ace6
display_name: Test Identity
create_time: 2022-04-12T05:53:07.119Z
update_time: 2022-06-16T14:31:03.770Z
traits:
type: traits_v0
username: test
primary_email_address: test@example.com
total_size: 1
'400':
description: Bad request.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Invalid Parameters:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms/get/responses/400/content/application~1json/examples/Invalid%20Parameters'
'401':
description: Unauthorized.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Missing Authorization:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/401/content/application~1json/examples/Missing%20Authorization'
'403':
description: Forbidden.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Insufficient Authorization:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/403/content/application~1json/examples/Insufficient%20Authorization'
'404':
description: The resource was not found.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Group Not Found:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1groups~1%7Bgroup_id%7D/get/responses/404/content/application~1json/examples/Group%20Not%20Found'
'500':
description: Server error.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Internal Error:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/500/content/application~1json/examples/Internal%20Error'
'/v1/tenants/{tenant_id}/realms/{realm_id}/groups/{group_id}:addMembers':
post:
tags:
- Groups
operationId: AddGroupMembers
summary: Add Members to a Group
description: |
To add members to a group, send a POST request to `/v1/tenants/$TENANT_ID/realms/$REALM_ID/groups/$GROUP_ID:addMembers`. The request must contain at least one and no more than 1000 identity IDs.
security:
- BearerAuth:
- 'groups:update'
- 'identities:read'
parameters:
- $ref: '#/components/parameters/tenant_id'
- $ref: '#/components/parameters/realm_id'
- $ref: '#/components/parameters/group_id'
requestBody:
content:
application/json:
schema:
title: Add Group Members Request
description: Request for AddGroupMembers.
type: object
properties:
identity_ids:
description: IDs of the identities to be added to the group.
type: array
items:
type: string
minItems: 1
maxItems: 1000
required:
- identity_ids
examples:
Add Members:
value:
identity_ids:
- e372db224c06e850
- 3a28d4f28b57cc93
responses:
'200':
description: |
The response will be a JSON object containing the standard attributes associated with a group.
content:
application/json:
schema:
$ref: '#/components/schemas/Group'
examples:
Success:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1groups/post/responses/200/content/application~1json/examples/Success'
'400':
description: Bad request.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Malformed Request:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/patch/responses/400/content/application~1json/examples/Malformed%20Request'
Invalid Parameters:
value:
code: bad_request
message: invalid parameters
details:
- type: FieldViolations
field_violations:
- field: identity_ids
description: array exceeds 1000 elements
'401':
description: Unauthorized.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Missing Authorization:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/401/content/application~1json/examples/Missing%20Authorization'
'403':
description: Forbidden.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Insufficient Authorization:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/403/content/application~1json/examples/Insufficient%20Authorization'
'404':
description: The resource was not found.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Group Not Found:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1groups~1%7Bgroup_id%7D/get/responses/404/content/application~1json/examples/Group%20Not%20Found'
'500':
description: Server error.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Internal Error:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/500/content/application~1json/examples/Internal%20Error'
'/v1/tenants/{tenant_id}/realms/{realm_id}/groups/{group_id}:deleteMembers':
post:
tags:
- Groups
operationId: DeleteGroupMembers
summary: Delete Members from a Group
description: |
To delete members from a group, send a POST request to `/v1/tenants/$TENANT_ID/realms/$REALM_ID/groups/$GROUP_ID:deleteMembers`. The request must contain at least one and no more than 1000 identity IDs.
security:
- BearerAuth:
- 'groups:update'
- 'identities:read'
parameters:
- $ref: '#/components/parameters/tenant_id'
- $ref: '#/components/parameters/realm_id'
- $ref: '#/components/parameters/group_id'
requestBody:
content:
application/json:
schema:
title: Delete Group Members Request
description: Request for DeleteGroupMembers.
type: object
properties:
identity_ids:
description: IDs of the identities to be removed from the group.
type: array
items:
type: string
minItems: 1
maxItems: 1000
required:
- identity_ids
examples:
Delete Members:
value:
identity_ids:
- e372db224c06e850
- 3a28d4f28b57cc93
responses:
'200':
description: |
The response will be a JSON object containing the standard attributes associated with a group.
content:
application/json:
schema:
$ref: '#/components/schemas/Group'
examples:
Success:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1groups/post/responses/200/content/application~1json/examples/Success'
'400':
description: Bad request.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Malformed Request:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/patch/responses/400/content/application~1json/examples/Malformed%20Request'
Invalid Parameters:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1groups~1%7Bgroup_id%7D%3AaddMembers/post/responses/400/content/application~1json/examples/Invalid%20Parameters'
'401':
description: Unauthorized.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Missing Authorization:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/401/content/application~1json/examples/Missing%20Authorization'
'403':
description: Forbidden.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Insufficient Authorization:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/403/content/application~1json/examples/Insufficient%20Authorization'
'404':
description: The resource was not found.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Group Not Found:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1groups~1%7Bgroup_id%7D/get/responses/404/content/application~1json/examples/Group%20Not%20Found'
'500':
description: Server error.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Internal Error:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/500/content/application~1json/examples/Internal%20Error'
'/v1/tenants/{tenant_id}/realms/{realm_id}/identities':
post:
tags:
- Identities
operationId: CreateIdentity
summary: Create a New Identity
description: |
To create an identity, send a POST request to `/v1/tenants/$TENANT_ID/realms/$REALM_ID/identities`. Values in the request body for read-only fields will be ignored.
If the request conflicts with an existing resource, you will receive a 409 error.
security:
- BearerAuth:
- 'identities:create'
parameters:
- $ref: '#/components/parameters/tenant_id'
- $ref: '#/components/parameters/realm_id'
requestBody:
content:
application/json:
schema:
title: Create Identity Request
description: Request for CreateIdentity.
type: object
properties:
identity:
$ref: '#/components/schemas/Identity'
required:
- identity
examples:
Create Identity:
value:
identity:
display_name: Test Identity
traits:
type: traits_v0
username: test
primary_email_address: test@example.com
responses:
'200':
description: |
The response will be a JSON object containing the standard attributes associated with an identity.
content:
application/json:
schema:
$ref: '#/components/schemas/Identity'
examples:
Success:
value:
id: e372db224c06e850
realm_id: 8f5bec58229e6f29
tenant_id: 0001f1f460b1ace6
display_name: Test Identity
create_time: 2022-04-12T05:53:07.119Z
update_time: 2022-06-16T14:31:03.770Z
traits:
type: traits_v0
username: test
primary_email_address: test@example.com
'400':
description: Bad request.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Malformed Request:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/patch/responses/400/content/application~1json/examples/Malformed%20Request'
Invalid Parameters:
value:
code: bad_request
message: invalid parameters
details:
- type: FieldViolations
field_violations:
- field: identity.display_name
description: empty string
'401':
description: Unauthorized.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Missing Authorization:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/401/content/application~1json/examples/Missing%20Authorization'
'403':
description: Forbidden.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Insufficient Authorization:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/403/content/application~1json/examples/Insufficient%20Authorization'
'404':
description: The resource was not found.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Realm Not Found:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D/get/responses/404/content/application~1json/examples/Realm%20Not%20Found'
'409':
description: Conflict.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Username Already Exists:
value:
code: conflict
message: username already exists
'500':
description: Server error.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Internal Error:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/500/content/application~1json/examples/Internal%20Error'
get:
tags:
- Identities
operationId: ListIdentities
summary: List All Identities for a Realm
description: |
To list all identities for a realm, send a GET request to
`/v1/tenants/$TENANT_ID/realms/$REALM_ID/identities`.
The response will contain at most 200 items and may contain a page token to
query the remaining items. If page size is not specified, the response will
contain 20 items. There is no defined ordering of the list of identities in
the response. Note that the maximum and default page sizes are subject to
change.
When paginating, the page size is maintained by the page token but may be
overridden on subsequent requests. The skip is not maintained by the page
token and must be specified on each subsequent request.
Page tokens expire after one week. Requests which specify an expired page
token will result in undefined behavior.
security:
- BearerAuth:
- 'identities:read'
parameters:
- $ref: '#/components/parameters/tenant_id'
- $ref: '#/components/parameters/realm_id'
- $ref: '#/components/parameters/page_size'
- $ref: '#/components/parameters/page_token'
- $ref: '#/components/parameters/skip'
responses:
'200':
description: |
The response will be a JSON object with a key called `identities` and `total_size`. `identities` will be set to an array of identity objects, each of which contain the standard identity attributes. `total_size` will be set to the total number of items matched by the list request. If there are more items to be returned by the requested query, the response will also contain a key called `next_page_token`.
content:
application/json:
schema:
$ref: '#/components/schemas/ListIdentitiesResponse'
examples:
Success:
value:
identities:
- id: e372db224c06e850
realm_id: 8f5bec58229e6f29
tenant_id: 0001f1f460b1ace6
display_name: Test Identity
create_time: 2022-04-12T05:53:07.119Z
update_time: 2022-06-16T14:31:03.770Z
traits:
type: traits_v0
username: test
primary_email_address: test@example.com
total_size: 1
'400':
description: Bad request.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Invalid Parameters:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms/get/responses/400/content/application~1json/examples/Invalid%20Parameters'
'401':
description: Unauthorized.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Missing Authorization:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/401/content/application~1json/examples/Missing%20Authorization'
'403':
description: Forbidden.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Insufficient Authorization:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/403/content/application~1json/examples/Insufficient%20Authorization'
'404':
description: The resource was not found.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Realm Not Found:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D/get/responses/404/content/application~1json/examples/Realm%20Not%20Found'
'500':
description: Server error.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Internal Error:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/500/content/application~1json/examples/Internal%20Error'
'/v1/tenants/{tenant_id}/realms/{realm_id}/identities/{identity_id}':
get:
tags:
- Identities
operationId: GetIdentity
summary: Retrieve an Existing Identity
description: |
To retrieve an existing identity, send a GET request to `/v1/tenants/$TENANT_ID/realms/$REALM_ID/identities/$IDENTITY_ID`.
security:
- BearerAuth:
- 'identities:read'
parameters:
- $ref: '#/components/parameters/tenant_id'
- $ref: '#/components/parameters/realm_id'
- $ref: '#/components/parameters/identity_id'
responses:
'200':
description: |
The response will be a JSON object containing the standard attributes associated with an identity.
content:
application/json:
schema:
$ref: '#/components/schemas/Identity'
examples:
Success:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1identities/post/responses/200/content/application~1json/examples/Success'
'401':
description: Unauthorized.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Missing Authorization:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/401/content/application~1json/examples/Missing%20Authorization'
'403':
description: Forbidden.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Insufficient Authorization:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/403/content/application~1json/examples/Insufficient%20Authorization'
'404':
description: The resource was not found.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Identity Not Found:
value:
code: not_found
message: identity not found
details:
- type: ResourceInfo
resource_type: Identity
id: e372db224c06e850
description: identity not found
'500':
description: Server error.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Internal Error:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/500/content/application~1json/examples/Internal%20Error'
patch:
tags:
- Identities
operationId: UpdateIdentity
summary: Patch an Identity
description: |
To update only specific attributes of an existing identity, send a PATCH request to `/v1/tenants/$TENANT_ID/realms/$REALM_ID/identities/$IDENTITY_ID`. Values in the request body for immutable or read-only fields will be ignored. Fields that are omitted from the request body will be left unchanged.
If the request conflicts with an existing resource, you will receive a 409 error.
security:
- BearerAuth:
- 'identities:update'
parameters:
- $ref: '#/components/parameters/tenant_id'
- $ref: '#/components/parameters/realm_id'
- $ref: '#/components/parameters/identity_id'
requestBody:
content:
application/json:
schema:
title: Update Identity Request
description: Request for UpdateIdentity.
type: object
properties:
identity:
$ref: '#/components/schemas/Identity'
required:
- identity
examples:
Update Display Name and Email:
value:
identity:
display_name: Test Identity
traits:
type: traits_v0
primary_email_address: test@example.com
responses:
'200':
description: |
The response will be a JSON object containing the standard attributes associated with an identity.
content:
application/json:
schema:
$ref: '#/components/schemas/Identity'
examples:
Success:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1identities/post/responses/200/content/application~1json/examples/Success'
'400':
description: Bad request.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Malformed Request:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/patch/responses/400/content/application~1json/examples/Malformed%20Request'
Invalid Parameters:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1identities/post/responses/400/content/application~1json/examples/Invalid%20Parameters'
'401':
description: Unauthorized.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Missing Authorization:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/401/content/application~1json/examples/Missing%20Authorization'
'403':
description: Forbidden.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Insufficient Authorization:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/403/content/application~1json/examples/Insufficient%20Authorization'
'404':
description: The resource was not found.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Identity Not Found:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1identities~1%7Bidentity_id%7D/get/responses/404/content/application~1json/examples/Identity%20Not%20Found'
'409':
description: Conflict.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Username Already Exists:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1identities/post/responses/409/content/application~1json/examples/Username%20Already%20Exists'
'500':
description: Server error.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Internal Error:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/500/content/application~1json/examples/Internal%20Error'
delete:
tags:
- Identities
operationId: DeleteIdentity
summary: Delete an Identity
description: |
To delete an identity, send a DELETE request to `/v1/tenants/$TENANT_ID/realms/$REALM_ID/identities/$IDENTITY_ID`. To be deleted, an identity must not be a member of any groups. The identity must must first be removed from all groups or you will receive a 409 error.
