IDP Services (5.0.0)

Download OpenAPI specification:Download

Authorization

Access Token

This section describes the process of generating an access token for authorization for various grant types.

path Parameters

tenantId

required

string

Configure the Realm's name.

Request Body schema: application/json

One of

grant_type	string The grant type should be password.
username	string The username for which the token needs to be generated.
password	string Password corresponding to the username.
client_id	string The Client ID for which the access token is to be generated.
client_secret	string Secret corresponding to the given clientID. Secret will be available only for the clients with access type selected confidential during client creation. This is an optional parameter.

Responses

Request samples

Payload

Content type

application/json

{"client_id": "clientname",
"client_secret": "RZ4YtWLZSXN8EjuZpfJXhEHweLS1nfry",
"grant_type": "password",
"code": "bf6f9af9-b3c9-4y66-804f-364f660d9135.a8e1b947-a2a3-4504-ad0e-8387ae200e50.db1ed60b-f478-4655-a397-fb688c53cbb8",
"redirect_uri": "http://oidcdebugger.com/debug"
}

Response samples

200
400
401
404

Content type

application/json

{"access_token": "string",
"expires_in": 0,
"not-before-policy": 0,
"refresh_expires_in": 0,
"refresh_token": "string",
"scope": "string",
"session_state": "string",
"token_type": "string"
}

Well known API

This API lists endpoints and other configuration options relevant to the OpenID Connect implementation in Keycloak.

Authorizations:

BearerAuth

path Parameters

tenantId

required

string

Configure the Realm's name.

Responses

Response samples

200

Content type

application/json

{"acr_values_supported": ["0",
"1"
],
"authorization_encryption_alg_values_supported": ["RSA-OAEP",
"RSA-OAEP-256",
"RSA1_5"
],
"authorization_encryption_enc_values_supported": ["A256GCM",
"A192GCM",
"A128GCM",
"A128CBC-HS256",
"A192CBC-HS384",
"A256CBC-HS512"
],
"authorization_endpoint": "https://{idpurl}/realms/{tenant}/protocol/openid-connect/auth",
"authorization_signing_alg_values_supported": ["PS384",
"ES384",
"RS384",
"HS256",
"HS512",
"ES256",
"RS256",
"HS384",
"ES512",
"PS256",
"PS512",
"RS512"
],
"backchannel_authentication_endpoint": "https://{idpurl}/realms/{tenant}/protocol/openid-connect/ext/ciba/auth",
"backchannel_authentication_request_signing_alg_values_supported": ["PS384",
"ES384",
"RS384",
"ES256",
"RS256",
"ES512",
"PS256",
"PS512",
"RS512"
],
"backchannel_logout_session_supported": true,
"backchannel_logout_supported": true,
"backchannel_token_delivery_modes_supported": ["poll",
"ping"
],
"check_session_iframe": "https://{idpurl}/realms/{tenant}/protocol/openid-connect/log}in-status-iframe.html",
"claim_types_supported": ["normal"
],
"claims_parameter_supported": true,
"claims_supported": ["aud",
"sub",
"iss",
"auth_time",
"name",
"given_name",
"family_name",
"preferred_username",
"email",
"acr"
],
"code_challenge_methods_supported": ["plain",
"S256"
],
"device_authorization_endpoint": "https://{idpurl}/realms/{tenant}/protocol/openid-connect/auth/device",
"end_session_endpoint": "https://{idpurl}/realms/{tenant}/protocol/openid-connect/logout",
"frontchannel_logout_session_supported": true,
"frontchannel_logout_supported": true,
"grant_types_supported": ["authorization_code",
"implicit",
"refresh_token",
"password",
"client_credentials",
"urn:ietf:params:oauth:grant-type:device_code",
"urn:openid:params:grant-type:ciba",
"urn:ietf:params:oauth:grant-type:token-exchange"
],
"id_token_encryption_alg_values_supported": ["RSA-OAEP",
"RSA-OAEP-256",
"RSA1_5"
],
"id_token_encryption_enc_values_supported": ["A256GCM",
"A192GCM",
"A128GCM",
"A128CBC-HS256",
"A192CBC-HS384",
"A256CBC-HS512"
],
"id_token_signing_alg_values_supported": ["PS384",
"ES384",
"RS384",
"HS256",
"HS512",
"ES256",
"RS256",
"HS384",
"ES512",
"PS256",
"PS512",
"RS512"
],
"introspection_endpoint": "https://{idpurl}/realms/{tenant}/protocol/openid-connect/token/introspect",
"introspection_endpoint_auth_methods_supported": ["private_key_jwt",
"client_secret_basic",
"client_secret_post",
"tls_client_auth",
"client_secret_jwt"
],
"introspection_endpoint_auth_signing_alg_values_supported": ["PS384",
"ES384",
"RS384",
"HS256",
"HS512",
"ES256",
"RS256",
"HS384",
"ES512",
"PS256",
"PS512",
"RS512"
],
"issuer": "https://{idpurl}/realms/{tenant}",
"jwks_uri": "https://{idpurl}/realms/{tenant}/protocol/openid-connect/certs",
"mtls_endpoint_aliases": {"backchannel_authentication_endpoint": "https://{idpurl}/realms/{tenant}/protocol/openid-connect/ext/ciba/auth",
"device_authorization_endpoint": "https://{idpurl}/realms/{tenant}/protocol/openid-connect/auth/device",
"introspection_endpoint": "https://{idpurl}/realms/{tenant}/protocol/openid-connect/token/introspect",
"pushed_authorization_request_endpoint": "https://{idpurl}/realms/{tenant}/protocol/openid-connect/ext/par/request",
"registration_endpoint": "https://{idpurl}/realms/{tenant}/clients-registrations/openid-connect",
"revocation_endpoint": "https://{idpurl}/realms/{tenant}/protocol/openid-connect/revoke",
"token_endpoint": "https://{idpurl}/realms/{tenant}/protocol/openid-connect/token",
"userinfo_endpoint": "https://{idpurl}/realms/{tenant}/protocol/openid-connect/userinfo"
},
"pushed_authorization_request_endpoint": "https://{idpurl}/realms/{tenant}/protocol/openid-connect/ext/par/request",
"registration_endpoint": "https://{idpurl}/realms/{tenant}/clients-registrations/openid-connect",
"request_object_encryption_alg_values_supported": ["RSA-OAEP",
"RSA-OAEP-256",
"RSA1_5"
],
"request_object_encryption_enc_values_supported": ["A256GCM",
"A192GCM",
"A128GCM",
"A128CBC-HS256",
"A192CBC-HS384",
"A256CBC-HS512"
],
"request_object_signing_alg_values_supported": ["PS384",
"ES384",
"RS384",
"HS256",
"HS512",
"ES256",
"RS256",
"HS384",
"ES512",
"PS256",
"PS512",
"RS512",
"none"
],
"request_parameter_supported": true,
"request_uri_parameter_supported": true,
"require_pushed_authorization_requests": false,
"require_request_uri_registration": true,
"response_modes_supported": ["query",
"fragment",
"form_post",
"query.jwt",
"fragment.jwt",
"form_post.jwt",
"jwt"
],
"response_types_supported": ["code",
"none",
"id_token",
"token",
"id_token token",
"code id_token",
"code token",
"code id_token token"
],
"revocation_endpoint": "https://{idpurl}/realms/{tenant}/protocol/openid-connect/revoke",
"revocation_endpoint_auth_methods_supported": ["private_key_jwt",
"client_secret_basic",
"client_secret_post",
"tls_client_auth",
"client_secret_jwt"
],
"revocation_endpoint_auth_signing_alg_values_supported": ["PS384",
"ES384",
"RS384",
"HS256",
"HS512",
"ES256",
"RS256",
"HS384",
"ES512",
"PS256",
"PS512",
"RS512"
],
"scopes_supported": ["openid",
"phone",
"token-exchange",
"profile",
"microprofile-jwt",
"address",
"offline_access",
"email",
"roles",
"token_exchange_scope",
"web-origins"
],
"subject_types_supported": ["public",
"pairwise"
],
"tls_client_certificate_bound_access_tokens": true,
"token_endpoint": "https://{idpurl}/realms/{tenant}/protocol/openid-connect/token",
"token_endpoint_auth_methods_supported": ["private_key_jwt",
"client_secret_basic",
"client_secret_post",
"tls_client_auth",
"client_secret_jwt"
],
"token_endpoint_auth_signing_alg_values_supported": ["PS384",
"ES384",
"RS384",
"HS256",
"HS512",
"ES256",
"RS256",
"HS384",
"ES512",
"PS256",
"PS512",
"RS512"
],
"userinfo_encryption_alg_values_supported": ["RSA-OAEP",
"RSA-OAEP-256",
"RSA1_5"
],
"userinfo_encryption_enc_values_supported": ["A256GCM",
"A192GCM",
"A128GCM",
"A128CBC-HS256",
"A192CBC-HS384",
"A256CBC-HS512"
],
"userinfo_endpoint": "https://{idpurl}/realms/{tenant}/protocol/openid-connect/userinfo",
"userinfo_signing_alg_values_supported": ["PS384",
"ES384",
"RS384",
"HS256",
"HS512",
"ES256",
"RS256",
"HS384",
"ES512",
"PS256",
"PS512",
"RS512",
"none"
]
}

Users

Create User

Create a user

Authorizations:

BearerAuth

path Parameters

tenantId

required

string

Name of the Realm.

Request Body schema: application/json

	object Key-value pairs representing custom user attributes. i.e phonenumber
	object Roles assigned to the user for client level actions.
	Array of objects User credentials configuration.
email	string User's email address.
emailVerified	boolean Indicates whether the user's email has been verified. True = enabled & False = disabled.
enabled	boolean Indicates if the user account is enabled. True = enabled & False = disabled.
firstName	string User's first name.
groups	Array of strings Names of user groups the user belongs to.
lastName	string User's last name.
username	string User's username.
realmRoles	Array of strings Roles assigned to the user for realm level actions.
requiredActions	Array of strings Actions required from the user to do.

Responses

Request samples

Payload

Content type

application/json

{"attributes": {"attribute1": "bob"
},
"clientRoles": {"realm-management": ["realm-admin",
"view-users"
]
},
"credentials": [{"temporary": false,
"type": "password",
"value": "Admin@123"
}
],
"email": "bob.go@gmail.com",
"emailVerified": true,
"enabled": true,
"firstName": "bob",
"groups": ["usergroup",
"ks"
],
"lastName": "s",
"username": "user",
"realmRoles": [["admin",
"realm-management"
]
],
"requiredActions": ["VERIFY_EMAIL",
"UPDATE_PASSWORD"
]
}

Response samples

200
400
401
409

Content type

application/json

{"message": "User created successfully.",
"status": "OK",
"subSystem": 5
}

Update User

Update a user

Authorizations:

BearerAuth

path Parameters

tenantId required	string Name of the Realm.
userId required	string Name of the User (Username)

Request Body schema: application/json

	object Key-value pairs representing custom user attributes. i.e phonenumber
	object Roles assigned to a user for client level actions.
	Array of objects User credentials configuration.
email	string User's email address.
emailVerified	boolean Indicates whether the user's email has been verified. True = enabled & False = disabled.
enabled	boolean Indicates if the user account is enabled. True = enabled & False = disabled.
firstName	string User's first name.
groups	Array of strings Names of user groups the user belongs to.
lastName	string User's last name.
username	string User's username.
realmRoles	Array of strings Roles assigned to the user for realm level actions.
requiredActions	Array of strings Actions required from the user to do.

Responses

Request samples

Payload

Content type

application/json

{"attributes": {"attribute1": "bob"
},
"clientRoles": {"realm-management": ["realm-admin",
"view-users"
]
},
"credentials": [{"temporary": false,
"type": "password",
"value": "Admin@123"
}
],
"email": "bob.go@gmail.com",
"emailVerified": true,
"enabled": true,
"firstName": "bob",
"groups": ["usergroup",
"ks"
],
"lastName": "s",
"username": "user",
"realmRoles": [["admin",
"realm-management"
]
],
"requiredActions": ["VERIFY_EMAIL",
"UPDATE_PASSWORD"
]
}

Response samples

200
400
401
404

Content type

application/json

{"message": "User updated successfully",
"status": "OK",
"subSystem": 5
}

Get User By UUID

The Get User with User's UUID API will return a list showing the user details.

Authorizations:

BearerAuth

path Parameters

tenantId required	string Name of the Realm.
id required	string UUID of the user.

Responses

Response samples

200
401

Content type

application/json

{"id": "5698e30c-7e33-44ee-9dce-3fa328831e66",
"createdTimestamp": 1692020930000,
"username": "idp_external_admin",
"enabled": true,
"emailVerified": false,
"attributes": {"NEXT_PASSWORD_ENTRY_PASSWORD_IN": ["N/A"
],
"LAST_SUCCESSFUL_LOGIN_TIMESTAMP": ["1702981123541"
],
"NUMBER_OF_FAILED_ATTEMPTS": ["0"
]
},
"disableableCredentialTypes": ["string"
],
"requiredActions": ["string"
],
"notBefore": 0,
"access": {"manageGroupMembership": true,
"view": true,
"mapRoles": true,
"impersonate": true,
"manage": true
}
}

Update profile User

Use this API to update the user profile.

Authorizations:

BearerAuth

path Parameters

tenantId required	string Name of the Realm.
userId required	string Name of the User (Username)

Request Body schema: application/json

firstName	string User's first name.
lastName	string User's last name.
email	string User's email address.
	object Key value pair containing the attributes you wanted to update.

Responses

Request samples

Payload

Content type

application/json

{"firstName": "Foo",
"lastName": "Bar",
"email": "tom@bob.com",
"attributes": {"attribute1": "value",
"attribute2": "value2",
"attribute3": "value3"
}
}

Response samples

200
400
401
404

Content type

application/json

{"message": "User profile updated successfully.",
"status": "OK",
"subSystem": 5
}

Get Users Based On Client Role

The Get Users Based On Client Role API returns a list of users who have the specified client role.

Authorizations:

BearerAuth

path Parameters

tenantId required	string Name of the Realm.
clientid required	string Name of the client to search.
assignedRole required	string Name of the assigned role to search.

query Parameters

limit	string Example: limit=1 The maximum number of users to return.
offset	string Example: offset=1 The number of users to skip before starting to collect the result set.
isUserEnabled	string Example: isUserEnabled=true Determines whether the user account is active, with `true` indicating the account is active.
isEmailVerified	string Example: isEmailVerified=false Determines whether the user's email address has been verified. Defaults to false, indicates unverified.
firstName	string Example: firstName=bob First name of the user to filter by.
lastName	string Example: lastName=doe The last name of the user to filter by.
email	string Example: email=accesstoken@gmail.com The email of the user to filter by.
username	string Example: username=accesstoken The username of the user to filter by.
orderBy	string Example: orderBy=asc The order of the results, either ascending (asc) or descending (desc).
orderByKey	string Example: orderByKey=username The field to order the results by, such as firstName, lastName, email, or username.
genericSearchVal	string Example: genericSearchVal=bob It is a custom search key for first name, last name, email, or username, and if the search is empty, we will consider the firstname, lastname, email, and username parameters, else these four parameters will be ignored.

Responses

Response samples

200
401
404

Content type

application/json

{"message": "Users fetched successfully",
"status": "OK",
"subSystem": 5,
"data": {"userList": [{"admin": false,
"attributes": {"LAST_SUCCESSFUL_LOGIN_TIMESTAMP": ["1702967761737"
],
"NEXT_PASSWORD_ENTRY_PASSWORD_IN": ["N/A"
],
"NUMBER_OF_FAILED_ATTEMPTS": ["0"
],
"email": ["accesstoken@gmail.com"
],
"firstName": ["bob"
],
"lastName": ["doe"
]
},
"createdTimestamp": 1702579160144,
"email": "accesstoken@gmail.com",
"emailVerified": false,
"enabled": true,
"firstName": "bob",
"id": "94a9b57e-9225-444c-bbfc-1fdb27c4b88b",
"lastName": "doe",
"requiredActions": ["VERIFY_EMAIL",
"UPDATE_PASSWORD"
],
"username": "accesstoken"
}
],
"page": {"currentPage": 1,
"pageSize": 1,
"totalPages": 2,
"totalRecords": 2
}
}
}

Get Users Based On Role

The Get Users Based On Role API returns a list of users who have the specified role. The user's list will be ordered alphabetically according to the username.

Authorizations:

BearerAuth

path Parameters

tenantId required	string Name of the Realm.
role required	string Name of the assigned role to search.

query Parameters

firstName	string Example: firstName=bob First name of the User.
lastName	string Example: lastName=doe Last name of the User.
email	string Example: email=accesstoken@gmail.com Email address of the user.
username	string Example: username=accesstoken Username of the user.
orderBy	string Example: orderBy=desc The order of the results, either ascending (asc) or descending (desc).
orderByKey	string Example: orderByKey=lastname The field to order the results by, such as firstName, lastName, email, or username.
genericSearchVal	string Example: genericSearchVal=doe It is a custom search key for first name, last name, email, or username, and if the search is empty, we will consider the firstname, lastname, email, and username parameters, else these four parameters will be ignored.
limit	string Example: limit=1 The maximum number of users to return.
offset	string Example: offset=1 The number of users to skip before starting to collect the result set.
isUserEnabled	string Example: isUserEnabled=true Determines whether the user account is active, with `true` indicating the account is active.
isEmailVerified	string Example: isEmailVerified=false Determines whether the user's email address has been verified. Defaults to false, indicates unverified.

Responses

Response samples

200
401
404

Content type

application/json

{"message": "Users fetched successfully",
"status": "OK",
"subSystem": 5,
"data": {"userList": [{"admin": false,
"attributes": {"LAST_SUCCESSFUL_LOGIN_TIMESTAMP": ["1702967761737"
],
"NEXT_PASSWORD_ENTRY_PASSWORD_IN": ["N/A"
],
"NUMBER_OF_FAILED_ATTEMPTS": ["0"
],
"email": ["accesstoken@gmail.com"
],
"firstName": ["bob"
],
"lastName": ["doe"
],
"username": ["accesstoken"
]
},
"createdTimestamp": 1702579160144,
"email": "accesstoken@gmail.com",
"emailVerified": false,
"enabled": true,
"firstName": "bob",
"id": "94a9b57e-9225-444c-bbfc-1fdb27c4b88b",
"lastName": "doe",
"requiredActions": ["VERIFY_EMAIL",
"UPDATE_PASSWORD"
],
"username": "accesstoken"
}
],
"page": {"currentPage": 1,
"pageSize": 20,
"totalPages": 1,
"totalRecords": 1
}
}
}

Delete User

Delete User API is used to delete a user.

path Parameters

tenantId required	string Name of the Realm.
userId required	string Username of the User.

Responses

Response samples

200
400
401
404

Content type

application/json

{"message": "User deleted successfully",
"status": "OK",
"subSystem": 5
}

Get User Info

Use this API to get the user details.

Authorizations:

BearerAuth

path Parameters

tenantId required	string Name of the Realm.
userId required	string Username of the User.

query Parameters

firstName	string Example: firstName=bob First name of the user.
limit	string Example: limit=1 The maximum number of users to return.
pageNumber	string Example: pageNumber=1

Responses

Response samples

200
400
401
404

Content type

application/json

{"message": "User info fetched successfully",
"status": "OK",
"subSystem": 5,
"data": {"admin": false,
"attributes": {"LAST_SUCCESSFUL_LOGIN_TIMESTAMP": ["1702967761737"
],
"NEXT_PASSWORD_ENTRY_PASSWORD_IN": ["N/A"
],
"NUMBER_OF_FAILED_ATTEMPTS": ["0"
],
"firstName": ["bob"
],
"lastName": ["doe"
],
"username": ["bob"
]
},
"createdTimestamp": 1702579160144,
"email": "accesstoken@gmail.com",
"emailVerified": false,
"enabled": true,
"firstName": "bob",
"id": "94a9b57e-9225-444c-bbfc-1fdb27c4b88b",
"lastName": "doe",
"requiredActions": ["VERIFY_EMAIL",
"UPDATE_PASSWORD"
],
"username": "bob"
}
}

Get User By User group

The Get User By User group API will filter and search User options based on provided search values.

Authorizations:

BearerAuth

path Parameters

tenantId required	string Name of the Realm.
groupID required	string Name of the group.

query Parameters

limit	string Example: limit=1 The maximum number of users to return.
email	string Example: email=1 Email address to get users
offset	string Example: offset=1 The number of users to skip before starting to collect the result set.
from	string Example: from=1 Timestamp from which user is created
to	string Example: to=1 Timestamp until which the user was created
isUserEnabled	string Example: isUserEnabled=true Determines whether the user account is active, with `true` indicating the account is active.
orderBy	string Example: orderBy=desc The order of the results, either ascending (asc) or descending (desc).
orderByKey	string Example: orderByKey=lastname The field to order the results by, such as firstName, lastName, email, or username.
genericSearchVal	string Example: genericSearchVal=bob It is a custom search key for first name, last name, email, or username, and if the search is empty, we will consider the firstname, lastname, email, and username parameters, else these four parameters will be ignored.

Responses

Response samples

200
401
404

Content type

application/json

{"message": "Users fetched successfully",
"status": "OK",
"subSystem": 5,
"data": {"userList": [{"admin": false,
"attributes": {"email": ["bob.go@gmail.com"
],
"firstName": ["bob"
],
"lastName": ["doe"
],
"username": ["bob"
]
},
"createdTimestamp": 1702579160144,
"email": "bob.go@gmail.com",
"emailVerified": false,
"enabled": true,
"firstName": "bob",
"id": "94a9b57e-9225-444c-bbfc-1fdb27c4b88b",
"lastName": "doe",
"requiredActions": ["VERIFY_EMAIL",
"UPDATE_PASSWORD"
],
"username": "bob"
}
],
"page": {"currentPage": 1,
"pageSize": 20,
"totalPages": 1,
"totalRecords": 1
}
}
}

Get resend OTP Brute Force Status

The Get OTP Brute Force status api gets OTP Brute Force lock status of a user.

