Overview

Version information

Version : 1.0.0

URI scheme

Host : cloudentity.dev.cloudentity.com
BasePath : /api
Schemes : HTTPS

Consumes

  • application/json

Produces

  • application/json

Paths

POST /entitlementgroups

Description

Create an entitlement group

The ADMIN_CREATE_ENTITLEMENT_GROUP entitlement is required.

Upon successful creation, the entitlement group is automatically granted to the calling user.

Parameters

Type Name Description Schema

Body

body
required

Group object

Group

Responses

HTTP Code Description Schema

201

The group is created

No Content

400

Response details:

  • Code : Message

  • Request.Invalid: The request could not be understood by the server due to malformed syntax.

Error

401

Response details:

  • Code : Message

  • Authentication.Unauthenticated: Not authenticated. This API is only available for authenticated users.

Error

403

Response details:

  • Code : Message

  • Authorization.Unauthorized: Not authorized. This API is only available for authorized users.

Error

409

Response details:

  • Code: Message

  • Group.Duplicate: Group name already exists.

Error

Tags

  • entitlement

Security

Type Name

oauth2

oauth2_implicit

oauth2

oauth2_authorizationCode

oauth2

oauth2_password

apiKey

SsoToken

GET /entitlementgroups

Description

Get list of all entitlement groups

The ADMIN_LIST_ENTITLEMENT_GROUPS entitlement is required.

Responses

HTTP Code Description Schema

200

The current list of entitlement groups is returned.

The list is the same for any user who calls this API.

GroupsList

400

Response details:

  • Code : Message

  • Request.Invalid: The request could not be understood by the server due to malformed syntax.

Error

401

Response details:

  • Code : Message

  • Authentication.Unauthenticated: Not authenticated. This API is only available for authenticated users.

Error

403

Response details:

  • Code : Message

  • Authorization.Unauthorized: Not authorized. This API is only available for authorized users.

Error

Tags

  • entitlement

Security

Type Name

oauth2

oauth2_implicit

oauth2

oauth2_authorizationCode

oauth2

oauth2_password

apiKey

SsoToken

GET /entitlementgroups/{entitlementGroup}

Description

Get entitlement group object identified by {group}

The ADMIN_GET_ENTITLEMENT_GROUP entitlement is required.

Parameters

Type Name Description Schema

Path

entitlementGroup
required

Name of entitlement group

string

Responses

HTTP Code Description Schema

200

Group object is returned

Group

400

Response details:

  • Code : Message

  • Request.Invalid: The request could not be understood by the server due to malformed syntax.

Error

401

Response details:

  • Code : Message

  • Authentication.Unauthenticated: Not authenticated. This API is only available for authenticated users.

Error

403

Response details:

  • Code : Message

  • Authorization.Unauthorized: Not authorized. This API is only available for authorized users.

Error

404

Response details:

  • Code: Message

  • Group.NotFound: Group with the given name does not exist

Error

Tags

  • entitlement

Security

Type Name

oauth2

oauth2_implicit

oauth2

oauth2_authorizationCode

oauth2

oauth2_password

apiKey

SsoToken

PUT /entitlementgroups/{entitlementGroup}

Description

Update entitlement group object identified by {group}

The ADMIN_UPDATE_ENTITLEMENT_GROUP entitlement is required.

Parameters

Type Name Description Schema

Path

entitlementGroup
required

Name of entitlement group

string

Body

groupUpdates
required

Group updates

updates

updates

Name Schema

description
optional

string

Responses

HTTP Code Description Schema

204

The group is updated

No Content

400

Response details:

  • Code : Message

  • Request.Invalid: The request could not be understood by the server due to malformed syntax.

Error

401

Response details:

  • Code : Message

  • Authentication.Unauthenticated: Not authenticated. This API is only available for authenticated users.

Error

403

Response details:

  • Code : Message

  • Authorization.Unauthorized: Not authorized. This API is only available for authorized users.

Error

404

Response details:

  • Code: Message

  • Group.NotFound: Group with the given name does not exist

Error

Tags

  • entitlement

Security

Type Name

oauth2

oauth2_implicit

oauth2

oauth2_authorizationCode

oauth2

oauth2_password

apiKey

SsoToken

DELETE /entitlementgroups/{entitlementGroup}

Description

Delete the entitlement group object identified by {group}

The ADMIN_DELETE_ENTITLEMENT_GROUP entitlement is required.

Parameters

Type Name Description Schema

Path

entitlementGroup
required

Name of entitlement group

string

Responses

HTTP Code Description Schema

204

The group is deleted; it does not however remove the entitlements inside it.

No Content

400

Response details:

  • Code : Message

  • Request.Invalid: The request could not be understood by the server due to malformed syntax.

Error

401

Response details:

  • Code : Message

  • Authentication.Unauthenticated: Not authenticated. This API is only available for authenticated users.

Error

403

Response details:

  • Code : Message

  • Authorization.Unauthorized: Not authorized. This API is only available for authorized users.

Error

404

Response details:

  • Code: Message

  • Group.NotFound: Group with the given name does not exist

Error

Tags

  • entitlement

Security

Type Name

oauth2

oauth2_implicit

oauth2

oauth2_authorizationCode

oauth2

oauth2_password

apiKey

SsoToken

POST /entitlementgroups/{entitlementGroup}/entitlements

Description

Adds the given entitlement to the given group.

Note: One entitlement can be a member of multiple groups.

If the allowCoreEntitlements attribute of the group is false but the specified entitlement is a core entitlement, an Entitlement.CoreNotAllowed error will be returned.

The ADMIN_ADD_ENTITLEMENT_TO_GROUP entitlement is required. If the current user doesn’t own ADMIN_ADD_ENTITLEMENT_TO_GROUP, then an Authorization.Unauthorized error will be returned.

Parameters

Type Name Description Schema

Path

entitlementGroup
required

Name of entitlement group

string

Body

entitlement
optional

Name of entitlement

EntitlementNameObject

Responses

HTTP Code Description Schema

201

Entitlement added to the group

No Content

400

Response details:

  • Code : Message

  • Request.Invalid: The request could not be understood by the server due to malformed syntax.

Error

401

Response details:

  • Code : Message

  • Authentication.Unauthenticated: Not authenticated. This API is only available for authenticated users.

Error

403

Response details:

  • Code : Message

  • Authorization.Unauthorized: Not authorized. This API is only available for authorized users.

Error

404

Response details:

  • Code: Message

  • Group.NotFound: Group with the given name does not exist

  • Entitlement.NotFound: The entitlement to be added to group does not exist

Error

422

Response details:

  • Code: Message

  • Entitlement.CoreNotAllowed: A core entitlement is not allowed.

Error

Tags

  • entitlement

Security

Type Name

oauth2

oauth2_implicit

oauth2

oauth2_authorizationCode

oauth2

oauth2_password

apiKey

SsoToken

GET /entitlementgroups/{entitlementGroup}/entitlements

Description

Get list of all entitlements inside the given group

The ADMIN_LIST_ENTITLEMENTS_IN_GROUP entitlement is required.

Parameters

Type Name Description Schema

Path

entitlementGroup
required

Name of entitlement group

string

Responses

HTTP Code Description Schema

200

List of entitlements belonging to the given group

EntitlementsList

400

Response details:

  • Code : Message

  • Request.Invalid: The request could not be understood by the server due to malformed syntax.

