Introduction

This is the NetFoundry identity service

Overview

HTTP verbs

NetFoundry adheres closely to standard HTTP and REST conventions in its use of HTTP verbs.

Verb Usage

GET

Used to retrieve a resource

POST

Used to create a new resource

PUT

Used to update an existing resource, full updates only

DELETE

Used to delete an existing resource
The PATCH method is not used (yet).

HTTP status codes

NetFoundry adheres closely to standard HTTP and REST conventions in its use of HTTP status codes.

Status code Usage

200 OK

The actual response will depend on the request method used. In a GET request, the response will contain an entity corresponding to the requested resource. In a POST request, the response will contain an entity describing or containing the result of the action.

201 Created

The request has been fulfilled and resulted in a new resource being created.

202 Accepted

The request has been accepted and is being processed asynchronously Standard response for successful HTTP requests which invoke back-end services.

204 No Content

The server successfully processed the request, but is not returning any content.

400 Bad Request

The server cannot or will not process the request due to something that is perceived to be a client error (e.g., malformed request syntax, invalid request message framing, or deceptive request routing).

401 Unauthorized

The request lacks valid authentication credentials for the target resource.

403 Forbidden

The request is authenticated with valid credentials however that set of credentials is not authorized to access this resource.

404 Not Found

The requested resource could not be found but may be available again in the future. Subsequent requests by the client are permissible.

Resources

Organization

Find Organizations

GET /organizations

Authorization

This endpoint requires:

  • read action on this organization resource.

Query parameters

Supports standard paging query parameters.

Parameter Type Optional Description

realmId

Object

true

name

String

true

active

Boolean

true

mfaProviders

Object

true

Must be one of [None, GoogleAuthenticator].

includeDeleted

Boolean

true

Default value: 'false'.

Response fields

Standard paging response where content field is list of following objects:

Path Type Optional Description

id

String

true

realmId

String

true

name

String

true

label

String

true

identityProviders

Array[Object]

true

identityProviders[].id

String

true

identityProviders[].organizationId

String

true

identityProviders[].auth0ConnectionId

String

true

identityProviders[].name

String

true

identityProviders[].auth0ConnectionType

String

true

Must be one of [Database, Social, Enterprise, Passwordless].

identityProviders[].active

Boolean

true

identityProviders[].createdAt

Object

true

identityProviders[].updatedAt

Object

true

identityProviders[].deletedAt

Object

true

defaultRoles

Array[Object]

true

defaultRoles[].id

String

true

defaultRoles[].organizationId

String

true

defaultRoles[].name

String

true

defaultRoles[].roleType

String

true

Must be one of [Standard, Custom].

defaultRoles[].roleId

String

true

defaultRoles[].createdBy

String

true

defaultRoles[].createdAt

Object

true

defaultRoles[].deletedAt

Object

true

defaultRoles[].deletedBy

String

true

defaultRoles[].deleted

Boolean

true

active

Boolean

true

mfaProvider

String

true

Must be one of [None, GoogleAuthenticator].

createdAt

Object

true

updatedAt

Object

true

deletedBy

String

true

deletedAt

Object

true

deleted

Boolean

true

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/organizations' -i -X GET

Example response

HTTP/1.1 200 OK
Link: <https://gateway.netFoundry.io/identity/v1/organizations?page=1>; rel="next", <https://gateway.netFoundry.io/identity/v1/organizations?page=1>; rel="last"
Content-Type: application/json
Content-Length: 2910

[ {
  "id" : "049765cb-668a-47f5-b359-863b08ae1572",
  "realmId" : "2d3d56ae-26c7-40c2-9b31-8ad91b2173a5",
  "name" : "World Wide Imports",
  "label" : "WW-Imports-111",
  "identityProviders" : [ {
    "id" : "c1bf84a5-545b-48be-94b0-34a4bb4ca960",
    "organizationId" : "049765cb-668a-47f5-b359-863b08ae1572",
    "auth0ConnectionId" : "auth0-opaque-connectionId-112",
    "name" : "Username/Password",
    "auth0ConnectionType" : "Database",
    "active" : true,
    "createdAt" : {
      "nano" : 341657000,
      "epochSecond" : 1757551716
    },
    "updatedAt" : null,
    "deletedAt" : null
  } ],
  "defaultRoles" : [ ],
  "active" : true,
  "mfaProvider" : null,
  "createdAt" : {
    "nano" : 339697000,
    "epochSecond" : 1757551716
  },
  "updatedAt" : null,
  "deletedBy" : null,
  "deletedAt" : null,
  "deleted" : false
}, {
  "id" : "2696c433-b35c-4ed9-b2e6-18d82c09a7e1",
  "realmId" : "2d3d56ae-26c7-40c2-9b31-8ad91b2173a5",
  "name" : "World Wide Imports",
  "label" : "WW-Imports-206",
  "identityProviders" : [ {
    "id" : "1d6d18e6-7100-4038-a4d5-f035cbf19e83",
    "organizationId" : "2696c433-b35c-4ed9-b2e6-18d82c09a7e1",
    "auth0ConnectionId" : "auth0-opaque-connectionId-207",
    "name" : "Username/Password",
    "auth0ConnectionType" : "Database",
    "active" : true,
    "createdAt" : {
      "nano" : 79113000,
      "epochSecond" : 1757551719
    },
    "updatedAt" : null,
    "deletedAt" : null
  } ],
  "defaultRoles" : [ ],
  "active" : true,
  "mfaProvider" : null,
  "createdAt" : {
    "nano" : 76711000,
    "epochSecond" : 1757551719
  },
  "updatedAt" : null,
  "deletedBy" : null,
  "deletedAt" : null,
  "deleted" : false
}, {
  "id" : "28f6a37f-9837-4736-8c41-206d6b5e2fc4",
  "realmId" : "2d3d56ae-26c7-40c2-9b31-8ad91b2173a5",
  "name" : "World Wide Imports",
  "label" : "WW-Imports-214",
  "identityProviders" : [ {
    "id" : "bac8aa46-6373-407a-af58-910813819cfd",
    "organizationId" : "28f6a37f-9837-4736-8c41-206d6b5e2fc4",
    "auth0ConnectionId" : "auth0-opaque-connection",
    "name" : "Corp SAML",
    "auth0ConnectionType" : "Enterprise",
    "active" : true,
    "createdAt" : {
      "nano" : 351471000,
      "epochSecond" : 1757551719
    },
    "updatedAt" : null,
    "deletedAt" : null
  }, {
    "id" : "b6ed792a-d51d-4157-bb44-9a7ab68836a6",
    "organizationId" : "28f6a37f-9837-4736-8c41-206d6b5e2fc4",
    "auth0ConnectionId" : "auth0-opaque-connectionId-215",
    "name" : "Username/Password",
    "auth0ConnectionType" : "Database",
    "active" : true,
    "createdAt" : {
      "nano" : 327693000,
      "epochSecond" : 1757551719
    },
    "updatedAt" : null,
    "deletedAt" : null
  } ],
  "defaultRoles" : [ ],
  "active" : true,
  "mfaProvider" : null,
  "createdAt" : {
    "nano" : 325918000,
    "epochSecond" : 1757551719
  },
  "updatedAt" : null,
  "deletedBy" : null,
  "deletedAt" : null,
  "deleted" : false
} ]

Get Organization By Self

GET /organizations/self

Authorization

This endpoint requires:

  • read action on this organization resource.

Response fields

Path Type Optional Description

id

String

true

realmId

String

true

name

String

true

label

String

true

identityProviders

Array[Object]

true

identityProviders[].id

String

true

identityProviders[].organizationId

String

true

identityProviders[].auth0ConnectionId

String

true

identityProviders[].name

String

true

identityProviders[].auth0ConnectionType

String

true

Must be one of [Database, Social, Enterprise, Passwordless].

identityProviders[].active

Boolean

true

identityProviders[].createdAt

Object

true

identityProviders[].updatedAt

Object

true

identityProviders[].deletedAt

Object

true

defaultRoles

Array[Object]

true

defaultRoles[].id

String

true

defaultRoles[].organizationId

String

true

defaultRoles[].name

String

true

defaultRoles[].roleType

String

true

Must be one of [Standard, Custom].

defaultRoles[].roleId

String

true

defaultRoles[].createdBy

String

true

defaultRoles[].createdAt

Object

true

defaultRoles[].deletedAt

Object

true

defaultRoles[].deletedBy

String

true

defaultRoles[].deleted

Boolean

true

active

Boolean

true

mfaProvider

String

true

Must be one of [None, GoogleAuthenticator].

createdAt

Object

true

updatedAt

Object

true

deletedBy

String

true

deletedAt

Object

true

deleted

Boolean

true

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/organizations/self' -i -X GET

Example response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 2220

{
  "id" : "3d4f586f-b1fe-4b18-9f66-1b3447c4a2a0",
  "realmId" : "2b551792-324e-4200-ab38-3d17f27ac13d",
  "name" : "ACME International, Inc.",
  "label" : "ACME-2",
  "identityProviders" : [ {
    "id" : "ef0ff7b7-017b-4a3a-b505-351f3952ee41",
    "organizationId" : "3d4f586f-b1fe-4b18-9f66-1b3447c4a2a0",
    "auth0ConnectionId" : "auth0-opaque-connectionId-4",
    "name" : "Google-Account",
    "auth0ConnectionType" : "Social",
    "active" : true,
    "createdAt" : {
      "nano" : 403711000,
      "epochSecond" : 1757551666
    },
    "updatedAt" : null,
    "deletedAt" : null
  }, {
    "id" : "15921b28-2e4d-4926-a2da-fcf58b072b7b",
    "organizationId" : "3d4f586f-b1fe-4b18-9f66-1b3447c4a2a0",
    "auth0ConnectionId" : "auth0-opaque-connectionId-3",
    "name" : "ACME Federated Active Directory",
    "auth0ConnectionType" : "Enterprise",
    "active" : true,
    "createdAt" : {
      "nano" : 395135000,
      "epochSecond" : 1757551666
    },
    "updatedAt" : null,
    "deletedAt" : null
  } ],
  "defaultRoles" : [ {
    "id" : "1c5e23b4-96bb-4c55-847e-935dfdbc3abc",
    "organizationId" : "3d4f586f-b1fe-4b18-9f66-1b3447c4a2a0",
    "name" : "Standard Role - c6d821bd-8969-4ea4-9327-1b04db66e77f",
    "roleType" : "Standard",
    "roleId" : "c6d821bd-8969-4ea4-9327-1b04db66e77f",
    "createdBy" : "d380be12-4cc3-4f75-bdb5-f1a0eb0e9971",
    "createdAt" : {
      "nano" : 634000000,
      "epochSecond" : 1757551666
    },
    "deletedAt" : null,
    "deletedBy" : null,
    "deleted" : false
  }, {
    "id" : "f804ab11-c3dc-43e4-99c9-de6a00f61f52",
    "organizationId" : "3d4f586f-b1fe-4b18-9f66-1b3447c4a2a0",
    "name" : "Custom Role - 9813f593-c70a-4577-b3ff-dd73e042952b",
    "roleType" : "Custom",
    "roleId" : "9813f593-c70a-4577-b3ff-dd73e042952b",
    "createdBy" : "59268b7b-448b-4401-b6d5-6fb6c2aae2f4",
    "createdAt" : {
      "nano" : 644440000,
      "epochSecond" : 1757551666
    },
    "deletedAt" : null,
    "deletedBy" : null,
    "deleted" : false
  } ],
  "active" : true,
  "mfaProvider" : null,
  "createdAt" : {
    "nano" : 391721000,
    "epochSecond" : 1757551666
  },
  "updatedAt" : null,
  "deletedBy" : null,
  "deletedAt" : null,
  "deleted" : false
}

Get Organization By Id

GET /organizations/{id:[a-fA-F0-9]{8}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{12}}

Authorization

This endpoint requires:

  • read action on this organization resource.

Path parameters

Parameter Type Optional Description

id

Object

false

Response fields

Path Type Optional Description

id

String

true

realmId

String

true

name

String

true

label

String

true

identityProviders

Array[Object]

true

identityProviders[].id

String

true

identityProviders[].organizationId

String

true

identityProviders[].auth0ConnectionId

String

true

identityProviders[].name

String

true

identityProviders[].auth0ConnectionType

String

true

Must be one of [Database, Social, Enterprise, Passwordless].

identityProviders[].active

Boolean

true

identityProviders[].createdAt

Object

true

identityProviders[].updatedAt

Object

true

identityProviders[].deletedAt

Object

true

defaultRoles

Array[Object]

true

defaultRoles[].id

String

true

defaultRoles[].organizationId

String

true

defaultRoles[].name

String

true

defaultRoles[].roleType

String

true

Must be one of [Standard, Custom].

defaultRoles[].roleId

String

true

defaultRoles[].createdBy

String

true

defaultRoles[].createdAt

Object

true

defaultRoles[].deletedAt

Object

true

defaultRoles[].deletedBy

String

true

defaultRoles[].deleted

Boolean

true

active

Boolean

true

mfaProvider

String

true

Must be one of [None, GoogleAuthenticator].

createdAt

Object

true

updatedAt

Object

true

deletedBy

String

true

deletedAt

Object

true

deleted

Boolean

true

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/organizations/3d4f586f-b1fe-4b18-9f66-1b3447c4a2a0' -i -X GET

Example response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 2220

{
  "id" : "3d4f586f-b1fe-4b18-9f66-1b3447c4a2a0",
  "realmId" : "2b551792-324e-4200-ab38-3d17f27ac13d",
  "name" : "ACME International, Inc.",
  "label" : "ACME-2",
  "identityProviders" : [ {
    "id" : "ef0ff7b7-017b-4a3a-b505-351f3952ee41",
    "organizationId" : "3d4f586f-b1fe-4b18-9f66-1b3447c4a2a0",
    "auth0ConnectionId" : "auth0-opaque-connectionId-4",
    "name" : "Google-Account",
    "auth0ConnectionType" : "Social",
    "active" : true,
    "createdAt" : {
      "nano" : 403711000,
      "epochSecond" : 1757551666
    },
    "updatedAt" : null,
    "deletedAt" : null
  }, {
    "id" : "15921b28-2e4d-4926-a2da-fcf58b072b7b",
    "organizationId" : "3d4f586f-b1fe-4b18-9f66-1b3447c4a2a0",
    "auth0ConnectionId" : "auth0-opaque-connectionId-3",
    "name" : "ACME Federated Active Directory",
    "auth0ConnectionType" : "Enterprise",
    "active" : true,
    "createdAt" : {
      "nano" : 395135000,
      "epochSecond" : 1757551666
    },
    "updatedAt" : null,
    "deletedAt" : null
  } ],
  "defaultRoles" : [ {
    "id" : "1c5e23b4-96bb-4c55-847e-935dfdbc3abc",
    "organizationId" : "3d4f586f-b1fe-4b18-9f66-1b3447c4a2a0",
    "name" : "Standard Role - c6d821bd-8969-4ea4-9327-1b04db66e77f",
    "roleType" : "Standard",
    "roleId" : "c6d821bd-8969-4ea4-9327-1b04db66e77f",
    "createdBy" : "d380be12-4cc3-4f75-bdb5-f1a0eb0e9971",
    "createdAt" : {
      "nano" : 634000000,
      "epochSecond" : 1757551666
    },
    "deletedAt" : null,
    "deletedBy" : null,
    "deleted" : false
  }, {
    "id" : "f804ab11-c3dc-43e4-99c9-de6a00f61f52",
    "organizationId" : "3d4f586f-b1fe-4b18-9f66-1b3447c4a2a0",
    "name" : "Custom Role - 9813f593-c70a-4577-b3ff-dd73e042952b",
    "roleType" : "Custom",
    "roleId" : "9813f593-c70a-4577-b3ff-dd73e042952b",
    "createdBy" : "59268b7b-448b-4401-b6d5-6fb6c2aae2f4",
    "createdAt" : {
      "nano" : 644440000,
      "epochSecond" : 1757551666
    },
    "deletedAt" : null,
    "deletedBy" : null,
    "deleted" : false
  } ],
  "active" : true,
  "mfaProvider" : null,
  "createdAt" : {
    "nano" : 391721000,
    "epochSecond" : 1757551666
  },
  "updatedAt" : null,
  "deletedBy" : null,
  "deletedAt" : null,
  "deleted" : false
}

Get Organization By Label

GET /organizations/label/{label:[a-zA-Z0-9]+[-a-zA-Z0-9]{1,62}}

Authorization

This endpoint requires:

  • read action on this organization resource.

Path parameters

Parameter Type Optional Description

label

String

false

Query parameters

Parameter Type Optional Description

realm

String

true

Response fields

Path Type Optional Description

id

String

true

realmId

String

true

name

String

true

label

String

true

active

Boolean

true

identityProviders

Array[Object]

true

identityProviders[].id

String

true

identityProviders[].organizationId

String

true

identityProviders[].auth0ConnectionId

String

true

identityProviders[].name

String

true

identityProviders[].auth0ConnectionType

String

true

Must be one of [Database, Social, Enterprise, Passwordless].

identityProviders[].active

Boolean

true

identityProviders[].createdAt

Object

true

identityProviders[].updatedAt

Object

true

identityProviders[].deletedAt

Object

true

mfaProvider

String

true

Must be one of [None, GoogleAuthenticator].

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/organizations/label/ACME-2' -i -X GET

Example response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 1060

{
  "id" : "3d4f586f-b1fe-4b18-9f66-1b3447c4a2a0",
  "realmId" : "2b551792-324e-4200-ab38-3d17f27ac13d",
  "name" : "ACME International, Inc.",
  "label" : "ACME-2",
  "active" : true,
  "identityProviders" : [ {
    "id" : "ef0ff7b7-017b-4a3a-b505-351f3952ee41",
    "organizationId" : "3d4f586f-b1fe-4b18-9f66-1b3447c4a2a0",
    "auth0ConnectionId" : "auth0-opaque-connectionId-4",
    "name" : "Google-Account",
    "auth0ConnectionType" : "Social",
    "active" : true,
    "createdAt" : {
      "nano" : 403711000,
      "epochSecond" : 1757551666
    },
    "updatedAt" : null,
    "deletedAt" : null
  }, {
    "id" : "15921b28-2e4d-4926-a2da-fcf58b072b7b",
    "organizationId" : "3d4f586f-b1fe-4b18-9f66-1b3447c4a2a0",
    "auth0ConnectionId" : "auth0-opaque-connectionId-3",
    "name" : "ACME Federated Active Directory",
    "auth0ConnectionType" : "Enterprise",
    "active" : true,
    "createdAt" : {
      "nano" : 395135000,
      "epochSecond" : 1757551666
    },
    "updatedAt" : null,
    "deletedAt" : null
  } ],
  "mfaProvider" : null
}

Create Organization

POST /organizations

Authorization

This endpoint requires:

  • create action on this organization resource.

Request fields

Path Type Optional Description

realmId

String

true

name

String

true

label

String

true

auth0ConnectionId

String

true

identityProviderName

String

true

auth0ConnectionType

String

true

Must be one of [Database, Social, Enterprise, Passwordless].

