Introduction

This is the NetFoundry identity service

Overview

HTTP verbs

NetFoundry adheres closely to standard HTTP and REST conventions in its use of HTTP verbs.

Verb Usage

GET

Used to retrieve a resource

POST

Used to create a new resource

PUT

Used to update an existing resource, full updates only

DELETE

Used to delete an existing resource

The PATCH method is not used (yet).

HTTP status codes

NetFoundry adheres closely to standard HTTP and REST conventions in its use of HTTP status codes.

Status code Usage

200 OK

The actual response will depend on the request method used. In a GET request, the response will contain an entity corresponding to the requested resource. In a POST request, the response will contain an entity describing or containing the result of the action.

201 Created

The request has been fulfilled and resulted in a new resource being created.

202 Accepted

The request has been accepted and is being processed asynchronously Standard response for successful HTTP requests which invoke back-end services.

204 No Content

The server successfully processed the request, but is not returning any content.

400 Bad Request

The server cannot or will not process the request due to something that is perceived to be a client error (e.g., malformed request syntax, invalid request message framing, or deceptive request routing).

401 Unauthorized

The request lacks valid authentication credentials for the target resource.

403 Forbidden

The request is authenticated with valid credentials however that set of credentials is not authorized to access this resource.

404 Not Found

The requested resource could not be found but may be available again in the future. Subsequent requests by the client are permissible.

Resources

Tenant

Find Tenants

GET /tenants

Authorization

Valid Authorization Bearer token required, along with a permission grant authorizing access to any referenced resources.

Path parameters

No parameters.

Query parameters

Supports standard paging query parameters.

Parameter Type Optional Description

name

String

true

active

Boolean

true

mfaProviders

Object

true

includeDeleted

Boolean

true

Default value: 'false'.

Request fields

No request body.

Response fields

Standard paging response where content field is list of following objects:

Path Type Optional Description

id

String

false

name

String

false

Used for display purposes. Not unique or private.

Size must be between 1 and 128 inclusive.

label

String

false

A short value, containing only letters, numbers and dashes, which could be used as a label in a vanity domain. This label uniquely identifies the Tenant, and is the key by which tenant users indicate the tenant within which they intend to authenticate. Note: A deleted tenant looses its label. Such tenants will have a label value that combines the tenant id with the prior label value. This maintains the constraint that all tenant labels are unique, and frees the prior tenant label value for reclamation. Obviously a deleted tenant’s label will no longer meet the validation constraints of a live tenant label.

Must match the regular expression \p{Alnum}|\p{Alnum}[-\p{Alnum}]{0,61}\p{Alnum}.

identityProviders

Array[Object]

false

identityProviders[].id

String

false

identityProviders[].tenantId

String

false

The id of the {@link Tenant} that this provider will authenticate users into.

identityProviders[].auth0ConnectionId

String

false

The auth0 generated id of the auth0 connection that this IdP represents.

Size must be between 1 and 128 inclusive.

identityProviders[].name

String

false

Used for display purposes. Not unique or private.

Size must be between 1 and 128 inclusive.

identityProviders[].auth0ConnectionType

String

false

Must be one of [Database, Social, Enterprise, Passwordless].

active

Boolean

true

mfaProvider

String

true

Specifies an Auth0 compliant MFA provider. When set, it will trigger MFA on authentication via Auth0. If null, then the tenant does not require MFA.

Must be one of [None, GoogleAuthenticator].

createdAt

Var

false

updatedAt

Var

false

deletedAt

Var

true

deleted

Boolean

true

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/tenants' -i -X GET \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJaTjZzLXZSWTNWVVN0SlJDQ0VHa0RRIiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6ImZkODljNTY4LTRkZDktNGYzNi05YjM5LWY2NGQwYTc2YjI4MiIsImF1ZCI6ImlkZW50aXR5IiwiaWF0IjoxNTc2MDA1NDA5LCJleHAiOjE1NzYwMDkwMDksInBvbGljaWVzIjpbeyJyZXNvdXJjZXMiOlsibmZybjoqIl0sImFjdGlvbnMiOlsiKjoqIl19XX0.lSndNZpwUAP-7NqWg295TRygGjqTVyXxPkS9zIUKBAPjAmSD7olKEFHupy3if82ee9fga6Yk1TolC-0oKZFHdvp7MXsnVf1vnoIB8RTtfLoQXMIXLjoaRlfsDflgGpLN2lKBbeW6rDknCc1elhsZfR3TTy-bCwrooUNSZr6AZMIt1wuU2il1tS6p1FllxvGbXpRRDFXTepcUtN-tlLYE1q7A9fyGq-IC611MabEncAYg_zCR-hZLrzqPzVWPo7BZ674cbAU7J3lDej9MFRORh44Q6ihkzE6ACjVfrd0C5ZdNAWj9VSr3gjIsxbPPRYQfF1Nghk5BBKbvmaGLUOQn4w'

Example response

HTTP/1.1 200 OK
Content-Length: 1818
Content-Type: application/json;charset=UTF-8

[ {
  "id" : "c011b83c-a593-4d52-bb4e-3c130e346e38",
  "name" : "MOP Services Identity Group",
  "label" : "MOP-Services",
  "identityProviders" : [ ],
  "active" : true,
  "mfaProvider" : "None",
  "createdAt" : {
    "nano" : 647000000,
    "epochSecond" : 1576005395
  },
  "updatedAt" : null,
  "deletedAt" : null,
  "deleted" : false
}, {
  "id" : "0de4af2c-8b83-4e22-a06c-1111fffc02f3",
  "name" : "ACME International, Inc.",
  "label" : "ACME-0",
  "identityProviders" : [ {
    "id" : "07ba1b5d-f552-441e-98c4-fead9227b8c0",
    "tenantId" : "0de4af2c-8b83-4e22-a06c-1111fffc02f3",
    "auth0ConnectionId" : "auth0-opaque-connectionId-1",
    "name" : "ACME Federated Active Directory",
    "auth0ConnectionType" : "Enterprise"
  }, {
    "id" : "a94297bd-67b6-4b5b-af2a-d42657217131",
    "tenantId" : "0de4af2c-8b83-4e22-a06c-1111fffc02f3",
    "auth0ConnectionId" : "auth0-opaque-connectionId-2",
    "name" : "Google-Account",
    "auth0ConnectionType" : "Social"
  } ],
  "active" : true,
  "mfaProvider" : null,
  "createdAt" : {
    "nano" : 161000000,
    "epochSecond" : 1576005398
  },
  "updatedAt" : null,
  "deletedAt" : null,
  "deleted" : false
}, {
  "id" : "e622d98d-f771-41b3-9566-d47d0e9542e9",
  "name" : "Newer Faster Name",
  "label" : "WW-Imports-17",
  "identityProviders" : [ {
    "id" : "7f02e2cb-75c6-4ab2-a71c-34f5ed2463c8",
    "tenantId" : "e622d98d-f771-41b3-9566-d47d0e9542e9",
    "auth0ConnectionId" : "auth0-opaque-connectionId-18",
    "name" : "Username/Password",
    "auth0ConnectionType" : "Database"
  } ],
  "active" : true,
  "mfaProvider" : "GoogleAuthenticator",
  "createdAt" : {
    "nano" : 501000000,
    "epochSecond" : 1576005408
  },
  "updatedAt" : {
    "nano" : 968000000,
    "epochSecond" : 1576005408
  },
  "deletedAt" : null,
  "deleted" : false
} ]

Get Tenant By Id

GET /tenants/{id:[a-fA-F0-9]{8}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{12}}

Authorization

Valid Authorization Bearer token required, along with a permission grant authorizing access to any referenced resources.

Path parameters

Parameter Type Optional Description

id

Object

false

Query parameters

No parameters.

Request fields

No request body.

Response fields

Path Type Optional Description

id

String

false

name

String

false

Used for display purposes. Not unique or private.

Size must be between 1 and 128 inclusive.

label

String

false

A short value, containing only letters, numbers and dashes, which could be used as a label in a vanity domain. This label uniquely identifies the Tenant, and is the key by which tenant users indicate the tenant within which they intend to authenticate. Note: A deleted tenant looses its label. Such tenants will have a label value that combines the tenant id with the prior label value. This maintains the constraint that all tenant labels are unique, and frees the prior tenant label value for reclamation. Obviously a deleted tenant’s label will no longer meet the validation constraints of a live tenant label.

Must match the regular expression \p{Alnum}|\p{Alnum}[-\p{Alnum}]{0,61}\p{Alnum}.

identityProviders

Array[Object]

false

identityProviders[].id

String

false

identityProviders[].tenantId

String

false

The id of the {@link Tenant} that this provider will authenticate users into.

identityProviders[].auth0ConnectionId

String

false

The auth0 generated id of the auth0 connection that this IdP represents.

Size must be between 1 and 128 inclusive.

identityProviders[].name

String

false

Used for display purposes. Not unique or private.

Size must be between 1 and 128 inclusive.

identityProviders[].auth0ConnectionType

String

false

Must be one of [Database, Social, Enterprise, Passwordless].

active

Boolean

true

mfaProvider

String

true

Specifies an Auth0 compliant MFA provider. When set, it will trigger MFA on authentication via Auth0. If null, then the tenant does not require MFA.

Must be one of [None, GoogleAuthenticator].

createdAt

Var

false

updatedAt

Var

false

deletedAt

Var

true

deleted

Boolean

true

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/tenants/0de4af2c-8b83-4e22-a06c-1111fffc02f3' -i -X GET \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiIxZ2paZnhBTUpYN3FRT3ZSd2JKZDZRIiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6ImZkODljNTY4LTRkZDktNGYzNi05YjM5LWY2NGQwYTc2YjI4MiIsImF1ZCI6ImlkZW50aXR5IiwiaWF0IjoxNTc2MDA1NDA3LCJleHAiOjE1NzYwMDkwMDcsInBvbGljaWVzIjpbeyJyZXNvdXJjZXMiOlsibmZybjoqIl0sImFjdGlvbnMiOlsiKjoqIl19XX0.GDD2gXcLyXdGzFj1m4i2Yt8kAm-4veuToijt9ixSu1B2zOtUNSFfeDPoiSoO-pphXuO-F9OuX5kgmaW-9LOjFxUoOv7-LbNIBkB3hskdYjYtOz4GyWsreRu1Pp3SlhBScPp1fzyi0_BcKuFgOXFa4dJXuzWXJLReYMePapiSC44pVLaFzHHsh7_L2dun7oB1VyxzlIgyz5pjShFSBxEI8eJHkSF39jmR78EnXntw1atsdfYh2mU1qbCsM2EDQI9E4ZWfWkfxz76jUsn5DQ83ahK7gw4W2LhXJd5g1KbjzWn4OAz_EemmpAAvSsA76H9IEdUs0-nLnABIraiE0YPvkg'

Example response

HTTP/1.1 200 OK
Content-Length: 827
Content-Type: application/json;charset=UTF-8

{
  "id" : "0de4af2c-8b83-4e22-a06c-1111fffc02f3",
  "name" : "ACME International, Inc.",
  "label" : "ACME-0",
  "identityProviders" : [ {
    "id" : "07ba1b5d-f552-441e-98c4-fead9227b8c0",
    "tenantId" : "0de4af2c-8b83-4e22-a06c-1111fffc02f3",
    "auth0ConnectionId" : "auth0-opaque-connectionId-1",
    "name" : "ACME Federated Active Directory",
    "auth0ConnectionType" : "Enterprise"
  }, {
    "id" : "a94297bd-67b6-4b5b-af2a-d42657217131",
    "tenantId" : "0de4af2c-8b83-4e22-a06c-1111fffc02f3",
    "auth0ConnectionId" : "auth0-opaque-connectionId-2",
    "name" : "Google-Account",
    "auth0ConnectionType" : "Social"
  } ],
  "active" : true,
  "mfaProvider" : null,
  "createdAt" : {
    "nano" : 161000000,
    "epochSecond" : 1576005398
  },
  "updatedAt" : null,
  "deletedAt" : null,
  "deleted" : false
}

Get Tenant By Label

GET /tenants/label/{label:[-a-zA-Z0-9]{1,63}}

Authorization

Valid Authorization Bearer token required, along with a permission grant authorizing access to any referenced resources.

Path parameters

Parameter Type Optional Description

label

String

false

Query parameters

No parameters.

Request fields

No request body.

Response fields

Path Type Optional Description

id

String

false

name

String

false

Used for display purposes. Not unique or private.

Size must be between 1 and 128 inclusive.

label

String

false

A short value, containing only letters, numbers and dashes, which could be used as a label in a vanity domain. This label uniquely identifies the Tenant, and is the key by which tenant users indicate the tenant within which they intend to authenticate. Note: A deleted tenant looses its label. Such tenants will have a label value that combines the tenant id with the prior label value. This maintains the constraint that all tenant labels are unique, and frees the prior tenant label value for reclamation. Obviously a deleted tenant’s label will no longer meet the validation constraints of a live tenant label.

Must match the regular expression \p{Alnum}|\p{Alnum}[-\p{Alnum}]{0,61}\p{Alnum}.

identityProviders

Array[Object]

false

identityProviders[].id

String

false

identityProviders[].tenantId

String

false

The id of the {@link Tenant} that this provider will authenticate users into.

identityProviders[].auth0ConnectionId

String

false

The auth0 generated id of the auth0 connection that this IdP represents.

Size must be between 1 and 128 inclusive.

identityProviders[].name

String

false

Used for display purposes. Not unique or private.

Size must be between 1 and 128 inclusive.

identityProviders[].auth0ConnectionType

String

false

Must be one of [Database, Social, Enterprise, Passwordless].

active

Boolean

true

mfaProvider

String

true

Specifies an Auth0 compliant MFA provider. When set, it will trigger MFA on authentication via Auth0. If null, then the tenant does not require MFA.