Error

401

Response details:

  • Code : Message

  • Authentication.Unauthenticated: Not authenticated. This API is only available for authenticated users.

Error

403

Response details:

  • Code : Message

  • Authorization.Unauthorized: Not authorized. This API is only available for authorized users.

Error

404

Response details:

  • Code: Message

  • Group.NotFound: Group with the given name does not exist

Error

Tags

  • entitlement

Security

Type Name

oauth2

oauth2_implicit

oauth2

oauth2_authorizationCode

oauth2

oauth2_password

apiKey

SsoToken

DELETE /entitlementgroups/{entitlementGroup}/entitlements/{entitlement}

Description

Removes given entitlement from the given group

The ADMIN_DELETE_ENTITLEMENT_FROM_GROUP entitlement is required.

The ADMIN_REVOKE_ANY_ENTITLEMENT entitlement is required to remove entitlements unowned by the current user.

If the current user owns neither the target entitlement nor the ADMIN_REVOKE_ANY_ENTITLEMENT entitlement, an Authorization.Unauthorized error will be returned.

Parameters

Type Name Description Schema

Path

entitlement
required

Name of entitlement

string

Path

entitlementGroup
required

Name of entitlement group

string

Responses

HTTP Code Description Schema

204

Entitlement removed from the group

No Content

400

Response details:

  • Code : Message

  • Request.Invalid: The request could not be understood by the server due to malformed syntax.

Error

401

Response details:

  • Code : Message

  • Authentication.Unauthenticated: Not authenticated. This API is only available for authenticated users.

Error

403

Response details:

  • Code : Message

  • Authorization.Unauthorized: Not authorized. This API is only available for authorized users.

Error

404

Response details:

  • Code: Message

  • Group.NotFound: Group with the given name does not exist

  • Entitlement.NotFound: The entitlement does not exist

Error

Tags

  • entitlement

Security

Type Name

oauth2

oauth2_implicit

oauth2

oauth2_authorizationCode

oauth2

oauth2_password

apiKey

SsoToken

POST /entitlementgroups/{entitlementGroup}/multipleentitlements

Description

Adds all of the given entitlements to the given group.

Note: One entitlement can be a member of multiple groups.

If the allowCoreEntitlements attribute of the group is false but any the specified entitlements is a core entitlement, an Entitlement.CoreNotAllowed error will be returned.

The ADMIN_ADD_ENTITLEMENT_TO_GROUP entitlement is required. If the current user doesn’t own ADMIN_ADD_ENTITLEMENT_TO_GROUP, then an Authorization.Unauthorized error will be returned.

Parameters

Type Name Description Schema

Path

entitlementGroup
required

Name of entitlement group

string

Body

body
optional

EntitlementNamesObject

Responses

HTTP Code Description Schema

201

All requested entitlements added to the group

No Content

400

Response details:

  • Code : Message

  • Request.Invalid: The request could not be understood by the server due to malformed syntax.

Error

401

Response details:

  • Code : Message

  • Authentication.Unauthenticated: Not authenticated. This API is only available for authenticated users.

Error

403

Response details:

  • Code : Message

  • Authorization.Unauthorized: Not authorized. This API is only available for authorized users.

Error

404

Response details:

  • Code: Message

  • Group.NotFound: Group with the given name does not exist

  • Entitlement.NotFound: The entitlement to be added to group does not exist

Error

422

Response details:

  • Code: Message

  • Entitlement.CoreNotAllowed: A core entitlement is not allowed.

Error

Tags

  • entitlement

Security

Type Name

oauth2

oauth2_implicit

oauth2

oauth2_authorizationCode

oauth2

oauth2_password

apiKey

SsoToken

POST /entitlements

Description

Create an entitlement

The ADMIN_CREATE_ENTITLEMENT entitlement is required.

Upon successful creation, the entitlement is automatically granted to the calling user.

Parameters

Type Name Description Schema

Body

body
required

Entitlement object

Entitlement

Responses

HTTP Code Description Schema

201

The entitlement is created

No Content

400

Response details:

  • Code : Message

  • Request.Invalid: The request could not be understood by the server due to malformed syntax.

Error

401

Response details:

  • Code : Message

  • Authentication.Unauthenticated: Not authenticated. This API is only available for authenticated users.

Error

403

Response details:

  • Code : Message

  • Authorization.Unauthorized: Not authorized. This API is only available for authorized users.

Error

409

Response details:

  • Code: Message

  • Entitlement.Duplicate: Entitlement name already exists.

Error

Tags

  • entitlement

Security

Type Name

oauth2

oauth2_implicit

oauth2

oauth2_authorizationCode

oauth2

oauth2_password

apiKey

SsoToken

GET /entitlements

Description

Get list of all entitlements

The ADMIN_LIST_ENTITLEMENTS entitlement is required.

Responses

HTTP Code Description Schema

200

The requested list of entitlements is returned

EntitlementsList

400

Response details:

  • Code : Message

  • Request.Invalid: The request could not be understood by the server due to malformed syntax.

Error

401

Response details:

  • Code : Message

  • Authentication.Unauthenticated: Not authenticated. This API is only available for authenticated users.

Error

403

Response details:

  • Code : Message

  • Authorization.Unauthorized: Not authorized. This API is only available for authorized users.

Error

Tags

  • entitlement

Security

Type Name

oauth2

oauth2_implicit

oauth2

oauth2_authorizationCode

oauth2

oauth2_password

apiKey

SsoToken

GET /entitlements/{entitlement}

Description

Get entitlement object identified by {entitlement}

The ADMIN_GET_ENTITLEMENT entitlement is required.

Parameters

Type Name Description Schema

Path

entitlement
required

Name of entitlement

string

Responses

HTTP Code Description Schema

200

The entitlement object is returned

Entitlement

400

Response details:

  • Code : Message

  • Request.Invalid: The request could not be understood by the server due to malformed syntax.

Error

401

Response details:

  • Code : Message

  • Authentication.Unauthenticated: Not authenticated. This API is only available for authenticated users.

Error

403

Response details:

  • Code : Message

  • Authorization.Unauthorized: Not authorized. This API is only available for authorized users.

Error

404

Response details:

  • Code: Message

  • Entitlement.NotFound: Entitlement with the given name does not exist

Error

Tags

  • entitlement

Security

Type Name

oauth2

oauth2_implicit

oauth2

oauth2_authorizationCode

oauth2

oauth2_password

apiKey

SsoToken

PUT /entitlements/{entitlement}

Description

Update entitlement object identified by {entitlement}

The ADMIN_UPDATE_ENTITLEMENT entitlement is required.

Parameters

Type Name Description Schema

Path

entitlement
required

Name of entitlement

string

Body

body
required

Entitlement updates

EntitlementUpdatesObject

Responses

HTTP Code Description Schema

204

The entitlement is updated

No Content

400

Response details:

  • Code : Message

  • Request.Invalid: The request could not be understood by the server due to malformed syntax.

Error

401

Response details:

  • Code : Message

  • Authentication.Unauthenticated: Not authenticated. This API is only available for authenticated users.

Error

403

Response details:

  • Code : Message

  • Authorization.Unauthorized: Not authorized. This API is only available for authorized users.

