Your suggested change has been received. Thank you.

close
Thales Logo

All

  • All
  • CipherTrust Manager
  • CipherTrust Application Data Protection (CADP)
  • CipherTrust Application Key Management (CAKM)
  • CipherTrust Batch Data Transformation (BDT)
  • CipherTrust Cloud Key Management (CCKM)
  • CipherTrust Data Discovery and Classification (DDC)
  • CipherTrust Data Protection Gateway (DPG)
  • CipherTrust Database Protection (CDP)
  • CipherTrust Intelligent Protection (CIP)
  • CipherTrust Integrations
  • CipherTrust Migrations
  • CipherTrust RESTful Data Protection (CRDP)
  • CipherTrust Transparent Encryption (CTE)
  • CipherTrust Transparent Encryption Userspace (CTE-U)
  • CipherTrust Secrets Management (CSM)
  • CipherTrust Vaulted Tokenization (CT-V)
  • CipherTrust Vaultless Tokenization (CT-VL)
  • CTE-Linux
  • CTE-Windows
  • CTE-AIX
  • CTE-K8s
  • CTE-U
  • Crypto Command Center
  • Data Protection on Demand
  • Luna Cloud HSM
  • Luna Network HSM
  • Luna PCIe HSM
  • Luna USB HSM
  • OneWelcome Identity Platform
  • ProtectApp LUKS
  • ProtectServer 2 HSM
  • ProtectServer 3 HSM
  • SafeNet Trusted Access (STA)
  • SafeNet MobilePASS+
  • SafeNet MobilePASS+ for Android
  • SafeNet MobilePASS+ for Chrome
  • SafeNet MobilePASS+ for macOS
  • SafeNet MobilePASS+ for iOS
  • SafeNet MobilePASS+ for WatchOS
  • SafeNet MobilePASS+ for Windows
  • SafeNet Synchronization Agent
  • SafeNet Logging Agent
  • SafeNet Agent for FreeRADIUS
  • SafeNet Agent for NPS
  • SafeNet Agent for Windows Logon
  • SafeNet Authentication Service Private Cloud Edition (SAS PCE)
  • SafeNet Remote Logging Agent
  • SafeNet Keycloak Agent
  • SafeNet IDPrime Virtual (IDPV)
  • SafeNet FIDO Key Manager
  • SafeNet FIDO Key Manager for Android
  • SafeNet FIDO Key Manager for iOS
  • SafeNet FIDO Key Manager for Windows
redocly logoAPI docs by Redocly

Onewelcome Delegation (v2023-01-26)

Download OpenAPI specification:Download

Static Resource API

Get a list of all external resources like the palette and logo.

getFile

query Parameters
file_name
required
string

Responses

Translations API

Get a list of all translation files

getTranslations

query Parameters
language
required
string

Responses

Resource API

Operations Resource

Returns a resource

Returns a resource with a specific identifier

path Parameters
resourceId
required
string <uuid>

Identifier of the resource

Responses

Updates resource

Updates resource with a new name and/or externalId

path Parameters
resourceId
required
string <uuid>

Identifier of the resource

Request Body schema: application/json
name
required
string

New name of the resource

externalId
required
string

New external identifier of the resource

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "externalId": "string"
}

Deletes the resource

path Parameters
resourceId
required
string <uuid>

Responses

Returns a resource list

query Parameters
required
object (Pageable)
name
string
Default: ""

Responses

Response samples

Content type
json
[
  • {
    }
]

Creates resource

Creates resource with a name, externalId and a resource type

Request Body schema: application/json
name
required
string

Name of the resource

externalId
required
string

External identifier of the resource

resourceTypeId
required
string <uuid>

ID of the resource type it is attached to

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "externalId": "string",
  • "resourceTypeId": "a59ee688-b5e5-4606-9891-f4a605edacd3"
}

Returns list of groups to which resource is assigned to

path Parameters
resourceId
required
string <uuid>

Responses

Response samples

Content type
json
[
  • {
    }
]

Returns list of resources that have specified external id value

query Parameters
value
required
string

Responses

Response samples

Content type
json
[
  • {
    }
]

Policy API

Allows to control policies

Gets a single policy

path Parameters
policyId
required
string <uuid>

Responses

Response samples

Content type
json
{
  • "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  • "name": "string"
}