Must be one of [None, GoogleAuthenticator].

createdAt

Var

false

updatedAt

Var

false

deletedAt

Var

true

deleted

Boolean

true

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/tenants/label/ACME-0' -i -X GET \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiIwNG8tTXk0eXR1MTA2cWpFSWVseUhnIiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6ImZkODljNTY4LTRkZDktNGYzNi05YjM5LWY2NGQwYTc2YjI4MiIsImF1ZCI6ImlkZW50aXR5IiwiaWF0IjoxNTc2MDA1NDA4LCJleHAiOjE1NzYwMDkwMDgsInBvbGljaWVzIjpbeyJyZXNvdXJjZXMiOlsibmZybjoqIl0sImFjdGlvbnMiOlsiKjoqIl19XX0.LOqhf_RBTsxFrjX-hljwEyjc2xL6dkjtzI0zl-gRvgO6fJeanY9jC5dgBw32lYsWvH5SrSsc6_S4ADvSRXWS2yuQow7DvqUeG2wBiyEZ4ICXAsYJggt1-ALguNvGIKcEUGSp4_dhhODhuYicw4HfZfhkJ3h8ckf4cUKv0oUXpQKOOmLhRwhkXBjYdvD1yj9Vj80-Vgy7JK9jbHIeHr26YQqiwiudm6UrfmFGgrW3ulAjuzd4pJtUCMVLFIW5iQ_dX5lG6gTZCIxRGS2_FmwnLCaki40jhClU8hezlz9Z-OJiyZPWC1ZzYbDAsG2tF0dOmiVnbrryQvITAzPfMrUr1g'

Example response

HTTP/1.1 200 OK
Content-Length: 827
Content-Type: application/json;charset=UTF-8

{
  "id" : "0de4af2c-8b83-4e22-a06c-1111fffc02f3",
  "name" : "ACME International, Inc.",
  "label" : "ACME-0",
  "identityProviders" : [ {
    "id" : "07ba1b5d-f552-441e-98c4-fead9227b8c0",
    "tenantId" : "0de4af2c-8b83-4e22-a06c-1111fffc02f3",
    "auth0ConnectionId" : "auth0-opaque-connectionId-1",
    "name" : "ACME Federated Active Directory",
    "auth0ConnectionType" : "Enterprise"
  }, {
    "id" : "a94297bd-67b6-4b5b-af2a-d42657217131",
    "tenantId" : "0de4af2c-8b83-4e22-a06c-1111fffc02f3",
    "auth0ConnectionId" : "auth0-opaque-connectionId-2",
    "name" : "Google-Account",
    "auth0ConnectionType" : "Social"
  } ],
  "active" : true,
  "mfaProvider" : null,
  "createdAt" : {
    "nano" : 161000000,
    "epochSecond" : 1576005398
  },
  "updatedAt" : null,
  "deletedAt" : null,
  "deleted" : false
}

Create Tenant

POST /tenants

Authorization

Valid Authorization Bearer token required, along with a permission grant authorizing access to any referenced resources.

Path parameters

No parameters.

Query parameters

No parameters.

Request fields

Path Type Optional Description

name

String

false

Size must be between 2 and 128 inclusive.

label

String

false

Must match the regular expression \p{Alnum}|\p{Alnum}[-\p{Alnum}]{0,61}\p{Alnum}.

auth0ConnectionId

String

false

Size must be between 1 and 128 inclusive.

identityProviderName

String

false

Size must be between 1 and 128 inclusive.

auth0ConnectionType

String

false

Must be one of [Database, Social, Enterprise, Passwordless].

Response fields

Path Type Optional Description

id

String

false

name

String

false

Used for display purposes. Not unique or private.

Size must be between 1 and 128 inclusive.

label

String

false

A short value, containing only letters, numbers and dashes, which could be used as a label in a vanity domain. This label uniquely identifies the Tenant, and is the key by which tenant users indicate the tenant within which they intend to authenticate. Note: A deleted tenant looses its label. Such tenants will have a label value that combines the tenant id with the prior label value. This maintains the constraint that all tenant labels are unique, and frees the prior tenant label value for reclamation. Obviously a deleted tenant’s label will no longer meet the validation constraints of a live tenant label.

Must match the regular expression \p{Alnum}|\p{Alnum}[-\p{Alnum}]{0,61}\p{Alnum}.

identityProviders

Array[Object]

false

identityProviders[].id

String

false

identityProviders[].tenantId

String

false

The id of the {@link Tenant} that this provider will authenticate users into.

identityProviders[].auth0ConnectionId

String

false

The auth0 generated id of the auth0 connection that this IdP represents.

Size must be between 1 and 128 inclusive.

identityProviders[].name

String

false

Used for display purposes. Not unique or private.

Size must be between 1 and 128 inclusive.

identityProviders[].auth0ConnectionType

String

false

Must be one of [Database, Social, Enterprise, Passwordless].

active

Boolean

true

mfaProvider

String

true

Specifies an Auth0 compliant MFA provider. When set, it will trigger MFA on authentication via Auth0. If null, then the tenant does not require MFA.

Must be one of [None, GoogleAuthenticator].

createdAt

Var

false

updatedAt

Var

false

deletedAt

Var

true

deleted

Boolean

true

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/tenants' -i -X POST \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJVSHduSlgzM2E1OFNPeDNhTzl0Q2F3IiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6ImZkODljNTY4LTRkZDktNGYzNi05YjM5LWY2NGQwYTc2YjI4MiIsImF1ZCI6ImlkZW50aXR5IiwiaWF0IjoxNTc2MDA1NDEwLCJleHAiOjE1NzYwMDkwMTAsInBvbGljaWVzIjpbeyJyZXNvdXJjZXMiOlsibmZybjoqIl0sImFjdGlvbnMiOlsiKjoqIl19XX0.YYCxa6JrvaSsz1Sw-DEoT1OwfGjuz-6oRSon9PlWVA-eNBiIsAlycGwCdHyYArI1WJ4037vFKuYxrbQiFfPbYV2cQx1voUTUttp1u_HjRLE4QA-bmlfxnux3DYZ6PCDUAALHPv_imRM5kEITwgm3g0GciShEtWH9RIPv-geytONdLdyL22a7HR9uNZ4tc1LOrLyFzI3FTKU8WOZQ2nGcK0TPU7suvnkgMXgfhRS14-QOt22ssXYtGqcbO9C6kc9jKAdqcLqGRjbMKo-StIMILkkI8K7oQUQ8ltRoJDb-rlgAJAWiuPJ6JWYa85ZElZaZM0k-SDDzj-wGHwOVRVMB3A' \
    -H 'Content-Type: application/json' \
    -d '{"name":"Best Corp.","label":"BEST-CORP","auth0ConnectionId":"auth0-opaque-connection","identityProviderName":"Corp SAML","auth0ConnectionType":"Enterprise"}'

Example response

HTTP/1.1 201 Created
Content-Length: 549
Content-Type: application/json;charset=UTF-8

{
  "id" : "0eae3828-a52f-4003-a006-4539de521d8a",
  "name" : "Best Corp.",
  "label" : "BEST-CORP",
  "identityProviders" : [ {
    "id" : "647fae73-0873-40db-ae52-abee7c6f3f67",
    "tenantId" : "0eae3828-a52f-4003-a006-4539de521d8a",
    "auth0ConnectionId" : "auth0-opaque-connection",
    "name" : "Corp SAML",
    "auth0ConnectionType" : "Enterprise"
  } ],
  "active" : true,
  "mfaProvider" : null,
  "createdAt" : {
    "nano" : 49000000,
    "epochSecond" : 1576005410
  },
  "updatedAt" : null,
  "deletedAt" : null,
  "deleted" : false
}

Activate Or Deactivate Tenant

PUT /tenants/{id}/{action:activate|deactivate}

Authorization

Valid Authorization Bearer token required, along with a permission grant authorizing access to any referenced resources.

Path parameters

Parameter Type Optional Description

id

Object

false

action

String

false

Query parameters

No parameters.

Request fields

No request body.

Response fields

Path Type Optional Description

id

String

false

name

String

false

Used for display purposes. Not unique or private.

Size must be between 1 and 128 inclusive.

label

String

false

A short value, containing only letters, numbers and dashes, which could be used as a label in a vanity domain. This label uniquely identifies the Tenant, and is the key by which tenant users indicate the tenant within which they intend to authenticate. Note: A deleted tenant looses its label. Such tenants will have a label value that combines the tenant id with the prior label value. This maintains the constraint that all tenant labels are unique, and frees the prior tenant label value for reclamation. Obviously a deleted tenant’s label will no longer meet the validation constraints of a live tenant label.

Must match the regular expression \p{Alnum}|\p{Alnum}[-\p{Alnum}]{0,61}\p{Alnum}.

identityProviders

Array[Object]

false

identityProviders[].id

String

false

identityProviders[].tenantId

String

false

The id of the {@link Tenant} that this provider will authenticate users into.

identityProviders[].auth0ConnectionId

String

false

The auth0 generated id of the auth0 connection that this IdP represents.

Size must be between 1 and 128 inclusive.

identityProviders[].name

String

false

Used for display purposes. Not unique or private.

Size must be between 1 and 128 inclusive.

identityProviders[].auth0ConnectionType

String

false

Must be one of [Database, Social, Enterprise, Passwordless].

active

Boolean

true

mfaProvider

String

true

Specifies an Auth0 compliant MFA provider. When set, it will trigger MFA on authentication via Auth0. If null, then the tenant does not require MFA.

Must be one of [None, GoogleAuthenticator].

createdAt

Var

false

updatedAt

Var

false

deletedAt

Var

true

deleted

Boolean

true

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/tenants/91859226-3bdf-42fc-a0d7-bc01acc46b42/deactivate' -i -X PUT \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJNRzZKQnhrby0yTXZaT3RaTkg5UndBIiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6ImZkODljNTY4LTRkZDktNGYzNi05YjM5LWY2NGQwYTc2YjI4MiIsImF1ZCI6ImlkZW50aXR5IiwiaWF0IjoxNTc2MDA1NDA5LCJleHAiOjE1NzYwMDkwMDksInBvbGljaWVzIjpbeyJyZXNvdXJjZXMiOlsibmZybjoqIl0sImFjdGlvbnMiOlsiKjoqIl19XX0.HN9zrlNnnqanBCNFrZN0QWxyzNGphPv5vm5F2Yw2qhC4P90im9Q7vpnOtAGDRztU15LBA4i91rS-dtSpy5pYsGfYYHoAbW27MoIl4SFXgV8aXKKeryc1ufKaYpVwX1mUa3vTvUUPZsGrUnSeY1LcL_OrXtpXmZ7Ib5eimSvsYUOE-WXnvnhqnACRa5CB7pmQ3KGy0rWrR5Gru2DYeHMPHKPqAxMkQJObZ8WSIlwVbDTi7PnccJU4SQk6cHRGiJxdoyc-SNWrEKcPxK-2nAjYIHuGzSKUVg5fBG8wBNwRF2efpxh8l2Dw5CAMGTWvS5llW_FBOy6ptYzbFA7WDtP_sQ'

Example response

HTTP/1.1 200 OK
Content-Type: application/json;charset=UTF-8
Content-Length: 630

{
  "id" : "91859226-3bdf-42fc-a0d7-bc01acc46b42",
  "name" : "World Wide Imports",
  "label" : "WW-Imports-21",
  "identityProviders" : [ {
    "id" : "de08d7e5-8d1a-4b98-9ec4-d1916d4adcbb",
    "tenantId" : "91859226-3bdf-42fc-a0d7-bc01acc46b42",
    "auth0ConnectionId" : "auth0-opaque-connectionId-22",
    "name" : "Username/Password",
    "auth0ConnectionType" : "Database"
  } ],
  "active" : false,
  "mfaProvider" : null,
  "createdAt" : {
    "nano" : 430000000,
    "epochSecond" : 1576005409
  },
  "updatedAt" : {
    "nano" : 590000000,
    "epochSecond" : 1576005409
  },
  "deletedAt" : null,
  "deleted" : false
}

Add Identity Provider

POST /tenants/{id}/identity-providers

Authorization

Valid Authorization Bearer token required, along with a permission grant authorizing access to any referenced resources.

Path parameters

Parameter Type Optional Description

id

Object

false

Query parameters

No parameters.

Request fields

Path Type Optional Description

auth0ConnectionId

String

false

Size must be between 1 and 128 inclusive.

identityProviderName

String

false

Size must be between 1 and 128 inclusive.

auth0ConnectionType

String

false

Must be one of [Database, Social, Enterprise, Passwordless].

Response fields

Path Type Optional Description

id

String

false

name

String

false

Used for display purposes. Not unique or private.

Size must be between 1 and 128 inclusive.

label

String

false

A short value, containing only letters, numbers and dashes, which could be used as a label in a vanity domain. This label uniquely identifies the Tenant, and is the key by which tenant users indicate the tenant within which they intend to authenticate. Note: A deleted tenant looses its label. Such tenants will have a label value that combines the tenant id with the prior label value. This maintains the constraint that all tenant labels are unique, and frees the prior tenant label value for reclamation. Obviously a deleted tenant’s label will no longer meet the validation constraints of a live tenant label.

Must match the regular expression \p{Alnum}|\p{Alnum}[-\p{Alnum}]{0,61}\p{Alnum}.

identityProviders

Array[Object]

false

identityProviders[].id

String

false

identityProviders[].tenantId

String

false

The id of the {@link Tenant} that this provider will authenticate users into.

identityProviders[].auth0ConnectionId

String

false

The auth0 generated id of the auth0 connection that this IdP represents.

Size must be between 1 and 128 inclusive.

identityProviders[].name

String

false

Used for display purposes. Not unique or private.

Size must be between 1 and 128 inclusive.

identityProviders[].auth0ConnectionType

String

false

Must be one of [Database, Social, Enterprise, Passwordless].

active

Boolean

true

mfaProvider

String

true

Specifies an Auth0 compliant MFA provider. When set, it will trigger MFA on authentication via Auth0. If null, then the tenant does not require MFA.

Must be one of [None, GoogleAuthenticator].

createdAt

Var

false

updatedAt

Var

false

deletedAt

Var

true

deleted

Boolean

true

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/tenants/06f3cacd-51e3-4c9d-9a36-b41c6ca9a42f/identity-providers' -i -X POST \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJHRkktSzhnRXA3QXg5N3lJRzJxN3lRIiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6ImZkODljNTY4LTRkZDktNGYzNi05YjM5LWY2NGQwYTc2YjI4MiIsImF1ZCI6ImlkZW50aXR5IiwiaWF0IjoxNTc2MDA1NDA5LCJleHAiOjE1NzYwMDkwMDksInBvbGljaWVzIjpbeyJyZXNvdXJjZXMiOlsibmZybjoqIl0sImFjdGlvbnMiOlsiKjoqIl19XX0.cM5FRb5v_tMWcpwIXGFqnYQedoVl_FoKDSCvN5Vajd5TPxV11bW6qnox1uOPuxr4yScySg9DP3TuzSsiU6TR5t4CUTiQaNWNZXiS8_D-jKzhEMnqtgKRih5cSUDPzekD6-Zkmd2upwgOY7cQFbMrl3twOPqxPA2CI8LqxWRUJFxDTLVyiyBFo6IWt7l3XtTK0fjULgd5XaCE3zc81ZWkk6_V88byXvkf8eiXmTVKBBSAfj_jgOE5EKISzeW4n-OTnz1s4yjVKHZ9HsDJmeJ7pyLiPyJ-6NJHft0rY6AQBFd7ufsz_Mr13zUUzhQATt-TBH-YqV006XSUn2lCHcsu1g' \
    -H 'Content-Type: application/json' \
    -d '{"auth0ConnectionId":"auth0-opaque-connection","identityProviderName":"Corp SAML","auth0ConnectionType":"Enterprise"}'

Example response

HTTP/1.1 201 Created
Content-Length: 808
Content-Type: application/json;charset=UTF-8

{
  "id" : "06f3cacd-51e3-4c9d-9a36-b41c6ca9a42f",
  "name" : "World Wide Imports",
  "label" : "WW-Imports-23",
  "identityProviders" : [ {
    "id" : "074bd411-1a00-491b-8c60-b1ba9a67ac81",
    "tenantId" : "06f3cacd-51e3-4c9d-9a36-b41c6ca9a42f",
    "auth0ConnectionId" : "auth0-opaque-connectionId-24",
    "name" : "Username/Password",
    "auth0ConnectionType" : "Database"
  }, {
    "id" : "1314aeef-6182-4d8f-bbe6-5b318aa65b1f",
    "tenantId" : "06f3cacd-51e3-4c9d-9a36-b41c6ca9a42f",
    "auth0ConnectionId" : "auth0-opaque-connection",
    "name" : "Corp SAML",
    "auth0ConnectionType" : "Enterprise"
  } ],
  "active" : true,
  "mfaProvider" : null,
  "createdAt" : {
    "nano" : 647000000,
    "epochSecond" : 1576005409
  },
  "updatedAt" : null,
  "deletedAt" : null,
  "deleted" : false
}

User Identity

Find User Identities

GET /user-identities

Returns a set of {@link UserIdentity}s that are visible to the requesting client and optionally filtered based on the submitted request parameters.