Error

404

Response details:

  • Code: Message

  • Entitlement.NotFound: Entitlement does not exist.

Error

Tags

  • entitlement

Security

Type Name

oauth2

oauth2_implicit

oauth2

oauth2_authorizationCode

oauth2

oauth2_password

apiKey

SsoToken

DELETE /entitlements/{entitlement}

Description

Delete the entitlement object identified by {entitlement}

The ADMIN_DELETE_ENTITLEMENT entitlement is required.

Parameters

Type Name Description Schema

Path

entitlement
required

Name of entitlement

string

Responses

HTTP Code Description Schema

204

The entitlement is deleted

No Content

400

Response details:

  • Code : Message

  • Request.Invalid: The request could not be understood by the server due to malformed syntax.

Error

401

Response details:

  • Code : Message

  • Authentication.Unauthenticated: Not authenticated. This API is only available for authenticated users.

Error

403

Response details:

  • Code : Message

  • Authorization.Unauthorized: Not authorized. This API is only available for authorized users.

Error

404

Response details:

  • Code: Message

  • Entitlement.NotFound: Entitlement with the given name does not exist

Error

Tags

  • entitlement

Security

Type Name

oauth2

oauth2_implicit

oauth2

oauth2_authorizationCode

oauth2

oauth2_password

apiKey

SsoToken

POST /policy/entitilementandcustomer/validate

Description

Validates if: - the user identified by the provided token parameter has the provided entitlements. - the provided customer matches the customer from the session

Parameters

Type Name Schema

Body

body
optional

EntitlementAndCustomerBody

Responses

HTTP Code Description Schema

200

Success. The user has all of the requested entitlements and customer matches.

EntitlementsValidationSuccess

400

Response details:

  • Code : Message

  • Request.Invalid: The request could not be understood by the server due to malformed syntax.

Error

403

Not authorized. The user does not have one or more requested entitlements. * Code: Message * Authorization.Unauthorized: The user is not authorized. At least one entitlement is missing.

Schema details.

    "details":{
           "allowed":[
               {
                  "name":"string"
               }
            ],
            "denied":[
               {
                  "name":"string",
                  "reason":{
                     "requiredAuthLevel":"integer",
                     "notAssigned":"boolean"
                  }
               }
            ]
     }

  • Customer.InvalidCustomer: Provided customer does not match the customer from user session.

Schema details.

No details - only code and message.

Error

Tags

  • entitlement

Security

Type Name

oauth2

oauth2_implicit

oauth2

oauth2_authorizationCode

oauth2

oauth2_password

apiKey

SsoToken

POST /policy/entitlement/validate

Description

Validates if a user identified by the provided {token} parameter has the provided entitlements.

Parameters

Type Name Schema

Body

body
optional

EntitlementNamesObject

Responses

HTTP Code Description Schema

200

Success. The user has all of the requested entitlements.

EntitlementsValidationSuccess

400

Response details:

  • Code : Message

  • Request.Invalid: The request could not be understood by the server due to malformed syntax.

Error

403

Not authorized. The user does not have one or more requested entitlements.

  • Code: Message

  • Entitlements.MissingEntitlement: The user is not authorized. At least one entitlement is missing. See details.

EntitlementsValidationError

Tags

  • entitlement

Security

Type Name

oauth2

oauth2_implicit

oauth2

oauth2_authorizationCode

oauth2

oauth2_password

apiKey

SsoToken

POST /sla/entitlementgroups

Description

Create an entitlement group

The ADMIN_CREATE_ENTITLEMENT_GROUP entitlement is required.

Upon successful creation, the entitlement group is automatically granted to the calling user.

Parameters

Type Name Description Schema

Body

body
required

Group object

Group

Responses

HTTP Code Description Schema

201

The group is created

No Content

400

Response details:

  • Code : Message

  • Request.Invalid: The request could not be understood by the server due to malformed syntax.

Error

401

Response details:

  • Code : Message

  • Authentication.Unauthenticated: Not authenticated. This API is only available for authenticated users.

Error

403

Response details:

  • Code : Message

  • Authorization.Unauthorized: Not authorized. This API is only available for authorized users.

Error

409

Response details:

  • Code: Message

  • Group.Duplicate: Group name already exists.

Error

Tags

  • entitlement

Security

Type Name

oauth2

oauth2_implicit

oauth2

oauth2_authorizationCode

oauth2

oauth2_password

apiKey

SsoToken

GET /sla/entitlementgroups

Description

Get list of all entitlement groups

The ADMIN_LIST_ENTITLEMENT_GROUPS entitlement is required.

Responses

HTTP Code Description Schema

200

The current list of entitlement groups is returned.

The list is the same for any user who calls this API.

GroupsList

400

Response details:

  • Code : Message

  • Request.Invalid: The request could not be understood by the server due to malformed syntax.

Error

401

Response details:

  • Code : Message

  • Authentication.Unauthenticated: Not authenticated. This API is only available for authenticated users.

Error

403

Response details:

  • Code : Message

  • Authorization.Unauthorized: Not authorized. This API is only available for authorized users.

Error

Tags

  • entitlement

Security

Type Name

oauth2

oauth2_implicit

oauth2

oauth2_authorizationCode

oauth2

oauth2_password

apiKey

SsoToken

GET /sla/entitlementgroups/{entitlementGroup}

Description

Get entitlement group object identified by {group}

The ADMIN_GET_ENTITLEMENT_GROUP entitlement is required.

Parameters

Type Name Description Schema

Path

entitlementGroup
required

Name of entitlement group

string

Responses

HTTP Code Description Schema

200

Group object is returned

Group

400

Response details:

  • Code : Message

  • Request.Invalid: The request could not be understood by the server due to malformed syntax.

Error

401

Response details:

  • Code : Message

  • Authentication.Unauthenticated: Not authenticated. This API is only available for authenticated users.

Error

403

Response details:

  • Code : Message

  • Authorization.Unauthorized: Not authorized. This API is only available for authorized users.

Error

404

Response details:

  • Code: Message

  • Group.NotFound: Group with the given name does not exist

Error

Tags

  • entitlement

Security

Type Name

oauth2

oauth2_implicit

oauth2

oauth2_authorizationCode

oauth2

oauth2_password

apiKey

SsoToken

PUT /sla/entitlementgroups/{entitlementGroup}

Description

Update entitlement group object identified by {group}

The ADMIN_UPDATE_ENTITLEMENT_GROUP entitlement is required.

Parameters

Type Name Description Schema

Path

entitlementGroup
required

Name of entitlement group

string

Body

groupUpdates
required

Group updates

updates

updates

Name Schema

description
optional

string

Responses

HTTP Code Description Schema

204

The group is updated

No Content

400

Response details:

  • Code : Message

  • Request.Invalid: The request could not be understood by the server due to malformed syntax.

Error

401

Response details:

  • Code : Message

  • Authentication.Unauthenticated: Not authenticated. This API is only available for authenticated users.

Error

403

Response details:

  • Code : Message

  • Authorization.Unauthorized: Not authorized. This API is only available for authorized users.

