Access Token
This section describes the process of generating an access token for authorization for various grant types.
path Parameters
tenantId required | string Configure the Realm's name. |
Request Body schema: application/json
grant_type | string The grant type should be password. |
username | string The username for which the token needs to be generated. |
password | string Password corresponding to the username. |
client_id | string The Client ID for which the access token is to be generated. |
client_secret | string Secret corresponding to the given clientID. Secret will be available only for the clients with access type selected confidential during client creation. This is an optional parameter. |
Responses
Request samples
- Payload
{- "client_id": "clientname",
- "client_secret": "RZ4YtWLZSXN8EjuZpfJXhEHweLS1nfry",
- "grant_type": "password",
- "code": "bf6f9af9-b3c9-4y66-804f-364f660d9135.a8e1b947-a2a3-4504-ad0e-8387ae200e50.db1ed60b-f478-4655-a397-fb688c53cbb8",
}
Response samples
- 200
- 400
- 401
- 404
{- "access_token": "string",
- "expires_in": 0,
- "not-before-policy": 0,
- "refresh_expires_in": 0,
- "refresh_token": "string",
- "scope": "string",
- "session_state": "string",
- "token_type": "string"
}
Well known API
This API lists endpoints and other configuration options relevant to the OpenID Connect implementation in Keycloak.
Authorizations:
path Parameters
tenantId required | string Configure the Realm's name. |
Responses
Response samples
- 200
{- "acr_values_supported": [
- "0",
- "1"
], - "authorization_encryption_alg_values_supported": [
- "RSA-OAEP",
- "RSA-OAEP-256",
- "RSA1_5"
], - "authorization_encryption_enc_values_supported": [
- "A256GCM",
- "A192GCM",
- "A128GCM",
- "A128CBC-HS256",
- "A192CBC-HS384",
- "A256CBC-HS512"
], - "authorization_signing_alg_values_supported": [
- "PS384",
- "ES384",
- "RS384",
- "HS256",
- "HS512",
- "ES256",
- "RS256",
- "HS384",
- "ES512",
- "PS256",
- "PS512",
- "RS512"
], - "backchannel_authentication_endpoint": "https://{idpurl}/realms/{tenant}/protocol/openid-connect/ext/ciba/auth",
- "backchannel_authentication_request_signing_alg_values_supported": [
- "PS384",
- "ES384",
- "RS384",
- "ES256",
- "RS256",
- "ES512",
- "PS256",
- "PS512",
- "RS512"
], - "backchannel_logout_session_supported": true,
- "backchannel_logout_supported": true,
- "backchannel_token_delivery_modes_supported": [
- "poll",
- "ping"
], - "check_session_iframe": "https://{idpurl}/realms/{tenant}/protocol/openid-connect/log}in-status-iframe.html",
- "claim_types_supported": [
- "normal"
], - "claims_parameter_supported": true,
- "claims_supported": [
- "aud",
- "sub",
- "iss",
- "auth_time",
- "name",
- "given_name",
- "family_name",
- "preferred_username",
- "email",
- "acr"
], - "code_challenge_methods_supported": [
- "plain",
- "S256"
], - "device_authorization_endpoint": "https://{idpurl}/realms/{tenant}/protocol/openid-connect/auth/device",
- "frontchannel_logout_session_supported": true,
- "frontchannel_logout_supported": true,
- "grant_types_supported": [
- "authorization_code",
- "implicit",
- "refresh_token",
- "password",
- "client_credentials",
- "urn:ietf:params:oauth:grant-type:device_code",
- "urn:openid:params:grant-type:ciba",
- "urn:ietf:params:oauth:grant-type:token-exchange"
], - "id_token_encryption_alg_values_supported": [
- "RSA-OAEP",
- "RSA-OAEP-256",
- "RSA1_5"
], - "id_token_encryption_enc_values_supported": [
- "A256GCM",
- "A192GCM",
- "A128GCM",
- "A128CBC-HS256",
- "A192CBC-HS384",
- "A256CBC-HS512"
], - "id_token_signing_alg_values_supported": [
- "PS384",
- "ES384",
- "RS384",
- "HS256",
- "HS512",
- "ES256",
- "RS256",
- "HS384",
- "ES512",
- "PS256",
- "PS512",
- "RS512"
], - "introspection_endpoint": "https://{idpurl}/realms/{tenant}/protocol/openid-connect/token/introspect",
- "introspection_endpoint_auth_methods_supported": [
- "private_key_jwt",
- "client_secret_basic",
- "client_secret_post",
- "tls_client_auth",
- "client_secret_jwt"
], - "introspection_endpoint_auth_signing_alg_values_supported": [
- "PS384",
- "ES384",
- "RS384",
- "HS256",
- "HS512",
- "ES256",
- "RS256",
- "HS384",
- "ES512",
- "PS256",
- "PS512",
- "RS512"
], - "mtls_endpoint_aliases": {
- "backchannel_authentication_endpoint": "https://{idpurl}/realms/{tenant}/protocol/openid-connect/ext/ciba/auth",
- "device_authorization_endpoint": "https://{idpurl}/realms/{tenant}/protocol/openid-connect/auth/device",
- "introspection_endpoint": "https://{idpurl}/realms/{tenant}/protocol/openid-connect/token/introspect",
- "pushed_authorization_request_endpoint": "https://{idpurl}/realms/{tenant}/protocol/openid-connect/ext/par/request",
}, - "pushed_authorization_request_endpoint": "https://{idpurl}/realms/{tenant}/protocol/openid-connect/ext/par/request",
- "request_object_encryption_alg_values_supported": [
- "RSA-OAEP",
- "RSA-OAEP-256",
- "RSA1_5"
], - "request_object_encryption_enc_values_supported": [
- "A256GCM",
- "A192GCM",
- "A128GCM",
- "A128CBC-HS256",
- "A192CBC-HS384",
- "A256CBC-HS512"
], - "request_object_signing_alg_values_supported": [
- "PS384",
- "ES384",
- "RS384",
- "HS256",
- "HS512",
- "ES256",
- "RS256",
- "HS384",
- "ES512",
- "PS256",
- "PS512",
- "RS512",
- "none"
], - "request_parameter_supported": true,
- "request_uri_parameter_supported": true,
- "require_pushed_authorization_requests": false,
- "require_request_uri_registration": true,
- "response_modes_supported": [
- "query",
- "fragment",
- "form_post",
- "query.jwt",
- "fragment.jwt",
- "form_post.jwt",
- "jwt"
], - "response_types_supported": [
- "code",
- "none",
- "id_token",
- "token",
- "id_token token",
- "code id_token",
- "code token",
- "code id_token token"
], - "revocation_endpoint_auth_methods_supported": [
- "private_key_jwt",
- "client_secret_basic",
- "client_secret_post",
- "tls_client_auth",
- "client_secret_jwt"
], - "revocation_endpoint_auth_signing_alg_values_supported": [
- "PS384",
- "ES384",
- "RS384",
- "HS256",
- "HS512",
- "ES256",
- "RS256",
- "HS384",
- "ES512",
- "PS256",
- "PS512",
- "RS512"
], - "scopes_supported": [
- "openid",
- "phone",
- "token-exchange",
- "profile",
- "microprofile-jwt",
- "address",
- "offline_access",
- "email",
- "roles",
- "token_exchange_scope",
- "web-origins"
], - "subject_types_supported": [
- "public",
- "pairwise"
], - "tls_client_certificate_bound_access_tokens": true,
- "token_endpoint_auth_methods_supported": [
- "private_key_jwt",
- "client_secret_basic",
- "client_secret_post",
- "tls_client_auth",
- "client_secret_jwt"
], - "token_endpoint_auth_signing_alg_values_supported": [
- "PS384",
- "ES384",
- "RS384",
- "HS256",
- "HS512",
- "ES256",
- "RS256",
- "HS384",
- "ES512",
- "PS256",
- "PS512",
- "RS512"
], - "userinfo_encryption_alg_values_supported": [
- "RSA-OAEP",
- "RSA-OAEP-256",
- "RSA1_5"
], - "userinfo_encryption_enc_values_supported": [
- "A256GCM",
- "A192GCM",
- "A128GCM",
- "A128CBC-HS256",
- "A192CBC-HS384",
- "A256CBC-HS512"
], - "userinfo_signing_alg_values_supported": [
- "PS384",
- "ES384",
- "RS384",
- "HS256",
- "HS512",
- "ES256",
- "RS256",
- "HS384",
- "ES512",
- "PS256",
- "PS512",
- "RS512",
- "none"
]
}
Create User
Create a user
Authorizations:
path Parameters
tenantId required | string Name of the Realm. |
Request Body schema: application/json
object Key-value pairs representing custom user attributes. i.e phonenumber | |
object Roles assigned to the user for client level actions. | |
Array of objects User credentials configuration. | |
string User's email address. | |
emailVerified | boolean Indicates whether the user's email has been verified. True = enabled & False = disabled. |
enabled | boolean Indicates if the user account is enabled. True = enabled & False = disabled. |
firstName | string User's first name. |
groups | Array of strings Names of user groups the user belongs to. |
lastName | string User's last name. |
username | string User's username. |
realmRoles | Array of strings Roles assigned to the user for realm level actions. |
requiredActions | Array of strings Actions required from the user to do. |
Responses
Request samples
- Payload
{- "attributes": {
- "attribute1": "bob"
}, - "clientRoles": {
- "realm-management": [
- "realm-admin",
- "view-users"
]
}, - "credentials": [
- {
- "temporary": false,
- "type": "password",
- "value": "Admin@123"
}
], - "email": "bob.go@gmail.com",
- "emailVerified": true,
- "enabled": true,
- "firstName": "bob",
- "groups": [
- "usergroup",
- "ks"
], - "lastName": "s",
- "username": "user",
- "realmRoles": [
- [
- "admin",
- "realm-management"
]
], - "requiredActions": [
- "VERIFY_EMAIL",
- "UPDATE_PASSWORD"
]
}
Response samples
- 200
- 400
- 401
- 409
{- "message": "User created successfully.",
- "status": "OK",
- "subSystem": 5
}
Update User
Update a user
Authorizations:
path Parameters
tenantId required | string Name of the Realm. |
userId required | string Name of the User. |
Request Body schema: application/json
object Key-value pairs representing custom user attributes. i.e phonenumber | |
object Roles assigned to a user for client level actions. | |
Array of objects User credentials configuration. | |
string User's email address. | |
emailVerified | boolean Indicates whether the user's email has been verified. True = enabled & False = disabled. |
enabled | boolean Indicates if the user account is enabled. True = enabled & False = disabled. |
firstName | string User's first name. |
groups | Array of strings Names of user groups the user belongs to. |
lastName | string User's last name. |
username | string User's username. |
realmRoles | Array of strings Roles assigned to the user for realm level actions. |
requiredActions | Array of strings Actions required from the user to do. |
Responses
Request samples
- Payload
{- "attributes": {
- "attribute1": "bob"
}, - "clientRoles": {
- "realm-management": [
- "realm-admin",
- "view-users"
]
}, - "credentials": [
- {
- "temporary": false,
- "type": "password",
- "value": "Admin@123"
}
], - "email": "bob.go@gmail.com",
- "emailVerified": true,
- "enabled": true,
- "firstName": "bob",
- "groups": [
- "usergroup",
- "ks"
], - "lastName": "s",
- "username": "user",
- "realmRoles": [
- [
- "admin",
- "realm-management"
]
], - "requiredActions": [
- "VERIFY_EMAIL",
- "UPDATE_PASSWORD"
]
}
Response samples
- 200
- 400
- 401
- 404
{- "message": "User updated successfully",
- "status": "OK",
- "subSystem": 5
}
Get User By UUID
The Get User with User's UUID API will return a list showing the user details.
