Introduction

This is the NetFoundry identity service

Overview

HTTP verbs

NetFoundry adheres closely to standard HTTP and REST conventions in its use of HTTP verbs.

Verb Usage

GET

Used to retrieve a resource

POST

Used to create a new resource

PUT

Used to update an existing resource, full updates only

DELETE

Used to delete an existing resource
The PATCH method is not used (yet).

HTTP status codes

NetFoundry adheres closely to standard HTTP and REST conventions in its use of HTTP status codes.

Status code Usage

200 OK

The actual response will depend on the request method used. In a GET request, the response will contain an entity corresponding to the requested resource. In a POST request, the response will contain an entity describing or containing the result of the action.

201 Created

The request has been fulfilled and resulted in a new resource being created.

202 Accepted

The request has been accepted and is being processed asynchronously Standard response for successful HTTP requests which invoke back-end services.

204 No Content

The server successfully processed the request, but is not returning any content.

400 Bad Request

The server cannot or will not process the request due to something that is perceived to be a client error (e.g., malformed request syntax, invalid request message framing, or deceptive request routing).

401 Unauthorized

The request lacks valid authentication credentials for the target resource.

403 Forbidden

The request is authenticated with valid credentials however that set of credentials is not authorized to access this resource.

404 Not Found

The requested resource could not be found but may be available again in the future. Subsequent requests by the client are permissible.

Resources

Organization

Find Organizations

GET /organizations

Authorization

Valid Authorization Bearer token required, along with a permission grant authorizing access to any referenced resources.

Path parameters

No parameters.

Query parameters

Supports standard paging query parameters.

Parameter Type Optional Description

name

String

true

active

Boolean

true

mfaProviders

Object

true

Must be one of [None, GoogleAuthenticator].

includeDeleted

Boolean

true

Default value: 'false'.

Request fields

No request body.

Response fields

Standard paging response where content field is list of following objects:

Path Type Optional Description

id

String

false

name

String

true

Used for display purposes. Not unique or private.

io.netfoundry.common.util.validation.BasicPattern.

label

String

false

A short value, containing only letters, numbers and dashes, which could be used as a label in a vanity domain. This label uniquely identifies the Organization, and is the key by which organization users indicate the organization within which they intend to authenticate. Note: A deleted organization looses its label. Such organizations will have a label value that combines the organization id with the prior label value. This maintains the constraint that all organization labels are unique, and frees the prior organization label value for reclamation. Obviously a deleted organization’s label will no longer meet the validation constraints of a live organization label.

Must match the regular expression \p{Alnum}|\p{Alnum}[-\p{Alnum}]{0,61}\p{Alnum}.

identityProviders

Array[Object]

false

The set of active (not marked deleted nor deactivated) {@link IdentityProvider}s assigned to this Organization. It is possible for this set to be null. For access to inactive or deleted IdentityProviders, access the IdentityProvider API endpoint directly.

identityProviders[].id

String

false

identityProviders[].organizationId

String

false

The id of the {@link Organization} that this provider will authenticate users into.

identityProviders[].auth0ConnectionId

String

false

The auth0 generated id of the auth0 connection that this IdentityProvider represents.

Size must be between 1 and 128 inclusive.

identityProviders[].name

String

false

Used for display purposes. Not unique or private.

Size must be between 1 and 128 inclusive.

identityProviders[].auth0ConnectionType

String

false

Must be one of [Database, Social, Enterprise, Passwordless].

identityProviders[].active

Boolean

true

identityProviders[].createdAt

Object

false

identityProviders[].updatedAt

Object

false

identityProviders[].deletedAt

Object

true

active

Boolean

true

mfaProvider

String

true

Specifies an Auth0 compliant MFA provider. When set, it will trigger MFA on authentication via Auth0. If null, then the organization does not require MFA.

Must be one of [None, GoogleAuthenticator].

createdAt

Object

false

updatedAt

Object

false

deletedAt

Object

true

deleted

Boolean

true

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/organizations' -i -X GET \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJONzl0UVIyOFRiSld1eEh4cEt6ZEVBIiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6IjgzYWJjMTEwLTIxOTEtNDJjYS04MjNmLTBiNjcxNjAxYTBjMyIsImF1ZCI6ImlkZW50aXR5IiwiaWF0IjoxNjUyMTE1Mjc2LCJleHAiOjE2NTIxMTg4NzYsInBvbGljaWVzIjpbeyJyZXNvdXJjZXMiOlsibmZybjoqIl0sImFjdGlvbnMiOlsiKjoqIl19XSwiZ3JhbnRzLXN1cGVyIjoiW3tcImlkXCI6XCJmNWNlNGQwZC1kNTM0LTRhZjktYjMzOS01M2RmYzk5MWExZDJcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNjB9LHtcImlkXCI6XCIxNWY2YjE4Zi01ZjgyLTRiMjktYjRhNS0yYThiZmFjZTU3YjhcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUxOTl9LHtcImlkXCI6XCI4ZGRhNDU0Ny03ZTA4LTRjOTgtYWEzMi1hYTY0NmY5YTc3YTJcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNjJ9LHtcImlkXCI6XCI2ODA3YTYyMC02N2U5LTQwNzctOTcyYy0wOGFiODRhMzhhYzhcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNzZ9LHtcImlkXCI6XCI4ZjM1YjgxMi05MDMxLTQyYzktYjdjNC1mNjgyMDA2NTVmODFcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNjh9LHtcImlkXCI6XCI1YWVmMWQ2Yy02ZDJiLTQ3ZjMtYjhkNC1jOTRjODQ5NGY4N2VcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNjV9LHtcImlkXCI6XCJiNTg4ZDE1YS01ODQ2LTQ0OTctODY0Zi00ZTczNTcyZDc3MTVcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNzN9LHtcImlkXCI6XCJmMTc2MGFkNi00NDFkLTQ3YmYtYTZhMy00MGFjNjcxNjA4OGRcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNTZ9LHtcImlkXCI6XCI2MTNmZjJmOS02NDNmLTQzOWQtOTM4YS03ZjFiZmNmOTYyMTBcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNjZ9XSIsImdyYW50cy1jdXN0b20iOiJbXSIsImdyYW50cy1wdWJsaWMiOiJbXSIsImdyYW50cy1hY3Rpb24iOiJbXSIsImdyYW50cy1zdGFuZGFyZCI6IltdIn0.AfemrwQgsY64n0ttC95aAH57pO4vtXJdookNCdxlJpsS8HG1GIRLpQ6IcIEuP9c-FoZmV1sNcrKB4rwQxYHxX_e1NVc8po5Hdjpj2pWZ7ETo6FajRRtbyNgkUVM3rs0_fblxf5Ok0ab_Y6CkMDOlhVExgELQPwqxAe-z_BqcfJyUAXhGh4ggfMvEkx_YFDK4U6y4qKjarkr8LC3lmvYBhoTvL66JR9oqCopMCwND0HlK9Yfji4iM5i_vg0LEh5XoNIovJou0n9sFc6A7phyExEWVHHdp7VkEmO3rL72ykv7Pg6vivRM08gjc1tSQGBWCanw9Jg_txn-rJwnnz0TV6Q'

Example response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 2683

[ {
  "id" : "172460d5-a9fa-4f9c-bccb-d6bee6cc12c5",
  "name" : "World Wide Imports",
  "label" : "WW-Imports-86",
  "identityProviders" : [ {
    "id" : "6d4e6444-0a0d-4a6e-8cd5-e177293f2f51",
    "organizationId" : "172460d5-a9fa-4f9c-bccb-d6bee6cc12c5",
    "auth0ConnectionId" : "auth0-opaque-connectionId-87",
    "name" : "Username/Password",
    "auth0ConnectionType" : "Database",
    "active" : true,
    "createdAt" : {
      "nano" : 352136000,
      "epochSecond" : 1652115272
    },
    "updatedAt" : null,
    "deletedAt" : null
  } ],
  "active" : true,
  "mfaProvider" : null,
  "createdAt" : {
    "nano" : 316221000,
    "epochSecond" : 1652115272
  },
  "updatedAt" : null,
  "deletedAt" : null,
  "deleted" : false
}, {
  "id" : "1e82c5a3-eaec-49c2-9ead-19e4c6e666d8",
  "name" : "ACME International, Inc.",
  "label" : "ACME-0",
  "identityProviders" : [ {
    "id" : "5d30b53c-2d4b-4190-bab6-0d2cbcb1b850",
    "organizationId" : "1e82c5a3-eaec-49c2-9ead-19e4c6e666d8",
    "auth0ConnectionId" : "auth0-opaque-connectionId-1",
    "name" : "ACME Federated Active Directory",
    "auth0ConnectionType" : "Enterprise",
    "active" : true,
    "createdAt" : {
      "nano" : 918364000,
      "epochSecond" : 1652115198
    },
    "updatedAt" : null,
    "deletedAt" : null
  }, {
    "id" : "f3865c20-cd7f-45d4-b3ff-275af0e161c9",
    "organizationId" : "1e82c5a3-eaec-49c2-9ead-19e4c6e666d8",
    "auth0ConnectionId" : "auth0-opaque-connectionId-2",
    "name" : "Google-Account",
    "auth0ConnectionType" : "Social",
    "active" : true,
    "createdAt" : {
      "nano" : 967268000,
      "epochSecond" : 1652115198
    },
    "updatedAt" : null,
    "deletedAt" : null
  } ],
  "active" : true,
  "mfaProvider" : "None",
  "createdAt" : {
    "nano" : 796052000,
    "epochSecond" : 1652115198
  },
  "updatedAt" : {
    "nano" : 922772000,
    "epochSecond" : 1652115200
  },
  "deletedAt" : null,
  "deleted" : false
}, {
  "id" : "260324de-ec0f-4e18-9a4d-3c0d096b3cf0",
  "name" : "World Wide Imports",
  "label" : "WW-Imports-74",
  "identityProviders" : [ {
    "id" : "db79a8e3-9890-4a1c-9b07-3342769c7bf8",
    "organizationId" : "260324de-ec0f-4e18-9a4d-3c0d096b3cf0",
    "auth0ConnectionId" : "auth0-opaque-connectionId-75",
    "name" : "Username/Password",
    "auth0ConnectionType" : "Database",
    "active" : true,
    "createdAt" : {
      "nano" : 744974000,
      "epochSecond" : 1652115269
    },
    "updatedAt" : null,
    "deletedAt" : null
  } ],
  "active" : true,
  "mfaProvider" : null,
  "createdAt" : {
    "nano" : 742039000,
    "epochSecond" : 1652115269
  },
  "updatedAt" : null,
  "deletedAt" : null,
  "deleted" : false
} ]

Get Organization By Id

GET /organizations/{id:[a-fA-F0-9]{8}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{12}}

Authorization

Valid Authorization Bearer token required, along with a permission grant authorizing access to any referenced resources.

Path parameters

Parameter Type Optional Description

id

Object

false

Client lacks authorization for the '{action}' action on the '{resourceDesc}' resource over the {pathDesc} resource path.

Query parameters

No parameters.

Request fields

No request body.

Response fields

Path Type Optional Description

id

String

false

name

String

true

Used for display purposes. Not unique or private.

io.netfoundry.common.util.validation.BasicPattern.

label

String

false

A short value, containing only letters, numbers and dashes, which could be used as a label in a vanity domain. This label uniquely identifies the Organization, and is the key by which organization users indicate the organization within which they intend to authenticate. Note: A deleted organization looses its label. Such organizations will have a label value that combines the organization id with the prior label value. This maintains the constraint that all organization labels are unique, and frees the prior organization label value for reclamation. Obviously a deleted organization’s label will no longer meet the validation constraints of a live organization label.

Must match the regular expression \p{Alnum}|\p{Alnum}[-\p{Alnum}]{0,61}\p{Alnum}.

identityProviders

Array[Object]

false

The set of active (not marked deleted nor deactivated) {@link IdentityProvider}s assigned to this Organization. It is possible for this set to be null. For access to inactive or deleted IdentityProviders, access the IdentityProvider API endpoint directly.

identityProviders[].id

String

false

identityProviders[].organizationId

String

false

The id of the {@link Organization} that this provider will authenticate users into.

identityProviders[].auth0ConnectionId

String

false

The auth0 generated id of the auth0 connection that this IdentityProvider represents.

Size must be between 1 and 128 inclusive.

identityProviders[].name

String

false

Used for display purposes. Not unique or private.

Size must be between 1 and 128 inclusive.

identityProviders[].auth0ConnectionType

String

false

Must be one of [Database, Social, Enterprise, Passwordless].

identityProviders[].active

Boolean

true

identityProviders[].createdAt

Object

false

identityProviders[].updatedAt

Object

false

identityProviders[].deletedAt

Object

true

active

Boolean

true

mfaProvider

String

true

Specifies an Auth0 compliant MFA provider. When set, it will trigger MFA on authentication via Auth0. If null, then the organization does not require MFA.

Must be one of [None, GoogleAuthenticator].

createdAt

Object

false

updatedAt

Object

false

deletedAt

Object

true

deleted

Boolean

true

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/organizations/1e82c5a3-eaec-49c2-9ead-19e4c6e666d8' -i -X GET \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJONzl0UVIyOFRiSld1eEh4cEt6ZEVBIiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6IjgzYWJjMTEwLTIxOTEtNDJjYS04MjNmLTBiNjcxNjAxYTBjMyIsImF1ZCI6ImlkZW50aXR5IiwiaWF0IjoxNjUyMTE1Mjc2LCJleHAiOjE2NTIxMTg4NzYsInBvbGljaWVzIjpbeyJyZXNvdXJjZXMiOlsibmZybjoqIl0sImFjdGlvbnMiOlsiKjoqIl19XSwiZ3JhbnRzLXN1cGVyIjoiW3tcImlkXCI6XCJmNWNlNGQwZC1kNTM0LTRhZjktYjMzOS01M2RmYzk5MWExZDJcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNjB9LHtcImlkXCI6XCIxNWY2YjE4Zi01ZjgyLTRiMjktYjRhNS0yYThiZmFjZTU3YjhcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUxOTl9LHtcImlkXCI6XCI4ZGRhNDU0Ny03ZTA4LTRjOTgtYWEzMi1hYTY0NmY5YTc3YTJcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNjJ9LHtcImlkXCI6XCI2ODA3YTYyMC02N2U5LTQwNzctOTcyYy0wOGFiODRhMzhhYzhcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNzZ9LHtcImlkXCI6XCI4ZjM1YjgxMi05MDMxLTQyYzktYjdjNC1mNjgyMDA2NTVmODFcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNjh9LHtcImlkXCI6XCI1YWVmMWQ2Yy02ZDJiLTQ3ZjMtYjhkNC1jOTRjODQ5NGY4N2VcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNjV9LHtcImlkXCI6XCJiNTg4ZDE1YS01ODQ2LTQ0OTctODY0Zi00ZTczNTcyZDc3MTVcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNzN9LHtcImlkXCI6XCJmMTc2MGFkNi00NDFkLTQ3YmYtYTZhMy00MGFjNjcxNjA4OGRcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNTZ9LHtcImlkXCI6XCI2MTNmZjJmOS02NDNmLTQzOWQtOTM4YS03ZjFiZmNmOTYyMTBcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNjZ9XSIsImdyYW50cy1jdXN0b20iOiJbXSIsImdyYW50cy1wdWJsaWMiOiJbXSIsImdyYW50cy1hY3Rpb24iOiJbXSIsImdyYW50cy1zdGFuZGFyZCI6IltdIn0.AfemrwQgsY64n0ttC95aAH57pO4vtXJdookNCdxlJpsS8HG1GIRLpQ6IcIEuP9c-FoZmV1sNcrKB4rwQxYHxX_e1NVc8po5Hdjpj2pWZ7ETo6FajRRtbyNgkUVM3rs0_fblxf5Ok0ab_Y6CkMDOlhVExgELQPwqxAe-z_BqcfJyUAXhGh4ggfMvEkx_YFDK4U6y4qKjarkr8LC3lmvYBhoTvL66JR9oqCopMCwND0HlK9Yfji4iM5i_vg0LEh5XoNIovJou0n9sFc6A7phyExEWVHHdp7VkEmO3rL72ykv7Pg6vivRM08gjc1tSQGBWCanw9Jg_txn-rJwnnz0TV6Q'

Example response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 1207

{
  "id" : "1e82c5a3-eaec-49c2-9ead-19e4c6e666d8",
  "name" : "ACME International, Inc.",
  "label" : "ACME-0",
  "identityProviders" : [ {
    "id" : "5d30b53c-2d4b-4190-bab6-0d2cbcb1b850",
    "organizationId" : "1e82c5a3-eaec-49c2-9ead-19e4c6e666d8",
    "auth0ConnectionId" : "auth0-opaque-connectionId-1",
    "name" : "ACME Federated Active Directory",
    "auth0ConnectionType" : "Enterprise",
    "active" : true,
    "createdAt" : {
      "nano" : 918364000,
      "epochSecond" : 1652115198
    },
    "updatedAt" : null,
    "deletedAt" : null
  }, {
    "id" : "f3865c20-cd7f-45d4-b3ff-275af0e161c9",
    "organizationId" : "1e82c5a3-eaec-49c2-9ead-19e4c6e666d8",
    "auth0ConnectionId" : "auth0-opaque-connectionId-2",
    "name" : "Google-Account",
    "auth0ConnectionType" : "Social",
    "active" : true,
    "createdAt" : {
      "nano" : 967268000,
      "epochSecond" : 1652115198
    },
    "updatedAt" : null,
    "deletedAt" : null
  } ],
  "active" : true,
  "mfaProvider" : "None",
  "createdAt" : {
    "nano" : 796052000,
    "epochSecond" : 1652115198
  },
  "updatedAt" : {
    "nano" : 922772000,
    "epochSecond" : 1652115200
  },
  "deletedAt" : null,
  "deleted" : false
}

Get Organization By Label

GET /organizations/label/{label:[-a-zA-Z0-9]{1,63}}

Authorization

Valid Authorization Bearer token required, along with a permission grant authorizing access to any referenced resources.

Path parameters

Parameter Type Optional Description

label

String

false

Query parameters

No parameters.

Request fields

No request body.

Response fields

Path Type Optional Description

id

String

false

name

String

true

Used for display purposes. Not unique or private.

io.netfoundry.common.util.validation.BasicPattern.

label

String

false

A short value, containing only letters, numbers and dashes, which could be used as a label in a vanity domain. This label uniquely identifies the Organization, and is the key by which organization users indicate the organization within which they intend to authenticate. Note: A deleted organization looses its label. Such organizations will have a label value that combines the organization id with the prior label value. This maintains the constraint that all organization labels are unique, and frees the prior organization label value for reclamation. Obviously a deleted organization’s label will no longer meet the validation constraints of a live organization label.

Must match the regular expression \p{Alnum}|\p{Alnum}[-\p{Alnum}]{0,61}\p{Alnum}.

identityProviders

Array[Object]

false

The set of active (not marked deleted nor deactivated) {@link IdentityProvider}s assigned to this Organization. It is possible for this set to be null. For access to inactive or deleted IdentityProviders, access the IdentityProvider API endpoint directly.

identityProviders[].id

String

false

identityProviders[].organizationId

String

false

The id of the {@link Organization} that this provider will authenticate users into.

identityProviders[].auth0ConnectionId

String

false

The auth0 generated id of the auth0 connection that this IdentityProvider represents.

Size must be between 1 and 128 inclusive.

identityProviders[].name

String

false

Used for display purposes. Not unique or private.

Size must be between 1 and 128 inclusive.

identityProviders[].auth0ConnectionType

String

false

Must be one of [Database, Social, Enterprise, Passwordless].

identityProviders[].active

Boolean

true

identityProviders[].createdAt

Object

false

identityProviders[].updatedAt

Object

false

identityProviders[].deletedAt

Object

true

active

Boolean

true

mfaProvider

String

true

Specifies an Auth0 compliant MFA provider. When set, it will trigger MFA on authentication via Auth0. If null, then the organization does not require MFA.

Must be one of [None, GoogleAuthenticator].

createdAt

Object

false

updatedAt

Object

false

deletedAt

Object

true

deleted

Boolean

true

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/organizations/label/ACME-0' -i -X GET \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJONzl0UVIyOFRiSld1eEh4cEt6ZEVBIiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6IjgzYWJjMTEwLTIxOTEtNDJjYS04MjNmLTBiNjcxNjAxYTBjMyIsImF1ZCI6ImlkZW50aXR5IiwiaWF0IjoxNjUyMTE1Mjc2LCJleHAiOjE2NTIxMTg4NzYsInBvbGljaWVzIjpbeyJyZXNvdXJjZXMiOlsibmZybjoqIl0sImFjdGlvbnMiOlsiKjoqIl19XSwiZ3JhbnRzLXN1cGVyIjoiW3tcImlkXCI6XCJmNWNlNGQwZC1kNTM0LTRhZjktYjMzOS01M2RmYzk5MWExZDJcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNjB9LHtcImlkXCI6XCIxNWY2YjE4Zi01ZjgyLTRiMjktYjRhNS0yYThiZmFjZTU3YjhcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUxOTl9LHtcImlkXCI6XCI4ZGRhNDU0Ny03ZTA4LTRjOTgtYWEzMi1hYTY0NmY5YTc3YTJcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNjJ9LHtcImlkXCI6XCI2ODA3YTYyMC02N2U5LTQwNzctOTcyYy0wOGFiODRhMzhhYzhcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNzZ9LHtcImlkXCI6XCI4ZjM1YjgxMi05MDMxLTQyYzktYjdjNC1mNjgyMDA2NTVmODFcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNjh9LHtcImlkXCI6XCI1YWVmMWQ2Yy02ZDJiLTQ3ZjMtYjhkNC1jOTRjODQ5NGY4N2VcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNjV9LHtcImlkXCI6XCJiNTg4ZDE1YS01ODQ2LTQ0OTctODY0Zi00ZTczNTcyZDc3MTVcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNzN9LHtcImlkXCI6XCJmMTc2MGFkNi00NDFkLTQ3YmYtYTZhMy00MGFjNjcxNjA4OGRcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNTZ9LHtcImlkXCI6XCI2MTNmZjJmOS02NDNmLTQzOWQtOTM4YS03ZjFiZmNmOTYyMTBcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNjZ9XSIsImdyYW50cy1jdXN0b20iOiJbXSIsImdyYW50cy1wdWJsaWMiOiJbXSIsImdyYW50cy1hY3Rpb24iOiJbXSIsImdyYW50cy1zdGFuZGFyZCI6IltdIn0.AfemrwQgsY64n0ttC95aAH57pO4vtXJdookNCdxlJpsS8HG1GIRLpQ6IcIEuP9c-FoZmV1sNcrKB4rwQxYHxX_e1NVc8po5Hdjpj2pWZ7ETo6FajRRtbyNgkUVM3rs0_fblxf5Ok0ab_Y6CkMDOlhVExgELQPwqxAe-z_BqcfJyUAXhGh4ggfMvEkx_YFDK4U6y4qKjarkr8LC3lmvYBhoTvL66JR9oqCopMCwND0HlK9Yfji4iM5i_vg0LEh5XoNIovJou0n9sFc6A7phyExEWVHHdp7VkEmO3rL72ykv7Pg6vivRM08gjc1tSQGBWCanw9Jg_txn-rJwnnz0TV6Q'

Example response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 1207

{
  "id" : "1e82c5a3-eaec-49c2-9ead-19e4c6e666d8",
  "name" : "ACME International, Inc.",
  "label" : "ACME-0",
  "identityProviders" : [ {
    "id" : "5d30b53c-2d4b-4190-bab6-0d2cbcb1b850",
    "organizationId" : "1e82c5a3-eaec-49c2-9ead-19e4c6e666d8",
    "auth0ConnectionId" : "auth0-opaque-connectionId-1",
    "name" : "ACME Federated Active Directory",
    "auth0ConnectionType" : "Enterprise",
    "active" : true,
    "createdAt" : {
      "nano" : 918364000,
      "epochSecond" : 1652115198
    },
    "updatedAt" : null,
    "deletedAt" : null
  }, {
    "id" : "f3865c20-cd7f-45d4-b3ff-275af0e161c9",
    "organizationId" : "1e82c5a3-eaec-49c2-9ead-19e4c6e666d8",
    "auth0ConnectionId" : "auth0-opaque-connectionId-2",
    "name" : "Google-Account",
    "auth0ConnectionType" : "Social",
    "active" : true,
    "createdAt" : {
      "nano" : 967268000,
      "epochSecond" : 1652115198
    },
    "updatedAt" : null,
    "deletedAt" : null
  } ],
  "active" : true,
  "mfaProvider" : "None",
  "createdAt" : {
    "nano" : 796052000,
    "epochSecond" : 1652115198
  },
  "updatedAt" : {
    "nano" : 922772000,
    "epochSecond" : 1652115200
  },
  "deletedAt" : null,
  "deleted" : false
}

Create Organization

POST /organizations

Authorization

Valid Authorization Bearer token required, along with a permission grant authorizing access to any referenced resources.

Path parameters

No parameters.

Query parameters

No parameters.

Request fields

Path Type Optional Description

name

String

true

io.netfoundry.common.util.validation.ValidAs.

label

String

true

io.netfoundry.common.util.validation.ValidAs.

auth0ConnectionId

String

true

io.netfoundry.common.util.validation.ValidAs.

identityProviderName

String

true

io.netfoundry.common.util.validation.ValidAs.

auth0ConnectionType

String

true

io.netfoundry.common.util.validation.ValidAs.
Must be one of [Database, Social, Enterprise, Passwordless].

Response fields

Path Type Optional Description

id

String

false

name

String

true

Used for display purposes. Not unique or private.

io.netfoundry.common.util.validation.BasicPattern.

label

String

false

A short value, containing only letters, numbers and dashes, which could be used as a label in a vanity domain. This label uniquely identifies the Organization, and is the key by which organization users indicate the organization within which they intend to authenticate. Note: A deleted organization looses its label. Such organizations will have a label value that combines the organization id with the prior label value. This maintains the constraint that all organization labels are unique, and frees the prior organization label value for reclamation. Obviously a deleted organization’s label will no longer meet the validation constraints of a live organization label.

Must match the regular expression \p{Alnum}|\p{Alnum}[-\p{Alnum}]{0,61}\p{Alnum}.

identityProviders

Array[Object]

false

The set of active (not marked deleted nor deactivated) {@link IdentityProvider}s assigned to this Organization. It is possible for this set to be null. For access to inactive or deleted IdentityProviders, access the IdentityProvider API endpoint directly.

identityProviders[].id

String

false

identityProviders[].organizationId

String

false

The id of the {@link Organization} that this provider will authenticate users into.

identityProviders[].auth0ConnectionId

String

false

The auth0 generated id of the auth0 connection that this IdentityProvider represents.

Size must be between 1 and 128 inclusive.

identityProviders[].name

String

false

Used for display purposes. Not unique or private.

Size must be between 1 and 128 inclusive.

identityProviders[].auth0ConnectionType

String

false

Must be one of [Database, Social, Enterprise, Passwordless].

identityProviders[].active

Boolean

true

identityProviders[].createdAt

Object

false

identityProviders[].updatedAt

Object

false

identityProviders[].deletedAt

Object

true

active

Boolean

true

mfaProvider

String

true

Specifies an Auth0 compliant MFA provider. When set, it will trigger MFA on authentication via Auth0. If null, then the organization does not require MFA.

Must be one of [None, GoogleAuthenticator].

createdAt

Object

false

updatedAt

Object

false

deletedAt

Object

true

deleted

Boolean

true

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/organizations' -i -X POST \
    -H 'Content-Type: application/json' \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJONzl0UVIyOFRiSld1eEh4cEt6ZEVBIiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6IjgzYWJjMTEwLTIxOTEtNDJjYS04MjNmLTBiNjcxNjAxYTBjMyIsImF1ZCI6ImlkZW50aXR5IiwiaWF0IjoxNjUyMTE1Mjc2LCJleHAiOjE2NTIxMTg4NzYsInBvbGljaWVzIjpbeyJyZXNvdXJjZXMiOlsibmZybjoqIl0sImFjdGlvbnMiOlsiKjoqIl19XSwiZ3JhbnRzLXN1cGVyIjoiW3tcImlkXCI6XCJmNWNlNGQwZC1kNTM0LTRhZjktYjMzOS01M2RmYzk5MWExZDJcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNjB9LHtcImlkXCI6XCIxNWY2YjE4Zi01ZjgyLTRiMjktYjRhNS0yYThiZmFjZTU3YjhcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUxOTl9LHtcImlkXCI6XCI4ZGRhNDU0Ny03ZTA4LTRjOTgtYWEzMi1hYTY0NmY5YTc3YTJcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNjJ9LHtcImlkXCI6XCI2ODA3YTYyMC02N2U5LTQwNzctOTcyYy0wOGFiODRhMzhhYzhcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNzZ9LHtcImlkXCI6XCI4ZjM1YjgxMi05MDMxLTQyYzktYjdjNC1mNjgyMDA2NTVmODFcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNjh9LHtcImlkXCI6XCI1YWVmMWQ2Yy02ZDJiLTQ3ZjMtYjhkNC1jOTRjODQ5NGY4N2VcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNjV9LHtcImlkXCI6XCJiNTg4ZDE1YS01ODQ2LTQ0OTctODY0Zi00ZTczNTcyZDc3MTVcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNzN9LHtcImlkXCI6XCJmMTc2MGFkNi00NDFkLTQ3YmYtYTZhMy00MGFjNjcxNjA4OGRcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNTZ9LHtcImlkXCI6XCI2MTNmZjJmOS02NDNmLTQzOWQtOTM4YS03ZjFiZmNmOTYyMTBcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNjZ9XSIsImdyYW50cy1jdXN0b20iOiJbXSIsImdyYW50cy1wdWJsaWMiOiJbXSIsImdyYW50cy1hY3Rpb24iOiJbXSIsImdyYW50cy1zdGFuZGFyZCI6IltdIn0.AfemrwQgsY64n0ttC95aAH57pO4vtXJdookNCdxlJpsS8HG1GIRLpQ6IcIEuP9c-FoZmV1sNcrKB4rwQxYHxX_e1NVc8po5Hdjpj2pWZ7ETo6FajRRtbyNgkUVM3rs0_fblxf5Ok0ab_Y6CkMDOlhVExgELQPwqxAe-z_BqcfJyUAXhGh4ggfMvEkx_YFDK4U6y4qKjarkr8LC3lmvYBhoTvL66JR9oqCopMCwND0HlK9Yfji4iM5i_vg0LEh5XoNIovJou0n9sFc6A7phyExEWVHHdp7VkEmO3rL72ykv7Pg6vivRM08gjc1tSQGBWCanw9Jg_txn-rJwnnz0TV6Q' \
    -d '{"name":"Best Corp.","label":"BEST-CORP","auth0ConnectionId":"auth0-opaque-connection","identityProviderName":"Corp SAML","auth0ConnectionType":"Enterprise"}'

Example response

HTTP/1.1 201 Created
Content-Type: application/json
Content-Length: 712

{
  "id" : "e71b3e94-c7fd-43c7-ac92-5465dbbe6517",
  "name" : "Best Corp.",
  "label" : "BEST-CORP",
  "identityProviders" : [ {
    "id" : "8441faef-c473-4de9-9fa3-c7da8c5a123d",
    "organizationId" : "e71b3e94-c7fd-43c7-ac92-5465dbbe6517",
    "auth0ConnectionId" : "auth0-opaque-connection",
    "name" : "Best Corp.",
    "auth0ConnectionType" : "Enterprise",
    "active" : true,
    "createdAt" : {
      "nano" : 364035000,
      "epochSecond" : 1652115277
    },
    "updatedAt" : null,
    "deletedAt" : null
  } ],
  "active" : true,
  "mfaProvider" : null,
  "createdAt" : {
    "nano" : 361361000,
    "epochSecond" : 1652115277
  },
  "updatedAt" : null,
  "deletedAt" : null,
  "deleted" : false
}

Activate Or Deactivate Organization

PUT /organizations/{id}/{action:activate|deactivate}

Authorization

Valid Authorization Bearer token required, along with a permission grant authorizing access to any referenced resources.

Path parameters

Parameter Type Optional Description

id

Object

false

Client lacks authorization for the '{action}' action on the '{resourceDesc}' resource over the {pathDesc} resource path.

action

String

false

Query parameters

No parameters.

Request fields

No request body.

Response fields

Path Type Optional Description

id

String

false

name

String

true

Used for display purposes. Not unique or private.

io.netfoundry.common.util.validation.BasicPattern.

label

String

false

A short value, containing only letters, numbers and dashes, which could be used as a label in a vanity domain. This label uniquely identifies the Organization, and is the key by which organization users indicate the organization within which they intend to authenticate. Note: A deleted organization looses its label. Such organizations will have a label value that combines the organization id with the prior label value. This maintains the constraint that all organization labels are unique, and frees the prior organization label value for reclamation. Obviously a deleted organization’s label will no longer meet the validation constraints of a live organization label.

Must match the regular expression \p{Alnum}|\p{Alnum}[-\p{Alnum}]{0,61}\p{Alnum}.

identityProviders

Array[Object]

false

The set of active (not marked deleted nor deactivated) {@link IdentityProvider}s assigned to this Organization. It is possible for this set to be null. For access to inactive or deleted IdentityProviders, access the IdentityProvider API endpoint directly.

identityProviders[].id

String

false

identityProviders[].organizationId

String

false

The id of the {@link Organization} that this provider will authenticate users into.

identityProviders[].auth0ConnectionId

String

false

The auth0 generated id of the auth0 connection that this IdentityProvider represents.

Size must be between 1 and 128 inclusive.

identityProviders[].name

String

false

Used for display purposes. Not unique or private.

Size must be between 1 and 128 inclusive.

identityProviders[].auth0ConnectionType

String

false

Must be one of [Database, Social, Enterprise, Passwordless].

identityProviders[].active

Boolean

true

identityProviders[].createdAt

Object

false

identityProviders[].updatedAt

Object

false

identityProviders[].deletedAt

Object

true

active

Boolean

true

mfaProvider

String

true

Specifies an Auth0 compliant MFA provider. When set, it will trigger MFA on authentication via Auth0. If null, then the organization does not require MFA.

Must be one of [None, GoogleAuthenticator].

createdAt

Object

false

updatedAt

Object

false

deletedAt

Object

true

deleted

Boolean

true

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/organizations/c2814d5c-4f15-4dc0-94e0-3e996331e9e5/deactivate' -i -X PUT \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJONzl0UVIyOFRiSld1eEh4cEt6ZEVBIiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6IjgzYWJjMTEwLTIxOTEtNDJjYS04MjNmLTBiNjcxNjAxYTBjMyIsImF1ZCI6ImlkZW50aXR5IiwiaWF0IjoxNjUyMTE1Mjc2LCJleHAiOjE2NTIxMTg4NzYsInBvbGljaWVzIjpbeyJyZXNvdXJjZXMiOlsibmZybjoqIl0sImFjdGlvbnMiOlsiKjoqIl19XSwiZ3JhbnRzLXN1cGVyIjoiW3tcImlkXCI6XCJmNWNlNGQwZC1kNTM0LTRhZjktYjMzOS01M2RmYzk5MWExZDJcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNjB9LHtcImlkXCI6XCIxNWY2YjE4Zi01ZjgyLTRiMjktYjRhNS0yYThiZmFjZTU3YjhcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUxOTl9LHtcImlkXCI6XCI4ZGRhNDU0Ny03ZTA4LTRjOTgtYWEzMi1hYTY0NmY5YTc3YTJcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNjJ9LHtcImlkXCI6XCI2ODA3YTYyMC02N2U5LTQwNzctOTcyYy0wOGFiODRhMzhhYzhcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNzZ9LHtcImlkXCI6XCI4ZjM1YjgxMi05MDMxLTQyYzktYjdjNC1mNjgyMDA2NTVmODFcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNjh9LHtcImlkXCI6XCI1YWVmMWQ2Yy02ZDJiLTQ3ZjMtYjhkNC1jOTRjODQ5NGY4N2VcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNjV9LHtcImlkXCI6XCJiNTg4ZDE1YS01ODQ2LTQ0OTctODY0Zi00ZTczNTcyZDc3MTVcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNzN9LHtcImlkXCI6XCJmMTc2MGFkNi00NDFkLTQ3YmYtYTZhMy00MGFjNjcxNjA4OGRcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNTZ9LHtcImlkXCI6XCI2MTNmZjJmOS02NDNmLTQzOWQtOTM4YS03ZjFiZmNmOTYyMTBcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNjZ9XSIsImdyYW50cy1jdXN0b20iOiJbXSIsImdyYW50cy1wdWJsaWMiOiJbXSIsImdyYW50cy1hY3Rpb24iOiJbXSIsImdyYW50cy1zdGFuZGFyZCI6IltdIn0.AfemrwQgsY64n0ttC95aAH57pO4vtXJdookNCdxlJpsS8HG1GIRLpQ6IcIEuP9c-FoZmV1sNcrKB4rwQxYHxX_e1NVc8po5Hdjpj2pWZ7ETo6FajRRtbyNgkUVM3rs0_fblxf5Ok0ab_Y6CkMDOlhVExgELQPwqxAe-z_BqcfJyUAXhGh4ggfMvEkx_YFDK4U6y4qKjarkr8LC3lmvYBhoTvL66JR9oqCopMCwND0HlK9Yfji4iM5i_vg0LEh5XoNIovJou0n9sFc6A7phyExEWVHHdp7VkEmO3rL72ykv7Pg6vivRM08gjc1tSQGBWCanw9Jg_txn-rJwnnz0TV6Q'

Example response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 793

{
  "id" : "c2814d5c-4f15-4dc0-94e0-3e996331e9e5",
  "name" : "World Wide Imports",
  "label" : "WW-Imports-106",
  "identityProviders" : [ {
    "id" : "8f822d3d-d746-4a75-ac31-da76520fc582",
    "organizationId" : "c2814d5c-4f15-4dc0-94e0-3e996331e9e5",
    "auth0ConnectionId" : "auth0-opaque-connectionId-107",
    "name" : "Username/Password",
    "auth0ConnectionType" : "Database",
    "active" : true,
    "createdAt" : {
      "nano" : 328435000,
      "epochSecond" : 1652115280
    },
    "updatedAt" : null,
    "deletedAt" : null
  } ],
  "active" : false,
  "mfaProvider" : null,
  "createdAt" : {
    "nano" : 325413000,
    "epochSecond" : 1652115280
  },
  "updatedAt" : {
    "nano" : 857280000,
    "epochSecond" : 1652115280
  },
  "deletedAt" : null,
  "deleted" : false
}

Add Identity Provider (deprecated)

POST /organizations/{id}/identity-providers

Deprecated.

