Overview

Version information

Version : 1.0.0

URI scheme

Host : cloudentity.dev.cloudentity.com
BasePath : /api
Schemes : HTTPS

Consumes

  • application/json

Produces

  • application/json

Paths

GET /session

Description

Gets user’s current session details

Responses

HTTP Code Description Schema

200

Current user session details

Session

400

Response details:

  • Code : Message

  • Request.Invalid: The request could not be understood by the server due to malformed syntax.

Error

401

Response details:

  • Code : Message

  • Authentication.Unauthenticated: Not authenticated. This API is only available for authenticated users.

Error

Tags

  • session

Security

Type Name

apiKey

SsoToken

Example HTTP response

Response 200
{
  "authLevel" : 30,
  "customer" : "default",
  "customerAlias" : "Default Customer",
  "entitlementGroups" : [ "USER_GROUP" ],
  "entitlements" : [ "CAN_ACCESS_PROFILE", "CAN_EDIT_PROFILE" ],
  "firstName" : "Joe",
  "googleAuthSecretAccepted" : "true",
  "lastName" : "Doe",
  "locale" : "en-US",
  "mfaMethod" : "GOOGLE_AUTHENTICATION",
  "uid" : "joedoe",
  "uuid" : "123432-43242344-12343245-432432432",
  "deviceUuid" : "e09b98e2-c021-41d5-b4a0-4c22f8065817",
  "authenticationIdentifier" : "joedoe"
}

DELETE /session

Description

User invalidates his current session resulting in a logout.

Returns success if the session is already invalid.

Responses

HTTP Code Description Schema

204

Session invalidated successfully.

No Content

400

Response details:

  • Code : Message

  • Request.Invalid: The request could not be understood by the server due to malformed syntax.

Error

Tags

  • session

Security

Type Name

apiKey

SsoToken

GET /session/authentication

Description

Retrieves session attributes used in an authentication flow.

Responses

HTTP Code Description Schema

200

Authentication attributes of a session

AuthenticationSession

400

Response details:

  • Code : Message

  • Request.Invalid: The request could not be understood by the server due to malformed syntax.

Error

401

Response details:

  • Code : Message

  • Authentication.Unauthenticated: Not authenticated. This API is only available for authenticated users.

Error

Tags

  • session

Security

Type Name

apiKey

SsoToken

GET /session/verify

Description

Verifies if the current session is valid. Results in an extension of the session.

Responses

HTTP Code Description Schema

200

Session verified succesfully.

Session gets extended automatically when this call returns 200.

No Content

400

Response details:

  • Code : Message

  • Request.Invalid: The request could not be understood by the server due to malformed syntax.

Error

401

Session is invalid

Session invalidity may be caused by several factors: * The session associated with the provided token expired * The session associated with the provided token never existed - the token is fake

For security reasons, the real reason for session invalidity is not returned.

Response details

|Code |Message

|Authentication.Unauthenticated |Not authenticated. This API is only available for authenticated users.

Error

Tags

  • session

Security

Type Name

apiKey

SsoToken

GET /sla/hmac/session

Description

Gets user’s current session details using HMAC authentication.

The ADMIN_GET_SESSION_VIA_HMAC entitlement is required.

This API uses the same request authorization headers as POST /apiKey/entitlement/validate (Validate Entitlements using API Key). See documentation for that API for details about authorization header inputs.

Parameters

Type Name Description Schema

Header

token
optional

SSO token of the current user

string

Header

x-orchis-authorization
optional

string

Header

x-orchis-date
optional

string

Header

x-orchis-request
optional

string

Responses

HTTP Code Description Schema

200

Current user session details

Session

400

Response details:

  • Code : Message

  • Request.Invalid: The request could not be understood by the server due to malformed syntax.

Error

401

Response details:

  • Code : Message

  • Authentication.RequestOutdated: The request was outdated. It failed to reach the server within 15 minutes of being sent - calculation is based on the x-orchis-date header and the hmac hashed request.

