Overview

Version information

Version : 1.0.0

URI scheme

Host : cloudentity.dev.cloudentity.com
BasePath : /api
Schemes : HTTPS

Consumes

  • application/json

Produces

  • application/json

Paths

GET /admin/application/capability/resourceServers

Description

Lists applications with resource server capability. Only Resource Servers of user organization will be returned plus default Resource Server.

Responses

HTTP Code Description Schema

200

List of applications with resource server capability

< ResourceServer > array

403

  • Unauthorized: User is not the owner of the application.

Error

404

  • NotFound: Application not found

Error

Tags

  • application

Security

Type Name

oauth2

oauth2_implicit

oauth2

oauth2_authorizationCode

oauth2

oauth2_password

apiKey

SsoToken

GET /admin/application/capability/resourceServers/scopes

Description

  • Lists permissions of all resource servers for a given customer.

Responses

HTTP Code Description Schema

200

Customer Resource server scopes

CustomerResourceServerScopes

400

Error when something odd yet understandable happened

No Content

Tags

  • application

Security

Type Name

oauth2

oauth2_implicit

oauth2

oauth2_authorizationCode

oauth2

oauth2_password

apiKey

SsoToken

PUT /admin/application/{applicationId}/user/{userUuid}/permissions/grant

Description

Add user permissions.

Permissions that user alredy has will be silently ignored.

Returns current set of user permissions for application after the change.

Parameters

Type Name Description Schema

Path

applicationId
required

string

Path

userUuid
required

string

Body

body
required

User Permissions

ListOfUserPermissions

Responses

HTTP Code Description Schema

200

Current Set Of User Permissions For Application

ListOfUserPermissions

Tags

  • application

Security

Type Name

oauth2

oauth2_implicit

oauth2

oauth2_authorizationCode

oauth2

oauth2_password

apiKey

SsoToken

PUT /admin/application/{applicationId}/user/{userUuid}/permissions/revoke

Description

Removes user permissions

Permissions that user does not have will be silently ignored.

Returns current set of user permissions for application after the change.

Parameters

Type Name Description Schema

Path

applicationId
required

string

Path

userUuid
required

string

Body

body
required

User Permissions

ListOfUserPermissions

Responses

HTTP Code Description Schema

200

Current Set Of User Permissions For Application

ListOfUserPermissions

Tags

  • application

Security

Type Name

oauth2

oauth2_implicit

oauth2

oauth2_authorizationCode

oauth2

oauth2_password

apiKey

SsoToken

GET /admin/application/{uuid}

Description

Get application as customer admin

Parameters

Type Name Schema

Path

uuid
required

string

Responses

HTTP Code Description Schema

200

Application fetched

Application

403

  • Unauthorized: The customer id from JWT token does not match the application’s customer id

Error

404

  • NotFound: Application not found

Error

Tags

  • application

Security

Type Name

oauth2

oauth2_implicit

oauth2

oauth2_authorizationCode

oauth2

oauth2_password

apiKey

SsoToken

DELETE /admin/application/{uuid}

Description

Delete application as customer admin

Parameters

Type Name Schema

Path

uuid
required

string

Responses

HTTP Code Description Schema

204

Application deleted

No Content

403

  • Unauthorized: The customer id from JWT token does not match the application’s customer id

Error

404

  • NotFound: Application not found

Error

Tags

  • application

Security

Type Name

oauth2

oauth2_implicit

oauth2

oauth2_authorizationCode

oauth2

oauth2_password

apiKey

SsoToken

POST /admin/application/{uuid}/capability/authorization

Description

Adds Authorization capability to application.

Parameters

Type Name Schema

Path

uuid
required

string

Responses

HTTP Code Description Schema

204

Application capability added

No Content

403

  • Unauthorized: User is not the owner of the application.

Error

404

  • NotFound: Application not found

Error

Tags

  • application

Security

Type Name

oauth2

oauth2_implicit

oauth2

oauth2_authorizationCode

oauth2

oauth2_password

apiKey

SsoToken

POST /admin/application/{uuid}/capability/microservice

Description

Adds Microservice capability

Parameters

Type Name Description Schema

Path

uuid
required

string

Body

body
required

Identifier of microservice

MicroserviceId

Responses

HTTP Code Description Schema

204

Microservice capability added

No Content

403

  • Unauthorized: User is not the owner of the application.

Error

404

  • NotFound: Application or OAuth client not found

Error

422

  • ValidationError: Some of the provided attributes did not pass the validation rules.

Error

Tags

  • application

Security

Type Name

oauth2

oauth2_implicit

oauth2

oauth2_authorizationCode

oauth2

oauth2_password

apiKey

SsoToken

GET /admin/application/{uuid}/capability/oauthClient

Description

Admin get details of application OAuth capability

Parameters

Type Name Schema

Path

uuid
required

string

Responses

HTTP Code Description Schema

200

Application details.