Authorization

Valid Authorization Bearer token required, along with a permission grant authorizing access to any referenced resources.

Path parameters

Parameter Type Optional Description

id

Object

false

Client lacks authorization for the '{action}' action on the '{resourceDesc}' resource over the {pathDesc} resource path.

Query parameters

No parameters.

Request fields

Path Type Optional Description

auth0ConnectionId

String

true

io.netfoundry.common.util.validation.ValidAs.

identityProviderName

String

true

io.netfoundry.common.util.validation.ValidAs.

auth0ConnectionType

String

true

io.netfoundry.common.util.validation.ValidAs.
Must be one of [Database, Social, Enterprise, Passwordless].

Response fields

Path Type Optional Description

id

String

false

name

String

true

Used for display purposes. Not unique or private.

io.netfoundry.common.util.validation.BasicPattern.

label

String

false

A short value, containing only letters, numbers and dashes, which could be used as a label in a vanity domain. This label uniquely identifies the Organization, and is the key by which organization users indicate the organization within which they intend to authenticate. Note: A deleted organization looses its label. Such organizations will have a label value that combines the organization id with the prior label value. This maintains the constraint that all organization labels are unique, and frees the prior organization label value for reclamation. Obviously a deleted organization’s label will no longer meet the validation constraints of a live organization label.

Must match the regular expression \p{Alnum}|\p{Alnum}[-\p{Alnum}]{0,61}\p{Alnum}.

identityProviders

Array[Object]

false

The set of active (not marked deleted nor deactivated) {@link IdentityProvider}s assigned to this Organization. It is possible for this set to be null. For access to inactive or deleted IdentityProviders, access the IdentityProvider API endpoint directly.

identityProviders[].id

String

false

identityProviders[].organizationId

String

false

The id of the {@link Organization} that this provider will authenticate users into.

identityProviders[].auth0ConnectionId

String

false

The auth0 generated id of the auth0 connection that this IdentityProvider represents.

Size must be between 1 and 128 inclusive.

identityProviders[].name

String

false

Used for display purposes. Not unique or private.

Size must be between 1 and 128 inclusive.

identityProviders[].auth0ConnectionType

String

false

Must be one of [Database, Social, Enterprise, Passwordless].

identityProviders[].active

Boolean

true

identityProviders[].createdAt

Object

false

identityProviders[].updatedAt

Object

false

identityProviders[].deletedAt

Object

true

active

Boolean

true

mfaProvider

String

true

Specifies an Auth0 compliant MFA provider. When set, it will trigger MFA on authentication via Auth0. If null, then the organization does not require MFA.

Must be one of [None, GoogleAuthenticator].

createdAt

Object

false

updatedAt

Object

false

deletedAt

Object

true

deleted

Boolean

true

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/organizations/6258f429-83d5-4d7f-875b-7a2cc17253fc/identity-providers' -i -X POST \
    -H 'Content-Type: application/json' \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJONzl0UVIyOFRiSld1eEh4cEt6ZEVBIiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6IjgzYWJjMTEwLTIxOTEtNDJjYS04MjNmLTBiNjcxNjAxYTBjMyIsImF1ZCI6ImlkZW50aXR5IiwiaWF0IjoxNjUyMTE1Mjc2LCJleHAiOjE2NTIxMTg4NzYsInBvbGljaWVzIjpbeyJyZXNvdXJjZXMiOlsibmZybjoqIl0sImFjdGlvbnMiOlsiKjoqIl19XSwiZ3JhbnRzLXN1cGVyIjoiW3tcImlkXCI6XCJmNWNlNGQwZC1kNTM0LTRhZjktYjMzOS01M2RmYzk5MWExZDJcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNjB9LHtcImlkXCI6XCIxNWY2YjE4Zi01ZjgyLTRiMjktYjRhNS0yYThiZmFjZTU3YjhcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUxOTl9LHtcImlkXCI6XCI4ZGRhNDU0Ny03ZTA4LTRjOTgtYWEzMi1hYTY0NmY5YTc3YTJcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNjJ9LHtcImlkXCI6XCI2ODA3YTYyMC02N2U5LTQwNzctOTcyYy0wOGFiODRhMzhhYzhcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNzZ9LHtcImlkXCI6XCI4ZjM1YjgxMi05MDMxLTQyYzktYjdjNC1mNjgyMDA2NTVmODFcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNjh9LHtcImlkXCI6XCI1YWVmMWQ2Yy02ZDJiLTQ3ZjMtYjhkNC1jOTRjODQ5NGY4N2VcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNjV9LHtcImlkXCI6XCJiNTg4ZDE1YS01ODQ2LTQ0OTctODY0Zi00ZTczNTcyZDc3MTVcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNzN9LHtcImlkXCI6XCJmMTc2MGFkNi00NDFkLTQ3YmYtYTZhMy00MGFjNjcxNjA4OGRcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNTZ9LHtcImlkXCI6XCI2MTNmZjJmOS02NDNmLTQzOWQtOTM4YS03ZjFiZmNmOTYyMTBcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNjZ9XSIsImdyYW50cy1jdXN0b20iOiJbXSIsImdyYW50cy1wdWJsaWMiOiJbXSIsImdyYW50cy1hY3Rpb24iOiJbXSIsImdyYW50cy1zdGFuZGFyZCI6IltdIn0.AfemrwQgsY64n0ttC95aAH57pO4vtXJdookNCdxlJpsS8HG1GIRLpQ6IcIEuP9c-FoZmV1sNcrKB4rwQxYHxX_e1NVc8po5Hdjpj2pWZ7ETo6FajRRtbyNgkUVM3rs0_fblxf5Ok0ab_Y6CkMDOlhVExgELQPwqxAe-z_BqcfJyUAXhGh4ggfMvEkx_YFDK4U6y4qKjarkr8LC3lmvYBhoTvL66JR9oqCopMCwND0HlK9Yfji4iM5i_vg0LEh5XoNIovJou0n9sFc6A7phyExEWVHHdp7VkEmO3rL72ykv7Pg6vivRM08gjc1tSQGBWCanw9Jg_txn-rJwnnz0TV6Q' \
    -d '{"auth0ConnectionId":"auth0-opaque-connection","identityProviderName":"Corp SAML","auth0ConnectionType":"Enterprise"}'

Example response

HTTP/1.1 201 Created
Content-Type: application/json
Content-Length: 1132

{
  "id" : "6258f429-83d5-4d7f-875b-7a2cc17253fc",
  "name" : "World Wide Imports",
  "label" : "WW-Imports-104",
  "identityProviders" : [ {
    "id" : "e83af9a0-a5a8-4591-ad38-cec8765834d6",
    "organizationId" : "6258f429-83d5-4d7f-875b-7a2cc17253fc",
    "auth0ConnectionId" : "auth0-opaque-connectionId-105",
    "name" : "Username/Password",
    "auth0ConnectionType" : "Database",
    "active" : true,
    "createdAt" : {
      "nano" : 428988000,
      "epochSecond" : 1652115279
    },
    "updatedAt" : null,
    "deletedAt" : null
  }, {
    "id" : "1b9f16f5-ae6b-47a5-89a7-ff39a7c5692e",
    "organizationId" : "6258f429-83d5-4d7f-875b-7a2cc17253fc",
    "auth0ConnectionId" : "auth0-opaque-connection",
    "name" : "Corp SAML",
    "auth0ConnectionType" : "Enterprise",
    "active" : true,
    "createdAt" : {
      "nano" : 886941000,
      "epochSecond" : 1652115279
    },
    "updatedAt" : null,
    "deletedAt" : null
  } ],
  "active" : true,
  "mfaProvider" : null,
  "createdAt" : {
    "nano" : 426098000,
    "epochSecond" : 1652115279
  },
  "updatedAt" : null,
  "deletedAt" : null,
  "deleted" : false
}

Identity Providers

Find Identity Providers

GET /identity-providers

Authorization

Valid Authorization Bearer token required, along with a permission grant authorizing access to any referenced resources.

Path parameters

No parameters.

Query parameters

Supports standard paging query parameters.

Parameter Type Optional Description

name

String

true

organizationId

Object

true

auth0ConnectionId

Object

true

auth0ConnectionType

Object

true

Must be one of [Database, Social, Enterprise, Passwordless].

active

Boolean

true

deleted

Object

true

Request fields

No request body.

Response fields

Standard paging response where content field is list of following objects:

Path Type Optional Description

id

String

false

organizationId

String

false

The id of the {@link Organization} that this provider will authenticate users into.

auth0ConnectionId

String

false

The auth0 generated id of the auth0 connection that this IdentityProvider represents.

Size must be between 1 and 128 inclusive.

name

String

false

Used for display purposes. Not unique or private.

Size must be between 1 and 128 inclusive.

auth0ConnectionType

String

false

Must be one of [Database, Social, Enterprise, Passwordless].

active

Boolean

true

createdAt

Object

false

updatedAt

Object

false

deletedAt

Object

true

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/identity-providers' -i -X GET \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJ5c2FIX2diVFhYdU82YXhEOVdUdFlBIiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6IjgzYWJjMTEwLTIxOTEtNDJjYS04MjNmLTBiNjcxNjAxYTBjMyIsImF1ZCI6ImlkZW50aXR5IiwiaWF0IjoxNjUyMTE1MjczLCJleHAiOjE2NTIxMTg4NzMsInBvbGljaWVzIjpbeyJyZXNvdXJjZXMiOlsibmZybjoqIl0sImFjdGlvbnMiOlsiKjoqIl19XSwiZ3JhbnRzLXN1cGVyIjoiW3tcImlkXCI6XCJmNWNlNGQwZC1kNTM0LTRhZjktYjMzOS01M2RmYzk5MWExZDJcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNjB9LHtcImlkXCI6XCIxNWY2YjE4Zi01ZjgyLTRiMjktYjRhNS0yYThiZmFjZTU3YjhcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUxOTl9LHtcImlkXCI6XCI4ZGRhNDU0Ny03ZTA4LTRjOTgtYWEzMi1hYTY0NmY5YTc3YTJcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNjJ9LHtcImlkXCI6XCI4ZjM1YjgxMi05MDMxLTQyYzktYjdjNC1mNjgyMDA2NTVmODFcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNjh9LHtcImlkXCI6XCI1YWVmMWQ2Yy02ZDJiLTQ3ZjMtYjhkNC1jOTRjODQ5NGY4N2VcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNjV9LHtcImlkXCI6XCJiNTg4ZDE1YS01ODQ2LTQ0OTctODY0Zi00ZTczNTcyZDc3MTVcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNzN9LHtcImlkXCI6XCJmMTc2MGFkNi00NDFkLTQ3YmYtYTZhMy00MGFjNjcxNjA4OGRcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNTZ9LHtcImlkXCI6XCI2MTNmZjJmOS02NDNmLTQzOWQtOTM4YS03ZjFiZmNmOTYyMTBcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNjZ9XSIsImdyYW50cy1jdXN0b20iOiJbXSIsImdyYW50cy1wdWJsaWMiOiJbXSIsImdyYW50cy1hY3Rpb24iOiJbXSIsImdyYW50cy1zdGFuZGFyZCI6IltdIn0.HK8XeoE_xsD8eL08Gp8osUOzvXDDD-58skw9nBXChgwH4-E4f92vvCIjSlllfT5pVZJmyDKGz_Lk4hl3jqfgKJAF1oLiLkBof6zmZ6oySLnhv9Za3HztIIwsQCyeCpgNevlEaNqoHwR7nTj0cyjrVz28PzcdXz-lw4RCrvbJrtLTSk8phUxkYAvnO2tXDTFlcJDpjFnnifZTnAT8QvzA1tGSM8M6V3aRZ4vyDeqmxnavlDsAGwoeRKAgvIyqdppWNVgB8Rt0VE_loTC6HxSxeL8TPVIgfYdcaeX-bWQLDC8DU1ozPgWCxaMW8jdEHJXWkS0c3SPbgVxhvGD80qbNRA'

Example response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 1216

[ {
  "id" : "325c00ae-a30d-4a7e-843e-e90c9bca6f08",
  "organizationId" : "2951ee7e-c999-456a-b6dc-66f3c1df65d1",
  "auth0ConnectionId" : "auth0-opaque-connectionId-91",
  "name" : "Username/Password",
  "auth0ConnectionType" : "Database",
  "active" : false,
  "createdAt" : {
    "nano" : 791981000,
    "epochSecond" : 1652115273
  },
  "updatedAt" : {
    "nano" : 84584000,
    "epochSecond" : 1652115274
  },
  "deletedAt" : null
}, {
  "id" : "5d30b53c-2d4b-4190-bab6-0d2cbcb1b850",
  "organizationId" : "1e82c5a3-eaec-49c2-9ead-19e4c6e666d8",
  "auth0ConnectionId" : "auth0-opaque-connectionId-1",
  "name" : "ACME Federated Active Directory",
  "auth0ConnectionType" : "Enterprise",
  "active" : true,
  "createdAt" : {
    "nano" : 918364000,
    "epochSecond" : 1652115198
  },
  "updatedAt" : null,
  "deletedAt" : null
}, {
  "id" : "6cc2d8c3-7b67-40bc-8089-349986112206",
  "organizationId" : "5c95d643-1cce-4bf4-ba4e-f351a6490ada",
  "auth0ConnectionId" : "auth0-opaque-connectionId-83",
  "name" : "Username/Password",
  "auth0ConnectionType" : "Database",
  "active" : true,
  "createdAt" : {
    "nano" : 477206000,
    "epochSecond" : 1652115271
  },
  "updatedAt" : null,
  "deletedAt" : null
} ]

Get Identity Provider

GET /identity-providers/{id}

Authorization

Valid Authorization Bearer token required, along with a permission grant authorizing access to any referenced resources.

Path parameters

Parameter Type Optional Description

id

Object

false

Client lacks authorization for the '{action}' action on the '{resourceDesc}' resource over the {pathDesc} resource path.

Query parameters

No parameters.

Request fields

No request body.

Response fields

Path Type Optional Description

id

String

false

organizationId

String

false

The id of the {@link Organization} that this provider will authenticate users into.

auth0ConnectionId

String

false

The auth0 generated id of the auth0 connection that this IdentityProvider represents.

Size must be between 1 and 128 inclusive.

name

String

false

Used for display purposes. Not unique or private.

Size must be between 1 and 128 inclusive.

auth0ConnectionType

String

false

Must be one of [Database, Social, Enterprise, Passwordless].

active

Boolean

true

createdAt

Object

false

updatedAt

Object

false

deletedAt

Object

true

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/identity-providers/5d30b53c-2d4b-4190-bab6-0d2cbcb1b850' -i -X GET \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJ5c2FIX2diVFhYdU82YXhEOVdUdFlBIiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6IjgzYWJjMTEwLTIxOTEtNDJjYS04MjNmLTBiNjcxNjAxYTBjMyIsImF1ZCI6ImlkZW50aXR5IiwiaWF0IjoxNjUyMTE1MjczLCJleHAiOjE2NTIxMTg4NzMsInBvbGljaWVzIjpbeyJyZXNvdXJjZXMiOlsibmZybjoqIl0sImFjdGlvbnMiOlsiKjoqIl19XSwiZ3JhbnRzLXN1cGVyIjoiW3tcImlkXCI6XCJmNWNlNGQwZC1kNTM0LTRhZjktYjMzOS01M2RmYzk5MWExZDJcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNjB9LHtcImlkXCI6XCIxNWY2YjE4Zi01ZjgyLTRiMjktYjRhNS0yYThiZmFjZTU3YjhcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUxOTl9LHtcImlkXCI6XCI4ZGRhNDU0Ny03ZTA4LTRjOTgtYWEzMi1hYTY0NmY5YTc3YTJcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNjJ9LHtcImlkXCI6XCI4ZjM1YjgxMi05MDMxLTQyYzktYjdjNC1mNjgyMDA2NTVmODFcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNjh9LHtcImlkXCI6XCI1YWVmMWQ2Yy02ZDJiLTQ3ZjMtYjhkNC1jOTRjODQ5NGY4N2VcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNjV9LHtcImlkXCI6XCJiNTg4ZDE1YS01ODQ2LTQ0OTctODY0Zi00ZTczNTcyZDc3MTVcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNzN9LHtcImlkXCI6XCJmMTc2MGFkNi00NDFkLTQ3YmYtYTZhMy00MGFjNjcxNjA4OGRcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNTZ9LHtcImlkXCI6XCI2MTNmZjJmOS02NDNmLTQzOWQtOTM4YS03ZjFiZmNmOTYyMTBcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNjZ9XSIsImdyYW50cy1jdXN0b20iOiJbXSIsImdyYW50cy1wdWJsaWMiOiJbXSIsImdyYW50cy1hY3Rpb24iOiJbXSIsImdyYW50cy1zdGFuZGFyZCI6IltdIn0.HK8XeoE_xsD8eL08Gp8osUOzvXDDD-58skw9nBXChgwH4-E4f92vvCIjSlllfT5pVZJmyDKGz_Lk4hl3jqfgKJAF1oLiLkBof6zmZ6oySLnhv9Za3HztIIwsQCyeCpgNevlEaNqoHwR7nTj0cyjrVz28PzcdXz-lw4RCrvbJrtLTSk8phUxkYAvnO2tXDTFlcJDpjFnnifZTnAT8QvzA1tGSM8M6V3aRZ4vyDeqmxnavlDsAGwoeRKAgvIyqdppWNVgB8Rt0VE_loTC6HxSxeL8TPVIgfYdcaeX-bWQLDC8DU1ozPgWCxaMW8jdEHJXWkS0c3SPbgVxhvGD80qbNRA'

Example response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 394

{
  "id" : "5d30b53c-2d4b-4190-bab6-0d2cbcb1b850",
  "organizationId" : "1e82c5a3-eaec-49c2-9ead-19e4c6e666d8",
  "auth0ConnectionId" : "auth0-opaque-connectionId-1",
  "name" : "ACME Federated Active Directory",
  "auth0ConnectionType" : "Enterprise",
  "active" : true,
  "createdAt" : {
    "nano" : 918364000,
    "epochSecond" : 1652115198
  },
  "updatedAt" : null,
  "deletedAt" : null
}

Create Identity Provider

POST /identity-providers

Authorization

Valid Authorization Bearer token required, along with a permission grant authorizing access to any referenced resources.

Path parameters

No parameters.

Query parameters

No parameters.

Request fields

Path Type Optional Description

organizationId

String

true

Client lacks authorization for the '{action}' action on the '{resourceDesc}' resource over the {pathDesc} resource path.

auth0ConnectionId

String

true

name

String

true

auth0ConnectionType

String

true

Must be one of [Database, Social, Enterprise, Passwordless].

Response fields

Path Type Optional Description

id

String

false

organizationId

String

false

The id of the {@link Organization} that this provider will authenticate users into.

auth0ConnectionId

String

false

The auth0 generated id of the auth0 connection that this IdentityProvider represents.

Size must be between 1 and 128 inclusive.

name

String

false

Used for display purposes. Not unique or private.

Size must be between 1 and 128 inclusive.

auth0ConnectionType

String

false

Must be one of [Database, Social, Enterprise, Passwordless].

active

Boolean

true

createdAt

Object

false

updatedAt

Object

false

deletedAt

Object

true

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/identity-providers' -i -X POST \
    -H 'Content-Type: application/json' \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJ5c2FIX2diVFhYdU82YXhEOVdUdFlBIiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6IjgzYWJjMTEwLTIxOTEtNDJjYS04MjNmLTBiNjcxNjAxYTBjMyIsImF1ZCI6ImlkZW50aXR5IiwiaWF0IjoxNjUyMTE1MjczLCJleHAiOjE2NTIxMTg4NzMsInBvbGljaWVzIjpbeyJyZXNvdXJjZXMiOlsibmZybjoqIl0sImFjdGlvbnMiOlsiKjoqIl19XSwiZ3JhbnRzLXN1cGVyIjoiW3tcImlkXCI6XCJmNWNlNGQwZC1kNTM0LTRhZjktYjMzOS01M2RmYzk5MWExZDJcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNjB9LHtcImlkXCI6XCIxNWY2YjE4Zi01ZjgyLTRiMjktYjRhNS0yYThiZmFjZTU3YjhcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUxOTl9LHtcImlkXCI6XCI4ZGRhNDU0Ny03ZTA4LTRjOTgtYWEzMi1hYTY0NmY5YTc3YTJcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNjJ9LHtcImlkXCI6XCI4ZjM1YjgxMi05MDMxLTQyYzktYjdjNC1mNjgyMDA2NTVmODFcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNjh9LHtcImlkXCI6XCI1YWVmMWQ2Yy02ZDJiLTQ3ZjMtYjhkNC1jOTRjODQ5NGY4N2VcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNjV9LHtcImlkXCI6XCJiNTg4ZDE1YS01ODQ2LTQ0OTctODY0Zi00ZTczNTcyZDc3MTVcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNzN9LHtcImlkXCI6XCJmMTc2MGFkNi00NDFkLTQ3YmYtYTZhMy00MGFjNjcxNjA4OGRcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNTZ9LHtcImlkXCI6XCI2MTNmZjJmOS02NDNmLTQzOWQtOTM4YS03ZjFiZmNmOTYyMTBcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNjZ9XSIsImdyYW50cy1jdXN0b20iOiJbXSIsImdyYW50cy1wdWJsaWMiOiJbXSIsImdyYW50cy1hY3Rpb24iOiJbXSIsImdyYW50cy1zdGFuZGFyZCI6IltdIn0.HK8XeoE_xsD8eL08Gp8osUOzvXDDD-58skw9nBXChgwH4-E4f92vvCIjSlllfT5pVZJmyDKGz_Lk4hl3jqfgKJAF1oLiLkBof6zmZ6oySLnhv9Za3HztIIwsQCyeCpgNevlEaNqoHwR7nTj0cyjrVz28PzcdXz-lw4RCrvbJrtLTSk8phUxkYAvnO2tXDTFlcJDpjFnnifZTnAT8QvzA1tGSM8M6V3aRZ4vyDeqmxnavlDsAGwoeRKAgvIyqdppWNVgB8Rt0VE_loTC6HxSxeL8TPVIgfYdcaeX-bWQLDC8DU1ozPgWCxaMW8jdEHJXWkS0c3SPbgVxhvGD80qbNRA' \
    -d '{"organizationId":"9e1e0036-a7c3-492f-87d8-46ab9af20966","auth0ConnectionId":"auth0-opaque-connection","name":"Corp SAML","auth0ConnectionType":"Enterprise"}'

Example response

HTTP/1.1 201 Created
Content-Type: application/json
Content-Length: 368

{
  "id" : "a06554dc-3c7e-4b26-8e4e-74da84fde8c2",
  "organizationId" : "9e1e0036-a7c3-492f-87d8-46ab9af20966",
  "auth0ConnectionId" : "auth0-opaque-connection",
  "name" : "Corp SAML",
  "auth0ConnectionType" : "Enterprise",
  "active" : true,
  "createdAt" : {
    "nano" : 784917000,
    "epochSecond" : 1652115274
  },
  "updatedAt" : null,
  "deletedAt" : null
}

Update Identity Provider

PUT /identity-providers/{id}

Authorization

Valid Authorization Bearer token required, along with a permission grant authorizing access to any referenced resources.

Path parameters

Parameter Type Optional Description

id

Object

false

Client lacks authorization for the '{action}' action on the '{resourceDesc}' resource over the {pathDesc} resource path.

Query parameters

No parameters.

Request fields

Path Type Optional Description

name

String

true

Response fields

Path Type Optional Description

id

String

false

organizationId

String

false

The id of the {@link Organization} that this provider will authenticate users into.

auth0ConnectionId

String

false

The auth0 generated id of the auth0 connection that this IdentityProvider represents.

Size must be between 1 and 128 inclusive.

name

String

false

Used for display purposes. Not unique or private.

Size must be between 1 and 128 inclusive.

auth0ConnectionType

String

false

Must be one of [Database, Social, Enterprise, Passwordless].

active

Boolean

true

createdAt

Object

false

updatedAt

Object

false

deletedAt

Object

true

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/identity-providers/e50279b1-c01e-4002-aad4-32953fcb5ac3' -i -X PUT \
    -H 'Content-Type: application/json' \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJ5c2FIX2diVFhYdU82YXhEOVdUdFlBIiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6IjgzYWJjMTEwLTIxOTEtNDJjYS04MjNmLTBiNjcxNjAxYTBjMyIsImF1ZCI6ImlkZW50aXR5IiwiaWF0IjoxNjUyMTE1MjczLCJleHAiOjE2NTIxMTg4NzMsInBvbGljaWVzIjpbeyJyZXNvdXJjZXMiOlsibmZybjoqIl0sImFjdGlvbnMiOlsiKjoqIl19XSwiZ3JhbnRzLXN1cGVyIjoiW3tcImlkXCI6XCJmNWNlNGQwZC1kNTM0LTRhZjktYjMzOS01M2RmYzk5MWExZDJcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNjB9LHtcImlkXCI6XCIxNWY2YjE4Zi01ZjgyLTRiMjktYjRhNS0yYThiZmFjZTU3YjhcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUxOTl9LHtcImlkXCI6XCI4ZGRhNDU0Ny03ZTA4LTRjOTgtYWEzMi1hYTY0NmY5YTc3YTJcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNjJ9LHtcImlkXCI6XCI4ZjM1YjgxMi05MDMxLTQyYzktYjdjNC1mNjgyMDA2NTVmODFcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNjh9LHtcImlkXCI6XCI1YWVmMWQ2Yy02ZDJiLTQ3ZjMtYjhkNC1jOTRjODQ5NGY4N2VcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNjV9LHtcImlkXCI6XCJiNTg4ZDE1YS01ODQ2LTQ0OTctODY0Zi00ZTczNTcyZDc3MTVcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNzN9LHtcImlkXCI6XCJmMTc2MGFkNi00NDFkLTQ3YmYtYTZhMy00MGFjNjcxNjA4OGRcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNTZ9LHtcImlkXCI6XCI2MTNmZjJmOS02NDNmLTQzOWQtOTM4YS03ZjFiZmNmOTYyMTBcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNjZ9XSIsImdyYW50cy1jdXN0b20iOiJbXSIsImdyYW50cy1wdWJsaWMiOiJbXSIsImdyYW50cy1hY3Rpb24iOiJbXSIsImdyYW50cy1zdGFuZGFyZCI6IltdIn0.HK8XeoE_xsD8eL08Gp8osUOzvXDDD-58skw9nBXChgwH4-E4f92vvCIjSlllfT5pVZJmyDKGz_Lk4hl3jqfgKJAF1oLiLkBof6zmZ6oySLnhv9Za3HztIIwsQCyeCpgNevlEaNqoHwR7nTj0cyjrVz28PzcdXz-lw4RCrvbJrtLTSk8phUxkYAvnO2tXDTFlcJDpjFnnifZTnAT8QvzA1tGSM8M6V3aRZ4vyDeqmxnavlDsAGwoeRKAgvIyqdppWNVgB8Rt0VE_loTC6HxSxeL8TPVIgfYdcaeX-bWQLDC8DU1ozPgWCxaMW8jdEHJXWkS0c3SPbgVxhvGD80qbNRA' \
    -d '{"name":"New IdP Name"}'

Example response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 430

{
  "id" : "e50279b1-c01e-4002-aad4-32953fcb5ac3",
  "organizationId" : "fe6a7a7a-cea1-4e81-a4f4-98c3038f0581",
  "auth0ConnectionId" : "auth0-opaque-connectionId-99",
  "name" : "New IdP Name",
  "auth0ConnectionType" : "Database",
  "active" : true,
  "createdAt" : {
    "nano" : 357911000,
    "epochSecond" : 1652115276
  },
  "updatedAt" : {
    "nano" : 700909000,
    "epochSecond" : 1652115276
  },
  "deletedAt" : null
}

Activate Or Deactivate Identity Provider

PUT /identity-providers/{id}/{action:activate|deactivate}

Authorization

Valid Authorization Bearer token required, along with a permission grant authorizing access to any referenced resources.

Path parameters

Parameter Type Optional Description

id

Object

false

Client lacks authorization for the '{action}' action on the '{resourceDesc}' resource over the {pathDesc} resource path.

action

String

false

Query parameters

No parameters.

Request fields

No request body.

Response fields

Path Type Optional Description

id

String

false

organizationId

String

false

The id of the {@link Organization} that this provider will authenticate users into.

auth0ConnectionId

String

false

The auth0 generated id of the auth0 connection that this IdentityProvider represents.

Size must be between 1 and 128 inclusive.

name

String

false

Used for display purposes. Not unique or private.

Size must be between 1 and 128 inclusive.

auth0ConnectionType

String

false

Must be one of [Database, Social, Enterprise, Passwordless].

active

Boolean

true

createdAt

Object

false

updatedAt

Object

false

deletedAt

Object

true

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/identity-providers/9e683214-74cb-40ed-a167-672ddc549654/activate' -i -X PUT \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJ5c2FIX2diVFhYdU82YXhEOVdUdFlBIiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6IjgzYWJjMTEwLTIxOTEtNDJjYS04MjNmLTBiNjcxNjAxYTBjMyIsImF1ZCI6ImlkZW50aXR5IiwiaWF0IjoxNjUyMTE1MjczLCJleHAiOjE2NTIxMTg4NzMsInBvbGljaWVzIjpbeyJyZXNvdXJjZXMiOlsibmZybjoqIl0sImFjdGlvbnMiOlsiKjoqIl19XSwiZ3JhbnRzLXN1cGVyIjoiW3tcImlkXCI6XCJmNWNlNGQwZC1kNTM0LTRhZjktYjMzOS01M2RmYzk5MWExZDJcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNjB9LHtcImlkXCI6XCIxNWY2YjE4Zi01ZjgyLTRiMjktYjRhNS0yYThiZmFjZTU3YjhcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUxOTl9LHtcImlkXCI6XCI4ZGRhNDU0Ny03ZTA4LTRjOTgtYWEzMi1hYTY0NmY5YTc3YTJcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNjJ9LHtcImlkXCI6XCI4ZjM1YjgxMi05MDMxLTQyYzktYjdjNC1mNjgyMDA2NTVmODFcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNjh9LHtcImlkXCI6XCI1YWVmMWQ2Yy02ZDJiLTQ3ZjMtYjhkNC1jOTRjODQ5NGY4N2VcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNjV9LHtcImlkXCI6XCJiNTg4ZDE1YS01ODQ2LTQ0OTctODY0Zi00ZTczNTcyZDc3MTVcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNzN9LHtcImlkXCI6XCJmMTc2MGFkNi00NDFkLTQ3YmYtYTZhMy00MGFjNjcxNjA4OGRcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNTZ9LHtcImlkXCI6XCI2MTNmZjJmOS02NDNmLTQzOWQtOTM4YS03ZjFiZmNmOTYyMTBcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNjZ9XSIsImdyYW50cy1jdXN0b20iOiJbXSIsImdyYW50cy1wdWJsaWMiOiJbXSIsImdyYW50cy1hY3Rpb24iOiJbXSIsImdyYW50cy1zdGFuZGFyZCI6IltdIn0.HK8XeoE_xsD8eL08Gp8osUOzvXDDD-58skw9nBXChgwH4-E4f92vvCIjSlllfT5pVZJmyDKGz_Lk4hl3jqfgKJAF1oLiLkBof6zmZ6oySLnhv9Za3HztIIwsQCyeCpgNevlEaNqoHwR7nTj0cyjrVz28PzcdXz-lw4RCrvbJrtLTSk8phUxkYAvnO2tXDTFlcJDpjFnnifZTnAT8QvzA1tGSM8M6V3aRZ4vyDeqmxnavlDsAGwoeRKAgvIyqdppWNVgB8Rt0VE_loTC6HxSxeL8TPVIgfYdcaeX-bWQLDC8DU1ozPgWCxaMW8jdEHJXWkS0c3SPbgVxhvGD80qbNRA'

Example response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 379

{
  "id" : "9e683214-74cb-40ed-a167-672ddc549654",
  "organizationId" : "804633bf-647d-4019-ba83-0157a8e93fa4",
  "auth0ConnectionId" : "auth0-opaque-connectionId-95",
  "name" : "Username/Password",
  "auth0ConnectionType" : "Database",
  "active" : true,
  "createdAt" : {
    "nano" : 351943000,
    "epochSecond" : 1652115275
  },
  "updatedAt" : null,
  "deletedAt" : null
}

Delete Identity Provider

DELETE /identity-providers/{id}

Authorization

Valid Authorization Bearer token required, along with a permission grant authorizing access to any referenced resources.

Path parameters

Parameter Type Optional Description

id

Object

false

Client lacks authorization for the '{action}' action on the '{resourceDesc}' resource over the {pathDesc} resource path.

Query parameters

No parameters.

Request fields

No request body.

Response fields

Path Type Optional Description

id

String

false

organizationId

String

false

The id of the {@link Organization} that this provider will authenticate users into.

auth0ConnectionId

String

false

The auth0 generated id of the auth0 connection that this IdentityProvider represents.

Size must be between 1 and 128 inclusive.

name

String

false

Used for display purposes. Not unique or private.