Authorizations:
path Parameters
tenantId required | string Name of the Realm. |
id required | string UUID of the user. |
Responses
Response samples
- 200
- 401
{- "id": "5698e30c-7e33-44ee-9dce-3fa328831e66",
- "createdTimestamp": 1692020930000,
- "username": "idp_external_admin",
- "enabled": true,
- "emailVerified": false,
- "attributes": {
- "NEXT_PASSWORD_ENTRY_PASSWORD_IN": [
- "N/A"
], - "LAST_SUCCESSFUL_LOGIN_TIMESTAMP": [
- "1702981123541"
], - "NUMBER_OF_FAILED_ATTEMPTS": [
- "0"
]
}, - "disableableCredentialTypes": [
- "string"
], - "requiredActions": [
- "string"
], - "notBefore": 0,
- "access": {
- "manageGroupMembership": true,
- "view": true,
- "mapRoles": true,
- "impersonate": true,
- "manage": true
}
}
Update profile User
Use this API to update the user profile.
Authorizations:
path Parameters
tenantId required | string Name of the Realm. |
userId required | string Name of the User. |
Request Body schema: application/json
firstName | string User's first name. |
lastName | string User's last name. |
string User's email address. | |
object Key value pair containing the attributes you wanted to update. |
Responses
Request samples
- Payload
{- "firstName": "Foo",
- "lastName": "Bar",
- "email": "tom@bob.com",
- "attributes": {
- "attribute1": "value",
- "attribute2": "value2",
- "attribute3": "value3"
}
}
Response samples
- 200
- 400
- 401
- 404
{- "message": "User profile updated successfully.",
- "status": "OK",
- "subSystem": 5
}
Get Users Based On Client Role
The Get Users Based On Client Role API returns a list of users who have the specified client role.
Authorizations:
path Parameters
tenantId required | string Name of the Realm. |
clientid required | string Name of the client to search. |
assignedRole required | string Name of the assigned role to search. |
query Parameters
limit | string Example: limit=1 The maximum number of users to return. |
offset | string Example: offset=1 The number of users to skip before starting to collect the result set. |
isUserEnabled | string Example: isUserEnabled=true Determines whether the user account is active, with |
isEmailVerified | string Example: isEmailVerified=false Determines whether the user's email address has been verified. Defaults to false, indicates unverified. |
firstName | string Example: firstName=bob First name of the user to filter by. |
lastName | string Example: lastName=doe The last name of the user to filter by. |
string Example: email=accesstoken@gmail.com The email of the user to filter by. | |
username | string Example: username=accesstoken The username of the user to filter by. |
orderBy | string Example: orderBy=asc The order of the results, either ascending (asc) or descending (desc). |
orderByKey | string Example: orderByKey=username The field to order the results by, such as firstName, lastName, email, or username. |
genericSearchVal | string Example: genericSearchVal=bob It is a custom search key for first name, last name, email, or username, and if the search is empty, we will consider the firstname, lastname, email, and username parameters, else these four parameters will be ignored. |
Responses
Response samples
- 200
- 401
- 404
{- "message": "Users fetched successfully",
- "status": "OK",
- "subSystem": 5,
- "data": {
- "userList": [
- {
- "admin": false,
- "attributes": {
- "LAST_SUCCESSFUL_LOGIN_TIMESTAMP": [
- "1702967761737"
], - "NEXT_PASSWORD_ENTRY_PASSWORD_IN": [
- "N/A"
], - "NUMBER_OF_FAILED_ATTEMPTS": [
- "0"
], - "email": [
- "accesstoken@gmail.com"
], - "firstName": [
- "bob"
], - "lastName": [
- "doe"
]
}, - "createdTimestamp": 1702579160144,
- "email": "accesstoken@gmail.com",
- "emailVerified": false,
- "enabled": true,
- "firstName": "bob",
- "id": "94a9b57e-9225-444c-bbfc-1fdb27c4b88b",
- "lastName": "doe",
- "requiredActions": [
- "VERIFY_EMAIL",
- "UPDATE_PASSWORD"
], - "username": "accesstoken"
}
], - "page": {
- "currentPage": 1,
- "pageSize": 1,
- "totalPages": 2,
- "totalRecords": 2
}
}
}
Get Users Based On Role
The Get Users Based On Role API returns a list of users who have the specified role. The user's list will be ordered alphabetically according to the username.
Authorizations:
path Parameters
tenantId required | string Name of the Realm. |
role required | string Name of the assigned role to search. |
query Parameters
firstName | string Example: firstName=bob First name of the User. |
lastName | string Example: lastName=doe Last name of the User. |
string Example: email=accesstoken@gmail.com Email address of the user. | |
username | string Example: username=accesstoken Username of the user. |
orderBy | string Example: orderBy=desc The order of the results, either ascending (asc) or descending (desc). |
orderByKey | string Example: orderByKey=lastname The field to order the results by, such as firstName, lastName, email, or username. |
genericSearchVal | string Example: genericSearchVal=doe It is a custom search key for first name, last name, email, or username, and if the search is empty, we will consider the firstname, lastname, email, and username parameters, else these four parameters will be ignored. |
limit | string Example: limit=1 The maximum number of users to return. |
offset | string Example: offset=1 The number of users to skip before starting to collect the result set. |
isUserEnabled | string Example: isUserEnabled=true Determines whether the user account is active, with |
isEmailVerified | string Example: isEmailVerified=false Determines whether the user's email address has been verified. Defaults to false, indicates unverified. |
Responses
Response samples
- 200
- 401
- 404
{- "message": "Users fetched successfully",
- "status": "OK",
- "subSystem": 5,
- "data": {
- "userList": [
- {
- "admin": false,
- "attributes": {
- "LAST_SUCCESSFUL_LOGIN_TIMESTAMP": [
- "1702967761737"
], - "NEXT_PASSWORD_ENTRY_PASSWORD_IN": [
- "N/A"
], - "NUMBER_OF_FAILED_ATTEMPTS": [
- "0"
], - "email": [
- "accesstoken@gmail.com"
], - "firstName": [
- "bob"
], - "lastName": [
- "doe"
], - "username": [
- "accesstoken"
]
}, - "createdTimestamp": 1702579160144,
- "email": "accesstoken@gmail.com",
- "emailVerified": false,
- "enabled": true,
- "firstName": "bob",
- "id": "94a9b57e-9225-444c-bbfc-1fdb27c4b88b",
- "lastName": "doe",
- "requiredActions": [
- "VERIFY_EMAIL",
- "UPDATE_PASSWORD"
], - "username": "accesstoken"
}
], - "page": {
- "currentPage": 1,
- "pageSize": 20,
- "totalPages": 1,
- "totalRecords": 1
}
}
}
Get User Info
Use this API to get the user details.
Authorizations:
path Parameters
tenantId required | string Name of the Realm. |
userId required | string Username of the User. |
query Parameters
firstName | string Example: firstName=bob First name of the user. |
limit | string Example: limit=1 The maximum number of users to return. |
pageNumber | string Example: pageNumber=1 |
Responses
Response samples
- 200
- 400
- 401
- 404
{- "message": "User info fetched successfully",
- "status": "OK",
- "subSystem": 5,
- "data": {
- "admin": false,
- "attributes": {
- "LAST_SUCCESSFUL_LOGIN_TIMESTAMP": [
- "1702967761737"
], - "NEXT_PASSWORD_ENTRY_PASSWORD_IN": [
- "N/A"
], - "NUMBER_OF_FAILED_ATTEMPTS": [
- "0"
], - "firstName": [
- "bob"
], - "lastName": [
- "doe"
], - "username": [
- "bob"
]
}, - "createdTimestamp": 1702579160144,
- "email": "accesstoken@gmail.com",
- "emailVerified": false,
- "enabled": true,
- "firstName": "bob",
- "id": "94a9b57e-9225-444c-bbfc-1fdb27c4b88b",
- "lastName": "doe",
- "requiredActions": [
- "VERIFY_EMAIL",
- "UPDATE_PASSWORD"
], - "username": "bob"
}
}
Get User By User group
The Get User By User group API will filter and search User options based on provided search values.
Authorizations:
path Parameters
tenantId required | string Name of the Realm. |
groupID required | string Name of the group. |
query Parameters
limit | string Example: limit=1 The maximum number of users to return. |
string Example: email=1 Email address to get users | |
offset | string Example: offset=1 The number of users to skip before starting to collect the result set. |
from | string Example: from=1 Timestamp from which user is created |
to | string Example: to=1 Timestamp until which the user was created |
isUserEnabled | string Example: isUserEnabled=true Determines whether the user account is active, with |
orderBy | string Example: orderBy=desc The order of the results, either ascending (asc) or descending (desc). |
orderByKey | string Example: orderByKey=lastname The field to order the results by, such as firstName, lastName, email, or username. |
genericSearchVal | string Example: genericSearchVal=bob It is a custom search key for first name, last name, email, or username, and if the search is empty, we will consider the firstname, lastname, email, and username parameters, else these four parameters will be ignored. |
Responses
Response samples
- 200
- 401
- 404
{- "message": "Users fetched successfully",
- "status": "OK",
- "subSystem": 5,
- "data": {
- "userList": [
- {
- "admin": false,
- "attributes": {
- "email": [
- "bob.go@gmail.com"
], - "firstName": [
- "bob"
], - "lastName": [
- "doe"
], - "username": [
- "bob"
]
}, - "createdTimestamp": 1702579160144,
- "email": "bob.go@gmail.com",
- "emailVerified": false,
- "enabled": true,
- "firstName": "bob",
- "id": "94a9b57e-9225-444c-bbfc-1fdb27c4b88b",
- "lastName": "doe",
- "requiredActions": [
- "VERIFY_EMAIL",
- "UPDATE_PASSWORD"
], - "username": "bob"
}
], - "page": {
- "currentPage": 1,
- "pageSize": 20,
- "totalPages": 1,
- "totalRecords": 1
}
}
}
Get resend OTP Brute Force Status
The Get OTP Brute Force status api gets OTP Brute Force lock status of a user.