AdminOAuthCapabilityDetails

403

  • Unauthorized: The customer id from JWT token does not match the application’s customer id

Error

404

  • NotFound: Application or OAuth client not found

Error

Tags

  • application

Security

Type Name

oauth2

oauth2_implicit

oauth2

oauth2_authorizationCode

oauth2

oauth2_password

apiKey

SsoToken

PUT /admin/application/{uuid}/capability/oauthClient

Description

Admin modify OAuth Client Details.

Parameters

Type Name Description Schema

Path

uuid
required

string

Body

body
required

Admin Update Application OAuth capability

AdminUpdateOAuthCapabilityDetails

Responses

HTTP Code Description Schema

200

Application capability updated.

AdminOAuthCapabilityDetails

403

  • Unauthorized: The customer id from JWT token does not match the application’s customer id

Error

404

  • NotFound: Application or OAuth client not found

Error

422

  • ValidationError: Some of the provided attributes did not pass the validation rules.

Error

Tags

  • application

Security

Type Name

oauth2

oauth2_implicit

oauth2

oauth2_authorizationCode

oauth2

oauth2_password

apiKey

SsoToken

POST /admin/application/{uuid}/capability/resourceServer

Description

Adds Resource Server (RS) capability to application. Only one RS capability is allowed per application to be added. If such capability already exists a ValidationError will be returned

Parameters

Type Name Description Schema

Path

uuid
required

string

Body

body
required

Register Resource Server object

RegisterResourceServer

Responses

HTTP Code Description Schema

200

Resource Server capability added

ResourceServerCapabilityAdded

403

  • Unauthorized: User is not the owner of the application.

Error

404

  • NotFound: Application not found

Error

422

  • ValidationError: Some of the provided attributes did not pass the validation rules.

Error

Tags

  • application

Security

Type Name

oauth2

oauth2_implicit

oauth2

oauth2_authorizationCode

oauth2

oauth2_password

apiKey

SsoToken

GET /admin/application/{uuid}/capability/resourceServer/oauthClientDetails

Description

Get details of Resource Server OAuthClients Details

Parameters

Type Name Schema

Path

uuid
required

string

Responses

HTTP Code Description Schema

200

OAuth capability details fetched

OAuthCapabilityDetails

403

  • Unauthorized: The customer id from JWT token does not match the application’s customer id

Error

404

  • NotFound: Application or OAuth client not found

Error

422

  • ValidationError: Some of the provided attributes did not pass the validation rules.

Error

Tags

  • application

Security

Type Name

oauth2

oauth2_implicit

oauth2

oauth2_authorizationCode

oauth2

oauth2_password

apiKey

SsoToken

DELETE /admin/application/{uuid}/capability/resourceServer/scope/{scopeName}

Description

Remove resource server scope

Parameters

Type Name Schema

Path

scopeName
required

string

Path

uuid
required

string

Responses

HTTP Code Description Schema

204

Resource Server scope removed

No Content

403

  • Unauthorized: User is not the owner of the application.

Error

404

  • NotFound: Application not found

Error

Tags

  • application

Security

Type Name

oauth2

oauth2_implicit

oauth2

oauth2_authorizationCode

oauth2

oauth2_password

apiKey

SsoToken

DELETE /admin/application/{uuid}/capability/resourceServer/scope/{scopeName}/policy

Description

Unset policy for given resource server scope

Parameters

Type Name Schema

Path

scopeName
required

string

Path

uuid
required

string

Responses

HTTP Code Description Schema

204

Resource Server Scope policy updated

No Content

403

  • Unauthorized: User is not the owner of the application.

Error

404

  • NotFound: Application not found

Error

Tags

  • application

Security

Type Name

oauth2

oauth2_implicit

oauth2

oauth2_authorizationCode

oauth2

oauth2_password

apiKey

SsoToken

PUT /admin/application/{uuid}/capability/resourceServer/scope/{scopeName}/policy/{policyName}

Description

Set policy for given resource server scope

Parameters

Type Name Schema

Path

policyName
required

string

Path

scopeName
required

string

Path

uuid
required

string

Responses

HTTP Code Description Schema

204

Resource Server Scope policy updated

No Content

403

  • Unauthorized: User is not the owner of the application.

Error

404

  • NotFound: Application not found

Error

Tags

  • application

Security

Type Name

oauth2

oauth2_implicit

oauth2

oauth2_authorizationCode

oauth2

oauth2_password

apiKey

SsoToken

POST /admin/application/{uuid}/capability/resourceServer/scopes

Description

Add resource server scope

Parameters

Type Name Description Schema

Path

uuid
required

string

Body

body
required

Add Resource Server Scope object

AddResourceServerScope

Responses

HTTP Code Description Schema

201

Resource Server Scope created

ResourceServerScopeCreated

403

  • Unauthorized: User is not the owner of the application.

