Your suggested change has been received. Thank you.

close
Thales Logo

All

  • All
  • CipherTrust Manager
  • CipherTrust Application Data Protection (CADP)
  • CipherTrust Application Key Management (CAKM)
  • CipherTrust Batch Data Transformation (BDT)
  • CipherTrust Cloud Key Management (CCKM)
  • CipherTrust Data Discovery and Classification (DDC)
  • CipherTrust Data Protection Gateway (DPG)
  • CipherTrust Database Protection (CDP)
  • CipherTrust Intelligent Protection (CIP)
  • CipherTrust Integrations
  • CipherTrust Migrations
  • CipherTrust RESTful Data Protection (CRDP)
  • CipherTrust Transparent Encryption (CTE)
  • CipherTrust Transparent Encryption Userspace (CTE-U)
  • CipherTrust Secrets Management (CSM)
  • CipherTrust Vaulted Tokenization (CT-V)
  • CipherTrust Vaultless Tokenization (CT-VL)
  • CTE-Linux
  • CTE-Windows
  • CTE-AIX
  • CTE-K8s
  • CTE-U
  • Crypto Command Center
  • Data Protection on Demand
  • Luna Cloud HSM
  • Luna Network HSM
  • Luna PCIe HSM
  • Luna USB HSM
  • OneWelcome Identity Platform
  • ProtectApp LUKS
  • ProtectServer 2 HSM
  • ProtectServer 3 HSM
  • SafeNet Trusted Access (STA)
  • SafeNet MobilePASS+
  • SafeNet MobilePASS+ for Android
  • SafeNet MobilePASS+ for Chrome
  • SafeNet MobilePASS+ for macOS
  • SafeNet MobilePASS+ for iOS
  • SafeNet MobilePASS+ for WatchOS
  • SafeNet MobilePASS+ for Windows
  • SafeNet Synchronization Agent
  • SafeNet Logging Agent
  • SafeNet Agent for FreeRADIUS
  • SafeNet Agent for NPS
  • SafeNet Agent for Windows Logon
  • SafeNet Authentication Service Private Cloud Edition (SAS PCE)
  • SafeNet Remote Logging Agent
  • SafeNet Keycloak Agent
  • SafeNet IDPrime Virtual (IDPV)
  • SafeNet FIDO Key Manager
  • SafeNet FIDO Key Manager for Android
  • SafeNet FIDO Key Manager for iOS
  • SafeNet FIDO Key Manager for Windows
back

API references

IDAAS core API references - Tulip component

search
printsuggest an editpdf paneldownload

IDAAS core API references - Tulip component

The OneWelcome Identity Platform provides access to the following Identity and Access (IDAAS) core APIs for Tulip:

Tulip APIs:

See also Access component APIs

copy link to clipboardClient registration endpoints

Domain/ API: Client Registration

Used to register OAuth and OIDC client applications.

Operation description Logical endpoint name [1] Method Endpoint path
Create an OAuth/OIDC client registration_endpoint POST /auth/oauth2.0/v1/connect/register
Obtain details for an OAuth/OIDC client registration_endpoint GET /auth/oauth2.0/v1/connect/register
Unregister an OAuth/OIDC client registration_endpoint DELETE /auth/oauth2.0/v1/connect/register/{client_id}
Proprietary administration endpoint to unregister an OAuth/OIDC client clients_endpoint DELETE /auth/oauth2.0/v1/connect/clients/{client_id}

copy link to clipboardCredential endpoints

Domain/ API: Credential

Manages user's credentials, such as password, email, or phone number.

Operation description Logical endpoint name [1] Method Endpoint path
Request to make an email address the user's primary email primary_email request_endpoint POST /credential/v1/primary-email-request
Confirm a user's email address primary_email confirmation_endpoint POST /credential/v1/primary-email-confirmation
Unprotected endpoint to confirm a user's email address without authenticating the user public_primary email_confirmation_endpoint POST /credential/v1/public/primary-email-confirmation
Request to make a phone number primary primary_phone number_request_endpoint POST /credential/v1/primary-phone-number-request
Change and confirm a user's phone number primary_phone number_confirmation_endpoint POST /credential/v1/primary-phone-number-confirmation
Obtain information about the user's password metadata_endpoint GET /credential/v1/users/{user_id}/password/metadata
Change password for the provided userID password_endpoint PUT /credential/v1/users/{user_id}/password

copy link to clipboardEvent endpoints

Domain/ API: Event

Used to access events generated by the OneWelcome Identity Platform.

Operation description Logical endpoint name [1] Method Endpoint path
Obtain events events_endpoint GET /event-api/v2/events
Submit events events_endpoint POST /event-api/v2/events

copy link to clipboardNotification endpoints

Domain/ API: Notification

Notifies external systems of changes in users' consents.

