Skip to main content

IDP Services (5.0.0)

Download OpenAPI specification:Download

Authorization

Access Token

This section describes the process of generating an access token for authorization for various grant types.

path Parameters
tenantId
required
string

Configure the Realm's name.

Request Body schema: application/json
One of
grant_type
string

The grant type should be password.

username
string

The username for which the token needs to be generated.

password
string

Password corresponding to the username.

client_id
string

The Client ID for which the access token is to be generated.

client_secret
string

Secret corresponding to the given clientID. Secret will be available only for the clients with access type selected confidential during client creation. This is an optional parameter.

Responses

Request samples

Content type
application/json
{
  • "client_id": "clientname",
  • "client_secret": "RZ4YtWLZSXN8EjuZpfJXhEHweLS1nfry",
  • "grant_type": "password",
  • "code": "bf6f9af9-b3c9-4y66-804f-364f660d9135.a8e1b947-a2a3-4504-ad0e-8387ae200e50.db1ed60b-f478-4655-a397-fb688c53cbb8",
}

Response samples

Content type
application/json
{
  • "access_token": "string",
  • "expires_in": 0,
  • "not-before-policy": 0,
  • "refresh_expires_in": 0,
  • "refresh_token": "string",
  • "scope": "string",
  • "session_state": "string",
  • "token_type": "string"
}

Well known API

This API lists endpoints and other configuration options relevant to the OpenID Connect implementation in Keycloak.

Authorizations:
BearerAuth
path Parameters
tenantId
required
string

Configure the Realm's name.

Responses

Response samples

Content type
application/json
{}

Users

Create User

Create a user

Authorizations:
BearerAuth
path Parameters
tenantId
required
string

Name of the Realm.

Request Body schema: application/json
object

Key-value pairs representing custom user attributes. i.e phonenumber

object

Roles assigned to the user for client level actions.

Array of objects

User credentials configuration.

email
string

User's email address.

emailVerified
boolean

Indicates whether the user's email has been verified. True = enabled & False = disabled.

enabled
boolean

Indicates if the user account is enabled. True = enabled & False = disabled.

firstName
string

User's first name.

groups
Array of strings

Names of user groups the user belongs to.

lastName
string

User's last name.

username
string

User's username.

realmRoles
Array of strings

Roles assigned to the user for realm level actions.

requiredActions
Array of strings

Actions required from the user to do.

Responses

Request samples

Content type
application/json
{
  • "attributes": {
    },
  • "clientRoles": {
    },
  • "credentials": [
    ],
  • "email": "bob.go@gmail.com",
  • "emailVerified": true,
  • "enabled": true,
  • "firstName": "bob",
  • "groups": [
    ],
  • "lastName": "s",
  • "username": "user",
  • "realmRoles": [
    ],
  • "requiredActions": [
    ]
}

Response samples

Content type
application/json
{
  • "message": "User created successfully.",
  • "status": "OK",
  • "subSystem": 5
}

Update User

Update a user

Authorizations:
BearerAuth
path Parameters
tenantId
required
string

Name of the Realm.

userId
required
string

Name of the User.

Request Body schema: application/json
object

Key-value pairs representing custom user attributes. i.e phonenumber

object

Roles assigned to a user for client level actions.

Array of objects

User credentials configuration.

email
string

User's email address.

emailVerified
boolean

Indicates whether the user's email has been verified. True = enabled & False = disabled.

enabled
boolean

Indicates if the user account is enabled. True = enabled & False = disabled.

firstName
string

User's first name.

groups
Array of strings

Names of user groups the user belongs to.

lastName
string

User's last name.

username
string

User's username.

realmRoles
Array of strings

Roles assigned to the user for realm level actions.

requiredActions
Array of strings

Actions required from the user to do.

Responses

Request samples

Content type
application/json
{
  • "attributes": {
    },
  • "clientRoles": {
    },
  • "credentials": [
    ],
  • "email": "bob.go@gmail.com",
  • "emailVerified": true,
  • "enabled": true,
  • "firstName": "bob",
  • "groups": [
    ],
  • "lastName": "s",
  • "username": "user",
  • "realmRoles": [
    ],
  • "requiredActions": [
    ]
}

Response samples

Content type
application/json
{
  • "message": "User updated successfully",
  • "status": "OK",
  • "subSystem": 5
}

Get User By UUID

The Get User with User's UUID API will return a list showing the user details.

Authorizations:
BearerAuth
path Parameters
tenantId
required
string

Name of the Realm.

id
required
string

UUID of the user.

Responses

Response samples

Content type
application/json
{
  • "id": "5698e30c-7e33-44ee-9dce-3fa328831e66",
  • "createdTimestamp": 1692020930000,
  • "username": "idp_external_admin",
  • "enabled": true,
  • "emailVerified": false,
  • "attributes": {
    },
  • "disableableCredentialTypes": [
    ],
  • "requiredActions": [
    ],
  • "notBefore": 0,
  • "access": {
    }
}

Update profile User

Use this API to update the user profile.

Authorizations:
BearerAuth
path Parameters
tenantId
required
string

Name of the Realm.

userId
required
string

Name of the User.

Request Body schema: application/json
firstName
string

User's first name.

lastName
string

User's last name.

email
string

User's email address.

object

Key value pair containing the attributes you wanted to update.

Responses

Request samples

Content type
application/json
{
  • "firstName": "Foo",
  • "lastName": "Bar",
  • "email": "tom@bob.com",
  • "attributes": {
    }
}

Response samples

Content type
application/json
{
  • "message": "User profile updated successfully.",
  • "status": "OK",
  • "subSystem": 5
}

Get Users Based On Client Role

The Get Users Based On Client Role API returns a list of users who have the specified client role.

