Your suggested change has been received. Thank you.

close
Thales Logo

All

  • All
  • CipherTrust Manager
  • CipherTrust Application Data Protection (CADP)
  • CipherTrust Application Key Management (CAKM)
  • CipherTrust Batch Data Transformation (BDT)
  • CipherTrust Cloud Key Management (CCKM)
  • CipherTrust Data Discovery and Classification (DDC)
  • CipherTrust Data Protection Gateway (DPG)
  • CipherTrust Database Protection (CDP)
  • CipherTrust Intelligent Protection (CIP)
  • CipherTrust Integrations
  • CipherTrust Migrations
  • CipherTrust RESTful Data Protection (CRDP)
  • CipherTrust Transparent Encryption (CTE)
  • CipherTrust Transparent Encryption Userspace (CTE-U)
  • CipherTrust Secrets Management (CSM)
  • CipherTrust Vaulted Tokenization (CT-V)
  • CipherTrust Vaultless Tokenization (CT-VL)
  • CTE-Linux
  • CTE-Windows
  • CTE-AIX
  • CTE-K8s
  • CTE-U
  • Crypto Command Center
  • Data Protection on Demand
  • Luna Cloud HSM
  • Luna Network HSM
  • Luna PCIe HSM
  • Luna USB HSM
  • OneWelcome Identity Platform
  • ProtectApp LUKS
  • ProtectServer 2 HSM
  • ProtectServer 3 HSM
  • SafeNet Trusted Access (STA)
  • SafeNet MobilePASS+
  • SafeNet MobilePASS+ for Android
  • SafeNet MobilePASS+ for Chrome
  • SafeNet MobilePASS+ for macOS
  • SafeNet MobilePASS+ for iOS
  • SafeNet MobilePASS+ for WatchOS
  • SafeNet MobilePASS+ for Windows
  • SafeNet Synchronization Agent
  • SafeNet Logging Agent
  • SafeNet Agent for FreeRADIUS
  • SafeNet Agent for NPS
  • SafeNet Agent for Windows Logon
  • SafeNet Authentication Service Private Cloud Edition (SAS PCE)
  • SafeNet Remote Logging Agent
  • SafeNet Keycloak Agent
  • SafeNet IDPrime Virtual (IDPV)
  • SafeNet FIDO Key Manager
  • SafeNet FIDO Key Manager for Android
  • SafeNet FIDO Key Manager for iOS
  • SafeNet FIDO Key Manager for Windows
redocly logoAPI docs by Redocly

Correlation Layer API (0.1.0)

Download OpenAPI specification:Download

The Correlation Layer API is currently the only entry-point to this version of Delegated User Management, which is API-only.

Authorization policies time frame

startDate and endDate are used for several API endpoints, for both the nodes themselves (i.e. organizations or roles) or for some of the relationships between these nodes. The dates, when specified, are respected by authorization policies.

  • If both startDate and endDate are specified then the node or relationship is considered active within the specified time frame.
  • If neither startDate nor endDate are specified then the node or relationship will not be checked by authorization policies with respect to a time frame.
  • If only startDate is specified, then the node or relationship is active after the startDate.
  • If only endDate is specified, then the node or relationship is active until that endDate.

Pagination

Pagination is currently not supported. Once supported:

Delegated User Management endpoints support pagination by the means of pages and page sizes only, and doesn't return the total number of elements or total number of pages in the responses. Customers would need to have the logic in place to indicate the last page. The last page is typically found when:

  • There are no elements as part of the content object
  • The number of elements is less than the pageSize

Organizations

An organization is a logical structure that regroups users and typically maps to a business entity. Organizations can be related to one another through a hierarchy of parents and children.

Add organization

Create a new organization under a specified parent organization.

Authorizations:
OAuth2
Request Body schema: application/json
startDate
string <date-time>

The startDate from which activity can be allowed in context of the organization, as controlled by authorization policies.

endDate
string <date-time>

The endDate from which activity is no longer allowed in context of this organization, as controlled by authorization policies.

parentId
required
string

The ID of the parent organization for the organization to be added. If an organization is to have multiple parents, then the additional parents will need to be added separately with the Add parent to organization API.

name
required
string

The name of the new organization. This name must be unique inside this tenant of Delegated User Management.

description
string

The description of the new organization. This description can be used as help or complementary information.

externalId
string

An external identifier which could be used in addition to the name, and to the organizationID to identify the organization. This external ID would typically be used to refer to the organization in other business systems.

type
string

This can be used to qualify the type of organization. Customers can choose what strings to enter, there are no pre-set type values.

status
string
Default: "ENABLED"
Enum: "ENABLED" "DISABLED"

This indicates whether the organization is enabled or disabled. In case it is disabled, users of the organization will not be granted authorization for any management action nor for any access to external applications.

Array of objects (CustomAttribute)

Custom attributes in the form of a list of keys and corresponding string values

Responses

Request samples

Content type
application/json
{
  • "startDate": "2019-08-24T14:15:22Z",
  • "endDate": "2019-08-24T14:15:22Z",
  • "parentId": "string",
  • "name": "string",
  • "description": "string",
  • "externalId": "string",
  • "type": "group",
  • "status": "ENABLED",
  • "customAttributes": [
    ]
}

Response samples

Content type
application/json
{
  • "organizationId": "string",
  • "parentOrganizationIds": [
    ],
  • "name": "string",
  • "description": "string",
  • "externalId": "string",
  • "type": "string",
  • "status": "ENABLED",
  • "customAttributes": [
    ],
  • "startDate": "string",
  • "endDate": "string"
}

Search and filter organizations

List, search and filter organizations within a specified branch on the organization tree (which could be from Root). The function can be used to search organizations based on a partial or full match of a search string against the name or externalId attributes. It can also be used to provide a filtered list for specific values of type and status attributes. Finally, it can be used for providing a list of organizations without any search or filter criteria.