Error

404

  • NotFound: Application not found

Error

409

Resource Server Scope already exists

Error

Tags

  • application

Security

Type Name

oauth2

oauth2_implicit

oauth2

oauth2_authorizationCode

oauth2

oauth2_password

apiKey

SsoToken

GET /admin/application/{uuid}/capability/resourceServer/scopes

Description

List resource server scopes

Parameters

Type Name Schema

Path

uuid
required

string

Responses

HTTP Code Description Schema

200

Resource server scopes

ResourceServerScopes

403

  • Unauthorized: User is not the owner of the application.

Error

404

  • NotFound: Application not found

Error

Tags

  • application

Security

Type Name

oauth2

oauth2_implicit

oauth2

oauth2_authorizationCode

oauth2

oauth2_password

apiKey

SsoToken

POST /admin/applications

Description

Creates new application

Parameters

Type Name Description Schema

Body

body
required

Create Application object

CreateApplication

Responses

HTTP Code Description Schema

201

Application created

ApplicationCreated

422

  • ValidationError: Some of the provided attributes did not pass the validation rules.

Error

Tags

  • application

Security

Type Name

oauth2

oauth2_implicit

oauth2

oauth2_authorizationCode

oauth2

oauth2_password

apiKey

SsoToken

GET /admin/applications

Description

List all applications for customer id from JWT token.

Responses

HTTP Code Description Schema

200

List of applications

Applications

Tags

  • application

Security

Type Name

oauth2

oauth2_implicit

oauth2

oauth2_authorizationCode

oauth2

oauth2_password

apiKey

SsoToken

GET /application/capability/resourceServers

Description

Lists applications with resource server capability. Only Resource Servers of user organization will be returned plus default Resource Server.

Responses

HTTP Code Description Schema

200

List of applications with resource server capability

< ResourceServer > array

403

  • Unauthorized: User is not the owner of the application.

Error

404

  • NotFound: Application not found

Error

Tags

  • application

Security

Type Name

oauth2

oauth2_implicit

oauth2

oauth2_authorizationCode

oauth2

oauth2_password

apiKey

SsoToken

GET /application/{uuid}

Description

Get application

Parameters

Type Name Schema

Path

uuid
required

string

Responses

HTTP Code Description Schema

200

Application fetched

Application

403

  • Unauthorized: User is not the owner of the application.

Error

404

  • NotFound: Application not found

Error

Tags

  • application

Security

Type Name

oauth2

oauth2_implicit

oauth2

oauth2_authorizationCode

oauth2

oauth2_password

apiKey

SsoToken

DELETE /application/{uuid}

Description

Delete application

Parameters

Type Name Schema

Path

uuid
required

string

Responses

HTTP Code Description Schema

204

Application deleted

No Content

403

  • Unauthorized: User is not the owner of the application.

Error

404

  • NotFound: Application not found

Error

Tags

  • application

Security

Type Name

oauth2

oauth2_implicit

oauth2

oauth2_authorizationCode

oauth2

oauth2_password

apiKey

SsoToken

POST /application/{uuid}/capability/oauthClient

Description

Adds new OAuth application capability

Only one capability type per application is allowed

If such capability already exists a ValidationError will be returned

ApplicationType parameter value has influence on OAuthClient authorization method by mapping on OAuth Grant Types.

Parameters

Type Name Description Schema

Path

uuid
required

string

Body

applicationType
required

Type of OAuth Client application

ApplicationType

Responses

HTTP Code Description Schema

200

OAuth capability added

OAuthCapabilityAdded

403

  • Unauthorized: User is not the owner of the application.

Error

404

  • NotFound: Application or OAuth client not found

Error

422

  • ValidationError: Some of the provided attributes did not pass the validation rules.

Error

Tags

  • application

Security

Type Name

oauth2

oauth2_implicit

oauth2

oauth2_authorizationCode

oauth2

oauth2_password

apiKey

SsoToken

GET /application/{uuid}/capability/oauthClient

Description

Get details of application OAuth capability

Parameters

Type Name Schema

Path

uuid
required

string

Responses

HTTP Code Description Schema

200

OAuth capability details fetched

OAuthCapabilityDetails

403

  • Unauthorized: User is not the owner of the application.

Error

404

  • NotFound: Application or OAuth client not found

Error

422

  • ValidationError: Some of the provided attributes did not pass the validation rules.

Error

Tags

  • application

Security

Type Name

oauth2

oauth2_implicit

oauth2

oauth2_authorizationCode

oauth2

oauth2_password

apiKey

SsoToken

PUT /application/{uuid}/capability/oauthClient

Description

Modify OAuth application capability data set

All update object parameters are optional

Parameters

Type Name Description Schema

Path

uuid
required

string

Body

body
required

Update Application OAuth capability

UpdateOAuthCapabilityDetails

Responses

HTTP Code Description Schema

200

Application capability updated. Patch update of any attribute is possible.

OAuthCapabilityDetails

403

  • Unauthorized: User is not the owner of the application.

