openapi: 3.0.2 info: title: Konnect Identity API version: 2.0.0 description: The management API for Kong Konnect Identity resources. contact: name: Kong url: 'https://konghq.com' servers: - url: 'https://global.api.konghq.com/v2' description: Global Base URL paths: /accept-invite: post: summary: Accept Invite description: Manually accept the Konnect invitation. This endpoint allows you to manually accept the invitation to join a Konnect organization. Upon accepting the invitation, the user's name and password are set and the active state is set to true. This can be used as an alternative to the https://cloud.konghq.com/login link in the email which will finish the registration process in a web browser. operationId: accept-invite requestBody: $ref: '#/components/requestBodies/AcceptInvite' responses: '202': description: Accepted '400': $ref: '#/components/responses/BadRequest' '404': $ref: '#/components/responses/NotFound' tags: - Invites /invites: post: summary: Invite User description: Send an invitation email to invite a user to the Konnect organization. The email contains a link with a one time token to accept the invitation. Upon accepting the invitation, the user is directed to https://cloud.konghq.com/login to complete registration. operationId: invite-user requestBody: $ref: '#/components/requestBodies/InviteUser' responses: '201': description: Created '400': $ref: '#/components/responses/BadRequest' '409': $ref: '#/components/responses/Conflict' '429': $ref: '#/components/responses/RateLimited' tags: - Invites /identity-provider/team-mappings: put: summary: Update Team Mappings operationId: update-idp-team-mappings responses: '200': $ref: '#/components/responses/TeamMappingCollection' '400': $ref: '#/components/responses/BadRequest' '401': $ref: '#/components/responses/PermissionDenied' '404': $ref: '#/components/responses/NotFound' '412': $ref: '#/components/responses/PreconditionFailed' tags: - IdPs description: Update the IdP group to Konnect team mapping. requestBody: $ref: '#/components/requestBodies/UpdateTeamMappings' get: summary: Fetch Team Mapping operationId: get-idp-team-mappings responses: '200': $ref: '#/components/responses/TeamMappingResponse' '401': $ref: '#/components/responses/Unauthenticated' '403': $ref: '#/components/responses/PermissionDenied' '404': $ref: '#/components/responses/NotFound' '412': $ref: '#/components/responses/PreconditionFailed' tags: - IdPs description: Fetch the IdP group to Konnect team mapping. /roles: get: summary: Get Predefined Roles description: 'Retrieve the predefined, or system managed, roles.' operationId: get-predefined-roles responses: '200': $ref: '#/components/responses/Roles' '400': $ref: '#/components/responses/BadRequest' '401': $ref: '#/components/responses/Unauthenticated' tags: - Roles /teams: get: summary: List Teams responses: '200': $ref: '#/components/responses/TeamCollection' '400': $ref: '#/components/responses/BadRequest' '404': $ref: '#/components/responses/NotFound' operationId: list-teams description: Returns an array of team objects containing information about the Konnect Teams. parameters: - $ref: '#/components/parameters/PageSize' - $ref: '#/components/parameters/PageNumber' - schema: type: string example: 'filter[name]=Organization+Admins' in: query name: 'filter[field]' description: 'A field to filter on. Supported fields: name' tags: - Teams parameters: [] post: summary: Create Team operationId: create-team responses: '201': $ref: '#/components/responses/TeamSingle' '400': $ref: '#/components/responses/BadRequest' '403': $ref: '#/components/responses/PermissionDenied' tags: - Teams requestBody: $ref: '#/components/requestBodies/CreateTeam' description: 'Create a team in the Konnect Organization. ' '/teams/{teamId}/users': parameters: - schema: type: string example: d32d905a-ed33-46a3-a093-d8f536af9a8a format: uuid name: teamId in: path required: true description: ID of the team. get: summary: List Team Users responses: '200': $ref: '#/components/responses/UserCollection' '400': $ref: '#/components/responses/BadRequest' '404': $ref: '#/components/responses/NotFound' operationId: list-team-users description: Returns a paginated list of users that belong to the team specified in the path parameter. parameters: - $ref: '#/components/parameters/PageSize' - $ref: '#/components/parameters/PageNumber' tags: - Team Membership post: summary: Add User operationId: add-user-to-team responses: '201': description: Created '400': $ref: '#/components/responses/BadRequest' '404': $ref: '#/components/responses/NotFound' description: Add a user to a team. requestBody: $ref: '#/components/requestBodies/AddUserToTeam' tags: - Team Membership '/teams/{teamId}': parameters: - schema: type: string format: uuid example: d32d905a-ed33-46a3-a093-d8f536af9a8a name: teamId in: path required: true description: The team ID get: summary: Fetch Team responses: '200': $ref: '#/components/responses/TeamSingle' '400': $ref: '#/components/responses/BadRequest' '404': $ref: '#/components/responses/NotFound' operationId: get-team description: Returns information about a team from a given team ID. tags: - Teams patch: summary: Update Team operationId: update-team responses: '200': $ref: '#/components/responses/TeamSingle' '400': $ref: '#/components/responses/BadRequest' '404': $ref: '#/components/responses/NotFound' description: Update an individual team. requestBody: $ref: '#/components/requestBodies/UpdateTeam' tags: - Teams delete: summary: Delete Team operationId: delete-team responses: '204': description: No Content '400': $ref: '#/components/responses/BadRequest' description: Delete an individual team. tags: - Teams '/teams/{teamId}/users/{userId}': parameters: - schema: type: string format: uuid example: d32d905a-ed33-46a3-a093-d8f536af9a8a name: userId