Notes:

  • The first iteration of this endpoint will only support the list functionality to list the organization and its immediate children (unsorted).
  • Listing the organization and all its children (unsorted) when the includeSubOrganizations flag is set to true, is not yet supported.
  • It doesn't support search and filter functionality in this first iteration, and as such parameters searchTerm, searchScope, type, and status are ignored for now.
  • Pagination is currently not supported.
Authorizations:
OAuth2
query Parameters
pageSize
number
Default: 10

The number of items to return per page.

pageNumber
number
Default: 1

The page number for a paginated response.

searchTerm
string
Example: searchTerm=test

The string to try to match in the process of searching. The string is used for a case-insensitive and partial search.

searchScope
string
Example: searchScope=name,externalId

Comma separated list of attributes to try to match to the search string provided via the searchTerm parameter. This could include for example name and/or externalId.

organizationId
string

The ID of the organization under which to search. This acts as a filter option.

includeSubOrganizations
boolean
Default: false
Example: includeSubOrganizations=true

Flag to indicate if the search should include all sub-organizations or just the direct sub-organizations

type
string
Example: type=group

This can be used to qualify the type of organization. This acts as a filter option.

status
string
Enum: "ENABLED" "DISABLED"
Example: status=DISABLED

This indicates whether the organization is enabled or disabled. This acts as a filter option.

Responses

Response samples

Content type
application/json
{
  • "pageSize": 10,
  • "pageNumber": 1,
  • "content": [
    ]
}

Get organization

Get the values of attributes of an organization, and also the position of the organization in the organization hierarchy (list of parent organizations).

Authorizations:
OAuth2
path Parameters
organizationId
required
string

The ID of an organization.

Responses

Response samples

Content type
application/json
{
  • "organizationId": "string",
  • "parentOrganizationIds": [
    ],
  • "name": "string",
  • "description": "string",
  • "externalId": "string",
  • "type": "string",
  • "status": "ENABLED",
  • "customAttributes": [
    ],
  • "startDate": "string",
  • "endDate": "string"
}

Edit organization

Change the values of any of the attributes of an organization.

Authorizations:
OAuth2
path Parameters
organizationId
required
string

The ID of an organization.

Request Body schema: application/json
startDate
string <date-time>

The startDate from which activity can be allowed in context of the organization, as controlled by authorization policies.

endDate
string <date-time>

The endDate from which activity is no longer allowed in context of this organization, as controlled by authorization policies.

name
string

The name of the organization. This name must be unique inside this tenant of Delegated User Management.

description
string

The description of the organization. This description can be used as help or complementary information.

externalId
string

An external identifier which could be used in addition to the name, and to the organizationID to identify the organization. This external ID would typically be used to refer to the organization in other business systems.

type
string

This can be used to qualify the type of organization. Customers can choose what strings to enter, there are no pre-set type values.

status
string
Enum: "ENABLED" "DISABLED"

This indicates whether the organization is enabled or disabled. In case it is disabled, users of the organization will not be granted authorization for any DMv2 action nor for any access to external applications.

Array of objects (CustomAttribute)

Custom attributes in the form of a list of keys and corresponding string values

Responses

Request samples

Content type
application/json
{
  • "startDate": "2019-08-24T14:15:22Z",
  • "endDate": "2019-08-24T14:15:22Z",
  • "name": "string",
  • "description": "string",
  • "externalId": "string",
  • "type": "group",
  • "status": "ENABLED",
  • "customAttributes": [
    ]
}

Response samples

Content type
application/json
{
  • "organizationId": "string",
  • "parentOrganizationIds": [
    ],
  • "name": "string",
  • "description": "string",
  • "externalId": "string",
  • "type": "string",
  • "status": "ENABLED",
  • "customAttributes": [
    ],
  • "startDate": "string",
  • "endDate": "string"
}

Remove organization

Remove an organization that contains no users and has no sub-organizations.

Authorizations:
OAuth2
path Parameters
organizationId
required
string

The ID of an organization.

query Parameters
forceRemove
boolean

Force remove the organization, if it has no sub organizations. Remove the users that were only assigned to this organization.

Responses

Response samples

Content type
application/json
{
  • "message": "Client specified an invalid argument.",
  • "status": "INVALID_ARGUMENT",
  • "code": 400,
  • "details": { }
}

Add applications to organization

Make application(s) available to an organization so that associated applications can be assigned to users in that organization.

Authorizations:
OAuth2
path Parameters
organizationId
required
string

The ID of an organization.

Request Body schema: application/json
applicationIds
required
Array of strings
includeSubOrganizations
boolean

Responses

Request samples

Content type
application/json
{
  • "applicationIds": [
    ],
  • "includeSubOrganizations": true
}

Response samples

Content type
application/json
{ }

Remove applications from organization

Remove application(s) from organization so that associated applications can no longer be assigned to users in that organization.

Authorizations:
OAuth2
path Parameters
organizationId
required
string

The ID of an organization.

Request Body schema: application/json
applicationIds
required
Array of strings

Responses

Request samples

Content type
application/json
{
  • "applicationIds": [
    ]
}

Response samples

Content type
application/json
{ }

Add parent to organization

Add a new parent organization to an organization. Therefore making it possible for an organization to have more than one parent.

Authorizations:
OAuth2
path Parameters
organizationId
required
string

The ID of an organization.

Request Body schema: application/json
parentId
required
string

The ID of the parent organization for the organization to be added. Additional parents will need to be added separately with this API.

Responses

Request samples

Content type
application/json
{
  • "parentId": "string"
}

Response samples

Content type
application/json
{
  • "content": [
    ]
}

Remove parent from organization

Remove a parent organization from an organization. Since all organizations must always have at least one parent, this is only possible for organizations with multiple parents.

Authorizations:
OAuth2
path Parameters
organizationId
required
string

The ID of an organization.

Request Body schema: application/json
parentId
required
string

The ID of the parent organization for the organization to be removed. Removal of other parents will need to be performed separately with this API.

Responses

Request samples

Content type
application/json
{
  • "parentId": "string"
}

Response samples

Content type
application/json
{ }

Add permissions to organization

Make permission(s) available to an organization, and optionally to all its sub-organizations, so that they can be assigned to users in the organization(s).

Notes:

The includeSubOrganizations flag is currently not supported, but would be offering convenience when assigning permissions to child organizations, allowing the assignment to be done to all sub-organizations at once. However, there is no inheritance functionality, and for child organizations that are created afterwards, permissions need to be assigned separately.

Authorizations:
OAuth2
path Parameters
organizationId
required
string

The ID of an organization.

Request Body schema: application/json
permissionIds
required
Array of strings
includeSubOrganizations
boolean

Responses

Request samples

Content type
application/json
{
  • "permissionIds": [
    ],
  • "includeSubOrganizations": true
}

Response samples

Content type
application/json
{ }

Remove permissions from organization

Remove permission(s) from an organization so that they can no longer be assigned to users within that organization.