Updates a policy

'POLICY_MANAGE' permission on the root group is required

path Parameters
policyId
required
string <uuid>

Identifier of the policy

Request Body schema: application/json
name
required
string

Policy name

Responses

Request samples

Content type
application/json
{
  • "name": "string"
}

Response samples

Content type
json
{
  • "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  • "name": "string"
}

Deletes a policy

'POLICY_MANAGE' permission on the root group is required

path Parameters
policyId
required
string <uuid>

Identifier of the policy

Responses

Returns a policy list

query Parameters
required
object (Pageable)
name
string
Default: ""

Responses

Response samples

Content type
json
[
  • {
    }
]

Adds a policy to the system, and links it with the root group

'POLICY_MANAGE' permission on the root group is required

Request Body schema: application/json
name
required
string

Policy name

Responses

Request samples

Content type
application/json
{
  • "name": "string"
}

Response samples

Content type
json
{
  • "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  • "name": "string"
}

Count resources linked to policy

path Parameters
policyId
required
string <uuid>

Responses

Response samples

Content type
json
0
0

ResourceType API

Operations ResourceTypes

Get a resource type with privileges

path Parameters
resourceTypeId
required
string <uuid>

Responses

Updates a resource type

path Parameters
resourceTypeId
required
string <uuid>

Identifier of the resource type

Request Body schema: application/json
name
required
string

Name of the resource type

Responses

Request samples

Content type
application/json
{
  • "name": "string"
}

Deletes the resource type

path Parameters
resourceTypeId
required
string <uuid>

Responses

List all resource types

Responses

Creates resource types

Creates resource types with a list of connected privileges

Request Body schema: application/json
name
required
string

Name of the resource type

policyId
string <uuid>

ID of the policy it is attached to

Array of objects (CreatePrivilegeDto)

List of attached privileges

multiValue
boolean

Information if multiple resources of this type can be assigned to single member of the group

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "policyId": "2f5573e6-5ba4-48f2-a75d-df99c936463b",
  • "availablePrivileges": [
    ],
  • "multiValue": true
}

Basic Auth User API

Allows to control basic auth users

Returns a basic auth user

Admin's endpoint

path Parameters
username
required
string

Username in plain text

Responses

Response samples

Content type
json
{
  • "username": "string"
}

Updates a basic auth user

Admin's endpoint

path Parameters
username
required
string
Request Body schema: application/json
password
required
string

Password in plain text

Responses

Request samples

Content type
application/json
{
  • "password": "string"
}

Deletes a basic auth user

Admin's endpoint

path Parameters
username
required
string

Username in plain text

Responses

Returns all basic auth users

Admin's endpoint

Responses

Response samples

Content type
json
[
  • {
    }
]

Adds a basic auth user

Admin's endpoint

Request Body schema: application/json
username
required
string

Username in plain text

password
required
string

Password in plain text

Responses

Request samples

Content type
application/json
{
  • "username": "string",
  • "password": "string"
}

Response samples

Content type
json
{
  • "username": "string"
}

Person permissions API

Allows to control person's permissions within a group

Assigns a permission to a person within a group

'PERMISSION_MANAGE' permission on the group is required

path Parameters
groupId
required
string <uuid>

Identifier of the group which the person is member of

personId
required
string

Identifier of the person in the identity provider (e.g. referenceId)

Request Body schema: application/json
permission
string
Enum: "GROUP_MANAGE" "GROUP_POLICY_MANAGE" "GROUP_RESOURCE_MANAGE" "PERMISSION_MANAGE" "PERSON_POLICY_MANAGE" "PERSON_RESOURCE_MANAGE" "GROUP_MEMBER_MANAGE" "POLICY_MANAGE" "RESOURCE_MANAGE"

Permission to assign to the member

Responses

Request samples

Content type
application/json
{
  • "permission": "GROUP_MANAGE"
}

Deletes a permission from a person within a group

'PERMISSION_MANAGE' permission on the group is required

path Parameters
groupId
required
string <uuid>

Identifier of the group which the person is member of

personId
required
string

Identifier of the person in the identity provider (e.g. referenceId)

permission
required
string
Enum: "GROUP_MANAGE" "GROUP_POLICY_MANAGE" "GROUP_RESOURCE_MANAGE" "PERMISSION_MANAGE" "PERSON_POLICY_MANAGE" "PERSON_RESOURCE_MANAGE" "GROUP_MEMBER_MANAGE" "POLICY_MANAGE" "RESOURCE_MANAGE"