Error

404

  • NotFound: Application or OAuth client not found

Error

422

  • ValidationError: Some of the provided attributes did not pass the validation rules.

Error

Tags

  • application

Security

Type Name

oauth2

oauth2_implicit

oauth2

oauth2_authorizationCode

oauth2

oauth2_password

apiKey

SsoToken

POST /application/{uuid}/capability/oauthClient/secret

Description

Rotates OAuth client secret for provided application uuid

Parameters

Type Name Schema

Path

uuid
required

string

Responses

HTTP Code Description Schema

200

OAuth client secret rotated

OAuthClientSecret

403

  • Unauthorized: User is not the owner of the application.

Error

404

  • NotFound: Application or OAuth client not found

Error

422

  • ValidationError: Some of the provided attributes did not pass the validation rules.

Error

Tags

  • application

Security

Type Name

oauth2

oauth2_implicit

oauth2

oauth2_authorizationCode

oauth2

oauth2_password

apiKey

SsoToken

GET /application/{uuid}/capability/resourceServer

Description

Get details of Resource Server capability

Parameters

Type Name Schema

Path

uuid
required

string

Responses

HTTP Code Description Schema

200

OAuth capability details fetched

OAuthCapabilityDetails

403

  • Unauthorized: User is not the owner of the application.

Error

404

  • NotFound: Application OAuth client or resource server not found

Error

422

  • ValidationError: Some of the provided attributes did not pass the validation rules.

Error

Tags

  • application

Security

Type Name

oauth2

oauth2_implicit

oauth2

oauth2_authorizationCode

oauth2

oauth2_password

apiKey

SsoToken

POST /application/{uuid}/capability/resourceServer/scopes

Description

Add resource server scope

Parameters

Type Name Description Schema

Path

uuid
required

string

Body

body
required

Add Resource Server Scope object

AddResourceServerScope

Responses

HTTP Code Description Schema

201

Resource Server Scope created

ResourceServerScopeCreated

403

  • Unauthorized: User is not the owner of the application.

Error

404

  • NotFound: Application not found

Error

409

Resource Server Scope already exists

Error

Tags

  • application

Security

Type Name

oauth2

oauth2_implicit

oauth2

oauth2_authorizationCode

oauth2

oauth2_password

apiKey

SsoToken

GET /application/{uuid}/capability/resourceServer/scopes

Description

List resource server scopes

Parameters

Type Name Schema

Path

uuid
required

string

Responses

HTTP Code Description Schema

200

Resource server scopes

ResourceServerScopes

403

  • Unauthorized: User is not the owner of the application.

Error

404

  • NotFound: Application not found

Error

Tags

  • application

Security

Type Name

oauth2

oauth2_implicit

oauth2

oauth2_authorizationCode

oauth2

oauth2_password

apiKey

SsoToken

POST /applications

Description

Creates new application

Parameters

Type Name Description Schema

Body

body
required

Create Application object

CreateApplication

Responses

HTTP Code Description Schema

201

Application created

ApplicationCreated

422

  • ValidationError: Some of the provided attributes did not pass the validation rules.

Error

Tags

  • application

Security

Type Name

oauth2

oauth2_implicit

oauth2

oauth2_authorizationCode

oauth2

oauth2_password

apiKey

SsoToken

GET /applications

Description

List all applications for owner id from JWT token.

Responses

HTTP Code Description Schema

200

List of applications

Applications

Tags

  • application

Security

Type Name

oauth2

oauth2_implicit

oauth2

oauth2_authorizationCode

oauth2

oauth2_password

apiKey

SsoToken

Definitions

AddResourceServerScope

Name is required, min 1 max 80 characters, allowed characters: [A-Z,a-z0-9_] Description is optional, if provided must be no longer than 120 characters.

Name Description Schema

description
optional

Scope description
Example : "read access"

string

name
required

Scope name
Example : "read"

string

AdminOAuthCapabilityDetails

Name Description Schema

accessTokenValiditySeconds
optional

Access token validity time in seconds

integer

allowIntrospection
optional

Determines if client can make calls to introspection endpoint

boolean

applicationType
optional

Type of OAuth Client application.
Example : "web"

enum (native, web, spa, cli)

clientDescription
optional

Client description

string

clientId
required

Generated identifier of created OAuth client
Example : "370e7f5f-473c-41ef-8639-d362b068bb67"

string

clientName
optional

Name of OAuht client
Example : "sample app"

string

contacts
optional

OAuth client contacts

< string > array

defaultMaxAge
optional

Default maximum session age before re-prompting

integer

deviceCodeValiditySeconds
optional

Device code validity seconds

integer

grantTypes
optional

OAuth grant types. Supported values ["refresh_token", "authorization_code"]