Authorizations:
path Parameters
tenantId required | string Name of the Realm. |
userId required | string Name of the User. |
Responses
Response samples
- 200
- 401
- 404
{- "message": "Resend OTP Brute force feature is currently disabled for tenant",
- "status": "OK",
- "subSystem": 5
}
Unlock User resend OTP Brute Force
The Unlock User OTP Brute Force api will unlock the user locked by the OTP Brute Force.
Authorizations:
path Parameters
tenantId required | string Name of the Realm. |
userId required | string Name of the User. |
Responses
Response samples
- 200
- 401
- 404
{- "message": "Resend OTP Brute force feature is currently disabled for tenant",
- "status": "OK",
- "subSystem": 5
}
Search User
An API to search users.
Authorizations:
path Parameters
tenantId required | string Name of the Realm. |
query Parameters
key | string Example: key=search_keyword It can be a search parameter and will search over username, firstname, lastname and email. |
Responses
Response samples
- 200
- 400
- 401
- 404
{- "message": "Users fetched successfully",
- "status": "OK",
- "subSystem": 5,
- "data": {
- "userList": [
- {
- "admin": false,
- "attributes": {
- "firstName": [
- "bob"
]
}, - "createdTimestamp": 1702579160144,
- "email": "accesstoken@gmail.com",
- "emailVerified": false,
- "enabled": true,
- "firstName": "bob",
- "id": "94a9b57e-9225-444c-bbfc-1fdb27c4b88b",
- "lastName": "doe",
- "requiredActions": [
- "VERIFY_EMAIL",
- "UPDATE_PASSWORD"
], - "username": "accesstoken"
}
], - "page": {
- "currentPage": 1,
- "pageSize": 20,
- "totalPages": 1,
- "totalRecords": 12
}
}
}
Search User By User Attribute
API to search and fetch the user list using user's attributes.
Authorizations:
path Parameters
tenantId required | string Name of the Realm. |
query Parameters
key required | string Example: key=phone_number Attribute name to search user. |
value required | string Example: value=1234567890 Attribute value to search user. |
Responses
Response samples
- 200
- 400
- 401
- 404
{- "message": "Users fetched successfully",
- "status": "OK",
- "subSystem": 5,
- "data": [
- {
- "admin": false,
- "attributes": {
- "LAST_SUCCESSFUL_LOGIN_TIMESTAMP": [
- "1702967761737"
], - "NEXT_PASSWORD_ENTRY_PASSWORD_IN": [
- "N/A"
], - "NUMBER_OF_FAILED_ATTEMPTS": [
- "0"
], - "email": [
- "accesstoken@gmail.com"
], - "firstName": [
- "bob"
], - "lastName": [
- "doe"
], - "username": [
- "accesstoken"
]
}, - "createdTimestamp": 1702579160144,
- "email": "accesstoken@gmail.com",
- "emailVerified": false,
- "enabled": true,
- "firstName": "bob",
- "id": "94a9b57e-9225-444c-bbfc-1fdb27c4b88b",
- "lastName": "doe",
- "requiredActions": [
- "VERIFY_EMAIL",
- "UPDATE_PASSWORD"
], - "username": "accesstoken"
}
]
}
Unlock All User resend OTP Brute Force
The Unlock all Users OTP Brute Force API will unlock all the users locked by the OTP Brute Force.
Authorizations:
path Parameters
tenantId required | string Name of the Realm. |
Responses
Response samples
- 200
- 401
{- "message": "Resend OTP Brute force feature is currently disabled for tenant",
- "status": "OK",
- "subSystem": 5
}
Disable User
This API is used to disable a user temporarily. Disabled users will not be allowed to login.
Authorizations:
path Parameters
tenantId required | string Name of the Realm. |
userId required | string Name of the User. |
Request Body schema: application/json
enabled | boolean If false, the user is disabled. |
Responses
Request samples
- Payload
{- "enabled": false
}
Response samples
- 200
- 400
- 401
- 404
{- "message": "User disabled successfully",
- "status": "OK",
- "subSystem": 5
}
Enable User
Use this API to enable the user.
Authorizations:
path Parameters
tenantId required | string Name of the Realm. |
userId required | string Name of the User. |
Request Body schema: application/json
enabled | boolean If true, the user is enabled. |
Responses
Request samples
- Payload
{- "enabled": true
}
Response samples
- 200
- 400
- 401
- 404
{- "message": "User enabled successfully",
- "status": "OK",
- "subSystem": 5
}
Promote User
Once promoted the user will have the 'digitanium_admin', 'admin' and 'realm-admin' role tagged and the corresponding role permissions.
Authorizations:
path Parameters
tenantId required | string Name of the Realm. |
userId required | string Name of the User. |
Responses
Response samples
- 200
- 400
- 401
- 404
{- "message": "User promoted successfully",
- "status": "OK",
- "subSystem": 5
}
Revoke Admin access
Deletes the digitanium_admin
, admin
and realm-admin
role permission for a particular user.
Authorizations:
path Parameters
tenantId required | string Name of the Realm. |
userId required | string Name of the User. |
Responses
Response samples
- 200
- 400
- 401
- 404
{- "message": "Admin access revoked successfully",
- "status": "OK",
- "subSystem": 5
}
User Tenant List
Returns the list of tenants for a particular user.
Authorizations:
path Parameters
tenantId required | string Name of the Realm. |
userId required | string Name of the User. |
Responses
Response samples
- 200
- 401
- 403
- 404
{- "message": "Tenant list fetched successfully",
- "status": "OK",
- "subSystem": 5,
- "data": "astqa"
}
Revoke Required Actions
Using this API, users required actions can be revoked.
Authorizations:
path Parameters
tenantId required | string Name of the Realm. |
userId required | string Name of the User. |
Request Body schema: application/json
requiredActions | Array of strings |
Responses
Request samples
- Payload
{- "requiredActions": [
- "update-password"
]
}
Response samples
- 200
- 400
- 401
- 404
{- "message": "User required actions revoked successfully",
- "status": "OK",
- "subSystem": 5
}
Revoke Roles
Using this API client and realm roles will be revoked from the user's.
Authorizations:
path Parameters
tenantId required | string Name of the Realm. |
userId required | string Name of the User. |
Request Body schema: application/json
object Roles assigned to a user for client level actions. | |
realmRoles | Array of strings Roles assigned to the user for realm level actions. |
Responses
Request samples
- Payload
{- "clientRoles": {
- "client_Name": [
- "client_role1",
- "client_role2",
- "client_role3",
- "client_role4"
]
}, - "realmRoles": [
- "realm_role1",
- "realm_role2"
]
}
Response samples
- 200
- 400
- 401
- 404
{- "message": "User roles revoked successfully",
- "status": "OK",
- "subSystem": 5
}
List Admin Users
List Admin Users API will return a list of admin users.
Authorizations:
path Parameters
tenantId required | string Name of the Realm. |
Responses
Response samples
- 200
- 400
- 401
- 403
{- "message": "Admin users fetched successfully",
- "status": "OK",
- "subSystem": 5,
- "data": [
- {
- "username": "1",
- "id": "31ad4937-4cf1-4e97-a6fe-440b9156d92a",
- "createdTimestamp": 1709533258078,
- "enabled": false,
- "emailVerified": false,
- "attributes": {
- "firstName": [
- "bob"
], - "lastName": [
- null
], - "email": [
- null
], - "username": [
- "1"
]
}, - "requiredActions": [
- "kobil-email-registration-required-action"
], - "admin": true
}
]
}
Get Credentials
Get Credentials API will get the credential details for the user.
Authorizations:
path Parameters
tenantId required | string Name of the Realm. |
userId required | string Name of the User. |
Responses
Response samples
- 200
- 401
- 404
[- {
- "id": "f5e75065-30a9-422b-a22b-8ba1fb1a9fb4",
- "type": "password",
- "createdDate": 1588881169980,
- "credentialData": "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}"
}
]
Add address
Add Address API will add the address for the requested user.
Authorizations:
path Parameters
tenantId required | string Name of the Realm. |
userId required | string Name of the Realm. |
Request Body schema: application/json
postalCode | string Define the postalCode of the given address. |
addressDetails | string Describes the default address details of the user. |
addressTitle | string Address title |
addressType | string Describes the address type |
city | string Describes the city name |
cityCode | string describes the city code |
defaultAddress | boolean Describes the default address name |
directions | string Directions of the address |
district | string Describe the user district name |
districtCode | string Describes the user district code |
firstName | string Describe the user firstname |
lastName | string last name of the user |
town | string Town name to be added |
townCode | string Describe the town code |
Responses
Request samples
- Payload
{- "postalCode": "654321",
- "addressDetails": "string",
- "addressTitle": "string",
- "addressType": "string",
- "city": "string",
- "cityCode": "string",
- "defaultAddress": true,
- "directions": "string",
- "district": "string",
- "districtCode": "string",
- "firstName": "string",
- "lastName": "string",
- "town": "string",
- "townCode": "string"
}
Response samples
- 200
- 400
- 401
- 404
{- "message": "Address added successfully",
- "status": "OK",
- "subSystem": 5
}
Get address
Get Address API will fetch the address of the requested user.
Authorizations:
path Parameters
tenantId required | string Name of the Realm. |
userId required | string Name of the User. |
Responses
Response samples
- 200
- 401
- 404
{- "message": "Address info fetched successfully",
- "status": "OK",
- "subSystem": 5,
- "data": [
- {
- "addressDetails": "addressDetails",
- "addressID": "4c30ff6c-72b8-42b2-bb7d-07e0a5bdb0fa",
- "addressTitle": "Home address",
- "addressType": "Home",
- "city": "scotland",
- "cityCode": "625531",
- "defaultAddress": "false",
- "direction": "",
- "district": "district",
- "districtCode": "123456",
- "firstName": "bob",
- "lastName": "doe",
- "postalCode": "123456",
- "town": "hometown",
- "townCode": "123456"
}
]
}
Edit Address
Edit Address API will update the address for the requested user.