Size must be between 1 and 128 inclusive.

auth0ConnectionType

String

false

Must be one of [Database, Social, Enterprise, Passwordless].

active

Boolean

true

createdAt

Object

false

updatedAt

Object

false

deletedAt

Object

true

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/identity-providers/8feff89b-9890-4c28-8677-9241df1a53be' -i -X DELETE \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJ5c2FIX2diVFhYdU82YXhEOVdUdFlBIiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6IjgzYWJjMTEwLTIxOTEtNDJjYS04MjNmLTBiNjcxNjAxYTBjMyIsImF1ZCI6ImlkZW50aXR5IiwiaWF0IjoxNjUyMTE1MjczLCJleHAiOjE2NTIxMTg4NzMsInBvbGljaWVzIjpbeyJyZXNvdXJjZXMiOlsibmZybjoqIl0sImFjdGlvbnMiOlsiKjoqIl19XSwiZ3JhbnRzLXN1cGVyIjoiW3tcImlkXCI6XCJmNWNlNGQwZC1kNTM0LTRhZjktYjMzOS01M2RmYzk5MWExZDJcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNjB9LHtcImlkXCI6XCIxNWY2YjE4Zi01ZjgyLTRiMjktYjRhNS0yYThiZmFjZTU3YjhcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUxOTl9LHtcImlkXCI6XCI4ZGRhNDU0Ny03ZTA4LTRjOTgtYWEzMi1hYTY0NmY5YTc3YTJcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNjJ9LHtcImlkXCI6XCI4ZjM1YjgxMi05MDMxLTQyYzktYjdjNC1mNjgyMDA2NTVmODFcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNjh9LHtcImlkXCI6XCI1YWVmMWQ2Yy02ZDJiLTQ3ZjMtYjhkNC1jOTRjODQ5NGY4N2VcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNjV9LHtcImlkXCI6XCJiNTg4ZDE1YS01ODQ2LTQ0OTctODY0Zi00ZTczNTcyZDc3MTVcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNzN9LHtcImlkXCI6XCJmMTc2MGFkNi00NDFkLTQ3YmYtYTZhMy00MGFjNjcxNjA4OGRcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNTZ9LHtcImlkXCI6XCI2MTNmZjJmOS02NDNmLTQzOWQtOTM4YS03ZjFiZmNmOTYyMTBcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNjZ9XSIsImdyYW50cy1jdXN0b20iOiJbXSIsImdyYW50cy1wdWJsaWMiOiJbXSIsImdyYW50cy1hY3Rpb24iOiJbXSIsImdyYW50cy1zdGFuZGFyZCI6IltdIn0.HK8XeoE_xsD8eL08Gp8osUOzvXDDD-58skw9nBXChgwH4-E4f92vvCIjSlllfT5pVZJmyDKGz_Lk4hl3jqfgKJAF1oLiLkBof6zmZ6oySLnhv9Za3HztIIwsQCyeCpgNevlEaNqoHwR7nTj0cyjrVz28PzcdXz-lw4RCrvbJrtLTSk8phUxkYAvnO2tXDTFlcJDpjFnnifZTnAT8QvzA1tGSM8M6V3aRZ4vyDeqmxnavlDsAGwoeRKAgvIyqdppWNVgB8Rt0VE_loTC6HxSxeL8TPVIgfYdcaeX-bWQLDC8DU1ozPgWCxaMW8jdEHJXWkS0c3SPbgVxhvGD80qbNRA'

Example response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 491

{
  "id" : "8feff89b-9890-4c28-8677-9241df1a53be",
  "organizationId" : "3fd5f0dc-3450-4ab9-9c42-223d9ea56dee",
  "auth0ConnectionId" : "auth0-opaque-connectionId-97",
  "name" : "Username/Password",
  "auth0ConnectionType" : "Database",
  "active" : true,
  "createdAt" : {
    "nano" : 134616000,
    "epochSecond" : 1652115276
  },
  "updatedAt" : {
    "nano" : 305571000,
    "epochSecond" : 1652115276
  },
  "deletedAt" : {
    "nano" : 304000000,
    "epochSecond" : 1652115276
  }
}

User Identity

Find User Identities

GET /user-identities

Returns a set of {@link UserIdentity}s that are visible to the requesting client and optionally filtered based on the submitted request parameters.

Authorization

Valid Authorization Bearer token required, along with a permission grant authorizing access to any referenced resources.

Path parameters

No parameters.

Query parameters

Supports standard paging query parameters.

Parameter Type Optional Description

tenantId

Object

true

Deprecated..

organizationId

Object

true

Restricts results to Identities in the specified Organization (by Organization’s id.).

identityProviderId

Object

true

firstName

String

true

lastName

String

true

email

String

true

active

Boolean

true

Restricts results to Identities with a matching active status.

includeDeleted

Boolean

true

Default value: 'false'.

Request fields

No request body.

Response fields

Standard paging response where content field is list of following objects:

Path Type Optional Description

id

String

false

organizationId

String

false

firstName

String

true

Size must be between 0 and 128 inclusive.

lastName

String

true

Size must be between 1 and 128 inclusive.

email

String

false

Size must be between 6 and 254 inclusive.

identityMappings

Array[Object]

false

identityMappings[].id

String

false

identityMappings[].auth0UserId

String

false

Size must be between 4 and 256 inclusive.

identityMappings[].identityProviderId

String

false

identityMappings[].userIdentityId

String

false

active

Boolean

true

createdAt

Object

false

deletedAt

Object

true

Returns the date that the identity was deleted or null if the identity has not been deleted. Note, identities are marked as deleted and not returned from searches unless explicitly requested.

tenantId

String

true

Deprecated. The Tenant resource has been renamed to Organization. Use getOrganizationId().

Returns the id of the {@link Organization} that this identity is a member of.

name

String

true

type

String

true

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/user-identities' -i -X GET \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJ1R0w5cWtZRWIzVmFmQU5uU1NYa1NRIiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6IjgzYWJjMTEwLTIxOTEtNDJjYS04MjNmLTBiNjcxNjAxYTBjMyIsImF1ZCI6ImlkZW50aXR5IiwiaWF0IjoxNjUyMTE1MjU2LCJleHAiOjE2NTIxMTg4NTYsInBvbGljaWVzIjpbeyJyZXNvdXJjZXMiOlsibmZybjoqIl0sImFjdGlvbnMiOlsiKjoqIl19XSwiZ3JhbnRzLXN1cGVyIjoiW3tcImlkXCI6XCIxNWY2YjE4Zi01ZjgyLTRiMjktYjRhNS0yYThiZmFjZTU3YjhcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUxOTl9LHtcImlkXCI6XCJmMTc2MGFkNi00NDFkLTQ3YmYtYTZhMy00MGFjNjcxNjA4OGRcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNTZ9XSIsImdyYW50cy1jdXN0b20iOiJbXSIsImdyYW50cy1wdWJsaWMiOiJbXSIsImdyYW50cy1hY3Rpb24iOiJbXSIsImdyYW50cy1zdGFuZGFyZCI6IltdIn0.Vzrr1kTrGDa4NqCe7pkEW-OUdEiXBe2ErMR8Ylc73NuPKr00S7e0TsEGsZscwxia9ezvibCS-wI_wYTd4k-pAmjKrMNCUZ6bF_SSichaLfDW9VWD_GimTGUQwwU2u2iQAdB3zjz73zRQ3xwmvxXsjYCEuqiIqoQqlzD3fm2wsAEoMw-twZKc7MaCSke4-OzA-77bRIg-Q6WuaKlLi1KHsn3PBmMcxtXPGjuRfWnvm_ezoyBdYejVqZh_WLde7bQJLcjtqvrFXdlaehZy5pDqWYDFLhgRVofpmSFLRsP30eDzdXBMIKzc6GnXx5e85onkJFbSFjn-VHtteQYjNvxWoQ'

Example response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 2307

[ {
  "id" : "2d5a90e7-620b-4801-9ec4-2bdcffc86460",
  "organizationId" : "1e82c5a3-eaec-49c2-9ead-19e4c6e666d8",
  "firstName" : "John",
  "lastName" : "Doe",
  "email" : "john.doe@acme.com",
  "identityMappings" : [ {
    "id" : "0159f5fd-7a5d-450b-97c7-7a8611bad1d2",
    "auth0UserId" : "auth0-opaque-userId-3",
    "identityProviderId" : "5d30b53c-2d4b-4190-bab6-0d2cbcb1b850",
    "userIdentityId" : "2d5a90e7-620b-4801-9ec4-2bdcffc86460"
  } ],
  "active" : true,
  "createdAt" : {
    "nano" : 176909000,
    "epochSecond" : 1652115199
  },
  "deletedAt" : null,
  "tenantId" : "1e82c5a3-eaec-49c2-9ead-19e4c6e666d8",
  "name" : "John Doe",
  "type" : "UserIdentity"
}, {
  "id" : "45d5e750-4aec-431d-abf5-28f2b1036d30",
  "organizationId" : "1e82c5a3-eaec-49c2-9ead-19e4c6e666d8",
  "firstName" : "First",
  "lastName" : "Last",
  "email" : "random-30@acme.com",
  "identityMappings" : [ {
    "id" : "32c9e9a1-4e1d-4c70-9721-df28bbafc9c5",
    "auth0UserId" : "auth0-opaque-userId-31",
    "identityProviderId" : "5d30b53c-2d4b-4190-bab6-0d2cbcb1b850",
    "userIdentityId" : "45d5e750-4aec-431d-abf5-28f2b1036d30"
  }, {
    "id" : "633edbc4-c7b3-42a7-9c4a-b0e400788dab",
    "auth0UserId" : "new-auth0-userId:d5d79f60-6dec-48fa-8986-84c74e31f2a6",
    "identityProviderId" : "f3865c20-cd7f-45d4-b3ff-275af0e161c9",
    "userIdentityId" : "45d5e750-4aec-431d-abf5-28f2b1036d30"
  } ],
  "active" : true,
  "createdAt" : {
    "nano" : 921503000,
    "epochSecond" : 1652115256
  },
  "deletedAt" : null,
  "tenantId" : "1e82c5a3-eaec-49c2-9ead-19e4c6e666d8",
  "name" : "First Last",
  "type" : "UserIdentity"
}, {
  "id" : "78292670-b171-4ad4-8e34-d9933ff72d7e",
  "organizationId" : "1e82c5a3-eaec-49c2-9ead-19e4c6e666d8",
  "firstName" : "First",
  "lastName" : "Last",
  "email" : "random-34@acme.com",
  "identityMappings" : [ {
    "id" : "ec9dad41-3587-40f2-9f7e-bac05ca369c3",
    "auth0UserId" : "auth0-opaque-userId-35",
    "identityProviderId" : "5d30b53c-2d4b-4190-bab6-0d2cbcb1b850",
    "userIdentityId" : "78292670-b171-4ad4-8e34-d9933ff72d7e"
  } ],
  "active" : false,
  "createdAt" : {
    "nano" : 758666000,
    "epochSecond" : 1652115257
  },
  "deletedAt" : null,
  "tenantId" : "1e82c5a3-eaec-49c2-9ead-19e4c6e666d8",
  "name" : "First Last",
  "type" : "UserIdentity"
} ]

Get User Identity

GET /user-identities/{id:[a-fA-F0-9]{8}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{12}}

Get an User Identity by its id.

Authorization

Valid Authorization Bearer token required, along with a permission grant authorizing access to any referenced resources.

Path parameters

Parameter Type Optional Description

id

Object

false

The id of the desired Identity.

Client lacks authorization for the '{action}' action on the '{resourceDesc}' resource over the {pathDesc} resource path.

Query parameters

No parameters.

Request fields

No request body.

Response fields

Path Type Optional Description

id

String

false

organizationId

String

false

firstName

String

true

Size must be between 0 and 128 inclusive.

lastName

String

true

Size must be between 1 and 128 inclusive.

email

String

false

Size must be between 6 and 254 inclusive.

identityMappings

Array[Object]

false

identityMappings[].id

String

false

identityMappings[].auth0UserId

String

false

Size must be between 4 and 256 inclusive.

identityMappings[].identityProviderId

String

false

identityMappings[].userIdentityId

String

false

active

Boolean

true

createdAt

Object

false

deletedAt

Object

true

Returns the date that the identity was deleted or null if the identity has not been deleted. Note, identities are marked as deleted and not returned from searches unless explicitly requested.

tenantId

String

true

Deprecated. The Tenant resource has been renamed to Organization. Use getOrganizationId().

Returns the id of the {@link Organization} that this identity is a member of.

name

String

true

type

String

true

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/user-identities/2d5a90e7-620b-4801-9ec4-2bdcffc86460' -i -X GET \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJ1R0w5cWtZRWIzVmFmQU5uU1NYa1NRIiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6IjgzYWJjMTEwLTIxOTEtNDJjYS04MjNmLTBiNjcxNjAxYTBjMyIsImF1ZCI6ImlkZW50aXR5IiwiaWF0IjoxNjUyMTE1MjU2LCJleHAiOjE2NTIxMTg4NTYsInBvbGljaWVzIjpbeyJyZXNvdXJjZXMiOlsibmZybjoqIl0sImFjdGlvbnMiOlsiKjoqIl19XSwiZ3JhbnRzLXN1cGVyIjoiW3tcImlkXCI6XCIxNWY2YjE4Zi01ZjgyLTRiMjktYjRhNS0yYThiZmFjZTU3YjhcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUxOTl9LHtcImlkXCI6XCJmMTc2MGFkNi00NDFkLTQ3YmYtYTZhMy00MGFjNjcxNjA4OGRcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNTZ9XSIsImdyYW50cy1jdXN0b20iOiJbXSIsImdyYW50cy1wdWJsaWMiOiJbXSIsImdyYW50cy1hY3Rpb24iOiJbXSIsImdyYW50cy1zdGFuZGFyZCI6IltdIn0.Vzrr1kTrGDa4NqCe7pkEW-OUdEiXBe2ErMR8Ylc73NuPKr00S7e0TsEGsZscwxia9ezvibCS-wI_wYTd4k-pAmjKrMNCUZ6bF_SSichaLfDW9VWD_GimTGUQwwU2u2iQAdB3zjz73zRQ3xwmvxXsjYCEuqiIqoQqlzD3fm2wsAEoMw-twZKc7MaCSke4-OzA-77bRIg-Q6WuaKlLi1KHsn3PBmMcxtXPGjuRfWnvm_ezoyBdYejVqZh_WLde7bQJLcjtqvrFXdlaehZy5pDqWYDFLhgRVofpmSFLRsP30eDzdXBMIKzc6GnXx5e85onkJFbSFjn-VHtteQYjNvxWoQ'

Example response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 674

{
  "id" : "2d5a90e7-620b-4801-9ec4-2bdcffc86460",
  "organizationId" : "1e82c5a3-eaec-49c2-9ead-19e4c6e666d8",
  "firstName" : "John",
  "lastName" : "Doe",
  "email" : "john.doe@acme.com",
  "identityMappings" : [ {
    "id" : "0159f5fd-7a5d-450b-97c7-7a8611bad1d2",
    "auth0UserId" : "auth0-opaque-userId-3",
    "identityProviderId" : "5d30b53c-2d4b-4190-bab6-0d2cbcb1b850",
    "userIdentityId" : "2d5a90e7-620b-4801-9ec4-2bdcffc86460"
  } ],
  "active" : true,
  "createdAt" : {
    "nano" : 176909000,
    "epochSecond" : 1652115199
  },
  "deletedAt" : null,
  "tenantId" : "1e82c5a3-eaec-49c2-9ead-19e4c6e666d8",
  "name" : "John Doe",
  "type" : "UserIdentity"
}

Get User Identity By Mapping

GET /user-identities/mapping/{auth0UserId}/{identityProviderId}

Authorization

Valid Authorization Bearer token required, along with a permission grant authorizing access to any referenced resources.

Path parameters

Parameter Type Optional Description

auth0UserId

String

false

identityProviderId

Object

false

Query parameters

No parameters.

Request fields

No request body.

Response fields

Path Type Optional Description

id

String

false

organizationId

String

false

firstName

String

true

Size must be between 0 and 128 inclusive.

lastName

String

true

Size must be between 1 and 128 inclusive.

email

String

false

Size must be between 6 and 254 inclusive.

identityMappings

Array[Object]

false

identityMappings[].id

String

false

identityMappings[].auth0UserId

String

false

Size must be between 4 and 256 inclusive.

identityMappings[].identityProviderId

String

false

identityMappings[].userIdentityId

String

false

active

Boolean

true

createdAt

Object

false

deletedAt

Object

true

Returns the date that the identity was deleted or null if the identity has not been deleted. Note, identities are marked as deleted and not returned from searches unless explicitly requested.

tenantId

String

true

Deprecated. The Tenant resource has been renamed to Organization. Use getOrganizationId().

Returns the id of the {@link Organization} that this identity is a member of.

name

String

true

type

String

true

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/user-identities/mapping/auth0-opaque-userId-3/5d30b53c-2d4b-4190-bab6-0d2cbcb1b850' -i -X GET \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJ1R0w5cWtZRWIzVmFmQU5uU1NYa1NRIiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6IjgzYWJjMTEwLTIxOTEtNDJjYS04MjNmLTBiNjcxNjAxYTBjMyIsImF1ZCI6ImlkZW50aXR5IiwiaWF0IjoxNjUyMTE1MjU2LCJleHAiOjE2NTIxMTg4NTYsInBvbGljaWVzIjpbeyJyZXNvdXJjZXMiOlsibmZybjoqIl0sImFjdGlvbnMiOlsiKjoqIl19XSwiZ3JhbnRzLXN1cGVyIjoiW3tcImlkXCI6XCIxNWY2YjE4Zi01ZjgyLTRiMjktYjRhNS0yYThiZmFjZTU3YjhcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUxOTl9LHtcImlkXCI6XCJmMTc2MGFkNi00NDFkLTQ3YmYtYTZhMy00MGFjNjcxNjA4OGRcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNTZ9XSIsImdyYW50cy1jdXN0b20iOiJbXSIsImdyYW50cy1wdWJsaWMiOiJbXSIsImdyYW50cy1hY3Rpb24iOiJbXSIsImdyYW50cy1zdGFuZGFyZCI6IltdIn0.Vzrr1kTrGDa4NqCe7pkEW-OUdEiXBe2ErMR8Ylc73NuPKr00S7e0TsEGsZscwxia9ezvibCS-wI_wYTd4k-pAmjKrMNCUZ6bF_SSichaLfDW9VWD_GimTGUQwwU2u2iQAdB3zjz73zRQ3xwmvxXsjYCEuqiIqoQqlzD3fm2wsAEoMw-twZKc7MaCSke4-OzA-77bRIg-Q6WuaKlLi1KHsn3PBmMcxtXPGjuRfWnvm_ezoyBdYejVqZh_WLde7bQJLcjtqvrFXdlaehZy5pDqWYDFLhgRVofpmSFLRsP30eDzdXBMIKzc6GnXx5e85onkJFbSFjn-VHtteQYjNvxWoQ'

Example response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 674

{
  "id" : "2d5a90e7-620b-4801-9ec4-2bdcffc86460",
  "organizationId" : "1e82c5a3-eaec-49c2-9ead-19e4c6e666d8",
  "firstName" : "John",
  "lastName" : "Doe",
  "email" : "john.doe@acme.com",
  "identityMappings" : [ {
    "id" : "0159f5fd-7a5d-450b-97c7-7a8611bad1d2",
    "auth0UserId" : "auth0-opaque-userId-3",
    "identityProviderId" : "5d30b53c-2d4b-4190-bab6-0d2cbcb1b850",
    "userIdentityId" : "2d5a90e7-620b-4801-9ec4-2bdcffc86460"
  } ],
  "active" : true,
  "createdAt" : {
    "nano" : 176909000,
    "epochSecond" : 1652115199
  },
  "deletedAt" : null,
  "tenantId" : "1e82c5a3-eaec-49c2-9ead-19e4c6e666d8",
  "name" : "John Doe",
  "type" : "UserIdentity"
}

Create Identity

POST /user-identities

Authorization

Valid Authorization Bearer token required, along with a permission grant authorizing access to any referenced resources.

Path parameters

No parameters.

Query parameters

No parameters.

Request fields

Path Type Optional Description

organizationId

String

true

Client lacks authorization for the '{action}' action on the '{resourceDesc}' resource over the {pathDesc} resource path.

firstName

String

true

lastName

String

true

email

String

true

Response fields

Path Type Optional Description

id

String

false

organizationId

String

false

firstName

String

true

Size must be between 0 and 128 inclusive.

lastName

String

true

Size must be between 1 and 128 inclusive.

email

String

false

Size must be between 6 and 254 inclusive.

identityMappings

Array[Object]

false

identityMappings[].id

String

false

identityMappings[].auth0UserId

String

false

Size must be between 4 and 256 inclusive.

identityMappings[].identityProviderId

String

false

identityMappings[].userIdentityId

String

false

active

Boolean

true

createdAt

Object

false

deletedAt

Object

true

Returns the date that the identity was deleted or null if the identity has not been deleted. Note, identities are marked as deleted and not returned from searches unless explicitly requested.

tenantId

String

true

Deprecated. The Tenant resource has been renamed to Organization. Use getOrganizationId().

Returns the id of the {@link Organization} that this identity is a member of.

name

String

true

type

String

true

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/user-identities' -i -X POST \
    -H 'Content-Type: application/json' \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJ1R0w5cWtZRWIzVmFmQU5uU1NYa1NRIiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6IjgzYWJjMTEwLTIxOTEtNDJjYS04MjNmLTBiNjcxNjAxYTBjMyIsImF1ZCI6ImlkZW50aXR5IiwiaWF0IjoxNjUyMTE1MjU2LCJleHAiOjE2NTIxMTg4NTYsInBvbGljaWVzIjpbeyJyZXNvdXJjZXMiOlsibmZybjoqIl0sImFjdGlvbnMiOlsiKjoqIl19XSwiZ3JhbnRzLXN1cGVyIjoiW3tcImlkXCI6XCIxNWY2YjE4Zi01ZjgyLTRiMjktYjRhNS0yYThiZmFjZTU3YjhcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUxOTl9LHtcImlkXCI6XCJmMTc2MGFkNi00NDFkLTQ3YmYtYTZhMy00MGFjNjcxNjA4OGRcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNTZ9XSIsImdyYW50cy1jdXN0b20iOiJbXSIsImdyYW50cy1wdWJsaWMiOiJbXSIsImdyYW50cy1hY3Rpb24iOiJbXSIsImdyYW50cy1zdGFuZGFyZCI6IltdIn0.Vzrr1kTrGDa4NqCe7pkEW-OUdEiXBe2ErMR8Ylc73NuPKr00S7e0TsEGsZscwxia9ezvibCS-wI_wYTd4k-pAmjKrMNCUZ6bF_SSichaLfDW9VWD_GimTGUQwwU2u2iQAdB3zjz73zRQ3xwmvxXsjYCEuqiIqoQqlzD3fm2wsAEoMw-twZKc7MaCSke4-OzA-77bRIg-Q6WuaKlLi1KHsn3PBmMcxtXPGjuRfWnvm_ezoyBdYejVqZh_WLde7bQJLcjtqvrFXdlaehZy5pDqWYDFLhgRVofpmSFLRsP30eDzdXBMIKzc6GnXx5e85onkJFbSFjn-VHtteQYjNvxWoQ' \
    -d '{"organizationId":"1e82c5a3-eaec-49c2-9ead-19e4c6e666d8","firstName":"Jane","lastName":"Doe","email":"jane.doe@acme.com"}'

Example response

HTTP/1.1 201 Created
Content-Type: application/json
Content-Length: 443

{
  "id" : "8d0c2e41-661b-42ab-802b-d0b8995351c3",
  "organizationId" : "1e82c5a3-eaec-49c2-9ead-19e4c6e666d8",
  "firstName" : "Jane",
  "lastName" : "Doe",
  "email" : "jane.doe@acme.com",
  "identityMappings" : [ ],
  "active" : true,
  "createdAt" : {
    "nano" : 850881000,
    "epochSecond" : 1652115259
  },
  "deletedAt" : null,
  "tenantId" : "1e82c5a3-eaec-49c2-9ead-19e4c6e666d8",
  "name" : "Jane Doe",
  "type" : "UserIdentity"
}

Update Identity Info

PUT /user-identities/{id}

Authorization

Valid Authorization Bearer token required, along with a permission grant authorizing access to any referenced resources.

Path parameters

Parameter Type Optional Description

id

Object

false

Client lacks authorization for the '{action}' action on the '{resourceDesc}' resource over the {pathDesc} resource path.

Query parameters

No parameters.

Request fields

Path Type Optional Description

firstName

String

true

lastName

String

true

email

String

true

Response fields

Path Type Optional Description

id

String

false

organizationId

String

false

firstName

String

true

Size must be between 0 and 128 inclusive.

lastName

String

true

Size must be between 1 and 128 inclusive.

email

String

false

Size must be between 6 and 254 inclusive.

identityMappings

Array[Object]

false

identityMappings[].id

String

false

identityMappings[].auth0UserId

String

false

Size must be between 4 and 256 inclusive.

identityMappings[].identityProviderId

String

false

identityMappings[].userIdentityId

String

false

active

Boolean

true

createdAt

Object

false

deletedAt

Object

true

Returns the date that the identity was deleted or null if the identity has not been deleted. Note, identities are marked as deleted and not returned from searches unless explicitly requested.

tenantId

String

true

Deprecated. The Tenant resource has been renamed to Organization. Use getOrganizationId().

Returns the id of the {@link Organization} that this identity is a member of.

name

String

true

type

String

true

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/user-identities/c3322fd9-1c8c-4518-a40a-6dd0707d6ea6' -i -X PUT \
    -H 'Content-Type: application/json' \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJ1R0w5cWtZRWIzVmFmQU5uU1NYa1NRIiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6IjgzYWJjMTEwLTIxOTEtNDJjYS04MjNmLTBiNjcxNjAxYTBjMyIsImF1ZCI6ImlkZW50aXR5IiwiaWF0IjoxNjUyMTE1MjU2LCJleHAiOjE2NTIxMTg4NTYsInBvbGljaWVzIjpbeyJyZXNvdXJjZXMiOlsibmZybjoqIl0sImFjdGlvbnMiOlsiKjoqIl19XSwiZ3JhbnRzLXN1cGVyIjoiW3tcImlkXCI6XCIxNWY2YjE4Zi01ZjgyLTRiMjktYjRhNS0yYThiZmFjZTU3YjhcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUxOTl9LHtcImlkXCI6XCJmMTc2MGFkNi00NDFkLTQ3YmYtYTZhMy00MGFjNjcxNjA4OGRcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNTZ9XSIsImdyYW50cy1jdXN0b20iOiJbXSIsImdyYW50cy1wdWJsaWMiOiJbXSIsImdyYW50cy1hY3Rpb24iOiJbXSIsImdyYW50cy1zdGFuZGFyZCI6IltdIn0.Vzrr1kTrGDa4NqCe7pkEW-OUdEiXBe2ErMR8Ylc73NuPKr00S7e0TsEGsZscwxia9ezvibCS-wI_wYTd4k-pAmjKrMNCUZ6bF_SSichaLfDW9VWD_GimTGUQwwU2u2iQAdB3zjz73zRQ3xwmvxXsjYCEuqiIqoQqlzD3fm2wsAEoMw-twZKc7MaCSke4-OzA-77bRIg-Q6WuaKlLi1KHsn3PBmMcxtXPGjuRfWnvm_ezoyBdYejVqZh_WLde7bQJLcjtqvrFXdlaehZy5pDqWYDFLhgRVofpmSFLRsP30eDzdXBMIKzc6GnXx5e85onkJFbSFjn-VHtteQYjNvxWoQ' \
    -d '{"firstName":"Bobby","lastName":"White","email":"bobby.white@acme.com"}'

Example response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 684

{
  "id" : "c3322fd9-1c8c-4518-a40a-6dd0707d6ea6",
  "organizationId" : "1e82c5a3-eaec-49c2-9ead-19e4c6e666d8",
  "firstName" : "Bobby",
  "lastName" : "White",
  "email" : "bobby.white@acme.com",
  "identityMappings" : [ {
    "id" : "b7440815-9e18-41ab-8000-d842b670d615",
    "auth0UserId" : "auth0-opaque-userId-33",
    "identityProviderId" : "5d30b53c-2d4b-4190-bab6-0d2cbcb1b850",
    "userIdentityId" : "c3322fd9-1c8c-4518-a40a-6dd0707d6ea6"
  } ],
  "active" : true,
  "createdAt" : {
    "nano" : 365326000,
    "epochSecond" : 1652115257
  },
  "deletedAt" : null,
  "tenantId" : "1e82c5a3-eaec-49c2-9ead-19e4c6e666d8",
  "name" : "Bobby White",
  "type" : "UserIdentity"
}

Activate Or Deactivate User Identity

PUT /user-identities/{id}/{action:activate|deactivate}

Authorization

Valid Authorization Bearer token required, along with a permission grant authorizing access to any referenced resources.

Path parameters

Parameter Type Optional Description

id

Object

false

Client lacks authorization for the '{action}' action on the '{resourceDesc}' resource over the {pathDesc} resource path.

action

String

false

Query parameters

No parameters.

Request fields

No request body.

Response fields

Path Type Optional Description

id

String

false

organizationId

String

false

firstName

String

true

Size must be between 0 and 128 inclusive.

lastName

String

true

Size must be between 1 and 128 inclusive.

email

String

false

Size must be between 6 and 254 inclusive.

identityMappings

Array[Object]

false

identityMappings[].id

String

false

identityMappings[].auth0UserId

String

false

Size must be between 4 and 256 inclusive.

identityMappings[].identityProviderId

String

false

identityMappings[].userIdentityId

String

false

active

Boolean

true

createdAt

Object

false

deletedAt

Object

true

Returns the date that the identity was deleted or null if the identity has not been deleted. Note, identities are marked as deleted and not returned from searches unless explicitly requested.

tenantId

String

true

Deprecated. The Tenant resource has been renamed to Organization. Use getOrganizationId().

Returns the id of the {@link Organization} that this identity is a member of.

name

String

true

type

String

true

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/user-identities/78292670-b171-4ad4-8e34-d9933ff72d7e/deactivate' -i -X PUT \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJ1R0w5cWtZRWIzVmFmQU5uU1NYa1NRIiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6IjgzYWJjMTEwLTIxOTEtNDJjYS04MjNmLTBiNjcxNjAxYTBjMyIsImF1ZCI6ImlkZW50aXR5IiwiaWF0IjoxNjUyMTE1MjU2LCJleHAiOjE2NTIxMTg4NTYsInBvbGljaWVzIjpbeyJyZXNvdXJjZXMiOlsibmZybjoqIl0sImFjdGlvbnMiOlsiKjoqIl19XSwiZ3JhbnRzLXN1cGVyIjoiW3tcImlkXCI6XCIxNWY2YjE4Zi01ZjgyLTRiMjktYjRhNS0yYThiZmFjZTU3YjhcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUxOTl9LHtcImlkXCI6XCJmMTc2MGFkNi00NDFkLTQ3YmYtYTZhMy00MGFjNjcxNjA4OGRcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNTZ9XSIsImdyYW50cy1jdXN0b20iOiJbXSIsImdyYW50cy1wdWJsaWMiOiJbXSIsImdyYW50cy1hY3Rpb24iOiJbXSIsImdyYW50cy1zdGFuZGFyZCI6IltdIn0.Vzrr1kTrGDa4NqCe7pkEW-OUdEiXBe2ErMR8Ylc73NuPKr00S7e0TsEGsZscwxia9ezvibCS-wI_wYTd4k-pAmjKrMNCUZ6bF_SSichaLfDW9VWD_GimTGUQwwU2u2iQAdB3zjz73zRQ3xwmvxXsjYCEuqiIqoQqlzD3fm2wsAEoMw-twZKc7MaCSke4-OzA-77bRIg-Q6WuaKlLi1KHsn3PBmMcxtXPGjuRfWnvm_ezoyBdYejVqZh_WLde7bQJLcjtqvrFXdlaehZy5pDqWYDFLhgRVofpmSFLRsP30eDzdXBMIKzc6GnXx5e85onkJFbSFjn-VHtteQYjNvxWoQ'

Example response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 681

{
  "id" : "78292670-b171-4ad4-8e34-d9933ff72d7e",
  "organizationId" : "1e82c5a3-eaec-49c2-9ead-19e4c6e666d8",
  "firstName" : "First",
  "lastName" : "Last",
  "email" : "random-34@acme.com",
  "identityMappings" : [ {
    "id" : "ec9dad41-3587-40f2-9f7e-bac05ca369c3",
    "auth0UserId" : "auth0-opaque-userId-35",
    "identityProviderId" : "5d30b53c-2d4b-4190-bab6-0d2cbcb1b850",
    "userIdentityId" : "78292670-b171-4ad4-8e34-d9933ff72d7e"
  } ],
  "active" : false,
  "createdAt" : {
    "nano" : 758666000,
    "epochSecond" : 1652115257
  },
  "deletedAt" : null,
  "tenantId" : "1e82c5a3-eaec-49c2-9ead-19e4c6e666d8",
  "name" : "First Last",
  "type" : "UserIdentity"
}

Reset User Identity Mfa Settings

PUT /user-identities/{id}/reset-mfa

Calling this service will reset the user’s MFA settings. On their next login attempt, they will be required to setup their MFA settings again. This is useful if, for example, the user has replaced their phone and can no longer access their secondary authentication.

Authorization

Valid Authorization Bearer token required, along with a permission grant authorizing access to any referenced resources.

Path parameters

Parameter Type Optional Description

id

Object

false

The id of the user identity to reset.

Client lacks authorization for the '{action}' action on the '{resourceDesc}' resource over the {pathDesc} resource path.

Query parameters

No parameters.

Request fields

No request body.

Response fields

No response body.

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/user-identities/5fc4e6e6-08f9-4fa7-aa13-3a7ccdd20e0b/reset-mfa' -i -X PUT \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJ1R0w5cWtZRWIzVmFmQU5uU1NYa1NRIiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6IjgzYWJjMTEwLTIxOTEtNDJjYS04MjNmLTBiNjcxNjAxYTBjMyIsImF1ZCI6ImlkZW50aXR5IiwiaWF0IjoxNjUyMTE1MjU2LCJleHAiOjE2NTIxMTg4NTYsInBvbGljaWVzIjpbeyJyZXNvdXJjZXMiOlsibmZybjoqIl0sImFjdGlvbnMiOlsiKjoqIl19XSwiZ3JhbnRzLXN1cGVyIjoiW3tcImlkXCI6XCIxNWY2YjE4Zi01ZjgyLTRiMjktYjRhNS0yYThiZmFjZTU3YjhcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUxOTl9LHtcImlkXCI6XCJmMTc2MGFkNi00NDFkLTQ3YmYtYTZhMy00MGFjNjcxNjA4OGRcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNTZ9XSIsImdyYW50cy1jdXN0b20iOiJbXSIsImdyYW50cy1wdWJsaWMiOiJbXSIsImdyYW50cy1hY3Rpb24iOiJbXSIsImdyYW50cy1zdGFuZGFyZCI6IltdIn0.Vzrr1kTrGDa4NqCe7pkEW-OUdEiXBe2ErMR8Ylc73NuPKr00S7e0TsEGsZscwxia9ezvibCS-wI_wYTd4k-pAmjKrMNCUZ6bF_SSichaLfDW9VWD_GimTGUQwwU2u2iQAdB3zjz73zRQ3xwmvxXsjYCEuqiIqoQqlzD3fm2wsAEoMw-twZKc7MaCSke4-OzA-77bRIg-Q6WuaKlLi1KHsn3PBmMcxtXPGjuRfWnvm_ezoyBdYejVqZh_WLde7bQJLcjtqvrFXdlaehZy5pDqWYDFLhgRVofpmSFLRsP30eDzdXBMIKzc6GnXx5e85onkJFbSFjn-VHtteQYjNvxWoQ'

Example response

HTTP/1.1 200 OK

Map Identity

POST /user-identities/{id}/mapping

Authorization

Valid Authorization Bearer token required, along with a permission grant authorizing access to any referenced resources.

Path parameters

Parameter Type Optional Description

id

Object

false

Client lacks authorization for the '{action}' action on the '{resourceDesc}' resource over the {pathDesc} resource path.

Query parameters

No parameters.

Request fields

Path Type Optional Description

auth0UserId

String

false

Size must be between 1 and 128 inclusive.

identityProviderId

String

false

Response fields

No response body.

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/user-identities/45d5e750-4aec-431d-abf5-28f2b1036d30/mapping' -i -X POST \
    -H 'Content-Type: application/json' \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJ1R0w5cWtZRWIzVmFmQU5uU1NYa1NRIiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6IjgzYWJjMTEwLTIxOTEtNDJjYS04MjNmLTBiNjcxNjAxYTBjMyIsImF1ZCI6ImlkZW50aXR5IiwiaWF0IjoxNjUyMTE1MjU2LCJleHAiOjE2NTIxMTg4NTYsInBvbGljaWVzIjpbeyJyZXNvdXJjZXMiOlsibmZybjoqIl0sImFjdGlvbnMiOlsiKjoqIl19XSwiZ3JhbnRzLXN1cGVyIjoiW3tcImlkXCI6XCIxNWY2YjE4Zi01ZjgyLTRiMjktYjRhNS0yYThiZmFjZTU3YjhcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUxOTl9LHtcImlkXCI6XCJmMTc2MGFkNi00NDFkLTQ3YmYtYTZhMy00MGFjNjcxNjA4OGRcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNTZ9XSIsImdyYW50cy1jdXN0b20iOiJbXSIsImdyYW50cy1wdWJsaWMiOiJbXSIsImdyYW50cy1hY3Rpb24iOiJbXSIsImdyYW50cy1zdGFuZGFyZCI6IltdIn0.Vzrr1kTrGDa4NqCe7pkEW-OUdEiXBe2ErMR8Ylc73NuPKr00S7e0TsEGsZscwxia9ezvibCS-wI_wYTd4k-pAmjKrMNCUZ6bF_SSichaLfDW9VWD_GimTGUQwwU2u2iQAdB3zjz73zRQ3xwmvxXsjYCEuqiIqoQqlzD3fm2wsAEoMw-twZKc7MaCSke4-OzA-77bRIg-Q6WuaKlLi1KHsn3PBmMcxtXPGjuRfWnvm_ezoyBdYejVqZh_WLde7bQJLcjtqvrFXdlaehZy5pDqWYDFLhgRVofpmSFLRsP30eDzdXBMIKzc6GnXx5e85onkJFbSFjn-VHtteQYjNvxWoQ' \
    -d '{"auth0UserId":"new-auth0-userId:d5d79f60-6dec-48fa-8986-84c74e31f2a6","identityProviderId":"f3865c20-cd7f-45d4-b3ff-275af0e161c9"}'

Example response

HTTP/1.1 200 OK

Identity Session

Find Identity Sessions

GET /identity-sessions

Authorization

Valid Authorization Bearer token required, along with a permission grant authorizing access to any referenced resources.

