REST API

Identity and Access Management REST API documentation version v1

{schema}://{host}/api/{version}

  • schema: required (one of http, https - default: http)
  • host: required (string - default: localhost)
  • version: required (v1)

Users

Operations on users.

/users post get

post /users

Registers a new user.

Secured by oauth_2_0 with scopes:
  • iam:user:create

IAM supports OAuth 2.0 for authenticating all API requests.

Body

Media type: application/json

Type: object

Properties

  • firstName: (string)

    User's first name.

  • lastName: (string)

    User's last name.

  • email: required (string)

    User's email (required when keycloakIDAsUsername enabled).

  • username: required (string)

    Username (required when keycloakIDAsUsername disbaled).

  • password: required (string)

    User's password.

  • confirmPassword: required (string)

    Confirmation of user's password.

  • enabled: (boolean)

    Whether user is enabled or not. Default is false.

  • path: (string)

    User's path that will be used in KRN.

  • policyIDs: (array of )

    Policies that must be attached to user.

  • groups: (array of )

    Groups that user must be assigned to.

  • sendVerifyEmail: (boolean)

    Send verify email to user flag.

  • redirectUri: (string)

    Redirect Uri after user verify.

Example:

{
  "firstName": "John",
  "lastName": "Foo",
  "email": "johnfoo@gmail.com",
  "enabled": true,
  "username": "foojohn",
  "password": "YesYkYKpLd6n3dVZ",
  "confirmPassword": "YesYkYKpLd6n3dVZ",
  "path": "/org1",
  "policyIDs": [
      "a3JuOmlhbTprYWE6OnBvbGljeS9BZG1pbl91c2VyX3JlYWQ="
  ],
  "groups": [
      "a3JuOmlhbTprYWE6Omdyb3VwL0Zvbw=="
  ],
  "sendVerifyEmail": true,
  "redirectUri": "http://example.com/"
}

HTTP status code 201

User is successfully registered.

Body

Media type: application/json

Type: object

Properties

  • data: required (object)
    • id: (string)

      User ID.

    • created: required (datetime)

      User creation date.

    • updated: required (datetime)

      User update date.

    • tenantID: required (string)

      Tenant ID that user belongs to.

    • email: (string)

      User's email (required when keycloakIDAsUsername enabled).

    • username: required (string)

      Username (required when keycloakIDAsUsername disbaled).

    • enabled: required (boolean)

      Whether user is enabled or not.

    • path: (string)

      User's path that is used in KRN.

    • krn: required (string)

      User's KRN.

    • policyIDs: (array of )

      Policies that are attached to user.

    • groups: (array of )

      Groups that user is assigned to.

    • sendVerifyEmail: (boolean)

      Send verify email to user flag.

    • redirectUri: (string)

      Redirect Uri after user verify.

Example:

{
  "data": {
      "id": "a3JuOmlhbTprYWE6OnVzZXIvb3JnMS9qb2hu",
      "created": "2021-10-18T10:19:17.530472734Z",
      "updated": "2021-10-18T10:19:17.530472734Z",
      "tenantID": "kaa",
      "email": "john@gmail.com",
      "enabled": true,
      "firstName": "John",
      "lastName": "Martin",
      "username": "john",
      "krn": "krn:iam:kaa::user/org1/john",
      "path": "/org1",
      "groups": [
          "a3JuOmlhbTprYWE6Omdyb3VwL0Zvbw=="
      ],
      "policyIDs": [
          "a3JuOmlhbTprYWE6OnBvbGljeS9BZG1pbl91c2VyX3JlYWQ="
      ],
      "sendVerifyEmail": true,
      "redirectUri": "http://example.com/"
  }
}

HTTP status code 400

Invalid request.

HTTP status code 401

Request is not authenticated.

HTTP status code 403

Principal does not have sufficient permissions to perform this operation.

Secured by oauth_2_0

Headers

  • Authorization: (string)

    Used to send a valid OAuth 2 access token. Example: "Authorization: Bearer 'access_token'" where 'access_token' must be replaced by a valid OAuth access token. This header is needed only if API authentication is enabled for the service.

get /users

Retrieves users.

Secured by oauth_2_0 with scopes:
  • iam:user:read

IAM supports OAuth 2.0 for authenticating all API requests.

HTTP status code 200

Users are successfully retrieved.