Authorizations:
BearerAuth
path Parameters
tenantId
required
string

Name of the Realm.

clientid
required
string

Name of the client to search.

assignedRole
required
string

Name of the assigned role to search.

query Parameters
limit
string
Example: limit=1

The maximum number of users to return.

offset
string
Example: offset=1

The number of users to skip before starting to collect the result set.

isUserEnabled
string
Example: isUserEnabled=true

Determines whether the user account is active, with true indicating the account is active.

isEmailVerified
string
Example: isEmailVerified=false

Determines whether the user's email address has been verified. Defaults to false, indicates unverified.

firstName
string
Example: firstName=bob

First name of the user to filter by.

lastName
string
Example: lastName=doe

The last name of the user to filter by.

email
string
Example: email=accesstoken@gmail.com

The email of the user to filter by.

username
string
Example: username=accesstoken

The username of the user to filter by.

orderBy
string
Example: orderBy=asc

The order of the results, either ascending (asc) or descending (desc).

orderByKey
string
Example: orderByKey=username

The field to order the results by, such as firstName, lastName, email, or username.

genericSearchVal
string
Example: genericSearchVal=bob

It is a custom search key for first name, last name, email, or username, and if the search is empty, we will consider the firstname, lastname, email, and username parameters, else these four parameters will be ignored.

Responses

Response samples

Content type
application/json
{
  • "message": "Users fetched successfully",
  • "status": "OK",
  • "subSystem": 5,
  • "data": {
    }
}

Get Users Based On Role

The Get Users Based On Role API returns a list of users who have the specified role. The user's list will be ordered alphabetically according to the username.

Authorizations:
BearerAuth
path Parameters
tenantId
required
string

Name of the Realm.

role
required
string

Name of the assigned role to search.

query Parameters
firstName
string
Example: firstName=bob

First name of the User.

lastName
string
Example: lastName=doe

Last name of the User.

email
string
Example: email=accesstoken@gmail.com

Email address of the user.

username
string
Example: username=accesstoken

Username of the user.

orderBy
string
Example: orderBy=desc

The order of the results, either ascending (asc) or descending (desc).

orderByKey
string
Example: orderByKey=lastname

The field to order the results by, such as firstName, lastName, email, or username.

genericSearchVal
string
Example: genericSearchVal=doe

It is a custom search key for first name, last name, email, or username, and if the search is empty, we will consider the firstname, lastname, email, and username parameters, else these four parameters will be ignored.

limit
string
Example: limit=1

The maximum number of users to return.

offset
string
Example: offset=1

The number of users to skip before starting to collect the result set.

isUserEnabled
string
Example: isUserEnabled=true

Determines whether the user account is active, with true indicating the account is active.

isEmailVerified
string
Example: isEmailVerified=false

Determines whether the user's email address has been verified. Defaults to false, indicates unverified.

Responses

Response samples

Content type
application/json
{
  • "message": "Users fetched successfully",
  • "status": "OK",
  • "subSystem": 5,
  • "data": {
    }
}

Delete User

Delete User API is used to delete a user.

path Parameters
tenantId
required
string

Name of the Realm.

userId
required
string

Username of the User.

Responses

Response samples

Content type
application/json
{
  • "message": "User deleted successfully",
  • "status": "OK",
  • "subSystem": 5
}

Get User Info

Use this API to get the user details.

Authorizations:
BearerAuth
path Parameters
tenantId
required
string

Name of the Realm.

userId
required
string

Username of the User.

query Parameters
firstName
string
Example: firstName=bob

First name of the user.

limit
string
Example: limit=1

The maximum number of users to return.

pageNumber
string
Example: pageNumber=1

Responses

Response samples

Content type
application/json
{
  • "message": "User info fetched successfully",
  • "status": "OK",
  • "subSystem": 5,
  • "data": {
    }
}

Get User By User group

The Get User By User group API will filter and search User options based on provided search values.

Authorizations:
BearerAuth
path Parameters
tenantId
required
string

Name of the Realm.

groupID
required
string

Name of the group.

query Parameters
limit
string
Example: limit=1

The maximum number of users to return.

email
string
Example: email=1

Email address to get users

offset
string
Example: offset=1

The number of users to skip before starting to collect the result set.

from
string
Example: from=1

Timestamp from which user is created

to
string
Example: to=1

Timestamp until which the user was created

isUserEnabled
string
Example: isUserEnabled=true

Determines whether the user account is active, with true indicating the account is active.

orderBy
string
Example: orderBy=desc

The order of the results, either ascending (asc) or descending (desc).

orderByKey
string
Example: orderByKey=lastname

The field to order the results by, such as firstName, lastName, email, or username.

genericSearchVal
string
Example: genericSearchVal=bob

It is a custom search key for first name, last name, email, or username, and if the search is empty, we will consider the firstname, lastname, email, and username parameters, else these four parameters will be ignored.

Responses

Response samples

Content type
application/json
{
  • "message": "Users fetched successfully",
  • "status": "OK",
  • "subSystem": 5,
  • "data": {
    }
}

Get resend OTP Brute Force Status

The Get OTP Brute Force status api gets OTP Brute Force lock status of a user.

Authorizations:
BearerAuth
path Parameters
tenantId
required
string

Name of the Realm.

userId
required
string

Name of the User.

Responses

Response samples

Content type
application/json
{
  • "message": "Resend OTP Brute force feature is currently disabled for tenant",
  • "status": "OK",
  • "subSystem": 5
}

Unlock User resend OTP Brute Force

The Unlock User OTP Brute Force api will unlock the user locked by the OTP Brute Force.

Authorizations:
BearerAuth
path Parameters
tenantId
required
string

Name of the Realm.

userId
required
string

Name of the User.

Responses

Response samples

Content type
application/json
{
  • "message": "Resend OTP Brute force feature is currently disabled for tenant",
  • "status": "OK",
  • "subSystem": 5
}

Search User

An API to search users.

Authorizations:
BearerAuth
path Parameters
tenantId
required
string

Name of the Realm.

query Parameters
key
string
Example: key=search_keyword

It can be a search parameter and will search over username, firstname, lastname and email.