in: path required: true description: User ID - schema: type: string example: d32d905a-ed33-46a3-a093-d8f536af9a8a format: uuid name: teamId in: path required: true description: Team ID. delete: summary: Remove User operationId: remove-user-from-team responses: '204': description: No Content '400': $ref: '#/components/responses/BadRequest' '404': $ref: '#/components/responses/NotFound' description: |- Remove a user from a team. If the user was removed successfully, returns a 204 empty response. tags: - Team Membership '/teams/{teamId}/assigned-roles': parameters: - schema: type: string format: uuid example: e81bc3e5-e9db-4764-b7dd-e81e39072cbe name: teamId in: path required: true description: The team ID get: summary: List Team Roles tags: - Roles responses: '200': $ref: '#/components/responses/AssignedRoleCollection' '404': $ref: '#/components/responses/NotFound' operationId: list-team-roles description: List the roles belonging to a team. parameters: - schema: type: string in: query name: 'filter[field]' description: 'A field to filter on. Supported fields: role_name, entity_type_name' post: summary: Assign Role operationId: teams-assign-role responses: '201': $ref: '#/components/responses/AssignedRoleSingle' '400': $ref: '#/components/responses/BadRequest' '401': $ref: '#/components/responses/Unauthenticated' '403': $ref: '#/components/responses/PermissionDenied' '404': $ref: '#/components/responses/NotFound' '409': $ref: '#/components/responses/Conflict' description: Assign a role to a team. Returns 409 if role is already assigned. requestBody: $ref: '#/components/requestBodies/AssignRole' tags: - Roles '/teams/{teamId}/assigned-roles/{roleId}': parameters: - schema: type: string format: uuid example: e81bc3e5-e9db-4764-b7dd-e81e39072cbe name: teamId in: path required: true description: The team ID. - schema: type: string example: 8350205f-a305-4e39-abe9-bc082a80091a format: uuid name: roleId in: path required: true description: The role ID. delete: summary: Remove Role operationId: teams-remove-role responses: '204': description: No Content '400': $ref: '#/components/responses/BadRequest' '401': $ref: '#/components/responses/PermissionDenied' '404': $ref: '#/components/responses/NotFound' tags: - Roles description: Remove an assigned role from a team. /users: get: summary: List Users tags: - Users responses: '200': $ref: '#/components/responses/UserCollection' '400': $ref: '#/components/responses/BadRequest' operationId: list-users description: Returns a paginated list of user objects. parameters: - $ref: '#/components/parameters/PageSize' - $ref: '#/components/parameters/PageNumber' - schema: type: string example: 'filter[active]=true' in: query name: 'filter[field]' description: 'A field to filter on. Supported fields: id, email, full_name, active' '/users/{userId}': parameters: - schema: type: string format: uuid example: d32d905a-ed33-46a3-a093-d8f536af9a8a name: userId in: path required: true description: The ID of the user being deleted. get: summary: Fetch User tags: - Users responses: '200': $ref: '#/components/responses/UserSingle' '400': $ref: '#/components/responses/BadRequest' '404': $ref: '#/components/responses/NotFound' operationId: get-user description: Returns the user object for the user ID specified as a path parameter. patch: summary: Update User operationId: update-user responses: '200': $ref: '#/components/responses/UserSingle' '401': $ref: '#/components/responses/Unauthenticated' '403': $ref: '#/components/responses/PermissionDenied' '404': $ref: '#/components/responses/NotFound' description: Update an individual user. requestBody: $ref: '#/components/requestBodies/UpdateUser' tags: - Users delete: summary: Delete User operationId: delete-user responses: '204': description: No Content description: Delete an individual user. tags: - Users '/users/{userId}/teams': parameters: - schema: type: string example: d32d905a-ed33-46a3-a093-d8f536af9a8a format: uuid name: userId in: path required: true description: The user ID. get: summary: List User Teams responses: '200': $ref: '#/components/responses/TeamCollection' '404': $ref: '#/components/responses/NotFound' operationId: list-user-teams description: Returns a paginated list of a teams that the belong to the user ID parameter. parameters: - $ref: '#/components/parameters/PageSize' - $ref: '#/components/parameters/PageNumber' tags: - Team Membership '/users/{userId}/assigned-roles': parameters: - schema: type: string format: uuid example: e81bc3e5-e9db-4764-b7dd-e81e39072cbe name: userId in: path required: true description: The user ID get: summary: List User Roles tags: - Roles responses: '200': $ref: '#/components/responses/AssignedRoleCollection' '404': $ref: '#/components/responses/NotFound' operationId: list-user-roles description: List the roles assigned to a user. parameters: - schema: type: string in: query name: 'filter[field]' description: 'A field to filter on. Supported fields: role_name, entity_type_name' post: summary: Assign Role operationId: users-assign-role responses: '201': $ref: '#/components/responses/AssignedRoleSingle' '400': $ref: '#/components/responses/BadRequest' '401': $ref: '#/components/responses/Unauthenticated' '403': $ref: '#/components/responses/PermissionDenied' '404': $ref: '#/components/responses/NotFound' '409': $ref: '#/components/responses/NotFound' description: Assign a role to a user. Returns 409 if role is already assigned. requestBody: $ref: '#/components/requestBodies/AssignRole' tags: - Roles '/users/{userId}/assigned-roles/{roleId}': parameters: - schema: type: string format: uuid example: e81bc3e5-e9db-4764-b7dd-e81e39072cbe name: userId in: path required: true - schema: type: string example: 8350205f-a305-4e39-abe9-bc082a80091a format: uuid name: roleId in: path required: true delete: summary: Remove Role operationId: users-remove-role responses: '204': description: No Content '400': $ref: '#/components/responses/BadRequest' '401': $ref: '#/components/responses/Unauthenticated' '404': $ref: '#/components/responses/NotFound' tags: - Roles description: Remove an assigned role from a user. components: parameters: PageSize: name: 'page[size]' description: How many items to include in a page. in: query required: false schema: type: integer example: 10 allowEmptyValue: true PageNumber: name: 'page[number]' description: The specific page number in the collection results. in: query required: false schema: type: integer example: 2 allowEmptyValue: true responses: UserSingle: description: A get action response of a single user. content: application/json: schema: $ref: '#/components/schemas/User' examples: Example: $ref: '#/components/examples/Get-User-Response' UserCollection: description: A paginated list response for a collection of users. content: application/json: schema: type: object properties: meta: $ref: '#/components/schemas/PaginatedMeta' data: type: array items: $ref: '#/components/schemas/User' examples: User Collection Response: $ref: '#/components/examples/user-collection-response-example' TeamSingle: description: A response including a single team. content: application/json: schema: $ref: '#/components/schemas/Team' examples: Single team response: $ref: '#/components/examples/single-team-response' TeamCollection: description: A paginated list response for a collection of users. content: application/json: schema: type: object properties: meta: $ref: '#/components/schemas/PaginatedMeta' data: type: array items: $ref: '#/components/schemas/Team' examples: Team Collection: value: meta: page: number: 2 size: 1 total: 10 data: - id: 7f9fd312-a987-4628-b4c5-bb4f4fddd5f7 name: IDM - Developers description: The developers for the IDM API. system_team: false created_at: '2022-02-07T17:46:57.52Z' updated_at: '2022-09-25T13:00:00.00Z' TeamMappingCollection: description: A paginated list response for a collection of team mappings. content: application/json: schema: type: object properties: mappings: type: array items: $ref: '#/components/schemas/TeamMapping' examples: Team Mapping Collection: $ref: '#/components/examples/team-mapping-collection' AssignedRoleSingle: description: A get action response of a single assigned role. content: application/json: schema: $ref: '#/components/schemas/AssignedRole' examples: Assigned Role Example: $ref: '#/components/examples/Assigned-Role-Example' AssignedRoleCollection: description: A paginated list response for a collection of assigned roles. content: application/json: schema: type: object properties: meta: $ref: '#/components/schemas/PaginatedMeta' data: type: array description: An Array items: $ref: '#/components/schemas/AssignedRole' examples: CollectionExample: $ref: '#/components/examples/collection-example' BadRequest: description: Bad Request content: application/problem+json: schema: type: object description: The error object properties: status: type: integer description: The HTTP response code example: 400 title: type: string example: Bad Request description: The Error response instance: type: string description: The Konnect traceback ID. example: 'konnect:trace:3674017986744198214' invalid_parameters: type: array description: An array of objects that contains information related to the error response. items: type: object properties: field: type: string reason: type: string examples: Request Format is Invalid: $ref: '#/components/examples/400-request-format-is-invalid' Cannot be Blank: $ref: '#/components/examples/400-cannot-be-blank' Invalid ID format: $ref: '#/components/examples/400-invalid-id-format' Must be a valid UUID v4: $ref: '#/components/examples/400-valid-uuid' System teams cannot be modified: $ref: '#/components/examples/400-systems-team-modified' Conflict: description: Conflict content: application/problem+json: schema: type: object description: The error object properties: status: type: integer description: The HTTP response code example: 409 title: type: string example: Resource Conflict description: The Error response instance: type: string description: The Konnect traceback ID. example: 'konnect:trace:3674017986744198214' detail: type: string description: Detailed explanation of the error response. example: User is already active examples: User is Already Active: $ref: '#/components/examples/409-user-is-already-active' PermissionDenied: description: Permission denied content: application/problem+json: schema: type: object x-examples: Example 1: status: 403 title: Permission denied instance: 'konnect:trace:2822394689570210664' detail: Only enterprise organizations can create teams description: The error object. properties: status: type: integer description: HTTP status code. example: 403 title: type: string example: Bad Request description: HTTP status code instance: type: string description: Konnect traceback error code. example: 'konnect:trace:3674017986744198214' detail: type: string description: Information about the error response. example: Only enterprise organizations can create teams examples: Permission Denied: $ref: '#/components/examples/403-permission-denied' Invalid Permissions: $ref: '#/components/examples/403-invalid-permissions' Username or Password invalid: $ref: '#/components/examples/403-auth-invalid' PreconditionFailed: description: Precondition Failed content: application/problem+json: schema: type: object x-examples: Example 1: status: 412 title: Precondition Failed instance: 'konnect:trace:1896611024257578096' detail: IdP configuration not found description: The error response object. properties: status: type: integer description: The HTTP status code. example: 412 title: type: string description: The