openapi: 3.0.1 info: title: Beyond Identity API version: 1.7.0 contact: email: support@beyondidentity.com description: | # Introduction The Beyond Identity API defines methods for managing realms, directories, credentials, and applications. All of the functionality available in the Beyond Identity Admin Console is also available through the API. This API is currently in the early-access stage and is under active development. Feedback and suggestions are encouraged and should be directed to the [Beyond Identity Developer Slack Channel](https://join.slack.com/t/byndid/shared_invite/zt-1anns8n83-NQX4JvW7coi9dksADxgeBQ). # Authentication All Beyond Identity API endpoints require authentication using an access token. The access token is generated through OAuth 2.0 or OIDC, using the authorization code flow or the client credentials flow. The simplest way to acquire an access token is through the Beyond Identity Admin Console. Under the "Applications" tab, select the "Beyond Identity Management API" application, navigate to the "API Tokens" tab, and then click on "Create token". Alternatively, an access token may also be generated directly via the API by requesting a token for the "Beyond Identity Management API" Application. ``` curl https://auth-us.beyondidentity.com/v1/tenants/$TENANT_ID/realms/$REALM_ID/applications/$APPLICATION_ID/token \ -X POST \ -u "$CLIENT_ID:$CLIENT_SECRET" --basic \ -H "Content-Type: application/x-www-form-urlencoded" \ -d "grant_type=client_credentials&scope=$SCOPES" ``` This will work for any application that you have configured to provide access to the Beyond Identity Management API Resource Server. The "Beyond Identity Management API" application is provided by default as part of the tenant onboarding process. The access token must be provided in the `Authorization` header of the API request. ``` curl https://api-us.beyondidentity.com/v1/... \ -X $HTTP_METHOD -H "Authorization: Bearer $TOKEN" ``` ## Requests and Responses To interact with the Beyond Identity API, all requests should be made over HTTPS. The Beyond Identity API is generally structured as a resource-oriented API. Resources are represented as JSON objects and are used as both inputs to and outputs from API methods. Resource fields may be described as read-only and immutable. A read-only field is only provided on the response. An immutable field is only assigned once and may not be changed after. For example, system-generated IDs are described as both read-only and immutable. To create a new resource, requests should use the `POST` method. Create requests include all of the necessary attributes to create a new resource. Create operations return the created resource in the response. To retrieve a single resource or a collection of resources, requests should use the `GET` method. When retrieving a collection of resources, the response will include an array of JSON objects keyed on the plural name of the requested resource. To update an resource, requests should use the `PATCH` method. Update operations support partial updating so requests may specify only the attributes which should be updated. Update operations return the updated resource in the response. To delete a resource, requests should use the `DELETE` method. Note that delete operations return an empty response instead of returning the resource in the response. ### Example Response for a Realm ``` { "id": "a448fe493e02fa9f", "tenant_id": "000168dc50bdce49", "display_name": "Test Realm", "create_time": "2022-06-22T21:46:08.930278Z", "update_time": "2022-06-22T21:46:08.930278Z" } ``` ### Example Response for a Collection of Realms ``` { "realms": [ { "id": "a448fe493e02fa9f", "tenant_id": "000168dc50bdce49", "display_name": "Test Realm", "create_time": "2022-06-22T21:46:08.930278Z", "update_time": "2022-06-22T21:46:08.930278Z" } ], "total_size": 1 } ``` ## HTTP Statuses The API returns standard HTTP statuses and error codes. Statuses in the 200 range indicate that the request was successfully fulfilled and there were no errors. Statuses in the 400 range indicate that there was an issue with the request that may be addressed by the client. For example, client errors may indicate that the request was missing proper authorization or that the request was malformed. Statuses in the 500 range indicate that the server encountered an internal issue and was unable to fulfill the request. All error responses include a JSON object with a `code` field and a `message` field. `code` contains a human-readable name for the HTTP status code and `message` contains a high-level description of the error. The error object may also contain additional error details which may be used by the client to determine the exact cause of the error. Refer to each API method's examples to determine the specific error detail types supported for that method. ### Invalid Access Token Example If the provided access token is invalid, you will receive a 401 error. This error indicates that the token is not recognized and was not generated by Beyond Identity. ``` HTTP/1.1 401 Unauthorized { "code": "unauthorized", "message": "unauthorized" } ``` ### Permission Denied Example If the provided access token does not have access to the requested resource, you will receive a 403 error. Access tokens are scoped at a minimum to your tenant. Any request for resources outside of your tenant will result in this error. ``` HTTP/1.1 403 Forbidden { "code": "forbidden", "message": "forbidden" } ``` ### Missing Resource Example If the requested resource does not exist, you will receive a 404 error. The specific API method may return additional details about the missing resource. ``` HTTP/1.1 404 Not Found { "code": "not_found", "message": "group not found" "details": [ { "type": "ResourceInfo", "resource_type": "Group", "id": "4822738be6b7f658", "description": "group not found" } ], } ``` ### Invalid Parameters Example If the request body contains invalid parameters, you will receive a 400 error. The specific API method may return additional details about the invalid parameter. ``` HTTP/1.1 400 Bad Request { "code": "bad_request", "message": "invalid parameters" "details": [ { "type": "FieldViolations" "field_violations": [ { "description": "missing", "field": "group.display_name" } ], } ], } ``` servers: - url: 'https://api-us.beyondidentity.com' tags: - name: Tenants description: | A tenant represents an organization in the Beyond Identity Cloud. Tenants contain all data necessary for that organization to operate. - name: Realms description: | A realm is a unique administrative domain within a tenant. Realms may be used to define multiple development environments or for isolated administrative domains. - name: Groups description: | A group is a logical collection of identities. Groups are commonly used as a predicate in a policy rule. - name: Identities description: | An identity is a unique identifier that may be used by an end-user to gain access governed by Beyond Identity. - name: Credentials description: | A credential is also known as a passkey. This is the public-private key pair that belongs to an identity. - name: Credential Binding Jobs description: | A credential binding job defines the state of binding a new credential to an identity. The state includes creation of the credential binding job to delivery of the credential binding method to completion of the credential binding. - name: Themes description: | A theme is a collection of configurable assets that unifies the end user login experience with your brand and products. It is primarily used to change the styling of the credential binding email. - name: Applications description: | An application represents a client application that uses Beyond Identity for authentication. This could be a native app, a single-page application, regular web application, or machine-to-machine application credentials. - name: Authenticator Configurations description: | A authenticator configuration prescribes how an end user may authenticate themselves to Beyond Identity. Beyond Identity provides a Hosted Web Authenticator which will work out-of-the-box, as well as SDKs that can be embedded into an end user application. - name: Resource Servers description: | A resource server represents an API server that hosts a set of protected resources and is capable of accepting and responding to protected resource requests using access tokens. Clients can enable these APIs to be consumed from authorized applications. paths: '/v1/tenants/{tenant_id}': get: tags: - Tenants operationId: GetTenant summary: Retrieve an Existing Tenant description: | To retrieve an existing tenant, send a GET request to `/v1/tenants/$TENANT_ID`. security: - BearerAuth: - 'tenants:read' parameters: - $ref: '#/components/parameters/tenant_id' responses: '200': description: | The response will be a JSON object containing the standard attributes associated with a tenant. content: application/json: schema: $ref: '#/components/schemas/Tenant' examples: Success: value: id: 000176d94fd7b4d1 display_name: Test Tenant create_time: 2022-01-28T12:00:02.423Z update_time: 2022-04-19T15:17:21.186Z '401': description: Unauthorized. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Missing Authorization: value: code: unauthorized message: unauthorized '403': description: Forbidden. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Insufficient Authorization: value: code: forbidden message: forbidden '500': description: Server error. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Internal Error: value: code: internal_server_error message: internal server error patch: tags: - Tenants operationId: UpdateTenant summary: Patch a Tenant description: | To update only specific attributes of an existing tenant, send a PATCH request to `/v1/tenants/$TENANT_ID`. Values in the request body for immutable or read-only fields will be ignored. Fields that are omitted from the request body will be left unchanged. security: - BearerAuth: - 'tenants:update' parameters: - $ref: '#/components/parameters/tenant_id' requestBody: description: Updates to the specified tenant. content: application/json: schema: title: Update Tenant Request description: Request for UpdateTenant. type: object properties: tenant: $ref: '#/components/schemas/Tenant' required: - tenant examples: Update Display Name: value: tenant: display_name: Test Tenant responses: '200': description: | The response will be a JSON object containing the standard attributes associated with a tenant. content: application/json: schema: $ref: '#/components/schemas/Tenant' examples: Success: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/200/content/application~1json/examples/Success' '400': description: Bad request. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Malformed Request: value: code: bad_request message: invalid request Invalid Parameters: value: code: bad_request message: invalid parameters details: - type: FieldViolations field_violations: - field: tenant.display_name description: empty string '401': description: Unauthorized. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Missing Authorization: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/401/content/application~1json/examples/Missing%20Authorization' '403': description: Forbidden. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Insufficient Authorization: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/403/content/application~1json/examples/Insufficient%20Authorization' '500': description: Server error. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Internal Error: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/500/content/application~1json/examples/Internal%20Error' '/v1/tenants/{tenant_id}/realms': post: tags: - Realms operationId: CreateRealm summary: Create a New Realm description: | To create a realm, send a POST request to `/v1/tenants/$TENANT_ID/realms`. Values in the request body for read-only fields will be ignored. security: - BearerAuth: - 'realms:create' parameters: - $ref: '#/components/parameters/tenant_id' requestBody: content: application/json: schema: title: Create Realm Request description: Request for CreateRealm. type: object properties: realm: $ref: '#/components/schemas/Realm' required: - realm responses: '200': description: | The response will be a JSON object containing the standard attributes associated with a realm. content: application/json: schema: $ref: '#/components/schemas/Realm' examples: Success: value: id: 19a95130480dfa79 tenant_id: 0001f1f460b1ace6 display_name: Test Realm create_time: 2022-05-18T18:00:01.167Z update_time: 2022-05-19T14:23:01.327Z '400': description: Bad request. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Malformed Request: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/patch/responses/400/content/application~1json/examples/Malformed%20Request' Invalid Parameters: value: code: bad_request message: invalid parameters details: - type: FieldViolations field_violations: - field: realm.display_name description: empty string '401': description: Unauthorized. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Missing Authorization: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/401/content/application~1json/examples/Missing%20Authorization' '403': description: Forbidden. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Insufficient Authorization: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/403/content/application~1json/examples/Insufficient%20Authorization' '500': description: Server error. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Internal Error: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/500/content/application~1json/examples/Internal%20Error' get: tags: - Realms operationId: ListRealms summary: List Realms for a Tenant description: | To list all realms for a tenant, send a GET request to `/v1/tenants/$TENANT_ID/realms`. The response will contain at most 200 items and may contain a page token to query the remaining items. If page size is not specified, the response will contain 20 items. There is no defined ordering of the list of realms in the response. Note that the maximum and default page sizes are subject to change. When paginating, the page size is maintained by the page token but may be overridden on subsequent requests. The skip is not maintained by the page token and must be specified on each subsequent request. Page tokens expire after one week. Requests which specify an expired page token will result in undefined behavior. security: - BearerAuth: - 'realms:read' parameters: - $ref: '#/components/parameters/tenant_id' - $ref: '#/components/parameters/page_size' - $ref: '#/components/parameters/page_token' - $ref: '#/components/parameters/skip' responses: '200': description: | The response will be a JSON object with keys for `realms` and `total_size`. `realms` will be set to an array of realm objects, each of which contain the standard realm attributes. `total_size` will be set to the total number of items matched by the list request. If there are more items to be returned by the requested query, the response will also contain a key called `next_page_token`. content: application/json: schema: $ref: '#/components/schemas/ListRealmsResponse' examples: Success: value: realms: - id: 19a95130480dfa79 tenant_id: 0001f1f460b1ace6 display_name: Test Realm create_time: 2022-05-18T18:00:01.167Z update_time: 2022-05-19T14:23:01.327Z total_size: 1 '400': description: Bad request. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Invalid Parameters: value: code: bad_request message: invalid parameters details: - type: FieldViolations field_violations: - field: page_token description: invalid page token '401': description: Unauthorized. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Missing Authorization: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/401/content/application~1json/examples/Missing%20Authorization' '403': description: Forbidden. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Insufficient Authorization: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/403/content/application~1json/examples/Insufficient%20Authorization' '500': description: Server error. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Internal Error: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/500/content/application~1json/examples/Internal%20Error' '/v1/tenants/{tenant_id}/realms/{realm_id}': get: tags: - Realms operationId: GetRealm summary: Retrieve an Existing Realm description: | To retrieve an existing realm, send a GET request to `/v1/tenants/$TENANT_ID/realms/$REALM_ID`. security: - BearerAuth: - 'realms:read' parameters: - $ref: '#/components/parameters/tenant_id' - $ref: '#/components/parameters/realm_id' responses: '200': description: | The response will be a JSON object containing the standard attributes associated with a realm. content: application/json: schema: $ref: '#/components/schemas/Realm' examples: Success: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms/post/responses/200/content/application~1json/examples/Success' '401': description: Unauthorized. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Missing Authorization: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/401/content/application~1json/examples/Missing%20Authorization' '403': description: Forbidden. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Insufficient Authorization: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/403/content/application~1json/examples/Insufficient%20Authorization' '404': description: The resource was not found. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Realm Not Found: value: code: not_found message: realm not found details: - type: ResourceInfo resource_type: Realm id: 19a95130480dfa79 description: realm not found '500': description: Server error. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Internal Error: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/500/content/application~1json/examples/Internal%20Error' patch: tags: - Realms operationId: UpdateRealm summary: Patch a Realm description: | To update only specific attributes of an existing realm, send a PATCH request to `/v1/tenants/$TENANT_ID/realms/$REALM_ID`. Values in the request body for immutable or read-only fields will be ignored. Fields that are omitted from the request body will be left unchanged. security: - BearerAuth: - 'realms:update' parameters: - $ref: '#/components/parameters/tenant_id' - $ref: '#/components/parameters/realm_id' requestBody: content: application/json: schema: title: Update Realm Request description: Request for UpdateRealm. type: object properties: realm: $ref: '#/components/schemas/Realm' required: - realm examples: Update Display Name: value: realm: display_name: Test Realm responses: '200': description: | The response will be a JSON object containing the standard attributes associated with a realm. content: application/json: schema: $ref: '#/components/schemas/Realm' examples: Success: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms/post/responses/200/content/application~1json/examples/Success' '400': description: Bad request. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Malformed Request: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/patch/responses/400/content/application~1json/examples/Malformed%20Request' Invalid Parameters: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms/post/responses/400/content/application~1json/examples/Invalid%20Parameters' '401': description: Unauthorized. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Missing Authorization: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/401/content/application~1json/examples/Missing%20Authorization' '403': description: Forbidden. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Insufficient Authorization: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/403/content/application~1json/examples/Insufficient%20Authorization' '404': description: The resource was not found. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Realm Not Found: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D/get/responses/404/content/application~1json/examples/Realm%20Not%20Found' '500': description: Server error. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Internal Error: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/500/content/application~1json/examples/Internal%20Error' delete: tags: - Realms operationId: DeleteRealm summary: Delete a Realm description: | To delete a realm, send a DELETE request to `/v1/tenants/$TENANT_ID/realms/$REALM_ID`. To be deleted, a realm must not have any identities, groups, or roles. All associated resources must first be deleted or you will receive a 409 error. A successful request will receive a 200 status code with no body in the response. This indicates that the request was processed successfully. security: - BearerAuth: - 'realms:delete' parameters: - $ref: '#/components/parameters/tenant_id' - $ref: '#/components/parameters/realm_id' responses: '200': description: The action was successful and the response body is empty. '401': description: Unauthorized. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Missing Authorization: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/401/content/application~1json/examples/Missing%20Authorization' '403': description: Forbidden. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Insufficient Authorization: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/403/content/application~1json/examples/Insufficient%20Authorization' '404': description: The resource was not found. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Realm Not Found: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D/get/responses/404/content/application~1json/examples/Realm%20Not%20Found' '409': description: Conflict. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Realm Has Resources: value: code: conflict message: realm has children '500': description: Server error. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Internal Error: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/500/content/application~1json/examples/Internal%20Error' '/v1/tenants/{tenant_id}/realms/{realm_id}/groups': post: tags: - Groups operationId: CreateGroup summary: Create a New Group description: | To create a group, send a POST request to `/v1/tenants/$TENANT_ID/realms/$REALM_ID/groups`. Values in the request body for read-only fields will be ignored. security: - BearerAuth: - 'groups:create' parameters: - $ref: '#/components/parameters/tenant_id' - $ref: '#/components/parameters/realm_id' requestBody: content: application/json: schema: title: Create Group Request description: Request for CreateGroup. type: object properties: group: $ref: '#/components/schemas/Group' required: - group examples: Create Group: value: group: display_name: Realm Administrators description: A group of realm administrators. responses: '200': description: | The response will be a JSON object containing the standard attributes associated with a group. content: application/json: schema: $ref: '#/components/schemas/Group' examples: Success: value: id: 81490afab171aef0 realm_id: 7df92e4a38ba0993 tenant_id: 0001b42d80372976 display_name: Realm Administrators description: A group of realm administrators. create_time: 2022-03-14T03:42:52.905Z update_time: 2022-06-14T05:55:23.823Z '400': description: Bad request. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Malformed Request: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/patch/responses/400/content/application~1json/examples/Malformed%20Request' Invalid Parameters: value: code: bad_request message: invalid parameters details: - type: FieldViolations field_violations: - field: group.display_name description: empty string '401': description: Unauthorized. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Missing Authorization: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/401/content/application~1json/examples/Missing%20Authorization' '403': description: Forbidden. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Insufficient Authorization: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/403/content/application~1json/examples/Insufficient%20Authorization' '404': description: The resource was not found. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Realm Not Found: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D/get/responses/404/content/application~1json/examples/Realm%20Not%20Found' '500': description: Server error. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Internal Error: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/500/content/application~1json/examples/Internal%20Error' get: tags: - Groups operationId: ListGroups summary: List Groups for a Realm description: | To list all groups for a realm, send a GET request to `/v1/tenants/$TENANT_ID/realms/$REALM_ID/groups`. The response will contain at most 200 items and may contain a page token to query the remaining items. If page size is not specified, the response will contain 20 items. There is no defined ordering of the list of groups in the response. Note that the maximum and default page sizes are subject to change. When paginating, the page size is maintained by the page token but may be overridden on subsequent requests. The skip is not maintained by the page token and must be specified on each subsequent request. Page tokens expire after one week. Requests which specify an expired page token will result in undefined behavior. security: - BearerAuth: - 'groups:read' parameters: - $ref: '#/components/parameters/tenant_id' - $ref: '#/components/parameters/realm_id' - $ref: '#/components/parameters/page_size' - $ref: '#/components/parameters/page_token' - $ref: '#/components/parameters/skip' responses: '200': description: | The response will be a JSON object with keys for `groups` and `total_size`. `groups` will be set to an array of group objects, each of which contains the standard group attributes. `total_size` will be set to the total number of items matched by the list request. If there are more items to be returned by the requested query, the response will also contain a key called `next_page_token`. content: application/json: schema: $ref: '#/components/schemas/ListGroupsResponse' examples: Success: value: groups: - id: 81490afab171aef0 realm_id: 7df92e4a38ba0993 tenant_id: 0001b42d80372976 display_name: Realm Administrators description: A group of realm administrators. create_time: 2022-03-14T03:42:52.905Z update_time: 2022-06-14T05:55:23.823Z total_size: 1 '400': description: Bad request. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Invalid Parameters: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms/get/responses/400/content/application~1json/examples/Invalid%20Parameters' '401': description: Unauthorized. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Missing Authorization: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/401/content/application~1json/examples/Missing%20Authorization' '403': description: Forbidden. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Insufficient Authorization: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/403/content/application~1json/examples/Insufficient%20Authorization' '404': description: The resource was not found. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Realm Not Found: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D/get/responses/404/content/application~1json/examples/Realm%20Not%20Found' '500': description: Server error. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Internal Error: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/500/content/application~1json/examples/Internal%20Error' '/v1/tenants/{tenant_id}/realms/{realm_id}/groups/{group_id}': get: tags: - Groups operationId: GetGroup summary: Retrieve an Existing Group description: | To retrieve an existing group, send a GET request to `/v1/tenants/$TENANT_ID/realms/$REALM_ID/groups/$GROUP_ID`. security: - BearerAuth: - 'groups:read' parameters: - $ref: '#/components/parameters/tenant_id' - $ref: '#/components/parameters/realm_id' - $ref: '#/components/parameters/group_id' responses: '200': description: | The response will be a JSON object containing the standard attributes associated with a group. content: application/json: schema: $ref: '#/components/schemas/Group' examples: Success: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1groups/post/responses/200/content/application~1json/examples/Success' '401': description: Unauthorized. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Missing Authorization: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/401/content/application~1json/examples/Missing%20Authorization' '403': description: Forbidden. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Insufficient Authorization: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/403/content/application~1json/examples/Insufficient%20Authorization' '404': description: The resource was not found. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Group Not Found: value: code: not_found message: group not found details: - type: ResourceInfo resource_type: Group id: 4822738be6b7f658 description: group not found '500': description: Server error. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Internal Error: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/500/content/application~1json/examples/Internal%20Error' patch: tags: - Groups operationId: UpdateGroup summary: Patch a Group description: | To update only specific attributes of an existing group, send a PATCH request to `/v1/tenants/$TENANT_ID/realms/$REALM_ID/groups/$GROUP_ID`. Values in the request body for immutable or read-only fields will be ignored. Fields that are omitted from the request body will be left unchanged. security: - BearerAuth: - 'groups:update' parameters: - $ref: '#/components/parameters/tenant_id' - $ref: '#/components/parameters/realm_id' - $ref: '#/components/parameters/group_id' requestBody: content: application/json: schema: title: Update Group Request description: Request for UpdateGroup. type: object properties: group: $ref: '#/components/schemas/Group' required: - group examples: Update Display Name: value: group: display_name: Realm Administrators responses: '200': description: | The response will be a JSON object containing the standard attributes associated with a group. content: application/json: schema: $ref: '#/components/schemas/Group' examples: Success: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1groups/post/responses/200/content/application~1json/examples/Success' '400': description: Bad request. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Malformed Request: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/patch/responses/400/content/application~1json/examples/Malformed%20Request' Invalid Parameters: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1groups/post/responses/400/content/application~1json/examples/Invalid%20Parameters' '401': description: Unauthorized. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Missing Authorization: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/401/content/application~1json/examples/Missing%20Authorization' '403': description: Forbidden. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Insufficient Authorization: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/403/content/application~1json/examples/Insufficient%20Authorization' '404': description: The resource was not found. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Group Not Found: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1groups~1%7Bgroup_id%7D/get/responses/404/content/application~1json/examples/Group%20Not%20Found' '500': description: Server error. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Internal Error: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/500/content/application~1json/examples/Internal%20Error' delete: tags: - Groups operationId: DeleteGroup summary: Delete a Group description: | To delete a group, send a DELETE request to `/v1/tenants/$TENANT_ID/realms/$REALM_ID/groups/$GROUP_ID`. To be deleted, a group must not have any members. Any existing members must first be deleted or you will receive a 409 error. A successful request will receive a 200 status code with no body in the response. This indicates that the request was processed successfully. security: - BearerAuth: - 'groups:delete' parameters: - $ref: '#/components/parameters/tenant_id' - $ref: '#/components/parameters/realm_id' - $ref: '#/components/parameters/group_id' responses: '200': description: The action was successful and the response body is empty. '401': description: Unauthorized. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Missing Authorization: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/401/content/application~1json/examples/Missing%20Authorization' '403': description: Forbidden. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Insufficient Authorization: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/403/content/application~1json/examples/Insufficient%20Authorization' '404': description: The resource was not found. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Group Not Found: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1groups~1%7Bgroup_id%7D/get/responses/404/content/application~1json/examples/Group%20Not%20Found' '409': description: Conflict. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Group Has Members: value: code: conflict message: group has children '500': description: Server error. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Internal Error: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/500/content/application~1json/examples/Internal%20Error' '/v1/tenants/{tenant_id}/realms/{realm_id}/groups/{group_id}:addMembers': post: tags: - Groups operationId: AddGroupMembers summary: Add Members to a Group description: | To add members to a group, send a POST request to `/v1/tenants/$TENANT_ID/realms/$REALM_ID/groups/$GROUP_ID:addMembers`. The request must contain at least one and no more than 1000 identity IDs. security: - BearerAuth: - 'groups:update' - 'identities:read' parameters: - $ref: '#/components/parameters/tenant_id' - $ref: '#/components/parameters/realm_id' - $ref: '#/components/parameters/group_id' requestBody: content: application/json: schema: title: Add Group Members Request description: Request for AddGroupMembers. type: object properties: identity_ids: description: IDs of the identities to be added to the group. type: array items: type: string minItems: 1 maxItems: 1000 required: - identity_ids examples: Add Members: value: identity_ids: - e372db224c06e850 - 3a28d4f28b57cc93 responses: '200': description: | The response will be a JSON object containing the standard attributes associated with a group. content: application/json: schema: $ref: '#/components/schemas/Group' examples: Success: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1groups/post/responses/200/content/application~1json/examples/Success' '400': description: Bad request. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Malformed Request: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/patch/responses/400/content/application~1json/examples/Malformed%20Request' Invalid Parameters: value: code: bad_request message: invalid parameters details: - type: FieldViolations field_violations: - field: identity_ids description: array exceeds 1000 elements '401': description: Unauthorized. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Missing Authorization: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/401/content/application~1json/examples/Missing%20Authorization' '403': description: Forbidden. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Insufficient Authorization: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/403/content/application~1json/examples/Insufficient%20Authorization' '404': description: The resource was not found. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Group Not Found: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1groups~1%7Bgroup_id%7D/get/responses/404/content/application~1json/examples/Group%20Not%20Found' '500': description: Server error. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Internal Error: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/500/content/application~1json/examples/Internal%20Error' '/v1/tenants/{tenant_id}/realms/{realm_id}/groups/{group_id}:deleteMembers': post: tags: - Groups operationId: DeleteGroupMembers summary: Delete Members from a Group description: | To delete members from a group, send a POST request to `/v1/tenants/$TENANT_ID/realms/$REALM_ID/groups/$GROUP_ID:deleteMembers`. The request must contain at least one and no more than 1000 identity IDs. security: - BearerAuth: - 'groups:update' - 'identities:read' parameters: - $ref: '#/components/parameters/tenant_id' - $ref: '#/components/parameters/realm_id' - $ref: '#/components/parameters/group_id' requestBody: content: application/json: schema: title: Delete Group Members Request description: Request for DeleteGroupMembers. type: object properties: identity_ids: description: IDs of the identities to be removed from the group. type: array items: type: string minItems: 1 maxItems: 1000 required: - identity_ids examples: Delete Members: value: identity_ids: - e372db224c06e850 - 3a28d4f28b57cc93 responses: '200': description: | The response will be a JSON object containing the standard attributes associated with a group. content: application/json: schema: $ref: '#/components/schemas/Group' examples: Success: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1groups/post/responses/200/content/application~1json/examples/Success' '400': description: Bad request. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Malformed Request: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/patch/responses/400/content/application~1json/examples/Malformed%20Request' Invalid Parameters: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1groups~1%7Bgroup_id%7D%3AaddMembers/post/responses/400/content/application~1json/examples/Invalid%20Parameters' '401': description: Unauthorized. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Missing Authorization: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/401/content/application~1json/examples/Missing%20Authorization' '403': description: Forbidden. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Insufficient Authorization: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/403/content/application~1json/examples/Insufficient%20Authorization' '404': description: The resource was not found. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Group Not Found: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1groups~1%7Bgroup_id%7D/get/responses/404/content/application~1json/examples/Group%20Not%20Found' '500': description: Server error. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Internal Error: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/500/content/application~1json/examples/Internal%20Error' '/v1/tenants/{tenant_id}/realms/{realm_id}/groups/{group_id}:listMembers': get: tags: - Groups operationId: ListGroupMembers summary: List Members for a Group description: | To list members belonging to a group, send a GET request to `/v1/tenants/$TENANT_ID/realms/$REALM_ID/groups/$GROUP_ID:listMembers`. The response will contain at most 200 items and may contain a page token to query the remaining items. If page size is not specified, the response will contain 20 items. There is no defined ordering of the list of members in the response. Note that the maximum and default page sizes are subject to change. When paginating, the page size is maintained by the page token but may be overridden on subsequent requests. The skip is not maintained by the page token and must be specified on each subsequent request. Page tokens expire after one week. Requests which specify an expired page token will result in undefined behavior. security: - BearerAuth: - 'groups:read' - 'identities:read' parameters: - $ref: '#/components/parameters/tenant_id' - $ref: '#/components/parameters/realm_id' - $ref: '#/components/parameters/group_id' - $ref: '#/components/parameters/page_size' - $ref: '#/components/parameters/page_token' - $ref: '#/components/parameters/skip' responses: '200': description: | The response will be a JSON object with keys for `identities` and `total_size`. `identities` will be set to an array of identity objects, each of which contains the standard identity attributes. `total_size` will be set to the total number of items matched by the list request. If there are more items to be returned by the requested query, the response will also contain a key called `next_page_token`. content: application/json: schema: $ref: '#/components/schemas/ListGroupMembersResponse' examples: Success: value: identities: - id: e372db224c06e850 realm_id: 8f5bec58229e6f29 tenant_id: 0001f1f460b1ace6 display_name: Test Identity create_time: 2022-04-12T05:53:07.119Z update_time: 2022-06-16T14:31:03.770Z traits: type: traits_v0 username: test primary_email_address: test@example.com total_size: 1 '400': description: Bad request. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Invalid Parameters: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms/get/responses/400/content/application~1json/examples/Invalid%20Parameters' '401': description: Unauthorized. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Missing Authorization: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/401/content/application~1json/examples/Missing%20Authorization' '403': description: Forbidden. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Insufficient Authorization: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/403/content/application~1json/examples/Insufficient%20Authorization' '404': description: The resource was not found. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Group Not Found: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1groups~1%7Bgroup_id%7D/get/responses/404/content/application~1json/examples/Group%20Not%20Found' '500': description: Server error. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Internal Error: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/500/content/application~1json/examples/Internal%20Error' '/v1/tenants/{tenant_id}/realms/{realm_id}/groups/{group_id}:listRoles': get: tags: - Groups operationId: ListGroupRoles summary: List Role Memberships for a Group description: | To list the roles to which a group is assigned, send a GET request to `/v1/tenants/$TENANT_ID/realms/$REALM_ID/groups/$GROUP_ID:listRoles`. The request must include the `resource_server_id` query parameter specifying the resource server on which to filter the roles. If the specified resource server does not exist, you will receive a 409 error. The response will contain at most 200 items and may contain a page token to query the remaining items. If page size is not specified, the response will contain 20 items. There is no defined ordering of the list of roles in the response. Note that the maximum and default page sizes are subject to change. When paginating, the page size is maintained by the page token but may be overridden on subsequent requests. The skip is not maintained by the page token and must be specified on each subsequent request. Page tokens expire after one week. Requests which specify an expired page token will result in undefined behavior. security: - BearerAuth: - 'groups:read' - 'roles:read' - 'resource-servers:read' parameters: - $ref: '#/components/parameters/tenant_id' - $ref: '#/components/parameters/realm_id' - $ref: '#/components/parameters/group_id' - $ref: '#/components/parameters/resource_server_id_query' - $ref: '#/components/parameters/page_size' - $ref: '#/components/parameters/page_token' - $ref: '#/components/parameters/skip' responses: '200': description: | The response will be a JSON object with keys for `roles` and `total_size`. `roles` will be set to an array of role objects, each of which contains the standard role attributes. `total_size` will be set to the total number of items matched by the list request. If there are more items to be returned by the requested query, the response will also contain a key called `next_page_token`. content: application/json: schema: $ref: '#/components/schemas/ListGroupRolesResponse' examples: Success: value: roles: - id: fb785d40cbe4fc0d resource_server_id: 7b5a4325-00e0-4379-bd7b-3e5e7e30b09e realm_id: bb26e0e8ecdef843 tenant_id: 00010036778ce59f description: Help Desk display_name: Customer support personnel. create_time: 2023-02-14T18:18:58.332Z update_time: 2023-02-14T18:18:58.332Z total_size: 1 '400': description: Bad request. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Invalid Parameters: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms/get/responses/400/content/application~1json/examples/Invalid%20Parameters' '401': description: Unauthorized. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Missing Authorization: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/401/content/application~1json/examples/Missing%20Authorization' '403': description: Forbidden. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Insufficient Authorization: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/403/content/application~1json/examples/Insufficient%20Authorization' '404': description: The resource was not found. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Role Not Found: value: code: not_found message: role not found details: - type: ResourceInfo resource_type: Role id: fb785d40cbe4fc0d description: role not found '409': description: Conflict. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Resource Server Not Found: value: code: conflict message: resource server not found details: - type: ResourceInfo resource_type: ResourceServer id: 7b5a4325-00e0-4379-bd7b-3e5e7e30b09e description: resource server not found '500': description: Server error. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Internal Error: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/500/content/application~1json/examples/Internal%20Error' '/v1/tenants/{tenant_id}/realms/{realm_id}/identities': post: tags: - Identities operationId: CreateIdentity summary: Create a New Identity description: | To create an identity, send a POST request to `/v1/tenants/$TENANT_ID/realms/$REALM_ID/identities`. Values in the request body for read-only fields will be ignored. If the request conflicts with an existing resource, you will receive a 409 error. security: - BearerAuth: - 'identities:create' parameters: - $ref: '#/components/parameters/tenant_id' - $ref: '#/components/parameters/realm_id' requestBody: content: application/json: schema: title: Create Identity Request description: Request for CreateIdentity. type: object properties: identity: $ref: '#/components/schemas/Identity' required: - identity examples: Create Identity: value: identity: display_name: Test Identity traits: type: traits_v0 username: test primary_email_address: test@example.com responses: '200': description: | The response will be a JSON object containing the standard attributes associated with an identity. content: application/json: schema: $ref: '#/components/schemas/Identity' examples: Success: value: id: e372db224c06e850 realm_id: 8f5bec58229e6f29 tenant_id: 0001f1f460b1ace6 display_name: Test Identity create_time: 2022-04-12T05:53:07.119Z update_time: 2022-06-16T14:31:03.770Z traits: type: traits_v0 username: test primary_email_address: test@example.com '400': description: Bad request. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Malformed Request: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/patch/responses/400/content/application~1json/examples/Malformed%20Request' Invalid Parameters: value: code: bad_request message: invalid parameters details: - type: FieldViolations field_violations: - field: identity.display_name description: empty string '401': description: Unauthorized. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Missing Authorization: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/401/content/application~1json/examples/Missing%20Authorization' '403': description: Forbidden. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Insufficient Authorization: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/403/content/application~1json/examples/Insufficient%20Authorization' '404': description: The resource was not found. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Realm Not Found: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D/get/responses/404/content/application~1json/examples/Realm%20Not%20Found' '409': description: Conflict. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Username Already Exists: value: code: conflict message: username already exists '500': description: Server error. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Internal Error: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/500/content/application~1json/examples/Internal%20Error' get: tags: - Identities operationId: ListIdentities summary: List Identities for a Realm description: | To list identities for a realm, send a GET request to `/v1/tenants/$TENANT_ID/realms/$REALM_ID/identities`. The response will only contain identities matching the filter in the request. If no filter is provided, the request will match all identities in the realm. Currently, the only supported filter is `traits.username eq "$USERNAME"`. The response will contain at most 200 items and may contain a page token to query the remaining items. If page size is not specified, the response will contain 20 items. There is no defined ordering of the list of identities in the response. Note that the maximum and default page sizes are subject to change. When paginating, the page size is maintained by the page token but may be overridden on subsequent requests. The filter is also maintained by the page token but it may not be overridden. If specified, the request filter must match the filter maintained by the page token, otherwise you will receive a 400 error. The skip is not maintained by the page token and must be specified on each subsequent request. Page tokens expire after one week. Requests which specify an expired page token will result in undefined behavior. security: - BearerAuth: - 'identities:read' parameters: - $ref: '#/components/parameters/tenant_id' - $ref: '#/components/parameters/realm_id' - $ref: '#/components/parameters/filter' - $ref: '#/components/parameters/page_size' - $ref: '#/components/parameters/page_token' - $ref: '#/components/parameters/skip' responses: '200': description: | The response will be a JSON object with keys for `identities` and `total_size`. `identities` will be set to an array of identity objects, each of which contains the standard identity attributes. `total_size` will be set to the total number of items matched by the list request. If there are more items to be returned by the requested query, the response will also contain a key called `next_page_token`. content: application/json: schema: $ref: '#/components/schemas/ListIdentitiesResponse' examples: Success: value: identities: - id: e372db224c06e850 realm_id: 8f5bec58229e6f29 tenant_id: 0001f1f460b1ace6 display_name: Test Identity create_time: 2022-04-12T05:53:07.119Z update_time: 2022-06-16T14:31:03.770Z traits: type: traits_v0 username: test primary_email_address: test@example.com total_size: 1 '400': description: Bad request. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Invalid Parameters: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms/get/responses/400/content/application~1json/examples/Invalid%20Parameters' '401': description: Unauthorized. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Missing Authorization: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/401/content/application~1json/examples/Missing%20Authorization' '403': description: Forbidden. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Insufficient Authorization: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/403/content/application~1json/examples/Insufficient%20Authorization' '404': description: The resource was not found. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Realm Not Found: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D/get/responses/404/content/application~1json/examples/Realm%20Not%20Found' '500': description: Server error. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Internal Error: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/500/content/application~1json/examples/Internal%20Error' '/v1/tenants/{tenant_id}/realms/{realm_id}/identities/{identity_id}': get: tags: - Identities operationId: GetIdentity summary: Retrieve an Existing Identity description: | To retrieve an existing identity, send a GET request to `/v1/tenants/$TENANT_ID/realms/$REALM_ID/identities/$IDENTITY_ID`. security: - BearerAuth: - 'identities:read' parameters: - $ref: '#/components/parameters/tenant_id' - $ref: '#/components/parameters/realm_id' - $ref: '#/components/parameters/identity_id' responses: '200': description: | The response will be a JSON object containing the standard attributes associated with an identity. content: application/json: schema: $ref: '#/components/schemas/Identity' examples: Success: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1identities/post/responses/200/content/application~1json/examples/Success' '401': description: Unauthorized. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Missing Authorization: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/401/content/application~1json/examples/Missing%20Authorization' '403': description: Forbidden. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Insufficient Authorization: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/403/content/application~1json/examples/Insufficient%20Authorization' '404': description: The resource was not found. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Identity Not Found: value: code: not_found message: identity not found details: - type: ResourceInfo resource_type: Identity id: e372db224c06e850 description: identity not found '500': description: Server error. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Internal Error: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/500/content/application~1json/examples/Internal%20Error' patch: tags: - Identities operationId: UpdateIdentity summary: Patch an Identity description: | To update only specific attributes of an existing identity, send a PATCH request to `/v1/tenants/$TENANT_ID/realms/$REALM_ID/identities/$IDENTITY_ID`. Values in the request body for immutable or read-only fields will be ignored. Fields that are omitted from the request body will be left unchanged. If the request conflicts with an existing resource, you will receive a 409 error. security: - BearerAuth: - 'identities:update' parameters: - $ref: '#/components/parameters/tenant_id' - $ref: '#/components/parameters/realm_id' - $ref: '#/components/parameters/identity_id' requestBody: content: application/json: schema: title: Update Identity Request description: Request for UpdateIdentity. type: object properties: identity: $ref: '#/components/schemas/Identity' required: - identity examples: Update Display Name and Email: value: identity: display_name: Test Identity traits: type: traits_v0 primary_email_address: test@example.com responses: '200': description: | The response will be a JSON object containing the standard attributes associated with an identity. content: application/json: schema: $ref: '#/components/schemas/Identity' examples: Success: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1identities/post/responses/200/content/application~1json/examples/Success' '400': description: Bad request. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Malformed Request: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/patch/responses/400/content/application~1json/examples/Malformed%20Request' Invalid Parameters: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1identities/post/responses/400/content/application~1json/examples/Invalid%20Parameters' '401': description: Unauthorized. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Missing Authorization: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/401/content/application~1json/examples/Missing%20Authorization' '403': description: Forbidden. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Insufficient Authorization: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/403/content/application~1json/examples/Insufficient%20Authorization' '404': description: The resource was not found. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Identity Not Found: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1identities~1%7Bidentity_id%7D/get/responses/404/content/application~1json/examples/Identity%20Not%20Found' '409': description: Conflict. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Username Already Exists: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1identities/post/responses/409/content/application~1json/examples/Username%20Already%20Exists' '500': description: Server error. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Internal Error: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/500/content/application~1json/examples/Internal%20Error' delete: tags: - Identities operationId: DeleteIdentity summary: Delete an Identity description: | To delete an identity, send a DELETE request to `/v1/tenants/$TENANT_ID/realms/$REALM_ID/identities/$IDENTITY_ID`. To be deleted, an identity must not be a member of any groups or roles. The identity must must first be removed from all groups and roles or you will receive a 409 error. A successful request will receive a 200 status code with no body in the response. This indicates that the request was processed successfully. security: - BearerAuth: - 'identities:delete' parameters: - $ref: '#/components/parameters/tenant_id' - $ref: '#/components/parameters/realm_id' - $ref: '#/components/parameters/identity_id' responses: '200': description: The action was successful and the response body is empty. '401': description: Unauthorized. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Missing Authorization: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/401/content/application~1json/examples/Missing%20Authorization' '403': description: Forbidden. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Insufficient Authorization: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/403/content/application~1json/examples/Insufficient%20Authorization' '404': description: The resource was not found. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Identity Not Found: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1identities~1%7Bidentity_id%7D/get/responses/404/content/application~1json/examples/Identity%20Not%20Found' '409': description: Conflict. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Identity Has Memberships: value: code: conflict message: identity has children '500': description: Server error. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Internal Error: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/500/content/application~1json/examples/Internal%20Error' '/v1/tenants/{tenant_id}/realms/{realm_id}/identities/{identity_id}:listGroups': get: tags: - Identities operationId: ListIdentityGroups summary: List Group Memberships for an Identity description: | To list the groups to which an identity belongs, send a GET request to `/v1/tenants/$TENANT_ID/realms/$REALM_ID/identities/$IDENTITY_ID:listGroups`. The response will contain at most 200 items and may contain a page token to query the remaining items. If page size is not specified, the response will contain 20 items. There is no defined ordering of the list of groups in the response. Note that the maximum and default page sizes are subject to change. When paginating, the page size is maintained by the page token but may be overridden on subsequent requests. The skip is not maintained by the page token and must be specified on each subsequent request. Page tokens expire after one week. Requests which specify an expired page token will result in undefined behavior. security: - BearerAuth: - 'identities:read' - 'groups:read' parameters: - $ref: '#/components/parameters/tenant_id' - $ref: '#/components/parameters/realm_id' - $ref: '#/components/parameters/identity_id' - $ref: '#/components/parameters/page_size' - $ref: '#/components/parameters/page_token' - $ref: '#/components/parameters/skip' responses: '200': description: | The response will be a JSON object with keys for `groups` and `total_size`. `groups` will be set to an array of group objects, each of which contains the standard group attributes. `total_size` will be set to the total number of items matched by the list request. If there are more items to be returned by the requested query, the response will also contain a key called `next_page_token`. content: application/json: schema: $ref: '#/components/schemas/ListIdentityGroupsResponse' examples: Success: value: groups: - id: 81490afab171aef0 realm_id: 7df92e4a38ba0993 tenant_id: 0001b42d80372976 display_name: Realm Administrators description: A group of realm administrators. create_time: 2022-03-14T03:42:52.905Z update_time: 2022-06-14T05:55:23.823Z total_size: 1 '400': description: Bad request. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Invalid Parameters: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms/get/responses/400/content/application~1json/examples/Invalid%20Parameters' '401': description: Unauthorized. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Missing Authorization: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/401/content/application~1json/examples/Missing%20Authorization' '403': description: Forbidden. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Insufficient Authorization: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/403/content/application~1json/examples/Insufficient%20Authorization' '404': description: The resource was not found. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Identity Not Found: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1identities~1%7Bidentity_id%7D/get/responses/404/content/application~1json/examples/Identity%20Not%20Found' '500': description: Server error. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Internal Error: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/500/content/application~1json/examples/Internal%20Error' '/v1/tenants/{tenant_id}/realms/{realm_id}/identities/{identity_id}:listRoles': get: tags: - Identities operationId: ListIdentityRoles summary: List Role Memberships for an Identity description: | To list the roles to which an identity is assigned, send a GET request to `/v1/tenants/$TENANT_ID/realms/$REALM_ID/identities/$IDENTITY_ID:listRoles`. The request must include the `resource_server_id` query parameter specifying the resource server on which to filter the roles. If the specified resource server does not exist, you will receive a 409 error. The response will contain at most 200 items and may contain a page token to query the remaining items. If page size is not specified, the response will contain 20 items. There is no defined ordering of the list of roles in the response. Note that the maximum and default page sizes are subject to change. When paginating, the page size is maintained by the page token but may be overridden on subsequent requests. The skip is not maintained by the page token and must be specified on each subsequent request. Page tokens expire after one week. Requests which specify an expired page token will result in undefined behavior. security: - BearerAuth: - 'identities:read' - 'roles:read' - 'resource-servers:read' parameters: - $ref: '#/components/parameters/tenant_id' - $ref: '#/components/parameters/realm_id' - $ref: '#/components/parameters/identity_id' - $ref: '#/components/parameters/resource_server_id_query' - $ref: '#/components/parameters/page_size' - $ref: '#/components/parameters/page_token' - $ref: '#/components/parameters/skip' responses: '200': description: | The response will be a JSON object with keys for `roles` and `total_size`. `roles` will be set to an array of role objects, each of which contains the standard role attributes. `total_size` will be set to the total number of items matched by the list request. If there are more items to be returned by the requested query, the response will also contain a key called `next_page_token`. content: application/json: schema: $ref: '#/components/schemas/ListIdentityRolesResponse' examples: Success: value: roles: - id: fb785d40cbe4fc0d resource_server_id: 7b5a4325-00e0-4379-bd7b-3e5e7e30b09e realm_id: bb26e0e8ecdef843 tenant_id: 00010036778ce59f description: Help Desk display_name: Customer support personnel. create_time: 2023-02-14T18:18:58.332Z update_time: 2023-02-14T18:18:58.332Z total_size: 1 '400': description: Bad request. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Invalid Parameters: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms/get/responses/400/content/application~1json/examples/Invalid%20Parameters' '401': description: Unauthorized. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Missing Authorization: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/401/content/application~1json/examples/Missing%20Authorization' '403': description: Forbidden. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Insufficient Authorization: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/403/content/application~1json/examples/Insufficient%20Authorization' '404': description: The resource was not found. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Role Not Found: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1groups~1%7Bgroup_id%7D%3AlistRoles/get/responses/404/content/application~1json/examples/Role%20Not%20Found' '409': description: Conflict. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Resource Server Not Found: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1groups~1%7Bgroup_id%7D%3AlistRoles/get/responses/409/content/application~1json/examples/Resource%20Server%20Not%20Found' '500': description: Server error. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Internal Error: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/500/content/application~1json/examples/Internal%20Error' '/v1/tenants/{tenant_id}/realms/{realm_id}/resource-servers/{resource_server_id}/roles': post: tags: - Roles operationId: CreateRole summary: Create a New Role description: | To create a role, send a POST request to `/v1/tenants/$TENANT_ID/realms/$REALM_ID/resource-servers/$RESOURCE_SERVER_ID/roles`. Values in the request body for read-only fields will be ignored. security: - BearerAuth: - 'roles:create' parameters: - $ref: '#/components/parameters/tenant_id' - $ref: '#/components/parameters/realm_id' - $ref: '#/components/parameters/resource_server_id' requestBody: description: Role to be created. content: application/json: schema: title: Create Role Request description: Request for CreateRole. type: object properties: group: $ref: '#/components/schemas/Role' required: - role examples: Create Role: value: role: display_name: Help Desk description: Customer support personnel. responses: '200': description: | The response will be a JSON object containing the standard attributes associated with a role. content: application/json: schema: $ref: '#/components/schemas/Role' examples: Success: value: id: fb785d40cbe4fc0d resource_server_id: 7b5a4325-00e0-4379-bd7b-3e5e7e30b09e realm_id: bb26e0e8ecdef843 tenant_id: 00010036778ce59f description: Help Desk display_name: Customer support personnel. create_time: 2023-02-14T18:18:58.332Z update_time: 2023-02-14T18:18:58.332Z '400': description: Bad request. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Malformed Request: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/patch/responses/400/content/application~1json/examples/Malformed%20Request' Invalid Parameters: value: code: bad_request message: invalid parameters details: - type: FieldViolations field_violations: - field: role.display_name description: empty string '401': description: Unauthorized. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Missing Authorization: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/401/content/application~1json/examples/Missing%20Authorization' '403': description: Forbidden. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Insufficient Authorization: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/403/content/application~1json/examples/Insufficient%20Authorization' '404': description: The resource was not found. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Resource Server Not Found: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1resource-servers~1%7Bresource_server_id%7D~1roles/get/responses/404/content/application~1json/examples/Resource%20Server%20Not%20Found' '500': description: Server error. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Internal Error: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/500/content/application~1json/examples/Internal%20Error' get: tags: - Roles operationId: ListRoles summary: List Roles for a Resource Server description: | To list all roles for a resource server, send a GET request to `/v1/tenants/$TENANT_ID/realms/$REALM_ID/resource-servers/$RESOURCE_SERVER_ID/roles`. The response will contain at most 200 items and may contain a page token to query the remaining items. If page size is not specified, the response will contain 20 items. There is no defined ordering of the list of roles in the response. Note that the maximum and default page sizes are subject to change. When paginating, the page size is maintained by the page token but may be overridden on subsequent requests. The skip is not maintained by the page token and must be specified on each subsequent request. Page tokens expire after one week. Requests which specify an expired page token will result in undefined behavior. security: - BearerAuth: - 'roles:read' parameters: - $ref: '#/components/parameters/tenant_id' - $ref: '#/components/parameters/realm_id' - $ref: '#/components/parameters/resource_server_id' - $ref: '#/components/parameters/page_size' - $ref: '#/components/parameters/page_token' - $ref: '#/components/parameters/skip' responses: '200': description: | The response will be a JSON object with keys for `roles` and `total_size`. `roles` will be set to an array of role objects, each of which contain the standard role attributes. `total_size` will be set to the total number of items matched by the list request. If there are more items to be returned by the requested query, the response will also contain a key called `next_page_token`. content: application/json: schema: $ref: '#/components/schemas/ListRolesResponse' examples: Success: value: roles: - id: fb785d40cbe4fc0d resource_server_id: 7b5a4325-00e0-4379-bd7b-3e5e7e30b09e realm_id: bb26e0e8ecdef843 tenant_id: 00010036778ce59f description: Help Desk display_name: Customer support personnel. create_time: 2023-02-14T18:18:58.332Z update_time: 2023-02-14T18:18:58.332Z total_size: 1 '400': description: Bad request. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Invalid Parameters: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms/get/responses/400/content/application~1json/examples/Invalid%20Parameters' '401': description: Unauthorized. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Missing Authorization: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/401/content/application~1json/examples/Missing%20Authorization' '403': description: Forbidden. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Insufficient Authorization: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/403/content/application~1json/examples/Insufficient%20Authorization' '404': description: The resource was not found. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Resource Server Not Found: value: code: not_found message: resource server not found details: - type: ResourceInfo resource_type: ResourceServer id: 7b5a4325-00e0-4379-bd7b-3e5e7e30b09e description: resource server not found '500': description: Server error. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Internal Error: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/500/content/application~1json/examples/Internal%20Error' '/v1/tenants/{tenant_id}/realms/{realm_id}/resource-servers/{resource_server_id}/roles/{role_id}': get: tags: - Roles operationId: GetRole summary: Retrieve an Existing Role description: | To retrieve an existing role, send a GET request to `/v1/tenants/$TENANT_ID/realms/$REALM_ID/resource-servers/$RESOURCE_SERVER_ID/roles/$ROLE_ID`. security: - BearerAuth: - 'roles:read' parameters: - $ref: '#/components/parameters/tenant_id' - $ref: '#/components/parameters/realm_id' - $ref: '#/components/parameters/resource_server_id' - $ref: '#/components/parameters/role_id' responses: '200': description: | The response will be a JSON object containing the standard attributes associated with a role. content: application/json: schema: $ref: '#/components/schemas/Role' examples: Success: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1resource-servers~1%7Bresource_server_id%7D~1roles/post/responses/200/content/application~1json/examples/Success' '401': description: Unauthorized. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Missing Authorization: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/401/content/application~1json/examples/Missing%20Authorization' '403': description: Forbidden. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Insufficient Authorization: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/403/content/application~1json/examples/Insufficient%20Authorization' '404': description: The resource was not found. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Role Not Found: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1groups~1%7Bgroup_id%7D%3AlistRoles/get/responses/404/content/application~1json/examples/Role%20Not%20Found' '500': description: Server error. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Internal Error: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/500/content/application~1json/examples/Internal%20Error' patch: tags: - Roles operationId: UpdateRole summary: Patch a Role description: | To update only specific attributes of an existing role, send a PATCH request to `/v1/tenants/$TENANT_ID/realms/$REALM_ID/resource-servers/$RESOURCE_SERVER_ID/roles/$ROLE_ID`. Values in the request body for immutable or read-only fields will be ignored. Fields that are omitted from the request body will be left unchanged. security: - BearerAuth: - 'roles:update' parameters: - $ref: '#/components/parameters/tenant_id' - $ref: '#/components/parameters/realm_id' - $ref: '#/components/parameters/resource_server_id' - $ref: '#/components/parameters/role_id' requestBody: description: Updates to the specified role. content: application/json: schema: title: Update Role Request description: Request for UpdateRole. type: object properties: role: $ref: '#/components/schemas/Role' required: - role examples: Update Display Name: value: role: display_name: Help Desk responses: '200': description: | The response will be a JSON object containing the standard attributes associated with a role. content: application/json: schema: $ref: '#/components/schemas/Role' examples: Success: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1resource-servers~1%7Bresource_server_id%7D~1roles/post/responses/200/content/application~1json/examples/Success' '400': description: Bad request. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Malformed Request: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/patch/responses/400/content/application~1json/examples/Malformed%20Request' Invalid Parameters: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1resource-servers~1%7Bresource_server_id%7D~1roles/post/responses/400/content/application~1json/examples/Invalid%20Parameters' '401': description: Unauthorized. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Missing Authorization: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/401/content/application~1json/examples/Missing%20Authorization' '403': description: Forbidden. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Insufficient Authorization: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/403/content/application~1json/examples/Insufficient%20Authorization' '404': description: The resource was not found. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Role Not Found: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1groups~1%7Bgroup_id%7D%3AlistRoles/get/responses/404/content/application~1json/examples/Role%20Not%20Found' '500': description: Server error. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Internal Error: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/500/content/application~1json/examples/Internal%20Error' delete: tags: - Roles operationId: DeleteRole summary: Delete a Role description: | To delete a role, send a DELETE request to `/v1/tenants/$TENANT_ID/realms/$REALM_ID/resource-servers/$RESOURCE_SERVER_ID/roles/$ROLE_ID`. To be deleted, a role must not have any scopes or members. Any existing scopes and members must first be deleted or you will receive a 409 error. A successful request will receive a 200 status code with no body in the response. This indicates that the request was processed successfully. security: - BearerAuth: - 'roles:delete' parameters: - $ref: '#/components/parameters/tenant_id' - $ref: '#/components/parameters/realm_id' - $ref: '#/components/parameters/resource_server_id' - $ref: '#/components/parameters/role_id' responses: '200': description: The action was successful and the response body is empty. '401': description: Unauthorized. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Missing Authorization: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/401/content/application~1json/examples/Missing%20Authorization' '403': description: Forbidden. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Insufficient Authorization: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/403/content/application~1json/examples/Insufficient%20Authorization' '404': description: The resource was not found. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Role Not Found: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1groups~1%7Bgroup_id%7D%3AlistRoles/get/responses/404/content/application~1json/examples/Role%20Not%20Found' '409': description: Conflict. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Role Has Scopes or Members: value: code: conflict message: role has children '500': description: Server error. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Internal Error: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/500/content/application~1json/examples/Internal%20Error' '/v1/tenants/{tenant_id}/realms/{realm_id}/resource-servers/{resource_server_id}/roles/{role_id}:addMembers': post: tags: - Roles operationId: AddRoleMembers summary: Assign Members to a Role description: | To assign members to a role, send a POST request to `/v1/tenants/$TENANT_ID/realms/$REALM_ID/resource-servers/$RESOURCE_SERVER_ID/roles/$ROLE_ID:addMembers`. The request must contain at least one group ID or identity ID and must not contain more than 1000 group IDs or 1000 identity IDs. security: - BearerAuth: - 'roles:update' - 'groups:read' - 'identities:read' parameters: - $ref: '#/components/parameters/tenant_id' - $ref: '#/components/parameters/realm_id' - $ref: '#/components/parameters/resource_server_id' - $ref: '#/components/parameters/role_id' requestBody: content: application/json: schema: title: Add Role Members Request description: Request for AddRoleMembers. type: object properties: group_ids: description: IDs of the groups to be assigned to the role. type: array items: type: string minItems: 1 maxItems: 1000 identity_ids: description: IDs of the identities to be assigned to the role. type: array items: type: string minItems: 1 maxItems: 1000 examples: Assign Members: value: group_ids: - e372db224c06e850 identity_ids: - 3a28d4f28b57cc93 responses: '200': description: | The response will be a JSON object containing the standard attributes associated with a role. content: application/json: schema: $ref: '#/components/schemas/Role' examples: Success: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1resource-servers~1%7Bresource_server_id%7D~1roles/post/responses/200/content/application~1json/examples/Success' '400': description: Bad request. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Malformed Request: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/patch/responses/400/content/application~1json/examples/Malformed%20Request' Invalid Parameters: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1groups~1%7Bgroup_id%7D%3AaddMembers/post/responses/400/content/application~1json/examples/Invalid%20Parameters' '401': description: Unauthorized. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Missing Authorization: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/401/content/application~1json/examples/Missing%20Authorization' '403': description: Forbidden. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Insufficient Authorization: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/403/content/application~1json/examples/Insufficient%20Authorization' '404': description: The resource was not found. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Role Not Found: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1groups~1%7Bgroup_id%7D%3AlistRoles/get/responses/404/content/application~1json/examples/Role%20Not%20Found' '500': description: Server error. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Internal Error: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/500/content/application~1json/examples/Internal%20Error' '/v1/tenants/{tenant_id}/realms/{realm_id}/resource-servers/{resource_server_id}/roles/{role_id}:deleteMembers': post: tags: - Roles operationId: DeleteRoleMembers summary: Unassign Members from a Role description: | To unassign members from a role, send a POST request to `/v1/tenants/$TENANT_ID/realms/$REALM_ID/resource-servers/$RESOURCE_SERVER_ID/roles/$ROLE_ID:deleteMembers`. The request must contain at least one group ID or identity ID and must not contain more than 1000 group IDs or 1000 identity IDs. security: - BearerAuth: - 'roles:update' - 'identities:read' - 'groups:read' parameters: - $ref: '#/components/parameters/tenant_id' - $ref: '#/components/parameters/realm_id' - $ref: '#/components/parameters/resource_server_id' - $ref: '#/components/parameters/role_id' requestBody: content: application/json: schema: title: Delete Role Members Request description: Request for DeleteRoleMembers. type: object properties: group_ids: description: IDs of the groups to be unassigned from the role. type: array items: type: string minItems: 1 maxItems: 1000 identity_ids: description: IDs of the identities to be unassigned from the role. type: array items: type: string minItems: 1 maxItems: 1000 examples: Unassign Members: value: group_ids: - e372db224c06e850 identity_ids: - 3a28d4f28b57cc93 responses: '200': description: | The response will be a JSON object containing the standard attributes associated with a role. content: application/json: schema: $ref: '#/components/schemas/Role' examples: Success: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1resource-servers~1%7Bresource_server_id%7D~1roles/post/responses/200/content/application~1json/examples/Success' '400': description: Bad request. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Malformed Request: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/patch/responses/400/content/application~1json/examples/Malformed%20Request' Invalid Parameters: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1groups~1%7Bgroup_id%7D%3AaddMembers/post/responses/400/content/application~1json/examples/Invalid%20Parameters' '401': description: Unauthorized. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Missing Authorization: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/401/content/application~1json/examples/Missing%20Authorization' '403': description: Forbidden. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Insufficient Authorization: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/403/content/application~1json/examples/Insufficient%20Authorization' '404': description: The resource was not found. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Role Not Found: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1groups~1%7Bgroup_id%7D%3AlistRoles/get/responses/404/content/application~1json/examples/Role%20Not%20Found' '500': description: Server error. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Internal Error: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/500/content/application~1json/examples/Internal%20Error' '/v1/tenants/{tenant_id}/realms/{realm_id}/resource-servers/{resource_server_id}/roles/{role_id}:listMembers': get: tags: - Roles operationId: ListRoleMembers summary: List Members for a Role description: | To list members assigned to a role, send a GET request to `/v1/tenants/$TENANT_ID/realms/$REALM_ID/resource-servers/$RESOURCE_SERVER_ID/roles/$ROLE_ID:listMembers`. The response will contain at most 200 items and may contain a page token to query the remaining items. If page size is not specified, the response will contain 20 items. There is no defined ordering of the list of members in the response. Note that the maximum and default page sizes are subject to change. When paginating, the page size is maintained by the page token but may be overridden on subsequent requests. The skip is not maintained by the page token and must be specified on each subsequent request. Page tokens expire after one week. Requests which specify an expired page token will result in undefined behavior. security: - BearerAuth: - 'roles:read' - 'groups:read' - 'identities:read' parameters: - $ref: '#/components/parameters/tenant_id' - $ref: '#/components/parameters/realm_id' - $ref: '#/components/parameters/resource_server_id' - $ref: '#/components/parameters/role_id' - $ref: '#/components/parameters/groups_page_size' - $ref: '#/components/parameters/groups_skip' - $ref: '#/components/parameters/identities_page_size' - $ref: '#/components/parameters/identities_skip' - $ref: '#/components/parameters/page_token' responses: '200': description: | The response will be a JSON object with keys for `groups`, `total_groups_size`, `identities`, and `total_identities_size`. `groups` will be set to an array of group objects, each of which contains the standard group attributes. `total_groups_size` will be set to the total number of groups matched by the list request. `identities` will be set to an array of identity objects, each of which contains the standard identity attributes. `total_identities_size` will be set to the total number of identities matched by the list request. If there are more items to be returned by the requested query, the response will also contain a key called `next_page_token`. content: application/json: schema: $ref: '#/components/schemas/ListRoleMembersResponse' examples: Success: value: groups: - id: 81490afab171aef0 realm_id: 7df92e4a38ba0993 tenant_id: 0001b42d80372976 display_name: Realm Administrators description: A group of realm administrators. create_time: 2022-03-14T03:42:52.905Z update_time: 2022-06-14T05:55:23.823Z total_groups_size: 1 identities: - id: e372db224c06e850 realm_id: 7df92e4a38ba0993 tenant_id: 0001b42d80372976 display_name: Test Identity create_time: 2022-04-12T05:53:07.119Z update_time: 2022-06-16T14:31:03.770Z traits: type: traits_v0 username: test primary_email_address: test@example.com total_identities_size: 1 '400': description: Bad request. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Invalid Parameters: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms/get/responses/400/content/application~1json/examples/Invalid%20Parameters' '401': description: Unauthorized. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Missing Authorization: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/401/content/application~1json/examples/Missing%20Authorization' '403': description: Forbidden. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Insufficient Authorization: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/403/content/application~1json/examples/Insufficient%20Authorization' '404': description: The resource was not found. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Role Not Found: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1groups~1%7Bgroup_id%7D%3AlistRoles/get/responses/404/content/application~1json/examples/Role%20Not%20Found' '500': description: Server error. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Internal Error: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/500/content/application~1json/examples/Internal%20Error' '/v1/tenants/{tenant_id}/realms/{realm_id}/resource-servers/{resource_server_id}/roles/{role_id}:addScopes': post: tags: - Roles operationId: AddRoleScopes summary: Assign Scopes to a Role description: | To assign scopes to a role, send a POST request to `/v1/tenants/$TENANT_ID/realms/$REALM_ID/resource-servers/$RESOURCE_SERVER_ID/roles/$ROLE_ID:addScopes`. The request must contain at least one and no more than 1000 scopes. security: - BearerAuth: - 'roles:update' - 'resource-servers:read' parameters: - $ref: '#/components/parameters/tenant_id' - $ref: '#/components/parameters/realm_id' - $ref: '#/components/parameters/resource_server_id' - $ref: '#/components/parameters/role_id' requestBody: content: application/json: schema: title: Add Role Scopes Request description: Request for AddRoleScopes. type: object properties: scopes: description: Scopes to be assigned to the role. type: array items: type: string minItems: 1 maxItems: 1000 required: - scopes examples: Assign Scopes: value: scopes: - 'identities:read' responses: '200': description: | The response will be a JSON object containing the standard attributes associated with a role. content: application/json: schema: $ref: '#/components/schemas/Role' examples: Success: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1resource-servers~1%7Bresource_server_id%7D~1roles/post/responses/200/content/application~1json/examples/Success' '400': description: Bad request. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Malformed Request: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/patch/responses/400/content/application~1json/examples/Malformed%20Request' Invalid Parameters: value: code: bad_request message: invalid parameters details: - type: FieldViolations field_violations: - field: scopes description: array exceeds 1000 elements '401': description: Unauthorized. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Missing Authorization: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/401/content/application~1json/examples/Missing%20Authorization' '403': description: Forbidden. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Insufficient Authorization: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/403/content/application~1json/examples/Insufficient%20Authorization' '404': description: The resource was not found. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Role Not Found: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1groups~1%7Bgroup_id%7D%3AlistRoles/get/responses/404/content/application~1json/examples/Role%20Not%20Found' '500': description: Server error. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Internal Error: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/500/content/application~1json/examples/Internal%20Error' '/v1/tenants/{tenant_id}/realms/{realm_id}/resource-servers/{resource_server_id}/roles/{role_id}:deleteScopes': post: tags: - Roles operationId: DeleteRoleScopes summary: Unassign Scopes from a Role description: | To unassign scopes from a role, send a POST request to `/v1/tenants/$TENANT_ID/realms/$REALM_ID/resource-servers/$RESOURCE_SERVER_ID/roles/$ROLE_ID:deleteScopes`. The request must contain at least one and no more than 1000 scopes. security: - BearerAuth: - 'roles:update' - 'resource-servers:read' parameters: - $ref: '#/components/parameters/tenant_id' - $ref: '#/components/parameters/realm_id' - $ref: '#/components/parameters/resource_server_id' - $ref: '#/components/parameters/role_id' requestBody: content: application/json: schema: title: Delete Role Scopes Request description: Request for DeleteRoleScopes. type: object properties: scopes: description: Scopes to be removed from the role. type: array items: type: string minItems: 1 maxItems: 1000 required: - scopes examples: Unassign Scopes: value: scopes: - 'identities:read' responses: '200': description: | The response will be a JSON object containing the standard attributes associated with a role. content: application/json: schema: $ref: '#/components/schemas/Role' examples: Success: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1resource-servers~1%7Bresource_server_id%7D~1roles/post/responses/200/content/application~1json/examples/Success' '400': description: Bad request. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Malformed Request: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/patch/responses/400/content/application~1json/examples/Malformed%20Request' Invalid Parameters: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1resource-servers~1%7Bresource_server_id%7D~1roles~1%7Brole_id%7D%3AaddScopes/post/responses/400/content/application~1json/examples/Invalid%20Parameters' '401': description: Unauthorized. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Missing Authorization: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/401/content/application~1json/examples/Missing%20Authorization' '403': description: Forbidden. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Insufficient Authorization: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/403/content/application~1json/examples/Insufficient%20Authorization' '404': description: The resource was not found. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Role Not Found: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1groups~1%7Bgroup_id%7D%3AlistRoles/get/responses/404/content/application~1json/examples/Role%20Not%20Found' '500': description: Server error. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Internal Error: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/500/content/application~1json/examples/Internal%20Error' '/v1/tenants/{tenant_id}/realms/{realm_id}/resource-servers/{resource_server_id}/roles/{role_id}:listScopes': get: tags: - Roles operationId: ListRoleScopes summary: List Scopes for a Role description: | To list scopes assigned to a role, send a GET request to `/v1/tenants/$TENANT_ID/realms/$REALM_ID/resource-servers/$RESOURCE_SERVER_ID/roles/$ROLE_ID:listScopes`. The response will contain at most 200 items and may contain a page token to query the remaining items. If page size is not specified, the response will contain 20 items. There is no defined ordering of the list of scopes in the response. Note that the maximum and default page sizes are subject to change. When paginating, the page size is maintained by the page token but may be overridden on subsequent requests. The skip is not maintained by the page token and must be specified on each subsequent request. Page tokens expire after one week. Requests which specify an expired page token will result in undefined behavior. security: - BearerAuth: - 'roles:read' - 'resource-servers:read' parameters: - $ref: '#/components/parameters/tenant_id' - $ref: '#/components/parameters/realm_id' - $ref: '#/components/parameters/resource_server_id' - $ref: '#/components/parameters/role_id' - $ref: '#/components/parameters/page_size' - $ref: '#/components/parameters/page_token' - $ref: '#/components/parameters/skip' responses: '200': description: | The response will be a JSON object with keys for `scopes` and `total_size`. `scopes` will be set to an array of strings, each of which is a scope assigned to the role. `total_size` will be set to the total number of items matched by the list request. If there are more items to be returned by the requested query, the response will also contain a key called `next_page_token`. content: application/json: schema: $ref: '#/components/schemas/ListRoleScopesResponse' examples: Success: value: scopes: - 'identities:read' total_size: 1 '400': description: Bad request. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Invalid Parameters: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms/get/responses/400/content/application~1json/examples/Invalid%20Parameters' '401': description: Unauthorized. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Missing Authorization: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/401/content/application~1json/examples/Missing%20Authorization' '403': description: Forbidden. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Insufficient Authorization: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/403/content/application~1json/examples/Insufficient%20Authorization' '404': description: The resource was not found. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Role Not Found: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1groups~1%7Bgroup_id%7D%3AlistRoles/get/responses/404/content/application~1json/examples/Role%20Not%20Found' '500': description: Server error. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Internal Error: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/500/content/application~1json/examples/Internal%20Error' '/v1/tenants/{tenant_id}/realms/{realm_id}/identities/{identity_id}/credentials': get: tags: - Credentials operationId: ListCredentials summary: List Credentials for an Identity description: | To list all credentials for an identity, send a GET request to `/v1/tenants/$TENANT_ID/realms/$REALM_ID/identities/$IDENTITY_ID/credentials`. `$IDENTITY_ID` may be a wildcard (`-`) to request all credentials across all identities within the realm. The response will contain at most 200 items and may contain a page token to query the remaining items. If page size is not specified, the response will contain 20 items. There is no defined ordering of the list of credentials in the response. Note that the maximum and default page sizes are subject to change. When paginating, the page size is maintained by the page token but may be overridden on subsequent requests. The skip is not maintained by the page token and must be specified on each subsequent request. Page tokens expire after one week. Requests which specify an expired page token will result in undefined behavior. security: - BearerAuth: - 'credentials:read' parameters: - $ref: '#/components/parameters/tenant_id' - $ref: '#/components/parameters/realm_id' - $ref: '#/components/parameters/identity_id' - $ref: '#/components/parameters/page_size' - $ref: '#/components/parameters/page_token' - $ref: '#/components/parameters/skip' responses: '200': description: | The response will be a JSON object with keys for `credentials` and `total_size`. `credentials` will be set to an array of credential objects, each of which contains the standard credential attributes. `total_size` will be set to the total number of items matched by the list request. If there are more items to be returned by the requested query, the response will also contain a key called `next_page_token`. content: application/json: schema: $ref: '#/components/schemas/ListCredentialsResponse' examples: Success: value: credentials: - id: 81490afab171aef0 identity_id: e85de356dc78843a realm_id: 7df92e4a38ba0993 tenant_id: 0001b42d80372976 state: ACTIVE csr_type: JWT jwk_json: '{"crv":"P-256","kty":"EC","x":"2MRhz05PJPq3BUfB18AT3HqgWEkI3VpWUg1MWi8rz1g","y":"YtvLYwGEqYQaoDVok2fVziJT4fu7DFPz3hy96FTAelQ"}' jwk_thumbprint: UW-uVNL0mP1vcLjHrTBxibNgCEe_PD0HIsE3FrbYjPA= create_time: 2022-03-14T03:42:52.905Z update_time: 2022-06-14T05:55:23.823Z total_size: 1 '400': description: Bad request. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Invalid Parameters: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms/get/responses/400/content/application~1json/examples/Invalid%20Parameters' '401': description: Unauthorized. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Missing Authorization: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/401/content/application~1json/examples/Missing%20Authorization' '403': description: Forbidden. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Insufficient Authorization: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/403/content/application~1json/examples/Insufficient%20Authorization' '500': description: Internal. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Internal Error: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/500/content/application~1json/examples/Internal%20Error' '/v1/tenants/{tenant_id}/realms/{realm_id}/identities/{identity_id}/credentials/{credential_id}': get: tags: - Credentials operationId: GetCredential summary: Retrieve an Existing Credential description: | To retrieve an existing credential, send a GET request to `/v1/tenants/$TENANT_ID/realms/$REALM_ID/identities/$IDENTITY_ID/credentials/$CREDENTIAL_ID`. security: - BearerAuth: - 'credentials:read' parameters: - $ref: '#/components/parameters/tenant_id' - $ref: '#/components/parameters/realm_id' - $ref: '#/components/parameters/identity_id' - $ref: '#/components/parameters/credential_id' responses: '200': description: | The response will be a JSON object containing the standard attributes associated with a credential. content: application/json: schema: $ref: '#/components/schemas/Credential' examples: Success: value: id: 81490afab171aef0 identity_id: e85de356dc78843a realm_id: 7df92e4a38ba0993 tenant_id: 0001b42d80372976 state: ACTIVE csr_type: JWT jwk_json: '{"crv":"P-256","kty":"EC","x":"2MRhz05PJPq3BUfB18AT3HqgWEkI3VpWUg1MWi8rz1g","y":"YtvLYwGEqYQaoDVok2fVziJT4fu7DFPz3hy96FTAelQ"}' jwk_thumbprint: UW-uVNL0mP1vcLjHrTBxibNgCEe_PD0HIsE3FrbYjPA= create_time: 2022-03-14T03:42:52.905Z update_time: 2022-06-14T05:55:23.823Z '401': description: Unauthorized. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Missing Authorization: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/401/content/application~1json/examples/Missing%20Authorization' '403': description: Forbidden. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Insufficient Authorization: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/403/content/application~1json/examples/Insufficient%20Authorization' '404': description: The resource was not found. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Credential Not Found: value: code: not_found message: credential not found details: - type: ResourceInfo resource_type: Credential id: 51c3c2d2907d6b40 description: credential not found '500': description: Internal. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Internal Error: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/500/content/application~1json/examples/Internal%20Error' '/v1/tenants/{tenant_id}/realms/{realm_id}/identities/{identity_id}/credentials/{credential_id}:revoke': post: tags: - Credentials operationId: RevokeCredential summary: Revoke a Credential description: | To revoke a credential, send a POST request to `/v1/tenants/$TENANT_ID/realms/$REALM_ID/identities/$IDENTITY_ID/credentials/$CREDENTIAL_ID:revoke`. security: - BearerAuth: - 'credentials:revoke' parameters: - $ref: '#/components/parameters/tenant_id' - $ref: '#/components/parameters/realm_id' - $ref: '#/components/parameters/identity_id' - $ref: '#/components/parameters/credential_id' responses: '200': description: | The response will be a JSON object containing the standard attributes associated with a credential. content: application/json: schema: $ref: '#/components/schemas/Credential' examples: Success: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1identities~1%7Bidentity_id%7D~1credentials~1%7Bcredential_id%7D/get/responses/200/content/application~1json/examples/Success' '401': description: Unauthorized. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Missing Authorization: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/401/content/application~1json/examples/Missing%20Authorization' '403': description: Forbidden. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Insufficient Authorization: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/403/content/application~1json/examples/Insufficient%20Authorization' '404': description: The resource was not found. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Credential Not Found: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1identities~1%7Bidentity_id%7D~1credentials~1%7Bcredential_id%7D/get/responses/404/content/application~1json/examples/Credential%20Not%20Found' '500': description: Server error. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Internal Error: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/500/content/application~1json/examples/Internal%20Error' '/v1/tenants/{tenant_id}/realms/{realm_id}/identities/{identity_id}/credential-binding-jobs': post: tags: - Credential Binding Jobs operationId: CreateCredentialBindingJob summary: Create a New Credential Binding Job description: | To create an identity, send a POST request to `/v1/tenants/$TENANT_ID/realms/$REALM_ID/identities/$IDENTITY_ID/credential-binding-jobs`. Values in the request body for read-only fields will be ignored. security: - BearerAuth: - 'credential-binding-jobs:create' parameters: - $ref: '#/components/parameters/tenant_id' - $ref: '#/components/parameters/realm_id' - $ref: '#/components/parameters/identity_id' requestBody: description: Credential binding job to be created. content: application/json: schema: title: Create credential binding job request description: Request for CreateCredentialBindingJob. type: object properties: job: $ref: '#/components/schemas/CredentialBindingJob' required: - job examples: Create Credential Binding Job: value: job: delivery_method: RETURN post_binding_redirect_uri: 'http://example.com/callback' authenticator_config_id: 67bb0acf12e5c899 responses: '200': description: | The response will be a JSON object with a key called `credential_binding_job`. The value of this will be an object containing the standard attributes associated with a credential binding job. If the `delivery_method` of the credential binding job is `RETURN`, the response will also contain a key called `credential_binding_link` that contains a link to facilitate the credential binding process. content: application/json: schema: title: Create Credential Binding Job Response description: Response for CreateCredentialBindingJob. type: object properties: credential_binding_job: $ref: '#/components/schemas/CredentialBindingJob' credential_binding_link: type: string description: | A unique URL to be delivered to an identity to facilitate the credential binding process. This field is only present if the credential binding job's `delivery_method` is `RETURN`. required: - credential_binding_job examples: Delivery Method Return: value: credential_binding_job: id: c4fc2d753ca22b14 realm_id: cdf4862dc4d49791 tenant_id: 000183a77dd50fa9 identity_id: 87fabad6956c6d4b delivery_method: RETURN state: LINK_SENT post_binding_redirect_uri: 'http://example.com/callback' authenticator_config_id: 67bb0acf12e5c899 expire_time: 2022-03-21T03:42:52.905Z create_time: 2022-03-14T03:42:52.905Z update_time: 2022-03-15T05:55:23.823Z credential_binding_link: 'http://example.com/v1/tenants/000183a77dd50fa9/realms/cdf4862dc4d49791/identities/87fabad6956c6d4b/credential-binding-jobs/c4fc2d753ca22b14:invokeAuthenticator?token=1St9IKIIrYyQ8sOSeuk5UkbLKnBJhuD4I7nWIqt-BNANDEFS-XVuOHxB7TFdZcRm' Delivery Method Email: value: credential_binding_job: id: c4fc2d753ca22b14 realm_id: cdf4862dc4d49791 tenant_id: 000183a77dd50fa9 identity_id: 87fabad6956c6d4b delivery_method: EMAIL state: LINK_SENT post_binding_redirect_uri: 'http://example.com/callback' authenticator_config_id: 67bb0acf12e5c899 expire_time: 2022-03-21T03:42:52.905Z create_time: 2022-03-14T03:42:52.905Z update_time: 2022-03-15T05:55:23.823Z '400': description: Bad request. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Malformed Request: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/patch/responses/400/content/application~1json/examples/Malformed%20Request' Invalid Parameters: value: code: bad_request message: invalid parameters details: - type: FieldViolations field_violations: - field: job.authenticator_config_id description: empty string '401': description: Unauthorized. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Missing Authorization: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/401/content/application~1json/examples/Missing%20Authorization' '403': description: Forbidden. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Insufficient Authorization: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/403/content/application~1json/examples/Insufficient%20Authorization' '404': description: The resource was not found. content: application/json: schema: $ref: '#/components/schemas/ResourceInfo' examples: Identity Not Found: value: code: not_found message: identity not found details: - type: ResourceInfo resource_type: Identity id: 51c3c2d2907d6b40 description: identity not found '422': description: Unprocessable entity. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Identity Missing Email Address: value: code: unprocessable_entity message: Identity missing email address details: - type: ResourceInfo resource_type: Identity id: 69f4d38f840c13ab description: Identity missing email address '500': description: Server error. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Internal Error: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/500/content/application~1json/examples/Internal%20Error' get: tags: - Credential Binding Jobs operationId: ListCredentialBindingJobs summary: List Credential Binding Jobs for an Identity description: | To list all credential binding jobs for an identity, send a GET request to `/v1/tenants/$TENANT_ID/realms/$REALM_ID/identities/$IDENTITY_ID/credential-binding-jobs`. `$IDENTITY_ID` may be a wildcard (`-`) to request all credential binding jobs across all identities within the realm. The response will contain at most 200 items and may contain a page token to query the remaining items. If page size is not specified, the response will contain 20 items. There is no defined ordering of the list of credential binding jobs in the response. Note that the maximum and default page sizes are subject to change. When paginating, the page size is maintained by the page token but may be overridden on subsequent requests. The skip is not maintained by the page token and must be specified on each subsequent request. Page tokens expire after one week. Requests which specify an expired page token will result in undefined behavior. security: - BearerAuth: - 'credential-binding-jobs:read' parameters: - $ref: '#/components/parameters/tenant_id' - $ref: '#/components/parameters/realm_id' - $ref: '#/components/parameters/identity_id' - $ref: '#/components/parameters/page_size' - $ref: '#/components/parameters/page_token' - $ref: '#/components/parameters/skip' responses: '200': description: | The response will be a JSON object with keys for `credential_binding_jobs` and `total_size`. `credential_binding_jobs` will be set to an array of credential binding job objects, each of which contains the standard credential binding job attributes. `total_size` will be set to the total number of items matched by the list request. If there are more items to be returned by the requested query, the response will also contain a key called `next_page_token`. content: application/json: schema: $ref: '#/components/schemas/ListCredentialBindingJobsResponse' examples: Success: value: credential_binding_jobs: - id: 81490afab171aef0 identity_id: e85de356dc78843a realm_id: 7df92e4a38ba0993 tenant_id: 0001b42d80372976 credential_id: 9802966246819b35 delivery_method: EMAIL state: COMPLETE post_binding_redirect_uri: 'http://example.com/callback' authenticator_config_id: 67bb0acf12e5c899 expire_time: 2022-03-21T03:42:52.905Z create_time: 2022-03-14T03:42:52.905Z update_time: 2022-03-15T05:55:23.823Z total_size: 1 '400': description: Bad request. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Invalid Parameters: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms/get/responses/400/content/application~1json/examples/Invalid%20Parameters' '401': description: Unauthorized. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Missing Authorization: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/401/content/application~1json/examples/Missing%20Authorization' '403': description: Forbidden. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Insufficient Authorization: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/403/content/application~1json/examples/Insufficient%20Authorization' '500': description: Server error. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Internal Error: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/500/content/application~1json/examples/Internal%20Error' '/v1/tenants/{tenant_id}/realms/{realm_id}/identities/{identity_id}/credential-binding-jobs/{credential_binding_job_id}': get: tags: - Credential Binding Jobs operationId: GetCredentialBindingJob summary: Retrieve an Existing Credential Binding Job description: | To retrieve an existing credential binding job, send a GET request to `/v1/tenants/$TENANT_ID/realms/$REALM_ID/identities/$IDENTITY_ID`/credential-binding-jobs/$CREDENTIAL_BINDING_JOB_ID`. security: - BearerAuth: - 'credential-binding-jobs:read' parameters: - $ref: '#/components/parameters/tenant_id' - $ref: '#/components/parameters/realm_id' - $ref: '#/components/parameters/identity_id' - $ref: '#/components/parameters/credential_binding_job_id' responses: '200': description: | The response will be a JSON object containing the standard attributes associated with a credential binding job. content: application/json: schema: $ref: '#/components/schemas/CredentialBindingJob' examples: Success: value: id: 81490afab171aef0 identity_id: e85de356dc78843a realm_id: 7df92e4a38ba0993 tenant_id: 0001b42d80372976 credential_id: 9802966246819b35 delivery_method: EMAIL state: COMPLETE post_binding_redirect_uri: 'http://example.com/callback' authenticator_config_id: 67bb0acf12e5c899 expire_time: 2022-03-21T03:42:52.905Z create_time: 2022-03-14T03:42:52.905Z update_time: 2022-03-15T05:55:23.823Z '401': description: Unauthorized. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Missing Authorization: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/401/content/application~1json/examples/Missing%20Authorization' '403': description: Forbidden. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Insufficient Authorization: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/403/content/application~1json/examples/Insufficient%20Authorization' '404': description: The resource was not found. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Credential Binding Job Not Found: value: code: not_found message: credential binding job not found details: - type: ResourceInfo resource_type: CredentialBindingJob id: 3103ba9a652b755e description: credential binding job not found '500': description: Server error. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Internal Error: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/500/content/application~1json/examples/Internal%20Error' '/v1/tenants/{tenant_id}/realms/{realm_id}/themes': post: tags: - Themes summary: Create a New Theme description: | To create a theme, send a POST request to `/v1/tenants/$TENANT_ID/realms/$REALM_ID/themes/$THEME_ID`. Values in the request body for read-only fields will be ignored. All non-read-only fields are optional and will be populated with defaults if unspecified. Currently, each realm only supports a single theme. If a theme already exists for the realm, you will receive a 409 error. operationId: CreateTheme security: - BearerAuth: - 'themes:create' parameters: - $ref: '#/components/parameters/tenant_id' - $ref: '#/components/parameters/realm_id' requestBody: description: Theme to be created. content: application/json: schema: title: Create Theme Request description: Request for CreateTheme. type: object properties: theme: $ref: '#/components/schemas/Theme' examples: Create Theme: value: theme: email_realm_name: Realm Administrators logo_url_light: 'https://example.com/logo_url_light.png' logo_url_dark: 'https://example.com/logo_url_dark.png' support_url: 'https://example.com/support' button_color: '#4673D3' button_text_color: '#FFFFFF' responses: '200': description: | The response will be a JSON object containing the standard attributes associated with a theme. content: application/json: schema: $ref: '#/components/schemas/Theme' examples: Success: value: id: 88ef08fb-c3f9-44e2-b174-fbb239e1dc47 tenant_id: f36448f2ff094881 realm_id: aa6aabe6989bc4a5 email_realm_name: Realm Administrators logo_url_light: 'https://example.com/logo_url_light.png' logo_url_dark: 'https://example.com/logo_url_dark.png' support_url: 'https://example.com/support' create_time: 2022-07-28T18:00:00.000Z button_color: '#4673D3' button_text_color: '#FFFFFF' '400': description: Bad request. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Invalid Parameters: value: code: bad_request message: Bad Request details: - type: FieldViolations field_violations: - field: theme.email_realm_name description: provided email_realm_name must not be empty '401': description: Unauthorized. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Missing Authorization: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/401/content/application~1json/examples/Missing%20Authorization' '403': description: Forbidden. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Insufficient Authorization: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/403/content/application~1json/examples/Insufficient%20Authorization' '404': description: The resource was not found. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Realm Not Found: value: code: not_found message: realm not found details: - type: ResourceInfo resource_type: Realm id: 19a95130480dfa79 description: realm not found '409': description: Conflict. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Theme Already Exists: value: code: conflict message: theme already exists for this realm '500': description: Server error. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Internal Error: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/500/content/application~1json/examples/Internal%20Error' '/v1/tenants/{tenant_id}/realms/{realm_id}/themes/active': get: tags: - Themes summary: Get the Active Theme description: | To retrieve the active theme for a realm, send a GET request to `/v1/tenants/$TENANT_ID/realms/$REALM_ID/themes/active`. If the realm has not specified the active theme, a default theme will be returned. operationId: GetActiveTheme security: - BearerAuth: - 'themes:read' parameters: - $ref: '#/components/parameters/tenant_id' - $ref: '#/components/parameters/realm_id' responses: '200': description: | The response will be a JSON object containing the standard attributes associated with a theme. content: application/json: schema: $ref: '#/components/schemas/Theme' examples: Success: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1themes/post/responses/200/content/application~1json/examples/Success' '401': description: Unauthorized. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Missing Authorization: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/401/content/application~1json/examples/Missing%20Authorization' '403': description: Forbidden. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Insufficient Authorization: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/403/content/application~1json/examples/Insufficient%20Authorization' '404': description: The resource was not found. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Realm Not Found: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1themes/post/responses/404/content/application~1json/examples/Realm%20Not%20Found' '500': description: Server error. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Internal Error: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/500/content/application~1json/examples/Internal%20Error' '/v1/tenants/{tenant_id}/realms/{realm_id}/themes/{theme_id}': get: tags: - Themes summary: Retrive an Existing Theme description: | To retrieve an existing theme, send a GET request to `/v1/tenants/$TENANT_ID/realms/$REALM_ID/themes/$THEME_ID`. operationId: GetTheme security: - BearerAuth: - 'themes:read' parameters: - $ref: '#/components/parameters/tenant_id' - $ref: '#/components/parameters/realm_id' - $ref: '#/components/parameters/theme_id' responses: '200': description: | The response will be a JSON object containing the standard attributes associated with a theme. content: application/json: schema: $ref: '#/components/schemas/Theme' examples: Success: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1themes/post/responses/200/content/application~1json/examples/Success' '401': description: Unauthorized. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Missing Authorization: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/401/content/application~1json/examples/Missing%20Authorization' '403': description: Forbidden. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Insufficient Authorization: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/403/content/application~1json/examples/Insufficient%20Authorization' '404': description: The resource was not found. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Theme Not Found: value: code: not_found message: theme not found details: - type: ResourceInfo resource_type: Theme id: 72d0af37-a9bb-410c-b8a7-9aa127fd8739 description: theme not found '500': description: Server error. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Internal Error: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/500/content/application~1json/examples/Internal%20Error' patch: tags: - Themes summary: Patch a Theme description: | To update only specific attributes of an existing theme, send a PATCH request to `/v1/tenants/$TENANT_ID/realms/$REALM_ID/themes/$THEME_ID`. Values in the request body for immutable or read-only fields will be ignored. Fields that are omitted from the request body will be left unchanged. operationId: UpdateTheme security: - BearerAuth: - 'themes:update' parameters: - $ref: '#/components/parameters/tenant_id' - $ref: '#/components/parameters/realm_id' - $ref: '#/components/parameters/theme_id' requestBody: description: Theme to be updated. content: application/json: schema: title: Update Theme Request description: Request for UpdateTheme. type: object properties: theme: $ref: '#/components/schemas/Theme' examples: Update Email Realm Name: value: theme: email_realm_name: Realm Administrators responses: '200': description: | The response will be a JSON object containing the standard attributes associated with a theme. content: application/json: schema: $ref: '#/components/schemas/Theme' examples: Success: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1themes/post/responses/200/content/application~1json/examples/Success' '400': description: Bad request. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Invalid Parameters: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1themes/post/responses/400/content/application~1json/examples/Invalid%20Parameters' '401': description: Unauthorized. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Missing Authorization: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/401/content/application~1json/examples/Missing%20Authorization' '403': description: Forbidden. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Insufficient Authorization: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/403/content/application~1json/examples/Insufficient%20Authorization' '404': description: The resource was not found. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Theme Not Found: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1themes~1%7Btheme_id%7D/get/responses/404/content/application~1json/examples/Theme%20Not%20Found' '500': description: Server error. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Internal Error: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/500/content/application~1json/examples/Internal%20Error' '/v1/tenants/{tenant_id}/realms/{realm_id}/applications': post: operationId: CreateApplication tags: - Applications summary: Create a New Application description: | To create an application, send a POST request to `/v1/tenants/$TENANT_ID/realms/$REALM_ID/applications`. Values in the request body for read-only fields will be ignored. At present, there are only two supported protocol types for applications, `oauth2` and `oidc`. security: - BearerAuth: - 'applications:create' parameters: - $ref: '#/components/parameters/tenant_id' - $ref: '#/components/parameters/realm_id' requestBody: content: application/json: schema: title: Create Application Request description: Request for CreateApplication. type: object properties: application: $ref: '#/components/schemas/Application' required: - application examples: Create Application: value: application: display_name: Pet Application resource_server_id: 84db69f5-48a8-4c11-8cda-1bae3a73f07e protocol_config: type: oidc allowed_scopes: - 'pets:read' - 'pets:write' confidentiality: confidential token_endpoint_auth_method: client_secret_post grant_type: - authorization_code redirect_uris: - 'https://auth.mypetapp.com/callback' token_configuration: subject_field: id expires_after: 86400 token_signing_algorithm: RS256 pkce: disabled token_format: self_contained responses: '200': description: | The response will be a JSON object containing the standard attributes associated with an application. content: application/json: schema: $ref: '#/components/schemas/Application' examples: Success: value: id: 38833c36-6f47-4992-9329-ea0a00915137 realm_id: caf2ff640497591a tenant_id: 00011f1183c67b69 resource_server_id: 84db69f5-48a8-4c11-8cda-1bae3a73f07e display_name: Pet Application is_managed: false protocol_config: type: oidc allowed_scopes: - 'pets:read' - 'pets:write' client_id: AYYNcuOSpfqIf33JeegCzDIT client_secret: wWD4mPzdsjms1LPekQSo0v9scOHLWy5wmMtKAR2JNhJPAKXv confidentiality: confidential token_endpoint_auth_method: client_secret_post grant_type: - authorization_code redirect_uris: - 'https://auth.mypetapp.com/callback' token_configuration: subject_field: id expires_after: 86400 token_signing_algorithm: RS256 pkce: disabled token_format: self_contained '400': description: Bad request. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Malformed Request: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/patch/responses/400/content/application~1json/examples/Malformed%20Request' Invalid Parameters: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1applications/get/responses/400/content/application~1json/examples/Invalid%20Parameters' '401': description: Unauthorized. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Missing Authorization: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/401/content/application~1json/examples/Missing%20Authorization' '403': description: Forbidden. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Insufficient Authorization: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/403/content/application~1json/examples/Insufficient%20Authorization' '404': description: The resource was not found. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Realm Not Found: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1applications/get/responses/404/content/application~1json/examples/Realm%20Not%20Found' '500': description: Server error. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Internal Error: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/500/content/application~1json/examples/Internal%20Error' get: operationId: ListApplications tags: - Applications summary: List Applications for a Realm description: | To list all applications for a realm, send a GET request to `/v1/tenants/$TENANT_ID/realms/$REALM_ID/applications`. The response will contain at most 100 items and may contain a page token to query the remaining items. If page size is not specified, the response will contain 100 items. There is no defined ordering of the list of applications in the response. Note that the maximum and default page sizes are subject to change. When paginating, the page size is maintained by the page token but may be overridden on subsequent requests. The skip is not maintained by the page token and must be specified on each subsequent request. Page tokens expire after one week. Requests which specify an expired page token will result in undefined behavior. security: - BearerAuth: - 'applications:read' parameters: - $ref: '#/components/parameters/tenant_id' - $ref: '#/components/parameters/realm_id' - $ref: '#/components/parameters/page_size' - $ref: '#/components/parameters/page_token' responses: '200': description: | The response will be a JSON object with keys for `applications` and `total_size`. `applications` will be set to an array of application objects, each of which contains the standard application attributes. `total_size` will be set to the total number of items matched by the list request. If there are more items to be returned by the requested query, the response will also contain a key called `next_page_token`. content: application/json: schema: $ref: '#/components/schemas/ListApplicationsResponse' examples: Success: value: applications: - id: 38833c36-6f47-4992-9329-ea0a00915137 realm_id: caf2ff640497591a tenant_id: 00011f1183c67b69 resource_server_id: 84db69f5-48a8-4c11-8cda-1bae3a73f07e display_name: Pet Application is_managed: false protocol_config: type: oidc allowed_scopes: - 'pets:read' - 'pets:write' client_id: AYYNcuOSpfqIf33JeegCzDIT client_secret: wWD4mPzdsjms1LPekQSo0v9scOHLWy5wmMtKAR2JNhJPAKXv confidentiality: confidential token_endpoint_auth_method: client_secret_post grant_type: - authorization_code redirect_uris: - 'https://auth.mypetapp.com/callback' token_configuration: subject_field: id expires_after: 86400 token_signing_algorithm: RS256 pkce: disabled token_format: self_contained total_size: 1 '400': description: Bad request. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Invalid Parameters: value: code: bad_request message: invalid parameters '401': description: Unauthorized. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Missing Authorization: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/401/content/application~1json/examples/Missing%20Authorization' '403': description: Forbidden. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Insufficient Authorization: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/403/content/application~1json/examples/Insufficient%20Authorization' '404': description: The resource was not found. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Realm Not Found: value: code: not_found message: The requested resource was not found. '500': description: Server error. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Internal Error: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/500/content/application~1json/examples/Internal%20Error' '/v1/tenants/{tenant_id}/realms/{realm_id}/applications/{application_id}': get: operationId: GetApplication tags: - Applications summary: Retrieve an Existing Application description: | To retrieve an existing application, send a GET request to `/v1/tenants/$TENANT_ID/realms/$REALM_ID/applications/$APPLICATION_ID`. security: - BearerAuth: - 'applications:read' parameters: - $ref: '#/components/parameters/tenant_id' - $ref: '#/components/parameters/realm_id' - $ref: '#/components/parameters/application_id' responses: '200': description: | The response will be a JSON object containing the standard attributes associated with an application. content: application/json: schema: $ref: '#/components/schemas/Application' examples: Success: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1applications/post/responses/200/content/application~1json/examples/Success' '401': description: Unauthorized. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Missing Authorization: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/401/content/application~1json/examples/Missing%20Authorization' '403': description: Forbidden. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Insufficient Authorization: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/403/content/application~1json/examples/Insufficient%20Authorization' '404': description: The resource was not found. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Application Not Found: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1applications/get/responses/404/content/application~1json/examples/Realm%20Not%20Found' '500': description: Server error. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Internal Error: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/500/content/application~1json/examples/Internal%20Error' patch: operationId: UpdateApplication tags: - Applications summary: Patch an Application description: | To update only specific attributes of an existing application, send a PATCH request to `/v1/tenants/$TENANT_ID/realms/$REALM_ID/applications/$APPLICATION_ID`. Values in the request body for immutable or read-only fields will be ignored. Fields that are omitted from the request body will be left unchanged. security: - BearerAuth: - 'applications:update' parameters: - $ref: '#/components/parameters/tenant_id' - $ref: '#/components/parameters/realm_id' - $ref: '#/components/parameters/application_id' requestBody: content: application/json: schema: title: Update Application Request description: Request for UpdateApplication. type: object properties: application: $ref: '#/components/schemas/Application' required: - application examples: Update Display Name: value: application: display_name: Pet Application responses: '200': description: | The response will be a JSON object containing the standard attributes associated with an application. content: application/json: schema: $ref: '#/components/schemas/Application' examples: Success: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1applications/post/responses/200/content/application~1json/examples/Success' '400': description: Bad request. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Malformed Request: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/patch/responses/400/content/application~1json/examples/Malformed%20Request' Invalid Parameters: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1applications/get/responses/400/content/application~1json/examples/Invalid%20Parameters' '401': description: Unauthorized. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Missing Authorization: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/401/content/application~1json/examples/Missing%20Authorization' '403': description: Forbidden. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Insufficient Authorization: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/403/content/application~1json/examples/Insufficient%20Authorization' '404': description: The resource was not found. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Application Not Found: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1applications/get/responses/404/content/application~1json/examples/Realm%20Not%20Found' '500': description: Server error. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Internal Error: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/500/content/application~1json/examples/Internal%20Error' delete: operationId: DeleteApplication tags: - Applications summary: Delete an Application description: | To delete an application, send a DELETE request to `/v1/tenants/$TENANT_ID/realms/$REALM_ID/applications/$APPLICATION_ID`. A successful request will receive a 200 status code with no body in the response. This indicates that the request was processed successfully. security: - BearerAuth: - 'applications:delete' parameters: - $ref: '#/components/parameters/tenant_id' - $ref: '#/components/parameters/realm_id' - $ref: '#/components/parameters/application_id' responses: '200': description: The action was successful and the response body is empty. '401': description: Unauthorized. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Missing Authorization: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/401/content/application~1json/examples/Missing%20Authorization' '403': description: Forbidden. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Insufficient Authorization: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/403/content/application~1json/examples/Insufficient%20Authorization' '404': description: The resource was not found. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Application Not Found: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1applications/get/responses/404/content/application~1json/examples/Realm%20Not%20Found' '500': description: Server error. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Internal Error: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/500/content/application~1json/examples/Internal%20Error' '/v1/tenants/{tenant_id}/realms/{realm_id}/authenticator-configs': post: operationId: CreateAuthenticatorConfig tags: - Authenticator Configurations summary: Create a New Authenticator Configuration description: | To create an authenticator configuration, send a POST request to `/v1/tenants/$TENANT_ID/realms/$REALM_ID/authenticator-configs`. Values in the request body for read-only fields will be ignored. security: - BearerAuth: - 'authenticator-configs:create' parameters: - $ref: '#/components/parameters/tenant_id' - $ref: '#/components/parameters/realm_id' requestBody: content: application/json: schema: title: Create Authenticator Configuration Request description: Request for CreateAuthenticatorConfig. type: object properties: authenticator_config: $ref: '#/components/schemas/AuthenticatorConfig' required: - authenticator_config examples: Create Authenticator Configuration: value: authenticator_config: display_name: Pet Authenticator Configuration config: type: embedded invoke_url: 'http://localhost:8092' trusted_origins: - 'http://localhost:8092' responses: '200': description: | The response will be a JSON object containing the standard attributes associated with an authenticator configuration. content: application/json: schema: $ref: '#/components/schemas/AuthenticatorConfig' examples: Success Embedded: value: id: 73731b7f-eb76-4143-9b4b-81a720385f5a realm_id: caf2ff640497591a tenant_id: 00011f1183c67b69 display_name: Pet Authenticator Configuration config: type: embedded invoke_url: 'http://localhost:8092' invocation_type: automatic trusted_origins: - 'http://localhost:8092' authentication_methods: - type: email_one_time_password - type: software_passkey - type: webauthn_passkey Success Hosted Web: value: id: 73731b7f-eb76-4143-9b4b-81a720385f5a realm_id: caf2ff640497591a tenant_id: 00011f1183c67b69 display_name: Pet Authenticator Configuration config: type: hosted_web authentication_methods: - type: software_passkey trusted_origins: - 'http://localhost:8092' '400': description: Bad request. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Malformed Request: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/patch/responses/400/content/application~1json/examples/Malformed%20Request' Invalid Parameters: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1applications/get/responses/400/content/application~1json/examples/Invalid%20Parameters' '401': description: Unauthorized. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Missing Authorization: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/401/content/application~1json/examples/Missing%20Authorization' '403': description: Forbidden. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Insufficient Authorization: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/403/content/application~1json/examples/Insufficient%20Authorization' '404': description: The resource was not found. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Realm Not Found: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1applications/get/responses/404/content/application~1json/examples/Realm%20Not%20Found' '500': description: Server error. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Internal Error: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/500/content/application~1json/examples/Internal%20Error' get: operationId: ListAuthenticatorConfigs tags: - Authenticator Configurations summary: List Authenticator Configurations for a Realm description: | To list all authenticator configurations for a realm, send a GET request to `/v1/tenants/$TENANT_ID/realms/$REALM_ID/authenticator-configs`. The response will contain at most 100 items and may contain a page token to query the remaining items. If page size is not specified, the response will contain 100 items. There is no defined ordering of the list of authenticator configurations in the response. Note that the maximum and default page sizes are subject to change. When paginating, the page size is maintained by the page token but may be overridden on subsequent requests. The skip is not maintained by the page token and must be specified on each subsequent request. Page tokens expire after one week. Requests which specify an expired page token will result in undefined behavior. security: - BearerAuth: - 'authenticator-configs:read' parameters: - $ref: '#/components/parameters/tenant_id' - $ref: '#/components/parameters/realm_id' - $ref: '#/components/parameters/page_size' - $ref: '#/components/parameters/page_token' responses: '200': description: | The response will be a JSON object with a keys for `authenticator_configs` and `total_size`. `authenticator_configs` will be set to an array of authenticator configuration objects, each of which contains the standard authenticator configuration attributes. `total_size` will be set to the total number of items matched by the list request. If there are more items to be returned by the requested query, the response will also contain a key called `next_page_token`. content: application/json: schema: $ref: '#/components/schemas/ListAuthenticatorConfigsResponse' examples: Success: value: authenticator_configs: - id: 73731b7f-eb76-4143-9b4b-81a720385f5a realm_id: caf2ff640497591a tenant_id: 00011f1183c67b69 display_name: Pet Authenticator Configuration config: invoke_url: 'http://localhost:8092' invocation_type: automatic trusted_origins: - 'http://localhost:8092' type: embedded total_size: 1 '400': description: Bad request. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Invalid Parameters: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1applications/get/responses/400/content/application~1json/examples/Invalid%20Parameters' '401': description: Unauthorized. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Missing Authorization: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/401/content/application~1json/examples/Missing%20Authorization' '403': description: Forbidden. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Insufficient Authorization: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/403/content/application~1json/examples/Insufficient%20Authorization' '404': description: The resource was not found. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Realm Not Found: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1applications/get/responses/404/content/application~1json/examples/Realm%20Not%20Found' '500': description: Server error. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Internal Error: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/500/content/application~1json/examples/Internal%20Error' '/v1/tenants/{tenant_id}/realms/{realm_id}/authenticator-configs/{authenticator_config_id}': get: operationId: GetAuthenticatorConfig tags: - Authenticator Configurations summary: Retrieve an Existing Authenticator Configuration description: | To retrieve an existing authenticator configuration, send a GET request to `/v1/tenants/$TENANT_ID/realms/$REALM_ID/authenticator-configs/$AUTHENTICATOR_CONFIG_ID`. security: - BearerAuth: - 'authenticator-configs:read' parameters: - $ref: '#/components/parameters/tenant_id' - $ref: '#/components/parameters/realm_id' - $ref: '#/components/parameters/authenticator_config_id' responses: '200': description: | The response will be a JSON object containing the standard attributes associated with an authenticator configuration. content: application/json: schema: $ref: '#/components/schemas/AuthenticatorConfig' examples: Success: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1authenticator-configs/post/responses/200/content/application~1json/examples/Success%20Embedded' '401': description: Unauthorized. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Missing Authorization: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/401/content/application~1json/examples/Missing%20Authorization' '403': description: Forbidden. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Insufficient Authorization: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/403/content/application~1json/examples/Insufficient%20Authorization' '404': description: The resource was not found. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Authenticator Configuration Not Found: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1applications/get/responses/404/content/application~1json/examples/Realm%20Not%20Found' '500': description: Server error. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Internal Error: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/500/content/application~1json/examples/Internal%20Error' patch: operationId: UpdateAuthenticatorConfig tags: - Authenticator Configurations summary: Patch an Authenticator Configuration description: | To update only specific attributes of an existing authenticator configuration, send a PATCH request to `/v1/tenants/$TENANT_ID/realms/$REALM_ID/authenticator-configs/$AUTHENTICATOR_CONFIG_ID`. Values in the request body for immutable or read-only fields will be ignored. Fields that are omitted from the request body will be left unchanged. security: - BearerAuth: - 'authenticator-configs:update' parameters: - $ref: '#/components/parameters/tenant_id' - $ref: '#/components/parameters/realm_id' - $ref: '#/components/parameters/authenticator_config_id' requestBody: content: application/json: schema: title: Update Authenticator Configuration Request description: Request for UpdateAuthenticatorConfig. type: object properties: authenticator_config: $ref: '#/components/schemas/AuthenticatorConfig' required: - authenticator_config examples: Update Embedded Invoke URL: value: authenticator_config: display_name: Pet Authenticator Configuration config: invoke_url: 'http://localhost:8092' responses: '200': description: | The response will be a JSON object containing the standard attributes associated with an authenticator configuration. content: application/json: schema: $ref: '#/components/schemas/AuthenticatorConfig' examples: Success Embedded: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1authenticator-configs/post/responses/200/content/application~1json/examples/Success%20Embedded' Success Hosted Web: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1authenticator-configs/post/responses/200/content/application~1json/examples/Success%20Hosted%20Web' '400': description: Bad request. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Malformed Request: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/patch/responses/400/content/application~1json/examples/Malformed%20Request' Invalid Parameters: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1applications/get/responses/400/content/application~1json/examples/Invalid%20Parameters' '401': description: Unauthorized. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Missing Authorization: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/401/content/application~1json/examples/Missing%20Authorization' '403': description: Forbidden. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Insufficient Authorization: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/403/content/application~1json/examples/Insufficient%20Authorization' '404': description: The resource was not found. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Authenticator Configuration Not Found: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1applications/get/responses/404/content/application~1json/examples/Realm%20Not%20Found' '500': description: Server error. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Internal Error: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/500/content/application~1json/examples/Internal%20Error' delete: operationId: DeleteAuthenticatorConfig tags: - Authenticator Configurations summary: Delete an Authenticator Configuration description: | To delete an authenticator configuration, send a DELETE request to `/v1/tenants/$TENANT_ID/realms/$REALM_ID/authenticator-configs/$AUTHENTICATOR_CONFIG_ID`. A successful request will receive a 200 status code with no body in the response. This indicates that the request was processed successfully. security: - BearerAuth: - 'authenticator-configs:delete' parameters: - $ref: '#/components/parameters/tenant_id' - $ref: '#/components/parameters/realm_id' - $ref: '#/components/parameters/authenticator_config_id' responses: '200': description: The action was successful and the response body is empty. '401': description: Unauthorized. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Missing Authorization: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/401/content/application~1json/examples/Missing%20Authorization' '403': description: Forbidden. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Insufficient Authorization: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/403/content/application~1json/examples/Insufficient%20Authorization' '404': description: The resource was not found. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Authenticator Configuration Not Found: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1applications/get/responses/404/content/application~1json/examples/Realm%20Not%20Found' '500': description: Server error. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Internal Error: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/500/content/application~1json/examples/Internal%20Error' '/v1/tenants/{tenant_id}/realms/{realm_id}/resource-servers': post: operationId: CreateResourceServer tags: - Resource Servers summary: Create a New Resource Server description: | To create a resource server, send a POST request to `/v1/tenants/$TENANT_ID/realms/$REALM_ID/resource-servers`. Values in the request body for read-only fields will be ignored. security: - BearerAuth: - 'resource-servers:create' parameters: - $ref: '#/components/parameters/tenant_id' - $ref: '#/components/parameters/realm_id' requestBody: content: application/json: schema: title: Create Resource Server Request description: Request for CreateResourceServer. type: object properties: resource_server: $ref: '#/components/schemas/ResourceServer' required: - resource_server examples: Create Resource Server: value: resource_server: display_name: Pet API identifier: 'https://api.mypetapp.com' scopes: - 'pets:read' - 'pets:write' responses: '200': description: | The response will be a JSON object containing the standard attributes associated with a resource server. content: application/json: schema: $ref: '#/components/schemas/ResourceServer' examples: Success: value: id: 84db69f5-48a8-4c11-8cda-1bae3a73f07e realm_id: caf2ff640497591a tenant_id: 00011f1183c67b69 display_name: Pet API is_managed: false identifier: 'https://api.mypetapp.com' scopes: - 'pets:read' - 'pets:write' '400': description: Bad request. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Malformed Request: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/patch/responses/400/content/application~1json/examples/Malformed%20Request' Invalid Parameters: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1applications/get/responses/400/content/application~1json/examples/Invalid%20Parameters' '401': description: Unauthorized. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Missing Authorization: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/401/content/application~1json/examples/Missing%20Authorization' '403': description: Forbidden. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Insufficient Authorization: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/403/content/application~1json/examples/Insufficient%20Authorization' '404': description: The resource was not found. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Realm Not Found: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1applications/get/responses/404/content/application~1json/examples/Realm%20Not%20Found' '500': description: Server error. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Internal Error: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/500/content/application~1json/examples/Internal%20Error' get: operationId: ListResourceServers tags: - Resource Servers summary: List Resource Servers For a Realm description: | To list all resource servers for a realm, send a GET request to `/v1/tenants/$TENANT_ID/realms/$REALM_ID/resource-servers`. The response will contain at most 100 items and may contain a page token to query the remaining items. If page size is not specified, the response will contain 100 items. There is no defined ordering of the list of resource servers in the response. Note that the maximum and default page sizes are subject to change. When paginating, the page size is maintained by the page token but may be overridden on subsequent requests. The skip is not maintained by the page token and must be specified on each subsequent request. Page tokens expire after one week. Requests which specify an expired page token will result in undefined behavior. security: - BearerAuth: - 'resource-servers:read' parameters: - $ref: '#/components/parameters/tenant_id' - $ref: '#/components/parameters/realm_id' - $ref: '#/components/parameters/page_size' - $ref: '#/components/parameters/page_token' responses: '200': description: | The response will be a JSON object with a keys for `resource_servers` and `total_size`. `resource_servers` will be set to an array of resource server objects, each of which contains the standard resource server attributes. `total_size` will be set to the total number of items matched by the list request. If there are more items to be returned by the requested query, the response will also contain a key called `next_page_token`. content: application/json: schema: $ref: '#/components/schemas/ListResourceServersResponse' examples: Success: value: resource_servers: - id: 84db69f5-48a8-4c11-8cda-1bae3a73f07e realm_id: caf2ff640497591a tenant_id: 00011f1183c67b69 display_name: Pet API is_managed: false identifier: 'https://api.mypetapp.com' scopes: - 'pets:read' - 'pets:write' total_size: 1 '400': description: Bad request. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Invalid Parameters: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1applications/get/responses/400/content/application~1json/examples/Invalid%20Parameters' '401': description: Unauthorized. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Missing Authorization: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/401/content/application~1json/examples/Missing%20Authorization' '403': description: Forbidden. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Insufficient Authorization: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/403/content/application~1json/examples/Insufficient%20Authorization' '404': description: The resource was not found. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Realm Not Found: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1applications/get/responses/404/content/application~1json/examples/Realm%20Not%20Found' '500': description: Server error. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Internal Error: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/500/content/application~1json/examples/Internal%20Error' '/v1/tenants/{tenant_id}/realms/{realm_id}/resource-servers/{resource_server_id}': get: operationId: GetResourceServer tags: - Resource Servers summary: Retrieve an Existing Resource Server description: | To retrieve an existing resource server, send a GET request to `/v1/tenants/$TENANT_ID/realms/$REALM_ID/resource-servers/$RESOURCE_SERVER_ID`. security: - BearerAuth: - 'resource-servers:read' parameters: - $ref: '#/components/parameters/tenant_id' - $ref: '#/components/parameters/realm_id' - $ref: '#/components/parameters/resource_server_id' responses: '200': description: | The response will be a JSON object containing the standard attributes associated with a resource server. content: application/json: schema: $ref: '#/components/schemas/ResourceServer' examples: Success: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1resource-servers/post/responses/200/content/application~1json/examples/Success' '401': description: Unauthorized. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Missing Authorization: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/401/content/application~1json/examples/Missing%20Authorization' '403': description: Forbidden. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Insufficient Authorization: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/403/content/application~1json/examples/Insufficient%20Authorization' '404': description: The resource was not found. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Resource Server Not Found: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1applications/get/responses/404/content/application~1json/examples/Realm%20Not%20Found' '500': description: Server error. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Internal Error: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/500/content/application~1json/examples/Internal%20Error' patch: operationId: UpdateResourceServer tags: - Resource Servers summary: Patch a Resource Server description: | To update only specific attributes of an existing resource server, send a a PATCH request to `/v1/tenants/$TENANT_ID/realms/$REALM_ID/resource-servers/$RESOURCE_SERVER_ID`. Values in the request body for immutable or read-only fields will be ignored. Fields that are omitted from the request body will be left unchanged. Scopes that are removed from a resource server will be asynchronously removed from all roles associated with the resource server. security: - BearerAuth: - 'resource-servers:update' parameters: - $ref: '#/components/parameters/tenant_id' - $ref: '#/components/parameters/realm_id' - $ref: '#/components/parameters/resource_server_id' requestBody: content: application/json: schema: title: Update Resource Server Request description: Request for UpdateResourceServer. type: object properties: resource_server: $ref: '#/components/schemas/ResourceServer' required: - resource_server examples: Update Display Name: value: resource_server: display_name: Pet API responses: '200': description: | The response will be a JSON object containing the standard attributes associated with a resource server. content: application/json: schema: $ref: '#/components/schemas/ResourceServer' examples: Success: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1resource-servers/post/responses/200/content/application~1json/examples/Success' '400': description: Bad request. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Malformed Request: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/patch/responses/400/content/application~1json/examples/Malformed%20Request' Invalid Parameters: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1applications/get/responses/400/content/application~1json/examples/Invalid%20Parameters' '401': description: Unauthorized. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Missing Authorization: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/401/content/application~1json/examples/Missing%20Authorization' '403': description: Forbidden. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Insufficient Authorization: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/403/content/application~1json/examples/Insufficient%20Authorization' '404': description: The resource was not found. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Resource Server Not Found: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1applications/get/responses/404/content/application~1json/examples/Realm%20Not%20Found' '500': description: Server error. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Internal Error: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/500/content/application~1json/examples/Internal%20Error' delete: operationId: DeleteResourceServer tags: - Resource Servers summary: Delete a Resource Server description: | To delete a resource server, send a DELETE request to `/v1/tenants/$TENANT_ID/realms/$REALM_ID/resource-servers/$RESOURCE_SERVER_ID`. A successful request will receive a 200 status code with no body in the response. This indicates that the request was processed successfully. security: - BearerAuth: - 'resource-servers:delete' parameters: - $ref: '#/components/parameters/tenant_id' - $ref: '#/components/parameters/realm_id' - $ref: '#/components/parameters/resource_server_id' responses: '200': description: The action was successful and the response body is empty. '401': description: Unauthorized. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Missing Authorization: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/401/content/application~1json/examples/Missing%20Authorization' '403': description: Forbidden. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Insufficient Authorization: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/403/content/application~1json/examples/Insufficient%20Authorization' '404': description: The resource was not found. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Resource Server Not Found: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1applications/get/responses/404/content/application~1json/examples/Realm%20Not%20Found' '500': description: Server error. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Internal Error: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/500/content/application~1json/examples/Internal%20Error' '/v1/tenants/{tenant_id}/realms/{realm_id}/applications/{application_id}/tokens': get: operationId: ListTokens tags: - Tokens summary: List Tokens description: | To list all tokens issued by an application, send a GET request to `/v1/tenants/$TENANT_ID/realms/$REALM_ID/applications/$APPLICATION_ID/tokens`. The `$APPLICATION_ID` in path corresponds to the application that is the issuer of the token. To filter the list of tokens by a principal, set `principal_type` and `principal_id`. These parameters are optional. The response will contain at most 100 items and may contain a page token to query the remaining items. If page size is not specified, the response will contain 100 items. There is no defined ordering of the list of tokens in the response. Note that the maximum and default page sizes are subject to change. When paginating, the page size is maintained by the page token but may be overridden on subsequent requests. The skip is not maintained by the page token and must be specified on each subsequent request. Page tokens expire after one week. Requests which specify an expired page token will result in undefined behavior. security: - BearerAuth: - 'tokens:read' parameters: - $ref: '#/components/parameters/tenant_id' - $ref: '#/components/parameters/realm_id' - $ref: '#/components/parameters/application_id' - $ref: '#/components/parameters/principal_type' - $ref: '#/components/parameters/principal_id' responses: '200': description: | The response will be a JSON object with keys called `tokens` and `total_size`. `tokens` will be set to an array of token objects, each of which contains the standard token attributes. `total_size` will be set to the total number of items matched by the list request. If there are more items to be returned by the requested query, the response will also contain a key called `next_page_token`. content: application/json: schema: title: List Tokens Response description: Response for ListTokens. type: object properties: tokens: type: array items: title: Token type: object description: | A token represents a record of an access token or a refresh token issued by Beyond Identity. properties: id: type: string description: | A unique identifier for a token. This is automatically generated on creation. This field is immutable and read-only. This field is unique within the realm. For JWS tokens, the token_id is the same as the value of the `jti` claim. readOnly: true example: cTXMRjNrTz7w3p7wO5HJ5cUTpFt5Z3yL display_name: type: string description: | A human-readable name for the token. This name is used for display purposes. example: Testing token only for creating identities scopes: type: array items: type: string example: 'applications:create' description: | A list of scopes granted by this token. This field is immutable and read-only. readOnly: true token_suffix: type: string description: | The last few characters of the cryptographic string that corresponds to this token. This can be used to identify which token the listing entry corresponds to. This field is immutable and read-only. readOnly: true example: JV_adQssw5c token_format: description: | Format of the token. Allowable values are: - `self_contained`: token in JWT format. - `referential`: Encoded token which requires /introspect call in order to retrieve token claims. type: string example: self_contained readOnly: true expires: type: integer format: uint32 description: | The expiration time of this token formatted as a unix timestamp in seconds. This field is immutable and read-only. readOnly: true example: 1677246914 issued_at: type: integer format: uint32 description: | The time when this token has been issued formatted as a unix timestamp in seconds. This field is immutable and read-only. readOnly: true example: 1677246914 token_type: type: string description: | Type of the token. Allowable values are: - `access` - `refresh` - `identity` readOnly: true example: access maxItems: 100 description: | An unordered array of tokens corresponding to the request. total_size: type: integer format: uint32 description: | Total number of results returned by the operation. This value may be larger than the number of resources returned, such as when returning a single page where multiple pages are available. example: 1000 next_page_token: type: string description: | Token used to fetch the next set of results. If this field is omitted, there are no subsequent pages. required: - tokens - total_size examples: Success: value: tokens: - id: cTXMRjNrTz7w3p7wO5HJ5cUTpFt5Z3yL display_name: Testing token only for creating applications scopes: - 'applications:create' token_suffix: JV_adQssw5c token_format: self_contained expires: 1677246914 issued_at: 1677246914 token_type: access total_size: 1 '401': description: Unauthorized. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Missing Authorization: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/401/content/application~1json/examples/Missing%20Authorization' '403': description: Forbidden. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Insufficient Authorization: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/403/content/application~1json/examples/Insufficient%20Authorization' '404': description: The resource was not found. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Application Not Found: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1applications/get/responses/404/content/application~1json/examples/Realm%20Not%20Found' '500': description: Server error. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Internal Error: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/500/content/application~1json/examples/Internal%20Error' '/v1/tenants/{tenant_id}/realms/{realm_id}/applications/{application_id}/tokens/{token_id}': delete: operationId: RevokeToken tags: - Tokens summary: Revoke a Token description: | To revoke a token, send a DELETE request to `/v1/tenants/$TENANT_ID/realms/$REALM_ID/applications/$APPLICATION_ID/tokens/$TOKEN_ID`. The `$APPLICATION_ID` in path corresponds to the application that is the issuer of the token. A successful request will receive a 200 status code with no body in the response. This indicates that the request was processed successfully. If the token ID is not available, the access token must be revoked via the [RFC-7009 revoke endpoint](https://developer.beyondidentity.com/docs/revoke-access-tokens). security: - BearerAuth: - 'tokens:delete' parameters: - $ref: '#/components/parameters/tenant_id' - $ref: '#/components/parameters/realm_id' - $ref: '#/components/parameters/application_id' - $ref: '#/components/parameters/token_id' responses: '200': description: The action was successful and the response body is empty. '401': description: Unauthorized. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Missing Authorization: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/401/content/application~1json/examples/Missing%20Authorization' '403': description: Forbidden. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Insufficient Authorization: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/403/content/application~1json/examples/Insufficient%20Authorization' '404': description: The resource was not found. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Application Not Found: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1applications/get/responses/404/content/application~1json/examples/Realm%20Not%20Found' '500': description: Server error. content: application/json: schema: $ref: '#/components/schemas/Error' examples: Internal Error: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D/get/responses/500/content/application~1json/examples/Internal%20Error' '/v1/tenants/{tenant_id}/realms/{realm_id}/scim/v2/Users': post: tags: - SCIM operationId: SCIMCreateUser summary: Create a New User description: | To create a user, send a POST request to `/Users`. Values in the request body for read-only fields will be ignored. security: - BearerAuth: - 'scim:users:create' requestBody: content: application/json: schema: title: Create User Request description: Request for CreateUser. type: object properties: user: $ref: '#/components/schemas/SCIMUser' required: - user examples: Create User: value: schemas: - 'urn:ietf:params:scim:schemas:core:2.0:User' active: true userName: bjensen displayName: Ms. Barbara Jensen externalId: bjensen name: familyName: Jensen givenName: Barbara emails: - value: bjensen@example.com primary: true responses: '201': description: | The response will be a JSON object containing the standard attributes associated with a user. content: application/json: schema: $ref: '#/components/schemas/SCIMUser' examples: Success: value: schemas: - 'urn:ietf:params:scim:schemas:core:2.0:User' id: 2819c223-7f76-453a-919d-413861904646 externalId: bjensen userName: bjensen displayName: Ms. Barbara J Jensen III name: - familyName: Jensen - givenName: Barbara active: true emails: - primary: true value: bjensen@example.com meta: resourceType: User created: '2022-10-12T05:11:47Z' lastModified: '2023-03-30T06:00:03Z' location: Users/2819c223-7f76-453a-919d-413861904646 version: W/0 '400': description: Bad request. content: application/json: schema: $ref: '#/components/schemas/SCIMError' examples: Invalid Parameters: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1scim~1v2~1Users/get/responses/400/content/application~1json/examples/Invalid%20Parameters' '401': description: Unauthorized. content: application/json: schema: $ref: '#/components/schemas/SCIMError' examples: Missing Authorization: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1scim~1v2~1Users/get/responses/401/content/application~1json/examples/Missing%20Authorization' '403': description: Forbidden. content: application/json: schema: $ref: '#/components/schemas/SCIMError' examples: Missing Authorization: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1scim~1v2~1Users/get/responses/403/content/application~1json/examples/Missing%20Authorization' '429': description: Rate limit exceeded. headers: RateLimit-Limit: schema: type: string description: 'Request limit per time window (see https://www.ietf.org/archive/id/draft-polli-ratelimit-headers-02.html#section-toc.1-1.3.2.1.1).' example: 1 RateLimit-Remaining: schema: type: integer description: The number of requests left for the time window. example: 0 RateLimit-Reset: schema: type: integer description: Number of seconds until the current rate limit window resets. example: 30 '500': description: Server error. content: application/json: schema: $ref: '#/components/schemas/SCIMError' examples: Internal Error: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1scim~1v2~1Users/get/responses/500/content/application~1json/examples/Internal%20Error' get: tags: - SCIM operationId: SCIMListUsers summary: List All Users description: | To list all users, send a GET request to `/Users`. Currently, filtering on users only supports the `eq` and `ne` operators and the `userName` and `externalId` attributes. The response will contain at most 1000 items. If count is not specified or is zero, the response will not contain any resources. There is no defined ordering of the list of users in the response. Note that the maximum page size is subject to change. security: - BearerAuth: - 'scim:users:read' parameters: - $ref: '#/components/parameters/scim_filter' - $ref: '#/components/parameters/scim_count' - $ref: '#/components/parameters/scim_start_index' responses: '200': description: | The response will be a ListResponse containing the users corresponding to the request. The `totalResults` key may be used to determine whether there are additional pages to fetch for the request. content: application/json: schema: title: List Users Response description: Response for ListUsers. type: object properties: schemas: type: array description: | The list of schemas used to define the list response. This only contains the ListResponse schema ("urn:ietf:params:scim:api:messages:2.0:ListResponse"). items: type: string example: 'urn:ietf:params:scim:api:messages:2.0:ListResponse' Resources: type: array description: | An array of users corresponding to the filter from the request. items: $ref: '#/components/schemas/SCIMUser' maxItems: 1000 totalResults: type: integer format: uint32 description: | Total number of results matching the request. This value may be larger than the number of resources returned, such as when returning a single page of results where multiple pages are available. startIndex: type: integer format: uint32 description: | The 1-based index of the first result in the current set of list results. itemsPerPage: type: integer format: uint32 description: | The number of resources returned in a list response page. required: - schemas - Resources - totalResults - startIndex - itemsPerPage examples: Success: value: schemas: - 'urn:ietf:params:scim:api:messages:2.0:ListResponse' Resources: - schemas: - 'urn:ietf:params:scim:schemas:core:2.0:User' id: 2819c223-7f76-453a-919d-413861904646 externalId: bjensen userName: bjensen displayName: Ms. Barbara J Jensen III name: - familyName: Jensen - givenName: Barbara active: true emails: - primary: true value: bjensen@example.com meta: resourceType: User created: '2022-10-12T05:11:47Z' lastModified: '2023-03-30T06:00:03Z' location: Users/2819c223-7f76-453a-919d-413861904646 version: W/0 itemsPerPage: 1000 startIndex: 1 totalResults: 1 '400': description: Bad request. content: application/json: schema: $ref: '#/components/schemas/SCIMError' examples: Invalid Parameters: value: schemas: - 'urn:ietf:params:scim:api:messages:2.0:Error' status: '400' scimType: invalidValue detail: 'A required value was missing, or the value specified was not compatible with the operation or attribute type, or resource schema.' '401': description: Unauthorized. content: application/json: schema: $ref: '#/components/schemas/SCIMError' examples: Missing Authorization: value: schemas: - 'urn:ietf:params:scim:api:messages:2.0:Error' status: '401' detail: The authorization header is invalid or missing. scimType: unauthorized '403': description: Forbidden. content: application/json: schema: $ref: '#/components/schemas/SCIMError' examples: Missing Authorization: value: schemas: - 'urn:ietf:params:scim:api:messages:2.0:Error' status: '403' detail: token is unauthorized. scimType: forbidden '429': description: Rate limit exceeded. headers: RateLimit-Limit: schema: type: string description: 'Request limit per time window (see https://www.ietf.org/archive/id/draft-polli-ratelimit-headers-02.html#section-toc.1-1.3.2.1.1).' example: 1 RateLimit-Remaining: schema: type: integer description: The number of requests left for the time window. example: 