Path parameters

No parameters.

Query parameters

Supports standard paging query parameters.

Parameter Type Optional Description

organizationId

Object

true

userIdentityId

Object

true

active

Boolean

true

Request fields

No request body.

Response fields

Standard paging response where content field is list of following objects:

Path Type Optional Description

id

String

false

Id of this {@link IdentitySession}.

userIdentityId

String

false

The id of the {@link UserIdentity} who’s API activity this session tracks.

idleSessionTimeoutSeconds

Integer

true

The {@link SessionConfiguration#getIdleSessionTimeoutSeconds()} value that was active at the time this session was created and the value that will be applied to the maintenance of this session. A session with a last API Request At time that is older than this idle session timeout is no longer an active session. See {@link SessionConfiguration} documentation for the meaning of edge values like 0, -1, etc. Note, an identity can explicitly logout a session regardless of this configuration.

autoLogoutIdleSession

Boolean

true

The {@link SessionConfiguration#isAutoLogoutIdleSession()} value that was active at the time this session was created and the value that will be applied to the maintenance of this session. A session with a last API Request At time that is older than this idle session timeout is in a Logout state. As a result, as long as this is the current session (not active, but current), the client will not be able to make API requests using a token which was created before the logout at timestamp. Note, an identity can explicitly logout a session regardless of this configuration.

firstApiRequestAt

Object

false

The time at which the first API request that triggered the creation of this session occurred. This value never changes after session creation.

lastApiRequestAt

Object

false

The most recent API request time for requests associated to this session. This value is updated as this session is actively used. Once this session becomes non-active, this value is no longer changes.

terminalState

String

true

The terminal state of this session. This will be null if this snapshot of the session was read while the session’s logical state was Active or the session record has not been processed into its logical terminal state. Once set, this value is the immutable persistent state of this session. ie: the session will never have a different state after this is set. See {@link IdentitySession#getState()} to determine the logical state, regardless of whether this session has been processed.

Must be one of [Active, IdleTimeout, Logout, Terminated].

terminatedAt

Object

true

Initially null, and set only at the moment that this session was processed from an active state to a terminal state. This will never change once set. This may not precisely equal the session’s configured time to live. Sessions may be terminated early by administrative action, such as when a new session configuration should be applied. Also, server processing time may result in some amount of drift from the configured session time to live. It is possible to read a session instance during this time, when it is logically terminated but has yet to be processed as such.

terminatedBy

String

true

Only set if the session is in a terminal state; this will hold the identity id that initiated the state transition. In case of auto-logout, this will be set to an internal service identifier which detected the sessions idle state and enforced the configured auto logout configuration. In cases of a user explicitly logging out or an administrator forcing a logout of another user, this will contain that identity id that made the logout request. This is set as part of processing the termination of the session, which can lag behind the logical point in time when the session was terminated.

asOf

Object

false

An ephemeral computed property; the point in time that this snapshot of the IdentitySession was read.

state

String

true

The logical state of this IdentitySession as of the point in time that it was read from the session persistent store. This will always reflect the logical state, regardless of whether this session has been processed or not. For example, if this session exceeded its idle TTL 3 seconds before reading it but the system had not yet processed it into its final terminated state …​ this computed property will still return the state as IdleTimeout even though the terminalState property is still null.

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/identity-sessions' -i -X GET \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJEaWNsektVRUZSZUVOWGZRdkFJOUN3IiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6IjgzYWJjMTEwLTIxOTEtNDJjYS04MjNmLTBiNjcxNjAxYTBjMyIsImF1ZCI6ImlkZW50aXR5IiwiaWF0IjoxNjUyMTE1MjY1LCJleHAiOjE2NTIxMTg4NjUsInBvbGljaWVzIjpbeyJyZXNvdXJjZXMiOlsibmZybjoqIl0sImFjdGlvbnMiOlsiKjoqIl19XSwiZ3JhbnRzLXN1cGVyIjoiW3tcImlkXCI6XCJmNWNlNGQwZC1kNTM0LTRhZjktYjMzOS01M2RmYzk5MWExZDJcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNjB9LHtcImlkXCI6XCIxNWY2YjE4Zi01ZjgyLTRiMjktYjRhNS0yYThiZmFjZTU3YjhcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUxOTl9LHtcImlkXCI6XCI4ZGRhNDU0Ny03ZTA4LTRjOTgtYWEzMi1hYTY0NmY5YTc3YTJcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNjJ9LHtcImlkXCI6XCI1YWVmMWQ2Yy02ZDJiLTQ3ZjMtYjhkNC1jOTRjODQ5NGY4N2VcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNjV9LHtcImlkXCI6XCJmMTc2MGFkNi00NDFkLTQ3YmYtYTZhMy00MGFjNjcxNjA4OGRcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNTZ9XSIsImdyYW50cy1jdXN0b20iOiJbXSIsImdyYW50cy1wdWJsaWMiOiJbXSIsImdyYW50cy1hY3Rpb24iOiJbXSIsImdyYW50cy1zdGFuZGFyZCI6IltdIn0.cWoNBkbWA8xB5BREc_u-uaMXvD4gmqTCgjH9_ni3y_zKXmNjABxwn2CYH7bqlrjIRMo4b5CGpvS05IlWLanx2RA4xDUsbHgkRMPGFTOJTcbzT0oR3b2un0Ef_3AgcSh2cKd17xVp94l8jqPz8q2IF5Mpa7Sh2CYqcCjebORNOXvnDUk9pW076Otg_nLKDqu6-bM3t0wP6iSq3jvj3QtPR73uYHFSN-skRSJr4w7vVyMuziWgK-T-fQDKHLLT3AyjoPmXcKgMLcXmTHYVBJTE5AG2-gX21zQ-emN9SsFogVBsgZ46HOdXLtqMLJo9Uh-t0B1E_du3NRruCCFLvPERrg'

Example response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 1774

[ {
  "id" : "131ffc15-c975-455b-8f35-752f30487288",
  "userIdentityId" : "857f83e3-d028-41d5-900c-0f77c5f31f72",
  "idleSessionTimeoutSeconds" : 300,
  "autoLogoutIdleSession" : false,
  "firstApiRequestAt" : {
    "nano" : 987871000,
    "epochSecond" : 1652115265
  },
  "lastApiRequestAt" : {
    "nano" : 987871000,
    "epochSecond" : 1652115265
  },
  "terminalState" : null,
  "terminatedAt" : null,
  "terminatedBy" : null,
  "asOf" : {
    "nano" : 250627000,
    "epochSecond" : 1652115266
  },
  "state" : "Active"
}, {
  "id" : "98b2a9a6-cf1b-4ee0-9c63-f31ac108f4fa",
  "userIdentityId" : "87c0b1af-9311-49b4-b610-824771723c58",
  "idleSessionTimeoutSeconds" : 300,
  "autoLogoutIdleSession" : false,
  "firstApiRequestAt" : {
    "nano" : 472438000,
    "epochSecond" : 1652115265
  },
  "lastApiRequestAt" : {
    "nano" : 472438000,
    "epochSecond" : 1652115265
  },
  "terminalState" : "Logout",
  "terminatedAt" : {
    "nano" : 827104000,
    "epochSecond" : 1652115265
  },
  "terminatedBy" : "83abc110-2191-42ca-823f-0b671601a0c3",
  "asOf" : {
    "nano" : 250627000,
    "epochSecond" : 1652115266
  },
  "state" : "Logout"
}, {
  "id" : "a3496185-e9a3-4beb-b07f-3b7215182b26",
  "userIdentityId" : "83abc110-2191-42ca-823f-0b671601a0c3",
  "idleSessionTimeoutSeconds" : 300,
  "autoLogoutIdleSession" : false,
  "firstApiRequestAt" : {
    "nano" : 190977000,
    "epochSecond" : 1652115265
  },
  "lastApiRequestAt" : {
    "nano" : 915156000,
    "epochSecond" : 1652115265
  },
  "terminalState" : "Logout",
  "terminatedAt" : {
    "nano" : 932734000,
    "epochSecond" : 1652115265
  },
  "terminatedBy" : "83abc110-2191-42ca-823f-0b671601a0c3",
  "asOf" : {
    "nano" : 250627000,
    "epochSecond" : 1652115266
  },
  "state" : "Logout"
} ]

Get Identity Session

GET /identity-sessions/{id}

Authorization

Valid Authorization Bearer token required, along with a permission grant authorizing access to any referenced resources.

Path parameters

Parameter Type Optional Description

id

Object

false

Client lacks authorization for the '{action}' action on the '{resourceDesc}' resource over the {pathDesc} resource path.

Query parameters

No parameters.

Request fields

No request body.

Response fields

Path Type Optional Description

id

String

false

Id of this {@link IdentitySession}.

userIdentityId

String

false

The id of the {@link UserIdentity} who’s API activity this session tracks.

idleSessionTimeoutSeconds

Integer

true

The {@link SessionConfiguration#getIdleSessionTimeoutSeconds()} value that was active at the time this session was created and the value that will be applied to the maintenance of this session. A session with a last API Request At time that is older than this idle session timeout is no longer an active session. See {@link SessionConfiguration} documentation for the meaning of edge values like 0, -1, etc. Note, an identity can explicitly logout a session regardless of this configuration.

autoLogoutIdleSession

Boolean

true

The {@link SessionConfiguration#isAutoLogoutIdleSession()} value that was active at the time this session was created and the value that will be applied to the maintenance of this session. A session with a last API Request At time that is older than this idle session timeout is in a Logout state. As a result, as long as this is the current session (not active, but current), the client will not be able to make API requests using a token which was created before the logout at timestamp. Note, an identity can explicitly logout a session regardless of this configuration.

firstApiRequestAt

Object

false

The time at which the first API request that triggered the creation of this session occurred. This value never changes after session creation.

lastApiRequestAt

Object

false

The most recent API request time for requests associated to this session. This value is updated as this session is actively used. Once this session becomes non-active, this value is no longer changes.

terminalState

String

true

The terminal state of this session. This will be null if this snapshot of the session was read while the session’s logical state was Active or the session record has not been processed into its logical terminal state. Once set, this value is the immutable persistent state of this session. ie: the session will never have a different state after this is set. See {@link IdentitySession#getState()} to determine the logical state, regardless of whether this session has been processed.

Must be one of [Active, IdleTimeout, Logout, Terminated].

terminatedAt

Object

true

Initially null, and set only at the moment that this session was processed from an active state to a terminal state. This will never change once set. This may not precisely equal the session’s configured time to live. Sessions may be terminated early by administrative action, such as when a new session configuration should be applied. Also, server processing time may result in some amount of drift from the configured session time to live. It is possible to read a session instance during this time, when it is logically terminated but has yet to be processed as such.

terminatedBy

String

true

Only set if the session is in a terminal state; this will hold the identity id that initiated the state transition. In case of auto-logout, this will be set to an internal service identifier which detected the sessions idle state and enforced the configured auto logout configuration. In cases of a user explicitly logging out or an administrator forcing a logout of another user, this will contain that identity id that made the logout request. This is set as part of processing the termination of the session, which can lag behind the logical point in time when the session was terminated.

asOf

Object

false

An ephemeral computed property; the point in time that this snapshot of the IdentitySession was read.

state

String

true

The logical state of this IdentitySession as of the point in time that it was read from the session persistent store. This will always reflect the logical state, regardless of whether this session has been processed or not. For example, if this session exceeded its idle TTL 3 seconds before reading it but the system had not yet processed it into its final terminated state …​ this computed property will still return the state as IdleTimeout even though the terminalState property is still null.

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/identity-sessions/131ffc15-c975-455b-8f35-752f30487288' -i -X GET \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJEaWNsektVRUZSZUVOWGZRdkFJOUN3IiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6IjgzYWJjMTEwLTIxOTEtNDJjYS04MjNmLTBiNjcxNjAxYTBjMyIsImF1ZCI6ImlkZW50aXR5IiwiaWF0IjoxNjUyMTE1MjY1LCJleHAiOjE2NTIxMTg4NjUsInBvbGljaWVzIjpbeyJyZXNvdXJjZXMiOlsibmZybjoqIl0sImFjdGlvbnMiOlsiKjoqIl19XSwiZ3JhbnRzLXN1cGVyIjoiW3tcImlkXCI6XCJmNWNlNGQwZC1kNTM0LTRhZjktYjMzOS01M2RmYzk5MWExZDJcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNjB9LHtcImlkXCI6XCIxNWY2YjE4Zi01ZjgyLTRiMjktYjRhNS0yYThiZmFjZTU3YjhcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUxOTl9LHtcImlkXCI6XCI4ZGRhNDU0Ny03ZTA4LTRjOTgtYWEzMi1hYTY0NmY5YTc3YTJcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNjJ9LHtcImlkXCI6XCI1YWVmMWQ2Yy02ZDJiLTQ3ZjMtYjhkNC1jOTRjODQ5NGY4N2VcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNjV9LHtcImlkXCI6XCJmMTc2MGFkNi00NDFkLTQ3YmYtYTZhMy00MGFjNjcxNjA4OGRcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNTZ9XSIsImdyYW50cy1jdXN0b20iOiJbXSIsImdyYW50cy1wdWJsaWMiOiJbXSIsImdyYW50cy1hY3Rpb24iOiJbXSIsImdyYW50cy1zdGFuZGFyZCI6IltdIn0.cWoNBkbWA8xB5BREc_u-uaMXvD4gmqTCgjH9_ni3y_zKXmNjABxwn2CYH7bqlrjIRMo4b5CGpvS05IlWLanx2RA4xDUsbHgkRMPGFTOJTcbzT0oR3b2un0Ef_3AgcSh2cKd17xVp94l8jqPz8q2IF5Mpa7Sh2CYqcCjebORNOXvnDUk9pW076Otg_nLKDqu6-bM3t0wP6iSq3jvj3QtPR73uYHFSN-skRSJr4w7vVyMuziWgK-T-fQDKHLLT3AyjoPmXcKgMLcXmTHYVBJTE5AG2-gX21zQ-emN9SsFogVBsgZ46HOdXLtqMLJo9Uh-t0B1E_du3NRruCCFLvPERrg'

Example response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 525

{
  "id" : "131ffc15-c975-455b-8f35-752f30487288",
  "userIdentityId" : "857f83e3-d028-41d5-900c-0f77c5f31f72",
  "idleSessionTimeoutSeconds" : 300,
  "autoLogoutIdleSession" : false,
  "firstApiRequestAt" : {
    "nano" : 987871000,
    "epochSecond" : 1652115265
  },
  "lastApiRequestAt" : {
    "nano" : 987871000,
    "epochSecond" : 1652115265
  },
  "terminalState" : null,
  "terminatedAt" : null,
  "terminatedBy" : null,
  "asOf" : {
    "nano" : 92495000,
    "epochSecond" : 1652115266
  },
  "state" : "Active"
}

Get Identity Session

GET /identity-sessions/self

Authorization

Valid Authorization Bearer token required, along with a permission grant authorizing access to any referenced resources.

Path parameters

No parameters.

Query parameters

No parameters.

Request fields

No request body.

Response fields

Path Type Optional Description

id

String

false

Id of this {@link IdentitySession}.

userIdentityId

String

false

The id of the {@link UserIdentity} who’s API activity this session tracks.

idleSessionTimeoutSeconds

Integer

true

The {@link SessionConfiguration#getIdleSessionTimeoutSeconds()} value that was active at the time this session was created and the value that will be applied to the maintenance of this session. A session with a last API Request At time that is older than this idle session timeout is no longer an active session. See {@link SessionConfiguration} documentation for the meaning of edge values like 0, -1, etc. Note, an identity can explicitly logout a session regardless of this configuration.

autoLogoutIdleSession

Boolean

true

The {@link SessionConfiguration#isAutoLogoutIdleSession()} value that was active at the time this session was created and the value that will be applied to the maintenance of this session. A session with a last API Request At time that is older than this idle session timeout is in a Logout state. As a result, as long as this is the current session (not active, but current), the client will not be able to make API requests using a token which was created before the logout at timestamp. Note, an identity can explicitly logout a session regardless of this configuration.

firstApiRequestAt

Object

false

The time at which the first API request that triggered the creation of this session occurred. This value never changes after session creation.

lastApiRequestAt

Object

false

The most recent API request time for requests associated to this session. This value is updated as this session is actively used. Once this session becomes non-active, this value is no longer changes.

terminalState

String

true

The terminal state of this session. This will be null if this snapshot of the session was read while the session’s logical state was Active or the session record has not been processed into its logical terminal state. Once set, this value is the immutable persistent state of this session. ie: the session will never have a different state after this is set. See {@link IdentitySession#getState()} to determine the logical state, regardless of whether this session has been processed.

Must be one of [Active, IdleTimeout, Logout, Terminated].

terminatedAt

Object

true

Initially null, and set only at the moment that this session was processed from an active state to a terminal state. This will never change once set. This may not precisely equal the session’s configured time to live. Sessions may be terminated early by administrative action, such as when a new session configuration should be applied. Also, server processing time may result in some amount of drift from the configured session time to live. It is possible to read a session instance during this time, when it is logically terminated but has yet to be processed as such.

terminatedBy

String

true

Only set if the session is in a terminal state; this will hold the identity id that initiated the state transition. In case of auto-logout, this will be set to an internal service identifier which detected the sessions idle state and enforced the configured auto logout configuration. In cases of a user explicitly logging out or an administrator forcing a logout of another user, this will contain that identity id that made the logout request. This is set as part of processing the termination of the session, which can lag behind the logical point in time when the session was terminated.

asOf

Object

false

An ephemeral computed property; the point in time that this snapshot of the IdentitySession was read.

state

String

true

The logical state of this IdentitySession as of the point in time that it was read from the session persistent store. This will always reflect the logical state, regardless of whether this session has been processed or not. For example, if this session exceeded its idle TTL 3 seconds before reading it but the system had not yet processed it into its final terminated state …​ this computed property will still return the state as IdleTimeout even though the terminalState property is still null.

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/identity-sessions/self' -i -X GET \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJEaWNsektVRUZSZUVOWGZRdkFJOUN3IiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6IjgzYWJjMTEwLTIxOTEtNDJjYS04MjNmLTBiNjcxNjAxYTBjMyIsImF1ZCI6ImlkZW50aXR5IiwiaWF0IjoxNjUyMTE1MjY1LCJleHAiOjE2NTIxMTg4NjUsInBvbGljaWVzIjpbeyJyZXNvdXJjZXMiOlsibmZybjoqIl0sImFjdGlvbnMiOlsiKjoqIl19XSwiZ3JhbnRzLXN1cGVyIjoiW3tcImlkXCI6XCJmNWNlNGQwZC1kNTM0LTRhZjktYjMzOS01M2RmYzk5MWExZDJcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNjB9LHtcImlkXCI6XCIxNWY2YjE4Zi01ZjgyLTRiMjktYjRhNS0yYThiZmFjZTU3YjhcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUxOTl9LHtcImlkXCI6XCI4ZGRhNDU0Ny03ZTA4LTRjOTgtYWEzMi1hYTY0NmY5YTc3YTJcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNjJ9LHtcImlkXCI6XCI1YWVmMWQ2Yy02ZDJiLTQ3ZjMtYjhkNC1jOTRjODQ5NGY4N2VcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNjV9LHtcImlkXCI6XCJmMTc2MGFkNi00NDFkLTQ3YmYtYTZhMy00MGFjNjcxNjA4OGRcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNTZ9XSIsImdyYW50cy1jdXN0b20iOiJbXSIsImdyYW50cy1wdWJsaWMiOiJbXSIsImdyYW50cy1hY3Rpb24iOiJbXSIsImdyYW50cy1zdGFuZGFyZCI6IltdIn0.cWoNBkbWA8xB5BREc_u-uaMXvD4gmqTCgjH9_ni3y_zKXmNjABxwn2CYH7bqlrjIRMo4b5CGpvS05IlWLanx2RA4xDUsbHgkRMPGFTOJTcbzT0oR3b2un0Ef_3AgcSh2cKd17xVp94l8jqPz8q2IF5Mpa7Sh2CYqcCjebORNOXvnDUk9pW076Otg_nLKDqu6-bM3t0wP6iSq3jvj3QtPR73uYHFSN-skRSJr4w7vVyMuziWgK-T-fQDKHLLT3AyjoPmXcKgMLcXmTHYVBJTE5AG2-gX21zQ-emN9SsFogVBsgZ46HOdXLtqMLJo9Uh-t0B1E_du3NRruCCFLvPERrg'

Example response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 526

{
  "id" : "a3496185-e9a3-4beb-b07f-3b7215182b26",
  "userIdentityId" : "83abc110-2191-42ca-823f-0b671601a0c3",
  "idleSessionTimeoutSeconds" : 300,
  "autoLogoutIdleSession" : false,
  "firstApiRequestAt" : {
    "nano" : 190977000,
    "epochSecond" : 1652115265
  },
  "lastApiRequestAt" : {
    "nano" : 190977000,
    "epochSecond" : 1652115265
  },
  "terminalState" : null,
  "terminatedAt" : null,
  "terminatedBy" : null,
  "asOf" : {
    "nano" : 266331000,
    "epochSecond" : 1652115265
  },
  "state" : "Active"
}

Logout

DELETE /identity-sessions

Authorization

Valid Authorization Bearer token required, along with a permission grant authorizing access to any referenced resources.

Path parameters

No parameters.

Query parameters

Parameter Type Optional Description

userIdentityId

Object

false

Request fields

No request body.

Response fields

No response body.

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/identity-sessions?userIdentityId=87c0b1af-9311-49b4-b610-824771723c58' -i -X DELETE \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJEaWNsektVRUZSZUVOWGZRdkFJOUN3IiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6IjgzYWJjMTEwLTIxOTEtNDJjYS04MjNmLTBiNjcxNjAxYTBjMyIsImF1ZCI6ImlkZW50aXR5IiwiaWF0IjoxNjUyMTE1MjY1LCJleHAiOjE2NTIxMTg4NjUsInBvbGljaWVzIjpbeyJyZXNvdXJjZXMiOlsibmZybjoqIl0sImFjdGlvbnMiOlsiKjoqIl19XSwiZ3JhbnRzLXN1cGVyIjoiW3tcImlkXCI6XCJmNWNlNGQwZC1kNTM0LTRhZjktYjMzOS01M2RmYzk5MWExZDJcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNjB9LHtcImlkXCI6XCIxNWY2YjE4Zi01ZjgyLTRiMjktYjRhNS0yYThiZmFjZTU3YjhcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUxOTl9LHtcImlkXCI6XCI4ZGRhNDU0Ny03ZTA4LTRjOTgtYWEzMi1hYTY0NmY5YTc3YTJcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNjJ9LHtcImlkXCI6XCI1YWVmMWQ2Yy02ZDJiLTQ3ZjMtYjhkNC1jOTRjODQ5NGY4N2VcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNjV9LHtcImlkXCI6XCJmMTc2MGFkNi00NDFkLTQ3YmYtYTZhMy00MGFjNjcxNjA4OGRcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNTZ9XSIsImdyYW50cy1jdXN0b20iOiJbXSIsImdyYW50cy1wdWJsaWMiOiJbXSIsImdyYW50cy1hY3Rpb24iOiJbXSIsImdyYW50cy1zdGFuZGFyZCI6IltdIn0.cWoNBkbWA8xB5BREc_u-uaMXvD4gmqTCgjH9_ni3y_zKXmNjABxwn2CYH7bqlrjIRMo4b5CGpvS05IlWLanx2RA4xDUsbHgkRMPGFTOJTcbzT0oR3b2un0Ef_3AgcSh2cKd17xVp94l8jqPz8q2IF5Mpa7Sh2CYqcCjebORNOXvnDUk9pW076Otg_nLKDqu6-bM3t0wP6iSq3jvj3QtPR73uYHFSN-skRSJr4w7vVyMuziWgK-T-fQDKHLLT3AyjoPmXcKgMLcXmTHYVBJTE5AG2-gX21zQ-emN9SsFogVBsgZ46HOdXLtqMLJo9Uh-t0B1E_du3NRruCCFLvPERrg'

Example response

HTTP/1.1 204 No Content

Logout

DELETE /identity-sessions/self

Authorization

Valid Authorization Bearer token required, along with a permission grant authorizing access to any referenced resources.

Path parameters

No parameters.

Query parameters

No parameters.

Request fields

No request body.

Response fields

No response body.

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/identity-sessions/self' -i -X DELETE \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJEaWNsektVRUZSZUVOWGZRdkFJOUN3IiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6IjgzYWJjMTEwLTIxOTEtNDJjYS04MjNmLTBiNjcxNjAxYTBjMyIsImF1ZCI6ImlkZW50aXR5IiwiaWF0IjoxNjUyMTE1MjY1LCJleHAiOjE2NTIxMTg4NjUsInBvbGljaWVzIjpbeyJyZXNvdXJjZXMiOlsibmZybjoqIl0sImFjdGlvbnMiOlsiKjoqIl19XSwiZ3JhbnRzLXN1cGVyIjoiW3tcImlkXCI6XCJmNWNlNGQwZC1kNTM0LTRhZjktYjMzOS01M2RmYzk5MWExZDJcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNjB9LHtcImlkXCI6XCIxNWY2YjE4Zi01ZjgyLTRiMjktYjRhNS0yYThiZmFjZTU3YjhcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUxOTl9LHtcImlkXCI6XCI4ZGRhNDU0Ny03ZTA4LTRjOTgtYWEzMi1hYTY0NmY5YTc3YTJcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNjJ9LHtcImlkXCI6XCI1YWVmMWQ2Yy02ZDJiLTQ3ZjMtYjhkNC1jOTRjODQ5NGY4N2VcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNjV9LHtcImlkXCI6XCJmMTc2MGFkNi00NDFkLTQ3YmYtYTZhMy00MGFjNjcxNjA4OGRcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNTZ9XSIsImdyYW50cy1jdXN0b20iOiJbXSIsImdyYW50cy1wdWJsaWMiOiJbXSIsImdyYW50cy1hY3Rpb24iOiJbXSIsImdyYW50cy1zdGFuZGFyZCI6IltdIn0.cWoNBkbWA8xB5BREc_u-uaMXvD4gmqTCgjH9_ni3y_zKXmNjABxwn2CYH7bqlrjIRMo4b5CGpvS05IlWLanx2RA4xDUsbHgkRMPGFTOJTcbzT0oR3b2un0Ef_3AgcSh2cKd17xVp94l8jqPz8q2IF5Mpa7Sh2CYqcCjebORNOXvnDUk9pW076Otg_nLKDqu6-bM3t0wP6iSq3jvj3QtPR73uYHFSN-skRSJr4w7vVyMuziWgK-T-fQDKHLLT3AyjoPmXcKgMLcXmTHYVBJTE5AG2-gX21zQ-emN9SsFogVBsgZ46HOdXLtqMLJo9Uh-t0B1E_du3NRruCCFLvPERrg'

Example response

HTTP/1.1 204 No Content

Session Configuration

Find Session Configurations

GET /session-configurations

Authorization

Valid Authorization Bearer token required, along with a permission grant authorizing access to any referenced resources.

Path parameters

No parameters.

Query parameters

Supports standard paging query parameters.

Parameter Type Optional Description

organizationId

Object

true

identityProviderId

Object

true

identityId

Object

true

idleSessionTimeoutSecondsMinInclusive

Integer

true

idleSessionTimeoutSecondsMaxExclusive

Integer

true

autoLogoutIdleSession

Boolean

true

includeDeleted

Boolean

true

Default value: 'false'.

Request fields

No request body.

Response fields

Standard paging response where content field is list of following objects:

Path Type Optional Description

id

String

false

The id of this {@link SessionConfiguration}.

organizationId

String

true

The {@link Organization} id that this {@link SessionConfiguration} applies to. This should be set for all configurations other than the platform default configuration. Selection of a configuration is based on the most specific match between this property and the properties for the {@link IdentityProvider} and {@link Identity} ids.

identityProviderId

String

true

The {@link IdentityProvider} id that this {@link SessionConfiguration} applies to. This is set when the configuration applies to identities within a specific IdentityProvider. Selection of a configuration is based on the most specific match between this property and the properties for the {@link Organization} and {@link Identity} ids.

identityId

String

true

The {@link UserIdentity} id that this {@link SessionConfiguration} applies to. This is set when the configuration applies to a specific {@link UserIdentity}. This is often null, as most configurations occur at the {@link Organization} level. Selection of a configuration is based on the most specific match between this property and the properties for the {@link Organization} and {@link IdentityProvider} ids.

idleSessionTimeoutSeconds

Integer

true

The maximum number of seconds between API requests after which the next request will result in a new session being created. A value of -1 will result in a non-expiring session. A value of 0 will result in an instantly expiring session. All values > 0 will result in sessions that can timeout due to inactivity. See the auto-logout property for additional effects at session timeout.

Must be at least -1.

autoLogoutIdleSession

Boolean

true

When true, a session that becomes idle (see idle session timeout) will automatically be logged out. A logged out session will result in the rejection of future requests which use a token that was created prior to this session’s logout time.

createdBy

String

false

createdAt

Object

false

updatedAt

Object

false

deletedAt

Object

true

deletedBy

String

true

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/session-configurations' -i -X GET \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJtNVpNcDdoX2xnZ1ZhODFEZ2ZNdXhRIiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6IjgzYWJjMTEwLTIxOTEtNDJjYS04MjNmLTBiNjcxNjAxYTBjMyIsImF1ZCI6ImlkZW50aXR5IiwiaWF0IjoxNjUyMTE1MjY4LCJleHAiOjE2NTIxMTg4NjgsInBvbGljaWVzIjpbeyJyZXNvdXJjZXMiOlsibmZybjoqIl0sImFjdGlvbnMiOlsiKjoqIl19XSwiZ3JhbnRzLXN1cGVyIjoiW3tcImlkXCI6XCJmNWNlNGQwZC1kNTM0LTRhZjktYjMzOS01M2RmYzk5MWExZDJcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNjB9LHtcImlkXCI6XCIxNWY2YjE4Zi01ZjgyLTRiMjktYjRhNS0yYThiZmFjZTU3YjhcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUxOTl9LHtcImlkXCI6XCI4ZGRhNDU0Ny03ZTA4LTRjOTgtYWEzMi1hYTY0NmY5YTc3YTJcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNjJ9LHtcImlkXCI6XCI4ZjM1YjgxMi05MDMxLTQyYzktYjdjNC1mNjgyMDA2NTVmODFcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNjh9LHtcImlkXCI6XCI1YWVmMWQ2Yy02ZDJiLTQ3ZjMtYjhkNC1jOTRjODQ5NGY4N2VcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNjV9LHtcImlkXCI6XCJmMTc2MGFkNi00NDFkLTQ3YmYtYTZhMy00MGFjNjcxNjA4OGRcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNTZ9LHtcImlkXCI6XCI2MTNmZjJmOS02NDNmLTQzOWQtOTM4YS03ZjFiZmNmOTYyMTBcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNjZ9XSIsImdyYW50cy1jdXN0b20iOiJbXSIsImdyYW50cy1wdWJsaWMiOiJbXSIsImdyYW50cy1hY3Rpb24iOiJbXSIsImdyYW50cy1zdGFuZGFyZCI6IltdIn0.ApSuuWHaAN-WazMmgCeIuI4aj-T69CbbU52iP20UK8pPIEVYsW9ceD51qns2GxOXjXiVqfywbmNVXodjRq0dz4l40wUUMV3gANlOcwfUjYjmqXSHs81lR4WlXw_MBU-4j4XagU4nCn6opVarNpo1WKFYyRiwZbjfuUs1Stz4OGNzw0EK7ZyMTf30hYQvuMReXqWzMjAwYFyiM91xpwJUREMsUJWI_NA59jPUxXiBX_ybHSJy_WLC3ZHPQz0Ij5UFau1Hrmi3ChGSzw-GwIxT4HQ34qwdOM8sudFz3HvLG0Z2ndlL8QVXReEqwoMlyrBWAV-KmAp9NSk8Pu-dHCBu9A'

Example response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 1521

[ {
  "id" : "2b6e152f-72bc-498b-991f-fd784c42423e",
  "organizationId" : "1e82c5a3-eaec-49c2-9ead-19e4c6e666d8",
  "identityProviderId" : null,
  "identityId" : "868e71e8-77ef-4f16-8b0b-76ad53f40865",
  "idleSessionTimeoutSeconds" : 123,
  "autoLogoutIdleSession" : true,
  "createdBy" : "72a7c3c6-58c3-4294-8766-bb2323382c94",
  "createdAt" : {
    "nano" : 880136000,
    "epochSecond" : 1652115268
  },
  "updatedAt" : {
    "nano" : 880136000,
    "epochSecond" : 1652115268
  },
  "deletedAt" : null,
  "deletedBy" : null
}, {
  "id" : "553370cb-fd31-4875-8dd5-0dca6259fb71",
  "organizationId" : null,
  "identityProviderId" : null,
  "identityId" : null,
  "idleSessionTimeoutSeconds" : 321,
  "autoLogoutIdleSession" : true,
  "createdBy" : "83abc110-2191-42ca-823f-0b671601a0c3",
  "createdAt" : {
    "nano" : 510051000,
    "epochSecond" : 1652115269
  },
  "updatedAt" : {
    "nano" : 510051000,
    "epochSecond" : 1652115269
  },
  "deletedAt" : null,
  "deletedBy" : null
}, {
  "id" : "77367108-150e-4f80-96b2-7e260107cde2",
  "organizationId" : "1e82c5a3-eaec-49c2-9ead-19e4c6e666d8",
  "identityProviderId" : null,
  "identityId" : "441a13d1-18b8-4bb4-9660-94f2d4b3a322",
  "idleSessionTimeoutSeconds" : 123,
  "autoLogoutIdleSession" : true,
  "createdBy" : "a2035d3b-2dd8-4df0-ac5a-257a374e71ab",
  "createdAt" : {
    "nano" : 122628000,
    "epochSecond" : 1652115269
  },
  "updatedAt" : {
    "nano" : 122628000,
    "epochSecond" : 1652115269
  },
  "deletedAt" : null,
  "deletedBy" : null
} ]

Get Session Configuration

GET /session-configurations/{id}

Authorization

Valid Authorization Bearer token required, along with a permission grant authorizing access to any referenced resources.

Path parameters

Parameter Type Optional Description

id

Object

false

Client lacks authorization for the '{action}' action on the '{resourceDesc}' resource over the {pathDesc} resource path.

Query parameters

No parameters.

Request fields

No request body.

Response fields

Path Type Optional Description

id

String

false

The id of this {@link SessionConfiguration}.

organizationId

String

true

The {@link Organization} id that this {@link SessionConfiguration} applies to. This should be set for all configurations other than the platform default configuration. Selection of a configuration is based on the most specific match between this property and the properties for the {@link IdentityProvider} and {@link Identity} ids.

identityProviderId

String

true

The {@link IdentityProvider} id that this {@link SessionConfiguration} applies to. This is set when the configuration applies to identities within a specific IdentityProvider. Selection of a configuration is based on the most specific match between this property and the properties for the {@link Organization} and {@link Identity} ids.

identityId

String

true

The {@link UserIdentity} id that this {@link SessionConfiguration} applies to. This is set when the configuration applies to a specific {@link UserIdentity}. This is often null, as most configurations occur at the {@link Organization} level. Selection of a configuration is based on the most specific match between this property and the properties for the {@link Organization} and {@link IdentityProvider} ids.

idleSessionTimeoutSeconds

Integer

true

The maximum number of seconds between API requests after which the next request will result in a new session being created. A value of -1 will result in a non-expiring session. A value of 0 will result in an instantly expiring session. All values > 0 will result in sessions that can timeout due to inactivity. See the auto-logout property for additional effects at session timeout.