Authorizations:
OAuth2
path Parameters
organizationId
required
string

The ID of an organization.

Request Body schema: application/json
permissionIds
required
Array of strings

Responses

Request samples

Content type
application/json
{
  • "permissionIds": [
    ]
}

Response samples

Content type
application/json
{ }

Add roles to organization

Make role(s) available to an organization, and optionally to all its sub-organizations, so that they can be assigned to users in the organization(s).

Notes:

The includeSubOrganizations flag is currently not supported, but would be offering convenience when assigning roles to child organizations, allowing the assignment to be done to all sub-organizations at once. However, there is no inheritance functionality, and for child organizations that are created afterwards, roles need to be assigned separately.

Authorizations:
OAuth2
path Parameters
organizationId
required
string

The ID of an organization.

Request Body schema: application/json
required
Array of objects (AddUpdateOrganizationRoles)

This is a list of role IDs to add.

includeSubOrganizations
boolean

Responses

Request samples

Content type
application/json
{
  • "roles": [
    ],
  • "includeSubOrganizations": true
}

Response samples

Content type
application/json
{ }

Remove roles from organization

Remove roles from an organization so that they can no longer be assigned to users within that organization.

Authorizations:
OAuth2
path Parameters
organizationId
required
string

The ID of an organization.

Request Body schema: application/json
roleIds
required
Array of strings

The list of role ID's to be removed from the organization.

Responses

Request samples

Content type
application/json
{
  • "roleIds": [
    ]
}

Response samples

Content type
application/json
{
  • "message": "Client specified an invalid argument.",
  • "status": "INVALID_ARGUMENT",
  • "code": 400,
  • "details": { }
}

Add users to organization

Add one or more users to an organization. The user must already exist in the system and therefore have a userId.

Notes:

  • Pagination is currently not supported.
Authorizations:
OAuth2
path Parameters
organizationId
required
string

The ID of an organization.

Request Body schema: application/json
required
Array of objects (AddOrganizationUser)

A list of users you want to add to the organization.

Responses

Request samples

Content type
application/json
{
  • "users": [
    ]
}

Response samples

Content type
application/json
{ }

Update users to organization relationships

This is for updating the relationships of one or more users to an organization.

Authorizations:
OAuth2
path Parameters
organizationId
required
string

The ID of an organization.

Request Body schema: application/json
required
Array of objects (UserAction)

Responses

Request samples

Content type
application/json
{
  • "userActions": [
    ]
}

Response samples

Content type
application/json
{ }

Remove users from organization

Remove one or more users from an organization. The user will continue to exist in the system and in any other organization that he/she was member of.

Authorizations:
OAuth2
path Parameters
organizationId
required
string

The ID of an organization.

Request Body schema: application/json
userIds
required
Array of strings

Array of user ID's that need to be removed from the organization.

Responses

Request samples

Content type
application/json
{
  • "userIds": [
    ]
}

Response samples

Content type
application/json
{ }

Users

A user can be a person whom access rights are controlled by DMv2, and can also be an administrator within DMv2.

Add new user

Add a new user to the system and in a first organization. This is for adding a user that does not yet exist in the system

Authorizations:
OAuth2
Request Body schema: application/json
startDate
string <date-time>

The startDate from which activity can be allowed in context of the user, as controlled by authorization policies.

endDate
string <date-time>

The endDate from which activity is no longer allowed in context of this user, as controlled by authorization policies.

organizationId
required
string

Id of the organization that the user is member of.

Array of objects (RelationshipType)

User relationships to organization.

required
object

User details.

Responses

Request samples

Content type
application/json
{
  • "startDate": "2019-08-24T14:15:22Z",
  • "endDate": "2019-08-24T14:15:22Z",
  • "organizationId": "string",
  • "relationships": [
    ],
  • "user": {
    }
}

Response samples

Content type
application/json
{
  • "organizationId": "string",
  • "startDate": "string",
  • "endDate": "string",
  • "authzStatus": "string",
  • "relationships": [
    ],
  • "user": {
    }
}

Search and filter users

List, search and filter users that are part of an organization, and optionally of all its sub-organizations. The function can be used to search users based on a partial or full match of a search string against any name, username and email addresses attributes. It can also be used to provide a filtered list based on directly assigned roles, directly assigned permissions, and on the value of the status attribute. Finally, it can be used for providing a list of all users without any search or filter criteria.

Notes:

  • Pagination is currently not supported.
Authorizations:
OAuth2
query Parameters
pageSize
number
Default: 10

The number of items to return per page.

pageNumber
number
Default: 1

The page number for a paginated response.

searchTerm
string
Example: searchTerm=test

The string to try to match in the process of searching. The string is used for a case-insensitive and partial search.

searchScope
string
Example: searchScope=name,externalId

Comma separated list of attributes to try to match to the search string provided via the searchTerm parameter. This could include for example name and/or externalId.

organizationId
string

The ID of the organization under which to search. This acts as a filter option.

includeSubOrganizations
boolean
Default: false
Example: includeSubOrganizations=true

Flag to indicate if the search should include all sub-organizations or just the direct sub-organizations

roleIds
Array of strings

This is a list of role IDs to filter on.

permissionIds
Array of strings

This is a list of permissions IDs to filter on.

status
string
Enum: "Created" "Invited" "Inactive" "Activated" "Blocked" "Withdrawn"

The status of the role to filter on.

Responses

Response samples

Content type
application/json
{
  • "pageSize": 10,
  • "pageNumber": 1,
  • "content": [
    ]
}

Get user

Get the values of the attributes of a user, and its status.

Authorizations:
OAuth2
path Parameters
userId
required
string

The ID of a user.

Responses

Response samples

Content type
application/json
{
  • "startDate": "string",
  • "endDate": "string",
  • "authzStatus": "string",
  • "relationships": [
    ],
  • "user": {
    }
}

Edit user

Edit/change attributes of the user, except attributes that participate in authentication (email address, phone number) and which have their own APIs and procedures for changing.

Authorizations:
OAuth2
path Parameters
userId
required
string

The ID of a user.

Request Body schema: application/json
startDate
string <date-time>

The startDate from which activity can be allowed in context of the user, as controlled by authorization policies.

endDate
string <date-time>

The endDate from which activity is no longer allowed in context of this user, as controlled by authorization policies.

required
object

User details.