A successful request will receive a 200 status code with no body in the response. This indicates that the request was processed successfully.
security:
- BearerAuth:
- 'identities:delete'
parameters:
- $ref: '#/components/parameters/tenant_id'
- $ref: '#/components/parameters/realm_id'
- $ref: '#/components/parameters/identity_id'
responses:
'200':
description: The action was successful and the response body is empty.
'401':
description: Unauthorized.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Missing Authorization:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/401/content/application~1json/examples/Missing%20Authorization'
'403':
description: Forbidden.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Insufficient Authorization:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/403/content/application~1json/examples/Insufficient%20Authorization'
'404':
description: The resource was not found.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Identity Not Found:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1identities~1%7Bidentity_id%7D/get/responses/404/content/application~1json/examples/Identity%20Not%20Found'
'409':
description: Conflict.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Identity Has Memberships:
value:
code: conflict
message: identity has children
'500':
description: Server error.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Internal Error:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/500/content/application~1json/examples/Internal%20Error'
'/v1/tenants/{tenant_id}/realms/{realm_id}/identities/{identity_id}:listGroups':
get:
tags:
- Identities
operationId: ListIdentityGroups
summary: List All Memberships for an Identity
description: |
To list the groups to which an identity belongs, send a GET request to
`/v1/tenants/$TENANT_ID/realms/$REALM_ID/identities/$IDENTITY_ID:listGroups`.
The response will contain at most 200 items and may contain a page token to
query the remaining items. If page size is not specified, the response will
contain 20 items. There is no defined ordering of the list of groups in the
response. Note that the maximum and default page sizes are subject to
change.
When paginating, the page size is maintained by the page token but may be
overridden on subsequent requests. The skip is not maintained by the page
token and must be specified on each subsequent request.
Page tokens expire after one week. Requests which specify an expired page
token will result in undefined behavior.
security:
- BearerAuth:
- 'identities:read'
- 'groups:read'
parameters:
- $ref: '#/components/parameters/tenant_id'
- $ref: '#/components/parameters/realm_id'
- $ref: '#/components/parameters/identity_id'
- $ref: '#/components/parameters/page_size'
- $ref: '#/components/parameters/page_token'
- $ref: '#/components/parameters/skip'
responses:
'200':
description: |
The response will be a JSON object with a key called `groups` and `total_size`. `groups` will be set to an array of group objects, each of which contain the standard group attributes. `total_size` will be set to the total number of items matched by the list request. If there are more items to be returned by the requested query, the response will also contain a key called `next_page_token`.
content:
application/json:
schema:
$ref: '#/components/schemas/ListIdentityGroupsResponse'
examples:
Success:
value:
groups:
- id: 81490afab171aef0
realm_id: 7df92e4a38ba0993
tenant_id: 0001b42d80372976
display_name: Realm Administrators
description: A group of realm administrators.
create_time: 2022-03-14T03:42:52.905Z
update_time: 2022-06-14T05:55:23.823Z
total_size: 1
'400':
description: Bad request.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Invalid Parameters:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms/get/responses/400/content/application~1json/examples/Invalid%20Parameters'
'401':
description: Unauthorized.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Missing Authorization:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/401/content/application~1json/examples/Missing%20Authorization'
'403':
description: Forbidden.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Insufficient Authorization:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/403/content/application~1json/examples/Insufficient%20Authorization'
'404':
description: The resource was not found.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Identity Not Found:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1identities~1%7Bidentity_id%7D/get/responses/404/content/application~1json/examples/Identity%20Not%20Found'
'500':
description: Server error.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Internal Error:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/500/content/application~1json/examples/Internal%20Error'
'/v1/tenants/{tenant_id}/realms/{realm_id}/identities/{identity_id}/credentials':
get:
tags:
- Credentials
operationId: ListCredentials
summary: List All Credentials for an Identity
description: |
To list all credentials for an identity, send a GET request to
`/v1/tenants/$TENANT_ID/realms/$REALM_ID/identities/$IDENTITY_ID/credentials`.
`$IDENTITY_ID` may be a wildcard (`-`) to request all credentials across all
identities within the realm.
The response will contain at most 200 items and may contain a page token to
query the remaining items. If page size is not specified, the response will
contain 20 items. There is no defined ordering of the list of credentials in
the response. Note that the maximum and default page sizes are subject to
change.
When paginating, the page size is maintained by the page token but may be
overridden on subsequent requests. The skip is not maintained by the page
token and must be specified on each subsequent request.
Page tokens expire after one week. Requests which specify an expired page
token will result in undefined behavior.
security:
- BearerAuth:
- 'credentials:read'
parameters:
- $ref: '#/components/parameters/tenant_id'
- $ref: '#/components/parameters/realm_id'
- $ref: '#/components/parameters/identity_id'
- $ref: '#/components/parameters/page_size'
- $ref: '#/components/parameters/page_token'
- $ref: '#/components/parameters/skip'
responses:
'200':
description: |
The response will be a JSON object with a key called `credentials` and `total_size`. `credential` will be set to an array of credential objects, each of which contain the standard credential attributes. `total_size` will be set to the total number of items matched by the list request. If there are more items to be returned by the requested query, the response will also contain a key called `next_page_token`.
content:
application/json:
schema:
$ref: '#/components/schemas/ListCredentialsResponse'
examples:
Success:
value:
credentials:
- id: 81490afab171aef0
identity_id: e85de356dc78843a
realm_id: 7df92e4a38ba0993
tenant_id: 0001b42d80372976
state: ACTIVE
csr_type: JWT
jwk_json: '{"crv":"P-256","kty":"EC","x":"2MRhz05PJPq3BUfB18AT3HqgWEkI3VpWUg1MWi8rz1g","y":"YtvLYwGEqYQaoDVok2fVziJT4fu7DFPz3hy96FTAelQ"}'
jwk_thumbprint: UW-uVNL0mP1vcLjHrTBxibNgCEe_PD0HIsE3FrbYjPA=
create_time: 2022-03-14T03:42:52.905Z
update_time: 2022-06-14T05:55:23.823Z
total_size: 1
'400':
description: Bad request.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Invalid Parameters:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms/get/responses/400/content/application~1json/examples/Invalid%20Parameters'
'401':
description: Unauthorized.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Missing Authorization:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/401/content/application~1json/examples/Missing%20Authorization'
'403':
description: Forbidden.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Insufficient Authorization:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/403/content/application~1json/examples/Insufficient%20Authorization'
'500':
description: Internal.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Internal Error:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/500/content/application~1json/examples/Internal%20Error'
'/v1/tenants/{tenant_id}/realms/{realm_id}/identities/{identity_id}/credentials/{credential_id}':
get:
tags:
- Credentials
operationId: GetCredential
summary: Retrieve an Existing Credential
description: |
To retrieve an existing credential, send a GET request to `/v1/tenants/$TENANT_ID/realms/$REALM_ID/identities/$IDENTITY_ID/credentials/$CREDENTIAL_ID`.
security:
- BearerAuth:
- 'credentials:read'
parameters:
- $ref: '#/components/parameters/tenant_id'
- $ref: '#/components/parameters/realm_id'
- $ref: '#/components/parameters/identity_id'
- $ref: '#/components/parameters/credential_id'
responses:
'200':
description: |
The response will be a JSON object containing the standard attributes associated with a credential.
content:
application/json:
schema:
$ref: '#/components/schemas/Credential'
examples:
Success:
value:
id: 81490afab171aef0
identity_id: e85de356dc78843a
realm_id: 7df92e4a38ba0993
tenant_id: 0001b42d80372976
state: ACTIVE
csr_type: JWT
jwk_json: '{"crv":"P-256","kty":"EC","x":"2MRhz05PJPq3BUfB18AT3HqgWEkI3VpWUg1MWi8rz1g","y":"YtvLYwGEqYQaoDVok2fVziJT4fu7DFPz3hy96FTAelQ"}'
jwk_thumbprint: UW-uVNL0mP1vcLjHrTBxibNgCEe_PD0HIsE3FrbYjPA=
create_time: 2022-03-14T03:42:52.905Z
update_time: 2022-06-14T05:55:23.823Z
'401':
description: Unauthorized.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Missing Authorization:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/401/content/application~1json/examples/Missing%20Authorization'
'403':
description: Forbidden.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Insufficient Authorization:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/403/content/application~1json/examples/Insufficient%20Authorization'
'404':
description: The resource was not found.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Credential Not Found:
value:
code: not_found
message: credential not found
details:
- type: ResourceInfo
resource_type: Credential
id: 51c3c2d2907d6b40
description: credential not found
'500':
description: Internal.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Internal Error:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/500/content/application~1json/examples/Internal%20Error'
'/v1/tenants/{tenant_id}/realms/{realm_id}/identities/{identity_id}/credentials/{credential_id}:revoke':
post:
tags:
- Credentials
operationId: RevokeCredential
summary: Revoke a Credential
description: |
To revoke a credential, send a POST request to `/v1/tenants/$TENANT_ID/realms/$REALM_ID/identities/$IDENTITY_ID/credentials/$CREDENTIAL_ID:revoke`.
security:
- BearerAuth:
- 'credentials:revoke'
parameters:
- $ref: '#/components/parameters/tenant_id'
- $ref: '#/components/parameters/realm_id'
- $ref: '#/components/parameters/identity_id'
- $ref: '#/components/parameters/credential_id'
responses:
'200':
description: |
The response will be a JSON object containing the standard attributes associated with a credential.
content:
application/json:
schema:
$ref: '#/components/schemas/Credential'
examples:
Success:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1identities~1%7Bidentity_id%7D~1credentials~1%7Bcredential_id%7D/get/responses/200/content/application~1json/examples/Success'
'401':
description: Unauthorized.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Missing Authorization:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/401/content/application~1json/examples/Missing%20Authorization'
'403':
description: Forbidden.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Insufficient Authorization:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/403/content/application~1json/examples/Insufficient%20Authorization'
'404':
description: The resource was not found.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Credential Not Found:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1identities~1%7Bidentity_id%7D~1credentials~1%7Bcredential_id%7D/get/responses/404/content/application~1json/examples/Credential%20Not%20Found'
'500':
description: Server error.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Internal Error:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/500/content/application~1json/examples/Internal%20Error'
'/v1/tenants/{tenant_id}/realms/{realm_id}/identities/{identity_id}/credential-binding-jobs':
post:
tags:
- Credential Binding Jobs
operationId: CreateCredentialBindingJob
summary: Create a New Credential Binding Job
description: |
To create an identity, send a POST request to `/v1/tenants/$TENANT_ID/realms/$REALM_ID/identities/$IDENTITY_ID/credential-binding-jobs`. Values in the request body for read-only fields will be ignored.
security:
- BearerAuth:
- 'credential-binding-jobs:create'
parameters:
- $ref: '#/components/parameters/tenant_id'
- $ref: '#/components/parameters/realm_id'
- $ref: '#/components/parameters/identity_id'
requestBody:
description: Credential binding job to be created.
content:
application/json:
schema:
title: Create credential binding job request
description: Request for CreateCredentialBindingJob.
type: object
properties:
job:
$ref: '#/components/schemas/CredentialBindingJob'
required:
- job
examples:
Create Credential Binding Job:
value:
job:
delivery_method: RETURN
post_binding_redirect_uri: 'http://example.com/callback'
authenticator_config_id: 67bb0acf12e5c899
responses:
'200':
description: |
The response will be a JSON object with a key called `credential_binding_job`. The value of this will be an object containing the standard attributes associated with a credential binding job. If the `delivery_method` of the credential binding job is `RETURN`, the response will also contain a key called `credential_binding_link` that contains a link to facilitate the credential binding process.
content:
application/json:
schema:
title: Create Credential Binding Job Response
description: Response for CreateCredentialBindingJob.
type: object
properties:
credential_binding_job:
$ref: '#/components/schemas/CredentialBindingJob'
credential_binding_link:
type: string
description: |
A unique URL to be delivered to an identity to facilitate the credential binding process. This field is only present if the credential binding job's `delivery_method` is `RETURN`.
