Your suggested change has been received. Thank you.

Suggest A Change

Thank you! Your suggestion has been submitted.

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

There are some errors in your form.

Your Name This field is required

Your Email This field is required

How can we improve this content? This field is required

OneWelcome Identity Platform
- Explore Thales Docs

IDAAS core
User journey orchestration
Consent and preference management
Consent Management v2
- Admin UI guide
- Consent Management v2 APIs
Identity broker
Delegated User Management v2
Externalized authorization
Delegated user management
- Getting started
- Roles
- Rules
- User management
- Self service page
- Data
- APIs
- Apps
- Jobs
- Reports
Risk management
- Essential rules
- Default policies (Essential)
Mobile identity
- Mobile identity - Access component
- Mobile identity - Tulip
Mobile SDK
API references
Release notes and FAQ
Policy-Based Authorization Manager
Integrations
Identity Orchestrator (IO)

All

All

API references

Credential aggregator service API references

Please Note:

API references
IDAAS-core APIs - Access component
- Access config API
- Access token customization web hook API
- User details customization hook API
- SAML Authentication Response Web Hook
- Token exchange web hook API
IDAAS core API references - Tulip component
- Credential API
- Dynamic Client Registration (DCR) API
- Event API
- Notification API
- OAuth 2.0 & OpenID Connect API
- Oauth consent API
- OAuth and OIDC Client Registration API
- Reverse Look-Up API
- Session Management API
- SCIM API v1.1 protected with basic authentication
- SCIM API v1.1 protected with fine-grained Oauth2 scopes
- SCIM API v1.1 protected with OAuth2 scopes
- SCIM API v1/v2 protected with basic authentication
- SCIM API v1/v2 protected with fine-grained OAuth2 scopes
- SCIM API v1/v2 protected with OAuth2 scopes (v1/v2)
Consent and preference management API references
- Consent Management API
- Consent configuration API reference
Consent Management v2 API references
- Consent Management v2 Configuration API
- Consent Management v2 Ledger API
- Consent Management v2 Runtime API
Delegated user management API references
- Correlation Layer API
- Onewelcome Delegation
- RITM V1 API
- RITM V2 API
Externalized authorization API references
- Authorization configuration API reference
- Authorization API reference
- Event Stream Config API
- Logs Config API
- Mail configuration API reference
- Mail API reference
- Relationship configuration API reference
- Relationship Management API
Mobile Identity API reference
- OMI API
- OMI Authentication API
FIDO authentication API reference
- Authenticator admin API
- Authenticator assertion API
- Authenticator attestation API
- Authenticator policy admin API
- User admin API
Password Store API references
- Authentication API
- Password Import API
- Password Management API
- Policy Management API
Identity Store API references
- Attribute Value Metadata (AVM) API
- Data Model API
- Identity Management API
TOTP service API references
- TOTP device management API
- TOTP enrollment API
- TOTP import API
- TOTP validation API
B2C helpdesk service API references
- Helpdesk service configuration API
Recovery codes service API references
- Recovery codes API
- Recovery codes configuration API
Credential aggregator service API references
- Credential operations API
- User credentials API
- Credential aggregator management API
Identity Broker API

Was this document helpful? Yes No

Feedback Sent!

If you like, you can provide additional feedback.

OneWelcome Identity Platform
API references
Credential aggregator service API references

Credential aggregator service API references

The OneWelcome Identity Platform provides the credential aggregator service for unified credential and authenticator management. The credential aggregator service provides a centralized view and management interface for multiple authentication methods across the platform, including password, TOTP, SMS OTP, email OTP, FIDO, and recovery codes. It enables login history tracking, authenticator configuration, and multi-factor authentication orchestration.

Credential aggregator service APIs

The credential aggregator service includes the following APIs:

Management API: Provides endpoints for the following tasks:
- Retrieve all authenticators: Get the list of authenticator methods that are configured for the tenant, with optional filtering for enabled or disabled authenticators.
- Replace enabled authenticators: Replace the entire set of enabled authenticator methods for the tenant (full replacement semantics).
- Update authenticator state: Partially update the configuration of a specific authenticator method, including enabling or disabling and changing default challenges.
User credentials API: Provides endpoints for the following tasks:
- Get user login history: Retrieve the last N login attempts for a user with authenticator method details.
- Record user login: Record a new login event for a user with the authenticator methods used.
- Get user authenticators: Retrieve all enabled authenticators for a specific user with detailed information.
- Add user authenticator: Add a new authenticator for a user.
- Get user overview: Retrieve a combined view of the last login and the available authenticators for a user.
- Get last login: Retrieve only the most recent login timestamp for a user.
- Get specific authenticator: Retrieve detailed information about a specific user authenticator.
Credential operations API: Provides endpoints for the following tasks:
- Delete TOTP credential: Remove a specific TOTP device from a user's account with OTP validation.
- Remove passkey: Remove a specific FIDO passkey from a user's account.

Authentication

All credential aggregator service API endpoints require OAuth2 bearer tokens with the appropriate permissions.

On this page

OneWelcome Identity Platform

© Copyright 2019-2026, Thales Group

+1 410-469-1651 supportportal.thalesgroup.com

Support
- Customer Release Notes
- Support Contacts
Legal
- End User License Agreement
- Terms of Service

© Copyright 2019-2026, Thales Group

+1 410-469-1651 supportportal.thalesgroup.com