< string > array

idTokenValiditySeconds
optional

id_token validity time in seconds

integer

logoUri
optional

URL of the logo

string

redirectUris
optional

OAuth redirect uris

< string > array

refreshTokenValiditySeconds
optional

Refresh token validity time in seconds

integer

requireAuthTime
optional

Always require that the auth_time claim be sent in the id token

boolean

reuseRefreshToken
optional

Reuse refresh tokens if they are not time

boolean

scope
optional

OAuth client scopes

< string > array

subjectType
optional

Access type parameter
Example : "PUBLIC"

string

tokenEndpointAuthMethod
optional

Authorization method. Possible values ["SECRET_POST", "SECRET_BASIC", "SECRET_JWT", "PRIVATE_KEY", "NONE"] SECRET_BASIC value is by default.
Example : "SECRET_BASIC"

string

tosUri
optional

URL for the Terms of Service of this client, will be displayed to the user

string

AdminUpdateOAuthCapabilityDetails

Name Description Schema

grantTypes
optional

OAuth grant types

< string > array

scope
optional

OAuth client scopes

< string > array

AliveStatus

Name Description Schema

message
optional

Description of status if available

string

AllResourceServerPermissions

Name Description Schema

appId
optional

appId

string

permissions
optional

< permissions > array

prefix
optional

Permission name with prefix
Example : "cloudentity::list_devices"

string

permissions

Name Description Schema

description
optional

Permission description
Example : "Email scope description"

string

name
optional

Permission name
Example : "email"

string

Application

Name Description Schema

capabilities
required

Names of capabilities used in application
Example : "[ \"oauth\" ]"

< string > array

customer
required

Id of the customer that application belongs to
Example : "c4a49b60-aced-11e7-abc4-cec278b6b50a"

string

description
optional

Description of application

string

id
required

Unique identifier of created application
Example : "a4a49b60-aced-11e7-abc4-cec278b6b50a"

string

isSystem
required

True if application is default Resource Server

boolean

name
required

Name of application
Example : "My app"

string

owner
required

Id of the owner that application belongs to
Example : "b4a49b60-aced-11e7-abc4-cec278b6b50a"

string

ApplicationCreated

Name Description Schema

uuid
required

Unique identifier of created application
Example : "a4a49b60-aced-11e7-abc4-cec278b6b50a"

string

ApplicationMicroservice

Name Description Schema

appId
optional

Identifier of application

string

microserviceId
optional

Identifier of microservice

string

ApplicationMicroservices

Name Schema

applicationMicroservices
optional

< applicationMicroservices > array

applicationMicroservices

Name Description Schema

appId
optional

Identifier of application

string

microserviceId
optional

Identifier of microservice

string

ApplicationType

Name Description Schema

applicationType
optional

Application type
Example : "web"

string

Applications

Name Schema

applications
optional

< applications > array

applications

Name Description Schema

capabilities
required

Names of capabilities used in application
Example : "[ \"oauth\" ]"

< string > array

customer
required

Id of the customer that application belongs to
Example : "c4a49b60-aced-11e7-abc4-cec278b6b50a"

string

description
optional

Description of application

string

id
required

Unique identifier of created application
Example : "a4a49b60-aced-11e7-abc4-cec278b6b50a"

string

isSystem
required

True if application is default Resource Server

boolean

name
required

Name of application
Example : "My app"

string

owner
required

Id of the owner that application belongs to
Example : "b4a49b60-aced-11e7-abc4-cec278b6b50a"

string

CreateApplication

Name Description Schema

description
optional

Description of application

string

name
required

Name of application

string

CreatePermission

Name Description Schema

description
optional

Description of permission

string

name
required

Name of permission. Only [A-Za-z0-9-_]+ characters are allowed.

string

CustomerRSScope

Name Schema

description
optional

string

name
required

string

CustomerRSScopes

Name Schema

appId
required

string

prefix
required

string

scopes
required

< scopes > array

scopes

Name Schema

description
optional

string

name
required

string

CustomerResourceServerScopes

Name Schema

scopes
required

< scopes > array

scopes

Name Schema

appId
required

string

prefix
required

string

scopes
required

< scopes > array

scopes

Name Schema

description
optional

string

name
required

string

Error

Name Description Schema

code
optional

Unique internal error code

string

details
optional

Optional details

object

message
optional

Description of the error code

string

ImportOAuthClient

Name Description Schema

description
optional

Description of application

string

grantTypes
required

OAuth client grant types

< string > array

name
required

Name of application

string

redirectUris
required

OAuth client redirect uris

< string > array

scopes
required

OAuth client scopes

< string > array

uuid
optional

Unique identifier of application

string

ImportResourceServer

Name Description Schema

description
optional

Description of application

string

name
required

Name of application

string

prefix
optional

Resource Server prefix

string

scopes
required

< scopes > array

uuid
required

Unique identifier of application

string

scopes

Name Description Schema

description
optional

Permission description

string

externalId
optional

Permission external id

string

name
required

Permission name

string

policy
optional

Authz policy

string

prefix
optional

Permission prefix

string

ImportResourceServerScope

Name Description Schema

description
optional

Permission description

string

externalId
optional

Permission external id

string

name
required

Permission name

string

policy
optional

Authz policy

string

prefix
optional

Permission prefix

string

Jwt

Name Schema

content
optional

content

content

Name Description Schema

customer
optional

Customer id of authenticated user

string

uuid
optional

Uuid of authenticated user

string

ListOfUserPermissions

Name Description Schema

permissions
required

Example : [ "WRITE", "READ", "CREATE" ]