Body

Media type: application/json

Type: object

Properties

  • data: required (array of RetriveUser)

    Items: RetriveUser

    • id: (string)

      User ID.

    • created: required (datetime)

      User creation date.

    • updated: required (datetime)

      User update date.

    • tenantID: required (string)

      Tenant ID that user belongs to.

    • email: (string)

      User's email (required when keycloakIDAsUsername enabled).

    • username: required (string)

      Username (required when keycloakIDAsUsername disbaled).

    • enabled: required (boolean)

      Whether user is enabled or not.

    • path: (string)

      User's path that is used in KRN.

    • krn: required (string)

      User's KRN.

  • count: required (integer)

    Total amount of users.

  • page: required (integer)

    Page number.

  • pageSize: required (integer)

    Total returned elements.

Example:

{
  "data": [
      {
          "id": "a3JuOmlhbTprYWE6OnVzZXIvcm9iYmll",
          "created": "2021-10-18T08:47:54.219531Z",
          "updated": "2021-10-18T08:47:54.219531Z",
          "tenantID": "kaa",
          "email": "robbie@example.com",
          "enabled": true,
          "firstName": "",
          "lastName": "",
          "username": "robbie",
          "krn": "krn:iam:kaa::user/robbie",
          "path": "/"
      },
      {
          "id": "a3JuOmlhbTprYWE6OnVzZXIvb3JnMS9qb2hu",
          "created": "2021-10-18T10:19:17.530472Z",
          "updated": "2021-10-18T10:19:17.530472Z",
          "tenantID": "kaa",
          "email": "john@gmail.com",
          "enabled": true,
          "firstName": "John",
          "lastName": "Martin",
          "username": "john",
          "krn": "krn:iam:kaa::user/org1/john",
          "path": "/org1"
      },
      {
          "id": "a3JuOmlhbTprYWE6OnVzZXIvdmljdG9y",
          "created": "2021-10-15T10:58:50.317315Z",
          "updated": "2021-10-15T10:58:50.317315Z",
          "tenantID": "kaa",
          "email": "victor@email.com",
          "enabled": true,
          "firstName": "Victor",
          "lastName": "Charles",
          "username": "victor",
          "krn": "krn:iam:kaa::user/victor",
          "path": "/"
      },
      {
          "id": "a3JuOmlhbTprYWE6OnVzZXIvZnJhbmNlc0BnbWFpbC5jb20=",
          "created": "2021-10-15T09:58:17.989254Z",
          "updated": "2021-10-15T09:58:17.989254Z",
          "tenantID": "kaa",
          "email": "rances@gmail.com",
          "enabled": true,
          "firstName": "Frances",
          "lastName": "Nathan",
          "username": "frances@gmail.com",
          "krn": "krn:iam:kaa::user/frances@gmail.com",
          "path": "/"
      },
      {
          "id": "a3JuOmlhbTprYWE6OnVzZXIvd2luaWZyZWQ=",
          "created": "2021-10-15T14:54:53.679871Z",
          "updated": "2021-10-15T15:33:57.90856Z",
          "tenantID": "kaa",
          "email": "winifred@gmail.com",
          "enabled": true,
          "firstName": "Winifred",
          "lastName": "Theodora",
          "username": "winifred",
          "krn": "krn:iam:kaa::user/winifred",
          "path": "/"
      },
      {
          "id": "a3JuOmlhbTprYWE6OnVzZXIvY2Fyb2xpbmU=",
          "created": "2021-10-18T08:14:47.481435Z",
          "updated": "2021-10-18T08:14:47.481435Z",
          "tenantID": "kaa",
          "email": "caroline@gmail.com",
          "enabled": true,
          "firstName": "Caroline",
          "lastName": "Melina",
          "username": "caroline",
          "krn": "krn:iam:kaa::user/caroline",
          "path": "/"
      }
  ],
  "count": 6,
  "page": 1,
  "pageSize": 10
}

HTTP status code 401

Request is not authenticated.

HTTP status code 403

Principal does not have sufficient permissions to perform this operation.

Secured by oauth_2_0

Headers

  • Authorization: (string)

    Used to send a valid OAuth 2 access token. Example: "Authorization: Bearer 'access_token'" where 'access_token' must be replaced by a valid OAuth access token. This header is needed only if API authentication is enabled for the service.

/users/delete post

post /users/delete

Bulk deletes users.