Authorizations:

BearerAuth

path Parameters

tenantId required	string Name of the Realm.
userId required	string Name of the User (Username)

Responses

Response samples

200
401
404

Content type

application/json

{"message": "Resend OTP Brute force feature is currently disabled for tenant",
"status": "OK",
"subSystem": 5
}

Unlock User resend OTP Brute Force

The Unlock User OTP Brute Force api will unlock the user locked by the OTP Brute Force.

Authorizations:

BearerAuth

path Parameters

tenantId required	string Name of the Realm.
userId required	string Name of the User (Username)

Responses

Response samples

200
401
404

Content type

application/json

{"message": "Resend OTP Brute force feature is currently disabled for tenant",
"status": "OK",
"subSystem": 5
}

Search User

An API to search users.

Authorizations:

BearerAuth

path Parameters

tenantId

required

string

Name of the Realm.

query Parameters

key	string Example: key=search_keyword It can be a search parameter and will search over username, firstname, lastname and email.

Responses

Response samples

200
400
401
404

Content type

application/json

{"message": "Users fetched successfully",
"status": "OK",
"subSystem": 5,
"data": {"userList": [{"admin": false,
"attributes": {"firstName": ["bob"
]
},
"createdTimestamp": 1702579160144,
"email": "accesstoken@gmail.com",
"emailVerified": false,
"enabled": true,
"firstName": "bob",
"id": "94a9b57e-9225-444c-bbfc-1fdb27c4b88b",
"lastName": "doe",
"requiredActions": ["VERIFY_EMAIL",
"UPDATE_PASSWORD"
],
"username": "accesstoken"
}
],
"page": {"currentPage": 1,
"pageSize": 20,
"totalPages": 1,
"totalRecords": 12
}
}
}

Search User By User Attribute

API to search and fetch the user list using user's attributes.

Authorizations:

BearerAuth

path Parameters

tenantId

required

string

Name of the Realm.

query Parameters

key required	string Example: key=phone_number Attribute name to search user.
value required	string Example: value=1234567890 Attribute value to search user.

Responses

Response samples

200
400
401
404

Content type

application/json

{"message": "Users fetched successfully",
"status": "OK",
"subSystem": 5,
"data": [{"admin": false,
"attributes": {"LAST_SUCCESSFUL_LOGIN_TIMESTAMP": ["1702967761737"
],
"NEXT_PASSWORD_ENTRY_PASSWORD_IN": ["N/A"
],
"NUMBER_OF_FAILED_ATTEMPTS": ["0"
],
"email": ["accesstoken@gmail.com"
],
"firstName": ["bob"
],
"lastName": ["doe"
],
"username": ["accesstoken"
]
},
"createdTimestamp": 1702579160144,
"email": "accesstoken@gmail.com",
"emailVerified": false,
"enabled": true,
"firstName": "bob",
"id": "94a9b57e-9225-444c-bbfc-1fdb27c4b88b",
"lastName": "doe",
"requiredActions": ["VERIFY_EMAIL",
"UPDATE_PASSWORD"
],
"username": "accesstoken"
}
]
}

Unlock All User resend OTP Brute Force

The Unlock all Users OTP Brute Force API will unlock all the users locked by the OTP Brute Force.

Authorizations:

BearerAuth

path Parameters

tenantId

required

string

Name of the Realm.

Responses

Response samples

200
401

Content type

application/json

{"message": "Resend OTP Brute force feature is currently disabled for tenant",
"status": "OK",
"subSystem": 5
}

Disable User

This API is used to disable a user temporarily. Disabled users will not be allowed to login.

Authorizations:

BearerAuth

path Parameters

tenantId required	string Name of the Realm.
userId required	string Name of the User (Username)

Request Body schema: application/json

enabled

boolean

If false, the user is disabled.

Responses

Request samples

Payload

Content type

application/json

{"enabled": false
}

Response samples

200
400
401
404

Content type

application/json

{"message": "User disabled successfully",
"status": "OK",
"subSystem": 5
}

Enable User

Use this API to enable the user.

Authorizations:

BearerAuth

path Parameters

tenantId required	string Name of the Realm.
userId required	string Name of the User (Username)

Request Body schema: application/json

enabled

boolean

If true, the user is enabled.

Responses

Request samples

Payload

Content type

application/json

{"enabled": true
}

Response samples

200
400
401
404

Content type

application/json

{"message": "User enabled successfully",
"status": "OK",
"subSystem": 5
}

Promote User

Once promoted the user will have the 'digitanium_admin', 'admin' and 'realm-admin' role tagged and the corresponding role permissions.

Authorizations:

BearerAuth

path Parameters

tenantId required	string Name of the Realm.
userId required	string Name of the User (Username)

Responses

Response samples

200
400
401
404

Content type

application/json

{"message": "User promoted successfully",
"status": "OK",
"subSystem": 5
}

Revoke Admin access

Deletes the digitanium_admin, admin and realm-admin role permission for a particular user.

Authorizations:

BearerAuth

path Parameters

tenantId required	string Name of the Realm.
userId required	string Name of the User (Username)

Responses

Response samples

200
400
401
404

Content type

application/json

{"message": "Admin access revoked successfully",
"status": "OK",
"subSystem": 5
}

User Tenant List

Returns the list of tenants for a particular user.

Authorizations:

BearerAuth

path Parameters

tenantId required	string Name of the Realm.
userId required	string Name of the User (Username)

Responses

Response samples

200
401
403
404

Content type

application/json

{"message": "Tenant list fetched successfully",
"status": "OK",
"subSystem": 5,
"data": "astqa"
}

Revoke Required Actions

Using this API, users required actions can be revoked.

Authorizations:

BearerAuth

path Parameters

tenantId required	string Name of the Realm.
userId required	string Name of the User (Username)

Request Body schema: application/json

requiredActions

Array of strings

Responses

Request samples

Payload

Content type

application/json

{"requiredActions": ["update-password"
]
}

Response samples

200
400
401
404

Content type

application/json

{"message": "User required actions revoked successfully",
"status": "OK",
"subSystem": 5
}

Revoke Roles

Using this API client and realm roles will be revoked from the user's.

Authorizations:

BearerAuth

path Parameters

tenantId required	string Name of the Realm.
userId required	string Name of the User (Username)

Request Body schema: application/json

	object Roles assigned to a user for client level actions.
realmRoles	Array of strings Roles assigned to the user for realm level actions.

Responses

Request samples

Payload

Content type

application/json

{"clientRoles": {"client_Name": ["client_role1",
"client_role2",
"client_role3",
"client_role4"
]
},
"realmRoles": ["realm_role1",
"realm_role2"
]
}

Response samples

200
400
401
404

Content type

application/json

{"message": "User roles revoked successfully",
"status": "OK",
"subSystem": 5
}

List Admin Users

List Admin Users API will return a list of admin users.

Authorizations:

BearerAuth

path Parameters

tenantId

required

string

Name of the Realm.

Responses

Response samples

200
400
401
403

Content type

application/json

{"message": "Admin users fetched successfully",
"status": "OK",
"subSystem": 5,
"data": [{"username": "1",
"id": "31ad4937-4cf1-4e97-a6fe-440b9156d92a",
"createdTimestamp": 1709533258078,
"enabled": false,
"emailVerified": false,
"attributes": {"firstName": ["bob"
],
"lastName": [null
],
"email": [null
],
"username": ["1"
]
},
"requiredActions": ["kobil-email-registration-required-action"
],
"admin": true
}
]
}

Get Credentials

Get Credentials API will get the credential details for the user.

Authorizations:

BearerAuth

path Parameters

tenantId required	string Name of the Realm.
userId required	string Name of the User (Username)

Responses

Response samples

200
401
404

Content type

application/json

[{"id": "f5e75065-30a9-422b-a22b-8ba1fb1a9fb4",
"type": "password",
"createdDate": 1588881169980,
"credentialData": "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}"
}
]

Add address

Add Address API will add the address for the requested user.

Authorizations:

BearerAuth

path Parameters

tenantId required	string Name of the Realm.
userId required	string Name of the User (Username)

Request Body schema: application/json

postalCode	string Define the postalCode of the given address.
addressDetails	string Describes the default address details of the user.
addressTitle	string Address title
addressType	string Describes the address type
city	string Describes the city name
cityCode	string describes the city code
defaultAddress	boolean Describes the default address name
directions	string Directions of the address
district	string Describe the user district name
districtCode	string Describes the user district code
firstName	string Describe the user firstname
lastName	string last name of the user
town	string Town name to be added
townCode	string Describe the town code

Responses

Request samples

Payload

Content type

application/json

{"postalCode": "654321",
"addressDetails": "string",
"addressTitle": "string",
"addressType": "string",
"city": "string",
"cityCode": "string",
"defaultAddress": true,
"directions": "string",
"district": "string",
"districtCode": "string",
"firstName": "string",
"lastName": "string",
"town": "string",
"townCode": "string"
}

Response samples

200
400
401
404

Content type

application/json

{"message": "Address added successfully",
"status": "OK",
"subSystem": 5
}

Get address

Get Address API will fetch the address of the requested user.

Authorizations:

BearerAuth

path Parameters

tenantId required	string Name of the Realm.
userId required	string Name of the User (Username)

Responses

Response samples

200
401
404

Content type

application/json

{"message": "Address info fetched successfully",
"status": "OK",
"subSystem": 5,
"data": [{"addressDetails": "addressDetails",
"addressID": "4c30ff6c-72b8-42b2-bb7d-07e0a5bdb0fa",
"addressTitle": "Home address",
"addressType": "Home",
"city": "scotland",
"cityCode": "625531",
"defaultAddress": "false",
"direction": "",
"district": "district",
"districtCode": "123456",
"firstName": "bob",
"lastName": "doe",
"postalCode": "123456",
"town": "hometown",
"townCode": "123456"
}
]
}

Edit Address

Edit Address API will update the address for the requested user.

Authorizations:

BearerAuth

path Parameters

tenantId required	string Name of the Realm.
userId required	string Name of the User (Username)

Request Body schema: application/json

addressID	string Define the addressID given for a particular address.
lastName	string LastName of the user.
addressType	string Define the type of the address.

Responses

Request samples

Payload

Content type

application/json

{"addressID": "86765ce6-d551-40e7-b30c-a1edfe4a74bd",
"lastName": "shaw",
"addressType": "office"
}

Response samples

200
400
401
404

Content type

application/json

{"message": "Address changed successfully.",
"status": "OK",
"subSystem": 5
}

Delete Address

Delete Address API will delete the address of the requested user.