Responses

Response samples

Content type
application/json
{
  • "message": "Users fetched successfully",
  • "status": "OK",
  • "subSystem": 5,
  • "data": {
    }
}

Search User By User Attribute

API to search and fetch the user list using user's attributes.

Authorizations:
BearerAuth
path Parameters
tenantId
required
string

Name of the Realm.

query Parameters
key
required
string
Example: key=phone_number

Attribute name to search user.

value
required
string
Example: value=1234567890

Attribute value to search user.

Responses

Response samples

Content type
application/json
{
  • "message": "Users fetched successfully",
  • "status": "OK",
  • "subSystem": 5,
  • "data": [
    ]
}

Unlock All User resend OTP Brute Force

The Unlock all Users OTP Brute Force API will unlock all the users locked by the OTP Brute Force.

Authorizations:
BearerAuth
path Parameters
tenantId
required
string

Name of the Realm.

Responses

Response samples

Content type
application/json
{
  • "message": "Resend OTP Brute force feature is currently disabled for tenant",
  • "status": "OK",
  • "subSystem": 5
}

Disable User

This API is used to disable a user temporarily. Disabled users will not be allowed to login.

Authorizations:
BearerAuth
path Parameters
tenantId
required
string

Name of the Realm.

userId
required
string

Name of the User.

Request Body schema: application/json
enabled
boolean

If false, the user is disabled.

Responses

Request samples

Content type
application/json
{
  • "enabled": false
}

Response samples

Content type
application/json
{
  • "message": "User disabled successfully",
  • "status": "OK",
  • "subSystem": 5
}

Enable User

Use this API to enable the user.

Authorizations:
BearerAuth
path Parameters
tenantId
required
string

Name of the Realm.

userId
required
string

Name of the User.

Request Body schema: application/json
enabled
boolean

If true, the user is enabled.

Responses

Request samples

Content type
application/json
{
  • "enabled": true
}

Response samples

Content type
application/json
{
  • "message": "User enabled successfully",
  • "status": "OK",
  • "subSystem": 5
}

Promote User

Once promoted the user will have the 'digitanium_admin', 'admin' and 'realm-admin' role tagged and the corresponding role permissions.

Authorizations:
BearerAuth
path Parameters
tenantId
required
string

Name of the Realm.

userId
required
string

Name of the User.

Responses

Response samples

Content type
application/json
{
  • "message": "User promoted successfully",
  • "status": "OK",
  • "subSystem": 5
}

Revoke Admin access

Deletes the digitanium_admin, admin and realm-admin role permission for a particular user.

Authorizations:
BearerAuth
path Parameters
tenantId
required
string

Name of the Realm.

userId
required
string

Name of the User.

Responses

Response samples

Content type
application/json
{
  • "message": "Admin access revoked successfully",
  • "status": "OK",
  • "subSystem": 5
}

User Tenant List

Returns the list of tenants for a particular user.

Authorizations:
BearerAuth
path Parameters
tenantId
required
string

Name of the Realm.

userId
required
string

Name of the User.

Responses

Response samples

Content type
application/json
{
  • "message": "Tenant list fetched successfully",
  • "status": "OK",
  • "subSystem": 5,
  • "data": "astqa"
}

Revoke Required Actions

Using this API, users required actions can be revoked.

Authorizations:
BearerAuth
path Parameters
tenantId
required
string

Name of the Realm.

userId
required
string

Name of the User.

Request Body schema: application/json
requiredActions
Array of strings

Responses

Request samples

Content type
application/json
{
  • "requiredActions": [
    ]
}

Response samples

Content type
application/json
{
  • "message": "User required actions revoked successfully",
  • "status": "OK",
  • "subSystem": 5
}

Revoke Roles

Using this API client and realm roles will be revoked from the user's.

Authorizations:
BearerAuth
path Parameters
tenantId
required
string

Name of the Realm.

userId
required
string

Name of the User.

Request Body schema: application/json
object

Roles assigned to a user for client level actions.

realmRoles
Array of strings

Roles assigned to the user for realm level actions.

Responses

Request samples

Content type
application/json
{
  • "clientRoles": {
    },
  • "realmRoles": [
    ]
}

Response samples

Content type
application/json
{
  • "message": "User roles revoked successfully",
  • "status": "OK",
  • "subSystem": 5
}

List Admin Users

List Admin Users API will return a list of admin users.

Authorizations:
BearerAuth
path Parameters
tenantId
required
string

Name of the Realm.

Responses

Response samples

Content type
application/json
{
  • "message": "Admin users fetched successfully",
  • "status": "OK",
  • "subSystem": 5,
  • "data": [
    ]
}

Get Credentials

Get Credentials API will get the credential details for the user.

Authorizations:
BearerAuth
path Parameters
tenantId
required
string

Name of the Realm.

userId
required
string

Name of the User.

Responses

Response samples

Content type
application/json
[
  • {
    }
]

Add address

Add Address API will add the address for the requested user.

Authorizations:
BearerAuth
path Parameters
tenantId
required
string

Name of the Realm.

userId
required
string

Name of the Realm.

Request Body schema: application/json
postalCode
string

Define the postalCode of the given address.

addressDetails
string

Describes the default address details of the user.

addressTitle
string

Address title

addressType
string

Describes the address type

city
string

Describes the city name

cityCode
string

describes the city code

defaultAddress
boolean

Describes the default address name

directions
string

Directions of the address

district
string

Describe the user district name

districtCode
string

Describes the user district code

firstName
string

Describe the user firstname

lastName
string

last name of the user

town
string

Town name to be added

townCode
string

Describe the town code

Responses

Request samples

Content type
application/json
{
  • "postalCode": "654321",
  • "addressDetails": "string",
  • "addressTitle": "string",
  • "addressType": "string",
  • "city": "string",
  • "cityCode": "string",
  • "defaultAddress": true,
  • "directions": "string",
  • "district": "string",
  • "districtCode": "string",
  • "firstName": "string",
  • "lastName": "string",
  • "town": "string",
  • "townCode": "string"
}

Response samples

Content type
application/json
{
  • "message": "Address added successfully",
  • "status": "OK",
  • "subSystem": 5
}

Get address

Get Address API will fetch the address of the requested user.