  • Authentication.Mismatch: Provided hmac request does not match the original request.

  • Authentication.InactiveUser: User account is inactive.

  • Authentication.InactiveCustomer: Customer account is inactive.

Error

403

Response details:

  • Code : Message

  • Authorization.Unauthorized: Not authorized. This API is only available for authorized users.

Error

Tags

  • session

Example HTTP response

Response 200
{
  "authLevel" : 30,
  "customer" : "default",
  "customerAlias" : "Default Customer",
  "entitlementGroups" : [ "USER_GROUP" ],
  "entitlements" : [ "CAN_ACCESS_PROFILE", "CAN_EDIT_PROFILE" ],
  "firstName" : "Joe",
  "googleAuthSecretAccepted" : "true",
  "lastName" : "Doe",
  "locale" : "en-US",
  "mfaMethod" : "GOOGLE_AUTHENTICATION",
  "uid" : "joedoe",
  "uuid" : "123432-43242344-12343245-432432432",
  "deviceUuid" : "e09b98e2-c021-41d5-b4a0-4c22f8065817",
  "authenticationIdentifier" : "joedoe"
}

GET /sla/session

Description

Gets user’s current session details

Responses

HTTP Code Description Schema

200

Current user session details

Session

400

Response details:

  • Code : Message

  • Request.Invalid: The request could not be understood by the server due to malformed syntax.

Error

401

Response details:

  • Code : Message

  • Authentication.Unauthenticated: Not authenticated. This API is only available for authenticated users.

Error

Tags

  • session

Security

Type Name

apiKey

SsoToken

Example HTTP response

Response 200
{
  "authLevel" : 30,
  "customer" : "default",
  "customerAlias" : "Default Customer",
  "entitlementGroups" : [ "USER_GROUP" ],
  "entitlements" : [ "CAN_ACCESS_PROFILE", "CAN_EDIT_PROFILE" ],
  "firstName" : "Joe",
  "googleAuthSecretAccepted" : "true",
  "lastName" : "Doe",
  "locale" : "en-US",
  "mfaMethod" : "GOOGLE_AUTHENTICATION",
  "uid" : "joedoe",
  "uuid" : "123432-43242344-12343245-432432432",
  "deviceUuid" : "e09b98e2-c021-41d5-b4a0-4c22f8065817",
  "authenticationIdentifier" : "joedoe"
}

DELETE /sla/session

Description

User invalidates his current session resulting in a logout.

Returns success if the session is already invalid.

Responses

HTTP Code Description Schema

204

Session invalidated successfully.

No Content

400

Response details:

  • Code : Message

  • Request.Invalid: The request could not be understood by the server due to malformed syntax.

Error

Tags

  • session

Security

Type Name

apiKey

SsoToken

GET /sla/session/authentication

Description

Retrieves session attributes used in an authentication flow.

Responses

HTTP Code Description Schema

200

Authentication attributes of a session

AuthenticationSession

400

Response details:

  • Code : Message

  • Request.Invalid: The request could not be understood by the server due to malformed syntax.

Error

401

Response details:

  • Code : Message

  • Authentication.Unauthenticated: Not authenticated. This API is only available for authenticated users.

Error

Tags

  • session

Security

Type Name

apiKey

SsoToken

GET /sla/session/verify

Description

Verifies if the current session is valid. Results in an extension of the session.

Responses

HTTP Code Description Schema

200

Session verified succesfully.

Session gets extended automatically when this call returns 200.

No Content

400

Response details:

  • Code : Message

  • Request.Invalid: The request could not be understood by the server due to malformed syntax.

Error

401

Session is invalid

Session invalidity may be caused by several factors: * The session associated with the provided token expired * The session associated with the provided token never existed - the token is fake

For security reasons, the real reason for session invalidity is not returned.

Response details

|Code |Message

|Authentication.Unauthenticated |Not authenticated. This API is only available for authenticated users.