Response fields

Path Type Optional Description

id

String

true

realmId

String

true

name

String

true

label

String

true

identityProviders

Array[Object]

true

identityProviders[].id

String

true

identityProviders[].organizationId

String

true

identityProviders[].auth0ConnectionId

String

true

identityProviders[].name

String

true

identityProviders[].auth0ConnectionType

String

true

Must be one of [Database, Social, Enterprise, Passwordless].

identityProviders[].active

Boolean

true

identityProviders[].createdAt

Object

true

identityProviders[].updatedAt

Object

true

identityProviders[].deletedAt

Object

true

defaultRoles

Array[Object]

true

defaultRoles[].id

String

true

defaultRoles[].organizationId

String

true

defaultRoles[].name

String

true

defaultRoles[].roleType

String

true

Must be one of [Standard, Custom].

defaultRoles[].roleId

String

true

defaultRoles[].createdBy

String

true

defaultRoles[].createdAt

Object

true

defaultRoles[].deletedAt

Object

true

defaultRoles[].deletedBy

String

true

defaultRoles[].deleted

Boolean

true

active

Boolean

true

mfaProvider

String

true

Must be one of [None, GoogleAuthenticator].

createdAt

Object

true

updatedAt

Object

true

deletedBy

String

true

deletedAt

Object

true

deleted

Boolean

true

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/organizations' -i -X POST \
    -H 'Content-Type: application/json' \
    -d '{
  "realmId" : "ec7c84f6-a382-4c54-a556-631447ff9a45",
  "name" : "Best Corp.",
  "label" : "BEST-CORP",
  "auth0ConnectionId" : "auth0-opaque-connection",
  "identityProviderName" : "Corp SAML",
  "auth0ConnectionType" : "Enterprise"
}'

Example response

HTTP/1.1 201 Created
Content-Type: application/json
Content-Length: 812

{
  "id" : "1a5302ef-14e9-4321-9366-b67a4d98166b",
  "realmId" : "ec7c84f6-a382-4c54-a556-631447ff9a45",
  "name" : "Best Corp.",
  "label" : "BEST-CORP",
  "identityProviders" : [ {
    "id" : "148c060f-8609-43f7-82ba-50f27dbd3f17",
    "organizationId" : "1a5302ef-14e9-4321-9366-b67a4d98166b",
    "auth0ConnectionId" : "auth0-opaque-connection",
    "name" : "Best Corp.",
    "auth0ConnectionType" : "Enterprise",
    "active" : true,
    "createdAt" : {
      "nano" : 679344000,
      "epochSecond" : 1757551723
    },
    "updatedAt" : null,
    "deletedAt" : null
  } ],
  "defaultRoles" : [ ],
  "active" : true,
  "mfaProvider" : null,
  "createdAt" : {
    "nano" : 678315000,
    "epochSecond" : 1757551723
  },
  "updatedAt" : null,
  "deletedBy" : null,
  "deletedAt" : null,
  "deleted" : false
}

Activate Or Deactivate Organization

PUT /organizations/{id}/{action:activate|deactivate}

Authorization

This endpoint requires:

  • update-active action on this organization resource.

Path parameters

Parameter Type Optional Description

id

Object

false

action

String

false

Response fields

Path Type Optional Description

id

String

true

realmId

String

true

name

String

true

label

String

true

identityProviders

Array[Object]

true

identityProviders[].id

String

true

identityProviders[].organizationId

String

true

identityProviders[].auth0ConnectionId

String

true

identityProviders[].name

String

true

identityProviders[].auth0ConnectionType

String

true

Must be one of [Database, Social, Enterprise, Passwordless].

identityProviders[].active

Boolean

true

identityProviders[].createdAt

Object

true

identityProviders[].updatedAt

Object

true

identityProviders[].deletedAt

Object

true

defaultRoles

Array[Object]

true

defaultRoles[].id

String

true

defaultRoles[].organizationId

String

true

defaultRoles[].name

String

true

defaultRoles[].roleType

String

true

Must be one of [Standard, Custom].

defaultRoles[].roleId

String

true

defaultRoles[].createdBy

String

true

defaultRoles[].createdAt

Object

true

defaultRoles[].deletedAt

Object

true

defaultRoles[].deletedBy

String

true

defaultRoles[].deleted

Boolean

true

active

Boolean

true

mfaProvider

String

true

Must be one of [None, GoogleAuthenticator].

createdAt

Object

true

updatedAt

Object

true

deletedBy

String

true

deletedAt

Object

true

deleted

Boolean

true

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/organizations/4c5ea252-32c1-469a-8c78-156b603f6832/deactivate' -i -X PUT

Example response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 890

{
  "id" : "4c5ea252-32c1-469a-8c78-156b603f6832",
  "realmId" : "2d3d56ae-26c7-40c2-9b31-8ad91b2173a5",
  "name" : "World Wide Imports",
  "label" : "WW-Imports-272",
  "identityProviders" : [ {
    "id" : "13b09bc6-839c-46dd-ba94-5cca19b9e4c6",
    "organizationId" : "4c5ea252-32c1-469a-8c78-156b603f6832",
    "auth0ConnectionId" : "auth0-opaque-connectionId-273",
    "name" : "Username/Password",
    "auth0ConnectionType" : "Database",
    "active" : true,
    "createdAt" : {
      "nano" : 49298000,
      "epochSecond" : 1757551725
    },
    "updatedAt" : null,
    "deletedAt" : null
  } ],
  "defaultRoles" : [ ],
  "active" : false,
  "mfaProvider" : null,
  "createdAt" : {
    "nano" : 47877000,
    "epochSecond" : 1757551725
  },
  "updatedAt" : {
    "nano" : 63947000,
    "epochSecond" : 1757551725
  },
  "deletedBy" : null,
  "deletedAt" : null,
  "deleted" : false
}

Add Identity Provider

POST /organizations/{id}/identity-providers

Authorization

This endpoint requires:

  • create-identity-provider action on this organization resource.

Path parameters

Parameter Type Optional Description

id

Object

false

Request fields

Path Type Optional Description

auth0ConnectionId

String

true

identityProviderName

String

true

auth0ConnectionType

String

true

Must be one of [Database, Social, Enterprise, Passwordless].

Response fields

Path Type Optional Description

id

String

true

realmId

String

true

name

String

true

label

String

true

identityProviders

Array[Object]

true

identityProviders[].id

String

true

identityProviders[].organizationId

String

true

identityProviders[].auth0ConnectionId

String

true

identityProviders[].name

String

true

identityProviders[].auth0ConnectionType

String

true

Must be one of [Database, Social, Enterprise, Passwordless].

identityProviders[].active

Boolean

true

identityProviders[].createdAt

Object

true

identityProviders[].updatedAt

Object

true

identityProviders[].deletedAt

Object

true

defaultRoles

Array[Object]

true

defaultRoles[].id

String

true

defaultRoles[].organizationId

String

true

defaultRoles[].name

String

true

defaultRoles[].roleType

String

true

Must be one of [Standard, Custom].

defaultRoles[].roleId

String

true

defaultRoles[].createdBy

String

true

defaultRoles[].createdAt

Object

true

defaultRoles[].deletedAt

Object

true

defaultRoles[].deletedBy

String

true

defaultRoles[].deleted

Boolean

true

active

Boolean

true

mfaProvider

String

true

Must be one of [None, GoogleAuthenticator].

createdAt

Object

true

updatedAt

Object

true

deletedBy

String

true

deletedAt

Object

true

deleted

Boolean

true

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/organizations/235e0195-621b-4040-9e49-7250585a510f/identity-providers' -i -X POST \
    -H 'Content-Type: application/json' \
    -d '{
  "auth0ConnectionId" : "auth0-opaque-connection",
  "identityProviderName" : "Corp SAML",
  "auth0ConnectionType" : "Enterprise"
}'

Example response

HTTP/1.1 201 Created
Content-Type: application/json
Content-Length: 1232

{
  "id" : "235e0195-621b-4040-9e49-7250585a510f",
  "realmId" : "2d3d56ae-26c7-40c2-9b31-8ad91b2173a5",
  "name" : "World Wide Imports",
  "label" : "WW-Imports-268",
  "identityProviders" : [ {
    "id" : "86921d77-961a-4209-94da-580c0f62e647",
    "organizationId" : "235e0195-621b-4040-9e49-7250585a510f",
    "auth0ConnectionId" : "auth0-opaque-connectionId-269",
    "name" : "Username/Password",
    "auth0ConnectionType" : "Database",
    "active" : true,
    "createdAt" : {
      "nano" : 740587000,
      "epochSecond" : 1757551724
    },
    "updatedAt" : null,
    "deletedAt" : null
  }, {
    "id" : "98511a3d-9e61-4886-9623-449a0a1161a8",
    "organizationId" : "235e0195-621b-4040-9e49-7250585a510f",
    "auth0ConnectionId" : "auth0-opaque-connection",
    "name" : "Corp SAML",
    "auth0ConnectionType" : "Enterprise",
    "active" : true,
    "createdAt" : {
      "nano" : 788639000,
      "epochSecond" : 1757551724
    },
    "updatedAt" : null,
    "deletedAt" : null
  } ],
  "defaultRoles" : [ ],
  "active" : true,
  "mfaProvider" : null,
  "createdAt" : {
    "nano" : 729198000,
    "epochSecond" : 1757551724
  },
  "updatedAt" : null,
  "deletedBy" : null,
  "deletedAt" : null,
  "deleted" : false
}

OIDC Issuers

Find Oidc Issuers

GET /oidc-issuers

Authorization

This endpoint requires:

  • read action on this oidc-issuer resource.

Response fields

Standard paging response where content field is list of following objects:

Path Type Optional Description

id

String

true

issuer

String

true

jwksUri

String

true

active

Boolean

true

createdBy

String

true

createdAt

Object

true

deletedAt

Object

true

deletedBy

String

true

deleted

Boolean

true

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/oidc-issuers' -i -X GET

Example response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 1265

[ {
  "id" : "1c8efd5c-fe5e-4917-a580-60fc68e88264",
  "issuer" : "https://3a13bdc3-ab83-409d-8c71-4fc2addf3759.issuer.idp",
  "jwksUri" : "https://3a13bdc3-ab83-409d-8c71-4fc2addf3759.issuer.idp/jwks",
  "active" : true,
  "createdBy" : "cac2668d-3b30-4d0a-a3c7-b07c54eaaf2a",
  "createdAt" : {
    "nano" : 997258000,
    "epochSecond" : 1757551721
  },
  "deletedAt" : null,
  "deletedBy" : null,
  "deleted" : false
}, {
  "id" : "1e450096-5e26-41bd-bed0-3b24f29114ef",
  "issuer" : "https://e231bb25-e40a-4640-bb1d-f37171499255.issuer.idp",
  "jwksUri" : "https://e231bb25-e40a-4640-bb1d-f37171499255.issuer.idp/jwks",
  "active" : true,
  "createdBy" : "d5384809-5783-4305-9f4f-2ee5124c1534",
  "createdAt" : {
    "nano" : 894450000,
    "epochSecond" : 1757551721
  },
  "deletedAt" : null,
  "deletedBy" : null,
  "deleted" : false
}, {
  "id" : "4d5e459d-00b5-40ef-8066-74bcf9eb2944",
  "issuer" : "https://98a07cc1-ce07-40c4-a4e9-8741c07c4c64.issuer.idp",
  "jwksUri" : "https://98a07cc1-ce07-40c4-a4e9-8741c07c4c64.issuer.idp/jwks",
  "active" : true,
  "createdBy" : "dcf1e7e3-9f54-4a5f-9894-bf4a81543e52",
  "createdAt" : {
    "nano" : 274638000,
    "epochSecond" : 1757551721
  },
  "deletedAt" : null,
  "deletedBy" : null,
  "deleted" : false
} ]

Get Oidc Issuer

GET /oidc-issuers/{id}

Authorization

This endpoint requires:

  • read action on this oidc-issuer resource.

Path parameters

Parameter Type Optional Description

id

Object

false

Response fields

Path Type Optional Description

id

String

true

issuer

String

true

jwksUri

String

true

active

Boolean

true

createdBy

String

true

createdAt

Object

true

deletedAt

Object

true

deletedBy

String

true

deleted

Boolean

true

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/oidc-issuers/754484c3-a501-44e3-b4ed-4a906f0dc5d3' -i -X GET

Example response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 419

{
  "id" : "754484c3-a501-44e3-b4ed-4a906f0dc5d3",
  "issuer" : "https://7470bca3-1a1d-4f20-95dc-699ad71709a7.issuer.idp",
  "jwksUri" : "https://7470bca3-1a1d-4f20-95dc-699ad71709a7.issuer.idp/jwks",
  "active" : true,
  "createdBy" : "ea21cded-a445-4366-972a-1945463fd5ea",
  "createdAt" : {
    "nano" : 507014000,
    "epochSecond" : 1757551722
  },
  "deletedAt" : null,
  "deletedBy" : null,
  "deleted" : false
}

Create Oidc Issuer

POST /oidc-issuers

Authorization

This endpoint requires:

  • create action on this oidc-issuer resource.

Request fields

Path Type Optional Description

issuer

String

true

jwksUri

String

true

active

Boolean

true

Response fields

Path Type Optional Description

id

String

true

issuer

String

true

jwksUri

String

true

active

Boolean

true

createdBy

String

true

createdAt

Object

true

deletedAt

Object

true

deletedBy

String

true

deleted

Boolean

true

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/oidc-issuers' -i -X POST \
    -H 'Content-Type: application/json' \
    -d '{
  "issuer" : "https://c167c901-b417-47ff-ab9a-bc2a74871931.issuer.idp",
  "jwksUri" : "https://c167c901-b417-47ff-ab9a-bc2a74871931.issuer.idp/jwks",
  "active" : true
}'

Example response

HTTP/1.1 201 Created
Content-Type: application/json
Content-Length: 419

{
  "id" : "f0781e7f-d679-4873-83fb-4d4e873d1d5a",
  "issuer" : "https://c167c901-b417-47ff-ab9a-bc2a74871931.issuer.idp",
  "jwksUri" : "https://c167c901-b417-47ff-ab9a-bc2a74871931.issuer.idp/jwks",
  "active" : true,
  "createdBy" : "c4894bd9-42f2-4e43-a389-e632ad40f591",
  "createdAt" : {
    "nano" : 458586000,
    "epochSecond" : 1757551722
  },
  "deletedAt" : null,
  "deletedBy" : null,
  "deleted" : false
}

Update Oidc Issuer

PATCH /oidc-issuers/{id}

Authorization

This endpoint requires:

  • update action on this oidc-issuer resource.

Path parameters

Parameter Type Optional Description

id

Object

false

Request fields

Path Type Optional Description

issuer

String

true

jwksUri

String

true

active

Boolean

true

Response fields

Path Type Optional Description

id

String

true

issuer

String

true

jwksUri

String

true

active

Boolean

true

createdBy

String

true

createdAt

Object

true

deletedAt

Object

true

deletedBy

String

true

deleted

Boolean

true

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/oidc-issuers/11f82d83-7830-4349-89db-c03c3a4e4d12' -i -X PATCH \
    -H 'Content-Type: application/json' \
    -d '{
  "issuer" : "https://42ce7582-8ea1-4dd7-8aab-f8f1fd81ecee.issuer.idp",
  "jwksUri" : "https://42ce7582-8ea1-4dd7-8aab-f8f1fd81ecee.issuer.idp/jwks",
  "active" : false
}'

Example response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 420

{
  "id" : "11f82d83-7830-4349-89db-c03c3a4e4d12",
  "issuer" : "https://42ce7582-8ea1-4dd7-8aab-f8f1fd81ecee.issuer.idp",
  "jwksUri" : "https://42ce7582-8ea1-4dd7-8aab-f8f1fd81ecee.issuer.idp/jwks",
  "active" : false,
  "createdBy" : "d16c0882-1a8b-4f7f-bbb9-29be3ac427be",
  "createdAt" : {
    "nano" : 392036000,
    "epochSecond" : 1757551722
  },
  "deletedAt" : null,
  "deletedBy" : null,
  "deleted" : false
}

Delete Oidc Issuer

DELETE /oidc-issuers/{id}

Authorization

This endpoint requires:

  • delete action on this oidc-issuer resource.

Path parameters

Parameter Type Optional Description

id

Object

false

Response fields

Path Type Optional Description

id

String

true

issuer

String

true

jwksUri

String

true

active

Boolean

true

createdBy

String

true

createdAt

Object

true

deletedAt

Object

true

deletedBy

String

true

deleted

Boolean

true

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/oidc-issuers/6eb943eb-3cb7-44ab-a2a8-ba41291b6551' -i -X DELETE

Example response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 508

{
  "id" : "6eb943eb-3cb7-44ab-a2a8-ba41291b6551",
  "issuer" : "https://380984a2-b60d-4862-bf6d-21ee81f8d5f4.issuer.idp",
  "jwksUri" : "https://380984a2-b60d-4862-bf6d-21ee81f8d5f4.issuer.idp/jwks",
  "active" : true,
  "createdBy" : "27323bf5-9724-435a-9dc8-505521605123",
  "createdAt" : {
    "nano" : 561716000,
    "epochSecond" : 1757551722
  },
  "deletedAt" : {
    "nano" : 575595000,
    "epochSecond" : 1757551722
  },
  "deletedBy" : "f1f650d5-cb2a-41d7-8753-39ad7bd3ae7a",
  "deleted" : true
}

OIDC Public Clients

Find Oidc Public Clients

GET /oidc-public-clients

Authorization

This endpoint requires:

  • read action on this oidc-public-client resource.

Response fields

Standard paging response where content field is list of following objects:

Path Type Optional Description

id

String

true

oidcIssuerId

String

true

clientId

String

true

clientSecret

String

true

authorizationEndpoint

String

true

tokenEndpoint

String

true

userInfoEndpoint

String

true

restrictedToOrganizationIds

Array[Object]

true

active

Boolean

true

createdBy

String

true

createdAt

Object

true

deletedAt

Object

true

deletedBy

String

true

deleted

Boolean

true

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/oidc-public-clients' -i -X GET

Example response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 2070

[ {
  "id" : "290cc71d-cbd0-4c44-bf9e-a9d33a7314e6",
  "oidcIssuerId" : "fc221f2c-e97f-4994-a29e-afc26395f6b6",
  "clientId" : "{clientId}",
  "clientSecret" : "{clientSecret}",
  "authorizationEndpoint" : "https://{auth0-tenant}.auth0.com/authorize",
  "tokenEndpoint" : "https://{auth0-tenant}.auth0.com/oauth/token",
  "userInfoEndpoint" : "https://{auth0-tenant}.auth0.com/userinfo",
  "restrictedToOrganizationIds" : [ ],
  "active" : true,
  "createdBy" : "2b6f496d-36f1-4e66-a205-8abcf1d41d74",
  "createdAt" : {
    "nano" : 359899000,
    "epochSecond" : 1757551662
  },
  "deletedAt" : null,
  "deletedBy" : null,
  "deleted" : false
}, {
  "id" : "3513aed2-17a8-4309-9d35-c560da2249a2",
  "oidcIssuerId" : "dc980e98-4518-44a7-b407-7b4c56d26c35",
  "clientId" : "clientId-4fcca68c-8543-4018-af3e-bbfc289cb875",
  "clientSecret" : "clientSecret-b7718dfe-ea22-4609-8e5f-f054761b6b60",
  "authorizationEndpoint" : "https://361759e7-8a6e-4693-9004-27f0f739a4d0.issuer.idp/authorize",
  "tokenEndpoint" : "https://361759e7-8a6e-4693-9004-27f0f739a4d0.issuer.idp/token",
  "userInfoEndpoint" : "https://361759e7-8a6e-4693-9004-27f0f739a4d0.issuer.idp/userinfo",
  "restrictedToOrganizationIds" : [ ],
  "active" : true,
  "createdBy" : "3a076687-8ac7-4c68-b286-7901bcae8f8b",
  "createdAt" : {
    "nano" : 699853000,
    "epochSecond" : 1757551722
  },
  "deletedAt" : null,
  "deletedBy" : null,
  "deleted" : false
}, {
  "id" : "f4e6fcd0-1839-4566-8828-856e42b8f156",
  "oidcIssuerId" : "6c72dba0-a155-4804-9a70-89da12149793",
  "clientId" : "{clientId}",
  "clientSecret" : "{clientSecret}",
  "authorizationEndpoint" : "https://accounts.google.com/o/oauth2/v2/auth",
  "tokenEndpoint" : "https://oauth2.googleapis.com/token",
  "userInfoEndpoint" : "https://openidconnect.googleapis.com/v1/userinfo",
  "restrictedToOrganizationIds" : [ ],
  "active" : true,
  "createdBy" : "2b6f496d-36f1-4e66-a205-8abcf1d41d74",
  "createdAt" : {
    "nano" : 359899000,
    "epochSecond" : 1757551662
  },
  "deletedAt" : null,
  "deletedBy" : null,
  "deleted" : false
} ]

Get Oidc Public Client

GET /oidc-public-clients/{id}

Authorization

This endpoint requires:

  • read action on this oidc-public-client resource.