Authorizations:

BearerAuth

path Parameters

tenantId required	string Configure the Realm's name.
userId required	string Configure the Admin UserId.

Request Body schema: application/json

addressID

string

Define the addressID given for a particular address.

Responses

Request samples

Payload

Content type

application/json

{"addressID": "86765ce6-d551-40e7-b30c-a1edfe4a74bd"
}

Response samples

200
400
401
404

Content type

application/json

{"message": "Address deleted successfully",
"status": "OK",
"subSystem": 5
}

Get Users

Get Users will return a list of user's, along with their details that match the given query parameters.

Authorizations:

BearerAuth

path Parameters

tenantId

required

string

Name of the Realm.

Responses

Response samples

200
400
401
404

Content type

application/json

{"message": "Users fetched successfully",
"status": "OK",
"subSystem": 5,
"data": {"userList": [{"admin": false,
"attributes": {"email": ["accesstoken@gmail.com"
],
"firstName": ["bob"
],
"username": ["accesstoken"
]
},
"createdTimestamp": 1702579160144,
"email": "accesstoken@gmail.com",
"emailVerified": false,
"enabled": true,
"firstName": "bob",
"id": "94a9b57e-9225-444c-bbfc-1fdb27c4b88b",
"lastName": "doe",
"requiredActions": ["VERIFY_EMAIL",
"UPDATE_PASSWORD"
],
"username": "bob"
}
],
"page": {"pageSize": 20,
"totalRecords": 6,
"totalPages": 1,
"currentPage": 1
}
}
}

Add User to Groups

Use this API to add the users within a group.

Authorizations:

BearerAuth

path Parameters

tenantId required	string Name of the Realm.
userId required	string Username of the User.

Request Body schema: application/json

groups

Array of objects

Mention the list of groups where user need to be added.

Responses

Request samples

Payload

Content type

application/json

{"groups": ["test"
]
}

Response samples

200
400
401
404

Content type

application/json

{"message": "User group added successfully.",
"status": "OK",
"subSystem": 5
}

Delete User from Groups

User Group from Delete API is used to remove the users from the group.

Authorizations:

BearerAuth

path Parameters

tenantId required	string Name of the Realm.
userId required	string Username of the User.

Request Body schema: application/json

groups

Array of objects

Mention the groups where user need to be removed.

Responses

Request samples

Payload

Content type

application/json

{"groups": ["test"
]
}

Response samples

200
400
401
404

Content type

application/json

{"message": "User group removed successfully.",
"status": "Success",
"subSystem": 5
}

List Users

List users Api used to retrieve the user from the provided query parameters.

Authorizations:

BearerAuth

path Parameters

tenantId

required

string

Example: main

Name of the Realm.

query Parameters

email	string Example: email=johndoe@gmail.com Email address of user.
firstName	string Example: firstName=John First name of user.
lastName	string Example: lastName=doe Last name of user.
first	number Example: first=300 The integer value for the first result (default in -1)
username	string Example: username=johndoe@gmail.com Username of the user.
briefRepresentation	boolean Example: briefRepresentation=true A boolean flag to return brief details of the user if true.
exact	boolean Example: exact=true A boolean flag to perform the exact search on 'q' parameter.
q	string Example: q=lastName:Doe Custom search query with the specific attribute and specific value to search. we can also perform the prefix search, infix search , exact search in it.
groups	string Example: groups=ks-users, app-users Group names to filter the users that are the members of the groups.
enabled	boolean Example: enabled=true A boolean indicating whether the user is enabled (true) or disabled (false).
createdTimeEnd	string Example: createdTimeEnd=1710757836885 End created timestamp of the creation time range. Only records created before this time will be processed.
search	string Example: search=Jo Search value for users where userId, username,email, firstName, or lastName starts with "Jo". we can also perform the prefix search, infix search , exact search
includeRolesForClient	string Example: includeRolesForClient=9b783be7-ba9f-47w8-9020-a6f64d7034a7 The ID which maps the roles for the client
filterForRole	string Example: filterForRole=8a06d3ff-ff6c-413f-a6d9-2cbcec09cf34 Role ID which specifies the role to filter for.
createdTimeStart	string Example: createdTimeStart=1710757836882 Start created timestamp of the creation time range. Only records created on or after this time will be processed.
idpAlias	string Example: idpAlias=google The alias name that represents the identity provider used to get the user from the identity provider.
idpUserId	string Example: idpUserId=8a06d3ff-ff6c-411f-a6d9-2cbcec09cf34 The user id in the IDP.
emailVerified	string Example: emailVerified=true A boolean indicating whether the email is verified (true) or not (false)
sort	string Example: sort=username:asc to sort list of user.
max	number Example: max=300 The maximum results to be displayed.

Responses

Response samples

200
401

Content type

application/json

[{"id": "15152280-ce2c-4813-82fc-656050b2c585",
"createdTimestamp": 1717059652045,
"username": "johndoe@gmail.com",
"enabled": true,
"totp": false,
"emailVerified": true,
"email": "johndoe@gmail.com",
"disableableCredentialTypes": [ ],
"requiredActions": ["UPDATE_PASSWORD"
],
"notBefore": 0,
"access": {"manageGroupMembership": true,
"view": true,
"mapRoles": true,
"impersonate": true,
"manage": true
}
}
]

Get User Count

Get User count API used to retrieve count of the user by provided query parameters.

Authorizations:

BearerAuth

path Parameters

tenantId

required

string

Name of the Realm.

query Parameters

email	string Example: email=johndoe@gmail.com Email address of user.
firstName	string Example: firstName=John First name of user.
lastName	string Example: lastName=doe Last name of user.
search	string Example: search=Jo Search value for users where userId, username,email, firstName, or lastName starts with "Jo". we can also perform the prefix search, infix search , exact search
emailVerified	boolean Example: emailVerified=true A boolean indicating whether the email is verified (true) or not (false)
filterForRole	string Example: filterForRole=8a06d3ff-df6c-411f-a6d0-2cbcec09cf34 Role ID which specifies the role to filter for.
username	string Example: username=John Username of the user.
enabled	boolean Example: enabled=true A boolean indicating whether the user is enabled (true) or disabled (false).
q	string Example: q=lastName:Doe Custom search query with the specific attribute and specific value to search. we can also perform the prefix search, infix search , exact search in it.
createdTimeStart	string Example: createdTimeStart=1710757836882 Start created timestamp of the creation time range. Only records created on or after this time will be processed.
createdTimeEnd	string Example: createdTimeEnd=1710757836885 End created timestamp of the creation time range. Only records created before this time will be processed.
groups	string Example: groups=ks-users, app-users Group names to filter the users that are the members of the groups.

Responses

Response samples

200
401

Content type

application/json

1

Email

Send Email

Email will be sent to the user's based on the template which is specified in the mailtype.

Authorizations:

BearerAuth

path Parameters

tenantId required	string Configure the Realm's name.
userId required	string Configure the Realm's name.

Request Body schema: application/json

One of

mailType	string Specify the mail type for template. Value should be "WELCOME"
iosLink	string Specify the iOS link.
androidLink	string Specify Android link.
portalUrl	string Specify the Portal access URL.

Responses

Request samples

Payload

Content type

application/json

{"mailType": "FORGOT_PASSWORD",
"redirectUri": "https://xxxx.xxx.xxxx.test.xxxx.com/",
"appName": "account",
"supportEmail": "xxxsupport@xxx.com"
}

Response samples

200
400
401
404

Content type

application/json

{"message": "Email already verified",
"status": "OK",
"subSystem": 5
}

SMTP Configuration

SMTP Configuration API used configure the email configurations.

Authorizations:

BearerAuth

path Parameters

tenantId

required

string

Configure the Realm's name.

Request Body schema: application/json

envelopeFrom	string An email address used for bounces.
from	string Enter from mailId.
fromDisplayName	string A user friendly display name for from address.
host	string Enter valid host(Eg.smtp.gamil.com).
password	string Password corresponding to from mail address.
port	string Enter valid port number.
replyTo	string Mail to which reply needs to be sent.
replyToDisplayName	string A user friendly display name for from address.
ssl	string Enable SSL.
starttls	string enable TLS.
user	string From mail address.

Responses

Request samples

Payload

Content type

application/json

{"envelopeFrom": null,
"from": "test@test.com",
"fromDisplayName": "Identity Dashboard",
"host": "mail.gmail.com",
"password": "secret",
"port": "587",
"replyTo": "test@test.com",
"replyToDisplayName": "Support",
"ssl": "true",
"starttls": "true",
"user": "admin.test"
}

Response samples

200
400
401

Content type

application/json

{"message": "Successfully updated SMTP Details.",
"status": "OK",
"subSystem": 1
}

Test SMTP Configuration

The Test SMTP Configuration API is utilized to verify the email settings that have been configured.

Authorizations:

BearerAuth

path Parameters

tenantid

required

string

Configure the tenant name,

Request Body schema: application/json

mailType

string

Describe the mail type as TEST

Responses

Request samples

Payload

Content type

application/json

{"mailType": "TEST"
}

Response samples

200
400
401

Content type

application/json

{"message": "Mail Sent Successfully to the user",
"status": "OK",
"subSystem": 5
}

Apps (Client)

UMA App

Use this API to create client with all authorization scopes in the realm.

Authorizations:

BearerAuth

path Parameters

tenantId

required

string

Configure the Realm's name.

query Parameters

adminuser required	string Configure the Admin user name.
adminpassword required	string Configure the Admin Password.
migrate required	boolean Configure the boolean values as true or false.If set to true the respective UMA roles will be assigned to all the existing users.

Responses

Response samples

200
400
401
409

Content type

application/json

{"message": "Created app and migrated users successfully.",
"status": "OK",
"subSystem": 2
}

List all apps

List all apps API will return the list of apps that are created through the Create App.

Authorizations:

BearerAuth

path Parameters

tenantId

required

string

Configure the Realm's name.

Responses

Response samples

200
401
404

Content type

application/json

{"message": "App info fetched successfully",
"status": "OK",
"subSystem": 2,
"data": [{"appName": "appname1",
"id": "9a9e38c6-2548-4a45-bd77-ca29a40e34db",
"name": "clientname",
"enabled": true,
"appAuthenticatorType": null,
"bearerOnly": true,
"consentRequired": true,
"standardFlowEnabled": true,
"implicitFlowEnabled": true,
"directAccessGrantsEnabled": true,
"serviceAccountsEnabled": true,
"publicApp": true,
"authenticationFlowBindingOverrides": { },
"attributes": {"app_logo": "https://www.yyyyyy.com/xyz-063534.jpg",
"backchannel.logout.session.required": true,
"backchannel.logout.revoke.offline.tokens": false
},
"webOrigins": ["/*"
],
"baseUrl": null,
"rootUrl": null,
"defaultRoles": ["view-profile manage-account uma_authorization"
],
"description": null,
"frontchannelLogout": true,
"fullScopeAllowed": true,
"nodeReRegistrationTimeout": -1,
"notBefore": 0,
"protocol": "openid-connect",
"protocolMappers": [{"id": "506d3b5d-b3b7-4fdf-ac15-1fdffb9a6dba",
"name": "Client Host",
"protocol": "openid-connect",
"protocolMapper": "oidc-usersessionmodel-note-mapper",
"config": {"user.session.note": "clientHost",
"introspection.token.claim": true,
"id.token.claim": true,
"access.token.claim": true,
"claim.name": "clientHost",
"jsonType.label": "String"
}
}
],
"redirectUris": ["/*"
],
"registeredNodes": { },
"surrogateAuthRequired": true
}
]
}

Update App

Use Update App API, to update the app through IDP, which has already been created using Create App.