Authorizations:
BearerAuth
path Parameters
tenantId
required
string

Name of the Realm.

userId
required
string

Name of the User.

Responses

Response samples

Content type
application/json
{
  • "message": "Address info fetched successfully",
  • "status": "OK",
  • "subSystem": 5,
  • "data": [
    ]
}

Edit Address

Edit Address API will update the address for the requested user.

Authorizations:
BearerAuth
path Parameters
tenantId
required
string

Name of the Realm.

userId
required
string

Name of the User.

Request Body schema: application/json
addressID
string

Define the addressID given for a particular address.

lastName
string

LastName of the user.

addressType
string

Define the type of the address.

Responses

Request samples

Content type
application/json
{
  • "addressID": "86765ce6-d551-40e7-b30c-a1edfe4a74bd",
  • "lastName": "shaw",
  • "addressType": "office"
}

Response samples

Content type
application/json
{
  • "message": "Address changed successfully.",
  • "status": "OK",
  • "subSystem": 5
}

Delete Address

Delete Address API will delete the address of the requested user.

Authorizations:
BearerAuth
path Parameters
tenantId
required
string

Configure the Realm's name.

userId
required
string

Configure the Admin UserId.

Request Body schema: application/json
addressID
string

Define the addressID given for a particular address.

Responses

Request samples

Content type
application/json
{
  • "addressID": "86765ce6-d551-40e7-b30c-a1edfe4a74bd"
}

Response samples

Content type
application/json
{
  • "message": "Address deleted successfully",
  • "status": "OK",
  • "subSystem": 5
}

Get Users

Get Users will return a list of user's, along with their details that match the given query parameters.

Authorizations:
BearerAuth
path Parameters
tenantId
required
string

Name of the Realm.

Responses

Response samples

Content type
application/json
{
  • "message": "Users fetched successfully",
  • "status": "OK",
  • "subSystem": 5,
  • "data": {
    }
}

Add User to Groups

Use this API to add the users within a group.

Authorizations:
BearerAuth
path Parameters
tenantId
required
string

Name of the Realm.

userId
required
string

Name of the User.

Request Body schema: application/json
groups
Array of objects

Mention the list of groups where user need to be added.

Responses

Request samples

Content type
application/json
{
  • "groups": [
    ]
}

Response samples

Content type
application/json
{
  • "message": "User group added successfully.",
  • "status": "OK",
  • "subSystem": 5
}

Delete User from Groups

User Group from Delete API is used to remove the users from the group.

Authorizations:
BearerAuth
path Parameters
tenantId
required
string

Name of the Realm.

userId
required
string

Name of the User.

Request Body schema: application/json
groups
Array of objects

Mention the groups where user need to be removed.

Responses

Request samples

Content type
application/json
{
  • "groups": [
    ]
}

Response samples

Content type
application/json
{
  • "message": "User group removed successfully.",
  • "status": "Success",
  • "subSystem": 5
}

List Users

List users Api used to retrieve the user from the provided query parameters.

Authorizations:
BearerAuth
path Parameters
tenantId
required
string
Example: main

Name of the Realm.

query Parameters
email
string
Example: email=johndoe@gmail.com

Email address of user.

firstName
string
Example: firstName=John

First name of user.

lastName
string
Example: lastName=doe

Last name of user.

first
number
Example: first=300

The integer value for the first result (default in -1)

username
string
Example: username=johndoe@gmail.com

Username of the user.

briefRepresentation
boolean
Example: briefRepresentation=true

A boolean flag to return brief details of the user if true.

exact
boolean
Example: exact=true

A boolean flag to perform the exact search on 'q' parameter.

q
string
Example: q=lastName:Doe

Custom search query with the specific attribute and specific value to search. we can also perform the prefix search, infix search , exact search in it.

groups
string
Example: groups=ks-users, app-users

Group names to filter the users that are the members of the groups.

enabled
boolean
Example: enabled=true

A boolean indicating whether the user is enabled (true) or disabled (false).

createdTimeEnd
string
Example: createdTimeEnd=1710757836885

End created timestamp of the creation time range. Only records created before this time will be processed.

search
string
Example: search=Jo

Search value for users where userId, username,email, firstName, or lastName starts with "Jo". we can also perform the prefix search, infix search , exact search

includeRolesForClient
string
Example: includeRolesForClient=9b783be7-ba9f-47w8-9020-a6f64d7034a7

The ID which maps the roles for the client

filterForRole
string
Example: filterForRole=8a06d3ff-ff6c-413f-a6d9-2cbcec09cf34

Role ID which specifies the role to filter for.

createdTimeStart
string
Example: createdTimeStart=1710757836882

Start created timestamp of the creation time range. Only records created on or after this time will be processed.

idpAlias
string
Example: idpAlias=google

The alias name that represents the identity provider used to get the user from the identity provider.

idpUserId
string
Example: idpUserId=8a06d3ff-ff6c-411f-a6d9-2cbcec09cf34

The user id in the IDP.

emailVerified
string
Example: emailVerified=true

A boolean indicating whether the email is verified (true) or not (false)

sort
string
Example: sort=username:asc

to sort list of user.

max
number
Example: max=300

The maximum results to be displayed.

Responses

Response samples

Content type
application/json
[
  • {
    }
]

Get User Count

Get User count API used to retrieve count of the user by provided query parameters.