Path parameters

Parameter Type Optional Description

id

Object

false

Response fields

Path Type Optional Description

id

String

true

oidcIssuerId

String

true

clientId

String

true

clientSecret

String

true

authorizationEndpoint

String

true

tokenEndpoint

String

true

userInfoEndpoint

String

true

restrictedToOrganizationIds

Array[Object]

true

active

Boolean

true

createdBy

String

true

createdAt

Object

true

deletedAt

Object

true

deletedBy

String

true

deleted

Boolean

true

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/oidc-public-clients/e5e2be34-e7e1-43c9-9bce-dfb48292d168' -i -X GET

Example response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 776

{
  "id" : "e5e2be34-e7e1-43c9-9bce-dfb48292d168",
  "oidcIssuerId" : "76a5d302-8d18-4ef5-9524-25efdee50aba",
  "clientId" : "clientId-92120254-757c-4c49-b3a3-51f274d11a82",
  "clientSecret" : "clientSecret-2c7010b9-a824-4b88-89fe-2caca9d08587",
  "authorizationEndpoint" : "https://9d7ba020-60f6-4337-8d2a-0b6c64421450.issuer.idp/authorize",
  "tokenEndpoint" : "https://9d7ba020-60f6-4337-8d2a-0b6c64421450.issuer.idp/token",
  "userInfoEndpoint" : "https://9d7ba020-60f6-4337-8d2a-0b6c64421450.issuer.idp/userinfo",
  "restrictedToOrganizationIds" : [ ],
  "active" : true,
  "createdBy" : "c65f8867-00d0-4a73-b47c-2cd952c8dae6",
  "createdAt" : {
    "nano" : 260170000,
    "epochSecond" : 1757551723
  },
  "deletedAt" : null,
  "deletedBy" : null,
  "deleted" : false
}

Create Oidc Public Client

POST /oidc-public-clients

Authorization

This endpoint requires:

  • create action on this oidc-public-client resource.

Request fields

Path Type Optional Description

oidcIssuerId

String

true

clientId

String

true

clientSecret

String

true

authorizationEndpoint

String

true

tokenEndpoint

String

true

userInfoEndpoint

String

true

restrictedToOrganizationIds

Array[Object]

true

active

Boolean

true

Response fields

Path Type Optional Description

id

String

true

oidcIssuerId

String

true

clientId

String

true

clientSecret

String

true

authorizationEndpoint

String

true

tokenEndpoint

String

true

userInfoEndpoint

String

true

restrictedToOrganizationIds

Array[Object]

true

active

Boolean

true

createdBy

String

true

createdAt

Object

true

deletedAt

Object

true

deletedBy

String

true

deleted

Boolean

true

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/oidc-public-clients' -i -X POST \
    -H 'Content-Type: application/json' \
    -d '{
  "oidcIssuerId" : "f44e5751-83a5-4e12-a73e-6f3376d9f651",
  "clientId" : "clientId-7af3df09-bac3-4125-9360-ee362380f0a3",
  "clientSecret" : "clientSecret-1cb0c816-7299-4bed-b1be-388a3f9794f1",
  "authorizationEndpoint" : "https://b6ecc3f3-ede6-4f22-868e-19b9276cfe4b.issuer.idp/authorize",
  "tokenEndpoint" : "https://b6ecc3f3-ede6-4f22-868e-19b9276cfe4b.issuer.idp/token",
  "userInfoEndpoint" : "https://b6ecc3f3-ede6-4f22-868e-19b9276cfe4b.issuer.idp/userinfo",
  "restrictedToOrganizationIds" : [ ],
  "active" : true
}'

Example response

HTTP/1.1 201 Created
Content-Type: application/json
Content-Length: 776

{
  "id" : "0faa65be-6691-4d83-9779-448d1420afe4",
  "oidcIssuerId" : "f44e5751-83a5-4e12-a73e-6f3376d9f651",
  "clientId" : "clientId-7af3df09-bac3-4125-9360-ee362380f0a3",
  "clientSecret" : "clientSecret-1cb0c816-7299-4bed-b1be-388a3f9794f1",
  "authorizationEndpoint" : "https://b6ecc3f3-ede6-4f22-868e-19b9276cfe4b.issuer.idp/authorize",
  "tokenEndpoint" : "https://b6ecc3f3-ede6-4f22-868e-19b9276cfe4b.issuer.idp/token",
  "userInfoEndpoint" : "https://b6ecc3f3-ede6-4f22-868e-19b9276cfe4b.issuer.idp/userinfo",
  "restrictedToOrganizationIds" : [ ],
  "active" : true,
  "createdBy" : "56fc2f6c-d59a-4913-a21f-e662475de073",
  "createdAt" : {
    "nano" : 180725000,
    "epochSecond" : 1757551723
  },
  "deletedAt" : null,
  "deletedBy" : null,
  "deleted" : false
}

Update Oidc Public Client

PATCH /oidc-public-clients/{id}

Authorization

This endpoint requires:

  • update action on this oidc-public-client resource.

Path parameters

Parameter Type Optional Description

id

Object

false

Request fields

Path Type Optional Description

clientId

String

true

clientSecret

String

true

authorizationEndpoint

String

true

tokenEndpoint

String

true

userInfoEndpoint

String

true

restrictedToOrganizationIds

Array[Object]

true

active

Boolean

true

Response fields

Path Type Optional Description

id

String

true

oidcIssuerId

String

true

clientId

String

true

clientSecret

String

true

authorizationEndpoint

String

true

tokenEndpoint

String

true

userInfoEndpoint

String

true

restrictedToOrganizationIds

Array[Object]

true

active

Boolean

true

createdBy

String

true

createdAt

Object

true

deletedAt

Object

true

deletedBy

String

true

deleted

Boolean

true

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/oidc-public-clients/e40f19c7-8739-4b9c-b252-1f90b9e9e9a3' -i -X PATCH \
    -H 'Content-Type: application/json' \
    -d '{
  "clientId" : "clientId-b88d174b-067c-483d-96a7-e8f10f2e575b",
  "clientSecret" : "clientSecret-8f096ec1-ef99-4a64-94e4-34371511a377",
  "authorizationEndpoint" : "https://ea4d8e7f-04aa-4700-b244-6bd5eebbefe9.issuer.idp/authorize",
  "tokenEndpoint" : "https://ea4d8e7f-04aa-4700-b244-6bd5eebbefe9.issuer.idp/token",
  "userInfoEndpoint" : "https://ea4d8e7f-04aa-4700-b244-6bd5eebbefe9.issuer.idp/userinfo",
  "restrictedToOrganizationIds" : [ ],
  "active" : false
}'

Example response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 776

{
  "id" : "e40f19c7-8739-4b9c-b252-1f90b9e9e9a3",
  "oidcIssuerId" : "d3d2908a-df9a-4f30-9e0c-f929df450f76",
  "clientId" : "clientId-b88d174b-067c-483d-96a7-e8f10f2e575b",
  "clientSecret" : "clientSecret-8f096ec1-ef99-4a64-94e4-34371511a377",
  "authorizationEndpoint" : "https://ea4d8e7f-04aa-4700-b244-6bd5eebbefe9.issuer.idp/authorize",
  "tokenEndpoint" : "https://ea4d8e7f-04aa-4700-b244-6bd5eebbefe9.issuer.idp/token",
  "userInfoEndpoint" : "https://ea4d8e7f-04aa-4700-b244-6bd5eebbefe9.issuer.idp/userinfo",
  "restrictedToOrganizationIds" : [ ],
  "active" : false,
  "createdBy" : "87ca98e5-8f49-4a2b-8579-7d71d7b32fec",
  "createdAt" : {
    "nano" : 48009000,
    "epochSecond" : 1757551723
  },
  "deletedAt" : null,
  "deletedBy" : null,
  "deleted" : false
}

Delete Oidc Public Client

DELETE /oidc-public-clients/{id}

Authorization

This endpoint requires:

  • delete action on this oidc-public-client resource.

Path parameters

Parameter Type Optional Description

id

Object

false

Response fields

Path Type Optional Description

id

String

true

oidcIssuerId

String

true

clientId

String

true

clientSecret

String

true

authorizationEndpoint

String

true

tokenEndpoint

String

true

userInfoEndpoint

String

true

restrictedToOrganizationIds

Array[Object]

true

active

Boolean

true

createdBy

String

true

createdAt

Object

true

deletedAt

Object

true

deletedBy

String

true

deleted

Boolean

true

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/oidc-public-clients/666bef62-28de-414d-b32f-fc51e979a684' -i -X DELETE

Example response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 865

{
  "id" : "666bef62-28de-414d-b32f-fc51e979a684",
  "oidcIssuerId" : "0f4a24ae-e0e6-446a-ab12-72bfe6b5cce3",
  "clientId" : "clientId-4812f666-40b4-4542-a872-ed10cd9b8599",
  "clientSecret" : "clientSecret-b4783954-f58d-45be-999b-2a23c2a4d4eb",
  "authorizationEndpoint" : "https://e572dd6f-5772-4440-8c6c-c59825bd1cda.issuer.idp/authorize",
  "tokenEndpoint" : "https://e572dd6f-5772-4440-8c6c-c59825bd1cda.issuer.idp/token",
  "userInfoEndpoint" : "https://e572dd6f-5772-4440-8c6c-c59825bd1cda.issuer.idp/userinfo",
  "restrictedToOrganizationIds" : [ ],
  "active" : true,
  "createdBy" : "b8f761b3-b365-40cb-aea1-20161d5316ce",
  "createdAt" : {
    "nano" : 317971000,
    "epochSecond" : 1757551723
  },
  "deletedAt" : {
    "nano" : 328558000,
    "epochSecond" : 1757551723
  },
  "deletedBy" : "7e6b981d-7524-4502-afa5-01fa04f6610f",
  "deleted" : true
}

Organization to OIDC Public Client Mappings

Find Organization Oidc Public Client Mappings

GET /organization-oidc-public-client-mappings

Authorization

This endpoint requires:

  • read action on this organization-oidc-public-client-mapping resource.

Response fields

Standard paging response where content field is list of following objects:

Path Type Optional Description

id

String

true

organizationId

String

true

oidcPublicClientId

String

true

name

String

true

active

Boolean

true

customQueryParameters

String

true

createdBy

String

true

createdAt

Object

true

deletedAt

Object

true

deletedBy

String

true

deleted

Boolean

true

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/organization-oidc-public-client-mappings' -i -X GET

Example response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 1597

[ {
  "id" : "2cd7d763-cb1a-4f02-9a94-701cc944ee0e",
  "organizationId" : "95068bb0-864b-4930-b06e-9acf4957c826",
  "oidcPublicClientId" : "290cc71d-cbd0-4c44-bf9e-a9d33a7314e6",
  "name" : "NetFoundry Google Account",
  "active" : true,
  "customQueryParameters" : "{\"audience\": \"https://gateway.{env}.netfoundry.io/\", \"connection\": \"google-oauth2\"}",
  "createdBy" : "2b6f496d-36f1-4e66-a205-8abcf1d41d74",
  "createdAt" : {
    "nano" : 39871000,
    "epochSecond" : 1757551662
  },
  "deletedAt" : null,
  "deletedBy" : null,
  "deleted" : false
}, {
  "id" : "4358acdb-a8d2-4959-a7bf-4ba262f9bfbc",
  "organizationId" : "f86122fb-316b-4427-8c38-248165bf4504",
  "oidcPublicClientId" : "290cc71d-cbd0-4c44-bf9e-a9d33a7314e6",
  "name" : "NFSUPPORT Google Account",
  "active" : true,
  "customQueryParameters" : "{\"audience\": \"https://gateway.{env}.netfoundry.io/\", \"connection\": \"google-oauth2\"}",
  "createdBy" : "2b6f496d-36f1-4e66-a205-8abcf1d41d74",
  "createdAt" : {
    "nano" : 900379000,
    "epochSecond" : 1757551661
  },
  "deletedAt" : null,
  "deletedBy" : null,
  "deleted" : false
}, {
  "id" : "5d01d098-ec99-4ff4-94c3-1928f8421192",
  "organizationId" : "3d4f586f-b1fe-4b18-9f66-1b3447c4a2a0",
  "oidcPublicClientId" : "290cc71d-cbd0-4c44-bf9e-a9d33a7314e6",
  "name" : "ACME Federated Active Directory",
  "active" : true,
  "customQueryParameters" : "{}",
  "createdBy" : "d8043a03-8a24-41d4-ab50-b248194876a3",
  "createdAt" : {
    "nano" : 608430000,
    "epochSecond" : 1757551666
  },
  "deletedAt" : null,
  "deletedBy" : null,
  "deleted" : false
} ]

Get Organization Oidc Public Client Mapping

GET /organization-oidc-public-client-mappings/{id}

Authorization

This endpoint requires:

  • read action on this organization-oidc-public-client-mapping resource.

Path parameters

Parameter Type Optional Description

id

Object

false

Response fields

Path Type Optional Description

id

String

true

organizationId

String

true

oidcPublicClientId

String

true

name

String

true

active

Boolean

true

customQueryParameters

String

true

createdBy

String

true

createdAt

Object

true

deletedAt

Object

true

deletedBy

String

true

deleted

Boolean

true

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/organization-oidc-public-client-mappings/2926a0bc-0519-4444-8aa7-805345ab4e0e' -i -X GET

Example response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 495

{
  "id" : "2926a0bc-0519-4444-8aa7-805345ab4e0e",
  "organizationId" : "75674098-1118-4d78-8f69-16b5b72e3655",
  "oidcPublicClientId" : "10643a72-b81d-4639-89f7-97e1611cc886",
  "name" : "console-client-bd8117a8-8eb7-484c-a807-2aacba12b213",
  "active" : true,
  "customQueryParameters" : "{}",
  "createdBy" : "c4005325-741d-4611-a40d-066c84c1efa8",
  "createdAt" : {
    "nano" : 891066000,
    "epochSecond" : 1757551725
  },
  "deletedAt" : null,
  "deletedBy" : null,
  "deleted" : false
}

Create Organization Oidc Public Client Mapping

POST /organization-oidc-public-client-mappings

Authorization

This endpoint requires:

  • create action on this organization-oidc-public-client-mapping resource.

  • read action on the oidc-public-client resource identified by the oidcPublicClientId property.

Request fields

Path Type Optional Description

organizationId

String

true

oidcPublicClientId

String

true

name

String

true

active

Boolean

true

customQueryParameters

String

true

Response fields

Path Type Optional Description

id

String

true

organizationId

String

true

oidcPublicClientId

String

true

name

String

true

active

Boolean

true

customQueryParameters

String

true

createdBy

String

true

createdAt

Object

true

deletedAt

Object

true

deletedBy

String

true

deleted

Boolean

true

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/organization-oidc-public-client-mappings' -i -X POST \
    -H 'Content-Type: application/json' \
    -d '{
  "organizationId" : "b5646f2d-be6f-4716-8c3a-aabac6c38e0f",
  "oidcPublicClientId" : "67c63d99-fccd-4689-9863-79c9cb178c9a",
  "name" : "console-client-98e9fa87-cfbf-4274-b940-5bbfe84343ed",
  "active" : true,
  "customQueryParameters" : "{}"
}'

Example response

HTTP/1.1 201 Created
Content-Type: application/json
Content-Length: 495

{
  "id" : "d3d2f894-b0c7-48d7-a308-a5d66a2bbcb5",
  "organizationId" : "b5646f2d-be6f-4716-8c3a-aabac6c38e0f",
  "oidcPublicClientId" : "67c63d99-fccd-4689-9863-79c9cb178c9a",
  "name" : "console-client-98e9fa87-cfbf-4274-b940-5bbfe84343ed",
  "active" : true,
  "customQueryParameters" : "{}",
  "createdBy" : "2218d2ba-12eb-4bde-9a0d-6745c71d0014",
  "createdAt" : {
    "nano" : 826756000,
    "epochSecond" : 1757551725
  },
  "deletedAt" : null,
  "deletedBy" : null,
  "deleted" : false
}

Update Organization Oidc Public Client Mapping

PATCH /organization-oidc-public-client-mappings/{id}

Authorization

This endpoint requires:

  • update action on this organization-oidc-public-client-mapping resource.

Path parameters

Parameter Type Optional Description

id

Object

false

Request fields

Path Type Optional Description

name

String

true

active

Boolean

true

customQueryParameters

String

true

Response fields

Path Type Optional Description

id

String

true

organizationId

String

true

oidcPublicClientId

String

true

name

String

true

active

Boolean

true

customQueryParameters

String

true

createdBy

String

true

createdAt

Object

true

deletedAt

Object

true

deletedBy

String

true

deleted

Boolean

true

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/organization-oidc-public-client-mappings/de35c57e-853a-4bd0-bfeb-f416a02af6b2' -i -X PATCH \
    -H 'Content-Type: application/json' \
    -d '{
  "name" : "custom-client-6e32e293-135d-4ef5-8c6f-79df2704f2e0",
  "active" : true,
  "customQueryParameters" : "{}"
}'

Example response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 494

{
  "id" : "de35c57e-853a-4bd0-bfeb-f416a02af6b2",
  "organizationId" : "b1d2d39f-509b-404a-bebe-1c5d879bd597",
  "oidcPublicClientId" : "e1b2bd12-6141-4a2a-9cd3-de4ed46da0d0",
  "name" : "custom-client-6e32e293-135d-4ef5-8c6f-79df2704f2e0",
  "active" : true,
  "customQueryParameters" : "{}",
  "createdBy" : "0754cd85-4804-4db4-b133-ba29f6b69569",
  "createdAt" : {
    "nano" : 728058000,
    "epochSecond" : 1757551725
  },
  "deletedAt" : null,
  "deletedBy" : null,
  "deleted" : false
}

Delete Organization Oidc Public Client Mapping

DELETE /organization-oidc-public-client-mappings/{id}

Authorization

This endpoint requires:

  • delete action on this organization-oidc-public-client-mapping resource.

Path parameters

Parameter Type Optional Description

id

Object

false

Response fields

Path Type Optional Description

id

String

true

organizationId

String

true

oidcPublicClientId

String

true

name

String

true

active

Boolean

true

customQueryParameters

String

true

createdBy

String

true

createdAt

Object

true

deletedAt

Object

true

deletedBy

String

true

deleted

Boolean

true

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/organization-oidc-public-client-mappings/c1837325-1bae-4c7f-9066-7f565afd8c2b' -i -X DELETE

Example response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 543

{
  "id" : "c1837325-1bae-4c7f-9066-7f565afd8c2b",
  "organizationId" : "da857f58-2c2f-4713-bb7b-44f2b733ff85",
  "oidcPublicClientId" : "b249aec9-2315-47d7-9214-27836e0e47c7",
  "name" : "number two",
  "active" : true,
  "customQueryParameters" : "{}",
  "createdBy" : "39e4d24d-1e91-463c-a63f-b9d82723cc58",
  "createdAt" : {
    "nano" : 972930000,
    "epochSecond" : 1757551725
  },
  "deletedAt" : {
    "nano" : 994726000,
    "epochSecond" : 1757551725
  },
  "deletedBy" : "c72ea41c-7739-4a35-bf05-3f84d0e6ca03",
  "deleted" : true
}

OIDC Audiences

Find Oidc Audiences

GET /oidc-audiences

Authorization

This endpoint requires:

  • read action on this oidc-audience resource.