Authorizations:

BearerAuth

path Parameters

tenantId

required

string

Configure the Realm's name.

Request Body schema: application/json

appName	string Configure the app (client name) to update
implicitFlowEnabled	boolean Configure the boolean value as true or false to enable or disable the implicit flow for this client.
	object Configure a authenticationFlowBindingOverrides Map as (string,string) to client for customizing of authentication flows.
name	string Display name of the client.

Responses

Request samples

Payload

Content type

application/json

{"appName": "asd",
"implicitFlowEnabled": true,
"authenticationFlowBindingOverrides": {"browser": ""
},
"name": "new-app1"
}

Response samples

200
400
401
404
500

Content type

application/json

{"message": "App updated successfully.",
"status": "OK",
"subSystem": 2
}

Create App

Apps are entities that can request IDP to authenticate a user. It also use IDP to encrypt themselves and provide a single sign-on solution which can securely invoke other services over the network.

Authorizations:

BearerAuth

path Parameters

tenantId

required

string

Configure the Realm's name.

Request Body schema: application/json

appName	string The name of the app to be created.
name	string Display name of the client.
description	string The description of the app to be created
rootUrl	string Root url is the entire url including slash.
adminUrl	string Url's to the client's admin interface.
baseUrl	string Root address for your website
	object Customized attribute in form of the key value pair
surrogateAuthRequired	boolean Configure boolean value to whether it is required to substitute auth or not.
enabled	boolean Describes whether the client is active or not.
appAuthenticatorType	string Type of the authentication method applied to an client application.
registrationAccessToken	string A security token used by clients for dynamic client registration operations.
defaultRoles	string <nullable> Specifies the roles that are automatically assigned to a user when they are authenticated against this client
redirectUris	string <nullable> Specifies the URIs to which Keycloak should redirect after successful authentication or authorization processes.
implicitFlowEnabled	boolean Boolean attribute for a client determines whether the client is allowed to use the implicit flow for OpenID Connect.
directAccessGrantsEnabled	boolean Boolean attribute for a client determines whether the client is allowed to use the Direct Access Grant flow (also known as the Resource Owner Password Credentials Grant) of OAuth 2.0.

Responses

Request samples

Payload

Content type

application/json

{"appName": "appname1",
"name": "new-app",
"description": null,
"rootUrl": "http://www.testapp.com/",
"adminUrl": null,
"baseUrl": "http://www.demotest.com",
"attributes": {"app_logo": "https://www.yyyyyy.com/xyz-063534.jpg"
},
"surrogateAuthRequired": true,
"enabled": true,
"appAuthenticatorType": null,
"registrationAccessToken": null,
"defaultRoles": "string",
"redirectUris": "string",
"implicitFlowEnabled": true,
"directAccessGrantsEnabled": true
}

Response samples

200
400
401
409
500

Content type

application/json

{"message": "App created successfully",
"status": "OK",
"subSystem": 2
}

Get App Info

Get App Info API will return the app info that match the given parameters.

Authorizations:

BearerAuth

path Parameters

tenantId required	string Configure the Realm's name.
clientId required	string Configure the App name.

Responses

Response samples

200
401
404
500

Content type

application/json

{"message": "App info fetched successfully",
"status": "OK",
"subSystem": 2,
"data": {"appName": "appname1",
"id": "9a9e38c6-2548-4a45-bd77-ca29a40e34db",
"name": "newapp",
"enabled": true,
"appAuthenticatorType": null,
"bearerOnly": true,
"consentRequired": false,
"standardFlowEnabled": true,
"implicitFlowEnabled": true,
"directAccessGrantsEnabled": true,
"serviceAccountsEnabled": true,
"publicApp": true,
"authenticationFlowBindingOverrides": { },
"attributes": {"app_logo": "https://www.yyyyyy.com/xyz-063534.jpg",
"backchannel.logout.session.required": true,
"backchannel.logout.revoke.offline.tokens": false
},
"webOrigins": ["/*"
],
"baseUrl": null,
"rootUrl": null,
"defaultRoles": ["view-profile manage-account uma_authorization"
],
"description": "string",
"frontchannelLogout": true,
"fullScopeAllowed": true,
"nodeReRegistrationTimeout": -1,
"notBefore": 0,
"protocol": "openid-connect",
"protocolMappers": [{"id": "506d3b5d-b3b7-4fdf-ac15-1fdffb9a6dba",
"name": "Client Host",
"protocol": "openid-connect",
"protocolMapper": "oidc-usersessionmodel-note-mapper",
"config": {"user.session.note": "clientHost",
"introspection.token.claim": true,
"id.token.claim": true,
"access.token.claim": true,
"claim.name": "clientHost",
"jsonType.label": "String"
}
}
],
"redirectUris": ["/*"
],
"registeredNodes": { },
"surrogateAuthRequired": true
}
}

Delete App

This API is used to delete an app.

Authorizations:

BearerAuth

path Parameters

tenantId required	string Configure the Realm's name.
clientId required	string Configure the App name.

Responses

Response samples

200
401
404
500

Content type

application/json

{"message": "App deleted successfully",
"status": "OK",
"subSystem": 2
}

Get App Credentials

Get App Credentials API will return the client secret for the specified client..

Authorizations:

BearerAuth

path Parameters

tenantId required	string Configure the Realm's name.
clientId required	string Configure the Client ID.

Responses

Response samples

200
401
404
500

Content type

application/json

{"message": "App credential fetched successfully",
"status": "OK",
"subSystem": 5,
"data": "77581f16-2887-4d60-9346-0f3b6693063a"
}

Regenerate App Credential

Regenerate App Credential API will return the data that match the given parameters.

Authorizations:

BearerAuth

path Parameters

tenantId required	string Configure the Realm's name.
clientId required	string Configure the Client ID.

Responses

Response samples

200
400
401
404
500

Content type

application/json

{"message": "App credential regenerated successfully",
"status": "OK",
"subSystem": 2,
"data": "67e3127b-b173-4780-8033-1fecfd35d397"
}

Magic link

Send Magic Link

This API is used to Authenticate user through email via link.

Authorizations:

BearerAuth

path Parameters

tenantId

required

string

Configure the Realm's name.

Request Body schema: application/json

clientId	string Specifies the Client ID
email	string Configure the email through which magic link will be sent.
forceCreate	boolean Create user with the email when user doesn't exist.
redirectUri	string Specify the URI, where user needs to land after completing the process.
resetPassword	boolean reset password option is enabled while clicking the Magic link.
responseMode	string Configure the type how the Authorization Server should return the result.
responseType	string Configure the type of response that has to be received on execution.
scope	string The scope requested for the token.

Responses

Request samples

Payload

Content type

application/json

{"clientId": "clientname",
"email": "abc@gmail.com",
"forceCreate": true,
"redirectUri": "https://oidcdebugger.com/debug",
"resetPassword": true,
"responseMode": "form_post",
"responseType": "code token",
"scope": "open_id"
}

Response samples

200
400
401
404
500

Content type

application/json

{"message": "Mail was sent successfully to provided email id with magic link",
"status": "OK",
"subSystem": 5
}

Tenant

List Tenants

Use this API to return the list of tenants along with their details.

Authorizations:

BearerAuth

path Parameters

tenantId

required

string

Configure the Realm's name.

Responses

Response samples

200
401
500

Content type

application/json

{"message": "Tenant list fetched successfully",
"status": "OK",
"subSystem": 1,
"data": [{"name": "realmname",
"type": "AST",
"enabled": true,
"rememberMe": true,
"resetPassword": true,
"registrationAllowed": true,
"adminUsername": 123,
"userCount": 3,
"realmCreationStatus": "BLOCKED"
}
]
}

Create tenant

Access this API to create a new tenant.

Authorizations:

BearerAuth

path Parameters

tenantId

required

string

Configure the Realm's name.

Request Body schema: application/json

realm	string Configure the realm name
enabled	boolean Indicates whether the realm is active or not
loginTheme	string Configure the login theme
accountTheme	string Configure the account theme for the realm
adminTheme	string Configure the admin theme
emailTheme	string Configure the email theme for the realm
adminUsername	string Specifies the admin user name for the tenant.
adminEmail	string Specifies the admin user's email.
adminPassword	string Specifies the admin user's password.
adminFirstName	string Specifies the admin's first name.
adminLastName	string Specifies the admin's last name.
bruteForceProtected	boolean A boolean field that specifies if the brute force attack detection and protection is enabled for the realm.
actionTokenGeneratedByAdminLifespan	number This field represents the duration (in seconds) that action tokens generated by administrators will remain valid.
	object A map of custom settings specific to the realm. These settings can be used to configure various aspects of the realm's behavior.
	Array of objects A list of required actions that users must complete.

Responses

Request samples

Payload

Content type

application/json

{"realm": "realmname",
"enabled": true,
"loginTheme": "kobilv2",
"accountTheme": "kobilv2",
"adminTheme": "kobilv2",
"emailTheme": "kobilv2",
"adminUsername": "admin",
"adminEmail": "user123@gmail.com",
"adminPassword": "Admin@123",
"adminFirstName": null,
"adminLastName": null,
"bruteForceProtected": true,
"actionTokenGeneratedByAdminLifespan": 86400,
"settings": {"UserProperty": "id"
},
"requiredActions": [{"alias": "kobil-reg-status-required-action",
"name": "KOBIL Registration Status Verification",
"providerId": "kobil-reg-status-required-action",
"enabled": true,
"priority": 1001
}
]
}

Response samples

200
401
409
500

Content type

application/json

{"message": "Tenant created successfully",
"status": "OK",
"subSystem": 1,
"data": {"tenantName": "realmname",
"emailId": "user123@gmail.com",
"tenantUrl": "master.idp.local",
"appId": "digitanium-app",
"appSecret": "6ac9becb-1f68-4358-907f-9bb36d6d103c"
}
}

Get Tenant Info

Get Tenant Info API is used to get the details about the tenant.

Authorizations:

BearerAuth

path Parameters

realmId required	string Configure the Realm's name.
tenantId required	string Configure the Realm's name.