Must be at least -1.

autoLogoutIdleSession

Boolean

true

When true, a session that becomes idle (see idle session timeout) will automatically be logged out. A logged out session will result in the rejection of future requests which use a token that was created prior to this session’s logout time.

createdBy

String

false

createdAt

Object

false

updatedAt

Object

false

deletedAt

Object

true

deletedBy

String

true

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/session-configurations/2b6e152f-72bc-498b-991f-fd784c42423e' -i -X GET \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJtNVpNcDdoX2xnZ1ZhODFEZ2ZNdXhRIiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6IjgzYWJjMTEwLTIxOTEtNDJjYS04MjNmLTBiNjcxNjAxYTBjMyIsImF1ZCI6ImlkZW50aXR5IiwiaWF0IjoxNjUyMTE1MjY4LCJleHAiOjE2NTIxMTg4NjgsInBvbGljaWVzIjpbeyJyZXNvdXJjZXMiOlsibmZybjoqIl0sImFjdGlvbnMiOlsiKjoqIl19XSwiZ3JhbnRzLXN1cGVyIjoiW3tcImlkXCI6XCJmNWNlNGQwZC1kNTM0LTRhZjktYjMzOS01M2RmYzk5MWExZDJcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNjB9LHtcImlkXCI6XCIxNWY2YjE4Zi01ZjgyLTRiMjktYjRhNS0yYThiZmFjZTU3YjhcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUxOTl9LHtcImlkXCI6XCI4ZGRhNDU0Ny03ZTA4LTRjOTgtYWEzMi1hYTY0NmY5YTc3YTJcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNjJ9LHtcImlkXCI6XCI4ZjM1YjgxMi05MDMxLTQyYzktYjdjNC1mNjgyMDA2NTVmODFcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNjh9LHtcImlkXCI6XCI1YWVmMWQ2Yy02ZDJiLTQ3ZjMtYjhkNC1jOTRjODQ5NGY4N2VcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNjV9LHtcImlkXCI6XCJmMTc2MGFkNi00NDFkLTQ3YmYtYTZhMy00MGFjNjcxNjA4OGRcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNTZ9LHtcImlkXCI6XCI2MTNmZjJmOS02NDNmLTQzOWQtOTM4YS03ZjFiZmNmOTYyMTBcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNjZ9XSIsImdyYW50cy1jdXN0b20iOiJbXSIsImdyYW50cy1wdWJsaWMiOiJbXSIsImdyYW50cy1hY3Rpb24iOiJbXSIsImdyYW50cy1zdGFuZGFyZCI6IltdIn0.ApSuuWHaAN-WazMmgCeIuI4aj-T69CbbU52iP20UK8pPIEVYsW9ceD51qns2GxOXjXiVqfywbmNVXodjRq0dz4l40wUUMV3gANlOcwfUjYjmqXSHs81lR4WlXw_MBU-4j4XagU4nCn6opVarNpo1WKFYyRiwZbjfuUs1Stz4OGNzw0EK7ZyMTf30hYQvuMReXqWzMjAwYFyiM91xpwJUREMsUJWI_NA59jPUxXiBX_ybHSJy_WLC3ZHPQz0Ij5UFau1Hrmi3ChGSzw-GwIxT4HQ34qwdOM8sudFz3HvLG0Z2ndlL8QVXReEqwoMlyrBWAV-KmAp9NSk8Pu-dHCBu9A'

Example response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 527

{
  "id" : "2b6e152f-72bc-498b-991f-fd784c42423e",
  "organizationId" : "1e82c5a3-eaec-49c2-9ead-19e4c6e666d8",
  "identityProviderId" : null,
  "identityId" : "868e71e8-77ef-4f16-8b0b-76ad53f40865",
  "idleSessionTimeoutSeconds" : 123,
  "autoLogoutIdleSession" : true,
  "createdBy" : "72a7c3c6-58c3-4294-8766-bb2323382c94",
  "createdAt" : {
    "nano" : 880136000,
    "epochSecond" : 1652115268
  },
  "updatedAt" : {
    "nano" : 880136000,
    "epochSecond" : 1652115268
  },
  "deletedAt" : null,
  "deletedBy" : null
}

Get Default For Platform

GET /session-configurations/default-platform

Authorization

Valid Authorization Bearer token required, along with a permission grant authorizing access to any referenced resources.

Path parameters

No parameters.

Query parameters

No parameters.

Request fields

No request body.

Response fields

Path Type Optional Description

id

String

false

The id of this {@link SessionConfiguration}.

organizationId

String

true

The {@link Organization} id that this {@link SessionConfiguration} applies to. This should be set for all configurations other than the platform default configuration. Selection of a configuration is based on the most specific match between this property and the properties for the {@link IdentityProvider} and {@link Identity} ids.

identityProviderId

String

true

The {@link IdentityProvider} id that this {@link SessionConfiguration} applies to. This is set when the configuration applies to identities within a specific IdentityProvider. Selection of a configuration is based on the most specific match between this property and the properties for the {@link Organization} and {@link Identity} ids.

identityId

String

true

The {@link UserIdentity} id that this {@link SessionConfiguration} applies to. This is set when the configuration applies to a specific {@link UserIdentity}. This is often null, as most configurations occur at the {@link Organization} level. Selection of a configuration is based on the most specific match between this property and the properties for the {@link Organization} and {@link IdentityProvider} ids.

idleSessionTimeoutSeconds

Integer

true

The maximum number of seconds between API requests after which the next request will result in a new session being created. A value of -1 will result in a non-expiring session. A value of 0 will result in an instantly expiring session. All values > 0 will result in sessions that can timeout due to inactivity. See the auto-logout property for additional effects at session timeout.

Must be at least -1.

autoLogoutIdleSession

Boolean

true

When true, a session that becomes idle (see idle session timeout) will automatically be logged out. A logged out session will result in the rejection of future requests which use a token that was created prior to this session’s logout time.

createdBy

String

false

createdAt

Object

false

updatedAt

Object

false

deletedAt

Object

true

deletedBy

String

true

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/session-configurations/default-platform' -i -X GET \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJtNVpNcDdoX2xnZ1ZhODFEZ2ZNdXhRIiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6IjgzYWJjMTEwLTIxOTEtNDJjYS04MjNmLTBiNjcxNjAxYTBjMyIsImF1ZCI6ImlkZW50aXR5IiwiaWF0IjoxNjUyMTE1MjY4LCJleHAiOjE2NTIxMTg4NjgsInBvbGljaWVzIjpbeyJyZXNvdXJjZXMiOlsibmZybjoqIl0sImFjdGlvbnMiOlsiKjoqIl19XSwiZ3JhbnRzLXN1cGVyIjoiW3tcImlkXCI6XCJmNWNlNGQwZC1kNTM0LTRhZjktYjMzOS01M2RmYzk5MWExZDJcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNjB9LHtcImlkXCI6XCIxNWY2YjE4Zi01ZjgyLTRiMjktYjRhNS0yYThiZmFjZTU3YjhcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUxOTl9LHtcImlkXCI6XCI4ZGRhNDU0Ny03ZTA4LTRjOTgtYWEzMi1hYTY0NmY5YTc3YTJcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNjJ9LHtcImlkXCI6XCI4ZjM1YjgxMi05MDMxLTQyYzktYjdjNC1mNjgyMDA2NTVmODFcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNjh9LHtcImlkXCI6XCI1YWVmMWQ2Yy02ZDJiLTQ3ZjMtYjhkNC1jOTRjODQ5NGY4N2VcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNjV9LHtcImlkXCI6XCJmMTc2MGFkNi00NDFkLTQ3YmYtYTZhMy00MGFjNjcxNjA4OGRcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNTZ9LHtcImlkXCI6XCI2MTNmZjJmOS02NDNmLTQzOWQtOTM4YS03ZjFiZmNmOTYyMTBcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNjZ9XSIsImdyYW50cy1jdXN0b20iOiJbXSIsImdyYW50cy1wdWJsaWMiOiJbXSIsImdyYW50cy1hY3Rpb24iOiJbXSIsImdyYW50cy1zdGFuZGFyZCI6IltdIn0.ApSuuWHaAN-WazMmgCeIuI4aj-T69CbbU52iP20UK8pPIEVYsW9ceD51qns2GxOXjXiVqfywbmNVXodjRq0dz4l40wUUMV3gANlOcwfUjYjmqXSHs81lR4WlXw_MBU-4j4XagU4nCn6opVarNpo1WKFYyRiwZbjfuUs1Stz4OGNzw0EK7ZyMTf30hYQvuMReXqWzMjAwYFyiM91xpwJUREMsUJWI_NA59jPUxXiBX_ybHSJy_WLC3ZHPQz0Ij5UFau1Hrmi3ChGSzw-GwIxT4HQ34qwdOM8sudFz3HvLG0Z2ndlL8QVXReEqwoMlyrBWAV-KmAp9NSk8Pu-dHCBu9A'

Example response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 459

{
  "id" : "553370cb-fd31-4875-8dd5-0dca6259fb71",
  "organizationId" : null,
  "identityProviderId" : null,
  "identityId" : null,
  "idleSessionTimeoutSeconds" : 321,
  "autoLogoutIdleSession" : true,
  "createdBy" : "83abc110-2191-42ca-823f-0b671601a0c3",
  "createdAt" : {
    "nano" : 510051000,
    "epochSecond" : 1652115269
  },
  "updatedAt" : {
    "nano" : 510051000,
    "epochSecond" : 1652115269
  },
  "deletedAt" : null,
  "deletedBy" : null
}

Get Default For Organization

GET /session-configurations/default-organization/{organizationId}

Authorization

Valid Authorization Bearer token required, along with a permission grant authorizing access to any referenced resources.

Path parameters

Parameter Type Optional Description

organizationId

Object

false

Query parameters

No parameters.

Request fields

No request body.

Response fields

Path Type Optional Description

id

String

false

The id of this {@link SessionConfiguration}.

organizationId

String

true

The {@link Organization} id that this {@link SessionConfiguration} applies to. This should be set for all configurations other than the platform default configuration. Selection of a configuration is based on the most specific match between this property and the properties for the {@link IdentityProvider} and {@link Identity} ids.

identityProviderId

String

true

The {@link IdentityProvider} id that this {@link SessionConfiguration} applies to. This is set when the configuration applies to identities within a specific IdentityProvider. Selection of a configuration is based on the most specific match between this property and the properties for the {@link Organization} and {@link Identity} ids.

identityId

String

true

The {@link UserIdentity} id that this {@link SessionConfiguration} applies to. This is set when the configuration applies to a specific {@link UserIdentity}. This is often null, as most configurations occur at the {@link Organization} level. Selection of a configuration is based on the most specific match between this property and the properties for the {@link Organization} and {@link IdentityProvider} ids.

idleSessionTimeoutSeconds

Integer

true

The maximum number of seconds between API requests after which the next request will result in a new session being created. A value of -1 will result in a non-expiring session. A value of 0 will result in an instantly expiring session. All values > 0 will result in sessions that can timeout due to inactivity. See the auto-logout property for additional effects at session timeout.

Must be at least -1.

autoLogoutIdleSession

Boolean

true

When true, a session that becomes idle (see idle session timeout) will automatically be logged out. A logged out session will result in the rejection of future requests which use a token that was created prior to this session’s logout time.

createdBy

String

false

createdAt

Object

false

updatedAt

Object

false

deletedAt

Object

true

deletedBy

String

true

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/session-configurations/default-organization/570a13bd-77ed-474a-9856-b73c916d1771' -i -X GET \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJtNVpNcDdoX2xnZ1ZhODFEZ2ZNdXhRIiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6IjgzYWJjMTEwLTIxOTEtNDJjYS04MjNmLTBiNjcxNjAxYTBjMyIsImF1ZCI6ImlkZW50aXR5IiwiaWF0IjoxNjUyMTE1MjY4LCJleHAiOjE2NTIxMTg4NjgsInBvbGljaWVzIjpbeyJyZXNvdXJjZXMiOlsibmZybjoqIl0sImFjdGlvbnMiOlsiKjoqIl19XSwiZ3JhbnRzLXN1cGVyIjoiW3tcImlkXCI6XCJmNWNlNGQwZC1kNTM0LTRhZjktYjMzOS01M2RmYzk5MWExZDJcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNjB9LHtcImlkXCI6XCIxNWY2YjE4Zi01ZjgyLTRiMjktYjRhNS0yYThiZmFjZTU3YjhcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUxOTl9LHtcImlkXCI6XCI4ZGRhNDU0Ny03ZTA4LTRjOTgtYWEzMi1hYTY0NmY5YTc3YTJcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNjJ9LHtcImlkXCI6XCI4ZjM1YjgxMi05MDMxLTQyYzktYjdjNC1mNjgyMDA2NTVmODFcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNjh9LHtcImlkXCI6XCI1YWVmMWQ2Yy02ZDJiLTQ3ZjMtYjhkNC1jOTRjODQ5NGY4N2VcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNjV9LHtcImlkXCI6XCJmMTc2MGFkNi00NDFkLTQ3YmYtYTZhMy00MGFjNjcxNjA4OGRcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNTZ9LHtcImlkXCI6XCI2MTNmZjJmOS02NDNmLTQzOWQtOTM4YS03ZjFiZmNmOTYyMTBcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNjZ9XSIsImdyYW50cy1jdXN0b20iOiJbXSIsImdyYW50cy1wdWJsaWMiOiJbXSIsImdyYW50cy1hY3Rpb24iOiJbXSIsImdyYW50cy1zdGFuZGFyZCI6IltdIn0.ApSuuWHaAN-WazMmgCeIuI4aj-T69CbbU52iP20UK8pPIEVYsW9ceD51qns2GxOXjXiVqfywbmNVXodjRq0dz4l40wUUMV3gANlOcwfUjYjmqXSHs81lR4WlXw_MBU-4j4XagU4nCn6opVarNpo1WKFYyRiwZbjfuUs1Stz4OGNzw0EK7ZyMTf30hYQvuMReXqWzMjAwYFyiM91xpwJUREMsUJWI_NA59jPUxXiBX_ybHSJy_WLC3ZHPQz0Ij5UFau1Hrmi3ChGSzw-GwIxT4HQ34qwdOM8sudFz3HvLG0Z2ndlL8QVXReEqwoMlyrBWAV-KmAp9NSk8Pu-dHCBu9A'

Example response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 493

{
  "id" : "66734c5f-1783-4c08-af8e-8561905cd00d",
  "organizationId" : "570a13bd-77ed-474a-9856-b73c916d1771",
  "identityProviderId" : null,
  "identityId" : null,
  "idleSessionTimeoutSeconds" : 100,
  "autoLogoutIdleSession" : true,
  "createdBy" : "a40a3f6c-98ed-4c69-b125-7ba65542e892",
  "createdAt" : {
    "nano" : 799369000,
    "epochSecond" : 1652115271
  },
  "updatedAt" : {
    "nano" : 799369000,
    "epochSecond" : 1652115271
  },
  "deletedAt" : null,
  "deletedBy" : null
}

Get Default For Identity Provider

GET /session-configurations/default-identity-provider/{identityProviderId}

Authorization

Valid Authorization Bearer token required, along with a permission grant authorizing access to any referenced resources.

Path parameters

Parameter Type Optional Description

identityProviderId

Object

false

Query parameters

No parameters.

Request fields

No request body.

Response fields

Path Type Optional Description

id

String

false

The id of this {@link SessionConfiguration}.

organizationId

String

true

The {@link Organization} id that this {@link SessionConfiguration} applies to. This should be set for all configurations other than the platform default configuration. Selection of a configuration is based on the most specific match between this property and the properties for the {@link IdentityProvider} and {@link Identity} ids.

identityProviderId

String

true

The {@link IdentityProvider} id that this {@link SessionConfiguration} applies to. This is set when the configuration applies to identities within a specific IdentityProvider. Selection of a configuration is based on the most specific match between this property and the properties for the {@link Organization} and {@link Identity} ids.

identityId

String

true

The {@link UserIdentity} id that this {@link SessionConfiguration} applies to. This is set when the configuration applies to a specific {@link UserIdentity}. This is often null, as most configurations occur at the {@link Organization} level. Selection of a configuration is based on the most specific match between this property and the properties for the {@link Organization} and {@link IdentityProvider} ids.

idleSessionTimeoutSeconds

Integer

true

The maximum number of seconds between API requests after which the next request will result in a new session being created. A value of -1 will result in a non-expiring session. A value of 0 will result in an instantly expiring session. All values > 0 will result in sessions that can timeout due to inactivity. See the auto-logout property for additional effects at session timeout.

Must be at least -1.

autoLogoutIdleSession

Boolean

true

When true, a session that becomes idle (see idle session timeout) will automatically be logged out. A logged out session will result in the rejection of future requests which use a token that was created prior to this session’s logout time.

createdBy

String

false

createdAt

Object

false

updatedAt

Object

false

deletedAt

Object

true

deletedBy

String

true

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/session-configurations/default-identity-provider/922f78fc-354c-4724-99fa-0f28488d530f' -i -X GET \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJtNVpNcDdoX2xnZ1ZhODFEZ2ZNdXhRIiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6IjgzYWJjMTEwLTIxOTEtNDJjYS04MjNmLTBiNjcxNjAxYTBjMyIsImF1ZCI6ImlkZW50aXR5IiwiaWF0IjoxNjUyMTE1MjY4LCJleHAiOjE2NTIxMTg4NjgsInBvbGljaWVzIjpbeyJyZXNvdXJjZXMiOlsibmZybjoqIl0sImFjdGlvbnMiOlsiKjoqIl19XSwiZ3JhbnRzLXN1cGVyIjoiW3tcImlkXCI6XCJmNWNlNGQwZC1kNTM0LTRhZjktYjMzOS01M2RmYzk5MWExZDJcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNjB9LHtcImlkXCI6XCIxNWY2YjE4Zi01ZjgyLTRiMjktYjRhNS0yYThiZmFjZTU3YjhcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUxOTl9LHtcImlkXCI6XCI4ZGRhNDU0Ny03ZTA4LTRjOTgtYWEzMi1hYTY0NmY5YTc3YTJcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNjJ9LHtcImlkXCI6XCI4ZjM1YjgxMi05MDMxLTQyYzktYjdjNC1mNjgyMDA2NTVmODFcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNjh9LHtcImlkXCI6XCI1YWVmMWQ2Yy02ZDJiLTQ3ZjMtYjhkNC1jOTRjODQ5NGY4N2VcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNjV9LHtcImlkXCI6XCJmMTc2MGFkNi00NDFkLTQ3YmYtYTZhMy00MGFjNjcxNjA4OGRcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNTZ9LHtcImlkXCI6XCI2MTNmZjJmOS02NDNmLTQzOWQtOTM4YS03ZjFiZmNmOTYyMTBcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNjZ9XSIsImdyYW50cy1jdXN0b20iOiJbXSIsImdyYW50cy1wdWJsaWMiOiJbXSIsImdyYW50cy1hY3Rpb24iOiJbXSIsImdyYW50cy1zdGFuZGFyZCI6IltdIn0.ApSuuWHaAN-WazMmgCeIuI4aj-T69CbbU52iP20UK8pPIEVYsW9ceD51qns2GxOXjXiVqfywbmNVXodjRq0dz4l40wUUMV3gANlOcwfUjYjmqXSHs81lR4WlXw_MBU-4j4XagU4nCn6opVarNpo1WKFYyRiwZbjfuUs1Stz4OGNzw0EK7ZyMTf30hYQvuMReXqWzMjAwYFyiM91xpwJUREMsUJWI_NA59jPUxXiBX_ybHSJy_WLC3ZHPQz0Ij5UFau1Hrmi3ChGSzw-GwIxT4HQ34qwdOM8sudFz3HvLG0Z2ndlL8QVXReEqwoMlyrBWAV-KmAp9NSk8Pu-dHCBu9A'

Example response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 527

{
  "id" : "ca6cff4b-2b1c-4ecc-b30b-a3494104fd9e",
  "organizationId" : "e5934b00-c92b-446d-8706-09f2bb9519d3",
  "identityProviderId" : "922f78fc-354c-4724-99fa-0f28488d530f",
  "identityId" : null,
  "idleSessionTimeoutSeconds" : 200,
  "autoLogoutIdleSession" : true,
  "createdBy" : "a53ae81a-c933-496e-9fdd-9288a929529e",
  "createdAt" : {
    "nano" : 175813000,
    "epochSecond" : 1652115270
  },
  "updatedAt" : {
    "nano" : 175813000,
    "epochSecond" : 1652115270
  },
  "deletedAt" : null,
  "deletedBy" : null
}

Get Default For Identity

GET /session-configurations/default-identity/{identityId}

Authorization

Valid Authorization Bearer token required, along with a permission grant authorizing access to any referenced resources.

Path parameters

Parameter Type Optional Description

identityId

Object

false

Query parameters

No parameters.

Request fields

No request body.

Response fields

Path Type Optional Description

id

String

false

The id of this {@link SessionConfiguration}.

organizationId

String

true

The {@link Organization} id that this {@link SessionConfiguration} applies to. This should be set for all configurations other than the platform default configuration. Selection of a configuration is based on the most specific match between this property and the properties for the {@link IdentityProvider} and {@link Identity} ids.

identityProviderId

String

true

The {@link IdentityProvider} id that this {@link SessionConfiguration} applies to. This is set when the configuration applies to identities within a specific IdentityProvider. Selection of a configuration is based on the most specific match between this property and the properties for the {@link Organization} and {@link Identity} ids.

identityId

String

true

The {@link UserIdentity} id that this {@link SessionConfiguration} applies to. This is set when the configuration applies to a specific {@link UserIdentity}. This is often null, as most configurations occur at the {@link Organization} level. Selection of a configuration is based on the most specific match between this property and the properties for the {@link Organization} and {@link IdentityProvider} ids.

idleSessionTimeoutSeconds

Integer

true

The maximum number of seconds between API requests after which the next request will result in a new session being created. A value of -1 will result in a non-expiring session. A value of 0 will result in an instantly expiring session. All values > 0 will result in sessions that can timeout due to inactivity. See the auto-logout property for additional effects at session timeout.

Must be at least -1.

autoLogoutIdleSession

Boolean

true

When true, a session that becomes idle (see idle session timeout) will automatically be logged out. A logged out session will result in the rejection of future requests which use a token that was created prior to this session’s logout time.

createdBy

String

false

createdAt

Object

false

updatedAt

Object

false

deletedAt

Object

true

deletedBy

String

true

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/session-configurations/default-identity/441a13d1-18b8-4bb4-9660-94f2d4b3a322' -i -X GET \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJtNVpNcDdoX2xnZ1ZhODFEZ2ZNdXhRIiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6IjgzYWJjMTEwLTIxOTEtNDJjYS04MjNmLTBiNjcxNjAxYTBjMyIsImF1ZCI6ImlkZW50aXR5IiwiaWF0IjoxNjUyMTE1MjY4LCJleHAiOjE2NTIxMTg4NjgsInBvbGljaWVzIjpbeyJyZXNvdXJjZXMiOlsibmZybjoqIl0sImFjdGlvbnMiOlsiKjoqIl19XSwiZ3JhbnRzLXN1cGVyIjoiW3tcImlkXCI6XCJmNWNlNGQwZC1kNTM0LTRhZjktYjMzOS01M2RmYzk5MWExZDJcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNjB9LHtcImlkXCI6XCIxNWY2YjE4Zi01ZjgyLTRiMjktYjRhNS0yYThiZmFjZTU3YjhcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUxOTl9LHtcImlkXCI6XCI4ZGRhNDU0Ny03ZTA4LTRjOTgtYWEzMi1hYTY0NmY5YTc3YTJcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNjJ9LHtcImlkXCI6XCI4ZjM1YjgxMi05MDMxLTQyYzktYjdjNC1mNjgyMDA2NTVmODFcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNjh9LHtcImlkXCI6XCI1YWVmMWQ2Yy02ZDJiLTQ3ZjMtYjhkNC1jOTRjODQ5NGY4N2VcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNjV9LHtcImlkXCI6XCJmMTc2MGFkNi00NDFkLTQ3YmYtYTZhMy00MGFjNjcxNjA4OGRcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNTZ9LHtcImlkXCI6XCI2MTNmZjJmOS02NDNmLTQzOWQtOTM4YS03ZjFiZmNmOTYyMTBcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNjZ9XSIsImdyYW50cy1jdXN0b20iOiJbXSIsImdyYW50cy1wdWJsaWMiOiJbXSIsImdyYW50cy1hY3Rpb24iOiJbXSIsImdyYW50cy1zdGFuZGFyZCI6IltdIn0.ApSuuWHaAN-WazMmgCeIuI4aj-T69CbbU52iP20UK8pPIEVYsW9ceD51qns2GxOXjXiVqfywbmNVXodjRq0dz4l40wUUMV3gANlOcwfUjYjmqXSHs81lR4WlXw_MBU-4j4XagU4nCn6opVarNpo1WKFYyRiwZbjfuUs1Stz4OGNzw0EK7ZyMTf30hYQvuMReXqWzMjAwYFyiM91xpwJUREMsUJWI_NA59jPUxXiBX_ybHSJy_WLC3ZHPQz0Ij5UFau1Hrmi3ChGSzw-GwIxT4HQ34qwdOM8sudFz3HvLG0Z2ndlL8QVXReEqwoMlyrBWAV-KmAp9NSk8Pu-dHCBu9A'

Example response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 527

{
  "id" : "77367108-150e-4f80-96b2-7e260107cde2",
  "organizationId" : "1e82c5a3-eaec-49c2-9ead-19e4c6e666d8",
  "identityProviderId" : null,
  "identityId" : "441a13d1-18b8-4bb4-9660-94f2d4b3a322",
  "idleSessionTimeoutSeconds" : 123,
  "autoLogoutIdleSession" : true,
  "createdBy" : "a2035d3b-2dd8-4df0-ac5a-257a374e71ab",
  "createdAt" : {
    "nano" : 122628000,
    "epochSecond" : 1652115269
  },
  "updatedAt" : {
    "nano" : 122628000,
    "epochSecond" : 1652115269
  },
  "deletedAt" : null,
  "deletedBy" : null
}

Set Default For Platform

POST /session-configurations/default-platform

Authorization

Valid Authorization Bearer token required, along with a permission grant authorizing access to any referenced resources.

Path parameters

No parameters.

Query parameters

No parameters.

Request fields

Path Type Optional Description

idleSessionTimeoutSeconds

Integer

true

The maximum number of seconds between API requests after which the next request will result in a new session being created. A value of -1 will result in a non-expiring session. A value of 0 will result in an instantly expiring session. All values > 0 will result in sessions that can timeout due to inactivity. See the auto-logout property for additional effects at session timeout.

io.netfoundry.common.util.validation.ValidAs.

autoLogoutIdleSession

Boolean

true

When true, a session that becomes idle (see idle session timeout) will automatically be logged out. A logged out session will result in the rejection of future requests which use a token that was created prior to this session’s logout time.

io.netfoundry.common.util.validation.ValidAs.

Response fields

Path Type Optional Description

id

String

false

The id of this {@link SessionConfiguration}.

organizationId

String

true

The {@link Organization} id that this {@link SessionConfiguration} applies to. This should be set for all configurations other than the platform default configuration. Selection of a configuration is based on the most specific match between this property and the properties for the {@link IdentityProvider} and {@link Identity} ids.

identityProviderId

String

true

The {@link IdentityProvider} id that this {@link SessionConfiguration} applies to. This is set when the configuration applies to identities within a specific IdentityProvider. Selection of a configuration is based on the most specific match between this property and the properties for the {@link Organization} and {@link Identity} ids.

identityId

String

true

The {@link UserIdentity} id that this {@link SessionConfiguration} applies to. This is set when the configuration applies to a specific {@link UserIdentity}. This is often null, as most configurations occur at the {@link Organization} level. Selection of a configuration is based on the most specific match between this property and the properties for the {@link Organization} and {@link IdentityProvider} ids.

idleSessionTimeoutSeconds

Integer

true

The maximum number of seconds between API requests after which the next request will result in a new session being created. A value of -1 will result in a non-expiring session. A value of 0 will result in an instantly expiring session. All values > 0 will result in sessions that can timeout due to inactivity. See the auto-logout property for additional effects at session timeout.

Must be at least -1.

autoLogoutIdleSession

Boolean

true

When true, a session that becomes idle (see idle session timeout) will automatically be logged out. A logged out session will result in the rejection of future requests which use a token that was created prior to this session’s logout time.

createdBy

String

false

createdAt

Object

false

updatedAt

Object

false

deletedAt

Object

true

deletedBy

String

true

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/session-configurations/default-platform' -i -X POST \
    -H 'Content-Type: application/json' \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJtNVpNcDdoX2xnZ1ZhODFEZ2ZNdXhRIiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6IjgzYWJjMTEwLTIxOTEtNDJjYS04MjNmLTBiNjcxNjAxYTBjMyIsImF1ZCI6ImlkZW50aXR5IiwiaWF0IjoxNjUyMTE1MjY4LCJleHAiOjE2NTIxMTg4NjgsInBvbGljaWVzIjpbeyJyZXNvdXJjZXMiOlsibmZybjoqIl0sImFjdGlvbnMiOlsiKjoqIl19XSwiZ3JhbnRzLXN1cGVyIjoiW3tcImlkXCI6XCJmNWNlNGQwZC1kNTM0LTRhZjktYjMzOS01M2RmYzk5MWExZDJcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNjB9LHtcImlkXCI6XCIxNWY2YjE4Zi01ZjgyLTRiMjktYjRhNS0yYThiZmFjZTU3YjhcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUxOTl9LHtcImlkXCI6XCI4ZGRhNDU0Ny03ZTA4LTRjOTgtYWEzMi1hYTY0NmY5YTc3YTJcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNjJ9LHtcImlkXCI6XCI4ZjM1YjgxMi05MDMxLTQyYzktYjdjNC1mNjgyMDA2NTVmODFcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNjh9LHtcImlkXCI6XCI1YWVmMWQ2Yy02ZDJiLTQ3ZjMtYjhkNC1jOTRjODQ5NGY4N2VcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNjV9LHtcImlkXCI6XCJmMTc2MGFkNi00NDFkLTQ3YmYtYTZhMy00MGFjNjcxNjA4OGRcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNTZ9LHtcImlkXCI6XCI2MTNmZjJmOS02NDNmLTQzOWQtOTM4YS03ZjFiZmNmOTYyMTBcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNjZ9XSIsImdyYW50cy1jdXN0b20iOiJbXSIsImdyYW50cy1wdWJsaWMiOiJbXSIsImdyYW50cy1hY3Rpb24iOiJbXSIsImdyYW50cy1zdGFuZGFyZCI6IltdIn0.ApSuuWHaAN-WazMmgCeIuI4aj-T69CbbU52iP20UK8pPIEVYsW9ceD51qns2GxOXjXiVqfywbmNVXodjRq0dz4l40wUUMV3gANlOcwfUjYjmqXSHs81lR4WlXw_MBU-4j4XagU4nCn6opVarNpo1WKFYyRiwZbjfuUs1Stz4OGNzw0EK7ZyMTf30hYQvuMReXqWzMjAwYFyiM91xpwJUREMsUJWI_NA59jPUxXiBX_ybHSJy_WLC3ZHPQz0Ij5UFau1Hrmi3ChGSzw-GwIxT4HQ34qwdOM8sudFz3HvLG0Z2ndlL8QVXReEqwoMlyrBWAV-KmAp9NSk8Pu-dHCBu9A' \
    -d '{"idleSessionTimeoutSeconds":321,"autoLogoutIdleSession":true}'

Example response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 459

{
  "id" : "553370cb-fd31-4875-8dd5-0dca6259fb71",
  "organizationId" : null,
  "identityProviderId" : null,
  "identityId" : null,
  "idleSessionTimeoutSeconds" : 321,
  "autoLogoutIdleSession" : true,
  "createdBy" : "83abc110-2191-42ca-823f-0b671601a0c3",
  "createdAt" : {
    "nano" : 510051000,
    "epochSecond" : 1652115269
  },
  "updatedAt" : {
    "nano" : 510051000,
    "epochSecond" : 1652115269
  },
  "deletedAt" : null,
  "deletedBy" : null
}

Set Default For Organization

POST /session-configurations/default-organization/{organizationId}

Authorization

Valid Authorization Bearer token required, along with a permission grant authorizing access to any referenced resources.

Path parameters

Parameter Type Optional Description

organizationId

Object

false

Query parameters

No parameters.

Request fields

Path Type Optional Description

idleSessionTimeoutSeconds

Integer

true

The maximum number of seconds between API requests after which the next request will result in a new session being created. A value of -1 will result in a non-expiring session. A value of 0 will result in an instantly expiring session. All values > 0 will result in sessions that can timeout due to inactivity. See the auto-logout property for additional effects at session timeout.

io.netfoundry.common.util.validation.ValidAs.

autoLogoutIdleSession

Boolean

true

When true, a session that becomes idle (see idle session timeout) will automatically be logged out. A logged out session will result in the rejection of future requests which use a token that was created prior to this session’s logout time.

io.netfoundry.common.util.validation.ValidAs.

Response fields

Path Type Optional Description

id

String

false

The id of this {@link SessionConfiguration}.

organizationId

String

true

The {@link Organization} id that this {@link SessionConfiguration} applies to. This should be set for all configurations other than the platform default configuration. Selection of a configuration is based on the most specific match between this property and the properties for the {@link IdentityProvider} and {@link Identity} ids.

identityProviderId

String

true

The {@link IdentityProvider} id that this {@link SessionConfiguration} applies to. This is set when the configuration applies to identities within a specific IdentityProvider. Selection of a configuration is based on the most specific match between this property and the properties for the {@link Organization} and {@link Identity} ids.

identityId

String

true

The {@link UserIdentity} id that this {@link SessionConfiguration} applies to. This is set when the configuration applies to a specific {@link UserIdentity}. This is often null, as most configurations occur at the {@link Organization} level. Selection of a configuration is based on the most specific match between this property and the properties for the {@link Organization} and {@link IdentityProvider} ids.

idleSessionTimeoutSeconds

Integer

true

The maximum number of seconds between API requests after which the next request will result in a new session being created. A value of -1 will result in a non-expiring session. A value of 0 will result in an instantly expiring session. All values > 0 will result in sessions that can timeout due to inactivity. See the auto-logout property for additional effects at session timeout.