Response fields

Standard paging response where content field is list of following objects:

Path Type Optional Description

id

String

true

oidcIssuerId

String

true

audience

String

true

restrictedToOrganizationIds

Array[Object]

true

active

Boolean

true

createdBy

String

true

createdAt

Object

true

deletedAt

Object

true

deletedBy

String

true

deleted

Boolean

true

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/oidc-audiences' -i -X GET

Example response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 1282

[ {
  "id" : "6a4f65ad-9db8-4ea7-b404-1d5c5f85cbdf",
  "oidcIssuerId" : "fc221f2c-e97f-4994-a29e-afc26395f6b6",
  "audience" : "https://gateway.{env}.netfoundry.io/",
  "restrictedToOrganizationIds" : [ ],
  "active" : true,
  "createdBy" : "2b6f496d-36f1-4e66-a205-8abcf1d41d74",
  "createdAt" : {
    "nano" : 366517000,
    "epochSecond" : 1757551662
  },
  "deletedAt" : null,
  "deletedBy" : null,
  "deleted" : false
}, {
  "id" : "91f77684-b694-4833-8e1d-89994c222406",
  "oidcIssuerId" : "4d5e459d-00b5-40ef-8066-74bcf9eb2944",
  "audience" : "mop-aud-79b6231a-74b5-4405-8332-e3fc5b61484e",
  "restrictedToOrganizationIds" : [ ],
  "active" : true,
  "createdBy" : "55f8e95f-9fc1-4b5e-b2b0-80fc81ac1902",
  "createdAt" : {
    "nano" : 295104000,
    "epochSecond" : 1757551721
  },
  "deletedAt" : null,
  "deletedBy" : null,
  "deleted" : false
}, {
  "id" : "b71d8edd-6bf1-4ed3-84e8-f3b5fe82868f",
  "oidcIssuerId" : "6c72dba0-a155-4804-9a70-89da12149793",
  "audience" : "https://gateway.{env}.netfoundry.io/",
  "restrictedToOrganizationIds" : [ ],
  "active" : true,
  "createdBy" : "2b6f496d-36f1-4e66-a205-8abcf1d41d74",
  "createdAt" : {
    "nano" : 366517000,
    "epochSecond" : 1757551662
  },
  "deletedAt" : null,
  "deletedBy" : null,
  "deleted" : false
} ]

Get Oidc Audience

GET /oidc-audiences/{id}

Authorization

This endpoint requires:

  • read action on this oidc-audience resource.

Path parameters

Parameter Type Optional Description

id

Object

false

Response fields

Path Type Optional Description

id

String

true

oidcIssuerId

String

true

audience

String

true

restrictedToOrganizationIds

Array[Object]

true

active

Boolean

true

createdBy

String

true

createdAt

Object

true

deletedAt

Object

true

deletedBy

String

true

deleted

Boolean

true

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/oidc-audiences/1c6e91fa-5360-4c92-95e1-b5910a45aff9' -i -X GET

Example response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 430

{
  "id" : "1c6e91fa-5360-4c92-95e1-b5910a45aff9",
  "oidcIssuerId" : "1e450096-5e26-41bd-bed0-3b24f29114ef",
  "audience" : "mop-aud-82e17074-fd8d-4409-b966-2b087abed6f0",
  "restrictedToOrganizationIds" : [ ],
  "active" : true,
  "createdBy" : "a05cdf59-7b7e-4c8a-a41b-cd5791eb08e3",
  "createdAt" : {
    "nano" : 897445000,
    "epochSecond" : 1757551721
  },
  "deletedAt" : null,
  "deletedBy" : null,
  "deleted" : false
}

Create Oidc Audience

POST /oidc-audiences

Authorization

This endpoint requires:

  • create action on this oidc-audience resource.

Request fields

Path Type Optional Description

oidcIssuerId

String

true

audience

String

true

restrictedToOrganizationIds

Array[Object]

true

active

Boolean

true

Response fields

Path Type Optional Description

id

String

true

oidcIssuerId

String

true

audience

String

true

restrictedToOrganizationIds

Array[Object]

true

active

Boolean

true

createdBy

String

true

createdAt

Object

true

deletedAt

Object

true

deletedBy

String

true

deleted

Boolean

true

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/oidc-audiences' -i -X POST \
    -H 'Content-Type: application/json' \
    -d '{
  "oidcIssuerId" : "aa834ac0-41d2-40a5-b1e1-36d0cf0becac",
  "audience" : "mop-aud-146c675c-ebd1-43b4-9574-47f87f6503dc",
  "restrictedToOrganizationIds" : [ ],
  "active" : true
}'

Example response

HTTP/1.1 201 Created
Content-Type: application/json
Content-Length: 430

{
  "id" : "705a153f-8a54-4759-a9c4-d998cba78b06",
  "oidcIssuerId" : "aa834ac0-41d2-40a5-b1e1-36d0cf0becac",
  "audience" : "mop-aud-146c675c-ebd1-43b4-9574-47f87f6503dc",
  "restrictedToOrganizationIds" : [ ],
  "active" : true,
  "createdBy" : "bb8f015e-78b8-484b-a61c-0ad5b713c9a1",
  "createdAt" : {
    "nano" : 802044000,
    "epochSecond" : 1757551721
  },
  "deletedAt" : null,
  "deletedBy" : null,
  "deleted" : false
}

Update Oidc Audience

PATCH /oidc-audiences/{id}

Authorization

This endpoint requires:

  • update action on this oidc-audience resource.

Path parameters

Parameter Type Optional Description

id

Object

false

Request fields

Path Type Optional Description

audience

String

true

restrictedToOrganizationIds

Array[Object]

true

active

Boolean

true

Response fields

Path Type Optional Description

id

String

true

oidcIssuerId

String

true

audience

String

true

restrictedToOrganizationIds

Array[Object]

true

active

Boolean

true

createdBy

String

true

createdAt

Object

true

deletedAt

Object

true

deletedBy

String

true

deleted

Boolean

true

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/oidc-audiences/f2ef4db0-10c1-4c5e-811d-a29a015b2429' -i -X PATCH \
    -H 'Content-Type: application/json' \
    -d '{
  "audience" : "mop-aud-1da0160f-6e59-4e17-a705-6dd6d8380b7b",
  "restrictedToOrganizationIds" : [ ],
  "active" : false
}'

Example response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 431

{
  "id" : "f2ef4db0-10c1-4c5e-811d-a29a015b2429",
  "oidcIssuerId" : "8a9fc8c7-736e-43c1-bb14-2d4a0c36c08b",
  "audience" : "mop-aud-1da0160f-6e59-4e17-a705-6dd6d8380b7b",
  "restrictedToOrganizationIds" : [ ],
  "active" : false,
  "createdBy" : "8d98ed54-15fa-4670-b299-50b4d71dc776",
  "createdAt" : {
    "nano" : 676584000,
    "epochSecond" : 1757551721
  },
  "deletedAt" : null,
  "deletedBy" : null,
  "deleted" : false
}

Delete Oidc Audience

DELETE /oidc-audiences/{id}

Authorization

This endpoint requires:

  • delete action on this oidc-audience resource.

Path parameters

Parameter Type Optional Description

id

Object

false

Response fields

Path Type Optional Description

id

String

true

oidcIssuerId

String

true

audience

String

true

restrictedToOrganizationIds

Array[Object]

true

active

Boolean

true

createdBy

String

true

createdAt

Object

true

deletedAt

Object

true

deletedBy

String

true

deleted

Boolean

true

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/oidc-audiences/e2d358d1-f0aa-4359-beca-8afe34e02966' -i -X DELETE

Example response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 513

{
  "id" : "e2d358d1-f0aa-4359-beca-8afe34e02966",
  "oidcIssuerId" : "1c8efd5c-fe5e-4917-a580-60fc68e88264",
  "audience" : "mop-aud-7f25c443-b305-4833-a67b-b7c884b9b591",
  "restrictedToOrganizationIds" : [ ],
  "active" : true,
  "createdBy" : "01499845-b310-4d6e-8937-5d355e3d2fd7",
  "createdAt" : {
    "nano" : 7000,
    "epochSecond" : 1757551722
  },
  "deletedAt" : {
    "nano" : 11813000,
    "epochSecond" : 1757551722
  },
  "deletedBy" : "0072087f-3af0-4655-8bf4-a105f6b74622",
  "deleted" : true
}

User Identity to OIDC Audience Mappings

Find User Identity Audience Mappings

GET /user-identity-oidc-audience-mappings

Authorization

This endpoint requires:

  • read action on this user-identity-oidc-audience-mapping resource.

Response fields

Standard paging response where content field is list of following objects:

Path Type Optional Description

id

String

true

userIdentityId

String

true

oidcAudienceId

String

true

subject

String

true

active

Boolean

true

createdBy

String

true

createdAt

Object

true

deletedAt

Object

true

deletedBy

String

true

deleted

Boolean

true

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/user-identity-oidc-audience-mappings' -i -X GET

Example response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 3

[ ]

Get User Identity Audience Mapping

GET /user-identity-oidc-audience-mappings/{id}

Authorization

This endpoint requires:

  • read action on this user-identity-oidc-audience-mapping resource.

Path parameters

Parameter Type Optional Description

id

Object

false

Response fields

Path Type Optional Description

id

String

true

userIdentityId

String

true

oidcAudienceId

String

true

subject

String

true

active

Boolean

true

createdBy

String

true

createdAt

Object

true

deletedAt

Object

true

deletedBy

String

true

deleted

Boolean

true

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/user-identity-oidc-audience-mappings/998a518a-b0d9-49df-8dbf-8965e5fff171' -i -X GET

Example response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 459

{
  "id" : "998a518a-b0d9-49df-8dbf-8965e5fff171",
  "userIdentityId" : "28386f0a-7321-4ab6-a32c-2929ad17624c",
  "oidcAudienceId" : "450c4ddd-53b3-4397-9147-262afcc924be",
  "subject" : "console-client-58ce6cb4-54e3-47b4-b886-c3af786f63a9",
  "active" : true,
  "createdBy" : "859902b2-e460-4166-86c2-71a3a51fe39a",
  "createdAt" : {
    "nano" : 69644000,
    "epochSecond" : 1757551730
  },
  "deletedAt" : null,
  "deletedBy" : null,
  "deleted" : false
}

Create User Identity Audience Mapping

POST /user-identity-oidc-audience-mappings

Authorization

This endpoint requires:

  • create action on this user-identity-oidc-audience-mapping resource.

  • create-identity-mapping action on the user-identity resource identified by the userIdentityId property.

  • read action on the oidc-audience resource identified by the oidcAudienceId property.

Request fields

Path Type Optional Description

userIdentityId

String

true

oidcAudienceId

String

true

subject

String

true

active

Boolean

true

Response fields

Path Type Optional Description

id

String

true

userIdentityId

String

true

oidcAudienceId

String

true

subject

String

true

active

Boolean

true

createdBy

String

true

createdAt

Object

true

deletedAt

Object

true

deletedBy

String

true

deleted

Boolean

true

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/user-identity-oidc-audience-mappings' -i -X POST \
    -H 'Content-Type: application/json' \
    -d '{
  "userIdentityId" : "ad9128d7-3a86-4445-a2fa-67746fc3e0a6",
  "oidcAudienceId" : "aabdd36c-fd65-4d5c-be65-fbc4b5589342",
  "subject" : "console-client-04bcad63-13ae-40b7-af49-05753f369873",
  "active" : true
}'

Example response

HTTP/1.1 201 Created
Content-Type: application/json
Content-Length: 459

{
  "id" : "e0c2a888-61e5-4fa6-aad8-968931066b25",
  "userIdentityId" : "ad9128d7-3a86-4445-a2fa-67746fc3e0a6",
  "oidcAudienceId" : "aabdd36c-fd65-4d5c-be65-fbc4b5589342",
  "subject" : "console-client-04bcad63-13ae-40b7-af49-05753f369873",
  "active" : true,
  "createdBy" : "0a71119e-b827-4f8c-821c-de2adf0f91b1",
  "createdAt" : {
    "nano" : 16372000,
    "epochSecond" : 1757551730
  },
  "deletedAt" : null,
  "deletedBy" : null,
  "deleted" : false
}

Update User Identity Audience Mapping

PATCH /user-identity-oidc-audience-mappings/{id}

Authorization

This endpoint requires:

  • update action on this user-identity-oidc-audience-mapping resource.

Path parameters

Parameter Type Optional Description

id

Object

false

Request fields

Path Type Optional Description

active

Boolean

true

Response fields

Path Type Optional Description

id

String

true

userIdentityId

String

true

oidcAudienceId

String

true

subject

String

true

active

Boolean

true

createdBy

String

true

createdAt

Object

true

deletedAt

Object

true

deletedBy

String

true

deleted

Boolean

true

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/user-identity-oidc-audience-mappings/70ed1bb2-7bf8-4ff4-8dcd-c778e03aad7f' -i -X PATCH \
    -H 'Content-Type: application/json' \
    -d '{
  "active" : false
}'

Example response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 461

{
  "id" : "70ed1bb2-7bf8-4ff4-8dcd-c778e03aad7f",
  "userIdentityId" : "20c37db7-156e-4f9e-a36d-7b2a7ba46362",
  "oidcAudienceId" : "5a8ba815-f2fb-41b7-913e-84a099528133",
  "subject" : "console-client-ef847d63-d536-4bcb-a5ea-99a000901e5d",
  "active" : false,
  "createdBy" : "76567793-22d3-4a64-81f9-7f8589808743",
  "createdAt" : {
    "nano" : 929593000,
    "epochSecond" : 1757551729
  },
  "deletedAt" : null,
  "deletedBy" : null,
  "deleted" : false
}

Delete User Identity Audience Mapping

DELETE /user-identity-oidc-audience-mappings/{id}

Authorization

This endpoint requires:

  • delete action on this user-identity-oidc-audience-mapping resource.

Path parameters

Parameter Type Optional Description

id

Object

false

Response fields

Path Type Optional Description

id

String

true

userIdentityId

String

true

oidcAudienceId

String

true

subject

String

true

active

Boolean

true

createdBy

String

true

createdAt

Object

true

deletedAt

Object

true

deletedBy

String

true

deleted

Boolean

true

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/user-identity-oidc-audience-mappings/4ed69fc2-39f2-4b6a-a1cd-c916871b5021' -i -X DELETE

Example response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 549

{
  "id" : "4ed69fc2-39f2-4b6a-a1cd-c916871b5021",
  "userIdentityId" : "596654ca-99cd-4925-ba68-6711f8a2c92b",
  "oidcAudienceId" : "3452538c-b4c7-4057-af81-b741aae1fd3a",
  "subject" : "console-client-d31567ec-4215-4d79-a732-8eafcc870481",
  "active" : true,
  "createdBy" : "b65437e8-0473-43ee-a655-c40563a53d86",
  "createdAt" : {
    "nano" : 130298000,
    "epochSecond" : 1757551730
  },
  "deletedAt" : {
    "nano" : 142568000,
    "epochSecond" : 1757551730
  },
  "deletedBy" : "d6f423d8-e1d2-4475-a2af-53bd850ffb10",
  "deleted" : true
}

Identity Providers

Find Identity Providers

GET /identity-providers

Authorization

This endpoint requires:

  • read action on this identity-provider resource.

Query parameters

Supports standard paging query parameters.

Parameter Type Optional Description

name

String

true

organizationId

Object

true

auth0ConnectionId

Object

true

auth0ConnectionType

Object

true

Must be one of [Database, Social, Enterprise, Passwordless].

active

Boolean

true

deleted

Object

true

Response fields

Standard paging response where content field is list of following objects:

Path Type Optional Description

id

String

true

organizationId

String

true

auth0ConnectionId

String

true

name

String

true

auth0ConnectionType

String

true

Must be one of [Database, Social, Enterprise, Passwordless].

active

Boolean

true

createdAt

Object

true

updatedAt

Object

true

deletedAt

Object

true

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/identity-providers' -i -X GET

Example response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 1150

[ {
  "id" : "15921b28-2e4d-4926-a2da-fcf58b072b7b",
  "organizationId" : "3d4f586f-b1fe-4b18-9f66-1b3447c4a2a0",
  "auth0ConnectionId" : "auth0-opaque-connectionId-3",
  "name" : "ACME Federated Active Directory",
  "auth0ConnectionType" : "Enterprise",
  "active" : true,
  "createdAt" : {
    "nano" : 395135000,
    "epochSecond" : 1757551666
  },
  "updatedAt" : null,
  "deletedAt" : null
}, {
  "id" : "1d6d18e6-7100-4038-a4d5-f035cbf19e83",
  "organizationId" : "2696c433-b35c-4ed9-b2e6-18d82c09a7e1",
  "auth0ConnectionId" : "auth0-opaque-connectionId-207",
  "name" : "Username/Password",
  "auth0ConnectionType" : "Database",
  "active" : true,
  "createdAt" : {
    "nano" : 79113000,
    "epochSecond" : 1757551719
  },
  "updatedAt" : null,
  "deletedAt" : null
}, {
  "id" : "2cd7d763-cb1a-4f02-9a94-701cc944ee0e",
  "organizationId" : "95068bb0-864b-4930-b06e-9acf4957c826",
  "auth0ConnectionId" : "google-oauth2",
  "name" : "NetFoundry Google Account",
  "auth0ConnectionType" : "Social",
  "active" : true,
  "createdAt" : {
    "nano" : 39871000,
    "epochSecond" : 1757551662
  },
  "updatedAt" : null,
  "deletedAt" : null
} ]

Get Identity Provider

GET /identity-providers/{id}

Authorization

This endpoint requires:

  • read action on this identity-provider resource.

Path parameters

Parameter Type Optional Description

id

Object

false

Response fields

Path Type Optional Description

id

String

true

organizationId

String

true

auth0ConnectionId

String

true

name

String

true

auth0ConnectionType

String

true

Must be one of [Database, Social, Enterprise, Passwordless].

active

Boolean

true

createdAt

Object

true

updatedAt

Object

true

deletedAt

Object

true

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/identity-providers/ef0ff7b7-017b-4a3a-b505-351f3952ee41' -i -X GET

Example response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 373

{
  "id" : "ef0ff7b7-017b-4a3a-b505-351f3952ee41",
  "organizationId" : "3d4f586f-b1fe-4b18-9f66-1b3447c4a2a0",
  "auth0ConnectionId" : "auth0-opaque-connectionId-4",
  "name" : "Google-Account",
  "auth0ConnectionType" : "Social",
  "active" : true,
  "createdAt" : {
    "nano" : 403711000,
    "epochSecond" : 1757551666
  },
  "updatedAt" : null,
  "deletedAt" : null
}

Create Identity Provider

POST /identity-providers

Authorization

This endpoint requires:

  • create action on this identity-provider resource.

Request fields

Path Type Optional Description

organizationId

String

true

auth0ConnectionId

String

true

name

String

true

auth0ConnectionType

String

true

Must be one of [Database, Social, Enterprise, Passwordless].

Response fields

Path Type Optional Description

id

String

true

organizationId

String

true

auth0ConnectionId

String

true

name

String

true

auth0ConnectionType

String

true

Must be one of [Database, Social, Enterprise, Passwordless].

active

Boolean

true

createdAt

Object

true

updatedAt

Object

true

deletedAt

Object

true

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/identity-providers' -i -X POST \
    -H 'Content-Type: application/json' \
    -d '{
  "organizationId" : "28f6a37f-9837-4736-8c41-206d6b5e2fc4",
  "auth0ConnectionId" : "auth0-opaque-connection",
  "name" : "Corp SAML",
  "auth0ConnectionType" : "Enterprise"
}'

Example response

HTTP/1.1 201 Created
Content-Type: application/json
Content-Length: 368

{
  "id" : "bac8aa46-6373-407a-af58-910813819cfd",
  "organizationId" : "28f6a37f-9837-4736-8c41-206d6b5e2fc4",
  "auth0ConnectionId" : "auth0-opaque-connection",
  "name" : "Corp SAML",
  "auth0ConnectionType" : "Enterprise",
  "active" : true,
  "createdAt" : {
    "nano" : 351471000,
    "epochSecond" : 1757551719
  },
  "updatedAt" : null,
  "deletedAt" : null
}

Update Identity Provider

PUT /identity-providers/{id}

Authorization

This endpoint requires:

  • update action on this identity-provider resource.