required:
- credential_binding_job
examples:
Delivery Method Return:
value:
credential_binding_job:
id: c4fc2d753ca22b14
realm_id: cdf4862dc4d49791
tenant_id: 000183a77dd50fa9
identity_id: 87fabad6956c6d4b
delivery_method: RETURN
state: LINK_SENT
post_binding_redirect_uri: 'http://example.com/callback'
authenticator_config_id: 67bb0acf12e5c899
expire_time: 2022-03-21T03:42:52.905Z
create_time: 2022-03-14T03:42:52.905Z
update_time: 2022-03-15T05:55:23.823Z
credential_binding_link: 'http://example.com/v1/tenants/000183a77dd50fa9/realms/cdf4862dc4d49791/identities/87fabad6956c6d4b/credential-binding-jobs/c4fc2d753ca22b14:invokeAuthenticator?token=1St9IKIIrYyQ8sOSeuk5UkbLKnBJhuD4I7nWIqt-BNANDEFS-XVuOHxB7TFdZcRm'
Delivery Method Email:
value:
credential_binding_job:
id: c4fc2d753ca22b14
realm_id: cdf4862dc4d49791
tenant_id: 000183a77dd50fa9
identity_id: 87fabad6956c6d4b
delivery_method: EMAIL
state: LINK_SENT
post_binding_redirect_uri: 'http://example.com/callback'
authenticator_config_id: 67bb0acf12e5c899
expire_time: 2022-03-21T03:42:52.905Z
create_time: 2022-03-14T03:42:52.905Z
update_time: 2022-03-15T05:55:23.823Z
'400':
description: Bad request.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Malformed Request:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/patch/responses/400/content/application~1json/examples/Malformed%20Request'
Invalid Parameters:
value:
code: bad_request
message: invalid parameters
details:
- type: FieldViolations
field_violations:
- field: job.authenticator_config_id
description: empty string
'401':
description: Unauthorized.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Missing Authorization:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/401/content/application~1json/examples/Missing%20Authorization'
'403':
description: Forbidden.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Insufficient Authorization:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/403/content/application~1json/examples/Insufficient%20Authorization'
'404':
description: The resource was not found.
content:
application/json:
schema:
$ref: '#/components/schemas/ResourceInfo'
examples:
Identity Not Found:
value:
code: not_found
message: identity not found
details:
- type: ResourceInfo
resource_type: Identity
id: 51c3c2d2907d6b40
description: identity not found
'422':
description: Unprocessable entity.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Identity Missing Email Address:
value:
code: unprocessable_entity
message: Identity missing email address
details:
- type: ResourceInfo
resource_type: Identity
id: 69f4d38f840c13ab
description: Identity missing email address
'500':
description: Server error.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Internal Error:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/500/content/application~1json/examples/Internal%20Error'
get:
tags:
- Credential Binding Jobs
operationId: ListCredentialBindingJobs
summary: List All Credential Binding Jobs for an Identity
description: |
To list all credential binding jobs for an identity, send a GET request to
`/v1/tenants/$TENANT_ID/realms/$REALM_ID/identities/$IDENTITY_ID/credential-binding-jobs`.
`$IDENTITY_ID` may be a wildcard (`-`) to request all credential binding
jobs across all identities within the realm.
The response will contain at most 200 items and may contain a page token to
query the remaining items. If page size is not specified, the response will
contain 20 items. There is no defined ordering of the list of credential
binding jobs in the response. Note that the maximum and default page sizes
are subject to change.
When paginating, the page size is maintained by the page token but may be
overridden on subsequent requests. The skip is not maintained by the page
token and must be specified on each subsequent request.
Page tokens expire after one week. Requests which specify an expired page
token will result in undefined behavior.
security:
- BearerAuth:
- 'credential-binding-jobs:read'
parameters:
- $ref: '#/components/parameters/tenant_id'
- $ref: '#/components/parameters/realm_id'
- $ref: '#/components/parameters/identity_id'
- $ref: '#/components/parameters/page_size'
- $ref: '#/components/parameters/page_token'
- $ref: '#/components/parameters/skip'
responses:
'200':
description: |
The response will be a JSON object with a key called `credential_binding_jobs` and `total_size`. `credential_binding_jobs` will be set to an array of credential binding job objects, each of which contain the standard credential binding job attributes. `total_size` will be set to the total number of items matched by the list request. If there are more items to be returned by the requested query, the response will also contain a key called `next_page_token`.
content:
application/json:
schema:
$ref: '#/components/schemas/ListCredentialBindingJobsResponse'
examples:
Success:
value:
credential_binding_jobs:
- id: 81490afab171aef0
identity_id: e85de356dc78843a
realm_id: 7df92e4a38ba0993
tenant_id: 0001b42d80372976
delivery_method: EMAIL
state: COMPLETE
post_binding_redirect_uri: 'http://example.com/callback'
authenticator_config_id: 67bb0acf12e5c899
expire_time: 2022-03-21T03:42:52.905Z
create_time: 2022-03-14T03:42:52.905Z
update_time: 2022-03-15T05:55:23.823Z
total_size: 1
'400':
description: Bad request.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Invalid Parameters:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms/get/responses/400/content/application~1json/examples/Invalid%20Parameters'
'401':
description: Unauthorized.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Missing Authorization:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/401/content/application~1json/examples/Missing%20Authorization'
'403':
description: Forbidden.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Insufficient Authorization:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/403/content/application~1json/examples/Insufficient%20Authorization'
'500':
description: Server error.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Internal Error:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/500/content/application~1json/examples/Internal%20Error'
'/v1/tenants/{tenant_id}/realms/{realm_id}/identities/{identity_id}/credential-binding-jobs/{credential_binding_job_id}':
get:
tags:
- Credential Binding Jobs
operationId: GetCredentialBindingJob
summary: Retrieve an Existing Credential Binding Job
description: |
To retrieve an existing credential binding job, send a GET request to `/v1/tenants/$TENANT_ID/realms/$REALM_ID/identities/$IDENTITY_ID`/credential-binding-jobs/$CREDENTIAL_BINDING_JOB_ID`.
security:
- BearerAuth:
- 'credential-binding-jobs:read'
parameters:
- $ref: '#/components/parameters/tenant_id'
- $ref: '#/components/parameters/realm_id'
- $ref: '#/components/parameters/identity_id'
- $ref: '#/components/parameters/credential_binding_job_id'
responses:
'200':
description: |
The response will be a JSON object containing the standard attributes associated with a credential binding job.
content:
application/json:
schema:
$ref: '#/components/schemas/CredentialBindingJob'
examples:
Success:
value:
id: 81490afab171aef0
identity_id: e85de356dc78843a
realm_id: 7df92e4a38ba0993
tenant_id: 0001b42d80372976
delivery_method: EMAIL
state: COMPLETE
post_binding_redirect_uri: 'http://example.com/callback'
authenticator_config_id: 67bb0acf12e5c899
expire_time: 2022-03-21T03:42:52.905Z
create_time: 2022-03-14T03:42:52.905Z
update_time: 2022-03-15T05:55:23.823Z
'401':
description: Unauthorized.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Missing Authorization:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/401/content/application~1json/examples/Missing%20Authorization'
'403':
description: Forbidden.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Insufficient Authorization:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/403/content/application~1json/examples/Insufficient%20Authorization'
'404':
description: The resource was not found.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Credential Binding Job Not Found:
value:
code: not_found
message: credential binding job not found
details:
- type: ResourceInfo
resource_type: CredentialBindingJob
id: 3103ba9a652b755e
description: credential binding job not found
'500':
description: Server error.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Internal Error:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/500/content/application~1json/examples/Internal%20Error'
'/v1/tenants/{tenant_id}/realms/{realm_id}/themes':
post:
tags:
- Themes
summary: Create a New Theme
description: |
To create a theme, send a POST request to `/v1/tenants/$TENANT_ID/realms/$REALM_ID/themes/$THEME_ID`. Values in the request body for read-only fields will be ignored. All non-read-only fields are optional and will be populated with defaults if unspecified.
Currently, each realm only supports a single theme. If a theme already exists for the realm, you will receive a 409 error.
operationId: CreateTheme
security:
- BearerAuth:
- 'themes:create'
parameters:
- $ref: '#/components/parameters/tenant_id'
- $ref: '#/components/parameters/realm_id'
requestBody:
description: Theme to be created.
content:
application/json:
schema:
title: Create Theme Request
description: Request for CreateTheme.
type: object
properties:
theme:
$ref: '#/components/schemas/Theme'
examples:
Create Theme:
value:
theme:
email_realm_name: Realm Administrators
logo_url_light: 'https://example.com/logo_url_light.png'
logo_url_dark: 'https://example.com/logo_url_dark.png'
support_url: 'https://example.com/support'
responses:
'200':
description: |
The response will be a JSON object containing the standard attributes associated with a theme.
content:
application/json:
schema:
$ref: '#/components/schemas/Theme'
examples:
Success:
value:
id: 88ef08fb-c3f9-44e2-b174-fbb239e1dc47
tenant_id: f36448f2ff094881
realm_id: aa6aabe6989bc4a5
email_realm_name: Realm Administrators
logo_url_light: 'https://example.com/logo_url_light.png'
logo_url_dark: 'https://example.com/logo_url_dark.png'
support_url: 'https://example.com/support'
create_time: 2022-07-28T18:00:00.000Z
'400':
description: Bad request.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Invalid Parameters:
value:
code: bad_request
message: Bad Request
details:
- type: FieldViolations
field_violations:
- field: theme.email_realm_name
description: provided email_realm_name must not be empty
'401':
description: Unauthorized.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Missing Authorization:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/401/content/application~1json/examples/Missing%20Authorization'
'403':
description: Forbidden.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Insufficient Authorization:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/403/content/application~1json/examples/Insufficient%20Authorization'
'404':
description: The resource was not found.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Realm Not Found:
value:
code: not_found
message: realm not found
details:
- type: ResourceInfo
resource_type: Realm
id: 19a95130480dfa79
description: realm not found
'409':
description: Conflict.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Theme Already Exists:
value:
code: conflict
message: theme already exists for this realm
'500':
description: Server error.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Internal Error:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/500/content/application~1json/examples/Internal%20Error'
'/v1/tenants/{tenant_id}/realms/{realm_id}/themes/active':
get:
tags:
- Themes
summary: Get the Active Theme
description: |
To retrieve the active theme for a realm, send a GET request to `/v1/tenants/$TENANT_ID/realms/$REALM_ID/themes/active`. If the realm has not specified the active theme, a default theme will be returned.
operationId: GetActiveTheme
security:
- BearerAuth:
- 'themes:read'
parameters:
- $ref: '#/components/parameters/tenant_id'
- $ref: '#/components/parameters/realm_id'
responses:
'200':
description: |
The response will be a JSON object containing the standard attributes associated with a theme.
content:
application/json:
schema:
$ref: '#/components/schemas/Theme'
examples:
Success:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1themes/post/responses/200/content/application~1json/examples/Success'
'401':
description: Unauthorized.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Missing Authorization:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/401/content/application~1json/examples/Missing%20Authorization'
'403':
description: Forbidden.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Insufficient Authorization:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/403/content/application~1json/examples/Insufficient%20Authorization'
'404':
description: The resource was not found.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Realm Not Found:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1themes/post/responses/404/content/application~1json/examples/Realm%20Not%20Found'
'500':
description: Server error.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Internal Error:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/500/content/application~1json/examples/Internal%20Error'
'/v1/tenants/{tenant_id}/realms/{realm_id}/themes/{theme_id}':
get:
tags:
- Themes
summary: Retrive an Existing Theme
description: |
To retrieve an existing theme, send a GET request to `/v1/tenants/$TENANT_ID/realms/$REALM_ID/themes/$THEME_ID`.
operationId: GetTheme
security:
- BearerAuth:
- 'themes:read'
parameters:
- $ref: '#/components/parameters/tenant_id'
- $ref: '#/components/parameters/realm_id'
- $ref: '#/components/parameters/theme_id'
responses:
'200':
description: |
The response will be a JSON object containing the standard attributes associated with a theme.
content:
application/json:
schema:
$ref: '#/components/schemas/Theme'
examples:
Success:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1themes/post/responses/200/content/application~1json/examples/Success'
'401':
description: Unauthorized.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Missing Authorization:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/401/content/application~1json/examples/Missing%20Authorization'
'403':
description: Forbidden.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Insufficient Authorization:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/403/content/application~1json/examples/Insufficient%20Authorization'
'404':
description: The resource was not found.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Theme Not Found:
value:
code: not_found
message: theme not found
details:
- type: ResourceInfo
resource_type: Theme
id: 72d0af37-a9bb-410c-b8a7-9aa127fd8739
description: theme not found
'500':
description: Server error.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Internal Error:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/500/content/application~1json/examples/Internal%20Error'
patch:
tags:
- Themes
summary: Patch a Theme
description: |
To update only specific attributes of an existing theme, send a PATCH request to `/v1/tenants/$TENANT_ID/realms/$REALM_ID/themes/$THEME_ID`. Values in the request body for immutable or read-only fields will be ignored. Fields that are omitted from the request body will be left unchanged.
operationId: UpdateTheme
security:
- BearerAuth:
- 'themes:update'
parameters:
- $ref: '#/components/parameters/tenant_id'
- $ref: '#/components/parameters/realm_id'
- $ref: '#/components/parameters/theme_id'
requestBody:
description: Theme to be updated.
content:
application/json:
schema:
title: Update Theme Request
description: Request for UpdateTheme.
type: object
properties:
theme:
$ref: '#/components/schemas/Theme'
examples:
Update Email Realm Name:
value:
theme:
email_realm_name: Realm Administrators
responses:
'200':
description: |
The response will be a JSON object containing the standard attributes associated with a theme.
content:
application/json:
schema:
$ref: '#/components/schemas/Theme'
examples:
Success:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1themes/post/responses/200/content/application~1json/examples/Success'
'400':
description: Bad request.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Invalid Parameters:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1themes/post/responses/400/content/application~1json/examples/Invalid%20Parameters'
'401':
description: Unauthorized.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Missing Authorization:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/401/content/application~1json/examples/Missing%20Authorization'
'403':
description: Forbidden.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Insufficient Authorization:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/403/content/application~1json/examples/Insufficient%20Authorization'
'404':
description: The resource was not found.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Theme Not Found:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1themes~1%7Btheme_id%7D/get/responses/404/content/application~1json/examples/Theme%20Not%20Found'
'500':
description: Server error.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Internal Error:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/500/content/application~1json/examples/Internal%20Error'
'/v1/tenants/{tenant_id}/realms/{realm_id}/applications':
post:
operationId: CreateApplication
tags:
- Applications
summary: Create a New Application
description: |
To create an application, send a POST request to `/v1/tenants/$TENANT_ID/realms/$REALM_ID/applications`. Values in the request body for read-only fields will be ignored.