Responses

Request samples

Content type
application/json
{
  • "startDate": "2019-08-24T14:15:22Z",
  • "endDate": "2019-08-24T14:15:22Z",
  • "user": {
    }
}

Response samples

Content type
application/json
{
  • "startDate": "string",
  • "endDate": "string",
  • "authzStatus": "string",
  • "relationships": [
    ],
  • "user": {
    }
}

Remove user

Remove the user from the system independently of whether the user is part of an organization or not. The user is not removed by default, but the status of the user will be changed to, for example, a grace status. A user can be immediately and permanently removed, by providing the permanent parameter set to true.

Authorizations:
OAuth2
path Parameters
userId
required
string

The ID of a user.

query Parameters
permanent
boolean
Default: false

Permanently delete user when set to true.

Responses

Response samples

Content type
application/json
{
  • "message": "Client specified an invalid argument.",
  • "status": "INVALID_ARGUMENT",
  • "code": 400,
  • "details": { }
}

Add roles to user

Assign role(s) to a user in context of one organization. For each role assignment a set of relationship types, and a period of validity can be set.

Authorizations:
OAuth2
path Parameters
userId
required
string

The ID of a user.

Request Body schema: application/json
organizationId
required
string

The ID of the organization.

Array of objects (UserOrganizationRole)

Responses

Request samples

Content type
application/json
{
  • "organizationId": "string",
  • "roles": [
    ]
}

Response samples

Content type
application/json
{ }

Get user's roles in organization

Get the list of roles directly assigned to the user in a specified organization, the relationship types, and period of validity applicable to each role. Roles that are nested within the directly assigned roles are not included in the list.

Notes:

  • Pagination is currently not supported.
Authorizations:
OAuth2
path Parameters
userId
required
string

The ID of a user.

query Parameters
organizationId
required
string
activeRoles
boolean

When set to true, only returns any ENABLED directly assigned role, where the current time is within the specified time frames.

Responses

Response samples

Content type
application/json
{ }

Update roles of user

Authorizations:
OAuth2
path Parameters
userId
required
string

The ID of a user.

Request Body schema: application/json
organizations
required
Array of objects (UpdateOrganizationRoles)

Responses

Request samples

Content type
application/json
{
  • "organizations": [
    ]
}

Response samples

Content type
application/json
{ }

Remove roles from user

Remove/unassign role(s) from a user in context of one organization.

Authorizations:
OAuth2
path Parameters
userId
required
string

The ID of a user.

Request Body schema: application/json
organizationId
required
string
roleIds
required
Array of strings

Responses

Request samples

Content type
application/json
{
  • "organizationId": "string",
  • "roleIds": [
    ]
}

Response samples

Content type
application/json
{ }

Get user's organizations

Get the list of organizations that the user is part of, and the relationship types applicable to each.

Notes:

  • Pagination is currently not supported.
Authorizations:
OAuth2
path Parameters
userId
required
string

The ID of a user.

query Parameters
pageSize
number
Default: 10

The number of items to return per page.

pageNumber
number
Default: 1

The page number for a paginated response.

relationshipType
string

The relationshipType (e.g. is_member_of) to filter on.

activeMemberships
boolean

When set to true, only return any organization where both the user and organization are ENABLED, the current time is within the specified time frames of user and organization and where the relationships are within the specified time frame.

Responses

Response samples

Content type
application/json
{
  • "pageSize": 10,
  • "pageNumber": 1,
  • "content": [
    ]
}

Add permissions to user

Add/assign permission(s) to a user in context of one organization. For each permission assignment a set of relationship types, and a period of validity can be set.

Notes:

  • Pagination is currently not supported.
Authorizations:
OAuth2
path Parameters
userId
required
string

The ID of a user.

Request Body schema: application/json
organizationId
required
string

The ID of the organization.

required
Array of objects (UserOrganizationPermission)

Responses

Request samples

Content type
application/json
{
  • "organizationId": "string",
  • "permissions": [
    ]
}

Response samples

Content type
application/json
{
  • "pageSize": 10,
  • "pageNumber": 1,
  • "content": [
    ]
}

Get user's permissions in organization

Get the list of permissions directly assigned to the user in a specified organization, the relationship types, and period of validity applicable to each permission. Permissions that are nested within the directly assigned permissions are not included in the list.

Notes:

  • Pagination is currently not supported.
Authorizations:
OAuth2
path Parameters
userId
required
string

The ID of a user.

query Parameters
pageSize
number
Default: 10

The number of items to return per page.

pageNumber
number
Default: 1

The page number for a paginated response.

organizationId
required
string

The ID of the organization.

activePermissions
boolean

When set to true, only returns any ENABLED permission, either assigned directly or indirectly via an ENABLED role, where the current time is within the specified time frames.

Responses

Response samples

Content type
application/json
{
  • "pageSize": 10,
  • "pageNumber": 1,
  • "content": [
    ]
}

Update permissions of user

Authorizations:
OAuth2
path Parameters
userId
required
string

The ID of a user.

Request Body schema: application/json
required
Array of objects (UpdateOrganizationPermissions)

Responses

Request samples

Content type
application/json
{
  • "organizations": [
    ]
}

Response samples

Content type
application/json
{ }

Remove permissions from user

Remove/unassign permission(s) from a user in context of one organization.

Authorizations:
OAuth2
path Parameters
userId
required
string

The ID of a user.

Request Body schema: application/json
organizationId
required
string

The organizationId for which you want to remove the associated permissions.

permissionIds
required
Array of strings

A list of permissionIds that need to be removed.

Responses

Request samples

Content type
application/json
{
  • "organizationId": "string",
  • "permissionIds": [
    ]
}

Response samples

Content type
application/json
{
  • "message": "Client specified an invalid argument.",
  • "status": "INVALID_ARGUMENT",
  • "code": 400,
  • "details": { }
}

User self-service

Self-service capabilities for end users.

Change username

Allow user to change their username that is used to login. This includes a verification flow

path Parameters
userId
required
string

The ID of a user.

Responses

Response samples

Content type
application/json
{ }

Change password

Allow user to change their password

path Parameters
userId
required
string

The ID of a user.

Responses

Response samples

Content type
application/json
{ }

Help desk

Help desk capabilities when managing users.

Block a user

Block a user account when deemed compromised. The effect of blocking the users account is to deny authorization to access applications – on the other hand, it does not block authentication.

Authorizations:
OAuth2
path Parameters
userId
required
string

The ID of a user.

Responses

Response samples

Content type
application/json
{
  • "userId": "string",
  • "authzStatus": "BLOCKED"
}

Unblock a user

Unblock a user account that was blocked.