Authorizations:
BearerAuth
path Parameters
tenantId
required
string

Name of the Realm.

query Parameters
email
string
Example: email=johndoe@gmail.com

Email address of user.

firstName
string
Example: firstName=John

First name of user.

lastName
string
Example: lastName=doe

Last name of user.

search
string
Example: search=Jo

Search value for users where userId, username,email, firstName, or lastName starts with "Jo". we can also perform the prefix search, infix search , exact search

emailVerified
boolean
Example: emailVerified=true

A boolean indicating whether the email is verified (true) or not (false)

filterForRole
string
Example: filterForRole=8a06d3ff-df6c-411f-a6d0-2cbcec09cf34

Role ID which specifies the role to filter for.

username
string
Example: username=John

Username of the user.

enabled
boolean
Example: enabled=true

A boolean indicating whether the user is enabled (true) or disabled (false).

q
string
Example: q=lastName:Doe

Custom search query with the specific attribute and specific value to search. we can also perform the prefix search, infix search , exact search in it.

createdTimeStart
string
Example: createdTimeStart=1710757836882

Start created timestamp of the creation time range. Only records created on or after this time will be processed.

createdTimeEnd
string
Example: createdTimeEnd=1710757836885

End created timestamp of the creation time range. Only records created before this time will be processed.

groups
string
Example: groups=ks-users, app-users

Group names to filter the users that are the members of the groups.

Responses

Response samples

Content type
application/json
1

Email

Send Email

Email will be sent to the user's based on the template which is specified in the mailtype.

Authorizations:
BearerAuth
path Parameters
tenantId
required
string

Configure the Realm's name.

userId
required
string

Configure the Realm's name.

Request Body schema: application/json
One of
mailType
string

Specify the mail type for template. Value should be "WELCOME"

iosLink
string

Specify the iOS link.

androidLink
string

Specify Android link.

portalUrl
string

Specify the Portal access URL.

Responses

Request samples

Content type
application/json
{}

Response samples

Content type
application/json
{
  • "message": "Email already verified",
  • "status": "OK",
  • "subSystem": 5
}

SMTP Configuration

SMTP Configuration API used configure the email configurations.

Authorizations:
BearerAuth
path Parameters
tenantId
required
string

Configure the Realm's name.

Request Body schema: application/json
envelopeFrom
string

An email address used for bounces.

from
string

Enter from mailId.

fromDisplayName
string

A user friendly display name for from address.

host
string

Enter valid host(Eg.smtp.gamil.com).

password
string

Password corresponding to from mail address.

port
string

Enter valid port number.

replyTo
string

Mail to which reply needs to be sent.

replyToDisplayName
string

A user friendly display name for from address.

ssl
string

Enable SSL.

starttls
string

enable TLS.

user
string

From mail address.

Responses

Request samples

Content type
application/json
{
  • "envelopeFrom": null,
  • "from": "test@test.com",
  • "fromDisplayName": "Identity Dashboard",
  • "host": "mail.gmail.com",
  • "password": "secret",
  • "port": "587",
  • "replyTo": "test@test.com",
  • "replyToDisplayName": "Support",
  • "ssl": "true",
  • "starttls": "true",
  • "user": "admin.test"
}

Response samples

Content type
application/json
{
  • "message": "Successfully updated SMTP Details.",
  • "status": "OK",
  • "subSystem": 1
}

Test SMTP Configuration

The Test SMTP Configuration API is utilized to verify the email settings that have been configured.

Authorizations:
BearerAuth
path Parameters
tenantid
required
string

Configure the tenant name,

Request Body schema: application/json
mailType
string

Describe the mail type as TEST

Responses

Request samples

Content type
application/json
{
  • "mailType": "TEST"
}

Response samples

Content type
application/json
{
  • "message": "Mail Sent Successfully to the user",
  • "status": "OK",
  • "subSystem": 5
}

Apps (Client)

UMA App

Use this API to create client with all authorization scopes in the realm.

Authorizations:
BearerAuth
path Parameters
tenantId
required
string

Configure the Realm's name.

query Parameters
adminuser
required
string

Configure the Admin user name.

adminpassword
required
string

Configure the Admin Password.

migrate
required
boolean

Configure the boolean values as true or false.If set to true the respective UMA roles will be assigned to all the existing users.

Responses

Response samples

Content type
application/json
{
  • "message": "Created app and migrated users successfully.",
  • "status": "OK",
  • "subSystem": 2
}

List all apps

List all apps API will return the list of apps that are created through the Create App.

Authorizations:
BearerAuth
path Parameters
tenantId
required
string

Configure the Realm's name.

Responses

Response samples

Content type
application/json
{
  • "message": "App info fetched successfully",
  • "status": "OK",
  • "subSystem": 2,
  • "data": [
    ]
}

Update App

Use Update App API, to update the app through IDP, which has already been created using Create App.

Authorizations:
BearerAuth
path Parameters
tenantId
required
string

Configure the Realm's name.

Request Body schema: application/json
appName
string

Configure the app (client name) to update

implicitFlowEnabled
boolean

Configure the boolean value as true or false to enable or disable the implicit flow for this client.

object

Configure a authenticationFlowBindingOverrides Map as (string,string) to client for customizing of authentication flows.

name
string

Display name of the client.

Responses

Request samples

Content type
application/json
{
  • "appName": "asd",
  • "implicitFlowEnabled": true,
  • "authenticationFlowBindingOverrides": {
    },
  • "name": "new-app1"
}

Response samples

Content type
application/json
{
  • "message": "App updated successfully.",
  • "status": "OK",
  • "subSystem": 2
}

Create App

Apps are entities that can request IDP to authenticate a user. It also use IDP to encrypt themselves and provide a single sign-on solution which can securely invoke other services over the network.

Authorizations:
BearerAuth
path Parameters
tenantId
required
string

Configure the Realm's name.

Request Body schema: application/json
appName
string

The name of the app to be created.

name
string

Display name of the client.

description
string

The description of the app to be created

rootUrl
string

Root url is the entire url including slash.

adminUrl
string

Url's to the client's admin interface.

baseUrl
string

Root address for your website

object

Customized attribute in form of the key value pair

surrogateAuthRequired
boolean

Configure boolean value to whether it is required to substitute auth or not.

enabled
boolean

Describes whether the client is active or not.

appAuthenticatorType
string

Type of the authentication method applied to an client application.

registrationAccessToken
string

A security token used by clients for dynamic client registration operations.

defaultRoles
string <nullable>

Specifies the roles that are automatically assigned to a user when they are authenticated against this client

redirectUris
string <nullable>

Specifies the URIs to which Keycloak should redirect after successful authentication or authorization processes.

implicitFlowEnabled
boolean

Boolean attribute for a client determines whether the client is allowed to use the implicit flow for OpenID Connect.

directAccessGrantsEnabled
boolean

Boolean attribute for a client determines whether the client is allowed to use the Direct Access Grant flow (also known as the Resource Owner Password Credentials Grant) of OAuth 2.0.