Authorizations:
path Parameters
tenantId required | string Name of the Realm. |
userId required | string Name of the User. |
Request Body schema: application/json
addressID | string Define the addressID given for a particular address. |
lastName | string LastName of the user. |
addressType | string Define the type of the address. |
Responses
Request samples
- Payload
{- "addressID": "86765ce6-d551-40e7-b30c-a1edfe4a74bd",
- "lastName": "shaw",
- "addressType": "office"
}
Response samples
- 200
- 400
- 401
- 404
{- "message": "Address changed successfully.",
- "status": "OK",
- "subSystem": 5
}
Delete Address
Delete Address API will delete the address of the requested user.
Authorizations:
path Parameters
tenantId required | string Configure the Realm's name. |
userId required | string Configure the Admin UserId. |
Request Body schema: application/json
addressID | string Define the addressID given for a particular address. |
Responses
Request samples
- Payload
{- "addressID": "86765ce6-d551-40e7-b30c-a1edfe4a74bd"
}
Response samples
- 200
- 400
- 401
- 404
{- "message": "Address deleted successfully",
- "status": "OK",
- "subSystem": 5
}
Get Users
Get Users will return a list of user's, along with their details that match the given query parameters.
Authorizations:
path Parameters
tenantId required | string Name of the Realm. |
Responses
Response samples
- 200
- 400
- 401
- 404
{- "message": "Users fetched successfully",
- "status": "OK",
- "subSystem": 5,
- "data": {
- "userList": [
- {
- "admin": false,
- "attributes": {
- "email": [
- "accesstoken@gmail.com"
], - "firstName": [
- "bob"
], - "username": [
- "accesstoken"
]
}, - "createdTimestamp": 1702579160144,
- "email": "accesstoken@gmail.com",
- "emailVerified": false,
- "enabled": true,
- "firstName": "bob",
- "id": "94a9b57e-9225-444c-bbfc-1fdb27c4b88b",
- "lastName": "doe",
- "requiredActions": [
- "VERIFY_EMAIL",
- "UPDATE_PASSWORD"
], - "username": "bob"
}
], - "page": {
- "pageSize": 20,
- "totalRecords": 6,
- "totalPages": 1,
- "currentPage": 1
}
}
}
Add User to Groups
Use this API to add the users within a group.
Authorizations:
path Parameters
tenantId required | string Name of the Realm. |
userId required | string Name of the User. |
Request Body schema: application/json
groups | Array of objects Mention the list of groups where user need to be added. |
Responses
Request samples
- Payload
{- "groups": [
- "test"
]
}
Response samples
- 200
- 400
- 401
- 404
{- "message": "User group added successfully.",
- "status": "OK",
- "subSystem": 5
}
Delete User from Groups
User Group from Delete API is used to remove the users from the group.
Authorizations:
path Parameters
tenantId required | string Name of the Realm. |
userId required | string Name of the User. |
Request Body schema: application/json
groups | Array of objects Mention the groups where user need to be removed. |
Responses
Request samples
- Payload
{- "groups": [
- "test"
]
}
Response samples
- 200
- 400
- 401
- 404
{- "message": "User group removed successfully.",
- "status": "Success",
- "subSystem": 5
}
List Users
List users Api used to retrieve the user from the provided query parameters.
Authorizations:
path Parameters
tenantId required | string Example: main Name of the Realm. |
query Parameters
string Example: email=johndoe@gmail.com Email address of user. | |
firstName | string Example: firstName=John First name of user. |
lastName | string Example: lastName=doe Last name of user. |
first | number Example: first=300 The integer value for the first result (default in -1) |
username | string Example: username=johndoe@gmail.com Username of the user. |
briefRepresentation | boolean Example: briefRepresentation=true A boolean flag to return brief details of the user if true. |
exact | boolean Example: exact=true A boolean flag to perform the exact search on 'q' parameter. |
q | string Example: q=lastName:Doe Custom search query with the specific attribute and specific value to search. we can also perform the prefix search, infix search , exact search in it. |
groups | string Example: groups=ks-users, app-users Group names to filter the users that are the members of the groups. |
enabled | boolean Example: enabled=true A boolean indicating whether the user is enabled (true) or disabled (false). |
createdTimeEnd | string Example: createdTimeEnd=1710757836885 End created timestamp of the creation time range. Only records created before this time will be processed. |
search | string Example: search=Jo Search value for users where userId, username,email, firstName, or lastName starts with "Jo". we can also perform the prefix search, infix search , exact search |
includeRolesForClient | string Example: includeRolesForClient=9b783be7-ba9f-47w8-9020-a6f64d7034a7 The ID which maps the roles for the client |
filterForRole | string Example: filterForRole=8a06d3ff-ff6c-413f-a6d9-2cbcec09cf34 Role ID which specifies the role to filter for. |
createdTimeStart | string Example: createdTimeStart=1710757836882 Start created timestamp of the creation time range. Only records created on or after this time will be processed. |
idpAlias | string Example: idpAlias=google The alias name that represents the identity provider used to get the user from the identity provider. |
idpUserId | string Example: idpUserId=8a06d3ff-ff6c-411f-a6d9-2cbcec09cf34 The user id in the IDP. |
emailVerified | string Example: emailVerified=true A boolean indicating whether the email is verified (true) or not (false) |
sort | string Example: sort=username:asc to sort list of user. |
max | number Example: max=300 The maximum results to be displayed. |
Responses
Response samples
- 200
- 401
[- {
- "id": "15152280-ce2c-4813-82fc-656050b2c585",
- "createdTimestamp": 1717059652045,
- "username": "johndoe@gmail.com",
- "enabled": true,
- "totp": false,
- "emailVerified": true,
- "email": "johndoe@gmail.com",
- "disableableCredentialTypes": [ ],
- "requiredActions": [
- "UPDATE_PASSWORD"
], - "notBefore": 0,
- "access": {
- "manageGroupMembership": true,
- "view": true,
- "mapRoles": true,
- "impersonate": true,
- "manage": true
}
}
]
Get User Count
Get User count API used to retrieve count of the user by provided query parameters.
Authorizations:
path Parameters
tenantId required | string Name of the Realm. |
query Parameters
string Example: email=johndoe@gmail.com Email address of user. | |
firstName | string Example: firstName=John First name of user. |
lastName | string Example: lastName=doe Last name of user. |
search | string Example: search=Jo Search value for users where userId, username,email, firstName, or lastName starts with "Jo". we can also perform the prefix search, infix search , exact search |
emailVerified | boolean Example: emailVerified=true A boolean indicating whether the email is verified (true) or not (false) |
filterForRole | string Example: filterForRole=8a06d3ff-df6c-411f-a6d0-2cbcec09cf34 Role ID which specifies the role to filter for. |
username | string Example: username=John Username of the user. |
enabled | boolean Example: enabled=true A boolean indicating whether the user is enabled (true) or disabled (false). |
q | string Example: q=lastName:Doe Custom search query with the specific attribute and specific value to search. we can also perform the prefix search, infix search , exact search in it. |
createdTimeStart | string Example: createdTimeStart=1710757836882 Start created timestamp of the creation time range. Only records created on or after this time will be processed. |
createdTimeEnd | string Example: createdTimeEnd=1710757836885 End created timestamp of the creation time range. Only records created before this time will be processed. |
groups | string Example: groups=ks-users, app-users Group names to filter the users that are the members of the groups. |
Responses
Response samples
- 200
- 401
1
Send Email
Email will be sent to the user's based on the template which is specified in the mailtype.
Authorizations:
path Parameters
tenantId required | string Configure the Realm's name. |
userId required | string Configure the Realm's name. |
Request Body schema: application/json
mailType | string Specify the mail type for template. Value should be "WELCOME" |
iosLink | string Specify the iOS link. |
androidLink | string Specify Android link. |
portalUrl | string Specify the Portal access URL. |
Responses
Request samples
- Payload
{- "mailType": "FORGOT_PASSWORD",
- "appName": "account",
- "supportEmail": "xxxsupport@xxx.com"
}
Response samples
- 200
- 400
- 401
- 404
{- "message": "Email already verified",
- "status": "OK",
- "subSystem": 5
}
SMTP Configuration
SMTP Configuration API used configure the email configurations.
Authorizations:
path Parameters
tenantId required | string Configure the Realm's name. |
Request Body schema: application/json
envelopeFrom | string An email address used for bounces. |
from | string Enter from mailId. |
fromDisplayName | string A user friendly display name for from address. |
host | string Enter valid host(Eg.smtp.gamil.com). |
password | string Password corresponding to from mail address. |
port | string Enter valid port number. |
replyTo | string Mail to which reply needs to be sent. |
replyToDisplayName | string A user friendly display name for from address. |
ssl | string Enable SSL. |
starttls | string enable TLS. |
user | string From mail address. |
Responses
Request samples
- Payload
{- "envelopeFrom": null,
- "from": "test@test.com",
- "fromDisplayName": "Identity Dashboard",
- "host": "mail.gmail.com",
- "password": "secret",
- "port": "587",
- "replyTo": "test@test.com",
- "replyToDisplayName": "Support",
- "ssl": "true",
- "starttls": "true",
- "user": "admin.test"
}
Response samples
- 200
- 400
- 401
{- "message": "Successfully updated SMTP Details.",
- "status": "OK",
- "subSystem": 1
}
Test SMTP Configuration
The Test SMTP Configuration API is utilized to verify the email settings that have been configured.
Authorizations:
path Parameters
tenantid required | string Configure the tenant name, |
Request Body schema: application/json
mailType | string Describe the mail type as TEST |
Responses
Request samples
- Payload
{- "mailType": "TEST"
}
Response samples
- 200
- 400
- 401
{- "message": "Mail Sent Successfully to the user",
- "status": "OK",
- "subSystem": 5
}
UMA App
Use this API to create client with all authorization scopes in the realm.
Authorizations:
path Parameters
tenantId required | string Configure the Realm's name. |
query Parameters
adminuser required | string Configure the Admin user name. |
adminpassword required | string Configure the Admin Password. |
migrate required | boolean Configure the boolean values as true or false.If set to true the respective UMA roles will be assigned to all the existing users. |
Responses
Response samples
- 200
- 400
- 401
- 409
{- "message": "Created app and migrated users successfully.",
- "status": "OK",
- "subSystem": 2
}
List all apps
List all apps API will return the list of apps that are created through the Create App.