Must be at least -1.

autoLogoutIdleSession

Boolean

true

When true, a session that becomes idle (see idle session timeout) will automatically be logged out. A logged out session will result in the rejection of future requests which use a token that was created prior to this session’s logout time.

createdBy

String

false

createdAt

Object

false

updatedAt

Object

false

deletedAt

Object

true

deletedBy

String

true

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/session-configurations/default-organization/172460d5-a9fa-4f9c-bccb-d6bee6cc12c5' -i -X POST \
    -H 'Content-Type: application/json' \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJtNVpNcDdoX2xnZ1ZhODFEZ2ZNdXhRIiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6IjgzYWJjMTEwLTIxOTEtNDJjYS04MjNmLTBiNjcxNjAxYTBjMyIsImF1ZCI6ImlkZW50aXR5IiwiaWF0IjoxNjUyMTE1MjY4LCJleHAiOjE2NTIxMTg4NjgsInBvbGljaWVzIjpbeyJyZXNvdXJjZXMiOlsibmZybjoqIl0sImFjdGlvbnMiOlsiKjoqIl19XSwiZ3JhbnRzLXN1cGVyIjoiW3tcImlkXCI6XCJmNWNlNGQwZC1kNTM0LTRhZjktYjMzOS01M2RmYzk5MWExZDJcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNjB9LHtcImlkXCI6XCIxNWY2YjE4Zi01ZjgyLTRiMjktYjRhNS0yYThiZmFjZTU3YjhcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUxOTl9LHtcImlkXCI6XCI4ZGRhNDU0Ny03ZTA4LTRjOTgtYWEzMi1hYTY0NmY5YTc3YTJcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNjJ9LHtcImlkXCI6XCI4ZjM1YjgxMi05MDMxLTQyYzktYjdjNC1mNjgyMDA2NTVmODFcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNjh9LHtcImlkXCI6XCI1YWVmMWQ2Yy02ZDJiLTQ3ZjMtYjhkNC1jOTRjODQ5NGY4N2VcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNjV9LHtcImlkXCI6XCJmMTc2MGFkNi00NDFkLTQ3YmYtYTZhMy00MGFjNjcxNjA4OGRcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNTZ9LHtcImlkXCI6XCI2MTNmZjJmOS02NDNmLTQzOWQtOTM4YS03ZjFiZmNmOTYyMTBcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNjZ9XSIsImdyYW50cy1jdXN0b20iOiJbXSIsImdyYW50cy1wdWJsaWMiOiJbXSIsImdyYW50cy1hY3Rpb24iOiJbXSIsImdyYW50cy1zdGFuZGFyZCI6IltdIn0.ApSuuWHaAN-WazMmgCeIuI4aj-T69CbbU52iP20UK8pPIEVYsW9ceD51qns2GxOXjXiVqfywbmNVXodjRq0dz4l40wUUMV3gANlOcwfUjYjmqXSHs81lR4WlXw_MBU-4j4XagU4nCn6opVarNpo1WKFYyRiwZbjfuUs1Stz4OGNzw0EK7ZyMTf30hYQvuMReXqWzMjAwYFyiM91xpwJUREMsUJWI_NA59jPUxXiBX_ybHSJy_WLC3ZHPQz0Ij5UFau1Hrmi3ChGSzw-GwIxT4HQ34qwdOM8sudFz3HvLG0Z2ndlL8QVXReEqwoMlyrBWAV-KmAp9NSk8Pu-dHCBu9A' \
    -d '{"idleSessionTimeoutSeconds":321,"autoLogoutIdleSession":true}'

Example response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 493

{
  "id" : "8a962ea0-f715-4d1b-af4e-4c0843f0d802",
  "organizationId" : "172460d5-a9fa-4f9c-bccb-d6bee6cc12c5",
  "identityProviderId" : null,
  "identityId" : null,
  "idleSessionTimeoutSeconds" : 321,
  "autoLogoutIdleSession" : true,
  "createdBy" : "83abc110-2191-42ca-823f-0b671601a0c3",
  "createdAt" : {
    "nano" : 741078000,
    "epochSecond" : 1652115272
  },
  "updatedAt" : {
    "nano" : 741078000,
    "epochSecond" : 1652115272
  },
  "deletedAt" : null,
  "deletedBy" : null
}

Set Default For Identity Provider

POST /session-configurations/default-identity-provider/{identityProviderId}

Authorization

Valid Authorization Bearer token required, along with a permission grant authorizing access to any referenced resources.

Path parameters

Parameter Type Optional Description

identityProviderId

Object

false

Query parameters

No parameters.

Request fields

Path Type Optional Description

idleSessionTimeoutSeconds

Integer

true

The maximum number of seconds between API requests after which the next request will result in a new session being created. A value of -1 will result in a non-expiring session. A value of 0 will result in an instantly expiring session. All values > 0 will result in sessions that can timeout due to inactivity. See the auto-logout property for additional effects at session timeout.

io.netfoundry.common.util.validation.ValidAs.

autoLogoutIdleSession

Boolean

true

When true, a session that becomes idle (see idle session timeout) will automatically be logged out. A logged out session will result in the rejection of future requests which use a token that was created prior to this session’s logout time.

io.netfoundry.common.util.validation.ValidAs.

Response fields

Path Type Optional Description

id

String

false

The id of this {@link SessionConfiguration}.

organizationId

String

true

The {@link Organization} id that this {@link SessionConfiguration} applies to. This should be set for all configurations other than the platform default configuration. Selection of a configuration is based on the most specific match between this property and the properties for the {@link IdentityProvider} and {@link Identity} ids.

identityProviderId

String

true

The {@link IdentityProvider} id that this {@link SessionConfiguration} applies to. This is set when the configuration applies to identities within a specific IdentityProvider. Selection of a configuration is based on the most specific match between this property and the properties for the {@link Organization} and {@link Identity} ids.

identityId

String

true

The {@link UserIdentity} id that this {@link SessionConfiguration} applies to. This is set when the configuration applies to a specific {@link UserIdentity}. This is often null, as most configurations occur at the {@link Organization} level. Selection of a configuration is based on the most specific match between this property and the properties for the {@link Organization} and {@link IdentityProvider} ids.

idleSessionTimeoutSeconds

Integer

true

The maximum number of seconds between API requests after which the next request will result in a new session being created. A value of -1 will result in a non-expiring session. A value of 0 will result in an instantly expiring session. All values > 0 will result in sessions that can timeout due to inactivity. See the auto-logout property for additional effects at session timeout.

Must be at least -1.

autoLogoutIdleSession

Boolean

true

When true, a session that becomes idle (see idle session timeout) will automatically be logged out. A logged out session will result in the rejection of future requests which use a token that was created prior to this session’s logout time.

createdBy

String

false

createdAt

Object

false

updatedAt

Object

false

deletedAt

Object

true

deletedBy

String

true

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/session-configurations/default-identity-provider/db79a8e3-9890-4a1c-9b07-3342769c7bf8' -i -X POST \
    -H 'Content-Type: application/json' \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJtNVpNcDdoX2xnZ1ZhODFEZ2ZNdXhRIiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6IjgzYWJjMTEwLTIxOTEtNDJjYS04MjNmLTBiNjcxNjAxYTBjMyIsImF1ZCI6ImlkZW50aXR5IiwiaWF0IjoxNjUyMTE1MjY4LCJleHAiOjE2NTIxMTg4NjgsInBvbGljaWVzIjpbeyJyZXNvdXJjZXMiOlsibmZybjoqIl0sImFjdGlvbnMiOlsiKjoqIl19XSwiZ3JhbnRzLXN1cGVyIjoiW3tcImlkXCI6XCJmNWNlNGQwZC1kNTM0LTRhZjktYjMzOS01M2RmYzk5MWExZDJcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNjB9LHtcImlkXCI6XCIxNWY2YjE4Zi01ZjgyLTRiMjktYjRhNS0yYThiZmFjZTU3YjhcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUxOTl9LHtcImlkXCI6XCI4ZGRhNDU0Ny03ZTA4LTRjOTgtYWEzMi1hYTY0NmY5YTc3YTJcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNjJ9LHtcImlkXCI6XCI4ZjM1YjgxMi05MDMxLTQyYzktYjdjNC1mNjgyMDA2NTVmODFcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNjh9LHtcImlkXCI6XCI1YWVmMWQ2Yy02ZDJiLTQ3ZjMtYjhkNC1jOTRjODQ5NGY4N2VcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNjV9LHtcImlkXCI6XCJmMTc2MGFkNi00NDFkLTQ3YmYtYTZhMy00MGFjNjcxNjA4OGRcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNTZ9LHtcImlkXCI6XCI2MTNmZjJmOS02NDNmLTQzOWQtOTM4YS03ZjFiZmNmOTYyMTBcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNjZ9XSIsImdyYW50cy1jdXN0b20iOiJbXSIsImdyYW50cy1wdWJsaWMiOiJbXSIsImdyYW50cy1hY3Rpb24iOiJbXSIsImdyYW50cy1zdGFuZGFyZCI6IltdIn0.ApSuuWHaAN-WazMmgCeIuI4aj-T69CbbU52iP20UK8pPIEVYsW9ceD51qns2GxOXjXiVqfywbmNVXodjRq0dz4l40wUUMV3gANlOcwfUjYjmqXSHs81lR4WlXw_MBU-4j4XagU4nCn6opVarNpo1WKFYyRiwZbjfuUs1Stz4OGNzw0EK7ZyMTf30hYQvuMReXqWzMjAwYFyiM91xpwJUREMsUJWI_NA59jPUxXiBX_ybHSJy_WLC3ZHPQz0Ij5UFau1Hrmi3ChGSzw-GwIxT4HQ34qwdOM8sudFz3HvLG0Z2ndlL8QVXReEqwoMlyrBWAV-KmAp9NSk8Pu-dHCBu9A' \
    -d '{"idleSessionTimeoutSeconds":321,"autoLogoutIdleSession":true}'

Example response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 525

{
  "id" : "03122620-3fda-444e-872a-0c91a86cc3cc",
  "organizationId" : "260324de-ec0f-4e18-9a4d-3c0d096b3cf0",
  "identityProviderId" : "db79a8e3-9890-4a1c-9b07-3342769c7bf8",
  "identityId" : null,
  "idleSessionTimeoutSeconds" : 321,
  "autoLogoutIdleSession" : true,
  "createdBy" : "83abc110-2191-42ca-823f-0b671601a0c3",
  "createdAt" : {
    "nano" : 14663000,
    "epochSecond" : 1652115270
  },
  "updatedAt" : {
    "nano" : 14663000,
    "epochSecond" : 1652115270
  },
  "deletedAt" : null,
  "deletedBy" : null
}

Set Default For Identity

POST /session-configurations/default-identity/{identityId}

Authorization

Valid Authorization Bearer token required, along with a permission grant authorizing access to any referenced resources.

Path parameters

Parameter Type Optional Description

identityId

Object

false

Query parameters

No parameters.

Request fields

Path Type Optional Description

idleSessionTimeoutSeconds

Integer

true

The maximum number of seconds between API requests after which the next request will result in a new session being created. A value of -1 will result in a non-expiring session. A value of 0 will result in an instantly expiring session. All values > 0 will result in sessions that can timeout due to inactivity. See the auto-logout property for additional effects at session timeout.

io.netfoundry.common.util.validation.ValidAs.

autoLogoutIdleSession

Boolean

true

When true, a session that becomes idle (see idle session timeout) will automatically be logged out. A logged out session will result in the rejection of future requests which use a token that was created prior to this session’s logout time.

io.netfoundry.common.util.validation.ValidAs.

Response fields

Path Type Optional Description

id

String

false

The id of this {@link SessionConfiguration}.

organizationId

String

true

The {@link Organization} id that this {@link SessionConfiguration} applies to. This should be set for all configurations other than the platform default configuration. Selection of a configuration is based on the most specific match between this property and the properties for the {@link IdentityProvider} and {@link Identity} ids.

identityProviderId

String

true

The {@link IdentityProvider} id that this {@link SessionConfiguration} applies to. This is set when the configuration applies to identities within a specific IdentityProvider. Selection of a configuration is based on the most specific match between this property and the properties for the {@link Organization} and {@link Identity} ids.

identityId

String

true

The {@link UserIdentity} id that this {@link SessionConfiguration} applies to. This is set when the configuration applies to a specific {@link UserIdentity}. This is often null, as most configurations occur at the {@link Organization} level. Selection of a configuration is based on the most specific match between this property and the properties for the {@link Organization} and {@link IdentityProvider} ids.

idleSessionTimeoutSeconds

Integer

true

The maximum number of seconds between API requests after which the next request will result in a new session being created. A value of -1 will result in a non-expiring session. A value of 0 will result in an instantly expiring session. All values > 0 will result in sessions that can timeout due to inactivity. See the auto-logout property for additional effects at session timeout.

Must be at least -1.

autoLogoutIdleSession

Boolean

true

When true, a session that becomes idle (see idle session timeout) will automatically be logged out. A logged out session will result in the rejection of future requests which use a token that was created prior to this session’s logout time.

createdBy

String

false

createdAt

Object

false

updatedAt

Object

false

deletedAt

Object

true

deletedBy

String

true

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/session-configurations/default-identity/d3bff6a9-b157-4526-afec-ea197996c995' -i -X POST \
    -H 'Content-Type: application/json' \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJtNVpNcDdoX2xnZ1ZhODFEZ2ZNdXhRIiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6IjgzYWJjMTEwLTIxOTEtNDJjYS04MjNmLTBiNjcxNjAxYTBjMyIsImF1ZCI6ImlkZW50aXR5IiwiaWF0IjoxNjUyMTE1MjY4LCJleHAiOjE2NTIxMTg4NjgsInBvbGljaWVzIjpbeyJyZXNvdXJjZXMiOlsibmZybjoqIl0sImFjdGlvbnMiOlsiKjoqIl19XSwiZ3JhbnRzLXN1cGVyIjoiW3tcImlkXCI6XCJmNWNlNGQwZC1kNTM0LTRhZjktYjMzOS01M2RmYzk5MWExZDJcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNjB9LHtcImlkXCI6XCIxNWY2YjE4Zi01ZjgyLTRiMjktYjRhNS0yYThiZmFjZTU3YjhcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUxOTl9LHtcImlkXCI6XCI4ZGRhNDU0Ny03ZTA4LTRjOTgtYWEzMi1hYTY0NmY5YTc3YTJcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNjJ9LHtcImlkXCI6XCI4ZjM1YjgxMi05MDMxLTQyYzktYjdjNC1mNjgyMDA2NTVmODFcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNjh9LHtcImlkXCI6XCI1YWVmMWQ2Yy02ZDJiLTQ3ZjMtYjhkNC1jOTRjODQ5NGY4N2VcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNjV9LHtcImlkXCI6XCJmMTc2MGFkNi00NDFkLTQ3YmYtYTZhMy00MGFjNjcxNjA4OGRcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNTZ9LHtcImlkXCI6XCI2MTNmZjJmOS02NDNmLTQzOWQtOTM4YS03ZjFiZmNmOTYyMTBcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNjZ9XSIsImdyYW50cy1jdXN0b20iOiJbXSIsImdyYW50cy1wdWJsaWMiOiJbXSIsImdyYW50cy1hY3Rpb24iOiJbXSIsImdyYW50cy1zdGFuZGFyZCI6IltdIn0.ApSuuWHaAN-WazMmgCeIuI4aj-T69CbbU52iP20UK8pPIEVYsW9ceD51qns2GxOXjXiVqfywbmNVXodjRq0dz4l40wUUMV3gANlOcwfUjYjmqXSHs81lR4WlXw_MBU-4j4XagU4nCn6opVarNpo1WKFYyRiwZbjfuUs1Stz4OGNzw0EK7ZyMTf30hYQvuMReXqWzMjAwYFyiM91xpwJUREMsUJWI_NA59jPUxXiBX_ybHSJy_WLC3ZHPQz0Ij5UFau1Hrmi3ChGSzw-GwIxT4HQ34qwdOM8sudFz3HvLG0Z2ndlL8QVXReEqwoMlyrBWAV-KmAp9NSk8Pu-dHCBu9A' \
    -d '{"idleSessionTimeoutSeconds":321,"autoLogoutIdleSession":true}'

Example response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 527

{
  "id" : "a2ad438f-5c8f-47e7-bf69-2f7ab73182fc",
  "organizationId" : "1e82c5a3-eaec-49c2-9ead-19e4c6e666d8",
  "identityProviderId" : "d3bff6a9-b157-4526-afec-ea197996c995",
  "identityId" : null,
  "idleSessionTimeoutSeconds" : 321,
  "autoLogoutIdleSession" : true,
  "createdBy" : "83abc110-2191-42ca-823f-0b671601a0c3",
  "createdAt" : {
    "nano" : 380683000,
    "epochSecond" : 1652115271
  },
  "updatedAt" : {
    "nano" : 380683000,
    "epochSecond" : 1652115271
  },
  "deletedAt" : null,
  "deletedBy" : null
}

Delete Default For Organization

DELETE /session-configurations/default-organization/{organizationId}

Authorization

Valid Authorization Bearer token required, along with a permission grant authorizing access to any referenced resources.

Path parameters

Parameter Type Optional Description

organizationId

Object

false

Query parameters

No parameters.

Request fields

No request body.

Response fields

No response body.

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/session-configurations/default-organization/1e82c5a3-eaec-49c2-9ead-19e4c6e666d8' -i -X DELETE \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJtNVpNcDdoX2xnZ1ZhODFEZ2ZNdXhRIiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6IjgzYWJjMTEwLTIxOTEtNDJjYS04MjNmLTBiNjcxNjAxYTBjMyIsImF1ZCI6ImlkZW50aXR5IiwiaWF0IjoxNjUyMTE1MjY4LCJleHAiOjE2NTIxMTg4NjgsInBvbGljaWVzIjpbeyJyZXNvdXJjZXMiOlsibmZybjoqIl0sImFjdGlvbnMiOlsiKjoqIl19XSwiZ3JhbnRzLXN1cGVyIjoiW3tcImlkXCI6XCJmNWNlNGQwZC1kNTM0LTRhZjktYjMzOS01M2RmYzk5MWExZDJcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNjB9LHtcImlkXCI6XCIxNWY2YjE4Zi01ZjgyLTRiMjktYjRhNS0yYThiZmFjZTU3YjhcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUxOTl9LHtcImlkXCI6XCI4ZGRhNDU0Ny03ZTA4LTRjOTgtYWEzMi1hYTY0NmY5YTc3YTJcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNjJ9LHtcImlkXCI6XCI4ZjM1YjgxMi05MDMxLTQyYzktYjdjNC1mNjgyMDA2NTVmODFcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNjh9LHtcImlkXCI6XCI1YWVmMWQ2Yy02ZDJiLTQ3ZjMtYjhkNC1jOTRjODQ5NGY4N2VcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNjV9LHtcImlkXCI6XCJmMTc2MGFkNi00NDFkLTQ3YmYtYTZhMy00MGFjNjcxNjA4OGRcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNTZ9LHtcImlkXCI6XCI2MTNmZjJmOS02NDNmLTQzOWQtOTM4YS03ZjFiZmNmOTYyMTBcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNjZ9XSIsImdyYW50cy1jdXN0b20iOiJbXSIsImdyYW50cy1wdWJsaWMiOiJbXSIsImdyYW50cy1hY3Rpb24iOiJbXSIsImdyYW50cy1zdGFuZGFyZCI6IltdIn0.ApSuuWHaAN-WazMmgCeIuI4aj-T69CbbU52iP20UK8pPIEVYsW9ceD51qns2GxOXjXiVqfywbmNVXodjRq0dz4l40wUUMV3gANlOcwfUjYjmqXSHs81lR4WlXw_MBU-4j4XagU4nCn6opVarNpo1WKFYyRiwZbjfuUs1Stz4OGNzw0EK7ZyMTf30hYQvuMReXqWzMjAwYFyiM91xpwJUREMsUJWI_NA59jPUxXiBX_ybHSJy_WLC3ZHPQz0Ij5UFau1Hrmi3ChGSzw-GwIxT4HQ34qwdOM8sudFz3HvLG0Z2ndlL8QVXReEqwoMlyrBWAV-KmAp9NSk8Pu-dHCBu9A'

Example response

HTTP/1.1 204 No Content

Delete Default For Identity Provider

DELETE /session-configurations/default-identity-provider/{identityProviderId}

Authorization

Valid Authorization Bearer token required, along with a permission grant authorizing access to any referenced resources.

Path parameters

Parameter Type Optional Description

identityProviderId

Object

false

Query parameters

No parameters.

Request fields

No request body.

Response fields

No response body.

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/session-configurations/default-identity-provider/6cc2d8c3-7b67-40bc-8089-349986112206' -i -X DELETE \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJtNVpNcDdoX2xnZ1ZhODFEZ2ZNdXhRIiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6IjgzYWJjMTEwLTIxOTEtNDJjYS04MjNmLTBiNjcxNjAxYTBjMyIsImF1ZCI6ImlkZW50aXR5IiwiaWF0IjoxNjUyMTE1MjY4LCJleHAiOjE2NTIxMTg4NjgsInBvbGljaWVzIjpbeyJyZXNvdXJjZXMiOlsibmZybjoqIl0sImFjdGlvbnMiOlsiKjoqIl19XSwiZ3JhbnRzLXN1cGVyIjoiW3tcImlkXCI6XCJmNWNlNGQwZC1kNTM0LTRhZjktYjMzOS01M2RmYzk5MWExZDJcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNjB9LHtcImlkXCI6XCIxNWY2YjE4Zi01ZjgyLTRiMjktYjRhNS0yYThiZmFjZTU3YjhcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUxOTl9LHtcImlkXCI6XCI4ZGRhNDU0Ny03ZTA4LTRjOTgtYWEzMi1hYTY0NmY5YTc3YTJcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNjJ9LHtcImlkXCI6XCI4ZjM1YjgxMi05MDMxLTQyYzktYjdjNC1mNjgyMDA2NTVmODFcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNjh9LHtcImlkXCI6XCI1YWVmMWQ2Yy02ZDJiLTQ3ZjMtYjhkNC1jOTRjODQ5NGY4N2VcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNjV9LHtcImlkXCI6XCJmMTc2MGFkNi00NDFkLTQ3YmYtYTZhMy00MGFjNjcxNjA4OGRcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNTZ9LHtcImlkXCI6XCI2MTNmZjJmOS02NDNmLTQzOWQtOTM4YS03ZjFiZmNmOTYyMTBcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNjZ9XSIsImdyYW50cy1jdXN0b20iOiJbXSIsImdyYW50cy1wdWJsaWMiOiJbXSIsImdyYW50cy1hY3Rpb24iOiJbXSIsImdyYW50cy1zdGFuZGFyZCI6IltdIn0.ApSuuWHaAN-WazMmgCeIuI4aj-T69CbbU52iP20UK8pPIEVYsW9ceD51qns2GxOXjXiVqfywbmNVXodjRq0dz4l40wUUMV3gANlOcwfUjYjmqXSHs81lR4WlXw_MBU-4j4XagU4nCn6opVarNpo1WKFYyRiwZbjfuUs1Stz4OGNzw0EK7ZyMTf30hYQvuMReXqWzMjAwYFyiM91xpwJUREMsUJWI_NA59jPUxXiBX_ybHSJy_WLC3ZHPQz0Ij5UFau1Hrmi3ChGSzw-GwIxT4HQ34qwdOM8sudFz3HvLG0Z2ndlL8QVXReEqwoMlyrBWAV-KmAp9NSk8Pu-dHCBu9A'

Example response

HTTP/1.1 204 No Content

Delete Default For Identity

DELETE /session-configurations/default-identity/{identityId}

Authorization

Valid Authorization Bearer token required, along with a permission grant authorizing access to any referenced resources.

Path parameters

Parameter Type Optional Description

identityId

Object

false

Query parameters

No parameters.

Request fields

No request body.

Response fields

No response body.

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/session-configurations/default-identity/63d13dc1-4b16-411f-9afd-a7f20780b3b0' -i -X DELETE \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJtNVpNcDdoX2xnZ1ZhODFEZ2ZNdXhRIiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6IjgzYWJjMTEwLTIxOTEtNDJjYS04MjNmLTBiNjcxNjAxYTBjMyIsImF1ZCI6ImlkZW50aXR5IiwiaWF0IjoxNjUyMTE1MjY4LCJleHAiOjE2NTIxMTg4NjgsInBvbGljaWVzIjpbeyJyZXNvdXJjZXMiOlsibmZybjoqIl0sImFjdGlvbnMiOlsiKjoqIl19XSwiZ3JhbnRzLXN1cGVyIjoiW3tcImlkXCI6XCJmNWNlNGQwZC1kNTM0LTRhZjktYjMzOS01M2RmYzk5MWExZDJcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNjB9LHtcImlkXCI6XCIxNWY2YjE4Zi01ZjgyLTRiMjktYjRhNS0yYThiZmFjZTU3YjhcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUxOTl9LHtcImlkXCI6XCI4ZGRhNDU0Ny03ZTA4LTRjOTgtYWEzMi1hYTY0NmY5YTc3YTJcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNjJ9LHtcImlkXCI6XCI4ZjM1YjgxMi05MDMxLTQyYzktYjdjNC1mNjgyMDA2NTVmODFcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNjh9LHtcImlkXCI6XCI1YWVmMWQ2Yy02ZDJiLTQ3ZjMtYjhkNC1jOTRjODQ5NGY4N2VcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNjV9LHtcImlkXCI6XCJmMTc2MGFkNi00NDFkLTQ3YmYtYTZhMy00MGFjNjcxNjA4OGRcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNTZ9LHtcImlkXCI6XCI2MTNmZjJmOS02NDNmLTQzOWQtOTM4YS03ZjFiZmNmOTYyMTBcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNjZ9XSIsImdyYW50cy1jdXN0b20iOiJbXSIsImdyYW50cy1wdWJsaWMiOiJbXSIsImdyYW50cy1hY3Rpb24iOiJbXSIsImdyYW50cy1zdGFuZGFyZCI6IltdIn0.ApSuuWHaAN-WazMmgCeIuI4aj-T69CbbU52iP20UK8pPIEVYsW9ceD51qns2GxOXjXiVqfywbmNVXodjRq0dz4l40wUUMV3gANlOcwfUjYjmqXSHs81lR4WlXw_MBU-4j4XagU4nCn6opVarNpo1WKFYyRiwZbjfuUs1Stz4OGNzw0EK7ZyMTf30hYQvuMReXqWzMjAwYFyiM91xpwJUREMsUJWI_NA59jPUxXiBX_ybHSJy_WLC3ZHPQz0Ij5UFau1Hrmi3ChGSzw-GwIxT4HQ34qwdOM8sudFz3HvLG0Z2ndlL8QVXReEqwoMlyrBWAV-KmAp9NSk8Pu-dHCBu9A'

Example response

HTTP/1.1 204 No Content

API Account Identity

Find Api Account Identities

GET /api-account-identities

Returns a set of {@link ApiAccountIdentity}s that are visible to the requesting client and optionally filtered based on the submitted request parameters.

Authorization

Valid Authorization Bearer token required, along with a permission grant authorizing access to any referenced resources.

Path parameters

No parameters.

Query parameters

Supports standard paging query parameters.

Parameter Type Optional Description

tenantId

Object

true

Deprecated..

organizationId

Object

true

Restricts results to Identities in the specified Organization (by Organization’s id.).

name

String

true

contactEmail

String

true

active

Boolean

true

Restricts results to Identities with a matching active status.

includeDeleted

Boolean

true

Default value: 'false'.

provider

String

true

Must be one of [Auth0, Cognito].

Request fields

No request body.

Response fields

Standard paging response where content field is list of following objects:

Path Type Optional Description

id

String

false

organizationId

String

false

auth0ClientId

String

true

Size must be between 16 and 128 inclusive.

awsCognitoClientId

String

true

Size must be between 16 and 128 inclusive.

authenticationUrl

String

false

The OAuth2 url where a client credentials grant flow should be performed.

Size must be between 16 and 128 inclusive.

name

String

true

io.netfoundry.common.util.validation.BasicPattern.

contactEmail

String

false

Must be a well-formed email address.
Size must be between 6 and 254 inclusive.

description

String

false

Size must be between 0 and 2048 inclusive.

active

Boolean

true

createdAt

Object

false

updatedAt

Object

false

deletedAt

Object

true

Returns the date that the identity was deleted or null if the identity has not been deleted. Note, identities are marked as deleted and not returned from searches unless explicitly requested.

tenantId

String

true

Deprecated. The Tenant resource has been renamed to Organization. Use getOrganizationId().

Returns the id of the {@link Organization} that this identity is a member of.

email

String

true

type

String

true

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/api-account-identities' -i -X GET \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJ5NU9VWGNqNjRCamxLX25LbEdVcDVnIiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6IjgzYWJjMTEwLTIxOTEtNDJjYS04MjNmLTBiNjcxNjAxYTBjMyIsImF1ZCI6ImlkZW50aXR5IiwiaWF0IjoxNjUyMTE1MTk5LCJleHAiOjE2NTIxMTg3OTksInBvbGljaWVzIjpbeyJyZXNvdXJjZXMiOlsibmZybjoqIl0sImFjdGlvbnMiOlsiKjoqIl19XSwiZ3JhbnRzLXN1cGVyIjoiW3tcImlkXCI6XCIxNWY2YjE4Zi01ZjgyLTRiMjktYjRhNS0yYThiZmFjZTU3YjhcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUxOTl9XSIsImdyYW50cy1jdXN0b20iOiJbXSIsImdyYW50cy1wdWJsaWMiOiJbXSIsImdyYW50cy1hY3Rpb24iOiJbXSIsImdyYW50cy1zdGFuZGFyZCI6IltdIn0.HXfic8uW4x2mbmO9pK4OY6-wVmjE42z8wnO62pwuZRq_8ihtHPFNL6j_RYA62Owpmwk6nSGzgNXI0ciaXkG1wRj_0MLu6_SD4qsRqpk2JQy66uLYm7P0ixAd9hSRw8AogbfO4IFpjY-7MOlDPmOHqtJ2Mf_Xr6I1cKhb26YAbFh_e5GQrhzTslP0jdldJvaWxUm2B9z4fRocEqgDjPUOdPTzvKnKJt4CA7Gp9aWMbTHhdJJKOamaWcVSJQjIMrLfyiVzYxtpzFzu3W3uprVz7cOcmmKYhnivzr-GoJ6ZJd21fG7UUaE7Tcg4D78VUv9S1yjnKIUykDzmPtirZGvmyw'

Example response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 2006

[ {
  "id" : "0275aab9-8d75-4aeb-9ef0-511680c0a86f",
  "organizationId" : "1e82c5a3-eaec-49c2-9ead-19e4c6e666d8",
  "auth0ClientId" : null,
  "awsCognitoClientId" : "658640f4-d382-4ec3-aeb4-7824a5d69d02|daofpcgd",
  "authenticationUrl" : "https://netfoundry-test-yonymr.auth.us-east-1.amazoncognito.com/oauth2/token",
  "name" : "Testing Limits",
  "contactEmail" : "a@acme.com",
  "description" : "description",
  "active" : true,
  "createdAt" : {
    "nano" : 816599000,
    "epochSecond" : 1652115226
  },
  "updatedAt" : null,
  "deletedAt" : null,
  "tenantId" : "1e82c5a3-eaec-49c2-9ead-19e4c6e666d8",
  "email" : "a@acme.com",
  "type" : "ApiAccountIdentity"
}, {
  "id" : "07403b0e-241b-49f2-8e7d-981750d24781",
  "organizationId" : "1e82c5a3-eaec-49c2-9ead-19e4c6e666d8",
  "auth0ClientId" : null,
  "awsCognitoClientId" : "ef4538b0-145f-4f64-8fa2-9ab62cec39d1|sdtweawn",
  "authenticationUrl" : "https://netfoundry-test-ndytnk.auth.us-east-1.amazoncognito.com/oauth2/token",
  "name" : "Testing Limits",
  "contactEmail" : "a@acme.com",
  "description" : "description",
  "active" : true,
  "createdAt" : {
    "nano" : 997060000,
    "epochSecond" : 1652115247
  },
  "updatedAt" : null,
  "deletedAt" : null,
  "tenantId" : "1e82c5a3-eaec-49c2-9ead-19e4c6e666d8",
  "email" : "a@acme.com",
  "type" : "ApiAccountIdentity"
}, {
  "id" : "08cda167-aa5c-4b5d-a15d-c8823fb5e0d9",
  "organizationId" : "1e82c5a3-eaec-49c2-9ead-19e4c6e666d8",
  "auth0ClientId" : null,
  "awsCognitoClientId" : "247cfed6-ecaa-4e98-b526-da80a3672b9a|uultuckf",
  "authenticationUrl" : "https://netfoundry-test-lxdgfy.auth.us-east-1.amazoncognito.com/oauth2/token",
  "name" : "Testing Limits",
  "contactEmail" : "a@acme.com",
  "description" : "description",
  "active" : true,
  "createdAt" : {
    "nano" : 161521000,
    "epochSecond" : 1652115240
  },
  "updatedAt" : null,
  "deletedAt" : null,
  "tenantId" : "1e82c5a3-eaec-49c2-9ead-19e4c6e666d8",
  "email" : "a@acme.com",
  "type" : "ApiAccountIdentity"
} ]

Get Api Account Identity

GET /api-account-identities/{id:[a-fA-F0-9]{8}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{12}}

Get an API Account Identity by its id.

Authorization

Valid Authorization Bearer token required, along with a permission grant authorizing access to any referenced resources.

Path parameters

Parameter Type Optional Description

id

Object

false

The id of the desired Identity.

Client lacks authorization for the '{action}' action on the '{resourceDesc}' resource over the {pathDesc} resource path.

Query parameters

No parameters.

Request fields

No request body.

Response fields

Path Type Optional Description

id

String

false

organizationId

String

false

auth0ClientId

String

true

Size must be between 16 and 128 inclusive.

awsCognitoClientId

String

true

Size must be between 16 and 128 inclusive.

authenticationUrl

String

false

The OAuth2 url where a client credentials grant flow should be performed.

Size must be between 16 and 128 inclusive.

name

String

true

io.netfoundry.common.util.validation.BasicPattern.

contactEmail

String

false

Must be a well-formed email address.
Size must be between 6 and 254 inclusive.

description

String

false

Size must be between 0 and 2048 inclusive.

active

Boolean

true

createdAt

Object

false

updatedAt

Object

false

deletedAt

Object

true

Returns the date that the identity was deleted or null if the identity has not been deleted. Note, identities are marked as deleted and not returned from searches unless explicitly requested.

tenantId

String

true

Deprecated. The Tenant resource has been renamed to Organization. Use getOrganizationId().

Returns the id of the {@link Organization} that this identity is a member of.

email

String

true

type

String

true

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/api-account-identities/75dde909-81dd-465e-8827-ee7a5a99455d' -i -X GET \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJ5NU9VWGNqNjRCamxLX25LbEdVcDVnIiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6IjgzYWJjMTEwLTIxOTEtNDJjYS04MjNmLTBiNjcxNjAxYTBjMyIsImF1ZCI6ImlkZW50aXR5IiwiaWF0IjoxNjUyMTE1MTk5LCJleHAiOjE2NTIxMTg3OTksInBvbGljaWVzIjpbeyJyZXNvdXJjZXMiOlsibmZybjoqIl0sImFjdGlvbnMiOlsiKjoqIl19XSwiZ3JhbnRzLXN1cGVyIjoiW3tcImlkXCI6XCIxNWY2YjE4Zi01ZjgyLTRiMjktYjRhNS0yYThiZmFjZTU3YjhcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUxOTl9XSIsImdyYW50cy1jdXN0b20iOiJbXSIsImdyYW50cy1wdWJsaWMiOiJbXSIsImdyYW50cy1hY3Rpb24iOiJbXSIsImdyYW50cy1zdGFuZGFyZCI6IltdIn0.HXfic8uW4x2mbmO9pK4OY6-wVmjE42z8wnO62pwuZRq_8ihtHPFNL6j_RYA62Owpmwk6nSGzgNXI0ciaXkG1wRj_0MLu6_SD4qsRqpk2JQy66uLYm7P0ixAd9hSRw8AogbfO4IFpjY-7MOlDPmOHqtJ2Mf_Xr6I1cKhb26YAbFh_e5GQrhzTslP0jdldJvaWxUm2B9z4fRocEqgDjPUOdPTzvKnKJt4CA7Gp9aWMbTHhdJJKOamaWcVSJQjIMrLfyiVzYxtpzFzu3W3uprVz7cOcmmKYhnivzr-GoJ6ZJd21fG7UUaE7Tcg4D78VUv9S1yjnKIUykDzmPtirZGvmyw'

Example response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 718

{
  "id" : "75dde909-81dd-465e-8827-ee7a5a99455d",
  "organizationId" : "1e82c5a3-eaec-49c2-9ead-19e4c6e666d8",
  "auth0ClientId" : "9bc9d191-1e71-4105-a703-6a5747fbc145",
  "awsCognitoClientId" : null,
  "authenticationUrl" : "http://127.0.0.1:1234/IdP/OAuth2/login",
  "name" : "api-account",
  "contactEmail" : "no-reply@acme.com",
  "description" : "This is an ACME non-interactive API client.",
  "active" : true,
  "createdAt" : {
    "nano" : 221461000,
    "epochSecond" : 1652115199
  },
  "updatedAt" : {
    "nano" : 719228000,
    "epochSecond" : 1652115203
  },
  "deletedAt" : null,
  "tenantId" : "1e82c5a3-eaec-49c2-9ead-19e4c6e666d8",
  "email" : "no-reply@acme.com",
  "type" : "ApiAccountIdentity"
}

Get Api Account Identity By Mapping

GET /api-account-identities/mapping/{clientId}

Authorization

Valid Authorization Bearer token required, along with a permission grant authorizing access to any referenced resources.

Path parameters

Parameter Type Optional Description

clientId

String

false

Query parameters

No parameters.

Request fields

No request body.

Response fields

Path Type Optional Description

id

String

false

organizationId

String

false

auth0ClientId

String

true

Size must be between 16 and 128 inclusive.

awsCognitoClientId

String

true

Size must be between 16 and 128 inclusive.

authenticationUrl

String

false

The OAuth2 url where a client credentials grant flow should be performed.