Authorizations:
OAuth2
path Parameters
userId
required
string

The ID of a user.

Responses

Response samples

Content type
application/json
{
  • "userId": "string",
  • "authzStatus": "BLOCKED"
}

Roles

A role defines the access rights of a user. This can be for a regular user in context of accessing an external application (role of type user role), or an admin user in the context of accessing the DMv2 administration functions (role of type admin).

Add role

Create a role and make it available to a first organization.

Notes:

  • When no organization is specified, the role will be available to the root organization.
  • When an organization is specified, the role will be available to the specified organization.
  • Only permissions associated with external applications can be included in a role of type user.
  • Only system permissions can be included in a role of type admin.
Authorizations:
OAuth2
Request Body schema: application/json
startDate
string <date-time>

The startDate from which the role can grant authorizations, as controlled by authorization policies.

endDate
string <date-time>

The endDate from which the role no longer grants authorizations, as controlled by authorization policies.

name
required
string

The name of the role. This name must be unique inside this tenant of Delegated User Management.

description
string

The description of the new role. This description can be used can be used to explain the meaning and purpose of the role, as a help for administrators and users.

permissionIds
Array of strings

This is a list of already defined permissions that are included in this new role.

organizationId
string

The id of organization you want to link this role to. If not provided, the root organization id is used.

externalId
string

An external identifier which could be used in addition to the name, and to the roleID to uniquely identify the role. This external ID would typically be used to refer to the role in other business systems.

type
string

This can used to qualify the type of role. User and Admin are reserved, but otherwise customers can choose what strings to enter. There are no pre-set type values.

Array of objects (CustomAttribute)

Custom attributes in the form of a list of keys and corresponding string values

status
string
Default: "ENABLED"
Enum: "ENABLED" "DISABLED"

This indicates whether the role is enabled or disabled. In case it is disabled, the role will not translate into any authorization.

Responses

Request samples

Content type
application/json
{
  • "startDate": "2019-08-24T14:15:22Z",
  • "endDate": "2019-08-24T14:15:22Z",
  • "name": "string",
  • "description": "string",
  • "permissionIds": [
    ],
  • "organizationId": "string",
  • "externalId": "string",
  • "type": "string",
  • "customAttributes": [
    ],
  • "status": "ENABLED"
}

Response samples

Content type
application/json
{
  • "roleId": "string",
  • "name": "string",
  • "description": "string",
  • "permissionIds": [
    ],
  • "externalId": "string",
  • "type": "string",
  • "customAttributes": [
    ],
  • "status": "ENABLED",
  • "startDate": "string",
  • "endDate": "string"
}

Search and filter roles

List, search and filter roles available in the system or for a specified organization. The function can be used to search roles based on a partial or full match of a search string against the name and/or externalId attribute. It can also be used to provide a filtered list based on contained permissionId's, based on related applicationId's, and/or for specific values of type and status attributes. Finally, it can be used for providing a list of available roles without any search or filter criteria.

Notes:

  • The first iteration of this endpoint will only support the list functionality to list the roles available to a specified organization (unsorted) or if not specified, the roles available to the root organization (unsorted).
  • The includeSubOrganizations flag is not yet supported.
  • This endpoint doesn't support search and filter functionality in this first iteration, and as such parameters searchTerm, searchScope, permissionIds, applicationIds, externalId, type, and status are ignored for now.
  • Pagination is currently not supported.
Authorizations:
OAuth2
query Parameters
pageSize
number
Default: 10

The number of items to return per page.

pageNumber
number
Default: 1

The page number for a paginated response.

searchTerm
string
Example: searchTerm=test

The string to try to match in the process of searching. The string is used for a case-insensitive and partial search.

searchScope
string
Example: searchScope=name,externalId

Comma separated list of attributes to try to match to the search string provided via the searchTerm parameter. This could include for example name and/or externalId.

organizationId
string

The ID of the organization under which to search. This acts as a filter option.

includeSubOrganizations
boolean
Default: false
Example: includeSubOrganizations=true

Flag to indicate if the search should include all sub-organizations or just the direct sub-organizations

permissionIds
Array of strings

This is a list of permissions IDs to filter on.

applicationIds
Array of strings

This is a list of application IDs to filter on.

externalId
string

An external identifier to filter on.

type
string

The type of the role to filter on.

status
string
Enum: "ENABLED" "DISABLED"

The status of the role to filter on.

Responses

Response samples

Content type
application/json
{
  • "pageSize": 10,
  • "pageNumber": 1,
  • "content": [
    ]
}

Get role

Retrieve the details of a role.

Authorizations:
OAuth2
path Parameters
roleId
required
string

The ID of a role.

Responses

Response samples

Content type
application/json
{
  • "roleId": "string",
  • "name": "string",
  • "description": "string",
  • "permissionIds": [
    ],
  • "externalId": "string",
  • "type": "string",
  • "customAttributes": [
    ],
  • "status": "ENABLED",
  • "startDate": "string",
  • "endDate": "string"
}

Edit role

Change the content of a role.

Notes:

  • Only permissions associated with external applications can be included in a role of type user.
  • Only DMv2 system permissions can be included in a role of type admin.
  • Roles can only include roles of the same type.
  • The type of a role cannot be changed.
Authorizations:
OAuth2
path Parameters
roleId
required
string

The ID of a role.

Request Body schema: application/json
startDate
string <date-time>

The startDate from which the role can grant authorizations, as controlled by authorization policies.

endDate
string <date-time>

The endDate from which the role no longer grants authorizations, as controlled by authorization policies.

name
string

The name of the role. This name must be unique inside this tenant of Delegated User Management.

description
string

The description of the role. This description can be used can be used to explain the meaning and purpose of the role, as a help for administrators and users.

externalId
string

An external identifier which could be used in addition to the name, and to the roleID to uniquely identify the role. This external ID would typically be used to refer to the role in other business systems.

Array of objects (CustomAttribute)

Custom attributes in the form of a list of keys and corresponding string values

type
string

This can be used to qualify the type of role. Customers can choose what strings to enter, there are no pre-set type values.

status
string
Enum: "ENABLED" "DISABLED"

This indicates whether the role is enabled or disabled. In case it is disabled, the role will not translate into any authorization.