At present, there are only two supported protocol types for applications, `oauth2` and `oidc`.
security:
- BearerAuth:
- 'applications:create'
parameters:
- $ref: '#/components/parameters/tenant_id'
- $ref: '#/components/parameters/realm_id'
requestBody:
content:
application/json:
schema:
title: Create Application Request
description: Request for CreateApplication.
type: object
properties:
application:
$ref: '#/components/schemas/Application'
required:
- application
examples:
Create Application:
value:
application:
display_name: Pet Application
resource_server_id: 84db69f5-48a8-4c11-8cda-1bae3a73f07e
protocol_config:
type: oidc
allowed_scopes:
- 'pets:read'
- 'pets:write'
confidentiality: confidential
token_endpoint_auth_method: client_secret_post
grant_type:
- authorization_code
redirect_urls:
- 'https://auth.mypetapp.com/callback'
token_configuration:
subject_field: id
expires_after: 86400
token_signing_algorithm: RS256
responses:
'200':
description: |
The response will be a JSON object containing the standard attributes associated with an application.
content:
application/json:
schema:
$ref: '#/components/schemas/Application'
examples:
Success:
value:
id: 38833c36-6f47-4992-9329-ea0a00915137
realm_id: caf2ff640497591a
tenant_id: 00011f1183c67b69
resource_server_id: 84db69f5-48a8-4c11-8cda-1bae3a73f07e
display_name: Pet Application
is_managed: false
protocol_config:
type: oidc
allowed_scopes:
- 'pets:read'
- 'pets:write'
client_id: AYYNcuOSpfqIf33JeegCzDIT
client_secret: wWD4mPzdsjms1LPekQSo0v9scOHLWy5wmMtKAR2JNhJPAKXv
confidentiality: confidential
token_endpoint_auth_method: client_secret_post
grant_type:
- authorization_code
redirect_uris:
- 'https://auth.mypetapp.com/callback'
token_configuration:
subject_field: id
expires_after: 86400
token_signing_algorithm: RS256
pkce: disabled
'400':
description: Bad request.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Malformed Request:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/patch/responses/400/content/application~1json/examples/Malformed%20Request'
Invalid Parameters:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1applications/get/responses/400/content/application~1json/examples/Invalid%20Parameters'
'401':
description: Unauthorized.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Missing Authorization:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/401/content/application~1json/examples/Missing%20Authorization'
'403':
description: Forbidden.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Insufficient Authorization:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/403/content/application~1json/examples/Insufficient%20Authorization'
'404':
description: The resource was not found.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Realm Not Found:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1applications/get/responses/404/content/application~1json/examples/Realm%20Not%20Found'
'500':
description: Server error.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Internal Error:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/500/content/application~1json/examples/Internal%20Error'
get:
operationId: ListApplications
tags:
- Applications
summary: List All Applications for a Realm
description: |
To list all applications for a realm, send a GET request to
`/v1/tenants/$TENANT_ID/realms/$REALM_ID/applications`.
The response will contain at most 100 items and may contain a page token to
query the remaining items. If page size is not specified, the response will
contain 100 items. There is no defined ordering of the list of applications
in the response. Note that the maximum and default page sizes are subject
to change.
When paginating, the page size is maintained by the page token but may be
overridden on subsequent requests. The skip is not maintained by the page
token and must be specified on each subsequent request.
Page tokens expire after one week. Requests which specify an expired page
token will result in undefined behavior.
security:
- BearerAuth:
- 'applications:read'
parameters:
- $ref: '#/components/parameters/tenant_id'
- $ref: '#/components/parameters/realm_id'
- $ref: '#/components/parameters/page_size'
- $ref: '#/components/parameters/page_token'
responses:
'200':
description: |
The response will be a JSON object with a key called `applications` and `total_size`. `applications` will be set to an array of application objects, each of which contains the standard application attributes. `total_size` will be set to the total number of items matched by the list request. If there are more items to be returned by the requested query, the response will also contain a key called `next_page_token`.
content:
application/json:
schema:
$ref: '#/components/schemas/ListApplicationsResponse'
examples:
Success:
value:
applications:
- id: 38833c36-6f47-4992-9329-ea0a00915137
realm_id: caf2ff640497591a
tenant_id: 00011f1183c67b69
resource_server_id: 84db69f5-48a8-4c11-8cda-1bae3a73f07e
display_name: Pet Application
is_managed: false
protocol_config:
type: oidc
allowed_scopes:
- 'pets:read'
- 'pets:write'
client_id: AYYNcuOSpfqIf33JeegCzDIT
client_secret: wWD4mPzdsjms1LPekQSo0v9scOHLWy5wmMtKAR2JNhJPAKXv
confidentiality: confidential
token_endpoint_auth_method: client_secret_post
grant_type:
- authorization_code
redirect_uris:
- 'https://auth.mypetapp.com/callback'
token_configuration:
subject_field: id
expires_after: 86400
token_signing_algorithm: RS256
total_size: 1
'400':
description: Bad request.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Invalid Parameters:
value:
code: bad_request
message: invalid parameters
'401':
description: Unauthorized.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Missing Authorization:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/401/content/application~1json/examples/Missing%20Authorization'
'403':
description: Forbidden.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Insufficient Authorization:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/403/content/application~1json/examples/Insufficient%20Authorization'
'404':
description: The resource was not found.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Realm Not Found:
value:
code: not_found
message: The requested resource was not found.
'500':
description: Server error.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Internal Error:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/500/content/application~1json/examples/Internal%20Error'
'/v1/tenants/{tenant_id}/realms/{realm_id}/applications/{application_id}':
get:
operationId: GetApplication
tags:
- Applications
summary: Retrieve an Existing Application
description: |
To retrieve an existing application, send a GET request to `/v1/tenants/$TENANT_ID/realms/$REALM_ID/applications/$APPLICATION_ID`.
security:
- BearerAuth:
- 'applications:read'
parameters:
- $ref: '#/components/parameters/tenant_id'
- $ref: '#/components/parameters/realm_id'
- $ref: '#/components/parameters/application_id'
responses:
'200':
description: |
The response will be a JSON object containing the standard attributes associated with an application.
content:
application/json:
schema:
$ref: '#/components/schemas/Application'
examples:
Success:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1applications/post/responses/200/content/application~1json/examples/Success'
'401':
description: Unauthorized.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Missing Authorization:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/401/content/application~1json/examples/Missing%20Authorization'
'403':
description: Forbidden.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Insufficient Authorization:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/403/content/application~1json/examples/Insufficient%20Authorization'
'404':
description: The resource was not found.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Application Not Found:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1applications/get/responses/404/content/application~1json/examples/Realm%20Not%20Found'
'500':
description: Server error.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Internal Error:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/500/content/application~1json/examples/Internal%20Error'
patch:
operationId: UpdateApplication
tags:
- Applications
summary: Patch an Application
description: |
To update only specific attributes of an existing application, send a PATCH request to `/v1/tenants/$TENANT_ID/realms/$REALM_ID/applications/$APPLICATION_ID`. Values in the request body for immutable or read-only fields will be ignored. Fields that are omitted from the request body will be left unchanged.
security:
- BearerAuth:
- 'applications:update'
parameters:
- $ref: '#/components/parameters/tenant_id'
- $ref: '#/components/parameters/realm_id'
- $ref: '#/components/parameters/application_id'
requestBody:
content:
application/json:
schema:
title: Update Application Request
description: Request for UpdateApplication.
type: object
properties:
application:
$ref: '#/components/schemas/Application'
required:
- application
examples:
Update Display Name:
value:
application:
display_name: Pet Application
responses:
'200':
description: |
The response will be a JSON object containing the standard attributes associated with an application.
content:
application/json:
schema:
$ref: '#/components/schemas/Application'
examples:
Success:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1applications/post/responses/200/content/application~1json/examples/Success'
'400':
description: Bad request.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Malformed Request:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/patch/responses/400/content/application~1json/examples/Malformed%20Request'
Invalid Parameters:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1applications/get/responses/400/content/application~1json/examples/Invalid%20Parameters'
'401':
description: Unauthorized.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Missing Authorization:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/401/content/application~1json/examples/Missing%20Authorization'
'403':
description: Forbidden.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Insufficient Authorization:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/403/content/application~1json/examples/Insufficient%20Authorization'
'404':
description: The resource was not found.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Application Not Found:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1applications/get/responses/404/content/application~1json/examples/Realm%20Not%20Found'
'500':
description: Server error.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Internal Error:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/500/content/application~1json/examples/Internal%20Error'
delete:
operationId: DeleteApplication
tags:
- Applications
summary: Delete an Application
description: |
To delete an application, send a DELETE request to `/v1/tenants/$TENANT_ID/realms/$REALM_ID/applications/$APPLICATION_ID`.
A successful request will receive a 200 status code with no body in the response. This indicates that the request was processed successfully.
security:
- BearerAuth:
- 'applications:delete'
parameters:
- $ref: '#/components/parameters/tenant_id'
- $ref: '#/components/parameters/realm_id'
- $ref: '#/components/parameters/application_id'
responses:
'200':
description: The action was successful and the response body is empty.
'401':
description: Unauthorized.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Missing Authorization:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/401/content/application~1json/examples/Missing%20Authorization'
'403':
description: Forbidden.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Insufficient Authorization:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/403/content/application~1json/examples/Insufficient%20Authorization'
'404':
description: The resource was not found.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Application Not Found:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1applications/get/responses/404/content/application~1json/examples/Realm%20Not%20Found'
'500':
description: Server error.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Internal Error:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/500/content/application~1json/examples/Internal%20Error'
'/v1/tenants/{tenant_id}/realms/{realm_id}/authenticator-configs':
post:
operationId: CreateAuthenticatorConfig
tags:
- Authenticator Configurations
summary: Create a New Authenticator Configuration
description: |
To create an authenticator configuration, send a POST request to `/v1/tenants/$TENANT_ID/realms/$REALM_ID/authenticator-configs`. Values in the request body for read-only fields will be ignored.
security:
- BearerAuth:
- 'authenticator-configs:create'
parameters:
- $ref: '#/components/parameters/tenant_id'
- $ref: '#/components/parameters/realm_id'
requestBody:
content:
application/json:
schema:
title: Create Authenticator Configuration Request
description: Request for CreateAuthenticatorConfig.
type: object
properties:
authenticator_config:
$ref: '#/components/schemas/AuthenticatorConfig'
required:
- authenticator_config
examples:
Create Authenticator Configuration:
value:
authenticator_config:
config:
type: embedded
invoke_url: 'http://localhost:8092'
trusted_origins:
- 'http://localhost:8092'
responses:
'200':
description: |
The response will be a JSON object containing the standard attributes associated with an authenticator configuration.
content:
application/json:
schema:
$ref: '#/components/schemas/AuthenticatorConfig'
examples:
Success:
value:
id: 73731b7f-eb76-4143-9b4b-81a720385f5a
realm_id: caf2ff640497591a
tenant_id: 00011f1183c67b69
config:
type: embedded
invoke_url: 'http://localhost:8092'
trusted_origins:
- 'http://localhost:8092'
'400':
description: Bad request.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Malformed Request:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/patch/responses/400/content/application~1json/examples/Malformed%20Request'
Invalid Parameters:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1applications/get/responses/400/content/application~1json/examples/Invalid%20Parameters'
'401':
description: Unauthorized.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Missing Authorization:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/401/content/application~1json/examples/Missing%20Authorization'
'403':
description: Forbidden.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Insufficient Authorization:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/403/content/application~1json/examples/Insufficient%20Authorization'
'404':
description: The resource was not found.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Realm Not Found:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1applications/get/responses/404/content/application~1json/examples/Realm%20Not%20Found'
'500':
description: Server error.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Internal Error:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/500/content/application~1json/examples/Internal%20Error'
get:
operationId: ListAuthenticatorConfigs
tags:
- Authenticator Configurations
summary: List All Authenticator Configurations for a Realm
description: |
To list all authenticator configurations for a realm, send a GET request to
`/v1/tenants/$TENANT_ID/realms/$REALM_ID/authenticator-configs`.