< string > array

MicroserviceApp

Name Description Schema

appId
optional

Unique identifier of created application
Example : "a4a49b60-aced-11e7-abc4-cec278b6b50a"

string

microserviceId
optional

Microservice identifier
Example : "card-service"

string

MicroserviceId

Name Description Schema

id
required

Identifier of microservice

string

OAuthCapabilityAdded

Name Description Schema

accessTokenValiditySeconds
optional

Access token validity time in seconds

integer

allowIntrospection
optional

Determines if client can make calls to introspection endpoint

boolean

clientDescription
optional

Client description

string

clientId
required

Generated identifier of created OAuth client
Example : "370e7f5f-473c-41ef-8639-d362b068bb67"

string

clientName
optional

Name of OAuht client
Example : "sample app"

string

clientSecret
required

OAuth client secret. If not provided then will be generated
Example : "AM0ubrG0snYtavs81pKdI14JWw34ptedRarSh0Skr5-kReggXIRiuLYXCG3Lg3339Bil4BVRnxw4EQC_G7jDGhA"

string

contacts
optional

OAuth client contacts

< string > array

defaultMaxAge
optional

Default maximum session age before re-prompting

integer

deviceCodeValiditySeconds
optional

Device code validity seconds

integer

grantTypes
optional

OAuth grant types. Supported values ["refresh_token", "authorization_code"]

< string > array

id
required

Internal OIDC unique identifier of OAuth client
Example : 1

integer

idTokenValiditySeconds
optional

id_token validity time in seconds

integer

logoUri
optional

URL of the logo

string

redirectUris
optional

OAuth redirect uris

< string > array

refreshTokenValiditySeconds
optional

Refresh token validity time in seconds

integer

requireAuthTime
optional

Always require that the auth_time claim be sent in the id token

boolean

reuseRefreshToken
optional

Reuse refresh tokens if they are not time out

boolean

scope
optional

OAuth client scopes

< string > array

subjectType
optional

Access type parameter
Example : "PUBLIC"

string

tokenEndpointAuthMethod
optional

Authorization method. Possible values ["SECRET_POST", "SECRET_BASIC", "SECRET_JWT", "PRIVATE_KEY", "NONE"] SECRET_BASIC value is by default.
Example : "SECRET_BASIC"

string

tosUri
optional

URL for the Terms of Service of this client, will be displayed to the user

string

OAuthCapabilityDetails

Name Description Schema

accessTokenValiditySeconds
optional

Access token validity time in seconds

integer

allowIntrospection
optional

Determines if client can make calls to introspection endpoint

boolean

applicationType
optional

Type of OAuth Client application.
Example : "web"

enum (native, web, spa, cli)

clientDescription
optional

Client description

string

clientId
required

Generated identifier of created OAuth client
Example : "370e7f5f-473c-41ef-8639-d362b068bb67"

string

clientName
optional

Name of OAuht client
Example : "sample app"

string

clientSecret
required

OAuth client secret. If not provided then will be generated
Example : "AM0ubrG0snYtavs81pKdI14JWw34ptedRarSh0Skr5-kReggXIRiuLYXCG3Lg3339Bil4BVRnxw4EQC_G7jDGhA"

string

contacts
optional

OAuth client contacts

< string > array

defaultMaxAge
optional

Default maximum session age before re-prompting

integer

deviceCodeValiditySeconds
optional

Device code validity seconds

integer

grantTypes
optional

OAuth grant types. Supported values ["refresh_token", "authorization_code"]

< string > array

id
required

Internal OIDC unique identifier of OAuth client
Example : 1

integer

idTokenValiditySeconds
optional

id_token validity time in seconds

integer

logoUri
optional

URL of the logo

string

redirectUris
optional

OAuth redirect uris

< string > array

refreshTokenValiditySeconds
optional

Refresh token validity time in seconds

integer

requireAuthTime
optional

Always require that the auth_time claim be sent in the id token

boolean

reuseRefreshToken
optional

Reuse refresh tokens if they are not time

boolean

scope
optional

OAuth client scopes

< string > array

subjectType
optional

Access type parameter
Example : "PUBLIC"

string

tokenEndpointAuthMethod
optional

Authorization method. Possible values ["SECRET_POST", "SECRET_BASIC", "SECRET_JWT", "PRIVATE_KEY", "NONE"] SECRET_BASIC value is by default.
Example : "SECRET_BASIC"