Authorizations:
path Parameters
tenantId required | string Configure the Realm's name. |
Responses
Response samples
- 200
- 401
- 404
{- "message": "App info fetched successfully",
- "status": "OK",
- "subSystem": 2,
- "data": [
- {
- "appName": "appname1",
- "id": "9a9e38c6-2548-4a45-bd77-ca29a40e34db",
- "name": "clientname",
- "enabled": true,
- "appAuthenticatorType": null,
- "bearerOnly": true,
- "consentRequired": true,
- "standardFlowEnabled": true,
- "implicitFlowEnabled": true,
- "directAccessGrantsEnabled": true,
- "serviceAccountsEnabled": true,
- "publicApp": true,
- "authenticationFlowBindingOverrides": { },
- "attributes": {
- "backchannel.logout.session.required": true,
- "backchannel.logout.revoke.offline.tokens": false
}, - "webOrigins": [
- "/*"
], - "baseUrl": null,
- "rootUrl": null,
- "defaultRoles": [
- "view-profile manage-account uma_authorization"
], - "description": null,
- "frontchannelLogout": true,
- "fullScopeAllowed": true,
- "nodeReRegistrationTimeout": -1,
- "notBefore": 0,
- "protocol": "openid-connect",
- "protocolMappers": [
- {
- "id": "506d3b5d-b3b7-4fdf-ac15-1fdffb9a6dba",
- "name": "Client Host",
- "protocol": "openid-connect",
- "protocolMapper": "oidc-usersessionmodel-note-mapper",
- "config": {
- "user.session.note": "clientHost",
- "introspection.token.claim": true,
- "id.token.claim": true,
- "access.token.claim": true,
- "claim.name": "clientHost",
- "jsonType.label": "String"
}
}
], - "redirectUris": [
- "/*"
], - "registeredNodes": { },
- "surrogateAuthRequired": true
}
]
}
Update App
Use Update App API, to update the app through IDP, which has already been created using Create App.
Authorizations:
path Parameters
tenantId required | string Configure the Realm's name. |
Request Body schema: application/json
appName | string Configure the app (client name) to update |
implicitFlowEnabled | boolean Configure the boolean value as true or false to enable or disable the implicit flow for this client. |
object Configure a authenticationFlowBindingOverrides Map as (string,string) to client for customizing of authentication flows. | |
name | string Display name of the client. |
Responses
Request samples
- Payload
{- "appName": "asd",
- "implicitFlowEnabled": true,
- "authenticationFlowBindingOverrides": {
- "browser": ""
}, - "name": "new-app1"
}
Response samples
- 200
- 400
- 401
- 404
- 500
{- "message": "App updated successfully.",
- "status": "OK",
- "subSystem": 2
}
Create App
Apps are entities that can request IDP to authenticate a user. It also use IDP to encrypt themselves and provide a single sign-on solution which can securely invoke other services over the network.
Authorizations:
path Parameters
tenantId required | string Configure the Realm's name. |
Request Body schema: application/json
appName | string The name of the app to be created. |
name | string Display name of the client. |
description | string The description of the app to be created |
rootUrl | string Root url is the entire url including slash. |
adminUrl | string Url's to the client's admin interface. |
baseUrl | string Root address for your website |
object Customized attribute in form of the key value pair | |
surrogateAuthRequired | boolean Configure boolean value to whether it is required to substitute auth or not. |
enabled | boolean Describes whether the client is active or not. |
appAuthenticatorType | string Type of the authentication method applied to an client application. |
registrationAccessToken | string A security token used by clients for dynamic client registration operations. |
defaultRoles | string <nullable> Specifies the roles that are automatically assigned to a user when they are authenticated against this client |
redirectUris | string <nullable> Specifies the URIs to which Keycloak should redirect after successful authentication or authorization processes. |
implicitFlowEnabled | boolean Boolean attribute for a client determines whether the client is allowed to use the implicit flow for OpenID Connect. |
directAccessGrantsEnabled | boolean Boolean attribute for a client determines whether the client is allowed to use the Direct Access Grant flow (also known as the Resource Owner Password Credentials Grant) of OAuth 2.0. |
Responses
Request samples
- Payload
{- "appName": "appname1",
- "name": "new-app",
- "description": null,
- "adminUrl": null,
- "surrogateAuthRequired": true,
- "enabled": true,
- "appAuthenticatorType": null,
- "registrationAccessToken": null,
- "defaultRoles": "string",
- "redirectUris": "string",
- "implicitFlowEnabled": true,
- "directAccessGrantsEnabled": true
}
Response samples
- 200
- 400
- 401
- 409
- 500
{- "message": "App created successfully",
- "status": "OK",
- "subSystem": 2
}
Get App Info
Get App Info API will return the app info that match the given parameters.
Authorizations:
path Parameters
tenantId required | string Configure the Realm's name. |
clientId required | string Configure the App name. |
Responses
Response samples
- 200
- 401
- 404
- 500
{- "message": "App info fetched successfully",
- "status": "OK",
- "subSystem": 2,
- "data": {
- "appName": "appname1",
- "id": "9a9e38c6-2548-4a45-bd77-ca29a40e34db",
- "name": "newapp",
- "enabled": true,
- "appAuthenticatorType": null,
- "bearerOnly": true,
- "consentRequired": false,
- "standardFlowEnabled": true,
- "implicitFlowEnabled": true,
- "directAccessGrantsEnabled": true,
- "serviceAccountsEnabled": true,
- "publicApp": true,
- "authenticationFlowBindingOverrides": { },
- "attributes": {
- "backchannel.logout.session.required": true,
- "backchannel.logout.revoke.offline.tokens": false
}, - "webOrigins": [
- "/*"
], - "baseUrl": null,
- "rootUrl": null,
- "defaultRoles": [
- "view-profile manage-account uma_authorization"
], - "description": "string",
- "frontchannelLogout": true,
- "fullScopeAllowed": true,
- "nodeReRegistrationTimeout": -1,
- "notBefore": 0,
- "protocol": "openid-connect",
- "protocolMappers": [
- {
- "id": "506d3b5d-b3b7-4fdf-ac15-1fdffb9a6dba",
- "name": "Client Host",
- "protocol": "openid-connect",
- "protocolMapper": "oidc-usersessionmodel-note-mapper",
- "config": {
- "user.session.note": "clientHost",
- "introspection.token.claim": true,
- "id.token.claim": true,
- "access.token.claim": true,
- "claim.name": "clientHost",
- "jsonType.label": "String"
}
}
], - "redirectUris": [
- "/*"
], - "registeredNodes": { },
- "surrogateAuthRequired": true
}
}
Delete App
This API is used to delete an app.
Authorizations:
path Parameters
tenantId required | string Configure the Realm's name. |
clientId required | string Configure the App name. |
Responses
Response samples
- 200
- 401
- 404
- 500
{- "message": "App deleted successfully",
- "status": "OK",
- "subSystem": 2
}
Get App Credentials
Get App Credentials API will return the client secret for the specified client..
Authorizations:
path Parameters
tenantId required | string Configure the Realm's name. |
clientId required | string Configure the Client ID. |
Responses
Response samples
- 200
- 401
- 404
- 500
{- "message": "App credential fetched successfully",
- "status": "OK",
- "subSystem": 5,
- "data": "77581f16-2887-4d60-9346-0f3b6693063a"
}
Regenerate App Credential
Regenerate App Credential API will return the data that match the given parameters.
Authorizations:
path Parameters
tenantId required | string Configure the Realm's name. |
clientId required | string Configure the Client ID. |
Responses
Response samples
- 200
- 400
- 401
- 404
- 500
{- "message": "App credential regenerated successfully",
- "status": "OK",
- "subSystem": 2,
- "data": "67e3127b-b173-4780-8033-1fecfd35d397"
}
Send Magic Link
This API is used to Authenticate user through email via link.
Authorizations:
path Parameters
tenantId required | string Configure the Realm's name. |
Request Body schema: application/json
clientId | string Specifies the Client ID |
string Configure the email through which magic link will be sent. | |
forceCreate | boolean Create user with the email when user doesn't exist. |
redirectUri | string Specify the URI, where user needs to land after completing the process. |
resetPassword | boolean reset password option is enabled while clicking the Magic link. |
responseMode | string Configure the type how the Authorization Server should return the result. |
responseType | string Configure the type of response that has to be received on execution. |
scope | string The scope requested for the token. |
Responses
Request samples
- Payload
{- "clientId": "clientname",
- "email": "abc@gmail.com",
- "forceCreate": true,
- "resetPassword": true,
- "responseMode": "form_post",
- "responseType": "code token",
- "scope": "open_id"
}
Response samples
- 200
- 400
- 401
- 404
- 500
{- "message": "Mail was sent successfully to provided email id with magic link",
- "status": "OK",
- "subSystem": 5
}
List Tenants
Use this API to return the list of tenants along with their details.
Authorizations:
path Parameters
tenantId required | string Configure the Realm's name. |
Responses
Response samples
- 200
- 401
- 500
{- "message": "Tenant list fetched successfully",
- "status": "OK",
- "subSystem": 1,
- "data": [
- {
- "name": "realmname",
- "type": "AST",
- "enabled": true,
- "rememberMe": true,
- "resetPassword": true,
- "registrationAllowed": true,
- "adminUsername": 123,
- "userCount": 3,
- "realmCreationStatus": "BLOCKED"
}
]
}
Create tenant
Access this API to create a new tenant.