0 RateLimit-Reset: schema: type: integer description: Number of seconds until the current rate limit window resets. example: 30 '500': description: Server error. content: application/json: schema: $ref: '#/components/schemas/SCIMError' examples: Internal Error: value: schemas: - 'urn:ietf:params:scim:api:messages:2.0:Error' status: '500' '/v1/tenants/{tenant_id}/realms/{realm_id}/scim/v2/Users/{user_id}': get: tags: - SCIM operationId: SCIMGetUser summary: Retrieve an Existing User description: | To retrieve an existing user, send a GET request to `/Users/$USER_ID`. security: - BearerAuth: - 'scim:users:read' parameters: - $ref: '#/components/parameters/scim_user_id' responses: '200': description: OK. content: application/json: schema: $ref: '#/components/schemas/SCIMUser' '400': description: Bad request. content: application/json: schema: $ref: '#/components/schemas/SCIMError' examples: Invalid Parameters: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1scim~1v2~1Users/get/responses/400/content/application~1json/examples/Invalid%20Parameters' '401': description: Unauthorized. content: application/json: schema: $ref: '#/components/schemas/SCIMError' examples: Missing Authorization: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1scim~1v2~1Users/get/responses/401/content/application~1json/examples/Missing%20Authorization' '403': description: Forbidden. content: application/json: schema: $ref: '#/components/schemas/SCIMError' examples: Missing Authorization: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1scim~1v2~1Users/get/responses/403/content/application~1json/examples/Missing%20Authorization' '404': description: The resource was not found. content: application/json: schema: $ref: '#/components/schemas/SCIMError' examples: User Not Found: value: schemas: - 'urn:ietf:params:scim:api:messages:2.0:Error' status: '404' detail: Resource 2819c223-7f76-453a-919d-413861904646 not found. '429': description: Rate limit exceeded. headers: RateLimit-Limit: schema: type: string description: 'Request limit per time window (see https://www.ietf.org/archive/id/draft-polli-ratelimit-headers-02.html#section-toc.1-1.3.2.1.1).' example: 1 RateLimit-Remaining: schema: type: integer description: The number of requests left for the time window. example: 0 RateLimit-Reset: schema: type: integer description: Number of seconds until the current rate limit window resets. example: 30 '500': description: Server error. content: application/json: schema: $ref: '#/components/schemas/SCIMError' examples: Internal Error: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1scim~1v2~1Users/get/responses/500/content/application~1json/examples/Internal%20Error' patch: tags: - SCIM operationId: SCIMUpdateUser summary: Patch a User description: | To update only specific attributes of an existing user, send a PATCH request to `/Users/$USER_ID`. Values in the request body for immutable or read-only fields will be ignored. Fields that are omitted from the request body will be left unchanged. Note that the Beyond Identity SCIM server currently does not support atomic PATCH operations. If a request contains multiple operations, the request may be partially applied. Currently, only "add" and "replace" operations are supported for users. security: - BearerAuth: - 'scim:users:update' parameters: - $ref: '#/components/parameters/scim_user_id' requestBody: content: application/json: schema: title: Update User Request description: Request for UpdateUser. type: object properties: user: $ref: '#/components/schemas/SCIMUser' required: - user examples: Update Display Name: value: schemas: - 'urn:ietf:params:scim:api:messages:2.0:PatchOp' Operations: - op: replace path: displayName value: Ms. Barbara J Jensen III responses: '200': description: | The response will be a JSON object containing the standard attributes associated with a user. content: application/json: schema: $ref: '#/components/schemas/SCIMUser' examples: Success: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1scim~1v2~1Users/post/responses/201/content/application~1json/examples/Success' '400': description: Bad request. content: application/json: schema: $ref: '#/components/schemas/SCIMError' examples: Invalid Parameters: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1scim~1v2~1Users/get/responses/400/content/application~1json/examples/Invalid%20Parameters' '401': description: Unauthorized. content: application/json: schema: $ref: '#/components/schemas/SCIMError' examples: Missing Authorization: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1scim~1v2~1Users/get/responses/401/content/application~1json/examples/Missing%20Authorization' '403': description: Forbidden. content: application/json: schema: $ref: '#/components/schemas/SCIMError' examples: Missing Authorization: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1scim~1v2~1Users/get/responses/403/content/application~1json/examples/Missing%20Authorization' '404': description: The resource was not found. content: application/json: schema: $ref: '#/components/schemas/SCIMError' examples: User Not Found: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1scim~1v2~1Users~1%7Buser_id%7D/get/responses/404/content/application~1json/examples/User%20Not%20Found' '429': description: Rate limit exceeded. headers: RateLimit-Limit: schema: type: string description: 'Request limit per time window (see https://www.ietf.org/archive/id/draft-polli-ratelimit-headers-02.html#section-toc.1-1.3.2.1.1).' example: 1 RateLimit-Remaining: schema: type: integer description: The number of requests left for the time window. example: 0 RateLimit-Reset: schema: type: integer description: Number of seconds until the current rate limit window resets. example: 30 '500': description: Server error. content: application/json: schema: $ref: '#/components/schemas/SCIMError' examples: Internal Error: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1scim~1v2~1Users/get/responses/500/content/application~1json/examples/Internal%20Error' put: tags: - SCIM operationId: SCIMReplaceUser summary: Replace a User description: | To replace all attributes of an existing user, send a PUT request to `/Users/$USER_ID`. Values in the request body for immutable or read-only fields will be ignored. security: - BearerAuth: - 'scim:users:update' parameters: - $ref: '#/components/parameters/scim_user_id' requestBody: content: application/json: schema: title: Update User Request description: Request for UpdateUser. type: object properties: user: $ref: '#/components/schemas/SCIMUser' required: - user examples: Replace User: value: schemas: - 'urn:ietf:params:scim:schemas:core:2.0:User' active: true userName: bjensen externalId: bjensen displayName: Ms. Barbara J Jensen III name: familyName: Jensen givenName: Barbara emails: - value: bjensen@example.com primary: true responses: '200': description: | The response will be a JSON object containing the standard attributes associated with a user. content: application/json: schema: $ref: '#/components/schemas/SCIMUser' examples: Success: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1scim~1v2~1Users/post/responses/201/content/application~1json/examples/Success' '400': description: Bad request. content: application/json: schema: $ref: '#/components/schemas/SCIMError' examples: Invalid Parameters: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1scim~1v2~1Users/get/responses/400/content/application~1json/examples/Invalid%20Parameters' '401': description: Unauthorized. content: application/json: schema: $ref: '#/components/schemas/SCIMError' examples: Missing Authorization: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1scim~1v2~1Users/get/responses/401/content/application~1json/examples/Missing%20Authorization' '403': description: Forbidden. content: application/json: schema: $ref: '#/components/schemas/SCIMError' examples: Missing Authorization: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1scim~1v2~1Users/get/responses/403/content/application~1json/examples/Missing%20Authorization' '404': description: The resource was not found. content: application/json: schema: $ref: '#/components/schemas/SCIMError' examples: User Not Found: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1scim~1v2~1Users~1%7Buser_id%7D/get/responses/404/content/application~1json/examples/User%20Not%20Found' '429': description: Rate limit exceeded. headers: RateLimit-Limit: schema: type: string description: 'Request limit per time window (see https://www.ietf.org/archive/id/draft-polli-ratelimit-headers-02.html#section-toc.1-1.3.2.1.1).' example: 1 RateLimit-Remaining: schema: type: integer description: The number of requests left for the time window. example: 0 RateLimit-Reset: schema: type: integer description: Number of seconds until the current rate limit window resets. example: 30 '500': description: Server error. content: application/json: schema: $ref: '#/components/schemas/SCIMError' examples: Internal Error: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1scim~1v2~1Users/get/responses/500/content/application~1json/examples/Internal%20Error' delete: tags: - SCIM operationId: SCIMDeleteUser summary: Delete a User description: 'To delete a user, send a DELETE request to `/Users/$USER_ID`.' security: - BearerAuth: - 'scim:users:delete' parameters: - $ref: '#/components/parameters/scim_user_id' responses: '204': description: The action was successful and the response body is empty. '400': description: Bad request. content: application/json: schema: $ref: '#/components/schemas/SCIMError' examples: Invalid Parameters: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1scim~1v2~1Users/get/responses/400/content/application~1json/examples/Invalid%20Parameters' '401': description: Unauthorized. content: application/json: schema: $ref: '#/components/schemas/SCIMError' examples: Missing Authorization: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1scim~1v2~1Users/get/responses/401/content/application~1json/examples/Missing%20Authorization' '403': description: Forbidden. content: application/json: schema: $ref: '#/components/schemas/SCIMError' examples: Missing Authorization: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1scim~1v2~1Users/get/responses/403/content/application~1json/examples/Missing%20Authorization' '404': description: The resource was not found. content: application/json: schema: $ref: '#/components/schemas/SCIMError' examples: User Not Found: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1scim~1v2~1Users~1%7Buser_id%7D/get/responses/404/content/application~1json/examples/User%20Not%20Found' '429': description: Rate limit exceeded. headers: RateLimit-Limit: schema: type: string description: 'Request limit per time window (see https://www.ietf.org/archive/id/draft-polli-ratelimit-headers-02.html#section-toc.1-1.3.2.1.1).' example: 1 RateLimit-Remaining: schema: type: integer description: The number of requests left for the time window. example: 0 RateLimit-Reset: schema: type: integer description: Number of seconds until the current rate limit window resets. example: 30 '500': description: Server error. content: application/json: schema: $ref: '#/components/schemas/SCIMError' examples: Internal Error: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1scim~1v2~1Users/get/responses/500/content/application~1json/examples/Internal%20Error' '/v1/tenants/{tenant_id}/realms/{realm_id}/scim/v2/Groups/': post: tags: - SCIM operationId: SCIMCreateGroup summary: Create a New Group description: | To create a group, send a POST request to `/Groups`. Values in the request body for read-only fields will be ignored. security: - BearerAuth: - 'scim:groups:create' requestBody: content: application/json: schema: title: Create Group Request description: Request for CreateGroup. type: object properties: group: $ref: '#/components/schemas/SCIMGroup' required: - group examples: Create Group: value: schemas: - 'urn:ietf:params:scim:schemas:core:2.0:Group' id: 22e7c78c-39ff-4501-8ed4-32d0479e54c1 displayName: Test Group responses: '201': description: | The response will be a JSON object containing the standard attributes associated with a group. content: application/json: schema: $ref: '#/components/schemas/SCIMGroup' examples: Success: value: schemas: - 'urn:ietf:params:scim:schemas:core:2.0:Group' id: 22e7c78c-39ff-4501-8ed4-32d0479e54c1 displayName: Test Group meta: created: '2023-04-10T06:08:28Z' lastModified: '2023-04-10T06:08:28Z' location: Groups/22e7c78c-39ff-4501-8ed4-32d0479e54c1 resourceType: Group version: W/0 '400': description: Bad request. content: application/json: schema: $ref: '#/components/schemas/SCIMError' examples: Invalid Parameters: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1scim~1v2~1Users/get/responses/400/content/application~1json/examples/Invalid%20Parameters' '401': description: Unauthorized. content: application/json: schema: $ref: '#/components/schemas/SCIMError' examples: Missing Authorization: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1scim~1v2~1Users/get/responses/401/content/application~1json/examples/Missing%20Authorization' '403': description: Forbidden. content: application/json: schema: $ref: '#/components/schemas/SCIMError' examples: Missing Authorization: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1scim~1v2~1Users/get/responses/403/content/application~1json/examples/Missing%20Authorization' '429': description: Rate limit exceeded. headers: RateLimit-Limit: schema: type: string description: 'Request limit per time window (see https://www.ietf.org/archive/id/draft-polli-ratelimit-headers-02.html#section-toc.1-1.3.2.1.1).' example: 1 RateLimit-Remaining: schema: type: integer description: The number of requests left for the time window. example: 0 RateLimit-Reset: schema: type: integer description: Number of seconds until the current rate limit window resets. example: 30 '500': description: Server error. content: application/json: schema: $ref: '#/components/schemas/SCIMError' examples: Internal Error: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1scim~1v2~1Users/get/responses/500/content/application~1json/examples/Internal%20Error' get: tags: - SCIM operationId: SCIMListGroups summary: List All Groups description: | To list all groups, send a GET request to `/Groups`. Currently, filtering on groups only supports the `eq` and `ne` operators and the `displayName` attribute. The response will contain at most 1000 items. If count is not specified or is zero, the response will not contain any resources. There is no defined ordering of the list of groups in the response. Note that the maximum page size is subject to change. Members will not be returned with the group. security: - BearerAuth: - 'scim:groups:read' parameters: - $ref: '#/components/parameters/scim_filter' - $ref: '#/components/parameters/scim_count' - $ref: '#/components/parameters/scim_start_index' responses: '200': description: | The response will be a ListResponse containing the groups corresponding to the request. The `totalResults` key may be used to determine whether there are additional pages to fetch for the request. content: application/json: schema: title: List Groups Response description: Response for ListGroups. type: object properties: schemas: type: array description: | The list of schemas used to define the list response. This only contains the ListResponse schema ("urn:ietf:params:scim:api:messages:2.0:ListResponse"). items: type: string example: 'urn:ietf:params:scim:api:messages:2.0:ListResponse' Resources: type: array description: | An array of groups corresponding to the filter from the request. items: $ref: '#/components/schemas/SCIMGroup' maxItems: 1000 totalResults: type: integer format: uint32 description: | Total number of results matching the request. This value may be larger than the number of resources returned, such as when returning a single page of results where multiple pages are available. startIndex: type: integer format: uint32 description: | The 1-based index of the first result in the current set of list results. itemsPerPage: type: integer format: uint32 description: | The number of resources returned in a list response page. required: - schemas - Resources - totalResults - startIndex - itemsPerPage examples: Success: value: schemas: - 'urn:ietf:params:scim:api:messages:2.0:ListResponse' Resources: - schemas: - 'urn:ietf:params:scim:schemas:core:2.0:Group' id: 22e7c78c-39ff-4501-8ed4-32d0479e54c1 displayName: Test Group meta: created: '2023-04-10T06:08:28Z' lastModified: '2023-04-10T06:08:28Z' location: Groups/22e7c78c-39ff-4501-8ed4-32d0479e54c1 resourceType: Group version: W/0 itemsPerPage: 1000 startIndex: 1 totalResults: 1 '400': description: Bad request. content: application/json: schema: $ref: '#/components/schemas/SCIMError' examples: Invalid Parameters: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1scim~1v2~1Users/get/responses/400/content/application~1json/examples/Invalid%20Parameters' '401': description: Unauthorized. content: application/json: schema: $ref: '#/components/schemas/SCIMError' examples: Missing Authorization: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1scim~1v2~1Users/get/responses/401/content/application~1json/examples/Missing%20Authorization' '403': description: Forbidden. content: application/json: schema: $ref: '#/components/schemas/SCIMError' examples: Missing Authorization: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1scim~1v2~1Users/get/responses/403/content/application~1json/examples/Missing%20Authorization' '429': description: Rate limit exceeded. headers: RateLimit-Limit: schema: type: string description: 'Request limit per time window (see https://www.ietf.org/archive/id/draft-polli-ratelimit-headers-02.html#section-toc.1-1.3.2.1.1).' example: 1 RateLimit-Remaining: schema: type: integer description: The number of requests left for the time window. example: 0 RateLimit-Reset: schema: type: integer description: Number of seconds until the current rate limit window resets. example: 30 '500': description: Server error. content: application/json: schema: $ref: '#/components/schemas/SCIMError' examples: Internal Error: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1scim~1v2~1Users/get/responses/500/content/application~1json/examples/Internal%20Error' '/v1/tenants/{tenant_id}/realms/{realm_id}/scim/v2/Groups/{group_id}': get: tags: - SCIM operationId: SCIMGetGroup summary: Retrieve an existing group description: | To retrieve an existing group, send a GET request to `/Groups/$GROUP_ID`. security: - BearerAuth: - 'scim:groups:read' parameters: - $ref: '#/components/parameters/scim_group_id' responses: '200': description: | The response will be a JSON object containing the standard attributes associated with a group. content: application/json: schema: $ref: '#/components/schemas/SCIMGroup' '400': description: Bad request. content: application/json: schema: $ref: '#/components/schemas/SCIMError' examples: Invalid Parameters: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1scim~1v2~1Users/get/responses/400/content/application~1json/examples/Invalid%20Parameters' '401': description: Unauthorized. content: application/json: schema: $ref: '#/components/schemas/SCIMError' examples: Missing Authorization: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1scim~1v2~1Users/get/responses/401/content/application~1json/examples/Missing%20Authorization' '403': description: Forbidden. content: application/json: schema: $ref: '#/components/schemas/SCIMError' examples: Missing Authorization: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1scim~1v2~1Users/get/responses/403/content/application~1json/examples/Missing%20Authorization' '404': description: The resource was not found. content: application/json: schema: $ref: '#/components/schemas/SCIMError' examples: Group Not Found: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1scim~1v2~1Users~1%7Buser_id%7D/get/responses/404/content/application~1json/examples/User%20Not%20Found' '429': description: Rate limit exceeded. headers: RateLimit-Limit: schema: type: string description: 'Request limit per time window (see https://www.ietf.org/archive/id/draft-polli-ratelimit-headers-02.html#section-toc.1-1.3.2.1.1).' example: 1 RateLimit-Remaining: schema: type: integer description: The number of requests left for the time window. example: 0 RateLimit-Reset: schema: type: integer description: Number of seconds until the current rate limit window resets. example: 30 '500': description: Server error. content: application/json: schema: $ref: '#/components/schemas/SCIMError' examples: Internal Error: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1scim~1v2~1Users/get/responses/500/content/application~1json/examples/Internal%20Error' patch: tags: - SCIM operationId: SCIMUpdateGroup summary: Patch a Group description: | To update only specific attributes of an existing group, send a PATCH request to `/Groups/$GROUP_ID`. Values in the request body for immutable or read-only fields will be ignored. Fields that are omitted from the request body will be left unchanged. Note that the Beyond Identity SCIM server currently does not support atomic PATCH operations. If a request contains multiple operations, the request may be partially applied. The Beyond Identity SCIM server also does not support modifying both a group and its membership in the same operation. For example, a PATCH request to update a group's display name and its membership should specify two separate operations, one to update the display name and the other to modify the membership. Currently, "replace" operations are supported for displayName while "add" and "remove" operations are supported for members. Multiple members may be added at a time, but batch remove is not supported. Note that while member changes will take affect, they will not be reflected in the response as members are not currently returned with groups. security: - BearerAuth: - 'scim:groups:update' parameters: - $ref: '#/components/parameters/scim_group_id' requestBody: content: application/json: schema: title: Update Group Request description: Request for UpdateGroup. type: object properties: group: $ref: '#/components/schemas/SCIMGroup' required: - group examples: Replace DisplayName: value: schemas: - 'urn:ietf:params:scim:api:messages:2.0:PatchOp' Operations: - op: replace path: displayName value: Test Group Add Members: value: schemas: - 'urn:ietf:params:scim:api:messages:2.0:PatchOp' Operations: - op: add path: members value: - value: 6c9f819d6a0f1b57 - value: a46bd3fb5c62d80d Remove Member: value: schemas: - 'urn:ietf:params:scim:api:messages:2.0:PatchOp' Operations: - op: remove path: members value: - value: 6c9f819d6a0f1b57 responses: '200': description: | The response will be a JSON object containing the standard attributes associated with a group. content: application/json: schema: $ref: '#/components/schemas/SCIMGroup' examples: Success: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1scim~1v2~1Groups~1/post/responses/201/content/application~1json/examples/Success' '400': description: Bad request. content: application/json: schema: $ref: '#/components/schemas/SCIMError' examples: Invalid Parameters: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1scim~1v2~1Users/get/responses/400/content/application~1json/examples/Invalid%20Parameters' '401': description: Unauthorized. content: application/json: schema: $ref: '#/components/schemas/SCIMError' examples: Missing Authorization: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1scim~1v2~1Users/get/responses/401/content/application~1json/examples/Missing%20Authorization' '403': description: Forbidden. content: application/json: schema: $ref: '#/components/schemas/SCIMError' examples: Missing Authorization: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1scim~1v2~1Users/get/responses/403/content/application~1json/examples/Missing%20Authorization' '404': description: The resource was not found. content: application/json: schema: $ref: '#/components/schemas/SCIMError' examples: Group Not Found: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1scim~1v2~1Users~1%7Buser_id%7D/get/responses/404/content/application~1json/examples/User%20Not%20Found' '429': description: Rate limit exceeded. headers: RateLimit-Limit: schema: type: string description: 'Request limit per time window (see https://www.ietf.org/archive/id/draft-polli-ratelimit-headers-02.html#section-toc.1-1.3.2.1.1).' example: 1 RateLimit-Remaining: schema: type: integer description: The number of requests left for the time window. example: 0 RateLimit-Reset: schema: type: integer description: Number of seconds until the current rate limit window resets. example: 30 '500': description: Server error. content: application/json: schema: $ref: '#/components/schemas/SCIMError' examples: Internal Error: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1scim~1v2~1Users/get/responses/500/content/application~1json/examples/Internal%20Error' delete: tags: - SCIM operationId: SCIMDeleteGroup summary: Delete a Group description: | To delete a group, send a DELETE request to `/Groups/$GROUP_ID`. security: - BearerAuth: - 'scim:groups:delete' parameters: - $ref: '#/components/parameters/scim_group_id' responses: '204': description: The action was successful and the response body is empty. '400': description: Bad request. content: application/json: schema: $ref: '#/components/schemas/SCIMError' examples: Invalid Parameters: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1scim~1v2~1Users/get/responses/400/content/application~1json/examples/Invalid%20Parameters' '401': description: Unauthorized. content: application/json: schema: $ref: '#/components/schemas/SCIMError' examples: Missing Authorization: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1scim~1v2~1Users/get/responses/401/content/application~1json/examples/Missing%20Authorization' '403': description: Forbidden. content: application/json: schema: $ref: '#/components/schemas/SCIMError' examples: Missing Authorization: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1scim~1v2~1Users/get/responses/403/content/application~1json/examples/Missing%20Authorization' '404': description: The resource was not found. content: application/json: schema: $ref: '#/components/schemas/SCIMError' examples: Group Not Found: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1scim~1v2~1Users~1%7Buser_id%7D/get/responses/404/content/application~1json/examples/User%20Not%20Found' '429': description: Rate limit exceeded. headers: RateLimit-Limit: schema: type: string description: 'Request limit per time window (see https://www.ietf.org/archive/id/draft-polli-ratelimit-headers-02.html#section-toc.1-1.3.2.1.1).' example: 1 RateLimit-Remaining: schema: type: integer description: The number of requests left for the time window. example: 0 RateLimit-Reset: schema: type: integer description: Number of seconds until the current rate limit window resets. example: 30 '500': description: Server error. content: application/json: schema: $ref: '#/components/schemas/SCIMError' examples: Internal Error: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1scim~1v2~1Users/get/responses/500/content/application~1json/examples/Internal%20Error' '/v1/tenants/{tenant_id}/realms/{realm_id}/scim/v2/ResourceTypes': get: tags: - SCIM operationId: ListResourceTypes summary: List All Resource Types description: | To list all supported resource types, send a GET request to `/ResourceTypes`. responses: '200': description: | The response will be a list of JSON objects, each of which contains the standard resource type attributes. content: application/json: schema: title: List Resource Types Response description: Response for ListResourceTypes. type: object properties: schemas: type: array description: | The list of schemas used to define the list response. This only contains the ListResponse schema ("urn:ietf:params:scim:api:messages:2.0:ListResponse"). items: type: string example: 'urn:ietf:params:scim:api:messages:2.0:ListResponse' Resources: type: array description: An array of resource types corresponding to the request. items: $ref: '#/components/schemas/SCIMResourceType' maxItems: 1000 totalResults: type: integer format: uint32 description: | Total number of results matching the request. This value may be larger than the number of resources returned, such as when returning a single page of results where multiple pages are available. startIndex: type: integer format: uint32 description: | The 1-based index of the first result in the current set of list results. itemsPerPage: type: integer format: uint32 description: | The number of resources returned in a list response page. required: - schemas - Resources - totalResults - startIndex - itemsPerPage examples: Success: value: schemas: - 'urn:ietf:params:scim:api:messages:2.0:ListResponse' Resources: - schemas: - 'urn:ietf:params:scim:schemas:core:2.0:ResourceType' id: User name: User description: User Account endpoint: /Users schema: 'urn:ietf:params:scim:schemas:core:2.0:User' schemaExtensions: [] - schemas: - 'urn:ietf:params:scim:schemas:core:2.0:ResourceType' id: Group name: Group description: User Groups endpoint: /Groups schema: 'urn:ietf:params:scim:schemas:core:2.0:Group' schemaExtensions: - required: false schema: 'urn:scim:schemas:extension:byndid:1.0:Group' itemsPerPage: 1000 startIndex: 1 totalResults: 2 '429': description: Rate limit exceeded. headers: RateLimit-Limit: schema: type: string description: 'Request limit per time window (see https://www.ietf.org/archive/id/draft-polli-ratelimit-headers-02.html#section-toc.1-1.3.2.1.1).' example: 1 RateLimit-Remaining: schema: type: integer description: The number of requests left for the time window. example: 0 RateLimit-Reset: schema: type: integer description: Number of seconds until the current rate limit window resets. example: 30 '500': description: Server error. content: application/json: schema: $ref: '#/components/schemas/SCIMError' examples: Internal Error: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1scim~1v2~1Users/get/responses/500/content/application~1json/examples/Internal%20Error' '/v1/tenants/{tenant_id}/realms/{realm_id}/scim/v2/Schemas': get: tags: - SCIM operationId: ListSchemas summary: List All Schemas description: | To list all supported resource schemas, send a GET request to `/Schemas`. responses: '200': description: | The response will be a list of JSON objects, each of which contains the standard resource schema attributes. content: application/json: schema: title: List Schemas Response description: Response for ListSchemas. type: object properties: schemas: type: array description: | The list of schemas used to define the list response. This only contains the ListResponse schema ("urn:ietf:params:scim:api:messages:2.0:ListResponse"). items: type: string example: 'urn:ietf:params:scim:api:messages:2.0:ListResponse' Resources: type: array description: An array of schemas corresponding to the request. items: $ref: '#/components/schemas/SCIMSchema' maxItems: 1000 totalResults: type: integer format: uint32 description: | Total number of results matching the request. This value may be larger than the number of resources returned, such as when returning a single page of results where multiple pages are available. startIndex: type: integer format: uint32 description: | The 1-based index of the first result in the current set of list results. itemsPerPage: type: integer format: uint32 description: | The number of resources returned in a list response page. required: - schemas - Resources - totalResults - startIndex - itemsPerPage examples: Success: value: schemas: - 'urn:ietf:params:scim:api:messages:2.0:ListResponse' Resources: - id: 'urn:ietf:params:scim:schemas:core:2.0:User' name: User description: User resource attributes: - name: externalId type: string description: | A String that is an identifier for the resource as defined by the provisioning client. caseExact: true multiValued: false mutability: readWrite required: true returned: always uniqueness: server - name: userName type: string caseExact: true description: | The username of the user. The value of this field will be returned as the subject of a OIDC ID Token. multiValued: false mutability: readWrite required: true returned: always uniqueness: server - name: displayName type: string caseExact: true description: | The name of the User, suitable for display to end-users. The name SHOULD be the full name of the User being described, if known. multiValued: false mutability: readWrite required: true returned: always uniqueness: none - name: active type: boolean description: | A Boolean value indicating the User's administrative status within the Beyond Identity Service. multiValued: false mutability: readWrite required: true returned: always - name: name type: complex description: The components of the user's real name. multiValued: false mutability: readWrite required: false returned: request subAttributes: - name: familyName type: string description: | The family name of the User, or last name in most Western languages (e.g., 'Jensen' given the full name 'Ms. Barbara J Jensen, III'). caseExact: true multiValued: false mutability: readWrite required: true returned: request uniqueness: none - name: givenName type: string description: | The given name of the User, or first name in most Western languages (e.g., "Barbara" given the full name "Ms. Barbara Jane Jensen, III"). caseExact: true multiValued: false mutability: readWrite required: true returned: request uniqueness: none - name: emails type: complex description: | Email addresses for the User. Providing a primary is required. multiValued: true mutability: readWrite required: true returned: always subAttributes: - name: value type: string description: '' caseExact: false multiValued: false mutability: readWrite required: false returned: default uniqueness: none - name: primary type: boolean description: '' multiValued: false mutability: readWrite required: false returned: default - id: 'urn:ietf:params:scim:schemas:core:2.0:Group' name: Group description: Group resource attributes: - name: id type: string description: group id caseExact: false multiValued: false mutability: readWrite required: false returned: default uniqueness: server - name: displayName type: string description: A human-readable name for the Group. caseExact: false multiValued: false mutability: readWrite required: false returned: default uniqueness: server - name: members type: complex description: A list of members of the group. multiValued: true mutability: readWrite required: false returned: default subAttributes: - name: value type: string description: Identifier of the member of this Group. caseExact: false multiValued: false mutability: immutable required: false returned: default uniqueness: none - name: '' type: reference description: | The URI corresponding to a SCIM resource that is a member of this Group. caseExact: true multiValued: false mutability: immutable referenceTypes: - User required: false returned: default uniqueness: none - name: type type: string description: A label indicating the type of resource canonicalValues: - User - Group caseExact: false multiValued: false mutability: immutable required: false returned: default uniqueness: none itemsPerPage: 1000 startIndex: 1 totalResults: 2 '429': description: Rate limit exceeded. headers: RateLimit-Limit: schema: type: string description: 'Request limit per time window (see https://www.ietf.org/archive/id/draft-polli-ratelimit-headers-02.html#section-toc.1-1.3.2.1.1).' example: 