Path parameters

Parameter Type Optional Description

id

Object

false

Request fields

Path Type Optional Description

name

String

true

Response fields

Path Type Optional Description

id

String

true

organizationId

String

true

auth0ConnectionId

String

true

name

String

true

auth0ConnectionType

String

true

Must be one of [Database, Social, Enterprise, Passwordless].

active

Boolean

true

createdAt

Object

true

updatedAt

Object

true

deletedAt

Object

true

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/identity-providers/dc9ea035-2180-47a5-82fd-c558d175e35f' -i -X PUT \
    -H 'Content-Type: application/json' \
    -d '{
  "name" : "New IdP Name"
}'

Example response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 431

{
  "id" : "dc9ea035-2180-47a5-82fd-c558d175e35f",
  "organizationId" : "4cb8cb8e-b503-4c38-b072-2405a7733210",
  "auth0ConnectionId" : "auth0-opaque-connectionId-223",
  "name" : "New IdP Name",
  "auth0ConnectionType" : "Database",
  "active" : true,
  "createdAt" : {
    "nano" : 755034000,
    "epochSecond" : 1757551719
  },
  "updatedAt" : {
    "nano" : 783087000,
    "epochSecond" : 1757551719
  },
  "deletedAt" : null
}

Activate Or Deactivate Identity Provider

PUT /identity-providers/{id}/{action:activate|deactivate}

Authorization

This endpoint requires:

  • update action on this identity-provider resource.

Path parameters

Parameter Type Optional Description

id

Object

false

action

String

false

Response fields

Path Type Optional Description

id

String

true

organizationId

String

true

auth0ConnectionId

String

true

name

String

true

auth0ConnectionType

String

true

Must be one of [Database, Social, Enterprise, Passwordless].

active

Boolean

true

createdAt

Object

true

updatedAt

Object

true

deletedAt

Object

true

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/identity-providers/6cbc6c91-5f9e-42f7-a865-d26ea3b2d8b0/activate' -i -X PUT

Example response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 380

{
  "id" : "6cbc6c91-5f9e-42f7-a865-d26ea3b2d8b0",
  "organizationId" : "fc41ed56-ec62-480c-ab9f-941c9a2de31d",
  "auth0ConnectionId" : "auth0-opaque-connectionId-217",
  "name" : "Username/Password",
  "auth0ConnectionType" : "Database",
  "active" : true,
  "createdAt" : {
    "nano" : 456157000,
    "epochSecond" : 1757551719
  },
  "updatedAt" : null,
  "deletedAt" : null
}

Delete Identity Provider

DELETE /identity-providers/{id}

Authorization

This endpoint requires:

  • delete action on this identity-provider resource.

Path parameters

Parameter Type Optional Description

id

Object

false

Response fields

Path Type Optional Description

id

String

true

organizationId

String

true

auth0ConnectionId

String

true

name

String

true

auth0ConnectionType

String

true

Must be one of [Database, Social, Enterprise, Passwordless].

active

Boolean

true

createdAt

Object

true

updatedAt

Object

true

deletedAt

Object

true

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/identity-providers/2f7a5e2a-341d-4f78-8f7c-66a5c39c043d' -i -X DELETE

Example response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 492

{
  "id" : "2f7a5e2a-341d-4f78-8f7c-66a5c39c043d",
  "organizationId" : "c7729e49-af63-4ab5-8548-04718832175f",
  "auth0ConnectionId" : "auth0-opaque-connectionId-221",
  "name" : "Username/Password",
  "auth0ConnectionType" : "Database",
  "active" : true,
  "createdAt" : {
    "nano" : 670220000,
    "epochSecond" : 1757551719
  },
  "updatedAt" : {
    "nano" : 686534000,
    "epochSecond" : 1757551719
  },
  "deletedAt" : {
    "nano" : 685000000,
    "epochSecond" : 1757551719
  }
}

Default Roles

Find Default Roles

GET /default-roles

Authorization

This endpoint requires:

  • read action on this default-role resource.

Response fields

Standard paging response where content field is list of following objects:

Path Type Optional Description

id

String

true

organizationId

String

true

name

String

true

roleType

String

true

Must be one of [Standard, Custom].

roleId

String

true

createdBy

String

true

createdAt

Object

true

deletedAt

Object

true

deletedBy

String

true

deleted

Boolean

true

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/default-roles' -i -X GET

Example response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 1315

[ {
  "id" : "0d4bc0bf-336c-40c2-8986-240e6d15fd3c",
  "organizationId" : "f86122fb-316b-4427-8c38-248165bf4504",
  "name" : "NF Support - Intervention",
  "roleType" : "Custom",
  "roleId" : "97315ed6-2fc7-4a40-b7ea-abe53cc6a188",
  "createdBy" : "2b6f496d-36f1-4e66-a205-8abcf1d41d74",
  "createdAt" : {
    "nano" : 905672000,
    "epochSecond" : 1757551661
  },
  "deletedAt" : null,
  "deletedBy" : null,
  "deleted" : false
}, {
  "id" : "1c5e23b4-96bb-4c55-847e-935dfdbc3abc",
  "organizationId" : "3d4f586f-b1fe-4b18-9f66-1b3447c4a2a0",
  "name" : "Standard Role - c6d821bd-8969-4ea4-9327-1b04db66e77f",
  "roleType" : "Standard",
  "roleId" : "c6d821bd-8969-4ea4-9327-1b04db66e77f",
  "createdBy" : "d380be12-4cc3-4f75-bdb5-f1a0eb0e9971",
  "createdAt" : {
    "nano" : 634000000,
    "epochSecond" : 1757551666
  },
  "deletedAt" : null,
  "deletedBy" : null,
  "deleted" : false
}, {
  "id" : "3963b7b6-de64-431f-b556-c9ae686786c4",
  "organizationId" : "95068bb0-864b-4930-b06e-9acf4957c826",
  "name" : "Cloud Engineering",
  "roleType" : "Custom",
  "roleId" : "8f1493a4-29ca-4b34-8d04-b6ef954b097c",
  "createdBy" : "2b6f496d-36f1-4e66-a205-8abcf1d41d74",
  "createdAt" : {
    "nano" : 41593000,
    "epochSecond" : 1757551662
  },
  "deletedAt" : null,
  "deletedBy" : null,
  "deleted" : false
} ]

Get Default Role

GET /default-roles/{id}

Authorization

This endpoint requires:

  • read action on this default-role resource.

Path parameters

Parameter Type Optional Description

id

Object

false

Response fields

Path Type Optional Description

id

String

true

organizationId

String

true

name

String

true

roleType

String

true

Must be one of [Standard, Custom].

roleId

String

true

createdBy

String

true

createdAt

Object

true

deletedAt

Object

true

deletedBy

String

true

deleted

Boolean

true

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/default-roles/1c5e23b4-96bb-4c55-847e-935dfdbc3abc' -i -X GET

Example response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 458

{
  "id" : "1c5e23b4-96bb-4c55-847e-935dfdbc3abc",
  "organizationId" : "3d4f586f-b1fe-4b18-9f66-1b3447c4a2a0",
  "name" : "Standard Role - c6d821bd-8969-4ea4-9327-1b04db66e77f",
  "roleType" : "Standard",
  "roleId" : "c6d821bd-8969-4ea4-9327-1b04db66e77f",
  "createdBy" : "d380be12-4cc3-4f75-bdb5-f1a0eb0e9971",
  "createdAt" : {
    "nano" : 634000000,
    "epochSecond" : 1757551666
  },
  "deletedAt" : null,
  "deletedBy" : null,
  "deleted" : false
}

Create Default Role

POST /default-roles

Authorization

This endpoint requires:

  • create action on this default-role resource.

  • update action on the organization resource identified by the organization property.

Request fields

Path Type Optional Description

organizationId

String

true

roleType

String

true

Must be one of [Standard, Custom].

roleId

String

true

Response fields

Path Type Optional Description

id

String

true

organizationId

String

true

name

String

true

roleType

String

true

Must be one of [Standard, Custom].

roleId

String

true

createdBy

String

true

createdAt

Object

true

deletedAt

Object

true

deletedBy

String

true

deleted

Boolean

true

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/default-roles' -i -X POST \
    -H 'Content-Type: application/json' \
    -d '{
  "organizationId" : "d31ffc0d-5879-404b-a5ca-b0ef3cf90ada",
  "roleType" : "Standard",
  "roleId" : "fba3e57f-bafe-412f-be5a-73148099d612"
}'

Example response

HTTP/1.1 201 Created
Content-Type: application/json
Content-Length: 458

{
  "id" : "47862dfc-2026-4485-ac17-cec8af951452",
  "organizationId" : "d31ffc0d-5879-404b-a5ca-b0ef3cf90ada",
  "name" : "Standard Role - fba3e57f-bafe-412f-be5a-73148099d612",
  "roleType" : "Standard",
  "roleId" : "fba3e57f-bafe-412f-be5a-73148099d612",
  "createdBy" : "460f4fe2-7dc8-48c8-8b57-f9c45639ee5e",
  "createdAt" : {
    "nano" : 926360000,
    "epochSecond" : 1757551714
  },
  "deletedAt" : null,
  "deletedBy" : null,
  "deleted" : false
}

Delete Default Role

DELETE /default-roles/{id}

Authorization

This endpoint requires:

  • delete action on this default-role resource.

Path parameters

Parameter Type Optional Description

id

Object

false

Response fields

Path Type Optional Description

id

String

true

organizationId

String

true

name

String

true

roleType

String

true

Must be one of [Standard, Custom].

roleId

String

true

createdBy

String

true

createdAt

Object

true

deletedAt

Object

true

deletedBy

String

true

deleted

Boolean

true

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/default-roles/c5344d03-5294-43e2-9320-c24f8e78d1eb' -i -X DELETE

Example response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 547

{
  "id" : "c5344d03-5294-43e2-9320-c24f8e78d1eb",
  "organizationId" : "3d4f586f-b1fe-4b18-9f66-1b3447c4a2a0",
  "name" : "Standard Role - d8f8d60e-29ba-46f9-b514-c8eca53f6f6d",
  "roleType" : "Standard",
  "roleId" : "d8f8d60e-29ba-46f9-b514-c8eca53f6f6d",
  "createdBy" : "126a407e-0aeb-446e-92a3-d288059750e2",
  "createdAt" : {
    "nano" : 666538000,
    "epochSecond" : 1757551714
  },
  "deletedAt" : {
    "nano" : 677000000,
    "epochSecond" : 1757551714
  },
  "deletedBy" : "9c9db2ac-749e-4a4f-a140-12902cd1f8b1",
  "deleted" : true
}

Grant Default Role

POST /default-roles/{id}/grant

Authorization

This endpoint requires:

  • read action on this default-role resource.

  • create action on the invitation resource identified by the organization property.

Path parameters

Parameter Type Optional Description

id

Object

false

Request fields

No request body.

Response fields

No response body.

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/default-roles/54d84a83-aeb3-4228-97c3-712de877210c/grant' -i -X POST \
    -H 'Content-Type: application/json' \
    -d '{
  "includeIdentityIds" : [ "007427eb-2260-4904-9f2a-f2d840d8a8c1", "3ef08dce-6918-4f41-9b3c-385a8a03c855", "3e6babd8-20d4-4d30-bf1b-74d55ab479b1" ],
  "excludeIdentityIds" : [ "007427eb-2260-4904-9f2a-f2d840d8a8c1", "3ef08dce-6918-4f41-9b3c-385a8a03c855", "c2fac021-57fc-41be-a9b4-ac893b0bb859" ]
}'

Example response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 51

{
  "3e6babd8-20d4-4d30-bf1b-74d55ab479b1" : true
}

User Identity

Get Identity

GET /identities/self

Authorization

This endpoint requires no specific permission, only an authenticated client.

Response fields

Path Type Optional Description

name

String

true

id

String

true

type

String

true

active

Boolean

true

email

String

true

tenantId

String

true

Deprecated..

organizationId

String

true

createdAt

Object

true

deletedAt

Object

true

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/identities/self' -i -X GET

Example response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 718

{
  "id" : "4271c32a-2031-421d-87cd-c3497683831a",
  "organizationId" : "3d4f586f-b1fe-4b18-9f66-1b3447c4a2a0",
  "firstName" : "First",
  "lastName" : "Last",
  "email" : "random-344@acme.com",
  "identityMappings" : [ {
    "id" : "67269eac-60e1-4e02-8cdb-bd9e75e7ee51",
    "auth0UserId" : "auth0-opaque-userId-345",
    "identityProviderId" : "ef0ff7b7-017b-4a3a-b505-351f3952ee41",
    "userIdentityId" : "4271c32a-2031-421d-87cd-c3497683831a"
  } ],
  "identityAudienceMappings" : [ ],
  "active" : true,
  "createdAt" : {
    "nano" : 883692000,
    "epochSecond" : 1757551728
  },
  "deletedAt" : null,
  "name" : "First Last",
  "tenantId" : "3d4f586f-b1fe-4b18-9f66-1b3447c4a2a0",
  "type" : "UserIdentity"
}

Get Identity

GET /identities/{id:[a-fA-F0-9]{8}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{12}}

Authorization

This endpoint requires:

  • read action on this user-identity resource.

Path parameters

Parameter Type Optional Description

id

Object

false

Response fields

Path Type Optional Description

name

String

true

id

String

true

type

String

true

active

Boolean

true

email

String

true

tenantId

String

true

Deprecated..

organizationId

String

true

createdAt

Object

true

deletedAt

Object

true

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/identities/2e9932c7-7d7d-4b8b-adbf-6a9c911a6817' -i -X GET

Example response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 710

{
  "id" : "2e9932c7-7d7d-4b8b-adbf-6a9c911a6817",
  "organizationId" : "3d4f586f-b1fe-4b18-9f66-1b3447c4a2a0",
  "firstName" : "John",
  "lastName" : "Doe",
  "email" : "john.doe@acme.com",
  "identityMappings" : [ {
    "id" : "4db57784-5d75-487e-83a7-8bf41a6d9d2c",
    "auth0UserId" : "auth0-opaque-userId-5",
    "identityProviderId" : "15921b28-2e4d-4926-a2da-fcf58b072b7b",
    "userIdentityId" : "2e9932c7-7d7d-4b8b-adbf-6a9c911a6817"
  } ],
  "identityAudienceMappings" : [ ],
  "active" : true,
  "createdAt" : {
    "nano" : 674936000,
    "epochSecond" : 1757551666
  },
  "deletedAt" : null,
  "name" : "John Doe",
  "tenantId" : "3d4f586f-b1fe-4b18-9f66-1b3447c4a2a0",
  "type" : "UserIdentity"
}

Find User Identities

GET /user-identities

Authorization

This endpoint requires:

  • read action on this user-identity resource.

Response fields

Standard paging response where content field is list of following objects:

Path Type Optional Description

id

String

true

organizationId

String

true

firstName

String

true

lastName

String

true

email

String

true

identityMappings

Array[Object]

true

identityMappings[].id

String

true

identityMappings[].auth0UserId

String

true

identityMappings[].identityProviderId

String

true

identityMappings[].userIdentityId

String

true

identityAudienceMappings

Array[Object]

true

identityAudienceMappings[].id

String

true

identityAudienceMappings[].userIdentityId

String

true

identityAudienceMappings[].oidcAudienceId

String

true

identityAudienceMappings[].subject

String

true

identityAudienceMappings[].active

Boolean

true

identityAudienceMappings[].createdBy

String

true

identityAudienceMappings[].createdAt

Object

true

identityAudienceMappings[].deletedAt

Object

true

identityAudienceMappings[].deletedBy

String

true

identityAudienceMappings[].deleted

Boolean

true

active

Boolean

true

createdAt

Object

true

deletedAt

Object

true

name

String

true

tenantId

String

true

Deprecated..

type

String

true

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/user-identities' -i -X GET

Example response

HTTP/1.1 200 OK
Link: <https://gateway.netFoundry.io/identity/v1/user-identities?page=1>; rel="next", <https://gateway.netFoundry.io/identity/v1/user-identities?page=4>; rel="last"
Content-Type: application/json
Content-Length: 2158

[ {
  "id" : "0e161a56-335e-43c0-9c58-7a25b78bbc73",
  "organizationId" : "3d4f586f-b1fe-4b18-9f66-1b3447c4a2a0",
  "firstName" : "First",
  "lastName" : "Last",
  "email" : "random-105@acme.com",
  "identityMappings" : [ {
    "id" : "473ad325-d155-4996-96ba-2323ae26d12b",
    "auth0UserId" : "auth0-opaque-userId-106",
    "identityProviderId" : "ef0ff7b7-017b-4a3a-b505-351f3952ee41",
    "userIdentityId" : "0e161a56-335e-43c0-9c58-7a25b78bbc73"
  } ],
  "identityAudienceMappings" : [ ],
  "active" : true,
  "createdAt" : {
    "nano" : 185418000,
    "epochSecond" : 1757551716
  },
  "deletedAt" : null,
  "name" : "First Last",
  "tenantId" : "3d4f586f-b1fe-4b18-9f66-1b3447c4a2a0",
  "type" : "UserIdentity"
}, {
  "id" : "144df907-7908-45b0-85e6-3ebab3ede7b4",
  "organizationId" : "3d4f586f-b1fe-4b18-9f66-1b3447c4a2a0",
  "firstName" : "First",
  "lastName" : "Last",
  "email" : "random-109@acme.com",
  "identityMappings" : [ {
    "id" : "f473e914-d27f-465e-a6a4-bb7630384a90",
    "auth0UserId" : "auth0-opaque-userId-110",
    "identityProviderId" : "ef0ff7b7-017b-4a3a-b505-351f3952ee41",
    "userIdentityId" : "144df907-7908-45b0-85e6-3ebab3ede7b4"
  } ],
  "identityAudienceMappings" : [ ],
  "active" : true,
  "createdAt" : {
    "nano" : 259383000,
    "epochSecond" : 1757551716
  },
  "deletedAt" : null,
  "name" : "First Last",
  "tenantId" : "3d4f586f-b1fe-4b18-9f66-1b3447c4a2a0",
  "type" : "UserIdentity"
}, {
  "id" : "23adaf63-d20e-4969-ba0b-08e6d1e6bba1",
  "organizationId" : "b631f5b9-a579-4fff-bdc7-31a6b6b2f9e6",
  "firstName" : "First",
  "lastName" : "Last",
  "email" : "random-81@acme.com",
  "identityMappings" : [ {
    "id" : "d78fc01f-af9b-47c2-956e-eda8400a0fb1",
    "auth0UserId" : "auth0-opaque-userId-82",
    "identityProviderId" : "e5350b48-c773-4280-b65a-a73df4520345",
    "userIdentityId" : "23adaf63-d20e-4969-ba0b-08e6d1e6bba1"
  } ],
  "identityAudienceMappings" : [ ],
  "active" : true,
  "createdAt" : {
    "nano" : 7784000,
    "epochSecond" : 1757551715
  },
  "deletedAt" : null,
  "name" : "First Last",
  "tenantId" : "b631f5b9-a579-4fff-bdc7-31a6b6b2f9e6",
  "type" : "UserIdentity"
} ]

Get User Identity

GET /user-identities/{id:[a-fA-F0-9]{8}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{12}}

Authorization

This endpoint requires:

  • read action on this user-identity resource.