Responses

Request samples

Content type
application/json
{
  • "appName": "appname1",
  • "name": "new-app",
  • "description": null,
  • "adminUrl": null,
  • "attributes": {},
  • "surrogateAuthRequired": true,
  • "enabled": true,
  • "appAuthenticatorType": null,
  • "registrationAccessToken": null,
  • "defaultRoles": "string",
  • "redirectUris": "string",
  • "implicitFlowEnabled": true,
  • "directAccessGrantsEnabled": true
}

Response samples

Content type
application/json
{
  • "message": "App created successfully",
  • "status": "OK",
  • "subSystem": 2
}

Get App Info

Get App Info API will return the app info that match the given parameters.

Authorizations:
BearerAuth
path Parameters
tenantId
required
string

Configure the Realm's name.

clientId
required
string

Configure the App name.

Responses

Response samples

Content type
application/json
{
  • "message": "App info fetched successfully",
  • "status": "OK",
  • "subSystem": 2,
  • "data": {
    }
}

Delete App

This API is used to delete an app.

Authorizations:
BearerAuth
path Parameters
tenantId
required
string

Configure the Realm's name.

clientId
required
string

Configure the App name.

Responses

Response samples

Content type
application/json
{
  • "message": "App deleted successfully",
  • "status": "OK",
  • "subSystem": 2
}

Get App Credentials

Get App Credentials API will return the client secret for the specified client..

Authorizations:
BearerAuth
path Parameters
tenantId
required
string

Configure the Realm's name.

clientId
required
string

Configure the Client ID.

Responses

Response samples

Content type
application/json
{
  • "message": "App credential fetched successfully",
  • "status": "OK",
  • "subSystem": 5,
  • "data": "77581f16-2887-4d60-9346-0f3b6693063a"
}

Regenerate App Credential

Regenerate App Credential API will return the data that match the given parameters.

Authorizations:
BearerAuth
path Parameters
tenantId
required
string

Configure the Realm's name.

clientId
required
string

Configure the Client ID.

Responses

Response samples

Content type
application/json
{
  • "message": "App credential regenerated successfully",
  • "status": "OK",
  • "subSystem": 2,
  • "data": "67e3127b-b173-4780-8033-1fecfd35d397"
}

Send Magic Link

This API is used to Authenticate user through email via link.

Authorizations:
BearerAuth
path Parameters
tenantId
required
string

Configure the Realm's name.

Request Body schema: application/json
clientId
string

Specifies the Client ID

email
string

Configure the email through which magic link will be sent.

forceCreate
boolean

Create user with the email when user doesn't exist.

redirectUri
string

Specify the URI, where user needs to land after completing the process.

resetPassword
boolean

reset password option is enabled while clicking the Magic link.

responseMode
string

Configure the type how the Authorization Server should return the result.

responseType
string

Configure the type of response that has to be received on execution.

scope
string

The scope requested for the token.

Responses

Request samples

Content type
application/json
{
  • "clientId": "clientname",
  • "email": "abc@gmail.com",
  • "forceCreate": true,
  • "resetPassword": true,
  • "responseMode": "form_post",
  • "responseType": "code token",
  • "scope": "open_id"
}

Response samples

Content type
application/json
{
  • "message": "Mail was sent successfully to provided email id with magic link",
  • "status": "OK",
  • "subSystem": 5
}

Tenant

List Tenants

Use this API to return the list of tenants along with their details.

Authorizations:
BearerAuth
path Parameters
tenantId
required
string

Configure the Realm's name.

Responses

Response samples

Content type
application/json
{
  • "message": "Tenant list fetched successfully",
  • "status": "OK",
  • "subSystem": 1,
  • "data": [
    ]
}

Create tenant

Access this API to create a new tenant.

Authorizations:
BearerAuth
path Parameters
tenantId
required
string

Configure the Realm's name.

Request Body schema: application/json
realm
string

Configure the realm name

enabled
boolean

Indicates whether the realm is active or not

loginTheme
string

Configure the login theme

accountTheme
string

Configure the account theme for the realm

adminTheme
string

Configure the admin theme

emailTheme
string

Configure the email theme for the realm

adminUsername
string

Specifies the admin user name for the tenant.

adminEmail
string

Specifies the admin user's email.

adminPassword
string

Specifies the admin user's password.

adminFirstName
string

Specifies the admin's first name.

adminLastName
string

Specifies the admin's last name.

bruteForceProtected
boolean

A boolean field that specifies if the brute force attack detection and protection is enabled for the realm.

actionTokenGeneratedByAdminLifespan
number

This field represents the duration (in seconds) that action tokens generated by administrators will remain valid.

object

A map of custom settings specific to the realm. These settings can be used to configure various aspects of the realm's behavior.

Array of objects

A list of required actions that users must complete.

Responses

Request samples

Content type
application/json
{
  • "realm": "realmname",
  • "enabled": true,
  • "loginTheme": "kobilv2",
  • "accountTheme": "kobilv2",
  • "adminTheme": "kobilv2",
  • "emailTheme": "kobilv2",
  • "adminUsername": "admin",
  • "adminEmail": "user123@gmail.com",
  • "adminPassword": "Admin@123",
  • "adminFirstName": null,
  • "adminLastName": null,
  • "bruteForceProtected": true,
  • "actionTokenGeneratedByAdminLifespan": 86400,
  • "settings": {
    },
  • "requiredActions": [
    ]
}

Response samples

Content type
application/json
{
  • "message": "Tenant created successfully",
  • "status": "OK",
  • "subSystem": 1,
  • "data": {
    }
}

Get Tenant Info

Get Tenant Info API is used to get the details about the tenant.