Authorization

Valid Authorization Bearer token required, along with a permission grant authorizing access to any referenced resources.

Path parameters

No parameters.

Query parameters

Supports standard paging query parameters.

Parameter Type Optional Description

tenantId

Object

true

Restricts results to Identities in the specified Tenant (by Tenant’s id.).

firstName

String

true

lastName

String

true

email

String

true

active

Boolean

true

Restricts results to Identities with a matching active status.

includeDeleted

Boolean

true

Default value: 'false'.

Request fields

No request body.

Response fields

Standard paging response where content field is list of following objects:

Path Type Optional Description

id

String

false

tenantId

String

false

firstName

String

false

Size must be between 0 and 128 inclusive.

lastName

String

false

Size must be between 1 and 128 inclusive.

email

String

false

Size must be between 6 and 254 inclusive.

identityMappings

Array[Object]

false

identityMappings[].id

String

false

identityMappings[].auth0UserId

String

false

Size must be between 4 and 256 inclusive.

identityMappings[].identityProviderId

String

false

identityMappings[].userIdentityId

String

false

active

Boolean

true

createdAt

Var

false

deletedAt

Var

true

Returns the date that the identity was deleted or null if the identity has not been deleted. Note, identities are marked as deleted and not returned from searches unless explicitly requested.

name

String

true

type

String

true

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/user-identities' -i -X GET \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJJSjBzTlhObHNsckNyLWlXeTd6MGpRIiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6ImZkODljNTY4LTRkZDktNGYzNi05YjM5LWY2NGQwYTc2YjI4MiIsImF1ZCI6ImlkZW50aXR5IiwiaWF0IjoxNTc2MDA1NDAzLCJleHAiOjE1NzYwMDkwMDMsInBvbGljaWVzIjpbeyJyZXNvdXJjZXMiOlsibmZybjoqIl0sImFjdGlvbnMiOlsiKjoqIl19XX0.EbYa5iTuLSDNnVweF0TbSbNnOPVCHCI_49VolZEXYaAf_HTuadLA_boB_hv2L-cF599_C1rBqBwdI-vurZmc8l4COODfbGKVfdxCZHM0rGPcWJcAOpLTb9Gm0KElD70G4-zMSsCqzzdG6UiQBlmfMF4r8n4-OhCJWT36AqG-z-gO3xdvkXpGMqOJXfVC5tJE62Mnbe1aOER56FioAfqOQ2Cg5av2JVWxjtRmEgq-PfYcc87-h7YCRVImazcuR3M2aDZDsy7orXec322IiIs7a4vU6V2E97HbVwn04wqjnQzHJ71NtuQSC8_pHwU5MmFAt0JdXmVO7G0nxOX4aH39mw'

Example response

HTTP/1.1 200 OK
Content-Length: 2132
Content-Type: application/json;charset=UTF-8

[ {
  "id" : "3858f07c-40e4-4f1b-af6a-25ba07762ff3",
  "tenantId" : "0de4af2c-8b83-4e22-a06c-1111fffc02f3",
  "firstName" : "John",
  "lastName" : "Doe",
  "email" : "john.doe@acme.com",
  "identityMappings" : [ {
    "id" : "82650b6e-fb1d-4666-9603-30807ae5b3ed",
    "auth0UserId" : "auth0-opaque-userId-3",
    "identityProviderId" : "07ba1b5d-f552-441e-98c4-fead9227b8c0",
    "userIdentityId" : "3858f07c-40e4-4f1b-af6a-25ba07762ff3"
  } ],
  "active" : true,
  "createdAt" : {
    "nano" : 183000000,
    "epochSecond" : 1576005398
  },
  "deletedAt" : null,
  "name" : "John Doe",
  "type" : "UserIdentity"
}, {
  "id" : "fd89c568-4dd9-4f36-9b39-f64d0a76b282",
  "tenantId" : "0de4af2c-8b83-4e22-a06c-1111fffc02f3",
  "firstName" : "TESTING",
  "lastName" : "CLIENT",
  "email" : "test.client@server.com",
  "identityMappings" : [ {
    "id" : "e451f1c7-57ee-4e28-b0e7-8a520e329727",
    "auth0UserId" : "auth0-opaque-userId-6",
    "identityProviderId" : "07ba1b5d-f552-441e-98c4-fead9227b8c0",
    "userIdentityId" : "fd89c568-4dd9-4f36-9b39-f64d0a76b282"
  } ],
  "active" : true,
  "createdAt" : {
    "nano" : 197000000,
    "epochSecond" : 1576005398
  },
  "deletedAt" : null,
  "name" : "TESTING CLIENT",
  "type" : "UserIdentity"
}, {
  "id" : "80427e45-1893-4de9-8ae3-dbb45b162bf3",
  "tenantId" : "0de4af2c-8b83-4e22-a06c-1111fffc02f3",
  "firstName" : "First",
  "lastName" : "Last",
  "email" : "random-7@acme.com",
  "identityMappings" : [ {
    "id" : "834445c2-e6b8-4150-b322-10c3e1230dca",
    "auth0UserId" : "new-auth0-userId:7c150c71-d950-45be-81fd-88c30b67ecaa",
    "identityProviderId" : "a94297bd-67b6-4b5b-af2a-d42657217131",
    "userIdentityId" : "80427e45-1893-4de9-8ae3-dbb45b162bf3"
  }, {
    "id" : "575909d8-c370-42dc-b3bc-f91cf3417e36",
    "auth0UserId" : "auth0-opaque-userId-8",
    "identityProviderId" : "07ba1b5d-f552-441e-98c4-fead9227b8c0",
    "userIdentityId" : "80427e45-1893-4de9-8ae3-dbb45b162bf3"
  } ],
  "active" : true,
  "createdAt" : {
    "nano" : 243000000,
    "epochSecond" : 1576005400
  },
  "deletedAt" : null,
  "name" : "First Last",
  "type" : "UserIdentity"
} ]

Get User Identity

GET /user-identities/{id}

Get an User Identity by its id.

Authorization

Valid Authorization Bearer token required, along with a permission grant authorizing access to any referenced resources.

Path parameters

Parameter Type Optional Description

id

String

false

Query parameters

No parameters.

Request fields

No request body.

Response fields

Path Type Optional Description

id

String

false

tenantId

String

false

firstName

String

false

Size must be between 0 and 128 inclusive.

lastName

String

false

Size must be between 1 and 128 inclusive.

email

String

false

Size must be between 6 and 254 inclusive.

identityMappings

Array[Object]

false

identityMappings[].id

String

false

identityMappings[].auth0UserId

String

false

Size must be between 4 and 256 inclusive.

identityMappings[].identityProviderId

String

false

identityMappings[].userIdentityId

String

false

active

Boolean

true

createdAt

Var

false

deletedAt

Var

true

Returns the date that the identity was deleted or null if the identity has not been deleted. Note, identities are marked as deleted and not returned from searches unless explicitly requested.

name

String

true

type

String

true

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/user-identities/3858f07c-40e4-4f1b-af6a-25ba07762ff3' -i -X GET \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJoUHJmTFhORHFyWHpDejRGaGlZWkp3IiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6ImZkODljNTY4LTRkZDktNGYzNi05YjM5LWY2NGQwYTc2YjI4MiIsImF1ZCI6ImlkZW50aXR5IiwiaWF0IjoxNTc2MDA1NDA1LCJleHAiOjE1NzYwMDkwMDUsInBvbGljaWVzIjpbeyJyZXNvdXJjZXMiOlsibmZybjoqIl0sImFjdGlvbnMiOlsiKjoqIl19XX0.B0ANNBYmXTvCaHoxaS0ukp_Oo-37806FlaP3e8mJGPBqg6arUQQC4UCtSueQ__nuPtE7M7lyLjLYLUebpoynYmsx_FI4VTfhFbL4HTTks6f0C4XxJcjfXelrHgxtT0RnuyOxYhXcZy2S_gYuvs8PrfT_m9szkJVnP_vgjSqlfpesmvPK8qBPMZbZW54rMOss9D-Cexo5mULtH9ov14ZBFr_sIoZbvOZsqQ6J6okXk09vP68QH1VIzeqa2_Ml2ch4JJvonM3MQX5nXZoHz0oOSNWFSiOk8SdasNutoRaej5eMP0t20d_zW67FrW5sHNVz-Ks7n6qg4SJRAyHOu0kwPg'

Example response

HTTP/1.1 200 OK
Content-Length: 613
Content-Type: application/json;charset=UTF-8

{
  "id" : "3858f07c-40e4-4f1b-af6a-25ba07762ff3",
  "tenantId" : "0de4af2c-8b83-4e22-a06c-1111fffc02f3",
  "firstName" : "John",
  "lastName" : "Doe",
  "email" : "john.doe@acme.com",
  "identityMappings" : [ {
    "id" : "82650b6e-fb1d-4666-9603-30807ae5b3ed",
    "auth0UserId" : "auth0-opaque-userId-3",
    "identityProviderId" : "07ba1b5d-f552-441e-98c4-fead9227b8c0",
    "userIdentityId" : "3858f07c-40e4-4f1b-af6a-25ba07762ff3"
  } ],
  "active" : true,
  "createdAt" : {
    "nano" : 183000000,
    "epochSecond" : 1576005398
  },
  "deletedAt" : null,
  "name" : "John Doe",
  "type" : "UserIdentity"
}

Get User Identity By Mapping

GET /user-identities/mapping/{auth0UserId}/{identityProviderId}

Authorization

Valid Authorization Bearer token required, along with a permission grant authorizing access to any referenced resources.

Path parameters

Parameter Type Optional Description

auth0UserId

String

false

identityProviderId

Object

false

Query parameters

No parameters.

Request fields

No request body.

Response fields

Path Type Optional Description

id

String

false

tenantId

String

false

firstName

String

false

Size must be between 0 and 128 inclusive.

lastName

String

false

Size must be between 1 and 128 inclusive.

email

String

false

Size must be between 6 and 254 inclusive.

identityMappings

Array[Object]

false

identityMappings[].id

String

false

identityMappings[].auth0UserId

String

false

Size must be between 4 and 256 inclusive.

identityMappings[].identityProviderId

String

false

identityMappings[].userIdentityId

String

false

active

Boolean

true

createdAt

Var

false

deletedAt

Var

true

Returns the date that the identity was deleted or null if the identity has not been deleted. Note, identities are marked as deleted and not returned from searches unless explicitly requested.

name

String

true

type

String

true

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/user-identities/mapping/auth0-opaque-userId-3/07ba1b5d-f552-441e-98c4-fead9227b8c0' -i -X GET \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJhQVA2cV8wTXdfcXBXV2Y2Ti1kQTFBIiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6ImZkODljNTY4LTRkZDktNGYzNi05YjM5LWY2NGQwYTc2YjI4MiIsImF1ZCI6ImlkZW50aXR5IiwiaWF0IjoxNTc2MDA1NDA1LCJleHAiOjE1NzYwMDkwMDUsInBvbGljaWVzIjpbeyJyZXNvdXJjZXMiOlsibmZybjoqIl0sImFjdGlvbnMiOlsiKjoqIl19XX0.bopjVb8QWiFuYAJcnVcAhfDBFvpmJkfONWk-puZfmyS-XYY-nVwTFa-hGKlEHoraqRPM2japI-b-OSOY77eee8_P6nEWDSXzG_4g0iJhYBtZpB8zMer7NQFcghcwVeqdwaTUolineBxGecUMNB8EoYHbTpaeHUiKRg3wD-TULVY-7SZ54NL1Nv0SR75gbWO4pWRrIDW5W2SVC4uZIYhgrgvR52uTpHQxvGp7YW5qEqmH6drAZe94m7RL3adURHmzShLeiDc07i55MDHsDw9DmWFTk6ckvDSpC0fHYdyfKjpEpZisgSbqTIe_NYH3gqXdPm4IMWB7B17R_l5BVWku7Q'

Example response

HTTP/1.1 200 OK
Content-Length: 613
Content-Type: application/json;charset=UTF-8

{
  "id" : "3858f07c-40e4-4f1b-af6a-25ba07762ff3",
  "tenantId" : "0de4af2c-8b83-4e22-a06c-1111fffc02f3",
  "firstName" : "John",
  "lastName" : "Doe",
  "email" : "john.doe@acme.com",
  "identityMappings" : [ {
    "id" : "82650b6e-fb1d-4666-9603-30807ae5b3ed",
    "auth0UserId" : "auth0-opaque-userId-3",
    "identityProviderId" : "07ba1b5d-f552-441e-98c4-fead9227b8c0",
    "userIdentityId" : "3858f07c-40e4-4f1b-af6a-25ba07762ff3"
  } ],
  "active" : true,
  "createdAt" : {
    "nano" : 183000000,
    "epochSecond" : 1576005398
  },
  "deletedAt" : null,
  "name" : "John Doe",
  "type" : "UserIdentity"
}

Create Identity

POST /user-identities

Authorization

Valid Authorization Bearer token required, along with a permission grant authorizing access to any referenced resources.

Path parameters

No parameters.

Query parameters

No parameters.

Request fields

Path Type Optional Description

tenantId

String

false

firstName

String

false

Size must be between 0 and 128 inclusive.

lastName

String

false

Size must be between 1 and 128 inclusive.

email

String

false

Size must be between 6 and 254 inclusive.