error response code. example: Precondition Failed instance: type: string description: The Konnect traceback code. example: 'konnect:trace:1896611024257578096' detail: type: string description: Details about the error response. example: IdP configuration not found examples: Precondition Failed: $ref: '#/components/examples/412-precondition-failed' multipart/form-data: schema: type: object x-examples: Example 1: status: 412 title: Precondition Failed instance: 'konnect:trace:1896611024257578096' detail: IdP configuration not found description: The error response object. properties: status: type: integer description: The HTTP status code. example: 412 title: type: string description: The Error Response. example: Precondition Failed instance: type: string description: The Konnect traceback code. example: 'konnect:trace:1896611024257578096' detail: type: string description: Detailed explanation of the error response. example: IdP configuration not found examples: IdP configuration not found: value: status: 412 title: Precondition Failed instance: 'konnect:trace:1896611024257578096' detail: IdP configuration not found RateLimited: description: Rate Limited content: application/problem+json: schema: type: object description: The error object properties: status: type: integer description: The HTTP response code example: 429 title: type: string example: Rate Limited description: The Error response instance: type: string description: The Konnect traceback ID. example: 'konnect:trace:3674017986744198214' detail: type: string description: Detailed explanation of the error response. example: Too many requests examples: Rate Limited: $ref: '#/components/examples/429-rate-limited' Unauthenticated: description: Unauthenticated content: application/problem+json: schema: type: object x-examples: Example 1: status: 401 title: Unauthenticated instance: 'konnect:trace:952172606039454040' detail: A valid token is required description: The error response object. properties: status: type: integer example: 401 description: The HTTP status code. title: type: string description: The Error Response. example: Unauthenticated instance: type: string description: The Konnect traceback code. example: 'konnect:trace:952172606039454040' detail: type: string description: Details about the error response. example: A valid token is required examples: Unauthorized: $ref: '#/components/examples/401-unauthenticated' NotFound: description: Not Found content: application/problem+json: schema: type: object x-examples: Example 1: status: 404 title: Not Found instance: 'konnect:trace:2287285207635123011' detail: The requested team was not found description: The error response object. properties: status: type: integer description: The HTTP status code. example: 404 title: type: string description: The error response code. example: Not Found instance: type: string example: 'konnect:trace:2287285207635123011' description: The Konnect traceback code detail: type: string example: The requested team was not found description: Details about the error. examples: Not Found: $ref: '#/components/examples/404-not-found' TeamMappingResponse: description: A paginated list response for a collection of team mappings. content: application/json: schema: type: object x-examples: Example 1: meta: page: number: 1 size: 10 total: 6 data: - group: 111(@&*$)(@*#_@(gfds re gdsf dfg team_ids: - c0010105-e840-4824-b7ee-787f22267c36 - group: '2222' team_ids: - af91db4c-6e51-403e-a2bf-33d27ae50c0a - group: group1 team_ids: - 3df49db8-39ff-490d-9fe1-251a3361fb13 - group: group2 team_ids: - 3df49db8-39ff-490d-9fe1-251a3361fb13 - 73e6d38a-424d-4217-91af-70cbd7e9e38c - group: group3 team_ids: - 73e6d38a-424d-4217-91af-70cbd7e9e38c - 8cc1d620-49ce-4fb8-ae18-e394f34faafc - 3df49db8-39ff-490d-9fe1-251a3361fb13 - group: group4 team_ids: - 93d6d4d5-0d76-4379-b62b-1fcdc78b1563 - 3df49db8-39ff-490d-9fe1-251a3361fb13 - 73e6d38a-424d-4217-91af-70cbd7e9e38c - 8cc1d620-49ce-4fb8-ae18-e394f34faafc properties: meta: type: object description: Contains pagination data. properties: page: type: object description: The page object. properties: number: type: integer description: Page number. example: 1 size: type: integer description: Page size. example: 9 total: type: integer description: Total number of results. example: 5 data: type: array items: type: object properties: group: type: string description: Group names. example: 111(@&*$)(@*#_@(gfds re gdsf dfg team_ids: type: array description: Team ID's that belong to the specified group. items: type: string example: 3df49db8-39ff-490d-9fe1-251a3361fb13 examples: Group Collection: $ref: '#/components/examples/group-collection-example' Roles: description: 'The predefined, or system managed, roles.' content: application/json: schema: type: object properties: runtime_groups: type: object additionalProperties: false required: - name - roles properties: name: type: string enum: - Runtime Groups roles: type: object properties: admin: type: object additionalProperties: false required: - name - description properties: name: type: string enum: - Admin description: type: string example: This role grants full write access to all entities within a runtime group. enum: - This role grants full write access to all entities within a runtime group. certificate_admin: type: object additionalProperties: false required: - name - description properties: name: type: string enum: - Certificate Admin description: type: string example: This role grants full write access to administer certificates. enum: - This role grants full write access to administer certificates. consumer_admin: type: object additionalProperties: false required: - name - description properties: name: type: string enum: - Consumer Admin description: type: string example: This role grants full write access