IDAAS-core APIs - Access component
The OneWelcome Identity Platform provides the following APIs for the Access component:
Access config API
The access config API includes the following endpoints:
-
Web hook configuration
-
Web clients configuration: The web client API allows the creation of new web clients via a REST API. It can be used in scripts to add many clients at the same time, or to edit or delete web clients.
All endpoints are protected with an API client using either the Client Secret Basic or PrivateKeyJWT authentication method. It requires an API client with the
onegini_api_config(config API) scope.
API clients
Access to the APIs is managed with API clients.
For every API client, you need to configure the client ID and authentication method. The OneWelcome Identity Platform supports only client secret basic and private key JWT.
The API clients can be configured in the admin console: Configuration → System → API clients.
For each API client, you can specify which APIs it can access. This enables you to provide external systems using the OneWelcome Identity Platform APIs access to only specific functions.
API clients are required to use their credentials to authorize access to the OneWelcome Identity Platform APIs. These credentials, as well as the APIs that clients can access, can be configured with the following fields:
| Field | Required | Description |
|---|---|---|
| Name | yes | Name of the API configuration. It's used only in the admin interface. |
| Client ID | yes | The identifier of the client during requests |
| Client secret | yes | The secret of the client used during requests |
| Valid for APIs | yes | APIs to which the client has access |
API scopes
The following API scopes are defined:
- onegini_api_admin
- onegini_api_config
- onegini_api_end_user
- onegini_api_events
- onegini_api_insights
- onegini_api_mobile_authentication
- onegini_api_payload_encryption_policy
- onegini_api_token_introspection
- onegini_api_user_registration