Authorizations:
BearerAuth
path Parameters
realmId
required
string

Configure the Realm's name.

tenantId
required
string

Configure the Realm's name.

Responses

Response samples

Content type
application/json
{
  • "message": "Tenant info fetched successfully",
  • "status": "OK",
  • "subSystem": 1,
  • "data": {
    }
}

Update Tenant

Use this API to update a tenant.

Authorizations:
BearerAuth
path Parameters
realmId
required
string

Configure the Realm's name.

tenantId
required
string

Configure the Realm's name.

Request Body schema: application/json
enabled
boolean

Indicates whether the realm is enabled or not.

loginTheme
string

The theme used for the login pages.

accountTheme
string

The theme used for the account management pages.

adminTheme
string

Specifies the theme to be used for the admin console interface.

emailTheme
string

Specifies the theme to be used for the emails sent from this realm.

adminUsername
string

Specifies the admin user name for the tenant.

adminEmail
string

Specifies the admin user's email.

adminPassword
string

Specifies the admin user's password.

adminFirstName
string

Specifies the admin's first name.

adminLastName
string

Specifies the admin's last name.

bruteForceProtected
boolean

Indicates whether brute force protection is enabled for the realm.

actionTokenGeneratedByAdminLifespan
number

The lifespan in seconds for action tokens generated by an admin.

object

Custom settings specific to the realm.

Array of objects

A list of required actions for users in the realm.

Responses

Request samples

Content type
application/json
{
  • "enabled": true,
  • "loginTheme": "kobilv2",
  • "accountTheme": "kobilv2",
  • "adminTheme": "kobilv2",
  • "emailTheme": "kobilv2",
  • "adminUsername": "admin",
  • "adminEmail": "user123@gmail.com",
  • "adminPassword": "Admin@123",
  • "adminFirstName": null,
  • "adminLastName": null,
  • "bruteForceProtected": true,
  • "actionTokenGeneratedByAdminLifespan": 86400,
  • "settings": {
    },
  • "requiredActions": [
    ]
}

Response samples

Content type
application/json
{
  • "message": "Tenant updated successfully",
  • "status": "OK",
  • "subSystem": 1
}

Delete Tenant

Using this API, a tenant can be deleted.

Authorizations:
BearerAuth
path Parameters
tenantId
required
string

Configure the Realm's name.

Responses

Response samples

Content type
application/json
{
  • "message": "Tenant deleted successfully",
  • "status": "OK",
  • "subSystem": 1
}

Get Tenant Settings

Using this API, we can fetch the details about the tenant settings.

Authorizations:
BearerAuth
path Parameters
tenantId
required
string

Configure the Realm's name.

Responses

Response samples

Content type
application/json
{
  • "message": "Tenant setting(s) fetched successfully",
  • "status": "OK",
  • "subSystem": 1,
  • "data": {
    }
}

Update Tenant Settings

Using this API, you can add or update realm settings.

Authorizations:
BearerAuth
path Parameters
tenantId
required
string

Configure the Realm's name.

Request Body schema: application/json
key
string

Define the key value pair to be updated in the realm setting.

Responses

Request samples

Content type
application/json
{
  • "key": "value"
}

Response samples

Content type
application/json
{
  • "message": "Tenant settings updated successfully",
  • "status": "OK",
  • "subSystem": 1
}

Delete Tenant Settings

Use the Delete Tenant Settings API to delete the realm settings in a particular realm.

Authorizations:
BearerAuth
path Parameters
tenantId
required
string

Configure the Realm's name.

query Parameters
key
string
Example: key=key

provide the settings name which needs to be deleted.

Responses

Response samples

Content type
application/json
{
  • "message": "Tenant setting deleted",
  • "status": "OK",
  • "subSystem": 1
}

Update App Settings

The Update App Settings API will update the app settings details which is configured in the realm settings.

Authorizations:
BearerAuth
path Parameters
tenantId
required
string

Configure the Realm's name.

Request Body schema: application/json
flutter_android_build_number
string

flutter_android_build_number is the number of android releases for a version. (Every build has its own unique number)

flutter_android_link
string

flutter_android_link is the URL for the playstore.

flutter_android_update_by
string

flutter_android_update_by results the timestamp of the last update.

flutter_android_version
string

flutter_android_version is the result of the andriod version.

flutter_ios_build_number
string

flutter_ios_build_number is the number of ios releases for a version. (Every build has its own unique number)

flutter_ios_link
string

flutter_ios_link is the URL for the appstore.

flutter_ios_update_by
string

flutter_ios_update_by results the timestamp of the last update.

flutter_ios_version
string

flutter_ios_version is the result of the ios version.

macos_build_number
string

macos_build_number is the number of macos releases for a version. (Every build has its own unique number).

macos_link
string

macos_link is the URL for the playstore.

macos_update_by
string

macos_update_by results the timestamp of the last update.

macos_version
string

macos_version is the result of the macos version.

windows_build_number
string

windows_build_number is the number of windows releases for a version. (Every build has its own unique number)

windows_link
string

windows_link is the URL for the playstore.

windows_update_by
string

windows_update_by results the timestamp of the last update.

windows_version
string

windows_version is the result of the windows version.

Responses

Request samples

Content type
application/json
{
  • "flutter_android_build_number": "000",
  • "flutter_android_link": "https://google.com",
  • "flutter_android_update_by": "30.07.2023",
  • "flutter_android_version": "2.5.5",
  • "flutter_ios_build_number": "000",
  • "flutter_ios_link": "https://google.com",
  • "flutter_ios_update_by": "30.07.2023",
  • "flutter_ios_version": "2.5.5",
  • "macos_build_number": "",
  • "macos_link": "",
  • "macos_update_by": "",
  • "macos_version": "",
  • "windows_build_number": "",
  • "windows_link": "",
  • "windows_update_by": "",
  • "windows_version": ""
}

Response samples

Content type
application/json
{
  • "message": "Tenant settings updated successfully",
  • "status": "OK",
  • "subSystem": 1
}

Get App Settings

The Get App settings API will fetch the app details which is configured in the realm settings.