Error

Tags

  • session

Security

Type Name

apiKey

SsoToken

DELETE /sla/user/device/{identifier}/sessions

Description

Removes sessions which belongs to particular device and user invoking that action. Only current session of user who is invalidating device sessions cannot be removed.

Parameters

Type Name Description Schema

Path

identifier
required

Unique identifier of a device.

string

Responses

HTTP Code Description Schema

200

Session invalidated successfully.

No Content

400

Response details:

  • Code : Message

  • Request.Invalid: The request could not be understood by the server due to malformed syntax.

Error

401

Response details:

  • Code : Message

  • Authentication.Unauthenticated: Not authenticated. This API is only available for authenticated users.

Error

403

Response details:

  • Code : Message

  • Authorization.Unauthorized: Not authorized. This API is only available for authorized users.

  • IOTDevice.Unauthorized: Not authorized to manage the specified device.

IotDeviceValidationError

Tags

  • session

Security

Type Name

apiKey

SsoToken

DELETE /user/device/{identifier}/sessions

Description

Removes sessions which belongs to particular device and user invoking that action. Only current session of user who is invalidating device sessions cannot be removed.

Parameters

Type Name Description Schema

Path

identifier
required

Unique identifier of a device.

string

Responses

HTTP Code Description Schema

200

Session invalidated successfully.

No Content

400

Response details:

  • Code : Message

  • Request.Invalid: The request could not be understood by the server due to malformed syntax.

Error

401

Response details:

  • Code : Message

  • Authentication.Unauthenticated: Not authenticated. This API is only available for authenticated users.

Error

403

Response details:

  • Code : Message

  • Authorization.Unauthorized: Not authorized. This API is only available for authorized users.

  • IOTDevice.Unauthorized: Not authorized to manage the specified device.

IotDeviceValidationError

Tags

  • session

Security

Type Name

apiKey

SsoToken

Definitions

AliveStatus

Name Description Schema

message
optional

Description of service status if available

string

AuthenticationSession

Name Description Schema

authenticationIdentifier
optional

Identifier which was originally used in the creation of this session

string

googleAuthSecretAccepted
optional

Whether this user has accepted his/her Google authSecret

string

Error

Name Description Schema

code
optional

Unique internal error code

string

details
optional

Optional. Varies depending on the specific use case - details are determined by the particular API call.

object

message
optional

Description of the error code

string

IotDeviceValidationError

Name Description Schema

code
optional

Unique internal error code

string

details
optional

Optional. Varies depending on the specific use case - details are determined by the particular API call.

details

message
optional

Description of the error code

string

details

Name Schema

fields
optional

< fields > array

fields

Name Description Schema

code
optional

Unique internal error code

string

message
optional

Description of the error code

string

name
optional

UUID of invalid IOT devices

string

Session

Name Description Schema

authLevel
optional

Current authentication level of the user

integer (int32)

authenticationIdentifier
optional

Identifier which was originally used in the creation of this session

string

customer
optional

CID of the customer to which this user is assigned

string

customerAlias
optional

Alias of the customer to which this user is assigned

string

defaultCustomer
optional

CID of the customer to which this user is assigned. Does not change even if session customer changes.

string

defaultCustomerStatus
optional

Activation status of the customer to which this user is assigned. Does not change even if session customer changes.

string

deviceUuid
optional

UUID of the device

string

entitlementGroups
optional

List of entitlement groups the user has within the current session

< string > array

entitlements
optional

List of entitlements the user has within the current session

< string > array

firstName
optional

User’s first name i.e. Joe

string

googleAuthSecretAccepted
optional

Whether this user has accepted his/her Google authSecret

string

lastName
optional

User’s last name i.e. Doe

string

locale
optional

Locale of the user

string

mfaMethod
optional

User’s MFA method

string

uid
optional

Unique identifier of the user - i.e. login

string

uuid
optional

UUID of the user

string

Security

SsoToken

Type : apiKey
Name : token
In : HEADER