Path parameters

Parameter Type Optional Description

id

Object

false

Response fields

Path Type Optional Description

id

String

true

organizationId

String

true

firstName

String

true

lastName

String

true

email

String

true

identityMappings

Array[Object]

true

identityMappings[].id

String

true

identityMappings[].auth0UserId

String

true

identityMappings[].identityProviderId

String

true

identityMappings[].userIdentityId

String

true

identityAudienceMappings

Array[Object]

true

identityAudienceMappings[].id

String

true

identityAudienceMappings[].userIdentityId

String

true

identityAudienceMappings[].oidcAudienceId

String

true

identityAudienceMappings[].subject

String

true

identityAudienceMappings[].active

Boolean

true

identityAudienceMappings[].createdBy

String

true

identityAudienceMappings[].createdAt

Object

true

identityAudienceMappings[].deletedAt

Object

true

identityAudienceMappings[].deletedBy

String

true

identityAudienceMappings[].deleted

Boolean

true

active

Boolean

true

createdAt

Object

true

deletedAt

Object

true

name

String

true

tenantId

String

true

Deprecated..

type

String

true

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/user-identities/2e9932c7-7d7d-4b8b-adbf-6a9c911a6817' -i -X GET

Example response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 710

{
  "id" : "2e9932c7-7d7d-4b8b-adbf-6a9c911a6817",
  "organizationId" : "3d4f586f-b1fe-4b18-9f66-1b3447c4a2a0",
  "firstName" : "John",
  "lastName" : "Doe",
  "email" : "john.doe@acme.com",
  "identityMappings" : [ {
    "id" : "4db57784-5d75-487e-83a7-8bf41a6d9d2c",
    "auth0UserId" : "auth0-opaque-userId-5",
    "identityProviderId" : "15921b28-2e4d-4926-a2da-fcf58b072b7b",
    "userIdentityId" : "2e9932c7-7d7d-4b8b-adbf-6a9c911a6817"
  } ],
  "identityAudienceMappings" : [ ],
  "active" : true,
  "createdAt" : {
    "nano" : 674936000,
    "epochSecond" : 1757551666
  },
  "deletedAt" : null,
  "name" : "John Doe",
  "tenantId" : "3d4f586f-b1fe-4b18-9f66-1b3447c4a2a0",
  "type" : "UserIdentity"
}

Get User Identity By Mapping

GET /user-identities/mapping/{auth0UserId}/{identityProviderId}

Authorization

This endpoint requires:

  • read action on this user-identity resource.

Path parameters

Parameter Type Optional Description

auth0UserId

String

false

identityProviderId

Object

false

Response fields

Path Type Optional Description

id

String

true

organizationId

String

true

firstName

String

true

lastName

String

true

email

String

true

identityMappings

Array[Object]

true

identityMappings[].id

String

true

identityMappings[].auth0UserId

String

true

identityMappings[].identityProviderId

String

true

identityMappings[].userIdentityId

String

true

identityAudienceMappings

Array[Object]

true

identityAudienceMappings[].id

String

true

identityAudienceMappings[].userIdentityId

String

true

identityAudienceMappings[].oidcAudienceId

String

true

identityAudienceMappings[].subject

String

true

identityAudienceMappings[].active

Boolean

true

identityAudienceMappings[].createdBy

String

true

identityAudienceMappings[].createdAt

Object

true

identityAudienceMappings[].deletedAt

Object

true

identityAudienceMappings[].deletedBy

String

true

identityAudienceMappings[].deleted

Boolean

true

active

Boolean

true

createdAt

Object

true

deletedAt

Object

true

name

String

true

tenantId

String

true

Deprecated..

type

String

true

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/user-identities/mapping/auth0-opaque-userId-5/15921b28-2e4d-4926-a2da-fcf58b072b7b' -i -X GET

Example response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 710

{
  "id" : "2e9932c7-7d7d-4b8b-adbf-6a9c911a6817",
  "organizationId" : "3d4f586f-b1fe-4b18-9f66-1b3447c4a2a0",
  "firstName" : "John",
  "lastName" : "Doe",
  "email" : "john.doe@acme.com",
  "identityMappings" : [ {
    "id" : "4db57784-5d75-487e-83a7-8bf41a6d9d2c",
    "auth0UserId" : "auth0-opaque-userId-5",
    "identityProviderId" : "15921b28-2e4d-4926-a2da-fcf58b072b7b",
    "userIdentityId" : "2e9932c7-7d7d-4b8b-adbf-6a9c911a6817"
  } ],
  "identityAudienceMappings" : [ ],
  "active" : true,
  "createdAt" : {
    "nano" : 674936000,
    "epochSecond" : 1757551666
  },
  "deletedAt" : null,
  "name" : "John Doe",
  "tenantId" : "3d4f586f-b1fe-4b18-9f66-1b3447c4a2a0",
  "type" : "UserIdentity"
}

Create Identity

POST /user-identities

Authorization

This endpoint requires:

  • create action on this user-identity resource.

Request fields

Path Type Optional Description

organizationId

String

true

firstName

String

true

lastName

String

true

email

String

true

Response fields

Path Type Optional Description

id

String

true

organizationId

String

true

firstName

String

true

lastName

String

true

email

String

true

identityMappings

Array[Object]

true

identityMappings[].id

String

true

identityMappings[].auth0UserId

String

true

identityMappings[].identityProviderId

String

true

identityMappings[].userIdentityId

String

true

identityAudienceMappings

Array[Object]

true

identityAudienceMappings[].id

String

true

identityAudienceMappings[].userIdentityId

String

true

identityAudienceMappings[].oidcAudienceId

String

true

identityAudienceMappings[].subject

String

true

identityAudienceMappings[].active

Boolean

true

identityAudienceMappings[].createdBy

String

true

identityAudienceMappings[].createdAt

Object

true

identityAudienceMappings[].deletedAt

Object

true

identityAudienceMappings[].deletedBy

String

true

identityAudienceMappings[].deleted

Boolean

true

active

Boolean

true

createdAt

Object

true

deletedAt

Object

true

name

String

true

tenantId

String

true

Deprecated..

type

String

true

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/user-identities' -i -X POST \
    -H 'Content-Type: application/json' \
    -d '{
  "organizationId" : "3d4f586f-b1fe-4b18-9f66-1b3447c4a2a0",
  "firstName" : "Jane",
  "lastName" : "Doe",
  "email" : "jane.doe@acme.com"
}'

Example response

HTTP/1.1 201 Created
Content-Type: application/json
Content-Length: 479

{
  "id" : "d49b11c9-cf04-431a-b93b-53062c361669",
  "organizationId" : "3d4f586f-b1fe-4b18-9f66-1b3447c4a2a0",
  "firstName" : "Jane",
  "lastName" : "Doe",
  "email" : "jane.doe@acme.com",
  "identityMappings" : [ ],
  "identityAudienceMappings" : [ ],
  "active" : true,
  "createdAt" : {
    "nano" : 517092000,
    "epochSecond" : 1757551729
  },
  "deletedAt" : null,
  "name" : "Jane Doe",
  "tenantId" : "3d4f586f-b1fe-4b18-9f66-1b3447c4a2a0",
  "type" : "UserIdentity"
}

Update

PUT /user-identities/{id}

Authorization

This endpoint requires:

  • update action on this user-identity resource.

Path parameters

Parameter Type Optional Description

id

Object

false

Request fields

Path Type Optional Description

firstName

String

true

lastName

String

true

email

String

true

Response fields

Path Type Optional Description

id

String

true

organizationId

String

true

firstName

String

true

lastName

String

true

email

String

true

identityMappings

Array[Object]

true

identityMappings[].id

String

true

identityMappings[].auth0UserId

String

true

identityMappings[].identityProviderId

String

true

identityMappings[].userIdentityId

String

true

identityAudienceMappings

Array[Object]

true

identityAudienceMappings[].id

String

true

identityAudienceMappings[].userIdentityId

String

true

identityAudienceMappings[].oidcAudienceId

String

true

identityAudienceMappings[].subject

String

true

identityAudienceMappings[].active

Boolean

true

identityAudienceMappings[].createdBy

String

true

identityAudienceMappings[].createdAt

Object

true

identityAudienceMappings[].deletedAt

Object

true

identityAudienceMappings[].deletedBy

String

true

identityAudienceMappings[].deleted

Boolean

true

active

Boolean

true

createdAt

Object

true

deletedAt

Object

true

name

String

true

tenantId

String

true

Deprecated..

type

String

true

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/user-identities/1a7bae2a-8caa-43e4-9ebf-87abc0a5885f' -i -X PUT \
    -H 'Content-Type: application/json' \
    -d '{
  "firstName" : "Bobby",
  "lastName" : "White",
  "email" : "bobby.white@acme.com"
}'

Example response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 720

{
  "id" : "1a7bae2a-8caa-43e4-9ebf-87abc0a5885f",
  "organizationId" : "3d4f586f-b1fe-4b18-9f66-1b3447c4a2a0",
  "firstName" : "Bobby",
  "lastName" : "White",
  "email" : "bobby.white@acme.com",
  "identityMappings" : [ {
    "id" : "6cc74ba4-2641-420e-a3d3-20b957fe8f06",
    "auth0UserId" : "auth0-opaque-userId-349",
    "identityProviderId" : "ef0ff7b7-017b-4a3a-b505-351f3952ee41",
    "userIdentityId" : "1a7bae2a-8caa-43e4-9ebf-87abc0a5885f"
  } ],
  "identityAudienceMappings" : [ ],
  "active" : true,
  "createdAt" : {
    "nano" : 68078000,
    "epochSecond" : 1757551729
  },
  "deletedAt" : null,
  "name" : "Bobby White",
  "tenantId" : "3d4f586f-b1fe-4b18-9f66-1b3447c4a2a0",
  "type" : "UserIdentity"
}

Activate Or Deactivate User Identity

PUT /user-identities/{id}/{action:activate|deactivate}

Authorization

This endpoint requires:

  • update-active action on this user-identity resource.

Path parameters

Parameter Type Optional Description

id

Object

false

action

String

false

Response fields

Path Type Optional Description

id

String

true

organizationId

String

true

firstName

String

true

lastName

String

true

email

String

true

identityMappings

Array[Object]

true

identityMappings[].id

String

true

identityMappings[].auth0UserId

String

true

identityMappings[].identityProviderId

String

true

identityMappings[].userIdentityId

String

true

identityAudienceMappings

Array[Object]

true

identityAudienceMappings[].id

String

true

identityAudienceMappings[].userIdentityId

String

true

identityAudienceMappings[].oidcAudienceId

String

true

identityAudienceMappings[].subject

String

true

identityAudienceMappings[].active

Boolean

true

identityAudienceMappings[].createdBy

String

true

identityAudienceMappings[].createdAt

Object

true

identityAudienceMappings[].deletedAt

Object

true

identityAudienceMappings[].deletedBy

String

true

identityAudienceMappings[].deleted

Boolean

true

active

Boolean

true

createdAt

Object

true

deletedAt

Object

true

name

String

true

tenantId

String

true

Deprecated..

type

String

true

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/user-identities/f7909c34-4445-4877-b7db-24a60f1310c1/deactivate' -i -X PUT

Example response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 719

{
  "id" : "f7909c34-4445-4877-b7db-24a60f1310c1",
  "organizationId" : "3d4f586f-b1fe-4b18-9f66-1b3447c4a2a0",
  "firstName" : "First",
  "lastName" : "Last",
  "email" : "random-350@acme.com",
  "identityMappings" : [ {
    "id" : "8d2521ec-1cff-40d0-bc6d-bab2b73ac977",
    "auth0UserId" : "auth0-opaque-userId-351",
    "identityProviderId" : "ef0ff7b7-017b-4a3a-b505-351f3952ee41",
    "userIdentityId" : "f7909c34-4445-4877-b7db-24a60f1310c1"
  } ],
  "identityAudienceMappings" : [ ],
  "active" : false,
  "createdAt" : {
    "nano" : 136262000,
    "epochSecond" : 1757551729
  },
  "deletedAt" : null,
  "name" : "First Last",
  "tenantId" : "3d4f586f-b1fe-4b18-9f66-1b3447c4a2a0",
  "type" : "UserIdentity"
}

Reset User Identity Mfa Settings

PUT /user-identities/{id}/reset-mfa

Authorization

This endpoint requires:

  • update-reset-mfa action on this user-identity resource.

Path parameters

Parameter Type Optional Description

id

Object

false

Response fields

No response body.

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/user-identities/6222513d-062b-406e-9c0d-3e8d3e123fa6/reset-mfa' -i -X PUT

Example response

HTTP/1.1 200 OK

Map Identity

POST /user-identities/{id}/mapping

Authorization

This endpoint requires:

  • create-identity-mapping action on this user-identity resource.

Path parameters

Parameter Type Optional Description

id

Object

false

Request fields

Path Type Optional Description

auth0UserId

String

true

identityProviderId

String

true

Response fields

No response body.

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/user-identities/447c58f9-0dff-4867-ba1f-abe24f358d00/mapping' -i -X POST \
    -H 'Content-Type: application/json' \
    -d '{
  "auth0UserId" : "new-auth0-userId:2bbf23dd-1105-423f-96bc-c3f8630c1920",
  "identityProviderId" : "15921b28-2e4d-4926-a2da-fcf58b072b7b"
}'

Example response

HTTP/1.1 200 OK

API Account Identity

Find Api Account Identities

GET /api-account-identities

Authorization

This endpoint requires:

  • read action on this api-account-identity resource.

Query parameters

Supports standard paging query parameters.

Parameter Type Optional Description

tenantId

Object

true

Deprecated..

organizationId

Object

true

name

String

true

contactEmail

String

true

active

Boolean

true

includeDeleted

Boolean

true

Default value: 'false'.

provider

String

true

Must be one of [Auth0, Cognito].

Response fields

Standard paging response where content field is list of following objects:

Path Type Optional Description

id

String

true

organizationId

String

true

auth0ClientId

String

true

awsCognitoClientId

String

true

authenticationUrl

String

true

name

String

true

contactEmail

String

true

description

String

true

active

Boolean

true

createdAt

Object

true

updatedAt

Object

true

deletedAt

Object

true

email

String

true

tenantId

String

true

Deprecated..

type

String

true

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/api-account-identities' -i -X GET

Example response

HTTP/1.1 200 OK
Link: <https://gateway.netFoundry.io/identity/v1/api-account-identities?page=1>; rel="next", <https://gateway.netFoundry.io/identity/v1/api-account-identities?page=2>; rel="last"
Content-Type: application/json
Content-Length: 2035

[ {
  "id" : "04a3bb2b-2972-471e-8558-9c8623e29c72",
  "organizationId" : "3d4f586f-b1fe-4b18-9f66-1b3447c4a2a0",
  "auth0ClientId" : null,
  "awsCognitoClientId" : "7795121f-1014-4d79-b9ec-91a83574804e|usnrkmov",
  "authenticationUrl" : "https://netfoundry-test-fxfxyo.auth.us-east-1.amazoncognito.com/oauth2/token",
  "name" : "Testing Limits",
  "contactEmail" : "a@acme.com",
  "description" : "description",
  "active" : true,
  "createdAt" : {
    "nano" : 989260000,
    "epochSecond" : 1757551672
  },
  "updatedAt" : null,
  "deletedAt" : null,
  "email" : "a@acme.com",
  "tenantId" : "3d4f586f-b1fe-4b18-9f66-1b3447c4a2a0",
  "type" : "ApiAccountIdentity"
}, {
  "id" : "057a2bef-3e04-4876-b8dc-e39cb4c642f2",
  "organizationId" : "3d4f586f-b1fe-4b18-9f66-1b3447c4a2a0",
  "auth0ClientId" : "14a3fd07-1f78-430a-8c86-ee178fba3755",
  "awsCognitoClientId" : null,
  "authenticationUrl" : "https://netfoundry-sandbox.auth0.com/oauth/token",
  "name" : "HR Bridge Service",
  "contactEmail" : "hr.director@acme.com",
  "description" : "description goes here",
  "active" : true,
  "createdAt" : {
    "nano" : 909593000,
    "epochSecond" : 1757551672
  },
  "updatedAt" : null,
  "deletedAt" : null,
  "email" : "hr.director@acme.com",
  "tenantId" : "3d4f586f-b1fe-4b18-9f66-1b3447c4a2a0",
  "type" : "ApiAccountIdentity"
}, {
  "id" : "0dc7381f-1ee8-4a3e-8c8c-44e380a7aeea",
  "organizationId" : "3d4f586f-b1fe-4b18-9f66-1b3447c4a2a0",
  "auth0ClientId" : null,
  "awsCognitoClientId" : "7795121f-1014-4d79-b9ec-91a83574804e|pploeiwn",
  "authenticationUrl" : "https://netfoundry-test-fxfxyo.auth.us-east-1.amazoncognito.com/oauth2/token",
  "name" : "HR Bridge Service",
  "contactEmail" : "hr.director@acme.com",
  "description" : "description goes here",
  "active" : true,
  "createdAt" : {
    "nano" : 784509000,
    "epochSecond" : 1757551672
  },
  "updatedAt" : null,
  "deletedAt" : null,
  "email" : "hr.director@acme.com",
  "tenantId" : "3d4f586f-b1fe-4b18-9f66-1b3447c4a2a0",
  "type" : "ApiAccountIdentity"
} ]

Get Api Account Identity

GET /api-account-identities/{id:[a-fA-F0-9]{8}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{12}}

Authorization

This endpoint requires:

  • read action on this api-account-identity resource.

Path parameters

Parameter Type Optional Description

id

Object

false

Response fields

Path Type Optional Description

id

String

true

organizationId

String

true

auth0ClientId

String

true

awsCognitoClientId

String

true

authenticationUrl

String

true

name

String

true

contactEmail

String

true

description

String

true

active

Boolean

true

createdAt

Object

true

updatedAt

Object

true

deletedAt

Object

true

email

String

true

tenantId

String

true

Deprecated..

type

String

true

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/api-account-identities/dbd9db16-3cb0-4fcb-be09-8af88238fd21' -i -X GET

Example response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 718

{
  "id" : "dbd9db16-3cb0-4fcb-be09-8af88238fd21",
  "organizationId" : "3d4f586f-b1fe-4b18-9f66-1b3447c4a2a0",
  "auth0ClientId" : "15639a58-c375-4636-b516-2a6334bcc1c2",
  "awsCognitoClientId" : null,
  "authenticationUrl" : "http://127.0.0.1:1234/IdP/OAuth2/login",
  "name" : "api-account",
  "contactEmail" : "no-reply@acme.com",
  "description" : "This is an ACME non-interactive API client.",
  "active" : true,
  "createdAt" : {
    "nano" : 697214000,
    "epochSecond" : 1757551666
  },
  "updatedAt" : {
    "nano" : 798990000,
    "epochSecond" : 1757551668
  },
  "deletedAt" : null,
  "email" : "no-reply@acme.com",
  "tenantId" : "3d4f586f-b1fe-4b18-9f66-1b3447c4a2a0",
  "type" : "ApiAccountIdentity"
}

Get Api Account Identity By Mapping

GET /api-account-identities/mapping/{clientId}

Authorization

This endpoint requires:

  • read action on this api-account-identity resource.

Path parameters

Parameter Type Optional Description

clientId

String

false

Response fields

Path Type Optional Description

id

String

true

organizationId

String

true

auth0ClientId

String

true

awsCognitoClientId

String

true

authenticationUrl

String

true

name

String

true

contactEmail

String

true

description

String

true

active

Boolean

true

createdAt

Object

true

updatedAt

Object

true

deletedAt

Object

true

email

String

true

tenantId

String

true

Deprecated..

type

String

true

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/api-account-identities/mapping/24ccb3e9-00f2-42e5-a549-a4b14fc6f533' -i -X GET

Example response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 682

{
  "id" : "4820e4fb-a2f8-4e43-9aaa-a1b3fef976bb",
  "organizationId" : "3d4f586f-b1fe-4b18-9f66-1b3447c4a2a0",
  "auth0ClientId" : "24ccb3e9-00f2-42e5-a549-a4b14fc6f533",
  "awsCognitoClientId" : null,
  "authenticationUrl" : "http://127.0.0.1:1234/IdP/OAuth2/login",
  "name" : "ACME Internal Service-31",
  "contactEmail" : "service.admin-32@foo.com",
  "description" : "updatable API Account description-33",
  "active" : true,
  "createdAt" : {
    "nano" : 527195000,
    "epochSecond" : 1757551706
  },
  "updatedAt" : null,
  "deletedAt" : null,
  "email" : "service.admin-32@foo.com",
  "tenantId" : "3d4f586f-b1fe-4b18-9f66-1b3447c4a2a0",
  "type" : "ApiAccountIdentity"
}

Create Api Account Identity

POST /api-account-identities

Authorization

This endpoint requires:

  • create action on this api-account-identity resource.