Responses

Request samples

Content type
application/json
{
  • "startDate": "2019-08-24T14:15:22Z",
  • "endDate": "2019-08-24T14:15:22Z",
  • "name": "string",
  • "description": "string",
  • "externalId": "string",
  • "customAttributes": [
    ],
  • "type": "contract",
  • "status": "ENABLED"
}

Response samples

Content type
application/json
{
  • "roleId": "string",
  • "name": "string",
  • "description": "string",
  • "permissionIds": [
    ],
  • "externalId": "string",
  • "type": "string",
  • "customAttributes": [
    ],
  • "status": "ENABLED",
  • "startDate": "string",
  • "endDate": "string"
}

Remove role

Remove a role from the system.

Authorizations:
OAuth2
path Parameters
roleId
required
string

The ID of a role.

query Parameters
forceRemove
boolean

Force remove the role even if it has is_assigned_to relationships with users.

Responses

Response samples

Content type
application/json
{
  • "message": "Client specified an invalid argument.",
  • "status": "INVALID_ARGUMENT",
  • "code": 400,
  • "details": { }
}

Add permissions to role

Add permissions to a role.

Authorizations:
OAuth2
path Parameters
roleId
required
string

The ID of a role.

Request Body schema: application/json
permissionIds
Array of strings

Responses

Request samples

Content type
application/json
{
  • "permissionIds": [
    ]
}

Response samples

Content type
application/json
{ }

Remove permissions from role

Remove permissions from a role.

Authorizations:
OAuth2
path Parameters
roleId
required
string

The ID of a role.

Request Body schema: application/json
permissionIds
Array of strings

Responses

Request samples

Content type
application/json
{
  • "permissionIds": [
    ]
}

Response samples

Content type
application/json
{ }

Applications

An application is a resource of which the access is controlled through DMv2 authorization rules. This can be an external application, or can be DMv2 itself which is also represented as an application.

Add application

Create an application.

Authorizations:
OAuth2
Request Body schema: application/json
startDate
string <date-time>

The startDate from which activity can be allowed in context of the application, as controlled by authorization policies.

endDate
string <date-time>

The endDate from which activity is no longer allowed in context of this application, as controlled by authorization policies.

name
required
string

The name of the new application. This name must be unique inside this tenant of Delegated User Management.

description
string

The description of the new application. This description can be used as help or complementary information.

type
string

This can used to qualify the type of application. Customers can choose what strings to enter, there are no pre-set type values.

status
string
Default: "ENABLED"
Enum: "ENABLED" "DISABLED"

This indicates whether the application is enabled or disabled. In case it is disabled, users will not be granted authorization for any access to this application.

Responses

Request samples

Content type
application/json
{
  • "startDate": "2019-08-24T14:15:22Z",
  • "endDate": "2019-08-24T14:15:22Z",
  • "name": "string",
  • "description": "string",
  • "type": "string",
  • "status": "ENABLED"
}

Response samples

Content type
application/json
{
  • "applicationId": "string",
  • "name": "string",
  • "description": "string",
  • "type": "string",
  • "status": "ENABLED",
  • "startDate": "string",
  • "endDate": "string"
}

Search and filter applications

List, search and filter applications available in the system or for a specified organization.

Notes:

The function can be used to search applications based on a partial or full match of a search string against the name attribute. It can also be used to provide a filtered list based on specific values of type and status attributes. Finally, it can be used for providing a list of available applications without any search or filter criteria.

Notes:

  • Pagination is currently not supported.
Authorizations:
OAuth2
query Parameters
pageSize
number
Default: 10

The number of items to return per page.

pageNumber
number
Default: 1

The page number for a paginated response.

searchTerm
string
Example: searchTerm=test

The string to try to match in the process of searching. The string is used for a case-insensitive and partial search.

searchScope
string
Example: searchScope=name,externalId

Comma separated list of attributes to try to match to the search string provided via the searchTerm parameter. This could include for example name and/or externalId.

organizationId
string

The ID of the organization under which to search. This acts as a filter option.

type
string
Example: type=group

This can be used to qualify the type of application. This acts as a filter option.

status
string
Enum: "ENABLED" "DISABLED"
Example: status=DISABLED

This indicates whether the application is enabled or disabled. This acts as a filter option.

Responses

Response samples

Content type
application/json
{
  • "pageSize": 10,
  • "pageNumber": 1,
  • "content": [
    ]
}

Get application

Retrieve the details of a application.

Authorizations:
OAuth2
path Parameters
applicationId
required
string

The ID of an application.

Responses

Response samples

Content type
application/json
{
  • "applicationId": "string",
  • "name": "string",
  • "description": "string",
  • "type": "string",
  • "status": "ENABLED",
  • "startDate": "string",
  • "endDate": "string"
}

Edit application

Change the attributes or content of a application.

Authorizations:
OAuth2
path Parameters
applicationId
required
string

The ID of a application.

Request Body schema: application/json
startDate
string <date-time>

The startDate from which activity can be allowed in context of the application, as controlled by authorization policies.

endDate
string <date-time>

The endDate from which activity is no longer allowed in context of this application, as controlled by authorization policies.

name
string

The name of the application. This name must be unique inside this tenant of Delegated User Management.

description
string

The description of the new application. This description can be used as help or complementary information.

status
string
Enum: "ENABLED" "DISABLED"

This indicates whether the application is enabled or disabled. In case it is disabled, users will not be granted authorization for any access to this application.

Responses

Request samples

Content type
application/json
{
  • "startDate": "2019-08-24T14:15:22Z",
  • "endDate": "2019-08-24T14:15:22Z",
  • "name": "string",
  • "description": "string",
  • "status": "ENABLED"
}

Response samples

Content type
application/json
{
  • "applicationId": "string",
  • "name": "string",
  • "description": "string",
  • "type": "string",
  • "status": "ENABLED",
  • "startDate": "string",
  • "endDate": "string"
}

Remove application

Remove an application.

Notes:

This is only allowed if the application is not referred to by any permission.

Authorizations:
OAuth2
path Parameters
applicationId
required
string

The ID of an application.

Responses

Response samples

Content type
application/json
{ }

Permissions

A permission is the base descriptor that defines a set of rights within an application. This can be for an external application, or for DMv2 itself. Roles are defined by the reference to the permissions that they contain.

Add permission

Create a permission.

Notes:

This API only allows the creation of permissions for external applications. Permissions for the internal DMv2 application must be created through backend system configuration.