Secured by oauth_2_0 with scopes:
  • iam:user:delete

IAM supports OAuth 2.0 for authenticating all API requests.

Body

Media type: application/json

Type: object

Properties

  • userIDs: required (string)

Example:

{
  "userIDs": [
    "a3JuOmlhbTprYWE6OnVzZXIvcGF0aC9mb3dsZXI="
  ]
}

HTTP status code 204

Users successfully deleted.

HTTP status code 400

Invalid request.

HTTP status code 401

Request is not authenticated.

HTTP status code 403

Principal does not have sufficient permissions to perform this operation.

Secured by oauth_2_0

Headers

  • Authorization: (string)

    Used to send a valid OAuth 2 access token. Example: "Authorization: Bearer 'access_token'" where 'access_token' must be replaced by a valid OAuth access token. This header is needed only if API authentication is enabled for the service.

/users/userinfo get

get /users/userinfo

Retrieve currently autheticated user.

Secured by oauth_2_0 with scopes:
  • iam:user:read

IAM supports OAuth 2.0 for authenticating all API requests.

HTTP status code 200

User successfully retrieved.

Body

Media type: application/json

Type: object

Properties

  • data: required (object)
    • id: (string)

      User ID.

    • created: required (datetime)

      User creation date.

    • updated: required (datetime)

      User update date.

    • tenantID: required (string)

      Tenant ID that user belongs to.

    • email: (string)

      User's email (required when keycloakIDAsUsername enabled).

    • username: required (string)

      Username (required when keycloakIDAsUsername disbaled).

    • enabled: required (boolean)

      Whether user is enabled or not.

    • path: (string)

      User's path that is used in KRN.

    • krn: required (string)

      User's KRN.

Example:

{
  "data": {
      "id": "a3JuOmlhbTprYWE6OnVzZXIvam9zZXBobW9yZ2Fu",
      "created": "2021-10-18T11:08:09.4919Z",
      "updated": "2021-10-18T11:08:09.4919Z",
      "tenantID": "kaa",
      "email": "josephmorgan@gmail.com",
      "enabled": true,
      "firstName": "Joseph",
      "lastName": "Morgan",
      "username": "josephmorgan",
      "krn": "krn:iam:kaa::user/josephmorgan",
      "path": "/"
  }
}

HTTP status code 400

Invalid request.

HTTP status code 401

Request is not authenticated.

HTTP status code 403

Principal does not have sufficient permissions to perform this operation.

Secured by oauth_2_0

Headers

  • Authorization: (string)

    Used to send a valid OAuth 2 access token. Example: "Authorization: Bearer 'access_token'" where 'access_token' must be replaced by a valid OAuth access token. This header is needed only if API authentication is enabled for the service.

/users/{userID} get put delete

get /users/{userID}

Retrieves a specific user.

Secured by oauth_2_0 with scopes:
  • iam:user:read

IAM supports OAuth 2.0 for authenticating all API requests.

URI Parameters

  • userID: required (string)

    User ID.

    Example:

    a3JuOmlhbTprYWE6dXNlci90ZXN0cGF0aC90c3Nzc2VzM3Qz

HTTP status code 200

User is successfully retrieved.

Body

Media type: application/json

Type: object

Properties

  • data: required (object)
    • id: (string)

      User ID.

    • created: required (datetime)

      User creation date.

    • updated: required (datetime)

      User update date.

    • tenantID: required (string)

      Tenant ID that user belongs to.

    • email: (string)

      User's email (required when keycloakIDAsUsername enabled).

    • username: required (string)

      Username (required when keycloakIDAsUsername disbaled).

    • enabled: required (boolean)

      Whether user is enabled or not.

    • path: (string)

      User's path that is used in KRN.

    • krn: required (string)

      User's KRN.

Example:

{
  "data": {
      "id": "a3JuOmlhbTprYWE6OnVzZXIvam9zZXBobW9yZ2Fu",
      "created": "2021-10-18T11:08:09.4919Z",
      "updated": "2021-10-18T11:08:09.4919Z",
      "tenantID": "kaa",
      "email": "josephmorgan@gmail.com",
      "enabled": true,
      "firstName": "Joseph",
      "lastName": "Morgan",
      "username": "josephmorgan",
      "krn": "krn:iam:kaa::user/josephmorgan",
      "path": "/"
  }
}

HTTP status code 401

Request is not authenticated.