Request fields

Path Type Optional Description

organizationId

String

true

name

String

true

contactEmail

String

true

description

String

true

grantDefaultRoles

Boolean

true

provider

String

true

Must be one of [Auth0, Cognito].

Response fields

Path Type Optional Description

apiAccountIdentity

Object

true

apiAccountIdentity.id

String

true

apiAccountIdentity.organizationId

String

true

apiAccountIdentity.auth0ClientId

String

true

apiAccountIdentity.awsCognitoClientId

String

true

apiAccountIdentity.authenticationUrl

String

true

apiAccountIdentity.name

String

true

apiAccountIdentity.contactEmail

String

true

apiAccountIdentity.description

String

true

apiAccountIdentity.active

Boolean

true

apiAccountIdentity.createdAt

Object

true

apiAccountIdentity.updatedAt

Object

true

apiAccountIdentity.deletedAt

Object

true

apiAccountIdentity.email

String

true

apiAccountIdentity.tenantId

String

true

Deprecated..

apiAccountIdentity.type

String

true

clientId

String

true

password

String

true

authenticationUrl

String

true

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/api-account-identities' -i -X POST \
    -H 'Content-Type: application/json' \
    -d '{
  "organizationId" : "3d4f586f-b1fe-4b18-9f66-1b3447c4a2a0",
  "name" : "HR Bridge Service",
  "contactEmail" : "hr.director@acme.com",
  "description" : "description goes here",
  "grantDefaultRoles" : true,
  "provider" : "Cognito"
}'

Example response

HTTP/1.1 201 Created
Content-Type: application/json
Content-Length: 940

{
  "apiAccountIdentity" : {
    "id" : "0dc7381f-1ee8-4a3e-8c8c-44e380a7aeea",
    "organizationId" : "3d4f586f-b1fe-4b18-9f66-1b3447c4a2a0",
    "auth0ClientId" : null,
    "awsCognitoClientId" : "7795121f-1014-4d79-b9ec-91a83574804e|pploeiwn",
    "authenticationUrl" : "https://netfoundry-test-fxfxyo.auth.us-east-1.amazoncognito.com/oauth2/token",
    "name" : "HR Bridge Service",
    "contactEmail" : "hr.director@acme.com",
    "description" : "description goes here",
    "active" : true,
    "createdAt" : {
      "nano" : 784509000,
      "epochSecond" : 1757551672
    },
    "updatedAt" : null,
    "deletedAt" : null,
    "email" : "hr.director@acme.com",
    "tenantId" : "3d4f586f-b1fe-4b18-9f66-1b3447c4a2a0",
    "type" : "ApiAccountIdentity"
  },
  "clientId" : "pploeiwn",
  "password" : "ohlrtembxlncwnefibssyttm",
  "authenticationUrl" : "https://netfoundry-test-fxfxyo.auth.us-east-1.amazoncognito.com/oauth2/token"
}

Update Identity Info

PUT /api-account-identities/{id}

Authorization

This endpoint requires:

  • update action on this api-account-identity resource.

Path parameters

Parameter Type Optional Description

id

Object

false

Request fields

Path Type Optional Description

name

String

true

contactEmail

String

true

description

String

true

Response fields

Path Type Optional Description

id

String

true

organizationId

String

true

auth0ClientId

String

true

awsCognitoClientId

String

true

authenticationUrl

String

true

name

String

true

contactEmail

String

true

description

String

true

active

Boolean

true

createdAt

Object

true

updatedAt

Object

true

deletedAt

Object

true

email

String

true

tenantId

String

true

Deprecated..

type

String

true

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/api-account-identities/e8a4a12e-7424-4565-9658-cb300060a958' -i -X PUT \
    -H 'Content-Type: application/json' \
    -d '{
  "name" : "Robot",
  "contactEmail" : "robot@acme.com",
  "description" : "description here."
}'

Example response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 680

{
  "id" : "e8a4a12e-7424-4565-9658-cb300060a958",
  "organizationId" : "3d4f586f-b1fe-4b18-9f66-1b3447c4a2a0",
  "auth0ClientId" : "be8e0fb3-3962-47c1-a63b-f7afbb3c3261",
  "awsCognitoClientId" : null,
  "authenticationUrl" : "http://127.0.0.1:1234/IdP/OAuth2/login",
  "name" : "Robot",
  "contactEmail" : "robot@acme.com",
  "description" : "description here.",
  "active" : true,
  "createdAt" : {
    "nano" : 721224000,
    "epochSecond" : 1757551666
  },
  "updatedAt" : {
    "nano" : 604696000,
    "epochSecond" : 1757551667
  },
  "deletedAt" : null,
  "email" : "robot@acme.com",
  "tenantId" : "3d4f586f-b1fe-4b18-9f66-1b3447c4a2a0",
  "type" : "ApiAccountIdentity"
}

Activate Or Deactivate Api Account Identity

PUT /api-account-identities/{id}/{action:activate|deactivate}

Authorization

This endpoint requires:

  • update-active action on this api-account-identity resource.

Path parameters

Parameter Type Optional Description

id

Object

false

action

String

false

Response fields

Path Type Optional Description

id

String

true

organizationId

String

true

auth0ClientId

String

true

awsCognitoClientId

String

true

authenticationUrl

String

true

name

String

true

contactEmail

String

true

description

String

true

active

Boolean

true

createdAt

Object

true

updatedAt

Object

true

deletedAt

Object

true

email

String

true

tenantId

String

true

Deprecated..

type

String

true

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/api-account-identities/d6b2d3ac-f761-41a7-b4b0-d6147868036b/deactivate' -i -X PUT

Example response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 739

{
  "id" : "d6b2d3ac-f761-41a7-b4b0-d6147868036b",
  "organizationId" : "3d4f586f-b1fe-4b18-9f66-1b3447c4a2a0",
  "auth0ClientId" : "a2af03db-287e-4921-b3f4-690b6ded1390",
  "awsCognitoClientId" : null,
  "authenticationUrl" : "http://127.0.0.1:1234/IdP/OAuth2/login",
  "name" : "ACME Internal Service-25",
  "contactEmail" : "service.admin-26@foo.com",
  "description" : "updatable API Account description-27",
  "active" : false,
  "createdAt" : {
    "nano" : 284148000,
    "epochSecond" : 1757551706
  },
  "updatedAt" : {
    "nano" : 318747000,
    "epochSecond" : 1757551706
  },
  "deletedAt" : null,
  "email" : "service.admin-26@foo.com",
  "tenantId" : "3d4f586f-b1fe-4b18-9f66-1b3447c4a2a0",
  "type" : "ApiAccountIdentity"
}

Invitation

Find Invitations

GET /invitations

Authorization

This endpoint requires:

  • read action on this invitation resource.

Query parameters

Supports standard paging query parameters.

Parameter Type Optional Description

fromIdentityId

Object

true

toTenantId

Object

true

Deprecated..

toOrganizationId

Object

true

invitedEmailAddress

String

true

targetIdentityId

Object

true

states

Object

true

Must be one of [Open, Accepted, Declined, Expired, Revoked].

Response fields

Standard paging response where content field is list of following objects:

Path Type Optional Description

id

String

true

fromIdentityId

String

true

toOrganizationId

String

true

invitedEmailAddress

String

true

expiration

Object

true

targetUserIdentityId

String

true

accepted

Boolean

true

revokedAt

Object

true

responseReceivedAt

Object

true

state

String

true

toTenantId

String

true

Deprecated..

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/invitations' -i -X GET

Example response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 526

[ {
  "id" : "7e5968f9-4fba-4279-ae1c-fe899d559ae6",
  "fromIdentityId" : "a041e886-ac05-4773-9b5f-c63bb686e80d",
  "toOrganizationId" : "3d4f586f-b1fe-4b18-9f66-1b3447c4a2a0",
  "invitedEmailAddress" : "new.employee@acme.com",
  "expiration" : {
    "nano" : 50584000,
    "epochSecond" : 1758156520
  },
  "targetUserIdentityId" : "09cc7ec2-e076-4559-8f35-834ccb257b4f",
  "accepted" : null,
  "revokedAt" : null,
  "responseReceivedAt" : null,
  "state" : "Open",
  "toTenantId" : "3d4f586f-b1fe-4b18-9f66-1b3447c4a2a0"
} ]

Get Invitation By Id

GET /invitations/{id:[a-fA-F0-9]{8}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{12}}

Authorization

This endpoint requires:

  • read action on this invitation resource.

Path parameters

Parameter Type Optional Description

id

Object

false

Response fields

Path Type Optional Description

id

String

true

fromIdentityId

String

true

toOrganizationId

String

true

invitedEmailAddress

String

true

expiration

Object

true

targetUserIdentityId

String

true

accepted

Boolean

true

revokedAt

Object

true

responseReceivedAt

Object

true

state

String

true

toTenantId

String

true

Deprecated..

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/invitations/8586ac95-afdc-44d2-8f0c-57b68885832d' -i -X GET

Example response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 527

{
  "id" : "8586ac95-afdc-44d2-8f0c-57b68885832d",
  "fromIdentityId" : "2e9932c7-7d7d-4b8b-adbf-6a9c911a6817",
  "toOrganizationId" : "3d4f586f-b1fe-4b18-9f66-1b3447c4a2a0",
  "invitedEmailAddress" : "new.employee-233@acme.com",
  "expiration" : {
    "nano" : 437284000,
    "epochSecond" : 1758156520
  },
  "targetUserIdentityId" : "cc63b27b-ee4a-46dd-b8d7-5dc4cf4a8994",
  "accepted" : null,
  "revokedAt" : null,
  "responseReceivedAt" : null,
  "state" : "Open",
  "toTenantId" : "3d4f586f-b1fe-4b18-9f66-1b3447c4a2a0"
}

Create Invitation

POST /invitations

Authorization

This endpoint requires:

  • create action on this invitation resource.

  • read action on the user-identity resource identified by the targetUserIdentityId property.

Request fields

Path Type Optional Description

toOrganizationId

String

true

invitedEmailAddress

String

true

invitationUrl

String

true

targetUserIdentityId

String

true

brandingOrganizationId

String

true

Response fields

Path Type Optional Description

id

String

true

fromIdentityId

String

true

toOrganizationId

String

true

invitedEmailAddress

String

true

expiration

Object

true

targetUserIdentityId

String

true

accepted

Boolean

true

revokedAt

Object

true

responseReceivedAt

Object

true

state

String

true

toTenantId

String

true

Deprecated..

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/invitations' -i -X POST \
    -H 'Content-Type: application/json' \
    -d '{
  "toOrganizationId" : "3d4f586f-b1fe-4b18-9f66-1b3447c4a2a0",
  "invitedEmailAddress" : "new.employee@acme.com",
  "invitationUrl" : "http://acme.console.netfoundry.io/invitation",
  "targetUserIdentityId" : "09cc7ec2-e076-4559-8f35-834ccb257b4f",
  "brandingOrganizationId" : null
}'

Example response

HTTP/1.1 201 Created
Content-Type: application/json
Content-Length: 522

{
  "id" : "7e5968f9-4fba-4279-ae1c-fe899d559ae6",
  "fromIdentityId" : "a041e886-ac05-4773-9b5f-c63bb686e80d",
  "toOrganizationId" : "3d4f586f-b1fe-4b18-9f66-1b3447c4a2a0",
  "invitedEmailAddress" : "new.employee@acme.com",
  "expiration" : {
    "nano" : 50584000,
    "epochSecond" : 1758156520
  },
  "targetUserIdentityId" : "09cc7ec2-e076-4559-8f35-834ccb257b4f",
  "accepted" : null,
  "revokedAt" : null,
  "responseReceivedAt" : null,
  "state" : "Open",
  "toTenantId" : "3d4f586f-b1fe-4b18-9f66-1b3447c4a2a0"
}

Respond To Invitation

PUT /invitations/{id:[a-fA-F0-9]{8}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{12}}/{action:accept|decline}

Authorization

This endpoint requires:

  • update-respond action on this invitation resource.

Path parameters

Parameter Type Optional Description

id

Object

false

action

String

false

Response fields

Path Type Optional Description

id

String

true

fromIdentityId

String

true

toOrganizationId

String

true

invitedEmailAddress

String

true

expiration

Object

true

targetUserIdentityId

String

true

accepted

Boolean

true

revokedAt

Object

true

responseReceivedAt

Object

true

state

String

true

toTenantId

String

true

Deprecated..

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/invitations/776a79aa-37c2-48f6-b732-0fa1f21bbda7/decline' -i -X PUT

Example response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 588

{
  "id" : "776a79aa-37c2-48f6-b732-0fa1f21bbda7",
  "fromIdentityId" : "2e9932c7-7d7d-4b8b-adbf-6a9c911a6817",
  "toOrganizationId" : "3d4f586f-b1fe-4b18-9f66-1b3447c4a2a0",
  "invitedEmailAddress" : "new.employee-230@acme.com",
  "expiration" : {
    "nano" : 373975000,
    "epochSecond" : 1758156520
  },
  "targetUserIdentityId" : "783a34b7-5454-4152-84b8-73f2c686baa9",
  "accepted" : false,
  "revokedAt" : null,
  "responseReceivedAt" : {
    "nano" : 386567000,
    "epochSecond" : 1757551720
  },
  "state" : "Declined",
  "toTenantId" : "3d4f586f-b1fe-4b18-9f66-1b3447c4a2a0"
}

Revoke Invitation

PUT /invitations/{id:[a-fA-F0-9]{8}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{12}}/revoke

Authorization

This endpoint requires:

  • update-revoke action on this invitation resource.

Path parameters

Parameter Type Optional Description

id

Object

false

Response fields

Path Type Optional Description

id

String

true

fromIdentityId

String

true

toOrganizationId

String

true

invitedEmailAddress

String

true

expiration

Object

true

targetUserIdentityId

String

true

accepted

Boolean

true

revokedAt

Object

true

responseReceivedAt

Object

true

state

String

true

toTenantId

String

true

Deprecated..

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/invitations/07dcc2e0-0310-4fcb-a86d-fbe14a4c047b/revoke' -i -X PUT

Example response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 642

{
  "id" : "07dcc2e0-0310-4fcb-a86d-fbe14a4c047b",
  "fromIdentityId" : "2e9932c7-7d7d-4b8b-adbf-6a9c911a6817",
  "toOrganizationId" : "3d4f586f-b1fe-4b18-9f66-1b3447c4a2a0",
  "invitedEmailAddress" : "new.employee-236@acme.com",
  "expiration" : {
    "nano" : 493235000,
    "epochSecond" : 1758156520
  },
  "targetUserIdentityId" : "60e75509-d12c-4dad-a709-c5594155f0fe",
  "accepted" : null,
  "revokedAt" : {
    "nano" : 504624000,
    "epochSecond" : 1757551720
  },
  "responseReceivedAt" : {
    "nano" : 504628000,
    "epochSecond" : 1757551720
  },
  "state" : "Revoked",
  "toTenantId" : "3d4f586f-b1fe-4b18-9f66-1b3447c4a2a0"
}

Support

Create Support Request

POST /nfconsole/support/requests

Authorization

Authorization not required for this request.

Request fields

Path Type Optional Description

name

String

true

email

String

true

selectedOrganizationId

String

true

selectedNetworkId

String

true

subject

String

true

comment

String

true

type

String

true

Must be one of [problem, incident, question, task].

priority

String

true

Must be one of [urgent, high, normal, low].

severity

String

true

Must be one of [Severity1, Severity2, Severity3].

recentErrorMessages

Array[String]

true

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/nfconsole/support/requests' -i -X POST \
    -H 'Content-Type: application/json' \
    -d '{
  "name" : "Curious George",
  "email" : "george@curious-client.com",
  "selectedOrganizationId" : null,
  "selectedNetworkId" : null,
  "subject" : "Sales Contact Request",
  "comment" : "This looks great!  I'd like a sales rep to contact me.",
  "type" : "question",
  "priority" : "high",
  "severity" : "Severity3",
  "recentErrorMessages" : null
}'

Example response

HTTP/1.1 200 OK

Invitation Flow

Get Invitation By Key

GET /invitations/key/{key:\p{Alnum}{36}}

Authorization

Authorization not required for this request.

Path parameters

Parameter Type Optional Description

key

String

false

Response fields

Path Type Optional Description

fromIdentity

Object

true

fromIdentity.name

String

true

fromIdentity.email

String

true

targetIdentity

Object

true

targetIdentity.name

String

true

targetIdentity.email

String

true

invitedEmailAddress

String

true

toOrganizationName

String

true

toOrganizationLabel

String

true

expiration

Object

true

accepted

Boolean

true

state

String

true

Must be one of [Open, Accepted, Declined, Expired, Revoked].

toTenantName

String

true

Deprecated..

toTenantLabel

String

true

Deprecated..

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/invitations/key/oAHAf3bWV1b7gqkmFXVNU4MVMmMRWGR7YCGs' -i -X GET

Example response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 519

{
  "fromIdentity" : {
    "name" : "John Doe",
    "email" : "john.doe@acme.com"
  },
  "targetIdentity" : {
    "name" : "First Last",
    "email" : "random-243@acme.com"
  },
  "invitedEmailAddress" : "new.employee-245@acme.com",
  "toOrganizationName" : "ACME International, Inc.",
  "toOrganizationLabel" : "ACME-2",
  "expiration" : {
    "nano" : 907689000,
    "epochSecond" : 1758156520
  },
  "accepted" : null,
  "state" : "Open",
  "toTenantName" : "ACME International, Inc.",
  "toTenantLabel" : "ACME-2"
}

Decline Invitation

PUT /invitations/key/{key:\p{Alnum}{36}}/decline

Authorization

Authorization not required for this request.

Path parameters

Parameter Type Optional Description

key

String

false

Response fields

Path Type Optional Description

fromIdentity

Object

true

fromIdentity.name

String

true

fromIdentity.email

String

true

targetIdentity

Object

true

targetIdentity.name

String

true

targetIdentity.email

String

true

invitedEmailAddress

String

true

toOrganizationName

String

true

toOrganizationLabel

String

true

expiration

Object

true

accepted

Boolean

true

state

String

true

Must be one of [Open, Accepted, Declined, Expired, Revoked].

toTenantName

String

true

Deprecated..

toTenantLabel

String

true

Deprecated..

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/invitations/key/ZrmIHH9ltKqS4omzhhmP46hj27lNyg63j97l/decline' -i -X PUT

Example response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 524

{
  "fromIdentity" : {
    "name" : "John Doe",
    "email" : "john.doe@acme.com"
  },
  "targetIdentity" : {
    "name" : "First Last",
    "email" : "random-240@acme.com"
  },
  "invitedEmailAddress" : "new.employee-242@acme.com",
  "toOrganizationName" : "ACME International, Inc.",
  "toOrganizationLabel" : "ACME-2",
  "expiration" : {
    "nano" : 810190000,
    "epochSecond" : 1758156520
  },
  "accepted" : false,
  "state" : "Declined",
  "toTenantName" : "ACME International, Inc.",
  "toTenantLabel" : "ACME-2"
}

Initiate Accept Invitation

POST /invitations/key/{key:\p{Alnum}{36}}/accept-initiate

Authorization

Authorization not required for this request.