Authorizations:
OAuth2
Request Body schema: application/json
startDate
string <date-time>

The startDate from which activity can be allowed in context of the permission, as controlled by authorization policies.

endDate
string <date-time>

The endDate from which activity is no longer allowed in context of this permission, as controlled by authorization policies.

name
required
string

The name of the permission. This name must be unique inside this tenant of Delegated User Management.

description
string

The description of the new permission. This description can be used to explain the meaning and purpose of the permission, as a help for administrators and users.

applicationId
required
string

The ID of the application to which this permission applies.

descriptor
required
string

The content of the permission. This is a string that the application will be able to consume as part of an access token in order to determine what the user will be authorized to do inside the application.

type
string

This can used to qualify the type of permission. Customers can choose what strings to enter, there are no pre-set type values.

status
string
Default: "ENABLED"
Enum: "ENABLED" "DISABLED"

This indicates whether the permission is enabled or disabled. In case it is disabled, the permission will not translate into any authorization.

Responses

Request samples

Content type
application/json
{
  • "startDate": "2019-08-24T14:15:22Z",
  • "endDate": "2019-08-24T14:15:22Z",
  • "name": "string",
  • "description": "string",
  • "applicationId": "string",
  • "descriptor": "string",
  • "type": "string",
  • "status": "ENABLED"
}

Response samples

Content type
application/json
{
  • "permissionId": "string",
  • "name": "string",
  • "description": "string",
  • "applicationId": "string",
  • "descriptor": "string",
  • "type": "string",
  • "status": "ENABLED",
  • "startDate": "string",
  • "endDate": "string"
}

Search and filter permissions

List, search and filter permissions available in the system or for a specified organization. The function can be used to search permissions based on a partial or full match of a search string against the name attribute. It can also be used to provide a filtered list based on contained permissionId's, based on related applicationId's, and/or for specific values of type and status attributes. Finally, it can be used for providing a list of available permissions without any search or filter criteria.

Notes:

  • The first iteration of this endpoint will only support the list functionality to list the permissions available to a specified organization (unsorted) or if not specified, the permissions available to the root organization (unsorted).
  • The includeSubOrganizations flag is not yet supported.
  • This endpoint doesn't support search and filter functionality in this first iteration, and as such parameters searchTerm, searchScope, permissionIds, applicationIds, externalId, type, and status are ignored for now.
  • Pagination is currently not supported.
Authorizations:
OAuth2
query Parameters
pageSize
number
Default: 10

The number of items to return per page.

pageNumber
number
Default: 1

The page number for a paginated response.

searchTerm
string
Example: searchTerm=test

The string to try to match in the process of searching. The string is used for a case-insensitive and partial search.

searchScope
string
Example: searchScope=name,externalId

Comma separated list of attributes to try to match to the search string provided via the searchTerm parameter. This could include for example name and/or externalId.

organizationId
string

The ID of the organization under which to search. This acts as a filter option.

includeSubOrganizations
boolean
Default: false
Example: includeSubOrganizations=true

Flag to indicate if the search should include all sub-organizations or just the direct sub-organizations

applicationIds
Array of strings

This is a list of application IDs to filter on.

permissionIds
Array of strings

This is a list of permissions IDs to filter on.

type
string

The type of the permission to filter on.

status
string
Enum: "ENABLED" "DISABLED"

The status of the role to filter on.

Responses

Response samples

Content type
application/json
{
  • "pageSize": 10,
  • "pageNumber": 1,
  • "content": [
    ]
}

Get permission

Retrieve the details of a permission.

Authorizations:
OAuth2
path Parameters
permissionId
required
string

The ID of a permission.

Responses

Response samples

Content type
application/json
{
  • "permissionId": "string",
  • "name": "string",
  • "description": "string",
  • "applicationId": "string",
  • "descriptor": "string",
  • "type": "string",
  • "status": "ENABLED",
  • "startDate": "string",
  • "endDate": "string"
}

Edit permission

Change the attributes or content of a permission.

Authorizations:
OAuth2
path Parameters
permissionId
required
string

The ID of a permission.

Request Body schema: application/json
startDate
string <date-time>

The startDate from which activity can be allowed in context of the permission, as controlled by authorization policies.

endDate
string <date-time>

The endDate from which activity is no longer allowed in context of this permission, as controlled by authorization policies.

name
string

The name of the permission. This name must be unique inside this tenant of Delegated User Management.

description
string

The description of the new permission. This description can be used to explain the meaning and purpose of the permission, as a help for administrators and users.

descriptor
string

The content of the permission. This is a string that the application will be able to consume as part of an access token in order to determine what the user will be authorized to do inside the application.

status
string
Enum: "ENABLED" "DISABLED"

This indicates whether the permission is enabled or disabled. In case it is disabled, the permission will not translate into any authorization.

type
string

This can be used to qualify the type of permission. Customers can choose what strings to enter, there are no pre-set type values.

Responses

Request samples

Content type
application/json
{
  • "startDate": "2019-08-24T14:15:22Z",
  • "endDate": "2019-08-24T14:15:22Z",
  • "name": "string",
  • "description": "string",
  • "descriptor": "string",
  • "status": "ENABLED",
  • "type": "standard"
}

Response samples

Content type
application/json
{
  • "permissionId": "string",
  • "name": "string",
  • "description": "string",
  • "applicationId": "string",
  • "descriptor": "string",
  • "type": "string",
  • "status": "ENABLED",
  • "startDate": "string",
  • "endDate": "string"
}

Remove permission

Remove a permission from the system.

Authorizations:
OAuth2
path Parameters
permissionId
required
string

The ID of a permission.

query Parameters
forceRemove
boolean

Force remove the permission even if it has is_assigned_to relationships with users or when the permission is still referred to by one or more roles.

Responses

Response samples

Content type
application/json
{
  • "message": "Client specified an invalid argument.",
  • "status": "INVALID_ARGUMENT",
  • "code": 400,
  • "details": { }
}

Invitations

An invitation will invite a user into one or more organizations. The user that's invited could already exist in the system or in a different organization or not exist at all.

Add invitation

Invite a new user into an organization. The invitation could relate to a user that already exists in the system or in a different organization, or a user that doesn't exist yet.