Error

404

Response details:

  • Code: Message

  • Group.NotFound: Group with the given name does not exist

Error

Tags

  • entitlement

Security

Type Name

oauth2

oauth2_implicit

oauth2

oauth2_authorizationCode

oauth2

oauth2_password

apiKey

SsoToken

DELETE /sla/entitlementgroups/{entitlementGroup}

Description

Delete the entitlement group object identified by {group}

The ADMIN_DELETE_ENTITLEMENT_GROUP entitlement is required.

Parameters

Type Name Description Schema

Path

entitlementGroup
required

Name of entitlement group

string

Responses

HTTP Code Description Schema

204

The group is deleted; it does not however remove the entitlements inside it.

No Content

400

Response details:

  • Code : Message

  • Request.Invalid: The request could not be understood by the server due to malformed syntax.

Error

401

Response details:

  • Code : Message

  • Authentication.Unauthenticated: Not authenticated. This API is only available for authenticated users.

Error

403

Response details:

  • Code : Message

  • Authorization.Unauthorized: Not authorized. This API is only available for authorized users.

Error

404

Response details:

  • Code: Message

  • Group.NotFound: Group with the given name does not exist

Error

Tags

  • entitlement

Security

Type Name

oauth2

oauth2_implicit

oauth2

oauth2_authorizationCode

oauth2

oauth2_password

apiKey

SsoToken

POST /sla/entitlementgroups/{entitlementGroup}/entitlements

Description

Adds the given entitlement to the given group.

Note: One entitlement can be a member of multiple groups.

If the allowCoreEntitlements attribute of the group is false but the specified entitlement is a core entitlement, an Entitlement.CoreNotAllowed error will be returned.

The ADMIN_ADD_ENTITLEMENT_TO_GROUP entitlement is required. If the current user doesn’t own ADMIN_ADD_ENTITLEMENT_TO_GROUP, then an Authorization.Unauthorized error will be returned.

Parameters

Type Name Description Schema

Path

entitlementGroup
required

Name of entitlement group

string

Body

entitlement
optional

Name of entitlement

EntitlementNameObject

Responses

HTTP Code Description Schema

201

Entitlement added to the group

No Content

400

Response details:

  • Code : Message

  • Request.Invalid: The request could not be understood by the server due to malformed syntax.

Error

401

Response details:

  • Code : Message

  • Authentication.Unauthenticated: Not authenticated. This API is only available for authenticated users.

Error

403

Response details:

  • Code : Message

  • Authorization.Unauthorized: Not authorized. This API is only available for authorized users.

Error

404

Response details:

  • Code: Message

  • Group.NotFound: Group with the given name does not exist

  • Entitlement.NotFound: The entitlement to be added to group does not exist

Error

422

Response details:

  • Code: Message

  • Entitlement.CoreNotAllowed: A core entitlement is not allowed.

Error

Tags

  • entitlement

Security

Type Name

oauth2

oauth2_implicit

oauth2

oauth2_authorizationCode

oauth2

oauth2_password

apiKey

SsoToken

GET /sla/entitlementgroups/{entitlementGroup}/entitlements

Description

Get list of all entitlements inside the given group

The ADMIN_LIST_ENTITLEMENTS_IN_GROUP entitlement is required.

Parameters

Type Name Description Schema

Path

entitlementGroup
required

Name of entitlement group

string

Responses

HTTP Code Description Schema

200

List of entitlements belonging to the given group

EntitlementsList

400

Response details:

  • Code : Message

  • Request.Invalid: The request could not be understood by the server due to malformed syntax.

Error

401

Response details:

  • Code : Message

  • Authentication.Unauthenticated: Not authenticated. This API is only available for authenticated users.

Error

403

Response details:

  • Code : Message

  • Authorization.Unauthorized: Not authorized. This API is only available for authorized users.

Error

404

Response details:

  • Code: Message

  • Group.NotFound: Group with the given name does not exist

Error

Tags

  • entitlement

Security

Type Name

oauth2

oauth2_implicit

oauth2

oauth2_authorizationCode

oauth2

oauth2_password

apiKey

SsoToken

DELETE /sla/entitlementgroups/{entitlementGroup}/entitlements/{entitlementName}

Description

Removes given entitlement from the given group

The ADMIN_DELETE_ENTITLEMENT_FROM_GROUP entitlement is required.

The ADMIN_REVOKE_ANY_ENTITLEMENT entitlement is required to remove entitlements unowned by the current user.

If the current user owns neither the target entitlement nor the ADMIN_REVOKE_ANY_ENTITLEMENT entitlement, an Authorization.Unauthorized error will be returned.

Parameters

Type Name Description Schema

Path

entitlement
required

Name of entitlement

string

Path

entitlementGroup
required

Name of entitlement group

string

Responses

HTTP Code Description Schema

204

Entitlement removed from the group

No Content

400

Response details:

  • Code : Message

  • Request.Invalid: The request could not be understood by the server due to malformed syntax.

Error

401

Response details:

  • Code : Message

  • Authentication.Unauthenticated: Not authenticated. This API is only available for authenticated users.

Error

403

Response details:

  • Code : Message

  • Authorization.Unauthorized: Not authorized. This API is only available for authorized users.

Error

404

Response details:

  • Code: Message

  • Group.NotFound: Group with the given name does not exist

  • Entitlement.NotFound: The entitlement does not exist

Error

Tags

  • entitlement

Security

Type Name

oauth2

oauth2_implicit

oauth2

oauth2_authorizationCode

oauth2

oauth2_password

apiKey

SsoToken

POST /sla/entitlementgroups/{entitlementGroup}/multipleentitlements

Description

Adds all of the given entitlements to the given group.

Note: One entitlement can be a member of multiple groups.

If the allowCoreEntitlements attribute of the group is false but any the specified entitlements is a core entitlement, an Entitlement.CoreNotAllowed error will be returned.

The ADMIN_ADD_ENTITLEMENT_TO_GROUP entitlement is required. If the current user doesn’t own ADMIN_ADD_ENTITLEMENT_TO_GROUP, then an Authorization.Unauthorized error will be returned.

Parameters

Type Name Description Schema

Path

entitlementGroup
required

Name of entitlement group

string

Body

body
optional

EntitlementNamesObject

Responses

HTTP Code Description Schema

201

All requested entitlements added to the group

No Content

400

Response details:

  • Code : Message

  • Request.Invalid: The request could not be understood by the server due to malformed syntax.

Error

401

Response details:

  • Code : Message

  • Authentication.Unauthenticated: Not authenticated. This API is only available for authenticated users.

Error

403

Response details:

  • Code : Message

  • Authorization.Unauthorized: Not authorized. This API is only available for authorized users.

Error

404

Response details:

  • Code: Message

  • Group.NotFound: Group with the given name does not exist

  • Entitlement.NotFound: The entitlement to be added to group does not exist

Error

422

Response details:

  • Code: Message

  • Entitlement.CoreNotAllowed: A core entitlement is not allowed.

Error

Tags

  • entitlement

Security

Type Name

oauth2

oauth2_implicit

oauth2

oauth2_authorizationCode

oauth2

oauth2_password

apiKey

SsoToken

POST /sla/entitlements

Description

Create an entitlement

The ADMIN_CREATE_ENTITLEMENT entitlement is required.

Upon successful creation, the entitlement is automatically granted to the calling user.

