Introduction
This is the NetFoundry identity service
Overview
HTTP verbs
NetFoundry adheres closely to standard HTTP and REST conventions in its use of HTTP verbs.
| Verb | Usage |
|---|---|
|
Used to retrieve a resource |
|
Used to create a new resource |
|
Used to update an existing resource, full updates only |
|
Used to delete an existing resource |
The PATCH method is not used (yet).
|
HTTP status codes
NetFoundry adheres closely to standard HTTP and REST conventions in its use of HTTP status codes.
| Status code | Usage |
|---|---|
|
The actual response will depend on the request method used. In a GET request, the response will contain an entity corresponding to the requested resource. In a POST request, the response will contain an entity describing or containing the result of the action. |
|
The request has been fulfilled and resulted in a new resource being created. |
|
The request has been accepted and is being processed asynchronously Standard response for successful HTTP requests which invoke back-end services. |
|
The server successfully processed the request, but is not returning any content. |
|
The server cannot or will not process the request due to something that is perceived to be a client error (e.g., malformed request syntax, invalid request message framing, or deceptive request routing). |
|
The request lacks valid authentication credentials for the target resource. |
|
The request is authenticated with valid credentials however that set of credentials is not authorized to access this resource. |
|
The requested resource could not be found but may be available again in the future. Subsequent requests by the client are permissible. |
Resources
Tenant
Find Tenants
GET /tenants
Authorization
Valid Authorization Bearer token required, along with a permission grant authorizing access to any referenced resources.
Path parameters
No parameters.
Query parameters
Supports standard paging query parameters.
| Parameter | Type | Optional | Description |
|---|---|---|---|
name |
String |
true |
|
active |
Boolean |
true |
|
mfaProviders |
Object |
true |
|
includeDeleted |
Boolean |
true |
Default value: 'false'. |
Request fields
No request body.
Response fields
Standard paging response where content field is list of following objects:
| Path | Type | Optional | Description |
|---|---|---|---|
id |
String |
false |
|
name |
String |
false |
Used for display purposes. Not unique or private. Size must be between 1 and 128 inclusive. |
label |
String |
false |
A short value, containing only letters, numbers and dashes, which could be used as a label in a vanity domain. This label uniquely identifies the Tenant, and is the key by which tenant users indicate the tenant within which they intend to authenticate. Note: A deleted tenant looses its label. Such tenants will have a label value that combines the tenant id with the prior label value. This maintains the constraint that all tenant labels are unique, and frees the prior tenant label value for reclamation. Obviously a deleted tenant’s label will no longer meet the validation constraints of a live tenant label. Must match the regular expression |
identityProviders |
Array[Object] |
false |
|
identityProviders[].id |
String |
false |
|
identityProviders[].tenantId |
String |
false |
The id of the {@link Tenant} that this provider will authenticate users into. |
identityProviders[].auth0ConnectionId |
String |
false |
The auth0 generated id of the auth0 connection that this IdP represents. Size must be between 1 and 128 inclusive. |
identityProviders[].name |
String |
false |
Used for display purposes. Not unique or private. Size must be between 1 and 128 inclusive. |
identityProviders[].auth0ConnectionType |
String |
false |
Must be one of [Database, Social, Enterprise, Passwordless]. |
active |
Boolean |
true |
|
mfaProvider |
String |
true |
Specifies an Auth0 compliant MFA provider. When set, it will trigger MFA on authentication via Auth0. If null, then the tenant does not require MFA. Must be one of [None, GoogleAuthenticator]. |
createdAt |
Var |
false |
|
updatedAt |
Var |
false |
|
deletedAt |
Var |
true |
|
deleted |
Boolean |
true |
Example request
$ curl 'https://gateway.netFoundry.io/identity/v1/tenants' -i -X GET \
-H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJaTjZzLXZSWTNWVVN0SlJDQ0VHa0RRIiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6ImZkODljNTY4LTRkZDktNGYzNi05YjM5LWY2NGQwYTc2YjI4MiIsImF1ZCI6ImlkZW50aXR5IiwiaWF0IjoxNTc2MDA1NDA5LCJleHAiOjE1NzYwMDkwMDksInBvbGljaWVzIjpbeyJyZXNvdXJjZXMiOlsibmZybjoqIl0sImFjdGlvbnMiOlsiKjoqIl19XX0.lSndNZpwUAP-7NqWg295TRygGjqTVyXxPkS9zIUKBAPjAmSD7olKEFHupy3if82ee9fga6Yk1TolC-0oKZFHdvp7MXsnVf1vnoIB8RTtfLoQXMIXLjoaRlfsDflgGpLN2lKBbeW6rDknCc1elhsZfR3TTy-bCwrooUNSZr6AZMIt1wuU2il1tS6p1FllxvGbXpRRDFXTepcUtN-tlLYE1q7A9fyGq-IC611MabEncAYg_zCR-hZLrzqPzVWPo7BZ674cbAU7J3lDej9MFRORh44Q6ihkzE6ACjVfrd0C5ZdNAWj9VSr3gjIsxbPPRYQfF1Nghk5BBKbvmaGLUOQn4w'Example response
HTTP/1.1 200 OK
Content-Length: 1818
Content-Type: application/json;charset=UTF-8
[ {
"id" : "c011b83c-a593-4d52-bb4e-3c130e346e38",
"name" : "MOP Services Identity Group",
"label" : "MOP-Services",
"identityProviders" : [ ],
"active" : true,
"mfaProvider" : "None",
"createdAt" : {
"nano" : 647000000,
"epochSecond" : 1576005395
},
"updatedAt" : null,
"deletedAt" : null,
"deleted" : false
}, {
"id" : "0de4af2c-8b83-4e22-a06c-1111fffc02f3",
"name" : "ACME International, Inc.",
"label" : "ACME-0",
"identityProviders" : [ {
"id" : "07ba1b5d-f552-441e-98c4-fead9227b8c0",
"tenantId" : "0de4af2c-8b83-4e22-a06c-1111fffc02f3",
"auth0ConnectionId" : "auth0-opaque-connectionId-1",
"name" : "ACME Federated Active Directory",
"auth0ConnectionType" : "Enterprise"
}, {
"id" : "a94297bd-67b6-4b5b-af2a-d42657217131",
"tenantId" : "0de4af2c-8b83-4e22-a06c-1111fffc02f3",
"auth0ConnectionId" : "auth0-opaque-connectionId-2",
"name" : "Google-Account",
"auth0ConnectionType" : "Social"
} ],
"active" : true,
"mfaProvider" : null,
"createdAt" : {
"nano" : 161000000,
"epochSecond" : 1576005398
},
"updatedAt" : null,
"deletedAt" : null,
"deleted" : false
}, {
"id" : "e622d98d-f771-41b3-9566-d47d0e9542e9",
"name" : "Newer Faster Name",
"label" : "WW-Imports-17",
"identityProviders" : [ {
"id" : "7f02e2cb-75c6-4ab2-a71c-34f5ed2463c8",
"tenantId" : "e622d98d-f771-41b3-9566-d47d0e9542e9",
"auth0ConnectionId" : "auth0-opaque-connectionId-18",
"name" : "Username/Password",
"auth0ConnectionType" : "Database"
} ],
"active" : true,
"mfaProvider" : "GoogleAuthenticator",
"createdAt" : {
"nano" : 501000000,
"epochSecond" : 1576005408
},
"updatedAt" : {
"nano" : 968000000,
"epochSecond" : 1576005408
},
"deletedAt" : null,
"deleted" : false
} ]Get Tenant By Id
GET /tenants/{id:[a-fA-F0-9]{8}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{12}}
Authorization
Valid Authorization Bearer token required, along with a permission grant authorizing access to any referenced resources.
Path parameters
| Parameter | Type | Optional | Description |
|---|---|---|---|
id |
Object |
false |
Query parameters
No parameters.
Request fields
No request body.
Response fields
| Path | Type | Optional | Description |
|---|---|---|---|
id |
String |
false |
|
name |
String |
false |
Used for display purposes. Not unique or private. Size must be between 1 and 128 inclusive. |
label |
String |
false |
A short value, containing only letters, numbers and dashes, which could be used as a label in a vanity domain. This label uniquely identifies the Tenant, and is the key by which tenant users indicate the tenant within which they intend to authenticate. Note: A deleted tenant looses its label. Such tenants will have a label value that combines the tenant id with the prior label value. This maintains the constraint that all tenant labels are unique, and frees the prior tenant label value for reclamation. Obviously a deleted tenant’s label will no longer meet the validation constraints of a live tenant label. Must match the regular expression |
identityProviders |
Array[Object] |
false |
|
identityProviders[].id |
String |
false |
|
identityProviders[].tenantId |
String |
false |
The id of the {@link Tenant} that this provider will authenticate users into. |
identityProviders[].auth0ConnectionId |
String |
false |
The auth0 generated id of the auth0 connection that this IdP represents. Size must be between 1 and 128 inclusive. |
identityProviders[].name |
String |
false |
Used for display purposes. Not unique or private. Size must be between 1 and 128 inclusive. |
identityProviders[].auth0ConnectionType |
String |
false |
Must be one of [Database, Social, Enterprise, Passwordless]. |
active |
Boolean |
true |
|
mfaProvider |
String |
true |
Specifies an Auth0 compliant MFA provider. When set, it will trigger MFA on authentication via Auth0. If null, then the tenant does not require MFA. Must be one of [None, GoogleAuthenticator]. |
createdAt |
Var |
false |
|
updatedAt |
Var |
false |
|
deletedAt |
Var |
true |
|
deleted |
Boolean |
true |
Example request
$ curl 'https://gateway.netFoundry.io/identity/v1/tenants/0de4af2c-8b83-4e22-a06c-1111fffc02f3' -i -X GET \
-H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiIxZ2paZnhBTUpYN3FRT3ZSd2JKZDZRIiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6ImZkODljNTY4LTRkZDktNGYzNi05YjM5LWY2NGQwYTc2YjI4MiIsImF1ZCI6ImlkZW50aXR5IiwiaWF0IjoxNTc2MDA1NDA3LCJleHAiOjE1NzYwMDkwMDcsInBvbGljaWVzIjpbeyJyZXNvdXJjZXMiOlsibmZybjoqIl0sImFjdGlvbnMiOlsiKjoqIl19XX0.GDD2gXcLyXdGzFj1m4i2Yt8kAm-4veuToijt9ixSu1B2zOtUNSFfeDPoiSoO-pphXuO-F9OuX5kgmaW-9LOjFxUoOv7-LbNIBkB3hskdYjYtOz4GyWsreRu1Pp3SlhBScPp1fzyi0_BcKuFgOXFa4dJXuzWXJLReYMePapiSC44pVLaFzHHsh7_L2dun7oB1VyxzlIgyz5pjShFSBxEI8eJHkSF39jmR78EnXntw1atsdfYh2mU1qbCsM2EDQI9E4ZWfWkfxz76jUsn5DQ83ahK7gw4W2LhXJd5g1KbjzWn4OAz_EemmpAAvSsA76H9IEdUs0-nLnABIraiE0YPvkg'Example response
HTTP/1.1 200 OK
Content-Length: 827
Content-Type: application/json;charset=UTF-8
{
"id" : "0de4af2c-8b83-4e22-a06c-1111fffc02f3",
"name" : "ACME International, Inc.",
"label" : "ACME-0",
"identityProviders" : [ {
"id" : "07ba1b5d-f552-441e-98c4-fead9227b8c0",
"tenantId" : "0de4af2c-8b83-4e22-a06c-1111fffc02f3",
"auth0ConnectionId" : "auth0-opaque-connectionId-1",
"name" : "ACME Federated Active Directory",
"auth0ConnectionType" : "Enterprise"
}, {
"id" : "a94297bd-67b6-4b5b-af2a-d42657217131",
"tenantId" : "0de4af2c-8b83-4e22-a06c-1111fffc02f3",
"auth0ConnectionId" : "auth0-opaque-connectionId-2",
"name" : "Google-Account",
"auth0ConnectionType" : "Social"
} ],
"active" : true,
"mfaProvider" : null,
"createdAt" : {
"nano" : 161000000,
"epochSecond" : 1576005398
},
"updatedAt" : null,
"deletedAt" : null,
"deleted" : false
}Get Tenant By Label
GET /tenants/label/{label:[-a-zA-Z0-9]{1,63}}
Authorization
Valid Authorization Bearer token required, along with a permission grant authorizing access to any referenced resources.
Path parameters
| Parameter | Type | Optional | Description |
|---|---|---|---|
label |
String |
false |
Query parameters
No parameters.
Request fields
No request body.
Response fields
| Path | Type | Optional | Description |
|---|---|---|---|
id |
String |
false |
|
name |
String |
false |
Used for display purposes. Not unique or private. Size must be between 1 and 128 inclusive. |
label |
String |
false |
A short value, containing only letters, numbers and dashes, which could be used as a label in a vanity domain. This label uniquely identifies the Tenant, and is the key by which tenant users indicate the tenant within which they intend to authenticate. Note: A deleted tenant looses its label. Such tenants will have a label value that combines the tenant id with the prior label value. This maintains the constraint that all tenant labels are unique, and frees the prior tenant label value for reclamation. Obviously a deleted tenant’s label will no longer meet the validation constraints of a live tenant label. Must match the regular expression |
identityProviders |
Array[Object] |
false |
|
identityProviders[].id |
String |
false |
|
identityProviders[].tenantId |
String |
false |
The id of the {@link Tenant} that this provider will authenticate users into. |
identityProviders[].auth0ConnectionId |
String |
false |
The auth0 generated id of the auth0 connection that this IdP represents. Size must be between 1 and 128 inclusive. |
identityProviders[].name |
String |
false |
Used for display purposes. Not unique or private. Size must be between 1 and 128 inclusive. |
identityProviders[].auth0ConnectionType |
String |
false |
Must be one of [Database, Social, Enterprise, Passwordless]. |
active |
Boolean |
true |
|
mfaProvider |
String |
true |
Specifies an Auth0 compliant MFA provider. When set, it will trigger MFA on authentication via Auth0. If null, then the tenant does not require MFA. Must be one of [None, GoogleAuthenticator]. |
createdAt |
Var |
false |
|
updatedAt |
Var |
false |
|
deletedAt |
Var |
true |
|
deleted |
Boolean |
true |
Example request
$ curl 'https://gateway.netFoundry.io/identity/v1/tenants/label/ACME-0' -i -X GET \
-H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiIwNG8tTXk0eXR1MTA2cWpFSWVseUhnIiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6ImZkODljNTY4LTRkZDktNGYzNi05YjM5LWY2NGQwYTc2YjI4MiIsImF1ZCI6ImlkZW50aXR5IiwiaWF0IjoxNTc2MDA1NDA4LCJleHAiOjE1NzYwMDkwMDgsInBvbGljaWVzIjpbeyJyZXNvdXJjZXMiOlsibmZybjoqIl0sImFjdGlvbnMiOlsiKjoqIl19XX0.LOqhf_RBTsxFrjX-hljwEyjc2xL6dkjtzI0zl-gRvgO6fJeanY9jC5dgBw32lYsWvH5SrSsc6_S4ADvSRXWS2yuQow7DvqUeG2wBiyEZ4ICXAsYJggt1-ALguNvGIKcEUGSp4_dhhODhuYicw4HfZfhkJ3h8ckf4cUKv0oUXpQKOOmLhRwhkXBjYdvD1yj9Vj80-Vgy7JK9jbHIeHr26YQqiwiudm6UrfmFGgrW3ulAjuzd4pJtUCMVLFIW5iQ_dX5lG6gTZCIxRGS2_FmwnLCaki40jhClU8hezlz9Z-OJiyZPWC1ZzYbDAsG2tF0dOmiVnbrryQvITAzPfMrUr1g'Example response
HTTP/1.1 200 OK
Content-Length: 827
Content-Type: application/json;charset=UTF-8
{
"id" : "0de4af2c-8b83-4e22-a06c-1111fffc02f3",
"name" : "ACME International, Inc.",
"label" : "ACME-0",
"identityProviders" : [ {
"id" : "07ba1b5d-f552-441e-98c4-fead9227b8c0",
"tenantId" : "0de4af2c-8b83-4e22-a06c-1111fffc02f3",
"auth0ConnectionId" : "auth0-opaque-connectionId-1",
"name" : "ACME Federated Active Directory",
"auth0ConnectionType" : "Enterprise"
}, {
"id" : "a94297bd-67b6-4b5b-af2a-d42657217131",
"tenantId" : "0de4af2c-8b83-4e22-a06c-1111fffc02f3",
"auth0ConnectionId" : "auth0-opaque-connectionId-2",
"name" : "Google-Account",
"auth0ConnectionType" : "Social"
} ],
"active" : true,
"mfaProvider" : null,
"createdAt" : {
"nano" : 161000000,
"epochSecond" : 1576005398
},
"updatedAt" : null,
"deletedAt" : null,
"deleted" : false
}Create Tenant
POST /tenants
Authorization
Valid Authorization Bearer token required, along with a permission grant authorizing access to any referenced resources.