Permission to unassign

Responses

Logged-In User API

Operations on DABP logged-in user

Returns information about user permissions related to UI functionalities

Returns information about user permissions related to UI functionalities

Responses

getPermissions

Responses

Group API (Legacy)

Contains v1 endpoints supporting the old dum-app

Returns group Deprecated

Any permission on the group is required

path Parameters
groupId
required
string <uuid>

Responses

Response samples

Content type
json
{
  • "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  • "name": "string",
  • "parent_groups_ids": [
    ],
  • "custom_attributes": {
    },
  • "child_groups_ids": [
    ]
}

Updates group Deprecated

Updates group with given id
'GROUP_MANAGE' permission on the group is required

path Parameters
groupId
required
string <uuid>

Identifier of the group

Request Body schema: application/json
name
required
string

Name of the group

object

Custom attributes as key-value pairs

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "custom_attributes": {
    }
}

Response samples

Content type
json
{
  • "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  • "name": "string",
  • "parent_groups_ids": [
    ],
  • "custom_attributes": {
    },
  • "child_groups_ids": [
    ]
}

Deletes a group Deprecated

Deletes a group with given id
'GROUP_MANAGE' permission on the group is required

path Parameters
groupId
required
string <uuid>

Identifier of the group

Responses

Updates group's custom attributes Deprecated

'GROUP_MANAGE' permission on the group is required

path Parameters
groupId
required
string <uuid>

Identifier of the group

customAttributeName
required
string

Name for the custom attribute

Request Body schema: application/json
value
required
string

Value of the custom attribute

Responses

Request samples

Content type
application/json
{
  • "value": "string"
}

Deletes a group's custom attribute Deprecated

'GROUP_MANAGE' permission on the group is required

path Parameters
groupId
required
string <uuid>

Identifier of the group

customAttributeName
required
string

Name for the custom attribute

Responses

Returns list of groups filtered by custom attributes Deprecated

Returns 'Page' object with list of groups
Result can be filter by custom attributes

query Parameters
required
object (CustomAttributeFilter)
required
object (Pageable)

Responses

Adds a group's subgroup Deprecated

'GROUP_MANAGE' permission on the parent group is required

Request Body schema: application/json
parent_group_id
required
string <uuid>

Identifier of the parent group

name
required
string

Name of the group

object

Custom attributes as key-value pairs

Responses

Request samples

Content type
application/json
{
  • "parent_group_id": "fe5e9949-7da4-4318-86fb-b3b64b2df380",
  • "name": "string",
  • "custom_attributes": {
    }
}

Response samples

Content type
json
{
  • "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  • "name": "string",
  • "parent_groups_ids": [
    ],
  • "custom_attributes": {
    },
  • "child_groups_ids": [
    ]
}

Adds group's member Deprecated

'GROUP_MEMBER_MANAGE' permission on the group is required

path Parameters
groupId
required
string <uuid>
Request Body schema: application/json
person_id
required
string
Deprecated

Identifier of the person in the identity provider (e.g. referenceId)

idp_type
required
string
Deprecated
Enum: "CIM" "BASIC"

Type of the identity provider

first_name
required
string

First name

last_name
required
string

Last name

email
string

E-mail address

phone
string

Phone number

Responses

Request samples

Content type
application/json
{
  • "person_id": "string",
  • "idp_type": "CIM",
  • "first_name": "string",
  • "last_name": "string",
  • "email": "string",
  • "phone": "string"
}

Response samples

Content type
json
{
  • "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  • "idp_type": "string",
  • "person_id": "string",
  • "first_name": "string",
  • "last_name": "string",
  • "email": "string",
  • "phone": "string"
}

Updates group's permissions Deprecated

'PERMISSION_MANAGE' permission on the group is required

path Parameters
groupId
required
string <uuid>

Identifier of the group

idpType
required
string
Enum: "CIM" "BASIC"