to administer consumers. enum: - This role grants full write access to administer consumers. creator: type: object additionalProperties: false required: - name - description properties: name: type: string enum: - Creator description: type: string example: Creates a new Runtime Group in an organization. The creator becomes the owner of the Runtimegroup they create. enum: - Creates a new Runtime Group in an organization. The creator becomes the owner of the Runtimegroup they create. deployer: type: object additionalProperties: false required: - name - description properties: name: type: string enum: - Deployer description: type: string example: 'This role grants full write access to administer services, routes and plugins necessary to deploy services in Service Hub.' enum: - 'This role grants full write access to administer services, routes and plugins necessary to deploy services in Service Hub.' gateway_service_admin: type: object additionalProperties: false required: - name - description properties: name: type: string enum: - Gateway Service Admin description: type: string example: This role grants full write access to administer gateway services. enum: - This role grants full write access to administer gateway services. plugin_admin: type: object additionalProperties: false required: - name - description properties: name: type: string enum: - Plugin Admin description: type: string example: This role grants full write access to administer plugins. enum: - This role grants full write access to administer plugins. route_admin: type: object additionalProperties: false required: - name - description properties: name: type: string enum: - Route Admin description: type: string example: This role grants full write access to administer routes. enum: - This role grants full write access to administer routes. sni_admin: type: object additionalProperties: false required: - name - description properties: name: type: string enum: - SNI Admin description: type: string example: This role grants full write access to administer SNIs. enum: - This role grants full write access to administer SNIs. upstream_admin: type: object additionalProperties: false required: - name - description properties: name: type: string enum: - Upstream Admin description: type: string example: This role grants full write access to administer upstreams. enum: - This role grants full write access to administer upstreams. viewer: type: object additionalProperties: false required: - name - description properties: name: type: string enum: - Viewer description: type: string example: This role grants read only access to all entities within a runtime group. enum: - This role grants read only access to all entities within a runtime group. services: type: object additionalProperties: false required: - name - roles properties: name: type: string enum: - Services roles: type: object properties: admin: type: object additionalProperties: false required: - name - description properties: name: type: string enum: - Admin description: type: string example: 'Admin of an existing Service. The admins have all write access permissions related to a Service, service version, service package etc.' enum: - 'Admin of an existing Service. The admins have all write access permissions related to a Service, service version, service package etc.' application_registration: type: object additionalProperties: false required: - name - description properties: name: type: string enum: - Application Registration description: type: string example: This role grants permission to enable and disable application registration on a service. enum: - This role grants permission to enable and disable application registration on a service. creator: type: object additionalProperties: false required: - name - description properties: name: type: string enum: - Creator description: type: string example: 'This access is required to create a service. In addition the creators are granted Admin access to the service they create. This access is not for creating sub-entities such as service versions, implementations, API specs etc.' enum: - 'This access is required to create a service. In addition the creators are granted Admin access to the service they create. This access is not for creating sub-entities such as service versions, implementations, API specs etc.' deployer: type: object additionalProperties: false required: - name - description properties: name: type: string enum: - Deployer description: type: string example: This role grants permission to deploy and remove a service from a runtime group. enum: - This role grants permission to deploy and remove a service from a runtime group. maintainer: type: object additionalProperties: false required: - name - description properties: name: type: string enum: - Maintainer description: type: string example: This role grants all write permission to manage a service and to administer plugins. enum: - This role grants all write permission to manage a service and to administer plugins. plugins_admin: type: object additionalProperties: false required: - name - description properties: name: type: string enum: - Plugins Admin description: type: string example: This role grants full write permission to administer plugins. enum: - This role grants full write permission to administer plugins. publisher: type: object additionalProperties: false required: - name - description properties: name: type: string enum: - Publisher description: type: string example: This role grants permission to publish a service to one or more portals. enum: - This role grants permission to publish a service to one or more portals. viewer: type: object additionalProperties: false required: - name - description properties: name: type: string enum: - Viewer description: type: string