Authorizations:
path Parameters
tenantId required | string Configure the Realm's name. |
Request Body schema: application/json
realm | string Configure the realm name |
enabled | boolean Indicates whether the realm is active or not |
loginTheme | string Configure the login theme |
accountTheme | string Configure the account theme for the realm |
adminTheme | string Configure the admin theme |
emailTheme | string Configure the email theme for the realm |
adminUsername | string Specifies the admin user name for the tenant. |
adminEmail | string Specifies the admin user's email. |
adminPassword | string Specifies the admin user's password. |
adminFirstName | string Specifies the admin's first name. |
adminLastName | string Specifies the admin's last name. |
bruteForceProtected | boolean A boolean field that specifies if the brute force attack detection and protection is enabled for the realm. |
actionTokenGeneratedByAdminLifespan | number This field represents the duration (in seconds) that action tokens generated by administrators will remain valid. |
object A map of custom settings specific to the realm. These settings can be used to configure various aspects of the realm's behavior. | |
Array of objects A list of required actions that users must complete. |
Responses
Request samples
- Payload
{- "realm": "realmname",
- "enabled": true,
- "loginTheme": "kobilv2",
- "accountTheme": "kobilv2",
- "adminTheme": "kobilv2",
- "emailTheme": "kobilv2",
- "adminUsername": "admin",
- "adminEmail": "user123@gmail.com",
- "adminPassword": "Admin@123",
- "adminFirstName": null,
- "adminLastName": null,
- "bruteForceProtected": true,
- "actionTokenGeneratedByAdminLifespan": 86400,
- "settings": {
- "UserProperty": "id"
}, - "requiredActions": [
- {
- "alias": "kobil-reg-status-required-action",
- "name": "KOBIL Registration Status Verification",
- "providerId": "kobil-reg-status-required-action",
- "enabled": true,
- "priority": 1001
}
]
}
Response samples
- 200
- 401
- 409
- 500
{- "message": "Tenant created successfully",
- "status": "OK",
- "subSystem": 1,
- "data": {
- "tenantName": "realmname",
- "emailId": "user123@gmail.com",
- "tenantUrl": "master.idp.local",
- "appId": "digitanium-app",
- "appSecret": "6ac9becb-1f68-4358-907f-9bb36d6d103c"
}
}
Get Tenant Info
Get Tenant Info API is used to get the details about the tenant.
Authorizations:
path Parameters
realmId required | string Configure the Realm's name. |
tenantId required | string Configure the Realm's name. |
Responses
Response samples
- 200
- 401
- 404
{- "message": "Tenant info fetched successfully",
- "status": "OK",
- "subSystem": 1,
- "data": {
- "id": "093a8134-12aa-40b7-a164-fa808ccbf84e",
- "realm": "realmname",
- "notBefore": 0,
- "defaultSignatureAlgorithm": "RS256",
- "revokeRefreshToken": true,
- "refreshTokenMaxReuse": 0,
- "accessTokenLifespan": 1800,
- "accessTokenLifespanForImplicitFlow": 900,
- "ssoSessionIdleTimeout": 1800,
- "ssoSessionMaxLifespan": 36000,
- "ssoSessionIdleTimeoutRememberMe": 0,
- "ssoSessionMaxLifespanRememberMe": 0,
- "offlineSessionIdleTimeout": 2592000,
- "offlineSessionMaxLifespanEnabled": true,
- "offlineSessionMaxLifespan": 5184000,
- "clientSessionIdleTimeout": 0,
- "clientSessionMaxLifespan": 0,
- "clientOfflineSessionIdleTimeout": 0,
- "clientOfflineSessionMaxLifespan": 0,
- "accessCodeLifespan": 60,
- "accessCodeLifespanUserAction": 300,
- "accessCodeLifespanLogin": 1800,
- "actionTokenGeneratedByAdminLifespan": 43200,
- "actionTokenGeneratedByUserLifespan": 300,
- "oauth2DeviceCodeLifespan": 600,
- "oauth2DevicePollingInterval": 5,
- "enabled": true,
- "sslRequired": "external",
- "registrationAllowed": true,
- "registrationEmailAsUsername": true,
- "rememberMe": true,
- "verifyEmail": false,
- "loginWithEmailAllowed": true,
- "duplicateEmailsAllowed": true,
- "resetPasswordAllowed": true,
- "editUsernameAllowed": true,
- "bruteForceProtected": true,
- "permanentLockout": true,
- "maxFailureWaitSeconds": 900,
- "minimumQuickLoginWaitSeconds": 60,
- "waitIncrementSeconds": 60,
- "quickLoginCheckMilliSeconds": 1000,
- "maxDeltaTimeSeconds": 43200,
- "failureFactor": 30,
- "defaultRole": {
- "id": "e4a5735b-0677-48a1-bf5c-8aa30aa1846a",
- "name": "default-roles-test",
- "description": "$role_default-roles",
- "composite": true,
- "clientRole": true,
- "containerId": "093a8134-12aa-40b7-a164-fa808ccbf84e"
}, - "requiredCredentials": [
- "password"
], - "otpPolicyType": "totp",
- "otpPolicyAlgorithm": "HmacSHA1",
- "otpPolicyInitialCounter": 0,
- "otpPolicyDigits": 6,
- "otpPolicyLookAheadWindow": 1,
- "otpPolicyPeriod": 30,
- "webAuthnPolicyRpEntityName": "keycloak",
- "webAuthnPolicySignatureAlgorithms": [
- "ES256"
], - "webAuthnPolicyRpId": null,
- "webAuthnPolicyAttestationConveyancePreference": "not specified",
- "webAuthnPolicyAuthenticatorAttachment": "not specified",
- "webAuthnPolicyRequireResidentKey": "not specified",
- "webAuthnPolicyUserVerificationRequirement": "not specified",
- "webAuthnPolicyCreateTimeout": 0,
- "webAuthnPolicyAvoidSameAuthenticatorRegister": true,
- "webAuthnPolicyAcceptableAaguids": [ ],
- "webAuthnPolicyPasswordlessRpEntityName": "keycloak",
- "webAuthnPolicyPasswordlessSignatureAlgorithms": [
- "ES256"
], - "webAuthnPolicyPasswordlessRpId": null,
- "webAuthnPolicyPasswordlessAttestationConveyancePreference": "not specified",
- "webAuthnPolicyPasswordlessAuthenticatorAttachment": "not specified",
- "webAuthnPolicyPasswordlessRequireResidentKey": "not specified",
- "webAuthnPolicyPasswordlessUserVerificationRequirement": "not specified",
- "webAuthnPolicyPasswordlessCreateTimeout": 0,
- "webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister": true,
- "webAuthnPolicyPasswordlessAcceptableAaguids": [ ],
- "browserSecurityHeaders": {
- "contentSecurityPolicyReportOnly": null,
- "xContentTypeOptions": "nosniff",
- "referrerPolicy": "no-referrer",
- "xRobotsTag": "none",
- "xFrameOptions": "SAMEORIGIN",
- "contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';",
- "xXSSProtection": "1; mode=block",
- "strictTransportSecurity": "max-age=31536000; includeSubDomains"
}, - "smtpServer": {
- "replyToDisplayName": "Support",
- "starttls": true,
- "auth": true,
- "envelopeFrom": null,
- "ssl": false,
- "password": "AEV+d3P.n9Wr-aR",
- "port": 587,
- "host": "mail2.kobil.com",
- "replyTo": "admin@midentitybox.com",
- "from": "admin@midentitybox.com",
- "fromDisplayName": "mIDentity Dashboard",
- "user": "admin.midentitybox"
}, - "eventsEnabled": true,
- "eventsListeners": [
- "SEND_RESET_PASSWORD UPDATE_CONSENT_ERROR CUSTOM_REQUIRED_ACTION OAUTH2_DEVICE_CODE_TO_TOKEN_ERROR USER_DISABLED_BY_PERMANENT_LOCKOUT IDENTITY_PROVIDER_LINK_ACCOUNT_ERROR CLIENT_INITIATED_ACCOUNT_LINKING_ERROR"
], - "adminEventsEnabled": true,
- "adminEventsDetailsEnabled": true,
- "identityProviders": [ ],
- "identityProviderMappers": [ ],
- "internationalizationEnabled": true,
- "supportedLocales": [ ],
- "requiredActions": [
- {
- "alias": "CONFIGURE_TOTP",
- "name": "Configure OTP",
- "providerId": "CONFIGURE_TOTP",
- "enabled": true,
- "defaultAction": true,
- "priority": 10,
- "config": { }
}
], - "browserFlow": "browser",
- "registrationFlow": "registration",
- "directGrantFlow": "direct grant",
- "resetCredentialsFlow": "reset credentials",
- "clientAuthenticationFlow": "clients",
- "dockerAuthenticationFlow": "docker auth",
- "attributes": {
- "cibaBackchannelTokenDeliveryMode": "poll",
- "cibaAuthRequestedUserHint": "login_hint",
- "oauth2DevicePollingInterval": 5,
- "clientOfflineSessionMaxLifespan": 0,
- "clientSessionIdleTimeout": 0,
- "actionTokenGeneratedByUserLifespan-execute-actions": null,
- "actionTokenGeneratedByUserLifespan-verify-email": null,
- "clientOfflineSessionIdleTimeout": 0,
- "actionTokenGeneratedByUserLifespan-reset-credentials": null,
- "otpMaxDeltaTimeSeconds": 0,
- "realmReusableOtpCode": false,
- "cibaInterval": 5,
- "cibaExpiresIn": 120,
- "oauth2DeviceCodeLifespan": 600,
- "actionTokenGeneratedByUserLifespan-idp-verify-account-via-email": null,
- "otpFailureFactor": 1,
- "otpWaitIncrementSeconds": 0,
- "clientSessionMaxLifespan": 0,
- "parRequestUriLifespan": 60,
- "adminEventsExpiration": null,
- "shortVerificationUri": null,
- "otpBruteForceProtected": true
}, - "userManagedAccessAllowed": true,
- "enableMtan": true,
- "adminEmailVerified": true,
- "adminStatus": true,
- "settings": {
- "webAuthnPolicyAttestationConveyancePreferencePasswordless": "not specified",
- "webAuthnPolicyRequireResidentKeyPasswordless": "not specified",
- "webAuthnPolicyAuthenticatorAttachmentPasswordless": "not specified",
- "actionTokenGeneratedByUserLifespan": 300,
- "webAuthnPolicySignatureAlgorithms": "ES256",
- "webAuthnPolicyRpEntityNamePasswordless": "keycloak",
- "offlineSessionMaxLifespan": 5184000,
- "_browser_header.contentSecurityPolicyReportOnly": null,
- "_browser_header.contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';",
- "webAuthnPolicyUserVerificationRequirement": "not specified",
- "quickLoginCheckMilliSeconds": 1000,
- "webAuthnPolicyCreateTimeout": 0,
- "minimumQuickLoginWaitSeconds": 60,
- "defaultSignatureAlgorithm": "RS256",
- "webAuthnPolicyUserVerificationRequirementPasswordless": "not specified",
- "_browser_header.xContentTypeOptions": "nosniff",
- "waitIncrementSeconds": 60,
- "offlineSessionMaxLifespanEnabled": false,
- "client-policies.profiles": "profiles:[]",
- "webAuthnPolicyAuthenticatorAttachment": "not specified",
- "_browser_header.xRobotsTag": "none",
- "webAuthnPolicySignatureAlgorithmsPasswordless": "ES256",
- "webAuthnPolicyRpEntityName": "keycloak",
- "webAuthnPolicyAvoidSameAuthenticatorRegisterPasswordless": false,
- "failureFactor": 30,
- "maxDeltaTimeSeconds": 43200,
- "bruteForceProtected": false,
- "webAuthnPolicyRpIdPasswordless": null,
- "_browser_header.xXSSProtection": "1; mode=block",
- "_browser_header.xFrameOptions": "SAMEORIGIN",
- "_browser_header.strictTransportSecurity": "max-age=31536000; includeSubDomains",
- "permanentLockout": false,
- "webAuthnPolicyRequireResidentKey": "not specified",
- "webAuthnPolicyRpId": null,
- "webAuthnPolicyAttestationConveyancePreference": "not specified",
- "_browser_header.referrerPolicy": "no-referrer",
- "maxFailureWaitSeconds": 900,
- "webAuthnPolicyCreateTimeoutPasswordless": 0,
- "webAuthnPolicyAvoidSameAuthenticatorRegister": false,
- "client-policies.policies": "policies:[]",
- "actionTokenGeneratedByAdminLifespan": 43200
}, - "userCount": 3,
- "realmCreationStatus": "BLOCKED",
- "disabledComponents": null,
- "adminUserCreatedTimestamp": 0,
- "adminUserEnabled": true,
- "clientProfiles": {
- "profiles": [ ]
}, - "clientPolicies": {
- "policies": [ ]
}
}
}
Update Tenant
Use this API to update a tenant.