string

tosUri
optional

URL for the Terms of Service of this client, will be displayed to the user

string

OAuthClientImported

Name Description Schema

clientId
required

OAuth client id

string

clientSecret
required

OAuth client secret

string

uuid
required

Unique identifier of application

string

OAuthClientSecret

Name Description Schema

clientSecret
optional

Generated OAuth client secret
Example : "AM0ubrG0snYtavs81pKdI14JWw34ptedRarSh0Skr5-kReggXIRiuLYXCG3Lg3339Bil4BVRnxw4EQC_G7jDGhA"

string

OAuthClientSelfRegister

Name Description Schema

appDescription
optional

Description of application

string

appName
required

Name of application

string

appUuid
required

Uuid of application

string

grantTypes
required

OAuth client grant types

< string > array

ownerIdentifier
required

Identifier of application owner

string

redirectUris
required

OAuth client redirect uris

< string > array

scopes
required

OAuth client scopes

< string > array

PermissionCreated

Name Description Schema

appId
required

Identifier of application

string

description
optional

Permission description

string

externalId
required

External identifier

string

name
required

Permission name

string

PermissionWithDescription

Name Description Schema

description
optional

Permission description
Example : "Email scope description"

string

name
optional

Permission name
Example : "email"

string

RegisterResourceServer

Name Description Schema

prefix
optional

Unique short human readable id of the application. Only [A-Za-z0-9-_]+ characters are allowed.

string

ResourceServer

Name Description Schema

description
optional

Description of application

string

isSystem
required

Is system resource server boolean flag

boolean

name
required

Name of application

string

prefix
optional

Unique short human readable id of the application

string

uuid
required

Uuid of application

string

ResourceServerApp

Name Description Schema

customer
required

Id of the customer that application belongs to
Example : "c4a49b60-aced-11e7-abc4-cec278b6b50a"

string

description
optional

Description of application

string

name
required

Name of application

string

owner
required

Id of the owner that application belongs to
Example : "b4a49b60-aced-11e7-abc4-cec278b6b50a"

string

prefix
required

Unique short human readable id of the application

string

uuid
required

Uuid of application

string

ResourceServerCapabilityAdded

Name Description Schema

accessTokenValiditySeconds
optional

Access token validity time in seconds

integer

clientDescription
optional

Client description

string

clientId
required

Generated identifier of created OAuth client
Example : "370e7f5f-473c-41ef-8639-d362b068bb67"

string

clientName
optional

Name of OAuht client
Example : "sample app"

string

clientSecret
required

OAuth client secret. If not provided then will be generated
Example : "AM0ubrG0snYtavs81pKdI14JWw34ptedRarSh0Skr5-kReggXIRiuLYXCG3Lg3339Bil4BVRnxw4EQC_G7jDGhA"

string

contacts
optional

OAuth client contacts

< string > array

defaultMaxAge
optional

Default maximum session age before re-prompting

integer

deviceCodeValiditySeconds
optional

Device code validity seconds

integer

grantTypes
optional

OAuth grant types. Supported values ["refresh_token", "authorization_code"]

< string > array

id
required

Internal OIDC unique identifier of OAuth client
Example : 1

integer

idTokenValiditySeconds
optional

id_token validity time in seconds

integer

logoUri
optional

URL of the logo

string

redirectUris
optional

OAuth redirect uris

< string > array

refreshTokenValiditySeconds
optional

Refresh token validity time in seconds

integer

requireAuthTime
optional

Always require that the auth_time claim be sent in the id token

boolean

reuseRefreshToken
optional

Reuse refresh tokens if they are not time out

boolean

scope
optional

OAuth client scopes

< string > array

subjectType
optional

Access type parameter
Example : "PUBLIC"

string

tokenEndpointAuthMethod
optional

Authorization method. Possible values ["SECRET_POST", "SECRET_BASIC", "SECRET_JWT", "PRIVATE_KEY", "NONE"] SECRET_BASIC value is by default.
Example : "SECRET_BASIC"

string

tosUri
optional

URL for the Terms of Service of this client, will be displayed to the user

string

ResourceServerImported

Name Description Schema

clientId
required

OAuth client id

string

clientSecret
required

OAuth client secret

string

uuid
required

Unique identifier of application

string

ResourceServerPermission

Name Description Schema

description
optional

Permission description
Example : "Email scope description"

string

name
optional

Permission name
Example : "email"

string

nameWithPrefix
optional

Permission name with prefix
Example : "cloudentity::list_devices"

string

ResourceServerPermissions

Name Schema

resourceServerPermissions
optional

< resourceServerPermissions > array

resourceServerPermissions

Name Description Schema

description
optional

Permission description
Example : "Email scope description"

string

name
optional

Permission name
Example : "email"

string

nameWithPrefix
optional

Permission name with prefix
Example : "cloudentity::list_devices"