Operation description Logical endpoint name [1] Method Endpoint path
Subscribe to notifications for a single resource type notification_subscription endpoint POST /notification/v1/subscriptions
Get the details of a subscription notification_subscription endpoint GET /notification/v1/subscriptions/{id}
Unsubscribe from notifications notification_subscription endpoint DELETE /notification/v1/subscriptions/{id}
Retrieve a set of notifications of a subscription with a subscription_id notification_endpoint GET /notification/v1/subscriptions/{id}/notifications

Domain/ API: OAuth consent

Manages consents given by user on documents and processing purposes.

Operation description Logical endpoint name [1] Method Endpoint path
Retrieve documents documents_endpoints GET /consent/v1/documents
View document consent per user document_consents endpoint GET /consent/v1/document-consents
Give document consent per user document_consents_ endpoint POST /consent/v1/document-consents
Revoke document consent per user document_consents_ endpoint DELETE /consent/v1/document-consents
Retrieve processing purposes processing_purposes_ endpoint GET /consent/v1/processing-purposes
View attribute consent per user attribute_consents_ endpoint GET /consent/v1/attribute-consents
Give attribute consent per user attribute_consents_ endpoint POST /consent/v1/attribute-consents
Revoke attribute consent per user attribute_consents_ endpoint DELETE /consent/v1/attribute-consents

copy link to clipboardOAuth/OIDC endpoints

Domain/ API: OAuth/OIDC

Allows applications to delegate authentication and authorization towards the OneWelcome Identity Platform and get SSO (per OAuth/OIDC specs).

Operation description Logical endpoint name [1] Method Endpoint path
Obtain OAuth authorization or OIDC authentication authorize_endpoint GET /auth/oauth2.0/v1/authorize
Obtain OAuth access token token_endpoint POST /auth/oauth2.0/v1/token
Device authorization request device_authorization endpoint POST /auth/oauth2.0/v1/device/code
Device authorization decision endpoint device_authorization decision_endpoint POST /auth/oauth2.0/v1/device/user
Determine the active state and meta-information of an OAuth token introspection_endpoint POST /auth/oauth2.0/v1/introspect
Obtain claims about the authenticated user userinfo_endpoint GET /auth/oauth2.0/v1/userinfo
(Deprecated) Obtain information about an OAuth token and the authenticated user token_info_ endpoint GET /auth/oauth2.0/v1/token-info

copy link to clipboardReverse lookup endpoints

Used to look up users at an external lookup service (the URL for this endpoint is configurable in the OneWelcome Identity Platform).

Operation description Logical endpoint name [1] Method Endpoint path
OneWelcome Identity Platform request to user lookup service user_look up_endpoint POST endpoint not hosted by the OneWelcome Identity Platform

copy link to clipboardSAML endpoints

Domain/ API: SAML

Allows applications to delegate authentication to the OneWelcome Identity Platform and get SSO.

Operation description Logical endpoint name [1] Method Endpoint path
Web SSO redirect sso_httpredirect endpoint GET /auth/saml2.0/v1/SSORedirect/metaAlias/<Brand>
Web SSO post sso_httppost endpoint POST /auth/saml2.0/v1/SSOPOST/metaAlias/<Brand>
Web IDP SLO redirect slo_httpredirect endpoint GET /auth/saml2.0/v1/IDPSloRedirect/metaAlias/<Brand>
Web IDP SLO post slo_httppost endpoint POST /auth/saml2.0/v1/IDPSloPOST/metaAlias/<Brand>

copy link to clipboardSCIM endpoints

Domain/API:

Provisions users to the OneWelcome Identity Platform from a source user repository (users can be created as active or inactive).

Operation description Logical endpoint name [1] Method Endpoint path
Create a user SCIM_users endpoint POST /scim/Users/scim/v1/Users
Full update of a user SCIM_users endpoint PUT /scim/Users/{userId}/scim/v1/Users/{userId}
Partial update of a user SCIM_users endpoint PATCH /scim/Users/{userId}/scim/v1/Users/{userId}
Retrieve a known user SCIM_users endpoint GET /scim/Users/{userId}/scim/v1/Users/{userId}
Query users SCIM_users endpoint GET /scim/Users/scim/v1/Users
Delete a user SCIM_users endpoint DELETE /scim/Users/{userId}/scim/v1/Users/{userId}
Create a user in employee segment SCIM_employees endpoint POST /employees/scim/v1/Users
Full update of a user in employee segment SCIM_employees endpoint PUT /employees/scim/v1/Users/{userId}
Partial update of a user in employee segment SCIM_employees endpoint PATCH /employees/scim/v1/Users/{userId}
Retrieve a known user in employee segment SCIM_employees endpoint GET /employees/scim/v1/Users/{userId}
Query users in employee segment SCIM_employees endpoint GET /employees/scim/v1/Users
Delete a user in employee segment SCIM_employees endpoint DELETE /employees/scim/v1/Users/{userId}

copy link to clipboardSession management endpoints

Domain/ API: Session Management

Controls session servers for an account (but for session creation done via authentication API, SSO).

Operation description Logical endpoint name [1] Method Endpoint path
Terminate session (logout) terminate_session endpoint GET /login/terminate_session

[1] Logical endpoint name as defined for endpoint discovery.

Convention: "xxx_endpoint" indicates it's a web API.

On this page