Response fields

Path Type Optional Description

id

String

false

tenantId

String

false

firstName

String

false

Size must be between 0 and 128 inclusive.

lastName

String

false

Size must be between 1 and 128 inclusive.

email

String

false

Size must be between 6 and 254 inclusive.

identityMappings

Array[Object]

false

identityMappings[].id

String

false

identityMappings[].auth0UserId

String

false

Size must be between 4 and 256 inclusive.

identityMappings[].identityProviderId

String

false

identityMappings[].userIdentityId

String

false

active

Boolean

true

createdAt

Var

false

deletedAt

Var

true

Returns the date that the identity was deleted or null if the identity has not been deleted. Note, identities are marked as deleted and not returned from searches unless explicitly requested.

name

String

true

type

String

true

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/user-identities' -i -X POST \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiItcmV4dU5McHZXSTNEVjg1a1VGN3RBIiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6ImZkODljNTY4LTRkZDktNGYzNi05YjM5LWY2NGQwYTc2YjI4MiIsImF1ZCI6ImlkZW50aXR5IiwiaWF0IjoxNTc2MDA1NDA2LCJleHAiOjE1NzYwMDkwMDYsInBvbGljaWVzIjpbeyJyZXNvdXJjZXMiOlsibmZybjoqIl0sImFjdGlvbnMiOlsiKjoqIl19XX0.Ml5fmoGOLjO2lV4vqhrQqXJxL_M_KvhkkD-fXGW5sX7PaNXKM9-TK19i-9dpenP5DvZjH52Ua8nHCgh8UR8n_svMuVBT0LlUkxH6SDWhRbWmclhO9Hm1FaG2aqyJkL4JRwdR4C_qNdByLNT6HcZH-AUyXOHdXcW6KkT_G_g52nJGAggJuKrrFORNo_EnOM9Ynuqez1OW-WPGaBlQsYogH6nJztp8zvMztGv38kWeU6nK30P_Q91b_AnPOCDYkfXaKPU3oSYx5QcKvXT8lGpl8s4-BJe0EpOYZfmRHqRMkLyMFpMV-yY4irXRPYa23XEvEiNpysOlEkaepWTLdYLKTQ' \
    -H 'Content-Type: application/json' \
    -d '{"tenantId":"0de4af2c-8b83-4e22-a06c-1111fffc02f3","firstName":"Jane","lastName":"Doe","email":"jane.doe@acme.com"}'

Example response

HTTP/1.1 201 Created
Content-Length: 382
Content-Type: application/json;charset=UTF-8

{
  "id" : "52415acb-7375-4420-8204-1643752e655d",
  "tenantId" : "0de4af2c-8b83-4e22-a06c-1111fffc02f3",
  "firstName" : "Jane",
  "lastName" : "Doe",
  "email" : "jane.doe@acme.com",
  "identityMappings" : [ ],
  "active" : true,
  "createdAt" : {
    "nano" : 391000000,
    "epochSecond" : 1576005406
  },
  "deletedAt" : null,
  "name" : "Jane Doe",
  "type" : "UserIdentity"
}

Update Identity Info

PUT /user-identities/{id}

Authorization

Valid Authorization Bearer token required, along with a permission grant authorizing access to any referenced resources.

Path parameters

Parameter Type Optional Description

id

Object

false

Query parameters

No parameters.

Request fields

Path Type Optional Description

firstName

String

true

Size must be between 0 and 128 inclusive.

lastName

String

true

Size must be between 1 and 128 inclusive.

email

String

true

Size must be between 6 and 254 inclusive.

Response fields

Path Type Optional Description

id

String

false

tenantId

String

false

firstName

String

false

Size must be between 0 and 128 inclusive.

lastName

String

false

Size must be between 1 and 128 inclusive.

email

String

false

Size must be between 6 and 254 inclusive.

identityMappings

Array[Object]

false

identityMappings[].id

String

false

identityMappings[].auth0UserId

String

false

Size must be between 4 and 256 inclusive.

identityMappings[].identityProviderId

String

false

identityMappings[].userIdentityId

String

false

active

Boolean

true

createdAt

Var

false

deletedAt

Var

true

Returns the date that the identity was deleted or null if the identity has not been deleted. Note, identities are marked as deleted and not returned from searches unless explicitly requested.

name

String

true

type

String

true

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/user-identities/ab9bef3d-6212-4fec-b6d7-97d3e4297122' -i -X PUT \
    -H 'Content-Type: application/json' \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJKOTNhcGtHY2pobDBVNE9XV3VhNnJRIiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6ImZkODljNTY4LTRkZDktNGYzNi05YjM5LWY2NGQwYTc2YjI4MiIsImF1ZCI6ImlkZW50aXR5IiwiaWF0IjoxNTc2MDA1NDAyLCJleHAiOjE1NzYwMDkwMDIsInBvbGljaWVzIjpbeyJyZXNvdXJjZXMiOlsibmZybjoqIl0sImFjdGlvbnMiOlsiKjoqIl19XX0.DRv4r5CvQ0J6gIhJJM_WYR4nceUOpa-w09R9N2Oeo2M8EPh5RXeSMkctwRXEUhsWIjS1Fx-mN1X45mc1T140OpbSlKW9E4FuVL8unYa96qtJokOwmc7wQzTZezoCcw8WFaVbdngEDkM4ENMk7QsnyErF9QW6N9u7WEmvONo2Rt1njOLH61b9HVKLdc2SYDTsQEsp1tcVMvGHHMBk_cGRtvm91FfK0jGf-NJ2tyZFMto07juskI_EjFTM9O-22K76rZasWKQElXOkNtK3RvEqH8lDb-UL73_NufrbqaR4o-EmjFi0keq82zAhayx92w4fkRIkJTwTOeNrcSWzVUMKoA' \
    -d '{"firstName":"Bobby","lastName":"White","email":"bobby.white@acme.com"}'

Example response

HTTP/1.1 200 OK
Content-Length: 623
Content-Type: application/json;charset=UTF-8

{
  "id" : "ab9bef3d-6212-4fec-b6d7-97d3e4297122",
  "tenantId" : "0de4af2c-8b83-4e22-a06c-1111fffc02f3",
  "firstName" : "Bobby",
  "lastName" : "White",
  "email" : "bobby.white@acme.com",
  "identityMappings" : [ {
    "id" : "1f15365d-7c7a-424e-a3d0-1ac6559a5403",
    "auth0UserId" : "auth0-opaque-userId-10",
    "identityProviderId" : "07ba1b5d-f552-441e-98c4-fead9227b8c0",
    "userIdentityId" : "ab9bef3d-6212-4fec-b6d7-97d3e4297122"
  } ],
  "active" : true,
  "createdAt" : {
    "nano" : 762000000,
    "epochSecond" : 1576005401
  },
  "deletedAt" : null,
  "name" : "Bobby White",
  "type" : "UserIdentity"
}

Activate Or Deactivate User Identity

PUT /user-identities/{id}/{action:activate|deactivate}

Authorization

Valid Authorization Bearer token required, along with a permission grant authorizing access to any referenced resources.

Path parameters

Parameter Type Optional Description

id

Object

false

action

String

false

Query parameters

No parameters.

Request fields

No request body.

Response fields

Path Type Optional Description

id

String

false

tenantId

String

false

firstName

String

false

Size must be between 0 and 128 inclusive.

lastName

String

false

Size must be between 1 and 128 inclusive.

email

String

false

Size must be between 6 and 254 inclusive.

identityMappings

Array[Object]

false

identityMappings[].id

String

false

identityMappings[].auth0UserId

String

false

Size must be between 4 and 256 inclusive.

identityMappings[].identityProviderId

String

false

identityMappings[].userIdentityId

String

false

active

Boolean

true

createdAt

Var

false

deletedAt

Var

true

Returns the date that the identity was deleted or null if the identity has not been deleted. Note, identities are marked as deleted and not returned from searches unless explicitly requested.

name

String

true

type

String

true

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/user-identities/3128a1b9-854c-4f1b-9aa8-211cd7484a2d/deactivate' -i -X PUT \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJtdHh2QTBWSWVOZUdRaEpzd1dBNWJ3IiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6ImZkODljNTY4LTRkZDktNGYzNi05YjM5LWY2NGQwYTc2YjI4MiIsImF1ZCI6ImlkZW50aXR5IiwiaWF0IjoxNTc2MDA1NDAyLCJleHAiOjE1NzYwMDkwMDIsInBvbGljaWVzIjpbeyJyZXNvdXJjZXMiOlsibmZybjoqIl0sImFjdGlvbnMiOlsiKjoqIl19XX0.fmHqZfvwNqeloy_DCUfq4I1Q_nL2aORZ8b1wqLf7LPMmPfxwgNcB99VFWsIe6qIW5Ew_gRgLvL0Ns7kVSTRPA8omUfn3vLOwZVN4uoUHdi0SbLA6R6R9SUS4dGC2lXOGU4yvFy3XUS0l_fKuBnPN8eW5LAazYY8OUjmM_EjOXaEYuIz3_71ozMGXnR9X287zmwFRcQY_4gC-CDzFvlsHZ7Qt-cHaOvHhBh2OIce7o3wx20As87j4l3Y31ZWloDKd7rmPmtBpMAj3mnOC9cM0ztqu8Fic6RpxCEPX6lFmdnp9jPAZtFyR0YuTg1c19kSgvXV00dghqCVsYfnzpgGNlQ'

Example response

HTTP/1.1 200 OK
Content-Type: application/json;charset=UTF-8
Content-Length: 620

{
  "id" : "3128a1b9-854c-4f1b-9aa8-211cd7484a2d",
  "tenantId" : "0de4af2c-8b83-4e22-a06c-1111fffc02f3",
  "firstName" : "First",
  "lastName" : "Last",
  "email" : "random-11@acme.com",
  "identityMappings" : [ {
    "id" : "3f898947-1bc4-471a-846e-8289b1294f50",
    "auth0UserId" : "auth0-opaque-userId-12",
    "identityProviderId" : "07ba1b5d-f552-441e-98c4-fead9227b8c0",
    "userIdentityId" : "3128a1b9-854c-4f1b-9aa8-211cd7484a2d"
  } ],
  "active" : false,
  "createdAt" : {
    "nano" : 226000000,
    "epochSecond" : 1576005402
  },
  "deletedAt" : null,
  "name" : "First Last",
  "type" : "UserIdentity"
}

Reset User Identity Mfa Settings

PUT /user-identities/{id}/reset-mfa

Calling this service will reset the user’s MFA settings. On their next login attempt, they will be required to setup their MFA settings again. This is useful if, for example, the user has replaced their phone and can no longer access their secondary authentication.

Authorization

Valid Authorization Bearer token required, along with a permission grant authorizing access to any referenced resources.

Path parameters

Parameter Type Optional Description

id

Object

false

The id of the user identity to reset.

Query parameters

No parameters.

Request fields

No request body.

Response fields

No response body.

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/user-identities/6376965f-d345-4709-83a5-32c5bb65ae34/reset-mfa' -i -X PUT \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJfOTh0QmVqUW0zd052WjFSVnlUYlRRIiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6ImZkODljNTY4LTRkZDktNGYzNi05YjM5LWY2NGQwYTc2YjI4MiIsImF1ZCI6ImlkZW50aXR5IiwiaWF0IjoxNTc2MDA1NDA0LCJleHAiOjE1NzYwMDkwMDQsInBvbGljaWVzIjpbeyJyZXNvdXJjZXMiOlsibmZybjoqIl0sImFjdGlvbnMiOlsiKjoqIl19XX0.oj72E9GCU9eWbGezRJ4RN7GuTW8caLRRwFKWAh1xe2weI6kJRQmSx010ftPusPApEmm8b3ne5Mtf0-dKNywUR4SWU699m21MY_12RNw3sKEGGH0xGWcTQbJ5So_9e598yeLnw1YtqlttN_uUmxYcEdE7NmpNUW2GBs4THodlzwt52DCX7uLHiR5clyfiFVf7K9m0logQQ9VYSbKAH4e3j7jEgFznzwZ5rqmx_FQQ_8B2TmJO10bTP69dWyYZLWI-1SZvElWvrasD-HZ6kwxKAe6I-s8Fqhu32ZR3MIdCoyBo1amm9zxtyqvKhG9Nl8hjRspSsfEnlsK-CAhOnYUNZA'

Example response

HTTP/1.1 200 OK

Map Identity

POST /user-identities/{id}/mapping

Authorization

Valid Authorization Bearer token required, along with a permission grant authorizing access to any referenced resources.

Path parameters

Parameter Type Optional Description

id

Object

false

Query parameters

No parameters.

Request fields

Path Type Optional Description

auth0UserId

String

false

Size must be between 1 and 128 inclusive.

identityProviderId

String

false

Response fields

No response body.

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/user-identities/80427e45-1893-4de9-8ae3-dbb45b162bf3/mapping' -i -X POST \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJiVEpFYjMxdzNybUNFQ0hSZnRpMGxRIiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6ImZkODljNTY4LTRkZDktNGYzNi05YjM5LWY2NGQwYTc2YjI4MiIsImF1ZCI6ImlkZW50aXR5IiwiaWF0IjoxNTc2MDA1NDAxLCJleHAiOjE1NzYwMDkwMDEsInBvbGljaWVzIjpbeyJyZXNvdXJjZXMiOlsibmZybjoqIl0sImFjdGlvbnMiOlsiKjoqIl19XX0.WGjCbKeXSmb7chy7UWIIDDI8s-cwGYOpxNrx571Osb9UagHlk0Ch4wYHhrymuoy5S45GmMB5HygQdLMgsjthVE0wwlQciWfTPXV5C2UxNtib6Ee-JfvvVp6sVcNZ_a_lDCO0a9b8pp7Jokc3-13y_rBIX9F5sWtQak83xa1rq0a5G1Wk0kwhrVb0FYR7S58Zq560Yvc-FeEJFOhc6vjabM-AOnLb_wqB6708oAa8JTqO5CeV_hIuWOsoyoMtl7mnj2uMkI_SKNM5w0yOS7HEiAT7Fp73j1vkMMici7n77H1tJ80f9wE6J-hIFSjCGeh_1XGsPpbkdWSPfrjoe8fq9w' \
    -H 'Content-Type: application/json' \
    -d '{"auth0UserId":"new-auth0-userId:7c150c71-d950-45be-81fd-88c30b67ecaa","identityProviderId":"a94297bd-67b6-4b5b-af2a-d42657217131"}'

Example response

HTTP/1.1 200 OK

API Account Identity

Find Api Account Identities

GET /api-account-identities

Returns a set of {@link ApiAccountIdentity}s that are visible to the requesting client and optionally filtered based on the submitted request parameters.

Authorization

Valid Authorization Bearer token required, along with a permission grant authorizing access to any referenced resources.

Path parameters

No parameters.

Query parameters

Supports standard paging query parameters.

Parameter Type Optional Description

tenantId

Object

true

Restricts results to Identities in the specified Tenant (by Tenant’s id.).

name

String

true

contactEmail

String

true

active

Boolean

true

Restricts results to Identities with a matching active status.

includeDeleted

Boolean

true

Default value: 'false'.

Request fields

No request body.