Parameters

Type Name Description Schema

Body

body
required

Entitlement object

Entitlement

Responses

HTTP Code Description Schema

201

The entitlement is created

No Content

400

Response details:

  • Code : Message

  • Request.Invalid: The request could not be understood by the server due to malformed syntax.

Error

401

Response details:

  • Code : Message

  • Authentication.Unauthenticated: Not authenticated. This API is only available for authenticated users.

Error

403

Response details:

  • Code : Message

  • Authorization.Unauthorized: Not authorized. This API is only available for authorized users.

Error

409

Response details:

  • Code: Message

  • Entitlement.Duplicate: Entitlement name already exists.

Error

Tags

  • entitlement

Security

Type Name

oauth2

oauth2_implicit

oauth2

oauth2_authorizationCode

oauth2

oauth2_password

apiKey

SsoToken

GET /sla/entitlements

Description

Get list of all entitlements

The ADMIN_LIST_ENTITLEMENTS entitlement is required.

Responses

HTTP Code Description Schema

200

The requested list of entitlements is returned

EntitlementsList

400

Response details:

  • Code : Message

  • Request.Invalid: The request could not be understood by the server due to malformed syntax.

Error

401

Response details:

  • Code : Message

  • Authentication.Unauthenticated: Not authenticated. This API is only available for authenticated users.

Error

403

Response details:

  • Code : Message

  • Authorization.Unauthorized: Not authorized. This API is only available for authorized users.

Error

Tags

  • entitlement

Security

Type Name

oauth2

oauth2_implicit

oauth2

oauth2_authorizationCode

oauth2

oauth2_password

apiKey

SsoToken

GET /sla/entitlements/{entitlementName}

Description

Get entitlement object identified by {entitlement}

The ADMIN_GET_ENTITLEMENT entitlement is required.

Parameters

Type Name Description Schema

Path

entitlement
required

Name of entitlement

string

Responses

HTTP Code Description Schema

200

The entitlement object is returned

Entitlement

400

Response details:

  • Code : Message

  • Request.Invalid: The request could not be understood by the server due to malformed syntax.

Error

401

Response details:

  • Code : Message

  • Authentication.Unauthenticated: Not authenticated. This API is only available for authenticated users.

Error

403

Response details:

  • Code : Message

  • Authorization.Unauthorized: Not authorized. This API is only available for authorized users.

Error

404

Response details:

  • Code: Message

  • Entitlement.NotFound: Entitlement with the given name does not exist

Error

Tags

  • entitlement

Security

Type Name

oauth2

oauth2_implicit

oauth2

oauth2_authorizationCode

oauth2

oauth2_password

apiKey

SsoToken

PUT /sla/entitlements/{entitlementName}

Description

Update entitlement object identified by {entitlement}

The ADMIN_UPDATE_ENTITLEMENT entitlement is required.

Parameters

Type Name Description Schema

Path

entitlement
required

Name of entitlement

string

Body

body
required

Entitlement updates

EntitlementUpdatesObject

Responses

HTTP Code Description Schema

204

The entitlement is updated

No Content

400

Response details:

  • Code : Message

  • Request.Invalid: The request could not be understood by the server due to malformed syntax.

Error

401

Response details:

  • Code : Message

  • Authentication.Unauthenticated: Not authenticated. This API is only available for authenticated users.

Error

403

Response details:

  • Code : Message

  • Authorization.Unauthorized: Not authorized. This API is only available for authorized users.

Error

404

Response details:

  • Code: Message

  • Entitlement.NotFound: Entitlement does not exist.

Error

Tags

  • entitlement

Security

Type Name

oauth2

oauth2_implicit

oauth2

oauth2_authorizationCode

oauth2

oauth2_password

apiKey

SsoToken

DELETE /sla/entitlements/{entitlementName}

Description

Delete the entitlement object identified by {entitlement}

The ADMIN_DELETE_ENTITLEMENT entitlement is required.

Parameters

Type Name Description Schema

Path

entitlement
required

Name of entitlement

string

Responses

HTTP Code Description Schema

204

The entitlement is deleted

No Content

400

Response details:

  • Code : Message

  • Request.Invalid: The request could not be understood by the server due to malformed syntax.

Error

401

Response details:

  • Code : Message

  • Authentication.Unauthenticated: Not authenticated. This API is only available for authenticated users.

Error

403

Response details:

  • Code : Message

  • Authorization.Unauthorized: Not authorized. This API is only available for authorized users.

Error

404

Response details:

  • Code: Message

  • Entitlement.NotFound: Entitlement with the given name does not exist

Error

Tags

  • entitlement

Security

Type Name

oauth2

oauth2_implicit

oauth2

oauth2_authorizationCode

oauth2

oauth2_password

apiKey

SsoToken

POST /sla/policy/entitilementandcustomer/validate

Description

Validates if: - the user identified by the provided token parameter has the provided entitlements. - the provided customer matches the customer from the session

Parameters

Type Name Schema

Body

body
optional

EntitlementAndCustomerBody

Responses

HTTP Code Description Schema

200

Success. The user has all of the requested entitlements and customer matches.

EntitlementsValidationSuccess

400

Response details:

  • Code : Message

  • Request.Invalid: The request could not be understood by the server due to malformed syntax.

Error

403

Not authorized. The user does not have one or more requested entitlements. * Code: Message * Authorization.Unauthorized: The user is not authorized. At least one entitlement is missing.

Schema details.

    "details":{
           "allowed":[
               {
                  "name":"string"
               }
            ],
            "denied":[
               {
                  "name":"string",
                  "reason":{
                     "requiredAuthLevel":"integer",
                     "notAssigned":"boolean"
                  }
               }
            ]
     }

  • Customer.InvalidCustomer: Provided customer does not match the customer from user session.

Schema details.

No details - only code and message.

Error

Tags

  • entitlement

Security

Type Name

oauth2

oauth2_implicit

oauth2

oauth2_authorizationCode

oauth2

oauth2_password

apiKey

SsoToken

POST /sla/policy/entitlement/validate

Description

Validates if a user identified by the provided {token} parameter has the provided entitlements.

Parameters

Type Name Schema

Body

body
optional

EntitlementNamesObject

Responses

HTTP Code Description Schema

200

Success. The user has all of the requested entitlements.

EntitlementsValidationSuccess

400

Response details:

  • Code : Message

  • Request.Invalid: The request could not be understood by the server due to malformed syntax.

Error

403

Not authorized. The user does not have one or more requested entitlements.

  • Code: Message

  • Entitlements.MissingEntitlement: The user is not authorized. At least one entitlement is missing. See details.

EntitlementsValidationError

Tags

  • entitlement

Security

Type Name

oauth2

oauth2_implicit

oauth2

oauth2_authorizationCode

oauth2

oauth2_password

apiKey

SsoToken

POST /sla/user/{identifier}/entitlementgroups

Description

Grant an entitlement group to a user identified by {identifier}

The ADMIN_GRANT_ENTITLEMENT_GROUP entitlement is required.

The ADMIN_GRANT_ANY_ENTITLEMENT_GROUP entitlement is required to grant entitlement groups unowned by the current user.

If the current user owns neither the target group nor the ADMIN_GRANT_ANY_ENTITLEMENT_GROUP entitlement, an Authorization.Unauthorized error will be returned.