example: 'Viewer has read-only access to all the configurations of a service, attributes, versions, reports, vitals and plugins.' enum: - 'Viewer has read-only access to all the configurations of a service, attributes, versions, reports, vitals and plugins.' examples: Predefined Roles: value: runtime_groups: name: Runtime Groups roles: admin: name: Admin description: This role grants full write access to all entities within a runtime group. certificate_admin: name: Certificate Admin description: This role grants full write access to administer certificates. consumer_admin: name: Consumer Admin description: This role grants full write access to administer consumers. creator: name: Creator description: Creates a new Runtime Group in an organization. The creator becomes the owner of the Runtimegroup they create. deployer: name: Deployer description: 'This role grants full write access to administer services, routes and plugins necessary to deploy services in Service Hub.' gateway_service_admin: name: Gateway Service Admin description: This role grants full write access to administer gateway services. plugin_admin: name: Plugin Admin description: This role grants full write access to administer plugins. route_admin: name: Route Admin description: This role grants full write access to administer routes. sni_admin: name: SNI Admin description: This role grants full write access to administer SNIs. upstream_admin: name: Upstream Admin description: This role grants full write access to administer upstreams. viewer: name: Viewer description: This role grants read only access to all entities within a runtime group. services: name: Services roles: admin: name: Admin description: 'Admin of an existing Service. The admins have all write access permissions related to a Service, service version, service package etc.' application_registration: name: Application Registration description: This role grants permission to enable and disable application registration on a service. creator: name: Creator description: 'This access is required to create a service. In addition the creators are granted Admin access to the service they create. This access is not for creating sub-entities such as service versions, implementations, API specs etc.' deployer: name: Deployer description: This role grants permission to deploy and remove a service from a runtime group. maintainer: name: Maintainer description: This role grants all write permission to manage a service and to administer plugins. plugins_admin: name: Plugins Admin description: This role grants full write permission to administer plugins. publisher: name: Publisher description: This role grants permission to publish a service to one or more portals. viewer: name: Viewer description: 'Viewer has read-only access to all the configurations of a service, attributes, versions, reports, vitals and plugins.' requestBodies: UpdateUser: description: The request schema for the update user request. content: application/json: schema: type: object properties: full_name: type: string pattern: '^[\w \W]+$' example: James C. Woods description: The user's full name. writeOnly: true preferred_name: type: string maxLength: 250 example: Jimmy description: The user's desired name. writeOnly: true examples: Example Request Body: $ref: '#/components/examples/Update-User-Request' CreateTeam: description: |- The request schema for the create team request. If you pass the same `name` and `description` of an existing team in the request, a team with the same `name` and `description` will be created. The two teams will have different `team_id` values to differntiate them. content: application/json: schema: type: object properties: name: type: string example: IDM - Developers pattern: '^[\w \W]+$' description: A name for the team being created. writeOnly: true description: type: string maxLength: 250 example: The Identity Management (IDM) team. description: The description of the new team. writeOnly: true required: - name examples: Example Request Body: $ref: '#/components/examples/CreateTeamExample' UpdateTeam: description: The request schema for the update team request. content: application/json: schema: type: object properties: name: type: string example: IDM - Developers pattern: '^[\w \W]+$' description: The name of the team. writeOnly: true description: type: string maxLength: 250 example: The Identity Management (IDM) API team. description: The description of the team. writeOnly: true examples: Example Request Body: $ref: '#/components/examples/Update-Team-Request' AddUserToTeam: description: The request schema for adding a user to a team. content: application/json: schema: type: object properties: id: type: string example: df120cb4-f60b-47bc-a2f8-6a28e6a3c63b format: uuid description: The user ID for the user being added to a team. writeOnly: true required: - id examples: Example request body: $ref: '#/components/examples/Add-User-Request' UpdateTeamMappings: content: application/json: schema: type: object x-examples: Example 1: mappings: - group: Service Developers team_ids: - af91db4c-6e51-403e-a2bf-33d27ae50c0a properties: mappings: type: array description: The mappings object. items: type: object properties: group: type: string team_ids: type: array items: type: string examples: Example Request Body: $ref: '#/components/examples/Update-Team-Mappings' description: The request schema for updating IdP team mappings. AssignRole: content: application/json: schema: type: object description: An assigned role is a role that has been assigned to a user or team. x-examples: US Example: id: 11e342b4-cdc4-463c-b47c-78ff927e7514 role_name: Viewer entity_id: 18ee2573-dec0-4b83-be99-fa7700bcdc61 entity_type_name: Runtime Groups entity_region: us All Regions Example: id: 8f7fff49-de9d-4a77-8669-33216744ce2d