Path parameters
No parameters.
Query parameters
No parameters.
Request fields
| Path | Type | Optional | Description |
|---|---|---|---|
name |
String |
false |
Size must be between 2 and 128 inclusive. |
label |
String |
false |
Must match the regular expression |
auth0ConnectionId |
String |
false |
Size must be between 1 and 128 inclusive. |
identityProviderName |
String |
false |
Size must be between 1 and 128 inclusive. |
auth0ConnectionType |
String |
false |
Must be one of [Database, Social, Enterprise, Passwordless]. |
Response fields
| Path | Type | Optional | Description |
|---|---|---|---|
id |
String |
false |
|
name |
String |
false |
Used for display purposes. Not unique or private. Size must be between 1 and 128 inclusive. |
label |
String |
false |
A short value, containing only letters, numbers and dashes, which could be used as a label in a vanity domain. This label uniquely identifies the Tenant, and is the key by which tenant users indicate the tenant within which they intend to authenticate. Note: A deleted tenant looses its label. Such tenants will have a label value that combines the tenant id with the prior label value. This maintains the constraint that all tenant labels are unique, and frees the prior tenant label value for reclamation. Obviously a deleted tenant’s label will no longer meet the validation constraints of a live tenant label. Must match the regular expression |
identityProviders |
Array[Object] |
false |
|
identityProviders[].id |
String |
false |
|
identityProviders[].tenantId |
String |
false |
The id of the {@link Tenant} that this provider will authenticate users into. |
identityProviders[].auth0ConnectionId |
String |
false |
The auth0 generated id of the auth0 connection that this IdP represents. Size must be between 1 and 128 inclusive. |
identityProviders[].name |
String |
false |
Used for display purposes. Not unique or private. Size must be between 1 and 128 inclusive. |
identityProviders[].auth0ConnectionType |
String |
false |
Must be one of [Database, Social, Enterprise, Passwordless]. |
active |
Boolean |
true |
|
mfaProvider |
String |
true |
Specifies an Auth0 compliant MFA provider. When set, it will trigger MFA on authentication via Auth0. If null, then the tenant does not require MFA. Must be one of [None, GoogleAuthenticator]. |
createdAt |
Var |
false |
|
updatedAt |
Var |
false |
|
deletedAt |
Var |
true |
|
deleted |
Boolean |
true |
Example request
$ curl 'https://gateway.netFoundry.io/identity/v1/tenants' -i -X POST \
-H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJVSHduSlgzM2E1OFNPeDNhTzl0Q2F3IiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6ImZkODljNTY4LTRkZDktNGYzNi05YjM5LWY2NGQwYTc2YjI4MiIsImF1ZCI6ImlkZW50aXR5IiwiaWF0IjoxNTc2MDA1NDEwLCJleHAiOjE1NzYwMDkwMTAsInBvbGljaWVzIjpbeyJyZXNvdXJjZXMiOlsibmZybjoqIl0sImFjdGlvbnMiOlsiKjoqIl19XX0.YYCxa6JrvaSsz1Sw-DEoT1OwfGjuz-6oRSon9PlWVA-eNBiIsAlycGwCdHyYArI1WJ4037vFKuYxrbQiFfPbYV2cQx1voUTUttp1u_HjRLE4QA-bmlfxnux3DYZ6PCDUAALHPv_imRM5kEITwgm3g0GciShEtWH9RIPv-geytONdLdyL22a7HR9uNZ4tc1LOrLyFzI3FTKU8WOZQ2nGcK0TPU7suvnkgMXgfhRS14-QOt22ssXYtGqcbO9C6kc9jKAdqcLqGRjbMKo-StIMILkkI8K7oQUQ8ltRoJDb-rlgAJAWiuPJ6JWYa85ZElZaZM0k-SDDzj-wGHwOVRVMB3A' \
-H 'Content-Type: application/json' \
-d '{"name":"Best Corp.","label":"BEST-CORP","auth0ConnectionId":"auth0-opaque-connection","identityProviderName":"Corp SAML","auth0ConnectionType":"Enterprise"}'Example response
HTTP/1.1 201 Created
Content-Length: 549
Content-Type: application/json;charset=UTF-8
{
"id" : "0eae3828-a52f-4003-a006-4539de521d8a",
"name" : "Best Corp.",
"label" : "BEST-CORP",
"identityProviders" : [ {
"id" : "647fae73-0873-40db-ae52-abee7c6f3f67",
"tenantId" : "0eae3828-a52f-4003-a006-4539de521d8a",
"auth0ConnectionId" : "auth0-opaque-connection",
"name" : "Corp SAML",
"auth0ConnectionType" : "Enterprise"
} ],
"active" : true,
"mfaProvider" : null,
"createdAt" : {
"nano" : 49000000,
"epochSecond" : 1576005410
},
"updatedAt" : null,
"deletedAt" : null,
"deleted" : false
}Activate Or Deactivate Tenant
PUT /tenants/{id}/{action:activate|deactivate}
Authorization
Valid Authorization Bearer token required, along with a permission grant authorizing access to any referenced resources.
Path parameters
| Parameter | Type | Optional | Description |
|---|---|---|---|
id |
Object |
false |
|
action |
String |
false |
Query parameters
No parameters.
Request fields
No request body.
Response fields
| Path | Type | Optional | Description |
|---|---|---|---|
id |
String |
false |
|
name |
String |
false |
Used for display purposes. Not unique or private. Size must be between 1 and 128 inclusive. |
label |
String |
false |
A short value, containing only letters, numbers and dashes, which could be used as a label in a vanity domain. This label uniquely identifies the Tenant, and is the key by which tenant users indicate the tenant within which they intend to authenticate. Note: A deleted tenant looses its label. Such tenants will have a label value that combines the tenant id with the prior label value. This maintains the constraint that all tenant labels are unique, and frees the prior tenant label value for reclamation. Obviously a deleted tenant’s label will no longer meet the validation constraints of a live tenant label. Must match the regular expression |
identityProviders |
Array[Object] |
false |
|
identityProviders[].id |
String |
false |
|
identityProviders[].tenantId |
String |
false |
The id of the {@link Tenant} that this provider will authenticate users into. |
identityProviders[].auth0ConnectionId |
String |
false |
The auth0 generated id of the auth0 connection that this IdP represents. Size must be between 1 and 128 inclusive. |
identityProviders[].name |
String |
false |
Used for display purposes. Not unique or private. Size must be between 1 and 128 inclusive. |
identityProviders[].auth0ConnectionType |
String |
false |
Must be one of [Database, Social, Enterprise, Passwordless]. |
active |
Boolean |
true |
|
mfaProvider |
String |
true |
Specifies an Auth0 compliant MFA provider. When set, it will trigger MFA on authentication via Auth0. If null, then the tenant does not require MFA. Must be one of [None, GoogleAuthenticator]. |
createdAt |
Var |
false |
|
updatedAt |
Var |
false |
|
deletedAt |
Var |
true |
|
deleted |
Boolean |
true |
Example request
$ curl 'https://gateway.netFoundry.io/identity/v1/tenants/91859226-3bdf-42fc-a0d7-bc01acc46b42/deactivate' -i -X PUT \
-H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJNRzZKQnhrby0yTXZaT3RaTkg5UndBIiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6ImZkODljNTY4LTRkZDktNGYzNi05YjM5LWY2NGQwYTc2YjI4MiIsImF1ZCI6ImlkZW50aXR5IiwiaWF0IjoxNTc2MDA1NDA5LCJleHAiOjE1NzYwMDkwMDksInBvbGljaWVzIjpbeyJyZXNvdXJjZXMiOlsibmZybjoqIl0sImFjdGlvbnMiOlsiKjoqIl19XX0.HN9zrlNnnqanBCNFrZN0QWxyzNGphPv5vm5F2Yw2qhC4P90im9Q7vpnOtAGDRztU15LBA4i91rS-dtSpy5pYsGfYYHoAbW27MoIl4SFXgV8aXKKeryc1ufKaYpVwX1mUa3vTvUUPZsGrUnSeY1LcL_OrXtpXmZ7Ib5eimSvsYUOE-WXnvnhqnACRa5CB7pmQ3KGy0rWrR5Gru2DYeHMPHKPqAxMkQJObZ8WSIlwVbDTi7PnccJU4SQk6cHRGiJxdoyc-SNWrEKcPxK-2nAjYIHuGzSKUVg5fBG8wBNwRF2efpxh8l2Dw5CAMGTWvS5llW_FBOy6ptYzbFA7WDtP_sQ'Example response
HTTP/1.1 200 OK
Content-Type: application/json;charset=UTF-8
Content-Length: 630
{
"id" : "91859226-3bdf-42fc-a0d7-bc01acc46b42",
"name" : "World Wide Imports",
"label" : "WW-Imports-21",
"identityProviders" : [ {
"id" : "de08d7e5-8d1a-4b98-9ec4-d1916d4adcbb",
"tenantId" : "91859226-3bdf-42fc-a0d7-bc01acc46b42",
"auth0ConnectionId" : "auth0-opaque-connectionId-22",
"name" : "Username/Password",
"auth0ConnectionType" : "Database"
} ],
"active" : false,
"mfaProvider" : null,
"createdAt" : {
"nano" : 430000000,
"epochSecond" : 1576005409
},
"updatedAt" : {
"nano" : 590000000,
"epochSecond" : 1576005409
},
"deletedAt" : null,
"deleted" : false
}Add Identity Provider
POST /tenants/{id}/identity-providers
Authorization
Valid Authorization Bearer token required, along with a permission grant authorizing access to any referenced resources.
Path parameters
| Parameter | Type | Optional | Description |
|---|---|---|---|
id |
Object |
false |
Query parameters
No parameters.
Request fields
| Path | Type | Optional | Description |
|---|---|---|---|
auth0ConnectionId |
String |
false |
Size must be between 1 and 128 inclusive. |
identityProviderName |
String |
false |
Size must be between 1 and 128 inclusive. |
auth0ConnectionType |
String |
false |
Must be one of [Database, Social, Enterprise, Passwordless]. |
Response fields
| Path | Type | Optional | Description |
|---|---|---|---|
id |
String |
false |
|
name |
String |
false |
Used for display purposes. Not unique or private. Size must be between 1 and 128 inclusive. |
label |
String |
false |
A short value, containing only letters, numbers and dashes, which could be used as a label in a vanity domain. This label uniquely identifies the Tenant, and is the key by which tenant users indicate the tenant within which they intend to authenticate. Note: A deleted tenant looses its label. Such tenants will have a label value that combines the tenant id with the prior label value. This maintains the constraint that all tenant labels are unique, and frees the prior tenant label value for reclamation. Obviously a deleted tenant’s label will no longer meet the validation constraints of a live tenant label. Must match the regular expression |
identityProviders |
Array[Object] |
false |
|
identityProviders[].id |
String |
false |
|
identityProviders[].tenantId |
String |
false |
The id of the {@link Tenant} that this provider will authenticate users into. |
identityProviders[].auth0ConnectionId |
String |
false |
The auth0 generated id of the auth0 connection that this IdP represents. Size must be between 1 and 128 inclusive. |
identityProviders[].name |
String |
false |
Used for display purposes. Not unique or private. Size must be between 1 and 128 inclusive. |
identityProviders[].auth0ConnectionType |
String |
false |
Must be one of [Database, Social, Enterprise, Passwordless]. |
active |
Boolean |
true |
|
mfaProvider |
String |
true |
Specifies an Auth0 compliant MFA provider. When set, it will trigger MFA on authentication via Auth0. If null, then the tenant does not require MFA. Must be one of [None, GoogleAuthenticator]. |
createdAt |
Var |
false |
|
updatedAt |
Var |
false |
|
deletedAt |
Var |
true |
|
deleted |
Boolean |
true |
Example request
$ curl 'https://gateway.netFoundry.io/identity/v1/tenants/06f3cacd-51e3-4c9d-9a36-b41c6ca9a42f/identity-providers' -i -X POST \
-H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJHRkktSzhnRXA3QXg5N3lJRzJxN3lRIiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6ImZkODljNTY4LTRkZDktNGYzNi05YjM5LWY2NGQwYTc2YjI4MiIsImF1ZCI6ImlkZW50aXR5IiwiaWF0IjoxNTc2MDA1NDA5LCJleHAiOjE1NzYwMDkwMDksInBvbGljaWVzIjpbeyJyZXNvdXJjZXMiOlsibmZybjoqIl0sImFjdGlvbnMiOlsiKjoqIl19XX0.cM5FRb5v_tMWcpwIXGFqnYQedoVl_FoKDSCvN5Vajd5TPxV11bW6qnox1uOPuxr4yScySg9DP3TuzSsiU6TR5t4CUTiQaNWNZXiS8_D-jKzhEMnqtgKRih5cSUDPzekD6-Zkmd2upwgOY7cQFbMrl3twOPqxPA2CI8LqxWRUJFxDTLVyiyBFo6IWt7l3XtTK0fjULgd5XaCE3zc81ZWkk6_V88byXvkf8eiXmTVKBBSAfj_jgOE5EKISzeW4n-OTnz1s4yjVKHZ9HsDJmeJ7pyLiPyJ-6NJHft0rY6AQBFd7ufsz_Mr13zUUzhQATt-TBH-YqV006XSUn2lCHcsu1g' \
-H 'Content-Type: application/json' \
-d '{"auth0ConnectionId":"auth0-opaque-connection","identityProviderName":"Corp SAML","auth0ConnectionType":"Enterprise"}'Example response
HTTP/1.1 201 Created
Content-Length: 808
Content-Type: application/json;charset=UTF-8
{
"id" : "06f3cacd-51e3-4c9d-9a36-b41c6ca9a42f",
"name" : "World Wide Imports",
"label" : "WW-Imports-23",
"identityProviders" : [ {
"id" : "074bd411-1a00-491b-8c60-b1ba9a67ac81",
"tenantId" : "06f3cacd-51e3-4c9d-9a36-b41c6ca9a42f",
"auth0ConnectionId" : "auth0-opaque-connectionId-24",
"name" : "Username/Password",
"auth0ConnectionType" : "Database"
}, {
"id" : "1314aeef-6182-4d8f-bbe6-5b318aa65b1f",
"tenantId" : "06f3cacd-51e3-4c9d-9a36-b41c6ca9a42f",
"auth0ConnectionId" : "auth0-opaque-connection",
"name" : "Corp SAML",
"auth0ConnectionType" : "Enterprise"
} ],
"active" : true,
"mfaProvider" : null,
"createdAt" : {
"nano" : 647000000,
"epochSecond" : 1576005409
},
"updatedAt" : null,
"deletedAt" : null,
"deleted" : false
}User Identity
Find User Identities
GET /user-identities
Returns a set of {@link UserIdentity}s that are visible to the requesting client and optionally filtered based on the submitted request parameters.