Parameters

Type Name Description Schema

Path

identifier
required

Unique identifier of a user.

UUID is used by default. However, if the identifier is prefixed by a valid identifier attribute with a trailing :: the system will use it to search for a user with that matching attribute.

Examples: * 34324-213123-21343243 will search by UUID * email::joe@doe.com will search by the provided email. * uid::joedoe will search by the provided uid. * mobile::1-222-333-444 will search by the provided mobile. * any::joedoe will search by any of the above identifiers.

You are recommended to use UUID whenever possible.

string

Body

group
optional

Name of group

group

group

Name Schema

group
optional

string

Responses

HTTP Code Description Schema

201

The entitlement group has been granted to the user

No Content

400

Response details:

  • Code : Message

  • Request.Invalid: The request could not be understood by the server due to malformed syntax.

Error

401

Response details:

  • Code : Message

  • Authentication.Unauthenticated: Not authenticated. This API is only available for authenticated users.

Error

403

Response details:

  • Code : Message

  • Authorization.Unauthorized: Not authorized. This API is only available for authorized users.

Error

404

Response details:

  • Code: Message

  • User.NotFound: User does not exist.

  • Group.NotFound: Group with the given name does not exist.

Error

Tags

  • entitlement

Security

Type Name

oauth2

oauth2_implicit

oauth2

oauth2_authorizationCode

oauth2

oauth2_password

apiKey

SsoToken

DELETE /sla/user/{identifier}/entitlementgroups/{entitlementGroup}

Description

Revoke an entitlement group from a user identified by {identifier}

The ADMIN_REVOKE_ENTITLEMENT_GROUP entitlement is required.

The ADMIN_REVOKE_ANY_ENTITLEMENT_GROUP entitlement is required to revoke entitlement groups unowned by the current user.

If the current user owns neither the target group nor the ADMIN_REVOKE_ANY_ENTITLEMENT_GROUP entitlement, an Authorization.Unauthorized error will be returned.

Parameters

Type Name Description Schema

Path

entitlementGroup
required

Name of entitlement group

string

Path

identifier
required

Unique identifier of a user.

UUID is used by default. However, if the identifier is prefixed by a valid identifier attribute with a trailing :: the system will use it to search for a user with that matching attribute.

Examples: * 34324-213123-21343243 will search by UUID * email::joe@doe.com will search by the provided email. * uid::joedoe will search by the provided uid. * mobile::1-222-333-444 will search by the provided mobile. * any::joedoe will search by any of the above identifiers.

You are recommended to use UUID whenever possible.

string

Responses

HTTP Code Description Schema

204

The entitlement group has been revoked from the user

No Content

400

Response details:

  • Code : Message

  • Request.Invalid: The request could not be understood by the server due to malformed syntax.

Error

401

Response details:

  • Code : Message

  • Authentication.Unauthenticated: Not authenticated. This API is only available for authenticated users.

Error

403

Response details:

  • Code : Message

  • Authorization.Unauthorized: Not authorized. This API is only available for authorized users.

Error

404

Response details

  • Code: Message

  • User.NotFound: User does not exist.

  • Group.NotFound: Group with the given name does not exist.

Error

Tags

  • entitlement

Security

Type Name

oauth2

oauth2_implicit

oauth2

oauth2_authorizationCode

oauth2

oauth2_password

apiKey

SsoToken

POST /sla/user/{identifier}/entitlements

Description

Grant an entitlement to a user identified by {identifier}

The ADMIN_GRANT_ENTITLEMENT entitlement is required.

The ADMIN_GRANT_ANY_ENTITLEMENT entitlement is required to grant entitlements unowned by the current user.

If the current user owns neither the target entitlement nor the ADMIN_GRANT_ANY_ENTITLEMENT entitlement, an Authorization.Unauthorized error will be returned.

Parameters

Type Name Description Schema

Path

identifier
required

Unique identifier of a user.

UUID is used by default. However, if the identifier is prefixed by a valid identifier attribute with a trailing :: the system will use it to search for a user with that matching attribute.

Examples: * 34324-213123-21343243 will search by UUID * email::joe@doe.com will search by the provided email. * uid::joedoe will search by the provided uid. * mobile::1-222-333-444 will search by the provided mobile. * any::joedoe will search by any of the above identifiers.

You are recommended to use UUID whenever possible.

string

Body

entitlement
optional

Name of entitlement

EntitlementNameObject

Responses

HTTP Code Description Schema

201

The entitlement has been granted to the user

No Content

400

Response details:

  • Code : Message

  • Request.Invalid: The request could not be understood by the server due to malformed syntax.

Error

401

Response details:

  • Code : Message

  • Authentication.Unauthenticated: Not authenticated. This API is only available for authenticated users.

Error

403

Response details:

  • Code : Message

  • Authorization.Unauthorized: Not authorized. This API is only available for authorized users.

Error

404

Response details:

  • Code: Message

  • Entitlement.NotFound: Entitlement does not exist.

  • User.NotFound: User does not exist.

Error

Tags

  • entitlement

Security

Type Name

oauth2

oauth2_implicit

oauth2

oauth2_authorizationCode

oauth2

oauth2_password

apiKey

SsoToken

DELETE /sla/user/{identifier}/entitlements/{entitlementName}

Description

Revoke an entitlement from a user identified by {identifier}

The ADMIN_REVOKE_ENTITLEMENT entitlement is required.

The ADMIN_REVOKE_ANY_ENTITLEMENT entitlement is required to revoke entitlements unowned by the current user.

If the current user owns neither the target entitlement nor the ADMIN_REVOKE_ANY_ENTITLEMENT entitlement, an Authorization.Unauthorized error will be returned.

Parameters

Type Name Description Schema

Path

entitlement
required

Name of entitlement

string

Path

identifier
required

Unique identifier of a user.

UUID is used by default. However, if the identifier is prefixed by a valid identifier attribute with a trailing :: the system will use it to search for a user with that matching attribute.

Examples: * 34324-213123-21343243 will search by UUID * email::joe@doe.com will search by the provided email. * uid::joedoe will search by the provided uid. * mobile::1-222-333-444 will search by the provided mobile. * any::joedoe will search by any of the above identifiers.

You are recommended to use UUID whenever possible.

string

Responses

HTTP Code Description Schema

204

The entitlement has been revoked from the user

No Content

400

Response details:

  • Code : Message

  • Request.Invalid: The request could not be understood by the server due to malformed syntax.

Error

401

Response details:

  • Code : Message

  • Authentication.Unauthenticated: Not authenticated. This API is only available for authenticated users.

Error

403

Response details:

  • Code : Message

  • Authorization.Unauthorized: Not authorized. This API is only available for authorized users.

Error

404

Response details

  • Code: Message

  • Entitlement.NotFound: Entitlement does not exist.

  • User.NotFound: User does not exist.

Error

Tags

  • entitlement

Security

Type Name

oauth2

oauth2_implicit

oauth2

oauth2_authorizationCode

oauth2

oauth2_password

apiKey

SsoToken

POST /sla/user/{identifier}/multipleentitlements

Description

Grants many entitlements to a user identified by {identifier}

The ADMIN_GRANT_ENTITLEMENT entitlement is required.