HTTP status code 403

Principal does not have sufficient permissions to perform this operation.

Secured by oauth_2_0

Headers

  • Authorization: (string)

    Used to send a valid OAuth 2 access token. Example: "Authorization: Bearer 'access_token'" where 'access_token' must be replaced by a valid OAuth access token. This header is needed only if API authentication is enabled for the service.

put /users/{userID}

Updates a specific user.

Secured by oauth_2_0 with scopes:
  • iam:user:update

IAM supports OAuth 2.0 for authenticating all API requests.

URI Parameters

  • userID: required (string)

    User ID.

    Example:

    a3JuOmlhbTprYWE6dXNlci90ZXN0cGF0aC90c3Nzc2VzM3Qz

Body

Media type: application/json

Type: object

Properties

  • email: (string)

    User's email (required when keycloakIDAsUsername enabled).

  • firstName: (string)

    User's first name.

  • lastName: (string)

    User's last name.

  • enabled: (boolean)

    Whether user is enabled or not.

Example:

{
  "firstName": "MorganUpdated",
  "lastName": "JosephUpdated",
  "email": "josephm@gmail.com",
  "enabled": true
}

HTTP status code 204

User is successfully updated.

HTTP status code 400

Invalid request.

HTTP status code 401

Request is not authenticated.

HTTP status code 403

Principal does not have sufficient permissions to perform this operation.

Secured by oauth_2_0

Headers

  • Authorization: (string)

    Used to send a valid OAuth 2 access token. Example: "Authorization: Bearer 'access_token'" where 'access_token' must be replaced by a valid OAuth access token. This header is needed only if API authentication is enabled for the service.

delete /users/{userID}

Deletes a specific user.

Secured by oauth_2_0 with scopes:
  • iam:user:delete

IAM supports OAuth 2.0 for authenticating all API requests.

URI Parameters

  • userID: required (string)

    User ID.

    Example:

    a3JuOmlhbTprYWE6dXNlci90ZXN0cGF0aC90c3Nzc2VzM3Qz

HTTP status code 204

User is successfully deleted.

HTTP status code 400

Invalid request.

HTTP status code 401

Request is not authenticated.

HTTP status code 403

Principal does not have sufficient permissions to perform this operation.

Secured by oauth_2_0

Headers

  • Authorization: (string)

    Used to send a valid OAuth 2 access token. Example: "Authorization: Bearer 'access_token'" where 'access_token' must be replaced by a valid OAuth access token. This header is needed only if API authentication is enabled for the service.

/users/{userID}/attributes get put

get /users/{userID}/attributes

Retrieves a specific user attributes.

Secured by oauth_2_0 with scopes:
  • iam:user:read

IAM supports OAuth 2.0 for authenticating all API requests.

URI Parameters

  • userID: required (string)

    User ID.

    Example:

    a3JuOmlhbTprYWE6dXNlci90ZXN0cGF0aC90c3Nzc2VzM3Qz

HTTP status code 200

User attributes is successfully retrieved.

Body

Media type: application/json

Type: object

Properties

  • data: required (object)

    Example:

    {
        "data": {
            "lastLogin": [
                "23.11.2021"
            ],
            "path": [
                "/testpath"
            ],
            "userInfo": [
                "Micheal",
                "Mark"
            ]
        }
    }

    HTTP status code 401

    Request is not authenticated.

    HTTP status code 403

    Principal does not have sufficient permissions to perform this operation.

    Secured by oauth_2_0

    Headers

    • Authorization: (string)

      Used to send a valid OAuth 2 access token. Example: "Authorization: Bearer 'access_token'" where 'access_token' must be replaced by a valid OAuth access token. This header is needed only if API authentication is enabled for the service.

    put /users/{userID}/attributes

    Updates a specific user attributes.

    Secured by oauth_2_0 with scopes:
    • iam:user:update

    IAM supports OAuth 2.0 for authenticating all API requests.

    URI Parameters

    • userID: required (string)

      User ID.

      Example:

      a3JuOmlhbTprYWE6dXNlci90ZXN0cGF0aC90c3Nzc2VzM3Qz

    Body

    Media type: application/json

    Type: object

    Example:

    {
        "attributes": {
            "lastLogin": [
                "23.11.2021"
            ],
            "userInfo": [
                "Micheal",
                "Mark"
            ]
        }
    }

    HTTP status code 204

    User attributes is successfully updated.