Authorizations:
path Parameters
realmId required | string Configure the Realm's name. |
tenantId required | string Configure the Realm's name. |
Request Body schema: application/json
enabled | boolean Indicates whether the realm is enabled or not. |
loginTheme | string The theme used for the login pages. |
accountTheme | string The theme used for the account management pages. |
adminTheme | string Specifies the theme to be used for the admin console interface. |
emailTheme | string Specifies the theme to be used for the emails sent from this realm. |
adminUsername | string Specifies the admin user name for the tenant. |
adminEmail | string Specifies the admin user's email. |
adminPassword | string Specifies the admin user's password. |
adminFirstName | string Specifies the admin's first name. |
adminLastName | string Specifies the admin's last name. |
bruteForceProtected | boolean Indicates whether brute force protection is enabled for the realm. |
actionTokenGeneratedByAdminLifespan | number The lifespan in seconds for action tokens generated by an admin. |
object Custom settings specific to the realm. | |
Array of objects A list of required actions for users in the realm. |
Responses
Request samples
- Payload
{- "enabled": true,
- "loginTheme": "kobilv2",
- "accountTheme": "kobilv2",
- "adminTheme": "kobilv2",
- "emailTheme": "kobilv2",
- "adminUsername": "admin",
- "adminEmail": "user123@gmail.com",
- "adminPassword": "Admin@123",
- "adminFirstName": null,
- "adminLastName": null,
- "bruteForceProtected": true,
- "actionTokenGeneratedByAdminLifespan": 86400,
- "settings": {
- "UserProperty": "id"
}, - "requiredActions": [
- {
- "alias": "kobil-reg-status-required-action",
- "name": "KOBIL Registration Status Verification",
- "providerId": "kobil-reg-status-required-action",
- "enabled": true,
- "priority": 1001
}
]
}
Response samples
- 200
- 400
- 401
{- "message": "Tenant updated successfully",
- "status": "OK",
- "subSystem": 1
}
Get Tenant Settings
Using this API, we can fetch the details about the tenant settings.
Authorizations:
path Parameters
tenantId required | string Configure the Realm's name. |
Responses
Response samples
- 200
- 401
- 404
{- "message": "Tenant setting(s) fetched successfully",
- "status": "OK",
- "subSystem": 1,
- "data": {
- "cibaBackchannelTokenDeliveryMode": "poll",
- "webAuthnPolicyAttestationConveyancePreferencePasswordless": "not specified",
- "webAuthnPolicyRequireResidentKeyPasswordless": "not specified",
- "clientOfflineSessionIdleTimeout": 0,
- "cibaExpiresIn": 120,
- "webAuthnPolicyAuthenticatorAttachmentPasswordless": "not specified",
- "actionTokenGeneratedByUserLifespan": 300,
- "actionTokenGeneratedByUserLifespan-idp-verify-account-via-email": null,
- "webAuthnPolicySignatureAlgorithms": "ES256",
- "webAuthnPolicyRpEntityNamePasswordless": "keycloak",
- "offlineSessionMaxLifespan": 5184000,
- "shortVerificationUri": null,
- "_browser_header.contentSecurityPolicyReportOnly": null,
- "_browser_header.contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';",
- "cibaAuthRequestedUserHint": "login_hint",
- "webAuthnPolicyUserVerificationRequirement": "not specified",
- "clientSessionIdleTimeout": 0,
- "quickLoginCheckMilliSeconds": 1000,
- "webAuthnPolicyCreateTimeout": 0,
- "actionTokenGeneratedByUserLifespan-reset-credentials": null,
- "minimumQuickLoginWaitSeconds": 60,
- "realmReusableOtpCode": false,
- "defaultSignatureAlgorithm": "RS256",
- "webAuthnPolicyUserVerificationRequirementPasswordless": "not specified",
- "clientSessionMaxLifespan": 0,
- "_browser_header.xContentTypeOptions": "nosniff",
- "waitIncrementSeconds": 60,
- "offlineSessionMaxLifespanEnabled": false,
- "client-policies.profiles": "profiles:[]",
- "actionTokenGeneratedByUserLifespan-execute-actions": null,
- "actionTokenGeneratedByUserLifespan-verify-email": null,
- "displayName": "Keycloak",
- "webAuthnPolicyAuthenticatorAttachment": "not specified",
- "_browser_header.xRobotsTag": "none",
- "webAuthnPolicySignatureAlgorithmsPasswordless": "ES256",
- "displayNameHtml": "<div class=kc-logo-text><span>Keycloak</span></div>",
- "webAuthnPolicyRpEntityName": "keycloak",
- "webAuthnPolicyAvoidSameAuthenticatorRegisterPasswordless": false,
- "failureFactor": 30,
- "maxDeltaTimeSeconds": 43200,
- "bruteForceProtected": false,
- "webAuthnPolicyRpIdPasswordless": null,
- "_browser_header.xXSSProtection": "1; mode=block",
- "_browser_header.xFrameOptions": "SAMEORIGIN",
- "_browser_header.strictTransportSecurity": "max-age=31536000; includeSubDomains",
- "oauth2DevicePollingInterval": 5,
- "clientOfflineSessionMaxLifespan": 0,
- "permanentLockout": false,
- "webAuthnPolicyRequireResidentKey": "not specified",
- "webAuthnPolicyRpId": null,
- "webAuthnPolicyAttestationConveyancePreference": "not specified",
- "_browser_header.referrerPolicy": "no-referrer",
- "maxFailureWaitSeconds": 900,
- "cibaInterval": 5,
- "oauth2DeviceCodeLifespan": 600,
- "webAuthnPolicyCreateTimeoutPasswordless": 0,
- "webAuthnPolicyAvoidSameAuthenticatorRegister": false,
- "parRequestUriLifespan": 60,
- "client-policies.policies": "policies:[]",
- "actionTokenGeneratedByAdminLifespan": 43200
}
}
Update Tenant Settings
Using this API, you can add or update realm settings.
Authorizations:
path Parameters
tenantId required | string Configure the Realm's name. |
Request Body schema: application/json
key | string Define the key value pair to be updated in the realm setting. |
Responses
Request samples
- Payload
{- "key": "value"
}
Response samples
- 200
- 400
- 401
{- "message": "Tenant settings updated successfully",
- "status": "OK",
- "subSystem": 1
}
Delete Tenant Settings
Use the Delete Tenant Settings API to delete the realm settings in a particular realm.
Authorizations:
path Parameters
tenantId required | string Configure the Realm's name. |
query Parameters
key | string Example: key=key provide the settings name which needs to be deleted. |
Responses
Response samples
- 200
- 401
- 404
{- "message": "Tenant setting deleted",
- "status": "OK",
- "subSystem": 1
}
Update App Settings
The Update App Settings API will update the app settings details which is configured in the realm settings.
Authorizations:
path Parameters
tenantId required | string Configure the Realm's name. |
Request Body schema: application/json
flutter_android_build_number | string flutter_android_build_number is the number of android releases for a version. (Every build has its own unique number) |
flutter_android_link | string flutter_android_link is the URL for the playstore. |
flutter_android_update_by | string flutter_android_update_by results the timestamp of the last update. |
flutter_android_version | string flutter_android_version is the result of the andriod version. |
flutter_ios_build_number | string flutter_ios_build_number is the number of ios releases for a version. (Every build has its own unique number) |
flutter_ios_link | string flutter_ios_link is the URL for the appstore. |
flutter_ios_update_by | string flutter_ios_update_by results the timestamp of the last update. |
flutter_ios_version | string flutter_ios_version is the result of the ios version. |
macos_build_number | string macos_build_number is the number of macos releases for a version. (Every build has its own unique number). |
macos_link | string macos_link is the URL for the playstore. |
macos_update_by | string macos_update_by results the timestamp of the last update. |
macos_version | string macos_version is the result of the macos version. |
windows_build_number | string windows_build_number is the number of windows releases for a version. (Every build has its own unique number) |
windows_link | string windows_link is the URL for the playstore. |
windows_update_by | string windows_update_by results the timestamp of the last update. |
windows_version | string windows_version is the result of the windows version. |
Responses
Request samples
- Payload
{- "flutter_android_build_number": "000",
- "flutter_android_update_by": "30.07.2023",
- "flutter_android_version": "2.5.5",
- "flutter_ios_build_number": "000",
- "flutter_ios_update_by": "30.07.2023",
- "flutter_ios_version": "2.5.5",
- "macos_build_number": "",
- "macos_link": "",
- "macos_update_by": "",
- "macos_version": "",
- "windows_build_number": "",
- "windows_link": "",
- "windows_update_by": "",
- "windows_version": ""
}
Response samples
- 200
- 401
{- "message": "Tenant settings updated successfully",
- "status": "OK",
- "subSystem": 1
}
Get App Settings
The Get App settings API will fetch the app details which is configured in the realm settings.