The ADMIN_GRANT_ANY_ENTITLEMENT entitlement is required to grant entitlements unowned by the current user.

If any of the target entitlements is unowned by the current user, and the ADMIN_GRANT_ANY_ENTITLEMENT entitlement is unowned by the current user, an Authorization.Unauthorized error will be returned.

Parameters

Type Name Description Schema

Path

identifier
required

Unique identifier of a user.

UUID is used by default. However, if the identifier is prefixed by a valid identifier attribute with a trailing :: the system will use it to search for a user with that matching attribute.

Examples: * 34324-213123-21343243 will search by UUID * email::joe@doe.com will search by the provided email. * uid::joedoe will search by the provided uid. * mobile::1-222-333-444 will search by the provided mobile. * any::joedoe will search by any of the above identifiers.

You are recommended to use UUID whenever possible.

string

Body

body
optional

EntitlementNamesObject

Responses

HTTP Code Description Schema

201

The entitlements have been granted to the user

No Content

400

Response details:

  • Code : Message

  • Request.Invalid: The request could not be understood by the server due to malformed syntax.

Error

401

Response details:

  • Code : Message

  • Authentication.Unauthenticated: Not authenticated. This API is only available for authenticated users.

Error

403

Response details:

  • Code : Message

  • Authorization.Unauthorized: Not authorized. This API is only available for authorized users.

Error

404

Response details:

  • Code: Message

  • Entitlement.NotFound: Entitlement does not exist.

  • User.NotFound: User does not exist.

Error

Tags

  • entitlement

Security

Type Name

oauth2

oauth2_implicit

oauth2

oauth2_authorizationCode

oauth2

oauth2_password

apiKey

SsoToken

POST /user/{identifier}/entitlementgroups

Description

Grant an entitlement group to a user identified by {identifier}

The ADMIN_GRANT_ENTITLEMENT_GROUP entitlement is required.

The ADMIN_GRANT_ANY_ENTITLEMENT_GROUP entitlement is required to grant entitlement groups unowned by the current user.

If the current user owns neither the target group nor the ADMIN_GRANT_ANY_ENTITLEMENT_GROUP entitlement, an Authorization.Unauthorized error will be returned.

Parameters

Type Name Description Schema

Path

identifier
required

Unique identifier of a user.

UUID is used by default. However, if the identifier is prefixed by a valid identifier attribute with a trailing :: the system will use it to search for a user with that matching attribute.

Examples: * 34324-213123-21343243 will search by UUID * email::joe@doe.com will search by the provided email. * uid::joedoe will search by the provided uid. * mobile::1-222-333-444 will search by the provided mobile. * any::joedoe will search by any of the above identifiers.

You are recommended to use UUID whenever possible.

string

Body

group
optional

Name of group

group

group

Name Schema

group
optional

string

Responses

HTTP Code Description Schema

201

The entitlement group has been granted to the user

No Content

400

Response details:

  • Code : Message

  • Request.Invalid: The request could not be understood by the server due to malformed syntax.

Error

401

Response details:

  • Code : Message

  • Authentication.Unauthenticated: Not authenticated. This API is only available for authenticated users.

Error

403

Response details:

  • Code : Message

  • Authorization.Unauthorized: Not authorized. This API is only available for authorized users.

Error

404

Response details:

  • Code: Message

  • User.NotFound: User does not exist.

  • Group.NotFound: Group with the given name does not exist.

Error

Tags

  • entitlement

Security

Type Name

oauth2

oauth2_implicit

oauth2

oauth2_authorizationCode

oauth2

oauth2_password

apiKey

SsoToken

DELETE /user/{identifier}/entitlementgroups/{entitlementGroup}

Description

Revoke an entitlement group from a user identified by {identifier}

The ADMIN_REVOKE_ENTITLEMENT_GROUP entitlement is required.

The ADMIN_REVOKE_ANY_ENTITLEMENT_GROUP entitlement is required to revoke entitlement groups unowned by the current user.

If the current user owns neither the target group nor the ADMIN_REVOKE_ANY_ENTITLEMENT_GROUP entitlement, an Authorization.Unauthorized error will be returned.

Parameters

Type Name Description Schema

Path

entitlementGroup
required

Name of entitlement group

string

Path

identifier
required

Unique identifier of a user.

UUID is used by default. However, if the identifier is prefixed by a valid identifier attribute with a trailing :: the system will use it to search for a user with that matching attribute.

Examples: * 34324-213123-21343243 will search by UUID * email::joe@doe.com will search by the provided email. * uid::joedoe will search by the provided uid. * mobile::1-222-333-444 will search by the provided mobile. * any::joedoe will search by any of the above identifiers.

You are recommended to use UUID whenever possible.

string

Responses

HTTP Code Description Schema

204

The entitlement group has been revoked from the user

No Content

400

Response details:

  • Code : Message

  • Request.Invalid: The request could not be understood by the server due to malformed syntax.

Error

401

Response details:

  • Code : Message

  • Authentication.Unauthenticated: Not authenticated. This API is only available for authenticated users.

Error

403

Response details:

  • Code : Message

  • Authorization.Unauthorized: Not authorized. This API is only available for authorized users.

Error

404

Response details

  • Code: Message

  • User.NotFound: User does not exist.

  • Group.NotFound: Group with the given name does not exist.

Error

Tags

  • entitlement

Security

Type Name

oauth2

oauth2_implicit

oauth2

oauth2_authorizationCode

oauth2

oauth2_password

apiKey

SsoToken

POST /user/{identifier}/entitlements

Description

Grant an entitlement to a user identified by {identifier}

The ADMIN_GRANT_ENTITLEMENT entitlement is required.

The ADMIN_GRANT_ANY_ENTITLEMENT entitlement is required to grant entitlements unowned by the current user.

If the current user owns neither the target entitlement nor the ADMIN_GRANT_ANY_ENTITLEMENT entitlement, an Authorization.Unauthorized error will be returned.

Parameters

Type Name Description Schema

Path

identifier
required

Unique identifier of a user.

UUID is used by default. However, if the identifier is prefixed by a valid identifier attribute with a trailing :: the system will use it to search for a user with that matching attribute.

Examples: * 34324-213123-21343243 will search by UUID * email::joe@doe.com will search by the provided email. * uid::joedoe will search by the provided uid. * mobile::1-222-333-444 will search by the provided mobile. * any::joedoe will search by any of the above identifiers.

You are recommended to use UUID whenever possible.

string

Body

entitlement
optional

Name of entitlement

EntitlementNameObject

Responses

HTTP Code Description Schema

201

The entitlement has been granted to the user

No Content

400

Response details:

  • Code : Message

  • Request.Invalid: The request could not be understood by the server due to malformed syntax.

Error

401

Response details:

  • Code : Message

  • Authentication.Unauthenticated: Not authenticated. This API is only available for authenticated users.

Error

403

Response details:

  • Code : Message

  • Authorization.Unauthorized: Not authorized. This API is only available for authorized users.

Error

404

Response details:

  • Code: Message

  • Entitlement.NotFound: Entitlement does not exist.

  • User.NotFound: User does not exist.