Responses

Response samples

200
401
404

Content type

application/json

{"message": "Tenant info fetched successfully",
"status": "OK",
"subSystem": 1,
"data": {"id": "093a8134-12aa-40b7-a164-fa808ccbf84e",
"realm": "realmname",
"notBefore": 0,
"defaultSignatureAlgorithm": "RS256",
"revokeRefreshToken": true,
"refreshTokenMaxReuse": 0,
"accessTokenLifespan": 1800,
"accessTokenLifespanForImplicitFlow": 900,
"ssoSessionIdleTimeout": 1800,
"ssoSessionMaxLifespan": 36000,
"ssoSessionIdleTimeoutRememberMe": 0,
"ssoSessionMaxLifespanRememberMe": 0,
"offlineSessionIdleTimeout": 2592000,
"offlineSessionMaxLifespanEnabled": true,
"offlineSessionMaxLifespan": 5184000,
"clientSessionIdleTimeout": 0,
"clientSessionMaxLifespan": 0,
"clientOfflineSessionIdleTimeout": 0,
"clientOfflineSessionMaxLifespan": 0,
"accessCodeLifespan": 60,
"accessCodeLifespanUserAction": 300,
"accessCodeLifespanLogin": 1800,
"actionTokenGeneratedByAdminLifespan": 43200,
"actionTokenGeneratedByUserLifespan": 300,
"oauth2DeviceCodeLifespan": 600,
"oauth2DevicePollingInterval": 5,
"enabled": true,
"sslRequired": "external",
"registrationAllowed": true,
"registrationEmailAsUsername": true,
"rememberMe": true,
"verifyEmail": false,
"loginWithEmailAllowed": true,
"duplicateEmailsAllowed": true,
"resetPasswordAllowed": true,
"editUsernameAllowed": true,
"bruteForceProtected": true,
"permanentLockout": true,
"maxFailureWaitSeconds": 900,
"minimumQuickLoginWaitSeconds": 60,
"waitIncrementSeconds": 60,
"quickLoginCheckMilliSeconds": 1000,
"maxDeltaTimeSeconds": 43200,
"failureFactor": 30,
"defaultRole": {"id": "e4a5735b-0677-48a1-bf5c-8aa30aa1846a",
"name": "default-roles-test",
"description": "$role_default-roles",
"composite": true,
"clientRole": true,
"containerId": "093a8134-12aa-40b7-a164-fa808ccbf84e"
},
"requiredCredentials": ["password"
],
"otpPolicyType": "totp",
"otpPolicyAlgorithm": "HmacSHA1",
"otpPolicyInitialCounter": 0,
"otpPolicyDigits": 6,
"otpPolicyLookAheadWindow": 1,
"otpPolicyPeriod": 30,
"webAuthnPolicyRpEntityName": "keycloak",
"webAuthnPolicySignatureAlgorithms": ["ES256"
],
"webAuthnPolicyRpId": null,
"webAuthnPolicyAttestationConveyancePreference": "not specified",
"webAuthnPolicyAuthenticatorAttachment": "not specified",
"webAuthnPolicyRequireResidentKey": "not specified",
"webAuthnPolicyUserVerificationRequirement": "not specified",
"webAuthnPolicyCreateTimeout": 0,
"webAuthnPolicyAvoidSameAuthenticatorRegister": true,
"webAuthnPolicyAcceptableAaguids": [ ],
"webAuthnPolicyPasswordlessRpEntityName": "keycloak",
"webAuthnPolicyPasswordlessSignatureAlgorithms": ["ES256"
],
"webAuthnPolicyPasswordlessRpId": null,
"webAuthnPolicyPasswordlessAttestationConveyancePreference": "not specified",
"webAuthnPolicyPasswordlessAuthenticatorAttachment": "not specified",
"webAuthnPolicyPasswordlessRequireResidentKey": "not specified",
"webAuthnPolicyPasswordlessUserVerificationRequirement": "not specified",
"webAuthnPolicyPasswordlessCreateTimeout": 0,
"webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister": true,
"webAuthnPolicyPasswordlessAcceptableAaguids": [ ],
"browserSecurityHeaders": {"contentSecurityPolicyReportOnly": null,
"xContentTypeOptions": "nosniff",
"referrerPolicy": "no-referrer",
"xRobotsTag": "none",
"xFrameOptions": "SAMEORIGIN",
"contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';",
"xXSSProtection": "1; mode=block",
"strictTransportSecurity": "max-age=31536000; includeSubDomains"
},
"smtpServer": {"replyToDisplayName": "Support",
"starttls": true,
"auth": true,
"envelopeFrom": null,
"ssl": false,
"password": "AEV+d3P.n9Wr-aR",
"port": 587,
"host": "mail2.kobil.com",
"replyTo": "admin@midentitybox.com",
"from": "admin@midentitybox.com",
"fromDisplayName": "mIDentity Dashboard",
"user": "admin.midentitybox"
},
"eventsEnabled": true,
"eventsListeners": ["SEND_RESET_PASSWORD UPDATE_CONSENT_ERROR CUSTOM_REQUIRED_ACTION OAUTH2_DEVICE_CODE_TO_TOKEN_ERROR USER_DISABLED_BY_PERMANENT_LOCKOUT IDENTITY_PROVIDER_LINK_ACCOUNT_ERROR CLIENT_INITIATED_ACCOUNT_LINKING_ERROR"
],
"adminEventsEnabled": true,
"adminEventsDetailsEnabled": true,
"identityProviders": [ ],
"identityProviderMappers": [ ],
"internationalizationEnabled": true,
"supportedLocales": [ ],
"requiredActions": [{"alias": "CONFIGURE_TOTP",
"name": "Configure OTP",
"providerId": "CONFIGURE_TOTP",
"enabled": true,
"defaultAction": true,
"priority": 10,
"config": { }
}
],
"browserFlow": "browser",
"registrationFlow": "registration",
"directGrantFlow": "direct grant",
"resetCredentialsFlow": "reset credentials",
"clientAuthenticationFlow": "clients",
"dockerAuthenticationFlow": "docker auth",
"attributes": {"cibaBackchannelTokenDeliveryMode": "poll",
"cibaAuthRequestedUserHint": "login_hint",
"oauth2DevicePollingInterval": 5,
"clientOfflineSessionMaxLifespan": 0,
"clientSessionIdleTimeout": 0,
"actionTokenGeneratedByUserLifespan-execute-actions": null,
"actionTokenGeneratedByUserLifespan-verify-email": null,
"clientOfflineSessionIdleTimeout": 0,
"actionTokenGeneratedByUserLifespan-reset-credentials": null,
"otpMaxDeltaTimeSeconds": 0,
"realmReusableOtpCode": false,
"cibaInterval": 5,
"cibaExpiresIn": 120,
"oauth2DeviceCodeLifespan": 600,
"actionTokenGeneratedByUserLifespan-idp-verify-account-via-email": null,
"otpFailureFactor": 1,
"otpWaitIncrementSeconds": 0,
"clientSessionMaxLifespan": 0,
"parRequestUriLifespan": 60,
"adminEventsExpiration": null,
"shortVerificationUri": null,
"otpBruteForceProtected": true
},
"userManagedAccessAllowed": true,
"enableMtan": true,
"adminEmailVerified": true,
"adminStatus": true,
"settings": {"webAuthnPolicyAttestationConveyancePreferencePasswordless": "not specified",
"webAuthnPolicyRequireResidentKeyPasswordless": "not specified",
"webAuthnPolicyAuthenticatorAttachmentPasswordless": "not specified",
"actionTokenGeneratedByUserLifespan": 300,
"webAuthnPolicySignatureAlgorithms": "ES256",
"webAuthnPolicyRpEntityNamePasswordless": "keycloak",
"offlineSessionMaxLifespan": 5184000,
"_browser_header.contentSecurityPolicyReportOnly": null,
"_browser_header.contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';",
"webAuthnPolicyUserVerificationRequirement": "not specified",
"quickLoginCheckMilliSeconds": 1000,
"webAuthnPolicyCreateTimeout": 0,
"minimumQuickLoginWaitSeconds": 60,
"defaultSignatureAlgorithm": "RS256",
"webAuthnPolicyUserVerificationRequirementPasswordless": "not specified",
"_browser_header.xContentTypeOptions": "nosniff",
"waitIncrementSeconds": 60,
"offlineSessionMaxLifespanEnabled": false,
"client-policies.profiles": "profiles:[]",
"webAuthnPolicyAuthenticatorAttachment": "not specified",
"_browser_header.xRobotsTag": "none",
"webAuthnPolicySignatureAlgorithmsPasswordless": "ES256",
"webAuthnPolicyRpEntityName": "keycloak",
"webAuthnPolicyAvoidSameAuthenticatorRegisterPasswordless": false,
"failureFactor": 30,
"maxDeltaTimeSeconds": 43200,
"bruteForceProtected": false,
"webAuthnPolicyRpIdPasswordless": null,
"_browser_header.xXSSProtection": "1; mode=block",
"_browser_header.xFrameOptions": "SAMEORIGIN",
"_browser_header.strictTransportSecurity": "max-age=31536000; includeSubDomains",
"permanentLockout": false,
"webAuthnPolicyRequireResidentKey": "not specified",
"webAuthnPolicyRpId": null,
"webAuthnPolicyAttestationConveyancePreference": "not specified",
"_browser_header.referrerPolicy": "no-referrer",
"maxFailureWaitSeconds": 900,
"webAuthnPolicyCreateTimeoutPasswordless": 0,
"webAuthnPolicyAvoidSameAuthenticatorRegister": false,
"client-policies.policies": "policies:[]",
"actionTokenGeneratedByAdminLifespan": 43200
},
"userCount": 3,
"realmCreationStatus": "BLOCKED",
"disabledComponents": null,
"adminUserCreatedTimestamp": 0,
"adminUserEnabled": true,
"clientProfiles": {"profiles": [ ]
},
"clientPolicies": {"policies": [ ]
}
}
}

Update Tenant

Use this API to update a tenant.

Authorizations:

BearerAuth

path Parameters

realmId required	string Configure the Realm's name.
tenantId required	string Configure the Realm's name.

Request Body schema: application/json

enabled	boolean Indicates whether the realm is enabled or not.
loginTheme	string The theme used for the login pages.
accountTheme	string The theme used for the account management pages.
adminTheme	string Specifies the theme to be used for the admin console interface.
emailTheme	string Specifies the theme to be used for the emails sent from this realm.
adminUsername	string Specifies the admin user name for the tenant.
adminEmail	string Specifies the admin user's email.
adminPassword	string Specifies the admin user's password.
adminFirstName	string Specifies the admin's first name.
adminLastName	string Specifies the admin's last name.
bruteForceProtected	boolean Indicates whether brute force protection is enabled for the realm.
actionTokenGeneratedByAdminLifespan	number The lifespan in seconds for action tokens generated by an admin.
	object Custom settings specific to the realm.
	Array of objects A list of required actions for users in the realm.