Authorizations:
path Parameters
tenantId required | string Configure the Realm's name. |
Responses
Response samples
- 200
- 401
{- "message": "Tenant setting(s) fetched successfully",
- "status": "OK",
- "subSystem": 1,
- "data": {
- "flutter_ios_version": "2.5.5",
- "huawei_update_by": "30.07.2023",
- "huawei_build_number": 0,
- "macos_version": "1.4.0",
- "huawei_version": "2.5.5",
- "windows_version": "1.4.0",
- "macos_build_number": 4,
- "flutter_ios_build_number": 0,
- "flutter_android_version": "2.5.5",
- "flutter_android_update_by": "30.07.2023",
- "flutter_ios_update_by": "30.07.2023",
- "windows_update_by": "2023-04-28 18:27:08.443204",
- "macos_update_by": "2023-04-28 18:27:08.443204",
- "flutter_android_build_number": 0,
- "windows_build_number": 4
}
}
Get Realm Creation Status
The Get Realm Creation Status API that will fetch the status of the Realm created.
Authorizations:
path Parameters
tenantId required | string Configure the Realm's name. |
Responses
Response samples
- 200
- 401
{- "message": "Tenant status fetched successfully",
- "status": "OK",
- "subSystem": 1,
- "data": {
- "status": "BLOCKED",
- "iamStatus": "SUCCESS",
- "signerCertStatus": "BLOCKED",
- "identityUserCertStatus": {
- "externalIdentityUser": {
- "authentication": "BLOCKED",
- "encryption": "BLOCKED",
- "signature": "BLOCKED"
}, - "internalIdentityUser": {
- "authentication": "BLOCKED",
- "encryption": "BLOCKED",
- "signature": "BLOCKED"
}
}
}
}
Add Realm Role
Realm role can be created using this API.
Authorizations:
path Parameters
tenantId required | string Configure the Realm's name. |
roleName required | string Configure the Role name. |
Responses
Response samples
- 200
- 401
- 409
{- "message": "Role created successfully",
- "status": "OK",
- "subSystem": 1
}
Delete Realm Role
Existing Realm roles can be deleted using this API.
Authorizations:
path Parameters
tenantId required | string Configure the Realm's name. |
roleName required | string Configure the Role name. |
Responses
Response samples
- 200
- 401
- 404
{- "message": "Role deleted successfully",
- "status": "OK",
- "subSystem": 1
}
Create riskbits
Using this API, riskbits can be added to the realm.
Authorizations:
path Parameters
tenantId required | string Configure the Realm's name. |
Request Body schema: application/json
operation | string Device execution is determined by the risk operation. For instance, if the JBreak[1]40001 is the Risk name of the device in 'Risk Details iOS' is 'HIGH_RISK,'in Operation the device will not be allowed. |
ratingLevel | string Assessing the Risk Level on the device. |
realmId | string The "realmId" field serves as an identifier for a specific tenant within a system. |
risk | string Rate of the risks. |
riskAndroid | string Android risk name which is present in the device. |
riskIOS | string iOS risk name which is present in the device. |
score | string Qualitative measure that quantifies the degree of the risk. |
Responses
Request samples
- Payload
{- "operation": "OK",
- "ratingLevel": "X",
- "realmId": "realmname",
- "risk": "0.01",
- "riskAndroid": "JBreak_test",
- "riskIOS": "JBreak_test",
- "score": "001-003"
}
Response samples
- 200
- 400
- 401
- 403
- 409
{- "message": "Riskbits added successfully",
- "status": "OK",
- "subSystem": 1
}
Delete All Riskbits
Using this API, riskbits associated with the realm will be removed.
Authorizations:
path Parameters
tenantId required | string Configure the Realm's name. |
Responses
Response samples
- 200
- 401
- 404
{- "message": "All Riskbits Deleted Successfully",
- "status": "OK",
- "subSystem": 1
}
Delete Riskbits
Using this API, riskbits associated with the provided riskbit ID will be deleted.
Authorizations:
path Parameters
tenantId required | string Configure the Realm's name. |
id required | string Configure the Riskbit Id. |
Responses
Response samples
- 200
- 401
- 404
{- "message": "Riskbit deleted successfully",
- "status": "OK",
- "subSystem": 1
}
Get Riskbit
Using this API, will return the list of riskbit details for the riskbitId provided in the request.
Authorizations:
path Parameters
tenantId required | string Configure the Realm's name. |
id required | string Configure the Riskbit Id. |
Responses
Response samples
- 200
- 401
- 404
{- "message": "Riskbit found successfully",
- "status": "OK",
- "subSystem": 1,
- "data": [
- {
- "id": "1a591860-368c-402a-8449-965787aaed8b",
- "ratingLevel": "A",
- "score": "986-999",
- "risk": "0.80%",
- "riskAndroid": null,
- "riskIOS": null,
- "operation": "OK",
- "realmId": "realmname"
}
]
}
Add List of Riskbits
Using this API, you can add a list of riskbits as provided in the request.
Authorizations:
path Parameters
tenantId required | string Configure the Realm's name. |
Request Body schema: application/json
operation | string Device execution is determined by the risk operation. For instance, if the JBreak[1]40001 is the Risk name of the device in 'Risk Details iOS' is 'HIGH_RISK,'in Operation the device will not be allowed. |
ratingLevel | string Assessing the Risk Level on the device. |
realmId | string The "realmId" field serves as an identifier for a specific tenant within a system. |
risk | string The percentage risk associated with this risk bit. |
riskAndroid | string The risk percentage specifically for Android platforms. |
riskIOS | string The risk percentage specifically for ios platforms. |
score | string Qualitative measure that quantifies the degree of the risk. |
Responses
Request samples
- Payload
[- {
- "operation": "OK",
- "ratingLevel": "A",
- "realmId": "aaiqa",
- "risk": "0.80%",
- "riskAndroid": "",
- "riskIOS": "",
- "score": "986-999"
}, - {
- "operation": "OK",
- "ratingLevel": "B",
- "realmId": "aaiqa",
- "risk": "1.64%",
- "riskAndroid": "",
- "riskIOS": "",
- "score": "977-985"
}, - {
- "operation": "OK",
- "ratingLevel": "C",
- "realmId": "aaiqa",
- "risk": "2.47%",
- "riskAndroid": "",
- "riskIOS": "",
- "score": "970-976"
}, - {
- "operation": "OK",
- "ratingLevel": "D",
- "realmId": "aaiqa",
- "risk": "3.10%",
- "riskAndroid": "",
- "riskIOS": "",
- "score": "962-969"
}, - {
- "operation": "OK",
- "ratingLevel": "E",
- "realmId": "aaiqa",
- "risk": "4.38%",
- "riskAndroid": "JBreak[1](300)",
- "riskIOS": "JBreak[400]",
- "score": "949-961"
}, - {
- "operation": "OK",
- "ratingLevel": "F",
- "realmId": "aaiqa",
- "risk": "6.21%",
- "riskAndroid": "Manipulation[2](4),Manipulation[2](35)",
- "riskIOS": "",
- "score": "928-948"
}, - {
- "operation": "HIGH_RISK",
- "ratingLevel": "G",
- "realmId": "aaiqa",
- "risk": "9.5%",
- "riskAndroid": "CodeInjection[6](2),CodeInjection[6](20000)",
- "riskIOS": "",
- "score": "877-928"
}, - {
- "operation": "HIGH_RISK",
- "ratingLevel": "H",
- "realmId": "aaiqa",
- "risk": "16.74%",
- "riskAndroid": "Manipulation[2](9",
- "riskIOS": "JBreak[400],JBreak[5455],CodeInjection[6][7]",
- "score": "800-876"
}, - {
- "operation": "HIGH_RISK",
- "ratingLevel": "I",
- "realmId": "aaiqa",
- "risk": "25.97%",
- "riskAndroid": "JBreak[1](40001)",
- "riskIOS": "JBreak[1](15),JBreak[1](101)",
- "score": "718-799"
}, - {
- "operation": "HIGH_RISK",
- "ratingLevel": "J",
- "realmId": "aaiqa",
- "risk": "32.56%",
- "riskAndroid": "Manipulation,MaliciousApp",
- "riskIOS": "Manipulation,MaliciousApp",
- "score": "639-717"
}, - {
- "operation": "HIGH_RISK",
- "ratingLevel": "K",
- "realmId": "aaiqa",
- "risk": "41.77%",
- "riskAndroid": "Jbreak,Emulator",
- "riskIOS": "Jbreak,Emulator",
- "score": "492-638"
}, - {
- "operation": "HIGH_RISK",
- "ratingLevel": "L",
- "realmId": "aaiqa",
- "risk": "60.45%",
- "riskAndroid": "CodeInjection",
- "riskIOS": "CodeInjection",
- "score": "1-491"
}
]
Response samples
- 200
- 401
{- "message": "Add riskbits request completed successfully",
- "status": "OK",
- "subSystem": 1,
- "data": {
- "KobilRiskBitsRepresentation{id=950afb01-fb4d-4bb4-b5a7-2f56204c1405, ratingLevel=K, score=492-638, risk=41.77, riskAndroid=, riskIOS=JBreak[1](15),JBreak[1](101),JBreak[1](1505),JBreak[1](5455), operation=HIGH_RISK, realmId=malda}": "Mismatch in realm specified in path param and request body",
- "KobilRiskBitsRepresentation{id=4c0a5985-4395-4862-8602-a790f8ca4fff, ratingLevel=D, score=962-969, risk=3.10, riskAndroid=JBreak[1](30),JBreak[1](300), riskIOS=, operation=OK, realmId=malda}": "Mismatch in realm specified in path param and request body"
}
}
Get All Riskbits
Using this API will return a list of riskbit details.
Authorizations:
path Parameters
tenantId required | string Configure the Realm's name. |
Responses
Response samples
- 200
- 401
- 404
{- "message": "Riskbits fetched successfully",
- "status": "OK",
- "subSystem": 1,
- "data": [
- {
- "id": "1a591860-368c-402a-8449-965787aaed8b",
- "ratingLevel": "A",
- "score": "986-999",
- "risk": "0.80%",
- "riskAndroid": null,
- "riskIOS": null,
- "operation": "OK",
- "realmId": "realmname"
}
]
}
Verify Device Risk
This API verifies whether the specified risk exists and fetches its details if it exists.
Authorizations:
path Parameters
tenantId required | string Configure the Realm's name. |
Request Body schema: application/json
platform | string Specify OS platform. |
riskName | string Name of the specific risk being verified. |