Response fields

Standard paging response where content field is list of following objects:

Path Type Optional Description

id

String

false

tenantId

String

false

auth0ClientId

String

false

Size must be between 16 and 128 inclusive.

name

String

false

Size must be between 0 and 256 inclusive.

contactEmail

String

false

Must be a well-formed email address.
Size must be between 6 and 254 inclusive.

description

String

false

Size must be between 0 and 2048 inclusive.

active

Boolean

true

createdAt

Var

false

updatedAt

Var

false

deletedAt

Var

true

Returns the date that the identity was deleted or null if the identity has not been deleted. Note, identities are marked as deleted and not returned from searches unless explicitly requested.

email

String

true

type

String

true

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/api-account-identities' -i -X GET \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJXUE5XZU9BM2NBVlpYOHhPekRyQ3pnIiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6ImZkODljNTY4LTRkZDktNGYzNi05YjM5LWY2NGQwYTc2YjI4MiIsImF1ZCI6ImlkZW50aXR5IiwiaWF0IjoxNTc2MDA1NDE2LCJleHAiOjE1NzYwMDkwMTYsInBvbGljaWVzIjpbeyJyZXNvdXJjZXMiOlsibmZybjoqIl0sImFjdGlvbnMiOlsiKjoqIl19XX0.j8q3eD4vk1ZlXsRTPFjHnLZRyqdL2z75AnUw28-L2ZAMkvJMqQvTEw8UZ8tPuXh73XqpPktqjJ-0oRolI5ycWhrH9oWB14bcTJOAUwuIs1lMxRpgn6qS3wQ8YjItqHtBW7NzmE9n4KKuXNhzgUXPVWlP0FoRojwDVQOgrQoo1uZVuhlQ_isHfYs7gvGYyn8UYp4T12wGvW_KwIGoSvgeeeteo1w8Tx02sN0-XgFevpN1uSQNxQIJbzr87KXFrjxT8QZ_9wUVcyU1_AjwAHEe9T6eD_CMhXOXyiH4BKHtlmRZcukF_Hp3it80Q8VdIWrWI7S6p7zzD6fZA80kIha6Ww'

Example response

HTTP/1.1 200 OK
Content-Length: 1671
Content-Type: application/json;charset=UTF-8

[ {
  "id" : "5c2eff72-6ba1-4858-b3f3-12a72779b7c3",
  "tenantId" : "0de4af2c-8b83-4e22-a06c-1111fffc02f3",
  "auth0ClientId" : "060e21f8-b9c8-4bcd-838f-abcab7789a12",
  "name" : "api-account",
  "contactEmail" : "no-reply@acme.com",
  "description" : "This is an ACME non-interactive API client.",
  "active" : true,
  "createdAt" : {
    "nano" : 194000000,
    "epochSecond" : 1576005398
  },
  "updatedAt" : {
    "nano" : 31000000,
    "epochSecond" : 1576005414
  },
  "deletedAt" : null,
  "email" : "no-reply@acme.com",
  "type" : "ApiAccountIdentity"
}, {
  "id" : "0f95c570-9be3-40aa-8c06-c886bfa2883b",
  "tenantId" : "0de4af2c-8b83-4e22-a06c-1111fffc02f3",
  "auth0ClientId" : "effa677a-8589-42fe-999e-e01262acb280",
  "name" : "Robot",
  "contactEmail" : "robot@acme.com",
  "description" : "description here.",
  "active" : true,
  "createdAt" : {
    "nano" : 289000000,
    "epochSecond" : 1576005412
  },
  "updatedAt" : {
    "nano" : 747000000,
    "epochSecond" : 1576005412
  },
  "deletedAt" : null,
  "email" : "robot@acme.com",
  "type" : "ApiAccountIdentity"
}, {
  "id" : "d1a1afee-32dc-4939-9360-0c6b127b4a37",
  "tenantId" : "0de4af2c-8b83-4e22-a06c-1111fffc02f3",
  "auth0ClientId" : "96ed12d4-452c-4583-874a-bf7b3bb85f02",
  "name" : "ACME Internal Service-40",
  "contactEmail" : "service.admin-41@acme.com",
  "description" : "updatable API Account description-42",
  "active" : true,
  "createdAt" : {
    "nano" : 590000000,
    "epochSecond" : 1576005414
  },
  "updatedAt" : {
    "nano" : 771000000,
    "epochSecond" : 1576005414
  },
  "deletedAt" : null,
  "email" : "service.admin-41@acme.com",
  "type" : "ApiAccountIdentity"
} ]

Get Api Account Identity

GET /api-account-identities/{id}

Get an API Account Identity by its id.

Authorization

Valid Authorization Bearer token required, along with a permission grant authorizing access to any referenced resources.

Path parameters

Parameter Type Optional Description

id

String

false

Query parameters

No parameters.

Request fields

No request body.

Response fields

Path Type Optional Description

id

String

false

tenantId

String

false

auth0ClientId

String

false

Size must be between 16 and 128 inclusive.

name

String

false

Size must be between 0 and 256 inclusive.

contactEmail

String

false

Must be a well-formed email address.
Size must be between 6 and 254 inclusive.

description

String

false

Size must be between 0 and 2048 inclusive.

active

Boolean

true

createdAt

Var

false

updatedAt

Var

false

deletedAt

Var

true

Returns the date that the identity was deleted or null if the identity has not been deleted. Note, identities are marked as deleted and not returned from searches unless explicitly requested.

email

String

true

type

String

true

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/api-account-identities/5c2eff72-6ba1-4858-b3f3-12a72779b7c3' -i -X GET \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJ4MzlqZ0Z3a1pFS0lEN3p6cnQtOEZ3IiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6ImZkODljNTY4LTRkZDktNGYzNi05YjM5LWY2NGQwYTc2YjI4MiIsImF1ZCI6ImlkZW50aXR5IiwiaWF0IjoxNTc2MDA1NDE2LCJleHAiOjE1NzYwMDkwMTYsInBvbGljaWVzIjpbeyJyZXNvdXJjZXMiOlsibmZybjoqIl0sImFjdGlvbnMiOlsiKjoqIl19XX0.fliUpAV2gBROaMPY4H4aEVmwedhkBtAP4tBZZhtpEEoIAnx4zll2GgEamL4LpFEtCbkYU8XAkjdh6uY0F2-XUh_yye9iDDu3gi_Cm5c2p_w4A4VdwaTD1nU0_Qqfji1gfIPNbyQE5VBtb49FoVoC7DfDHndHvLe8JRPQJnqaSp_fxdz-LO3r_6ej_IRO6LtH_pBWhRPkpi4kM-OQeR-mi2bF861w0NLT4NLzvuEoQVprxZkCwKkc2jFCOEpxR307qViGo1m4W1FakrGrqn7WoTnsUY2PEpk9SSg2HhrWa809qvI70bPINElTcu1t1UcJczfYg0LTIW2gMAftz9gA1Q'

Example response

HTTP/1.1 200 OK
Content-Length: 559
Content-Type: application/json;charset=UTF-8

{
  "id" : "5c2eff72-6ba1-4858-b3f3-12a72779b7c3",
  "tenantId" : "0de4af2c-8b83-4e22-a06c-1111fffc02f3",
  "auth0ClientId" : "060e21f8-b9c8-4bcd-838f-abcab7789a12",
  "name" : "api-account",
  "contactEmail" : "no-reply@acme.com",
  "description" : "This is an ACME non-interactive API client.",
  "active" : true,
  "createdAt" : {
    "nano" : 194000000,
    "epochSecond" : 1576005398
  },
  "updatedAt" : {
    "nano" : 31000000,
    "epochSecond" : 1576005414
  },
  "deletedAt" : null,
  "email" : "no-reply@acme.com",
  "type" : "ApiAccountIdentity"
}

Unresolved directive in index.adoc - include::/home/jenkins/workspace/identity_release_2.34.0/target/generated-snippets/api-account-identity/get-api-account-identity-by-mapping/auto-section.adoc[]

Create Api Account Identity

POST /api-account-identities

Authorization

Valid Authorization Bearer token required, along with a permission grant authorizing access to any referenced resources.

Path parameters

No parameters.

Query parameters

No parameters.

Request fields

Path Type Optional Description

tenantId

String

false

name

String

false

Size must be between 0 and 128 inclusive.

contactEmail

String

false

Must be a well-formed email address.
Size must be between 6 and 254 inclusive.

description

String

false

Size must be between 0 and 2048 inclusive.

Response fields

Path Type Optional Description

apiAccountIdentity

Object

true

apiAccountIdentity.id

String

false

apiAccountIdentity.tenantId

String

false

apiAccountIdentity.auth0ClientId

String

false

Size must be between 16 and 128 inclusive.

apiAccountIdentity.name

String

false

Size must be between 0 and 256 inclusive.

apiAccountIdentity.contactEmail

String

false

Must be a well-formed email address.
Size must be between 6 and 254 inclusive.

apiAccountIdentity.description

String

false

Size must be between 0 and 2048 inclusive.

apiAccountIdentity.active

Boolean

true

apiAccountIdentity.createdAt

Var

false

apiAccountIdentity.updatedAt

Var

false

apiAccountIdentity.deletedAt

Var

true

Returns the date that the identity was deleted or null if the identity has not been deleted. Note, identities are marked as deleted and not returned from searches unless explicitly requested.

apiAccountIdentity.email

String

true

apiAccountIdentity.type

String

true

password

String

true

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/api-account-identities' -i -X POST \
    -H 'Content-Type: application/json' \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJJVU42NWxSNUlGdjQ3MmRiSGtFcnNBIiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6ImZkODljNTY4LTRkZDktNGYzNi05YjM5LWY2NGQwYTc2YjI4MiIsImF1ZCI6ImlkZW50aXR5IiwiaWF0IjoxNTc2MDA1NDE1LCJleHAiOjE1NzYwMDkwMTUsInBvbGljaWVzIjpbeyJyZXNvdXJjZXMiOlsibmZybjoqIl0sImFjdGlvbnMiOlsiKjoqIl19XX0.acfF5OFi6O1KVzZo8X4i-bmxIVBit-OmpDxCvU352CFSDMi0bml0qEtN3B-tFi_bRBHdKqaYlN2X8DKebuv5YyXpVv-gOo-cAztLJxCRjLzVzb4lnHIzZ1yD56wlxkuaBcsknxYJm4RmUS2EJYSBewRwRSS08nCLO7NEoyCCPhsIRyQikHbDjnfDwju_sQmadepF65Glw36lAOkgr7Y1elXVn4YXr_Zf4SsYxaqZ_SuQCOZg2w0HDivfPe8YBxd-XxrWIpCBAGIArN9U1Z110-DcDIdj2eYOpnoOB0NBE_iPEEI5yhViMXQpMZ67v0Y_BWVszhrcaXDjU27o0wUzAQ' \
    -d '{"tenantId":"0de4af2c-8b83-4e22-a06c-1111fffc02f3","name":"HR Bridge Service","contactEmail":"hr.director@acme.com","description":"description goes here"}'

Example response

HTTP/1.1 201 Created
Content-Length: 633
Content-Type: application/json;charset=UTF-8

{
  "apiAccountIdentity" : {
    "id" : "9334a5b3-bf9f-455e-bfbd-b8d7d837a5ff",
    "tenantId" : "0de4af2c-8b83-4e22-a06c-1111fffc02f3",
    "auth0ClientId" : "ed28991b-ac28-4261-9c1d-9e3439349bcc",
    "name" : "HR Bridge Service",
    "contactEmail" : "hr.director@acme.com",
    "description" : "description goes here",
    "active" : true,
    "createdAt" : {
      "nano" : 772000000,
      "epochSecond" : 1576005415
    },
    "updatedAt" : null,
    "deletedAt" : null,
    "email" : "hr.director@acme.com",
    "type" : "ApiAccountIdentity"
  },
  "password" : "ed28991b-ac28-4261-9c1d-9e3439349bcc-PASSWORD-1576005415772"
}

Update Identity Info

PUT /api-account-identities/{id}

Authorization

Valid Authorization Bearer token required, along with a permission grant authorizing access to any referenced resources.

Path parameters

Parameter Type Optional Description

id

Object

false

Query parameters

No parameters.

Request fields

Path Type Optional Description

name

String

true

Size must be between 0 and 256 inclusive.

contactEmail

String

true

Must be a well-formed email address.
Size must be between 6 and 254 inclusive.

description

String

true

Size must be between 0 and 2048 inclusive.

Response fields

Path Type Optional Description

id

String

false

tenantId

String

false

auth0ClientId

String

false

Size must be between 16 and 128 inclusive.

name

String

false

Size must be between 0 and 256 inclusive.

contactEmail

String

false

Must be a well-formed email address.
Size must be between 6 and 254 inclusive.

description

String

false

Size must be between 0 and 2048 inclusive.

active

Boolean

true

createdAt

Var

false

updatedAt

Var

false

deletedAt

Var

true

Returns the date that the identity was deleted or null if the identity has not been deleted. Note, identities are marked as deleted and not returned from searches unless explicitly requested.

email

String

true

type

String

true

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/api-account-identities/0f95c570-9be3-40aa-8c06-c886bfa2883b' -i -X PUT \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJIN29xb25ZZTZpZ3hKdHc4SDl5MHNnIiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6ImZkODljNTY4LTRkZDktNGYzNi05YjM5LWY2NGQwYTc2YjI4MiIsImF1ZCI6ImlkZW50aXR5IiwiaWF0IjoxNTc2MDA1NDEyLCJleHAiOjE1NzYwMDkwMTIsInBvbGljaWVzIjpbeyJyZXNvdXJjZXMiOlsibmZybjoqIl0sImFjdGlvbnMiOlsiKjoqIl19XX0.DWYKpKh-_q2jqbDh4SvQEPYjDihcv3CtjEC4k7QMAAOOooiz98q0MSmXvznUbbljwQQnOlF-nZBaNgbnG1Rg29PXWlfRGQBDb5Csl-em-VGDBDH23xMdn6MZ2Mfg5eyeaBGsIXW7nUHlUTdOzfSc6BwcIafpTTmKLkDxsDXg9f-YXXUlAHEtwC83WGRVDgw1Mucp6czN1GZiX0GiusAsafBEjRMEkGfYRUPI_wlAw9Jt0_aJnrCgynJjvO9j0FBg3B7GKeLUehfrnkRqui6GM9ctsoTttxwvkBQtP9IdMKCPyenwtRFtPbMvjC4Zr2KAOywmr9TW8EmubVmKxpuOaA' \
    -H 'Content-Type: application/json' \
    -d '{"name":"Robot","contactEmail":"robot@acme.com","description":"description here."}'

Example response

HTTP/1.1 200 OK
Content-Length: 522
Content-Type: application/json;charset=UTF-8

{
  "id" : "0f95c570-9be3-40aa-8c06-c886bfa2883b",
  "tenantId" : "0de4af2c-8b83-4e22-a06c-1111fffc02f3",
  "auth0ClientId" : "effa677a-8589-42fe-999e-e01262acb280",
  "name" : "Robot",
  "contactEmail" : "robot@acme.com",
  "description" : "description here.",
  "active" : true,
  "createdAt" : {
    "nano" : 289000000,
    "epochSecond" : 1576005412
  },
  "updatedAt" : {
    "nano" : 747000000,
    "epochSecond" : 1576005412
  },
  "deletedAt" : null,
  "email" : "robot@acme.com",
  "type" : "ApiAccountIdentity"
}

Activate Or Deactivate Api Account Identity

PUT /api-account-identities/{id}/{action:activate|deactivate}

Authorization

Valid Authorization Bearer token required, along with a permission grant authorizing access to any referenced resources.