Authorization
Valid Authorization Bearer token required, along with a permission grant authorizing access to any referenced resources.
Path parameters
No parameters.
Query parameters
Supports standard paging query parameters.
| Parameter | Type | Optional | Description |
|---|---|---|---|
tenantId |
Object |
true |
Restricts results to Identities in the specified Tenant (by Tenant’s id.). |
firstName |
String |
true |
|
lastName |
String |
true |
|
String |
true |
||
active |
Boolean |
true |
Restricts results to Identities with a matching active status. |
includeDeleted |
Boolean |
true |
Default value: 'false'. |
Request fields
No request body.
Response fields
Standard paging response where content field is list of following objects:
| Path | Type | Optional | Description |
|---|---|---|---|
id |
String |
false |
|
tenantId |
String |
false |
|
firstName |
String |
false |
Size must be between 0 and 128 inclusive. |
lastName |
String |
false |
Size must be between 1 and 128 inclusive. |
String |
false |
Size must be between 6 and 254 inclusive. |
|
identityMappings |
Array[Object] |
false |
|
identityMappings[].id |
String |
false |
|
identityMappings[].auth0UserId |
String |
false |
Size must be between 4 and 256 inclusive. |
identityMappings[].identityProviderId |
String |
false |
|
identityMappings[].userIdentityId |
String |
false |
|
active |
Boolean |
true |
|
createdAt |
Var |
false |
|
deletedAt |
Var |
true |
Returns the date that the identity was deleted or null if the identity has not been deleted. Note, identities are marked as deleted and not returned from searches unless explicitly requested. |
name |
String |
true |
|
type |
String |
true |
Example request
$ curl 'https://gateway.netFoundry.io/identity/v1/user-identities' -i -X GET \
-H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJJSjBzTlhObHNsckNyLWlXeTd6MGpRIiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6ImZkODljNTY4LTRkZDktNGYzNi05YjM5LWY2NGQwYTc2YjI4MiIsImF1ZCI6ImlkZW50aXR5IiwiaWF0IjoxNTc2MDA1NDAzLCJleHAiOjE1NzYwMDkwMDMsInBvbGljaWVzIjpbeyJyZXNvdXJjZXMiOlsibmZybjoqIl0sImFjdGlvbnMiOlsiKjoqIl19XX0.EbYa5iTuLSDNnVweF0TbSbNnOPVCHCI_49VolZEXYaAf_HTuadLA_boB_hv2L-cF599_C1rBqBwdI-vurZmc8l4COODfbGKVfdxCZHM0rGPcWJcAOpLTb9Gm0KElD70G4-zMSsCqzzdG6UiQBlmfMF4r8n4-OhCJWT36AqG-z-gO3xdvkXpGMqOJXfVC5tJE62Mnbe1aOER56FioAfqOQ2Cg5av2JVWxjtRmEgq-PfYcc87-h7YCRVImazcuR3M2aDZDsy7orXec322IiIs7a4vU6V2E97HbVwn04wqjnQzHJ71NtuQSC8_pHwU5MmFAt0JdXmVO7G0nxOX4aH39mw'Example response
HTTP/1.1 200 OK
Content-Length: 2132
Content-Type: application/json;charset=UTF-8
[ {
"id" : "3858f07c-40e4-4f1b-af6a-25ba07762ff3",
"tenantId" : "0de4af2c-8b83-4e22-a06c-1111fffc02f3",
"firstName" : "John",
"lastName" : "Doe",
"email" : "john.doe@acme.com",
"identityMappings" : [ {
"id" : "82650b6e-fb1d-4666-9603-30807ae5b3ed",
"auth0UserId" : "auth0-opaque-userId-3",
"identityProviderId" : "07ba1b5d-f552-441e-98c4-fead9227b8c0",
"userIdentityId" : "3858f07c-40e4-4f1b-af6a-25ba07762ff3"
} ],
"active" : true,
"createdAt" : {
"nano" : 183000000,
"epochSecond" : 1576005398
},
"deletedAt" : null,
"name" : "John Doe",
"type" : "UserIdentity"
}, {
"id" : "fd89c568-4dd9-4f36-9b39-f64d0a76b282",
"tenantId" : "0de4af2c-8b83-4e22-a06c-1111fffc02f3",
"firstName" : "TESTING",
"lastName" : "CLIENT",
"email" : "test.client@server.com",
"identityMappings" : [ {
"id" : "e451f1c7-57ee-4e28-b0e7-8a520e329727",
"auth0UserId" : "auth0-opaque-userId-6",
"identityProviderId" : "07ba1b5d-f552-441e-98c4-fead9227b8c0",
"userIdentityId" : "fd89c568-4dd9-4f36-9b39-f64d0a76b282"
} ],
"active" : true,
"createdAt" : {
"nano" : 197000000,
"epochSecond" : 1576005398
},
"deletedAt" : null,
"name" : "TESTING CLIENT",
"type" : "UserIdentity"
}, {
"id" : "80427e45-1893-4de9-8ae3-dbb45b162bf3",
"tenantId" : "0de4af2c-8b83-4e22-a06c-1111fffc02f3",
"firstName" : "First",
"lastName" : "Last",
"email" : "random-7@acme.com",
"identityMappings" : [ {
"id" : "834445c2-e6b8-4150-b322-10c3e1230dca",
"auth0UserId" : "new-auth0-userId:7c150c71-d950-45be-81fd-88c30b67ecaa",
"identityProviderId" : "a94297bd-67b6-4b5b-af2a-d42657217131",
"userIdentityId" : "80427e45-1893-4de9-8ae3-dbb45b162bf3"
}, {
"id" : "575909d8-c370-42dc-b3bc-f91cf3417e36",
"auth0UserId" : "auth0-opaque-userId-8",
"identityProviderId" : "07ba1b5d-f552-441e-98c4-fead9227b8c0",
"userIdentityId" : "80427e45-1893-4de9-8ae3-dbb45b162bf3"
} ],
"active" : true,
"createdAt" : {
"nano" : 243000000,
"epochSecond" : 1576005400
},
"deletedAt" : null,
"name" : "First Last",
"type" : "UserIdentity"
} ]Get User Identity
GET /user-identities/{id}
Get an User Identity by its id.
Authorization
Valid Authorization Bearer token required, along with a permission grant authorizing access to any referenced resources.
Path parameters
| Parameter | Type | Optional | Description |
|---|---|---|---|
id |
String |
false |
Query parameters
No parameters.
Request fields
No request body.
Response fields
| Path | Type | Optional | Description |
|---|---|---|---|
id |
String |
false |
|
tenantId |
String |
false |
|
firstName |
String |
false |
Size must be between 0 and 128 inclusive. |
lastName |
String |
false |
Size must be between 1 and 128 inclusive. |
String |
false |
Size must be between 6 and 254 inclusive. |
|
identityMappings |
Array[Object] |
false |
|
identityMappings[].id |
String |
false |
|
identityMappings[].auth0UserId |
String |
false |
Size must be between 4 and 256 inclusive. |
identityMappings[].identityProviderId |
String |
false |
|
identityMappings[].userIdentityId |
String |
false |
|
active |
Boolean |
true |
|
createdAt |
Var |
false |
|
deletedAt |
Var |
true |
Returns the date that the identity was deleted or null if the identity has not been deleted. Note, identities are marked as deleted and not returned from searches unless explicitly requested. |
name |
String |
true |
|
type |
String |
true |
Example request
$ curl 'https://gateway.netFoundry.io/identity/v1/user-identities/3858f07c-40e4-4f1b-af6a-25ba07762ff3' -i -X GET \
-H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJoUHJmTFhORHFyWHpDejRGaGlZWkp3IiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6ImZkODljNTY4LTRkZDktNGYzNi05YjM5LWY2NGQwYTc2YjI4MiIsImF1ZCI6ImlkZW50aXR5IiwiaWF0IjoxNTc2MDA1NDA1LCJleHAiOjE1NzYwMDkwMDUsInBvbGljaWVzIjpbeyJyZXNvdXJjZXMiOlsibmZybjoqIl0sImFjdGlvbnMiOlsiKjoqIl19XX0.B0ANNBYmXTvCaHoxaS0ukp_Oo-37806FlaP3e8mJGPBqg6arUQQC4UCtSueQ__nuPtE7M7lyLjLYLUebpoynYmsx_FI4VTfhFbL4HTTks6f0C4XxJcjfXelrHgxtT0RnuyOxYhXcZy2S_gYuvs8PrfT_m9szkJVnP_vgjSqlfpesmvPK8qBPMZbZW54rMOss9D-Cexo5mULtH9ov14ZBFr_sIoZbvOZsqQ6J6okXk09vP68QH1VIzeqa2_Ml2ch4JJvonM3MQX5nXZoHz0oOSNWFSiOk8SdasNutoRaej5eMP0t20d_zW67FrW5sHNVz-Ks7n6qg4SJRAyHOu0kwPg'Example response
HTTP/1.1 200 OK
Content-Length: 613
Content-Type: application/json;charset=UTF-8
{
"id" : "3858f07c-40e4-4f1b-af6a-25ba07762ff3",
"tenantId" : "0de4af2c-8b83-4e22-a06c-1111fffc02f3",
"firstName" : "John",
"lastName" : "Doe",
"email" : "john.doe@acme.com",
"identityMappings" : [ {
"id" : "82650b6e-fb1d-4666-9603-30807ae5b3ed",
"auth0UserId" : "auth0-opaque-userId-3",
"identityProviderId" : "07ba1b5d-f552-441e-98c4-fead9227b8c0",
"userIdentityId" : "3858f07c-40e4-4f1b-af6a-25ba07762ff3"
} ],
"active" : true,
"createdAt" : {
"nano" : 183000000,
"epochSecond" : 1576005398
},
"deletedAt" : null,
"name" : "John Doe",
"type" : "UserIdentity"
}Get User Identity By Mapping
GET /user-identities/mapping/{auth0UserId}/{identityProviderId}
Authorization
Valid Authorization Bearer token required, along with a permission grant authorizing access to any referenced resources.
Path parameters
| Parameter | Type | Optional | Description |
|---|---|---|---|
auth0UserId |
String |
false |
|
identityProviderId |
Object |
false |
Query parameters
No parameters.
Request fields
No request body.
Response fields
| Path | Type | Optional | Description |
|---|---|---|---|
id |
String |
false |
|
tenantId |
String |
false |
|
firstName |
String |
false |
Size must be between 0 and 128 inclusive. |
lastName |
String |
false |
Size must be between 1 and 128 inclusive. |
String |
false |
Size must be between 6 and 254 inclusive. |
|
identityMappings |
Array[Object] |
false |
|
identityMappings[].id |
String |
false |
|
identityMappings[].auth0UserId |
String |
false |
Size must be between 4 and 256 inclusive. |
identityMappings[].identityProviderId |
String |
false |
|
identityMappings[].userIdentityId |
String |
false |
|
active |
Boolean |
true |
|
createdAt |
Var |
false |
|
deletedAt |
Var |
true |
Returns the date that the identity was deleted or null if the identity has not been deleted. Note, identities are marked as deleted and not returned from searches unless explicitly requested. |
name |
String |
true |
|
type |
String |
true |
Example request
$ curl 'https://gateway.netFoundry.io/identity/v1/user-identities/mapping/auth0-opaque-userId-3/07ba1b5d-f552-441e-98c4-fead9227b8c0' -i -X GET \
-H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJhQVA2cV8wTXdfcXBXV2Y2Ti1kQTFBIiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6ImZkODljNTY4LTRkZDktNGYzNi05YjM5LWY2NGQwYTc2YjI4MiIsImF1ZCI6ImlkZW50aXR5IiwiaWF0IjoxNTc2MDA1NDA1LCJleHAiOjE1NzYwMDkwMDUsInBvbGljaWVzIjpbeyJyZXNvdXJjZXMiOlsibmZybjoqIl0sImFjdGlvbnMiOlsiKjoqIl19XX0.bopjVb8QWiFuYAJcnVcAhfDBFvpmJkfONWk-puZfmyS-XYY-nVwTFa-hGKlEHoraqRPM2japI-b-OSOY77eee8_P6nEWDSXzG_4g0iJhYBtZpB8zMer7NQFcghcwVeqdwaTUolineBxGecUMNB8EoYHbTpaeHUiKRg3wD-TULVY-7SZ54NL1Nv0SR75gbWO4pWRrIDW5W2SVC4uZIYhgrgvR52uTpHQxvGp7YW5qEqmH6drAZe94m7RL3adURHmzShLeiDc07i55MDHsDw9DmWFTk6ckvDSpC0fHYdyfKjpEpZisgSbqTIe_NYH3gqXdPm4IMWB7B17R_l5BVWku7Q'Example response
HTTP/1.1 200 OK
Content-Length: 613
Content-Type: application/json;charset=UTF-8
{
"id" : "3858f07c-40e4-4f1b-af6a-25ba07762ff3",
"tenantId" : "0de4af2c-8b83-4e22-a06c-1111fffc02f3",
"firstName" : "John",
"lastName" : "Doe",
"email" : "john.doe@acme.com",
"identityMappings" : [ {
"id" : "82650b6e-fb1d-4666-9603-30807ae5b3ed",
"auth0UserId" : "auth0-opaque-userId-3",
"identityProviderId" : "07ba1b5d-f552-441e-98c4-fead9227b8c0",
"userIdentityId" : "3858f07c-40e4-4f1b-af6a-25ba07762ff3"
} ],
"active" : true,
"createdAt" : {
"nano" : 183000000,
"epochSecond" : 1576005398
},
"deletedAt" : null,
"name" : "John Doe",
"type" : "UserIdentity"
}Create Identity
POST /user-identities
Authorization
Valid Authorization Bearer token required, along with a permission grant authorizing access to any referenced resources.
Path parameters
No parameters.
Query parameters
No parameters.