Type of identity provider

referenceId
required
string

Identifier of the person in the identity provider

Request Body schema: application/json
create
Array of strings unique
Items Enum: "GROUP_MANAGE" "GROUP_POLICY_MANAGE" "GROUP_RESOURCE_MANAGE" "PERMISSION_MANAGE" "PERSON_POLICY_MANAGE" "PERSON_RESOURCE_MANAGE" "GROUP_MEMBER_MANAGE" "POLICY_MANAGE" "RESOURCE_MANAGE"

Permissions to assign

delete
Array of strings unique
Items Enum: "GROUP_MANAGE" "GROUP_POLICY_MANAGE" "GROUP_RESOURCE_MANAGE" "PERMISSION_MANAGE" "PERSON_POLICY_MANAGE" "PERSON_RESOURCE_MANAGE" "GROUP_MEMBER_MANAGE" "POLICY_MANAGE" "RESOURCE_MANAGE"

Permissions to unassign

Responses

Request samples

Content type
application/json
{
  • "create": [
    ],
  • "delete": [
    ]
}

Response samples

Content type
json
{
  • "total_pages": 0,
  • "total_elements": 0,
  • "sort": {
    },
  • "first": true,
  • "last": true,
  • "size": 0,
  • "content": [
    ],
  • "number": 0,
  • "number_of_elements": 0,
  • "pageable": {
    },
  • "empty": true
}

Adds group's custom attributes Deprecated

'GROUP_MANAGE' permission on the group is required

path Parameters
groupId
required
string <uuid>

Identifier of the group

Request Body schema: application/json
name
required
string

Name of the custom attribute

value
required
string

Value of the custom attribute

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "value": "string"
}

Returns group's policies Deprecated

Returns 'Page' object with group's policies
Any permission on the group is required

path Parameters
groupId
required
string <uuid>

Responses

Response samples

Content type
json
{
  • "total_pages": 0,
  • "total_elements": 0,
  • "sort": {
    },
  • "first": true,
  • "last": true,
  • "size": 0,
  • "content": [
    ],
  • "number": 0,
  • "number_of_elements": 0,
  • "pageable": {
    },
  • "empty": true
}

Returns group's member search results filtered by name Deprecated

Returns 'Page' object with group's members
Any permission on the group is required

path Parameters
groupId
required
string <uuid>
query Parameters
name
string
Default: ""
required
object (Pageable)

Responses

Response samples

Content type
json
{
  • "total_pages": 0,
  • "total_elements": 0,
  • "sort": {
    },
  • "first": true,
  • "last": true,
  • "size": 0,
  • "content": [
    ],
  • "number": 0,
  • "number_of_elements": 0,
  • "pageable": {
    },
  • "empty": true
}

Returns group search results Deprecated

Returns 'Page' object with groups that requested person (person_id, idp_type) has any permission for and are children of requested group (parent_group_id)
Requested group might be null, then it starts searching from the root

query Parameters
person_id
required
string
idp_type
required
string
Enum: "CIM" "BASIC"
parent_group_id
string <uuid>
name
string
Default: ""
required
object (Pageable)

Responses

Response samples

Content type
json
{
  • "total_pages": 0,
  • "total_elements": 0,
  • "sort": {
    },
  • "first": true,
  • "last": true,
  • "size": 0,
  • "content": [
    ],
  • "number": 0,
  • "number_of_elements": 0,
  • "pageable": {
    },
  • "empty": true
}

Removes group member Deprecated

Removes group member from the given group
'GROUP_MEMBER_MANAGE' permission on the group is required

path Parameters
groupId
required
string <uuid>
referenceId
required
string

Responses

Response samples

Content type
json
{
  • "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  • "idp_type": "string",
  • "person_id": "string",
  • "first_name": "string",
  • "last_name": "string",
  • "email": "string",
  • "phone": "string"
}

Tenant API

Allows to control tenants

Adds a tenant

Admin's endpoint

Request Body schema: application/json
tenantId
string <uuid>

Identifier that should be used for the tenant

Responses

Request samples

Content type
application/json
{
  • "tenantId": "f97df110-f4de-492e-8849-4a6af68026b0"
}

Response samples

Content type
json
"497f6eca-6276-4993-bfeb-53cbbbba6f08"

Scope API (Legacy)