Path parameters

Parameter Type Optional Description

id

Object

false

action

String

false

Query parameters

No parameters.

Request fields

No request body.

Response fields

Path Type Optional Description

id

String

false

tenantId

String

false

auth0ClientId

String

false

Size must be between 16 and 128 inclusive.

name

String

false

Size must be between 0 and 256 inclusive.

contactEmail

String

false

Must be a well-formed email address.
Size must be between 6 and 254 inclusive.

description

String

false

Size must be between 0 and 2048 inclusive.

active

Boolean

true

createdAt

Var

false

updatedAt

Var

false

deletedAt

Var

true

Returns the date that the identity was deleted or null if the identity has not been deleted. Note, identities are marked as deleted and not returned from searches unless explicitly requested.

email

String

true

type

String

true

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/api-account-identities/550d4e2c-490a-4faa-949c-2eb847c9047e/deactivate' -i -X PUT \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJhRzFKeHc2YnM2My04WGZobkNpWU13IiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6ImZkODljNTY4LTRkZDktNGYzNi05YjM5LWY2NGQwYTc2YjI4MiIsImF1ZCI6ImlkZW50aXR5IiwiaWF0IjoxNTc2MDA1NDE2LCJleHAiOjE1NzYwMDkwMTYsInBvbGljaWVzIjpbeyJyZXNvdXJjZXMiOlsibmZybjoqIl0sImFjdGlvbnMiOlsiKjoqIl19XX0.jyvw_wduHfGj-hzG4rBTSLg26ZGCkNJvAWCnrsgGO-TneGPLUIT5ehevxe1Oo39nfHRoiLlF43S3JKU5zNzd3V_jZPYc7Oz8CRhiLKk93-neskwIgN1RFwwxaBQerLmtp1NLKUnzZR2_I1iTeoiu6bHQ-ESXoBYU75q088TEORVkjvym4zByk8Efp2sWPp_a2l52deUhyW--Apb3fXsb6qkSvrSeYQ8bpZHWEqjLX5O1wMhwoQticpPven94moUynKsOLmb9_2H1QLwRk8eluN_K0NK6B6joC2hANli8lirfUhhARgnNQqv2ECBaN21hFrUdfsQq2mCFWmVrvbP3sA'

Example response

HTTP/1.1 200 OK
Content-Length: 583
Content-Type: application/json;charset=UTF-8

{
  "id" : "550d4e2c-490a-4faa-949c-2eb847c9047e",
  "tenantId" : "0de4af2c-8b83-4e22-a06c-1111fffc02f3",
  "auth0ClientId" : "5db2b976-df4e-4092-a556-48ecd5446a70",
  "name" : "ACME Internal Service-49",
  "contactEmail" : "service.admin-50@acme.com",
  "description" : "updatable API Account description-51",
  "active" : false,
  "createdAt" : {
    "nano" : 650000000,
    "epochSecond" : 1576005416
  },
  "updatedAt" : {
    "nano" : 825000000,
    "epochSecond" : 1576005416
  },
  "deletedAt" : null,
  "email" : "service.admin-50@acme.com",
  "type" : "ApiAccountIdentity"
}

Invitation

Find Invitations

GET /invitations

Returns a set of Invitation instances based on the optional query parameters. The results will be constrained to the invitations that the client has authorization to view. Results may be further constrained by the setting any combination of query parameter values, which will logically AND’d together to form a filter for matching invitations. The states query parameter, unlike others, supports multiple values. For example, to retrieve a list of active invitations, specify states=Open,Declined,Expired.

Authorization

Valid Authorization Bearer token required, along with a permission grant authorizing access to any referenced resources.

Path parameters

No parameters.

Query parameters

Supports standard paging query parameters.

Parameter Type Optional Description

fromIdentityId

Object

true

The id of the identity that created the target invitation(s).

toTenantId

Object

true

The id of the tenant that the resulting invitations are inviting into.

invitedEmailAddress

String

true

A full (no partial match support) email address to match against.

targetIdentityId

Object

true

The id of the identity that the invitation will/has assumed.

states

Object

true

One or more {@link State} names to restrict the invitations returned.

Request fields

No request body.

Response fields

Standard paging response where content field is list of following objects:

Path Type Optional Description

id

String

false

fromIdentityId

String

false

toTenantId

String

false

invitedEmailAddress

String

false

Must be a well-formed email address.
Size must be between 6 and 254 inclusive.

expiration

Var

false

targetUserIdentityId

String

true

Optional. The identity id that the invited party will be mapped to should they accept the invite.

accepted

Boolean

true

revokedAt

Var

true

The date-time that this invitation was revoked. If null, then this invitation has not been revoked. An open invitation (accepted == null) can be revoked, which will prevent the invitation from being accepted or declined by a user. The accepted state remains null to reflect that it was never accepted or declined. A declined or expired invitation can be revoked after the fact. An accepted invitation can not be revoked retroactively. Finally, revoking an invitation is a terminal operation. Once revoked, no other action can be taken.

responseReceivedAt

Var

true

The date-time that this invitation was marked as accepted or declined. If null, then there has been no response (accept or decline) of this invitation. This is effectively the update timestamp of the accepted property of an invitation.

state

String

true

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/invitations' -i -X GET \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiIzZjVISkhuU2g0eHhvSWlUQUVGV213IiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6ImZkODljNTY4LTRkZDktNGYzNi05YjM5LWY2NGQwYTc2YjI4MiIsImF1ZCI6ImlkZW50aXR5IiwiaWF0IjoxNTc2MDA1NDExLCJleHAiOjE1NzYwMDkwMTEsInBvbGljaWVzIjpbeyJyZXNvdXJjZXMiOlsibmZybjoqIl0sImFjdGlvbnMiOlsiKjoqIl19XX0.hkm6SWs8cZ_LNxmXBugdVuWSIsC5iKTFgCQLbdspLLdW_U8QDY4VjfaZkh0NSMq9JN8A3w8XVC3ONA21GB5wYPA8CLgzs9IV9immstDDhi1kjQfZjaSirMKaDkLVIvYu3_gn6axUvBTV0Ojo4uPSq7kiZUgygnE9fNeTQEL_XfGBekS5AIXKeKSMcJMh3kYEOo9c7tyf6qqPqvqWtFmrjdSzSn2KA3yVPdk9miGDg-0XqJMfPSzSBgfdnAkr0LHIw8yapXhn6_2gxh75SURUzZes3c46PmhbYWJTphyI59MgpjvI9HPDN9sxK59zmDc5xpIpj5i1XdNG06MuNICsHQ'

Example response

HTTP/1.1 200 OK
Content-Type: application/json;charset=UTF-8
Content-Length: 464

[ {
  "id" : "55b6ec1b-3d4c-4d09-a937-a739e6ebf87f",
  "fromIdentityId" : "fd89c568-4dd9-4f36-9b39-f64d0a76b282",
  "toTenantId" : "0de4af2c-8b83-4e22-a06c-1111fffc02f3",
  "invitedEmailAddress" : "new.employee@acme.com",
  "expiration" : {
    "nano" : 505000000,
    "epochSecond" : 1576610210
  },
  "targetUserIdentityId" : "2cf48766-385e-4fdf-ab4c-a122bb8c6e81",
  "accepted" : null,
  "revokedAt" : null,
  "responseReceivedAt" : null,
  "state" : "Open"
} ]

Get Invitation By Id

GET /invitations/{id:[a-fA-F0-9]{8}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{12}}

Authorization

Valid Authorization Bearer token required, along with a permission grant authorizing access to any referenced resources.

Path parameters

Parameter Type Optional Description

id

Object

false

Query parameters

No parameters.

Request fields

No request body.

Response fields

Path Type Optional Description

id

String

false

fromIdentityId

String

false

toTenantId

String

false

invitedEmailAddress

String

false

Must be a well-formed email address.
Size must be between 6 and 254 inclusive.

expiration

Var

false

targetUserIdentityId

String

true

Optional. The identity id that the invited party will be mapped to should they accept the invite.

accepted

Boolean

true

revokedAt

Var

true

The date-time that this invitation was revoked. If null, then this invitation has not been revoked. An open invitation (accepted == null) can be revoked, which will prevent the invitation from being accepted or declined by a user. The accepted state remains null to reflect that it was never accepted or declined. A declined or expired invitation can be revoked after the fact. An accepted invitation can not be revoked retroactively. Finally, revoking an invitation is a terminal operation. Once revoked, no other action can be taken.

responseReceivedAt

Var

true

The date-time that this invitation was marked as accepted or declined. If null, then there has been no response (accept or decline) of this invitation. This is effectively the update timestamp of the accepted property of an invitation.

state

String

true

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/invitations/3a61fccb-b71a-4d79-8535-c49db84d98a1' -i -X GET \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiIycUJZZE9RdUFFQ2lGOFJseURqeUFBIiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6ImZkODljNTY4LTRkZDktNGYzNi05YjM5LWY2NGQwYTc2YjI4MiIsImF1ZCI6ImlkZW50aXR5IiwiaWF0IjoxNTc2MDA1NDExLCJleHAiOjE1NzYwMDkwMTEsInBvbGljaWVzIjpbeyJyZXNvdXJjZXMiOlsibmZybjoqIl0sImFjdGlvbnMiOlsiKjoqIl19XX0.Wnwy-8lOsthVPeghnD0JD8EmC862M46SxrIUPN9unJkeMr9IjkflWoXtCzMVfEssyCZEp-qitcCrN3Khh3sq7Rk2LYvwQ9nYUn9c6dYOxp4ZRqIt6-Ddojs6ek2xmBQYppKrZDkbPgfMZhD71BgDpXUnu1dAKFobx_tfThkdeQwum7kBU690lOeBf04bbOxhiqVLHDvAl9Z12mnSSNimW2WbgO1QS2tPAuRVkExMShVf6QuoArqhHZQZA-kxwvomBSDS0uLn_caDXLinZ7wcDoNJKH4KusXbaNgWOD8g734eUWgT3Ol6dJANPSLg9ueEg1_LxcuKJ5UAEcC-3exrQA'

Example response

HTTP/1.1 200 OK
Content-Type: application/json;charset=UTF-8
Content-Length: 463

{
  "id" : "3a61fccb-b71a-4d79-8535-c49db84d98a1",
  "fromIdentityId" : "3858f07c-40e4-4f1b-af6a-25ba07762ff3",
  "toTenantId" : "0de4af2c-8b83-4e22-a06c-1111fffc02f3",
  "invitedEmailAddress" : "new.employee-32@acme.com",
  "expiration" : {
    "nano" : 735000000,
    "epochSecond" : 1576610211
  },
  "targetUserIdentityId" : "dfcfd387-5fea-46ba-a04b-6ce5d1ab1230",
  "accepted" : null,
  "revokedAt" : null,
  "responseReceivedAt" : null,
  "state" : "Open"
}

Create Invitation

POST /invitations

Authorization

Valid Authorization Bearer token required, along with a permission grant authorizing access to any referenced resources.

Path parameters

No parameters.

Query parameters

No parameters.

Request fields

Path Type Optional Description

toTenantId

String

false

invitedEmailAddress

String

false

Must be a well-formed email address.
Size must be between 6 and 254 inclusive.

invitationUrl

String

false

targetUserIdentityId

String

true

Response fields

Path Type Optional Description

id

String

false

fromIdentityId

String

false

toTenantId

String

false

invitedEmailAddress

String

false

Must be a well-formed email address.
Size must be between 6 and 254 inclusive.

expiration

Var

false

targetUserIdentityId

String

true

Optional. The identity id that the invited party will be mapped to should they accept the invite.

accepted

Boolean

true

revokedAt

Var

true

The date-time that this invitation was revoked. If null, then this invitation has not been revoked. An open invitation (accepted == null) can be revoked, which will prevent the invitation from being accepted or declined by a user. The accepted state remains null to reflect that it was never accepted or declined. A declined or expired invitation can be revoked after the fact. An accepted invitation can not be revoked retroactively. Finally, revoking an invitation is a terminal operation. Once revoked, no other action can be taken.

responseReceivedAt

Var

true

The date-time that this invitation was marked as accepted or declined. If null, then there has been no response (accept or decline) of this invitation. This is effectively the update timestamp of the accepted property of an invitation.

state

String

true

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/invitations' -i -X POST \
    -H 'Content-Type: application/json' \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJJc1ptU0tBUmJwZlVqdkF4Sm85SzFnIiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6ImZkODljNTY4LTRkZDktNGYzNi05YjM5LWY2NGQwYTc2YjI4MiIsImF1ZCI6ImlkZW50aXR5IiwiaWF0IjoxNTc2MDA1NDEwLCJleHAiOjE1NzYwMDkwMTAsInBvbGljaWVzIjpbeyJyZXNvdXJjZXMiOlsibmZybjoqIl0sImFjdGlvbnMiOlsiKjoqIl19XX0.f0Fvnav-dyOxzDBQQKFZckwrqs-WIqlLbNpzI1o8YIOfRyWFvlwWAq1jb5nCjVmKm4vgnQhyQhKiwD2rKkktJHou4i0N7155Ne9LtAa-POSKQ69FK3OzCZJ0it_htVJcxNqJ06e4tUt6BqygHCzyldwm22G4ssYsgd4LGWB8GdwGyd4l_OLuDUUNJW3NABuronSKXfCWqWwB8Y_5sabkPdp0fsC_kp_oeRt1CkvNNDLGFsV1amOQKjnerF_G7C_g1GGqPBz8tJLz2rPYDKXY7qafZe5S6vy5N2s3dn0b5Pz5laamnt425x-HUrl2uiEoIyGS99-1Od4q2wQb8UjpSw' \
    -d '{"toTenantId":"0de4af2c-8b83-4e22-a06c-1111fffc02f3","invitedEmailAddress":"new.employee@acme.com","invitationUrl":"http://acme.console.netfoundry.io/invitation","targetUserIdentityId":"2cf48766-385e-4fdf-ab4c-a122bb8c6e81"}'

Example response

HTTP/1.1 201 Created
Content-Length: 460
Content-Type: application/json;charset=UTF-8

{
  "id" : "55b6ec1b-3d4c-4d09-a937-a739e6ebf87f",
  "fromIdentityId" : "fd89c568-4dd9-4f36-9b39-f64d0a76b282",
  "toTenantId" : "0de4af2c-8b83-4e22-a06c-1111fffc02f3",
  "invitedEmailAddress" : "new.employee@acme.com",
  "expiration" : {
    "nano" : 505000000,
    "epochSecond" : 1576610210
  },
  "targetUserIdentityId" : "2cf48766-385e-4fdf-ab4c-a122bb8c6e81",
  "accepted" : null,
  "revokedAt" : null,
  "responseReceivedAt" : null,
  "state" : "Open"
}

Respond To Invitation

PUT /invitations/{id:[a-fA-F0-9]{8}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{12}}/{action:accept|decline}

This is not the typical way to accept or decline an invitation. See {@link InvitationFlowController}. This service is a straight update of the Invitation. It does not map the calling user, nor any other related activity. It simply updates the state of the Invitation.