The response will contain at most 100 items and may contain a page token to
query the remaining items. If page size is not specified, the response will
contain 100 items. There is no defined ordering of the list of authenticator
configurations in the response. Note that the maximum and default page sizes
are subject to change.
When paginating, the page size is maintained by the page token but may be
overridden on subsequent requests. The skip is not maintained by the page
token and must be specified on each subsequent request.
Page tokens expire after one week. Requests which specify an expired page
token will result in undefined behavior.
security:
- BearerAuth:
- 'authenticator-configs:read'
parameters:
- $ref: '#/components/parameters/tenant_id'
- $ref: '#/components/parameters/realm_id'
- $ref: '#/components/parameters/page_size'
- $ref: '#/components/parameters/page_token'
responses:
'200':
description: |
The response will be a JSON object with a key called `authenticator_configs` and `total_size`. `authenticator_configs` will be set to an array of authenticator configuration objects, each of which contains the standard authenticator configuration attributes. `total_size` will be set to the total number of items matched by the list request. If there are more items to be returned by the requested query, the response will also contain a key called `next_page_token`.
content:
application/json:
schema:
$ref: '#/components/schemas/ListAuthenticatorConfigsResponse'
examples:
Success:
value:
authenticator_configs:
- id: 73731b7f-eb76-4143-9b4b-81a720385f5a
realm_id: caf2ff640497591a
tenant_id: 00011f1183c67b69
config:
invoke_url: 'http://localhost:8092'
trusted_origins:
- 'http://localhost:8092'
type: embedded
total_size: 1
'400':
description: Bad request.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Invalid Parameters:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1applications/get/responses/400/content/application~1json/examples/Invalid%20Parameters'
'401':
description: Unauthorized.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Missing Authorization:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/401/content/application~1json/examples/Missing%20Authorization'
'403':
description: Forbidden.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Insufficient Authorization:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/403/content/application~1json/examples/Insufficient%20Authorization'
'404':
description: The resource was not found.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Realm Not Found:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1applications/get/responses/404/content/application~1json/examples/Realm%20Not%20Found'
'500':
description: Server error.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Internal Error:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/500/content/application~1json/examples/Internal%20Error'
'/v1/tenants/{tenant_id}/realms/{realm_id}/authenticator-configs/{authenticator_config_id}':
get:
operationId: GetAuthenticatorConfig
tags:
- Authenticator Configurations
summary: Retrieve an Existing Authenticator Configuration
description: |
To retrieve an existing authenticator configuration, send a GET request to `/v1/tenants/$TENANT_ID/realms/$REALM_ID/authenticator-configs/$AUTHENTICATOR_CONFIG_ID`.
security:
- BearerAuth:
- 'authenticator-configs:read'
parameters:
- $ref: '#/components/parameters/tenant_id'
- $ref: '#/components/parameters/realm_id'
- $ref: '#/components/parameters/authenticator_config_id'
responses:
'200':
description: |
The response will be a JSON object containing the standard attributes associated with an authenticator configuration.
content:
application/json:
schema:
$ref: '#/components/schemas/AuthenticatorConfig'
examples:
Success:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1authenticator-configs/post/responses/200/content/application~1json/examples/Success'
'401':
description: Unauthorized.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Missing Authorization:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/401/content/application~1json/examples/Missing%20Authorization'
'403':
description: Forbidden.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Insufficient Authorization:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/403/content/application~1json/examples/Insufficient%20Authorization'
'404':
description: The resource was not found.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Authenticator Configuration Not Found:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1applications/get/responses/404/content/application~1json/examples/Realm%20Not%20Found'
'500':
description: Server error.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Internal Error:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/500/content/application~1json/examples/Internal%20Error'
patch:
operationId: UpdateAuthenticatorConfig
tags:
- Authenticator Configurations
summary: Patch an Authenticator Configuration
description: |
To update only specific attributes of an existing authenticator configuration, send a PATCH request to `/v1/tenants/$TENANT_ID/realms/$REALM_ID/authenticator-configs/$AUTHENTICATOR_CONFIG_ID`. Values in the request body for immutable or read-only fields will be ignored. Fields that are omitted from the request body will be left unchanged.
security:
- BearerAuth:
- 'authenticator-configs:update'
parameters:
- $ref: '#/components/parameters/tenant_id'
- $ref: '#/components/parameters/realm_id'
- $ref: '#/components/parameters/authenticator_config_id'
requestBody:
content:
application/json:
schema:
title: Update Authenticator Configuration Request
description: Request for UpdateAuthenticatorConfig.
type: object
properties:
authenticator_config:
$ref: '#/components/schemas/AuthenticatorConfig'
required:
- authenticator_config
examples:
Update Embedded Invoke URL:
value:
authenticator_config:
config:
invoke_url: 'http://localhost:8092'
responses:
'200':
description: |
The response will be a JSON object containing the standard attributes associated with an authenticator configuration.
content:
application/json:
schema:
$ref: '#/components/schemas/AuthenticatorConfig'
examples:
Success:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1authenticator-configs/post/responses/200/content/application~1json/examples/Success'
'400':
description: Bad request.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Malformed Request:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/patch/responses/400/content/application~1json/examples/Malformed%20Request'
Invalid Parameters:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1applications/get/responses/400/content/application~1json/examples/Invalid%20Parameters'
'401':
description: Unauthorized.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Missing Authorization:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/401/content/application~1json/examples/Missing%20Authorization'
'403':
description: Forbidden.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Insufficient Authorization:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/403/content/application~1json/examples/Insufficient%20Authorization'
'404':
description: The resource was not found.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Authenticator Configuration Not Found:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1applications/get/responses/404/content/application~1json/examples/Realm%20Not%20Found'
'500':
description: Server error.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Internal Error:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/500/content/application~1json/examples/Internal%20Error'
delete:
operationId: DeleteAuthenticatorConfig
tags:
- Authenticator Configurations
summary: Delete an Authenticator Configuration
description: |
To delete an authenticator configuration, send a DELETE request to `/v1/tenants/$TENANT_ID/realms/$REALM_ID/authenticator-configs/$AUTHENTICATOR_CONFIG_ID`.
A successful request will receive a 200 status code with no body in the response. This indicates that the request was processed successfully.
security:
- BearerAuth:
- 'authenticator-configs:delete'
parameters:
- $ref: '#/components/parameters/tenant_id'
- $ref: '#/components/parameters/realm_id'
- $ref: '#/components/parameters/authenticator_config_id'
responses:
'200':
description: The action was successful and the response body is empty.
'401':
description: Unauthorized.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Missing Authorization:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/401/content/application~1json/examples/Missing%20Authorization'
'403':
description: Forbidden.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Insufficient Authorization:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/403/content/application~1json/examples/Insufficient%20Authorization'
'404':
description: The resource was not found.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Authenticator Configuration Not Found:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1applications/get/responses/404/content/application~1json/examples/Realm%20Not%20Found'
'500':
description: Server error.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Internal Error:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/500/content/application~1json/examples/Internal%20Error'
'/v1/tenants/{tenant_id}/realms/{realm_id}/resource-servers':
post:
operationId: CreateResourceServer
tags:
- Resource Servers
summary: Create a New Resource Server
description: |
To create a resource server, send a POST request to `/v1/tenants/$TENANT_ID/realms/$REALM_ID/resource-servers`. Values in the request body for read-only fields will be ignored.
security:
- BearerAuth:
- 'resource-servers:create'
parameters:
- $ref: '#/components/parameters/tenant_id'
- $ref: '#/components/parameters/realm_id'
requestBody:
content:
application/json:
schema:
title: Create Resource Server Request
description: Request for CreateResourceServer.
type: object
properties:
resource_server:
$ref: '#/components/schemas/ResourceServer'
required:
- resource_server
examples:
Create Resource Server:
value:
resource_server:
display_name: Pet API
identifier: 'https://api.mypetapp.com'
scopes:
- 'pets:read'
- 'pets:write'
responses:
'200':
description: |
The response will be a JSON object containing the standard attributes associated with a resource server.
content:
application/json:
schema:
$ref: '#/components/schemas/ResourceServer'
examples:
Success:
value:
id: 84db69f5-48a8-4c11-8cda-1bae3a73f07e
realm_id: caf2ff640497591a
tenant_id: 00011f1183c67b69
display_name: Pet API
is_managed: false
identifier: 'https://api.mypetapp.com'
scopes:
- 'pets:read'
- 'pets:write'
'400':
description: Bad request.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Malformed Request:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/patch/responses/400/content/application~1json/examples/Malformed%20Request'
Invalid Parameters:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1applications/get/responses/400/content/application~1json/examples/Invalid%20Parameters'
'401':
description: Unauthorized.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Missing Authorization:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/401/content/application~1json/examples/Missing%20Authorization'
'403':
description: Forbidden.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Insufficient Authorization:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/403/content/application~1json/examples/Insufficient%20Authorization'
'404':
description: The resource was not found.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Realm Not Found:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1applications/get/responses/404/content/application~1json/examples/Realm%20Not%20Found'
'500':
description: Server error.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Internal Error:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/500/content/application~1json/examples/Internal%20Error'
get:
operationId: ListResourceServers
tags:
- Resource Servers
summary: List All Resource Servers For a Realm
description: |
To list all resource servers for a realm, send a GET request to
`/v1/tenants/$TENANT_ID/realms/$REALM_ID/resource-servers`.
The response will contain at most 100 items and may contain a page token to
query the remaining items. If page size is not specified, the response will
contain 100 items. There is no defined ordering of the list of resource
servers in the response. Note that the maximum and default page sizes are
subject to change.
When paginating, the page size is maintained by the page token but may be
overridden on subsequent requests. The skip is not maintained by the page
token and must be specified on each subsequent request.
Page tokens expire after one week. Requests which specify an expired page
token will result in undefined behavior.
security:
- BearerAuth:
- 'resource-servers:read'
parameters:
- $ref: '#/components/parameters/tenant_id'
- $ref: '#/components/parameters/realm_id'
- $ref: '#/components/parameters/page_size'
- $ref: '#/components/parameters/page_token'
responses:
'200':
description: |
The response will be a JSON object containing the standard attributes associated with a resource server.
content:
application/json:
schema:
$ref: '#/components/schemas/ListResourceServersResponse'
examples:
Success:
value:
resource_servers:
- id: 84db69f5-48a8-4c11-8cda-1bae3a73f07e
realm_id: caf2ff640497591a
tenant_id: 00011f1183c67b69
display_name: Pet API
is_managed: false
identifier: 'https://api.mypetapp.com'
scopes:
- 'pets:read'
- 'pets:write'
total_size: 1
'400':
description: Bad request.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Invalid Parameters:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1applications/get/responses/400/content/application~1json/examples/Invalid%20Parameters'
'401':
description: Unauthorized.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Missing Authorization:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/401/content/application~1json/examples/Missing%20Authorization'
'403':
description: Forbidden.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Insufficient Authorization:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/403/content/application~1json/examples/Insufficient%20Authorization'
'404':
description: The resource was not found.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Realm Not Found:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1applications/get/responses/404/content/application~1json/examples/Realm%20Not%20Found'
'500':
description: Server error.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Internal Error:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/500/content/application~1json/examples/Internal%20Error'
'/v1/tenants/{tenant_id}/realms/{realm_id}/resource-servers/{resource_server_id}':
get:
operationId: GetResourceServer
tags:
- Resource Servers
summary: Retrieve an Existing Resource Server
description: |
To retrieve an existing resource server, send a GET request to `/v1/tenants/$TENANT_ID/realms/$REALM_ID/resource-servers/$RESOURCE_SERVER_ID`.
security:
- BearerAuth:
- 'resource-servers:read'
parameters:
- $ref: '#/components/parameters/tenant_id'
- $ref: '#/components/parameters/realm_id'
- $ref: '#/components/parameters/resource_server_id'
responses:
'200':
description: |
The response will be a JSON object containing the standard attributes associated with a resource server.