Contains v1 endpoints supporting the old dum-app

Returns list of scopes Deprecated

'Scopes' were renamed to 'policies' in the new engine

Responses

Response samples

Content type
json
{
  • "total_pages": 0,
  • "total_elements": 0,
  • "sort": {
    },
  • "first": true,
  • "last": true,
  • "size": 0,
  • "content": [
    ],
  • "number": 0,
  • "number_of_elements": 0,
  • "pageable": {
    },
  • "empty": true
}

Group API

Operations on DABP groups

Get group by id

Returns a group by identifier

path Parameters
groupId
required
string <uuid>

Responses

Updates group

Updates group with given id
'GROUP_MANAGE' permission on the group is required
'GROUP_POLICY_MANAGE' permission on the group is required if group policyIds is not empty

path Parameters
groupId
required
string <uuid>
Request Body schema: application/json
name
required
string

Name of the group

object

Custom attributes as key-value pairs

policyIds
Array of strings <uuid> unique

List of policy identifiers that are supported by this group

resourceIds
Array of strings <uuid> unique

List of resource identifiers that are supported by this group

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "customAttributes": {
    },
  • "policyIds": [
    ],
  • "resourceIds": [
    ]
}

Deletes a group

Deletes a group with given id
'GROUP_MANAGE' permission on the group is required

path Parameters
groupId
required
string <uuid>

Identifier of the group

Responses

Patch group. Patch operation based on rfc6902 specification.

Patches group with given id
'GROUP_MANAGE' permission on the group is required
'GROUP_POLICY_MANAGE' permission on the group is required if group policyIds is not empty

path Parameters
groupId
required
string <uuid>
Request Body schema: application/json

Group patch

string

Responses

Request samples

Content type
application/json
Example

An example request removing a resource from group

[
  • {
    }
]

Search for user root groups

Search for the highest possible groups that the user has permissions to. Starts from the main root group and recursively checks subgroups. Returns only the main root group if user has permissions directly in a root group.

query Parameters
required
object (Pageable)

Responses

Creates a root group

Admins are allowed to use this endpoint once per tenant

Request Body schema: application/json
name
required
string

Name of the group

object

Custom attributes as key-value pairs

policyIds
Array of strings <uuid> unique

List of policy identifiers that are supported by this group

resourceIds
Array of strings <uuid> unique

List of resource identifiers that are supported by this group

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "customAttributes": {
    },
  • "policyIds": [
    ],
  • "resourceIds": [
    ]
}

Response samples

Content type
json
{
  • "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  • "name": "string",
  • "parentId": "70850378-7d3c-4f45-91b7-942d4dfbbd43",
  • "customAttributes": {
    },
  • "childGroupsIds": [
    ],
  • "membersCount": 0
}

Adds a group's subgroup

'GROUP_MANAGE' permission on the (parent) group is required
'GROUP_POLICY_MANAGE' permission on the (parent) group is required if group policyIds is not empty
'GROUP_RESOURCE_MANAGE' permission on the (parent) group is required if group resourceIds is not empty

path Parameters
parentGroupId
required
string <uuid>

Identifier of the parent group

Request Body schema: application/json
name
required
string

Name of the group

object

Custom attributes as key-value pairs

policyIds
Array of strings <uuid> unique

List of policy identifiers that are supported by this group

resourceIds
Array of strings <uuid> unique

List of resource identifiers that are supported by this group

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "customAttributes": {
    },
  • "policyIds": [
    ],
  • "resourceIds": [
    ]
}

Response samples

Content type
json
{
  • "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  • "name": "string",
  • "parentId": "70850378-7d3c-4f45-91b7-942d4dfbbd43",
  • "customAttributes": {
    },
  • "childGroupsIds": [
    ],
  • "membersCount": 0
}

Search groups

Search for given group subgroups.

path Parameters
groupId
required
string <uuid>

Identifier of the group

query Parameters
name
string
Default: ""
required
object (Pageable)

Responses

Search groups by name and custom attributes

Returns a 'Page' object with the list of groups matching the search criteria. The request requires global permissions (such as the Basic-Auth Ops user).

path Parameters
groupId
required
string <uuid>

Identifier of the group

query Parameters
key
string
Default: ""
value
string
Default: ""
name
string
Default: ""
required
object (Pageable)

Responses

Return group hierarchy

Return a hierarchy of a group. Result includes given group and all ancestors of that group to which current user has permission.