1 RateLimit-Remaining: schema: type: integer description: The number of requests left for the time window. example: 0 RateLimit-Reset: schema: type: integer description: Number of seconds until the current rate limit window resets. example: 30 '500': description: Server error. content: application/json: schema: $ref: '#/components/schemas/SCIMError' examples: Internal Error: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1scim~1v2~1Users/get/responses/500/content/application~1json/examples/Internal%20Error' '/v1/tenants/{tenant_id}/realms/{realm_id}/scim/v2/ServiceProviderConfig': get: tags: - SCIM operationId: GetServiceProviderConfig summary: Retrieve the Service Provider Configuration description: | To retrieve the service provider configuration, send a GET request to `/ServiceProviderConfig`. responses: '200': description: | The response will be a JSON object containing the standard attributes associated with a service provider configuration. content: application/json: schema: $ref: '#/components/schemas/SCIMServiceProviderConfig' examples: Internal Error: value: schemas: - 'urn:ietf:params:scim:schemas:core:2.0:ServiceProviderConfig' authenticationSchemes: - name: '' description: '' documentationUri: '' primary: false specUri: '' type: oauthbearertoken bulk: maxOperations: 1000 maxPayloadSize: 1048576 supported: false changePassword: supported: false documentationUri: '' etag: supported: false filter: maxResults: 1000 supported: true patch: supported: true sort: supported: false '429': description: Rate limit exceeded. headers: RateLimit-Limit: schema: type: string description: 'Request limit per time window (see https://www.ietf.org/archive/id/draft-polli-ratelimit-headers-02.html#section-toc.1-1.3.2.1.1).' example: 1 RateLimit-Remaining: schema: type: integer description: The number of requests left for the time window. example: 0 RateLimit-Reset: schema: type: integer description: Number of seconds until the current rate limit window resets. example: 30 '500': description: Server error. content: application/json: schema: $ref: '#/components/schemas/SCIMError' examples: Internal Error: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1scim~1v2~1Users/get/responses/500/content/application~1json/examples/Internal%20Error' components: parameters: tenant_id: name: tenant_id in: path description: A unique identifier for a tenant. required: true schema: type: string example: 000176d94fd7b4d1 realm_id: name: realm_id in: path description: A unique identifier for a realm. required: true schema: type: string example: 19a95130480dfa79 group_id: name: group_id in: path description: A unique identifier for a group. required: true schema: type: string example: 81490afab171aef0 identity_id: name: identity_id in: path description: A unique identifier for an identity. required: true schema: type: string example: e372db224c06e850 role_id: name: role_id in: path description: A unique identifier for a role. required: true schema: type: string example: fb785d40cbe4fc0d groups_page_size: name: groups_page_size in: query description: | Number of groups returned per page for ListRoleMembers. The response will include at most this many groups but may include fewer. If this value is omitted, the response will return the default number of groups allowed by ListRoleMembers. schema: type: integer format: uint32 minimum: 0 groups_skip: name: groups_skip in: query description: | Number of groups to skip for ListRoleMembers. This is the zero-based index of the first group result. schema: type: integer format: uint32 minimum: 0 default: 0 identities_page_size: name: identities_page_size in: query description: | Number of identities returned per page for ListRoleMembers. The response will include at most this many identities but may include fewer. If this value is omitted, the response will return the default number of identities allowed by ListRoleMembers. schema: type: integer format: uint32 minimum: 0 identities_skip: name: identities_skip in: query description: | Number of identities to skip for ListRoleMembers. This is the zero-based index of the first identity result. schema: type: integer format: uint32 minimum: 0 default: 0 resource_server_id_query: name: resource_server_id in: query description: The unique identifier of the resource server used to filter roles. schema: type: string minLength: 1 credential_id: name: credential_id in: path description: A unique identifier for a credential. required: true schema: type: string example: b5a31610800dda18 credential_binding_job_id: name: credential_binding_job_id in: path description: A unique identifier for a credential binding job. required: true schema: type: string example: 5c4137af5e70413a theme_id: name: theme_id in: path description: A unique identifier for a theme. required: true schema: type: string example: 88ef08fb-c3f9-44e2-b174-fbb239e1dc47 application_id: name: application_id in: path description: A unique identifier for an application. required: true schema: type: string example: 38833c36-6f47-4992-9329-ea0a00915137 authenticator_config_id: name: authenticator_config_id in: path description: A unique identifier for an authenticator configuration. required: true schema: type: string example: 73731b7f-eb76-4143-9b4b-81a720385f5a resource_server_id: name: resource_server_id in: path description: A unique identifier for a resource server. required: true schema: type: string example: 84db69f5-48a8-4c11-8cda-1bae3a73f07e token_id: name: token_id in: path description: 'A unique identifier for a token. For JWS tokens, this corresponds to the value of the `jti` token claim.' required: true schema: type: string principal_id: name: principal_id in: query description: A unique identifier for a principal. This might be an application ID or an identity ID depending on the type of principal. required: false schema: type: string principal_type: name: principal_type in: query description: | Type of the principal. Allowable values are: - `application` - `identity` required: false schema: type: string filter: name: filter in: query description: | Filter to constrain the response. The response will only include resources matching this filter. Filters follow the SCIM grammar from [RFC-7644 Section 3.4.2.2](https://datatracker.ietf.org/doc/html/rfc7644#section-3.4.2.2). schema: type: string page_size: name: page_size in: query description: | Number of items returned per page. The response will include at most this many results but may include fewer. If this value is omitted, the response will return the default number of results allowed by the method. schema: type: integer format: uint32 minimum: 0 page_token: name: page_token in: query description: | Token to retrieve the subsequent page of the previous request. All other parameters to the list endpoint should match the original request that provided this token unless otherwise specified. schema: type: string skip: name: skip in: query description: | Number of items to skip. This is the zero-based index of the first result. schema: type: integer format: uint32 minimum: 0 default: 0 scim_user_id: name: user_id in: path description: ID of the user. This corresponds to the identity ID. required: true schema: type: string minLength: 1 scim_group_id: name: group_id in: path description: ID of the group. required: true schema: type: string minLength: 1 scim_filter: name: filter in: query description: | Filter for list methods. Filters follow the SCIM grammar from [RFC 7644 Section 3.4.2.2](https://datatracker.ietf.org/doc/html/rfc7644#section-3.4.2.2). schema: type: string scim_count: name: count in: query description: | Specifies the desired maximum number of query results per page. A negative value is treated as 0, which indicates that the response should not contain any resources. Note that the response may include fewer results than the requested count. schema: type: integer format: uint32 minimum: 0 default: 0 scim_start_index: name: startIndex in: query description: The 1-based index of the first query result. schema: type: integer format: uint32 minimum: 1 default: 1 schemas: Tenant: title: Tenant type: object description: | A tenant represents an organization in the Beyond Identity Cloud. Tenants contain all data necessary for that organization to operate. properties: id: type: string description: | A unique identifier for the tenant. This is automatically generated on creation. This field is immutable and read-only. readOnly: true example: 000176d94fd7b4d1 display_name: type: string minLength: 1 maxLength: 64 pattern: '^[^{}[\]<>;:?\\/|*^%$#=~`!]*$' description: | A human-readable name for the tenant. This name is used for display purposes. example: Test Tenant create_time: type: string format: date-time description: | A time value given in ISO8601 combined date and time format that represents when the tenant was created. This is automatically generated on creation. This field is read-only. readOnly: true example: 2022-01-28T12:00:02.423Z update_time: type: string format: date-time description: | A time value given in ISO8601 combined date and time format that represents when the tenant was last updated. This is automatically updated when the tenant is updated. This field is read-only. readOnly: true example: 2022-04-19T15:17:21.186Z Realm: title: Realm type: object description: | A realm is a unique administrative domain within a tenant. Realms may be used to define multiple development environments or for isolated administrative domains. properties: id: type: string description: | A unique identifier for the realm. This is automatically generated on creation. This field is immutable and read-only. This field is unique within the tenant. readOnly: true example: 19a95130480dfa79 tenant_id: type: string description: | A unique identifier of the realm's tenant. This is automatically set on creation. This field is immutable and read-only. readOnly: true example: 0001f1f460b1ace6 display_name: type: string minLength: 1 maxLength: 64 pattern: '^[^{}[\]<>;:?\\/|*^%$#=~`!]*$' description: | A human-readable name for the realm. This name is used for display purposes. example: Test Realm create_time: type: string format: date-time description: | A time value given in ISO8601 combined date and time format that represents when the realm was created. This is automatically generated on creation. This field is read-only. readOnly: true example: 2022-05-18T18:00:01.167Z update_time: type: string format: date-time description: | A time value given in ISO8601 combined date and time format that represents when the realm was last updated. This is automatically updated when the realm is updated. This field is read-only. readOnly: true example: 2022-05-19T14:23:01.327Z Group: title: Group type: object description: | A group is a logical collection of identities. Groups are commonly used as a predicate in a policy rule. properties: id: type: string description: | A unique identifier for a group. This is automatically generated on creation. This field is immutable and read-only. This field is unique within the realm. readOnly: true example: 81490afab171aef0 realm_id: type: string description: | A unique identifier for the group's realm. This is automatically set on creation. This field is immutable and read-only. readOnly: true example: 7df92e4a38ba0993 tenant_id: type: string description: | A unique identifier for the group's tenant. This is automatically set on creation. This field is immutable and read-only. readOnly: true example: 0001b42d80372976 display_name: type: string minLength: 1 maxLength: 64 pattern: '^[^{}[\]<>;:?\\/|*^%$#=~`!]*$' description: | A human-readable name for the group. This name is used for display purposes. example: Realm Administrators description: type: string maxLength: 300 pattern: '^[^{}[\]<>;:?\\/|*^%$#=~`!]*$' description: | A free-form text field to describe a group. example: A group of realm administrators. create_time: type: string format: date-time description: | A time value given in ISO8601 combined date and time format that represents when the group was created. This is automatically generated on creation. This field is read-only. readOnly: true example: 2022-03-14T03:42:52.905Z update_time: type: string format: date-time description: | A time value given in ISO8601 combined date and time format that represents when the group was last updated. This is automatically updated when the group is updated. This field is read-only. readOnly: true example: 2022-06-14T05:55:23.823Z Identity: title: Identity type: object description: | An identity is a unique identifier that may be used by an end-user to gain access governed by Beyond Identity. properties: id: type: string description: | A unique identifier for the identity. This is automatically generated on creation. This field is immutable and read-only. This field is unique within the realm. readOnly: true example: e372db224c06e850 realm_id: type: string description: | A unique identifier for the identity's realm. This is automatically set on creation. This field is immutable and read-only. readOnly: true example: 8f5bec58229e6f29 tenant_id: type: string description: | A unique identifier for the identity's tenant. This is automatically set on creation. This field is immutable and read-only. readOnly: true example: 0001f1f460b1ace6 display_name: type: string minLength: 1 maxLength: 64 pattern: '^[^{}[\]<>;:?\\/|*^%$#=~`!]*$' description: | A human-readable name for the identity. This name is used for display purposes. example: Test Display create_time: type: string format: date-time description: | A time value given in ISO8601 combined date and time format that represents when the identity was created. This is automatically generated on creation. This field is read-only. readOnly: true example: 2022-04-12T05:53:07.119Z update_time: type: string format: date-time description: | A time value given in ISO8601 combined date and time format that represents when the identity was last updated. This is automatically updated when the identity is updated. This field is read-only. readOnly: true example: 2022-06-16T14:31:03.770Z status: type: string description: | Indicator for the identity's administrative status. If 'active', the identity is able to generate passkeys and login. If 'suspended', the identity is unable to generate passkeys or login. example: active traits: description: | A collection of properties to describe an identity. All traits contain a `type` key which describes the specific traits schema. oneOf: - $ref: '#/components/schemas/Traits_v0' discriminator: propertyName: type mapping: traits_v0: '#/components/schemas/Traits_v0' Traits_v0: title: Traits_v0 description: Set of traits associated with an identity. type: object properties: type: type: string description: | The type of the traits schema. This value must be provided on all writes. example: traits_v0 username: type: string minLength: 1 maxLength: 64 pattern: '^[^{}[\]<>;:?\\/|*^%$#=~`!]*$' description: 'A required, unique, case-insensitive username for an identity in the realm.' example: test primary_email_address: type: string description: Email address serving as primary contact for identity. example: test@example.com external_id: type: string description: | An ID issued by the provisioning client. It is assumed that the value's uniqueness is controlled by the client setting the value. family_name: type: string description: | The family name or last name in most Western languages. given_name: type: string description: | The given name or first name in most Western languages. required: - type Role: title: Role type: object description: | A role is a logical collection of scopes. Roles are commonly used to limit access control. The scopes belonging to a role are limited to its associated resource server. However, note that the resource server may change independently of the role. If scopes are added to or removed from a resource server, its associated roles must be manually updated using the AddRoleScopes or DeleteRoleScopes methods. properties: id: type: string description: | A unique identifier for a role. This is automatically generated on creation. This field is immutable and read-only. This field is unique within the realm. readOnly: true example: fb785d40cbe4fc0d resource_server_id: type: string description: | A unique identifier for the role's resource server. This is automatically set on creation. This field is immutable and read-only. readOnly: true example: 7b5a4325-00e0-4379-bd7b-3e5e7e30b09e realm_id: type: string description: | A unique identifier for the role's realm. This is automatically set on creation. This field is immutable and read-only. readOnly: true example: bb26e0e8ecdef843 tenant_id: type: string description: | A unique identifier for the role's tenant. This is automatically set on creation. This field is immutable and read-only. readOnly: true example: 00010036778ce59f display_name: type: string minLength: 1 maxLength: 64 pattern: '^[^{}[\]<>;:?\\/|*^%$#=~`!]*$' description: | A human-readable name for the role. This name is used for display purposes. example: Help Desk description: type: string maxLength: 300 pattern: '^[^{}[\]<>;:?\\/|*^%$#=~`!]*$' description: | A free-form text field to describe a role. example: Customer support personnel. create_time: type: string format: date-time description: | A time value given in ISO8601 combined date and time format that represents when the role was created. This is automatically generated on creation. This field is read-only. readOnly: true example: 2023-02-14T18:18:58.332Z update_time: type: string format: date-time description: | A time value given in ISO8601 combined date and time format that represents when the role was last updated. This is automatically updated when the group is updated. This field is read-only. readOnly: true example: 2023-02-14T18:18:58.332Z ListRealmsResponse: title: List Realms Response description: Response for ListRealms. type: object properties: realms: type: array items: $ref: '#/components/schemas/Realm' maxItems: 200 description: An unordered array of realms corresponding to the request. total_size: type: integer format: uint32 description: | Total number of results returned by the operation. This value may be larger than the number of resources returned, such as when returning a single page where multiple pages are available. example: 1000 next_page_token: type: string description: | Token used to fetch the next set of results. If this field is omitted, there are no subsequent pages. required: - realms - total_size ListRolesResponse: title: List Roles Response description: Response for ListRoles. type: object properties: groups: type: array items: $ref: '#/components/schemas/Role' maxItems: 200 description: An unordered array of roles corresponding to the request. total_size: type: integer format: uint32 description: | Total number of results returned by the operation. This value may be larger than the number of resources returned, such as when returning a single page where multiple pages are available. example: 1000 next_page_token: type: string description: | Token used to fetch the next set of results. If this field is omitted, there are no subsequent pages. required: - roles - total_size ListRoleMembersResponse: title: List Role Members Response description: Response for ListRoleMembers. type: object properties: groups: type: array items: $ref: '#/components/schemas/Group' maxItems: 200 description: An unordered array of groups corresponding to the request. total_groups_size: type: integer format: uint32 description: | Total number of group results returned by the operation. This value may be larger than the number of resources returned, such as when returning a single page where multiple pages are available. example: 1000 identities: type: array items: $ref: '#/components/schemas/Identity' maxItems: 200 description: An unordered array of identities corresponding to the request. total_identities_size: type: integer format: uint32 description: | Total number of identity results returned by the operation. This value may be larger than the number of resources returned, such as when returning a single page where multiple pages are available. example: 1000 next_page_token: type: string description: | Token used to fetch the next set of results. If this field is omitted, there are no subsequent pages. required: - groups - total_groups_size - identities - total_identities_size ListRoleScopesResponse: title: List Role Scopes Response description: Response for ListRoleScopes. type: object properties: scopes: type: array items: type: string maxItems: 200 description: An unordered array of scopes corresponding to the request. total_size: type: integer format: uint32 description: | Total number of results returned by the operation. This value may be larger than the number of resources returned, such as when returning a single page where multiple pages are available. example: 1000 next_page_token: type: string description: | Token used to fetch the next set of results. If this field is omitted, there are no subsequent pages. required: - scopes - total_size ListIdentitiesResponse: title: List Identities Response description: Response for ListIdentities. type: object properties: identities: type: array items: $ref: '#/components/schemas/Identity' maxItems: 200 description: An unordered array of identities corresponding to the request. total_size: type: integer format: uint32 description: | Total number of results returned by the operation. This value may be larger than the number of resources returned, such as when returning a single page where multiple pages are available. example: 1000 next_page_token: type: string description: | Token used to fetch the next set of results. If this field is omitted, there are no subsequent pages. required: - identities - total_size ListIdentityGroupsResponse: title: List Identity Groups Response description: Response for ListIdentityGroups. type: object properties: groups: type: array items: $ref: '#/components/schemas/Group' maxItems: 200 description: An unordered array of groups corresponding to the request. total_size: type: integer format: uint32 description: | Total number of results returned by the operation. This value may be larger than the number of resources returned, such as when returning a single page where multiple pages are available. example: 1000 next_page_token: type: string description: | Token used to fetch the next set of results. If this field is omitted, there are no subsequent pages. required: - groups - total_size ListIdentityRolesResponse: title: List Identity Roles Response description: Response for ListIdentityRoles. type: object properties: roles: type: array items: $ref: '#/components/schemas/Role' maxItems: 200 description: An unordered array of roles corresponding to the request. total_size: type: integer format: uint32 description: | Total number of results returned by the operation. This value may be larger than the number of resources returned, such as when returning a single page where multiple pages are available. example: 1000 next_page_token: type: string description: | Token used to fetch the next set of results. If this field is omitted, there are no subsequent pages. required: - roles - total_size ListGroupsResponse: title: List Groups Response description: Response for ListGroups. type: object properties: groups: type: array items: $ref: '#/components/schemas/Group' maxItems: 200 description: An unordered array of groups corresponding to the request. total_size: type: integer format: uint32 description: | Total number of results returned by the operation. This value may be larger than the number of resources returned, such as when returning a single page where multiple pages are available. example: 1000 next_page_token: type: string description: | Token used to fetch the next set of results. If this field is omitted, there are no subsequent pages. required: - groups - total_size ListGroupMembersResponse: title: List Group Members Response description: Response for ListGroupMembers. type: object properties: identities: type: array items: $ref: '#/components/schemas/Identity' maxItems: 200 description: An unordered array of identities corresponding to the request. total_size: type: integer format: uint32 description: | Total number of results returned by the operation. This value may be larger than the number of resources returned, such as when returning a single page where multiple pages are available. example: 1000 next_page_token: type: string description: | Token used to fetch the next set of results. If this field is omitted, there are no subsequent pages. required: - identities - total_size ListGroupRolesResponse: title: List Group Roles Response description: Response for ListGroupRoles. type: object properties: roles: type: array items: $ref: '#/components/schemas/Role' maxItems: 200 description: An unordered array of roles corresponding to the request. total_size: type: integer format: uint32 description: | Total number of results returned by the operation. This value may be larger than the number of resources returned, such as when returning a single page where multiple pages are available. example: 1000 next_page_token: type: string description: | Token used to fetch the next set of results. If this field is omitted, there are no subsequent pages. required: - roles - total_size Credential: title: Credential description: | A credential is also known as a passkey. This is the public-private key pair that belongs to an identity. type: object properties: id: type: string description: | A unique identifier for a credential. This is automatically generated on creation. This field is immutable and read-only. This field is unique within the realm. readOnly: true example: f3e87aa26a696372 identity_id: type: string description: | A unique identifier for the credential's identity. This is automatically set on creation. This field is immutable and read-only. readOnly: true example: 4a2719e73d6d972d realm_id: type: string description: | A unique identifier for the credential's realm. This is automatically set on creation. This field is immutable and read-only. readOnly: true example: d65cc516f7f22fdd tenant_id: type: string description: | A unique identifier for the credential's tenant. This is automatically set on creation. This field is immutable and read-only. readOnly: true example: f1a7309c1e3d1e85 state: type: string enum: - ACTIVE - REVOKED description: | A string representing the current state of the credential. The value `ACTIVE` indicates that the credential can be used to authenticate with Beyond Identity. The value `REVOKED` indicates that the credential has been revoked and cannot be used to authenticate with Beyond Identity. readOnly: true example: ACTIVE csr_type: type: string enum: - JWT - WEBAUTHN - FIDO2 description: | A string representing the type of certificate signing request that created this credential. The value `JWT` indicates that the CSR was delivered in the form of a JWT. The value `WEBAUTHN` indicates that the CSR was delivered in the form of a WebAuthn attestation response. `FIDO2` indicates that `raw` contains a FIDO2 WebAuthn (Level 2 at the time of writing) attestation response object. readOnly: true example: JWT jwk_json: type: string description: | The public key of the Credential in JWK format, as specified by RFC-7517. This field is immutable and read-only. readOnly: true example: '{"crv":"P-256","kty":"EC","x":"2MRhz05PJPq3BUfB18AT3HqgWEkI3VpWUg1MWi8rz1g","y":"YtvLYwGEqYQaoDVok2fVziJT4fu7DFPz3hy96FTAelQ"}' jwk_thumbprint: type: string description: | The base64 URL encoding of the JWK thumbprint of the public key, as specified by RFC-7638. This field is immutable and read-only. readOnly: true example: UW-uVNL0mP1vcLjHrTBxibNgCEe_PD0HIsE3FrbYjPA= create_time: type: string format: date-time description: | A time value given in ISO8601 combined date and time format that represents when the credential was created. This is automatically generated on creation. This field is read-only. readOnly: true example: 2022-05-12T20:29:47.636Z update_time: type: string format: date-time description: | A time value given in ISO8601 combined date and time format that represents when the credential was last updated. This is automatically updated when the credential is updated. This field is read-only. readOnly: true example: 2022-05-12T20:29:47.636Z CredentialBindingJob: title: CredentialBindingJob description: | A credential binding job defines the state of binding a new credential to an identity. The state includes creation of the credential binding job to delivery of the credential binding method to completion of the credential binding. type: object properties: id: type: string description: | A unique identifier for a credential binding job. This is automatically generated on creation. This field is immutable and read-only. This field is unique within the realm. readOnly: true example: 86b4f51481f09321 identity_id: type: string description: | A unique identifier for the credential binding job's identity. This is automatically set on creation. This field is immutable and read-only. readOnly: true example: 3d227b0d5949969d realm_id: type: string description: | A unique identifier for the credential binding job's realm. This is automatically set on creation. This field is immutable and read-only. readOnly: true example: 9602e246c2ead9b2 tenant_id: type: string description: | A unique identifier for the credential binding job's tenant. This is automatically set on creation. This field is immutable and read-only. readOnly: true example: ce5ace5fc7e14d6a credential_id: type: string description: | A unique identifier for the credential that was bound via the credential binding job. This field will only be populated if the credential binding job has successfully been used to bind a credential to an identity. example: 9802966246819b35 delivery_method: type: string enum: - RETURN - EMAIL description: | The method by which a credential binding link is delivered to the target authenticator or identity. The value `RETURN` indicates that a credential binding link will be returned to the caller upon creation of the credential binding job. The value `EMAIL` indicates that a credential binding link will be sent to the email address associated with the identity. state: type: string enum: - LINK_OPENED - LINK_SENT - REQUEST_DELIVERED - COMPLETE description: | A string representing the current state of the credential binding job. The value `COMPLETE` indicates that a credential has been successfully bound to an identity. The value `LINK_OPENED` indicates that the credential binding link associated with the job has been opened by its target identity. The value `LINK_SENT` indicates that the credential binding link associated with the job has been sent to its target authenticator or identity. The value `REQUEST_DELIVERED` indicates that the credential binding request has been successfully delivered to its target authenticator. readOnly: true example: COMPLETE post_binding_redirect_uri: type: string description: | The URI to which the caller will be redirected after successfully binding a credential to an identity. This field is optional. If not specified, the authenticator will not attempt to redirect to a new location after binding. example: 'http://example.com/callback' authenticator_config_id: type: string description: | The ID of the authenticator configuration to be used to build the credential binding job. This field is immutable. example: 76e9eab521a8b734 expire_time: type: string format: date-time description: | A timestamp that represents when the credential binding link associated with the credential binding job will expire. This field is immutable and read-only. readOnly: true example: 2022-05-12T20:29:47.636Z create_time: type: string format: date-time description: | A time value given in ISO8601 combined date and time format that represents when the credential binding job was created. This is automatically generated on creation. This field is read-only. readOnly: true example: 2022-05-12T20:29:47.636Z update_time: type: string format: date-time description: | A time value given in ISO8601 combined date and time format that represents when the credential binding job was last updated. This is automatically updated when the credential binding job is updated. This field is read-only. readOnly: true example: 2022-05-12T20:29:47.636Z ListCredentialsResponse: title: List Credentials Response description: Response for ListCredentials. type: object properties: credentials: type: array items: $ref: '#/components/schemas/Credential' maxItems: 200 description: | An unordered array of credentials corresponding to the request. total_size: type: integer format: uint32 description: | Total number of results returned by the operation. This value may be larger than the number of resources returned, such as when returning a single page where multiple pages are available. example: 1000 next_page_token: type: string description: | Token used to fetch the next set of results. If this field is omitted, there are no subsequent pages. required: - credentials - total_size ListCredentialBindingJobsResponse: title: List Credential Binding Jobs Response description: Response for ListCredentialBindingJobs. type: object properties: credential_binding_jobs: type: array items: $ref: '#/components/schemas/CredentialBindingJob' maxItems: 200 description: | An unordered array of credential binding jobs corresponding to the request. total_size: type: integer format: uint32 description: | Total number of results returned by the operation. This value may be larger than the number of resources returned, such as when returning a single page where multiple pages are available. example: 1000 next_page_token: type: string description: | Token used to fetch the next set of results. If this field is omitted, there are no subsequent pages. required: - credential_binding_jobs - total_size Theme: title: Theme description: | A theme is a collection of configurable assets that unifies the end user login experience with your brand and products. It is primarily used to change the styling of the credential binding email. type: object properties: id: type: string description: | A unique identifier for a theme. This is automatically generated on creation. This field is immutable and read-only. This field is unique within the realm. readOnly: true example: 88ef08fb-c3f9-44e2-b174-fbb239e1dc47 tenant_id: type: string description: | A unique identifier for the theme's tenant. This is automatically set on creation. This field is immutable and read-only. readOnly: true example: 0001b42d80372976 realm_id: type: string description: | A unique identifier for the theme's realm. This is automatically set on creation. This field is immutable and read-only. readOnly: true example: 7df92e4a38ba0993 create_time: type: string format: date-time description: | Timestamp of when the theme was created. This field is immutable and read-only. readOnly: true example: 2022-07-28T18:00:00.000Z update_time: type: string format: date-time description: | Timestamp of when the theme was last updated. This field is read-only. readOnly: true example: 2022-07-30T16:00:00.000Z email_realm_name: type: string minLength: 1 maxLength: 64 pattern: '^[^{}[\]<>;:?\\/|*^%$#=~`!]