Size must be between 16 and 128 inclusive.

name

String

true

io.netfoundry.common.util.validation.BasicPattern.

contactEmail

String

false

Must be a well-formed email address.
Size must be between 6 and 254 inclusive.

description

String

false

Size must be between 0 and 2048 inclusive.

active

Boolean

true

createdAt

Object

false

updatedAt

Object

false

deletedAt

Object

true

Returns the date that the identity was deleted or null if the identity has not been deleted. Note, identities are marked as deleted and not returned from searches unless explicitly requested.

tenantId

String

true

Deprecated. The Tenant resource has been renamed to Organization. Use getOrganizationId().

Returns the id of the {@link Organization} that this identity is a member of.

email

String

true

type

String

true

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/api-account-identities/mapping/9cf26d89-b8cd-4005-b39a-38fbc1aa81c5' -i -X GET \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJ5NU9VWGNqNjRCamxLX25LbEdVcDVnIiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6IjgzYWJjMTEwLTIxOTEtNDJjYS04MjNmLTBiNjcxNjAxYTBjMyIsImF1ZCI6ImlkZW50aXR5IiwiaWF0IjoxNjUyMTE1MTk5LCJleHAiOjE2NTIxMTg3OTksInBvbGljaWVzIjpbeyJyZXNvdXJjZXMiOlsibmZybjoqIl0sImFjdGlvbnMiOlsiKjoqIl19XSwiZ3JhbnRzLXN1cGVyIjoiW3tcImlkXCI6XCIxNWY2YjE4Zi01ZjgyLTRiMjktYjRhNS0yYThiZmFjZTU3YjhcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUxOTl9XSIsImdyYW50cy1jdXN0b20iOiJbXSIsImdyYW50cy1wdWJsaWMiOiJbXSIsImdyYW50cy1hY3Rpb24iOiJbXSIsImdyYW50cy1zdGFuZGFyZCI6IltdIn0.HXfic8uW4x2mbmO9pK4OY6-wVmjE42z8wnO62pwuZRq_8ihtHPFNL6j_RYA62Owpmwk6nSGzgNXI0ciaXkG1wRj_0MLu6_SD4qsRqpk2JQy66uLYm7P0ixAd9hSRw8AogbfO4IFpjY-7MOlDPmOHqtJ2Mf_Xr6I1cKhb26YAbFh_e5GQrhzTslP0jdldJvaWxUm2B9z4fRocEqgDjPUOdPTzvKnKJt4CA7Gp9aWMbTHhdJJKOamaWcVSJQjIMrLfyiVzYxtpzFzu3W3uprVz7cOcmmKYhnivzr-GoJ6ZJd21fG7UUaE7Tcg4D78VUv9S1yjnKIUykDzmPtirZGvmyw'

Example response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 684

{
  "id" : "37f3916d-dc9c-4bc2-96eb-4c3ef157e9c3",
  "organizationId" : "1e82c5a3-eaec-49c2-9ead-19e4c6e666d8",
  "auth0ClientId" : "9cf26d89-b8cd-4005-b39a-38fbc1aa81c5",
  "awsCognitoClientId" : null,
  "authenticationUrl" : "http://127.0.0.1:1234/IdP/OAuth2/login",
  "name" : "ACME Internal Service-26",
  "contactEmail" : "service.admin-27@acme.com",
  "description" : "updatable API Account description-28",
  "active" : true,
  "createdAt" : {
    "nano" : 854598000,
    "epochSecond" : 1652115255
  },
  "updatedAt" : null,
  "deletedAt" : null,
  "tenantId" : "1e82c5a3-eaec-49c2-9ead-19e4c6e666d8",
  "email" : "service.admin-27@acme.com",
  "type" : "ApiAccountIdentity"
}

Create Api Account Identity

POST /api-account-identities

Authorization

Valid Authorization Bearer token required, along with a permission grant authorizing access to any referenced resources.

Path parameters

No parameters.

Query parameters

No parameters.

Request fields

Path Type Optional Description

organizationId

String

true

The id of the Organization within which this API Account should be created.

Client lacks authorization for the '{action}' action on the '{resourceDesc}' resource over the {pathDesc} resource path.

name

String

true

The user friendly name to assign to the API Account Identity. This value is for ease of administration.

contactEmail

String

true

An arbitrary email address to associate to the API Account Identity. This value is mainly for administrative purposes, to provide a point of contact for someone that presumably is knowledgeable about the usage of this API Account Identity.

description

String

true

A free form description.

grantDefaultRoles

Boolean

true

Optional flag that when true will result in the API Account Identity being granted the 'default' roles (Organization and Network Group Admin, at this time.) When false, no authorization, roles or otherwise, will be configured, and it is assumed that the caller has permission to manage permissions of this API Account Identity after the fact. This defaults to true if not specified in the request.

provider

String

true

The authorization provider that should be used. Either Auth0 or Cognito. Auth0 is deprecated, and Cognito should be used moving forward. Support for Auth0 will be dropped at a future point in time.

Must be one of [Auth0, Cognito].

Response fields

Path Type Optional Description

apiAccountIdentity

Object

true

apiAccountIdentity.id

String

false

apiAccountIdentity.organizationId

String

false

apiAccountIdentity.auth0ClientId

String

true

Size must be between 16 and 128 inclusive.

apiAccountIdentity.awsCognitoClientId

String

true

Size must be between 16 and 128 inclusive.

apiAccountIdentity.authenticationUrl

String

false

The OAuth2 url where a client credentials grant flow should be performed.

Size must be between 16 and 128 inclusive.

apiAccountIdentity.name

String

true

io.netfoundry.common.util.validation.BasicPattern.

apiAccountIdentity.contactEmail

String

false

Must be a well-formed email address.
Size must be between 6 and 254 inclusive.

apiAccountIdentity.description

String

false

Size must be between 0 and 2048 inclusive.

apiAccountIdentity.active

Boolean

true

apiAccountIdentity.createdAt

Object

false

apiAccountIdentity.updatedAt

Object

false

apiAccountIdentity.deletedAt

Object

true

Returns the date that the identity was deleted or null if the identity has not been deleted. Note, identities are marked as deleted and not returned from searches unless explicitly requested.

apiAccountIdentity.tenantId

String

true

Deprecated. The Tenant resource has been renamed to Organization. Use getOrganizationId().

Returns the id of the {@link Organization} that this identity is a member of.

apiAccountIdentity.email

String

true

apiAccountIdentity.type

String

true

clientId

String

true

The OAuth2 client id which must be passed to the OAuth2 provider at the specified authenticationUrl.

password

String

true

The OAuth2 client secret which must be passed to the OAuth2 provider at the specified authenticationUrl.

authenticationUrl

String

true

The url where the created client should authenticate, using a standard OAuth2 Client Credentials Grant Flow.

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/api-account-identities' -i -X POST \
    -H 'Content-Type: application/json' \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJ5NU9VWGNqNjRCamxLX25LbEdVcDVnIiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6IjgzYWJjMTEwLTIxOTEtNDJjYS04MjNmLTBiNjcxNjAxYTBjMyIsImF1ZCI6ImlkZW50aXR5IiwiaWF0IjoxNjUyMTE1MTk5LCJleHAiOjE2NTIxMTg3OTksInBvbGljaWVzIjpbeyJyZXNvdXJjZXMiOlsibmZybjoqIl0sImFjdGlvbnMiOlsiKjoqIl19XSwiZ3JhbnRzLXN1cGVyIjoiW3tcImlkXCI6XCIxNWY2YjE4Zi01ZjgyLTRiMjktYjRhNS0yYThiZmFjZTU3YjhcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUxOTl9XSIsImdyYW50cy1jdXN0b20iOiJbXSIsImdyYW50cy1wdWJsaWMiOiJbXSIsImdyYW50cy1hY3Rpb24iOiJbXSIsImdyYW50cy1zdGFuZGFyZCI6IltdIn0.HXfic8uW4x2mbmO9pK4OY6-wVmjE42z8wnO62pwuZRq_8ihtHPFNL6j_RYA62Owpmwk6nSGzgNXI0ciaXkG1wRj_0MLu6_SD4qsRqpk2JQy66uLYm7P0ixAd9hSRw8AogbfO4IFpjY-7MOlDPmOHqtJ2Mf_Xr6I1cKhb26YAbFh_e5GQrhzTslP0jdldJvaWxUm2B9z4fRocEqgDjPUOdPTzvKnKJt4CA7Gp9aWMbTHhdJJKOamaWcVSJQjIMrLfyiVzYxtpzFzu3W3uprVz7cOcmmKYhnivzr-GoJ6ZJd21fG7UUaE7Tcg4D78VUv9S1yjnKIUykDzmPtirZGvmyw' \
    -d '{"organizationId":"1e82c5a3-eaec-49c2-9ead-19e4c6e666d8","name":"HR Bridge Service","contactEmail":"hr.director@acme.com","description":"description goes here","grantDefaultRoles":true,"provider":"Cognito"}'

Example response

HTTP/1.1 201 Created
Content-Type: application/json
Content-Length: 939

{
  "apiAccountIdentity" : {
    "id" : "57aa1487-100a-48db-a2eb-fff1517fa97f",
    "organizationId" : "1e82c5a3-eaec-49c2-9ead-19e4c6e666d8",
    "auth0ClientId" : null,
    "awsCognitoClientId" : "0aed450c-012d-4c53-bebc-ec78ebbc32ce|riuktiox",
    "authenticationUrl" : "https://netfoundry-test-steqgw.auth.us-east-1.amazoncognito.com/oauth2/token",
    "name" : "HR Bridge Service",
    "contactEmail" : "hr.director@acme.com",
    "description" : "description goes here",
    "active" : true,
    "createdAt" : {
      "nano" : 39581000,
      "epochSecond" : 1652115213
    },
    "updatedAt" : null,
    "deletedAt" : null,
    "tenantId" : "1e82c5a3-eaec-49c2-9ead-19e4c6e666d8",
    "email" : "hr.director@acme.com",
    "type" : "ApiAccountIdentity"
  },
  "clientId" : "riuktiox",
  "password" : "cgrxkrahbspgkugcnkqwhmoo",
  "authenticationUrl" : "https://netfoundry-test-steqgw.auth.us-east-1.amazoncognito.com/oauth2/token"
}

Update Identity Info

PUT /api-account-identities/{id}

Authorization

Valid Authorization Bearer token required, along with a permission grant authorizing access to any referenced resources.

Path parameters

Parameter Type Optional Description

id

Object

false

Client lacks authorization for the '{action}' action on the '{resourceDesc}' resource over the {pathDesc} resource path.

Query parameters

No parameters.

Request fields

Path Type Optional Description

name

String

true

contactEmail

String

true

description

String

true

Response fields

Path Type Optional Description

id

String

false

organizationId

String

false

auth0ClientId

String

true

Size must be between 16 and 128 inclusive.

awsCognitoClientId

String

true

Size must be between 16 and 128 inclusive.

authenticationUrl

String

false

The OAuth2 url where a client credentials grant flow should be performed.

Size must be between 16 and 128 inclusive.

name

String

true

io.netfoundry.common.util.validation.BasicPattern.

contactEmail

String

false

Must be a well-formed email address.
Size must be between 6 and 254 inclusive.

description

String

false

Size must be between 0 and 2048 inclusive.

active

Boolean

true

createdAt

Object

false

updatedAt

Object

false

deletedAt

Object

true

Returns the date that the identity was deleted or null if the identity has not been deleted. Note, identities are marked as deleted and not returned from searches unless explicitly requested.

tenantId

String

true

Deprecated. The Tenant resource has been renamed to Organization. Use getOrganizationId().

Returns the id of the {@link Organization} that this identity is a member of.

email

String

true

type

String

true

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/api-account-identities/6ca5080a-e3d1-46f1-be81-d11498855a2d' -i -X PUT \
    -H 'Content-Type: application/json' \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJ5NU9VWGNqNjRCamxLX25LbEdVcDVnIiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6IjgzYWJjMTEwLTIxOTEtNDJjYS04MjNmLTBiNjcxNjAxYTBjMyIsImF1ZCI6ImlkZW50aXR5IiwiaWF0IjoxNjUyMTE1MTk5LCJleHAiOjE2NTIxMTg3OTksInBvbGljaWVzIjpbeyJyZXNvdXJjZXMiOlsibmZybjoqIl0sImFjdGlvbnMiOlsiKjoqIl19XSwiZ3JhbnRzLXN1cGVyIjoiW3tcImlkXCI6XCIxNWY2YjE4Zi01ZjgyLTRiMjktYjRhNS0yYThiZmFjZTU3YjhcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUxOTl9XSIsImdyYW50cy1jdXN0b20iOiJbXSIsImdyYW50cy1wdWJsaWMiOiJbXSIsImdyYW50cy1hY3Rpb24iOiJbXSIsImdyYW50cy1zdGFuZGFyZCI6IltdIn0.HXfic8uW4x2mbmO9pK4OY6-wVmjE42z8wnO62pwuZRq_8ihtHPFNL6j_RYA62Owpmwk6nSGzgNXI0ciaXkG1wRj_0MLu6_SD4qsRqpk2JQy66uLYm7P0ixAd9hSRw8AogbfO4IFpjY-7MOlDPmOHqtJ2Mf_Xr6I1cKhb26YAbFh_e5GQrhzTslP0jdldJvaWxUm2B9z4fRocEqgDjPUOdPTzvKnKJt4CA7Gp9aWMbTHhdJJKOamaWcVSJQjIMrLfyiVzYxtpzFzu3W3uprVz7cOcmmKYhnivzr-GoJ6ZJd21fG7UUaE7Tcg4D78VUv9S1yjnKIUykDzmPtirZGvmyw' \
    -d '{"name":"Robot","contactEmail":"robot@acme.com","description":"description here."}'

Example response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 680

{
  "id" : "6ca5080a-e3d1-46f1-be81-d11498855a2d",
  "organizationId" : "1e82c5a3-eaec-49c2-9ead-19e4c6e666d8",
  "auth0ClientId" : "3ad9007d-e025-4331-9fc9-f3414d3b5cd3",
  "awsCognitoClientId" : null,
  "authenticationUrl" : "http://127.0.0.1:1234/IdP/OAuth2/login",
  "name" : "Robot",
  "contactEmail" : "robot@acme.com",
  "description" : "description here.",
  "active" : true,
  "createdAt" : {
    "nano" : 349281000,
    "epochSecond" : 1652115199
  },
  "updatedAt" : {
    "nano" : 786857000,
    "epochSecond" : 1652115201
  },
  "deletedAt" : null,
  "tenantId" : "1e82c5a3-eaec-49c2-9ead-19e4c6e666d8",
  "email" : "robot@acme.com",
  "type" : "ApiAccountIdentity"
}

Activate Or Deactivate Api Account Identity

PUT /api-account-identities/{id}/{action:activate|deactivate}

Authorization

Valid Authorization Bearer token required, along with a permission grant authorizing access to any referenced resources.

Path parameters

Parameter Type Optional Description

id

Object

false

Client lacks authorization for the '{action}' action on the '{resourceDesc}' resource over the {pathDesc} resource path.

action

String

false

Query parameters

No parameters.

Request fields

No request body.

Response fields

Path Type Optional Description

id

String

false

organizationId

String

false

auth0ClientId

String

true

Size must be between 16 and 128 inclusive.

awsCognitoClientId

String

true

Size must be between 16 and 128 inclusive.

authenticationUrl

String

false

The OAuth2 url where a client credentials grant flow should be performed.

Size must be between 16 and 128 inclusive.

name

String

true

io.netfoundry.common.util.validation.BasicPattern.

contactEmail

String

false

Must be a well-formed email address.
Size must be between 6 and 254 inclusive.

description

String

false

Size must be between 0 and 2048 inclusive.

active

Boolean

true

createdAt

Object

false

updatedAt

Object

false

deletedAt

Object

true

Returns the date that the identity was deleted or null if the identity has not been deleted. Note, identities are marked as deleted and not returned from searches unless explicitly requested.

tenantId

String

true

Deprecated. The Tenant resource has been renamed to Organization. Use getOrganizationId().

Returns the id of the {@link Organization} that this identity is a member of.

email

String

true

type

String

true

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/api-account-identities/f918ecd1-85c0-4684-9f46-998c1866904a/deactivate' -i -X PUT \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJ5NU9VWGNqNjRCamxLX25LbEdVcDVnIiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6IjgzYWJjMTEwLTIxOTEtNDJjYS04MjNmLTBiNjcxNjAxYTBjMyIsImF1ZCI6ImlkZW50aXR5IiwiaWF0IjoxNjUyMTE1MTk5LCJleHAiOjE2NTIxMTg3OTksInBvbGljaWVzIjpbeyJyZXNvdXJjZXMiOlsibmZybjoqIl0sImFjdGlvbnMiOlsiKjoqIl19XSwiZ3JhbnRzLXN1cGVyIjoiW3tcImlkXCI6XCIxNWY2YjE4Zi01ZjgyLTRiMjktYjRhNS0yYThiZmFjZTU3YjhcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUxOTl9XSIsImdyYW50cy1jdXN0b20iOiJbXSIsImdyYW50cy1wdWJsaWMiOiJbXSIsImdyYW50cy1hY3Rpb24iOiJbXSIsImdyYW50cy1zdGFuZGFyZCI6IltdIn0.HXfic8uW4x2mbmO9pK4OY6-wVmjE42z8wnO62pwuZRq_8ihtHPFNL6j_RYA62Owpmwk6nSGzgNXI0ciaXkG1wRj_0MLu6_SD4qsRqpk2JQy66uLYm7P0ixAd9hSRw8AogbfO4IFpjY-7MOlDPmOHqtJ2Mf_Xr6I1cKhb26YAbFh_e5GQrhzTslP0jdldJvaWxUm2B9z4fRocEqgDjPUOdPTzvKnKJt4CA7Gp9aWMbTHhdJJKOamaWcVSJQjIMrLfyiVzYxtpzFzu3W3uprVz7cOcmmKYhnivzr-GoJ6ZJd21fG7UUaE7Tcg4D78VUv9S1yjnKIUykDzmPtirZGvmyw'

Example response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 740

{
  "id" : "f918ecd1-85c0-4684-9f46-998c1866904a",
  "organizationId" : "1e82c5a3-eaec-49c2-9ead-19e4c6e666d8",
  "auth0ClientId" : "e2a65fc4-9205-4fff-a29a-994721e8a677",
  "awsCognitoClientId" : null,
  "authenticationUrl" : "http://127.0.0.1:1234/IdP/OAuth2/login",
  "name" : "ACME Internal Service-20",
  "contactEmail" : "service.admin-21@acme.com",
  "description" : "updatable API Account description-22",
  "active" : false,
  "createdAt" : {
    "nano" : 62047000,
    "epochSecond" : 1652115255
  },
  "updatedAt" : {
    "nano" : 278679000,
    "epochSecond" : 1652115255
  },
  "deletedAt" : null,
  "tenantId" : "1e82c5a3-eaec-49c2-9ead-19e4c6e666d8",
  "email" : "service.admin-21@acme.com",
  "type" : "ApiAccountIdentity"
}

Invitation

Find Invitations

GET /invitations

Returns a set of Invitation instances based on the optional query parameters. The results will be constrained to the invitations that the client has authorization to view. Results may be further constrained by the setting any combination of query parameter values, which will logically AND’d together to form a filter for matching invitations. The states query parameter, unlike others, supports multiple values. For example, to retrieve a list of active invitations, specify states=Open,Declined,Expired.

Authorization

Valid Authorization Bearer token required, along with a permission grant authorizing access to any referenced resources.

Path parameters

No parameters.

Query parameters

Supports standard paging query parameters.

Parameter Type Optional Description

fromIdentityId

Object

true

The id of the identity that created the target invitation(s).

toTenantId

Object

true

Deprecated..

toOrganizationId

Object

true

The id of the organization that the resulting invitations are inviting into.

invitedEmailAddress

String

true

A full (no partial match support) email address to match against.

targetIdentityId

Object

true

The id of the identity that the invitation will/has assumed.

states

Object

true

One or more {@link State} names to restrict the invitations returned.

Must be one of [Open, Accepted, Declined, Expired, Revoked].

Request fields

No request body.

Response fields

Standard paging response where content field is list of following objects:

Path Type Optional Description

id

String

false

fromIdentityId

String

false

toOrganizationId

String

false

invitedEmailAddress

String

false

Must be a well-formed email address.
Size must be between 6 and 254 inclusive.

expiration

Object

false

targetUserIdentityId

String

true

Optional. The identity id that the invited party will be mapped to should they accept the invite.

accepted

Boolean

true

revokedAt

Object

true

The date-time that this invitation was revoked. If null, then this invitation has not been revoked. An open invitation (accepted == null) can be revoked, which will prevent the invitation from being accepted or declined by a user. The accepted state remains null to reflect that it was never accepted or declined. A declined or expired invitation can be revoked after the fact. An accepted invitation can not be revoked retroactively. Finally, revoking an invitation is a terminal operation. Once revoked, no other action can be taken.

responseReceivedAt

Object

true

The date-time that this invitation was marked as accepted or declined. If null, then there has been no response (accept or decline) of this invitation. This is effectively the update timestamp of the accepted property of an invitation.

toTenantId

String

true

Deprecated. The Tenant resource has been renamed to Organization. Use getToOrganizationId().

Returns the id of the {@link Organization} that the recipient is being invited to join.

state

String

true

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/invitations' -i -X GET \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJBaVFkNjNISUFGLUttZHRUMzJ5NjBRIiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6IjgzYWJjMTEwLTIxOTEtNDJjYS04MjNmLTBiNjcxNjAxYTBjMyIsImF1ZCI6ImlkZW50aXR5IiwiaWF0IjoxNjUyMTE1MjgxLCJleHAiOjE2NTIxMTg4ODEsInBvbGljaWVzIjpbeyJyZXNvdXJjZXMiOlsibmZybjoqIl0sImFjdGlvbnMiOlsiKjoqIl19XSwiZ3JhbnRzLXN1cGVyIjoiW3tcImlkXCI6XCJmNWNlNGQwZC1kNTM0LTRhZjktYjMzOS01M2RmYzk5MWExZDJcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNjB9LHtcImlkXCI6XCIxNWY2YjE4Zi01ZjgyLTRiMjktYjRhNS0yYThiZmFjZTU3YjhcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUxOTl9LHtcImlkXCI6XCI4ZGRhNDU0Ny03ZTA4LTRjOTgtYWEzMi1hYTY0NmY5YTc3YTJcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNjJ9LHtcImlkXCI6XCI2ODA3YTYyMC02N2U5LTQwNzctOTcyYy0wOGFiODRhMzhhYzhcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNzZ9LHtcImlkXCI6XCI4ZjM1YjgxMi05MDMxLTQyYzktYjdjNC1mNjgyMDA2NTVmODFcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNjh9LHtcImlkXCI6XCI1YWVmMWQ2Yy02ZDJiLTQ3ZjMtYjhkNC1jOTRjODQ5NGY4N2VcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNjV9LHtcImlkXCI6XCJiNTg4ZDE1YS01ODQ2LTQ0OTctODY0Zi00ZTczNTcyZDc3MTVcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNzN9LHtcImlkXCI6XCJmMTc2MGFkNi00NDFkLTQ3YmYtYTZhMy00MGFjNjcxNjA4OGRcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNTZ9LHtcImlkXCI6XCI2MTNmZjJmOS02NDNmLTQzOWQtOTM4YS03ZjFiZmNmOTYyMTBcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNjZ9LHtcImlkXCI6XCIxOGU2MTdkYy1hY2MzLTRhZDEtYTUzZC03ZDk2ZjQ5OTAwNTFcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyODF9XSIsImdyYW50cy1jdXN0b20iOiJbXSIsImdyYW50cy1wdWJsaWMiOiJbXSIsImdyYW50cy1hY3Rpb24iOiJbXSIsImdyYW50cy1zdGFuZGFyZCI6IltdIn0.dLs2Su7NvYO7kyh6iCLt1_ZFWhwIAGIcOi2072Z7iSfS8qTYAwU_leTKfzhZ35kOTlRwWxTRhwOKxvgxWK2HUteso7NxsWPZRBjh0-7cqmJfmihcWkfzayhwdkXYl7ilJD8O-eJxjOpTSRKkR2kHZefq8Ee52ydrgfwOqISFTBUtpuZEHcQg13soYjWnW3VjZEHbjPNN4P0N0nMUj-SzW8d4xC5_lDRCPiElbcXuzhgLIewQIpN-00S534SBsJk3qwhHSUyodPQ8uPlbQ2ATLjFn5U6fTi66PemMmsJjJlNiyD-jPcOpxNoramdOtXVz803RysGQGUfjCZ6SHEUh0g'

Example response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 527

[ {
  "id" : "f44520e4-ecd1-4341-9c87-404da3a36721",
  "fromIdentityId" : "83abc110-2191-42ca-823f-0b671601a0c3",
  "toOrganizationId" : "1e82c5a3-eaec-49c2-9ead-19e4c6e666d8",
  "invitedEmailAddress" : "new.employee@acme.com",
  "expiration" : {
    "nano" : 659494000,
    "epochSecond" : 1652720082
  },
  "targetUserIdentityId" : "64d5408b-64bf-40ea-b26c-0149e3db183b",
  "accepted" : null,
  "revokedAt" : null,
  "responseReceivedAt" : null,
  "toTenantId" : "1e82c5a3-eaec-49c2-9ead-19e4c6e666d8",
  "state" : "Open"
} ]

Get Invitation By Id

GET /invitations/{id:[a-fA-F0-9]{8}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{12}}

Authorization

Valid Authorization Bearer token required, along with a permission grant authorizing access to any referenced resources.

Path parameters

Parameter Type Optional Description

id

Object

false

Client lacks authorization for the '{action}' action on the '{resourceDesc}' resource over the {pathDesc} resource path.

Query parameters

No parameters.

Request fields

No request body.

Response fields

Path Type Optional Description

id

String

false

fromIdentityId

String

false

toOrganizationId

String

false

invitedEmailAddress

String

false

Must be a well-formed email address.
Size must be between 6 and 254 inclusive.

expiration

Object

false

targetUserIdentityId

String

true

Optional. The identity id that the invited party will be mapped to should they accept the invite.

accepted

Boolean

true

revokedAt

Object

true

The date-time that this invitation was revoked. If null, then this invitation has not been revoked. An open invitation (accepted == null) can be revoked, which will prevent the invitation from being accepted or declined by a user. The accepted state remains null to reflect that it was never accepted or declined. A declined or expired invitation can be revoked after the fact. An accepted invitation can not be revoked retroactively. Finally, revoking an invitation is a terminal operation. Once revoked, no other action can be taken.

responseReceivedAt

Object

true

The date-time that this invitation was marked as accepted or declined. If null, then there has been no response (accept or decline) of this invitation. This is effectively the update timestamp of the accepted property of an invitation.

toTenantId

String

true

Deprecated. The Tenant resource has been renamed to Organization. Use getToOrganizationId().

Returns the id of the {@link Organization} that the recipient is being invited to join.

state

String

true

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/invitations/2b0fa25c-5ccd-4254-bd3a-ebaaa490d39f' -i -X GET \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJBaVFkNjNISUFGLUttZHRUMzJ5NjBRIiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6IjgzYWJjMTEwLTIxOTEtNDJjYS04MjNmLTBiNjcxNjAxYTBjMyIsImF1ZCI6ImlkZW50aXR5IiwiaWF0IjoxNjUyMTE1MjgxLCJleHAiOjE2NTIxMTg4ODEsInBvbGljaWVzIjpbeyJyZXNvdXJjZXMiOlsibmZybjoqIl0sImFjdGlvbnMiOlsiKjoqIl19XSwiZ3JhbnRzLXN1cGVyIjoiW3tcImlkXCI6XCJmNWNlNGQwZC1kNTM0LTRhZjktYjMzOS01M2RmYzk5MWExZDJcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNjB9LHtcImlkXCI6XCIxNWY2YjE4Zi01ZjgyLTRiMjktYjRhNS0yYThiZmFjZTU3YjhcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUxOTl9LHtcImlkXCI6XCI4ZGRhNDU0Ny03ZTA4LTRjOTgtYWEzMi1hYTY0NmY5YTc3YTJcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNjJ9LHtcImlkXCI6XCI2ODA3YTYyMC02N2U5LTQwNzctOTcyYy0wOGFiODRhMzhhYzhcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNzZ9LHtcImlkXCI6XCI4ZjM1YjgxMi05MDMxLTQyYzktYjdjNC1mNjgyMDA2NTVmODFcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNjh9LHtcImlkXCI6XCI1YWVmMWQ2Yy02ZDJiLTQ3ZjMtYjhkNC1jOTRjODQ5NGY4N2VcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNjV9LHtcImlkXCI6XCJiNTg4ZDE1YS01ODQ2LTQ0OTctODY0Zi00ZTczNTcyZDc3MTVcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNzN9LHtcImlkXCI6XCJmMTc2MGFkNi00NDFkLTQ3YmYtYTZhMy00MGFjNjcxNjA4OGRcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNTZ9LHtcImlkXCI6XCI2MTNmZjJmOS02NDNmLTQzOWQtOTM4YS03ZjFiZmNmOTYyMTBcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNjZ9LHtcImlkXCI6XCIxOGU2MTdkYy1hY2MzLTRhZDEtYTUzZC03ZDk2ZjQ5OTAwNTFcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyODF9XSIsImdyYW50cy1jdXN0b20iOiJbXSIsImdyYW50cy1wdWJsaWMiOiJbXSIsImdyYW50cy1hY3Rpb24iOiJbXSIsImdyYW50cy1zdGFuZGFyZCI6IltdIn0.dLs2Su7NvYO7kyh6iCLt1_ZFWhwIAGIcOi2072Z7iSfS8qTYAwU_leTKfzhZ35kOTlRwWxTRhwOKxvgxWK2HUteso7NxsWPZRBjh0-7cqmJfmihcWkfzayhwdkXYl7ilJD8O-eJxjOpTSRKkR2kHZefq8Ee52ydrgfwOqISFTBUtpuZEHcQg13soYjWnW3VjZEHbjPNN4P0N0nMUj-SzW8d4xC5_lDRCPiElbcXuzhgLIewQIpN-00S534SBsJk3qwhHSUyodPQ8uPlbQ2ATLjFn5U6fTi66PemMmsJjJlNiyD-jPcOpxNoramdOtXVz803RysGQGUfjCZ6SHEUh0g'

Example response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 527

{
  "id" : "2b0fa25c-5ccd-4254-bd3a-ebaaa490d39f",
  "fromIdentityId" : "2d5a90e7-620b-4801-9ec4-2bdcffc86460",
  "toOrganizationId" : "1e82c5a3-eaec-49c2-9ead-19e4c6e666d8",
  "invitedEmailAddress" : "new.employee-115@acme.com",
  "expiration" : {
    "nano" : 814519000,
    "epochSecond" : 1652720083
  },
  "targetUserIdentityId" : "087d5cfa-e04e-4e48-bbae-24b2e356bc47",
  "accepted" : null,
  "revokedAt" : null,
  "responseReceivedAt" : null,
  "toTenantId" : "1e82c5a3-eaec-49c2-9ead-19e4c6e666d8",
  "state" : "Open"
}

Create Invitation

POST /invitations

Authorization

Valid Authorization Bearer token required, along with a permission grant authorizing access to any referenced resources.

Path parameters

No parameters.

Query parameters

No parameters.

Request fields

Path Type Optional Description

toOrganizationId

String

true

Client lacks authorization for the '{action}' action on the '{resourceDesc}' resource over the {pathDesc} resource path.

invitedEmailAddress

String

true

invitationUrl

String

false

targetUserIdentityId

String

true

Client lacks authorization for the '{action}' action on the '{resourceDesc}' resource over the {pathDesc} resource path.

Response fields

Path Type Optional Description

id

String

false

fromIdentityId

String

false

toOrganizationId

String

false

invitedEmailAddress

String

false

Must be a well-formed email address.
Size must be between 6 and 254 inclusive.

expiration

Object

false

targetUserIdentityId

String

true

Optional. The identity id that the invited party will be mapped to should they accept the invite.

accepted

Boolean

true

revokedAt

Object

true

The date-time that this invitation was revoked. If null, then this invitation has not been revoked. An open invitation (accepted == null) can be revoked, which will prevent the invitation from being accepted or declined by a user. The accepted state remains null to reflect that it was never accepted or declined. A declined or expired invitation can be revoked after the fact. An accepted invitation can not be revoked retroactively. Finally, revoking an invitation is a terminal operation. Once revoked, no other action can be taken.

responseReceivedAt

Object

true

The date-time that this invitation was marked as accepted or declined. If null, then there has been no response (accept or decline) of this invitation. This is effectively the update timestamp of the accepted property of an invitation.

toTenantId

String

true

Deprecated. The Tenant resource has been renamed to Organization. Use getToOrganizationId().

Returns the id of the {@link Organization} that the recipient is being invited to join.

state

String

true

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/invitations' -i -X POST \
    -H 'Content-Type: application/json' \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJBaVFkNjNISUFGLUttZHRUMzJ5NjBRIiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6IjgzYWJjMTEwLTIxOTEtNDJjYS04MjNmLTBiNjcxNjAxYTBjMyIsImF1ZCI6ImlkZW50aXR5IiwiaWF0IjoxNjUyMTE1MjgxLCJleHAiOjE2NTIxMTg4ODEsInBvbGljaWVzIjpbeyJyZXNvdXJjZXMiOlsibmZybjoqIl0sImFjdGlvbnMiOlsiKjoqIl19XSwiZ3JhbnRzLXN1cGVyIjoiW3tcImlkXCI6XCJmNWNlNGQwZC1kNTM0LTRhZjktYjMzOS01M2RmYzk5MWExZDJcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNjB9LHtcImlkXCI6XCIxNWY2YjE4Zi01ZjgyLTRiMjktYjRhNS0yYThiZmFjZTU3YjhcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUxOTl9LHtcImlkXCI6XCI4ZGRhNDU0Ny03ZTA4LTRjOTgtYWEzMi1hYTY0NmY5YTc3YTJcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNjJ9LHtcImlkXCI6XCI2ODA3YTYyMC02N2U5LTQwNzctOTcyYy0wOGFiODRhMzhhYzhcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNzZ9LHtcImlkXCI6XCI4ZjM1YjgxMi05MDMxLTQyYzktYjdjNC1mNjgyMDA2NTVmODFcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNjh9LHtcImlkXCI6XCI1YWVmMWQ2Yy02ZDJiLTQ3ZjMtYjhkNC1jOTRjODQ5NGY4N2VcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNjV9LHtcImlkXCI6XCJiNTg4ZDE1YS01ODQ2LTQ0OTctODY0Zi00ZTczNTcyZDc3MTVcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNzN9LHtcImlkXCI6XCJmMTc2MGFkNi00NDFkLTQ3YmYtYTZhMy00MGFjNjcxNjA4OGRcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNTZ9LHtcImlkXCI6XCI2MTNmZjJmOS02NDNmLTQzOWQtOTM4YS03ZjFiZmNmOTYyMTBcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNjZ9LHtcImlkXCI6XCIxOGU2MTdkYy1hY2MzLTRhZDEtYTUzZC03ZDk2ZjQ5OTAwNTFcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyODF9XSIsImdyYW50cy1jdXN0b20iOiJbXSIsImdyYW50cy1wdWJsaWMiOiJbXSIsImdyYW50cy1hY3Rpb24iOiJbXSIsImdyYW50cy1zdGFuZGFyZCI6IltdIn0.dLs2Su7NvYO7kyh6iCLt1_ZFWhwIAGIcOi2072Z7iSfS8qTYAwU_leTKfzhZ35kOTlRwWxTRhwOKxvgxWK2HUteso7NxsWPZRBjh0-7cqmJfmihcWkfzayhwdkXYl7ilJD8O-eJxjOpTSRKkR2kHZefq8Ee52ydrgfwOqISFTBUtpuZEHcQg13soYjWnW3VjZEHbjPNN4P0N0nMUj-SzW8d4xC5_lDRCPiElbcXuzhgLIewQIpN-00S534SBsJk3qwhHSUyodPQ8uPlbQ2ATLjFn5U6fTi66PemMmsJjJlNiyD-jPcOpxNoramdOtXVz803RysGQGUfjCZ6SHEUh0g' \
    -d '{"toOrganizationId":"1e82c5a3-eaec-49c2-9ead-19e4c6e666d8","invitedEmailAddress":"new.employee@acme.com","invitationUrl":"http://acme.console.netfoundry.io/invitation","targetUserIdentityId":"64d5408b-64bf-40ea-b26c-0149e3db183b"}'

Example response

HTTP/1.1 201 Created
Content-Type: application/json
Content-Length: 523

{
  "id" : "f44520e4-ecd1-4341-9c87-404da3a36721",
  "fromIdentityId" : "83abc110-2191-42ca-823f-0b671601a0c3",
  "toOrganizationId" : "1e82c5a3-eaec-49c2-9ead-19e4c6e666d8",
  "invitedEmailAddress" : "new.employee@acme.com",
  "expiration" : {
    "nano" : 659494000,
    "epochSecond" : 1652720082
  },
  "targetUserIdentityId" : "64d5408b-64bf-40ea-b26c-0149e3db183b",
  "accepted" : null,
  "revokedAt" : null,
  "responseReceivedAt" : null,
  "toTenantId" : "1e82c5a3-eaec-49c2-9ead-19e4c6e666d8",
  "state" : "Open"
}

Respond To Invitation

PUT /invitations/{id:[a-fA-F0-9]{8}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{12}}/{action:accept|decline}

This is not the typical way to accept or decline an invitation. See {@link InvitationFlowController}. This service is a straight update of the Invitation. It does not map the calling user, nor any other related activity. It simply updates the state of the Invitation.