Notes:

  • Invitations currently only support inviting a user to an organization, and not adding roles and permissions at the same time.
Authorizations:
OAuth2
Request Body schema: application/json
email
required
string

The email address of the invited user.

firstName
string

The first name of the invited user.

lastName
string

The last name of the invited user.

phoneNumber
string

The phone number of the invited user.

customAttribute
string

Optional custom string attribute of which there can be multiple.

expirationDate
string <date-time>

The date when the invitation expires. If not provided, the expiry date will be set 24 hours in the future.

invitor
string

The userId of the user who requests the invitation.

required
object (InvitationOrganizationRelationship)
Array of objects (InvitationRoleRelationship)
Array of objects (InvitationPermissionRelationship)

Responses

Request samples

Content type
application/json
{
  • "email": "string",
  • "firstName": "string",
  • "lastName": "string",
  • "phoneNumber": "string",
  • "customAttribute": "string",
  • "expirationDate": "2019-08-24T14:15:22Z",
  • "invitor": "string",
  • "organization": {
    },
  • "roles": [
    ],
  • "permissions": [
    ]
}

Response samples

Content type
application/json
{
  • "invitationId": "string",
  • "email": "string",
  • "firstName": "string",
  • "lastName": "string",
  • "phoneNumber": "string",
  • "customAttribute": "string",
  • "expirationDate": "2019-08-24T14:15:22Z",
  • "invitor": "string",
  • "organization": {
    },
  • "roles": [
    ],
  • "permissions": [
    ],
  • "invitationStatus": "PENDING",
  • "acceptedBy": "string",
  • "acceptedDate": "2019-08-24T14:15:22Z",
  • "revokedBy": "string",
  • "revokedDate": "2019-08-24T14:15:22Z",
  • "requestToken": "string",
  • "processToken": "string"
}

Search and filter invitations

List, search and filter invitations.

Notes:

  • Pagination is currently not supported.
Authorizations:
OAuth2
query Parameters
pageSize
number
Default: 10

The number of items to return per page.

pageNumber
number
Default: 1

The page number for a paginated response.

searchTerm
string
Example: searchTerm=test

The string to try to match in the process of searching. The string is used for a case-insensitive and partial search.

searchScope
string
Example: searchScope=name,externalId

Comma separated list of attributes to try to match to the search string provided via the searchTerm parameter. This could include for example name and/or externalId.

organizationId
string
userId
string

Responses

Response samples

Content type
application/json
{
  • "pageSize": 10,
  • "pageNumber": 1,
  • "content": [
    ]
}

Get invitation

Retrieve data about an invitation.

Authorizations:
OAuth2
path Parameters
invitationId
required
string

The ID of an invitation.

Responses

Response samples

Content type
application/json
{
  • "invitationId": "string",
  • "email": "string",
  • "firstName": "string",
  • "lastName": "string",
  • "phoneNumber": "string",
  • "customAttribute": "string",
  • "expirationDate": "2019-08-24T14:15:22Z",
  • "invitor": "string",
  • "organization": {
    },
  • "roles": [
    ],
  • "permissions": [
    ],
  • "invitationStatus": "PENDING",
  • "acceptedBy": "string",
  • "acceptedDate": "2019-08-24T14:15:22Z",
  • "revokedBy": "string",
  • "revokedDate": "2019-08-24T14:15:22Z"
}

Remove invitation

Remove an invitation.

Authorizations:
OAuth2
path Parameters
invitationId
required
string

The ID of an invitation.

Responses

Response samples

Content type
application/json
{
  • "message": "Client specified an invalid argument.",
  • "status": "INVALID_ARGUMENT",
  • "code": 400,
  • "details": { }
}

Accept invitation

To allow user to accept an invitation.

Authorizations:
OAuth2
path Parameters
invitationId
required
string

The ID of an invitation.

Request Body schema: application/json
requestToken
required
string

The request token that is associated with the invitation.

userId
required
string

The ID of the user. *userId is required when this endpoint is called with an M2M access token and optional when called with a user access token.

Responses

Request samples

Content type
application/json
{
  • "requestToken": "string",
  • "userId": "string"
}

Response samples

Content type
application/json
{
  • "invitationId": "string",
  • "email": "string",
  • "firstName": "string",
  • "lastName": "string",
  • "phoneNumber": "string",
  • "customAttribute": "string",
  • "expirationDate": "2019-08-24T14:15:22Z",
  • "invitor": "string",
  • "organization": {
    },
  • "roles": [
    ],
  • "permissions": [
    ],
  • "invitationStatus": "PENDING",
  • "acceptedBy": "string",
  • "acceptedDate": "2019-08-24T14:15:22Z",
  • "revokedBy": "string",
  • "revokedDate": "2019-08-24T14:15:22Z"
}

Withdraw invitation

To allow user to withdraw an invitation.

Authorizations:
OAuth2
path Parameters
invitationId
required
string

The ID of an invitation.

Request Body schema: application/json
userId
required
string

The ID of the user.

Responses

Request samples

Content type
application/json
{
  • "userId": "string"
}

Response samples

Content type
application/json
{
  • "invitationId": "string",
  • "email": "string",
  • "firstName": "string",
  • "lastName": "string",
  • "phoneNumber": "string",
  • "customAttribute": "string",
  • "expirationDate": "2019-08-24T14:15:22Z",
  • "invitor": "string",
  • "organization": {
    },
  • "roles": [
    ],
  • "permissions": [
    ],
  • "invitationStatus": "PENDING",
  • "acceptedBy": "string",
  • "acceptedDate": "2019-08-24T14:15:22Z",
  • "revokedBy": "string",
  • "revokedDate": "2019-08-24T14:15:22Z"
}

Resend invitation

Trigger the resending of an existing invitation.

Authorizations:
OAuth2
path Parameters
invitationId
required
string

The ID of an invitation.

Request Body schema: application/json
expirationDate
string <date-time>

The date when the invitation expires. If not provided, the expiry date will be set 24 hours in the future.

Responses

Request samples

Content type
application/json
{
  • "expirationDate": "2019-08-24T14:15:22Z"
}

Response samples

Content type
application/json
{
  • "invitationId": "string",
  • "email": "string",
  • "firstName": "string",
  • "lastName": "string",
  • "phoneNumber": "string",
  • "customAttribute": "string",
  • "expirationDate": "2019-08-24T14:15:22Z",
  • "invitor": "string",
  • "organization": {
    },
  • "roles": [
    ],
  • "permissions": [
    ],
  • "invitationStatus": "PENDING",
  • "acceptedBy": "string",
  • "acceptedDate": "2019-08-24T14:15:22Z",
  • "revokedBy": "string",
  • "revokedDate": "2019-08-24T14:15:22Z",
  • "requestToken": "string",
  • "processToken": "string"
}