Request fields
| Path | Type | Optional | Description |
|---|---|---|---|
tenantId |
String |
false |
|
firstName |
String |
false |
Size must be between 0 and 128 inclusive. |
lastName |
String |
false |
Size must be between 1 and 128 inclusive. |
String |
false |
Size must be between 6 and 254 inclusive. |
Response fields
| Path | Type | Optional | Description |
|---|---|---|---|
id |
String |
false |
|
tenantId |
String |
false |
|
firstName |
String |
false |
Size must be between 0 and 128 inclusive. |
lastName |
String |
false |
Size must be between 1 and 128 inclusive. |
String |
false |
Size must be between 6 and 254 inclusive. |
|
identityMappings |
Array[Object] |
false |
|
identityMappings[].id |
String |
false |
|
identityMappings[].auth0UserId |
String |
false |
Size must be between 4 and 256 inclusive. |
identityMappings[].identityProviderId |
String |
false |
|
identityMappings[].userIdentityId |
String |
false |
|
active |
Boolean |
true |
|
createdAt |
Var |
false |
|
deletedAt |
Var |
true |
Returns the date that the identity was deleted or null if the identity has not been deleted. Note, identities are marked as deleted and not returned from searches unless explicitly requested. |
name |
String |
true |
|
type |
String |
true |
Example request
$ curl 'https://gateway.netFoundry.io/identity/v1/user-identities' -i -X POST \
-H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiItcmV4dU5McHZXSTNEVjg1a1VGN3RBIiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6ImZkODljNTY4LTRkZDktNGYzNi05YjM5LWY2NGQwYTc2YjI4MiIsImF1ZCI6ImlkZW50aXR5IiwiaWF0IjoxNTc2MDA1NDA2LCJleHAiOjE1NzYwMDkwMDYsInBvbGljaWVzIjpbeyJyZXNvdXJjZXMiOlsibmZybjoqIl0sImFjdGlvbnMiOlsiKjoqIl19XX0.Ml5fmoGOLjO2lV4vqhrQqXJxL_M_KvhkkD-fXGW5sX7PaNXKM9-TK19i-9dpenP5DvZjH52Ua8nHCgh8UR8n_svMuVBT0LlUkxH6SDWhRbWmclhO9Hm1FaG2aqyJkL4JRwdR4C_qNdByLNT6HcZH-AUyXOHdXcW6KkT_G_g52nJGAggJuKrrFORNo_EnOM9Ynuqez1OW-WPGaBlQsYogH6nJztp8zvMztGv38kWeU6nK30P_Q91b_AnPOCDYkfXaKPU3oSYx5QcKvXT8lGpl8s4-BJe0EpOYZfmRHqRMkLyMFpMV-yY4irXRPYa23XEvEiNpysOlEkaepWTLdYLKTQ' \
-H 'Content-Type: application/json' \
-d '{"tenantId":"0de4af2c-8b83-4e22-a06c-1111fffc02f3","firstName":"Jane","lastName":"Doe","email":"jane.doe@acme.com"}'Example response
HTTP/1.1 201 Created
Content-Length: 382
Content-Type: application/json;charset=UTF-8
{
"id" : "52415acb-7375-4420-8204-1643752e655d",
"tenantId" : "0de4af2c-8b83-4e22-a06c-1111fffc02f3",
"firstName" : "Jane",
"lastName" : "Doe",
"email" : "jane.doe@acme.com",
"identityMappings" : [ ],
"active" : true,
"createdAt" : {
"nano" : 391000000,
"epochSecond" : 1576005406
},
"deletedAt" : null,
"name" : "Jane Doe",
"type" : "UserIdentity"
}Update Identity Info
PUT /user-identities/{id}
Authorization
Valid Authorization Bearer token required, along with a permission grant authorizing access to any referenced resources.
Path parameters
| Parameter | Type | Optional | Description |
|---|---|---|---|
id |
Object |
false |
Query parameters
No parameters.
Request fields
| Path | Type | Optional | Description |
|---|---|---|---|
firstName |
String |
true |
Size must be between 0 and 128 inclusive. |
lastName |
String |
true |
Size must be between 1 and 128 inclusive. |
String |
true |
Size must be between 6 and 254 inclusive. |
Response fields
| Path | Type | Optional | Description |
|---|---|---|---|
id |
String |
false |
|
tenantId |
String |
false |
|
firstName |
String |
false |
Size must be between 0 and 128 inclusive. |
lastName |
String |
false |
Size must be between 1 and 128 inclusive. |
String |
false |
Size must be between 6 and 254 inclusive. |
|
identityMappings |
Array[Object] |
false |
|
identityMappings[].id |
String |
false |
|
identityMappings[].auth0UserId |
String |
false |
Size must be between 4 and 256 inclusive. |
identityMappings[].identityProviderId |
String |
false |
|
identityMappings[].userIdentityId |
String |
false |
|
active |
Boolean |
true |
|
createdAt |
Var |
false |
|
deletedAt |
Var |
true |
Returns the date that the identity was deleted or null if the identity has not been deleted. Note, identities are marked as deleted and not returned from searches unless explicitly requested. |
name |
String |
true |
|
type |
String |
true |
Example request
$ curl 'https://gateway.netFoundry.io/identity/v1/user-identities/ab9bef3d-6212-4fec-b6d7-97d3e4297122' -i -X PUT \
-H 'Content-Type: application/json' \
-H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJKOTNhcGtHY2pobDBVNE9XV3VhNnJRIiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6ImZkODljNTY4LTRkZDktNGYzNi05YjM5LWY2NGQwYTc2YjI4MiIsImF1ZCI6ImlkZW50aXR5IiwiaWF0IjoxNTc2MDA1NDAyLCJleHAiOjE1NzYwMDkwMDIsInBvbGljaWVzIjpbeyJyZXNvdXJjZXMiOlsibmZybjoqIl0sImFjdGlvbnMiOlsiKjoqIl19XX0.DRv4r5CvQ0J6gIhJJM_WYR4nceUOpa-w09R9N2Oeo2M8EPh5RXeSMkctwRXEUhsWIjS1Fx-mN1X45mc1T140OpbSlKW9E4FuVL8unYa96qtJokOwmc7wQzTZezoCcw8WFaVbdngEDkM4ENMk7QsnyErF9QW6N9u7WEmvONo2Rt1njOLH61b9HVKLdc2SYDTsQEsp1tcVMvGHHMBk_cGRtvm91FfK0jGf-NJ2tyZFMto07juskI_EjFTM9O-22K76rZasWKQElXOkNtK3RvEqH8lDb-UL73_NufrbqaR4o-EmjFi0keq82zAhayx92w4fkRIkJTwTOeNrcSWzVUMKoA' \
-d '{"firstName":"Bobby","lastName":"White","email":"bobby.white@acme.com"}'Example response
HTTP/1.1 200 OK
Content-Length: 623
Content-Type: application/json;charset=UTF-8
{
"id" : "ab9bef3d-6212-4fec-b6d7-97d3e4297122",
"tenantId" : "0de4af2c-8b83-4e22-a06c-1111fffc02f3",
"firstName" : "Bobby",
"lastName" : "White",
"email" : "bobby.white@acme.com",
"identityMappings" : [ {
"id" : "1f15365d-7c7a-424e-a3d0-1ac6559a5403",
"auth0UserId" : "auth0-opaque-userId-10",
"identityProviderId" : "07ba1b5d-f552-441e-98c4-fead9227b8c0",
"userIdentityId" : "ab9bef3d-6212-4fec-b6d7-97d3e4297122"
} ],
"active" : true,
"createdAt" : {
"nano" : 762000000,
"epochSecond" : 1576005401
},
"deletedAt" : null,
"name" : "Bobby White",
"type" : "UserIdentity"
}Activate Or Deactivate User Identity
PUT /user-identities/{id}/{action:activate|deactivate}
Authorization
Valid Authorization Bearer token required, along with a permission grant authorizing access to any referenced resources.
Path parameters
| Parameter | Type | Optional | Description |
|---|---|---|---|
id |
Object |
false |
|
action |
String |
false |
Query parameters
No parameters.
Request fields
No request body.
Response fields
| Path | Type | Optional | Description |
|---|---|---|---|
id |
String |
false |
|
tenantId |
String |
false |
|
firstName |
String |
false |
Size must be between 0 and 128 inclusive. |
lastName |
String |
false |
Size must be between 1 and 128 inclusive. |
String |
false |
Size must be between 6 and 254 inclusive. |
|
identityMappings |
Array[Object] |
false |
|
identityMappings[].id |
String |
false |
|
identityMappings[].auth0UserId |
String |
false |
Size must be between 4 and 256 inclusive. |
identityMappings[].identityProviderId |
String |
false |
|
identityMappings[].userIdentityId |
String |
false |
|
active |
Boolean |
true |
|
createdAt |
Var |
false |
|
deletedAt |
Var |
true |
Returns the date that the identity was deleted or null if the identity has not been deleted. Note, identities are marked as deleted and not returned from searches unless explicitly requested. |
name |
String |
true |
|
type |
String |
true |
Example request
$ curl 'https://gateway.netFoundry.io/identity/v1/user-identities/3128a1b9-854c-4f1b-9aa8-211cd7484a2d/deactivate' -i -X PUT \
-H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJtdHh2QTBWSWVOZUdRaEpzd1dBNWJ3IiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6ImZkODljNTY4LTRkZDktNGYzNi05YjM5LWY2NGQwYTc2YjI4MiIsImF1ZCI6ImlkZW50aXR5IiwiaWF0IjoxNTc2MDA1NDAyLCJleHAiOjE1NzYwMDkwMDIsInBvbGljaWVzIjpbeyJyZXNvdXJjZXMiOlsibmZybjoqIl0sImFjdGlvbnMiOlsiKjoqIl19XX0.fmHqZfvwNqeloy_DCUfq4I1Q_nL2aORZ8b1wqLf7LPMmPfxwgNcB99VFWsIe6qIW5Ew_gRgLvL0Ns7kVSTRPA8omUfn3vLOwZVN4uoUHdi0SbLA6R6R9SUS4dGC2lXOGU4yvFy3XUS0l_fKuBnPN8eW5LAazYY8OUjmM_EjOXaEYuIz3_71ozMGXnR9X287zmwFRcQY_4gC-CDzFvlsHZ7Qt-cHaOvHhBh2OIce7o3wx20As87j4l3Y31ZWloDKd7rmPmtBpMAj3mnOC9cM0ztqu8Fic6RpxCEPX6lFmdnp9jPAZtFyR0YuTg1c19kSgvXV00dghqCVsYfnzpgGNlQ'Example response
HTTP/1.1 200 OK
Content-Type: application/json;charset=UTF-8
Content-Length: 620
{
"id" : "3128a1b9-854c-4f1b-9aa8-211cd7484a2d",
"tenantId" : "0de4af2c-8b83-4e22-a06c-1111fffc02f3",
"firstName" : "First",
"lastName" : "Last",
"email" : "random-11@acme.com",
"identityMappings" : [ {
"id" : "3f898947-1bc4-471a-846e-8289b1294f50",
"auth0UserId" : "auth0-opaque-userId-12",
"identityProviderId" : "07ba1b5d-f552-441e-98c4-fead9227b8c0",
"userIdentityId" : "3128a1b9-854c-4f1b-9aa8-211cd7484a2d"
} ],
"active" : false,
"createdAt" : {
"nano" : 226000000,
"epochSecond" : 1576005402
},
"deletedAt" : null,
"name" : "First Last",
"type" : "UserIdentity"
}Reset User Identity Mfa Settings
PUT /user-identities/{id}/reset-mfa
Calling this service will reset the user’s MFA settings. On their next login attempt, they will be required to setup their MFA settings again. This is useful if, for example, the user has replaced their phone and can no longer access their secondary authentication.
Authorization
Valid Authorization Bearer token required, along with a permission grant authorizing access to any referenced resources.
Path parameters
| Parameter | Type | Optional | Description |
|---|---|---|---|
id |
Object |
false |
The id of the user identity to reset. |
Query parameters
No parameters.
Request fields
No request body.
Response fields
No response body.
Example request
$ curl 'https://gateway.netFoundry.io/identity/v1/user-identities/6376965f-d345-4709-83a5-32c5bb65ae34/reset-mfa' -i -X PUT \
-H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJfOTh0QmVqUW0zd052WjFSVnlUYlRRIiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6ImZkODljNTY4LTRkZDktNGYzNi05YjM5LWY2NGQwYTc2YjI4MiIsImF1ZCI6ImlkZW50aXR5IiwiaWF0IjoxNTc2MDA1NDA0LCJleHAiOjE1NzYwMDkwMDQsInBvbGljaWVzIjpbeyJyZXNvdXJjZXMiOlsibmZybjoqIl0sImFjdGlvbnMiOlsiKjoqIl19XX0.oj72E9GCU9eWbGezRJ4RN7GuTW8caLRRwFKWAh1xe2weI6kJRQmSx010ftPusPApEmm8b3ne5Mtf0-dKNywUR4SWU699m21MY_12RNw3sKEGGH0xGWcTQbJ5So_9e598yeLnw1YtqlttN_uUmxYcEdE7NmpNUW2GBs4THodlzwt52DCX7uLHiR5clyfiFVf7K9m0logQQ9VYSbKAH4e3j7jEgFznzwZ5rqmx_FQQ_8B2TmJO10bTP69dWyYZLWI-1SZvElWvrasD-HZ6kwxKAe6I-s8Fqhu32ZR3MIdCoyBo1amm9zxtyqvKhG9Nl8hjRspSsfEnlsK-CAhOnYUNZA'Example response
HTTP/1.1 200 OKMap Identity
POST /user-identities/{id}/mapping
Authorization
Valid Authorization Bearer token required, along with a permission grant authorizing access to any referenced resources.
Path parameters
| Parameter | Type | Optional | Description |
|---|---|---|---|
id |
Object |
false |
Query parameters
No parameters.
Request fields
| Path | Type | Optional | Description |
|---|---|---|---|
auth0UserId |
String |
false |
Size must be between 1 and 128 inclusive. |
identityProviderId |
String |
false |
Response fields
No response body.
Example request
$ curl 'https://gateway.netFoundry.io/identity/v1/user-identities/80427e45-1893-4de9-8ae3-dbb45b162bf3/mapping' -i -X POST \
-H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJiVEpFYjMxdzNybUNFQ0hSZnRpMGxRIiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6ImZkODljNTY4LTRkZDktNGYzNi05YjM5LWY2NGQwYTc2YjI4MiIsImF1ZCI6ImlkZW50aXR5IiwiaWF0IjoxNTc2MDA1NDAxLCJleHAiOjE1NzYwMDkwMDEsInBvbGljaWVzIjpbeyJyZXNvdXJjZXMiOlsibmZybjoqIl0sImFjdGlvbnMiOlsiKjoqIl19XX0.WGjCbKeXSmb7chy7UWIIDDI8s-cwGYOpxNrx571Osb9UagHlk0Ch4wYHhrymuoy5S45GmMB5HygQdLMgsjthVE0wwlQciWfTPXV5C2UxNtib6Ee-JfvvVp6sVcNZ_a_lDCO0a9b8pp7Jokc3-13y_rBIX9F5sWtQak83xa1rq0a5G1Wk0kwhrVb0FYR7S58Zq560Yvc-FeEJFOhc6vjabM-AOnLb_wqB6708oAa8JTqO5CeV_hIuWOsoyoMtl7mnj2uMkI_SKNM5w0yOS7HEiAT7Fp73j1vkMMici7n77H1tJ80f9wE6J-hIFSjCGeh_1XGsPpbkdWSPfrjoe8fq9w' \
-H 'Content-Type: application/json' \
-d '{"auth0UserId":"new-auth0-userId:7c150c71-d950-45be-81fd-88c30b67ecaa","identityProviderId":"a94297bd-67b6-4b5b-af2a-d42657217131"}'Example response
HTTP/1.1 200 OKAPI Account Identity
Find Api Account Identities
GET /api-account-identities
Returns a set of {@link ApiAccountIdentity}s that are visible to the requesting client and optionally filtered based on the submitted request parameters.
Authorization
Valid Authorization Bearer token required, along with a permission grant authorizing access to any referenced resources.
Path parameters
No parameters.
Query parameters
Supports standard paging query parameters.
| Parameter | Type | Optional | Description |
|---|---|---|---|
tenantId |
Object |
true |
Restricts results to Identities in the specified Tenant (by Tenant’s id.). |
name |
String |
true |
|
contactEmail |
String |
true |
|
active |
Boolean |
true |
Restricts results to Identities with a matching active status. |
includeDeleted |
Boolean |
true |
Default value: 'false'. |
Request fields
No request body.
Response fields
Standard paging response where content field is list of following objects:
| Path | Type | Optional | Description |
|---|---|---|---|
id |
String |
false |
|
tenantId |
String |
false |
|
auth0ClientId |
String |
false |
Size must be between 16 and 128 inclusive. |
name |
String |
false |
Size must be between 0 and 256 inclusive. |
contactEmail |
String |
false |
Must be a well-formed email address. |
description |
String |
false |
Size must be between 0 and 2048 inclusive. |
active |
Boolean |
true |
|
createdAt |
Var |
false |
|
updatedAt |
Var |
false |
|
deletedAt |
Var |
true |
Returns the date that the identity was deleted or null if the identity has not been deleted. Note, identities are marked as deleted and not returned from searches unless explicitly requested. |
String |
true |
||
type |
String |
true |
Example request
$ curl 'https://gateway.netFoundry.io/identity/v1/api-account-identities' -i -X GET \
-H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJXUE5XZU9BM2NBVlpYOHhPekRyQ3pnIiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6ImZkODljNTY4LTRkZDktNGYzNi05YjM5LWY2NGQwYTc2YjI4MiIsImF1ZCI6ImlkZW50aXR5IiwiaWF0IjoxNTc2MDA1NDE2LCJleHAiOjE1NzYwMDkwMTYsInBvbGljaWVzIjpbeyJyZXNvdXJjZXMiOlsibmZybjoqIl0sImFjdGlvbnMiOlsiKjoqIl19XX0.j8q3eD4vk1ZlXsRTPFjHnLZRyqdL2z75AnUw28-L2ZAMkvJMqQvTEw8UZ8tPuXh73XqpPktqjJ-0oRolI5ycWhrH9oWB14bcTJOAUwuIs1lMxRpgn6qS3wQ8YjItqHtBW7NzmE9n4KKuXNhzgUXPVWlP0FoRojwDVQOgrQoo1uZVuhlQ_isHfYs7gvGYyn8UYp4T12wGvW_KwIGoSvgeeeteo1w8Tx02sN0-XgFevpN1uSQNxQIJbzr87KXFrjxT8QZ_9wUVcyU1_AjwAHEe9T6eD_CMhXOXyiH4BKHtlmRZcukF_Hp3it80Q8VdIWrWI7S6p7zzD6fZA80kIha6Ww'Example response
HTTP/1.1 200 OK
Content-Length: 1671
Content-Type: application/json;charset=UTF-8
[ {
"id" : "5c2eff72-6ba1-4858-b3f3-12a72779b7c3",
"tenantId" : "0de4af2c-8b83-4e22-a06c-1111fffc02f3",
"auth0ClientId" : "060e21f8-b9c8-4bcd-838f-abcab7789a12",
"name" : "api-account",
"contactEmail" : "no-reply@acme.com",
"description" : "This is an ACME non-interactive API client.",
"active" : true,
"createdAt" : {
"nano" : 194000000,
"epochSecond" : 1576005398
},
"updatedAt" : {
"nano" : 31000000,
"epochSecond" : 1576005414
},
"deletedAt" : null,
"email" : "no-reply@acme.com",
"type" : "ApiAccountIdentity"
}, {
"id" : "0f95c570-9be3-40aa-8c06-c886bfa2883b",
"tenantId" : "0de4af2c-8b83-4e22-a06c-1111fffc02f3",
"auth0ClientId" : "effa677a-8589-42fe-999e-e01262acb280",
"name" : "Robot",
"contactEmail" : "robot@acme.com",
"description" : "description here.",
"active" : true,
"createdAt" : {
"nano" : 289000000,
"epochSecond" : 1576005412
},
"updatedAt" : {
"nano" : 747000000,
"epochSecond" : 1576005412
},
"deletedAt" : null,
"email" : "robot@acme.com",
"type" : "ApiAccountIdentity"
}, {
"id" : "d1a1afee-32dc-4939-9360-0c6b127b4a37",
"tenantId" : "0de4af2c-8b83-4e22-a06c-1111fffc02f3",
"auth0ClientId" : "96ed12d4-452c-4583-874a-bf7b3bb85f02",
"name" : "ACME Internal Service-40",
"contactEmail" : "service.admin-41@acme.com",
"description" : "updatable API Account description-42",
"active" : true,
"createdAt" : {
"nano" : 590000000,
"epochSecond" : 1576005414
},
"updatedAt" : {
"nano" : 771000000,
"epochSecond" : 1576005414
},
"deletedAt" : null,
"email" : "service.admin-41@acme.com",
"type" : "ApiAccountIdentity"
} ]Get Api Account Identity
GET /api-account-identities/{id}
Get an API Account Identity by its id.
Authorization
Valid Authorization Bearer token required, along with a permission grant authorizing access to any referenced resources.
Path parameters
| Parameter | Type | Optional | Description |
|---|---|---|---|
id |
String |
false |
Query parameters
No parameters.
Request fields
No request body.
Response fields
| Path | Type | Optional | Description |
|---|---|---|---|
id |
String |
false |
|
tenantId |
String |
false |
|
auth0ClientId |
String |
false |
Size must be between 16 and 128 inclusive. |
name |
String |
false |
Size must be between 0 and 256 inclusive. |
contactEmail |
String |
false |
Must be a well-formed email address. |
description |
String |
false |
Size must be between 0 and 2048 inclusive. |
active |
Boolean |
true |
|
createdAt |
Var |
false |
|
updatedAt |
Var |
false |
|
deletedAt |
Var |
true |
Returns the date that the identity was deleted or null if the identity has not been deleted. Note, identities are marked as deleted and not returned from searches unless explicitly requested. |
String |
true |
||
type |
String |
true |
Example request
$ curl 'https://gateway.netFoundry.io/identity/v1/api-account-identities/5c2eff72-6ba1-4858-b3f3-12a72779b7c3' -i -X GET \
-H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJ4MzlqZ0Z3a1pFS0lEN3p6cnQtOEZ3IiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6ImZkODljNTY4LTRkZDktNGYzNi05YjM5LWY2NGQwYTc2YjI4MiIsImF1ZCI6ImlkZW50aXR5IiwiaWF0IjoxNTc2MDA1NDE2LCJleHAiOjE1NzYwMDkwMTYsInBvbGljaWVzIjpbeyJyZXNvdXJjZXMiOlsibmZybjoqIl0sImFjdGlvbnMiOlsiKjoqIl19XX0.fliUpAV2gBROaMPY4H4aEVmwedhkBtAP4tBZZhtpEEoIAnx4zll2GgEamL4LpFEtCbkYU8XAkjdh6uY0F2-XUh_yye9iDDu3gi_Cm5c2p_w4A4VdwaTD1nU0_Qqfji1gfIPNbyQE5VBtb49FoVoC7DfDHndHvLe8JRPQJnqaSp_fxdz-LO3r_6ej_IRO6LtH_pBWhRPkpi4kM-OQeR-mi2bF861w0NLT4NLzvuEoQVprxZkCwKkc2jFCOEpxR307qViGo1m4W1FakrGrqn7WoTnsUY2PEpk9SSg2HhrWa809qvI70bPINElTcu1t1UcJczfYg0LTIW2gMAftz9gA1Q'Example response
HTTP/1.1 200 OK
Content-Length: 559
Content-Type: application/json;charset=UTF-8
{
"id" : "5c2eff72-6ba1-4858-b3f3-12a72779b7c3",
"tenantId" : "0de4af2c-8b83-4e22-a06c-1111fffc02f3",
"auth0ClientId" : "060e21f8-b9c8-4bcd-838f-abcab7789a12",
"name" : "api-account",
"contactEmail" : "no-reply@acme.com",
"description" : "This is an ACME non-interactive API client.",
"active" : true,
"createdAt" : {
"nano" : 194000000,
"epochSecond" : 1576005398
},
"updatedAt" : {
"nano" : 31000000,
"epochSecond" : 1576005414
},
"deletedAt" : null,
"email" : "no-reply@acme.com",
"type" : "ApiAccountIdentity"
}Unresolved directive in index.adoc - include::/home/jenkins/workspace/identity_release_2.34.0/target/generated-snippets/api-account-identity/get-api-account-identity-by-mapping/auto-section.adoc[]
Create Api Account Identity
POST /api-account-identities
Authorization
Valid Authorization Bearer token required, along with a permission grant authorizing access to any referenced resources.
Path parameters
No parameters.
Query parameters
No parameters.
Request fields
| Path | Type | Optional | Description |
|---|---|---|---|
tenantId |
String |
false |
|
name |
String |
false |
Size must be between 0 and 128 inclusive. |
contactEmail |
String |
false |
Must be a well-formed email address. |
description |
String |
false |
Size must be between 0 and 2048 inclusive. |
Response fields
| Path | Type | Optional | Description |
|---|---|---|---|
apiAccountIdentity |
Object |
true |
|
apiAccountIdentity.id |
String |
false |
|
apiAccountIdentity.tenantId |
String |
false |
|
apiAccountIdentity.auth0ClientId |
String |
false |
Size must be between 16 and 128 inclusive. |
apiAccountIdentity.name |
String |
false |
Size must be between 0 and 256 inclusive. |
apiAccountIdentity.contactEmail |
String |
false |
Must be a well-formed email address. |
apiAccountIdentity.description |
String |
false |
Size must be between 0 and 2048 inclusive. |
apiAccountIdentity.active |
Boolean |
true |
|
apiAccountIdentity.createdAt |
Var |
false |
|
apiAccountIdentity.updatedAt |
Var |
false |
|
apiAccountIdentity.deletedAt |
Var |
true |
Returns the date that the identity was deleted or null if the identity has not been deleted. Note, identities are marked as deleted and not returned from searches unless explicitly requested. |
apiAccountIdentity.email |
String |
true |
|
apiAccountIdentity.type |
String |
true |
|
password |
String |
true |
Example request
$ curl 'https://gateway.netFoundry.io/identity/v1/api-account-identities' -i -X POST \
-H 'Content-Type: application/json' \
-H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJJVU42NWxSNUlGdjQ3MmRiSGtFcnNBIiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6ImZkODljNTY4LTRkZDktNGYzNi05YjM5LWY2NGQwYTc2YjI4MiIsImF1ZCI6ImlkZW50aXR5IiwiaWF0IjoxNTc2MDA1NDE1LCJleHAiOjE1NzYwMDkwMTUsInBvbGljaWVzIjpbeyJyZXNvdXJjZXMiOlsibmZybjoqIl0sImFjdGlvbnMiOlsiKjoqIl19XX0.acfF5OFi6O1KVzZo8X4i-bmxIVBit-OmpDxCvU352CFSDMi0bml0qEtN3B-tFi_bRBHdKqaYlN2X8DKebuv5YyXpVv-gOo-cAztLJxCRjLzVzb4lnHIzZ1yD56wlxkuaBcsknxYJm4RmUS2EJYSBewRwRSS08nCLO7NEoyCCPhsIRyQikHbDjnfDwju_sQmadepF65Glw36lAOkgr7Y1elXVn4YXr_Zf4SsYxaqZ_SuQCOZg2w0HDivfPe8YBxd-XxrWIpCBAGIArN9U1Z110-DcDIdj2eYOpnoOB0NBE_iPEEI5yhViMXQpMZ67v0Y_BWVszhrcaXDjU27o0wUzAQ' \
-d '{"tenantId":"0de4af2c-8b83-4e22-a06c-1111fffc02f3","name":"HR Bridge Service","contactEmail":"hr.director@acme.com","description":"description goes here"}'Example response
HTTP/1.1 201 Created
Content-Length: 633
Content-Type: application/json;charset=UTF-8
{
"apiAccountIdentity" : {
"id" : "9334a5b3-bf9f-455e-bfbd-b8d7d837a5ff",
"tenantId" : "0de4af2c-8b83-4e22-a06c-1111fffc02f3",
"auth0ClientId" : "ed28991b-ac28-4261-9c1d-9e3439349bcc",
"name" : "HR Bridge Service",
"contactEmail" : "hr.director@acme.com",
"description" : "description goes here",
"active" : true,
"createdAt" : {
"nano" : 772000000,
"epochSecond" : 1576005415
},
"updatedAt" : null,
"deletedAt" : null,
"email" : "hr.director@acme.com",
"type" : "ApiAccountIdentity"
},
"password" : "ed28991b-ac28-4261-9c1d-9e3439349bcc-PASSWORD-1576005415772"
}Update Identity Info
PUT /api-account-identities/{id}
Authorization
Valid Authorization Bearer token required, along with a permission grant authorizing access to any referenced resources.
Path parameters
| Parameter | Type | Optional | Description |
|---|---|---|---|
id |
Object |
false |
Query parameters
No parameters.
Request fields
| Path | Type | Optional | Description |
|---|---|---|---|
name |
String |
true |
Size must be between 0 and 256 inclusive. |
contactEmail |
String |
true |
Must be a well-formed email address. |
description |
String |
true |
Size must be between 0 and 2048 inclusive. |
Response fields
| Path | Type | Optional | Description |
|---|---|---|---|
id |
String |
false |
|
tenantId |
String |
false |
|
auth0ClientId |
String |
false |
Size must be between 16 and 128 inclusive. |
name |
String |
false |
Size must be between 0 and 256 inclusive. |
contactEmail |
String |
false |
Must be a well-formed email address. |
description |
String |
false |
Size must be between 0 and 2048 inclusive. |
active |
Boolean |
true |
|
createdAt |
Var |
false |
|
updatedAt |
Var |
false |
|
deletedAt |
Var |
true |
Returns the date that the identity was deleted or null if the identity has not been deleted. Note, identities are marked as deleted and not returned from searches unless explicitly requested. |
String |
true |
||
type |
String |
true |
Example request
$ curl 'https://gateway.netFoundry.io/identity/v1/api-account-identities/0f95c570-9be3-40aa-8c06-c886bfa2883b' -i -X PUT \
-H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJIN29xb25ZZTZpZ3hKdHc4SDl5MHNnIiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6ImZkODljNTY4LTRkZDktNGYzNi05YjM5LWY2NGQwYTc2YjI4MiIsImF1ZCI6ImlkZW50aXR5IiwiaWF0IjoxNTc2MDA1NDEyLCJleHAiOjE1NzYwMDkwMTIsInBvbGljaWVzIjpbeyJyZXNvdXJjZXMiOlsibmZybjoqIl0sImFjdGlvbnMiOlsiKjoqIl19XX0.DWYKpKh-_q2jqbDh4SvQEPYjDihcv3CtjEC4k7QMAAOOooiz98q0MSmXvznUbbljwQQnOlF-nZBaNgbnG1Rg29PXWlfRGQBDb5Csl-em-VGDBDH23xMdn6MZ2Mfg5eyeaBGsIXW7nUHlUTdOzfSc6BwcIafpTTmKLkDxsDXg9f-YXXUlAHEtwC83WGRVDgw1Mucp6czN1GZiX0GiusAsafBEjRMEkGfYRUPI_wlAw9Jt0_aJnrCgynJjvO9j0FBg3B7GKeLUehfrnkRqui6GM9ctsoTttxwvkBQtP9IdMKCPyenwtRFtPbMvjC4Zr2KAOywmr9TW8EmubVmKxpuOaA' \
-H 'Content-Type: application/json' \
-d '{"name":"Robot","contactEmail":"robot@acme.com","description":"description here."}'Example response
HTTP/1.1 200 OK
Content-Length: 522
Content-Type: application/json;charset=UTF-8
{
"id" : "0f95c570-9be3-40aa-8c06-c886bfa2883b",
"tenantId" : "0de4af2c-8b83-4e22-a06c-1111fffc02f3",
"auth0ClientId" : "effa677a-8589-42fe-999e-e01262acb280",
"name" : "Robot",
"contactEmail" : "robot@acme.com",
"description" : "description here.",
"active" : true,
"createdAt" : {
"nano" : 289000000,
"epochSecond" : 1576005412
},
"updatedAt" : {
"nano" : 747000000,
"epochSecond" : 1576005412
},
"deletedAt" : null,
"email" : "robot@acme.com",
"type" : "ApiAccountIdentity"
}Activate Or Deactivate Api Account Identity
PUT /api-account-identities/{id}/{action:activate|deactivate}
Authorization
Valid Authorization Bearer token required, along with a permission grant authorizing access to any referenced resources.
Path parameters
| Parameter | Type | Optional | Description |
|---|---|---|---|
id |
Object |
false |
|
action |
String |
false |
Query parameters
No parameters.
Request fields
No request body.
Response fields
| Path | Type | Optional | Description |
|---|---|---|---|
id |
String |
false |
|
tenantId |
String |
false |
|
auth0ClientId |
String |
false |
Size must be between 16 and 128 inclusive. |
name |
String |
false |
Size must be between 0 and 256 inclusive. |
contactEmail |
String |
false |
Must be a well-formed email address. |
description |
String |
false |
Size must be between 0 and 2048 inclusive. |
active |
Boolean |
true |
|
createdAt |
Var |
false |
|
updatedAt |
Var |
false |
|
deletedAt |
Var |
true |
Returns the date that the identity was deleted or null if the identity has not been deleted. Note, identities are marked as deleted and not returned from searches unless explicitly requested. |
String |
true |
||
type |
String |
true |
Example request
$ curl 'https://gateway.netFoundry.io/identity/v1/api-account-identities/550d4e2c-490a-4faa-949c-2eb847c9047e/deactivate' -i -X PUT \
-H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJhRzFKeHc2YnM2My04WGZobkNpWU13IiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6ImZkODljNTY4LTRkZDktNGYzNi05YjM5LWY2NGQwYTc2YjI4MiIsImF1ZCI6ImlkZW50aXR5IiwiaWF0IjoxNTc2MDA1NDE2LCJleHAiOjE1NzYwMDkwMTYsInBvbGljaWVzIjpbeyJyZXNvdXJjZXMiOlsibmZybjoqIl0sImFjdGlvbnMiOlsiKjoqIl19XX0.jyvw_wduHfGj-hzG4rBTSLg26ZGCkNJvAWCnrsgGO-TneGPLUIT5ehevxe1Oo39nfHRoiLlF43S3JKU5zNzd3V_jZPYc7Oz8CRhiLKk93-neskwIgN1RFwwxaBQerLmtp1NLKUnzZR2_I1iTeoiu6bHQ-ESXoBYU75q088TEORVkjvym4zByk8Efp2sWPp_a2l52deUhyW--Apb3fXsb6qkSvrSeYQ8bpZHWEqjLX5O1wMhwoQticpPven94moUynKsOLmb9_2H1QLwRk8eluN_K0NK6B6joC2hANli8lirfUhhARgnNQqv2ECBaN21hFrUdfsQq2mCFWmVrvbP3sA'Example response
HTTP/1.1 200 OK
Content-Length: 583
Content-Type: application/json;charset=UTF-8
{
"id" : "550d4e2c-490a-4faa-949c-2eb847c9047e",
"tenantId" : "0de4af2c-8b83-4e22-a06c-1111fffc02f3",
"auth0ClientId" : "5db2b976-df4e-4092-a556-48ecd5446a70",
"name" : "ACME Internal Service-49",
"contactEmail" : "service.admin-50@acme.com",
"description" : "updatable API Account description-51",
"active" : false,
"createdAt" : {
"nano" : 650000000,
"epochSecond" : 1576005416
},
"updatedAt" : {
"nano" : 825000000,
"epochSecond" : 1576005416
},
"deletedAt" : null,
"email" : "service.admin-50@acme.com",
"type" : "ApiAccountIdentity"
}Invitation
Find Invitations
GET /invitations
Returns a set of Invitation instances based on the optional query parameters. The results will be constrained to the invitations that the client has authorization to view. Results may be further constrained by the setting any combination of query parameter values, which will logically AND’d together to form a filter for matching invitations. The states query parameter, unlike others, supports multiple values. For example, to retrieve a list of active invitations, specify states=Open,Declined,Expired.
Authorization
Valid Authorization Bearer token required, along with a permission grant authorizing access to any referenced resources.
Path parameters
No parameters.
Query parameters
Supports standard paging query parameters.
| Parameter | Type | Optional | Description |
|---|---|---|---|
fromIdentityId |
Object |
true |
The id of the identity that created the target invitation(s). |
toTenantId |
Object |
true |
The id of the tenant that the resulting invitations are inviting into. |
invitedEmailAddress |
String |
true |
A full (no partial match support) email address to match against. |
targetIdentityId |
Object |
true |
The id of the identity that the invitation will/has assumed. |
states |
Object |
true |
One or more {@link State} names to restrict the invitations returned. |
Request fields
No request body.
Response fields
Standard paging response where content field is list of following objects:
| Path | Type | Optional | Description |
|---|---|---|---|
id |
String |
false |
|
fromIdentityId |
String |
false |
|
toTenantId |
String |
false |
|
invitedEmailAddress |
String |
false |
Must be a well-formed email address. |
expiration |
Var |
false |
|
targetUserIdentityId |
String |
true |
Optional. The identity id that the invited party will be mapped to should they accept the invite. |
accepted |
Boolean |
true |
|
revokedAt |
Var |
true |
The date-time that this invitation was revoked. If null, then this invitation has not been revoked. An open invitation (accepted == null) can be revoked, which will prevent the invitation from being accepted or declined by a user. The accepted state remains null to reflect that it was never accepted or declined. A declined or expired invitation can be revoked after the fact. An accepted invitation can not be revoked retroactively. Finally, revoking an invitation is a terminal operation. Once revoked, no other action can be taken. |
responseReceivedAt |
Var |
true |
The date-time that this invitation was marked as accepted or declined. If null, then there has been no response (accept or decline) of this invitation. This is effectively the update timestamp of the accepted property of an invitation. |
state |
String |
true |
Example request
$ curl 'https://gateway.netFoundry.io/identity/v1/invitations' -i -X GET \
-H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiIzZjVISkhuU2g0eHhvSWlUQUVGV213IiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6ImZkODljNTY4LTRkZDktNGYzNi05YjM5LWY2NGQwYTc2YjI4MiIsImF1ZCI6ImlkZW50aXR5IiwiaWF0IjoxNTc2MDA1NDExLCJleHAiOjE1NzYwMDkwMTEsInBvbGljaWVzIjpbeyJyZXNvdXJjZXMiOlsibmZybjoqIl0sImFjdGlvbnMiOlsiKjoqIl19XX0.hkm6SWs8cZ_LNxmXBugdVuWSIsC5iKTFgCQLbdspLLdW_U8QDY4VjfaZkh0NSMq9JN8A3w8XVC3ONA21GB5wYPA8CLgzs9IV9immstDDhi1kjQfZjaSirMKaDkLVIvYu3_gn6axUvBTV0Ojo4uPSq7kiZUgygnE9fNeTQEL_XfGBekS5AIXKeKSMcJMh3kYEOo9c7tyf6qqPqvqWtFmrjdSzSn2KA3yVPdk9miGDg-0XqJMfPSzSBgfdnAkr0LHIw8yapXhn6_2gxh75SURUzZes3c46PmhbYWJTphyI59MgpjvI9HPDN9sxK59zmDc5xpIpj5i1XdNG06MuNICsHQ'Example response
HTTP/1.1 200 OK
Content-Type: application/json;charset=UTF-8
Content-Length: 464
[ {
"id" : "55b6ec1b-3d4c-4d09-a937-a739e6ebf87f",
"fromIdentityId" : "fd89c568-4dd9-4f36-9b39-f64d0a76b282",
"toTenantId" : "0de4af2c-8b83-4e22-a06c-1111fffc02f3",
"invitedEmailAddress" : "new.employee@acme.com",
"expiration" : {
"nano" : 505000000,
"epochSecond" : 1576610210
},
"targetUserIdentityId" : "2cf48766-385e-4fdf-ab4c-a122bb8c6e81",
"accepted" : null,
"revokedAt" : null,
"responseReceivedAt" : null,
"state" : "Open"
} ]Get Invitation By Id
GET /invitations/{id:[a-fA-F0-9]{8}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{12}}
Authorization
Valid Authorization Bearer token required, along with a permission grant authorizing access to any referenced resources.
Path parameters
| Parameter | Type | Optional | Description |
|---|---|---|---|
id |
Object |
false |
Query parameters
No parameters.
Request fields
No request body.
Response fields
| Path | Type | Optional | Description |
|---|---|---|---|
id |
String |
false |
|
fromIdentityId |
String |
false |
|
toTenantId |
String |
false |
|
invitedEmailAddress |
String |
false |
Must be a well-formed email address. |
expiration |
Var |
false |
|
targetUserIdentityId |
String |
true |
Optional. The identity id that the invited party will be mapped to should they accept the invite. |
accepted |
Boolean |
true |
|
revokedAt |
Var |
true |
The date-time that this invitation was revoked. If null, then this invitation has not been revoked. An open invitation (accepted == null) can be revoked, which will prevent the invitation from being accepted or declined by a user. The accepted state remains null to reflect that it was never accepted or declined. A declined or expired invitation can be revoked after the fact. An accepted invitation can not be revoked retroactively. Finally, revoking an invitation is a terminal operation. Once revoked, no other action can be taken. |
responseReceivedAt |
Var |
true |
The date-time that this invitation was marked as accepted or declined. If null, then there has been no response (accept or decline) of this invitation. This is effectively the update timestamp of the accepted property of an invitation. |
state |
String |
true |
Example request
$ curl 'https://gateway.netFoundry.io/identity/v1/invitations/3a61fccb-b71a-4d79-8535-c49db84d98a1' -i -X GET \
-H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiIycUJZZE9RdUFFQ2lGOFJseURqeUFBIiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6ImZkODljNTY4LTRkZDktNGYzNi05YjM5LWY2NGQwYTc2YjI4MiIsImF1ZCI6ImlkZW50aXR5IiwiaWF0IjoxNTc2MDA1NDExLCJleHAiOjE1NzYwMDkwMTEsInBvbGljaWVzIjpbeyJyZXNvdXJjZXMiOlsibmZybjoqIl0sImFjdGlvbnMiOlsiKjoqIl19XX0.Wnwy-8lOsthVPeghnD0JD8EmC862M46SxrIUPN9unJkeMr9IjkflWoXtCzMVfEssyCZEp-qitcCrN3Khh3sq7Rk2LYvwQ9nYUn9c6dYOxp4ZRqIt6-Ddojs6ek2xmBQYppKrZDkbPgfMZhD71BgDpXUnu1dAKFobx_tfThkdeQwum7kBU690lOeBf04bbOxhiqVLHDvAl9Z12mnSSNimW2WbgO1QS2tPAuRVkExMShVf6QuoArqhHZQZA-kxwvomBSDS0uLn_caDXLinZ7wcDoNJKH4KusXbaNgWOD8g734eUWgT3Ol6dJANPSLg9ueEg1_LxcuKJ5UAEcC-3exrQA'Example response
HTTP/1.1 200 OK
Content-Type: application/json;charset=UTF-8
Content-Length: 463
{
"id" : "3a61fccb-b71a-4d79-8535-c49db84d98a1",
"fromIdentityId" : "3858f07c-40e4-4f1b-af6a-25ba07762ff3",
"toTenantId" : "0de4af2c-8b83-4e22-a06c-1111fffc02f3",
"invitedEmailAddress" : "new.employee-32@acme.com",
"expiration" : {
"nano" : 735000000,
"epochSecond" : 1576610211
},
"targetUserIdentityId" : "dfcfd387-5fea-46ba-a04b-6ce5d1ab1230",
"accepted" : null,
"revokedAt" : null,
"responseReceivedAt" : null,
"state" : "Open"
}Create Invitation
POST /invitations
Authorization
Valid Authorization Bearer token required, along with a permission grant authorizing access to any referenced resources.
Path parameters
No parameters.
Query parameters
No parameters.
Request fields
| Path | Type | Optional | Description |
|---|---|---|---|
toTenantId |
String |
false |
|
invitedEmailAddress |
String |
false |
Must be a well-formed email address. |
invitationUrl |
String |
false |
|
targetUserIdentityId |
String |
true |
Response fields
| Path | Type | Optional | Description |
|---|---|---|---|
id |
String |
false |
|
fromIdentityId |
String |
false |
|
toTenantId |
String |
false |
|
invitedEmailAddress |
String |
false |
Must be a well-formed email address. |
expiration |
Var |
false |
|
targetUserIdentityId |
String |
true |
Optional. The identity id that the invited party will be mapped to should they accept the invite. |
accepted |
Boolean |
true |
|
revokedAt |
Var |
true |
The date-time that this invitation was revoked. If null, then this invitation has not been revoked. An open invitation (accepted == null) can be revoked, which will prevent the invitation from being accepted or declined by a user. The accepted state remains null to reflect that it was never accepted or declined. A declined or expired invitation can be revoked after the fact. An accepted invitation can not be revoked retroactively. Finally, revoking an invitation is a terminal operation. Once revoked, no other action can be taken. |
responseReceivedAt |
Var |
true |
The date-time that this invitation was marked as accepted or declined. If null, then there has been no response (accept or decline) of this invitation. This is effectively the update timestamp of the accepted property of an invitation. |
state |
String |
true |
Example request
$ curl 'https://gateway.netFoundry.io/identity/v1/invitations' -i -X POST \
-H 'Content-Type: application/json' \
-H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJJc1ptU0tBUmJwZlVqdkF4Sm85SzFnIiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6ImZkODljNTY4LTRkZDktNGYzNi05YjM5LWY2NGQwYTc2YjI4MiIsImF1ZCI6ImlkZW50aXR5IiwiaWF0IjoxNTc2MDA1NDEwLCJleHAiOjE1NzYwMDkwMTAsInBvbGljaWVzIjpbeyJyZXNvdXJjZXMiOlsibmZybjoqIl0sImFjdGlvbnMiOlsiKjoqIl19XX0.f0Fvnav-dyOxzDBQQKFZckwrqs-WIqlLbNpzI1o8YIOfRyWFvlwWAq1jb5nCjVmKm4vgnQhyQhKiwD2rKkktJHou4i0N7155Ne9LtAa-POSKQ69FK3OzCZJ0it_htVJcxNqJ06e4tUt6BqygHCzyldwm22G4ssYsgd4LGWB8GdwGyd4l_OLuDUUNJW3NABuronSKXfCWqWwB8Y_5sabkPdp0fsC_kp_oeRt1CkvNNDLGFsV1amOQKjnerF_G7C_g1GGqPBz8tJLz2rPYDKXY7qafZe5S6vy5N2s3dn0b5Pz5laamnt425x-HUrl2uiEoIyGS99-1Od4q2wQb8UjpSw' \
-d '{"toTenantId":"0de4af2c-8b83-4e22-a06c-1111fffc02f3","invitedEmailAddress":"new.employee@acme.com","invitationUrl":"http://acme.console.netfoundry.io/invitation","targetUserIdentityId":"2cf48766-385e-4fdf-ab4c-a122bb8c6e81"}'Example response
HTTP/1.1 201 Created
Content-Length: 460
Content-Type: application/json;charset=UTF-8
{
"id" : "55b6ec1b-3d4c-4d09-a937-a739e6ebf87f",
"fromIdentityId" : "fd89c568-4dd9-4f36-9b39-f64d0a76b282",
"toTenantId" : "0de4af2c-8b83-4e22-a06c-1111fffc02f3",
"invitedEmailAddress" : "new.employee@acme.com",
"expiration" : {
"nano" : 505000000,
"epochSecond" : 1576610210
},
"targetUserIdentityId" : "2cf48766-385e-4fdf-ab4c-a122bb8c6e81",
"accepted" : null,
"revokedAt" : null,
"responseReceivedAt" : null,
"state" : "Open"
}Respond To Invitation
PUT /invitations/{id:[a-fA-F0-9]{8}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{12}}/{action:accept|decline}
This is not the typical way to accept or decline an invitation. See {@link InvitationFlowController}. This service is a straight update of the Invitation. It does not map the calling user, nor any other related activity. It simply updates the state of the Invitation.
Authorization
Valid Authorization Bearer token required, along with a permission grant authorizing access to any referenced resources.
Path parameters
| Parameter | Type | Optional | Description |
|---|---|---|---|
id |
Object |
false |
|
action |
String |
false |
Query parameters
No parameters.
Request fields
No request body.
Response fields
| Path | Type | Optional | Description |
|---|---|---|---|
id |
String |
false |
|
fromIdentityId |
String |
false |
|
toTenantId |
String |
false |
|
invitedEmailAddress |
String |
false |
Must be a well-formed email address. |
expiration |
Var |
false |
|
targetUserIdentityId |
String |
true |
Optional. The identity id that the invited party will be mapped to should they accept the invite. |
accepted |
Boolean |
true |
|
revokedAt |
Var |
true |
The date-time that this invitation was revoked. If null, then this invitation has not been revoked. An open invitation (accepted == null) can be revoked, which will prevent the invitation from being accepted or declined by a user. The accepted state remains null to reflect that it was never accepted or declined. A declined or expired invitation can be revoked after the fact. An accepted invitation can not be revoked retroactively. Finally, revoking an invitation is a terminal operation. Once revoked, no other action can be taken. |
responseReceivedAt |
Var |
true |
The date-time that this invitation was marked as accepted or declined. If null, then there has been no response (accept or decline) of this invitation. This is effectively the update timestamp of the accepted property of an invitation. |
state |
String |
true |
Example request
$ curl 'https://gateway.netFoundry.io/identity/v1/invitations/082df3b8-a682-4b2d-8c4d-91d2811cb276/decline' -i -X PUT \
-H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJlbzJBZE9EMk00WGszd0dnNHdLZXBRIiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6ImZkODljNTY4LTRkZDktNGYzNi05YjM5LWY2NGQwYTc2YjI4MiIsImF1ZCI6ImlkZW50aXR5IiwiaWF0IjoxNTc2MDA1NDExLCJleHAiOjE1NzYwMDkwMTEsInBvbGljaWVzIjpbeyJyZXNvdXJjZXMiOlsibmZybjoqIl0sImFjdGlvbnMiOlsiKjoqIl19XX0.R57ZXL-Xw3UxRLV5_c3cwzGe_xBd85W-hNQlAdj7z2xOh1A8aajtWTMqtHHTTItiM-_6D86-pzaJk6GlHus7_sKl-98zjdEgvI0Jzug9tidJdFkjfS3wZb2PqMb21Lk8pQMqHrJV74_xRCN_d0VJTY7H-gfpPPBAxlU_AxZPMECF5txakG7SUyd4-NM9l1hbXC4is2viMPAtWfbi2QFwd378PVyLYGl-026O9vnYukPP86mJQJUXHRpfFVCeFzAgQIVOcrF4PLSNsdPymbWjqcUBxZEONdlt9oauDETu9vM2fWmpJC6a-Asvt0Cb0Ferr4QkZVPmCO8p8e2a4SmOlw'Example response
HTTP/1.1 200 OK
Content-Length: 524
Content-Type: application/json;charset=UTF-8
{
"id" : "082df3b8-a682-4b2d-8c4d-91d2811cb276",
"fromIdentityId" : "3858f07c-40e4-4f1b-af6a-25ba07762ff3",
"toTenantId" : "0de4af2c-8b83-4e22-a06c-1111fffc02f3",
"invitedEmailAddress" : "new.employee-29@acme.com",
"expiration" : {
"nano" : 224000000,
"epochSecond" : 1576610211
},
"targetUserIdentityId" : "4122e20d-885a-4c7d-9dde-1c551be3f497",
"accepted" : false,
"revokedAt" : null,
"responseReceivedAt" : {
"nano" : 638000000,
"epochSecond" : 1576005411
},
"state" : "Declined"
}Revoke Invitation
PUT /invitations/{id:[a-fA-F0-9]{8}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{12}}/revoke
This service will revoke the specified invitation if it is in a state that permits revoke.
Authorization
Valid Authorization Bearer token required, along with a permission grant authorizing access to any referenced resources.
Path parameters
| Parameter | Type | Optional | Description |
|---|---|---|---|
id |
Object |
false |
Query parameters
No parameters.
Request fields
No request body.
Response fields
| Path | Type | Optional | Description |
|---|---|---|---|
id |
String |
false |
|
fromIdentityId |
String |
false |
|
toTenantId |
String |
false |
|
invitedEmailAddress |
String |
false |
Must be a well-formed email address. |
expiration |
Var |
false |
|
targetUserIdentityId |
String |
true |
Optional. The identity id that the invited party will be mapped to should they accept the invite. |
accepted |
Boolean |
true |
|
revokedAt |
Var |
true |
The date-time that this invitation was revoked. If null, then this invitation has not been revoked. An open invitation (accepted == null) can be revoked, which will prevent the invitation from being accepted or declined by a user. The accepted state remains null to reflect that it was never accepted or declined. A declined or expired invitation can be revoked after the fact. An accepted invitation can not be revoked retroactively. Finally, revoking an invitation is a terminal operation. Once revoked, no other action can be taken. |
responseReceivedAt |
Var |
true |
The date-time that this invitation was marked as accepted or declined. If null, then there has been no response (accept or decline) of this invitation. This is effectively the update timestamp of the accepted property of an invitation. |
state |
String |
true |
Example request
$ curl 'https://gateway.netFoundry.io/identity/v1/invitations/98639c2e-c3b4-49ab-b8f3-272a62803def/revoke' -i -X PUT \
-H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJtMW5wbGUtT2VvUWlwX2NncHh4VFRRIiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6ImZkODljNTY4LTRkZDktNGYzNi05YjM5LWY2NGQwYTc2YjI4MiIsImF1ZCI6ImlkZW50aXR5IiwiaWF0IjoxNTc2MDA1NDEyLCJleHAiOjE1NzYwMDkwMTIsInBvbGljaWVzIjpbeyJyZXNvdXJjZXMiOlsibmZybjoqIl0sImFjdGlvbnMiOlsiKjoqIl19XX0.NvtO08P9KW3PeTDv87h59PdZEKEwbpQ2xa0AWskOiND-W9ZxOh3MqSzQm9CMaQ-bD8Sc8QKz1c103lCzOnlc8zGBf4rw-89MGLzU8p7EKd7rR6hQBPAExSoxA2NJU003-2pKtJI1DDIDmoyCjb7yfP49npl8Ke8zd9nubOnRK5idSL5X77q4wv2rlgVPEJEve5xOywze7wMkp8V-gArHZKMB3_Ql1lP1Fbs0ZAemdx9yt9gGK8_XSWJij2sNoVaC7JB9VG2URka3A0wiUfG9TZRNfxuFLiWXi-QFtM-SvSLjlk5wXoFHH6HshvHjX3Gex9XgcDRouCgl6ahit9uH_A'Example response
HTTP/1.1 200 OK
Content-Length: 578
Content-Type: application/json;charset=UTF-8
{
"id" : "98639c2e-c3b4-49ab-b8f3-272a62803def",
"fromIdentityId" : "3858f07c-40e4-4f1b-af6a-25ba07762ff3",
"toTenantId" : "0de4af2c-8b83-4e22-a06c-1111fffc02f3",
"invitedEmailAddress" : "new.employee-35@acme.com",
"expiration" : {
"nano" : 988000000,
"epochSecond" : 1576610211
},
"targetUserIdentityId" : "3b60bdfa-65f8-4668-b801-9bdd797fb7ec",
"accepted" : null,
"revokedAt" : {
"nano" : 131000000,
"epochSecond" : 1576005412
},
"responseReceivedAt" : {
"nano" : 131000000,
"epochSecond" : 1576005412
},
"state" : "Revoked"
}Permission
Unresolved directive in index.adoc - include::/home/jenkins/workspace/identity_release_2.34.0/target/generated-snippets/permission/find-identity-permissions/auto-section.adoc[]
Unresolved directive in index.adoc - include::/home/jenkins/workspace/identity_release_2.34.0/target/generated-snippets/permission/get-identity-permission-by-id/auto-section.adoc[]
Unresolved directive in index.adoc - include::/home/jenkins/workspace/identity_release_2.34.0/target/generated-snippets/permission/create-identity-permission/auto-section.adoc[]
Unresolved directive in index.adoc - include::/home/jenkins/workspace/identity_release_2.34.0/target/generated-snippets/permission/delete-identity-permission/auto-section.adoc[]
Operation
Find Operations
GET /operations
Returns a set of Operations possibly filtered based on the request parameters.
Authorization
Valid Authorization Bearer token required, along with a permission grant authorizing access to any referenced resources.
Path parameters
No parameters.
Query parameters
No parameters.
Request fields
No request body.
Response fields
| Path | Type | Optional | Description |
|---|---|---|---|
[].name |
String |
false |
Size must be between 0 and 128 inclusive. |
[].action |
String |
false |
|
[].resourceServerName |
String |
false |
Size must be between 0 and 128 inclusive. |
[].anonymous |
Boolean |
true |
Example request
$ curl 'https://gateway.netFoundry.io/identity/v1/operations' -i -X GET \
-H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJlN2pzazB6eFhsWG5Vc0FpVUZtQll3IiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6ImZkODljNTY4LTRkZDktNGYzNi05YjM5LWY2NGQwYTc2YjI4MiIsImF1ZCI6ImlkZW50aXR5IiwiaWF0IjoxNTc2MDA1NDIzLCJleHAiOjE1NzYwMDkwMjMsInBvbGljaWVzIjpbeyJyZXNvdXJjZXMiOlsibmZybjoqIl0sImFjdGlvbnMiOlsiKjoqIl19XX0.Deh7xWphv-G3ELHeLT0CxT8iWahHoNfo_8JBSr5RSNxPJWSn7DrpR-lUVT4gKHkktarTE79InInJ4JA7dynx06vG5hJvSxtYcHBljiKQFEqD128KCH9Y2stjljiHp8cIqaPSO-xa6D6UTXZqI8ezEk5JTmVjpg1g_EP2G2tNAvwuL9exZmquDMoVG3RRS5wLo96AlToA6H6tm1LmLcXrc9DEr0pY9YLffO8er4pBDqR7giPr23pu40xm18KMTrT4mK9mrfjWM1jN_49URo-tmmVoFz9TPDNpJ2x-to8zN-UiC1-WMzEi1tWBiWCiRluiwcgyCQl_qVl8MvRSheNYdw'Example response
HTTP/1.1 200 OK
Content-Length: 467
Content-Type: application/json;charset=UTF-8
[ {
"name" : "Get Identity Operation",
"action" : "operations:get-identity-operations",
"resourceServerName" : "identity",
"anonymous" : false
}, {
"name" : "Create Network Group",
"action" : "organizations:create-organizations",
"resourceServerName" : "identity",
"anonymous" : false
}, {
"name" : "Create API Account Identity",
"action" : "identities:create-api-account-identities",
"resourceServerName" : "identity",
"anonymous" : false
} ]Unresolved directive in index.adoc - include::/home/jenkins/workspace/identity_release_2.34.0/target/generated-snippets/operation/get-operation/auto-section.adoc[]
Support
Create Support Request
POST /nfconsole/support/requests
Authorization
Authorization not required for this request.
Path parameters
No parameters.
Query parameters
No parameters.
Request fields
| Path | Type | Optional | Description |
|---|---|---|---|
name |
String |
true |
The name of the user. This is a required value if the request is submitted by a client that is not currently authenticated. In this unauthenticated case, this name is used in the support request ticket that is created. If the request comes from an authenticated client, then this property should be ignored (not sent), as the API will overwrite it with the name of the authenticated identity. Size must be between 1 and 2147483647 inclusive. |
String |
true |
The email of the user. This is a required value if the request is submitted by a client that is not currently authenticated. In this unauthenticated case, this email is used in the support request ticket that is created. If the request comes from an authenticated client, then this property should be ignored (not sent), as the API will overwrite it with the email of the authenticated identity. Must be a well-formed email address. |
|
selectedTenantId |
String |
true |
The id of a tenant which the current user has selected as his working context at the time that this support request is being generated. This value may be null in most cases as it only applies to users with access to more than one tenant. This value is ignored if the support request comes from a user that is not logged in. |
selectedNetworkId |
String |
true |
The id of a network which the current user has selected as his working context at the time that this support request is being generated. This value may be null, particularly if the client is submitting the support request from a context that is not network specific. However, if the user is working in a context (ie, a 'page' that lists AppWans) that is network specific, then this value can help support agents when reviewing the support request. This value is ignored if the support request comes from a user that is not logged in. |
subject |
String |
false |
The support request subject. This value is required and can not be empty. |
comment |
String |
false |
The support request message. This value is required and can not be empty. |
type |
String |
true |
The type of the support request. If not specified, the type will default to "question". Must be one of [problem, incident, question, task]. |
priority |
String |
true |
The priority of the support request. If not specified, the type will default to "normal". Must be one of [urgent, high, normal, low]. |
recentErrorMessages |
Array[String] |
true |
An optional list of error messages received from the API by the client. These should be in order from most recent to oldest. These provide contextual information for the agent handling the support request. These are not required, but clients are encouraged to track and supply such error messages to aid in support. Note, an interactive user (ie human) should not provide this information; it should be tracked and added by the client agent on their behalf. |
Response fields
No response body.
Example request
$ curl 'https://gateway.netFoundry.io/identity/v1/nfconsole/support/requests' -i -X POST \
-H 'Content-Type: application/json' \
-d '{"name":"Curious George","email":"george@curious-client.com","selectedTenantId":null,"selectedNetworkId":null,"subject":"Sales Contact Request","comment":"This looks great! I'd like a sales rep to contact me.","type":"question","priority":"high","recentErrorMessages":null}'Example response
HTTP/1.1 200 OKSign-up Flow
Check Email
GET /signup
This service allows a client to validate that the submitted email may be used during the sign-up process. Not all email addresses are supported, and clients are encouraged to use this service to check before getting an error from the sign-up service.
Authorization
Authorization not required for this request.
Path parameters
No parameters.
Query parameters
| Parameter | Type | Optional | Description |
|---|---|---|---|
checkEmail |
String |
false |
The email address to check. Must be a well-formed email address. |
provider |
String |
true |
Request fields
No request body.
Response fields
| Path | Type | Optional | Description |
|---|---|---|---|
checkEmail |
String |
false |
The email address that whose status was checked. Must be a well-formed email address. |
status |
String |
false |
The current status of the checked email address. Must be one of [VALID, BLACKLISTED]. |
Example request, valid
$ curl 'https://gateway.netFoundry.io/identity/v1/signup?checkEmail=white.hat@trusted.com' -i -X GETExample response, valid
HTTP/1.1 200 OK
Content-Length: 66
Content-Type: application/json;charset=UTF-8
{
"checkEmail" : "white.hat@trusted.com",
"status" : "VALID"
}Example request, blacklisted
$ curl 'https://gateway.netFoundry.io/identity/v1/signup?checkEmail=black.hat@untrusted.com' -i -X GETExample response, blacklisted
HTTP/1.1 200 OK
Content-Length: 74
Content-Type: application/json;charset=UTF-8
{
"checkEmail" : "black.hat@untrusted.com",
"status" : "BLACKLISTED"
}Find Identity Provider Types
GET /identity-provider-types
This service provides a list of available IdentityProviderTypes. It does not require authentication, as any client that is preparing to create a new Tenant via the sign-up process must be able to list the set of IdentityProviderTypes to the user prior to creation of the Tenant.