Responses

Request samples

Payload

Content type

application/json

{"enabled": true,
"loginTheme": "kobilv2",
"accountTheme": "kobilv2",
"adminTheme": "kobilv2",
"emailTheme": "kobilv2",
"adminUsername": "admin",
"adminEmail": "user123@gmail.com",
"adminPassword": "Admin@123",
"adminFirstName": null,
"adminLastName": null,
"bruteForceProtected": true,
"actionTokenGeneratedByAdminLifespan": 86400,
"settings": {"UserProperty": "id"
},
"requiredActions": [{"alias": "kobil-reg-status-required-action",
"name": "KOBIL Registration Status Verification",
"providerId": "kobil-reg-status-required-action",
"enabled": true,
"priority": 1001
}
]
}

Response samples

200
400
401

Content type

application/json

{"message": "Tenant updated successfully",
"status": "OK",
"subSystem": 1
}

Delete Tenant

Using this API, a tenant can be deleted.

Authorizations:

BearerAuth

path Parameters

tenantId

required

string

Configure the Realm's name.

Responses

Response samples

200
400
401
404

Content type

application/json

{"message": "Tenant deleted successfully",
"status": "OK",
"subSystem": 1
}

Get Tenant Settings

Using this API, we can fetch the details about the tenant settings.

Authorizations:

BearerAuth

path Parameters

tenantId

required

string

Configure the Realm's name.

Responses

Response samples

200
401
404

Content type

application/json

{"message": "Tenant setting(s) fetched successfully",
"status": "OK",
"subSystem": 1,
"data": {"cibaBackchannelTokenDeliveryMode": "poll",
"webAuthnPolicyAttestationConveyancePreferencePasswordless": "not specified",
"webAuthnPolicyRequireResidentKeyPasswordless": "not specified",
"clientOfflineSessionIdleTimeout": 0,
"cibaExpiresIn": 120,
"webAuthnPolicyAuthenticatorAttachmentPasswordless": "not specified",
"actionTokenGeneratedByUserLifespan": 300,
"actionTokenGeneratedByUserLifespan-idp-verify-account-via-email": null,
"webAuthnPolicySignatureAlgorithms": "ES256",
"webAuthnPolicyRpEntityNamePasswordless": "keycloak",
"offlineSessionMaxLifespan": 5184000,
"shortVerificationUri": null,
"_browser_header.contentSecurityPolicyReportOnly": null,
"_browser_header.contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';",
"cibaAuthRequestedUserHint": "login_hint",
"webAuthnPolicyUserVerificationRequirement": "not specified",
"clientSessionIdleTimeout": 0,
"quickLoginCheckMilliSeconds": 1000,
"webAuthnPolicyCreateTimeout": 0,
"actionTokenGeneratedByUserLifespan-reset-credentials": null,
"minimumQuickLoginWaitSeconds": 60,
"realmReusableOtpCode": false,
"defaultSignatureAlgorithm": "RS256",
"webAuthnPolicyUserVerificationRequirementPasswordless": "not specified",
"clientSessionMaxLifespan": 0,
"_browser_header.xContentTypeOptions": "nosniff",
"waitIncrementSeconds": 60,
"offlineSessionMaxLifespanEnabled": false,
"client-policies.profiles": "profiles:[]",
"actionTokenGeneratedByUserLifespan-execute-actions": null,
"actionTokenGeneratedByUserLifespan-verify-email": null,
"displayName": "Keycloak",
"webAuthnPolicyAuthenticatorAttachment": "not specified",
"_browser_header.xRobotsTag": "none",
"webAuthnPolicySignatureAlgorithmsPasswordless": "ES256",
"displayNameHtml": "<div class=kc-logo-text><span>Keycloak</span></div>",
"webAuthnPolicyRpEntityName": "keycloak",
"webAuthnPolicyAvoidSameAuthenticatorRegisterPasswordless": false,
"failureFactor": 30,
"maxDeltaTimeSeconds": 43200,
"bruteForceProtected": false,
"webAuthnPolicyRpIdPasswordless": null,
"_browser_header.xXSSProtection": "1; mode=block",
"_browser_header.xFrameOptions": "SAMEORIGIN",
"_browser_header.strictTransportSecurity": "max-age=31536000; includeSubDomains",
"oauth2DevicePollingInterval": 5,
"clientOfflineSessionMaxLifespan": 0,
"permanentLockout": false,
"webAuthnPolicyRequireResidentKey": "not specified",
"webAuthnPolicyRpId": null,
"webAuthnPolicyAttestationConveyancePreference": "not specified",
"_browser_header.referrerPolicy": "no-referrer",
"maxFailureWaitSeconds": 900,
"cibaInterval": 5,
"oauth2DeviceCodeLifespan": 600,
"webAuthnPolicyCreateTimeoutPasswordless": 0,
"webAuthnPolicyAvoidSameAuthenticatorRegister": false,
"parRequestUriLifespan": 60,
"client-policies.policies": "policies:[]",
"actionTokenGeneratedByAdminLifespan": 43200
}
}

Update Tenant Settings

Using this API, you can add or update realm settings.

Authorizations:

BearerAuth

path Parameters

tenantId

required

string

Configure the Realm's name.

Request Body schema: application/json

key	string Define the key value pair to be updated in the realm setting.

Responses

Request samples

Payload

Content type

application/json

{"key": "value"
}

Response samples

200
400
401

Content type

application/json

{"message": "Tenant settings updated successfully",
"status": "OK",
"subSystem": 1
}

Delete Tenant Settings

Use the Delete Tenant Settings API to delete the realm settings in a particular realm.

Authorizations:

BearerAuth

path Parameters

tenantId

required

string

Configure the Realm's name.

query Parameters

key	string Example: key=key provide the settings name which needs to be deleted.

Responses

Response samples

200
401
404

Content type

application/json

{"message": "Tenant setting deleted",
"status": "OK",
"subSystem": 1
}

Update App Settings

The Update App Settings API will update the app settings details which is configured in the realm settings.

Authorizations:

BearerAuth

path Parameters

tenantId

required

string

Configure the Realm's name.

Request Body schema: application/json

flutter_android_build_number	string flutter_android_build_number is the number of android releases for a version. (Every build has its own unique number)
flutter_android_link	string flutter_android_link is the URL for the playstore.
flutter_android_update_by	string flutter_android_update_by results the timestamp of the last update.
flutter_android_version	string flutter_android_version is the result of the andriod version.
flutter_ios_build_number	string flutter_ios_build_number is the number of ios releases for a version. (Every build has its own unique number)
flutter_ios_link	string flutter_ios_link is the URL for the appstore.
flutter_ios_update_by	string flutter_ios_update_by results the timestamp of the last update.
flutter_ios_version	string flutter_ios_version is the result of the ios version.
macos_build_number	string macos_build_number is the number of macos releases for a version. (Every build has its own unique number).
macos_link	string macos_link is the URL for the playstore.
macos_update_by	string macos_update_by results the timestamp of the last update.
macos_version	string macos_version is the result of the macos version.
windows_build_number	string windows_build_number is the number of windows releases for a version. (Every build has its own unique number)
windows_link	string windows_link is the URL for the playstore.
windows_update_by	string windows_update_by results the timestamp of the last update.
windows_version	string windows_version is the result of the windows version.

Responses

Request samples

Payload

Content type

application/json

{"flutter_android_build_number": "000",
"flutter_android_link": "https://google.com",
"flutter_android_update_by": "30.07.2023",
"flutter_android_version": "2.5.5",
"flutter_ios_build_number": "000",
"flutter_ios_link": "https://google.com",
"flutter_ios_update_by": "30.07.2023",
"flutter_ios_version": "2.5.5",
"macos_build_number": "",
"macos_link": "",
"macos_update_by": "",
"macos_version": "",
"windows_build_number": "",
"windows_link": "",
"windows_update_by": "",
"windows_version": ""
}

Response samples

200
401

Content type

application/json

{"message": "Tenant settings updated successfully",
"status": "OK",
"subSystem": 1
}

Get App Settings

The Get App settings API will fetch the app details which is configured in the realm settings.

Authorizations:

BearerAuth

path Parameters

tenantId

required

string

Configure the Realm's name.

Responses

Response samples

200
401

Content type

application/json

{"message": "Tenant setting(s) fetched successfully",
"status": "OK",
"subSystem": 1,
"data": {"flutter_ios_version": "2.5.5",
"flutter_android_link": "https://google.com",
"macos_link": "https://google.com/",
"huawei_update_by": "30.07.2023",
"huawei_build_number": 0,
"macos_version": "1.4.0",
"huawei_version": "2.5.5",
"windows_link": "https://google.com/",
"windows_version": "1.4.0",
"macos_build_number": 4,
"flutter_ios_build_number": 0,
"huawei_link": "https://google.com/",
"flutter_android_version": "2.5.5",
"flutter_android_update_by": "30.07.2023",
"flutter_ios_update_by": "30.07.2023",
"windows_update_by": "2023-04-28 18:27:08.443204",
"flutter_ios_link": "https://google.com",
"macos_update_by": "2023-04-28 18:27:08.443204",
"flutter_android_build_number": 0,
"windows_build_number": 4
}
}

Get Realm Creation Status

The Get Realm Creation Status API that will fetch the status of the Realm created.

Authorizations:

BearerAuth

path Parameters

tenantId

required

string

Configure the Realm's name.

Responses

Response samples

200
401

Content type

application/json

{"message": "Tenant status fetched successfully",
"status": "OK",
"subSystem": 1,
"data": {"status": "BLOCKED",
"iamStatus": "SUCCESS",
"signerCertStatus": "BLOCKED",
"identityUserCertStatus": {"externalIdentityUser": {"authentication": "BLOCKED",
"encryption": "BLOCKED",
"signature": "BLOCKED"
},
"internalIdentityUser": {"authentication": "BLOCKED",
"encryption": "BLOCKED",
"signature": "BLOCKED"
}
}
}
}

Add Realm Role

Realm role can be created using this API.

Authorizations:

BearerAuth

path Parameters

tenantId required	string Configure the Realm's name.
roleName required	string Configure the Role name.

Responses

Response samples

200
401
409

Content type

application/json

{"message": "Role created successfully",
"status": "OK",
"subSystem": 1
}

Delete Realm Role

Existing Realm roles can be deleted using this API.

Authorizations:

BearerAuth

path Parameters

tenantId required	string Configure the Realm's name.
roleName required	string Configure the Role name.

Responses

Response samples

200
401
404

Content type

application/json

{"message": "Role deleted successfully",
"status": "OK",
"subSystem": 1
}

Riskbits

Create riskbits

Using this API, riskbits can be added to the realm.

Authorizations:

BearerAuth

path Parameters

tenantId

required

string

Configure the Realm's name.

Request Body schema: application/json

operation	string Device execution is determined by the risk operation. For instance, if the JBreak[1]40001 is the Risk name of the device in 'Risk Details iOS' is 'HIGH_RISK,'in Operation the device will not be allowed.
ratingLevel	string Assessing the Risk Level on the device.
realmId	string The "realmId" field serves as an identifier for a specific tenant within a system.
risk	string Rate of the risks.
riskAndroid	string Android risk name which is present in the device.
riskIOS	string iOS risk name which is present in the device.
score	string Qualitative measure that quantifies the degree of the risk.