string

ResourceServerPermissionsForCustomer

Name Schema

permissions
optional

< permissions > array

permissions

Name Description Schema

appId
optional

appId

string

permissions
optional

< permissions > array

prefix
optional

Permission name with prefix
Example : "cloudentity::list_devices"

string

permissions

Name Description Schema

description
optional

Permission description
Example : "Email scope description"

string

name
optional

Permission name
Example : "email"

string

ResourceServerScope

Name Description Schema

description
optional

scope description
Example : "List devices"

string

name
optional

scope name
Example : "list_devices"

string

nameWithPrefix
optional

scope name with prefix
Example : "RS::list_devices"

string

policy
optional

policy indicating wheather scope should be enabled / disabled on consent page
Example : "LIST_DEVICES"

string

ResourceServerScopeCreated

Name is required, min 1 max 80 characters, allowed characters: [A-Z,a-z0-9_] Description is optional, if provided must be no longer than 120 characters.

Name Description Schema

description
optional

Scope description
Example : "read access"

string

name
required

Scope name
Example : "read"

string

nameWithPrefix
optional

Scope name with prefix
Example : "EMAIL::read"

string

policy
optional

Policy
Example : "ISSUE_SCOPE"

string

ResourceServerScopes

Name Schema

scopes
optional

< scopes > array

scopes

Name Description Schema

description
optional

scope description
Example : "List devices"

string

name
optional

scope name
Example : "list_devices"

string

nameWithPrefix
optional

scope name with prefix
Example : "RS::list_devices"

string

policy
optional

policy indicating wheather scope should be enabled / disabled on consent page
Example : "LIST_DEVICES"

string

ResourceServerSelfRegister

Name Description Schema

application
required

application

capabilities
optional

Resource server capabilities

< string > array

application

Name Description Schema

appDescription
optional

Description of application

string

appName
required

Name of application

string

appUuid
required

Uuid of application

string

ownerIdentifier
required

Identifier of application owner

string

prefix
optional

Resource server prefix

string

scopes
required

Resource server scopes

< scopes > array

scopes

Name Description Schema

description
optional

Permission description

string

externalId
optional

Permission external id

string

name
required

Permission name

string

policy
optional

Authz policy

string

prefix
optional

Permission prefix

string

ResourceServerSelfRegisterApplication

Name Description Schema

appDescription
optional

Description of application

string

appName
required

Name of application

string

appUuid
required

Uuid of application

string

ownerIdentifier
required

Identifier of application owner

string

prefix
optional

Resource server prefix

string

scopes
required

Resource server scopes

< scopes > array

scopes

Name Description Schema

description
optional

Permission description

string

externalId
optional

Permission external id

string

name
required

Permission name

string

policy
optional

Authz policy

string

prefix
optional

Permission prefix

string

UpdateApplication

Name Description Schema

description
optional

Description of application

string

name
optional

Name of application

string

UpdateOAuthCapabilityDetails

Name Description Schema

allowIntrospection
optional

Determines if client can make calls to introspection endpoint

boolean

clientDescription
optional

Client description

string

contacts
optional

OAuth client contacts

< string > array

defaultMaxAge
optional

Default maximum session age before re-prompting

integer

deviceCodeValiditySeconds
optional

Device code validity seconds

integer

grantTypes
optional

OAuth grant types. Supported values ["refresh_token", "authorization_code"]

< string > array

logoUri
optional

URL of the logo

string

redirectUris
optional

OAuth redirect uris

< string > array

requireAuthTime
optional

Always require that the auth_time claim be sent in the id token

boolean

reuseRefreshToken
optional

Reuse refresh tokens if they are not time out

boolean

scope
optional

OAuth client scopes

< string > array

subjectType
optional

Access type parameter
Example : "PUBLIC"

string

tokenEndpointAuthMethod
optional

Authorization method. Possible values ["SECRET_POST", "SECRET_BASIC", "SECRET_JWT", "PRIVATE_KEY", "NONE"] SECRET_BASIC value is by default.
Example : "SECRET_BASIC"

string

tosUri
optional

URL for the Terms of Service of this client, will be displayed to the user

string

UserPermissions

Name Schema

permissions
required

< permissions > array

permissions

Name Schema

appId
required

string

permissions
required

< string > array

prefix
required

string

UserRSPermisions

Name Schema

appId
required

string

permissions
required

< string > array

prefix
required

string

Security

oauth2_implicit

Type : oauth2
Flow : implicit
Token URL : https://cloudentity.dev.cloudentity.com/oauth/authorize

oauth2_authorizationCode

Type : oauth2
Flow : accessCode
Token URL : https://cloudentity.dev.cloudentity.com/oauth/authorize
Token URL : https://cloudentity.dev.cloudentity.com/oauth/token

oauth2_password

Type : oauth2
Flow : password
Token URL : https://cloudentity.dev.cloudentity.com/oauth/token

SsoToken

Type : apiKey
Name : token
In : HEADER