Authorization

Valid Authorization Bearer token required, along with a permission grant authorizing access to any referenced resources.

Path parameters

Parameter Type Optional Description

id

Object

false

Client lacks authorization for the '{action}' action on the '{resourceDesc}' resource over the {pathDesc} resource path.

action

String

false

Query parameters

No parameters.

Request fields

No request body.

Response fields

Path Type Optional Description

id

String

false

fromIdentityId

String

false

toOrganizationId

String

false

invitedEmailAddress

String

false

Must be a well-formed email address.
Size must be between 6 and 254 inclusive.

expiration

Object

false

targetUserIdentityId

String

true

Optional. The identity id that the invited party will be mapped to should they accept the invite.

accepted

Boolean

true

revokedAt

Object

true

The date-time that this invitation was revoked. If null, then this invitation has not been revoked. An open invitation (accepted == null) can be revoked, which will prevent the invitation from being accepted or declined by a user. The accepted state remains null to reflect that it was never accepted or declined. A declined or expired invitation can be revoked after the fact. An accepted invitation can not be revoked retroactively. Finally, revoking an invitation is a terminal operation. Once revoked, no other action can be taken.

responseReceivedAt

Object

true

The date-time that this invitation was marked as accepted or declined. If null, then there has been no response (accept or decline) of this invitation. This is effectively the update timestamp of the accepted property of an invitation.

toTenantId

String

true

Deprecated. The Tenant resource has been renamed to Organization. Use getToOrganizationId().

Returns the id of the {@link Organization} that the recipient is being invited to join.

state

String

true

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/invitations/9d29a1b1-e2ad-4f05-b773-d56cfa318a31/decline' -i -X PUT \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJBaVFkNjNISUFGLUttZHRUMzJ5NjBRIiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6IjgzYWJjMTEwLTIxOTEtNDJjYS04MjNmLTBiNjcxNjAxYTBjMyIsImF1ZCI6ImlkZW50aXR5IiwiaWF0IjoxNjUyMTE1MjgxLCJleHAiOjE2NTIxMTg4ODEsInBvbGljaWVzIjpbeyJyZXNvdXJjZXMiOlsibmZybjoqIl0sImFjdGlvbnMiOlsiKjoqIl19XSwiZ3JhbnRzLXN1cGVyIjoiW3tcImlkXCI6XCJmNWNlNGQwZC1kNTM0LTRhZjktYjMzOS01M2RmYzk5MWExZDJcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNjB9LHtcImlkXCI6XCIxNWY2YjE4Zi01ZjgyLTRiMjktYjRhNS0yYThiZmFjZTU3YjhcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUxOTl9LHtcImlkXCI6XCI4ZGRhNDU0Ny03ZTA4LTRjOTgtYWEzMi1hYTY0NmY5YTc3YTJcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNjJ9LHtcImlkXCI6XCI2ODA3YTYyMC02N2U5LTQwNzctOTcyYy0wOGFiODRhMzhhYzhcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNzZ9LHtcImlkXCI6XCI4ZjM1YjgxMi05MDMxLTQyYzktYjdjNC1mNjgyMDA2NTVmODFcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNjh9LHtcImlkXCI6XCI1YWVmMWQ2Yy02ZDJiLTQ3ZjMtYjhkNC1jOTRjODQ5NGY4N2VcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNjV9LHtcImlkXCI6XCJiNTg4ZDE1YS01ODQ2LTQ0OTctODY0Zi00ZTczNTcyZDc3MTVcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNzN9LHtcImlkXCI6XCJmMTc2MGFkNi00NDFkLTQ3YmYtYTZhMy00MGFjNjcxNjA4OGRcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNTZ9LHtcImlkXCI6XCI2MTNmZjJmOS02NDNmLTQzOWQtOTM4YS03ZjFiZmNmOTYyMTBcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNjZ9LHtcImlkXCI6XCIxOGU2MTdkYy1hY2MzLTRhZDEtYTUzZC03ZDk2ZjQ5OTAwNTFcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyODF9XSIsImdyYW50cy1jdXN0b20iOiJbXSIsImdyYW50cy1wdWJsaWMiOiJbXSIsImdyYW50cy1hY3Rpb24iOiJbXSIsImdyYW50cy1zdGFuZGFyZCI6IltdIn0.dLs2Su7NvYO7kyh6iCLt1_ZFWhwIAGIcOi2072Z7iSfS8qTYAwU_leTKfzhZ35kOTlRwWxTRhwOKxvgxWK2HUteso7NxsWPZRBjh0-7cqmJfmihcWkfzayhwdkXYl7ilJD8O-eJxjOpTSRKkR2kHZefq8Ee52ydrgfwOqISFTBUtpuZEHcQg13soYjWnW3VjZEHbjPNN4P0N0nMUj-SzW8d4xC5_lDRCPiElbcXuzhgLIewQIpN-00S534SBsJk3qwhHSUyodPQ8uPlbQ2ATLjFn5U6fTi66PemMmsJjJlNiyD-jPcOpxNoramdOtXVz803RysGQGUfjCZ6SHEUh0g'

Example response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 588

{
  "id" : "9d29a1b1-e2ad-4f05-b773-d56cfa318a31",
  "fromIdentityId" : "2d5a90e7-620b-4801-9ec4-2bdcffc86460",
  "toOrganizationId" : "1e82c5a3-eaec-49c2-9ead-19e4c6e666d8",
  "invitedEmailAddress" : "new.employee-112@acme.com",
  "expiration" : {
    "nano" : 408500000,
    "epochSecond" : 1652720083
  },
  "targetUserIdentityId" : "f0721c5d-e37d-4ec8-ad1d-0470a8718b7f",
  "accepted" : false,
  "revokedAt" : null,
  "responseReceivedAt" : {
    "nano" : 736463000,
    "epochSecond" : 1652115283
  },
  "toTenantId" : "1e82c5a3-eaec-49c2-9ead-19e4c6e666d8",
  "state" : "Declined"
}

Revoke Invitation

PUT /invitations/{id:[a-fA-F0-9]{8}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{12}}/revoke

This service will revoke the specified invitation if it is in a state that permits revoke.

Authorization

Valid Authorization Bearer token required, along with a permission grant authorizing access to any referenced resources.

Path parameters

Parameter Type Optional Description

id

Object

false

Client lacks authorization for the '{action}' action on the '{resourceDesc}' resource over the {pathDesc} resource path.

Query parameters

No parameters.

Request fields

No request body.

Response fields

Path Type Optional Description

id

String

false

fromIdentityId

String

false

toOrganizationId

String

false

invitedEmailAddress

String

false

Must be a well-formed email address.
Size must be between 6 and 254 inclusive.

expiration

Object

false

targetUserIdentityId

String

true

Optional. The identity id that the invited party will be mapped to should they accept the invite.

accepted

Boolean

true

revokedAt

Object

true

The date-time that this invitation was revoked. If null, then this invitation has not been revoked. An open invitation (accepted == null) can be revoked, which will prevent the invitation from being accepted or declined by a user. The accepted state remains null to reflect that it was never accepted or declined. A declined or expired invitation can be revoked after the fact. An accepted invitation can not be revoked retroactively. Finally, revoking an invitation is a terminal operation. Once revoked, no other action can be taken.

responseReceivedAt

Object

true

The date-time that this invitation was marked as accepted or declined. If null, then there has been no response (accept or decline) of this invitation. This is effectively the update timestamp of the accepted property of an invitation.

toTenantId

String

true

Deprecated. The Tenant resource has been renamed to Organization. Use getToOrganizationId().

Returns the id of the {@link Organization} that the recipient is being invited to join.

state

String

true

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/invitations/8bf72ef4-1eb7-4039-b056-b87d2aa54de6/revoke' -i -X PUT \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJBaVFkNjNISUFGLUttZHRUMzJ5NjBRIiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6IjgzYWJjMTEwLTIxOTEtNDJjYS04MjNmLTBiNjcxNjAxYTBjMyIsImF1ZCI6ImlkZW50aXR5IiwiaWF0IjoxNjUyMTE1MjgxLCJleHAiOjE2NTIxMTg4ODEsInBvbGljaWVzIjpbeyJyZXNvdXJjZXMiOlsibmZybjoqIl0sImFjdGlvbnMiOlsiKjoqIl19XSwiZ3JhbnRzLXN1cGVyIjoiW3tcImlkXCI6XCJmNWNlNGQwZC1kNTM0LTRhZjktYjMzOS01M2RmYzk5MWExZDJcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNjB9LHtcImlkXCI6XCIxNWY2YjE4Zi01ZjgyLTRiMjktYjRhNS0yYThiZmFjZTU3YjhcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUxOTl9LHtcImlkXCI6XCI4ZGRhNDU0Ny03ZTA4LTRjOTgtYWEzMi1hYTY0NmY5YTc3YTJcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNjJ9LHtcImlkXCI6XCI2ODA3YTYyMC02N2U5LTQwNzctOTcyYy0wOGFiODRhMzhhYzhcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNzZ9LHtcImlkXCI6XCI4ZjM1YjgxMi05MDMxLTQyYzktYjdjNC1mNjgyMDA2NTVmODFcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNjh9LHtcImlkXCI6XCI1YWVmMWQ2Yy02ZDJiLTQ3ZjMtYjhkNC1jOTRjODQ5NGY4N2VcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNjV9LHtcImlkXCI6XCJiNTg4ZDE1YS01ODQ2LTQ0OTctODY0Zi00ZTczNTcyZDc3MTVcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNzN9LHtcImlkXCI6XCJmMTc2MGFkNi00NDFkLTQ3YmYtYTZhMy00MGFjNjcxNjA4OGRcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNTZ9LHtcImlkXCI6XCI2MTNmZjJmOS02NDNmLTQzOWQtOTM4YS03ZjFiZmNmOTYyMTBcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyNjZ9LHtcImlkXCI6XCIxOGU2MTdkYy1hY2MzLTRhZDEtYTUzZC03ZDk2ZjQ5OTAwNTFcIixcImxhc3RNb2RpZmllZFwiOjE2NTIxMTUyODF9XSIsImdyYW50cy1jdXN0b20iOiJbXSIsImdyYW50cy1wdWJsaWMiOiJbXSIsImdyYW50cy1hY3Rpb24iOiJbXSIsImdyYW50cy1zdGFuZGFyZCI6IltdIn0.dLs2Su7NvYO7kyh6iCLt1_ZFWhwIAGIcOi2072Z7iSfS8qTYAwU_leTKfzhZ35kOTlRwWxTRhwOKxvgxWK2HUteso7NxsWPZRBjh0-7cqmJfmihcWkfzayhwdkXYl7ilJD8O-eJxjOpTSRKkR2kHZefq8Ee52ydrgfwOqISFTBUtpuZEHcQg13soYjWnW3VjZEHbjPNN4P0N0nMUj-SzW8d4xC5_lDRCPiElbcXuzhgLIewQIpN-00S534SBsJk3qwhHSUyodPQ8uPlbQ2ATLjFn5U6fTi66PemMmsJjJlNiyD-jPcOpxNoramdOtXVz803RysGQGUfjCZ6SHEUh0g'

Example response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 642

{
  "id" : "8bf72ef4-1eb7-4039-b056-b87d2aa54de6",
  "fromIdentityId" : "2d5a90e7-620b-4801-9ec4-2bdcffc86460",
  "toOrganizationId" : "1e82c5a3-eaec-49c2-9ead-19e4c6e666d8",
  "invitedEmailAddress" : "new.employee-118@acme.com",
  "expiration" : {
    "nano" : 379189000,
    "epochSecond" : 1652720084
  },
  "targetUserIdentityId" : "99184038-2431-45d9-b115-399bd05a0d15",
  "accepted" : null,
  "revokedAt" : {
    "nano" : 638799000,
    "epochSecond" : 1652115284
  },
  "responseReceivedAt" : {
    "nano" : 638805000,
    "epochSecond" : 1652115284
  },
  "toTenantId" : "1e82c5a3-eaec-49c2-9ead-19e4c6e666d8",
  "state" : "Revoked"
}

Support

Create Support Request

POST /nfconsole/support/requests

Authorization

Authorization not required for this request.

Path parameters

No parameters.

Query parameters

No parameters.

Request fields

Path Type Optional Description

name

String

true

The name of the user. This is a required value if the request is submitted by a client that is not currently authenticated. In this unauthenticated case, this name is used in the support request ticket that is created. If the request comes from an authenticated client, then this property should be ignored (not sent), as the API will overwrite it with the name of the authenticated identity.

Size must be between 1 and 2147483647 inclusive.

email

String

true

The email of the user. This is a required value if the request is submitted by a client that is not currently authenticated. In this unauthenticated case, this email is used in the support request ticket that is created. If the request comes from an authenticated client, then this property should be ignored (not sent), as the API will overwrite it with the email of the authenticated identity.

Must be a well-formed email address.

selectedOrganizationId

String

true

The id of an organization which the current user has selected as his working context at the time that this support request is being generated. This value may be null in most cases as it only applies to users with access to more than one organization. This value is ignored if the support request comes from a user that is not logged in.

selectedNetworkId

String

true

The id of a network which the current user has selected as his working context at the time that this support request is being generated. This value may be null, particularly if the client is submitting the support request from a context that is not network specific. However, if the user is working in a context (ie, a 'page' that lists AppWans) that is network specific, then this value can help support agents when reviewing the support request. This value is ignored if the support request comes from a user that is not logged in.

subject

String

false

The support request subject. This value is required and can not be empty.

comment

String

false

The support request message. This value is required and can not be empty.

type

String

true

The type of the support request. If not specified, the type will default to "question".

Must be one of [problem, incident, question, task].

priority

String

true

The priority of the support request. If not specified, the type will default to "normal".

Must be one of [urgent, high, normal, low].

severity

String

true

The Severity of the support request. Severity 1, 2, 3 If not specificed: default to "Severity3".

Must be one of [Severity1, Severity2, Severity3].

recentErrorMessages

Array[String]

true

An optional list of error messages received from the API by the client. These should be in order from most recent to oldest. These provide contextual information for the agent handling the support request. These are not required, but clients are encouraged to track and supply such error messages to aid in support. Note, an interactive user (ie human) should not provide this information; it should be tracked and added by the client agent on their behalf.

Response fields

No response body.

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/nfconsole/support/requests' -i -X POST \
    -H 'Content-Type: application/json' \
    -d '{"name":"Curious George","email":"george@curious-client.com","selectedOrganizationId":null,"selectedNetworkId":null,"subject":"Sales Contact Request","comment":"This looks great!  I'd like a sales rep to contact me.","type":"question","priority":"high","severity":"Severity3","recentErrorMessages":null}'

Example response

HTTP/1.1 200 OK

Sign-up Flow

Check Email

GET /signup

This service allows a client to validate that the submitted email may be used during the sign-up process. Not all email addresses are supported, and clients are encouraged to use this service to check before getting an error from the sign-up service.

Authorization

Authorization not required for this request.

Path parameters

No parameters.

Query parameters

Parameter Type Optional Description

checkEmail

String

false

The email address to check.

Must be a well-formed email address.
Size must be between 6 and 254 inclusive.

provider

String

true

Request fields

No request body.

Response fields

Path Type Optional Description

checkEmail

String

false

The email address that whose status was checked.

Must be a well-formed email address.
Size must be between 6 and 254 inclusive.

status

String

false

The current status of the checked email address.

Must be one of [VALID, BLACKLISTED].

Example request, valid

$ curl 'https://gateway.netFoundry.io/identity/v1/signup?checkEmail=white.hat@trusted.com' -i -X GET

Example response, valid

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 66

{
  "checkEmail" : "white.hat@trusted.com",
  "status" : "VALID"
}

Example request, blacklisted

$ curl 'https://gateway.netFoundry.io/identity/v1/signup?checkEmail=black.hat@untrusted.com' -i -X GET

Example response, blacklisted

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 74

{
  "checkEmail" : "black.hat@untrusted.com",
  "status" : "BLACKLISTED"
}

Find Identity Provider Types

GET /identity-provider-types

This service provides a list of available IdentityProviderTypes. It does not require authentication, as any client that is preparing to create a new Organization via the sign-up process must be able to list the set of IdentityProviderTypes to the user prior to creation of the Organization.

Authorization

Authorization not required for this request.

Path parameters

No parameters.

Query parameters

No parameters.

Request fields

No request body.

Response fields

Path Type Optional Description

[].id

String

false

Unique id of this IdentityProviderType instance.

[].identityProviderTypeName

String

false

A simple label for display to a human user.

Size must be between 1 and 128 inclusive.

[].auth0ConnectionId

String

false

An opaque value used by Auth0 to identify their Identity Provider.

Size must be between 1 and 128 inclusive.

[].auth0ConnectionType

String

false

One of four types of connections that Auth0 supports.

Must be one of [Database, Social, Enterprise, Passwordless].

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/identity-provider-types' -i -X GET

Example response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 391

[ {
  "id" : "474342c9-9d52-4da8-ba20-3ad04a9666b1",
  "identityProviderTypeName" : "Google Account",
  "auth0ConnectionId" : "google-oauth2",
  "auth0ConnectionType" : "Social"
}, {
  "id" : "91cff470-70d9-4e99-bfd8-3c7920d6a552",
  "identityProviderTypeName" : "Simple Username/Password",
  "auth0ConnectionId" : "Username-Password-Authentication",
  "auth0ConnectionType" : "Database"
} ]

Signup

POST /signup

This service can be used to create a new Organization. The client specifies a basic set of Organization information, such as a descriptive name and a site label, as well as other configuration details. The client must specify how the Organization wishes to authenticate its users by passing one or more specifications for an IdentityProvider. A client may call the Find Identity Provider Types service to preview a list of available authentication mechanisms. Finally, the client must specify user information for the initial 'root' user of the Organization. Upon successful completion of the service request, the API Server will send the user an email with instructions to complete the sign-up process. Note, the API Server does not permit sending invitations to all email addresses. A client may check to see if an email address is supported by calling the Check Email Address service prior to calling this sign-up service.

Authorization

Authorization not required for this request.

Path parameters

No parameters.

Query parameters

No parameters.

Request fields

Path Type Optional Description

organizationName

String

true

A human friendly name for the Organization. This will become the Organization’s name property.

io.netfoundry.common.util.validation.ValidAs.

organizationLabel

String

true

A domain name label, used to compose the Organization’s custom site domain. The value can be 1 to 63 alpha-numeric or hyphen characters, but may not begin or end with a hyphen.

io.netfoundry.common.util.validation.ValidAs.

identityProviders

Array[Object]

false

A non-empty set of identity providers that the Organization should allow users to login through.

io.netfoundry.common.util.validation.ValidAs.

identityProviders[].name

String

true

A human friendly name for the IdentityProvider. This value is specific to the Organization, even if the authentication mechanism is shared across many Organizations (social based authentication being a prime example.).

io.netfoundry.common.util.validation.ValidAs.

identityProviders[].identityProviderTypeId

String

false

The IdentityProviderType.id of the IdentityProviderType to create and use within the Organization. See service to get a list of available IdentityProviderTypes.

signupUrl

String

false

A fully qualified http or https url where the sign-up email will link to, so that the sign-up user may complete the sign-up process.

billingInfo

Object

true

billingInfo.type

String

true
true
true
true
true

If type is SelfService, then the Billing organization will be setup as SelfService.
If type is Enterprise, then the Billing organization will be setup as Enterprise.

Must be one of [SelfService, AWS, Stripe, Enterprise].
Must be one of [SelfService, AWS, Stripe, Enterprise].
Must be one of [SelfService, AWS, Stripe, Enterprise].
Must be one of [SelfService, AWS, Stripe, Enterprise].

billingInfo.customerEmail

String

true
true

billingInfo.cardToken

String

true

billingInfo.productId

String

true
false

The product Id to use for billing AWS market place customer.

billingInfo.customerFirstName

String

true

billingInfo.customerLastName

String

true

billingInfo.countryCode

String

true

billingInfo.zipCode

String

true

billingInfo.customerSiteName

String

true

billingInfo.customerSiteLabel

String

true

billingInfo.customerId

String

false

The customer Id to use for billing aws market place customer. If the type is AWS and customer Id is provided, then the Billing organization will be setup as enterprise.

billingInfo.stripeCardToken

String

false

The token from Stripe for the card to use for billing. If the type is stripe and stripeCardToken is provided, then the Billing organization will be setup as self-service.

adminUsers

Array[Object]

false

An ordered list of initial user accounts to create within this organization. All will be granted administrative access. The first will be the primary billing contact.

adminUsers[].firstName

String

true

The given name to assign to the initial user Identity.

io.netfoundry.common.util.validation.ValidAs.

adminUsers[].lastName

String

true

The family name to assign to the initial user Identity.

io.netfoundry.common.util.validation.ValidAs.

adminUsers[].email

String

true

The email address to assign to the initial user Identity. This is also the email address when the sign-up invitation will be sent.

io.netfoundry.common.util.validation.ValidAs.

adminUsers[].countryCode

String

true

The country name to assign to the hubspot contact.

Must be one of [AF, AX, AL, DZ, AS, AD, AO, AI, AQ, AG, AR, AM, AW, AU, AT, AZ, BS, BH, BD, BB, BY, BE, BZ, BJ, BM, BT, BO, BQ, BA, BW, BV, BR, IO, UM, VG, VI, BN, BG, BF, BI, KH, CM, CA, CV, KY, CF, TD, CL, CN, CX, CC, CO, KM, CG, CD, CK, CR, HR, CU, CW, CY, CZ, DK, DJ, DM, DO, EC, EG, SV, GQ, ER, EE, ET, FK, FO, FJ, FI, FR, GF, PF, TF, GA, GM, GE, DE, GH, GI, GR, GL, GD, GP, GU, GT, GG, GN, GW, GY, HT, HM, VA, HN, HK, HU, IS, IN, ID, CI, IR, IQ, IE, IM, IL, IT, JM, JP, JE, JO, KZ, KE, KI, KW, KG, LA, LV, LB, LS, LR, LY, LI, LT, LU, MO, MK, MG, MW, MY, MV, ML, MT, MH, MQ, MR, MU, YT, MX, FM, MD, MC, MN, ME, MS, MA, MZ, MM, NA, NR, NP, NL, NC, NZ, NI, NE, NG, NU, NF, KP, MP, NO, OM, PK, PW, PS, PA, PG, PY, PE, PH, PN, PL, PT, PR, QA, XK, RE, RO, RU, RW, BL, SH, KN, LC, MF, PM, VC, WS, SM, ST, SA, SN, RS, SC, SL, SG, SX, SK, SI, SB, SO, ZA, GS, KR, SS, ES, LK, SD, SR, SJ, SZ, SE, CH, SY, TW, TJ, TZ, TH, TL, TG, TK, TO, TT, TN, TR, TM, TC, TV, UG, UA, AE, GB, US, UY, UZ, VU, VE, VN, WF, EH, YE, ZM, ZW].

adminUsers[].zip

String

true

The zip code used to retrieve a US based customer’s state.

Size must be between 0 and 32 inclusive.

Response fields

Path Type Optional Description

nfToken

String

true

auth0ConnectionIds

Array[String]

true

invitationKey

String

true

success

Boolean

true

error

String

true

Must be one of [TenantLabelTaken, InvalidIdentityProviderType, EmailBlocked, BillingError, UnknownServerError].

errorDetail

String

true

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/signup' -i -X POST \
    -H 'Content-Type: application/json' \
    -d '{"organizationName":"Global Gadgets Inc.-130","organizationLabel":"Global-Gadgets-131","identityProviders":[{"name":"GG Auth1-128","identityProviderTypeId":"474342c9-9d52-4da8-ba20-3ad04a9666b1"},{"name":"GG Auth2-129","identityProviderTypeId":"91cff470-70d9-4e99-bfd8-3c7920d6a552"}],"signupUrl":"https://nfadmin.console.netfoundry.io/signup","billingInfo":{"type":"SelfService","customerEmail":"user@email.com","cardToken":"token1","productId":"plan01","type":"SelfService","customerFirstName":null,"customerLastName":null,"countryCode":null,"zipCode":null,"customerSiteName":null,"customerSiteLabel":null},"adminUsers":[{"firstName":"Sally","lastName":"Cook","email":"sally.cook@globalGadgets.com","countryCode":"US","zip":"14530"}]}'

Example response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 1094

{
  "nfToken" : "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJhdXRoMENvbm5lY3Rpb25JZHMiOlsiVXNlcm5hbWUtUGFzc3dvcmQtQXV0aGVudGljYXRpb24iLCJnb29nbGUtb2F1dGgyIl0sImF1ZCI6Imh0dHBzOi8vbmV0Zm91bmRyeS1zYW5kYm94LmF1dGgwLmNvbS8iLCJyZWRpcmVjdFVybCI6Imh0dHBzOi8vbmZhZG1pbi5jb25zb2xlLm5ldGZvdW5kcnkuaW8vc2lnbnVwIiwiaXNzIjoiaHR0cDovL2xvY2FsaG9zdDo4MDgwL2lkZW50aXR5L3YxIiwidGVuYW50TGFiZWwiOiJHbG9iYWwtR2FkZ2V0cy0xMzEiLCJpbnZpdGF0aW9uSWQiOiI2NWY1NzIyNC01NzIwLTQ5NzEtOGViZC1mMDNiYWE1MDkzNmQiLCJleHAiOjE2NTIxMTYxODYsImlhdCI6MTY1MjExNTI4NiwiZmxvdyI6Imludml0YXRpb24ifQ.SUQNheGNfKLAuAJsfoXK5X8Q8TpMCdKeHTqUDb5fF-B3Bgj_A_sBrp63ixUV-2AZNoDazsE2_TmHzG-7kRdgwCnPpR2z5qDKPjOXiKikYgV8a3Pe_ebAoM_0E0rKrH--cZdOFWNLcC-dUnpt1Q0kG4c7YhZkhYHcAfUW8YEReyxmE8JtnWq8weBRM4Ng4-Q2EZqBHm7LNTMZhsH33jFyjeXu3cHg-IOd5LqJkAtdmhmgiBGvBOOwy2VOrMokl2OpDR5_ZwJwQWSzXIdZV2oBrAICEFbVLl7Oe92qHOAPUyrufiwMtsB0fMGUQUiZ_Aj73RnkdRyYos0kzB5R68_jBQ",
  "auth0ConnectionIds" : [ "Username-Password-Authentication", "google-oauth2" ],
  "invitationKey" : "CQyTGZM7UBDyKeoUyqc0J5h024mebzRkM8Bw",
  "success" : true,
  "error" : null,
  "errorDetail" : null
}

Invitation Flow

Get Invitation By Key

GET /invitations/key/{key:[\p{Alnum}]{36}}

Authorization

Authorization not required for this request.

Path parameters

Parameter Type Optional Description

key

String

false

Query parameters

No parameters.

Request fields

No request body.

Response fields

Path Type Optional Description

fromIdentity

Object

false

fromIdentity.name

String

true

fromIdentity.email

String

false

Size must be between 6 and 254 inclusive.

targetIdentity

Object

true

targetIdentity.name

String

true

targetIdentity.email

String

false

Size must be between 6 and 254 inclusive.

invitedEmailAddress

String

false

Must be a well-formed email address.

toOrganizationName

String

false

toOrganizationLabel

String

false

expiration

Object

false

accepted

Boolean

true

state

String

false

Must be one of [Open, Accepted, Declined, Expired, Revoked].

toTenantName

String

true

Deprecated..

toTenantLabel

String

true

Deprecated..

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/invitations/key/QgohliTkCllF80hwcDQ2fTvzQDlbasuCZyyW' -i -X GET

Example response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 519

{
  "fromIdentity" : {
    "name" : "John Doe",
    "email" : "john.doe@acme.com"
  },
  "targetIdentity" : {
    "name" : "First Last",
    "email" : "random-125@acme.com"
  },
  "invitedEmailAddress" : "new.employee-127@acme.com",
  "toOrganizationName" : "ACME International, Inc.",
  "toOrganizationLabel" : "ACME-0",
  "expiration" : {
    "nano" : 225489000,
    "epochSecond" : 1652720085
  },
  "accepted" : null,
  "state" : "Open",
  "toTenantName" : "ACME International, Inc.",
  "toTenantLabel" : "ACME-0"
}

Decline Invitation

PUT /invitations/key/{key:[\p{Alnum}]{36}}/decline

Authorization

Authorization not required for this request.

Path parameters

Parameter Type Optional Description

key

String

false

Query parameters

No parameters.

Request fields

No request body.

Response fields

Path Type Optional Description

fromIdentity

Object

false

fromIdentity.name

String

true

fromIdentity.email

String

false

Size must be between 6 and 254 inclusive.

targetIdentity

Object

true

targetIdentity.name

String

true

targetIdentity.email

String

false

Size must be between 6 and 254 inclusive.

invitedEmailAddress

String

false

Must be a well-formed email address.

toOrganizationName

String

false

toOrganizationLabel

String

false

expiration

Object

false

accepted

Boolean

true

state

String

false

Must be one of [Open, Accepted, Declined, Expired, Revoked].

toTenantName

String

true

Deprecated..

toTenantLabel

String

true

Deprecated..

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/invitations/key/yc7KlGfdUNVm9OmAXKH4AxFrJAVv97aqkPxW/decline' -i -X PUT

Example response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 524

{
  "fromIdentity" : {
    "name" : "John Doe",
    "email" : "john.doe@acme.com"
  },
  "targetIdentity" : {
    "name" : "First Last",
    "email" : "random-122@acme.com"
  },
  "invitedEmailAddress" : "new.employee-124@acme.com",
  "toOrganizationName" : "ACME International, Inc.",
  "toOrganizationLabel" : "ACME-0",
  "expiration" : {
    "nano" : 107983000,
    "epochSecond" : 1652720085
  },
  "accepted" : false,
  "state" : "Declined",
  "toTenantName" : "ACME International, Inc.",
  "toTenantLabel" : "ACME-0"
}

Initiate Accept Invitation

POST /invitations/key/{key:[\p{Alnum}]{36}}/accept-initiate

Authorization

Authorization not required for this request.

Path parameters

Parameter Type Optional Description

key

String

false

Query parameters

No parameters.

Request fields

Path Type Optional Description

intermediateReturnUrl

String

false

Response fields

Path Type Optional Description

nfToken

String

false

auth0ConnectionIds

Array[String]

false

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/invitations/key/XUB27pdqzWCx26ZFE1GyO39J8uzr7cuCmQWZ/accept-initiate' -i -X POST \
    -H 'Content-Type: application/json' \
    -d '{"intermediateReturnUrl":"http://console.nfadmin.netfoundry.io/invitation"}'

Example response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 1055

{
  "nfToken" : "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJhdXRoMENvbm5lY3Rpb25JZHMiOlsiYXV0aDAtb3BhcXVlLWNvbm5lY3Rpb25JZC0xIiwiYXV0aDAtb3BhcXVlLWNvbm5lY3Rpb25JZC0yIl0sIm9yZ2FuaXphdGlvbklkIjoiZDQyODIzODctODIxMC00ZmRjLWE0NTktYjQ1MTg1ZjIyZTNkIiwiYXVkIjoiaHR0cHM6Ly9uZXRmb3VuZHJ5LXNhbmRib3guYXV0aDAuY29tLyIsInJlZGlyZWN0VXJsIjoiaHR0cDovL2NvbnNvbGUubmZhZG1pbi5uZXRmb3VuZHJ5LmlvL2ludml0YXRpb24iLCJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjgwODAvaWRlbnRpdHkvdjEiLCJ0ZW5hbnRMYWJlbCI6IkFDTUUtMCIsImludml0YXRpb25JZCI6IjE0OTIyZjRmLWZlM2MtNDYyNy1iNjUwLTc4NTk3NjliY2Y4ZiIsImV4cCI6MTY1MjExNjE4NCwiaWF0IjoxNjUyMTE1Mjg0LCJmbG93IjoiaW52aXRhdGlvbiJ9.MTTbmyVZFXWPHKcdgmgVEZsRmUpu0zqmFLbLKF-AuHQ2Cldj7LfOKYIVzidzYYCG40X2sOxka_E623T-HDdd7nX8kdyc5Molt-ozzVk3V1gWHWHMue-CjMb5__YHFytDHM6ZdF95hB4Qt3JZNX900W0D1XYuslJCYG8qTyg_YBR6d3eo8jIek4_E3TgKSpuAGT1cxRhrdq_FsOI_UdPHXS5ab2Dkdev7dVF7HCcxliLq-KcwucCaLSdWtz1wZp-8zc5Uz0MYBwZ6pWQZTV02oEl09dJFN6czdJepqMhpsWnSPzndC__AaB6aU3-MhTkvuzd6OlKrkMmn2WV_nkQgYQ",
  "auth0ConnectionIds" : [ "auth0-opaque-connectionId-1", "auth0-opaque-connectionId-2" ]
}

Login Flow

Initiate Interactive Authorization

POST /organizations/authorize-initiate

Authorization

Authorization not required for this request.

Path parameters

No parameters.

Query parameters

No parameters.

Request fields

Path Type Optional Description

label

String

false

Must match the regular expression \p{Alnum}|\p{Alnum}[-\p{Alnum}]{0,61}\p{Alnum}.

intermediateReturnUrl

String

false

Response fields

Path Type Optional Description

nfToken

String

false

auth0ConnectionIds

Array[String]

false

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/organizations/authorize-initiate' -i -X POST \
    -H 'Content-Type: application/json' \
    -d '{"label":"ACME-0","intermediateReturnUrl":"http://console.nfadmin.netfoundry.io/invitation"}'

Example response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 977

{
  "nfToken" : "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJhdXRoMENvbm5lY3Rpb25JZHMiOlsiYXV0aDAtb3BhcXVlLWNvbm5lY3Rpb25JZC0xIiwiYXV0aDAtb3BhcXVlLWNvbm5lY3Rpb25JZC0yIl0sIm9yZ2FuaXphdGlvbklkIjoiZDQyODIzODctODIxMC00ZmRjLWE0NTktYjQ1MTg1ZjIyZTNkIiwiYXVkIjoiaHR0cHM6Ly9uZXRmb3VuZHJ5LXNhbmRib3guYXV0aDAuY29tLyIsInJlZGlyZWN0VXJsIjoiaHR0cDovL2NvbnNvbGUubmZhZG1pbi5uZXRmb3VuZHJ5LmlvL2ludml0YXRpb24iLCJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjgwODAvaWRlbnRpdHkvdjEiLCJ0ZW5hbnRMYWJlbCI6IkFDTUUtMCIsImV4cCI6MTY1MjExNjE4NSwiaWF0IjoxNjUyMTE1Mjg1LCJmbG93IjoibG9naW4ifQ.FnzyVBKvGe5d7KPSRu9VLTSUrElKRRE9FMW5LqZqyJnE5AjH-WxqZ82eKTo1Mq2kedkiz7smjOio5MWC9BeX4hSJ-oPb8vjiuUfNCKgSqkgiearUTby-SsrkAI60Bq8T3zwFRY0BOFNBS-1LXev-gylnIDw_V5EuqnJx3Yy78SkEmwPQJNgKlHNFE8FNv4zAHcqXJ_rE-vp93GiNC5ZrgvccDR_UAHnPB97-nTpFFvGaGzULdH0qek--t4L0yZHJK-gaR77myUiKr44YaDmRsiM__KEzsyK-AMfQvfRHvG7Y3rjA_xV7H27fHWYvvk9muGOLwScp5-vhD775EdF4BA",
  "auth0ConnectionIds" : [ "auth0-opaque-connectionId-1", "auth0-opaque-connectionId-2" ]
}