Responses

Request samples

Payload

Content type

application/json

{"operation": "OK",
"ratingLevel": "X",
"realmId": "realmname",
"risk": "0.01",
"riskAndroid": "JBreak_test",
"riskIOS": "JBreak_test",
"score": "001-003"
}

Response samples

200
400
401
403
409

Content type

application/json

{"message": "Riskbits added successfully",
"status": "OK",
"subSystem": 1
}

Delete All Riskbits

Using this API, riskbits associated with the realm will be removed.

Authorizations:

BearerAuth

path Parameters

tenantId

required

string

Configure the Realm's name.

Responses

Response samples

200
401
404

Content type

application/json

{"message": "All Riskbits Deleted Successfully",
"status": "OK",
"subSystem": 1
}

Delete Riskbits

Using this API, riskbits associated with the provided riskbit ID will be deleted.

Authorizations:

BearerAuth

path Parameters

tenantId required	string Configure the Realm's name.
id required	string Configure the Riskbit Id.

Responses

Response samples

200
401
404

Content type

application/json

{"message": "Riskbit deleted successfully",
"status": "OK",
"subSystem": 1
}

Get Riskbit

Using this API, will return the list of riskbit details for the riskbitId provided in the request.

Authorizations:

BearerAuth

path Parameters

tenantId required	string Configure the Realm's name.
id required	string Configure the Riskbit Id.

Responses

Response samples

200
401
404

Content type

application/json

{"message": "Riskbit found successfully",
"status": "OK",
"subSystem": 1,
"data": [{"id": "1a591860-368c-402a-8449-965787aaed8b",
"ratingLevel": "A",
"score": "986-999",
"risk": "0.80%",
"riskAndroid": null,
"riskIOS": null,
"operation": "OK",
"realmId": "realmname"
}
]
}

Add List of Riskbits

Using this API, you can add a list of riskbits as provided in the request.

Authorizations:

BearerAuth

path Parameters

tenantId

required

string

Configure the Realm's name.

Request Body schema: application/json

Array

operation	string Device execution is determined by the risk operation. For instance, if the JBreak[1]40001 is the Risk name of the device in 'Risk Details iOS' is 'HIGH_RISK,'in Operation the device will not be allowed.
ratingLevel	string Assessing the Risk Level on the device.
realmId	string The "realmId" field serves as an identifier for a specific tenant within a system.
risk	string The percentage risk associated with this risk bit.
riskAndroid	string The risk percentage specifically for Android platforms.
riskIOS	string The risk percentage specifically for ios platforms.
score	string Qualitative measure that quantifies the degree of the risk.

Responses

Request samples

Payload

Content type

application/json

[{"operation": "OK",
"ratingLevel": "A",
"realmId": "aaiqa",
"risk": "0.80%",
"riskAndroid": "",
"riskIOS": "",
"score": "986-999"
},
{"operation": "OK",
"ratingLevel": "B",
"realmId": "aaiqa",
"risk": "1.64%",
"riskAndroid": "",
"riskIOS": "",
"score": "977-985"
},
{"operation": "OK",
"ratingLevel": "C",
"realmId": "aaiqa",
"risk": "2.47%",
"riskAndroid": "",
"riskIOS": "",
"score": "970-976"
},
{"operation": "OK",
"ratingLevel": "D",
"realmId": "aaiqa",
"risk": "3.10%",
"riskAndroid": "",
"riskIOS": "",
"score": "962-969"
},
{"operation": "OK",
"ratingLevel": "E",
"realmId": "aaiqa",
"risk": "4.38%",
"riskAndroid": "JBreak[1](300)",
"riskIOS": "JBreak[400]",
"score": "949-961"
},
{"operation": "OK",
"ratingLevel": "F",
"realmId": "aaiqa",
"risk": "6.21%",
"riskAndroid": "Manipulation[2](4),Manipulation[2](35)",
"riskIOS": "",
"score": "928-948"
},
{"operation": "HIGH_RISK",
"ratingLevel": "G",
"realmId": "aaiqa",
"risk": "9.5%",
"riskAndroid": "CodeInjection[6](2),CodeInjection[6](20000)",
"riskIOS": "",
"score": "877-928"
},
{"operation": "HIGH_RISK",
"ratingLevel": "H",
"realmId": "aaiqa",
"risk": "16.74%",
"riskAndroid": "Manipulation[2](9",
"riskIOS": "JBreak[400],JBreak[5455],CodeInjection[6][7]",
"score": "800-876"
},
{"operation": "HIGH_RISK",
"ratingLevel": "I",
"realmId": "aaiqa",
"risk": "25.97%",
"riskAndroid": "JBreak[1](40001)",
"riskIOS": "JBreak[1](15),JBreak[1](101)",
"score": "718-799"
},
{"operation": "HIGH_RISK",
"ratingLevel": "J",
"realmId": "aaiqa",
"risk": "32.56%",
"riskAndroid": "Manipulation,MaliciousApp",
"riskIOS": "Manipulation,MaliciousApp",
"score": "639-717"
},
{"operation": "HIGH_RISK",
"ratingLevel": "K",
"realmId": "aaiqa",
"risk": "41.77%",
"riskAndroid": "Jbreak,Emulator",
"riskIOS": "Jbreak,Emulator",
"score": "492-638"
},
{"operation": "HIGH_RISK",
"ratingLevel": "L",
"realmId": "aaiqa",
"risk": "60.45%",
"riskAndroid": "CodeInjection",
"riskIOS": "CodeInjection",
"score": "1-491"
}
]

Response samples

200
401

Content type

application/json

{"message": "Add riskbits request completed successfully",
"status": "OK",
"subSystem": 1,
"data": {"KobilRiskBitsRepresentation{id=950afb01-fb4d-4bb4-b5a7-2f56204c1405, ratingLevel=K, score=492-638, risk=41.77, riskAndroid=, riskIOS=JBreak[1](15),JBreak[1](101),JBreak[1](1505),JBreak[1](5455), operation=HIGH_RISK, realmId=malda}": "Mismatch in realm specified in path param and request body",
"KobilRiskBitsRepresentation{id=4c0a5985-4395-4862-8602-a790f8ca4fff, ratingLevel=D, score=962-969, risk=3.10, riskAndroid=JBreak[1](30),JBreak[1](300), riskIOS=, operation=OK, realmId=malda}": "Mismatch in realm specified in path param and request body"
}
}

Get All Riskbits

Using this API will return a list of riskbit details.

Authorizations:

BearerAuth

path Parameters

tenantId

required

string

Configure the Realm's name.

Responses

Response samples

200
401
404

Content type

application/json

{"message": "Riskbits fetched successfully",
"status": "OK",
"subSystem": 1,
"data": [{"id": "1a591860-368c-402a-8449-965787aaed8b",
"ratingLevel": "A",
"score": "986-999",
"risk": "0.80%",
"riskAndroid": null,
"riskIOS": null,
"operation": "OK",
"realmId": "realmname"
}
]
}

Verify Device Risk

This API verifies whether the specified risk exists and fetches its details if it exists.

Authorizations:

BearerAuth

path Parameters

tenantId

required

string

Configure the Realm's name.

Request Body schema: application/json

platform	string Specify OS platform.
riskName	string Name of the specific risk being verified.

Responses

Request samples

Payload

Content type

application/json

{"platform": "ios",
"riskName": "JBreak"
}

Response samples

200
401
404

Content type

application/json

{"message": "Riskbits fetched successfully",
"status": "OK",
"subSystem": 1,
"data": [{"id": "8eb08bb0-478d-4170-846e-1d7c2ce25c20",
"ratingLevel": "K",
"score": "492-638",
"risk": "41.77%",
"riskAndroid": "JbreakEmulator",
"riskIOS": "JbreakEmulator",
"operation": "HIGH_RISK",
"realmId": "realmname"
}
]
}

Get Riskbit Status

This API allows fetching details of updated or added riskbit status.

Authorizations:

BearerAuth

path Parameters

tenantId

required

string

Configure the Realm's name.

Responses

Response samples

200
401
404

Content type

application/json

{"message": "Riskbit status fetched successfully",
"status": "OK",
"subSystem": 1,
"data": {"id": "165ba6e7-1e4b-4f40-a900-898232cb6b77",
"realmId": "realmname",
"enabled": true
}
}

Add Or Update Riskbit Status

This API allows you to update or add a riskbit status for the specified riskbitId in the request.

Authorizations:

BearerAuth

path Parameters

tenantId

required

string

Configure the Realm's name.

Request Body schema: application/json

enabled	boolean If true, the user is enabled; otherwise, disabled. Disabled users cannot log in to IDP.
id	string Unique identifier for each riskbit, providing a distinct reference for tracking and managing individual instances of risk within a system.
realmId	string The "realmId" field serves as an identifier for a specific tenant within a system.

Responses

Request samples

Payload

Content type

application/json

{"enabled": true,
"id": "ef08c996-55e3-40c5-ad2b-6038b4e05921",
"realmId": "aaiqa"
}

Response samples

200
401
409

Content type

application/json

{"message": "Riskbit status added successfully",
"status": "OK",
"subSystem": 1
}

OTP

Send OTP

Using this API, OTP can be sent via SMS or Email.

Authorizations:

BearerAuth

path Parameters

tenantId required	string Configure the realm name.
userId required	string Configure the user name.

Request Body schema: application/json

code	string You can customize the code to personalize the OTP. If not customized, an automatic code will be generated.
codeLength	number When not specifying a custom code, please set the desired code length (integer).
codeType	string If codeLength is specified, select the code type as "NUMERIC," "ALPHANUMERIC," or "ALPHANUMERIC_WITH_SPECIAL_CHARACTERS."
codeValidity	string To set the OTP's validity period, use a format such as "2m" for 2 minutes; the default validity period is 5 minutes.
deliverViaInternalProvider	boolean If set to "true," the OTP will be sent using an internal provider by default. If set to "false," the OTP won't be sent to the user but will be stored exclusively by the Identity Provider (IDP).
type	string Specify the message type by setting this parameter to either "SMS" or "EMAIL".

Responses

Request samples

Payload

Content type

application/json

{"code": "123456",
"codeLength": 6,
"codeType": "NUMERIC",
"codeValidity": "1m",
"deliverViaInternalProvider": true,
"type": "SMS"
}

Response samples

200
400
401
403
404

Content type

application/json

{"message": "OTP sent to the user successfully",
"status": "OK",
"subSystem": 5
}

Verify OTP

This API allows verification of SMS or Email OTP.

Authorizations:

BearerAuth

path Parameters

tenantId required	string Configure the realm name.
userId required	string Configure the user name.

Request Body schema: application/json

code	string Enter the OTP code to be verified

Responses

Request samples

Payload

Content type

application/json

{"code": "123456"
}

Response samples

200
400
401
403

Content type

application/json

{"message": "OTP verified successfully",
"status": "OK",
"subSystem": 5
}