Getting started with Cloud Identity Plane REST API
This article explains how to get started using Cloud Identity Plane REST API.
Prerequisites
-
CIP up and running
-
Administrator account in CIP
About this tutorial
In this tutorial, you’re going to perform the following actions:
-
Authenticate to CIP to start a session and get an SSO token.
-
Create a new user in CIP using the received token.
-
End the session.
As a result, you will gain a basic understanding on how to send requests to CIP using the SSO token. Having this knowledge, you’ll be able to consume the public REST API endpoints provided by CIP.
Create a user in Cloud Identity Plane
-
Send the authentication request to
https://example.com/api/authn/identifierpassword
.-
Replace
example.com
with your actual CIP domain -
Set
identifier
andpassword
to your own credentials
curl --verbose POST 'https://example.com/api/authn/identifierpassword' \ --header 'Content-Type: application/json' \ --data-raw '{ "identifier": "YOUR_IDENTIFIER", "password": "t0ps3cr3t" }'
Result
Authorization token is returned in the response body (code 201 is returned).
< HTTP/2 201 < date: Tue, 08 Jun 2021 12:41:01 GMT < content-type: application/json < content-length: 48 < server: nginx < trace-id: 23b5a553fb95a19c < access-control-allow-credentials: true < access-control-allow-headers: * < access-control-allow-methods: * < access-control-max-age: 600 < * Connection #0 to host example.com left intact {"token":"0d25bdba-009b-47a9-a985-554692572b1e"}* Closing connection 0
More information
You can read more about authentication options in the REST API authentication documentation.
-
-
Create a new user in the system by sending a request to
https://example.com/api/users
.-
Replace
example.com
with your actual CIP domain -
Include a header called
token
containing the SSO token received from the authentication request
curl --verbose POST 'https://example.com/api/users' \ --header 'Content-Type: application/json' \ --header 'token: 0d25bdba-009b-47a9-a985-554692572b1e' \ --data-raw '{"mfaMethod":"NONE","firstName":"Joe","lastName":"Smith","status":"inactive","uid":"joesmith","unverifiedEmails":["jsmith@test.cloudentity.com"]}'
Result
New inactive user (Joe Smith) is created in the system (code
201 Created
is returned). Activation message is sent to the provided e-mail addresses.< HTTP/1.1 201 Created < Server: nginx < Date: Mon, 24 May 2021 14:50:15 GMT < Content-Type: application/json < Content-Length: 571 < Connection: keep-alive < Trace-Id: e0f1a590e0523f64 < Access-Control-Allow-Credentials: true < Access-Control-Allow-Headers: * < Access-Control-Allow-Methods: * < Access-Control-Max-Age: 600 < * Connection #1 to host example.com left intact {"lastName":"Smith","googleAuthSecretAccepted":"false","apiKey":"YTU2OWIwYWQtYTE3Zi00NmE5LWE5OGYtYTk5NzQxNzVmZjky", "forcePwdReset":true,"mfaMethod":"NONE","totpSecretAccepted":false,"eulaApproval":"true","uuid":"9aad820e-f2ee-46ce-babb-aa1d0ee1bf50", "otpSetupComplete":false,"passwordChangedDate":"20210524145015.712Z","firstName":"Joe","uid":"joesmith", "createdDate":"20210524145015Z","unverifiedEmails":["jsmith@test.cloudentity.com"],"customers":["cloudentity"], "entitlementGroups":["SELF_USER_ENTITLEMENT_GROUP"],"status":"inactive","customer":"cloudentity", "newUserStatus":true} * Closing connection 1
More information
You can read more about the available user actions options in the REST API user documentation.
-
-
End the session by sending a request to
https://example.com/api/session
.-
Replace
example.com
with your actual CIP domain -
Include a header called
token
containing the SSO token received from the authentication request
curl --location --verbose --request DELETE 'https://example.com/api/session' \ --header 'token: 0d25bdba-009b-47a9-a985-554692572b1e'
Result
Your session is terminated (code
204 No Content
is returned).< HTTP/1.1 204 No Content < Server: nginx < Date: Mon, 24 May 2021 15:17:27 GMT < Content-Type: application/json < Connection: keep-alive < Trace-Id: 9158bd8babcda034 < Access-Control-Allow-Credentials: true < Access-Control-Allow-Headers: * < Access-Control-Allow-Methods: * < Access-Control-Max-Age: 600 <
-
Related articles
Having tried out the simple use-case presented in this tutorial, you might be interested in the following articles:
-
CIP REST API documentation describing all CIP public endpoints in detail
-
Entitlements documentation describing the concept of entitlements, which grant users the rights to perform certain actions in the system.
-
Authentication mechanisms in CIP describing authentication methods available in the system.