*$' description: Realm name that is used in email templates. example: Realm Administrators logo_url_light: type: string description: URL for resolving the logo image for light mode. example: 'https://example.com/logo_url_light.png' logo_url_dark: type: string description: URL for resolving the logo image for dark mode. example: 'https://example.com/logo_url_dark.png' support_url: type: string format: url description: URL for the customer support portal. example: 'https://example.com/support' button_color: type: string description: Hexadecimal color code to use for buttons. example: '#4673D3' button_text_color: type: string description: Hexadecimal color code to use for button text. example: '#FFFFFF' Confidentiality: description: | The confidentiality of the client, as prescribed by OAuth 2.0 and OIDC. Confidentiality is based on a client's ability to authenticate securely with the authorization server (i.e., ability to maintain the confidentiality of their client credentials). Allowable values are: - `confidential`: Clients capable of maintaining the confidentiality of their credentials (e.g., client implemented on a secure server with restricted access to the client credentials), or capable of secure client authentication using other means. - `public`: Clients incapable of maintaining the confidentiality of their credentials (e.g., clients executing on the device used by the resource owner, such as an installed native application or a web browser-based application), and incapable of secure client authentication via any other means. type: string enum: - confidential - public example: confidential GrantType: type: array items: type: string enum: - authorization_code - client_credentials example: authorization_code description: | Grant types supported by this application's `token` endpoint. Allowable values are: - `authorization_code`: The authorization code grant type defined in OAuth 2.0, Section 4.1. Namely, the client may authorize to the `token` endpoint with a grant code which it obtains via the `authorize` endpoint. - `client_credentials`: The client credentials grant type defined in OAuth 2.0, Section 4.4. Namely, the client may authorize to the `token` endpoint with a client credentials tuple of `client_id` and `client_secret`. TokenConfiguration: description: Properties of a token issued for an application. type: object required: - expires_after properties: expires_after: type: integer format: uint32 description: | Time after minting, in seconds, for which the token will be considered valid. minimum: 0 example: 86400 token_signing_algorithm: type: string enum: - RS256 description: | Signing algorithm to use for an application token. The only allowable value at present is `RS256`. default: RS256 example: RS256 subject_field: type: string enum: - id - email - username description: | Property of a principal which is used to fill the subject of a token issued for this application. default: id example: id PkceConfig: type: string enum: - disabled - plain - s256 description: | PKCE code challenge methods supported for applications, as defined by [RFC-7636](https://datatracker.ietf.org/doc/html/rfc7636). Allowable values are: - `disabled` : PKCE is disabled for this application. This is the default state if the `pkce` field is left blank. Please note that public OIDC and OAuth2 configured applications MUST enable PKCE support. Confidential clients can leave PKCE disabled if they choose. - `plain` : PKCE is enabled for this application. The server will correlate the `code_challenge` and `code_verifier` between the `authorize` and `token` requests. In this configuration, those fields are required to be identical. This is the lower security option for PKCE support and should only be used by legacy clients, or clients that don't support `s256`. - `s256` : PKCE is enabled for this application, and the server will correlate the `code_challenge` and `code_verifier` between the `authorize` and `token` requests. In this configuration, those fields are required to equate as follows: `code_challenge` = `base64url(sha256(ascii(code_verifier)))`. This is the higher security option and should always be preferred if it is supported by the client. example: s256 TokenEndpointAuthMethod: description: | Indicator of the requested authentication method for the token endpoint. Allowable values are: - `client_secret_post`: The client uses the HTTP POST parameters as defined in OAuth 2.0, Section 2.3.1. Namely, `client_id` and `client_secret` are sent in the body of the POST request. - `client_secret_basic`: The client uses HTTP Basic as defined in OAuth 2.0, Section 2.3.1. Namely, `client_id` and `client_secret` are sent in the Basic Authorization header. - `none`: The `client_secret` is not part of the request body and there is no authorization header. This endpoint authentication method is only allowed if the application has `confidentiality` set to `confidential`. Deprecation Notice: This field is deprecated. The API will ignore the value of this field in requests. In responses, confidential applications will always have `client_secret_basic` and public applications will always have `none`. On authentication, confidential applications may use both `client_secret_post` and `client_secret_basic`. Public applications may only use `none`. **This field is scheduled for removal on August 1, 2023** type: string deprecated: true enum: - client_secret_basic - client_secret_post - none example: client_secret_basic Application: title: Application type: object description: | An application represents a client application that uses Beyond Identity for authentication. This could be a native app, a single-page application, regular web application, or machine-to-machine application credentials. properties: id: type: string description: | A unique identifier for an application. This is automatically generated on creation. This field is immutable and read-only. This field is unique within the realm. readOnly: true example: 38833c36-6f47-4992-9329-ea0a00915137 realm_id: type: string description: | A unique identifier for the application's realm. This is automatically set on creation. This field is immutable and read-only. readOnly: true example: caf2ff640497591a tenant_id: type: string description: | A unique identifier for the application's tenant. This is automatically set on creation. This field is immutable and read-only. readOnly: true example: 00011f1183c67b69 resource_server_id: type: string description: | A unique identifier for the application's resource server. At present, the only available resource server is for the Beyond Identity Management API. Referencing this resource server from an application will allow that application to grant access to Beyond Identity's APIs. When not present, this application may provide authentication (identity) but not authorization (access). example: 84db69f5-48a8-4c11-8cda-1bae3a73f07e authenticator_config_id: type: string description: | A unique identifier for the application's authenticator configuration. This field is unused for `oidc` and `oauth2` applications when `grant_type=client_credentials`. example: 73731b7f-eb76-4143-9b4b-81a720385f5a display_name: type: string description: | A human-readable name for the application. This name is used for display purposes. example: Pet Application is_managed: type: boolean description: | A boolean indicating whether the application is managed by Beyond Identity. Managed applications may not be modified by the user. This is automatically set on creation. This field is immutable and read-only. readOnly: true example: false protocol_config: description: Represents an application protocol configuration. oneOf: - title: OAuth 2.0 description: OAuth2 protocol configuration. type: object required: - type properties: type: type: string enum: - oauth2 allowed_scopes: type: array items: type: string example: 'pets:read' description: | Scopes to which this application can grant access. If this application references a resource server, this set of scopes must be a subset of the resource server's available scopes. If this application does not reference a resource server, then this application can only be used for authentication and thereby `scopes` must necessarily be empty. client_id: type: string description: | The client ID for this application. This is automatically set on creation. This field is output-only. readOnly: true example: AYYNcuOSpfqIf33JeegCzDIT client_secret: type: string description: | The client secret to authenticate as this application; typically, as a Basic Authorization header. This is automatically set on creation. This field is output-only. This field is present only when confidentiality is `confidential`. readOnly: true example: wWD4mPzdsjms1LPekQSo0v9scOHLWy5wmMtKAR2JNhJPAKXv confidentiality: $ref: '#/components/schemas/Confidentiality' token_endpoint_auth_method: $ref: '#/components/schemas/TokenEndpointAuthMethod' grant_type: $ref: '#/components/schemas/GrantType' redirect_uris: type: array items: type: string example: 'https://auth.mypetapp.com/callback' description: | A list of valid URIs to redirect the resource owner's user-agent to after completing its interaction with the authorization server. See https://datatracker.ietf.org/doc/html/rfc6749#section-3.1.2 for more information. token_configuration: $ref: '#/components/schemas/TokenConfiguration' pkce: $ref: '#/components/schemas/PkceConfig' token_format: description: | Allowed access token formats for this application. token type. Allowable values are: - `self_contained`: token in JWT format. - `referential`: Encoded token which requires /introspect call in order to retrieve token claims. type: string enum: - self_contained - referential example: self_contained default: self_contained - title: OIDC description: OIDC protocol configuration. type: object required: - type properties: type: type: string enum: - oidc allowed_scopes: type: array items: type: string example: 'pets:read' description: | Scopes to which this application can grant access. If this application references a resource server, this set of scopes must be a subset of the resource server's available scopes. If this application does not reference a resource server, then this application can only be used for authentication and thereby `scopes` must necessarily be empty. Note that OIDC requests may accept OpenID Connect standard scopes as well as resource server scopes, but the OpenID Connect scopes should not be defined on the application itself. Currently, the only OpenID Connect supported scope is `openid`. client_id: type: string description: | The client ID for this application. This is automatically set on creation. This field is output-only. readOnly: true example: AYYNcuOSpfqIf33JeegCzDIT client_secret: type: string description: | The client secret to authenticate as this application; typically, as a Basic Authorization header. This is automatically set on creation. This field is output-only. This field is present only when confidentiality is `confidential`. readOnly: true example: wWD4mPzdsjms1LPekQSo0v9scOHLWy5wmMtKAR2JNhJPAKXv confidentiality: $ref: '#/components/schemas/Confidentiality' token_endpoint_auth_method: $ref: '#/components/schemas/TokenEndpointAuthMethod' grant_type: $ref: '#/components/schemas/GrantType' redirect_uris: type: array items: type: string example: 'https://auth.mypetapp.com/callback' description: | A list of valid URIs to redirect the resource owner's user-agent to after completing its interaction with the authorization server. See https://datatracker.ietf.org/doc/html/rfc6749#section-3.1.2 for more information. token_configuration: $ref: '#/components/schemas/TokenConfiguration' pkce: $ref: '#/components/schemas/PkceConfig' token_format: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1applications/get/responses/200/content/application~1json/schema/properties/applications/items/properties/protocol_config/oneOf/0/properties/token_format' AuthenticatorConfig: title: Authenticator Configuration type: object description: | Representation of an authenticator configuration. This prescribes how an identity may authenticate themselves with Beyond Identity. properties: id: type: string description: | A unique identifier for an authenticator configuration. This is automatically generated on creation. This field is immutable and read-only. This field is unique within the realm. readOnly: true example: 73731b7f-eb76-4143-9b4b-81a720385f5a realm_id: type: string description: | A unique identifier for the authenticator configuration's realm. This is automatically set on creation. This field is immutable and read-only. readOnly: true example: caf2ff640497591a tenant_id: type: string description: | A unique identifier for the authenticator configuration's tenant. This is automatically set on creation. This field is immutable and read-only. readOnly: true example: 00011f1183c67b69 display_name: type: string description: | A human-readable name for the authenticator configuration. This name is used for display purposes. example: Pet Authenticator Configuration config: description: | An object specifying the settings for the supported authenticator type. oneOf: - title: Embedded SDK Authenticator description: Configuration options for the embedded SDK authenticator. type: object required: - type - invoke_url - trusted_origins properties: invocation_type: default: automatic description: | The method used to invoke the `invoke_url` in the embedded authenticator config type. The two methods available are: The value `automatic` indicates that this invocation type automatically redirects you to your native or web app using the Invoke URL with a challenge that your app will need to sign. The value `manual` indicates that this invocation type will cause the challenge to be returned to you as part of a JSON response. It will then be up to you to get it to your native/web app any way you see fit. This is useful for flows where you require a lot more control when redirecting to your native/web app. Since the challenge is packaged as part of a URL, following the URL will result in the same behavior as if an Invocation Type of "automatic" were selected. enum: - automatic - manual type: string invoke_url: description: URL to invoke during the authentication flow. example: 'http://localhost:8092' type: string trusted_origins: description: | Trusted origins are URLs that will be allowed to make requests from a browser to the Beyond Identity API. This is used with Cross-Origin Resource Sharing (CORS). These may be in the form of ` "://" [ ":" ]`, such as `https://auth.your-domain.com` or `http://localhost:3000`. items: example: 'http://localhost:8092' type: string type: array type: enum: - embedded type: string authentication_methods: items: properties: type: description: | Within our hosted web product, an array of values determines the client-side authentication workflows: The value `webauthn_passkey` triggers a workflow that generates a hardware key within your device's trusted execution environment (TEE). If webauthn passkeys are not supported in the browser, specifying one of the other two authentication methods will result in a fallback to that mechanism. The value `software_passkey` activates a workflow where a passkey is securely created within the browser's context. The value `email_one_time_password` enables a workflow that verifies identity via an email of a one-time password. enum: - email_one_time_password - software_passkey - webauthn_passkey type: string required: - type title: AuthenticationMethod type: object type: array - title: Hosted Web Authenticator description: | Configuration options for the hosted web experience. This authenticator is maintained by Beyond Identity and allows the caller to customize authentication methods. type: object required: - type - authentication_methods - trusted_origins properties: authentication_methods: items: $ref: '#/paths/~1v1~1tenants~1%7Btenant_id%7D~1realms~1%7Brealm_id%7D~1authenticator-configs/get/responses/200/content/application~1json/schema/properties/authenticator_configs/items/properties/config/oneOf/0/properties/authentication_methods/items' type: array trusted_origins: description: | Trusted origins are URLs that will be allowed to make requests from a browser to the Beyond Identity API. This is used with Cross-Origin Resource Sharing (CORS). These may be in the form of ` "://" [ ":" ]`, such as `https://auth.your-domain.com` or `http://localhost:3000`. items: example: 'http://localhost:8092' type: string type: array type: enum: - hosted_web type: string ListApplicationsResponse: title: List Applications Response description: Response for ListApplications. type: object properties: applications: type: array items: $ref: '#/components/schemas/Application' maxItems: 100 description: | An unordered array of applications corresponding to the request. total_size: type: integer format: uint32 description: | Total number of results returned by the operation. This value may be larger than the number of resources returned, such as when returning a single page where multiple pages are available. example: 1000 next_page_token: type: string description: | Token used to fetch the next set of results. If this field is omitted, there are no subsequent pages. required: - applications - total_size ListAuthenticatorConfigsResponse: title: List Authenticator Configurations Response description: Response for ListAuthenticatorConfigs. type: object properties: authenticator_configs: type: array items: $ref: '#/components/schemas/AuthenticatorConfig' maxItems: 100 description: | An unordered array of authenticator configurations corresponding to the request. total_size: type: integer format: uint32 description: | Total number of results returned by the operation. This value may be larger than the number of resources returned, such as when returning a single page where multiple pages are available. example: 1000 next_page_token: type: string description: | Token used to fetch the next set of results. If this field is omitted, there are no subsequent pages. required: - authenticator_configs - total_size ListResourceServersResponse: title: List Resource Servers Response description: Response for ListResourceServers. type: object properties: resource_servers: type: array items: $ref: '#/components/schemas/ResourceServer' maxItems: 100 description: | An unordered array of resource servers corresponding to the request. total_size: type: integer format: uint32 description: | Total number of results returned by the operation. This value may be larger than the number of resources returned, such as when returning a single page where multiple pages are available. example: 1000 next_page_token: type: string description: | Token used to fetch the next set of results. If this field is omitted, there are no subsequent pages. required: - resource_servers - total_size ResourceServer: title: Resource Server type: object description: | A resource server represents an API server that hosts a set of protected resources and is capable of accepting and responding to protected resource requests using access tokens. Clients can enable these APIs to be consumed from authorized applications. properties: id: type: string description: | A unique identifier for a resource server. This is automatically generated on creation. This field is immutable and read-only. This field is unique within the realm. readOnly: true example: 84db69f5-48a8-4c11-8cda-1bae3a73f07e realm_id: type: string description: | A unique identifier for the resource server's realm. This is automatically set on creation. This field is immutable and read-only. readOnly: true example: caf2ff640497591a tenant_id: type: string description: | A unique identifier for the resource server's tenant. This is automatically set on creation. This field is immutable and read-only. readOnly: true example: 00011f1183c67b69 display_name: type: string description: | A human-readable name for the resource server. This name is used for display purposes. example: Pet API is_managed: type: boolean description: | A boolean indicating whether the resource server is managed by Beyond Identity. Managed resource servers may not be modified by the user. This is automatically set on creation. This field is immutable and read-only. readOnly: true example: false identifier: type: string description: | The identifier of this resource server entity. This value should be unique per realm and is often presented as a URI, as it should be a unique identifier for an API to which access is being gated. This identifier will be returned in the `audience` claim of all tokens minted that provide access to scopes owned by this resource server. The client is responsible for validating tokens are intended for them via this `audience` claim. Tokens minted for the Beyond Identity Management API will use the audience `beyondidentity`, which is reserved and may not be used for any other resource servers. example: 'https://api.mypetapp.com' scopes: type: array items: type: string example: 'pets:read' description: | The list of scopes supported by this resource server. For the Beyond Identity Management API, this will include scopes for all publicly available endpoints. Note that applications may not provide access to scopes that are not defined on a resource server that they reference; this is the superset of all allowable application scopes in a given realm. SCIMUser: title: User description: | A user represents a human entity as defined by [RFC 7643 Section 4.1](https://www.rfc-editor.org/rfc/rfc7643#section-4.1). A user cooresponds to the identity resource in Beyond Identity. type: object properties: schemas: type: array description: | The list of schemas used to define the user. This must contain only the core User schema ("urn:ietf:params:scim:schemas:core:2.0:User"). items: type: string example: 'urn:ietf:params:scim:schemas:core:2.0:User' id: type: string description: | The unique ID of the user. This is automatically generated on creation. This field is immutable and output-only. minLength: 1 readOnly: true example: ed9fcce6-ec82-458e-ae58-e2d975cfc32d externalId: type: string description: The provisioning client's unique identifier for the resource. example: external-id-abcdef userName: type: string minLength: 1 description: | The unique username of the user. example: test_user displayName: type: string minLength: 1 description: | Display name of the User. This name is used for display purposes. example: Test User active: type: boolean description: | Indicator for the user's administrative status. If true, the user has administrative capabilities. example: true emails: type: array description: The list containing the user's emails. items: type: object description: Definition of an email. properties: primary: type: boolean description: | Indicator for the primary or preferred email address. Only the primary email address is included on the response. All other provided email addresses will be ignored. example: true value: type: string description: The email address. example: test@test.com name: type: object description: Definition of the user's name. properties: givenName: type: string description: | The given name of the user, or first name in most Western languages. example: Barbara familyName: type: string description: | The family name of the user, or last name in most Western languages. example: Jensen meta: title: Meta description: | Resource metadata as defined in [RFC 7643 Section 3.1](https://www.rfc-editor.org/rfc/rfc7643#section-3.1). This attribute is only populated on responses and is ignored on requests. type: object properties: resourceType: type: string description: The name of the resource type of the resource. example: Group created: type: string format: date-time description: Timestamp of when the resource was created. readOnly: true example: 2022-04-07T07:23:33.000Z lastModified: type: string format: date-time description: Timestamp of when the resource was last updated. readOnly: true example: 2023-03-30T07:00:14.000Z location: type: string description: The URI of the resource being returned. readOnly: true example: Groups/ed9fcce6-ec82-458e-ae58-e2d975cfc32d version: type: string description: | The version of the resource being returned. This is always "W/0". readOnly: true example: W/0 required: - resourceType - created - lastModified - location - version required: - schemas SCIMGroup: title: Group description: | A group is a collection of users corresponding to [RFC 7643 Section 4.2](https://www.rfc-editor.org/rfc/rfc7643#section-4.2). type: object properties: schemas: type: array description: | The list of schemas used to define the group. This must contain the core Group schema ("urn:ietf:params:scim:schemas:core:2.0:Group") and may include the custom Beyond Identity Group schema extension ("urn:scim:schemas:extension:byndid:1.0:Group"). items: type: string example: 'urn:ietf:params:scim:schemas:core:2.0:Group' id: type: string description: | The unique ID of the group. This is automatically generated on creation. This field is immutable and output-only. minLength: 1 readOnly: true example: ed9fcce6-ec82-458e-ae58-e2d975cfc32d displayName: type: string minLength: 1 description: | The unique display name of the group. This name is used for display purposes. example: Help Desk meta: $ref: '#/components/schemas/SCIMUser/properties/meta' required: - schemas SCIMResourceType: title: ResourceType description: | A resource type specifies the metadata about a resource type, as defined in [RFC 7643 Section 6](https://www.rfc-editor.org/rfc/rfc7643#section-6). type: object properties: schemas: type: array description: | The list of schemas used to define the resource type. This only contains the core ResourceType schema ("urn:ietf:params:scim:schemas:core:2.0:ResourceType"). items: type: string example: 'urn:ietf:params:scim:schemas:core:2.0:ResourceType' id: type: string description: | ID of the resource type. This corresponds to the name of the type. minLength: 1 readOnly: true example: User name: type: string minLength: 1 description: Name of the resource type. readOnly: true example: User description: type: string description: Description of the resource type. readOnly: true example: User Account endpoint: type: string description: The relative base URL of the resource type. readOnly: true example: /Users schema: type: string description: The schema defining the resource type. readOnly: true example: 'urn:ietf:params:scim:schemas:core:2.0:User' schemaExtensions: type: array description: Schema extensions for the resource type. items: type: object properties: required: type: boolean description: | Indicator specifying whether the extension is required for the resource type. If true, the extension is required. readOnly: true example: false schema: type: string description: URN of the schema extension. readOnly: true example: 'urn:scim:schemas:extension:byndid:1.0:Group' required: - required - schema readOnly: true required: - schemas - id - name - description - endpoint - schema - schemaExtensions SCIMSchema: title: Schema description: | Definition of a schema which indicates what attributes are supported. This resource corresponds to [RFC 7643 Section 7](https://www.rfc-editor.org/rfc/rfc7643#section-7). type: object properties: id: type: string description: | ID of the schema defined as a URN. minLength: 1 readOnly: true example: 'urn:ietf:params:scim:schemas:core:2.0:User' name: type: string minLength: 1 description: Name of the resource type. readOnly: true example: User description: type: string description: Description of the resource type. readOnly: true example: User resource attributes: type: array description: List of attributes supported for this schema. items: type: object description: The definition of an attribute. properties: name: type: string description: The attribute's name. readOnly: true example: id type: type: string description: The attribute's type. enum: - string - boolean - decimal - integer - dateTime - reference - complex readOnly: true example: string subAttributes: type: array description: | A list of sub-attributes. This is defined only for complex attributes. Each sub-attribute is defined with the same schema as an attribute. items: type: object readOnly: true multiValued: type: boolean description: Indicator for the attribute's plurality. readOnly: true example: true description: type: string description: The attribute's human-readable description. readOnly: true example: The display name of the user. required: type: boolean description: Indicator for whether the attribute is required. readOnly: true example: true caseExact: type: boolean description: | Indicator for whether the attribute is case-sensitive. This only applies for string attributes. readOnly: true example: true mutability: type: string description: Definition of the attribute's mutability. enum: - readOnly - readWrite - immutable - writeOnly readOnly: true example: readOnly returned: type: string description: Definition of when the attribute is returned. enum: - always - never - default - request readOnly: true example: default uniqueness: type: string description: Definition of the attribute's uniqueness. enum: - none - server - global readOnly: true example: none referenceTypes: type: array description: | The list of types that may be referenced by this attribute. This only applies to attributes of type "reference". items: type: string example: User readOnly: true required: - name - type - multiValued - description - required - mutability - returned readOnly: true required: - id - name - description - attributes SCIMServiceProviderConfig: title: ServiceProviderConfig description: | The service provider configuration, as defined in [RFC 7643 Section 5](https://www.rfc-editor.org/rfc/rfc7643#section-5). type: object properties: schemas: type: array description: | The list of schemas used to define the resource type. This only contains the core ServiceProviderConfig schema ("urn:ietf:params:scim:schemas:core:2.0:ServiceProviderConfig"). items: type: string example: 'urn:ietf:params:scim:schemas:core:2.0:ServiceProviderConfig' documentationUri: type: string description: | URL pointing to the service provider's human-consumable help documentation. readOnly: true patch: type: object properties: supported: type: boolean description: | Indicator specifying whether PATCH operations are supported. The Beyond Identity SCIM server supports PATCH operations. example: true readOnly: true required: - supported bulk: type: object description: Configuration for bulk operations. properties: supported: type: boolean description: | Indicator specifying whether PATCH operations are supported. The Beyond Identity SCIM server does not support bulk operations. example: false readOnly: true maxOperations: type: integer format: uint32 description: Maximum number of operations allowed per bulk operation. example: 1000 readOnly: true maxPayloadSize: type: integer format: uint32 description: Maximum payload size in bytes. example: 1048576 readOnly: true required: - supported - maxOperations - maxPayloadSize filter: type: object description: Configuration for query filters. properties: supported: type: boolean description: | Indicator specifying whether filters are supported for querying. The Beyond Identity SCIM server supports filters for querying. example: true readOnly: true maxResults: type: integer format: uint32 description: Maximum number of resources returned in a response. example: 1000 readOnly: true required: - supported - maxResults changePassword: type: object description: Configuration for password support. properties: supported: type: boolean description: | Indicator specifying whether changing a password is supported. The Beyond Identity SCIM server does not support passwords. example: true readOnly: true required: - supported sort: type: object description: Configuration for sort support in queries. properties: supported: type: boolean description: | Indicator specifying whether sorting is supported for querying. The Beyond Identity SCIM server does not support sorting. example: false readOnly: true required: - supported etag: type: object description: Configuration for ETag support. properties: supported: type: boolean description: | Indicator specifying whether ETags are supported. The Beyond Identity SCIM server does not support ETags. example: true readOnly: true required: - supported authenticationSchemes: type: array description: Supported authentication schemes. items: type: object properties: type: type: string description: The authentication scheme. enum: - oauth - oauth2 - oauthbearertoken - httpbasic - httpdigest readOnly: true example: oauthbearertoken name: type: string description: The common authentication scheme name. readOnly: true description: type: string description: A description of the authentication scheme. readOnly: true specUri: type: string description: URL pointing to the authentication scheme specification. readOnly: true documentationUri: type: string description: | URL pointing to the authentication scheme's usage documentation. readOnly: true required: - type - name - description - specUri - documentationUri readOnly: true required: - schemas - documentationUri - patch - bulk - filter - changePassword - sort - etag - authenticationSchemes SCIMError: type: object properties: schemas: type: array description: | The list of schemas used to define the error. This only contains the Error schema ("urn:ietf:params:scim:api:messages:2.0:Error"). items: type: string example: 'urn:ietf:params:scim:api:messages:2.0:Error' status: type: string description: The HTTP status code of the error expressed as a JSON string. scimType: type: string description: | A SCIM detail error keyword corresponding to [RFC 7644 Section 3.12](https://datatracker.ietf.org/doc/html/rfc7644#section-3.12). detail: type: string description: A detailed human-readable message. required: - schemas - status Error: type: object properties: code: type: string description: | Human-readable HTTP status code name, stylized as lower snake case (e.g. bad_request). message: type: string description: | Human-readable message describing the error. details: type: array items: $ref: '#/components/schemas/ErrorDetail' required: - code - message ErrorDetail: title: Error Detail description: | Additional details for errors designed to support client applications. type: object discriminator: propertyName: type properties: type: type: string description: Type of the error detail. required: - type FieldViolations: title: Field Violations description: Invalid request fields. allOf: - $ref: '#/components/schemas/ErrorDetail' - type: object properties: field_violations: type: array items: type: object properties: field: type: string description: The name of the field specifying an invalid value. description: type: string description: A description of the field violation. required: - field - description minItems: 1 ResourceInfo: title: Resource Information description: Resource information. allOf: - $ref: '#/components/schemas/ErrorDetail' - type: object properties: resource_type: type: string description: The type of the resource. id: type: string description: The ID of the resource. description: type: string description: | A description of the failure as it relates to this resource. For example, this may indicate that the resource is not found or that a precondition failed. required: - resource_type - id - description securitySchemes: BearerAuth: type: http scheme: bearer bearerFormat: JWT description: | See the [Authentication](#section/Authentication) section for details. security: - BearerAuth: []