path Parameters
groupId
required
string <uuid>

Identifier of the group

Responses

Return custom keys for user groups

Returns a list containing the custom keys of the groups of the user. The request requires global permissions (such as the Basic-Auth Ops user).

path Parameters
groupId
required
string <uuid>

Identifier of the group

Responses

Search groups by custom attributes

Returns 'Page' object with list of groups. Result can be filter by custom attributes. Request requires global permissions (such as the Basic-Auth Ops user).

query Parameters
key
string
Default: ""
value
string
Default: ""
required
object (Pageable)

Responses

Group resources API

Allows to control groups resources

Returns groups resources

Any permission on the group is required

path Parameters
groupId
required
string <uuid>

Identifier of the group

Responses

Member policies API

Allows to control person's policies within a group

Assigns a policy to a person within a group

'PERSON_POLICY_MANAGE' permission on the group is required

path Parameters
groupId
required
string <uuid>

Identifier of the group which the person is member of

personId
required
string

Identifier of the person in the identity provider (e.g. referenceId)

Request Body schema: application/json
policyId
string <uuid>

Identifier of the policy to assign

Responses

Request samples

Content type
application/json
{
  • "policyId": "2f5573e6-5ba4-48f2-a75d-df99c936463b"
}

Deletes a policy from a person within a group

'PERSON_POLICY_MANAGE' permission on the group is required

path Parameters
groupId
required
string <uuid>

Identifier of the group which the person is member of

personId
required
string

Identifier of the person in the identity provider (e.g. referenceId)

policyId
required
string <uuid>

Identifier of policy to unassign

Responses

Idp configuration API

Allows to control identity provider configurations

Returns an idp config

Admin's endpoint

path Parameters
identityProviderId
required
string <uuid>

Identifier of the identity provider

Responses

Response samples

Content type
json
Example
{
  • "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  • "idpType": "BasicIdentityProviderConfig"
}

Updates an idp config

Admin's endpoint

path Parameters
identityProviderId
required
string <uuid>

Identifier of the identity provider

Request Body schema: application/json
One of
id
string <uuid>

Identifier of the identity provider

idpType
string
Enum: "CIM" "BASIC"

Type of the identity provider. Note that different fields exist depending of what type is used

Responses

Request samples

Content type
application/json
Example
{
  • "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  • "idpType": "CIM"
}

Deletes an idp config

Admin's endpoint

path Parameters
identityProviderId
required
string <uuid>

Identifier of the identity provider

Responses

Returns all idp configs

Admin's endpoint

Responses

Response samples

Content type
json
[
  • {
    }
]

Adds an idp config

Admin's endpoint

Request Body schema: application/json
One of
id
string <uuid>

Identifier of the identity provider

idpType
string
Enum: "CIM" "BASIC"

Type of the identity provider. Note that different fields exist depending of what type is used

Responses

Request samples

Content type
application/json
Example
{
  • "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  • "idpType": "CIM"
}

Response samples

Content type
json
"497f6eca-6276-4993-bfeb-53cbbbba6f08"

Person API (Legacy)

Contains v1 endpoints supporting the old dum-app

Returns a person's report with personal data Deprecated

path Parameters
referenceId
required
string

Identifier of the person in the identity provider

Responses

Response samples

Content type
json
{
  • "person": {
    },
  • "policies": [
    ],
  • "group_permissions": [
    ]
}

Returns a person's report without personal data Deprecated

path Parameters
referenceId
required
string

Identifier of the person in the identity provider

Responses

Response samples

Content type
json
{
  • "policies": [
    ],
  • "group_permissions": [
    ]
}

Returns list of person's permissions in a recursive way Deprecated

path Parameters
idpType
required
string
Enum: "CIM" "BASIC"

Type of identity provider

referenceId
required
string

Identifier of the person in the identity provider

Responses

Response samples

Content type
json
[
  • {
    }
]

Returns list of person's permissions (empty) Deprecated

Returns empty permissions list because all permissions are included in the permissions_recursive endpoint

path Parameters
idpType
required
string
referenceId
required
string

Responses

Response samples

Content type
json
{
  • "total_pages": 0,
  • "total_elements": 0,
  • "sort": {
    },
  • "first": true,
  • "last": true,
  • "size": 0,
  • "content": [
    ],
  • "number": 0,
  • "number_of_elements": 0,
  • "pageable": {
    },
  • "empty": true
}