content:
application/json:
schema:
$ref: '#/components/schemas/ResourceServer'
examples:
Success:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1resource-servers/post/responses/200/content/application~1json/examples/Success'
'401':
description: Unauthorized.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Missing Authorization:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/401/content/application~1json/examples/Missing%20Authorization'
'403':
description: Forbidden.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Insufficient Authorization:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/403/content/application~1json/examples/Insufficient%20Authorization'
'404':
description: The resource was not found.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Resource Server Not Found:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1applications/get/responses/404/content/application~1json/examples/Realm%20Not%20Found'
'500':
description: Server error.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Internal Error:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/500/content/application~1json/examples/Internal%20Error'
patch:
operationId: UpdateResourceServer
tags:
- Resource Servers
summary: Patch a Resource Server
description: |
To update only specific attributes of an existing resource server, send a a PATCH request to `/v1/tenants/$TENANT_ID/realms/$REALM_ID/resource-servers/$RESOURCE_SERVER_ID`. Values in the request body for immutable or read-only fields will be ignored. Fields that are omitted from the request body will be left unchanged.
security:
- BearerAuth:
- 'resource-servers:update'
parameters:
- $ref: '#/components/parameters/tenant_id'
- $ref: '#/components/parameters/realm_id'
- $ref: '#/components/parameters/resource_server_id'
requestBody:
content:
application/json:
schema:
title: Update Resource Server Request
description: Request for UpdateResourceServer.
type: object
properties:
resource_server:
$ref: '#/components/schemas/ResourceServer'
required:
- resource_server
examples:
Update Display Name:
value:
resource_server:
display_name: Pet API
responses:
'200':
description: |
The response will be a JSON object containing the standard attributes associated with a resource server.
content:
application/json:
schema:
$ref: '#/components/schemas/ResourceServer'
examples:
Success:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1resource-servers/post/responses/200/content/application~1json/examples/Success'
'400':
description: Bad request.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Malformed Request:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/patch/responses/400/content/application~1json/examples/Malformed%20Request'
Invalid Parameters:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1applications/get/responses/400/content/application~1json/examples/Invalid%20Parameters'
'401':
description: Unauthorized.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Missing Authorization:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/401/content/application~1json/examples/Missing%20Authorization'
'403':
description: Forbidden.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Insufficient Authorization:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/403/content/application~1json/examples/Insufficient%20Authorization'
'404':
description: The resource was not found.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Resource Server Not Found:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1applications/get/responses/404/content/application~1json/examples/Realm%20Not%20Found'
'500':
description: Server error.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Internal Error:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/500/content/application~1json/examples/Internal%20Error'
delete:
operationId: DeleteResourceServer
tags:
- Resource Servers
summary: Delete a Resource Server
description: |
To delete a resource server, send a DELETE request to `/v1/tenants/$TENANT_ID/realms/$REALM_ID/resource-servers/$RESOURCE_SERVER_ID`.
A successful request will receive a 200 status code with no body in the response. This indicates that the request was processed successfully.
security:
- BearerAuth:
- 'resource-servers:delete'
parameters:
- $ref: '#/components/parameters/tenant_id'
- $ref: '#/components/parameters/realm_id'
- $ref: '#/components/parameters/resource_server_id'
responses:
'200':
description: The action was successful and the response body is empty.
'401':
description: Unauthorized.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Missing Authorization:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/401/content/application~1json/examples/Missing%20Authorization'
'403':
description: Forbidden.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Insufficient Authorization:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/403/content/application~1json/examples/Insufficient%20Authorization'
'404':
description: The resource was not found.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Resource Server Not Found:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1applications/get/responses/404/content/application~1json/examples/Realm%20Not%20Found'
'500':
description: Server error.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
Internal Error:
$ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/500/content/application~1json/examples/Internal%20Error'
components:
parameters:
tenant_id:
name: tenant_id
in: path
description: A unique identifier for a tenant.
required: true
schema:
type: string
example: 000176d94fd7b4d1
realm_id:
name: realm_id
in: path
description: A unique identifier for a realm.
required: true
schema:
type: string
example: 19a95130480dfa79
group_id:
name: group_id
in: path
description: A unique identifier for a group.
required: true
schema:
type: string
example: 81490afab171aef0
identity_id:
name: identity_id
in: path
description: A unique identifier for an identity.
required: true
schema:
type: string
example: e372db224c06e850
credential_id:
name: credential_id
in: path
description: A unique identifier for a credential.
required: true
schema:
type: string
example: b5a31610800dda18
credential_binding_job_id:
name: credential_binding_job_id
in: path
description: A unique identifier for a credential binding job.
required: true
schema:
type: string
example: 5c4137af5e70413a
theme_id:
name: theme_id
in: path
description: A unique identifier for a theme.
required: true
schema:
type: string
application_id:
name: application_id
in: path
description: A unique identifier for an application.
required: true
schema:
type: string
authenticator_config_id:
name: authenticator_config_id
in: path
description: A unique identifier for an authenticator configuration.
required: true
schema:
type: string
resource_server_id:
name: resource_server_id
in: path
description: A unique identifier for a resource server.
required: true
schema:
type: string
page_size:
name: page_size
in: query
description: |
Number of items returned per page. The response will include at most this many results but may include fewer. If this value is omitted, the response will return the default number of results allowed by the method.
schema:
type: integer
format: uint32
minimum: 0
page_token:
name: page_token
in: query
description: |
Token to retrieve the subsequent page of the previous request. All other parameters to the list endpoint should match the original request that provided this token unless otherwise specified.
schema:
type: string
skip:
name: skip
in: query
description: |
Number of items to skip. This is the zero-based index of the first result.
schema:
type: integer
format: uint32
minimum: 0
default: 0
schemas:
Tenant:
title: Tenant
type: object
description: |
A tenant represents an organization in the Beyond Identity Cloud. Tenants contain all data necessary for that organization to operate.
properties:
id:
type: string
description: |
A unique identifier for the tenant. This is automatically generated on creation. This field is immutable and read-only.
readOnly: true
example: 000176d94fd7b4d1
display_name:
type: string
minLength: 1
maxLength: 64
pattern: '^[^{}[\]<>;:?\\/|*^%$#=~`!]*$'
description: |
A human-readable name for the tenant. This name is used for display purposes.
example: Test Tenant
create_time:
type: string
format: date-time
description: |
A time value given in ISO8601 combined date and time format that represents when the tenant was created. This is automatically generated on creation. This field is read-only.
readOnly: true
example: 2022-01-28T12:00:02.423Z
update_time:
type: string
format: date-time
description: |
A time value given in ISO8601 combined date and time format that represents when the tenant was last updated. This is automatically updated when the tenant is updated. This field is read-only.
readOnly: true
example: 2022-04-19T15:17:21.186Z
Realm:
title: Realm
type: object
description: |
A realm is a unique administrative domain within a tenant. Realms may be used to define multiple development environments or for isolated administrative domains.
properties:
id:
type: string
description: |
A unique identifier for the realm. This is automatically generated on creation. This field is immutable and read-only. This field is unique within the tenant.
readOnly: true
example: 19a95130480dfa79
tenant_id:
type: string
description: |
A unique identifier of the realm's tenant. This is automatically set on creation. This field is immutable and read-only.
readOnly: true
example: 0001f1f460b1ace6
display_name:
type: string
minLength: 1
maxLength: 64
pattern: '^[^{}[\]<>;:?\\/|*^%$#=~`!]*$'
description: |
A human-readable name for the realm. This name is used for display purposes.
example: Test Realm
create_time:
type: string
format: date-time
description: |
A time value given in ISO8601 combined date and time format that represents when the realm was created. This is automatically generated on creation. This field is read-only.
readOnly: true
example: 2022-05-18T18:00:01.167Z
update_time:
type: string
format: date-time
description: |
A time value given in ISO8601 combined date and time format that represents when the realm was last updated. This is automatically updated when the realm is updated. This field is read-only.
readOnly: true
example: 2022-05-19T14:23:01.327Z
Group:
title: Group
type: object
description: |
A group is a logical collection of identities. Groups are commonly used as a predicate in a policy rule.
properties:
id:
type: string
description: |
A unique identifier for a group. This is automatically generated on creation. This field is immutable and read-only. This field is unique within the realm.
readOnly: true
example: 81490afab171aef0
realm_id:
type: string
description: |
A unique identifier for the group's realm. This is automatically set on creation. This field is immutable and read-only.
readOnly: true
example: 7df92e4a38ba0993
tenant_id:
type: string
description: |
A unique identifier for the group's tenant. This is automatically set on creation. This field is immutable and read-only.
readOnly: true
example: 0001b42d80372976
display_name:
type: string
minLength: 1
maxLength: 64
pattern: '^[^{}[\]<>;:?\\/|*^%$#=~`!]*$'
description: |
A human-readable name for the group. This name is used for display purposes.
example: Realm Administrators
description:
type: string
maxLength: 300
pattern: '^[^{}[\]<>;:?\\/|*^%$#=~`!]*$'
description: |
A free-form text field to describe a group.
example: A group of realm administrators.
create_time:
type: string
format: date-time
description: |
A time value given in ISO8601 combined date and time format that represents when the group was created. This is automatically generated on creation. This field is read-only.
readOnly: true
example: 2022-03-14T03:42:52.905Z
update_time:
type: string
format: date-time
description: |
A time value given in ISO8601 combined date and time format that represents when the group was last updated. This is automatically updated when the group is updated. This field is read-only.
readOnly: true
example: 2022-06-14T05:55:23.823Z
Identity:
title: Identity
type: object
description: |
An identity is a unique identifier that may be used by an end-user to gain access governed by Beyond Identity.
properties:
id:
type: string
description: |
A unique identifier for the identity. This is automatically generated on creation. This field is immutable and read-only. This field is unique within the realm.
readOnly: true
example: e372db224c06e850
realm_id:
type: string
description: |
A unique identifier for the identity's realm. This is automatically set on creation. This field is immutable and read-only.
readOnly: true
example: 8f5bec58229e6f29
tenant_id:
type: string
description: |
A unique identifier for the identity's tenant. This is automatically set on creation. This field is immutable and read-only.
readOnly: true
example: 0001f1f460b1ace6
display_name:
type: string
minLength: 1
maxLength: 64
pattern: '^[^{}[\]<>;:?\\/|*^%$#=~`!]*$'
description: |
A human-readable name for the identity. This name is used for display purposes.
example: Test Display
create_time:
type: string
format: date-time
description: |
A time value given in ISO8601 combined date and time format that represents when the identity was created. This is automatically generated on creation. This field is read-only.
readOnly: true
example: 2022-04-12T05:53:07.119Z
update_time:
type: string
format: date-time
description: |
A time value given in ISO8601 combined date and time format that represents when the identity was last updated. This is automatically updated when the identity is updated. This field is read-only.
readOnly: true
example: 2022-06-16T14:31:03.770Z
traits:
description: |
A collection of properties to describe an identity. All traits contain a `type` key which describes the specific traits schema.
oneOf:
- $ref: '#/components/schemas/Traits_v0'
discriminator:
propertyName: type
mapping:
traits_v0: '#/components/schemas/Traits_v0'
Traits_v0:
title: Traits_v0
description: Set of traits associated with an identity.
type: object
properties:
type:
type: string
description: |
The type of the traits schema. This value must be provided on all writes.
example: traits_v0
username:
type: string
minLength: 1
maxLength: 64
pattern: '^[^{}[\]<>;:?\\/|*^%$#=~`!]*$'
description: 'A required, unique, case-insensitive username for an identity in the realm.'
example: test
primary_email_address:
type: string
description: Email address serving as primary contact for identity.
example: test@example.com
required:
- type
ListRealmsResponse:
title: List Realms Response
description: Response for ListRealms.
type: object
properties:
realms:
type: array
items:
$ref: '#/components/schemas/Realm'
maxItems: 200
description: An unordered array of realms corresponding to the request.
total_size:
type: integer
format: uint32
description: |
Total number of results returned by the operation. This value may be larger than the number of resources returned, such as when returning a single page where multiple pages are available.
example: 1000
next_page_token:
type: string
description: |
Token used to fetch the next set of results. If this field is omitted, there are no subsequent pages.
required:
- realms
- total_size
ListIdentitiesResponse:
title: List Identities Response
description: Response for ListIdentities.
type: object
properties:
identities:
type: array
items:
$ref: '#/components/schemas/Identity'
maxItems: 200
description: An unordered array of identities corresponding to the request.
total_size:
type: integer
format: uint32
description: |
Total number of results returned by the operation. This value may be larger than the number of resources returned, such as when returning a single page where multiple pages are available.
example: 1000
next_page_token:
type: string
description: |
Token used to fetch the next set of results. If this field is omitted, there are no subsequent pages.
required:
- identities
- total_size
ListIdentityGroupsResponse:
title: List Identity Groups Response
description: Response for ListIdentityGroups.
type: object
properties:
groups:
type: array
items:
$ref: '#/components/schemas/Group'
maxItems: 200
description: An unordered array of groups corresponding to the request.