Path parameters

Parameter Type Optional Description

key

String

false

Request fields

Path Type Optional Description

intermediateReturnUrl

String

true

Response fields

Path Type Optional Description

nfToken

String

true

auth0ConnectionIds

Array[String]

true

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/invitations/key/QMfhA8vukOyhUkA3ObVjEsUcPaO7NoxKUzTL/accept-initiate' -i -X POST \
    -H 'Content-Type: application/json' \
    -d '{
  "intermediateReturnUrl" : "http://console.nfadmin.netfoundry.io/invitation"
}'

Example response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 981

{
  "nfToken" : "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpYXQiOjE3NTc1NTE3MjAsImV4cCI6MTc1NzU1MjYyMCwiaXNzIjoiaHR0cDovL2xvY2FsaG9zdDo4MDgwL2lkZW50aXR5L3YxIiwiYXVkIjoiaHR0cHM6Ly9uZXRmb3VuZHJ5LXNhbmRib3guYXV0aDAuY29tLyIsImZsb3ciOiJpbnZpdGF0aW9uIiwiaW52aXRhdGlvbklkIjoiMjUxMTU0YjgtYjk4Mi00NTU1LWIzNTMtN2U4ZTMwZWJlOTUxIiwidGVuYW50TGFiZWwiOiJBQ01FLTIiLCJhdXRoMENvbm5lY3Rpb25JZHMiOlsiYXV0aDAtb3BhcXVlLWNvbm5lY3Rpb25JZC00IiwiYXV0aDAtb3BhcXVlLWNvbm5lY3Rpb25JZC0zIl0sInJlZGlyZWN0VXJsIjoiaHR0cDovL2NvbnNvbGUubmZhZG1pbi5uZXRmb3VuZHJ5LmlvL2ludml0YXRpb24ifQ.tWjeMpcg74qexTiaFQzCI1G7rcJFi7UcBYYRwX0Yi2Rh3ONBjlJB6LaOnMC32bD4mqiorVL1W0Itx5H7nH4ixDQH5L0x0PU05mbCLNAMaAgeyhk4QSlIQH6F6wviPGZcQMmAOmGtAeoxMnQ1QR670beV6wp1eQnSZdvOS87ShD-kt069j6QkAvrIdwcWzlqhym3LD8fUGs_lwZGWVGPI3gKxRkBT6qo5hh6A7LtrvzugtroULBFjXHONHBvsJRN3TlQ3ANu9sxCLpjkgueHM_kM07OsrJuk6kmvSMjp8cd1RG1wAEiYde6i4fUPuh311xRPqsk15cpCkl7Y110ITVQ",
  "auth0ConnectionIds" : [ "auth0-opaque-connectionId-4", "auth0-opaque-connectionId-3" ]
}

Login Flow

Initiate Interactive Authorization

POST /organizations/authorize-initiate

Authorization

Authorization not required for this request.

Request fields

Path Type Optional Description

realmLabel

String

true

label

String

true

intermediateReturnUrl

String

true

Response fields

Path Type Optional Description

nfToken

String

true

auth0ConnectionIds

Array[String]

true

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/organizations/authorize-initiate' -i -X POST \
    -H 'Content-Type: application/json' \
    -d '{
  "realmLabel" : "netfoundry",
  "label" : "ACME-2",
  "intermediateReturnUrl" : "http://console.nfadmin.netfoundry.io/invitation"
}'

Example response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 902

{
  "nfToken" : "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpYXQiOjE3NTc1NTE3MjEsImV4cCI6MTc1NzU1MjYyMSwiaXNzIjoiaHR0cDovL2xvY2FsaG9zdDo4MDgwL2lkZW50aXR5L3YxIiwiYXVkIjoiaHR0cHM6Ly9uZXRmb3VuZHJ5LXNhbmRib3guYXV0aDAuY29tLyIsImZsb3ciOiJsb2dpbiIsInRlbmFudExhYmVsIjoiQUNNRS0yIiwiYXV0aDBDb25uZWN0aW9uSWRzIjpbImF1dGgwLW9wYXF1ZS1jb25uZWN0aW9uSWQtNCIsImF1dGgwLW9wYXF1ZS1jb25uZWN0aW9uSWQtMyJdLCJyZWRpcmVjdFVybCI6Imh0dHA6Ly9jb25zb2xlLm5mYWRtaW4ubmV0Zm91bmRyeS5pby9pbnZpdGF0aW9uIn0.l7HLja8acuSgH0tgeSsuKtOi_JW0cPL3FoMITp63UGh484rRNY-OWS5xlcpvZzeK6Wt8rziqqE0Rajlognj0eelShsbwbzNtfqN5m8GFkb7fIUwM25bHL3808eZCuB4stSe0wVvsgA_hLcNUZs0lGOKRRKAvoqPoSRoEq_9DRaiYYnqNAUvomiRPb7UeD9RPmol_EHRh6nIzmyyJ-5p-4u6pY7RhdVG7bxOSzdjq5_TZh0EI7iNX7k4qHFId187X_gLIDkuQDsWaXN8BvA1oRHuzjgeqdTYKaZkNy1AL5xTI-GIEbjlex1hgiZuLXHsf4HjhdBCrz-zDsKZEgvCkcA",
  "auth0ConnectionIds" : [ "auth0-opaque-connectionId-4", "auth0-opaque-connectionId-3" ]
}

Identity Preference Flow

Find Identity Preferences

GET /identity-preferences

Authorization

This endpoint requires:

  • read action on this identity-preference resource.

Response fields

Standard paging response where content field is list of following objects:

Path Type Optional Description

id

String

true

userIdentityId

String

true

preferences

Object

true

createdBy

String

true

createdAt

Object

true

updatedAt

Object

true

deletedBy

String

true

deletedAt

Object

true

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/identity-preferences' -i -X GET

Example response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 1283

[ {
  "id" : "89ba142b-c220-4433-ab15-08f2e3bab250",
  "userIdentityId" : "0e161a56-335e-43c0-9c58-7a25b78bbc73",
  "preferences" : {
    "first" : "my first preference."
  },
  "createdBy" : "0e161a56-335e-43c0-9c58-7a25b78bbc73",
  "createdAt" : {
    "nano" : 200173000,
    "epochSecond" : 1757551716
  },
  "updatedAt" : {
    "nano" : 200173000,
    "epochSecond" : 1757551716
  },
  "deletedBy" : null,
  "deletedAt" : null
}, {
  "id" : "93b619c8-d071-4850-a963-52f069f891a4",
  "userIdentityId" : "144df907-7908-45b0-85e6-3ebab3ede7b4",
  "preferences" : {
    "hello" : "world"
  },
  "createdBy" : "144df907-7908-45b0-85e6-3ebab3ede7b4",
  "createdAt" : {
    "nano" : 264174000,
    "epochSecond" : 1757551716
  },
  "updatedAt" : {
    "nano" : 264174000,
    "epochSecond" : 1757551716
  },
  "deletedBy" : null,
  "deletedAt" : null
}, {
  "id" : "d1242947-8eb3-477f-b1b4-8dab4660c775",
  "userIdentityId" : "d417f970-2d10-4880-b44f-9dc7484a1e36",
  "preferences" : {
    "first" : "my first preference."
  },
  "createdBy" : "d417f970-2d10-4880-b44f-9dc7484a1e36",
  "createdAt" : {
    "nano" : 133463000,
    "epochSecond" : 1757551716
  },
  "updatedAt" : {
    "nano" : 133463000,
    "epochSecond" : 1757551716
  },
  "deletedBy" : null,
  "deletedAt" : null
} ]

Get Identity Preference

GET /identity-preferences/{id:[a-fA-F0-9]{8}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{12}}

Authorization

This endpoint requires:

  • read action on this identity-preference resource.

Path parameters

Parameter Type Optional Description

id

Object

false

Response fields

Path Type Optional Description

id

String

true

userIdentityId

String

true

preferences

Object

true

createdBy

String

true

createdAt

Object

true

updatedAt

Object

true

deletedBy

String

true

deletedAt

Object

true

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/identity-preferences/5cfbb338-5290-49f3-91a7-4f03bd297fba' -i -X GET

Example response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 415

{
  "id" : "5cfbb338-5290-49f3-91a7-4f03bd297fba",
  "userIdentityId" : "1c41f633-8720-44c8-92f9-53ddd63d62fe",
  "preferences" : {
    "hello" : "world"
  },
  "createdBy" : "1c41f633-8720-44c8-92f9-53ddd63d62fe",
  "createdAt" : {
    "nano" : 892083000,
    "epochSecond" : 1757551717
  },
  "updatedAt" : {
    "nano" : 892083000,
    "epochSecond" : 1757551717
  },
  "deletedBy" : null,
  "deletedAt" : null
}

Upsert Identity Preference

POST /identity-preferences

Authorization

This endpoint requires no specific permission, only an authenticated client.

Request fields

Path Type Optional Description

userIdentityId

String

true

preferences

Object

true

Response fields

Path Type Optional Description

id

String

true

userIdentityId

String

true

preferences

Object

true

createdBy

String

true

createdAt

Object

true

updatedAt

Object

true

deletedBy

String

true

deletedAt

Object

true

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/identity-preferences' -i -X POST \
    -H 'Content-Type: application/json' \
    -d '{
  "userIdentityId" : null,
  "preferences" : {
    "first" : "my first preference."
  }
}'

Example response

HTTP/1.1 201 Created
Content-Type: application/json
Content-Length: 430

{
  "id" : "5d043118-c3f7-4262-b395-fe9c851396da",
  "userIdentityId" : "e7ceaa7f-16f0-44d3-bae7-b57174dfe2b1",
  "preferences" : {
    "first" : "my first preference."
  },
  "createdBy" : "e7ceaa7f-16f0-44d3-bae7-b57174dfe2b1",
  "createdAt" : {
    "nano" : 790330000,
    "epochSecond" : 1757551716
  },
  "updatedAt" : {
    "nano" : 790330000,
    "epochSecond" : 1757551716
  },
  "deletedBy" : null,
  "deletedAt" : null
}

Upsert Identity Preference By Id

PUT /identity-preferences/{id:[a-fA-F0-9]{8}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{12}}

Authorization

This endpoint requires:

  • create action on this identity-preference resource.

  • update action on this identity-preference resource.

Path parameters

Parameter Type Optional Description

id

Object

false

Request fields

Path Type Optional Description

userIdentityId

String

true

preferences

Object

true

Response fields

Path Type Optional Description

id

String

true

userIdentityId

String

true

preferences

Object

true

createdBy

String

true

createdAt

Object

true

updatedAt

Object

true

deletedBy

String

true

deletedAt

Object

true

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/identity-preferences/714c2c77-f222-4628-a18a-400352027cef' -i -X PUT \
    -H 'Content-Type: application/json' \
    -d '{
  "preferences" : {
    "updated" : "my second preference."
  }
}'

Example response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 433

{
  "id" : "714c2c77-f222-4628-a18a-400352027cef",
  "userIdentityId" : "abbc5416-4dad-4752-a4f6-5dc6d6042737",
  "preferences" : {
    "updated" : "my second preference."
  },
  "createdBy" : "abbc5416-4dad-4752-a4f6-5dc6d6042737",
  "createdAt" : {
    "nano" : 801375000,
    "epochSecond" : 1757551718
  },
  "updatedAt" : {
    "nano" : 814643000,
    "epochSecond" : 1757551718
  },
  "deletedBy" : null,
  "deletedAt" : null
}

Delete Identity Preference By Id

DELETE /identity-preferences/{id:[a-fA-F0-9]{8}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{12}}

Authorization

This endpoint requires:

  • delete action on this identity-preference resource.

Path parameters

Parameter Type Optional Description

id

Object

false

Response fields

Path Type Optional Description

id

String

true

userIdentityId

String

true

preferences

Object

true

createdBy

String

true

createdAt

Object

true

updatedAt

Object

true

deletedBy

String

true

deletedAt

Object

true

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/identity-preferences/63e43870-6b34-4c00-9088-e0af4ea4ed2d' -i -X DELETE

Example response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 505

{
  "id" : "63e43870-6b34-4c00-9088-e0af4ea4ed2d",
  "userIdentityId" : "ee4e8e85-994c-4d3b-b714-bc203117c552",
  "preferences" : {
    "hello" : "world"
  },
  "createdBy" : "ee4e8e85-994c-4d3b-b714-bc203117c552",
  "createdAt" : {
    "nano" : 471558000,
    "epochSecond" : 1757551717
  },
  "updatedAt" : {
    "nano" : 490653000,
    "epochSecond" : 1757551717
  },
  "deletedBy" : "d8b73a0d-338e-49fe-a94c-072ced99705e",
  "deletedAt" : {
    "nano" : 490000000,
    "epochSecond" : 1757551717
  }
}

Organization Preference Flow

Find Organization Preferences

GET /organization-preferences

Authorization

This endpoint requires:

  • read action on this organization-preference resource.

Response fields

Standard paging response where content field is list of following objects:

Path Type Optional Description

id

String

true

organizationId

String

true

preferences

Object

true

createdBy

String

true

createdAt

Object

true

updatedAt

Object

true

deletedBy

String

true

deletedAt

Object

true

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/organization-preferences' -i -X GET

Example response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 1268

[ {
  "id" : "8049dd76-5329-482c-a06e-bd8d9f8bf9bd",
  "organizationId" : "aeeee400-7d09-4f22-be50-92168ab352ff",
  "preferences" : {
    "hello" : "world"
  },
  "createdBy" : "122075ed-b2a7-455b-a555-2fabb79f200e",
  "createdAt" : {
    "nano" : 633926000,
    "epochSecond" : 1757551726
  },
  "updatedAt" : {
    "nano" : 633926000,
    "epochSecond" : 1757551726
  },
  "deletedBy" : null,
  "deletedAt" : null
}, {
  "id" : "b1963df9-74af-40e6-87f3-f7508eb2bf0d",
  "organizationId" : "58ca0531-3b7c-4be9-b4b4-e454ec48eb74",
  "preferences" : {
    "first" : "my first preference."
  },
  "createdBy" : "dd91ac4e-35dd-40a0-babb-d65144995fdf",
  "createdAt" : {
    "nano" : 509842000,
    "epochSecond" : 1757551726
  },
  "updatedAt" : {
    "nano" : 509842000,
    "epochSecond" : 1757551726
  },
  "deletedBy" : null,
  "deletedAt" : null
}, {
  "id" : "ef38b3e5-7851-4d27-8dcd-a45def307268",
  "organizationId" : "4a35d624-0afa-4df4-8291-6fd6b240d58c",
  "preferences" : {
    "hello" : "world"
  },
  "createdBy" : "2ee15536-54f6-4a80-aa89-68f643aaafc4",
  "createdAt" : {
    "nano" : 413236000,
    "epochSecond" : 1757551726
  },
  "updatedAt" : {
    "nano" : 413236000,
    "epochSecond" : 1757551726
  },
  "deletedBy" : null,
  "deletedAt" : null
} ]

Get Organization Preference

GET /organization-preferences/{id:[a-fA-F0-9]{8}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{12}}

Authorization

This endpoint requires:

  • read action on this organization-preference resource.

Path parameters

Parameter Type Optional Description

id

Object

false

Response fields

Path Type Optional Description

id

String

true

organizationId

String

true

preferences

Object

true

createdBy

String

true

createdAt

Object

true

updatedAt

Object

true

deletedBy

String

true

deletedAt

Object

true

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/organization-preferences/8049dd76-5329-482c-a06e-bd8d9f8bf9bd' -i -X GET

Example response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 415

{
  "id" : "8049dd76-5329-482c-a06e-bd8d9f8bf9bd",
  "organizationId" : "aeeee400-7d09-4f22-be50-92168ab352ff",
  "preferences" : {
    "hello" : "world"
  },
  "createdBy" : "122075ed-b2a7-455b-a555-2fabb79f200e",
  "createdAt" : {
    "nano" : 633926000,
    "epochSecond" : 1757551726
  },
  "updatedAt" : {
    "nano" : 633926000,
    "epochSecond" : 1757551726
  },
  "deletedBy" : null,
  "deletedAt" : null
}

Create Organization Preference

POST /organization-preferences

Authorization

This endpoint requires:

  • create action on this organization-preference resource.

Request fields

Path Type Optional Description

organizationId

String

true

preferences

Object

true

Response fields

Path Type Optional Description

id

String

true

organizationId

String

true

preferences

Object

true

createdBy

String

true

createdAt

Object

true

updatedAt

Object

true

deletedBy

String

true

deletedAt

Object

true

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/organization-preferences' -i -X POST \
    -H 'Content-Type: application/json' \
    -d '{
  "organizationId" : "58ca0531-3b7c-4be9-b4b4-e454ec48eb74",
  "preferences" : {
    "first" : "my first preference."
  }
}'

Example response

HTTP/1.1 201 Created
Content-Type: application/json
Content-Length: 430

{
  "id" : "b1963df9-74af-40e6-87f3-f7508eb2bf0d",
  "organizationId" : "58ca0531-3b7c-4be9-b4b4-e454ec48eb74",
  "preferences" : {
    "first" : "my first preference."
  },
  "createdBy" : "dd91ac4e-35dd-40a0-babb-d65144995fdf",
  "createdAt" : {
    "nano" : 509842000,
    "epochSecond" : 1757551726
  },
  "updatedAt" : {
    "nano" : 509842000,
    "epochSecond" : 1757551726
  },
  "deletedBy" : null,
  "deletedAt" : null
}

Update Organization Preference

PUT /organization-preferences/{id}

Authorization

This endpoint requires:

  • update action on this organization-preference resource.

Path parameters

Parameter Type Optional Description

id

Object

false

Request fields

Path Type Optional Description

preferences

Object

true

Response fields

Path Type Optional Description

id

String

true

organizationId

String

true

preferences

Object

true

createdBy

String

true

createdAt

Object

true

updatedAt

Object

true

deletedBy

String

true

deletedAt

Object

true

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/organization-preferences/58848781-0af7-441e-a1ce-4524d9f4b8e3' -i -X PUT \
    -H 'Content-Type: application/json' \
    -d '{
  "preferences" : {
    "updated" : "my second preference."
  }
}'

Example response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 433

{
  "id" : "58848781-0af7-441e-a1ce-4524d9f4b8e3",
  "organizationId" : "bad26958-0857-44ab-bb10-b4795af9752c",
  "preferences" : {
    "updated" : "my second preference."
  },
  "createdBy" : "b51f6e71-ea82-4d5e-8cac-424105150d46",
  "createdAt" : {
    "nano" : 860594000,
    "epochSecond" : 1757551726
  },
  "updatedAt" : {
    "nano" : 882762000,
    "epochSecond" : 1757551726
  },
  "deletedBy" : null,
  "deletedAt" : null
}

Delete Organization Preference

DELETE /organization-preferences/{id}

Authorization

This endpoint requires:

  • delete action on this organization-preference resource.

Path parameters

Parameter Type Optional Description

id

Object

false

Response fields

Path Type Optional Description

id

String

true

organizationId

String

true

preferences

Object

true

createdBy

String

true

createdAt

Object

true

updatedAt

Object

true

deletedBy

String

true

deletedAt

Object

true

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/organization-preferences/ba331c16-100c-4062-aa6f-c6f79d72384b' -i -X DELETE

Example response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 505

{
  "id" : "ba331c16-100c-4062-aa6f-c6f79d72384b",
  "organizationId" : "18f6bc67-77af-45c6-8ff6-c211c6392243",
  "preferences" : {
    "hello" : "world"
  },
  "createdBy" : "03c5513a-1ad0-4b70-8348-f716218c2d0e",
  "createdAt" : {
    "nano" : 570075000,
    "epochSecond" : 1757551726
  },
  "updatedAt" : {
    "nano" : 585898000,
    "epochSecond" : 1757551726
  },
  "deletedBy" : "481e8195-4be7-4ed7-9b00-dbe38e284b6b",
  "deletedAt" : {
    "nano" : 585000000,
    "epochSecond" : 1757551726
  }
}