role_name: Admin entity_id: 18ee2573-dec0-4b83-be99-fa7700bcdc61 entity_type_name: Reports entity_region: '*' properties: role_name: type: string example: Viewer description: The desired role. entity_id: type: string format: uuid example: e67490ce-44dc-4cbd-b65e-b52c746fc26a description: The ID of the entity. entity_type_name: type: string example: Runtime Groups description: The type of entity. entity_region: type: string enum: - us - eu - '*' example: eu description: The region of the team. examples: Assigned Roles US: $ref: '#/components/examples/Assign-Roles-US' Assigned Roles Global: $ref: '#/components/examples/Assign-Roles-Global' description: Assign a role to a user or a team. AcceptInvite: content: application/json: schema: type: object properties: password: type: string example: TestPassword123!! format: password writeOnly: true description: Sets the password for the user. full_name: type: string example: James C. Woods writeOnly: true description: Full name of the user. preferred_name: type: string example: Tiger description: Preferred name of the user. token: type: string format: uuid example: 7690d649-86fc-4d10-8771-c094d2efbd85 writeOnly: true description: The one time token in accept-invitation link. required: - password - full_name - preferred_name - token description: The request schema for the accept invite request. InviteUser: content: application/json: schema: type: object properties: email: type: string format: email example: james.c.woods@example.com writeOnly: true required: - email description: |- The request schema for the invite user request. If you pass an `email` that is not already an active user in the request, a fresh invitation email will be created and sent to the new user. schemas: PaginatedMeta: type: object x-examples: example-1: page: number: 2 size: 10 total: 100 title: PaginatedMeta description: Returns pagination information properties: page: type: object description: Contains pagination query parameters and the total number of objects returned. properties: number: type: integer example: 2 description: Specifies the number of objects returned per page. size: type: integer example: 10 maximum: 100 description: Specifies the size of the page. total: type: integer maximum: 1000 example: 100 description: Integer representation of the amount of items returned. User: title: User type: object description: The user object contains information about an individual user who can use the Konnect application and API. x-examples: Example: id: 7f9fd312-a987-4628-b4c5-bb4f4fddd5f7 email: user@email.com full_name: Test User preferred_name: test active: true created_at: '2022-02-07T17:46:57.52Z' updated_at: '2022-10-08T17:00:00.52Z' properties: id: type: string format: uuid example: 7f9fd312-a987-4628-b4c5-bb4f4fddd5f7 description: The User ID. readOnly: true email: type: string format: email example: user@email.com maxLength: 250 description: The email registered to the user. full_name: type: string pattern: '^[\w \W]+$' maxLength: 250 description: The User's full name. example: Jane Doe preferred_name: type: string example: Jane maxLength: 250 description: The User's preffered name. active: type: boolean default: true description: Returns True if a user has verified their email address. readOnly: true created_at: type: string format: date-time example: '2022-02-07T17:46:57.52Z' description: The time stamp for the date the account was registered. readOnly: true updated_at: type: string format: date-time example: '2022-10-08T17:00:00.52Z' description: A Unix timestamp representation of the most recent change to the User account. readOnly: true Team: title: Team type: object description: The team object contains information about a group of users. x-examples: Example: id: 7f9fd312-a987-4628-b4c5-bb4f4fddd5f7 name: IDM - Developers description: The developers for the IDM API. system_team: false created_at: '1992-02-07T17:46:57.52Z' updated_at: '2022-08-31T17:00:00.52Z' properties: id: type: string format: uuid example: 7f9fd312-a987-4628-b4c5-bb4f4fddd5f7 description: The team ID. readOnly: true name: type: string pattern: '^[\w \W]+$' example: IDM - Developers maxLength: 250 description: The name of the team. description: type: string example: The developers for the IDM API. maxLength: 250 description: The team description in Konnect. system_team: type: boolean default: false description: 'Returns True if a user belongs to a `system_team`. System teams are teams that can manage Konnect objects, like "Organization Admin", or "Service' readOnly: true created_at: type: string format: date-time example: '1992-02-07T17:46:57.52Z' description: A Unix timestamp representation of team creation. readOnly: true updated_at: type: string format: date-time example: '2022-02-07T17:00:00.52Z' description: | A Unix timestamp representation of the most recent change to the team object in Konnect. readOnly: true TeamMapping: title: TeamMapping type: object description: A team assignment is a mapping of an IdP group to a Konnect Team. x-examples: Example: group: Service Developers team_ids: - 6801e673-cc10-498a-94cd-4271de07a0d3 properties: group: type: string example: Service Developers description: The IdP group. team_ids: type: array uniqueItems: true description: An array of ID's that are mapped to the specified group. items: type: string format: uuid example: 6801e673-cc10-498a-94cd-4271de07a0d3 AssignedRole: title: AssignedRole type: object description: An assigned role is a role that has been assigned to a user or team. x-examples: US Example: id: 54cc6168-ebb1-4300-8168-d62a0dd08fc8 role_name: Viewer entity_id: 18ee2573-dec0-4b83-be99-fa7700bcdc61 entity_type_name: Runtime Groups entity_region: us All Regions Example: id: 745bc744-7a3d-46c0-a9ea-04302e44fb44 role_name: Admin entity_id: 