Deletes a person Deprecated

path Parameters
referenceId
required
string

Identifier of the person in the identity provider

Responses

Group policies API

Allows to control group's policies

Returns group's policies

Any permission on the group is required

path Parameters
groupId
required
string <uuid>

Identifier of the group

Responses

Assigns a policy to a group

'GROUP_POLICY_MANAGE' permission on the group is required

path Parameters
groupId
required
string <uuid>

Identifier of the group

Request Body schema: application/json
policyId
string <uuid>

Identifier of the policy

Responses

Request samples

Content type
application/json
{
  • "policyId": "2f5573e6-5ba4-48f2-a75d-df99c936463b"
}

Deletes a policy from a group

'GROUP_POLICY_MANAGE' permission on the group is required

path Parameters
groupId
required
string <uuid>

Identifier of the group

policyId
required
string <uuid>

Identifier of the policy

Responses

Person API

Operations on DABP people

Get personal data

'GROUP_MEMBER_MANAGE' permission on any group or anonymous token with proper read scope is required

path Parameters
referenceId
required
string

Responses

Update person status

Update person status

path Parameters
referenceId
required
string
Request Body schema: application/json
status
required
string
Enum: "INACTIVE" "INVITED" "ACTIVATED"

Person status.

blocked
boolean

Should person be blocked

Responses

Request samples

Content type
application/json
{
  • "status": "INACTIVE",
  • "blocked": true
}

Delete a person

The endpoint requires that your OIDC token has the scope dabp_manage_person

path Parameters
referenceId
required
string

Identifier of the person in the identity provider

query Parameters
deleteIdentity
boolean
Default: false

Responses

Search for people

Returns the list of people filtered by given parameters (e.g. email). 'GROUP_MEMBER_MANAGE' permission on any group or anonymous token with proper read scope is required

query Parameters
email
required
string

Responses

Creates person

'GROUP_MEMBER_MANAGE' permission on any group or anonymous token with proper write scope is required

Request Body schema: application/json
email
string

Email address.

firstName
string

First name. Is required if last name or phone number exists.

lastName
string

Last name. Is required if first name or phone number exists.

phoneNumber
string

Phone number. Is required if first name or last name exists.

Responses

Request samples

Content type
application/json
{
  • "email": "string",
  • "firstName": "string",
  • "lastName": "string",
  • "phoneNumber": "string"
}

invitePerson

path Parameters
referenceId
required
string

Responses

Get superusers data for groups specified person is member of

Token with proper read scope is required

path Parameters
referenceId
required
string

Responses

Returns a person report

Person report contains information about groups person is member of, and his policies inside those groups. The endpoint requires that your OIDC token has person report scope

path Parameters
referenceId
required
string

Identifier of the person in the identity provider

query Parameters
skipUpdatingActivity
boolean
Default: false

Responses

Response samples

Content type
json
{
  • "groups": [
    ]
}

Get person group membership data

'GROUP_MEMBER_MANAGE' permission on any group or anonymous token with proper read scope is required

path Parameters
referenceId
required
string

Responses

Returns at max 100 referenceIds of people without status

Lists first 100 referenceIds of people without status

Responses

Response samples

Content type
json
"string"

Policy API (Legacy)

Contains v1 endpoints supporting the old dum-app

Updates policies in a batch Deprecated

'GROUP_POLICY_MANAGE' permission on the group is required when assign to a group
'PERSON_POLICY_MANAGE' permission on the group is required when assign to a person within a group

Request Body schema: application/json
Array of objects (LegacyPolicyDto)

Policies to assign to groups or persons

Array of objects (LegacyPolicyDto)

