Getting started with Cloud Identity Plane REST API

This article explains how to get started using Cloud Identity Plane REST API.

Prerequisites

  • CIP up and running

  • Administrator account in CIP

About this tutorial

In this tutorial, you’re going to perform the following actions:

  1. Authenticate to CIP to start a session and get an SSO token.

  2. Create a new user in CIP using the received token.

  3. End the session.

As a result, you will gain a basic understanding on how to send requests to CIP using the SSO token. Having this knowledge, you’ll be able to consume the public REST API endpoints provided by CIP.

Create a user in Cloud Identity Plane

  1. Send the authentication request to https://example.com/api/authn/identifierpassword.

    • Replace example.com with your actual CIP domain

    • Set identifier and password to your own credentials

    curl --verbose POST 'https://example.com/api/authn/identifierpassword' \
    --header 'Content-Type: application/json' \
    --data-raw '{
    "identifier": "YOUR_IDENTIFIER",
    "password": "t0ps3cr3t"
    }'
    

    Result

    Authorization token is returned in the response body (code 201 is returned).

    < HTTP/2 201
    < date: Tue, 08 Jun 2021 12:41:01 GMT
    < content-type: application/json
    < content-length: 48
    < server: nginx
    < trace-id: 23b5a553fb95a19c
    < access-control-allow-credentials: true
    < access-control-allow-headers: *
    < access-control-allow-methods: *
    < access-control-max-age: 600
    <
    * Connection #0 to host example.com left intact
    {"token":"0d25bdba-009b-47a9-a985-554692572b1e"}* Closing connection 0
    

    More information

    You can read more about authentication options in the REST API authentication documentation.

  2. Create a new user in the system by sending a request to https://example.com/api/users.

    • Replace example.com with your actual CIP domain

    • Include a header called token containing the SSO token received from the authentication request

    curl --verbose POST 'https://example.com/api/users' \
    --header 'Content-Type: application/json' \
    --header 'token: 0d25bdba-009b-47a9-a985-554692572b1e' \
    --data-raw '{"mfaMethod":"NONE","firstName":"Joe","lastName":"Smith","status":"inactive","uid":"joesmith","unverifiedEmails":["jsmith@test.cloudentity.com"]}'
    

    Result

    New inactive user (Joe Smith) is created in the system (code 201 Created is returned). Activation message is sent to the provided e-mail addresses.

    < HTTP/1.1 201 Created
    < Server: nginx
    < Date: Mon, 24 May 2021 14:50:15 GMT
    < Content-Type: application/json
    < Content-Length: 571
    < Connection: keep-alive
    < Trace-Id: e0f1a590e0523f64
    < Access-Control-Allow-Credentials: true
    < Access-Control-Allow-Headers: *
    < Access-Control-Allow-Methods: *
    < Access-Control-Max-Age: 600
    <
    * Connection #1 to host example.com left intact
    {"lastName":"Smith","googleAuthSecretAccepted":"false","apiKey":"YTU2OWIwYWQtYTE3Zi00NmE5LWE5OGYtYTk5NzQxNzVmZjky",
    "forcePwdReset":true,"mfaMethod":"NONE","totpSecretAccepted":false,"eulaApproval":"true","uuid":"9aad820e-f2ee-46ce-babb-aa1d0ee1bf50",
    "otpSetupComplete":false,"passwordChangedDate":"20210524145015.712Z","firstName":"Joe","uid":"joesmith",
    "createdDate":"20210524145015Z","unverifiedEmails":["jsmith@test.cloudentity.com"],"customers":["cloudentity"],
    "entitlementGroups":["SELF_USER_ENTITLEMENT_GROUP"],"status":"inactive","customer":"cloudentity",
    "newUserStatus":true}
    * Closing connection 1
    

    More information

    You can read more about the available user actions options in the REST API user documentation.

  3. End the session by sending a request to https://example.com/api/session.

    • Replace example.com with your actual CIP domain

    • Include a header called token containing the SSO token received from the authentication request

    curl --location --verbose --request DELETE 'https://example.com/api/session' \
    --header 'token: 0d25bdba-009b-47a9-a985-554692572b1e'
    

    Result

    Your session is terminated (code 204 No Content is returned).

    < HTTP/1.1 204 No Content
    < Server: nginx
    < Date: Mon, 24 May 2021 15:17:27 GMT
    < Content-Type: application/json
    < Connection: keep-alive
    < Trace-Id: 9158bd8babcda034
    < Access-Control-Allow-Credentials: true
    < Access-Control-Allow-Headers: *
    < Access-Control-Allow-Methods: *
    < Access-Control-Max-Age: 600
    <
    

Having tried out the simple use-case presented in this tutorial, you might be interested in the following articles: