Introduction

This is the NetFoundry identity service

Overview

HTTP verbs

NetFoundry adheres closely to standard HTTP and REST conventions in its use of HTTP verbs.

Verb Usage

GET

Used to retrieve a resource

POST

Used to create a new resource

PUT

Used to update an existing resource, full updates only

DELETE

Used to delete an existing resource

The PATCH method is not used (yet).

HTTP status codes

NetFoundry adheres closely to standard HTTP and REST conventions in its use of HTTP status codes.

Status code Usage

200 OK

The actual response will depend on the request method used. In a GET request, the response will contain an entity corresponding to the requested resource. In a POST request, the response will contain an entity describing or containing the result of the action.

201 Created

The request has been fulfilled and resulted in a new resource being created.

202 Accepted

The request has been accepted and is being processed asynchronously Standard response for successful HTTP requests which invoke back-end services.

204 No Content

The server successfully processed the request, but is not returning any content.

400 Bad Request

The server cannot or will not process the request due to something that is perceived to be a client error (e.g., malformed request syntax, invalid request message framing, or deceptive request routing).

401 Unauthorized

The request lacks valid authentication credentials for the target resource.

403 Forbidden

The request is authenticated with valid credentials however that set of credentials is not authorized to access this resource.

404 Not Found

The requested resource could not be found but may be available again in the future. Subsequent requests by the client are permissible.

Resources

Organization

Find Organizations

GET /organizations

Authorization

Valid Authorization Bearer token required, along with a permission grant authorizing access to any referenced resources.

Path parameters

No parameters.

Query parameters

Supports standard paging query parameters.

Parameter Type Optional Description

name

String

true

active

Boolean

true

mfaProviders

Object

true

includeDeleted

Boolean

true

Default value: 'false'.

Request fields

No request body.

Response fields

Standard paging response where content field is list of following objects:

Path Type Optional Description

id

String

true

name

String

true

Used for display purposes. Not unique or private.

label

String

true

A short value, containing only letters, numbers and dashes, which could be used as a label in a vanity domain. This label uniquely identifies the Organization, and is the key by which organization users indicate the organization within which they intend to authenticate. Note: A deleted organization looses its label. Such organizations will have a label value that combines the organization id with the prior label value. This maintains the constraint that all organization labels are unique, and frees the prior organization label value for reclamation. Obviously a deleted organization’s label will no longer meet the validation constraints of a live organization label.

identityProviders

Array[Object]

true

The set of active (not marked deleted nor deactivated) {@link IdentityProvider}s assigned to this Organization. It is possible for this set to be null. For access to inactive or deleted IdentityProviders, access the IdentityProvider API endpoint directly.

identityProviders[].id

String

true

identityProviders[].organizationId

String

true

The id of the {@link Organization} that this provider will authenticate users into.

identityProviders[].auth0ConnectionId

String

true

The auth0 generated id of the auth0 connection that this IdentityProvider represents.

identityProviders[].name

String

true

Used for display purposes. Not unique or private.

identityProviders[].auth0ConnectionType

String

true

Must be one of [Database, Social, Enterprise, Passwordless].

identityProviders[].active

Boolean

true

identityProviders[].createdAt

Object

true

identityProviders[].updatedAt

Object

true

identityProviders[].deletedAt

Object

true

defaultRoles

Array[Object]

true

The set of {@link DefaultRole}s assigned to this Organization.

defaultRoles[].id

String

true

defaultRoles[].organizationId

String

true

The id of the {@link Organization} that this default role applies to. All User and API Account Identities that are created in the organization without explicit permissions at the time of creation, will be granted this role and any other default roles that apply to the organization.

defaultRoles[].name

String

true

Used for display purposes. Not unique or private.

defaultRoles[].roleType

String

true

The type of the role identified by the {@link #roleId roleId}.

Must be one of [Standard, Custom].

defaultRoles[].roleId

String

true

The id of the role as defined by the authorization service.

defaultRoles[].createdBy

String

true

defaultRoles[].createdAt

Object

true

defaultRoles[].deletedAt

Object

true

defaultRoles[].deletedBy

String

true

defaultRoles[].deleted

Boolean

true

openIdProviders

Array[Object]

true

The set of {@link DefaultRole}s assigned to this Organization.

openIdProviders[].id

String

true

openIdProviders[].organizationId

String

true

The id of the {@link Organization} that this provider will authenticate users into.

openIdProviders[].name

String

true

Used for display purposes. Not unique or private.

openIdProviders[].clientId

String

true

An Open Id Provider / OAuth 2.0 Authorization Server issues a "clientId", which is "a unique string representing the registration information provided by the client." - OAuth 2.0 spec, sec 2.2 Required, never null or empty. While the specification does not limit the size of this property, this service sets a max size of 256 characters.

openIdProviders[].issuer

String

true

This MUST be identical to the iss Claim value in ID Tokens issued from this Issuer, and should be a URL.

openIdProviders[].authorizationEndpoint

String

true

URL of the Open Id Provider’s OAuth 2.0 Authorization Endpoint. This URL MUST use the https scheme and MAY contain port, path, and query parameter components.

openIdProviders[].tokenEndpoint

String

true

URL of the Open Id Provider’s OAuth 2.0 Token Endpoint. This URL MUST use the https scheme and MAY contain port, path, and query parameter components.

openIdProviders[].userInfoEndpoint

String

true

URL of the Open Id Provider’s UserInfo Endpoint. This URL MUST use the https scheme and MAY contain port, path, and query parameter components.

openIdProviders[].jwksUri

String

true

URL of the Open Id Provider’s JWK Set document, which MUST use the https scheme. This contains the signing key(s) which can be used to validate token signatures of tokens issued by this Open Id Provider.

openIdProviders[].active

Boolean

true

openIdProviders[].createdBy

String

true

openIdProviders[].createdAt

Object

true

openIdProviders[].deletedAt

Object

true

openIdProviders[].deletedBy

String

true

openIdProviders[].deleted

Boolean

true

active

Boolean

true

mfaProvider

String

true

Specifies an Auth0 compliant MFA provider. When set, it will trigger MFA on authentication via Auth0. If null, then the organization does not require MFA.

Must be one of [None, GoogleAuthenticator].

createdAt

Object

true

updatedAt

Object

true

deletedAt

Object

true

deleted

Boolean

true

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/organizations' -i -X GET \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJkMzB2eURpRlk3Y0wxa0lRZlBkbmV3IiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6IjI2MTMxNWViLWE0YWEtNDY4NS1hYjAyLWUzMmJkNDJlNzY5ZCIsImF1ZCI6ImlkZW50aXR5IiwiaWF0IjoxNzE1ODAwMTUwLCJleHAiOjE3MTU4MDM3NTAsInBvbGljaWVzIjpbeyJyZXNvdXJjZXMiOlsibmZybjoqIl0sImFjdGlvbnMiOlsiKjoqIl19XSwiZ3JhbnRzLXN1cGVyIjoiW3tcImlkXCI6XCI0NTEwNmEzZi1jNjU3LTQ4YmMtYjVmNS0wYWFkNWQ5ODg0MGNcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNDh9LHtcImlkXCI6XCI1YjY4OWFmYi1lNmNiLTQyY2EtYmYwZC0wNzQ3ZjExZDkwZjBcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNDV9LHtcImlkXCI6XCIxZWY3NzQzNC1mYjI0LTQ2MmQtOGIwNS03ZmQ5MThiYjAzZjJcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTB9XSIsImdyYW50cy1jdXN0b20iOiJbXSIsImdyYW50cy1wdWJsaWMiOiJbXSIsImdyYW50cy1hY3Rpb24iOiJbXSIsImdyYW50cy1zdGFuZGFyZCI6IltdIn0.hbOAdIOkIO0yIEjuDKExd2RHYsEHpeEl3hAAuHToCQZny2yjKJ1qD7ZeIIHVCNXPVKMfqycClBYMUAU-EvfkF7uoITqAOx9a8L-62MMMzHC28N-tLuMQhWk68WninLa74y6f5TpuqNXc56v2dtJch5vUeEY7n1IjoDyTchltjWz0aCSeKVV-pM4idYjPcjtwtz5DQfRRmvTfTXlj2E6tv2874y1KMtS6hfv-lPh24v4tDsRoQkTTTV77OiOy7tutdMDM3sWgFRH6ld1nkg32g0q9yoYKtc1cjcxFC7Q3E3PJaNtNj8dfHocDxPbpW1ycFfcVYhb9i9tPqcKcvROvvg'

Example response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 4387

[ {
  "id" : "95068bb0-864b-4930-b06e-9acf4957c826",
  "name" : "Cloud Engineering",
  "label" : "CLDENG",
  "identityProviders" : [ {
    "id" : "0cefe2c1-d4e4-4db2-8cf1-e53ee6ef3047",
    "organizationId" : "95068bb0-864b-4930-b06e-9acf4957c826",
    "auth0ConnectionId" : "google-oauth2",
    "name" : "NetFoundry Google Account",
    "auth0ConnectionType" : "Social",
    "active" : true,
    "createdAt" : {
      "nano" : 306758000,
      "epochSecond" : 1715800143
    },
    "updatedAt" : null,
    "deletedAt" : null
  } ],
  "defaultRoles" : [ {
    "id" : "83a95a95-b9cf-4396-ad42-e855e59096df",
    "organizationId" : "95068bb0-864b-4930-b06e-9acf4957c826",
    "name" : "Network Group Admin - Cloud Engineering Network Group",
    "roleType" : "Standard",
    "roleId" : "b75be358-a3f9-40a5-972d-a804c4758041",
    "createdBy" : "2b6f496d-36f1-4e66-a205-8abcf1d41d74",
    "createdAt" : {
      "nano" : 308925000,
      "epochSecond" : 1715800143
    },
    "deletedAt" : null,
    "deletedBy" : null,
    "deleted" : false
  }, {
    "id" : "131611fb-0b9a-4516-b8e2-6c04db529d5a",
    "organizationId" : "95068bb0-864b-4930-b06e-9acf4957c826",
    "name" : "Standard Role Admin - Network Group Admin - Cloud Engineering",
    "roleType" : "Standard",
    "roleId" : "2854b8f9-6538-11ea-98de-128b2daaf7e4",
    "createdBy" : "2b6f496d-36f1-4e66-a205-8abcf1d41d74",
    "createdAt" : {
      "nano" : 308925000,
      "epochSecond" : 1715800143
    },
    "deletedAt" : null,
    "deletedBy" : null,
    "deleted" : false
  }, {
    "id" : "74365578-6975-4666-a290-a850bea71ed8",
    "organizationId" : "95068bb0-864b-4930-b06e-9acf4957c826",
    "name" : "Cloud Engineering",
    "roleType" : "Custom",
    "roleId" : "8f1493a4-29ca-4b34-8d04-b6ef954b097c",
    "createdBy" : "2b6f496d-36f1-4e66-a205-8abcf1d41d74",
    "createdAt" : {
      "nano" : 307576000,
      "epochSecond" : 1715800143
    },
    "deletedAt" : null,
    "deletedBy" : null,
    "deleted" : false
  } ],
  "openIdProviders" : [ ],
  "active" : true,
  "mfaProvider" : null,
  "createdAt" : {
    "nano" : 306453000,
    "epochSecond" : 1715800143
  },
  "updatedAt" : null,
  "deletedAt" : null,
  "deleted" : false
}, {
  "id" : "9debbab1-1f98-4a30-9330-c1a2dbbf7695",
  "name" : "World Wide Imports",
  "label" : "WW-Imports-7",
  "identityProviders" : [ {
    "id" : "ff1d45e9-3de3-4d9c-a93f-ba7607106d9d",
    "organizationId" : "9debbab1-1f98-4a30-9330-c1a2dbbf7695",
    "auth0ConnectionId" : "auth0-opaque-connectionId-8",
    "name" : "Username/Password",
    "auth0ConnectionType" : "Database",
    "active" : true,
    "createdAt" : {
      "nano" : 947086000,
      "epochSecond" : 1715800146
    },
    "updatedAt" : null,
    "deletedAt" : null
  } ],
  "defaultRoles" : [ ],
  "openIdProviders" : [ {
    "id" : "9fe0f189-e9ac-4973-86a7-cb713b4e764a",
    "organizationId" : "9debbab1-1f98-4a30-9330-c1a2dbbf7695",
    "name" : "OIDC Provider-9",
    "clientId" : "clientId-10",
    "issuer" : "https://auth",
    "authorizationEndpoint" : "https://token",
    "tokenEndpoint" : "https://user",
    "userInfoEndpoint" : "https://jwks",
    "jwksUri" : "https://iss",
    "active" : false,
    "createdBy" : "a6cde1c3-a4b2-40f6-8ef2-c31cd5dbfd82",
    "createdAt" : {
      "nano" : 14407000,
      "epochSecond" : 1715800147
    },
    "deletedAt" : null,
    "deletedBy" : null,
    "deleted" : false
  } ],
  "active" : true,
  "mfaProvider" : null,
  "createdAt" : {
    "nano" : 944592000,
    "epochSecond" : 1715800146
  },
  "updatedAt" : null,
  "deletedAt" : null,
  "deleted" : false
}, {
  "id" : "a9e9bb06-bb16-42a0-89dd-f924d0d5f88a",
  "name" : "World Wide Imports",
  "label" : "WW-Imports-11",
  "identityProviders" : [ {
    "id" : "3abe5a52-d08b-480b-bb5d-9cce761ab89d",
    "organizationId" : "a9e9bb06-bb16-42a0-89dd-f924d0d5f88a",
    "auth0ConnectionId" : "auth0-opaque-connectionId-12",
    "name" : "Username/Password",
    "auth0ConnectionType" : "Database",
    "active" : true,
    "createdAt" : {
      "nano" : 757618000,
      "epochSecond" : 1715800147
    },
    "updatedAt" : null,
    "deletedAt" : null
  } ],
  "defaultRoles" : [ ],
  "openIdProviders" : [ ],
  "active" : true,
  "mfaProvider" : null,
  "createdAt" : {
    "nano" : 750240000,
    "epochSecond" : 1715800147
  },
  "updatedAt" : null,
  "deletedAt" : null,
  "deleted" : false
} ]

Get Organization By Id

GET /organizations/{id:[a-fA-F0-9]{8}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{12}}

Authorization

Valid Authorization Bearer token required, along with a permission grant authorizing access to any referenced resources.

Path parameters

Parameter Type Optional Description

id

Object

false

Query parameters

No parameters.

Request fields

No request body.

Response fields

Path Type Optional Description

id

String

true

name

String

true

Used for display purposes. Not unique or private.

label

String

true

A short value, containing only letters, numbers and dashes, which could be used as a label in a vanity domain. This label uniquely identifies the Organization, and is the key by which organization users indicate the organization within which they intend to authenticate. Note: A deleted organization looses its label. Such organizations will have a label value that combines the organization id with the prior label value. This maintains the constraint that all organization labels are unique, and frees the prior organization label value for reclamation. Obviously a deleted organization’s label will no longer meet the validation constraints of a live organization label.

identityProviders

Array[Object]

true

The set of active (not marked deleted nor deactivated) {@link IdentityProvider}s assigned to this Organization. It is possible for this set to be null. For access to inactive or deleted IdentityProviders, access the IdentityProvider API endpoint directly.

identityProviders[].id

String

true

identityProviders[].organizationId

String

true

The id of the {@link Organization} that this provider will authenticate users into.

identityProviders[].auth0ConnectionId

String

true

The auth0 generated id of the auth0 connection that this IdentityProvider represents.

identityProviders[].name

String

true

Used for display purposes. Not unique or private.

identityProviders[].auth0ConnectionType

String

true

Must be one of [Database, Social, Enterprise, Passwordless].

identityProviders[].active

Boolean

true

identityProviders[].createdAt

Object

true

identityProviders[].updatedAt

Object

true

identityProviders[].deletedAt

Object

true

defaultRoles

Array[Object]

true

The set of {@link DefaultRole}s assigned to this Organization.

defaultRoles[].id

String

true

defaultRoles[].organizationId

String

true

The id of the {@link Organization} that this default role applies to. All User and API Account Identities that are created in the organization without explicit permissions at the time of creation, will be granted this role and any other default roles that apply to the organization.

defaultRoles[].name

String

true

Used for display purposes. Not unique or private.

defaultRoles[].roleType

String

true

The type of the role identified by the {@link #roleId roleId}.

Must be one of [Standard, Custom].

defaultRoles[].roleId

String

true

The id of the role as defined by the authorization service.

defaultRoles[].createdBy

String

true

defaultRoles[].createdAt

Object

true

defaultRoles[].deletedAt

Object

true

defaultRoles[].deletedBy

String

true

defaultRoles[].deleted

Boolean

true

openIdProviders

Array[Object]

true

The set of {@link DefaultRole}s assigned to this Organization.

openIdProviders[].id

String

true

openIdProviders[].organizationId

String

true

The id of the {@link Organization} that this provider will authenticate users into.

openIdProviders[].name

String

true

Used for display purposes. Not unique or private.

openIdProviders[].clientId

String

true

An Open Id Provider / OAuth 2.0 Authorization Server issues a "clientId", which is "a unique string representing the registration information provided by the client." - OAuth 2.0 spec, sec 2.2 Required, never null or empty. While the specification does not limit the size of this property, this service sets a max size of 256 characters.

openIdProviders[].issuer

String

true

This MUST be identical to the iss Claim value in ID Tokens issued from this Issuer, and should be a URL.

openIdProviders[].authorizationEndpoint

String

true

URL of the Open Id Provider’s OAuth 2.0 Authorization Endpoint. This URL MUST use the https scheme and MAY contain port, path, and query parameter components.

openIdProviders[].tokenEndpoint

String

true

URL of the Open Id Provider’s OAuth 2.0 Token Endpoint. This URL MUST use the https scheme and MAY contain port, path, and query parameter components.

openIdProviders[].userInfoEndpoint

String

true

URL of the Open Id Provider’s UserInfo Endpoint. This URL MUST use the https scheme and MAY contain port, path, and query parameter components.

openIdProviders[].jwksUri

String

true

URL of the Open Id Provider’s JWK Set document, which MUST use the https scheme. This contains the signing key(s) which can be used to validate token signatures of tokens issued by this Open Id Provider.

openIdProviders[].active

Boolean

true

openIdProviders[].createdBy

String

true

openIdProviders[].createdAt

Object

true

openIdProviders[].deletedAt

Object

true

openIdProviders[].deletedBy

String

true

openIdProviders[].deleted

Boolean

true

active

Boolean

true

mfaProvider

String

true

Specifies an Auth0 compliant MFA provider. When set, it will trigger MFA on authentication via Auth0. If null, then the organization does not require MFA.

Must be one of [None, GoogleAuthenticator].

createdAt

Object

true

updatedAt

Object

true

deletedAt

Object

true

deleted

Boolean

true

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/organizations/bed8e124-e63c-4659-8270-cbdece1eaf93' -i -X GET \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJkMzB2eURpRlk3Y0wxa0lRZlBkbmV3IiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6IjI2MTMxNWViLWE0YWEtNDY4NS1hYjAyLWUzMmJkNDJlNzY5ZCIsImF1ZCI6ImlkZW50aXR5IiwiaWF0IjoxNzE1ODAwMTUwLCJleHAiOjE3MTU4MDM3NTAsInBvbGljaWVzIjpbeyJyZXNvdXJjZXMiOlsibmZybjoqIl0sImFjdGlvbnMiOlsiKjoqIl19XSwiZ3JhbnRzLXN1cGVyIjoiW3tcImlkXCI6XCI0NTEwNmEzZi1jNjU3LTQ4YmMtYjVmNS0wYWFkNWQ5ODg0MGNcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNDh9LHtcImlkXCI6XCI1YjY4OWFmYi1lNmNiLTQyY2EtYmYwZC0wNzQ3ZjExZDkwZjBcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNDV9LHtcImlkXCI6XCIxZWY3NzQzNC1mYjI0LTQ2MmQtOGIwNS03ZmQ5MThiYjAzZjJcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTB9XSIsImdyYW50cy1jdXN0b20iOiJbXSIsImdyYW50cy1wdWJsaWMiOiJbXSIsImdyYW50cy1hY3Rpb24iOiJbXSIsImdyYW50cy1zdGFuZGFyZCI6IltdIn0.hbOAdIOkIO0yIEjuDKExd2RHYsEHpeEl3hAAuHToCQZny2yjKJ1qD7ZeIIHVCNXPVKMfqycClBYMUAU-EvfkF7uoITqAOx9a8L-62MMMzHC28N-tLuMQhWk68WninLa74y6f5TpuqNXc56v2dtJch5vUeEY7n1IjoDyTchltjWz0aCSeKVV-pM4idYjPcjtwtz5DQfRRmvTfTXlj2E6tv2874y1KMtS6hfv-lPh24v4tDsRoQkTTTV77OiOy7tutdMDM3sWgFRH6ld1nkg32g0q9yoYKtc1cjcxFC7Q3E3PJaNtNj8dfHocDxPbpW1ycFfcVYhb9i9tPqcKcvROvvg'

Example response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 3321

{
  "id" : "bed8e124-e63c-4659-8270-cbdece1eaf93",
  "name" : "ACME International, Inc.",
  "label" : "ACME-0",
  "identityProviders" : [ {
    "id" : "f052a343-ea06-4d50-9be3-3a31e5d90074",
    "organizationId" : "bed8e124-e63c-4659-8270-cbdece1eaf93",
    "auth0ConnectionId" : "auth0-opaque-connectionId-1",
    "name" : "ACME Federated Active Directory",
    "auth0ConnectionType" : "Enterprise",
    "active" : true,
    "createdAt" : {
      "nano" : 391179000,
      "epochSecond" : 1715800145
    },
    "updatedAt" : null,
    "deletedAt" : null
  }, {
    "id" : "5758db8b-9cc4-454b-b4ae-20aa34a673a8",
    "organizationId" : "bed8e124-e63c-4659-8270-cbdece1eaf93",
    "auth0ConnectionId" : "auth0-opaque-connectionId-2",
    "name" : "Google-Account",
    "auth0ConnectionType" : "Social",
    "active" : true,
    "createdAt" : {
      "nano" : 401851000,
      "epochSecond" : 1715800145
    },
    "updatedAt" : null,
    "deletedAt" : null
  } ],
  "defaultRoles" : [ {
    "id" : "88421ef7-9dc4-4e78-9118-a4fb4bdf689d",
    "organizationId" : "bed8e124-e63c-4659-8270-cbdece1eaf93",
    "name" : "Test Std Role",
    "roleType" : "Standard",
    "roleId" : "c99dcd43-9afd-4707-925e-5b8223c43e1f",
    "createdBy" : "dbcbfb26-55db-4f5d-b608-e89975c50186",
    "createdAt" : {
      "nano" : 407852000,
      "epochSecond" : 1715800145
    },
    "deletedAt" : null,
    "deletedBy" : null,
    "deleted" : false
  }, {
    "id" : "c644f5d3-7ef5-421f-ae76-44133af88d0c",
    "organizationId" : "bed8e124-e63c-4659-8270-cbdece1eaf93",
    "name" : "Test Custom Role",
    "roleType" : "Custom",
    "roleId" : "afabd55f-11b7-41fa-bca8-521e39684a09",
    "createdBy" : "ecb3e351-39a5-4231-9f29-8a182c61d57a",
    "createdAt" : {
      "nano" : 429946000,
      "epochSecond" : 1715800145
    },
    "deletedAt" : null,
    "deletedBy" : null,
    "deleted" : false
  } ],
  "openIdProviders" : [ {
    "id" : "84a6a072-757d-4619-90ee-a96e314916de",
    "organizationId" : "bed8e124-e63c-4659-8270-cbdece1eaf93",
    "name" : "ACME OIDC Provider New",
    "clientId" : "clientId2",
    "issuer" : "https://auth",
    "authorizationEndpoint" : "https://token",
    "tokenEndpoint" : "https://user",
    "userInfoEndpoint" : "https://jwks",
    "jwksUri" : "https://iss",
    "active" : true,
    "createdBy" : "261315eb-a4aa-4685-ab02-e32bd42e769d",
    "createdAt" : {
      "nano" : 494861000,
      "epochSecond" : 1715800147
    },
    "deletedAt" : null,
    "deletedBy" : null,
    "deleted" : false
  }, {
    "id" : "95da457e-b32a-4052-adc8-a23e1e6e9d30",
    "organizationId" : "bed8e124-e63c-4659-8270-cbdece1eaf93",
    "name" : "ACME OIDC Provider 1",
    "clientId" : "clientId1",
    "issuer" : "https://auth",
    "authorizationEndpoint" : "https://token",
    "tokenEndpoint" : "https://user",
    "userInfoEndpoint" : "https://jwks",
    "jwksUri" : "https://iss",
    "active" : true,
    "createdBy" : "9b59f01b-279a-45c4-9dce-149ad0ee230c",
    "createdAt" : {
      "nano" : 464457000,
      "epochSecond" : 1715800145
    },
    "deletedAt" : null,
    "deletedBy" : null,
    "deleted" : false
  } ],
  "active" : true,
  "mfaProvider" : null,
  "createdAt" : {
    "nano" : 382255000,
    "epochSecond" : 1715800145
  },
  "updatedAt" : null,
  "deletedAt" : null,
  "deleted" : false
}

Get Organization By Label

GET /organizations/label/{label:[-a-zA-Z0-9]{1,63}}

Authorization

Valid Authorization Bearer token required, along with a permission grant authorizing access to any referenced resources.

Path parameters

Parameter Type Optional Description

label

String

false

Query parameters

No parameters.

Request fields

No request body.

Response fields

Path Type Optional Description

id

String

true

name

String

true

Used for display purposes. Not unique or private.

label

String

true

A short value, containing only letters, numbers and dashes, which could be used as a label in a vanity domain. This label uniquely identifies the Organization, and is the key by which organization users indicate the organization within which they intend to authenticate. Note: A deleted organization looses its label. Such organizations will have a label value that combines the organization id with the prior label value. This maintains the constraint that all organization labels are unique, and frees the prior organization label value for reclamation. Obviously a deleted organization’s label will no longer meet the validation constraints of a live organization label.

identityProviders

Array[Object]

true

The set of active (not marked deleted nor deactivated) {@link IdentityProvider}s assigned to this Organization. It is possible for this set to be null. For access to inactive or deleted IdentityProviders, access the IdentityProvider API endpoint directly.

identityProviders[].id

String

true

identityProviders[].organizationId

String

true

The id of the {@link Organization} that this provider will authenticate users into.

identityProviders[].auth0ConnectionId

String

true

The auth0 generated id of the auth0 connection that this IdentityProvider represents.

identityProviders[].name

String

true

Used for display purposes. Not unique or private.

identityProviders[].auth0ConnectionType

String

true

Must be one of [Database, Social, Enterprise, Passwordless].

identityProviders[].active

Boolean

true

identityProviders[].createdAt

Object

true

identityProviders[].updatedAt

Object

true

identityProviders[].deletedAt

Object

true

defaultRoles

Array[Object]

true

The set of {@link DefaultRole}s assigned to this Organization.

defaultRoles[].id

String

true

defaultRoles[].organizationId

String

true

The id of the {@link Organization} that this default role applies to. All User and API Account Identities that are created in the organization without explicit permissions at the time of creation, will be granted this role and any other default roles that apply to the organization.

defaultRoles[].name

String

true

Used for display purposes. Not unique or private.

defaultRoles[].roleType

String

true

The type of the role identified by the {@link #roleId roleId}.

Must be one of [Standard, Custom].

defaultRoles[].roleId

String

true

The id of the role as defined by the authorization service.

defaultRoles[].createdBy

String

true

defaultRoles[].createdAt

Object

true

defaultRoles[].deletedAt

Object

true

defaultRoles[].deletedBy

String

true

defaultRoles[].deleted

Boolean

true

openIdProviders

Array[Object]

true

The set of {@link DefaultRole}s assigned to this Organization.

openIdProviders[].id

String

true

openIdProviders[].organizationId

String

true

The id of the {@link Organization} that this provider will authenticate users into.

openIdProviders[].name

String

true

Used for display purposes. Not unique or private.

openIdProviders[].clientId

String

true

An Open Id Provider / OAuth 2.0 Authorization Server issues a "clientId", which is "a unique string representing the registration information provided by the client." - OAuth 2.0 spec, sec 2.2 Required, never null or empty. While the specification does not limit the size of this property, this service sets a max size of 256 characters.

openIdProviders[].issuer

String

true

This MUST be identical to the iss Claim value in ID Tokens issued from this Issuer, and should be a URL.

openIdProviders[].authorizationEndpoint

String

true

URL of the Open Id Provider’s OAuth 2.0 Authorization Endpoint. This URL MUST use the https scheme and MAY contain port, path, and query parameter components.

openIdProviders[].tokenEndpoint

String

true

URL of the Open Id Provider’s OAuth 2.0 Token Endpoint. This URL MUST use the https scheme and MAY contain port, path, and query parameter components.

openIdProviders[].userInfoEndpoint

String

true

URL of the Open Id Provider’s UserInfo Endpoint. This URL MUST use the https scheme and MAY contain port, path, and query parameter components.

openIdProviders[].jwksUri

String

true

URL of the Open Id Provider’s JWK Set document, which MUST use the https scheme. This contains the signing key(s) which can be used to validate token signatures of tokens issued by this Open Id Provider.

openIdProviders[].active

Boolean

true

openIdProviders[].createdBy

String

true

openIdProviders[].createdAt

Object

true

openIdProviders[].deletedAt

Object

true

openIdProviders[].deletedBy

String

true

openIdProviders[].deleted

Boolean

true

active

Boolean

true

mfaProvider

String

true

Specifies an Auth0 compliant MFA provider. When set, it will trigger MFA on authentication via Auth0. If null, then the organization does not require MFA.

Must be one of [None, GoogleAuthenticator].

createdAt

Object

true

updatedAt

Object

true

deletedAt

Object

true

deleted

Boolean

true

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/organizations/label/ACME-0' -i -X GET \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJkMzB2eURpRlk3Y0wxa0lRZlBkbmV3IiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6IjI2MTMxNWViLWE0YWEtNDY4NS1hYjAyLWUzMmJkNDJlNzY5ZCIsImF1ZCI6ImlkZW50aXR5IiwiaWF0IjoxNzE1ODAwMTUwLCJleHAiOjE3MTU4MDM3NTAsInBvbGljaWVzIjpbeyJyZXNvdXJjZXMiOlsibmZybjoqIl0sImFjdGlvbnMiOlsiKjoqIl19XSwiZ3JhbnRzLXN1cGVyIjoiW3tcImlkXCI6XCI0NTEwNmEzZi1jNjU3LTQ4YmMtYjVmNS0wYWFkNWQ5ODg0MGNcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNDh9LHtcImlkXCI6XCI1YjY4OWFmYi1lNmNiLTQyY2EtYmYwZC0wNzQ3ZjExZDkwZjBcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNDV9LHtcImlkXCI6XCIxZWY3NzQzNC1mYjI0LTQ2MmQtOGIwNS03ZmQ5MThiYjAzZjJcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTB9XSIsImdyYW50cy1jdXN0b20iOiJbXSIsImdyYW50cy1wdWJsaWMiOiJbXSIsImdyYW50cy1hY3Rpb24iOiJbXSIsImdyYW50cy1zdGFuZGFyZCI6IltdIn0.hbOAdIOkIO0yIEjuDKExd2RHYsEHpeEl3hAAuHToCQZny2yjKJ1qD7ZeIIHVCNXPVKMfqycClBYMUAU-EvfkF7uoITqAOx9a8L-62MMMzHC28N-tLuMQhWk68WninLa74y6f5TpuqNXc56v2dtJch5vUeEY7n1IjoDyTchltjWz0aCSeKVV-pM4idYjPcjtwtz5DQfRRmvTfTXlj2E6tv2874y1KMtS6hfv-lPh24v4tDsRoQkTTTV77OiOy7tutdMDM3sWgFRH6ld1nkg32g0q9yoYKtc1cjcxFC7Q3E3PJaNtNj8dfHocDxPbpW1ycFfcVYhb9i9tPqcKcvROvvg'

Example response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 3321

{
  "id" : "bed8e124-e63c-4659-8270-cbdece1eaf93",
  "name" : "ACME International, Inc.",
  "label" : "ACME-0",
  "identityProviders" : [ {
    "id" : "f052a343-ea06-4d50-9be3-3a31e5d90074",
    "organizationId" : "bed8e124-e63c-4659-8270-cbdece1eaf93",
    "auth0ConnectionId" : "auth0-opaque-connectionId-1",
    "name" : "ACME Federated Active Directory",
    "auth0ConnectionType" : "Enterprise",
    "active" : true,
    "createdAt" : {
      "nano" : 391179000,
      "epochSecond" : 1715800145
    },
    "updatedAt" : null,
    "deletedAt" : null
  }, {
    "id" : "5758db8b-9cc4-454b-b4ae-20aa34a673a8",
    "organizationId" : "bed8e124-e63c-4659-8270-cbdece1eaf93",
    "auth0ConnectionId" : "auth0-opaque-connectionId-2",
    "name" : "Google-Account",
    "auth0ConnectionType" : "Social",
    "active" : true,
    "createdAt" : {
      "nano" : 401851000,
      "epochSecond" : 1715800145
    },
    "updatedAt" : null,
    "deletedAt" : null
  } ],
  "defaultRoles" : [ {
    "id" : "88421ef7-9dc4-4e78-9118-a4fb4bdf689d",
    "organizationId" : "bed8e124-e63c-4659-8270-cbdece1eaf93",
    "name" : "Test Std Role",
    "roleType" : "Standard",
    "roleId" : "c99dcd43-9afd-4707-925e-5b8223c43e1f",
    "createdBy" : "dbcbfb26-55db-4f5d-b608-e89975c50186",
    "createdAt" : {
      "nano" : 407852000,
      "epochSecond" : 1715800145
    },
    "deletedAt" : null,
    "deletedBy" : null,
    "deleted" : false
  }, {
    "id" : "c644f5d3-7ef5-421f-ae76-44133af88d0c",
    "organizationId" : "bed8e124-e63c-4659-8270-cbdece1eaf93",
    "name" : "Test Custom Role",
    "roleType" : "Custom",
    "roleId" : "afabd55f-11b7-41fa-bca8-521e39684a09",
    "createdBy" : "ecb3e351-39a5-4231-9f29-8a182c61d57a",
    "createdAt" : {
      "nano" : 429946000,
      "epochSecond" : 1715800145
    },
    "deletedAt" : null,
    "deletedBy" : null,
    "deleted" : false
  } ],
  "openIdProviders" : [ {
    "id" : "84a6a072-757d-4619-90ee-a96e314916de",
    "organizationId" : "bed8e124-e63c-4659-8270-cbdece1eaf93",
    "name" : "ACME OIDC Provider New",
    "clientId" : "clientId2",
    "issuer" : "https://auth",
    "authorizationEndpoint" : "https://token",
    "tokenEndpoint" : "https://user",
    "userInfoEndpoint" : "https://jwks",
    "jwksUri" : "https://iss",
    "active" : true,
    "createdBy" : "261315eb-a4aa-4685-ab02-e32bd42e769d",
    "createdAt" : {
      "nano" : 494861000,
      "epochSecond" : 1715800147
    },
    "deletedAt" : null,
    "deletedBy" : null,
    "deleted" : false
  }, {
    "id" : "95da457e-b32a-4052-adc8-a23e1e6e9d30",
    "organizationId" : "bed8e124-e63c-4659-8270-cbdece1eaf93",
    "name" : "ACME OIDC Provider 1",
    "clientId" : "clientId1",
    "issuer" : "https://auth",
    "authorizationEndpoint" : "https://token",
    "tokenEndpoint" : "https://user",
    "userInfoEndpoint" : "https://jwks",
    "jwksUri" : "https://iss",
    "active" : true,
    "createdBy" : "9b59f01b-279a-45c4-9dce-149ad0ee230c",
    "createdAt" : {
      "nano" : 464457000,
      "epochSecond" : 1715800145
    },
    "deletedAt" : null,
    "deletedBy" : null,
    "deleted" : false
  } ],
  "active" : true,
  "mfaProvider" : null,
  "createdAt" : {
    "nano" : 382255000,
    "epochSecond" : 1715800145
  },
  "updatedAt" : null,
  "deletedAt" : null,
  "deleted" : false
}

Create Organization

POST /organizations

Authorization

Valid Authorization Bearer token required, along with a permission grant authorizing access to any referenced resources.

Path parameters

No parameters.

Query parameters

No parameters.

Request fields

Path Type Optional Description

name

String

true

label

String

true

auth0ConnectionId

String

true

identityProviderName

String

true

auth0ConnectionType

String

true

Must be one of [Database, Social, Enterprise, Passwordless].

Response fields

Path Type Optional Description

id

String

true

name

String

true

Used for display purposes. Not unique or private.

label

String

true

A short value, containing only letters, numbers and dashes, which could be used as a label in a vanity domain. This label uniquely identifies the Organization, and is the key by which organization users indicate the organization within which they intend to authenticate. Note: A deleted organization looses its label. Such organizations will have a label value that combines the organization id with the prior label value. This maintains the constraint that all organization labels are unique, and frees the prior organization label value for reclamation. Obviously a deleted organization’s label will no longer meet the validation constraints of a live organization label.

identityProviders

Array[Object]

true

The set of active (not marked deleted nor deactivated) {@link IdentityProvider}s assigned to this Organization. It is possible for this set to be null. For access to inactive or deleted IdentityProviders, access the IdentityProvider API endpoint directly.

identityProviders[].id

String

true

identityProviders[].organizationId

String

true

The id of the {@link Organization} that this provider will authenticate users into.

identityProviders[].auth0ConnectionId

String

true

The auth0 generated id of the auth0 connection that this IdentityProvider represents.

identityProviders[].name

String

true

Used for display purposes. Not unique or private.

identityProviders[].auth0ConnectionType

String

true

Must be one of [Database, Social, Enterprise, Passwordless].

identityProviders[].active

Boolean

true

identityProviders[].createdAt

Object

true

identityProviders[].updatedAt

Object

true

identityProviders[].deletedAt

Object

true

defaultRoles

Array[Object]

true

The set of {@link DefaultRole}s assigned to this Organization.

defaultRoles[].id

String

true

defaultRoles[].organizationId

String

true

The id of the {@link Organization} that this default role applies to. All User and API Account Identities that are created in the organization without explicit permissions at the time of creation, will be granted this role and any other default roles that apply to the organization.

defaultRoles[].name

String

true

Used for display purposes. Not unique or private.

defaultRoles[].roleType

String

true

The type of the role identified by the {@link #roleId roleId}.

Must be one of [Standard, Custom].

defaultRoles[].roleId

String

true

The id of the role as defined by the authorization service.

defaultRoles[].createdBy

String

true

defaultRoles[].createdAt

Object

true

defaultRoles[].deletedAt

Object

true

defaultRoles[].deletedBy

String

true

defaultRoles[].deleted

Boolean

true

openIdProviders

Array[Object]

true

The set of {@link DefaultRole}s assigned to this Organization.

openIdProviders[].id

String

true

openIdProviders[].organizationId

String

true

The id of the {@link Organization} that this provider will authenticate users into.

openIdProviders[].name

String

true

Used for display purposes. Not unique or private.

openIdProviders[].clientId

String

true

An Open Id Provider / OAuth 2.0 Authorization Server issues a "clientId", which is "a unique string representing the registration information provided by the client." - OAuth 2.0 spec, sec 2.2 Required, never null or empty. While the specification does not limit the size of this property, this service sets a max size of 256 characters.

openIdProviders[].issuer

String

true

This MUST be identical to the iss Claim value in ID Tokens issued from this Issuer, and should be a URL.

openIdProviders[].authorizationEndpoint

String

true

URL of the Open Id Provider’s OAuth 2.0 Authorization Endpoint. This URL MUST use the https scheme and MAY contain port, path, and query parameter components.

openIdProviders[].tokenEndpoint

String

true

URL of the Open Id Provider’s OAuth 2.0 Token Endpoint. This URL MUST use the https scheme and MAY contain port, path, and query parameter components.

openIdProviders[].userInfoEndpoint

String

true

URL of the Open Id Provider’s UserInfo Endpoint. This URL MUST use the https scheme and MAY contain port, path, and query parameter components.

openIdProviders[].jwksUri

String

true

URL of the Open Id Provider’s JWK Set document, which MUST use the https scheme. This contains the signing key(s) which can be used to validate token signatures of tokens issued by this Open Id Provider.

openIdProviders[].active

Boolean

true

openIdProviders[].createdBy

String

true

openIdProviders[].createdAt

Object

true

openIdProviders[].deletedAt

Object

true

openIdProviders[].deletedBy

String

true

openIdProviders[].deleted

Boolean

true

active

Boolean

true

mfaProvider

String

true

Specifies an Auth0 compliant MFA provider. When set, it will trigger MFA on authentication via Auth0. If null, then the organization does not require MFA.

Must be one of [None, GoogleAuthenticator].

createdAt

Object

true

updatedAt

Object

true

deletedAt

Object

true

deleted

Boolean

true

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/organizations' -i -X POST \
    -H 'Content-Type: application/json' \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJkMzB2eURpRlk3Y0wxa0lRZlBkbmV3IiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6IjI2MTMxNWViLWE0YWEtNDY4NS1hYjAyLWUzMmJkNDJlNzY5ZCIsImF1ZCI6ImlkZW50aXR5IiwiaWF0IjoxNzE1ODAwMTUwLCJleHAiOjE3MTU4MDM3NTAsInBvbGljaWVzIjpbeyJyZXNvdXJjZXMiOlsibmZybjoqIl0sImFjdGlvbnMiOlsiKjoqIl19XSwiZ3JhbnRzLXN1cGVyIjoiW3tcImlkXCI6XCI0NTEwNmEzZi1jNjU3LTQ4YmMtYjVmNS0wYWFkNWQ5ODg0MGNcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNDh9LHtcImlkXCI6XCI1YjY4OWFmYi1lNmNiLTQyY2EtYmYwZC0wNzQ3ZjExZDkwZjBcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNDV9LHtcImlkXCI6XCIxZWY3NzQzNC1mYjI0LTQ2MmQtOGIwNS03ZmQ5MThiYjAzZjJcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTB9XSIsImdyYW50cy1jdXN0b20iOiJbXSIsImdyYW50cy1wdWJsaWMiOiJbXSIsImdyYW50cy1hY3Rpb24iOiJbXSIsImdyYW50cy1zdGFuZGFyZCI6IltdIn0.hbOAdIOkIO0yIEjuDKExd2RHYsEHpeEl3hAAuHToCQZny2yjKJ1qD7ZeIIHVCNXPVKMfqycClBYMUAU-EvfkF7uoITqAOx9a8L-62MMMzHC28N-tLuMQhWk68WninLa74y6f5TpuqNXc56v2dtJch5vUeEY7n1IjoDyTchltjWz0aCSeKVV-pM4idYjPcjtwtz5DQfRRmvTfTXlj2E6tv2874y1KMtS6hfv-lPh24v4tDsRoQkTTTV77OiOy7tutdMDM3sWgFRH6ld1nkg32g0q9yoYKtc1cjcxFC7Q3E3PJaNtNj8dfHocDxPbpW1ycFfcVYhb9i9tPqcKcvROvvg' \
    -d '{"name":"Best Corp.","label":"BEST-CORP","auth0ConnectionId":"auth0-opaque-connection","identityProviderName":"Corp SAML","auth0ConnectionType":"Enterprise"}'

Example response

HTTP/1.1 201 Created
Content-Type: application/json
Content-Length: 763

{
  "id" : "c5519317-ade9-4ac0-a1e6-28cf11acf18a",
  "name" : "Best Corp.",
  "label" : "BEST-CORP",
  "identityProviders" : [ {
    "id" : "dbe182c6-79a1-494f-a55b-363a166599ef",
    "organizationId" : "c5519317-ade9-4ac0-a1e6-28cf11acf18a",
    "auth0ConnectionId" : "auth0-opaque-connection",
    "name" : "Best Corp.",
    "auth0ConnectionType" : "Enterprise",
    "active" : true,
    "createdAt" : {
      "nano" : 789632000,
      "epochSecond" : 1715800150
    },
    "updatedAt" : null,
    "deletedAt" : null
  } ],
  "defaultRoles" : [ ],
  "openIdProviders" : [ ],
  "active" : true,
  "mfaProvider" : null,
  "createdAt" : {
    "nano" : 783178000,
    "epochSecond" : 1715800150
  },
  "updatedAt" : null,
  "deletedAt" : null,
  "deleted" : false
}

Activate Or Deactivate Organization

PUT /organizations/{id}/{action:activate|deactivate}

Authorization

Valid Authorization Bearer token required, along with a permission grant authorizing access to any referenced resources.

Path parameters

Parameter Type Optional Description

id

Object

false

action

String

false

Query parameters

No parameters.

Request fields

No request body.

Response fields

Path Type Optional Description

id

String

true

name

String

true

Used for display purposes. Not unique or private.

label

String

true

A short value, containing only letters, numbers and dashes, which could be used as a label in a vanity domain. This label uniquely identifies the Organization, and is the key by which organization users indicate the organization within which they intend to authenticate. Note: A deleted organization looses its label. Such organizations will have a label value that combines the organization id with the prior label value. This maintains the constraint that all organization labels are unique, and frees the prior organization label value for reclamation. Obviously a deleted organization’s label will no longer meet the validation constraints of a live organization label.

identityProviders

Array[Object]

true

The set of active (not marked deleted nor deactivated) {@link IdentityProvider}s assigned to this Organization. It is possible for this set to be null. For access to inactive or deleted IdentityProviders, access the IdentityProvider API endpoint directly.

identityProviders[].id

String

true

identityProviders[].organizationId

String

true

The id of the {@link Organization} that this provider will authenticate users into.

identityProviders[].auth0ConnectionId

String

true

The auth0 generated id of the auth0 connection that this IdentityProvider represents.

identityProviders[].name

String

true

Used for display purposes. Not unique or private.

identityProviders[].auth0ConnectionType

String

true

Must be one of [Database, Social, Enterprise, Passwordless].

identityProviders[].active

Boolean

true

identityProviders[].createdAt

Object

true

identityProviders[].updatedAt

Object

true

identityProviders[].deletedAt

Object

true

defaultRoles

Array[Object]

true

The set of {@link DefaultRole}s assigned to this Organization.

defaultRoles[].id

String

true

defaultRoles[].organizationId

String

true

The id of the {@link Organization} that this default role applies to. All User and API Account Identities that are created in the organization without explicit permissions at the time of creation, will be granted this role and any other default roles that apply to the organization.

defaultRoles[].name

String

true

Used for display purposes. Not unique or private.

defaultRoles[].roleType

String

true

The type of the role identified by the {@link #roleId roleId}.

Must be one of [Standard, Custom].

defaultRoles[].roleId

String

true

The id of the role as defined by the authorization service.

defaultRoles[].createdBy

String

true

defaultRoles[].createdAt

Object

true

defaultRoles[].deletedAt

Object

true

defaultRoles[].deletedBy

String

true

defaultRoles[].deleted

Boolean

true

openIdProviders

Array[Object]

true

The set of {@link DefaultRole}s assigned to this Organization.

openIdProviders[].id

String

true

openIdProviders[].organizationId

String

true

The id of the {@link Organization} that this provider will authenticate users into.

openIdProviders[].name

String

true

Used for display purposes. Not unique or private.

openIdProviders[].clientId

String

true

An Open Id Provider / OAuth 2.0 Authorization Server issues a "clientId", which is "a unique string representing the registration information provided by the client." - OAuth 2.0 spec, sec 2.2 Required, never null or empty. While the specification does not limit the size of this property, this service sets a max size of 256 characters.

openIdProviders[].issuer

String

true

This MUST be identical to the iss Claim value in ID Tokens issued from this Issuer, and should be a URL.

openIdProviders[].authorizationEndpoint

String

true

URL of the Open Id Provider’s OAuth 2.0 Authorization Endpoint. This URL MUST use the https scheme and MAY contain port, path, and query parameter components.

openIdProviders[].tokenEndpoint

String

true

URL of the Open Id Provider’s OAuth 2.0 Token Endpoint. This URL MUST use the https scheme and MAY contain port, path, and query parameter components.

openIdProviders[].userInfoEndpoint

String

true

URL of the Open Id Provider’s UserInfo Endpoint. This URL MUST use the https scheme and MAY contain port, path, and query parameter components.

openIdProviders[].jwksUri

String

true

URL of the Open Id Provider’s JWK Set document, which MUST use the https scheme. This contains the signing key(s) which can be used to validate token signatures of tokens issued by this Open Id Provider.

openIdProviders[].active

Boolean

true

openIdProviders[].createdBy

String

true

openIdProviders[].createdAt

Object

true

openIdProviders[].deletedAt

Object

true

openIdProviders[].deletedBy

String

true

openIdProviders[].deleted

Boolean

true

active

Boolean

true

mfaProvider

String

true

Specifies an Auth0 compliant MFA provider. When set, it will trigger MFA on authentication via Auth0. If null, then the organization does not require MFA.

Must be one of [None, GoogleAuthenticator].

createdAt

Object

true

updatedAt

Object

true

deletedAt

Object

true

deleted

Boolean

true

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/organizations/f485dfa0-6d07-44db-a427-efcc822dd7bc/deactivate' -i -X PUT \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJkMzB2eURpRlk3Y0wxa0lRZlBkbmV3IiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6IjI2MTMxNWViLWE0YWEtNDY4NS1hYjAyLWUzMmJkNDJlNzY5ZCIsImF1ZCI6ImlkZW50aXR5IiwiaWF0IjoxNzE1ODAwMTUwLCJleHAiOjE3MTU4MDM3NTAsInBvbGljaWVzIjpbeyJyZXNvdXJjZXMiOlsibmZybjoqIl0sImFjdGlvbnMiOlsiKjoqIl19XSwiZ3JhbnRzLXN1cGVyIjoiW3tcImlkXCI6XCI0NTEwNmEzZi1jNjU3LTQ4YmMtYjVmNS0wYWFkNWQ5ODg0MGNcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNDh9LHtcImlkXCI6XCI1YjY4OWFmYi1lNmNiLTQyY2EtYmYwZC0wNzQ3ZjExZDkwZjBcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNDV9LHtcImlkXCI6XCIxZWY3NzQzNC1mYjI0LTQ2MmQtOGIwNS03ZmQ5MThiYjAzZjJcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTB9XSIsImdyYW50cy1jdXN0b20iOiJbXSIsImdyYW50cy1wdWJsaWMiOiJbXSIsImdyYW50cy1hY3Rpb24iOiJbXSIsImdyYW50cy1zdGFuZGFyZCI6IltdIn0.hbOAdIOkIO0yIEjuDKExd2RHYsEHpeEl3hAAuHToCQZny2yjKJ1qD7ZeIIHVCNXPVKMfqycClBYMUAU-EvfkF7uoITqAOx9a8L-62MMMzHC28N-tLuMQhWk68WninLa74y6f5TpuqNXc56v2dtJch5vUeEY7n1IjoDyTchltjWz0aCSeKVV-pM4idYjPcjtwtz5DQfRRmvTfTXlj2E6tv2874y1KMtS6hfv-lPh24v4tDsRoQkTTTV77OiOy7tutdMDM3sWgFRH6ld1nkg32g0q9yoYKtc1cjcxFC7Q3E3PJaNtNj8dfHocDxPbpW1ycFfcVYhb9i9tPqcKcvROvvg'

Example response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 842

{
  "id" : "f485dfa0-6d07-44db-a427-efcc822dd7bc",
  "name" : "World Wide Imports",
  "label" : "WW-Imports-27",
  "identityProviders" : [ {
    "id" : "ae02ae0f-4862-43f9-99df-c58d61b7a067",
    "organizationId" : "f485dfa0-6d07-44db-a427-efcc822dd7bc",
    "auth0ConnectionId" : "auth0-opaque-connectionId-28",
    "name" : "Username/Password",
    "auth0ConnectionType" : "Database",
    "active" : true,
    "createdAt" : {
      "nano" : 519017000,
      "epochSecond" : 1715800153
    },
    "updatedAt" : null,
    "deletedAt" : null
  } ],
  "defaultRoles" : [ ],
  "openIdProviders" : [ ],
  "active" : false,
  "mfaProvider" : null,
  "createdAt" : {
    "nano" : 512172000,
    "epochSecond" : 1715800153
  },
  "updatedAt" : {
    "nano" : 597000000,
    "epochSecond" : 1715800153
  },
  "deletedAt" : null,
  "deleted" : false
}

Add Identity Provider (deprecated)

POST /organizations/{id}/identity-providers

Deprecated.

Authorization

Valid Authorization Bearer token required, along with a permission grant authorizing access to any referenced resources.

Path parameters

Parameter Type Optional Description

id

Object

false

Query parameters

No parameters.

Request fields

Path Type Optional Description

auth0ConnectionId

String

true

identityProviderName

String

true

auth0ConnectionType

String

true

Must be one of [Database, Social, Enterprise, Passwordless].

Response fields

Path Type Optional Description

id

String

true

name

String

true

Used for display purposes. Not unique or private.

label

String

true

A short value, containing only letters, numbers and dashes, which could be used as a label in a vanity domain. This label uniquely identifies the Organization, and is the key by which organization users indicate the organization within which they intend to authenticate. Note: A deleted organization looses its label. Such organizations will have a label value that combines the organization id with the prior label value. This maintains the constraint that all organization labels are unique, and frees the prior organization label value for reclamation. Obviously a deleted organization’s label will no longer meet the validation constraints of a live organization label.

identityProviders

Array[Object]

true

The set of active (not marked deleted nor deactivated) {@link IdentityProvider}s assigned to this Organization. It is possible for this set to be null. For access to inactive or deleted IdentityProviders, access the IdentityProvider API endpoint directly.

identityProviders[].id

String

true

identityProviders[].organizationId

String

true

The id of the {@link Organization} that this provider will authenticate users into.

identityProviders[].auth0ConnectionId

String

true

The auth0 generated id of the auth0 connection that this IdentityProvider represents.

identityProviders[].name

String

true

Used for display purposes. Not unique or private.

identityProviders[].auth0ConnectionType

String

true

Must be one of [Database, Social, Enterprise, Passwordless].

identityProviders[].active

Boolean

true

identityProviders[].createdAt

Object

true

identityProviders[].updatedAt

Object

true

identityProviders[].deletedAt

Object

true

defaultRoles

Array[Object]

true

The set of {@link DefaultRole}s assigned to this Organization.

defaultRoles[].id

String

true

defaultRoles[].organizationId

String

true

The id of the {@link Organization} that this default role applies to. All User and API Account Identities that are created in the organization without explicit permissions at the time of creation, will be granted this role and any other default roles that apply to the organization.

defaultRoles[].name

String

true

Used for display purposes. Not unique or private.

defaultRoles[].roleType

String

true

The type of the role identified by the {@link #roleId roleId}.

Must be one of [Standard, Custom].

defaultRoles[].roleId

String

true

The id of the role as defined by the authorization service.

defaultRoles[].createdBy

String

true

defaultRoles[].createdAt

Object

true

defaultRoles[].deletedAt

Object

true

defaultRoles[].deletedBy

String

true

defaultRoles[].deleted

Boolean

true

openIdProviders

Array[Object]

true

The set of {@link DefaultRole}s assigned to this Organization.

openIdProviders[].id

String

true

openIdProviders[].organizationId

String

true

The id of the {@link Organization} that this provider will authenticate users into.

openIdProviders[].name

String

true

Used for display purposes. Not unique or private.

openIdProviders[].clientId

String

true

An Open Id Provider / OAuth 2.0 Authorization Server issues a "clientId", which is "a unique string representing the registration information provided by the client." - OAuth 2.0 spec, sec 2.2 Required, never null or empty. While the specification does not limit the size of this property, this service sets a max size of 256 characters.

openIdProviders[].issuer

String

true

This MUST be identical to the iss Claim value in ID Tokens issued from this Issuer, and should be a URL.

openIdProviders[].authorizationEndpoint

String

true

URL of the Open Id Provider’s OAuth 2.0 Authorization Endpoint. This URL MUST use the https scheme and MAY contain port, path, and query parameter components.

openIdProviders[].tokenEndpoint

String

true

URL of the Open Id Provider’s OAuth 2.0 Token Endpoint. This URL MUST use the https scheme and MAY contain port, path, and query parameter components.

openIdProviders[].userInfoEndpoint

String

true

URL of the Open Id Provider’s UserInfo Endpoint. This URL MUST use the https scheme and MAY contain port, path, and query parameter components.

openIdProviders[].jwksUri

String

true

URL of the Open Id Provider’s JWK Set document, which MUST use the https scheme. This contains the signing key(s) which can be used to validate token signatures of tokens issued by this Open Id Provider.

openIdProviders[].active

Boolean

true

openIdProviders[].createdBy

String

true

openIdProviders[].createdAt

Object

true

openIdProviders[].deletedAt

Object

true

openIdProviders[].deletedBy

String

true

openIdProviders[].deleted

Boolean

true

active

Boolean

true

mfaProvider

String

true

Specifies an Auth0 compliant MFA provider. When set, it will trigger MFA on authentication via Auth0. If null, then the organization does not require MFA.

Must be one of [None, GoogleAuthenticator].

createdAt

Object

true

updatedAt

Object

true

deletedAt

Object

true

deleted

Boolean

true

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/organizations/3a7b3d00-70f3-4a9c-8c64-659a217941f1/identity-providers' -i -X POST \
    -H 'Content-Type: application/json' \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJkMzB2eURpRlk3Y0wxa0lRZlBkbmV3IiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6IjI2MTMxNWViLWE0YWEtNDY4NS1hYjAyLWUzMmJkNDJlNzY5ZCIsImF1ZCI6ImlkZW50aXR5IiwiaWF0IjoxNzE1ODAwMTUwLCJleHAiOjE3MTU4MDM3NTAsInBvbGljaWVzIjpbeyJyZXNvdXJjZXMiOlsibmZybjoqIl0sImFjdGlvbnMiOlsiKjoqIl19XSwiZ3JhbnRzLXN1cGVyIjoiW3tcImlkXCI6XCI0NTEwNmEzZi1jNjU3LTQ4YmMtYjVmNS0wYWFkNWQ5ODg0MGNcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNDh9LHtcImlkXCI6XCI1YjY4OWFmYi1lNmNiLTQyY2EtYmYwZC0wNzQ3ZjExZDkwZjBcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNDV9LHtcImlkXCI6XCIxZWY3NzQzNC1mYjI0LTQ2MmQtOGIwNS03ZmQ5MThiYjAzZjJcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTB9XSIsImdyYW50cy1jdXN0b20iOiJbXSIsImdyYW50cy1wdWJsaWMiOiJbXSIsImdyYW50cy1hY3Rpb24iOiJbXSIsImdyYW50cy1zdGFuZGFyZCI6IltdIn0.hbOAdIOkIO0yIEjuDKExd2RHYsEHpeEl3hAAuHToCQZny2yjKJ1qD7ZeIIHVCNXPVKMfqycClBYMUAU-EvfkF7uoITqAOx9a8L-62MMMzHC28N-tLuMQhWk68WninLa74y6f5TpuqNXc56v2dtJch5vUeEY7n1IjoDyTchltjWz0aCSeKVV-pM4idYjPcjtwtz5DQfRRmvTfTXlj2E6tv2874y1KMtS6hfv-lPh24v4tDsRoQkTTTV77OiOy7tutdMDM3sWgFRH6ld1nkg32g0q9yoYKtc1cjcxFC7Q3E3PJaNtNj8dfHocDxPbpW1ycFfcVYhb9i9tPqcKcvROvvg' \
    -d '{"auth0ConnectionId":"auth0-opaque-connection","identityProviderName":"Corp SAML","auth0ConnectionType":"Enterprise"}'

Example response

HTTP/1.1 201 Created
Content-Type: application/json
Content-Length: 1181

{
  "id" : "3a7b3d00-70f3-4a9c-8c64-659a217941f1",
  "name" : "World Wide Imports",
  "label" : "WW-Imports-25",
  "identityProviders" : [ {
    "id" : "174b58f1-a82a-4b32-b85c-fb79ae481045",
    "organizationId" : "3a7b3d00-70f3-4a9c-8c64-659a217941f1",
    "auth0ConnectionId" : "auth0-opaque-connectionId-26",
    "name" : "Username/Password",
    "auth0ConnectionType" : "Database",
    "active" : true,
    "createdAt" : {
      "nano" : 860970000,
      "epochSecond" : 1715800152
    },
    "updatedAt" : null,
    "deletedAt" : null
  }, {
    "id" : "c9d59d98-0890-441f-9caf-7498639ecb61",
    "organizationId" : "3a7b3d00-70f3-4a9c-8c64-659a217941f1",
    "auth0ConnectionId" : "auth0-opaque-connection",
    "name" : "Corp SAML",
    "auth0ConnectionType" : "Enterprise",
    "active" : true,
    "createdAt" : {
      "nano" : 997282000,
      "epochSecond" : 1715800152
    },
    "updatedAt" : null,
    "deletedAt" : null
  } ],
  "defaultRoles" : [ ],
  "openIdProviders" : [ ],
  "active" : true,
  "mfaProvider" : null,
  "createdAt" : {
    "nano" : 851967000,
    "epochSecond" : 1715800152
  },
  "updatedAt" : null,
  "deletedAt" : null,
  "deleted" : false
}

Identity Providers

Find Identity Providers

GET /identity-providers

Authorization

Valid Authorization Bearer token required, along with a permission grant authorizing access to any referenced resources.

Path parameters

No parameters.

Query parameters

Supports standard paging query parameters.

Parameter Type Optional Description

name

String

true

organizationId

Object

true

auth0ConnectionId

Object

true

auth0ConnectionType

Object

true

active

Boolean

true

deleted

Object

true

Request fields

No request body.

Response fields

Standard paging response where content field is list of following objects:

Path Type Optional Description

id

String

true

organizationId

String

true

The id of the {@link Organization} that this provider will authenticate users into.

auth0ConnectionId

String

true

The auth0 generated id of the auth0 connection that this IdentityProvider represents.

name

String

true

Used for display purposes. Not unique or private.

auth0ConnectionType

String

true

Must be one of [Database, Social, Enterprise, Passwordless].

active

Boolean

true

createdAt

Object

true

updatedAt

Object

true

deletedAt

Object

true

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/identity-providers' -i -X GET \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiI1TjRrc2x1SWh0MzFfUmVYSzBNVmhnIiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6IjI2MTMxNWViLWE0YWEtNDY4NS1hYjAyLWUzMmJkNDJlNzY5ZCIsImF1ZCI6ImlkZW50aXR5IiwiaWF0IjoxNzE1ODAwMjAzLCJleHAiOjE3MTU4MDM4MDMsInBvbGljaWVzIjpbeyJyZXNvdXJjZXMiOlsibmZybjoqIl0sImFjdGlvbnMiOlsiKjoqIl19XSwiZ3JhbnRzLXN1cGVyIjoiW3tcImlkXCI6XCJiNzJlYTI4MS05ZDBkLTQ4NTktOWViMS1iN2Y0NGI0ZDllNjBcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTZ9LHtcImlkXCI6XCI3NWRiZmNiYy1lNDkxLTQwZDMtODY5OC0wN2JmMWNjMzA4NTlcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAyMDN9LHtcImlkXCI6XCI0NTEwNmEzZi1jNjU3LTQ4YmMtYjVmNS0wYWFkNWQ5ODg0MGNcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNDh9LHtcImlkXCI6XCJmNWFlMzViMC01MjQwLTQzOTQtODA0Ni02NzA4ZTcxNWYzYzlcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTl9LHtcImlkXCI6XCIyNGU3ODRjOC03MGQ4LTQ1NTAtOTczNi01YTIwYjdhN2VhNDJcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTR9LHtcImlkXCI6XCI1YjY4OWFmYi1lNmNiLTQyY2EtYmYwZC0wNzQ3ZjExZDkwZjBcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNDV9LHtcImlkXCI6XCI5MmU1NGE4Zi00YmMwLTQ3NjYtYWY2MS1jMzgzY2Q5OGQzODBcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTd9LHtcImlkXCI6XCI2NzA2NzExYy03YjIwLTRjZGEtOGY2ZC05OTc4ZTM2MTc3MTdcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTV9LHtcImlkXCI6XCIxZWY3NzQzNC1mYjI0LTQ2MmQtOGIwNS03ZmQ5MThiYjAzZjJcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTB9LHtcImlkXCI6XCI4MGY2OTVjNi04MzgyLTRjMGMtOTM0Yy01YmEwODllMGEyNzJcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNjF9XSIsImdyYW50cy1jdXN0b20iOiJbXSIsImdyYW50cy1wdWJsaWMiOiJbXSIsImdyYW50cy1hY3Rpb24iOiJbXSIsImdyYW50cy1zdGFuZGFyZCI6IltdIn0.CcospQVYdUmHPHxlBFZzUvI5bCkpssgM53L01ZNeAYwOzD-ogA1v5Vk1Huwj0phjc6_MlyZim9O8IYw4R0fPegYdDYEcUQs2RBKs4R_O-5El2FuqSgQBG01OTPHyvtweXmCi5b2cEDfKJ7rMo-JPsdFcCxjAsR3-jTPvrrVwGwvmo9hp5Xe0hRXWsJv9Kz3zJAmy5R4hwnQImpMRFs4Y8hoXFnG9b5OyJd1WG3lnSlQLuPp8NEqJZ_BN0LbVXX-Su7NJCm7wv12kXQwBuWTQJX8Vgy7SbMx0nfDEmcuu7ZzfDbWHglnuUdToecSbOziinA9NNyHBEcRBu_gyxtac9Q'

Example response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 1137

[ {
  "id" : "0cefe2c1-d4e4-4db2-8cf1-e53ee6ef3047",
  "organizationId" : "95068bb0-864b-4930-b06e-9acf4957c826",
  "auth0ConnectionId" : "google-oauth2",
  "name" : "NetFoundry Google Account",
  "auth0ConnectionType" : "Social",
  "active" : true,
  "createdAt" : {
    "nano" : 306758000,
    "epochSecond" : 1715800143
  },
  "updatedAt" : null,
  "deletedAt" : null
}, {
  "id" : "174b58f1-a82a-4b32-b85c-fb79ae481045",
  "organizationId" : "3a7b3d00-70f3-4a9c-8c64-659a217941f1",
  "auth0ConnectionId" : "auth0-opaque-connectionId-26",
  "name" : "Username/Password",
  "auth0ConnectionType" : "Database",
  "active" : true,
  "createdAt" : {
    "nano" : 860970000,
    "epochSecond" : 1715800152
  },
  "updatedAt" : null,
  "deletedAt" : null
}, {
  "id" : "1794e883-bc3b-4771-b02f-dbf37ed0a775",
  "organizationId" : "7a00a5c5-27d3-4b71-8c93-f1864a349293",
  "auth0ConnectionId" : "auth0-opaque-connectionId-172",
  "name" : "Username/Password",
  "auth0ConnectionType" : "Database",
  "active" : true,
  "createdAt" : {
    "nano" : 952219000,
    "epochSecond" : 1715800203
  },
  "updatedAt" : null,
  "deletedAt" : null
} ]

Get Identity Provider

GET /identity-providers/{id}

Authorization

Valid Authorization Bearer token required, along with a permission grant authorizing access to any referenced resources.

Path parameters

Parameter Type Optional Description

id

Object

false

Query parameters

No parameters.

Request fields

No request body.

Response fields

Path Type Optional Description

id

String

true

organizationId

String

true

The id of the {@link Organization} that this provider will authenticate users into.

auth0ConnectionId

String

true

The auth0 generated id of the auth0 connection that this IdentityProvider represents.

name

String

true

Used for display purposes. Not unique or private.

auth0ConnectionType

String

true

Must be one of [Database, Social, Enterprise, Passwordless].

active

Boolean

true

createdAt

Object

true

updatedAt

Object

true

deletedAt

Object

true

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/identity-providers/f052a343-ea06-4d50-9be3-3a31e5d90074' -i -X GET \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiI1TjRrc2x1SWh0MzFfUmVYSzBNVmhnIiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6IjI2MTMxNWViLWE0YWEtNDY4NS1hYjAyLWUzMmJkNDJlNzY5ZCIsImF1ZCI6ImlkZW50aXR5IiwiaWF0IjoxNzE1ODAwMjAzLCJleHAiOjE3MTU4MDM4MDMsInBvbGljaWVzIjpbeyJyZXNvdXJjZXMiOlsibmZybjoqIl0sImFjdGlvbnMiOlsiKjoqIl19XSwiZ3JhbnRzLXN1cGVyIjoiW3tcImlkXCI6XCJiNzJlYTI4MS05ZDBkLTQ4NTktOWViMS1iN2Y0NGI0ZDllNjBcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTZ9LHtcImlkXCI6XCI3NWRiZmNiYy1lNDkxLTQwZDMtODY5OC0wN2JmMWNjMzA4NTlcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAyMDN9LHtcImlkXCI6XCI0NTEwNmEzZi1jNjU3LTQ4YmMtYjVmNS0wYWFkNWQ5ODg0MGNcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNDh9LHtcImlkXCI6XCJmNWFlMzViMC01MjQwLTQzOTQtODA0Ni02NzA4ZTcxNWYzYzlcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTl9LHtcImlkXCI6XCIyNGU3ODRjOC03MGQ4LTQ1NTAtOTczNi01YTIwYjdhN2VhNDJcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTR9LHtcImlkXCI6XCI1YjY4OWFmYi1lNmNiLTQyY2EtYmYwZC0wNzQ3ZjExZDkwZjBcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNDV9LHtcImlkXCI6XCI5MmU1NGE4Zi00YmMwLTQ3NjYtYWY2MS1jMzgzY2Q5OGQzODBcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTd9LHtcImlkXCI6XCI2NzA2NzExYy03YjIwLTRjZGEtOGY2ZC05OTc4ZTM2MTc3MTdcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTV9LHtcImlkXCI6XCIxZWY3NzQzNC1mYjI0LTQ2MmQtOGIwNS03ZmQ5MThiYjAzZjJcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTB9LHtcImlkXCI6XCI4MGY2OTVjNi04MzgyLTRjMGMtOTM0Yy01YmEwODllMGEyNzJcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNjF9XSIsImdyYW50cy1jdXN0b20iOiJbXSIsImdyYW50cy1wdWJsaWMiOiJbXSIsImdyYW50cy1hY3Rpb24iOiJbXSIsImdyYW50cy1zdGFuZGFyZCI6IltdIn0.CcospQVYdUmHPHxlBFZzUvI5bCkpssgM53L01ZNeAYwOzD-ogA1v5Vk1Huwj0phjc6_MlyZim9O8IYw4R0fPegYdDYEcUQs2RBKs4R_O-5El2FuqSgQBG01OTPHyvtweXmCi5b2cEDfKJ7rMo-JPsdFcCxjAsR3-jTPvrrVwGwvmo9hp5Xe0hRXWsJv9Kz3zJAmy5R4hwnQImpMRFs4Y8hoXFnG9b5OyJd1WG3lnSlQLuPp8NEqJZ_BN0LbVXX-Su7NJCm7wv12kXQwBuWTQJX8Vgy7SbMx0nfDEmcuu7ZzfDbWHglnuUdToecSbOziinA9NNyHBEcRBu_gyxtac9Q'

Example response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 394

{
  "id" : "f052a343-ea06-4d50-9be3-3a31e5d90074",
  "organizationId" : "bed8e124-e63c-4659-8270-cbdece1eaf93",
  "auth0ConnectionId" : "auth0-opaque-connectionId-1",
  "name" : "ACME Federated Active Directory",
  "auth0ConnectionType" : "Enterprise",
  "active" : true,
  "createdAt" : {
    "nano" : 391179000,
    "epochSecond" : 1715800145
  },
  "updatedAt" : null,
  "deletedAt" : null
}

Create Identity Provider

POST /identity-providers

Authorization

Valid Authorization Bearer token required, along with a permission grant authorizing access to any referenced resources.

Path parameters

No parameters.

Query parameters

No parameters.

Request fields

Path Type Optional Description

organizationId

String

true

auth0ConnectionId

String

true

name

String

true

auth0ConnectionType

String

true

Must be one of [Database, Social, Enterprise, Passwordless].

Response fields

Path Type Optional Description

id

String

true

organizationId

String

true

The id of the {@link Organization} that this provider will authenticate users into.

auth0ConnectionId

String

true

The auth0 generated id of the auth0 connection that this IdentityProvider represents.

name

String

true

Used for display purposes. Not unique or private.

auth0ConnectionType

String

true

Must be one of [Database, Social, Enterprise, Passwordless].

active

Boolean

true

createdAt

Object

true

updatedAt

Object

true

deletedAt

Object

true

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/identity-providers' -i -X POST \
    -H 'Content-Type: application/json' \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiI1TjRrc2x1SWh0MzFfUmVYSzBNVmhnIiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6IjI2MTMxNWViLWE0YWEtNDY4NS1hYjAyLWUzMmJkNDJlNzY5ZCIsImF1ZCI6ImlkZW50aXR5IiwiaWF0IjoxNzE1ODAwMjAzLCJleHAiOjE3MTU4MDM4MDMsInBvbGljaWVzIjpbeyJyZXNvdXJjZXMiOlsibmZybjoqIl0sImFjdGlvbnMiOlsiKjoqIl19XSwiZ3JhbnRzLXN1cGVyIjoiW3tcImlkXCI6XCJiNzJlYTI4MS05ZDBkLTQ4NTktOWViMS1iN2Y0NGI0ZDllNjBcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTZ9LHtcImlkXCI6XCI3NWRiZmNiYy1lNDkxLTQwZDMtODY5OC0wN2JmMWNjMzA4NTlcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAyMDN9LHtcImlkXCI6XCI0NTEwNmEzZi1jNjU3LTQ4YmMtYjVmNS0wYWFkNWQ5ODg0MGNcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNDh9LHtcImlkXCI6XCJmNWFlMzViMC01MjQwLTQzOTQtODA0Ni02NzA4ZTcxNWYzYzlcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTl9LHtcImlkXCI6XCIyNGU3ODRjOC03MGQ4LTQ1NTAtOTczNi01YTIwYjdhN2VhNDJcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTR9LHtcImlkXCI6XCI1YjY4OWFmYi1lNmNiLTQyY2EtYmYwZC0wNzQ3ZjExZDkwZjBcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNDV9LHtcImlkXCI6XCI5MmU1NGE4Zi00YmMwLTQ3NjYtYWY2MS1jMzgzY2Q5OGQzODBcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTd9LHtcImlkXCI6XCI2NzA2NzExYy03YjIwLTRjZGEtOGY2ZC05OTc4ZTM2MTc3MTdcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTV9LHtcImlkXCI6XCIxZWY3NzQzNC1mYjI0LTQ2MmQtOGIwNS03ZmQ5MThiYjAzZjJcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTB9LHtcImlkXCI6XCI4MGY2OTVjNi04MzgyLTRjMGMtOTM0Yy01YmEwODllMGEyNzJcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNjF9XSIsImdyYW50cy1jdXN0b20iOiJbXSIsImdyYW50cy1wdWJsaWMiOiJbXSIsImdyYW50cy1hY3Rpb24iOiJbXSIsImdyYW50cy1zdGFuZGFyZCI6IltdIn0.CcospQVYdUmHPHxlBFZzUvI5bCkpssgM53L01ZNeAYwOzD-ogA1v5Vk1Huwj0phjc6_MlyZim9O8IYw4R0fPegYdDYEcUQs2RBKs4R_O-5El2FuqSgQBG01OTPHyvtweXmCi5b2cEDfKJ7rMo-JPsdFcCxjAsR3-jTPvrrVwGwvmo9hp5Xe0hRXWsJv9Kz3zJAmy5R4hwnQImpMRFs4Y8hoXFnG9b5OyJd1WG3lnSlQLuPp8NEqJZ_BN0LbVXX-Su7NJCm7wv12kXQwBuWTQJX8Vgy7SbMx0nfDEmcuu7ZzfDbWHglnuUdToecSbOziinA9NNyHBEcRBu_gyxtac9Q' \
    -d '{"organizationId":"7a00a5c5-27d3-4b71-8c93-f1864a349293","auth0ConnectionId":"auth0-opaque-connection","name":"Corp SAML","auth0ConnectionType":"Enterprise"}'

Example response

HTTP/1.1 201 Created
Content-Type: application/json
Content-Length: 368

{
  "id" : "850dbbb7-0996-43f4-b979-53c523d01379",
  "organizationId" : "7a00a5c5-27d3-4b71-8c93-f1864a349293",
  "auth0ConnectionId" : "auth0-opaque-connection",
  "name" : "Corp SAML",
  "auth0ConnectionType" : "Enterprise",
  "active" : true,
  "createdAt" : {
    "nano" : 973320000,
    "epochSecond" : 1715800203
  },
  "updatedAt" : null,
  "deletedAt" : null
}

Update Identity Provider

PUT /identity-providers/{id}

Authorization

Valid Authorization Bearer token required, along with a permission grant authorizing access to any referenced resources.

Path parameters

Parameter Type Optional Description

id

Object

false

Query parameters

No parameters.

Request fields

Path Type Optional Description

name

String

true

Response fields

Path Type Optional Description

id

String

true

organizationId

String

true

The id of the {@link Organization} that this provider will authenticate users into.

auth0ConnectionId

String

true

The auth0 generated id of the auth0 connection that this IdentityProvider represents.

name

String

true

Used for display purposes. Not unique or private.

auth0ConnectionType

String

true

Must be one of [Database, Social, Enterprise, Passwordless].

active

Boolean

true

createdAt

Object

true

updatedAt

Object

true

deletedAt

Object

true

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/identity-providers/59242ca7-1f58-4718-92a5-d6ef3bf42770' -i -X PUT \
    -H 'Content-Type: application/json' \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiI1TjRrc2x1SWh0MzFfUmVYSzBNVmhnIiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6IjI2MTMxNWViLWE0YWEtNDY4NS1hYjAyLWUzMmJkNDJlNzY5ZCIsImF1ZCI6ImlkZW50aXR5IiwiaWF0IjoxNzE1ODAwMjAzLCJleHAiOjE3MTU4MDM4MDMsInBvbGljaWVzIjpbeyJyZXNvdXJjZXMiOlsibmZybjoqIl0sImFjdGlvbnMiOlsiKjoqIl19XSwiZ3JhbnRzLXN1cGVyIjoiW3tcImlkXCI6XCJiNzJlYTI4MS05ZDBkLTQ4NTktOWViMS1iN2Y0NGI0ZDllNjBcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTZ9LHtcImlkXCI6XCI3NWRiZmNiYy1lNDkxLTQwZDMtODY5OC0wN2JmMWNjMzA4NTlcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAyMDN9LHtcImlkXCI6XCI0NTEwNmEzZi1jNjU3LTQ4YmMtYjVmNS0wYWFkNWQ5ODg0MGNcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNDh9LHtcImlkXCI6XCJmNWFlMzViMC01MjQwLTQzOTQtODA0Ni02NzA4ZTcxNWYzYzlcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTl9LHtcImlkXCI6XCIyNGU3ODRjOC03MGQ4LTQ1NTAtOTczNi01YTIwYjdhN2VhNDJcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTR9LHtcImlkXCI6XCI1YjY4OWFmYi1lNmNiLTQyY2EtYmYwZC0wNzQ3ZjExZDkwZjBcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNDV9LHtcImlkXCI6XCI5MmU1NGE4Zi00YmMwLTQ3NjYtYWY2MS1jMzgzY2Q5OGQzODBcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTd9LHtcImlkXCI6XCI2NzA2NzExYy03YjIwLTRjZGEtOGY2ZC05OTc4ZTM2MTc3MTdcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTV9LHtcImlkXCI6XCIxZWY3NzQzNC1mYjI0LTQ2MmQtOGIwNS03ZmQ5MThiYjAzZjJcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTB9LHtcImlkXCI6XCI4MGY2OTVjNi04MzgyLTRjMGMtOTM0Yy01YmEwODllMGEyNzJcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNjF9XSIsImdyYW50cy1jdXN0b20iOiJbXSIsImdyYW50cy1wdWJsaWMiOiJbXSIsImdyYW50cy1hY3Rpb24iOiJbXSIsImdyYW50cy1zdGFuZGFyZCI6IltdIn0.CcospQVYdUmHPHxlBFZzUvI5bCkpssgM53L01ZNeAYwOzD-ogA1v5Vk1Huwj0phjc6_MlyZim9O8IYw4R0fPegYdDYEcUQs2RBKs4R_O-5El2FuqSgQBG01OTPHyvtweXmCi5b2cEDfKJ7rMo-JPsdFcCxjAsR3-jTPvrrVwGwvmo9hp5Xe0hRXWsJv9Kz3zJAmy5R4hwnQImpMRFs4Y8hoXFnG9b5OyJd1WG3lnSlQLuPp8NEqJZ_BN0LbVXX-Su7NJCm7wv12kXQwBuWTQJX8Vgy7SbMx0nfDEmcuu7ZzfDbWHglnuUdToecSbOziinA9NNyHBEcRBu_gyxtac9Q' \
    -d '{"name":"New IdP Name"}'

Example response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 431

{
  "id" : "59242ca7-1f58-4718-92a5-d6ef3bf42770",
  "organizationId" : "4daeb240-8300-44ea-8b7c-c62a5b98d2fe",
  "auth0ConnectionId" : "auth0-opaque-connectionId-178",
  "name" : "New IdP Name",
  "auth0ConnectionType" : "Database",
  "active" : true,
  "createdAt" : {
    "nano" : 214000000,
    "epochSecond" : 1715800204
  },
  "updatedAt" : {
    "nano" : 241860000,
    "epochSecond" : 1715800204
  },
  "deletedAt" : null
}

Activate Or Deactivate Identity Provider

PUT /identity-providers/{id}/{action:activate|deactivate}

Authorization

Valid Authorization Bearer token required, along with a permission grant authorizing access to any referenced resources.

Path parameters

Parameter Type Optional Description

id

Object

false

action

String

false

Query parameters

No parameters.

Request fields

No request body.

Response fields

Path Type Optional Description

id

String

true

organizationId

String

true

The id of the {@link Organization} that this provider will authenticate users into.

auth0ConnectionId

String

true

The auth0 generated id of the auth0 connection that this IdentityProvider represents.

name

String

true

Used for display purposes. Not unique or private.

auth0ConnectionType

String

true

Must be one of [Database, Social, Enterprise, Passwordless].

active

Boolean

true

createdAt

Object

true

updatedAt

Object

true

deletedAt

Object

true

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/identity-providers/510023f3-86c0-4fae-abac-27efd04e2123/activate' -i -X PUT \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiI1TjRrc2x1SWh0MzFfUmVYSzBNVmhnIiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6IjI2MTMxNWViLWE0YWEtNDY4NS1hYjAyLWUzMmJkNDJlNzY5ZCIsImF1ZCI6ImlkZW50aXR5IiwiaWF0IjoxNzE1ODAwMjAzLCJleHAiOjE3MTU4MDM4MDMsInBvbGljaWVzIjpbeyJyZXNvdXJjZXMiOlsibmZybjoqIl0sImFjdGlvbnMiOlsiKjoqIl19XSwiZ3JhbnRzLXN1cGVyIjoiW3tcImlkXCI6XCJiNzJlYTI4MS05ZDBkLTQ4NTktOWViMS1iN2Y0NGI0ZDllNjBcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTZ9LHtcImlkXCI6XCI3NWRiZmNiYy1lNDkxLTQwZDMtODY5OC0wN2JmMWNjMzA4NTlcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAyMDN9LHtcImlkXCI6XCI0NTEwNmEzZi1jNjU3LTQ4YmMtYjVmNS0wYWFkNWQ5ODg0MGNcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNDh9LHtcImlkXCI6XCJmNWFlMzViMC01MjQwLTQzOTQtODA0Ni02NzA4ZTcxNWYzYzlcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTl9LHtcImlkXCI6XCIyNGU3ODRjOC03MGQ4LTQ1NTAtOTczNi01YTIwYjdhN2VhNDJcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTR9LHtcImlkXCI6XCI1YjY4OWFmYi1lNmNiLTQyY2EtYmYwZC0wNzQ3ZjExZDkwZjBcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNDV9LHtcImlkXCI6XCI5MmU1NGE4Zi00YmMwLTQ3NjYtYWY2MS1jMzgzY2Q5OGQzODBcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTd9LHtcImlkXCI6XCI2NzA2NzExYy03YjIwLTRjZGEtOGY2ZC05OTc4ZTM2MTc3MTdcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTV9LHtcImlkXCI6XCIxZWY3NzQzNC1mYjI0LTQ2MmQtOGIwNS03ZmQ5MThiYjAzZjJcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTB9LHtcImlkXCI6XCI4MGY2OTVjNi04MzgyLTRjMGMtOTM0Yy01YmEwODllMGEyNzJcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNjF9XSIsImdyYW50cy1jdXN0b20iOiJbXSIsImdyYW50cy1wdWJsaWMiOiJbXSIsImdyYW50cy1hY3Rpb24iOiJbXSIsImdyYW50cy1zdGFuZGFyZCI6IltdIn0.CcospQVYdUmHPHxlBFZzUvI5bCkpssgM53L01ZNeAYwOzD-ogA1v5Vk1Huwj0phjc6_MlyZim9O8IYw4R0fPegYdDYEcUQs2RBKs4R_O-5El2FuqSgQBG01OTPHyvtweXmCi5b2cEDfKJ7rMo-JPsdFcCxjAsR3-jTPvrrVwGwvmo9hp5Xe0hRXWsJv9Kz3zJAmy5R4hwnQImpMRFs4Y8hoXFnG9b5OyJd1WG3lnSlQLuPp8NEqJZ_BN0LbVXX-Su7NJCm7wv12kXQwBuWTQJX8Vgy7SbMx0nfDEmcuu7ZzfDbWHglnuUdToecSbOziinA9NNyHBEcRBu_gyxtac9Q'

Example response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 379

{
  "id" : "510023f3-86c0-4fae-abac-27efd04e2123",
  "organizationId" : "9257c8b1-c5b1-4484-896b-9485c0e5ed3a",
  "auth0ConnectionId" : "auth0-opaque-connectionId-174",
  "name" : "Username/Password",
  "auth0ConnectionType" : "Database",
  "active" : true,
  "createdAt" : {
    "nano" : 40376000,
    "epochSecond" : 1715800204
  },
  "updatedAt" : null,
  "deletedAt" : null
}

Delete Identity Provider

DELETE /identity-providers/{id}

Authorization

Valid Authorization Bearer token required, along with a permission grant authorizing access to any referenced resources.

Path parameters

Parameter Type Optional Description

id

Object

false

Query parameters

No parameters.

Request fields

No request body.

Response fields

Path Type Optional Description

id

String

true

organizationId

String

true

The id of the {@link Organization} that this provider will authenticate users into.

auth0ConnectionId

String

true

The auth0 generated id of the auth0 connection that this IdentityProvider represents.

name

String

true

Used for display purposes. Not unique or private.

auth0ConnectionType

String

true

Must be one of [Database, Social, Enterprise, Passwordless].

active

Boolean

true

createdAt

Object

true

updatedAt

Object

true

deletedAt

Object

true

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/identity-providers/e83c81d8-5798-49e5-9299-4b8069a65aec' -i -X DELETE \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiI1TjRrc2x1SWh0MzFfUmVYSzBNVmhnIiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6IjI2MTMxNWViLWE0YWEtNDY4NS1hYjAyLWUzMmJkNDJlNzY5ZCIsImF1ZCI6ImlkZW50aXR5IiwiaWF0IjoxNzE1ODAwMjAzLCJleHAiOjE3MTU4MDM4MDMsInBvbGljaWVzIjpbeyJyZXNvdXJjZXMiOlsibmZybjoqIl0sImFjdGlvbnMiOlsiKjoqIl19XSwiZ3JhbnRzLXN1cGVyIjoiW3tcImlkXCI6XCJiNzJlYTI4MS05ZDBkLTQ4NTktOWViMS1iN2Y0NGI0ZDllNjBcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTZ9LHtcImlkXCI6XCI3NWRiZmNiYy1lNDkxLTQwZDMtODY5OC0wN2JmMWNjMzA4NTlcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAyMDN9LHtcImlkXCI6XCI0NTEwNmEzZi1jNjU3LTQ4YmMtYjVmNS0wYWFkNWQ5ODg0MGNcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNDh9LHtcImlkXCI6XCJmNWFlMzViMC01MjQwLTQzOTQtODA0Ni02NzA4ZTcxNWYzYzlcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTl9LHtcImlkXCI6XCIyNGU3ODRjOC03MGQ4LTQ1NTAtOTczNi01YTIwYjdhN2VhNDJcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTR9LHtcImlkXCI6XCI1YjY4OWFmYi1lNmNiLTQyY2EtYmYwZC0wNzQ3ZjExZDkwZjBcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNDV9LHtcImlkXCI6XCI5MmU1NGE4Zi00YmMwLTQ3NjYtYWY2MS1jMzgzY2Q5OGQzODBcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTd9LHtcImlkXCI6XCI2NzA2NzExYy03YjIwLTRjZGEtOGY2ZC05OTc4ZTM2MTc3MTdcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTV9LHtcImlkXCI6XCIxZWY3NzQzNC1mYjI0LTQ2MmQtOGIwNS03ZmQ5MThiYjAzZjJcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTB9LHtcImlkXCI6XCI4MGY2OTVjNi04MzgyLTRjMGMtOTM0Yy01YmEwODllMGEyNzJcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNjF9XSIsImdyYW50cy1jdXN0b20iOiJbXSIsImdyYW50cy1wdWJsaWMiOiJbXSIsImdyYW50cy1hY3Rpb24iOiJbXSIsImdyYW50cy1zdGFuZGFyZCI6IltdIn0.CcospQVYdUmHPHxlBFZzUvI5bCkpssgM53L01ZNeAYwOzD-ogA1v5Vk1Huwj0phjc6_MlyZim9O8IYw4R0fPegYdDYEcUQs2RBKs4R_O-5El2FuqSgQBG01OTPHyvtweXmCi5b2cEDfKJ7rMo-JPsdFcCxjAsR3-jTPvrrVwGwvmo9hp5Xe0hRXWsJv9Kz3zJAmy5R4hwnQImpMRFs4Y8hoXFnG9b5OyJd1WG3lnSlQLuPp8NEqJZ_BN0LbVXX-Su7NJCm7wv12kXQwBuWTQJX8Vgy7SbMx0nfDEmcuu7ZzfDbWHglnuUdToecSbOziinA9NNyHBEcRBu_gyxtac9Q'

Example response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 492

{
  "id" : "e83c81d8-5798-49e5-9299-4b8069a65aec",
  "organizationId" : "60ade7d7-4295-42ed-b499-4888a69df809",
  "auth0ConnectionId" : "auth0-opaque-connectionId-176",
  "name" : "Username/Password",
  "auth0ConnectionType" : "Database",
  "active" : true,
  "createdAt" : {
    "nano" : 152578000,
    "epochSecond" : 1715800204
  },
  "updatedAt" : {
    "nano" : 170765000,
    "epochSecond" : 1715800204
  },
  "deletedAt" : {
    "nano" : 170000000,
    "epochSecond" : 1715800204
  }
}

Default Roles

Find Default Roles

GET /default-roles

Search for existing default roles. Results are automatically limited to the subset of instances that the API client has permission to read and which are not marked as deleted. An API client may override the default deleted filter by passing a 'deleted' query parameter with value of 'true' (just those marked deleted) or a value of 'true,false' for all otherwise matching default roles regardless of their marked-deleted state.

Authorization

Valid Authorization Bearer token required, along with a permission grant authorizing access to any referenced resources.

Path parameters

No parameters.

Query parameters

Supports standard paging query parameters.

Request fields

No request body.

Response fields

Standard paging response where content field is list of following objects:

Path Type Optional Description

id

String

true

organizationId

String

true

The id of the {@link Organization} that this default role applies to. All User and API Account Identities that are created in the organization without explicit permissions at the time of creation, will be granted this role and any other default roles that apply to the organization.

name

String

true

Used for display purposes. Not unique or private.

roleType

String

true

The type of the role identified by the {@link #roleId roleId}.

Must be one of [Standard, Custom].

roleId

String

true

The id of the role as defined by the authorization service.

createdBy

String

true

createdAt

Object

true

deletedAt

Object

true

deletedBy

String

true

deleted

Boolean

true

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/default-roles' -i -X GET \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJQSzhLdmJyZDJFMlVFa0FoLWUxN0RnIiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6IjI2MTMxNWViLWE0YWEtNDY4NS1hYjAyLWUzMmJkNDJlNzY5ZCIsImF1ZCI6ImlkZW50aXR5IiwiaWF0IjoxNzE1ODAwMTU0LCJleHAiOjE3MTU4MDM3NTQsInBvbGljaWVzIjpbeyJyZXNvdXJjZXMiOlsibmZybjoqIl0sImFjdGlvbnMiOlsiKjoqIl19XSwiZ3JhbnRzLXN1cGVyIjoiW3tcImlkXCI6XCI0NTEwNmEzZi1jNjU3LTQ4YmMtYjVmNS0wYWFkNWQ5ODg0MGNcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNDh9LHtcImlkXCI6XCIyNGU3ODRjOC03MGQ4LTQ1NTAtOTczNi01YTIwYjdhN2VhNDJcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTR9LHtcImlkXCI6XCI1YjY4OWFmYi1lNmNiLTQyY2EtYmYwZC0wNzQ3ZjExZDkwZjBcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNDV9LHtcImlkXCI6XCIxZWY3NzQzNC1mYjI0LTQ2MmQtOGIwNS03ZmQ5MThiYjAzZjJcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTB9XSIsImdyYW50cy1jdXN0b20iOiJbXSIsImdyYW50cy1wdWJsaWMiOiJbXSIsImdyYW50cy1hY3Rpb24iOiJbXSIsImdyYW50cy1zdGFuZGFyZCI6IltdIn0.chGtQxX5EJbxaJYYq-evIMnhi0lqkMr_lmkxCDVM_ModqdE_aPx_hfWeso3IeH4XquLhBdt_8ncELwhzm2lhFcMjgVmINqdz2A9Yl1oc57mwcTaVN3Khwkk6fcQUXnxDY-VQFqVrcHRiyd9plz3VU4d9_tIbhNkfuLv41ArYmjql4yG2S_Lo981Oq735bAfgWiTZjunsA0i8mVQaK-0W4YWdm7pxgt_pxoOmYMWJBzSKLZnBOZtGsyLXISJYGKkuODah0KqRoH3WjPNhyw0914mXY0-UMYC6mgGo5ZEQ017bwOgqGaq424TqQDEAHeXtY44kvPPTTQqxGllUjkLBHA'

Example response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 1333

[ {
  "id" : "111af626-95f0-4caa-91c6-5e5750a696f3",
  "organizationId" : "b3ea6168-5033-465f-9cd9-d2a72561489f",
  "name" : "Default Standard Role-42",
  "roleType" : "Standard",
  "roleId" : "7fc1d870-4e98-48b8-9975-a48a6db32592",
  "createdBy" : "3fa20ff7-6bc3-4ca1-a90e-7d2087488d51",
  "createdAt" : {
    "nano" : 291901000,
    "epochSecond" : 1715800154
  },
  "deletedAt" : null,
  "deletedBy" : null,
  "deleted" : false
}, {
  "id" : "131611fb-0b9a-4516-b8e2-6c04db529d5a",
  "organizationId" : "95068bb0-864b-4930-b06e-9acf4957c826",
  "name" : "Standard Role Admin - Network Group Admin - Cloud Engineering",
  "roleType" : "Standard",
  "roleId" : "2854b8f9-6538-11ea-98de-128b2daaf7e4",
  "createdBy" : "2b6f496d-36f1-4e66-a205-8abcf1d41d74",
  "createdAt" : {
    "nano" : 308925000,
    "epochSecond" : 1715800143
  },
  "deletedAt" : null,
  "deletedBy" : null,
  "deleted" : false
}, {
  "id" : "3dd0418a-62a3-4f6f-805c-bb959f2a1e2c",
  "organizationId" : "cc2433a9-c951-4a30-a57f-c23567fe7b87",
  "name" : "NF Support - Observation",
  "roleType" : "Custom",
  "roleId" : "f1e3d5d9-2899-4df7-89ab-297d29cc54bc",
  "createdBy" : "2b6f496d-36f1-4e66-a205-8abcf1d41d74",
  "createdAt" : {
    "nano" : 256340000,
    "epochSecond" : 1715800143
  },
  "deletedAt" : null,
  "deletedBy" : null,
  "deleted" : false
} ]

Get Default Role

GET /default-roles/{id}

Authorization

Valid Authorization Bearer token required, along with a permission grant authorizing access to any referenced resources.

Path parameters

Parameter Type Optional Description

id

Object

false

Query parameters

No parameters.

Request fields

No request body.

Response fields

Path Type Optional Description

id

String

true

organizationId

String

true

The id of the {@link Organization} that this default role applies to. All User and API Account Identities that are created in the organization without explicit permissions at the time of creation, will be granted this role and any other default roles that apply to the organization.

name

String

true

Used for display purposes. Not unique or private.

roleType

String

true

The type of the role identified by the {@link #roleId roleId}.

Must be one of [Standard, Custom].

roleId

String

true

The id of the role as defined by the authorization service.

createdBy

String

true

createdAt

Object

true

deletedAt

Object

true

deletedBy

String

true

deleted

Boolean

true

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/default-roles/88421ef7-9dc4-4e78-9118-a4fb4bdf689d' -i -X GET \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJQSzhLdmJyZDJFMlVFa0FoLWUxN0RnIiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6IjI2MTMxNWViLWE0YWEtNDY4NS1hYjAyLWUzMmJkNDJlNzY5ZCIsImF1ZCI6ImlkZW50aXR5IiwiaWF0IjoxNzE1ODAwMTU0LCJleHAiOjE3MTU4MDM3NTQsInBvbGljaWVzIjpbeyJyZXNvdXJjZXMiOlsibmZybjoqIl0sImFjdGlvbnMiOlsiKjoqIl19XSwiZ3JhbnRzLXN1cGVyIjoiW3tcImlkXCI6XCI0NTEwNmEzZi1jNjU3LTQ4YmMtYjVmNS0wYWFkNWQ5ODg0MGNcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNDh9LHtcImlkXCI6XCIyNGU3ODRjOC03MGQ4LTQ1NTAtOTczNi01YTIwYjdhN2VhNDJcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTR9LHtcImlkXCI6XCI1YjY4OWFmYi1lNmNiLTQyY2EtYmYwZC0wNzQ3ZjExZDkwZjBcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNDV9LHtcImlkXCI6XCIxZWY3NzQzNC1mYjI0LTQ2MmQtOGIwNS03ZmQ5MThiYjAzZjJcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTB9XSIsImdyYW50cy1jdXN0b20iOiJbXSIsImdyYW50cy1wdWJsaWMiOiJbXSIsImdyYW50cy1hY3Rpb24iOiJbXSIsImdyYW50cy1zdGFuZGFyZCI6IltdIn0.chGtQxX5EJbxaJYYq-evIMnhi0lqkMr_lmkxCDVM_ModqdE_aPx_hfWeso3IeH4XquLhBdt_8ncELwhzm2lhFcMjgVmINqdz2A9Yl1oc57mwcTaVN3Khwkk6fcQUXnxDY-VQFqVrcHRiyd9plz3VU4d9_tIbhNkfuLv41ArYmjql4yG2S_Lo981Oq735bAfgWiTZjunsA0i8mVQaK-0W4YWdm7pxgt_pxoOmYMWJBzSKLZnBOZtGsyLXISJYGKkuODah0KqRoH3WjPNhyw0914mXY0-UMYC6mgGo5ZEQ017bwOgqGaq424TqQDEAHeXtY44kvPPTTQqxGllUjkLBHA'

Example response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 419

{
  "id" : "88421ef7-9dc4-4e78-9118-a4fb4bdf689d",
  "organizationId" : "bed8e124-e63c-4659-8270-cbdece1eaf93",
  "name" : "Test Std Role",
  "roleType" : "Standard",
  "roleId" : "c99dcd43-9afd-4707-925e-5b8223c43e1f",
  "createdBy" : "dbcbfb26-55db-4f5d-b608-e89975c50186",
  "createdAt" : {
    "nano" : 407852000,
    "epochSecond" : 1715800145
  },
  "deletedAt" : null,
  "deletedBy" : null,
  "deleted" : false
}

Create Default Role

POST /default-roles

Creates a new Default Role on the indicated Organization. The name of the Default Role will be computed based on the title of the role as defined in the authorization service. Note, the API client must have permission in the authorization service to grant the indicated role. This authorization check is above and beyond the local permission to create a default role. API Clients should be cautious in their use of Default Roles as they create an automated grant of permissions that will occur whenever a user is invited to the Organization with default permissions. Thus, any user able to create an invitation to the organization is effectively able to grant the default roles. Only one default role instance is permitted per authorization role id and organization.

Authorization

Valid Authorization Bearer token required, along with a permission grant authorizing access to any referenced resources.

Path parameters

No parameters.

Query parameters

No parameters.

Request fields

Path Type Optional Description

organizationId

String

true

The id of the {@link Organization} that this default role applies to. All User and API Account Identities that are created in the organization without explicit permissions at the time of creation, will be granted this role and any other default roles that apply to the organization. The client must have permission to create default roles in the organization, and permission to update the specified organization. Additional authorization constraints may apply.

roleType

String

true

Default roles can be based on standard roles or custom roles.

Must be one of [Standard, Custom].

roleId

String

true

The id of the role, as defined by the authorization service, to grant as a default role. The role, ie the role type and role id tuple, must be unique within the organization. An API client MUST have permission to perform this role in order to add it to an organization’s default roles. This is enforced by the {@link CanGrantRole} annotation on this type.

Response fields

Path Type Optional Description

id

String

true

organizationId

String

true

The id of the {@link Organization} that this default role applies to. All User and API Account Identities that are created in the organization without explicit permissions at the time of creation, will be granted this role and any other default roles that apply to the organization.

name

String

true

Used for display purposes. Not unique or private.

roleType

String

true

The type of the role identified by the {@link #roleId roleId}.

Must be one of [Standard, Custom].

roleId

String

true

The id of the role as defined by the authorization service.

createdBy

String

true

createdAt

Object

true

deletedAt

Object

true

deletedBy

String

true

deleted

Boolean

true

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/default-roles' -i -X POST \
    -H 'Content-Type: application/json' \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJQSzhLdmJyZDJFMlVFa0FoLWUxN0RnIiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6IjI2MTMxNWViLWE0YWEtNDY4NS1hYjAyLWUzMmJkNDJlNzY5ZCIsImF1ZCI6ImlkZW50aXR5IiwiaWF0IjoxNzE1ODAwMTU0LCJleHAiOjE3MTU4MDM3NTQsInBvbGljaWVzIjpbeyJyZXNvdXJjZXMiOlsibmZybjoqIl0sImFjdGlvbnMiOlsiKjoqIl19XSwiZ3JhbnRzLXN1cGVyIjoiW3tcImlkXCI6XCI0NTEwNmEzZi1jNjU3LTQ4YmMtYjVmNS0wYWFkNWQ5ODg0MGNcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNDh9LHtcImlkXCI6XCIyNGU3ODRjOC03MGQ4LTQ1NTAtOTczNi01YTIwYjdhN2VhNDJcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTR9LHtcImlkXCI6XCI1YjY4OWFmYi1lNmNiLTQyY2EtYmYwZC0wNzQ3ZjExZDkwZjBcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNDV9LHtcImlkXCI6XCIxZWY3NzQzNC1mYjI0LTQ2MmQtOGIwNS03ZmQ5MThiYjAzZjJcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTB9XSIsImdyYW50cy1jdXN0b20iOiJbXSIsImdyYW50cy1wdWJsaWMiOiJbXSIsImdyYW50cy1hY3Rpb24iOiJbXSIsImdyYW50cy1zdGFuZGFyZCI6IltdIn0.chGtQxX5EJbxaJYYq-evIMnhi0lqkMr_lmkxCDVM_ModqdE_aPx_hfWeso3IeH4XquLhBdt_8ncELwhzm2lhFcMjgVmINqdz2A9Yl1oc57mwcTaVN3Khwkk6fcQUXnxDY-VQFqVrcHRiyd9plz3VU4d9_tIbhNkfuLv41ArYmjql4yG2S_Lo981Oq735bAfgWiTZjunsA0i8mVQaK-0W4YWdm7pxgt_pxoOmYMWJBzSKLZnBOZtGsyLXISJYGKkuODah0KqRoH3WjPNhyw0914mXY0-UMYC6mgGo5ZEQ017bwOgqGaq424TqQDEAHeXtY44kvPPTTQqxGllUjkLBHA' \
    -d '{"organizationId":"f13c1032-9a88-4f3a-a511-84f4ac6479e9","roleType":"Standard","roleId":"38aa9307-7ca7-4202-bf28-d9c8596ecab7"}'

Example response

HTTP/1.1 201 Created
Content-Type: application/json
Content-Length: 456

{
  "id" : "13ab92a6-7289-406b-9a19-e59dd863b21c",
  "organizationId" : "f13c1032-9a88-4f3a-a511-84f4ac6479e9",
  "name" : "Standard Role - 38aa9307-7ca7-4202-bf28-d9c8596ecab7",
  "roleType" : "Standard",
  "roleId" : "38aa9307-7ca7-4202-bf28-d9c8596ecab7",
  "createdBy" : "261315eb-a4aa-4685-ab02-e32bd42e769d",
  "createdAt" : {
    "nano" : 6175000,
    "epochSecond" : 1715800155
  },
  "deletedAt" : null,
  "deletedBy" : null,
  "deleted" : false
}

Delete Default Role

DELETE /default-roles/{id}

Mark an existing default role as deleted.

Authorization

Valid Authorization Bearer token required, along with a permission grant authorizing access to any referenced resources.

Path parameters

Parameter Type Optional Description

id

Object

false

Query parameters

No parameters.

Request fields

No request body.

Response fields

Path Type Optional Description

id

String

true

organizationId

String

true

The id of the {@link Organization} that this default role applies to. All User and API Account Identities that are created in the organization without explicit permissions at the time of creation, will be granted this role and any other default roles that apply to the organization.

name

String

true

Used for display purposes. Not unique or private.

roleType

String

true

The type of the role identified by the {@link #roleId roleId}.

Must be one of [Standard, Custom].

roleId

String

true

The id of the role as defined by the authorization service.

createdBy

String

true

createdAt

Object

true

deletedAt

Object

true

deletedBy

String

true

deleted

Boolean

true

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/default-roles/2045e19a-729a-4ed5-a591-0eed9d5a56e4' -i -X DELETE \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJQSzhLdmJyZDJFMlVFa0FoLWUxN0RnIiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6IjI2MTMxNWViLWE0YWEtNDY4NS1hYjAyLWUzMmJkNDJlNzY5ZCIsImF1ZCI6ImlkZW50aXR5IiwiaWF0IjoxNzE1ODAwMTU0LCJleHAiOjE3MTU4MDM3NTQsInBvbGljaWVzIjpbeyJyZXNvdXJjZXMiOlsibmZybjoqIl0sImFjdGlvbnMiOlsiKjoqIl19XSwiZ3JhbnRzLXN1cGVyIjoiW3tcImlkXCI6XCI0NTEwNmEzZi1jNjU3LTQ4YmMtYjVmNS0wYWFkNWQ5ODg0MGNcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNDh9LHtcImlkXCI6XCIyNGU3ODRjOC03MGQ4LTQ1NTAtOTczNi01YTIwYjdhN2VhNDJcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTR9LHtcImlkXCI6XCI1YjY4OWFmYi1lNmNiLTQyY2EtYmYwZC0wNzQ3ZjExZDkwZjBcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNDV9LHtcImlkXCI6XCIxZWY3NzQzNC1mYjI0LTQ2MmQtOGIwNS03ZmQ5MThiYjAzZjJcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTB9XSIsImdyYW50cy1jdXN0b20iOiJbXSIsImdyYW50cy1wdWJsaWMiOiJbXSIsImdyYW50cy1hY3Rpb24iOiJbXSIsImdyYW50cy1zdGFuZGFyZCI6IltdIn0.chGtQxX5EJbxaJYYq-evIMnhi0lqkMr_lmkxCDVM_ModqdE_aPx_hfWeso3IeH4XquLhBdt_8ncELwhzm2lhFcMjgVmINqdz2A9Yl1oc57mwcTaVN3Khwkk6fcQUXnxDY-VQFqVrcHRiyd9plz3VU4d9_tIbhNkfuLv41ArYmjql4yG2S_Lo981Oq735bAfgWiTZjunsA0i8mVQaK-0W4YWdm7pxgt_pxoOmYMWJBzSKLZnBOZtGsyLXISJYGKkuODah0KqRoH3WjPNhyw0914mXY0-UMYC6mgGo5ZEQ017bwOgqGaq424TqQDEAHeXtY44kvPPTTQqxGllUjkLBHA'

Example response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 508

{
  "id" : "2045e19a-729a-4ed5-a591-0eed9d5a56e4",
  "organizationId" : "bed8e124-e63c-4659-8270-cbdece1eaf93",
  "name" : "Test Deletion",
  "roleType" : "Standard",
  "roleId" : "7d53edb5-28a7-43e9-a817-337deff6a350",
  "createdBy" : "93c459ef-602b-43b1-8f0b-7a1934d9f9b8",
  "createdAt" : {
    "nano" : 675018000,
    "epochSecond" : 1715800154
  },
  "deletedAt" : {
    "nano" : 693000000,
    "epochSecond" : 1715800154
  },
  "deletedBy" : "261315eb-a4aa-4685-ab02-e32bd42e769d",
  "deleted" : true
}

Grant Default Role

POST /default-roles/{id}/grant

Grants this default role to all identities in the organization (the org that this default role belongs to.) This is a utility action which can be used to reset or reapply a default role that has been added or modified after identities were added to the organization (when default roles are traditionally auto-granted.) This will not create duplicate grants, but this will grant this default role to any identity in the organization that lacks it. The requesting client must have permission to read the default role and permission to create invitations in the organization. The latter is the minimum requires to trigger default role granting to the invitations 'target' identity, and is therefore the transitive authorization requirement here.

Authorization

Valid Authorization Bearer token required, along with a permission grant authorizing access to any referenced resources.

Path parameters

Parameter Type Optional Description

id

Object

false

Query parameters

No parameters.

Request fields

No request body.

Response fields

No response body.

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/default-roles/111af626-95f0-4caa-91c6-5e5750a696f3/grant' -i -X POST \
    -H 'Content-Type: application/json' \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJQSzhLdmJyZDJFMlVFa0FoLWUxN0RnIiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6IjI2MTMxNWViLWE0YWEtNDY4NS1hYjAyLWUzMmJkNDJlNzY5ZCIsImF1ZCI6ImlkZW50aXR5IiwiaWF0IjoxNzE1ODAwMTU0LCJleHAiOjE3MTU4MDM3NTQsInBvbGljaWVzIjpbeyJyZXNvdXJjZXMiOlsibmZybjoqIl0sImFjdGlvbnMiOlsiKjoqIl19XSwiZ3JhbnRzLXN1cGVyIjoiW3tcImlkXCI6XCI0NTEwNmEzZi1jNjU3LTQ4YmMtYjVmNS0wYWFkNWQ5ODg0MGNcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNDh9LHtcImlkXCI6XCIyNGU3ODRjOC03MGQ4LTQ1NTAtOTczNi01YTIwYjdhN2VhNDJcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTR9LHtcImlkXCI6XCI1YjY4OWFmYi1lNmNiLTQyY2EtYmYwZC0wNzQ3ZjExZDkwZjBcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNDV9LHtcImlkXCI6XCIxZWY3NzQzNC1mYjI0LTQ2MmQtOGIwNS03ZmQ5MThiYjAzZjJcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTB9XSIsImdyYW50cy1jdXN0b20iOiJbXSIsImdyYW50cy1wdWJsaWMiOiJbXSIsImdyYW50cy1hY3Rpb24iOiJbXSIsImdyYW50cy1zdGFuZGFyZCI6IltdIn0.chGtQxX5EJbxaJYYq-evIMnhi0lqkMr_lmkxCDVM_ModqdE_aPx_hfWeso3IeH4XquLhBdt_8ncELwhzm2lhFcMjgVmINqdz2A9Yl1oc57mwcTaVN3Khwkk6fcQUXnxDY-VQFqVrcHRiyd9plz3VU4d9_tIbhNkfuLv41ArYmjql4yG2S_Lo981Oq735bAfgWiTZjunsA0i8mVQaK-0W4YWdm7pxgt_pxoOmYMWJBzSKLZnBOZtGsyLXISJYGKkuODah0KqRoH3WjPNhyw0914mXY0-UMYC6mgGo5ZEQ017bwOgqGaq424TqQDEAHeXtY44kvPPTTQqxGllUjkLBHA' \
    -d '{"includeIdentityIds":["f8a0052d-e162-4879-8a2b-2d22556da526","2385c9e3-4c9b-4a8e-9a08-9ab8f716a2cf","3dd96352-b085-4026-a22e-6a3eec41ed36"],"excludeIdentityIds":["f8a0052d-e162-4879-8a2b-2d22556da526","319a1061-b809-4eeb-b2ef-953030462f53","2385c9e3-4c9b-4a8e-9a08-9ab8f716a2cf"]}'

Example response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 51

{
  "3dd96352-b085-4026-a22e-6a3eec41ed36" : true
}

Default Roles

Find Open Id Providers

GET /open-id-providers

Search for existing Open Id Providers. Results are automatically limited to the subset of instances that the API client has permission to read and which are not marked as deleted. An API client may override the default deleted filter by passing a 'deleted' query parameter with value of 'true' (just those marked deleted) or a value of 'true,false' for all otherwise matching default roles regardless of their marked-deleted state.

Authorization

Valid Authorization Bearer token required, along with a permission grant authorizing access to any referenced resources.

Path parameters

No parameters.

Query parameters

Supports standard paging query parameters.

Request fields

No request body.

Response fields

Standard paging response where content field is list of following objects:

Path Type Optional Description

id

String

true

organizationId

String

true

The id of the {@link Organization} that this provider will authenticate users into.

name

String

true

Used for display purposes. Not unique or private.

clientId

String

true

An Open Id Provider / OAuth 2.0 Authorization Server issues a "clientId", which is "a unique string representing the registration information provided by the client." - OAuth 2.0 spec, sec 2.2 Required, never null or empty. While the specification does not limit the size of this property, this service sets a max size of 256 characters.

issuer

String

true

This MUST be identical to the iss Claim value in ID Tokens issued from this Issuer, and should be a URL.

authorizationEndpoint

String

true

URL of the Open Id Provider’s OAuth 2.0 Authorization Endpoint. This URL MUST use the https scheme and MAY contain port, path, and query parameter components.

tokenEndpoint

String

true

URL of the Open Id Provider’s OAuth 2.0 Token Endpoint. This URL MUST use the https scheme and MAY contain port, path, and query parameter components.

userInfoEndpoint

String

true

URL of the Open Id Provider’s UserInfo Endpoint. This URL MUST use the https scheme and MAY contain port, path, and query parameter components.

jwksUri

String

true

URL of the Open Id Provider’s JWK Set document, which MUST use the https scheme. This contains the signing key(s) which can be used to validate token signatures of tokens issued by this Open Id Provider.

active

Boolean

true

createdBy

String

true

createdAt

Object

true

deletedAt

Object

true

deletedBy

String

true

deleted

Boolean

true

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/open-id-providers' -i -X GET \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJnYlRTMHpNMWdtQXZVSkVWRks5SGZRIiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6IjI2MTMxNWViLWE0YWEtNDY4NS1hYjAyLWUzMmJkNDJlNzY5ZCIsImF1ZCI6ImlkZW50aXR5IiwiaWF0IjoxNzE1ODAwMTQ1LCJleHAiOjE3MTU4MDM3NDUsInBvbGljaWVzIjpbeyJyZXNvdXJjZXMiOlsibmZybjoqIl0sImFjdGlvbnMiOlsiKjoqIl19XSwiZ3JhbnRzLXN1cGVyIjoiW3tcImlkXCI6XCI1YjY4OWFmYi1lNmNiLTQyY2EtYmYwZC0wNzQ3ZjExZDkwZjBcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNDV9XSIsImdyYW50cy1jdXN0b20iOiJbXSIsImdyYW50cy1wdWJsaWMiOiJbXSIsImdyYW50cy1hY3Rpb24iOiJbXSIsImdyYW50cy1zdGFuZGFyZCI6IltdIn0.TqEZFSgkd1LdenC9OCiWeDNN7tL_iWAwAzjnr0RTKbMvrUKJnF3tu1vox9UwT-dKeFP_2E44NXnnDJ7JmDT-D4aI2a7QJ82f8DDw2OJquiFp1hmz7mG4qKJP5FvcebM8DmiAqbEkB5F4CsZsg1zsoiJ4r8fXupkV8Dfml9l_beqjM16J2GfvKV6vz4bs6lE6PuzQqeas7vtLboLPMghACw82S7-cVNS6DkrAkrcmW2Nor-ppmQ6OAbwu3FG5wklS1xtdWpfO6B0BALBiw9JECVhuCF5WfEN4PqxMdeJIBLFb8AdfPAAe0sheb4IJshVqlGcIysDWIT52POtijysjFg'

Example response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 575

[ {
  "id" : "95da457e-b32a-4052-adc8-a23e1e6e9d30",
  "organizationId" : "bed8e124-e63c-4659-8270-cbdece1eaf93",
  "name" : "ACME OIDC Provider 1",
  "clientId" : "clientId1",
  "issuer" : "https://auth",
  "authorizationEndpoint" : "https://token",
  "tokenEndpoint" : "https://user",
  "userInfoEndpoint" : "https://jwks",
  "jwksUri" : "https://iss",
  "active" : true,
  "createdBy" : "9b59f01b-279a-45c4-9dce-149ad0ee230c",
  "createdAt" : {
    "nano" : 464457000,
    "epochSecond" : 1715800145
  },
  "deletedAt" : null,
  "deletedBy" : null,
  "deleted" : false
} ]

Get Open Id Provider

GET /open-id-providers/{id}

Authorization

Valid Authorization Bearer token required, along with a permission grant authorizing access to any referenced resources.

Path parameters

Parameter Type Optional Description

id

Object

false

Query parameters

No parameters.

Request fields

No request body.

Response fields

Path Type Optional Description

id

String

true

organizationId

String

true

The id of the {@link Organization} that this provider will authenticate users into.

name

String

true

Used for display purposes. Not unique or private.

clientId

String

true

An Open Id Provider / OAuth 2.0 Authorization Server issues a "clientId", which is "a unique string representing the registration information provided by the client." - OAuth 2.0 spec, sec 2.2 Required, never null or empty. While the specification does not limit the size of this property, this service sets a max size of 256 characters.

issuer

String

true

This MUST be identical to the iss Claim value in ID Tokens issued from this Issuer, and should be a URL.

authorizationEndpoint

String

true

URL of the Open Id Provider’s OAuth 2.0 Authorization Endpoint. This URL MUST use the https scheme and MAY contain port, path, and query parameter components.

tokenEndpoint

String

true

URL of the Open Id Provider’s OAuth 2.0 Token Endpoint. This URL MUST use the https scheme and MAY contain port, path, and query parameter components.

userInfoEndpoint

String

true

URL of the Open Id Provider’s UserInfo Endpoint. This URL MUST use the https scheme and MAY contain port, path, and query parameter components.

jwksUri

String

true

URL of the Open Id Provider’s JWK Set document, which MUST use the https scheme. This contains the signing key(s) which can be used to validate token signatures of tokens issued by this Open Id Provider.

active

Boolean

true

createdBy

String

true

createdAt

Object

true

deletedAt

Object

true

deletedBy

String

true

deleted

Boolean

true

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/open-id-providers/95da457e-b32a-4052-adc8-a23e1e6e9d30' -i -X GET \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJnYlRTMHpNMWdtQXZVSkVWRks5SGZRIiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6IjI2MTMxNWViLWE0YWEtNDY4NS1hYjAyLWUzMmJkNDJlNzY5ZCIsImF1ZCI6ImlkZW50aXR5IiwiaWF0IjoxNzE1ODAwMTQ1LCJleHAiOjE3MTU4MDM3NDUsInBvbGljaWVzIjpbeyJyZXNvdXJjZXMiOlsibmZybjoqIl0sImFjdGlvbnMiOlsiKjoqIl19XSwiZ3JhbnRzLXN1cGVyIjoiW3tcImlkXCI6XCI1YjY4OWFmYi1lNmNiLTQyY2EtYmYwZC0wNzQ3ZjExZDkwZjBcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNDV9XSIsImdyYW50cy1jdXN0b20iOiJbXSIsImdyYW50cy1wdWJsaWMiOiJbXSIsImdyYW50cy1hY3Rpb24iOiJbXSIsImdyYW50cy1zdGFuZGFyZCI6IltdIn0.TqEZFSgkd1LdenC9OCiWeDNN7tL_iWAwAzjnr0RTKbMvrUKJnF3tu1vox9UwT-dKeFP_2E44NXnnDJ7JmDT-D4aI2a7QJ82f8DDw2OJquiFp1hmz7mG4qKJP5FvcebM8DmiAqbEkB5F4CsZsg1zsoiJ4r8fXupkV8Dfml9l_beqjM16J2GfvKV6vz4bs6lE6PuzQqeas7vtLboLPMghACw82S7-cVNS6DkrAkrcmW2Nor-ppmQ6OAbwu3FG5wklS1xtdWpfO6B0BALBiw9JECVhuCF5WfEN4PqxMdeJIBLFb8AdfPAAe0sheb4IJshVqlGcIysDWIT52POtijysjFg'

Example response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 571

{
  "id" : "95da457e-b32a-4052-adc8-a23e1e6e9d30",
  "organizationId" : "bed8e124-e63c-4659-8270-cbdece1eaf93",
  "name" : "ACME OIDC Provider 1",
  "clientId" : "clientId1",
  "issuer" : "https://auth",
  "authorizationEndpoint" : "https://token",
  "tokenEndpoint" : "https://user",
  "userInfoEndpoint" : "https://jwks",
  "jwksUri" : "https://iss",
  "active" : true,
  "createdBy" : "9b59f01b-279a-45c4-9dce-149ad0ee230c",
  "createdAt" : {
    "nano" : 464457000,
    "epochSecond" : 1715800145
  },
  "deletedAt" : null,
  "deletedBy" : null,
  "deleted" : false
}

Create Open Id Provider

POST /open-id-providers

Creates a new Open Id Provider on the indicated Organization.

Authorization

Valid Authorization Bearer token required, along with a permission grant authorizing access to any referenced resources.

Path parameters

No parameters.

Query parameters

No parameters.

Request fields

Path Type Optional Description

organizationId

String

true

The id of the {@link Organization} that this OpenIdProvider applies to.

name

String

true

Used for display purposes. Not unique or private.

clientId

String

true

An Open Id Provider / OAuth 2.0 Authorization Server issues a "clientId", which is "a unique string representing the registration information provided by the client." - OAuth 2.0 spec, sec 2.2 Required, never null or empty. While the specification does not limit the size of this property, this service sets a max size of 256 characters.

issuer

String

true

This MUST be identical to the iss Claim value in ID Tokens issued from this Issuer, and should be a URL.

authorizationEndpoint

String

true

URL of the Open Id Provider’s OAuth 2.0 Authorization Endpoint. This URL MUST use the https scheme and MAY contain port, path, and query parameter components.

tokenEndpoint

String

true

URL of the Open Id Provider’s OAuth 2.0 Token Endpoint. This URL MUST use the https scheme and MAY contain port, path, and query parameter components.

userInfoEndpoint

String

true

URL of the Open Id Provider’s UserInfo Endpoint. This URL MUST use the https scheme and MAY contain port, path, and query parameter components.

jwksUri

String

true

URL of the Open Id Provider’s JWK Set document, which MUST use the https scheme. This contains the signing key(s) which can be used to validate token signatures of tokens issued by this Open Id Provider.

active

Boolean

true

Response fields

Path Type Optional Description

id

String

true

organizationId

String

true

The id of the {@link Organization} that this provider will authenticate users into.

name

String

true

Used for display purposes. Not unique or private.

clientId

String

true

An Open Id Provider / OAuth 2.0 Authorization Server issues a "clientId", which is "a unique string representing the registration information provided by the client." - OAuth 2.0 spec, sec 2.2 Required, never null or empty. While the specification does not limit the size of this property, this service sets a max size of 256 characters.

issuer

String

true

This MUST be identical to the iss Claim value in ID Tokens issued from this Issuer, and should be a URL.

authorizationEndpoint

String

true

URL of the Open Id Provider’s OAuth 2.0 Authorization Endpoint. This URL MUST use the https scheme and MAY contain port, path, and query parameter components.

tokenEndpoint

String

true

URL of the Open Id Provider’s OAuth 2.0 Token Endpoint. This URL MUST use the https scheme and MAY contain port, path, and query parameter components.

userInfoEndpoint

String

true

URL of the Open Id Provider’s UserInfo Endpoint. This URL MUST use the https scheme and MAY contain port, path, and query parameter components.

jwksUri

String

true

URL of the Open Id Provider’s JWK Set document, which MUST use the https scheme. This contains the signing key(s) which can be used to validate token signatures of tokens issued by this Open Id Provider.

active

Boolean

true

createdBy

String

true

createdAt

Object

true

deletedAt

Object

true

deletedBy

String

true

deleted

Boolean

true

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/open-id-providers' -i -X POST \
    -H 'Content-Type: application/json' \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJnYlRTMHpNMWdtQXZVSkVWRks5SGZRIiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6IjI2MTMxNWViLWE0YWEtNDY4NS1hYjAyLWUzMmJkNDJlNzY5ZCIsImF1ZCI6ImlkZW50aXR5IiwiaWF0IjoxNzE1ODAwMTQ1LCJleHAiOjE3MTU4MDM3NDUsInBvbGljaWVzIjpbeyJyZXNvdXJjZXMiOlsibmZybjoqIl0sImFjdGlvbnMiOlsiKjoqIl19XSwiZ3JhbnRzLXN1cGVyIjoiW3tcImlkXCI6XCI1YjY4OWFmYi1lNmNiLTQyY2EtYmYwZC0wNzQ3ZjExZDkwZjBcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNDV9XSIsImdyYW50cy1jdXN0b20iOiJbXSIsImdyYW50cy1wdWJsaWMiOiJbXSIsImdyYW50cy1hY3Rpb24iOiJbXSIsImdyYW50cy1zdGFuZGFyZCI6IltdIn0.TqEZFSgkd1LdenC9OCiWeDNN7tL_iWAwAzjnr0RTKbMvrUKJnF3tu1vox9UwT-dKeFP_2E44NXnnDJ7JmDT-D4aI2a7QJ82f8DDw2OJquiFp1hmz7mG4qKJP5FvcebM8DmiAqbEkB5F4CsZsg1zsoiJ4r8fXupkV8Dfml9l_beqjM16J2GfvKV6vz4bs6lE6PuzQqeas7vtLboLPMghACw82S7-cVNS6DkrAkrcmW2Nor-ppmQ6OAbwu3FG5wklS1xtdWpfO6B0BALBiw9JECVhuCF5WfEN4PqxMdeJIBLFb8AdfPAAe0sheb4IJshVqlGcIysDWIT52POtijysjFg' \
    -d '{"organizationId":"bed8e124-e63c-4659-8270-cbdece1eaf93","name":"ACME OIDC Provider New","clientId":"clientId2","issuer":"https://auth","authorizationEndpoint":"https://token","tokenEndpoint":"https://user","userInfoEndpoint":"https://jwks","jwksUri":"https://iss","active":true}'

Example response

HTTP/1.1 201 Created
Content-Type: application/json
Content-Length: 573

{
  "id" : "84a6a072-757d-4619-90ee-a96e314916de",
  "organizationId" : "bed8e124-e63c-4659-8270-cbdece1eaf93",
  "name" : "ACME OIDC Provider New",
  "clientId" : "clientId2",
  "issuer" : "https://auth",
  "authorizationEndpoint" : "https://token",
  "tokenEndpoint" : "https://user",
  "userInfoEndpoint" : "https://jwks",
  "jwksUri" : "https://iss",
  "active" : true,
  "createdBy" : "261315eb-a4aa-4685-ab02-e32bd42e769d",
  "createdAt" : {
    "nano" : 494861000,
    "epochSecond" : 1715800147
  },
  "deletedAt" : null,
  "deletedBy" : null,
  "deleted" : false
}

Update Open Id Provider

PATCH /open-id-providers/{id}

Creates a new Open Id Provider on the indicated Organization.

Authorization

Valid Authorization Bearer token required, along with a permission grant authorizing access to any referenced resources.

Path parameters

Parameter Type Optional Description

id

Object

false

Query parameters

No parameters.

Request fields

Path Type Optional Description

name

String

true

active

Boolean

true

empty

Boolean

true

Response fields

Path Type Optional Description

id

String

true

organizationId

String

true

The id of the {@link Organization} that this provider will authenticate users into.

name

String

true

Used for display purposes. Not unique or private.

clientId

String

true

An Open Id Provider / OAuth 2.0 Authorization Server issues a "clientId", which is "a unique string representing the registration information provided by the client." - OAuth 2.0 spec, sec 2.2 Required, never null or empty. While the specification does not limit the size of this property, this service sets a max size of 256 characters.

issuer

String

true

This MUST be identical to the iss Claim value in ID Tokens issued from this Issuer, and should be a URL.

authorizationEndpoint

String

true

URL of the Open Id Provider’s OAuth 2.0 Authorization Endpoint. This URL MUST use the https scheme and MAY contain port, path, and query parameter components.

tokenEndpoint

String

true

URL of the Open Id Provider’s OAuth 2.0 Token Endpoint. This URL MUST use the https scheme and MAY contain port, path, and query parameter components.

userInfoEndpoint

String

true

URL of the Open Id Provider’s UserInfo Endpoint. This URL MUST use the https scheme and MAY contain port, path, and query parameter components.

jwksUri

String

true

URL of the Open Id Provider’s JWK Set document, which MUST use the https scheme. This contains the signing key(s) which can be used to validate token signatures of tokens issued by this Open Id Provider.

active

Boolean

true

createdBy

String

true

createdAt

Object

true

deletedAt

Object

true

deletedBy

String

true

deleted

Boolean

true

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/open-id-providers/9fe0f189-e9ac-4973-86a7-cb713b4e764a' -i -X PATCH \
    -H 'Content-Type: application/json' \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJnYlRTMHpNMWdtQXZVSkVWRks5SGZRIiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6IjI2MTMxNWViLWE0YWEtNDY4NS1hYjAyLWUzMmJkNDJlNzY5ZCIsImF1ZCI6ImlkZW50aXR5IiwiaWF0IjoxNzE1ODAwMTQ1LCJleHAiOjE3MTU4MDM3NDUsInBvbGljaWVzIjpbeyJyZXNvdXJjZXMiOlsibmZybjoqIl0sImFjdGlvbnMiOlsiKjoqIl19XSwiZ3JhbnRzLXN1cGVyIjoiW3tcImlkXCI6XCI1YjY4OWFmYi1lNmNiLTQyY2EtYmYwZC0wNzQ3ZjExZDkwZjBcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNDV9XSIsImdyYW50cy1jdXN0b20iOiJbXSIsImdyYW50cy1wdWJsaWMiOiJbXSIsImdyYW50cy1hY3Rpb24iOiJbXSIsImdyYW50cy1zdGFuZGFyZCI6IltdIn0.TqEZFSgkd1LdenC9OCiWeDNN7tL_iWAwAzjnr0RTKbMvrUKJnF3tu1vox9UwT-dKeFP_2E44NXnnDJ7JmDT-D4aI2a7QJ82f8DDw2OJquiFp1hmz7mG4qKJP5FvcebM8DmiAqbEkB5F4CsZsg1zsoiJ4r8fXupkV8Dfml9l_beqjM16J2GfvKV6vz4bs6lE6PuzQqeas7vtLboLPMghACw82S7-cVNS6DkrAkrcmW2Nor-ppmQ6OAbwu3FG5wklS1xtdWpfO6B0BALBiw9JECVhuCF5WfEN4PqxMdeJIBLFb8AdfPAAe0sheb4IJshVqlGcIysDWIT52POtijysjFg' \
    -d '{"name":null,"active":false,"empty":false}'

Example response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 568

{
  "id" : "9fe0f189-e9ac-4973-86a7-cb713b4e764a",
  "organizationId" : "9debbab1-1f98-4a30-9330-c1a2dbbf7695",
  "name" : "OIDC Provider-9",
  "clientId" : "clientId-10",
  "issuer" : "https://auth",
  "authorizationEndpoint" : "https://token",
  "tokenEndpoint" : "https://user",
  "userInfoEndpoint" : "https://jwks",
  "jwksUri" : "https://iss",
  "active" : false,
  "createdBy" : "a6cde1c3-a4b2-40f6-8ef2-c31cd5dbfd82",
  "createdAt" : {
    "nano" : 14407000,
    "epochSecond" : 1715800147
  },
  "deletedAt" : null,
  "deletedBy" : null,
  "deleted" : false
}

Delete Open Id Provider

DELETE /open-id-providers/{id}

Mark an existing Open Id Provider as deleted.

Authorization

Valid Authorization Bearer token required, along with a permission grant authorizing access to any referenced resources.

Path parameters

Parameter Type Optional Description

id

Object

false

Query parameters

No parameters.

Request fields

No request body.

Response fields

Path Type Optional Description

id

String

true

organizationId

String

true

The id of the {@link Organization} that this provider will authenticate users into.

name

String

true

Used for display purposes. Not unique or private.

clientId

String

true

An Open Id Provider / OAuth 2.0 Authorization Server issues a "clientId", which is "a unique string representing the registration information provided by the client." - OAuth 2.0 spec, sec 2.2 Required, never null or empty. While the specification does not limit the size of this property, this service sets a max size of 256 characters.

issuer

String

true

This MUST be identical to the iss Claim value in ID Tokens issued from this Issuer, and should be a URL.

authorizationEndpoint

String

true

URL of the Open Id Provider’s OAuth 2.0 Authorization Endpoint. This URL MUST use the https scheme and MAY contain port, path, and query parameter components.

tokenEndpoint

String

true

URL of the Open Id Provider’s OAuth 2.0 Token Endpoint. This URL MUST use the https scheme and MAY contain port, path, and query parameter components.

userInfoEndpoint

String

true

URL of the Open Id Provider’s UserInfo Endpoint. This URL MUST use the https scheme and MAY contain port, path, and query parameter components.

jwksUri

String

true

URL of the Open Id Provider’s JWK Set document, which MUST use the https scheme. This contains the signing key(s) which can be used to validate token signatures of tokens issued by this Open Id Provider.

active

Boolean

true

createdBy

String

true

createdAt

Object

true

deletedAt

Object

true

deletedBy

String

true

deleted

Boolean

true

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/open-id-providers/c887bed3-1613-4fc3-98ac-5f8faec70a5a' -i -X DELETE \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJnYlRTMHpNMWdtQXZVSkVWRks5SGZRIiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6IjI2MTMxNWViLWE0YWEtNDY4NS1hYjAyLWUzMmJkNDJlNzY5ZCIsImF1ZCI6ImlkZW50aXR5IiwiaWF0IjoxNzE1ODAwMTQ1LCJleHAiOjE3MTU4MDM3NDUsInBvbGljaWVzIjpbeyJyZXNvdXJjZXMiOlsibmZybjoqIl0sImFjdGlvbnMiOlsiKjoqIl19XSwiZ3JhbnRzLXN1cGVyIjoiW3tcImlkXCI6XCI1YjY4OWFmYi1lNmNiLTQyY2EtYmYwZC0wNzQ3ZjExZDkwZjBcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNDV9XSIsImdyYW50cy1jdXN0b20iOiJbXSIsImdyYW50cy1wdWJsaWMiOiJbXSIsImdyYW50cy1hY3Rpb24iOiJbXSIsImdyYW50cy1zdGFuZGFyZCI6IltdIn0.TqEZFSgkd1LdenC9OCiWeDNN7tL_iWAwAzjnr0RTKbMvrUKJnF3tu1vox9UwT-dKeFP_2E44NXnnDJ7JmDT-D4aI2a7QJ82f8DDw2OJquiFp1hmz7mG4qKJP5FvcebM8DmiAqbEkB5F4CsZsg1zsoiJ4r8fXupkV8Dfml9l_beqjM16J2GfvKV6vz4bs6lE6PuzQqeas7vtLboLPMghACw82S7-cVNS6DkrAkrcmW2Nor-ppmQ6OAbwu3FG5wklS1xtdWpfO6B0BALBiw9JECVhuCF5WfEN4PqxMdeJIBLFb8AdfPAAe0sheb4IJshVqlGcIysDWIT52POtijysjFg'

Example response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 658

{
  "id" : "c887bed3-1613-4fc3-98ac-5f8faec70a5a",
  "organizationId" : "a9e9bb06-bb16-42a0-89dd-f924d0d5f88a",
  "name" : "OIDC Provider-13",
  "clientId" : "clientId-14",
  "issuer" : "https://auth",
  "authorizationEndpoint" : "https://token",
  "tokenEndpoint" : "https://user",
  "userInfoEndpoint" : "https://jwks",
  "jwksUri" : "https://iss",
  "active" : true,
  "createdBy" : "cc98c4da-2022-47e4-8722-54512c8e3dea",
  "createdAt" : {
    "nano" : 817357000,
    "epochSecond" : 1715800147
  },
  "deletedAt" : {
    "nano" : 849000000,
    "epochSecond" : 1715800147
  },
  "deletedBy" : "261315eb-a4aa-4685-ab02-e32bd42e769d",
  "deleted" : true
}

User Identity

Get Identity

GET /identities/self

Get an Identity (regardless of type) by its id.

Authorization

Valid Authorization Bearer token required, along with a permission grant authorizing access to any referenced resources.

Path parameters

No parameters.

Query parameters

No parameters.

Request fields

No request body.

Response fields

Path Type Optional Description

active

Boolean

true

organizationId

String

true

email

String

true

tenantId

String

true

Deprecated..

createdAt

Object

true

deletedAt

Object

true

Returns the date that the identity was deleted or null if the identity has not been deleted. Note, identities are marked as deleted and not returned from searches unless explicitly requested.

name

String

true

id

String

true

type

String

true

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/identities/self' -i -X GET \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJoMDFSVTFGTjZlYWtmOTFabUZGQzdnIiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6IjI2MTMxNWViLWE0YWEtNDY4NS1hYjAyLWUzMmJkNDJlNzY5ZCIsImF1ZCI6ImlkZW50aXR5IiwiaWF0IjoxNzE1ODAwMTU5LCJleHAiOjE3MTU4MDM3NTksInBvbGljaWVzIjpbeyJyZXNvdXJjZXMiOlsibmZybjoqIl0sImFjdGlvbnMiOlsiKjoqIl19XSwiZ3JhbnRzLXN1cGVyIjoiW3tcImlkXCI6XCJiNzJlYTI4MS05ZDBkLTQ4NTktOWViMS1iN2Y0NGI0ZDllNjBcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTZ9LHtcImlkXCI6XCI0NTEwNmEzZi1jNjU3LTQ4YmMtYjVmNS0wYWFkNWQ5ODg0MGNcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNDh9LHtcImlkXCI6XCJmNWFlMzViMC01MjQwLTQzOTQtODA0Ni02NzA4ZTcxNWYzYzlcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTl9LHtcImlkXCI6XCIyNGU3ODRjOC03MGQ4LTQ1NTAtOTczNi01YTIwYjdhN2VhNDJcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTR9LHtcImlkXCI6XCI1YjY4OWFmYi1lNmNiLTQyY2EtYmYwZC0wNzQ3ZjExZDkwZjBcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNDV9LHtcImlkXCI6XCI5MmU1NGE4Zi00YmMwLTQ3NjYtYWY2MS1jMzgzY2Q5OGQzODBcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTd9LHtcImlkXCI6XCI2NzA2NzExYy03YjIwLTRjZGEtOGY2ZC05OTc4ZTM2MTc3MTdcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTV9LHtcImlkXCI6XCIxZWY3NzQzNC1mYjI0LTQ2MmQtOGIwNS03ZmQ5MThiYjAzZjJcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTB9XSIsImdyYW50cy1jdXN0b20iOiJbXSIsImdyYW50cy1wdWJsaWMiOiJbXSIsImdyYW50cy1hY3Rpb24iOiJbXSIsImdyYW50cy1zdGFuZGFyZCI6IltdIn0.ceGi_YsrMA6f6D0CdolAEhpUkH8N9xeDNPGwJrBU-UrWOtrHCEJMWygWq23qUQGvLhFCBe77Vp_AX2FmTplnPEKx5CfveKCx_qWHttCmZbo_3R67nHdcmVdOJxDsZwmjlYngPYrNfihLbwor3yygTMT7K1CPS1xGeBI8f2A53pmHKXkjW5K3QVMovS8gaLhZUewNtZGhYvV7GApHPLu0XMXjErWXaNkAiLCpAzR1QRV-jr3MSMPJQGufLyPP7Iz64JaIkOd4eepWYWo79X5Zfplc7fKnOFWw_8jkhJ4Dn5Q9qlS6Lhy4M6y86I7S_CclZ-gZngPPRe2GJjQnWosAzw'

Example response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 691

{
  "id" : "261315eb-a4aa-4685-ab02-e32bd42e769d",
  "organizationId" : "bed8e124-e63c-4659-8270-cbdece1eaf93",
  "firstName" : "TESTING",
  "lastName" : "CLIENT",
  "email" : "test.client@server.com",
  "identityMappings" : [ {
    "id" : "4eff0b85-d35b-466d-a39e-45c2445b70fb",
    "auth0UserId" : "auth0-opaque-userId-6",
    "identityProviderId" : "f052a343-ea06-4d50-9be3-3a31e5d90074",
    "userIdentityId" : "261315eb-a4aa-4685-ab02-e32bd42e769d"
  } ],
  "active" : true,
  "createdAt" : {
    "nano" : 673009000,
    "epochSecond" : 1715800145
  },
  "deletedAt" : null,
  "tenantId" : "bed8e124-e63c-4659-8270-cbdece1eaf93",
  "name" : "TESTING CLIENT",
  "type" : "UserIdentity"
}

Get Identity

GET /identities/{id:[a-fA-F0-9]{8}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{12}}

Get an Identity (regardless of type) by its id.

Authorization

Valid Authorization Bearer token required, along with a permission grant authorizing access to any referenced resources.

Path parameters

Parameter Type Optional Description

id

Object

false

The id of the desired Identity.

Query parameters

No parameters.

Request fields

No request body.

Response fields

Path Type Optional Description

active

Boolean

true

organizationId

String

true

email

String

true

tenantId

String

true

Deprecated..

createdAt

Object

true

deletedAt

Object

true

Returns the date that the identity was deleted or null if the identity has not been deleted. Note, identities are marked as deleted and not returned from searches unless explicitly requested.

name

String

true

id

String

true

type

String

true

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/identities/bcd30635-cc78-475f-a0de-3824c69760fb' -i -X GET \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJoMDFSVTFGTjZlYWtmOTFabUZGQzdnIiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6IjI2MTMxNWViLWE0YWEtNDY4NS1hYjAyLWUzMmJkNDJlNzY5ZCIsImF1ZCI6ImlkZW50aXR5IiwiaWF0IjoxNzE1ODAwMTU5LCJleHAiOjE3MTU4MDM3NTksInBvbGljaWVzIjpbeyJyZXNvdXJjZXMiOlsibmZybjoqIl0sImFjdGlvbnMiOlsiKjoqIl19XSwiZ3JhbnRzLXN1cGVyIjoiW3tcImlkXCI6XCJiNzJlYTI4MS05ZDBkLTQ4NTktOWViMS1iN2Y0NGI0ZDllNjBcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTZ9LHtcImlkXCI6XCI0NTEwNmEzZi1jNjU3LTQ4YmMtYjVmNS0wYWFkNWQ5ODg0MGNcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNDh9LHtcImlkXCI6XCJmNWFlMzViMC01MjQwLTQzOTQtODA0Ni02NzA4ZTcxNWYzYzlcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTl9LHtcImlkXCI6XCIyNGU3ODRjOC03MGQ4LTQ1NTAtOTczNi01YTIwYjdhN2VhNDJcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTR9LHtcImlkXCI6XCI1YjY4OWFmYi1lNmNiLTQyY2EtYmYwZC0wNzQ3ZjExZDkwZjBcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNDV9LHtcImlkXCI6XCI5MmU1NGE4Zi00YmMwLTQ3NjYtYWY2MS1jMzgzY2Q5OGQzODBcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTd9LHtcImlkXCI6XCI2NzA2NzExYy03YjIwLTRjZGEtOGY2ZC05OTc4ZTM2MTc3MTdcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTV9LHtcImlkXCI6XCIxZWY3NzQzNC1mYjI0LTQ2MmQtOGIwNS03ZmQ5MThiYjAzZjJcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTB9XSIsImdyYW50cy1jdXN0b20iOiJbXSIsImdyYW50cy1wdWJsaWMiOiJbXSIsImdyYW50cy1hY3Rpb24iOiJbXSIsImdyYW50cy1zdGFuZGFyZCI6IltdIn0.ceGi_YsrMA6f6D0CdolAEhpUkH8N9xeDNPGwJrBU-UrWOtrHCEJMWygWq23qUQGvLhFCBe77Vp_AX2FmTplnPEKx5CfveKCx_qWHttCmZbo_3R67nHdcmVdOJxDsZwmjlYngPYrNfihLbwor3yygTMT7K1CPS1xGeBI8f2A53pmHKXkjW5K3QVMovS8gaLhZUewNtZGhYvV7GApHPLu0XMXjErWXaNkAiLCpAzR1QRV-jr3MSMPJQGufLyPP7Iz64JaIkOd4eepWYWo79X5Zfplc7fKnOFWw_8jkhJ4Dn5Q9qlS6Lhy4M6y86I7S_CclZ-gZngPPRe2GJjQnWosAzw'

Example response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 674

{
  "id" : "bcd30635-cc78-475f-a0de-3824c69760fb",
  "organizationId" : "bed8e124-e63c-4659-8270-cbdece1eaf93",
  "firstName" : "John",
  "lastName" : "Doe",
  "email" : "john.doe@acme.com",
  "identityMappings" : [ {
    "id" : "4f56d31c-cf84-4f3b-be29-266f1a663616",
    "auth0UserId" : "auth0-opaque-userId-3",
    "identityProviderId" : "f052a343-ea06-4d50-9be3-3a31e5d90074",
    "userIdentityId" : "bcd30635-cc78-475f-a0de-3824c69760fb"
  } ],
  "active" : true,
  "createdAt" : {
    "nano" : 623612000,
    "epochSecond" : 1715800145
  },
  "deletedAt" : null,
  "tenantId" : "bed8e124-e63c-4659-8270-cbdece1eaf93",
  "name" : "John Doe",
  "type" : "UserIdentity"
}

Find User Identities

GET /user-identities

Returns a set of {@link UserIdentity}s that are visible to the requesting client and optionally filtered based on the submitted request parameters. optionally filtered based on the submitted request parameters.

Authorization

Valid Authorization Bearer token required, along with a permission grant authorizing access to any referenced resources.

Path parameters

No parameters.

Query parameters

Supports standard paging query parameters.

Parameter Type Optional Description

tenantId

Object

true

Deprecated..

organizationId

Object

true

Restricts results to Identities in the specified Organization (by Organization’s id.).

identityProviderId

Object

true

firstName

String

true

lastName

String

true

email

String

true

active

Boolean

true

Restricts results to Identities with a matching active status.

includeDeleted

Boolean

true

Default value: 'false'.

Request fields

No request body.

Response fields

Standard paging response where content field is list of following objects:

Path Type Optional Description

id

String

true

organizationId

String

true

firstName

String

true

lastName

String

true

email

String

true

identityMappings

Array[Object]

true

identityMappings[].id

String

true

identityMappings[].auth0UserId

String

true

identityMappings[].identityProviderId

String

true

identityMappings[].userIdentityId

String

true

active

Boolean

true

createdAt

Object

true

deletedAt

Object

true

Returns the date that the identity was deleted or null if the identity has not been deleted. Note, identities are marked as deleted and not returned from searches unless explicitly requested.

tenantId

String

true

Deprecated. The Tenant resource has been renamed to Organization. Use getOrganizationId().

Returns the id of the {@link Organization} that this identity is a member of.

name

String

true

type

String

true

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/user-identities' -i -X GET \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJoMDFSVTFGTjZlYWtmOTFabUZGQzdnIiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6IjI2MTMxNWViLWE0YWEtNDY4NS1hYjAyLWUzMmJkNDJlNzY5ZCIsImF1ZCI6ImlkZW50aXR5IiwiaWF0IjoxNzE1ODAwMTU5LCJleHAiOjE3MTU4MDM3NTksInBvbGljaWVzIjpbeyJyZXNvdXJjZXMiOlsibmZybjoqIl0sImFjdGlvbnMiOlsiKjoqIl19XSwiZ3JhbnRzLXN1cGVyIjoiW3tcImlkXCI6XCJiNzJlYTI4MS05ZDBkLTQ4NTktOWViMS1iN2Y0NGI0ZDllNjBcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTZ9LHtcImlkXCI6XCI0NTEwNmEzZi1jNjU3LTQ4YmMtYjVmNS0wYWFkNWQ5ODg0MGNcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNDh9LHtcImlkXCI6XCJmNWFlMzViMC01MjQwLTQzOTQtODA0Ni02NzA4ZTcxNWYzYzlcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTl9LHtcImlkXCI6XCIyNGU3ODRjOC03MGQ4LTQ1NTAtOTczNi01YTIwYjdhN2VhNDJcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTR9LHtcImlkXCI6XCI1YjY4OWFmYi1lNmNiLTQyY2EtYmYwZC0wNzQ3ZjExZDkwZjBcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNDV9LHtcImlkXCI6XCI5MmU1NGE4Zi00YmMwLTQ3NjYtYWY2MS1jMzgzY2Q5OGQzODBcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTd9LHtcImlkXCI6XCI2NzA2NzExYy03YjIwLTRjZGEtOGY2ZC05OTc4ZTM2MTc3MTdcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTV9LHtcImlkXCI6XCIxZWY3NzQzNC1mYjI0LTQ2MmQtOGIwNS03ZmQ5MThiYjAzZjJcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTB9XSIsImdyYW50cy1jdXN0b20iOiJbXSIsImdyYW50cy1wdWJsaWMiOiJbXSIsImdyYW50cy1hY3Rpb24iOiJbXSIsImdyYW50cy1zdGFuZGFyZCI6IltdIn0.ceGi_YsrMA6f6D0CdolAEhpUkH8N9xeDNPGwJrBU-UrWOtrHCEJMWygWq23qUQGvLhFCBe77Vp_AX2FmTplnPEKx5CfveKCx_qWHttCmZbo_3R67nHdcmVdOJxDsZwmjlYngPYrNfihLbwor3yygTMT7K1CPS1xGeBI8f2A53pmHKXkjW5K3QVMovS8gaLhZUewNtZGhYvV7GApHPLu0XMXjErWXaNkAiLCpAzR1QRV-jr3MSMPJQGufLyPP7Iz64JaIkOd4eepWYWo79X5Zfplc7fKnOFWw_8jkhJ4Dn5Q9qlS6Lhy4M6y86I7S_CclZ-gZngPPRe2GJjQnWosAzw'

Example response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 2059

[ {
  "id" : "167bb69c-ba2b-4d4a-9f18-32da5ad65e80",
  "organizationId" : "bed8e124-e63c-4659-8270-cbdece1eaf93",
  "firstName" : "First",
  "lastName" : "Last",
  "email" : "random-125@acme.com",
  "identityMappings" : [ {
    "id" : "db49a741-8805-486a-a31c-1652ee988fd8",
    "auth0UserId" : "auth0-opaque-userId-126",
    "identityProviderId" : "f052a343-ea06-4d50-9be3-3a31e5d90074",
    "userIdentityId" : "167bb69c-ba2b-4d4a-9f18-32da5ad65e80"
  } ],
  "active" : true,
  "createdAt" : {
    "nano" : 151626000,
    "epochSecond" : 1715800159
  },
  "deletedAt" : null,
  "tenantId" : "bed8e124-e63c-4659-8270-cbdece1eaf93",
  "name" : "First Last",
  "type" : "UserIdentity"
}, {
  "id" : "1ed2c0e3-fb83-4aed-808b-08e1a5745079",
  "organizationId" : "bed8e124-e63c-4659-8270-cbdece1eaf93",
  "firstName" : "Bobby",
  "lastName" : "White",
  "email" : "bobby.white@acme.com",
  "identityMappings" : [ {
    "id" : "77bdd9a6-318f-4918-a81e-542251f9840e",
    "auth0UserId" : "auth0-opaque-userId-136",
    "identityProviderId" : "f052a343-ea06-4d50-9be3-3a31e5d90074",
    "userIdentityId" : "1ed2c0e3-fb83-4aed-808b-08e1a5745079"
  } ],
  "active" : true,
  "createdAt" : {
    "nano" : 300144000,
    "epochSecond" : 1715800160
  },
  "deletedAt" : null,
  "tenantId" : "bed8e124-e63c-4659-8270-cbdece1eaf93",
  "name" : "Bobby White",
  "type" : "UserIdentity"
}, {
  "id" : "1f87e5a1-b867-4b9b-b14a-7df8436821ce",
  "organizationId" : "430fca18-3231-46cc-9e5f-a10e1efc3685",
  "firstName" : "First",
  "lastName" : "Last",
  "email" : "noreply@netfoundry.io",
  "identityMappings" : [ {
    "id" : "8b91a0a5-b12e-4e1e-b55f-1dba0e749acb",
    "auth0UserId" : "auth0-opaque-userId-113",
    "identityProviderId" : "537e29da-6b10-4d7c-8d22-cf11446925e2",
    "userIdentityId" : "1f87e5a1-b867-4b9b-b14a-7df8436821ce"
  } ],
  "active" : true,
  "createdAt" : {
    "nano" : 162496000,
    "epochSecond" : 1715800158
  },
  "deletedAt" : null,
  "tenantId" : "430fca18-3231-46cc-9e5f-a10e1efc3685",
  "name" : "First Last",
  "type" : "UserIdentity"
} ]

Get User Identity

GET /user-identities/{id:[a-fA-F0-9]{8}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{12}}

Get an User Identity by its id.

Authorization

Valid Authorization Bearer token required, along with a permission grant authorizing access to any referenced resources.

Path parameters

Parameter Type Optional Description

id

Object

false

The id of the desired Identity.

Query parameters

No parameters.

Request fields

No request body.

Response fields

Path Type Optional Description

id

String

true

organizationId

String

true

firstName

String

true

lastName

String

true

email

String

true

identityMappings

Array[Object]

true

identityMappings[].id

String

true

identityMappings[].auth0UserId

String

true

identityMappings[].identityProviderId

String

true

identityMappings[].userIdentityId

String

true

active

Boolean

true

createdAt

Object

true

deletedAt

Object

true

Returns the date that the identity was deleted or null if the identity has not been deleted. Note, identities are marked as deleted and not returned from searches unless explicitly requested.

tenantId

String

true

Deprecated. The Tenant resource has been renamed to Organization. Use getOrganizationId().

Returns the id of the {@link Organization} that this identity is a member of.

name

String

true

type

String

true

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/user-identities/bcd30635-cc78-475f-a0de-3824c69760fb' -i -X GET \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJoMDFSVTFGTjZlYWtmOTFabUZGQzdnIiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6IjI2MTMxNWViLWE0YWEtNDY4NS1hYjAyLWUzMmJkNDJlNzY5ZCIsImF1ZCI6ImlkZW50aXR5IiwiaWF0IjoxNzE1ODAwMTU5LCJleHAiOjE3MTU4MDM3NTksInBvbGljaWVzIjpbeyJyZXNvdXJjZXMiOlsibmZybjoqIl0sImFjdGlvbnMiOlsiKjoqIl19XSwiZ3JhbnRzLXN1cGVyIjoiW3tcImlkXCI6XCJiNzJlYTI4MS05ZDBkLTQ4NTktOWViMS1iN2Y0NGI0ZDllNjBcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTZ9LHtcImlkXCI6XCI0NTEwNmEzZi1jNjU3LTQ4YmMtYjVmNS0wYWFkNWQ5ODg0MGNcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNDh9LHtcImlkXCI6XCJmNWFlMzViMC01MjQwLTQzOTQtODA0Ni02NzA4ZTcxNWYzYzlcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTl9LHtcImlkXCI6XCIyNGU3ODRjOC03MGQ4LTQ1NTAtOTczNi01YTIwYjdhN2VhNDJcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTR9LHtcImlkXCI6XCI1YjY4OWFmYi1lNmNiLTQyY2EtYmYwZC0wNzQ3ZjExZDkwZjBcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNDV9LHtcImlkXCI6XCI5MmU1NGE4Zi00YmMwLTQ3NjYtYWY2MS1jMzgzY2Q5OGQzODBcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTd9LHtcImlkXCI6XCI2NzA2NzExYy03YjIwLTRjZGEtOGY2ZC05OTc4ZTM2MTc3MTdcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTV9LHtcImlkXCI6XCIxZWY3NzQzNC1mYjI0LTQ2MmQtOGIwNS03ZmQ5MThiYjAzZjJcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTB9XSIsImdyYW50cy1jdXN0b20iOiJbXSIsImdyYW50cy1wdWJsaWMiOiJbXSIsImdyYW50cy1hY3Rpb24iOiJbXSIsImdyYW50cy1zdGFuZGFyZCI6IltdIn0.ceGi_YsrMA6f6D0CdolAEhpUkH8N9xeDNPGwJrBU-UrWOtrHCEJMWygWq23qUQGvLhFCBe77Vp_AX2FmTplnPEKx5CfveKCx_qWHttCmZbo_3R67nHdcmVdOJxDsZwmjlYngPYrNfihLbwor3yygTMT7K1CPS1xGeBI8f2A53pmHKXkjW5K3QVMovS8gaLhZUewNtZGhYvV7GApHPLu0XMXjErWXaNkAiLCpAzR1QRV-jr3MSMPJQGufLyPP7Iz64JaIkOd4eepWYWo79X5Zfplc7fKnOFWw_8jkhJ4Dn5Q9qlS6Lhy4M6y86I7S_CclZ-gZngPPRe2GJjQnWosAzw'

Example response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 674

{
  "id" : "bcd30635-cc78-475f-a0de-3824c69760fb",
  "organizationId" : "bed8e124-e63c-4659-8270-cbdece1eaf93",
  "firstName" : "John",
  "lastName" : "Doe",
  "email" : "john.doe@acme.com",
  "identityMappings" : [ {
    "id" : "4f56d31c-cf84-4f3b-be29-266f1a663616",
    "auth0UserId" : "auth0-opaque-userId-3",
    "identityProviderId" : "f052a343-ea06-4d50-9be3-3a31e5d90074",
    "userIdentityId" : "bcd30635-cc78-475f-a0de-3824c69760fb"
  } ],
  "active" : true,
  "createdAt" : {
    "nano" : 623612000,
    "epochSecond" : 1715800145
  },
  "deletedAt" : null,
  "tenantId" : "bed8e124-e63c-4659-8270-cbdece1eaf93",
  "name" : "John Doe",
  "type" : "UserIdentity"
}

Get User Identity By Mapping

GET /user-identities/mapping/{auth0UserId}/{identityProviderId}

Authorization

Valid Authorization Bearer token required, along with a permission grant authorizing access to any referenced resources.

Path parameters

Parameter Type Optional Description

auth0UserId

String

false

identityProviderId

Object

false

Query parameters

No parameters.

Request fields

No request body.

Response fields

Path Type Optional Description

id

String

true

organizationId

String

true

firstName

String

true

lastName

String

true

email

String

true

identityMappings

Array[Object]

true

identityMappings[].id

String

true

identityMappings[].auth0UserId

String

true

identityMappings[].identityProviderId

String

true

identityMappings[].userIdentityId

String

true

active

Boolean

true

createdAt

Object

true

deletedAt

Object

true

Returns the date that the identity was deleted or null if the identity has not been deleted. Note, identities are marked as deleted and not returned from searches unless explicitly requested.

tenantId

String

true

Deprecated. The Tenant resource has been renamed to Organization. Use getOrganizationId().

Returns the id of the {@link Organization} that this identity is a member of.

name

String

true

type

String

true

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/user-identities/mapping/auth0-opaque-userId-3/f052a343-ea06-4d50-9be3-3a31e5d90074' -i -X GET \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJoMDFSVTFGTjZlYWtmOTFabUZGQzdnIiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6IjI2MTMxNWViLWE0YWEtNDY4NS1hYjAyLWUzMmJkNDJlNzY5ZCIsImF1ZCI6ImlkZW50aXR5IiwiaWF0IjoxNzE1ODAwMTU5LCJleHAiOjE3MTU4MDM3NTksInBvbGljaWVzIjpbeyJyZXNvdXJjZXMiOlsibmZybjoqIl0sImFjdGlvbnMiOlsiKjoqIl19XSwiZ3JhbnRzLXN1cGVyIjoiW3tcImlkXCI6XCJiNzJlYTI4MS05ZDBkLTQ4NTktOWViMS1iN2Y0NGI0ZDllNjBcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTZ9LHtcImlkXCI6XCI0NTEwNmEzZi1jNjU3LTQ4YmMtYjVmNS0wYWFkNWQ5ODg0MGNcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNDh9LHtcImlkXCI6XCJmNWFlMzViMC01MjQwLTQzOTQtODA0Ni02NzA4ZTcxNWYzYzlcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTl9LHtcImlkXCI6XCIyNGU3ODRjOC03MGQ4LTQ1NTAtOTczNi01YTIwYjdhN2VhNDJcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTR9LHtcImlkXCI6XCI1YjY4OWFmYi1lNmNiLTQyY2EtYmYwZC0wNzQ3ZjExZDkwZjBcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNDV9LHtcImlkXCI6XCI5MmU1NGE4Zi00YmMwLTQ3NjYtYWY2MS1jMzgzY2Q5OGQzODBcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTd9LHtcImlkXCI6XCI2NzA2NzExYy03YjIwLTRjZGEtOGY2ZC05OTc4ZTM2MTc3MTdcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTV9LHtcImlkXCI6XCIxZWY3NzQzNC1mYjI0LTQ2MmQtOGIwNS03ZmQ5MThiYjAzZjJcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTB9XSIsImdyYW50cy1jdXN0b20iOiJbXSIsImdyYW50cy1wdWJsaWMiOiJbXSIsImdyYW50cy1hY3Rpb24iOiJbXSIsImdyYW50cy1zdGFuZGFyZCI6IltdIn0.ceGi_YsrMA6f6D0CdolAEhpUkH8N9xeDNPGwJrBU-UrWOtrHCEJMWygWq23qUQGvLhFCBe77Vp_AX2FmTplnPEKx5CfveKCx_qWHttCmZbo_3R67nHdcmVdOJxDsZwmjlYngPYrNfihLbwor3yygTMT7K1CPS1xGeBI8f2A53pmHKXkjW5K3QVMovS8gaLhZUewNtZGhYvV7GApHPLu0XMXjErWXaNkAiLCpAzR1QRV-jr3MSMPJQGufLyPP7Iz64JaIkOd4eepWYWo79X5Zfplc7fKnOFWw_8jkhJ4Dn5Q9qlS6Lhy4M6y86I7S_CclZ-gZngPPRe2GJjQnWosAzw'

Example response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 674

{
  "id" : "bcd30635-cc78-475f-a0de-3824c69760fb",
  "organizationId" : "bed8e124-e63c-4659-8270-cbdece1eaf93",
  "firstName" : "John",
  "lastName" : "Doe",
  "email" : "john.doe@acme.com",
  "identityMappings" : [ {
    "id" : "4f56d31c-cf84-4f3b-be29-266f1a663616",
    "auth0UserId" : "auth0-opaque-userId-3",
    "identityProviderId" : "f052a343-ea06-4d50-9be3-3a31e5d90074",
    "userIdentityId" : "bcd30635-cc78-475f-a0de-3824c69760fb"
  } ],
  "active" : true,
  "createdAt" : {
    "nano" : 623612000,
    "epochSecond" : 1715800145
  },
  "deletedAt" : null,
  "tenantId" : "bed8e124-e63c-4659-8270-cbdece1eaf93",
  "name" : "John Doe",
  "type" : "UserIdentity"
}

Create Identity

POST /user-identities

Authorization

Valid Authorization Bearer token required, along with a permission grant authorizing access to any referenced resources.

Path parameters

No parameters.

Query parameters

No parameters.

Request fields

Path Type Optional Description

organizationId

String

true

firstName

String

true

lastName

String

true

email

String

true

Response fields

Path Type Optional Description

id

String

true

organizationId

String

true

firstName

String

true

lastName

String

true

email

String

true

identityMappings

Array[Object]

true

identityMappings[].id

String

true

identityMappings[].auth0UserId

String

true

identityMappings[].identityProviderId

String

true

identityMappings[].userIdentityId

String

true

active

Boolean

true

createdAt

Object

true

deletedAt

Object

true

Returns the date that the identity was deleted or null if the identity has not been deleted. Note, identities are marked as deleted and not returned from searches unless explicitly requested.

tenantId

String

true

Deprecated. The Tenant resource has been renamed to Organization. Use getOrganizationId().

Returns the id of the {@link Organization} that this identity is a member of.

name

String

true

type

String

true

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/user-identities' -i -X POST \
    -H 'Content-Type: application/json' \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJoMDFSVTFGTjZlYWtmOTFabUZGQzdnIiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6IjI2MTMxNWViLWE0YWEtNDY4NS1hYjAyLWUzMmJkNDJlNzY5ZCIsImF1ZCI6ImlkZW50aXR5IiwiaWF0IjoxNzE1ODAwMTU5LCJleHAiOjE3MTU4MDM3NTksInBvbGljaWVzIjpbeyJyZXNvdXJjZXMiOlsibmZybjoqIl0sImFjdGlvbnMiOlsiKjoqIl19XSwiZ3JhbnRzLXN1cGVyIjoiW3tcImlkXCI6XCJiNzJlYTI4MS05ZDBkLTQ4NTktOWViMS1iN2Y0NGI0ZDllNjBcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTZ9LHtcImlkXCI6XCI0NTEwNmEzZi1jNjU3LTQ4YmMtYjVmNS0wYWFkNWQ5ODg0MGNcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNDh9LHtcImlkXCI6XCJmNWFlMzViMC01MjQwLTQzOTQtODA0Ni02NzA4ZTcxNWYzYzlcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTl9LHtcImlkXCI6XCIyNGU3ODRjOC03MGQ4LTQ1NTAtOTczNi01YTIwYjdhN2VhNDJcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTR9LHtcImlkXCI6XCI1YjY4OWFmYi1lNmNiLTQyY2EtYmYwZC0wNzQ3ZjExZDkwZjBcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNDV9LHtcImlkXCI6XCI5MmU1NGE4Zi00YmMwLTQ3NjYtYWY2MS1jMzgzY2Q5OGQzODBcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTd9LHtcImlkXCI6XCI2NzA2NzExYy03YjIwLTRjZGEtOGY2ZC05OTc4ZTM2MTc3MTdcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTV9LHtcImlkXCI6XCIxZWY3NzQzNC1mYjI0LTQ2MmQtOGIwNS03ZmQ5MThiYjAzZjJcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTB9XSIsImdyYW50cy1jdXN0b20iOiJbXSIsImdyYW50cy1wdWJsaWMiOiJbXSIsImdyYW50cy1hY3Rpb24iOiJbXSIsImdyYW50cy1zdGFuZGFyZCI6IltdIn0.ceGi_YsrMA6f6D0CdolAEhpUkH8N9xeDNPGwJrBU-UrWOtrHCEJMWygWq23qUQGvLhFCBe77Vp_AX2FmTplnPEKx5CfveKCx_qWHttCmZbo_3R67nHdcmVdOJxDsZwmjlYngPYrNfihLbwor3yygTMT7K1CPS1xGeBI8f2A53pmHKXkjW5K3QVMovS8gaLhZUewNtZGhYvV7GApHPLu0XMXjErWXaNkAiLCpAzR1QRV-jr3MSMPJQGufLyPP7Iz64JaIkOd4eepWYWo79X5Zfplc7fKnOFWw_8jkhJ4Dn5Q9qlS6Lhy4M6y86I7S_CclZ-gZngPPRe2GJjQnWosAzw' \
    -d '{"organizationId":"bed8e124-e63c-4659-8270-cbdece1eaf93","firstName":"Jane","lastName":"Doe","email":"jane.doe@acme.com"}'

Example response

HTTP/1.1 201 Created
Content-Type: application/json
Content-Length: 443

{
  "id" : "f6fd88e7-f0cf-45f4-b31a-c284a177d889",
  "organizationId" : "bed8e124-e63c-4659-8270-cbdece1eaf93",
  "firstName" : "Jane",
  "lastName" : "Doe",
  "email" : "jane.doe@acme.com",
  "identityMappings" : [ ],
  "active" : true,
  "createdAt" : {
    "nano" : 480310000,
    "epochSecond" : 1715800161
  },
  "deletedAt" : null,
  "tenantId" : "bed8e124-e63c-4659-8270-cbdece1eaf93",
  "name" : "Jane Doe",
  "type" : "UserIdentity"
}

Update Identity Info

PUT /user-identities/{id}

Authorization

Valid Authorization Bearer token required, along with a permission grant authorizing access to any referenced resources.

Path parameters

Parameter Type Optional Description

id

Object

false

Query parameters

No parameters.

Request fields

Path Type Optional Description

firstName

String

true

lastName

String

true

email

String

true

Response fields

Path Type Optional Description

id

String

true

organizationId

String

true

firstName

String

true

lastName

String

true

email

String

true

identityMappings

Array[Object]

true

identityMappings[].id

String

true

identityMappings[].auth0UserId

String

true

identityMappings[].identityProviderId

String

true

identityMappings[].userIdentityId

String

true

active

Boolean

true

createdAt

Object

true

deletedAt

Object

true

Returns the date that the identity was deleted or null if the identity has not been deleted. Note, identities are marked as deleted and not returned from searches unless explicitly requested.

tenantId

String

true

Deprecated. The Tenant resource has been renamed to Organization. Use getOrganizationId().

Returns the id of the {@link Organization} that this identity is a member of.

name

String

true

type

String

true

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/user-identities/1ed2c0e3-fb83-4aed-808b-08e1a5745079' -i -X PUT \
    -H 'Content-Type: application/json' \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJoMDFSVTFGTjZlYWtmOTFabUZGQzdnIiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6IjI2MTMxNWViLWE0YWEtNDY4NS1hYjAyLWUzMmJkNDJlNzY5ZCIsImF1ZCI6ImlkZW50aXR5IiwiaWF0IjoxNzE1ODAwMTU5LCJleHAiOjE3MTU4MDM3NTksInBvbGljaWVzIjpbeyJyZXNvdXJjZXMiOlsibmZybjoqIl0sImFjdGlvbnMiOlsiKjoqIl19XSwiZ3JhbnRzLXN1cGVyIjoiW3tcImlkXCI6XCJiNzJlYTI4MS05ZDBkLTQ4NTktOWViMS1iN2Y0NGI0ZDllNjBcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTZ9LHtcImlkXCI6XCI0NTEwNmEzZi1jNjU3LTQ4YmMtYjVmNS0wYWFkNWQ5ODg0MGNcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNDh9LHtcImlkXCI6XCJmNWFlMzViMC01MjQwLTQzOTQtODA0Ni02NzA4ZTcxNWYzYzlcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTl9LHtcImlkXCI6XCIyNGU3ODRjOC03MGQ4LTQ1NTAtOTczNi01YTIwYjdhN2VhNDJcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTR9LHtcImlkXCI6XCI1YjY4OWFmYi1lNmNiLTQyY2EtYmYwZC0wNzQ3ZjExZDkwZjBcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNDV9LHtcImlkXCI6XCI5MmU1NGE4Zi00YmMwLTQ3NjYtYWY2MS1jMzgzY2Q5OGQzODBcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTd9LHtcImlkXCI6XCI2NzA2NzExYy03YjIwLTRjZGEtOGY2ZC05OTc4ZTM2MTc3MTdcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTV9LHtcImlkXCI6XCIxZWY3NzQzNC1mYjI0LTQ2MmQtOGIwNS03ZmQ5MThiYjAzZjJcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTB9XSIsImdyYW50cy1jdXN0b20iOiJbXSIsImdyYW50cy1wdWJsaWMiOiJbXSIsImdyYW50cy1hY3Rpb24iOiJbXSIsImdyYW50cy1zdGFuZGFyZCI6IltdIn0.ceGi_YsrMA6f6D0CdolAEhpUkH8N9xeDNPGwJrBU-UrWOtrHCEJMWygWq23qUQGvLhFCBe77Vp_AX2FmTplnPEKx5CfveKCx_qWHttCmZbo_3R67nHdcmVdOJxDsZwmjlYngPYrNfihLbwor3yygTMT7K1CPS1xGeBI8f2A53pmHKXkjW5K3QVMovS8gaLhZUewNtZGhYvV7GApHPLu0XMXjErWXaNkAiLCpAzR1QRV-jr3MSMPJQGufLyPP7Iz64JaIkOd4eepWYWo79X5Zfplc7fKnOFWw_8jkhJ4Dn5Q9qlS6Lhy4M6y86I7S_CclZ-gZngPPRe2GJjQnWosAzw' \
    -d '{"firstName":"Bobby","lastName":"White","email":"bobby.white@acme.com"}'

Example response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 685

{
  "id" : "1ed2c0e3-fb83-4aed-808b-08e1a5745079",
  "organizationId" : "bed8e124-e63c-4659-8270-cbdece1eaf93",
  "firstName" : "Bobby",
  "lastName" : "White",
  "email" : "bobby.white@acme.com",
  "identityMappings" : [ {
    "id" : "77bdd9a6-318f-4918-a81e-542251f9840e",
    "auth0UserId" : "auth0-opaque-userId-136",
    "identityProviderId" : "f052a343-ea06-4d50-9be3-3a31e5d90074",
    "userIdentityId" : "1ed2c0e3-fb83-4aed-808b-08e1a5745079"
  } ],
  "active" : true,
  "createdAt" : {
    "nano" : 300144000,
    "epochSecond" : 1715800160
  },
  "deletedAt" : null,
  "tenantId" : "bed8e124-e63c-4659-8270-cbdece1eaf93",
  "name" : "Bobby White",
  "type" : "UserIdentity"
}

Activate Or Deactivate User Identity

PUT /user-identities/{id}/{action:activate|deactivate}

Authorization

Valid Authorization Bearer token required, along with a permission grant authorizing access to any referenced resources.

Path parameters

Parameter Type Optional Description

id

Object

false

action

String

false

Query parameters

No parameters.

Request fields

No request body.

Response fields

Path Type Optional Description

id

String

true

organizationId

String

true

firstName

String

true

lastName

String

true

email

String

true

identityMappings

Array[Object]

true

identityMappings[].id

String

true

identityMappings[].auth0UserId

String

true

identityMappings[].identityProviderId

String

true

identityMappings[].userIdentityId

String

true

active

Boolean

true

createdAt

Object

true

deletedAt

Object

true

Returns the date that the identity was deleted or null if the identity has not been deleted. Note, identities are marked as deleted and not returned from searches unless explicitly requested.

tenantId

String

true

Deprecated. The Tenant resource has been renamed to Organization. Use getOrganizationId().

Returns the id of the {@link Organization} that this identity is a member of.

name

String

true

type

String

true

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/user-identities/b564711a-a8cc-4c17-a276-24efb739facb/deactivate' -i -X PUT \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJoMDFSVTFGTjZlYWtmOTFabUZGQzdnIiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6IjI2MTMxNWViLWE0YWEtNDY4NS1hYjAyLWUzMmJkNDJlNzY5ZCIsImF1ZCI6ImlkZW50aXR5IiwiaWF0IjoxNzE1ODAwMTU5LCJleHAiOjE3MTU4MDM3NTksInBvbGljaWVzIjpbeyJyZXNvdXJjZXMiOlsibmZybjoqIl0sImFjdGlvbnMiOlsiKjoqIl19XSwiZ3JhbnRzLXN1cGVyIjoiW3tcImlkXCI6XCJiNzJlYTI4MS05ZDBkLTQ4NTktOWViMS1iN2Y0NGI0ZDllNjBcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTZ9LHtcImlkXCI6XCI0NTEwNmEzZi1jNjU3LTQ4YmMtYjVmNS0wYWFkNWQ5ODg0MGNcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNDh9LHtcImlkXCI6XCJmNWFlMzViMC01MjQwLTQzOTQtODA0Ni02NzA4ZTcxNWYzYzlcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTl9LHtcImlkXCI6XCIyNGU3ODRjOC03MGQ4LTQ1NTAtOTczNi01YTIwYjdhN2VhNDJcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTR9LHtcImlkXCI6XCI1YjY4OWFmYi1lNmNiLTQyY2EtYmYwZC0wNzQ3ZjExZDkwZjBcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNDV9LHtcImlkXCI6XCI5MmU1NGE4Zi00YmMwLTQ3NjYtYWY2MS1jMzgzY2Q5OGQzODBcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTd9LHtcImlkXCI6XCI2NzA2NzExYy03YjIwLTRjZGEtOGY2ZC05OTc4ZTM2MTc3MTdcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTV9LHtcImlkXCI6XCIxZWY3NzQzNC1mYjI0LTQ2MmQtOGIwNS03ZmQ5MThiYjAzZjJcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTB9XSIsImdyYW50cy1jdXN0b20iOiJbXSIsImdyYW50cy1wdWJsaWMiOiJbXSIsImdyYW50cy1hY3Rpb24iOiJbXSIsImdyYW50cy1zdGFuZGFyZCI6IltdIn0.ceGi_YsrMA6f6D0CdolAEhpUkH8N9xeDNPGwJrBU-UrWOtrHCEJMWygWq23qUQGvLhFCBe77Vp_AX2FmTplnPEKx5CfveKCx_qWHttCmZbo_3R67nHdcmVdOJxDsZwmjlYngPYrNfihLbwor3yygTMT7K1CPS1xGeBI8f2A53pmHKXkjW5K3QVMovS8gaLhZUewNtZGhYvV7GApHPLu0XMXjErWXaNkAiLCpAzR1QRV-jr3MSMPJQGufLyPP7Iz64JaIkOd4eepWYWo79X5Zfplc7fKnOFWw_8jkhJ4Dn5Q9qlS6Lhy4M6y86I7S_CclZ-gZngPPRe2GJjQnWosAzw'

Example response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 683

{
  "id" : "b564711a-a8cc-4c17-a276-24efb739facb",
  "organizationId" : "bed8e124-e63c-4659-8270-cbdece1eaf93",
  "firstName" : "First",
  "lastName" : "Last",
  "email" : "random-137@acme.com",
  "identityMappings" : [ {
    "id" : "edd98edf-713e-43f8-ac0f-590c5f6292bd",
    "auth0UserId" : "auth0-opaque-userId-138",
    "identityProviderId" : "f052a343-ea06-4d50-9be3-3a31e5d90074",
    "userIdentityId" : "b564711a-a8cc-4c17-a276-24efb739facb"
  } ],
  "active" : false,
  "createdAt" : {
    "nano" : 466497000,
    "epochSecond" : 1715800160
  },
  "deletedAt" : null,
  "tenantId" : "bed8e124-e63c-4659-8270-cbdece1eaf93",
  "name" : "First Last",
  "type" : "UserIdentity"
}

Reset User Identity Mfa Settings

PUT /user-identities/{id}/reset-mfa

Calling this service will reset the user’s MFA settings. On their next login attempt, they will be required to setup their MFA settings again. This is useful if, for example, the user has replaced their phone and can no longer access their secondary authentication.

Authorization

Valid Authorization Bearer token required, along with a permission grant authorizing access to any referenced resources.

Path parameters

Parameter Type Optional Description

id

Object

false

The id of the user identity to reset.

Query parameters

No parameters.

Request fields

No request body.

Response fields

No response body.

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/user-identities/b8f66ebb-af12-4e3c-b224-7c37fd05530e/reset-mfa' -i -X PUT \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJoMDFSVTFGTjZlYWtmOTFabUZGQzdnIiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6IjI2MTMxNWViLWE0YWEtNDY4NS1hYjAyLWUzMmJkNDJlNzY5ZCIsImF1ZCI6ImlkZW50aXR5IiwiaWF0IjoxNzE1ODAwMTU5LCJleHAiOjE3MTU4MDM3NTksInBvbGljaWVzIjpbeyJyZXNvdXJjZXMiOlsibmZybjoqIl0sImFjdGlvbnMiOlsiKjoqIl19XSwiZ3JhbnRzLXN1cGVyIjoiW3tcImlkXCI6XCJiNzJlYTI4MS05ZDBkLTQ4NTktOWViMS1iN2Y0NGI0ZDllNjBcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTZ9LHtcImlkXCI6XCI0NTEwNmEzZi1jNjU3LTQ4YmMtYjVmNS0wYWFkNWQ5ODg0MGNcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNDh9LHtcImlkXCI6XCJmNWFlMzViMC01MjQwLTQzOTQtODA0Ni02NzA4ZTcxNWYzYzlcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTl9LHtcImlkXCI6XCIyNGU3ODRjOC03MGQ4LTQ1NTAtOTczNi01YTIwYjdhN2VhNDJcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTR9LHtcImlkXCI6XCI1YjY4OWFmYi1lNmNiLTQyY2EtYmYwZC0wNzQ3ZjExZDkwZjBcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNDV9LHtcImlkXCI6XCI5MmU1NGE4Zi00YmMwLTQ3NjYtYWY2MS1jMzgzY2Q5OGQzODBcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTd9LHtcImlkXCI6XCI2NzA2NzExYy03YjIwLTRjZGEtOGY2ZC05OTc4ZTM2MTc3MTdcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTV9LHtcImlkXCI6XCIxZWY3NzQzNC1mYjI0LTQ2MmQtOGIwNS03ZmQ5MThiYjAzZjJcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTB9XSIsImdyYW50cy1jdXN0b20iOiJbXSIsImdyYW50cy1wdWJsaWMiOiJbXSIsImdyYW50cy1hY3Rpb24iOiJbXSIsImdyYW50cy1zdGFuZGFyZCI6IltdIn0.ceGi_YsrMA6f6D0CdolAEhpUkH8N9xeDNPGwJrBU-UrWOtrHCEJMWygWq23qUQGvLhFCBe77Vp_AX2FmTplnPEKx5CfveKCx_qWHttCmZbo_3R67nHdcmVdOJxDsZwmjlYngPYrNfihLbwor3yygTMT7K1CPS1xGeBI8f2A53pmHKXkjW5K3QVMovS8gaLhZUewNtZGhYvV7GApHPLu0XMXjErWXaNkAiLCpAzR1QRV-jr3MSMPJQGufLyPP7Iz64JaIkOd4eepWYWo79X5Zfplc7fKnOFWw_8jkhJ4Dn5Q9qlS6Lhy4M6y86I7S_CclZ-gZngPPRe2GJjQnWosAzw'

Example response

HTTP/1.1 200 OK

Map Identity

POST /user-identities/{id}/mapping

Authorization

Valid Authorization Bearer token required, along with a permission grant authorizing access to any referenced resources.

Path parameters

Parameter Type Optional Description

id

Object

false

Query parameters

No parameters.

Request fields

Path Type Optional Description

auth0UserId

String

true

identityProviderId

String

true

Response fields

No response body.

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/user-identities/82cb1e02-e434-4600-8f92-a8cf3e781776/mapping' -i -X POST \
    -H 'Content-Type: application/json' \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJoMDFSVTFGTjZlYWtmOTFabUZGQzdnIiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6IjI2MTMxNWViLWE0YWEtNDY4NS1hYjAyLWUzMmJkNDJlNzY5ZCIsImF1ZCI6ImlkZW50aXR5IiwiaWF0IjoxNzE1ODAwMTU5LCJleHAiOjE3MTU4MDM3NTksInBvbGljaWVzIjpbeyJyZXNvdXJjZXMiOlsibmZybjoqIl0sImFjdGlvbnMiOlsiKjoqIl19XSwiZ3JhbnRzLXN1cGVyIjoiW3tcImlkXCI6XCJiNzJlYTI4MS05ZDBkLTQ4NTktOWViMS1iN2Y0NGI0ZDllNjBcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTZ9LHtcImlkXCI6XCI0NTEwNmEzZi1jNjU3LTQ4YmMtYjVmNS0wYWFkNWQ5ODg0MGNcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNDh9LHtcImlkXCI6XCJmNWFlMzViMC01MjQwLTQzOTQtODA0Ni02NzA4ZTcxNWYzYzlcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTl9LHtcImlkXCI6XCIyNGU3ODRjOC03MGQ4LTQ1NTAtOTczNi01YTIwYjdhN2VhNDJcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTR9LHtcImlkXCI6XCI1YjY4OWFmYi1lNmNiLTQyY2EtYmYwZC0wNzQ3ZjExZDkwZjBcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNDV9LHtcImlkXCI6XCI5MmU1NGE4Zi00YmMwLTQ3NjYtYWY2MS1jMzgzY2Q5OGQzODBcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTd9LHtcImlkXCI6XCI2NzA2NzExYy03YjIwLTRjZGEtOGY2ZC05OTc4ZTM2MTc3MTdcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTV9LHtcImlkXCI6XCIxZWY3NzQzNC1mYjI0LTQ2MmQtOGIwNS03ZmQ5MThiYjAzZjJcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTB9XSIsImdyYW50cy1jdXN0b20iOiJbXSIsImdyYW50cy1wdWJsaWMiOiJbXSIsImdyYW50cy1hY3Rpb24iOiJbXSIsImdyYW50cy1zdGFuZGFyZCI6IltdIn0.ceGi_YsrMA6f6D0CdolAEhpUkH8N9xeDNPGwJrBU-UrWOtrHCEJMWygWq23qUQGvLhFCBe77Vp_AX2FmTplnPEKx5CfveKCx_qWHttCmZbo_3R67nHdcmVdOJxDsZwmjlYngPYrNfihLbwor3yygTMT7K1CPS1xGeBI8f2A53pmHKXkjW5K3QVMovS8gaLhZUewNtZGhYvV7GApHPLu0XMXjErWXaNkAiLCpAzR1QRV-jr3MSMPJQGufLyPP7Iz64JaIkOd4eepWYWo79X5Zfplc7fKnOFWw_8jkhJ4Dn5Q9qlS6Lhy4M6y86I7S_CclZ-gZngPPRe2GJjQnWosAzw' \
    -d '{"auth0UserId":"new-auth0-userId:c91743e1-e1d8-4b29-9021-f8e72f844055","identityProviderId":"5758db8b-9cc4-454b-b4ae-20aa34a673a8"}'

Example response

HTTP/1.1 200 OK

API Account Identity

Find Api Account Identities

GET /api-account-identities

Returns a set of {@link ApiAccountIdentity}s that are visible to the requesting client and optionally filtered based on the submitted request parameters. optionally filtered based on the submitted request parameters.

Authorization

Valid Authorization Bearer token required, along with a permission grant authorizing access to any referenced resources.

Path parameters

No parameters.

Query parameters

Supports standard paging query parameters.

Parameter Type Optional Description

tenantId

Object

true

Deprecated..

organizationId

Object

true

Restricts results to Identities in the specified Organization (by Organization’s id.).

name

String

true

contactEmail

String

true

active

Boolean

true

Restricts results to Identities with a matching active status.

includeDeleted

Boolean

true

Default value: 'false'.

provider

String

true

Must be one of [Auth0, Cognito].

Request fields

No request body.

Response fields

Standard paging response where content field is list of following objects:

Path Type Optional Description

id

String

true

organizationId

String

true

auth0ClientId

String

true

awsCognitoClientId

String

true

authenticationUrl

String

true

The OAuth2 url where a client credentials grant flow should be performed.

name

String

true

contactEmail

String

true

description

String

true

active

Boolean

true

createdAt

Object

true

updatedAt

Object

true

deletedAt

Object

true

Returns the date that the identity was deleted or null if the identity has not been deleted. Note, identities are marked as deleted and not returned from searches unless explicitly requested.

email

String

true

tenantId

String

true

Deprecated. The Tenant resource has been renamed to Organization. Use getOrganizationId().

Returns the id of the {@link Organization} that this identity is a member of.

type

String

true

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/api-account-identities' -i -X GET \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJQZGd2U0xuckpoWmhNN2dxeUZpbzVBIiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6IjI2MTMxNWViLWE0YWEtNDY4NS1hYjAyLWUzMmJkNDJlNzY5ZCIsImF1ZCI6ImlkZW50aXR5IiwiaWF0IjoxNzE1ODAwMTYxLCJleHAiOjE3MTU4MDM3NjEsInBvbGljaWVzIjpbeyJyZXNvdXJjZXMiOlsibmZybjoqIl0sImFjdGlvbnMiOlsiKjoqIl19XSwiZ3JhbnRzLXN1cGVyIjoiW3tcImlkXCI6XCJiNzJlYTI4MS05ZDBkLTQ4NTktOWViMS1iN2Y0NGI0ZDllNjBcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTZ9LHtcImlkXCI6XCI0NTEwNmEzZi1jNjU3LTQ4YmMtYjVmNS0wYWFkNWQ5ODg0MGNcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNDh9LHtcImlkXCI6XCJmNWFlMzViMC01MjQwLTQzOTQtODA0Ni02NzA4ZTcxNWYzYzlcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTl9LHtcImlkXCI6XCIyNGU3ODRjOC03MGQ4LTQ1NTAtOTczNi01YTIwYjdhN2VhNDJcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTR9LHtcImlkXCI6XCI1YjY4OWFmYi1lNmNiLTQyY2EtYmYwZC0wNzQ3ZjExZDkwZjBcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNDV9LHtcImlkXCI6XCI5MmU1NGE4Zi00YmMwLTQ3NjYtYWY2MS1jMzgzY2Q5OGQzODBcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTd9LHtcImlkXCI6XCI2NzA2NzExYy03YjIwLTRjZGEtOGY2ZC05OTc4ZTM2MTc3MTdcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTV9LHtcImlkXCI6XCIxZWY3NzQzNC1mYjI0LTQ2MmQtOGIwNS03ZmQ5MThiYjAzZjJcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTB9LHtcImlkXCI6XCI4MGY2OTVjNi04MzgyLTRjMGMtOTM0Yy01YmEwODllMGEyNzJcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNjF9XSIsImdyYW50cy1jdXN0b20iOiJbXSIsImdyYW50cy1wdWJsaWMiOiJbXSIsImdyYW50cy1hY3Rpb24iOiJbXSIsImdyYW50cy1zdGFuZGFyZCI6IltdIn0.WJaDhOOkOGDSwQsbbcM983zYHspRcInxRy-FCJVZ4tIjM0IRI8A2f5I72_kUiOjBld-s30HjipP9pMvT467tdZrdjY5iKzGRmG-0ER6t96CMhmdS09GmG0MiELY3DEM-tGzFtEr9M-KRmGRTlGeLUGkV2c1N0jGNrT6NKp4fhqqaMdws6l-ZjnWMRvwpeiOlhnwt113z3EIfDmzN9Ny_R738R0Sp2cdMwsodnYORvV9CTm0qIialhea9mBB2ZdyFchrAdQVFGeFuUbrBVKaCa3tfY6HH1rFEoFTse-4uOinb9MUKMYcxoQ-vpmCx9w1xKXTjWAFlDg01PoNaxjONAw'

Example response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 2058

[ {
  "id" : "02145b84-267f-4af3-ae8e-62f1ef9b99ab",
  "organizationId" : "bed8e124-e63c-4659-8270-cbdece1eaf93",
  "auth0ClientId" : null,
  "awsCognitoClientId" : "06d1f1ab-ec65-4798-89e5-f5cd186cd92d|yolnvpex",
  "authenticationUrl" : "https://netfoundry-test-rnmbbe.auth.us-east-1.amazoncognito.com/oauth2/token",
  "name" : "Testing Limits",
  "contactEmail" : "a@acme.com",
  "description" : "description",
  "active" : true,
  "createdAt" : {
    "nano" : 957479000,
    "epochSecond" : 1715800169
  },
  "updatedAt" : null,
  "deletedAt" : null,
  "email" : "a@acme.com",
  "tenantId" : "bed8e124-e63c-4659-8270-cbdece1eaf93",
  "type" : "ApiAccountIdentity"
}, {
  "id" : "02557f3e-bebd-4399-a115-743a2c215944",
  "organizationId" : "bed8e124-e63c-4659-8270-cbdece1eaf93",
  "auth0ClientId" : "d17f14b8-0d67-48f2-be37-d43d9e6869cc",
  "awsCognitoClientId" : null,
  "authenticationUrl" : "http://127.0.0.1:1234/IdP/OAuth2/login",
  "name" : "api-account",
  "contactEmail" : "no-reply@acme.com",
  "description" : "This is an ACME non-interactive API client.",
  "active" : true,
  "createdAt" : {
    "nano" : 654178000,
    "epochSecond" : 1715800145
  },
  "updatedAt" : {
    "nano" : 628655000,
    "epochSecond" : 1715800162
  },
  "deletedAt" : null,
  "email" : "no-reply@acme.com",
  "tenantId" : "bed8e124-e63c-4659-8270-cbdece1eaf93",
  "type" : "ApiAccountIdentity"
}, {
  "id" : "03d096a9-dd93-46c0-93fb-1eda4287e520",
  "organizationId" : "bed8e124-e63c-4659-8270-cbdece1eaf93",
  "auth0ClientId" : null,
  "awsCognitoClientId" : "9eb118ab-628d-4590-9623-532da11ec68e|gurragho",
  "authenticationUrl" : "https://netfoundry-test-fxfkkl.auth.us-east-1.amazoncognito.com/oauth2/token",
  "name" : "Testing Limits",
  "contactEmail" : "a@acme.com",
  "description" : "description",
  "active" : true,
  "createdAt" : {
    "nano" : 106899000,
    "epochSecond" : 1715800176
  },
  "updatedAt" : null,
  "deletedAt" : null,
  "email" : "a@acme.com",
  "tenantId" : "bed8e124-e63c-4659-8270-cbdece1eaf93",
  "type" : "ApiAccountIdentity"
} ]

Get Api Account Identity

GET /api-account-identities/{id:[a-fA-F0-9]{8}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{12}}

Get an API Account Identity by its id.

Authorization

Valid Authorization Bearer token required, along with a permission grant authorizing access to any referenced resources.

Path parameters

Parameter Type Optional Description

id

Object

false

The id of the desired Identity.

Query parameters

No parameters.

Request fields

No request body.

Response fields

Path Type Optional Description

id

String

true

organizationId

String

true

auth0ClientId

String

true

awsCognitoClientId

String

true

authenticationUrl

String

true

The OAuth2 url where a client credentials grant flow should be performed.

name

String

true

contactEmail

String

true

description

String

true

active

Boolean

true

createdAt

Object

true

updatedAt

Object

true

deletedAt

Object

true

Returns the date that the identity was deleted or null if the identity has not been deleted. Note, identities are marked as deleted and not returned from searches unless explicitly requested.

email

String

true

tenantId

String

true

Deprecated. The Tenant resource has been renamed to Organization. Use getOrganizationId().

Returns the id of the {@link Organization} that this identity is a member of.

type

String

true

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/api-account-identities/02557f3e-bebd-4399-a115-743a2c215944' -i -X GET \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJQZGd2U0xuckpoWmhNN2dxeUZpbzVBIiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6IjI2MTMxNWViLWE0YWEtNDY4NS1hYjAyLWUzMmJkNDJlNzY5ZCIsImF1ZCI6ImlkZW50aXR5IiwiaWF0IjoxNzE1ODAwMTYxLCJleHAiOjE3MTU4MDM3NjEsInBvbGljaWVzIjpbeyJyZXNvdXJjZXMiOlsibmZybjoqIl0sImFjdGlvbnMiOlsiKjoqIl19XSwiZ3JhbnRzLXN1cGVyIjoiW3tcImlkXCI6XCJiNzJlYTI4MS05ZDBkLTQ4NTktOWViMS1iN2Y0NGI0ZDllNjBcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTZ9LHtcImlkXCI6XCI0NTEwNmEzZi1jNjU3LTQ4YmMtYjVmNS0wYWFkNWQ5ODg0MGNcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNDh9LHtcImlkXCI6XCJmNWFlMzViMC01MjQwLTQzOTQtODA0Ni02NzA4ZTcxNWYzYzlcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTl9LHtcImlkXCI6XCIyNGU3ODRjOC03MGQ4LTQ1NTAtOTczNi01YTIwYjdhN2VhNDJcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTR9LHtcImlkXCI6XCI1YjY4OWFmYi1lNmNiLTQyY2EtYmYwZC0wNzQ3ZjExZDkwZjBcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNDV9LHtcImlkXCI6XCI5MmU1NGE4Zi00YmMwLTQ3NjYtYWY2MS1jMzgzY2Q5OGQzODBcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTd9LHtcImlkXCI6XCI2NzA2NzExYy03YjIwLTRjZGEtOGY2ZC05OTc4ZTM2MTc3MTdcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTV9LHtcImlkXCI6XCIxZWY3NzQzNC1mYjI0LTQ2MmQtOGIwNS03ZmQ5MThiYjAzZjJcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTB9LHtcImlkXCI6XCI4MGY2OTVjNi04MzgyLTRjMGMtOTM0Yy01YmEwODllMGEyNzJcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNjF9XSIsImdyYW50cy1jdXN0b20iOiJbXSIsImdyYW50cy1wdWJsaWMiOiJbXSIsImdyYW50cy1hY3Rpb24iOiJbXSIsImdyYW50cy1zdGFuZGFyZCI6IltdIn0.WJaDhOOkOGDSwQsbbcM983zYHspRcInxRy-FCJVZ4tIjM0IRI8A2f5I72_kUiOjBld-s30HjipP9pMvT467tdZrdjY5iKzGRmG-0ER6t96CMhmdS09GmG0MiELY3DEM-tGzFtEr9M-KRmGRTlGeLUGkV2c1N0jGNrT6NKp4fhqqaMdws6l-ZjnWMRvwpeiOlhnwt113z3EIfDmzN9Ny_R738R0Sp2cdMwsodnYORvV9CTm0qIialhea9mBB2ZdyFchrAdQVFGeFuUbrBVKaCa3tfY6HH1rFEoFTse-4uOinb9MUKMYcxoQ-vpmCx9w1xKXTjWAFlDg01PoNaxjONAw'

Example response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 718

{
  "id" : "02557f3e-bebd-4399-a115-743a2c215944",
  "organizationId" : "bed8e124-e63c-4659-8270-cbdece1eaf93",
  "auth0ClientId" : "d17f14b8-0d67-48f2-be37-d43d9e6869cc",
  "awsCognitoClientId" : null,
  "authenticationUrl" : "http://127.0.0.1:1234/IdP/OAuth2/login",
  "name" : "api-account",
  "contactEmail" : "no-reply@acme.com",
  "description" : "This is an ACME non-interactive API client.",
  "active" : true,
  "createdAt" : {
    "nano" : 654178000,
    "epochSecond" : 1715800145
  },
  "updatedAt" : {
    "nano" : 628655000,
    "epochSecond" : 1715800162
  },
  "deletedAt" : null,
  "email" : "no-reply@acme.com",
  "tenantId" : "bed8e124-e63c-4659-8270-cbdece1eaf93",
  "type" : "ApiAccountIdentity"
}

Get Api Account Identity By Mapping

GET /api-account-identities/mapping/{clientId}

Authorization

Valid Authorization Bearer token required, along with a permission grant authorizing access to any referenced resources.

Path parameters

Parameter Type Optional Description

clientId

String

false

Query parameters

No parameters.

Request fields

No request body.

Response fields

Path Type Optional Description

id

String

true

organizationId

String

true

auth0ClientId

String

true

awsCognitoClientId

String

true

authenticationUrl

String

true

The OAuth2 url where a client credentials grant flow should be performed.

name

String

true

contactEmail

String

true

description

String

true

active

Boolean

true

createdAt

Object

true

updatedAt

Object

true

deletedAt

Object

true

Returns the date that the identity was deleted or null if the identity has not been deleted. Note, identities are marked as deleted and not returned from searches unless explicitly requested.

email

String

true

tenantId

String

true

Deprecated. The Tenant resource has been renamed to Organization. Use getOrganizationId().

Returns the id of the {@link Organization} that this identity is a member of.

type

String

true

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/api-account-identities/mapping/2be2eca3-75e9-46f3-acfc-70582fb393d5' -i -X GET \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJQZGd2U0xuckpoWmhNN2dxeUZpbzVBIiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6IjI2MTMxNWViLWE0YWEtNDY4NS1hYjAyLWUzMmJkNDJlNzY5ZCIsImF1ZCI6ImlkZW50aXR5IiwiaWF0IjoxNzE1ODAwMTYxLCJleHAiOjE3MTU4MDM3NjEsInBvbGljaWVzIjpbeyJyZXNvdXJjZXMiOlsibmZybjoqIl0sImFjdGlvbnMiOlsiKjoqIl19XSwiZ3JhbnRzLXN1cGVyIjoiW3tcImlkXCI6XCJiNzJlYTI4MS05ZDBkLTQ4NTktOWViMS1iN2Y0NGI0ZDllNjBcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTZ9LHtcImlkXCI6XCI0NTEwNmEzZi1jNjU3LTQ4YmMtYjVmNS0wYWFkNWQ5ODg0MGNcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNDh9LHtcImlkXCI6XCJmNWFlMzViMC01MjQwLTQzOTQtODA0Ni02NzA4ZTcxNWYzYzlcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTl9LHtcImlkXCI6XCIyNGU3ODRjOC03MGQ4LTQ1NTAtOTczNi01YTIwYjdhN2VhNDJcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTR9LHtcImlkXCI6XCI1YjY4OWFmYi1lNmNiLTQyY2EtYmYwZC0wNzQ3ZjExZDkwZjBcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNDV9LHtcImlkXCI6XCI5MmU1NGE4Zi00YmMwLTQ3NjYtYWY2MS1jMzgzY2Q5OGQzODBcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTd9LHtcImlkXCI6XCI2NzA2NzExYy03YjIwLTRjZGEtOGY2ZC05OTc4ZTM2MTc3MTdcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTV9LHtcImlkXCI6XCIxZWY3NzQzNC1mYjI0LTQ2MmQtOGIwNS03ZmQ5MThiYjAzZjJcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTB9LHtcImlkXCI6XCI4MGY2OTVjNi04MzgyLTRjMGMtOTM0Yy01YmEwODllMGEyNzJcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNjF9XSIsImdyYW50cy1jdXN0b20iOiJbXSIsImdyYW50cy1wdWJsaWMiOiJbXSIsImdyYW50cy1hY3Rpb24iOiJbXSIsImdyYW50cy1zdGFuZGFyZCI6IltdIn0.WJaDhOOkOGDSwQsbbcM983zYHspRcInxRy-FCJVZ4tIjM0IRI8A2f5I72_kUiOjBld-s30HjipP9pMvT467tdZrdjY5iKzGRmG-0ER6t96CMhmdS09GmG0MiELY3DEM-tGzFtEr9M-KRmGRTlGeLUGkV2c1N0jGNrT6NKp4fhqqaMdws6l-ZjnWMRvwpeiOlhnwt113z3EIfDmzN9Ny_R738R0Sp2cdMwsodnYORvV9CTm0qIialhea9mBB2ZdyFchrAdQVFGeFuUbrBVKaCa3tfY6HH1rFEoFTse-4uOinb9MUKMYcxoQ-vpmCx9w1xKXTjWAFlDg01PoNaxjONAw'

Example response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 686

{
  "id" : "f3ced73f-97e5-4e17-a4cd-ac1b1809312d",
  "organizationId" : "bed8e124-e63c-4659-8270-cbdece1eaf93",
  "auth0ClientId" : "2be2eca3-75e9-46f3-acfc-70582fb393d5",
  "awsCognitoClientId" : null,
  "authenticationUrl" : "http://127.0.0.1:1234/IdP/OAuth2/login",
  "name" : "ACME Internal Service-165",
  "contactEmail" : "service.admin-166@foo.com",
  "description" : "updatable API Account description-167",
  "active" : true,
  "createdAt" : {
    "nano" : 620144000,
    "epochSecond" : 1715800203
  },
  "updatedAt" : null,
  "deletedAt" : null,
  "email" : "service.admin-166@foo.com",
  "tenantId" : "bed8e124-e63c-4659-8270-cbdece1eaf93",
  "type" : "ApiAccountIdentity"
}

Create Api Account Identity

POST /api-account-identities

Authorization

Valid Authorization Bearer token required, along with a permission grant authorizing access to any referenced resources.

Path parameters

No parameters.

Query parameters

No parameters.

Request fields

Path Type Optional Description

organizationId

String

true

The id of the Organization within which this API Account should be created.

name

String

true

The user friendly name to assign to the API Account Identity. This value is for ease of administration.

contactEmail

String

true

An arbitrary email address to associate to the API Account Identity. This value is mainly for administrative purposes, to provide a point of contact for someone that presumably is knowledgeable about the usage of this API Account Identity.

description

String

true

A free form description.

grantDefaultRoles

Boolean

true

Optional flag that when true will result in the API Account Identity being granted the 'default' roles (Organization and Network Group Admin, at this time.) When false, no authorization, roles or otherwise, will be configured, and it is assumed that the caller has permission to manage permissions of this API Account Identity after the fact. This defaults to true if not specified in the request.

provider

String

true

The authorization provider that should be used. Either Auth0 or Cognito. Auth0 is deprecated, and Cognito should be used moving forward. Support for Auth0 will be dropped at a future point in time.

Must be one of [Auth0, Cognito].

Response fields

Path Type Optional Description

apiAccountIdentity

Object

true

apiAccountIdentity.id

String

true

apiAccountIdentity.organizationId

String

true

apiAccountIdentity.auth0ClientId

String

true

apiAccountIdentity.awsCognitoClientId

String

true

apiAccountIdentity.authenticationUrl

String

true

The OAuth2 url where a client credentials grant flow should be performed.

apiAccountIdentity.name

String

true

apiAccountIdentity.contactEmail

String

true

apiAccountIdentity.description

String

true

apiAccountIdentity.active

Boolean

true

apiAccountIdentity.createdAt

Object

true

apiAccountIdentity.updatedAt

Object

true

apiAccountIdentity.deletedAt

Object

true

Returns the date that the identity was deleted or null if the identity has not been deleted. Note, identities are marked as deleted and not returned from searches unless explicitly requested.

apiAccountIdentity.email

String

true

apiAccountIdentity.tenantId

String

true

Deprecated. The Tenant resource has been renamed to Organization. Use getOrganizationId().

Returns the id of the {@link Organization} that this identity is a member of.

apiAccountIdentity.type

String

true

clientId

String

true

The OAuth2 client id which must be passed to the OAuth2 provider at the specified authenticationUrl.

password

String

true

The OAuth2 client secret which must be passed to the OAuth2 provider at the specified authenticationUrl.

authenticationUrl

String

true

The url where the created client should authenticate, using a standard OAuth2 Client Credentials Grant Flow.

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/api-account-identities' -i -X POST \
    -H 'Content-Type: application/json' \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJQZGd2U0xuckpoWmhNN2dxeUZpbzVBIiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6IjI2MTMxNWViLWE0YWEtNDY4NS1hYjAyLWUzMmJkNDJlNzY5ZCIsImF1ZCI6ImlkZW50aXR5IiwiaWF0IjoxNzE1ODAwMTYxLCJleHAiOjE3MTU4MDM3NjEsInBvbGljaWVzIjpbeyJyZXNvdXJjZXMiOlsibmZybjoqIl0sImFjdGlvbnMiOlsiKjoqIl19XSwiZ3JhbnRzLXN1cGVyIjoiW3tcImlkXCI6XCJiNzJlYTI4MS05ZDBkLTQ4NTktOWViMS1iN2Y0NGI0ZDllNjBcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTZ9LHtcImlkXCI6XCI0NTEwNmEzZi1jNjU3LTQ4YmMtYjVmNS0wYWFkNWQ5ODg0MGNcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNDh9LHtcImlkXCI6XCJmNWFlMzViMC01MjQwLTQzOTQtODA0Ni02NzA4ZTcxNWYzYzlcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTl9LHtcImlkXCI6XCIyNGU3ODRjOC03MGQ4LTQ1NTAtOTczNi01YTIwYjdhN2VhNDJcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTR9LHtcImlkXCI6XCI1YjY4OWFmYi1lNmNiLTQyY2EtYmYwZC0wNzQ3ZjExZDkwZjBcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNDV9LHtcImlkXCI6XCI5MmU1NGE4Zi00YmMwLTQ3NjYtYWY2MS1jMzgzY2Q5OGQzODBcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTd9LHtcImlkXCI6XCI2NzA2NzExYy03YjIwLTRjZGEtOGY2ZC05OTc4ZTM2MTc3MTdcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTV9LHtcImlkXCI6XCIxZWY3NzQzNC1mYjI0LTQ2MmQtOGIwNS03ZmQ5MThiYjAzZjJcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTB9LHtcImlkXCI6XCI4MGY2OTVjNi04MzgyLTRjMGMtOTM0Yy01YmEwODllMGEyNzJcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNjF9XSIsImdyYW50cy1jdXN0b20iOiJbXSIsImdyYW50cy1wdWJsaWMiOiJbXSIsImdyYW50cy1hY3Rpb24iOiJbXSIsImdyYW50cy1zdGFuZGFyZCI6IltdIn0.WJaDhOOkOGDSwQsbbcM983zYHspRcInxRy-FCJVZ4tIjM0IRI8A2f5I72_kUiOjBld-s30HjipP9pMvT467tdZrdjY5iKzGRmG-0ER6t96CMhmdS09GmG0MiELY3DEM-tGzFtEr9M-KRmGRTlGeLUGkV2c1N0jGNrT6NKp4fhqqaMdws6l-ZjnWMRvwpeiOlhnwt113z3EIfDmzN9Ny_R738R0Sp2cdMwsodnYORvV9CTm0qIialhea9mBB2ZdyFchrAdQVFGeFuUbrBVKaCa3tfY6HH1rFEoFTse-4uOinb9MUKMYcxoQ-vpmCx9w1xKXTjWAFlDg01PoNaxjONAw' \
    -d '{"organizationId":"bed8e124-e63c-4659-8270-cbdece1eaf93","name":"HR Bridge Service","contactEmail":"hr.director@acme.com","description":"description goes here","grantDefaultRoles":true,"provider":"Cognito"}'

Example response

HTTP/1.1 201 Created
Content-Type: application/json
Content-Length: 940

{
  "apiAccountIdentity" : {
    "id" : "97615528-ec28-4b5b-82c0-23f2b10eb4ad",
    "organizationId" : "bed8e124-e63c-4659-8270-cbdece1eaf93",
    "auth0ClientId" : null,
    "awsCognitoClientId" : "8ea87b94-8738-4841-b348-962ad4768086|evgxquhk",
    "authenticationUrl" : "https://netfoundry-test-vqsnpk.auth.us-east-1.amazoncognito.com/oauth2/token",
    "name" : "HR Bridge Service",
    "contactEmail" : "hr.director@acme.com",
    "description" : "description goes here",
    "active" : true,
    "createdAt" : {
      "nano" : 251370000,
      "epochSecond" : 1715800168
    },
    "updatedAt" : null,
    "deletedAt" : null,
    "email" : "hr.director@acme.com",
    "tenantId" : "bed8e124-e63c-4659-8270-cbdece1eaf93",
    "type" : "ApiAccountIdentity"
  },
  "clientId" : "evgxquhk",
  "password" : "xlirnnfdhxltrvqnxydgvefq",
  "authenticationUrl" : "https://netfoundry-test-vqsnpk.auth.us-east-1.amazoncognito.com/oauth2/token"
}

Update Identity Info

PUT /api-account-identities/{id}

Authorization

Valid Authorization Bearer token required, along with a permission grant authorizing access to any referenced resources.

Path parameters

Parameter Type Optional Description

id

Object

false

Query parameters

No parameters.

Request fields

Path Type Optional Description

name

String

true

contactEmail

String

true

description

String

true

Response fields

Path Type Optional Description

id

String

true

organizationId

String

true

auth0ClientId

String

true

awsCognitoClientId

String

true

authenticationUrl

String

true

The OAuth2 url where a client credentials grant flow should be performed.

name

String

true

contactEmail

String

true

description

String

true

active

Boolean

true

createdAt

Object

true

updatedAt

Object

true

deletedAt

Object

true

Returns the date that the identity was deleted or null if the identity has not been deleted. Note, identities are marked as deleted and not returned from searches unless explicitly requested.

email

String

true

tenantId

String

true

Deprecated. The Tenant resource has been renamed to Organization. Use getOrganizationId().

Returns the id of the {@link Organization} that this identity is a member of.

type

String

true

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/api-account-identities/71dc5e4f-7045-4f47-bd61-d88f2d70aa37' -i -X PUT \
    -H 'Content-Type: application/json' \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJQZGd2U0xuckpoWmhNN2dxeUZpbzVBIiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6IjI2MTMxNWViLWE0YWEtNDY4NS1hYjAyLWUzMmJkNDJlNzY5ZCIsImF1ZCI6ImlkZW50aXR5IiwiaWF0IjoxNzE1ODAwMTYxLCJleHAiOjE3MTU4MDM3NjEsInBvbGljaWVzIjpbeyJyZXNvdXJjZXMiOlsibmZybjoqIl0sImFjdGlvbnMiOlsiKjoqIl19XSwiZ3JhbnRzLXN1cGVyIjoiW3tcImlkXCI6XCJiNzJlYTI4MS05ZDBkLTQ4NTktOWViMS1iN2Y0NGI0ZDllNjBcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTZ9LHtcImlkXCI6XCI0NTEwNmEzZi1jNjU3LTQ4YmMtYjVmNS0wYWFkNWQ5ODg0MGNcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNDh9LHtcImlkXCI6XCJmNWFlMzViMC01MjQwLTQzOTQtODA0Ni02NzA4ZTcxNWYzYzlcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTl9LHtcImlkXCI6XCIyNGU3ODRjOC03MGQ4LTQ1NTAtOTczNi01YTIwYjdhN2VhNDJcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTR9LHtcImlkXCI6XCI1YjY4OWFmYi1lNmNiLTQyY2EtYmYwZC0wNzQ3ZjExZDkwZjBcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNDV9LHtcImlkXCI6XCI5MmU1NGE4Zi00YmMwLTQ3NjYtYWY2MS1jMzgzY2Q5OGQzODBcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTd9LHtcImlkXCI6XCI2NzA2NzExYy03YjIwLTRjZGEtOGY2ZC05OTc4ZTM2MTc3MTdcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTV9LHtcImlkXCI6XCIxZWY3NzQzNC1mYjI0LTQ2MmQtOGIwNS03ZmQ5MThiYjAzZjJcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTB9LHtcImlkXCI6XCI4MGY2OTVjNi04MzgyLTRjMGMtOTM0Yy01YmEwODllMGEyNzJcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNjF9XSIsImdyYW50cy1jdXN0b20iOiJbXSIsImdyYW50cy1wdWJsaWMiOiJbXSIsImdyYW50cy1hY3Rpb24iOiJbXSIsImdyYW50cy1zdGFuZGFyZCI6IltdIn0.WJaDhOOkOGDSwQsbbcM983zYHspRcInxRy-FCJVZ4tIjM0IRI8A2f5I72_kUiOjBld-s30HjipP9pMvT467tdZrdjY5iKzGRmG-0ER6t96CMhmdS09GmG0MiELY3DEM-tGzFtEr9M-KRmGRTlGeLUGkV2c1N0jGNrT6NKp4fhqqaMdws6l-ZjnWMRvwpeiOlhnwt113z3EIfDmzN9Ny_R738R0Sp2cdMwsodnYORvV9CTm0qIialhea9mBB2ZdyFchrAdQVFGeFuUbrBVKaCa3tfY6HH1rFEoFTse-4uOinb9MUKMYcxoQ-vpmCx9w1xKXTjWAFlDg01PoNaxjONAw' \
    -d '{"name":"Robot","contactEmail":"robot@acme.com","description":"description here."}'

Example response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 679

{
  "id" : "71dc5e4f-7045-4f47-bd61-d88f2d70aa37",
  "organizationId" : "bed8e124-e63c-4659-8270-cbdece1eaf93",
  "auth0ClientId" : "aded196c-fa4f-4cf3-aa3f-50f9b171732d",
  "awsCognitoClientId" : null,
  "authenticationUrl" : "http://127.0.0.1:1234/IdP/OAuth2/login",
  "name" : "Robot",
  "contactEmail" : "robot@acme.com",
  "description" : "description here.",
  "active" : true,
  "createdAt" : {
    "nano" : 943171000,
    "epochSecond" : 1715800161
  },
  "updatedAt" : {
    "nano" : 35760000,
    "epochSecond" : 1715800162
  },
  "deletedAt" : null,
  "email" : "robot@acme.com",
  "tenantId" : "bed8e124-e63c-4659-8270-cbdece1eaf93",
  "type" : "ApiAccountIdentity"
}

Activate Or Deactivate Api Account Identity

PUT /api-account-identities/{id}/{action:activate|deactivate}

Authorization

Valid Authorization Bearer token required, along with a permission grant authorizing access to any referenced resources.

Path parameters

Parameter Type Optional Description

id

Object

false

action

String

false

Query parameters

No parameters.

Request fields

No request body.

Response fields

Path Type Optional Description

id

String

true

organizationId

String

true

auth0ClientId

String

true

awsCognitoClientId

String

true

authenticationUrl

String

true

The OAuth2 url where a client credentials grant flow should be performed.

name

String

true

contactEmail

String

true

description

String

true

active

Boolean

true

createdAt

Object

true

updatedAt

Object

true

deletedAt

Object

true

Returns the date that the identity was deleted or null if the identity has not been deleted. Note, identities are marked as deleted and not returned from searches unless explicitly requested.

email

String

true

tenantId

String

true

Deprecated. The Tenant resource has been renamed to Organization. Use getOrganizationId().

Returns the id of the {@link Organization} that this identity is a member of.

type

String

true

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/api-account-identities/fe5e9a1f-7325-47e4-880d-01f4b0cd1e32/deactivate' -i -X PUT \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJQZGd2U0xuckpoWmhNN2dxeUZpbzVBIiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6IjI2MTMxNWViLWE0YWEtNDY4NS1hYjAyLWUzMmJkNDJlNzY5ZCIsImF1ZCI6ImlkZW50aXR5IiwiaWF0IjoxNzE1ODAwMTYxLCJleHAiOjE3MTU4MDM3NjEsInBvbGljaWVzIjpbeyJyZXNvdXJjZXMiOlsibmZybjoqIl0sImFjdGlvbnMiOlsiKjoqIl19XSwiZ3JhbnRzLXN1cGVyIjoiW3tcImlkXCI6XCJiNzJlYTI4MS05ZDBkLTQ4NTktOWViMS1iN2Y0NGI0ZDllNjBcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTZ9LHtcImlkXCI6XCI0NTEwNmEzZi1jNjU3LTQ4YmMtYjVmNS0wYWFkNWQ5ODg0MGNcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNDh9LHtcImlkXCI6XCJmNWFlMzViMC01MjQwLTQzOTQtODA0Ni02NzA4ZTcxNWYzYzlcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTl9LHtcImlkXCI6XCIyNGU3ODRjOC03MGQ4LTQ1NTAtOTczNi01YTIwYjdhN2VhNDJcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTR9LHtcImlkXCI6XCI1YjY4OWFmYi1lNmNiLTQyY2EtYmYwZC0wNzQ3ZjExZDkwZjBcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNDV9LHtcImlkXCI6XCI5MmU1NGE4Zi00YmMwLTQ3NjYtYWY2MS1jMzgzY2Q5OGQzODBcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTd9LHtcImlkXCI6XCI2NzA2NzExYy03YjIwLTRjZGEtOGY2ZC05OTc4ZTM2MTc3MTdcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTV9LHtcImlkXCI6XCIxZWY3NzQzNC1mYjI0LTQ2MmQtOGIwNS03ZmQ5MThiYjAzZjJcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTB9LHtcImlkXCI6XCI4MGY2OTVjNi04MzgyLTRjMGMtOTM0Yy01YmEwODllMGEyNzJcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNjF9XSIsImdyYW50cy1jdXN0b20iOiJbXSIsImdyYW50cy1wdWJsaWMiOiJbXSIsImdyYW50cy1hY3Rpb24iOiJbXSIsImdyYW50cy1zdGFuZGFyZCI6IltdIn0.WJaDhOOkOGDSwQsbbcM983zYHspRcInxRy-FCJVZ4tIjM0IRI8A2f5I72_kUiOjBld-s30HjipP9pMvT467tdZrdjY5iKzGRmG-0ER6t96CMhmdS09GmG0MiELY3DEM-tGzFtEr9M-KRmGRTlGeLUGkV2c1N0jGNrT6NKp4fhqqaMdws6l-ZjnWMRvwpeiOlhnwt113z3EIfDmzN9Ny_R738R0Sp2cdMwsodnYORvV9CTm0qIialhea9mBB2ZdyFchrAdQVFGeFuUbrBVKaCa3tfY6HH1rFEoFTse-4uOinb9MUKMYcxoQ-vpmCx9w1xKXTjWAFlDg01PoNaxjONAw'

Example response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 743

{
  "id" : "fe5e9a1f-7325-47e4-880d-01f4b0cd1e32",
  "organizationId" : "bed8e124-e63c-4659-8270-cbdece1eaf93",
  "auth0ClientId" : "bc0706eb-3a44-4837-a2cc-dfecfb1ce587",
  "awsCognitoClientId" : null,
  "authenticationUrl" : "http://127.0.0.1:1234/IdP/OAuth2/login",
  "name" : "ACME Internal Service-159",
  "contactEmail" : "service.admin-160@foo.com",
  "description" : "updatable API Account description-161",
  "active" : false,
  "createdAt" : {
    "nano" : 468643000,
    "epochSecond" : 1715800203
  },
  "updatedAt" : {
    "nano" : 497129000,
    "epochSecond" : 1715800203
  },
  "deletedAt" : null,
  "email" : "service.admin-160@foo.com",
  "tenantId" : "bed8e124-e63c-4659-8270-cbdece1eaf93",
  "type" : "ApiAccountIdentity"
}

Invitation

Find Invitations

GET /invitations

Returns a set of Invitation instances based on the optional query parameters. The results will be constrained to the invitations that the client has authorization to view. Results may be further constrained by the setting any combination of query parameter values, which will logically AND’d together to form a filter for matching invitations. The states query parameter, unlike others, supports multiple values. For example, to retrieve a list of active invitations, specify states=Open,Declined,Expired.

Authorization

Valid Authorization Bearer token required, along with a permission grant authorizing access to any referenced resources.

Path parameters

No parameters.

Query parameters

Supports standard paging query parameters.

Parameter Type Optional Description

fromIdentityId

Object

true

The id of the identity that created the target invitation(s).

toTenantId

Object

true

Deprecated..

toOrganizationId

Object

true

The id of the organization that the resulting invitations are inviting into.

invitedEmailAddress

String

true

A full (no partial match support) email address to match against.

targetIdentityId

Object

true

The id of the identity that the invitation will/has assumed.

states

Object

true

One or more ,{@link State}, names to restrict the invitations returned.

Request fields

No request body.

Response fields

Standard paging response where content field is list of following objects:

Path Type Optional Description

id

String

true

fromIdentityId

String

true

toOrganizationId

String

true

invitedEmailAddress

String

true

expiration

Object

true

targetUserIdentityId

String

true

Optional. The identity id that the invited party will be mapped to should they accept the invite.

accepted

Boolean

true

revokedAt

Object

true

The date-time that this invitation was revoked. If null, then this invitation has not been revoked. An open invitation (accepted == null) can be revoked, which will prevent the invitation from being accepted or declined by a user. The accepted state remains null to reflect that it was never accepted or declined. A declined or expired invitation can be revoked after the fact. An accepted invitation can not be revoked retroactively. Finally, revoking an invitation is a terminal operation. Once revoked, no other action can be taken.

responseReceivedAt

Object

true

The date-time that this invitation was marked as accepted or declined. If null, then there has been no response (accept or decline) of this invitation. This is effectively the update timestamp of the accepted property of an invitation.

toTenantId

String

true

Deprecated. The Tenant resource has been renamed to Organization. Use getToOrganizationId().

Returns the id of the {@link Organization} that the recipient is being invited to join.

state

String

true

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/invitations' -i -X GET \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJDazJBdUtuTGVWOGtid3lTWWpHN2tRIiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6IjI2MTMxNWViLWE0YWEtNDY4NS1hYjAyLWUzMmJkNDJlNzY5ZCIsImF1ZCI6ImlkZW50aXR5IiwiaWF0IjoxNzE1ODAwMjA0LCJleHAiOjE3MTU4MDM4MDQsInBvbGljaWVzIjpbeyJyZXNvdXJjZXMiOlsibmZybjoqIl0sImFjdGlvbnMiOlsiKjoqIl19XSwiZ3JhbnRzLXN1cGVyIjoiW3tcImlkXCI6XCJiNzJlYTI4MS05ZDBkLTQ4NTktOWViMS1iN2Y0NGI0ZDllNjBcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTZ9LHtcImlkXCI6XCI3NWRiZmNiYy1lNDkxLTQwZDMtODY5OC0wN2JmMWNjMzA4NTlcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAyMDN9LHtcImlkXCI6XCI0NTEwNmEzZi1jNjU3LTQ4YmMtYjVmNS0wYWFkNWQ5ODg0MGNcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNDh9LHtcImlkXCI6XCJmNWFlMzViMC01MjQwLTQzOTQtODA0Ni02NzA4ZTcxNWYzYzlcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTl9LHtcImlkXCI6XCIzNzVlM2ViZS1kMGZkLTRhOGQtOWYyOC0yODczMjlhYjc2YTJcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAyMDR9LHtcImlkXCI6XCIyNGU3ODRjOC03MGQ4LTQ1NTAtOTczNi01YTIwYjdhN2VhNDJcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTR9LHtcImlkXCI6XCI1YjY4OWFmYi1lNmNiLTQyY2EtYmYwZC0wNzQ3ZjExZDkwZjBcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNDV9LHtcImlkXCI6XCI5MmU1NGE4Zi00YmMwLTQ3NjYtYWY2MS1jMzgzY2Q5OGQzODBcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTd9LHtcImlkXCI6XCI2NzA2NzExYy03YjIwLTRjZGEtOGY2ZC05OTc4ZTM2MTc3MTdcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTV9LHtcImlkXCI6XCIxZWY3NzQzNC1mYjI0LTQ2MmQtOGIwNS03ZmQ5MThiYjAzZjJcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTB9LHtcImlkXCI6XCI4MGY2OTVjNi04MzgyLTRjMGMtOTM0Yy01YmEwODllMGEyNzJcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNjF9XSIsImdyYW50cy1jdXN0b20iOiJbXSIsImdyYW50cy1wdWJsaWMiOiJbXSIsImdyYW50cy1hY3Rpb24iOiJbXSIsImdyYW50cy1zdGFuZGFyZCI6IltdIn0.EUFZlNHw7p6PX7mnQd7aXCNRmr_tQ9tIgMfyXLY3IsCfJRfXvJMFAazUIRS0Mqm4TBDcjNsmdMsgyHi0-wKjz6K-ZSsSnvReM5NAYym3EjA1G2SqVGsVXaNmIMlfIwHotyHUTI3MnKF9RnEvnqc-UZmdwK-foU-GxlGa0dNxhsCi3KsGLOFEMYWcI8yivj0I0J89aeQCK63yNK0SaCToJJCsffkFUei_vPJ8lDwTTlAYhlTedaSafDByhi5LS3Ay45wGCEJyuklZl72mrNOtWia8IB-IslprO5oPmCtx3Sv_41eBTaIwZ-poHyST7DBkO7X04CenySjRo_wVGpqwrQ'

Example response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 527

[ {
  "id" : "799d5242-ff9a-4821-a5a1-e94b111bd011",
  "fromIdentityId" : "261315eb-a4aa-4685-ab02-e32bd42e769d",
  "toOrganizationId" : "bed8e124-e63c-4659-8270-cbdece1eaf93",
  "invitedEmailAddress" : "new.employee@acme.com",
  "expiration" : {
    "nano" : 375238000,
    "epochSecond" : 1716405004
  },
  "targetUserIdentityId" : "6173cb95-3d52-4905-8dfc-2d60c32fc7ba",
  "accepted" : null,
  "revokedAt" : null,
  "responseReceivedAt" : null,
  "toTenantId" : "bed8e124-e63c-4659-8270-cbdece1eaf93",
  "state" : "Open"
} ]

Get Invitation By Id

GET /invitations/{id:[a-fA-F0-9]{8}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{12}}

Authorization

Valid Authorization Bearer token required, along with a permission grant authorizing access to any referenced resources.

Path parameters

Parameter Type Optional Description

id

Object

false

Query parameters

No parameters.

Request fields

No request body.

Response fields

Path Type Optional Description

id

String

true

fromIdentityId

String

true

toOrganizationId

String

true

invitedEmailAddress

String

true

expiration

Object

true

targetUserIdentityId

String

true

Optional. The identity id that the invited party will be mapped to should they accept the invite.

accepted

Boolean

true

revokedAt

Object

true

The date-time that this invitation was revoked. If null, then this invitation has not been revoked. An open invitation (accepted == null) can be revoked, which will prevent the invitation from being accepted or declined by a user. The accepted state remains null to reflect that it was never accepted or declined. A declined or expired invitation can be revoked after the fact. An accepted invitation can not be revoked retroactively. Finally, revoking an invitation is a terminal operation. Once revoked, no other action can be taken.

responseReceivedAt

Object

true

The date-time that this invitation was marked as accepted or declined. If null, then there has been no response (accept or decline) of this invitation. This is effectively the update timestamp of the accepted property of an invitation.

toTenantId

String

true

Deprecated. The Tenant resource has been renamed to Organization. Use getToOrganizationId().

Returns the id of the {@link Organization} that the recipient is being invited to join.

state

String

true

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/invitations/bd5101b1-2097-43a3-8598-c7710532d30c' -i -X GET \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJDazJBdUtuTGVWOGtid3lTWWpHN2tRIiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6IjI2MTMxNWViLWE0YWEtNDY4NS1hYjAyLWUzMmJkNDJlNzY5ZCIsImF1ZCI6ImlkZW50aXR5IiwiaWF0IjoxNzE1ODAwMjA0LCJleHAiOjE3MTU4MDM4MDQsInBvbGljaWVzIjpbeyJyZXNvdXJjZXMiOlsibmZybjoqIl0sImFjdGlvbnMiOlsiKjoqIl19XSwiZ3JhbnRzLXN1cGVyIjoiW3tcImlkXCI6XCJiNzJlYTI4MS05ZDBkLTQ4NTktOWViMS1iN2Y0NGI0ZDllNjBcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTZ9LHtcImlkXCI6XCI3NWRiZmNiYy1lNDkxLTQwZDMtODY5OC0wN2JmMWNjMzA4NTlcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAyMDN9LHtcImlkXCI6XCI0NTEwNmEzZi1jNjU3LTQ4YmMtYjVmNS0wYWFkNWQ5ODg0MGNcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNDh9LHtcImlkXCI6XCJmNWFlMzViMC01MjQwLTQzOTQtODA0Ni02NzA4ZTcxNWYzYzlcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTl9LHtcImlkXCI6XCIzNzVlM2ViZS1kMGZkLTRhOGQtOWYyOC0yODczMjlhYjc2YTJcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAyMDR9LHtcImlkXCI6XCIyNGU3ODRjOC03MGQ4LTQ1NTAtOTczNi01YTIwYjdhN2VhNDJcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTR9LHtcImlkXCI6XCI1YjY4OWFmYi1lNmNiLTQyY2EtYmYwZC0wNzQ3ZjExZDkwZjBcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNDV9LHtcImlkXCI6XCI5MmU1NGE4Zi00YmMwLTQ3NjYtYWY2MS1jMzgzY2Q5OGQzODBcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTd9LHtcImlkXCI6XCI2NzA2NzExYy03YjIwLTRjZGEtOGY2ZC05OTc4ZTM2MTc3MTdcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTV9LHtcImlkXCI6XCIxZWY3NzQzNC1mYjI0LTQ2MmQtOGIwNS03ZmQ5MThiYjAzZjJcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTB9LHtcImlkXCI6XCI4MGY2OTVjNi04MzgyLTRjMGMtOTM0Yy01YmEwODllMGEyNzJcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNjF9XSIsImdyYW50cy1jdXN0b20iOiJbXSIsImdyYW50cy1wdWJsaWMiOiJbXSIsImdyYW50cy1hY3Rpb24iOiJbXSIsImdyYW50cy1zdGFuZGFyZCI6IltdIn0.EUFZlNHw7p6PX7mnQd7aXCNRmr_tQ9tIgMfyXLY3IsCfJRfXvJMFAazUIRS0Mqm4TBDcjNsmdMsgyHi0-wKjz6K-ZSsSnvReM5NAYym3EjA1G2SqVGsVXaNmIMlfIwHotyHUTI3MnKF9RnEvnqc-UZmdwK-foU-GxlGa0dNxhsCi3KsGLOFEMYWcI8yivj0I0J89aeQCK63yNK0SaCToJJCsffkFUei_vPJ8lDwTTlAYhlTedaSafDByhi5LS3Ay45wGCEJyuklZl72mrNOtWia8IB-IslprO5oPmCtx3Sv_41eBTaIwZ-poHyST7DBkO7X04CenySjRo_wVGpqwrQ'

Example response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 527

{
  "id" : "bd5101b1-2097-43a3-8598-c7710532d30c",
  "fromIdentityId" : "bcd30635-cc78-475f-a0de-3824c69760fb",
  "toOrganizationId" : "bed8e124-e63c-4659-8270-cbdece1eaf93",
  "invitedEmailAddress" : "new.employee-186@acme.com",
  "expiration" : {
    "nano" : 710316000,
    "epochSecond" : 1716405004
  },
  "targetUserIdentityId" : "712be479-1e02-4c7f-b849-f2dd999e99cd",
  "accepted" : null,
  "revokedAt" : null,
  "responseReceivedAt" : null,
  "toTenantId" : "bed8e124-e63c-4659-8270-cbdece1eaf93",
  "state" : "Open"
}

Create Invitation

POST /invitations

Authorization

Valid Authorization Bearer token required, along with a permission grant authorizing access to any referenced resources.

Path parameters

No parameters.

Query parameters

No parameters.

Request fields

Path Type Optional Description

toOrganizationId

String

true

invitedEmailAddress

String

true

invitationUrl

String

true

targetUserIdentityId

String

true

Response fields

Path Type Optional Description

id

String

true

fromIdentityId

String

true

toOrganizationId

String

true

invitedEmailAddress

String

true

expiration

Object

true

targetUserIdentityId

String

true

Optional. The identity id that the invited party will be mapped to should they accept the invite.

accepted

Boolean

true

revokedAt

Object

true

The date-time that this invitation was revoked. If null, then this invitation has not been revoked. An open invitation (accepted == null) can be revoked, which will prevent the invitation from being accepted or declined by a user. The accepted state remains null to reflect that it was never accepted or declined. A declined or expired invitation can be revoked after the fact. An accepted invitation can not be revoked retroactively. Finally, revoking an invitation is a terminal operation. Once revoked, no other action can be taken.

responseReceivedAt

Object

true

The date-time that this invitation was marked as accepted or declined. If null, then there has been no response (accept or decline) of this invitation. This is effectively the update timestamp of the accepted property of an invitation.

toTenantId

String

true

Deprecated. The Tenant resource has been renamed to Organization. Use getToOrganizationId().

Returns the id of the {@link Organization} that the recipient is being invited to join.

state

String

true

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/invitations' -i -X POST \
    -H 'Content-Type: application/json' \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJDazJBdUtuTGVWOGtid3lTWWpHN2tRIiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6IjI2MTMxNWViLWE0YWEtNDY4NS1hYjAyLWUzMmJkNDJlNzY5ZCIsImF1ZCI6ImlkZW50aXR5IiwiaWF0IjoxNzE1ODAwMjA0LCJleHAiOjE3MTU4MDM4MDQsInBvbGljaWVzIjpbeyJyZXNvdXJjZXMiOlsibmZybjoqIl0sImFjdGlvbnMiOlsiKjoqIl19XSwiZ3JhbnRzLXN1cGVyIjoiW3tcImlkXCI6XCJiNzJlYTI4MS05ZDBkLTQ4NTktOWViMS1iN2Y0NGI0ZDllNjBcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTZ9LHtcImlkXCI6XCI3NWRiZmNiYy1lNDkxLTQwZDMtODY5OC0wN2JmMWNjMzA4NTlcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAyMDN9LHtcImlkXCI6XCI0NTEwNmEzZi1jNjU3LTQ4YmMtYjVmNS0wYWFkNWQ5ODg0MGNcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNDh9LHtcImlkXCI6XCJmNWFlMzViMC01MjQwLTQzOTQtODA0Ni02NzA4ZTcxNWYzYzlcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTl9LHtcImlkXCI6XCIzNzVlM2ViZS1kMGZkLTRhOGQtOWYyOC0yODczMjlhYjc2YTJcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAyMDR9LHtcImlkXCI6XCIyNGU3ODRjOC03MGQ4LTQ1NTAtOTczNi01YTIwYjdhN2VhNDJcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTR9LHtcImlkXCI6XCI1YjY4OWFmYi1lNmNiLTQyY2EtYmYwZC0wNzQ3ZjExZDkwZjBcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNDV9LHtcImlkXCI6XCI5MmU1NGE4Zi00YmMwLTQ3NjYtYWY2MS1jMzgzY2Q5OGQzODBcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTd9LHtcImlkXCI6XCI2NzA2NzExYy03YjIwLTRjZGEtOGY2ZC05OTc4ZTM2MTc3MTdcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTV9LHtcImlkXCI6XCIxZWY3NzQzNC1mYjI0LTQ2MmQtOGIwNS03ZmQ5MThiYjAzZjJcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTB9LHtcImlkXCI6XCI4MGY2OTVjNi04MzgyLTRjMGMtOTM0Yy01YmEwODllMGEyNzJcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNjF9XSIsImdyYW50cy1jdXN0b20iOiJbXSIsImdyYW50cy1wdWJsaWMiOiJbXSIsImdyYW50cy1hY3Rpb24iOiJbXSIsImdyYW50cy1zdGFuZGFyZCI6IltdIn0.EUFZlNHw7p6PX7mnQd7aXCNRmr_tQ9tIgMfyXLY3IsCfJRfXvJMFAazUIRS0Mqm4TBDcjNsmdMsgyHi0-wKjz6K-ZSsSnvReM5NAYym3EjA1G2SqVGsVXaNmIMlfIwHotyHUTI3MnKF9RnEvnqc-UZmdwK-foU-GxlGa0dNxhsCi3KsGLOFEMYWcI8yivj0I0J89aeQCK63yNK0SaCToJJCsffkFUei_vPJ8lDwTTlAYhlTedaSafDByhi5LS3Ay45wGCEJyuklZl72mrNOtWia8IB-IslprO5oPmCtx3Sv_41eBTaIwZ-poHyST7DBkO7X04CenySjRo_wVGpqwrQ' \
    -d '{"toOrganizationId":"bed8e124-e63c-4659-8270-cbdece1eaf93","invitedEmailAddress":"new.employee@acme.com","invitationUrl":"http://acme.console.netfoundry.io/invitation","targetUserIdentityId":"6173cb95-3d52-4905-8dfc-2d60c32fc7ba"}'

Example response

HTTP/1.1 201 Created
Content-Type: application/json
Content-Length: 523

{
  "id" : "799d5242-ff9a-4821-a5a1-e94b111bd011",
  "fromIdentityId" : "261315eb-a4aa-4685-ab02-e32bd42e769d",
  "toOrganizationId" : "bed8e124-e63c-4659-8270-cbdece1eaf93",
  "invitedEmailAddress" : "new.employee@acme.com",
  "expiration" : {
    "nano" : 375238000,
    "epochSecond" : 1716405004
  },
  "targetUserIdentityId" : "6173cb95-3d52-4905-8dfc-2d60c32fc7ba",
  "accepted" : null,
  "revokedAt" : null,
  "responseReceivedAt" : null,
  "toTenantId" : "bed8e124-e63c-4659-8270-cbdece1eaf93",
  "state" : "Open"
}

Respond To Invitation

PUT /invitations/{id:[a-fA-F0-9]{8}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{12}}/{action:accept|decline}

This is not the typical way to accept or decline an invitation. See {@link InvitationFlowController}. This service is a straight update of the Invitation. It does not map the calling user, nor any other related activity. It simply updates the state of the Invitation.

Authorization

Valid Authorization Bearer token required, along with a permission grant authorizing access to any referenced resources.

Path parameters

Parameter Type Optional Description

id

Object

false

action

String

false

Query parameters

No parameters.

Request fields

No request body.

Response fields

Path Type Optional Description

id

String

true

fromIdentityId

String

true

toOrganizationId

String

true

invitedEmailAddress

String

true

expiration

Object

true

targetUserIdentityId

String

true

Optional. The identity id that the invited party will be mapped to should they accept the invite.

accepted

Boolean

true

revokedAt

Object

true

The date-time that this invitation was revoked. If null, then this invitation has not been revoked. An open invitation (accepted == null) can be revoked, which will prevent the invitation from being accepted or declined by a user. The accepted state remains null to reflect that it was never accepted or declined. A declined or expired invitation can be revoked after the fact. An accepted invitation can not be revoked retroactively. Finally, revoking an invitation is a terminal operation. Once revoked, no other action can be taken.

responseReceivedAt

Object

true

The date-time that this invitation was marked as accepted or declined. If null, then there has been no response (accept or decline) of this invitation. This is effectively the update timestamp of the accepted property of an invitation.

toTenantId

String

true

Deprecated. The Tenant resource has been renamed to Organization. Use getToOrganizationId().

Returns the id of the {@link Organization} that the recipient is being invited to join.

state

String

true

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/invitations/740d5629-84a5-4599-87b0-7855e5d30a09/decline' -i -X PUT \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJDazJBdUtuTGVWOGtid3lTWWpHN2tRIiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6IjI2MTMxNWViLWE0YWEtNDY4NS1hYjAyLWUzMmJkNDJlNzY5ZCIsImF1ZCI6ImlkZW50aXR5IiwiaWF0IjoxNzE1ODAwMjA0LCJleHAiOjE3MTU4MDM4MDQsInBvbGljaWVzIjpbeyJyZXNvdXJjZXMiOlsibmZybjoqIl0sImFjdGlvbnMiOlsiKjoqIl19XSwiZ3JhbnRzLXN1cGVyIjoiW3tcImlkXCI6XCJiNzJlYTI4MS05ZDBkLTQ4NTktOWViMS1iN2Y0NGI0ZDllNjBcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTZ9LHtcImlkXCI6XCI3NWRiZmNiYy1lNDkxLTQwZDMtODY5OC0wN2JmMWNjMzA4NTlcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAyMDN9LHtcImlkXCI6XCI0NTEwNmEzZi1jNjU3LTQ4YmMtYjVmNS0wYWFkNWQ5ODg0MGNcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNDh9LHtcImlkXCI6XCJmNWFlMzViMC01MjQwLTQzOTQtODA0Ni02NzA4ZTcxNWYzYzlcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTl9LHtcImlkXCI6XCIzNzVlM2ViZS1kMGZkLTRhOGQtOWYyOC0yODczMjlhYjc2YTJcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAyMDR9LHtcImlkXCI6XCIyNGU3ODRjOC03MGQ4LTQ1NTAtOTczNi01YTIwYjdhN2VhNDJcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTR9LHtcImlkXCI6XCI1YjY4OWFmYi1lNmNiLTQyY2EtYmYwZC0wNzQ3ZjExZDkwZjBcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNDV9LHtcImlkXCI6XCI5MmU1NGE4Zi00YmMwLTQ3NjYtYWY2MS1jMzgzY2Q5OGQzODBcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTd9LHtcImlkXCI6XCI2NzA2NzExYy03YjIwLTRjZGEtOGY2ZC05OTc4ZTM2MTc3MTdcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTV9LHtcImlkXCI6XCIxZWY3NzQzNC1mYjI0LTQ2MmQtOGIwNS03ZmQ5MThiYjAzZjJcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTB9LHtcImlkXCI6XCI4MGY2OTVjNi04MzgyLTRjMGMtOTM0Yy01YmEwODllMGEyNzJcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNjF9XSIsImdyYW50cy1jdXN0b20iOiJbXSIsImdyYW50cy1wdWJsaWMiOiJbXSIsImdyYW50cy1hY3Rpb24iOiJbXSIsImdyYW50cy1zdGFuZGFyZCI6IltdIn0.EUFZlNHw7p6PX7mnQd7aXCNRmr_tQ9tIgMfyXLY3IsCfJRfXvJMFAazUIRS0Mqm4TBDcjNsmdMsgyHi0-wKjz6K-ZSsSnvReM5NAYym3EjA1G2SqVGsVXaNmIMlfIwHotyHUTI3MnKF9RnEvnqc-UZmdwK-foU-GxlGa0dNxhsCi3KsGLOFEMYWcI8yivj0I0J89aeQCK63yNK0SaCToJJCsffkFUei_vPJ8lDwTTlAYhlTedaSafDByhi5LS3Ay45wGCEJyuklZl72mrNOtWia8IB-IslprO5oPmCtx3Sv_41eBTaIwZ-poHyST7DBkO7X04CenySjRo_wVGpqwrQ'

Example response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 588

{
  "id" : "740d5629-84a5-4599-87b0-7855e5d30a09",
  "fromIdentityId" : "bcd30635-cc78-475f-a0de-3824c69760fb",
  "toOrganizationId" : "bed8e124-e63c-4659-8270-cbdece1eaf93",
  "invitedEmailAddress" : "new.employee-183@acme.com",
  "expiration" : {
    "nano" : 660923000,
    "epochSecond" : 1716405004
  },
  "targetUserIdentityId" : "f2eb4d75-ceb9-4953-81bc-7269433f5362",
  "accepted" : false,
  "revokedAt" : null,
  "responseReceivedAt" : {
    "nano" : 671017000,
    "epochSecond" : 1715800204
  },
  "toTenantId" : "bed8e124-e63c-4659-8270-cbdece1eaf93",
  "state" : "Declined"
}

Revoke Invitation

PUT /invitations/{id:[a-fA-F0-9]{8}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{12}}/revoke

This service will revoke the specified invitation if it is in a state that permits revoke.

Authorization

Valid Authorization Bearer token required, along with a permission grant authorizing access to any referenced resources.

Path parameters

Parameter Type Optional Description

id

Object

false

Query parameters

No parameters.

Request fields

No request body.

Response fields

Path Type Optional Description

id

String

true

fromIdentityId

String

true

toOrganizationId

String

true

invitedEmailAddress

String

true

expiration

Object

true

targetUserIdentityId

String

true

Optional. The identity id that the invited party will be mapped to should they accept the invite.

accepted

Boolean

true

revokedAt

Object

true

The date-time that this invitation was revoked. If null, then this invitation has not been revoked. An open invitation (accepted == null) can be revoked, which will prevent the invitation from being accepted or declined by a user. The accepted state remains null to reflect that it was never accepted or declined. A declined or expired invitation can be revoked after the fact. An accepted invitation can not be revoked retroactively. Finally, revoking an invitation is a terminal operation. Once revoked, no other action can be taken.

responseReceivedAt

Object

true

The date-time that this invitation was marked as accepted or declined. If null, then there has been no response (accept or decline) of this invitation. This is effectively the update timestamp of the accepted property of an invitation.

toTenantId

String

true

Deprecated. The Tenant resource has been renamed to Organization. Use getToOrganizationId().

Returns the id of the {@link Organization} that the recipient is being invited to join.

state

String

true

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/invitations/864938ec-af1d-4abb-89ea-40bc6cd2404f/revoke' -i -X PUT \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJDazJBdUtuTGVWOGtid3lTWWpHN2tRIiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6IjI2MTMxNWViLWE0YWEtNDY4NS1hYjAyLWUzMmJkNDJlNzY5ZCIsImF1ZCI6ImlkZW50aXR5IiwiaWF0IjoxNzE1ODAwMjA0LCJleHAiOjE3MTU4MDM4MDQsInBvbGljaWVzIjpbeyJyZXNvdXJjZXMiOlsibmZybjoqIl0sImFjdGlvbnMiOlsiKjoqIl19XSwiZ3JhbnRzLXN1cGVyIjoiW3tcImlkXCI6XCJiNzJlYTI4MS05ZDBkLTQ4NTktOWViMS1iN2Y0NGI0ZDllNjBcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTZ9LHtcImlkXCI6XCI3NWRiZmNiYy1lNDkxLTQwZDMtODY5OC0wN2JmMWNjMzA4NTlcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAyMDN9LHtcImlkXCI6XCI0NTEwNmEzZi1jNjU3LTQ4YmMtYjVmNS0wYWFkNWQ5ODg0MGNcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNDh9LHtcImlkXCI6XCJmNWFlMzViMC01MjQwLTQzOTQtODA0Ni02NzA4ZTcxNWYzYzlcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTl9LHtcImlkXCI6XCIzNzVlM2ViZS1kMGZkLTRhOGQtOWYyOC0yODczMjlhYjc2YTJcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAyMDR9LHtcImlkXCI6XCIyNGU3ODRjOC03MGQ4LTQ1NTAtOTczNi01YTIwYjdhN2VhNDJcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTR9LHtcImlkXCI6XCI1YjY4OWFmYi1lNmNiLTQyY2EtYmYwZC0wNzQ3ZjExZDkwZjBcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNDV9LHtcImlkXCI6XCI5MmU1NGE4Zi00YmMwLTQ3NjYtYWY2MS1jMzgzY2Q5OGQzODBcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTd9LHtcImlkXCI6XCI2NzA2NzExYy03YjIwLTRjZGEtOGY2ZC05OTc4ZTM2MTc3MTdcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTV9LHtcImlkXCI6XCIxZWY3NzQzNC1mYjI0LTQ2MmQtOGIwNS03ZmQ5MThiYjAzZjJcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTB9LHtcImlkXCI6XCI4MGY2OTVjNi04MzgyLTRjMGMtOTM0Yy01YmEwODllMGEyNzJcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNjF9XSIsImdyYW50cy1jdXN0b20iOiJbXSIsImdyYW50cy1wdWJsaWMiOiJbXSIsImdyYW50cy1hY3Rpb24iOiJbXSIsImdyYW50cy1zdGFuZGFyZCI6IltdIn0.EUFZlNHw7p6PX7mnQd7aXCNRmr_tQ9tIgMfyXLY3IsCfJRfXvJMFAazUIRS0Mqm4TBDcjNsmdMsgyHi0-wKjz6K-ZSsSnvReM5NAYym3EjA1G2SqVGsVXaNmIMlfIwHotyHUTI3MnKF9RnEvnqc-UZmdwK-foU-GxlGa0dNxhsCi3KsGLOFEMYWcI8yivj0I0J89aeQCK63yNK0SaCToJJCsffkFUei_vPJ8lDwTTlAYhlTedaSafDByhi5LS3Ay45wGCEJyuklZl72mrNOtWia8IB-IslprO5oPmCtx3Sv_41eBTaIwZ-poHyST7DBkO7X04CenySjRo_wVGpqwrQ'

Example response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 642

{
  "id" : "864938ec-af1d-4abb-89ea-40bc6cd2404f",
  "fromIdentityId" : "bcd30635-cc78-475f-a0de-3824c69760fb",
  "toOrganizationId" : "bed8e124-e63c-4659-8270-cbdece1eaf93",
  "invitedEmailAddress" : "new.employee-189@acme.com",
  "expiration" : {
    "nano" : 768146000,
    "epochSecond" : 1716405004
  },
  "targetUserIdentityId" : "2cf63488-73c9-48ab-a9e5-b9d5d068e088",
  "accepted" : null,
  "revokedAt" : {
    "nano" : 780710000,
    "epochSecond" : 1715800204
  },
  "responseReceivedAt" : {
    "nano" : 780713000,
    "epochSecond" : 1715800204
  },
  "toTenantId" : "bed8e124-e63c-4659-8270-cbdece1eaf93",
  "state" : "Revoked"
}

Support

Create Support Request

POST /nfconsole/support/requests

Authorization

Authorization not required for this request.

Path parameters

No parameters.

Query parameters

No parameters.

Request fields

Path Type Optional Description

name

String

true

The name of the user. This is a required value if the request is submitted by a client that is not currently authenticated. In this unauthenticated case, this name is used in the support request ticket that is created. If the request comes from an authenticated client, then this property should be ignored (not sent), as the API will overwrite it with the name of the authenticated identity.

email

String

true

The email of the user. This is a required value if the request is submitted by a client that is not currently authenticated. In this unauthenticated case, this email is used in the support request ticket that is created. If the request comes from an authenticated client, then this property should be ignored (not sent), as the API will overwrite it with the email of the authenticated identity.

selectedOrganizationId

String

true

The id of an organization which the current user has selected as his working context at the time that this support request is being generated. This value may be null in most cases as it only applies to users with access to more than one organization. This value is ignored if the support request comes from a user that is not logged in.

selectedNetworkId

String

true

The id of a network which the current user has selected as his working context at the time that this support request is being generated. This value may be null, particularly if the client is submitting the support request from a context that is not network specific. However, if the user is working in a context (ie, a 'page' that lists AppWans) that is network specific, then this value can help support agents when reviewing the support request. This value is ignored if the support request comes from a user that is not logged in.

subject

String

true

The support request subject. This value is required and can not be empty.

comment

String

true

The support request message. This value is required and can not be empty.

type

String

true

The type of the support request. If not specified, the type will default to "question".

Must be one of [problem, incident, question, task].

priority

String

true

The priority of the support request. If not specified, the type will default to "normal".

Must be one of [urgent, high, normal, low].

severity

String

true

The Severity of the support request. Severity 1, 2, 3 If not specificed: default to "Severity3".

Must be one of [Severity1, Severity2, Severity3].

recentErrorMessages

Array[String]

true

An optional list of error messages received from the API by the client. These should be in order from most recent to oldest. These provide contextual information for the agent handling the support request. These are not required, but clients are encouraged to track and supply such error messages to aid in support. Note, an interactive user (ie human) should not provide this information; it should be tracked and added by the client agent on their behalf.

Response fields

No response body.

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/nfconsole/support/requests' -i -X POST \
    -H 'Content-Type: application/json' \
    -d '{"name":"Curious George","email":"george@curious-client.com","selectedOrganizationId":null,"selectedNetworkId":null,"subject":"Sales Contact Request","comment":"This looks great!  I'd like a sales rep to contact me.","type":"question","priority":"high","severity":"Severity3","recentErrorMessages":null}'

Example response

HTTP/1.1 200 OK

Invitation Flow

Get Invitation By Key

GET /invitations/key/{key:[\p{Alnum}]{36}}

Authorization

Authorization not required for this request.

Path parameters

Parameter Type Optional Description

key

String

false

Query parameters

No parameters.

Request fields

No request body.

Response fields

Path Type Optional Description

fromIdentity

Object

true

fromIdentity.name

String

true

fromIdentity.email

String

true

targetIdentity

Object

true

targetIdentity.name

String

true

targetIdentity.email

String

true

invitedEmailAddress

String

true

toOrganizationName

String

true

toOrganizationLabel

String

true

expiration

Object

true

accepted

Boolean

true

state

String

true

Must be one of [Open, Accepted, Declined, Expired, Revoked].

toTenantName

String

true

Deprecated..

toTenantLabel

String

true

Deprecated..

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/invitations/key/BhbYCRTf8dM4hlldZWGwhNwnuOoRngt63CPx' -i -X GET

Example response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 519

{
  "fromIdentity" : {
    "name" : "John Doe",
    "email" : "john.doe@acme.com"
  },
  "targetIdentity" : {
    "name" : "First Last",
    "email" : "random-196@acme.com"
  },
  "invitedEmailAddress" : "new.employee-198@acme.com",
  "toOrganizationName" : "ACME International, Inc.",
  "toOrganizationLabel" : "ACME-0",
  "expiration" : {
    "nano" : 113772000,
    "epochSecond" : 1716405005
  },
  "accepted" : null,
  "state" : "Open",
  "toTenantName" : "ACME International, Inc.",
  "toTenantLabel" : "ACME-0"
}

Decline Invitation

PUT /invitations/key/{key:[\p{Alnum}]{36}}/decline

Authorization

Authorization not required for this request.

Path parameters

Parameter Type Optional Description

key

String

false

Query parameters

No parameters.

Request fields

No request body.

Response fields

Path Type Optional Description

fromIdentity

Object

true

fromIdentity.name

String

true

fromIdentity.email

String

true

targetIdentity

Object

true

targetIdentity.name

String

true

targetIdentity.email

String

true

invitedEmailAddress

String

true

toOrganizationName

String

true

toOrganizationLabel

String

true

expiration

Object

true

accepted

Boolean

true

state

String

true

Must be one of [Open, Accepted, Declined, Expired, Revoked].

toTenantName

String

true

Deprecated..

toTenantLabel

String

true

Deprecated..

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/invitations/key/gt1P65YkvSSiiPtyyhCpWScG43bOnZd5YHUr/decline' -i -X PUT

Example response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 523

{
  "fromIdentity" : {
    "name" : "John Doe",
    "email" : "john.doe@acme.com"
  },
  "targetIdentity" : {
    "name" : "First Last",
    "email" : "random-193@acme.com"
  },
  "invitedEmailAddress" : "new.employee-195@acme.com",
  "toOrganizationName" : "ACME International, Inc.",
  "toOrganizationLabel" : "ACME-0",
  "expiration" : {
    "nano" : 41096000,
    "epochSecond" : 1716405005
  },
  "accepted" : false,
  "state" : "Declined",
  "toTenantName" : "ACME International, Inc.",
  "toTenantLabel" : "ACME-0"
}

Initiate Accept Invitation

POST /invitations/key/{key:[\p{Alnum}]{36}}/accept-initiate

Authorization

Authorization not required for this request.

Path parameters

Parameter Type Optional Description

key

String

false

Query parameters

No parameters.

Request fields

Path Type Optional Description

intermediateReturnUrl

String

true

Response fields

Path Type Optional Description

nfToken

String

true

auth0ConnectionIds

Array[String]

true

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/invitations/key/LW8M9qRebTgF0UrSF4x5bmwt4HL0Vz8z4Jis/accept-initiate' -i -X POST \
    -H 'Content-Type: application/json' \
    -d '{"intermediateReturnUrl":"http://console.nfadmin.netfoundry.io/invitation"}'

Example response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 981

{
  "nfToken" : "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpYXQiOjE3MTU4MDAyMDQsImV4cCI6MTcxNTgwMTEwNCwiaXNzIjoiaHR0cDovL2xvY2FsaG9zdDo4MDgwL2lkZW50aXR5L3YxIiwiYXVkIjoiaHR0cHM6Ly9uZXRmb3VuZHJ5LXNhbmRib3guYXV0aDAuY29tLyIsImZsb3ciOiJpbnZpdGF0aW9uIiwiaW52aXRhdGlvbklkIjoiMGZjZDFmZWYtNjg5MC00ZjlhLThjMjktZmRjZmFiMTAwMzZhIiwidGVuYW50TGFiZWwiOiJBQ01FLTAiLCJhdXRoMENvbm5lY3Rpb25JZHMiOlsiYXV0aDAtb3BhcXVlLWNvbm5lY3Rpb25JZC0xIiwiYXV0aDAtb3BhcXVlLWNvbm5lY3Rpb25JZC0yIl0sInJlZGlyZWN0VXJsIjoiaHR0cDovL2NvbnNvbGUubmZhZG1pbi5uZXRmb3VuZHJ5LmlvL2ludml0YXRpb24ifQ.TfWngAyc_PBnLB7Se96A60KKlYxidA-cDCpf8AjQDMz0bn5WWEG0MJEuRexosbabBBKLSMoqDRFmw3pg0HX9IUu0WJfO-NlPeuArL6E7edfWs242hKidhZRR3lTlAJkl8iNpvof9J7yL6jUSsKbBeXhE7sIhDdZUxmWv0kCpGeJLzsuL1NwiBLDiPjItf9t3r5HRQhVh0_rJgLWmClPDhA7L1TrtaiV6zZ-V4HeQnLHb9wT7N99teNhKwMeX4UWN0RiG-BhxwMG5quVOybu0evYtzL-rNcG0yw0M5Fn6wcZ-UfQuSNl3UHjTgYDW7hyjAchMHg-2jfOagQnue-FS_Q",
  "auth0ConnectionIds" : [ "auth0-opaque-connectionId-1", "auth0-opaque-connectionId-2" ]
}

Login Flow

Initiate Interactive Authorization

POST /organizations/authorize-initiate

Authorization

Authorization not required for this request.

Path parameters

No parameters.

Query parameters

No parameters.

Request fields

Path Type Optional Description

label

String

true

intermediateReturnUrl

String

true

Response fields

Path Type Optional Description

nfToken

String

true

auth0ConnectionIds

Array[String]

true

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/organizations/authorize-initiate' -i -X POST \
    -H 'Content-Type: application/json' \
    -d '{"label":"ACME-0","intermediateReturnUrl":"http://console.nfadmin.netfoundry.io/invitation"}'

Example response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 902

{
  "nfToken" : "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpYXQiOjE3MTU4MDAyMDUsImV4cCI6MTcxNTgwMTEwNSwiaXNzIjoiaHR0cDovL2xvY2FsaG9zdDo4MDgwL2lkZW50aXR5L3YxIiwiYXVkIjoiaHR0cHM6Ly9uZXRmb3VuZHJ5LXNhbmRib3guYXV0aDAuY29tLyIsImZsb3ciOiJsb2dpbiIsInRlbmFudExhYmVsIjoiQUNNRS0wIiwiYXV0aDBDb25uZWN0aW9uSWRzIjpbImF1dGgwLW9wYXF1ZS1jb25uZWN0aW9uSWQtMSIsImF1dGgwLW9wYXF1ZS1jb25uZWN0aW9uSWQtMiJdLCJyZWRpcmVjdFVybCI6Imh0dHA6Ly9jb25zb2xlLm5mYWRtaW4ubmV0Zm91bmRyeS5pby9pbnZpdGF0aW9uIn0.KBuwlVOSDTMvVaYprmMSCQGAfx5a8Pr-cSSUcwhjEY4Cv3Rzyk1YO9YU-BT09C7udP-zOinuVqk05G2rTiMonru-8kP0etw2AqqnTtv3ll50iW8gYkFex9W6Ji-JGDl9JSAyV9B-wuOdq2UJ_b4zbpA2YRL9XaWaV6elsIxj-qlolTDz5S-PzKTCkkf0B546zE4p0Tm_x7Hykg-pGm7zswTDzqCh5WEpyJ1ehtnB7TWY4kySzfv9DsvjBWpJFup0c7TZ5KsgS59FVUeDvjxYzp_e-m_eW5aCZJ4qi-WQuZoKvNICHMGlg1_zbYzvqNwINg1IPzP4zAtCRICRon__0g",
  "auth0ConnectionIds" : [ "auth0-opaque-connectionId-1", "auth0-opaque-connectionId-2" ]
}

Identity Preference Flow

Find Identity Preferences

GET /identity-preferences

Authorization

Valid Authorization Bearer token required, along with a permission grant authorizing access to any referenced resources.

Path parameters

No parameters.

Query parameters

Supports standard paging query parameters.

Request fields

No request body.

Response fields

Standard paging response where content field is list of following objects:

Path Type Optional Description

id

String

true

userIdentityId

String

true

preferences

Object

true

createdBy

String

true

createdAt

Object

true

updatedAt

Object

true

deletedBy

String

true

deletedAt

Object

true

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/identity-preferences' -i -X GET \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiIxWWRLUTMzM0pacE9wOGdfUVRqMTFnIiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6IjI2MTMxNWViLWE0YWEtNDY4NS1hYjAyLWUzMmJkNDJlNzY5ZCIsImF1ZCI6ImlkZW50aXR5IiwiaWF0IjoxNzE1ODAwMTU3LCJleHAiOjE3MTU4MDM3NTcsInBvbGljaWVzIjpbeyJyZXNvdXJjZXMiOlsibmZybjoqIl0sImFjdGlvbnMiOlsiKjoqIl19XSwiZ3JhbnRzLXN1cGVyIjoiW3tcImlkXCI6XCJiNzJlYTI4MS05ZDBkLTQ4NTktOWViMS1iN2Y0NGI0ZDllNjBcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTZ9LHtcImlkXCI6XCI0NTEwNmEzZi1jNjU3LTQ4YmMtYjVmNS0wYWFkNWQ5ODg0MGNcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNDh9LHtcImlkXCI6XCIyNGU3ODRjOC03MGQ4LTQ1NTAtOTczNi01YTIwYjdhN2VhNDJcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTR9LHtcImlkXCI6XCI1YjY4OWFmYi1lNmNiLTQyY2EtYmYwZC0wNzQ3ZjExZDkwZjBcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNDV9LHtcImlkXCI6XCI5MmU1NGE4Zi00YmMwLTQ3NjYtYWY2MS1jMzgzY2Q5OGQzODBcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTd9LHtcImlkXCI6XCI2NzA2NzExYy03YjIwLTRjZGEtOGY2ZC05OTc4ZTM2MTc3MTdcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTV9LHtcImlkXCI6XCIxZWY3NzQzNC1mYjI0LTQ2MmQtOGIwNS03ZmQ5MThiYjAzZjJcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTB9XSIsImdyYW50cy1jdXN0b20iOiJbXSIsImdyYW50cy1wdWJsaWMiOiJbXSIsImdyYW50cy1hY3Rpb24iOiJbXSIsImdyYW50cy1zdGFuZGFyZCI6IltdIn0.KPRokLPfmicRvN8tlljoUTtlHqparjYsYFejMUv6kggK11ABKJ-sgwWHM2LM3WXtmhGYI13jG5YB0K-NidN4uC7G_-308Drh0GFFjhFOMIkFtPVkYHaoLZtFiN2RiGIf9BP7z0_2LU4RqU03Lu6Bscq7xlNSCdJz51YKaHJTPnjpsjmcVxxfpLX-h3raY-qm_rn_uSJn8VjQgN1aUuZeAGQ647237f8cBoCkRnwIciCqcnOrUsl5xbUUjKF_2uuqrJxUqLDkk38sMYHjdkVnt_CtIFHSfEIEvFrJ_UXV54wLlNiHw5VgZQQA9fEnwDac6xbfyCMSz6tFYZhTN518Xg'

Example response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 434

[ {
  "id" : "654808d3-cc63-4e78-957f-9773c17e306b",
  "userIdentityId" : "bbd197f0-728c-4489-85b1-28f7380369af",
  "preferences" : {
    "first" : "my first preference."
  },
  "createdBy" : "bbd197f0-728c-4489-85b1-28f7380369af",
  "createdAt" : {
    "nano" : 741971000,
    "epochSecond" : 1715800157
  },
  "updatedAt" : {
    "nano" : 741971000,
    "epochSecond" : 1715800157
  },
  "deletedBy" : null,
  "deletedAt" : null
} ]

Get Identity Preference

GET /identity-preferences/{id:[a-fA-F0-9]{8}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{12}}

Authorization

Valid Authorization Bearer token required, along with a permission grant authorizing access to any referenced resources.

Path parameters

Parameter Type Optional Description

id

Object

false

Query parameters

No parameters.

Request fields

No request body.

Response fields

Path Type Optional Description

id

String

true

userIdentityId

String

true

preferences

Object

true

createdBy

String

true

createdAt

Object

true

updatedAt

Object

true

deletedBy

String

true

deletedAt

Object

true

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/identity-preferences/c2868527-cc07-4631-812a-ce263f1c7495' -i -X GET \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiIxWWRLUTMzM0pacE9wOGdfUVRqMTFnIiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6IjI2MTMxNWViLWE0YWEtNDY4NS1hYjAyLWUzMmJkNDJlNzY5ZCIsImF1ZCI6ImlkZW50aXR5IiwiaWF0IjoxNzE1ODAwMTU3LCJleHAiOjE3MTU4MDM3NTcsInBvbGljaWVzIjpbeyJyZXNvdXJjZXMiOlsibmZybjoqIl0sImFjdGlvbnMiOlsiKjoqIl19XSwiZ3JhbnRzLXN1cGVyIjoiW3tcImlkXCI6XCJiNzJlYTI4MS05ZDBkLTQ4NTktOWViMS1iN2Y0NGI0ZDllNjBcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTZ9LHtcImlkXCI6XCI0NTEwNmEzZi1jNjU3LTQ4YmMtYjVmNS0wYWFkNWQ5ODg0MGNcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNDh9LHtcImlkXCI6XCIyNGU3ODRjOC03MGQ4LTQ1NTAtOTczNi01YTIwYjdhN2VhNDJcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTR9LHtcImlkXCI6XCI1YjY4OWFmYi1lNmNiLTQyY2EtYmYwZC0wNzQ3ZjExZDkwZjBcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNDV9LHtcImlkXCI6XCI5MmU1NGE4Zi00YmMwLTQ3NjYtYWY2MS1jMzgzY2Q5OGQzODBcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTd9LHtcImlkXCI6XCI2NzA2NzExYy03YjIwLTRjZGEtOGY2ZC05OTc4ZTM2MTc3MTdcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTV9LHtcImlkXCI6XCIxZWY3NzQzNC1mYjI0LTQ2MmQtOGIwNS03ZmQ5MThiYjAzZjJcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTB9XSIsImdyYW50cy1jdXN0b20iOiJbXSIsImdyYW50cy1wdWJsaWMiOiJbXSIsImdyYW50cy1hY3Rpb24iOiJbXSIsImdyYW50cy1zdGFuZGFyZCI6IltdIn0.KPRokLPfmicRvN8tlljoUTtlHqparjYsYFejMUv6kggK11ABKJ-sgwWHM2LM3WXtmhGYI13jG5YB0K-NidN4uC7G_-308Drh0GFFjhFOMIkFtPVkYHaoLZtFiN2RiGIf9BP7z0_2LU4RqU03Lu6Bscq7xlNSCdJz51YKaHJTPnjpsjmcVxxfpLX-h3raY-qm_rn_uSJn8VjQgN1aUuZeAGQ647237f8cBoCkRnwIciCqcnOrUsl5xbUUjKF_2uuqrJxUqLDkk38sMYHjdkVnt_CtIFHSfEIEvFrJ_UXV54wLlNiHw5VgZQQA9fEnwDac6xbfyCMSz6tFYZhTN518Xg'

Example response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 413

{
  "id" : "c2868527-cc07-4631-812a-ce263f1c7495",
  "userIdentityId" : "bb5cf7c0-c7f4-4aef-9d8a-79e90d529d44",
  "preferences" : {
    "hello" : "world"
  },
  "createdBy" : "bb5cf7c0-c7f4-4aef-9d8a-79e90d529d44",
  "createdAt" : {
    "nano" : 26586000,
    "epochSecond" : 1715800159
  },
  "updatedAt" : {
    "nano" : 26586000,
    "epochSecond" : 1715800159
  },
  "deletedBy" : null,
  "deletedAt" : null
}

Create Identity Preference

POST /identity-preferences

Authorization

Valid Authorization Bearer token required, along with a permission grant authorizing access to any referenced resources.

Path parameters

No parameters.

Query parameters

No parameters.

Request fields

Path Type Optional Description

userIdentityId

String

true

Passing null will result in the creation of the Identity Preferences on the authenticated identity making the create API request.

preferences

Object

true

Response fields

Path Type Optional Description

id

String

true

userIdentityId

String

true

preferences

Object

true

createdBy

String

true

createdAt

Object

true

updatedAt

Object

true

deletedBy

String

true

deletedAt

Object

true

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/identity-preferences' -i -X POST \
    -H 'Content-Type: application/json' \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiIxWWRLUTMzM0pacE9wOGdfUVRqMTFnIiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6IjI2MTMxNWViLWE0YWEtNDY4NS1hYjAyLWUzMmJkNDJlNzY5ZCIsImF1ZCI6ImlkZW50aXR5IiwiaWF0IjoxNzE1ODAwMTU3LCJleHAiOjE3MTU4MDM3NTcsInBvbGljaWVzIjpbeyJyZXNvdXJjZXMiOlsibmZybjoqIl0sImFjdGlvbnMiOlsiKjoqIl19XSwiZ3JhbnRzLXN1cGVyIjoiW3tcImlkXCI6XCJiNzJlYTI4MS05ZDBkLTQ4NTktOWViMS1iN2Y0NGI0ZDllNjBcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTZ9LHtcImlkXCI6XCI0NTEwNmEzZi1jNjU3LTQ4YmMtYjVmNS0wYWFkNWQ5ODg0MGNcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNDh9LHtcImlkXCI6XCIyNGU3ODRjOC03MGQ4LTQ1NTAtOTczNi01YTIwYjdhN2VhNDJcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTR9LHtcImlkXCI6XCI1YjY4OWFmYi1lNmNiLTQyY2EtYmYwZC0wNzQ3ZjExZDkwZjBcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNDV9LHtcImlkXCI6XCI5MmU1NGE4Zi00YmMwLTQ3NjYtYWY2MS1jMzgzY2Q5OGQzODBcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTd9LHtcImlkXCI6XCI2NzA2NzExYy03YjIwLTRjZGEtOGY2ZC05OTc4ZTM2MTc3MTdcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTV9LHtcImlkXCI6XCIxZWY3NzQzNC1mYjI0LTQ2MmQtOGIwNS03ZmQ5MThiYjAzZjJcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTB9XSIsImdyYW50cy1jdXN0b20iOiJbXSIsImdyYW50cy1wdWJsaWMiOiJbXSIsImdyYW50cy1hY3Rpb24iOiJbXSIsImdyYW50cy1zdGFuZGFyZCI6IltdIn0.KPRokLPfmicRvN8tlljoUTtlHqparjYsYFejMUv6kggK11ABKJ-sgwWHM2LM3WXtmhGYI13jG5YB0K-NidN4uC7G_-308Drh0GFFjhFOMIkFtPVkYHaoLZtFiN2RiGIf9BP7z0_2LU4RqU03Lu6Bscq7xlNSCdJz51YKaHJTPnjpsjmcVxxfpLX-h3raY-qm_rn_uSJn8VjQgN1aUuZeAGQ647237f8cBoCkRnwIciCqcnOrUsl5xbUUjKF_2uuqrJxUqLDkk38sMYHjdkVnt_CtIFHSfEIEvFrJ_UXV54wLlNiHw5VgZQQA9fEnwDac6xbfyCMSz6tFYZhTN518Xg' \
    -d '{"userIdentityId":"361878f4-8d66-4056-a893-164993ceea6c","preferences":{"first":"my first preference."}}'

Example response

HTTP/1.1 201 Created
Content-Type: application/json
Content-Length: 428

{
  "id" : "2869947f-f358-496b-a197-8d0ecc6db7a8",
  "userIdentityId" : "361878f4-8d66-4056-a893-164993ceea6c",
  "preferences" : {
    "first" : "my first preference."
  },
  "createdBy" : "261315eb-a4aa-4685-ab02-e32bd42e769d",
  "createdAt" : {
    "nano" : 76478000,
    "epochSecond" : 1715800158
  },
  "updatedAt" : {
    "nano" : 76478000,
    "epochSecond" : 1715800158
  },
  "deletedBy" : null,
  "deletedAt" : null
}

Update Identity Preference

PUT /identity-preferences/{id:[a-fA-F0-9]{8}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{12}}

Authorization

Valid Authorization Bearer token required, along with a permission grant authorizing access to any referenced resources.

Path parameters

Parameter Type Optional Description

id

Object

false

Query parameters

No parameters.

Request fields

Path Type Optional Description

preferences

Object

true

Response fields

Path Type Optional Description

id

String

true

userIdentityId

String

true

preferences

Object

true

createdBy

String

true

createdAt

Object

true

updatedAt

Object

true

deletedBy

String

true

deletedAt

Object

true

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/identity-preferences/2dfab9d6-4ccb-4931-9017-496ad6dc1a57' -i -X PUT \
    -H 'Content-Type: application/json' \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiIxWWRLUTMzM0pacE9wOGdfUVRqMTFnIiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6IjI2MTMxNWViLWE0YWEtNDY4NS1hYjAyLWUzMmJkNDJlNzY5ZCIsImF1ZCI6ImlkZW50aXR5IiwiaWF0IjoxNzE1ODAwMTU3LCJleHAiOjE3MTU4MDM3NTcsInBvbGljaWVzIjpbeyJyZXNvdXJjZXMiOlsibmZybjoqIl0sImFjdGlvbnMiOlsiKjoqIl19XSwiZ3JhbnRzLXN1cGVyIjoiW3tcImlkXCI6XCJiNzJlYTI4MS05ZDBkLTQ4NTktOWViMS1iN2Y0NGI0ZDllNjBcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTZ9LHtcImlkXCI6XCI0NTEwNmEzZi1jNjU3LTQ4YmMtYjVmNS0wYWFkNWQ5ODg0MGNcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNDh9LHtcImlkXCI6XCIyNGU3ODRjOC03MGQ4LTQ1NTAtOTczNi01YTIwYjdhN2VhNDJcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTR9LHtcImlkXCI6XCI1YjY4OWFmYi1lNmNiLTQyY2EtYmYwZC0wNzQ3ZjExZDkwZjBcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNDV9LHtcImlkXCI6XCI5MmU1NGE4Zi00YmMwLTQ3NjYtYWY2MS1jMzgzY2Q5OGQzODBcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTd9LHtcImlkXCI6XCI2NzA2NzExYy03YjIwLTRjZGEtOGY2ZC05OTc4ZTM2MTc3MTdcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTV9LHtcImlkXCI6XCIxZWY3NzQzNC1mYjI0LTQ2MmQtOGIwNS03ZmQ5MThiYjAzZjJcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTB9XSIsImdyYW50cy1jdXN0b20iOiJbXSIsImdyYW50cy1wdWJsaWMiOiJbXSIsImdyYW50cy1hY3Rpb24iOiJbXSIsImdyYW50cy1zdGFuZGFyZCI6IltdIn0.KPRokLPfmicRvN8tlljoUTtlHqparjYsYFejMUv6kggK11ABKJ-sgwWHM2LM3WXtmhGYI13jG5YB0K-NidN4uC7G_-308Drh0GFFjhFOMIkFtPVkYHaoLZtFiN2RiGIf9BP7z0_2LU4RqU03Lu6Bscq7xlNSCdJz51YKaHJTPnjpsjmcVxxfpLX-h3raY-qm_rn_uSJn8VjQgN1aUuZeAGQ647237f8cBoCkRnwIciCqcnOrUsl5xbUUjKF_2uuqrJxUqLDkk38sMYHjdkVnt_CtIFHSfEIEvFrJ_UXV54wLlNiHw5VgZQQA9fEnwDac6xbfyCMSz6tFYZhTN518Xg' \
    -d '{"preferences":{"updated":"my second preference."}}'

Example response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 433

{
  "id" : "2dfab9d6-4ccb-4931-9017-496ad6dc1a57",
  "userIdentityId" : "3ce0d7d7-eb2d-434b-88f6-4bcf8ee89acf",
  "preferences" : {
    "updated" : "my second preference."
  },
  "createdBy" : "3ce0d7d7-eb2d-434b-88f6-4bcf8ee89acf",
  "createdAt" : {
    "nano" : 215469000,
    "epochSecond" : 1715800159
  },
  "updatedAt" : {
    "nano" : 252195000,
    "epochSecond" : 1715800159
  },
  "deletedBy" : null,
  "deletedAt" : null
}

Delete Identity Preference

DELETE /identity-preferences/{id:[a-fA-F0-9]{8}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{12}}

Authorization

Valid Authorization Bearer token required, along with a permission grant authorizing access to any referenced resources.

Path parameters

Parameter Type Optional Description

id

Object

false

Query parameters

No parameters.

Request fields

No request body.

Response fields

Path Type Optional Description

id

String

true

userIdentityId

String

true

preferences

Object

true

createdBy

String

true

createdAt

Object

true

updatedAt

Object

true

deletedBy

String

true

deletedAt

Object

true

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/identity-preferences/6d0c07cd-f1c5-419a-953b-9a1d55a75e61' -i -X DELETE \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiIxWWRLUTMzM0pacE9wOGdfUVRqMTFnIiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6IjI2MTMxNWViLWE0YWEtNDY4NS1hYjAyLWUzMmJkNDJlNzY5ZCIsImF1ZCI6ImlkZW50aXR5IiwiaWF0IjoxNzE1ODAwMTU3LCJleHAiOjE3MTU4MDM3NTcsInBvbGljaWVzIjpbeyJyZXNvdXJjZXMiOlsibmZybjoqIl0sImFjdGlvbnMiOlsiKjoqIl19XSwiZ3JhbnRzLXN1cGVyIjoiW3tcImlkXCI6XCJiNzJlYTI4MS05ZDBkLTQ4NTktOWViMS1iN2Y0NGI0ZDllNjBcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTZ9LHtcImlkXCI6XCI0NTEwNmEzZi1jNjU3LTQ4YmMtYjVmNS0wYWFkNWQ5ODg0MGNcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNDh9LHtcImlkXCI6XCIyNGU3ODRjOC03MGQ4LTQ1NTAtOTczNi01YTIwYjdhN2VhNDJcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTR9LHtcImlkXCI6XCI1YjY4OWFmYi1lNmNiLTQyY2EtYmYwZC0wNzQ3ZjExZDkwZjBcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNDV9LHtcImlkXCI6XCI5MmU1NGE4Zi00YmMwLTQ3NjYtYWY2MS1jMzgzY2Q5OGQzODBcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTd9LHtcImlkXCI6XCI2NzA2NzExYy03YjIwLTRjZGEtOGY2ZC05OTc4ZTM2MTc3MTdcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTV9LHtcImlkXCI6XCIxZWY3NzQzNC1mYjI0LTQ2MmQtOGIwNS03ZmQ5MThiYjAzZjJcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTB9XSIsImdyYW50cy1jdXN0b20iOiJbXSIsImdyYW50cy1wdWJsaWMiOiJbXSIsImdyYW50cy1hY3Rpb24iOiJbXSIsImdyYW50cy1zdGFuZGFyZCI6IltdIn0.KPRokLPfmicRvN8tlljoUTtlHqparjYsYFejMUv6kggK11ABKJ-sgwWHM2LM3WXtmhGYI13jG5YB0K-NidN4uC7G_-308Drh0GFFjhFOMIkFtPVkYHaoLZtFiN2RiGIf9BP7z0_2LU4RqU03Lu6Bscq7xlNSCdJz51YKaHJTPnjpsjmcVxxfpLX-h3raY-qm_rn_uSJn8VjQgN1aUuZeAGQ647237f8cBoCkRnwIciCqcnOrUsl5xbUUjKF_2uuqrJxUqLDkk38sMYHjdkVnt_CtIFHSfEIEvFrJ_UXV54wLlNiHw5VgZQQA9fEnwDac6xbfyCMSz6tFYZhTN518Xg'

Example response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 505

{
  "id" : "6d0c07cd-f1c5-419a-953b-9a1d55a75e61",
  "userIdentityId" : "7a78152c-31ed-4d82-babd-a0ad1e255700",
  "preferences" : {
    "hello" : "world"
  },
  "createdBy" : "7a78152c-31ed-4d82-babd-a0ad1e255700",
  "createdAt" : {
    "nano" : 797104000,
    "epochSecond" : 1715800158
  },
  "updatedAt" : {
    "nano" : 855333000,
    "epochSecond" : 1715800158
  },
  "deletedBy" : "261315eb-a4aa-4685-ab02-e32bd42e769d",
  "deletedAt" : {
    "nano" : 854000000,
    "epochSecond" : 1715800158
  }
}

Organization Preference Flow

Find Organization Preferences

GET /organization-preferences

Authorization

Valid Authorization Bearer token required, along with a permission grant authorizing access to any referenced resources.

Path parameters

No parameters.

Query parameters

Supports standard paging query parameters.

Request fields

No request body.

Response fields

Standard paging response where content field is list of following objects:

Path Type Optional Description

id

String

true

organizationId

String

true

preferences

Object

true

createdBy

String

true

createdAt

Object

true

updatedAt

Object

true

deletedBy

String

true

deletedAt

Object

true

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/organization-preferences' -i -X GET \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJrMEw3TlcxbU5GUmVoQXBaMk1LTGVBIiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6IjI2MTMxNWViLWE0YWEtNDY4NS1hYjAyLWUzMmJkNDJlNzY5ZCIsImF1ZCI6ImlkZW50aXR5IiwiaWF0IjoxNzE1ODAwMTU1LCJleHAiOjE3MTU4MDM3NTUsInBvbGljaWVzIjpbeyJyZXNvdXJjZXMiOlsibmZybjoqIl0sImFjdGlvbnMiOlsiKjoqIl19XSwiZ3JhbnRzLXN1cGVyIjoiW3tcImlkXCI6XCI0NTEwNmEzZi1jNjU3LTQ4YmMtYjVmNS0wYWFkNWQ5ODg0MGNcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNDh9LHtcImlkXCI6XCIyNGU3ODRjOC03MGQ4LTQ1NTAtOTczNi01YTIwYjdhN2VhNDJcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTR9LHtcImlkXCI6XCI1YjY4OWFmYi1lNmNiLTQyY2EtYmYwZC0wNzQ3ZjExZDkwZjBcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNDV9LHtcImlkXCI6XCI2NzA2NzExYy03YjIwLTRjZGEtOGY2ZC05OTc4ZTM2MTc3MTdcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTV9LHtcImlkXCI6XCIxZWY3NzQzNC1mYjI0LTQ2MmQtOGIwNS03ZmQ5MThiYjAzZjJcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTB9XSIsImdyYW50cy1jdXN0b20iOiJbXSIsImdyYW50cy1wdWJsaWMiOiJbXSIsImdyYW50cy1hY3Rpb24iOiJbXSIsImdyYW50cy1zdGFuZGFyZCI6IltdIn0.XvrmfWy4iLCY2Vw1ECHRcerlcXtPHKtbyS023Wcy8qc2bD6M7M1ZOXMkgnx6shgBHIVU-VLHuo0cDVktl2pgJFjj12F1rQb7_Eh3nr-XYXb8CJ1Ww6ptY-Uov58DCq96hSxJiWr0D5SQiHPbjNV46guY6UQxGBb5o12KeQVDnZW5Wu5x4gmPZz0Z5EPAMyal2br1YsFIvVkh4EiPw0ip814d2jv3i-HhrPd5uRM6GQL4281JtAxtZfL9rw243uJSBPNWtZuBKo9fGUT5Oq-xkB9BnZyp773bXT7d9fk1mReC9-aG4tQwCQWzLEuNwLQ8k9-6BMGxgLOxKBDkeL4ZHw'

Example response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 1268

[ {
  "id" : "30ae780a-4566-4a31-95eb-672712fbd8f8",
  "organizationId" : "4821e9c0-8166-4b37-83d0-9a1a443f3f64",
  "preferences" : {
    "hello" : "world"
  },
  "createdBy" : "6ae86fb2-8f86-40de-bfcc-eded2c6fad74",
  "createdAt" : {
    "nano" : 792793000,
    "epochSecond" : 1715800155
  },
  "updatedAt" : {
    "nano" : 792793000,
    "epochSecond" : 1715800155
  },
  "deletedBy" : null,
  "deletedAt" : null
}, {
  "id" : "70ec4a47-d5c1-48ca-95da-9265c610f0c2",
  "organizationId" : "2f286a7f-0046-4804-a296-61153e507916",
  "preferences" : {
    "first" : "my first preference."
  },
  "createdBy" : "261315eb-a4aa-4685-ab02-e32bd42e769d",
  "createdAt" : {
    "nano" : 665616000,
    "epochSecond" : 1715800155
  },
  "updatedAt" : {
    "nano" : 665616000,
    "epochSecond" : 1715800155
  },
  "deletedBy" : null,
  "deletedAt" : null
}, {
  "id" : "c0b37f4b-7d51-4ed8-8ba0-c4d3456058a3",
  "organizationId" : "c3bfc1c4-9e73-4578-b485-90a4f8d5b592",
  "preferences" : {
    "hello" : "world"
  },
  "createdBy" : "81262fbf-94b2-43bc-9e3e-78b3dc3ef0bb",
  "createdAt" : {
    "nano" : 460681000,
    "epochSecond" : 1715800155
  },
  "updatedAt" : {
    "nano" : 460681000,
    "epochSecond" : 1715800155
  },
  "deletedBy" : null,
  "deletedAt" : null
} ]

Get Organization Preference

GET /organization-preferences/{id:[a-fA-F0-9]{8}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{12}}

Authorization

Valid Authorization Bearer token required, along with a permission grant authorizing access to any referenced resources.

Path parameters

Parameter Type Optional Description

id

Object

false

Query parameters

No parameters.

Request fields

No request body.

Response fields

Path Type Optional Description

id

String

true

organizationId

String

true

preferences

Object

true

createdBy

String

true

createdAt

Object

true

updatedAt

Object

true

deletedBy

String

true

deletedAt

Object

true

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/organization-preferences/30ae780a-4566-4a31-95eb-672712fbd8f8' -i -X GET \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJrMEw3TlcxbU5GUmVoQXBaMk1LTGVBIiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6IjI2MTMxNWViLWE0YWEtNDY4NS1hYjAyLWUzMmJkNDJlNzY5ZCIsImF1ZCI6ImlkZW50aXR5IiwiaWF0IjoxNzE1ODAwMTU1LCJleHAiOjE3MTU4MDM3NTUsInBvbGljaWVzIjpbeyJyZXNvdXJjZXMiOlsibmZybjoqIl0sImFjdGlvbnMiOlsiKjoqIl19XSwiZ3JhbnRzLXN1cGVyIjoiW3tcImlkXCI6XCI0NTEwNmEzZi1jNjU3LTQ4YmMtYjVmNS0wYWFkNWQ5ODg0MGNcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNDh9LHtcImlkXCI6XCIyNGU3ODRjOC03MGQ4LTQ1NTAtOTczNi01YTIwYjdhN2VhNDJcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTR9LHtcImlkXCI6XCI1YjY4OWFmYi1lNmNiLTQyY2EtYmYwZC0wNzQ3ZjExZDkwZjBcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNDV9LHtcImlkXCI6XCI2NzA2NzExYy03YjIwLTRjZGEtOGY2ZC05OTc4ZTM2MTc3MTdcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTV9LHtcImlkXCI6XCIxZWY3NzQzNC1mYjI0LTQ2MmQtOGIwNS03ZmQ5MThiYjAzZjJcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTB9XSIsImdyYW50cy1jdXN0b20iOiJbXSIsImdyYW50cy1wdWJsaWMiOiJbXSIsImdyYW50cy1hY3Rpb24iOiJbXSIsImdyYW50cy1zdGFuZGFyZCI6IltdIn0.XvrmfWy4iLCY2Vw1ECHRcerlcXtPHKtbyS023Wcy8qc2bD6M7M1ZOXMkgnx6shgBHIVU-VLHuo0cDVktl2pgJFjj12F1rQb7_Eh3nr-XYXb8CJ1Ww6ptY-Uov58DCq96hSxJiWr0D5SQiHPbjNV46guY6UQxGBb5o12KeQVDnZW5Wu5x4gmPZz0Z5EPAMyal2br1YsFIvVkh4EiPw0ip814d2jv3i-HhrPd5uRM6GQL4281JtAxtZfL9rw243uJSBPNWtZuBKo9fGUT5Oq-xkB9BnZyp773bXT7d9fk1mReC9-aG4tQwCQWzLEuNwLQ8k9-6BMGxgLOxKBDkeL4ZHw'

Example response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 415

{
  "id" : "30ae780a-4566-4a31-95eb-672712fbd8f8",
  "organizationId" : "4821e9c0-8166-4b37-83d0-9a1a443f3f64",
  "preferences" : {
    "hello" : "world"
  },
  "createdBy" : "6ae86fb2-8f86-40de-bfcc-eded2c6fad74",
  "createdAt" : {
    "nano" : 792793000,
    "epochSecond" : 1715800155
  },
  "updatedAt" : {
    "nano" : 792793000,
    "epochSecond" : 1715800155
  },
  "deletedBy" : null,
  "deletedAt" : null
}

Create Organization Preference

POST /organization-preferences

Authorization

Valid Authorization Bearer token required, along with a permission grant authorizing access to any referenced resources.

Path parameters

No parameters.

Query parameters

No parameters.

Request fields

Path Type Optional Description

organizationId

String

true

preferences

Object

true

Response fields

Path Type Optional Description

id

String

true

organizationId

String

true

preferences

Object

true

createdBy

String

true

createdAt

Object

true

updatedAt

Object

true

deletedBy

String

true

deletedAt

Object

true

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/organization-preferences' -i -X POST \
    -H 'Content-Type: application/json' \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJrMEw3TlcxbU5GUmVoQXBaMk1LTGVBIiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6IjI2MTMxNWViLWE0YWEtNDY4NS1hYjAyLWUzMmJkNDJlNzY5ZCIsImF1ZCI6ImlkZW50aXR5IiwiaWF0IjoxNzE1ODAwMTU1LCJleHAiOjE3MTU4MDM3NTUsInBvbGljaWVzIjpbeyJyZXNvdXJjZXMiOlsibmZybjoqIl0sImFjdGlvbnMiOlsiKjoqIl19XSwiZ3JhbnRzLXN1cGVyIjoiW3tcImlkXCI6XCI0NTEwNmEzZi1jNjU3LTQ4YmMtYjVmNS0wYWFkNWQ5ODg0MGNcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNDh9LHtcImlkXCI6XCIyNGU3ODRjOC03MGQ4LTQ1NTAtOTczNi01YTIwYjdhN2VhNDJcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTR9LHtcImlkXCI6XCI1YjY4OWFmYi1lNmNiLTQyY2EtYmYwZC0wNzQ3ZjExZDkwZjBcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNDV9LHtcImlkXCI6XCI2NzA2NzExYy03YjIwLTRjZGEtOGY2ZC05OTc4ZTM2MTc3MTdcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTV9LHtcImlkXCI6XCIxZWY3NzQzNC1mYjI0LTQ2MmQtOGIwNS03ZmQ5MThiYjAzZjJcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTB9XSIsImdyYW50cy1jdXN0b20iOiJbXSIsImdyYW50cy1wdWJsaWMiOiJbXSIsImdyYW50cy1hY3Rpb24iOiJbXSIsImdyYW50cy1zdGFuZGFyZCI6IltdIn0.XvrmfWy4iLCY2Vw1ECHRcerlcXtPHKtbyS023Wcy8qc2bD6M7M1ZOXMkgnx6shgBHIVU-VLHuo0cDVktl2pgJFjj12F1rQb7_Eh3nr-XYXb8CJ1Ww6ptY-Uov58DCq96hSxJiWr0D5SQiHPbjNV46guY6UQxGBb5o12KeQVDnZW5Wu5x4gmPZz0Z5EPAMyal2br1YsFIvVkh4EiPw0ip814d2jv3i-HhrPd5uRM6GQL4281JtAxtZfL9rw243uJSBPNWtZuBKo9fGUT5Oq-xkB9BnZyp773bXT7d9fk1mReC9-aG4tQwCQWzLEuNwLQ8k9-6BMGxgLOxKBDkeL4ZHw' \
    -d '{"organizationId":"2f286a7f-0046-4804-a296-61153e507916","preferences":{"first":"my first preference."}}'

Example response

HTTP/1.1 201 Created
Content-Type: application/json
Content-Length: 430

{
  "id" : "70ec4a47-d5c1-48ca-95da-9265c610f0c2",
  "organizationId" : "2f286a7f-0046-4804-a296-61153e507916",
  "preferences" : {
    "first" : "my first preference."
  },
  "createdBy" : "261315eb-a4aa-4685-ab02-e32bd42e769d",
  "createdAt" : {
    "nano" : 665616000,
    "epochSecond" : 1715800155
  },
  "updatedAt" : {
    "nano" : 665616000,
    "epochSecond" : 1715800155
  },
  "deletedBy" : null,
  "deletedAt" : null
}

Update Organization Preference

PUT /organization-preferences/{id}

Authorization

Valid Authorization Bearer token required, along with a permission grant authorizing access to any referenced resources.

Path parameters

Parameter Type Optional Description

id

Object

false

Query parameters

No parameters.

Request fields

Path Type Optional Description

preferences

Object

true

Response fields

Path Type Optional Description

id

String

true

organizationId

String

true

preferences

Object

true

createdBy

String

true

createdAt

Object

true

updatedAt

Object

true

deletedBy

String

true

deletedAt

Object

true

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/organization-preferences/44536720-1701-467a-bc26-c328296f8add' -i -X PUT \
    -H 'Content-Type: application/json' \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJrMEw3TlcxbU5GUmVoQXBaMk1LTGVBIiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6IjI2MTMxNWViLWE0YWEtNDY4NS1hYjAyLWUzMmJkNDJlNzY5ZCIsImF1ZCI6ImlkZW50aXR5IiwiaWF0IjoxNzE1ODAwMTU1LCJleHAiOjE3MTU4MDM3NTUsInBvbGljaWVzIjpbeyJyZXNvdXJjZXMiOlsibmZybjoqIl0sImFjdGlvbnMiOlsiKjoqIl19XSwiZ3JhbnRzLXN1cGVyIjoiW3tcImlkXCI6XCI0NTEwNmEzZi1jNjU3LTQ4YmMtYjVmNS0wYWFkNWQ5ODg0MGNcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNDh9LHtcImlkXCI6XCIyNGU3ODRjOC03MGQ4LTQ1NTAtOTczNi01YTIwYjdhN2VhNDJcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTR9LHtcImlkXCI6XCI1YjY4OWFmYi1lNmNiLTQyY2EtYmYwZC0wNzQ3ZjExZDkwZjBcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNDV9LHtcImlkXCI6XCI2NzA2NzExYy03YjIwLTRjZGEtOGY2ZC05OTc4ZTM2MTc3MTdcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTV9LHtcImlkXCI6XCIxZWY3NzQzNC1mYjI0LTQ2MmQtOGIwNS03ZmQ5MThiYjAzZjJcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTB9XSIsImdyYW50cy1jdXN0b20iOiJbXSIsImdyYW50cy1wdWJsaWMiOiJbXSIsImdyYW50cy1hY3Rpb24iOiJbXSIsImdyYW50cy1zdGFuZGFyZCI6IltdIn0.XvrmfWy4iLCY2Vw1ECHRcerlcXtPHKtbyS023Wcy8qc2bD6M7M1ZOXMkgnx6shgBHIVU-VLHuo0cDVktl2pgJFjj12F1rQb7_Eh3nr-XYXb8CJ1Ww6ptY-Uov58DCq96hSxJiWr0D5SQiHPbjNV46guY6UQxGBb5o12KeQVDnZW5Wu5x4gmPZz0Z5EPAMyal2br1YsFIvVkh4EiPw0ip814d2jv3i-HhrPd5uRM6GQL4281JtAxtZfL9rw243uJSBPNWtZuBKo9fGUT5Oq-xkB9BnZyp773bXT7d9fk1mReC9-aG4tQwCQWzLEuNwLQ8k9-6BMGxgLOxKBDkeL4ZHw' \
    -d '{"preferences":{"updated":"my second preference."}}'

Example response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 431

{
  "id" : "44536720-1701-467a-bc26-c328296f8add",
  "organizationId" : "94bf06d9-6433-45aa-95c6-8d3ba5f5ce00",
  "preferences" : {
    "updated" : "my second preference."
  },
  "createdBy" : "7ab7f2d2-8ab8-4084-affc-efb7d82f240c",
  "createdAt" : {
    "nano" : 24285000,
    "epochSecond" : 1715800156
  },
  "updatedAt" : {
    "nano" : 61390000,
    "epochSecond" : 1715800156
  },
  "deletedBy" : null,
  "deletedAt" : null
}

Delete Organization Preference

DELETE /organization-preferences/{id}

Authorization

Valid Authorization Bearer token required, along with a permission grant authorizing access to any referenced resources.

Path parameters

Parameter Type Optional Description

id

Object

false

Query parameters

No parameters.

Request fields

No request body.

Response fields

Path Type Optional Description

id

String

true

organizationId

String

true

preferences

Object

true

createdBy

String

true

createdAt

Object

true

updatedAt

Object

true

deletedBy

String

true

deletedAt

Object

true

Example request

$ curl 'https://gateway.netFoundry.io/identity/v1/organization-preferences/a0feadb8-f16f-409d-9050-bf671b21292d' -i -X DELETE \
    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJrMEw3TlcxbU5GUmVoQXBaMk1LTGVBIiwiaXNzIjoiTmV0Rm91bmRyeSIsInN1YiI6IjI2MTMxNWViLWE0YWEtNDY4NS1hYjAyLWUzMmJkNDJlNzY5ZCIsImF1ZCI6ImlkZW50aXR5IiwiaWF0IjoxNzE1ODAwMTU1LCJleHAiOjE3MTU4MDM3NTUsInBvbGljaWVzIjpbeyJyZXNvdXJjZXMiOlsibmZybjoqIl0sImFjdGlvbnMiOlsiKjoqIl19XSwiZ3JhbnRzLXN1cGVyIjoiW3tcImlkXCI6XCI0NTEwNmEzZi1jNjU3LTQ4YmMtYjVmNS0wYWFkNWQ5ODg0MGNcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNDh9LHtcImlkXCI6XCIyNGU3ODRjOC03MGQ4LTQ1NTAtOTczNi01YTIwYjdhN2VhNDJcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTR9LHtcImlkXCI6XCI1YjY4OWFmYi1lNmNiLTQyY2EtYmYwZC0wNzQ3ZjExZDkwZjBcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNDV9LHtcImlkXCI6XCI2NzA2NzExYy03YjIwLTRjZGEtOGY2ZC05OTc4ZTM2MTc3MTdcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTV9LHtcImlkXCI6XCIxZWY3NzQzNC1mYjI0LTQ2MmQtOGIwNS03ZmQ5MThiYjAzZjJcIixcImxhc3RNb2RpZmllZFwiOjE3MTU4MDAxNTB9XSIsImdyYW50cy1jdXN0b20iOiJbXSIsImdyYW50cy1wdWJsaWMiOiJbXSIsImdyYW50cy1hY3Rpb24iOiJbXSIsImdyYW50cy1zdGFuZGFyZCI6IltdIn0.XvrmfWy4iLCY2Vw1ECHRcerlcXtPHKtbyS023Wcy8qc2bD6M7M1ZOXMkgnx6shgBHIVU-VLHuo0cDVktl2pgJFjj12F1rQb7_Eh3nr-XYXb8CJ1Ww6ptY-Uov58DCq96hSxJiWr0D5SQiHPbjNV46guY6UQxGBb5o12KeQVDnZW5Wu5x4gmPZz0Z5EPAMyal2br1YsFIvVkh4EiPw0ip814d2jv3i-HhrPd5uRM6GQL4281JtAxtZfL9rw243uJSBPNWtZuBKo9fGUT5Oq-xkB9BnZyp773bXT7d9fk1mReC9-aG4tQwCQWzLEuNwLQ8k9-6BMGxgLOxKBDkeL4ZHw'

Example response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 505

{
  "id" : "a0feadb8-f16f-409d-9050-bf671b21292d",
  "organizationId" : "7b466e58-d026-45c5-a19c-3845ffc26175",
  "preferences" : {
    "hello" : "world"
  },
  "createdBy" : "bc526625-9234-4028-a853-037c7885951a",
  "createdAt" : {
    "nano" : 718955000,
    "epochSecond" : 1715800155
  },
  "updatedAt" : {
    "nano" : 739321000,
    "epochSecond" : 1715800155
  },
  "deletedBy" : "261315eb-a4aa-4685-ab02-e32bd42e769d",
  "deletedAt" : {
    "nano" : 738000000,
    "epochSecond" : 1715800155
  }
}