Authorization
Authorization not required for this request.
Path parameters
No parameters.
Query parameters
No parameters.
Request fields
No request body.
Response fields
| Path | Type | Optional | Description |
|---|---|---|---|
[].id |
String |
false |
Unique id of this IdentityProviderType instance. |
[].identityProviderTypeName |
String |
false |
A simple label for display to a human user. Size must be between 1 and 128 inclusive. |
[].auth0ConnectionId |
String |
false |
An opaque value used by Auth0 to identify their Identity Provider. Size must be between 1 and 128 inclusive. |
[].auth0ConnectionType |
String |
false |
One of four types of connections that Auth0 supports. Must be one of [Database, Social, Enterprise, Passwordless]. |
Example request
$ curl 'https://gateway.netFoundry.io/identity/v1/identity-provider-types' -i -X GETExample response
HTTP/1.1 200 OK
Content-Length: 391
Content-Type: application/json;charset=UTF-8
[ {
"id" : "91cff470-70d9-4e99-bfd8-3c7920d6a552",
"identityProviderTypeName" : "Simple Username/Password",
"auth0ConnectionId" : "Username-Password-Authentication",
"auth0ConnectionType" : "Database"
}, {
"id" : "474342c9-9d52-4da8-ba20-3ad04a9666b1",
"identityProviderTypeName" : "Google Account",
"auth0ConnectionId" : "google-oauth2",
"auth0ConnectionType" : "Social"
} ]Signup
POST /signup
This service can be used to create a new Tenant. The client specifies a basic set of Tenant information, such as a descriptive name and a site label, as well as other configuration details. The client must specify how the Tenant wishes to authenticate its users by passing one or more specifications for an IdentityProvider. A client may call the Find Identity Provider Types service to preview a list of available authentication mechanisms. Finally, the client must specify user information for the initial 'root' user of the Tenant. Upon successful completion of the service request, the API Server will send the user an email with instructions to complete the sign-up process. Note, the API Server does not permit sending invitations to all email addresses. A client may check to see if an email address is supported by calling the Check Email Address service prior to calling this sign-up service.
Authorization
Authorization not required for this request.
Path parameters
No parameters.
Query parameters
No parameters.
Request fields
| Path | Type | Optional | Description |
|---|---|---|---|
tenantName |
String |
false |
A human friendly name for the Tenant. This will become the Tenant’s name property. Size must be between 1 and 128 inclusive. |
tenantLabel |
String |
false |
A domain name label, used to compose the Tenant’s custom site domain. The value can be 1 to 63 alpha-numeric or hyphen characters, but may not begin or end with a hyphen. Must match the regular expression |
identityProviders |
Array[Object] |
false |
A non-empty set of identity providers that the Tenant should allow users to login through. |
identityProviders[].name |
String |
false |
A human friendly name for the IdentityProvider. This value is specific to the Tenant, even if the authentication mechanism is shared across many Tenants (social based authentication being a prime example.). Size must be between 1 and 128 inclusive. |
identityProviders[].identityProviderTypeId |
String |
false |
The IdentityProviderType.id of the IdentityProviderType to create and use within the Tenant. See service to get a list of available IdentityProviderTypes. |
signupUrl |
String |
false |
A fully qualified http or https url where the sign-up email will link to, so that the sign-up user may complete the sign-up process. |
billingInfo |
Object |
true |
|
billingInfo.type |
String |
true |
|
billingInfo.customerEmail |
String |
true |
|
billingInfo.productId |
String |
true |
|
billingInfo.customerId |
String |
false |
The customer Id to use for billing aws market place customer. If the type is AWS and customer Id is provided, then the Billing organization will be setup as enterprise. |
billingInfo.stripeCardToken |
String |
false |
The token from Stripe for the card to use for billing. If the type is stripe and stripeCardToken is provided, then the Billing organization will be setup as self-service. |
adminUsers |
Array[Object] |
false |
An ordered list of initial user accounts to create within this organization. All will be granted administrative access. The first will be the primary billing contact. |
adminUsers[].firstName |
String |
false |
The given name to assign to the initial user Identity. Size must be between 0 and 128 inclusive. |
adminUsers[].lastName |
String |
false |
The family name to assign to the initial user Identity. Size must be between 1 and 128 inclusive. |
adminUsers[].email |
String |
false |
The email address to assign to the initial user Identity. This is also the email address when the sign-up invitation will be sent. Must be a well-formed email address. |
Response fields
| Path | Type | Optional | Description |
|---|---|---|---|
success |
Boolean |
true |
|
error |
String |
true |
Must be one of [TenantLabelTaken, InvalidIdentityProviderType, EmailBlocked, BillingError, UnknownServerError]. |
errorDetail |
String |
true |
Example request
$ curl 'https://gateway.netFoundry.io/identity/v1/signup' -i -X POST \
-H 'Content-Type: application/json' \
-d '{"tenantName":"Global Gadgets, Inc.-85","tenantLabel":"Global-Gadgets-86","identityProviders":[{"name":"GG Auth2-84","identityProviderTypeId":"474342c9-9d52-4da8-ba20-3ad04a9666b1"},{"name":"GG Auth1-83","identityProviderTypeId":"91cff470-70d9-4e99-bfd8-3c7920d6a552"}],"signupUrl":"https://nfadmin.console.netfoundry.io/signup","billingInfo":{"type":"Trial","customerEmail":"user@email.com","productId":"plan01","type":"Trial"},"adminUsers":[{"firstName":"Sally","lastName":"Cook","email":"sally.cook@globalGadgets.com"}]}'Example response
HTTP/1.1 200 OK
Content-Length: 64
Content-Type: application/json;charset=UTF-8
{
"success" : true,
"error" : null,
"errorDetail" : null
}Invitation Flow
Get Invitation By Key
GET /invitations/key/{key:[\p{Alnum}]{36}}
Authorization
Authorization not required for this request.
Path parameters
| Parameter | Type | Optional | Description |
|---|---|---|---|
key |
String |
false |
Query parameters
No parameters.
Request fields
No request body.
Response fields
| Path | Type | Optional | Description |
|---|---|---|---|
fromIdentity |
Object |
false |
|
fromIdentity.name |
String |
true |
|
fromIdentity.email |
String |
false |
Size must be between 6 and 254 inclusive. |
targetIdentity |
Object |
true |
|
targetIdentity.name |
String |
true |
|
targetIdentity.email |
String |
false |
Size must be between 6 and 254 inclusive. |
invitedEmailAddress |
String |
false |
Must be a well-formed email address. |
toTenantName |
String |
false |
|
toTenantLabel |
String |
false |
|
expiration |
Var |
false |
|
accepted |
Boolean |
true |
|
state |
String |
false |
Must be one of [Open, Accepted, Declined, Expired, Revoked]. |
Example request
$ curl 'https://gateway.netFoundry.io/identity/v1/invitations/key/xwTNh7SZXDchlAlJoJEUZY16qAyL8rhDEqef' -i -X GETExample response
HTTP/1.1 200 OK
Content-Length: 428
Content-Type: application/json;charset=UTF-8
{
"fromIdentity" : {
"name" : "John Doe",
"email" : "john.doe@acme.com"
},
"targetIdentity" : {
"name" : "First Last",
"email" : "random-80@acme.com"
},
"invitedEmailAddress" : "new.employee-82@acme.com",
"toTenantName" : "ACME International, Inc.",
"toTenantLabel" : "ACME-0",
"expiration" : {
"nano" : 799000000,
"epochSecond" : 1576610221
},
"accepted" : null,
"state" : "Open"
}Decline Invitation
PUT /invitations/key/{key:[\p{Alnum}]{36}}/decline
Authorization
Authorization not required for this request.
Path parameters
| Parameter | Type | Optional | Description |
|---|---|---|---|
key |
String |
false |
Query parameters
No parameters.
Request fields
No request body.
Response fields
| Path | Type | Optional | Description |
|---|---|---|---|
fromIdentity |
Object |
false |
|
fromIdentity.name |
String |
true |
|
fromIdentity.email |
String |
false |
Size must be between 6 and 254 inclusive. |
targetIdentity |
Object |
true |
|
targetIdentity.name |
String |
true |
|
targetIdentity.email |
String |
false |
Size must be between 6 and 254 inclusive. |
invitedEmailAddress |
String |
false |
Must be a well-formed email address. |
toTenantName |
String |
false |
|
toTenantLabel |
String |
false |
|
expiration |
Var |
false |
|
accepted |
Boolean |
true |
|
state |
String |
false |
Must be one of [Open, Accepted, Declined, Expired, Revoked]. |
Example request
$ curl 'https://gateway.netFoundry.io/identity/v1/invitations/key/WTrCw8IUAKTvwMYvmuFvXt8mdki8JFtjw6g7/decline' -i -X PUTExample response
HTTP/1.1 200 OK
Content-Type: application/json;charset=UTF-8
Content-Length: 433
{
"fromIdentity" : {
"name" : "John Doe",
"email" : "john.doe@acme.com"
},
"targetIdentity" : {
"name" : "First Last",
"email" : "random-77@acme.com"
},
"invitedEmailAddress" : "new.employee-79@acme.com",
"toTenantName" : "ACME International, Inc.",
"toTenantLabel" : "ACME-0",
"expiration" : {
"nano" : 735000000,
"epochSecond" : 1576610221
},
"accepted" : false,
"state" : "Declined"
}Initiate Accept Invitation
POST /invitations/key/{key:[\p{Alnum}]{36}}/accept-initiate
Authorization
Authorization not required for this request.
Path parameters
| Parameter | Type | Optional | Description |
|---|---|---|---|
key |
String |
false |
Query parameters
No parameters.
Request fields
| Path | Type | Optional | Description |
|---|---|---|---|
intermediateReturnUrl |
String |
false |
Response fields
| Path | Type | Optional | Description |
|---|---|---|---|
nfToken |
String |
false |
|
auth0ConnectionIds |
Array[String] |
false |
Example request
$ curl 'https://gateway.netFoundry.io/identity/v1/invitations/key/m8UqS6etcBvxSY56cSlJSrDCq4SmhV7PKdfv/accept-initiate' -i -X POST \
-H 'Content-Type: application/json' \
-d '{"intermediateReturnUrl":"http://console.nfadmin.netfoundry.io/invitation"}'Example response
HTTP/1.1 200 OK
Content-Type: application/json;charset=UTF-8
Content-Length: 981
{
"nfToken" : "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJhdXRoMENvbm5lY3Rpb25JZHMiOlsiYXV0aDAtb3BhcXVlLWNvbm5lY3Rpb25JZC0xIiwiYXV0aDAtb3BhcXVlLWNvbm5lY3Rpb25JZC0yIl0sImF1ZCI6Imh0dHBzOi8vbmV0Zm91bmRyeS1zYW5kYm94LmF1dGgwLmNvbS8iLCJyZWRpcmVjdFVybCI6Imh0dHA6Ly9jb25zb2xlLm5mYWRtaW4ubmV0Zm91bmRyeS5pby9pbnZpdGF0aW9uIiwiaXNzIjoiaHR0cDovL2xvY2FsaG9zdDo4MDgwL2lkZW50aXR5L3YxIiwidGVuYW50TGFiZWwiOiJBQ01FLTAiLCJpbnZpdGF0aW9uSWQiOiI2ZTViZjViMy0wOTkzLTRiNjYtYWYzNC1lNTA1OGIzYzVjMWMiLCJleHAiOjE1NzYwMDYzMjEsImlhdCI6MTU3NjAwNTQyMSwiZmxvdyI6Imludml0YXRpb24ifQ.jZoLWDfEdk_P5RXaYuRHv5Nx30vdXzPMIh6K3Ap8VGq1R-JSPH3OWvQhESWQNjgnliAQAwpzotxh6LE662JneGzDhiCYpyfEHR9sYngWaLMQrOt9wD9SF0nzuF4qqltVUEV_Z958tPOaqfr5tk9M3GzqzbQ060hMLBZjAwmakwAEKchNb_CQz4r6w1KZ7VDaqLjqAvhI1Q_--KiOJu8Pa25ceUwIRcsptV_dxhN56MoFYsm90B5dpx0IsjCxxnuy8oDWcO2T0llbgOnfiAWourMSxZOVnnMM-1B00Utr2bWjaV3N9PeTmBIaSoy0TlI1hWXLigLlJiHfw98E2QABdg",
"auth0ConnectionIds" : [ "auth0-opaque-connectionId-1", "auth0-opaque-connectionId-2" ]
}Login Flow
Initiate Interactive Authorization
POST /tenants/authorize-initiate
Authorization
Authorization not required for this request.
Path parameters
No parameters.
Query parameters
No parameters.
Request fields
| Path | Type | Optional | Description |
|---|---|---|---|
tenantLabel |
String |
false |
Must match the regular expression |
intermediateReturnUrl |
String |
false |
Response fields
| Path | Type | Optional | Description |
|---|---|---|---|
nfToken |
String |
false |
|
auth0ConnectionIds |
Array[String] |
false |
Example request
$ curl 'https://gateway.netFoundry.io/identity/v1/tenants/authorize-initiate' -i -X POST \
-H 'Content-Type: application/json' \
-d '{"tenantLabel":"ACME-0","intermediateReturnUrl":"http://console.nfadmin.netfoundry.io/invitation"}'Example response
HTTP/1.1 200 OK
Content-Length: 902
Content-Type: application/json;charset=UTF-8
{
"nfToken" : "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJhdXRoMENvbm5lY3Rpb25JZHMiOlsiYXV0aDAtb3BhcXVlLWNvbm5lY3Rpb25JZC0xIiwiYXV0aDAtb3BhcXVlLWNvbm5lY3Rpb25JZC0yIl0sImF1ZCI6Imh0dHBzOi8vbmV0Zm91bmRyeS1zYW5kYm94LmF1dGgwLmNvbS8iLCJyZWRpcmVjdFVybCI6Imh0dHA6Ly9jb25zb2xlLm5mYWRtaW4ubmV0Zm91bmRyeS5pby9pbnZpdGF0aW9uIiwiaXNzIjoiaHR0cDovL2xvY2FsaG9zdDo4MDgwL2lkZW50aXR5L3YxIiwidGVuYW50TGFiZWwiOiJBQ01FLTAiLCJleHAiOjE1NzYwMDYzMjMsImlhdCI6MTU3NjAwNTQyMywiZmxvdyI6ImxvZ2luIn0.Wnz9i093cp9vy6EkZZR5N0Javr45W1hJ989HFy85dD5i90NY6qxRj3v4UqbM8Lvenrd7_z495OWzdAxTCDXYKuNdBqeXmxHeNbk48Mktlx_Gc583Zt9Ymae8kx8_YjPXbmFnSeXlRw2GMkqMdfMmIGA8gNN3eGEcDtMSgpU7LG9Ea84S9N5hB4HML3TsGaLjjrVV4KsQw4YXbR8X3GEwflguTPKhpgIl8WXQ1s5UEvy6mNOxGlUYPHNr1Xj29rgdIaprri9RMwpiTy6AEZfTYiuVw31w8G6tNChsAHk8EVOH1noxFh8vp0yY7ekkqunADpkRbK-u5obEA6mt6w3DTw",
"auth0ConnectionIds" : [ "auth0-opaque-connectionId-1", "auth0-opaque-connectionId-2" ]
}