Authorization

Valid Authorization Bearer token required, along with a permission grant authorizing access to any referenced resources.

Path parameters

Parameter Type Optional Description

id

Object

false

action

String

false

Query parameters

No parameters.

Request fields

No request body.

Response fields

Path Type Optional Description

id

String

false

fromIdentityId

String

false

toTenantId

String

false

invitedEmailAddress

String

false

Must be a well-formed email address.
Size must be between 6 and 254 inclusive.

expiration

Var

false

targetUserIdentityId

String

true

Optional. The identity id that the invited party will be mapped to should they accept the invite.

accepted

Boolean

true

revokedAt

Var

true

The date-time that this invitation was revoked. If null, then this invitation has not been revoked. An open invitation (accepted == null) can be revoked, which will prevent the invitation from being accepted or declined by a user. The accepted state remains null to reflect that it was never accepted or declined. A declined or expired invitation can be revoked after the fact. An accepted invitation can not be revoked retroactively. Finally, revoking an invitation is a terminal operation. Once revoked, no other action can be taken.

responseReceivedAt

Var

true

The date-time that this invitation was marked as accepted or declined. If null, then there has been no response (accept or decline) of this invitation. This is effectively the update timestamp of the accepted property of an invitation.

state

String

true

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/invitations/082df3b8-a682-4b2d-8c4d-91d2811cb276/decline' -i -X PUT \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJlbzJBZE9EMk00WGszd0dnNHdLZXBRIiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6ImZkODljNTY4LTRkZDktNGYzNi05YjM5LWY2NGQwYTc2YjI4MiIsImF1ZCI6ImlkZW50aXR5IiwiaWF0IjoxNTc2MDA1NDExLCJleHAiOjE1NzYwMDkwMTEsInBvbGljaWVzIjpbeyJyZXNvdXJjZXMiOlsibmZybjoqIl0sImFjdGlvbnMiOlsiKjoqIl19XX0.R57ZXL-Xw3UxRLV5_c3cwzGe_xBd85W-hNQlAdj7z2xOh1A8aajtWTMqtHHTTItiM-_6D86-pzaJk6GlHus7_sKl-98zjdEgvI0Jzug9tidJdFkjfS3wZb2PqMb21Lk8pQMqHrJV74_xRCN_d0VJTY7H-gfpPPBAxlU_AxZPMECF5txakG7SUyd4-NM9l1hbXC4is2viMPAtWfbi2QFwd378PVyLYGl-026O9vnYukPP86mJQJUXHRpfFVCeFzAgQIVOcrF4PLSNsdPymbWjqcUBxZEONdlt9oauDETu9vM2fWmpJC6a-Asvt0Cb0Ferr4QkZVPmCO8p8e2a4SmOlw'

Example response

HTTP/1.1 200 OK
Content-Length: 524
Content-Type: application/json;charset=UTF-8

{
  "id" : "082df3b8-a682-4b2d-8c4d-91d2811cb276",
  "fromIdentityId" : "3858f07c-40e4-4f1b-af6a-25ba07762ff3",
  "toTenantId" : "0de4af2c-8b83-4e22-a06c-1111fffc02f3",
  "invitedEmailAddress" : "new.employee-29@acme.com",
  "expiration" : {
    "nano" : 224000000,
    "epochSecond" : 1576610211
  },
  "targetUserIdentityId" : "4122e20d-885a-4c7d-9dde-1c551be3f497",
  "accepted" : false,
  "revokedAt" : null,
  "responseReceivedAt" : {
    "nano" : 638000000,
    "epochSecond" : 1576005411
  },
  "state" : "Declined"
}

Revoke Invitation

PUT /invitations/{id:[a-fA-F0-9]{8}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{12}}/revoke

This service will revoke the specified invitation if it is in a state that permits revoke.

Authorization

Valid Authorization Bearer token required, along with a permission grant authorizing access to any referenced resources.

Path parameters

Parameter Type Optional Description

id

Object

false

Query parameters

No parameters.

Request fields

No request body.

Response fields

Path Type Optional Description

id

String

false

fromIdentityId

String

false

toTenantId

String

false

invitedEmailAddress

String

false

Must be a well-formed email address.
Size must be between 6 and 254 inclusive.

expiration

Var

false

targetUserIdentityId

String

true

Optional. The identity id that the invited party will be mapped to should they accept the invite.

accepted

Boolean

true

revokedAt

Var

true

The date-time that this invitation was revoked. If null, then this invitation has not been revoked. An open invitation (accepted == null) can be revoked, which will prevent the invitation from being accepted or declined by a user. The accepted state remains null to reflect that it was never accepted or declined. A declined or expired invitation can be revoked after the fact. An accepted invitation can not be revoked retroactively. Finally, revoking an invitation is a terminal operation. Once revoked, no other action can be taken.

responseReceivedAt

Var

true

The date-time that this invitation was marked as accepted or declined. If null, then there has been no response (accept or decline) of this invitation. This is effectively the update timestamp of the accepted property of an invitation.

state

String

true

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/invitations/98639c2e-c3b4-49ab-b8f3-272a62803def/revoke' -i -X PUT \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJtMW5wbGUtT2VvUWlwX2NncHh4VFRRIiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6ImZkODljNTY4LTRkZDktNGYzNi05YjM5LWY2NGQwYTc2YjI4MiIsImF1ZCI6ImlkZW50aXR5IiwiaWF0IjoxNTc2MDA1NDEyLCJleHAiOjE1NzYwMDkwMTIsInBvbGljaWVzIjpbeyJyZXNvdXJjZXMiOlsibmZybjoqIl0sImFjdGlvbnMiOlsiKjoqIl19XX0.NvtO08P9KW3PeTDv87h59PdZEKEwbpQ2xa0AWskOiND-W9ZxOh3MqSzQm9CMaQ-bD8Sc8QKz1c103lCzOnlc8zGBf4rw-89MGLzU8p7EKd7rR6hQBPAExSoxA2NJU003-2pKtJI1DDIDmoyCjb7yfP49npl8Ke8zd9nubOnRK5idSL5X77q4wv2rlgVPEJEve5xOywze7wMkp8V-gArHZKMB3_Ql1lP1Fbs0ZAemdx9yt9gGK8_XSWJij2sNoVaC7JB9VG2URka3A0wiUfG9TZRNfxuFLiWXi-QFtM-SvSLjlk5wXoFHH6HshvHjX3Gex9XgcDRouCgl6ahit9uH_A'

Example response

HTTP/1.1 200 OK
Content-Length: 578
Content-Type: application/json;charset=UTF-8

{
  "id" : "98639c2e-c3b4-49ab-b8f3-272a62803def",
  "fromIdentityId" : "3858f07c-40e4-4f1b-af6a-25ba07762ff3",
  "toTenantId" : "0de4af2c-8b83-4e22-a06c-1111fffc02f3",
  "invitedEmailAddress" : "new.employee-35@acme.com",
  "expiration" : {
    "nano" : 988000000,
    "epochSecond" : 1576610211
  },
  "targetUserIdentityId" : "3b60bdfa-65f8-4668-b801-9bdd797fb7ec",
  "accepted" : null,
  "revokedAt" : {
    "nano" : 131000000,
    "epochSecond" : 1576005412
  },
  "responseReceivedAt" : {
    "nano" : 131000000,
    "epochSecond" : 1576005412
  },
  "state" : "Revoked"
}

Permission

Unresolved directive in index.adoc - include::/home/jenkins/workspace/identity_release_2.34.0/target/generated-snippets/permission/find-identity-permissions/auto-section.adoc[]

Unresolved directive in index.adoc - include::/home/jenkins/workspace/identity_release_2.34.0/target/generated-snippets/permission/get-identity-permission-by-id/auto-section.adoc[]

Unresolved directive in index.adoc - include::/home/jenkins/workspace/identity_release_2.34.0/target/generated-snippets/permission/create-identity-permission/auto-section.adoc[]

Unresolved directive in index.adoc - include::/home/jenkins/workspace/identity_release_2.34.0/target/generated-snippets/permission/delete-identity-permission/auto-section.adoc[]

Operation

Find Operations

GET /operations

Returns a set of Operations possibly filtered based on the request parameters.

Authorization

Valid Authorization Bearer token required, along with a permission grant authorizing access to any referenced resources.

Path parameters

No parameters.

Query parameters

No parameters.

Request fields

No request body.

Response fields

Path Type Optional Description

[].name

String

false

Size must be between 0 and 128 inclusive.

[].action

String

false

[].resourceServerName

String

false

Size must be between 0 and 128 inclusive.

[].anonymous

Boolean

true

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/operations' -i -X GET \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJlN2pzazB6eFhsWG5Vc0FpVUZtQll3IiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6ImZkODljNTY4LTRkZDktNGYzNi05YjM5LWY2NGQwYTc2YjI4MiIsImF1ZCI6ImlkZW50aXR5IiwiaWF0IjoxNTc2MDA1NDIzLCJleHAiOjE1NzYwMDkwMjMsInBvbGljaWVzIjpbeyJyZXNvdXJjZXMiOlsibmZybjoqIl0sImFjdGlvbnMiOlsiKjoqIl19XX0.Deh7xWphv-G3ELHeLT0CxT8iWahHoNfo_8JBSr5RSNxPJWSn7DrpR-lUVT4gKHkktarTE79InInJ4JA7dynx06vG5hJvSxtYcHBljiKQFEqD128KCH9Y2stjljiHp8cIqaPSO-xa6D6UTXZqI8ezEk5JTmVjpg1g_EP2G2tNAvwuL9exZmquDMoVG3RRS5wLo96AlToA6H6tm1LmLcXrc9DEr0pY9YLffO8er4pBDqR7giPr23pu40xm18KMTrT4mK9mrfjWM1jN_49URo-tmmVoFz9TPDNpJ2x-to8zN-UiC1-WMzEi1tWBiWCiRluiwcgyCQl_qVl8MvRSheNYdw'

Example response

HTTP/1.1 200 OK
Content-Length: 467
Content-Type: application/json;charset=UTF-8

[ {
  "name" : "Get Identity Operation",
  "action" : "operations:get-identity-operations",
  "resourceServerName" : "identity",
  "anonymous" : false
}, {
  "name" : "Create Network Group",
  "action" : "organizations:create-organizations",
  "resourceServerName" : "identity",
  "anonymous" : false
}, {
  "name" : "Create API Account Identity",
  "action" : "identities:create-api-account-identities",
  "resourceServerName" : "identity",
  "anonymous" : false
} ]

Unresolved directive in index.adoc - include::/home/jenkins/workspace/identity_release_2.34.0/target/generated-snippets/operation/get-operation/auto-section.adoc[]

Support

Create Support Request

POST /nfconsole/support/requests

Authorization

Authorization not required for this request.

Path parameters

No parameters.

Query parameters

No parameters.

Request fields

Path Type Optional Description

name

String

true

The name of the user. This is a required value if the request is submitted by a client that is not currently authenticated. In this unauthenticated case, this name is used in the support request ticket that is created. If the request comes from an authenticated client, then this property should be ignored (not sent), as the API will overwrite it with the name of the authenticated identity.

Size must be between 1 and 2147483647 inclusive.

email

String

true

The email of the user. This is a required value if the request is submitted by a client that is not currently authenticated. In this unauthenticated case, this email is used in the support request ticket that is created. If the request comes from an authenticated client, then this property should be ignored (not sent), as the API will overwrite it with the email of the authenticated identity.

Must be a well-formed email address.

selectedTenantId

String

true

The id of a tenant which the current user has selected as his working context at the time that this support request is being generated. This value may be null in most cases as it only applies to users with access to more than one tenant. This value is ignored if the support request comes from a user that is not logged in.

selectedNetworkId

String

true

The id of a network which the current user has selected as his working context at the time that this support request is being generated. This value may be null, particularly if the client is submitting the support request from a context that is not network specific. However, if the user is working in a context (ie, a 'page' that lists AppWans) that is network specific, then this value can help support agents when reviewing the support request. This value is ignored if the support request comes from a user that is not logged in.

subject

String

false

The support request subject. This value is required and can not be empty.

comment

String

false

The support request message. This value is required and can not be empty.

type

String

true

The type of the support request. If not specified, the type will default to "question".

Must be one of [problem, incident, question, task].

priority

String

true

The priority of the support request. If not specified, the type will default to "normal".

Must be one of [urgent, high, normal, low].

recentErrorMessages

Array[String]

true

An optional list of error messages received from the API by the client. These should be in order from most recent to oldest. These provide contextual information for the agent handling the support request. These are not required, but clients are encouraged to track and supply such error messages to aid in support. Note, an interactive user (ie human) should not provide this information; it should be tracked and added by the client agent on their behalf.

Response fields

No response body.

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/nfconsole/support/requests' -i -X POST \
    -H 'Content-Type: application/json' \
    -d '{"name":"Curious George","email":"george@curious-client.com","selectedTenantId":null,"selectedNetworkId":null,"subject":"Sales Contact Request","comment":"This looks great!  I'd like a sales rep to contact me.","type":"question","priority":"high","recentErrorMessages":null}'

Example response

HTTP/1.1 200 OK

Sign-up Flow

Check Email

GET /signup

This service allows a client to validate that the submitted email may be used during the sign-up process. Not all email addresses are supported, and clients are encouraged to use this service to check before getting an error from the sign-up service.

Authorization

Authorization not required for this request.

Path parameters

No parameters.

Query parameters

Parameter Type Optional Description

checkEmail

String

false

The email address to check.

Must be a well-formed email address.
Size must be between 6 and 254 inclusive.

provider

String

true

Request fields

No request body.

Response fields

Path Type Optional Description

checkEmail

String

false

The email address that whose status was checked.

Must be a well-formed email address.
Size must be between 6 and 254 inclusive.

status

String

false

The current status of the checked email address.

Must be one of [VALID, BLACKLISTED].