18ee2573-dec0-4b83-be99-fa7700bcdc61 entity_type_name: Services entity_region: '*' properties: id: type: string format: uuid example: eaf7adf1-32c8-4bbf-b960-d1f8456afe67 description: The ID of the role assignment. role_name: type: string example: Viewer description: Name of the role being assigned. entity_id: type: string format: uuid example: 817d0422-45c9-4d88-8d64-45aef05c1ae7 description: A RBAC entity ID. entity_type_name: type: string example: Runtime Groups description: Name of the entity type the role is being assigned to. entity_region: type: string enum: - us - eu - '*' example: eu description: Region of the entity. securitySchemes: personalAccessToken: type: http scheme: bearer bearerFormat: Token description: | You can generate a Personal Access Token (PAT) from the [personal access token page](https://cloud.konghq.com/global/tokens/) in the Konnect dashboard. The PAT token must be passed in the header of a request, for example: `curl -X GET 'https://global.api.konghq.tech/v2/users/' --header 'Authorization: Bearer kpat_xgfT'` examples: 400-request-format-is-invalid: value: status: 400 title: Bad Request instance: 'konnect:trace:3674017986744198214' invalid_parameters: - field: body reason: request format is invalid 400-cannot-be-blank: value: status: 400 title: Bad Request instance: 'konnect:trace:6644808935508571943' invalid_parameters: - field: name reason: cannot be blank 400-invalid-id-format: value: status: 400 title: Bad Request instance: 'konnect:trace:8988732526256293040' invalid_parameters: - field: teamID reason: invalid ID format 400-valid-uuid: value: status: 400 title: Bad Request instance: 'konnect:trace:7680390984800447837' invalid_parameters: - field: id reason: must be a valid UUID v4 400-systems-team-modified: value: status: 400 title: Bad Request instance: 'konnect:trace:1738820719742148545' invalid_parameters: - field: teamID reason: system teams cannot be modified 404-not-found: value: status: 404 title: Not Found instance: 'konnect:trace:2287285207635123011' detail: The requested team was not found 403-permission-denied: value: status: 403 title: Permission denied instance: 'konnect:trace:2822394689570210664' detail: Only enterprise organizations can create teams 403-invalid-permissions: value: status: 403 title: Invalid Permissions detail: 'You must have the [administrator] role to perform this action' instance: 'konnect:trace:6c1ef33ae5bce33634d7d7d695c7f203' 403-auth-invalid: value: type: 'https://kongapi.info/konnect/invalid-permissions' status: 403 title: Invalid Permissions detail: 'You must have the [administrator] role to perform this action' instance: 'konnect:trace:6c1ef33ae5bce33634d7d7d695c7f203' 409-user-is-already-active: value: status: 409 title: Resource Conflict instance: 'konnect:trace:6644808935508571943' detail: User is already active 412-precondition-failed: value: status: 412 title: Precondition Failed instance: 'konnect:trace:1896611024257578096' detail: IdP configuration not found 429-rate-limited: value: status: 429 title: Rate Limited instance: 'konnect:trace:6644808935508571943' detail: Too many requests collection-example: value: meta: page: number: 2 size: 10 total: 100 data: - id: b02e23c5-8ee4-4e5a-99f4-43329923adcd role_name: Viewer entity_id: 437c7192-fea0-4f35-8478-c8d57783f8c1 entity_type_name: Runtime Groups entity_region: eu - id: 869d9402-f117-4f9a-840f-69acaf70a81a role_name: Admin entity_id: 18ee2573-dec0-4b83-be99-fa7700bcdc61 entity_type_name: Services entity_region: '*' Assigned-Role-Example: value: id: eaf7adf1-32c8-4bbf-b960-d1f8456afe67 role_name: Viewer entity_id: 817d0422-45c9-4d88-8d64-45aef05c1ae7 entity_type_name: Runtime Groups entity_region: eu group-collection-example: value: meta: page: number: 1 size: 10 total: 6 data: - group: 111(@&*$)(@*#_@(gfds re gdsf dfg team_ids: - c0010105-e840-4824-b7ee-787f22267c36 - group: '2222' team_ids: - af91db4c-6e51-403e-a2bf-33d27ae50c0a single-team-response: value: id: 7f9fd312-a987-4628-b4c5-bb4f4fddd5f7 name: IDM - Developers description: The developers for the IDM API. system_team: false created_at: '2022-02-07T17:46:57.52Z' updated_at: '2022-09-25T13:00:00.00Z' team-mapping-collection: value: mappings: - group: Service Developers team_ids: - 6801e673-cc10-498a-94cd-4271de07a0d3 401-unauthenticated: value: status: 401 title: Unauthenticated instance: 'konnect:trace:952172606039454040' detail: A valid token is required user-collection-response-example: value: meta: page: number: 2 size: 1 total: 10 data: - id: 7f9fd312-a987-4628-b4c5-bb4f4fddd5f7 email: james.woods@email.com full_name: James Woods preferred_name: Jimmy active: true created_at: '2022-08-17T17:46:57.52Z' updated_at: '2022-10-03T17:00:00.00Z' Get-User-Response: value: id: 7f9fd312-a987-4628-b4c5-bb4f4fddd5f7 email: james.woods@email.com full_name: James Woods preferred_name: Jimmy active: true created_at: '1992-02-07T17:46:57.52Z' updated_at: '2022-02-07T17:00:00.52Z' Assign-Roles-US: value: role_name: Viewer entity_id: 18ee2573-dec0-4b83-be99-fa7700bcdc61 entity_type_name: runtime_groups entity_region: us Assign-Roles-Global: value: role_name: Admin entity_id: 18ee2573-dec0-4b83-be99-fa7700bcdc61 entity_type_name: services entity_region: '*' CreateTeamExample: value: name: IDM - Developers description: The Identity Management (IDM) team. Update-Team-Request: value: name: IDM - Developers description: The Identity Management (IDM) API team. Update-Team-Mappings: value: mappings: - group: Service Developers team_ids: - af91db4c-6e51-403e-a2bf-33d27ae50c0a Update-User-Request: value: full_name: James C Woods preferred_name: Jimmy Add-User-Request: value: id: df120cb4-f60b-47bc-a2f8-6a28e6a3c63b security: - personalAccessToken: [] tags: - name: IdPs - name: Invites - name: Roles - name: Team Membership - name: Teams - name: Users