total_size:
type: integer
format: uint32
description: |
Total number of results returned by the operation. This value may be larger than the number of resources returned, such as when returning a single page where multiple pages are available.
example: 1000
next_page_token:
type: string
description: |
Token used to fetch the next set of results. If this field is omitted, there are no subsequent pages.
required:
- groups
- total_size
ListGroupsResponse:
title: List Groups Response
description: Response for ListGroups.
type: object
properties:
groups:
type: array
items:
$ref: '#/components/schemas/Group'
maxItems: 200
description: An unordered array of groups corresponding to the request.
total_size:
type: integer
format: uint32
description: |
Total number of results returned by the operation. This value may be larger than the number of resources returned, such as when returning a single page where multiple pages are available.
example: 1000
next_page_token:
type: string
description: |
Token used to fetch the next set of results. If this field is omitted, there are no subsequent pages.
required:
- groups
- total_size
ListGroupMembersResponse:
title: List Group Members Response
description: Response for ListGroupMembers.
type: object
properties:
identities:
type: array
items:
$ref: '#/components/schemas/Identity'
maxItems: 200
description: An unordered array of identities corresponding to the request.
total_size:
type: integer
format: uint32
description: |
Total number of results returned by the operation. This value may be larger than the number of resources returned, such as when returning a single page where multiple pages are available.
example: 1000
next_page_token:
type: string
description: |
Token used to fetch the next set of results. If this field is omitted, there are no subsequent pages.
required:
- identities
- total_size
Credential:
title: Credential
description: |
A credential is also known as a passkey. This is the public-private key pair that belongs to an identity.
type: object
properties:
id:
type: string
description: |
A unique identifier for a credential. This is automatically generated on creation. This field is immutable and read-only. This field is unique within the realm.
readOnly: true
example: f3e87aa26a696372
identity_id:
type: string
description: |
A unique identifier for the credential's identity. This is automatically set on creation. This field is immutable and read-only.
readOnly: true
example: 4a2719e73d6d972d
realm_id:
type: string
description: |
A unique identifier for the credential's realm. This is automatically set on creation. This field is immutable and read-only.
readOnly: true
example: d65cc516f7f22fdd
tenant_id:
type: string
description: |
A unique identifier for the credential's tenant. This is automatically set on creation. This field is immutable and read-only.
readOnly: true
example: f1a7309c1e3d1e85
state:
type: string
enum:
- ACTIVE
- REVOKED
description: |
A string representing the current state of the credential.
The value `ACTIVE` indicates that the credential can be used to
authenticate with Beyond Identity.
The value `REVOKED` indicates that the credential has been revoked and
cannot be used to authenticate with Beyond Identity.
readOnly: true
example: ACTIVE
csr_type:
type: string
enum:
- JWT
- WEBAUTHN
description: |
A string representing the type of certificate signing request that
created this credential.
The value `JWT` indicates that the CSR was delivered in the form of a JWT.
The value `WEBAUTHN` indicates that the CSR was delivered in the form of a
WebAuthn attestation response.
readOnly: true
example: JWT
jwk_json:
type: string
description: |
The public key of the Credential in JWK format, as specified by RFC-7517. This field is immutable and read-only.
readOnly: true
example: '{"crv":"P-256","kty":"EC","x":"2MRhz05PJPq3BUfB18AT3HqgWEkI3VpWUg1MWi8rz1g","y":"YtvLYwGEqYQaoDVok2fVziJT4fu7DFPz3hy96FTAelQ"}'
jwk_thumbprint:
type: string
description: |
The base64 URL encoding of the JWK thumbprint of the public key, as specified by RFC-7638. This field is immutable and read-only.
readOnly: true
example: UW-uVNL0mP1vcLjHrTBxibNgCEe_PD0HIsE3FrbYjPA=
create_time:
type: string
format: date-time
description: |
A time value given in ISO8601 combined date and time format that represents when the credential was created. This is automatically generated on creation. This field is read-only.
readOnly: true
example: 2022-05-12T20:29:47.636Z
update_time:
type: string
format: date-time
description: |
A time value given in ISO8601 combined date and time format that represents when the credential was last updated. This is automatically updated when the credential is updated. This field is read-only.
readOnly: true
example: 2022-05-12T20:29:47.636Z
CredentialBindingJob:
title: CredentialBindingJob
description: |
A credential binding job defines the state of binding a new credential to an identity. The state includes creation of the credential binding job to delivery of the credential binding method to completion of the credential binding.
type: object
properties:
id:
type: string
description: |
A unique identifier for a credential binding job. This is automatically generated on creation. This field is immutable and read-only. This field is unique within the realm.
readOnly: true
example: 86b4f51481f09321
identity_id:
type: string
description: |
A unique identifier for the credential binding job's identity. This is automatically set on creation. This field is immutable and read-only.
readOnly: true
example: 3d227b0d5949969d
realm_id:
type: string
description: |
A unique identifier for the credential binding job's realm. This is automatically set on creation. This field is immutable and read-only.
readOnly: true
example: 9602e246c2ead9b2
tenant_id:
type: string
description: |
A unique identifier for the credential binding job's tenant. This is automatically set on creation. This field is immutable and read-only.
readOnly: true
example: ce5ace5fc7e14d6a
delivery_method:
type: string
enum:
- RETURN
- EMAIL
description: |
The method by which a credential binding link is delivered to the target
authenticator or identity.
The value `RETURN` indicates that a credential binding link will be
returned to the caller upon creation of the credential binding job.
The value `EMAIL` indicates that a credential binding link will be sent
to the email address associated with the identity.
state:
type: string
enum:
- LINK_OPENED
- LINK_SENT
- REQUEST_DELIVERED
- COMPLETE
description: |
A string representing the current state of the credential binding job.
The value `COMPLETE` indicates that a credential has been successfully
bound to an identity.
The value `LINK_OPENED` indicates that the credential binding link
associated with the job has been opened by its target identity.
The value `LINK_SENT` indicates that the credential binding link
associated with the job has been sent to its target authenticator or
identity.
The value `REQUEST_DELIVERED` indicates that the credential binding
request has been successfully delivered to its target authenticator.
readOnly: true
example: COMPLETE
post_binding_redirect_uri:
type: string
description: |
The URI to which the caller will be redirected after successfully binding a credential to an identity. This field is optional. If not specified, the authenticator will not attempt to redirect to a new location after binding.
example: 'http://example.com/callback'
authenticator_config_id:
type: string
description: |
The ID of the authenticator configuration to be used to build the credential binding job. This field is immutable.
example: 76e9eab521a8b734
expire_time:
type: string
format: date-time
description: |
A timestamp that represents when the credential binding link associated with the credential binding job will expire. This field is immutable and read-only.
readOnly: true
example: 2022-05-12T20:29:47.636Z
create_time:
type: string
format: date-time
description: |
A time value given in ISO8601 combined date and time format that represents when the credential binding job was created. This is automatically generated on creation. This field is read-only.
readOnly: true
example: 2022-05-12T20:29:47.636Z
update_time:
type: string
format: date-time
description: |
A time value given in ISO8601 combined date and time format that represents when the credential binding job was last updated. This is automatically updated when the credential binding job is updated. This field is read-only.
readOnly: true
example: 2022-05-12T20:29:47.636Z
ListCredentialsResponse:
title: List Credentials Response
description: Response for ListCredentials.
type: object
properties:
credentials:
type: array
items:
$ref: '#/components/schemas/Credential'
maxItems: 200
description: |
An unordered array of credentials corresponding to the request.
total_size:
type: integer
format: uint32
description: |
Total number of results returned by the operation. This value may be larger than the number of resources returned, such as when returning a single page where multiple pages are available.
example: 1000
next_page_token:
type: string
description: |
Token used to fetch the next set of results. If this field is omitted, there are no subsequent pages.
required:
- credentials
- total_size
ListCredentialBindingJobsResponse:
title: List Credential Binding Jobs Response
description: Response for ListCredentialBindingJobs.
type: object
properties:
credential_binding_jobs:
type: array
items:
$ref: '#/components/schemas/CredentialBindingJob'
maxItems: 200
description: |
An unordered array of credential binding jobs corresponding to the request.
total_size:
type: integer
format: uint32
description: |
Total number of results returned by the operation. This value may be larger than the number of resources returned, such as when returning a single page where multiple pages are available.
example: 1000
next_page_token:
type: string
description: |
Token used to fetch the next set of results. If this field is omitted, there are no subsequent pages.
required:
- credential_binding_jobs
- total_size
Theme:
title: Theme
description: |
A theme is a collection of configurable assets that unifies the end user login experience with your brand and products. It is primarily used to change the styling of the credential binding email.
type: object
properties:
id:
type: string
description: |
A unique identifier for a theme. This is automatically generated on creation. This field is immutable and read-only. This field is unique within the realm.
readOnly: true
example: 88ef08fb-c3f9-44e2-b174-fbb239e1dc47
tenant_id:
type: string
description: |
A unique identifier for the theme's tenant. This is automatically set on creation. This field is immutable and read-only.
readOnly: true
example: 0001b42d80372976
realm_id:
type: string
description: |
A unique identifier for the theme's realm. This is automatically set on creation. This field is immutable and read-only.
readOnly: true
example: 7df92e4a38ba0993
create_time:
type: string
format: date-time
description: |
Timestamp of when the theme was created. This field is immutable and read-only.
readOnly: true
example: 2022-07-28T18:00:00.000Z
update_time:
type: string
format: date-time
description: |
Timestamp of when the theme was last updated. This field is read-only.
readOnly: true
example: 2022-07-30T16:00:00.000Z
email_realm_name:
type: string
minLength: 1
maxLength: 64
pattern: '^[^{}[\]<>;:?\\/|*^%$#=~`!]*$'
description: Realm name that is used in email templates.
example: Realm Administrators
logo_url_light:
type: string
description: URL for resolving the logo image for light mode.
example: 'https://example.com/logo_url_light.png'
logo_url_dark:
type: string
description: URL for resolving the logo image for dark mode.
example: 'https://example.com/logo_url_dark.png'
support_url:
type: string
format: url
description: URL for the customer support portal.
example: 'https://example.com/support'
Confidentiality:
description: |
The confidentiality of the client, as prescribed by OAuth 2.0 and
OIDC. Confidentiality is based on a client's ability to authenticate
securely with the authorization server (i.e., ability to
maintain the confidentiality of their client credentials). Allowable
values are:
- `confidential`: Clients capable of maintaining the confidentiality
of their credentials (e.g., client implemented on a secure server with
restricted access to the client credentials), or capable of secure
client authentication using other means.
- `public`: Clients incapable of maintaining the confidentiality of their
credentials (e.g., clients executing on the device used by the
resource owner, such as an installed native application or a web
browser-based application), and incapable of secure client
authentication via any other means.
type: string
enum:
- confidential
- public
example: confidential
GrantType:
type: array
items:
type: string
enum:
- authorization_code
- client_credentials
example: authorization_code
description: |
Grant types supported by this application's `token` endpoint. Allowable values
are:
- `authorization_code`: The authorization code grant type defined
in OAuth 2.0, Section 4.1. Namely, the client may authorize to the
`token` endpoint with a grant code which it obtains via the `authorize`
endpoint.
- `client_credentials`: The client credentials grant type defined
in OAuth 2.0, Section 4.4. Namely, the client may authorize to the
`token` endpoint with a client credentials tuple of `client_id` and
`client_secret`.
TokenConfiguration:
description: Properties of a token issued for an application.
type: object
required:
- expires_after
properties:
expires_after:
type: integer
format: uint32
description: |
Time after minting, in seconds, for which the token will be considered valid.
minimum: 0
example: 86400
token_signing_algorithm:
type: string
enum:
- RS256
description: |
Signing algorithm to use for an application token. The only allowable value at present is `RS256`.
default: RS256
example: RS256
subject_field:
type: string
enum:
- id
- email
- username
description: |
Property of a principal which is used to fill the subject of a token issued for this application.
default: id
example: id
PkceConfig:
type: string
enum:
- disabled
- plain
- s256
description: |
PKCE code challenge methods supported for applications, as defined by
[RFC-7636](https://datatracker.ietf.org/doc/html/rfc7636). Allowable values are:
- `disabled` : PKCE is disabled for this application. This is the default state if
the `pkce` field is left blank. Please note that public OIDC and OAuth2 configured
applications MUST enable PKCE support. Confidential clients can leave PKCE disabled
if they choose.
- `plain` : PKCE is enabled for this application. The server will correlate the `code_challenge` and
`code_verifier` between the `authorize` and `token` requests. In this configuration, those fields are
required to be identical. This is the lower security option for PKCE support and should only be used
by legacy clients, or clients that don't support `s256`.