Policies to unassign from groups or persons

Responses

Request samples

Content type
application/json
{
  • "create": [
    ],
  • "delete": [
    ]
}

Feature toggle API

Operations Feature Toggles

Change feature toggle

Enables or disables a feature

path Parameters
featureName
required
string
Enum: "RESOURCES_ENABLED" "DETAILED_CIM_INVITE_ENABLED" "NOTIFY_MEMBER_ADDED_TO_GROUP_ENABLED" "NOTIFY_SUPERUSER_WHEN_MEMBER_ADDED_TO_GROUP_ENABLED" "PERSON_STATUS_ON_LIST_ENABLED" "DELETE_PERSON_WITHOUT_MEMBERSHIPS_ENABLED" "SHOW_GROUP_CUSTOM_ATTRIBUTES_ENABLED" "INCLUDE_SUBGROUPS_IN_V2_PERSON_REPORT"

feature name

enabled
required
boolean

is feature enabled

Responses

Returns all features and their enablement

Returns all features and their enablement

Responses

Returns information about a specific feature and if it is enablement

Returns information about a specific feature and if it is enablement

path Parameters
featureName
required
string
Enum: "RESOURCES_ENABLED" "DETAILED_CIM_INVITE_ENABLED" "NOTIFY_MEMBER_ADDED_TO_GROUP_ENABLED" "NOTIFY_SUPERUSER_WHEN_MEMBER_ADDED_TO_GROUP_ENABLED" "PERSON_STATUS_ON_LIST_ENABLED" "DELETE_PERSON_WITHOUT_MEMBERSHIPS_ENABLED" "SHOW_GROUP_CUSTOM_ATTRIBUTES_ENABLED" "INCLUDE_SUBGROUPS_IN_V2_PERSON_REPORT"

Responses

Group members API

Allows to manage group members

Update member of a group

'GROUP_MEMBER_MANAGE' permission on the group is required

path Parameters
groupId
required
string <uuid>
referenceId
required
string
Request Body schema: application/json
permissions
Array of strings unique
Items Enum: "GROUP_MANAGE" "GROUP_POLICY_MANAGE" "GROUP_RESOURCE_MANAGE" "PERMISSION_MANAGE" "PERSON_POLICY_MANAGE" "PERSON_RESOURCE_MANAGE" "GROUP_MEMBER_MANAGE" "POLICY_MANAGE" "RESOURCE_MANAGE"

Permissions to assign to the member. The permission 'PERMISSION_MANAGE' is required if the list isn't empty

policyIds
Array of strings <uuid> unique

List of policy identifiers to assign to the member. The permission 'PERSON_POLICY_MANAGE' is required if the list isn't empty

Array of objects (ResourcePrivilegeDto) unique

List of resources to assign to the member. The permission 'PERSON_RESOURCE_MANAGE' is required if the list isn't empty

Responses

Request samples

Content type
application/json
{
  • "permissions": [
    ],
  • "policyIds": [
    ],
  • "resources": [
    ]
}

Delete member from group

'GROUP_MEMBER_MANAGE' permission on the group is required

path Parameters
groupId
required
string <uuid>
referenceId
required
string

Responses

Returns paginated members of a group

path Parameters
groupId
required
string <uuid>
query Parameters
name
string
Default: ""
status
Array of strings
Items Enum: "INVITED" "ACTIVATED" "INACTIVE" "BLOCKED" "UNKNOWN"
search_in_subgroups
boolean
Default: false
required
object (Pageable)

Responses

Response samples

Content type
json
[
  • {
    }
]

Add member to group

'GROUP_MEMBER_MANAGE' permission on the group is required

path Parameters
groupId
required
string <uuid>
Request Body schema: application/json
permissions
Array of strings unique
Items Enum: "GROUP_MANAGE" "GROUP_POLICY_MANAGE" "GROUP_RESOURCE_MANAGE" "PERMISSION_MANAGE" "PERSON_POLICY_MANAGE" "PERSON_RESOURCE_MANAGE" "GROUP_MEMBER_MANAGE" "POLICY_MANAGE" "RESOURCE_MANAGE"

Permissions to assign to the member. The permission 'PERMISSION_MANAGE' is required if the list isn't empty

policyIds
Array of strings <uuid> unique

List of policy identifiers to assign to the member. The permission 'PERSON_POLICY_MANAGE' is required if the list isn't empty

Array of objects (ResourcePrivilegeDto) unique

List of resources to assign to the member. The permission 'PERSON_RESOURCE_MANAGE' is required if the list isn't empty

personId
required
string

Identifier of the person in the identity provider (e.g. referenceId)

Responses

Request samples

Content type
application/json
{
  • "permissions": [
    ],
  • "policyIds": [
    ],
  • "resources": [
    ],
  • "personId": "string"
}