Example request, valid

$ curl 'https://gateway.netFoundry.io/identity/v1/signup?checkEmail=white.hat@trusted.com' -i -X GET

Example response, valid

HTTP/1.1 200 OK
Content-Length: 66
Content-Type: application/json;charset=UTF-8

{
  "checkEmail" : "white.hat@trusted.com",
  "status" : "VALID"
}

Example request, blacklisted

$ curl 'https://gateway.netFoundry.io/identity/v1/signup?checkEmail=black.hat@untrusted.com' -i -X GET

Example response, blacklisted

HTTP/1.1 200 OK
Content-Length: 74
Content-Type: application/json;charset=UTF-8

{
  "checkEmail" : "black.hat@untrusted.com",
  "status" : "BLACKLISTED"
}

Find Identity Provider Types

GET /identity-provider-types

This service provides a list of available IdentityProviderTypes. It does not require authentication, as any client that is preparing to create a new Tenant via the sign-up process must be able to list the set of IdentityProviderTypes to the user prior to creation of the Tenant.

Authorization

Authorization not required for this request.

Path parameters

No parameters.

Query parameters

No parameters.

Request fields

No request body.

Response fields

Path Type Optional Description

[].id

String

false

Unique id of this IdentityProviderType instance.

[].identityProviderTypeName

String

false

A simple label for display to a human user.

Size must be between 1 and 128 inclusive.

[].auth0ConnectionId

String

false

An opaque value used by Auth0 to identify their Identity Provider.

Size must be between 1 and 128 inclusive.

[].auth0ConnectionType

String

false

One of four types of connections that Auth0 supports.

Must be one of [Database, Social, Enterprise, Passwordless].

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/identity-provider-types' -i -X GET

Example response

HTTP/1.1 200 OK
Content-Length: 391
Content-Type: application/json;charset=UTF-8

[ {
  "id" : "91cff470-70d9-4e99-bfd8-3c7920d6a552",
  "identityProviderTypeName" : "Simple Username/Password",
  "auth0ConnectionId" : "Username-Password-Authentication",
  "auth0ConnectionType" : "Database"
}, {
  "id" : "474342c9-9d52-4da8-ba20-3ad04a9666b1",
  "identityProviderTypeName" : "Google Account",
  "auth0ConnectionId" : "google-oauth2",
  "auth0ConnectionType" : "Social"
} ]

Signup

POST /signup

This service can be used to create a new Tenant. The client specifies a basic set of Tenant information, such as a descriptive name and a site label, as well as other configuration details. The client must specify how the Tenant wishes to authenticate its users by passing one or more specifications for an IdentityProvider. A client may call the Find Identity Provider Types service to preview a list of available authentication mechanisms. Finally, the client must specify user information for the initial 'root' user of the Tenant. Upon successful completion of the service request, the API Server will send the user an email with instructions to complete the sign-up process. Note, the API Server does not permit sending invitations to all email addresses. A client may check to see if an email address is supported by calling the Check Email Address service prior to calling this sign-up service.

Authorization

Authorization not required for this request.

Path parameters

No parameters.

Query parameters

No parameters.

Request fields

Path Type Optional Description

tenantName

String

false

A human friendly name for the Tenant. This will become the Tenant’s name property.

Size must be between 1 and 128 inclusive.

tenantLabel

String

false

A domain name label, used to compose the Tenant’s custom site domain. The value can be 1 to 63 alpha-numeric or hyphen characters, but may not begin or end with a hyphen.

Must match the regular expression \p{Alnum}|\p{Alnum}[-\p{Alnum}]{0,61}\p{Alnum}.

identityProviders

Array[Object]

false

A non-empty set of identity providers that the Tenant should allow users to login through.

identityProviders[].name

String

false

A human friendly name for the IdentityProvider. This value is specific to the Tenant, even if the authentication mechanism is shared across many Tenants (social based authentication being a prime example.).

Size must be between 1 and 128 inclusive.

identityProviders[].identityProviderTypeId

String

false

The IdentityProviderType.id of the IdentityProviderType to create and use within the Tenant. See service to get a list of available IdentityProviderTypes.

signupUrl

String

false

A fully qualified http or https url where the sign-up email will link to, so that the sign-up user may complete the sign-up process.

billingInfo

Object

true

billingInfo.type

String

true

billingInfo.customerEmail

String

true

billingInfo.productId

String

true

billingInfo.customerId

String

false

The customer Id to use for billing aws market place customer. If the type is AWS and customer Id is provided, then the Billing organization will be setup as enterprise.

billingInfo.stripeCardToken

String

false

The token from Stripe for the card to use for billing. If the type is stripe and stripeCardToken is provided, then the Billing organization will be setup as self-service.

adminUsers

Array[Object]

false

An ordered list of initial user accounts to create within this organization. All will be granted administrative access. The first will be the primary billing contact.

adminUsers[].firstName

String

false

The given name to assign to the initial user Identity.

Size must be between 0 and 128 inclusive.

adminUsers[].lastName

String

false

The family name to assign to the initial user Identity.

Size must be between 1 and 128 inclusive.

adminUsers[].email

String

false

The email address to assign to the initial user Identity. This is also the email address when the sign-up invitation will be sent.

Must be a well-formed email address.
Size must be between 6 and 254 inclusive.

Response fields

Path Type Optional Description

success

Boolean

true

error

String

true

Must be one of [TenantLabelTaken, InvalidIdentityProviderType, EmailBlocked, BillingError, UnknownServerError].

errorDetail

String

true

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/signup' -i -X POST \
    -H 'Content-Type: application/json' \
    -d '{"tenantName":"Global Gadgets, Inc.-85","tenantLabel":"Global-Gadgets-86","identityProviders":[{"name":"GG Auth2-84","identityProviderTypeId":"474342c9-9d52-4da8-ba20-3ad04a9666b1"},{"name":"GG Auth1-83","identityProviderTypeId":"91cff470-70d9-4e99-bfd8-3c7920d6a552"}],"signupUrl":"https://nfadmin.console.netfoundry.io/signup","billingInfo":{"type":"Trial","customerEmail":"user@email.com","productId":"plan01","type":"Trial"},"adminUsers":[{"firstName":"Sally","lastName":"Cook","email":"sally.cook@globalGadgets.com"}]}'

Example response

HTTP/1.1 200 OK
Content-Length: 64
Content-Type: application/json;charset=UTF-8

{
  "success" : true,
  "error" : null,
  "errorDetail" : null
}

Invitation Flow

Get Invitation By Key

GET /invitations/key/{key:[\p{Alnum}]{36}}

Authorization

Authorization not required for this request.

Path parameters

Parameter Type Optional Description

key

String

false

Query parameters

No parameters.

Request fields

No request body.

Response fields

Path Type Optional Description

fromIdentity

Object

false

fromIdentity.name

String

true

fromIdentity.email

String

false

Size must be between 6 and 254 inclusive.

targetIdentity

Object

true

targetIdentity.name

String

true

targetIdentity.email

String

false

Size must be between 6 and 254 inclusive.

invitedEmailAddress

String

false

Must be a well-formed email address.

toTenantName

String

false

toTenantLabel

String

false

expiration

Var

false

accepted

Boolean

true

state

String

false

Must be one of [Open, Accepted, Declined, Expired, Revoked].

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/invitations/key/xwTNh7SZXDchlAlJoJEUZY16qAyL8rhDEqef' -i -X GET

Example response

HTTP/1.1 200 OK
Content-Length: 428
Content-Type: application/json;charset=UTF-8

{
  "fromIdentity" : {
    "name" : "John Doe",
    "email" : "john.doe@acme.com"
  },
  "targetIdentity" : {
    "name" : "First Last",
    "email" : "random-80@acme.com"
  },
  "invitedEmailAddress" : "new.employee-82@acme.com",
  "toTenantName" : "ACME International, Inc.",
  "toTenantLabel" : "ACME-0",
  "expiration" : {
    "nano" : 799000000,
    "epochSecond" : 1576610221
  },
  "accepted" : null,
  "state" : "Open"
}

Decline Invitation

PUT /invitations/key/{key:[\p{Alnum}]{36}}/decline

Authorization

Authorization not required for this request.

Path parameters

Parameter Type Optional Description

key

String

false

Query parameters

No parameters.

Request fields

No request body.

Response fields

Path Type Optional Description

fromIdentity

Object

false

fromIdentity.name

String

true

fromIdentity.email

String

false

Size must be between 6 and 254 inclusive.

targetIdentity

Object

true

targetIdentity.name

String

true

targetIdentity.email

String

false

Size must be between 6 and 254 inclusive.

invitedEmailAddress

String

false

Must be a well-formed email address.

toTenantName

String

false

toTenantLabel

String

false

expiration

Var

false

accepted

Boolean

true

state

String

false

Must be one of [Open, Accepted, Declined, Expired, Revoked].

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/invitations/key/WTrCw8IUAKTvwMYvmuFvXt8mdki8JFtjw6g7/decline' -i -X PUT

Example response

HTTP/1.1 200 OK
Content-Type: application/json;charset=UTF-8
Content-Length: 433

{
  "fromIdentity" : {
    "name" : "John Doe",
    "email" : "john.doe@acme.com"
  },
  "targetIdentity" : {
    "name" : "First Last",
    "email" : "random-77@acme.com"
  },
  "invitedEmailAddress" : "new.employee-79@acme.com",
  "toTenantName" : "ACME International, Inc.",
  "toTenantLabel" : "ACME-0",
  "expiration" : {
    "nano" : 735000000,
    "epochSecond" : 1576610221
  },
  "accepted" : false,
  "state" : "Declined"
}

Initiate Accept Invitation

POST /invitations/key/{key:[\p{Alnum}]{36}}/accept-initiate

Authorization

Authorization not required for this request.

Path parameters

Parameter Type Optional Description

key

String

false

Query parameters

No parameters.

Request fields

Path Type Optional Description

intermediateReturnUrl

String

false

Response fields

Path Type Optional Description

nfToken

String

false

auth0ConnectionIds

Array[String]

false

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/invitations/key/m8UqS6etcBvxSY56cSlJSrDCq4SmhV7PKdfv/accept-initiate' -i -X POST \
    -H 'Content-Type: application/json' \
    -d '{"intermediateReturnUrl":"http://console.nfadmin.netfoundry.io/invitation"}'

Example response

HTTP/1.1 200 OK
Content-Type: application/json;charset=UTF-8
Content-Length: 981

{
  "nfToken" : "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJhdXRoMENvbm5lY3Rpb25JZHMiOlsiYXV0aDAtb3BhcXVlLWNvbm5lY3Rpb25JZC0xIiwiYXV0aDAtb3BhcXVlLWNvbm5lY3Rpb25JZC0yIl0sImF1ZCI6Imh0dHBzOi8vbmV0Zm91bmRyeS1zYW5kYm94LmF1dGgwLmNvbS8iLCJyZWRpcmVjdFVybCI6Imh0dHA6Ly9jb25zb2xlLm5mYWRtaW4ubmV0Zm91bmRyeS5pby9pbnZpdGF0aW9uIiwiaXNzIjoiaHR0cDovL2xvY2FsaG9zdDo4MDgwL2lkZW50aXR5L3YxIiwidGVuYW50TGFiZWwiOiJBQ01FLTAiLCJpbnZpdGF0aW9uSWQiOiI2ZTViZjViMy0wOTkzLTRiNjYtYWYzNC1lNTA1OGIzYzVjMWMiLCJleHAiOjE1NzYwMDYzMjEsImlhdCI6MTU3NjAwNTQyMSwiZmxvdyI6Imludml0YXRpb24ifQ.jZoLWDfEdk_P5RXaYuRHv5Nx30vdXzPMIh6K3Ap8VGq1R-JSPH3OWvQhESWQNjgnliAQAwpzotxh6LE662JneGzDhiCYpyfEHR9sYngWaLMQrOt9wD9SF0nzuF4qqltVUEV_Z958tPOaqfr5tk9M3GzqzbQ060hMLBZjAwmakwAEKchNb_CQz4r6w1KZ7VDaqLjqAvhI1Q_--KiOJu8Pa25ceUwIRcsptV_dxhN56MoFYsm90B5dpx0IsjCxxnuy8oDWcO2T0llbgOnfiAWourMSxZOVnnMM-1B00Utr2bWjaV3N9PeTmBIaSoy0TlI1hWXLigLlJiHfw98E2QABdg",
  "auth0ConnectionIds" : [ "auth0-opaque-connectionId-1", "auth0-opaque-connectionId-2" ]
}

Login Flow

Initiate Interactive Authorization

POST /tenants/authorize-initiate

Authorization

Authorization not required for this request.

Path parameters

No parameters.

Query parameters

No parameters.

Request fields

Path Type Optional Description

tenantLabel

String

false

Must match the regular expression \p{Alnum}|\p{Alnum}[-\p{Alnum}]{0,61}\p{Alnum}.

intermediateReturnUrl

String

false

Response fields

Path Type Optional Description

nfToken

String

false

auth0ConnectionIds

Array[String]

false

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/tenants/authorize-initiate' -i -X POST \
    -H 'Content-Type: application/json' \
    -d '{"tenantLabel":"ACME-0","intermediateReturnUrl":"http://console.nfadmin.netfoundry.io/invitation"}'

Example response

HTTP/1.1 200 OK
Content-Length: 902
Content-Type: application/json;charset=UTF-8

{
  "nfToken" : "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJhdXRoMENvbm5lY3Rpb25JZHMiOlsiYXV0aDAtb3BhcXVlLWNvbm5lY3Rpb25JZC0xIiwiYXV0aDAtb3BhcXVlLWNvbm5lY3Rpb25JZC0yIl0sImF1ZCI6Imh0dHBzOi8vbmV0Zm91bmRyeS1zYW5kYm94LmF1dGgwLmNvbS8iLCJyZWRpcmVjdFVybCI6Imh0dHA6Ly9jb25zb2xlLm5mYWRtaW4ubmV0Zm91bmRyeS5pby9pbnZpdGF0aW9uIiwiaXNzIjoiaHR0cDovL2xvY2FsaG9zdDo4MDgwL2lkZW50aXR5L3YxIiwidGVuYW50TGFiZWwiOiJBQ01FLTAiLCJleHAiOjE1NzYwMDYzMjMsImlhdCI6MTU3NjAwNTQyMywiZmxvdyI6ImxvZ2luIn0.Wnz9i093cp9vy6EkZZR5N0Javr45W1hJ989HFy85dD5i90NY6qxRj3v4UqbM8Lvenrd7_z495OWzdAxTCDXYKuNdBqeXmxHeNbk48Mktlx_Gc583Zt9Ymae8kx8_YjPXbmFnSeXlRw2GMkqMdfMmIGA8gNN3eGEcDtMSgpU7LG9Ea84S9N5hB4HML3TsGaLjjrVV4KsQw4YXbR8X3GEwflguTPKhpgIl8WXQ1s5UEvy6mNOxGlUYPHNr1Xj29rgdIaprri9RMwpiTy6AEZfTYiuVw31w8G6tNChsAHk8EVOH1noxFh8vp0yY7ekkqunADpkRbK-u5obEA6mt6w3DTw",
  "auth0ConnectionIds" : [ "auth0-opaque-connectionId-1", "auth0-opaque-connectionId-2" ]
}