- `s256` : PKCE is enabled for this application, and the server will correlate the `code_challenge` and
`code_verifier` between the `authorize` and `token` requests. In this configuration, those fields are
required to equate as follows: `code_challenge` = `base64url(sha256(ascii(code_verifier)))`. This is
the higher security option and should always be preferred if it is supported by the client.
example: s256
TokenEndpointAuthMethod:
description: |
Indicator of the requested authentication method for the
token endpoint. Allowable values are:
- `client_secret_post`: The client uses the HTTP POST parameters
as defined in OAuth 2.0, Section 2.3.1. Namely, `client_id`
and `client_secret` are sent in the body of the POST request.
- `client_secret_basic`: The client uses HTTP Basic as defined in
OAuth 2.0, Section 2.3.1. Namely, `client_id` and `client_secret`
are sent in the Basic Authorization header.
type: string
enum:
- client_secret_basic
- client_secret_post
example: client_secret_basic
Application:
title: Application
type: object
description: |
An application represents a client application that uses Beyond Identity for authentication. This could be a native app, a single-page application, regular web application, or machine-to-machine application credentials.
properties:
id:
type: string
description: |
A unique identifier for an application. This is automatically generated on creation. This field is immutable and read-only. This field is unique within the realm.
readOnly: true
example: 38833c36-6f47-4992-9329-ea0a00915137
realm_id:
type: string
description: |
A unique identifier for the application's realm. This is automatically set on creation. This field is immutable and read-only.
readOnly: true
example: caf2ff640497591a
tenant_id:
type: string
description: |
A unique identifier for the application's tenant. This is automatically set on creation. This field is immutable and read-only.
readOnly: true
example: 00011f1183c67b69
resource_server_id:
type: string
description: |
A unique identifier for the application's resource server. At present, the only available resource server is for the Beyond Identity Management API. Referencing this resource server from an application will allow that application to grant access to Beyond Identity's APIs. When not present, this application may provide authentication (identity) but not authorization (access).
example: 84db69f5-48a8-4c11-8cda-1bae3a73f07e
authenticator_config_id:
type: string
description: |
A unique identifier for the application's authenticator configuration. This field is unused for `oidc` and `oauth2` applications when `grant_type=client_credentials`.
example: 73731b7f-eb76-4143-9b4b-81a720385f5a
display_name:
type: string
description: |
A human-readable name for the application. This name is used for display purposes.
example: Pet Application
is_managed:
type: boolean
description: |
A boolean indicating whether the application is managed by Beyond Identity. Managed applications may not be modified by the user. This is automatically set on creation. This field is immutable and read-only.
readOnly: true
example: false
protocol_config:
description: Represents an application protocol configuration.
oneOf:
- title: OAuth 2.0
description: OAuth2 protocol configuration.
type: object
required:
- type
properties:
type:
type: string
enum:
- oauth2
allowed_scopes:
type: array
items:
type: string
example: 'pets:read'
description: |
Scopes to which this application can grant access. If this application references a resource server, this set of scopes must be a subset of the resource server's available scopes. If this application does not reference a resource server, then this application can only be used for authentication and thereby `scopes` must necessarily be empty.
client_id:
type: string
description: |
The client ID for this application. This is automatically set on creation. This field is output-only.
readOnly: true
example: AYYNcuOSpfqIf33JeegCzDIT
client_secret:
type: string
description: |
The client secret to authenticate as this application; typically, as a Basic Authorization header. This is automatically set on creation. This field is output-only. This field is present only when confidentiality is `confidential`.
readOnly: true
example: wWD4mPzdsjms1LPekQSo0v9scOHLWy5wmMtKAR2JNhJPAKXv
confidentiality:
$ref: '#/components/schemas/Confidentiality'
token_endpoint_auth_method:
$ref: '#/components/schemas/TokenEndpointAuthMethod'
grant_type:
$ref: '#/components/schemas/GrantType'
redirect_uris:
type: array
items:
type: string
example: 'https://auth.mypetapp.com/callback'
description: |
A list of valid URIs to redirect the resource owner's user-agent to after completing its interaction with the authorization server. See https://datatracker.ietf.org/doc/html/rfc6749#section-3.1.2 for more information.
token_configuration:
$ref: '#/components/schemas/TokenConfiguration'
pkce:
$ref: '#/components/schemas/PkceConfig'
- title: OIDC
description: OIDC protocol configuration.
type: object
required:
- type
properties:
type:
type: string
enum:
- oidc
allowed_scopes:
type: array
items:
type: string
example: 'pets:read'
description: |
Scopes to which this application can grant access. If this application references a resource server, this set of scopes must be a subset of the resource server's available scopes. If this application does not reference a resource server, then this application can only be used for authentication and thereby `scopes` must necessarily be empty. Note that OIDC requests may accept OpenID Connect standard scopes as well as resource server scopes, but the OpenID Connect scopes should not be defined on the application itself. Currently, the only OpenID Connect supported scope is `openid`.
client_id:
type: string
description: |
The client ID for this application. This is automatically set on creation. This field is output-only.
readOnly: true
example: AYYNcuOSpfqIf33JeegCzDIT
client_secret:
type: string
description: |
The client secret to authenticate as this application; typically, as a Basic Authorization header. This is automatically set on creation. This field is output-only. This field is present only when confidentiality is `confidential`.
readOnly: true
example: wWD4mPzdsjms1LPekQSo0v9scOHLWy5wmMtKAR2JNhJPAKXv
confidentiality:
$ref: '#/components/schemas/Confidentiality'
token_endpoint_auth_method:
$ref: '#/components/schemas/TokenEndpointAuthMethod'
grant_type:
$ref: '#/components/schemas/GrantType'
redirect_uris:
type: array
items:
type: string
example: 'https://auth.mypetapp.com/callback'
description: |
A list of valid URIs to redirect the resource owner's user-agent to after completing its interaction with the authorization server. See https://datatracker.ietf.org/doc/html/rfc6749#section-3.1.2 for more information.
token_configuration:
$ref: '#/components/schemas/TokenConfiguration'
pkce:
$ref: '#/components/schemas/PkceConfig'
AuthenticatorConfig:
title: Authenticator Configuration
type: object
description: |
Representation of an authenticator configuration. This prescribes how an identity may authenticate themselves with Beyond Identity.
properties:
id:
type: string
description: |
A unique identifier for an authenticator configuration. This is automatically generated on creation. This field is immutable and read-only. This field is unique within the realm.
readOnly: true
example: 73731b7f-eb76-4143-9b4b-81a720385f5a
realm_id:
type: string
description: |
A unique identifier for the authenticator configuration's realm. This is automatically set on creation. This field is immutable and read-only.
readOnly: true
example: caf2ff640497591a
tenant_id:
type: string
description: |
A unique identifier for the authenticator configuration's tenant. This is automatically set on creation. This field is immutable and read-only.
readOnly: true
example: 00011f1183c67b69
config:
description: |
An object specifying the settings for the supported authenticator type.
oneOf:
- title: Web Authenticator
description: |
Configuration options for the hosted web authenticator. This authenticator is maintained by Beyond Identity and requires no additional configuration from the caller.
type: object
required:
- type
properties:
type:
type: string
enum:
- hosted_web
- title: Embedded SDK Authenticator
description: Configuration options for the embedded SDK authenticator.
type: object
required:
- type
- invoke_url
- trusted_origins
properties:
type:
type: string
enum:
- embedded
invoke_url:
type: string
description: URL to invoke during the authentication flow.
example: 'http://localhost:8092'
trusted_origins:
type: array
items:
type: string
example: 'http://localhost:8092'
description: |
Trusted origins are URLs that will be allowed to make requests from a browser to the Beyond Identity API. This is used with Cross-Origin Resource Sharing (CORS). These may be in the form of ` "://" [ ":" ]`, such as `https://auth.your-domain.com` or `http://localhost:3000`.
ListApplicationsResponse:
title: List Applications Response
description: Response for ListApplications.
type: object
properties:
applications:
type: array
items:
$ref: '#/components/schemas/Application'
maxItems: 100
description: |
An unordered array of applications corresponding to the request.
total_size:
type: integer
format: uint32
description: |
Total number of results returned by the operation. This value may be larger than the number of resources returned, such as when returning a single page where multiple pages are available.
example: 1000
next_page_token:
type: string
description: |
Token used to fetch the next set of results. If this field is omitted, there are no subsequent pages.
required:
- applications
- total_size
ListAuthenticatorConfigsResponse:
title: List Authenticator Configurations Response
description: Response for ListAuthenticatorConfigs.
type: object
properties:
authenticator_configs:
type: array
items:
$ref: '#/components/schemas/AuthenticatorConfig'
maxItems: 100
description: |
An unordered array of authenticator configurations corresponding to the request.
total_size:
type: integer
format: uint32
description: |
Total number of results returned by the operation. This value may be larger than the number of resources returned, such as when returning a single page where multiple pages are available.
example: 1000
next_page_token:
type: string
description: |
Token used to fetch the next set of results. If this field is omitted, there are no subsequent pages.
required:
- authenticator_configs
- total_size
ListResourceServersResponse:
title: List Resource Servers Response
description: Response for ListResourceServers.
type: object
properties:
resource_servers:
type: array
items:
$ref: '#/components/schemas/ResourceServer'
maxItems: 100
description: |
An unordered array of resource servers corresponding to the request.
total_size:
type: integer
format: uint32
description: |
Total number of results returned by the operation. This value may be larger than the number of resources returned, such as when returning a single page where multiple pages are available.
example: 1000
next_page_token:
type: string
description: |
Token used to fetch the next set of results. If this field is omitted, there are no subsequent pages.
required:
- resource_servers
- total_size
ResourceServer:
title: Resource Server
type: object
description: |
A resource server represents an API server that hosts a set of protected resources and is capable of accepting and responding to protected resource requests using access tokens. Clients can enable these APIs to be consumed from authorized applications.
properties:
id:
type: string
description: |
A unique identifier for a resource server. This is automatically generated on creation. This field is immutable and read-only. This field is unique within the realm.
readOnly: true
example: 84db69f5-48a8-4c11-8cda-1bae3a73f07e
realm_id:
type: string
description: |
A unique identifier for the resource server's realm. This is automatically set on creation. This field is immutable and read-only.
readOnly: true
example: caf2ff640497591a
tenant_id:
type: string
description: |
A unique identifier for the resource server's tenant. This is automatically set on creation. This field is immutable and read-only.
readOnly: true
example: 00011f1183c67b69
display_name:
type: string
description: |
A human-readable name for the resource server. This name is used for display purposes.
example: Pet API
is_managed:
type: boolean
description: |
A boolean indicating whether the resource server is managed by Beyond Identity. Managed resource servers may not be modified by the user. This is automatically set on creation. This field is immutable and read-only.
readOnly: true
example: false
identifier:
type: string
description: |
The identifier of this resource server entity. This value should be unique per realm and is often presented as a URI, as it should be a unique identifier for an API to which access is being gated. This identifier will be returned in the `audience` claim of all tokens minted that provide access to scopes owned by this resource server. The client is responsible for validating tokens are intended for them via this `audience` claim. Tokens minted for the Beyond Identity Management API will use the audience `beyondidentity`, which is reserved and may not be used for any other resource servers.
example: 'https://api.mypetapp.com'
scopes:
type: array
items:
type: string
example: 'pets:read'
description: |
The list of scopes supported by this resource server. For the Beyond Identity Management API, this will include scopes for all publicly available endpoints. Note that applications may not provide access to scopes that are not defined on a resource server that they reference; this is the superset of all allowable application scopes in a given realm.
Error:
type: object
properties:
code:
type: string
description: |
Human-readable HTTP status code name, stylized as lower snake case (e.g. bad_request).
message:
type: string
description: |
Human-readable message describing the error.
details:
type: array
items:
$ref: '#/components/schemas/ErrorDetail'
required:
- code
- message
ErrorDetail:
title: Error Detail
description: |
Additional details for errors designed to support client applications.
type: object
discriminator:
propertyName: type
properties:
type:
type: string
description: Type of the error detail.
required:
- type
FieldViolations:
title: Field Violations
description: Invalid request fields.
allOf:
- $ref: '#/components/schemas/ErrorDetail'
- type: object
properties:
field_violations:
type: array
items:
type: object
properties:
field:
type: string
description: The name of the field specifying an invalid value.
description:
type: string
description: A description of the field violation.
required:
- field
- description
minItems: 1
ResourceInfo:
title: Resource Information
description: Resource information.
allOf:
- $ref: '#/components/schemas/ErrorDetail'
- type: object
properties:
resource_type:
type: string
description: The type of the resource.
id:
type: string
description: The ID of the resource.
description:
type: string
description: |
A description of the failure as it relates to this resource. For example, this may indicate that the resource is not found or that a precondition failed.
required:
- resource_type
- id
- description
securitySchemes:
BearerAuth:
type: http
scheme: bearer
bearerFormat: JWT
description: |
See the [Authentication](#section/Authentication) section for details.
security:
- BearerAuth: []