Error

Tags

  • entitlement

Security

Type Name

oauth2

oauth2_implicit

oauth2

oauth2_authorizationCode

oauth2

oauth2_password

apiKey

SsoToken

DELETE /user/{identifier}/entitlements/{entitlement}

Description

Revoke an entitlement from a user identified by {identifier}

The ADMIN_REVOKE_ENTITLEMENT entitlement is required.

The ADMIN_REVOKE_ANY_ENTITLEMENT entitlement is required to revoke entitlements unowned by the current user.

If the current user owns neither the target entitlement nor the ADMIN_REVOKE_ANY_ENTITLEMENT entitlement, an Authorization.Unauthorized error will be returned.

Parameters

Type Name Description Schema

Path

entitlement
required

Name of entitlement

string

Path

identifier
required

Unique identifier of a user.

UUID is used by default. However, if the identifier is prefixed by a valid identifier attribute with a trailing :: the system will use it to search for a user with that matching attribute.

Examples: * 34324-213123-21343243 will search by UUID * email::joe@doe.com will search by the provided email. * uid::joedoe will search by the provided uid. * mobile::1-222-333-444 will search by the provided mobile. * any::joedoe will search by any of the above identifiers.

You are recommended to use UUID whenever possible.

string

Responses

HTTP Code Description Schema

204

The entitlement has been revoked from the user

No Content

400

Response details:

  • Code : Message

  • Request.Invalid: The request could not be understood by the server due to malformed syntax.

Error

401

Response details:

  • Code : Message

  • Authentication.Unauthenticated: Not authenticated. This API is only available for authenticated users.

Error

403

Response details:

  • Code : Message

  • Authorization.Unauthorized: Not authorized. This API is only available for authorized users.

Error

404

Response details

  • Code: Message

  • Entitlement.NotFound: Entitlement does not exist.

  • User.NotFound: User does not exist.

Error

Tags

  • entitlement

Security

Type Name

oauth2

oauth2_implicit

oauth2

oauth2_authorizationCode

oauth2

oauth2_password

apiKey

SsoToken

POST /user/{identifier}/multipleentitlements

Description

Grants many entitlements to a user identified by {identifier}

The ADMIN_GRANT_ENTITLEMENT entitlement is required.

The ADMIN_GRANT_ANY_ENTITLEMENT entitlement is required to grant entitlements unowned by the current user.

If any of the target entitlements is unowned by the current user, and the ADMIN_GRANT_ANY_ENTITLEMENT entitlement is unowned by the current user, an Authorization.Unauthorized error will be returned.

Parameters

Type Name Description Schema

Path

identifier
required

Unique identifier of a user.

UUID is used by default. However, if the identifier is prefixed by a valid identifier attribute with a trailing :: the system will use it to search for a user with that matching attribute.

Examples: * 34324-213123-21343243 will search by UUID * email::joe@doe.com will search by the provided email. * uid::joedoe will search by the provided uid. * mobile::1-222-333-444 will search by the provided mobile. * any::joedoe will search by any of the above identifiers.

You are recommended to use UUID whenever possible.

string

Body

body
optional

EntitlementNamesObject

Responses

HTTP Code Description Schema

201

The entitlements have been granted to the user

No Content

400

Response details:

  • Code : Message

  • Request.Invalid: The request could not be understood by the server due to malformed syntax.

Error

401

Response details:

  • Code : Message

  • Authentication.Unauthenticated: Not authenticated. This API is only available for authenticated users.

Error

403

Response details:

  • Code : Message

  • Authorization.Unauthorized: Not authorized. This API is only available for authorized users.

Error

404

Response details:

  • Code: Message

  • Entitlement.NotFound: Entitlement does not exist.

  • User.NotFound: User does not exist.

Error

Tags

  • entitlement

Security

Type Name

oauth2

oauth2_implicit

oauth2

oauth2_authorizationCode

oauth2

oauth2_password

apiKey

SsoToken

Definitions

AliveStatus

Name Description Schema

message
optional

Description of service status if available

string

Entitlement

Name Schema

authLevel
optional

integer (int32)

description
optional

string

name
optional

string

EntitlementAndCustomerBody

Name Schema

customer
optional

string

entitlements
optional

< string > array

EntitlementNameObject

Name of entitlement

Name Schema

entitlement
optional

string

EntitlementNamesObject

List of entitlement names

Name Schema

entitlements
optional

< string > array

EntitlementUpdatesObject

Entitlement properties to be updated

Name Schema

authLevel
optional

integer (int32)

description
optional

string

EntitlementsList

Name Schema

entitlements
optional

< entitlements > array

entitlements

Name Schema

authLevel
optional

integer (int32)

description
optional

string

name
optional

string

EntitlementsValidationError

Name Schema

code
optional

string

details
optional

details

message
optional

string

details

Name Schema

allowed
optional

< allowed > array

denied
optional

< denied > array

allowed

Name Schema

name
optional

string

denied

Name Schema

name
optional

string

reason
optional

reason

reason

Name Schema

notAssigned
optional

boolean

requiredAuthLevel
optional

integer

EntitlementsValidationSuccess

Name Schema

allowed
optional

< allowed > array

allowed

Name Schema

name
optional

string

Error

Name Description Schema

code
optional

Unique internal error code

string

details
optional

Optional. Varies depending on the specific use case - details are determined by the particular API call.

object

message
optional

Description of the error code

string

Group

Name Description Schema

allowCoreEntitlements
optional

Whether core entitlements may be added to this group. Default true

boolean

description
optional

string

name
optional

string

GroupsList

List of groups

Name Schema

groups
optional

< groups > array

groups

Name Description Schema

allowCoreEntitlements
optional

Whether core entitlements may be added to this group. Default true

boolean

description
optional

string

name
optional

string

RetrievedCustomerObject

Name Description Schema

activationDate
optional

Date customer was activated

string

adminEmails
optional

Administrator Emails

< string > array

allowPublicRegistration
required

Allow public registration for organisation

string

cid
required

Customer ID

string

customerAlias
optional

Alias of Customer

string

customerDomains
optional

Customer Domains

< string > array

customerName
optional

Name of Customer

string

entitlements
optional

Customer Entitlements

< string > array

eulaAutomaticApproval
optional

EULA (End User License Agreement) automatic approval. When user is created, their eulaApproval is set to true

string

eulaRevision
optional

EULA (End User License Agreement) Revision

string

mfaMethod
optional

Multi-Factor Authentication method. If not set, no multi-factor authentication is used.

enum (NONE, OTP, KBA, GOOGLE_AUTHENTICATION)

recordCreated
optional

Timestamp when record was created

string

recordCreator
optional

Name of person that created the record

string

recordUpdated
optional

Timestamp when record was last updated

string

recordUpdater
optional

Name of person that last updated the record

string

status
optional

Customer activation status

string

uuid
required

Globally unique identifier

string

Security

oauth2_implicit

Type : oauth2
Flow : implicit
Token URL : https://cloudentity.dev.cloudentity.com/oauth/authorize

oauth2_authorizationCode

Type : oauth2
Flow : accessCode
Token URL : https://cloudentity.dev.cloudentity.com/oauth/authorize
Token URL : https://cloudentity.dev.cloudentity.com/oauth/token

oauth2_password

Type : oauth2
Flow : password
Token URL : https://cloudentity.dev.cloudentity.com/oauth/token

SsoToken

Type : apiKey
Name : token
In : HEADER