Authorizations:
BearerAuth
path Parameters
tenantId
required
string

Configure the Realm's name.

Responses

Response samples

Content type
application/json
{
  • "message": "Tenant setting(s) fetched successfully",
  • "status": "OK",
  • "subSystem": 1,
  • "data": {
    }
}

Get Realm Creation Status

The Get Realm Creation Status API that will fetch the status of the Realm created.

Authorizations:
BearerAuth
path Parameters
tenantId
required
string

Configure the Realm's name.

Responses

Response samples

Content type
application/json
{
  • "message": "Tenant status fetched successfully",
  • "status": "OK",
  • "subSystem": 1,
  • "data": {
    }
}

Add Realm Role

Realm role can be created using this API.

Authorizations:
BearerAuth
path Parameters
tenantId
required
string

Configure the Realm's name.

roleName
required
string

Configure the Role name.

Responses

Response samples

Content type
application/json
{
  • "message": "Role created successfully",
  • "status": "OK",
  • "subSystem": 1
}

Delete Realm Role

Existing Realm roles can be deleted using this API.

Authorizations:
BearerAuth
path Parameters
tenantId
required
string

Configure the Realm's name.

roleName
required
string

Configure the Role name.

Responses

Response samples

Content type
application/json
{
  • "message": "Role deleted successfully",
  • "status": "OK",
  • "subSystem": 1
}

Riskbits

Create riskbits

Using this API, riskbits can be added to the realm.

Authorizations:
BearerAuth
path Parameters
tenantId
required
string

Configure the Realm's name.

Request Body schema: application/json
operation
string

Device execution is determined by the risk operation. For instance, if the JBreak[1]40001 is the Risk name of the device in 'Risk Details iOS' is 'HIGH_RISK,'in Operation the device will not be allowed.

ratingLevel
string

Assessing the Risk Level on the device.

realmId
string

The "realmId" field serves as an identifier for a specific tenant within a system.

risk
string

Rate of the risks.

riskAndroid
string

Android risk name which is present in the device.

riskIOS
string

iOS risk name which is present in the device.

score
string

Qualitative measure that quantifies the degree of the risk.

Responses

Request samples

Content type
application/json
{
  • "operation": "OK",
  • "ratingLevel": "X",
  • "realmId": "realmname",
  • "risk": "0.01",
  • "riskAndroid": "JBreak_test",
  • "riskIOS": "JBreak_test",
  • "score": "001-003"
}

Response samples

Content type
application/json
{
  • "message": "Riskbits added successfully",
  • "status": "OK",
  • "subSystem": 1
}

Delete All Riskbits

Using this API, riskbits associated with the realm will be removed.

Authorizations:
BearerAuth
path Parameters
tenantId
required
string

Configure the Realm's name.

Responses

Response samples

Content type
application/json
{
  • "message": "All Riskbits Deleted Successfully",
  • "status": "OK",
  • "subSystem": 1
}

Delete Riskbits

Using this API, riskbits associated with the provided riskbit ID will be deleted.

Authorizations:
BearerAuth
path Parameters
tenantId
required
string

Configure the Realm's name.

id
required
string

Configure the Riskbit Id.

Responses

Response samples

Content type
application/json
{
  • "message": "Riskbit deleted successfully",
  • "status": "OK",
  • "subSystem": 1
}

Get Riskbit

Using this API, will return the list of riskbit details for the riskbitId provided in the request.

Authorizations:
BearerAuth
path Parameters
tenantId
required
string

Configure the Realm's name.

id
required
string

Configure the Riskbit Id.

Responses

Response samples

Content type
application/json
{
  • "message": "Riskbit found successfully",
  • "status": "OK",
  • "subSystem": 1,
  • "data": [
    ]
}

Add List of Riskbits

Using this API, you can add a list of riskbits as provided in the request.

Authorizations:
BearerAuth
path Parameters
tenantId
required
string

Configure the Realm's name.

Request Body schema: application/json
Array
operation
string

Device execution is determined by the risk operation. For instance, if the JBreak[1]40001 is the Risk name of the device in 'Risk Details iOS' is 'HIGH_RISK,'in Operation the device will not be allowed.

ratingLevel
string

Assessing the Risk Level on the device.

realmId
string

The "realmId" field serves as an identifier for a specific tenant within a system.

risk
string

The percentage risk associated with this risk bit.

riskAndroid
string

The risk percentage specifically for Android platforms.

riskIOS
string

The risk percentage specifically for ios platforms.

score
string

Qualitative measure that quantifies the degree of the risk.

Responses

Request samples

Content type
application/json
[
  • {
    },
  • {
    },
  • {
    },
  • {
    },
  • {
    },
  • {
    },
  • {
    },
  • {
    },
  • {
    },
  • {
    },
  • {
    },
  • {
    }
]

Response samples

Content type
application/json
{
  • "message": "Add riskbits request completed successfully",
  • "status": "OK",
  • "subSystem": 1,
  • "data": {
    }
}

Get All Riskbits

Using this API will return a list of riskbit details.

Authorizations:
BearerAuth
path Parameters
tenantId
required
string

Configure the Realm's name.

Responses

Response samples

Content type
application/json
{
  • "message": "Riskbits fetched successfully",
  • "status": "OK",
  • "subSystem": 1,
  • "data": [
    ]
}

Verify Device Risk

This API verifies whether the specified risk exists and fetches its details if it exists.

Authorizations:
BearerAuth
path Parameters
tenantId
required
string

Configure the Realm's name.

Request Body schema: application/json
platform
string

Specify OS platform.

riskName
string

Name of the specific risk being verified.

Responses