    HTTP status code 400

    Invalid request.

    HTTP status code 401

    Request is not authenticated.

    HTTP status code 403

    Principal does not have sufficient permissions to perform this operation.

    Secured by oauth_2_0

    Headers

    • Authorization: (string)

      Used to send a valid OAuth 2 access token. Example: "Authorization: Bearer 'access_token'" where 'access_token' must be replaced by a valid OAuth access token. This header is needed only if API authentication is enabled for the service.

    /users/{userID}/password/change post

    post /users/{userID}/password/change

    Changes user's password.

    Secured by oauth_2_0 with scopes:
    • iam:user:update

    IAM supports OAuth 2.0 for authenticating all API requests.

    URI Parameters

    • userID: required (string)

      User ID.

      Example:

      a3JuOmlhbTprYWE6dXNlci90ZXN0cGF0aC90c3Nzc2VzM3Qz

    Body

    Media type: application/json

    Type: object

    Properties

    • oldPassword: required (string)

      User's old password.

    • newPassword: required (string)

      User's new password.

    • confirmPassword: required (string)

      User's new password confirmation.

    Example:

    {
      "oldPassword": "YesYkYKpLd6n3dVZ",
      "newPassword": "KPJ9KP33afQqG7ke",
      "confirmPassword": "KPJ9KP33afQqG7ke"
    }

    HTTP status code 204

    User's password is successfully changed.

    HTTP status code 400

    Invalid request.

    HTTP status code 401

    Request is not authenticated.

    HTTP status code 403

    Principal does not have sufficient permissions to perform this operation.

    Secured by oauth_2_0

    Headers

    • Authorization: (string)

      Used to send a valid OAuth 2 access token. Example: "Authorization: Bearer 'access_token'" where 'access_token' must be replaced by a valid OAuth access token. This header is needed only if API authentication is enabled for the service.

    /users/{userID}/password/reset post

    post /users/{userID}/password/reset

    Reset user's password.

    Secured by oauth_2_0 with scopes:
    • iam:user:update

    IAM supports OAuth 2.0 for authenticating all API requests.

    URI Parameters

    • userID: required (string)

      User ID.

      Example:

      a3JuOmlhbTprYWE6dXNlci90ZXN0cGF0aC90c3Nzc2VzM3Qz

    Body

    Media type: application/json

    Type: object

    Properties

    • newPassword: required (string)

      User's new password.

    • confirmPassword: required (string)

      User's new password confirmation.

    Example:

    {
      "newPassword": "hh8VkeHymc3j8NYJ",
      "confirmPassword": "hh8VkeHymc3j8NYJ"
    }

    HTTP status code 204

    User password is successfully reseted.

    HTTP status code 400

    Invalid request.

    HTTP status code 401

    Request is not authenticated.

    HTTP status code 403

    Principal does not have sufficient permissions to perform this operation.

    Secured by oauth_2_0

    Headers

    • Authorization: (string)

      Used to send a valid OAuth 2 access token. Example: "Authorization: Bearer 'access_token'" where 'access_token' must be replaced by a valid OAuth access token. This header is needed only if API authentication is enabled for the service.

    /users/{userID}/groups get

    get /users/{userID}/groups

    Get membership groups.

    Secured by oauth_2_0 with scopes:
    • iam:group:read

    IAM supports OAuth 2.0 for authenticating all API requests.

    URI Parameters

    • userID: required (string)

      User ID.

      Example:

      a3JuOmlhbTprYWE6dXNlci90ZXN0cGF0aC90c3Nzc2VzM3Qz

    Query Parameters

    • first: (integer - default: 0)

      Paging offset.

      Example:

      2
    • max: (integer - default: 10)

      Maximum results size.

      Example:

      20

    HTTP status code 200

    Membership groups are successfully retrieved.

    Body

    Media type: application/json

    Type: object

    Properties

    • data: required (array of Group)

      Items: Group

      • id: required (string)

        Group ID.

      • tenantID: required (string)

        Tenant ID of the group.

      • name: required (string)

        Group name.

      • displayName: required (string)

        Group display name.

      • path: required (string)

        Group path.

      • krn: required (string)

        Group KRN.

      • created: required (datetime)

        Group registration date in ISO 8601 format (UTC timezone).

      • updated: required (datetime)

        Group last update date in ISO 8601 format (UTC timezone).

    • count: required (integer)

      Total amount of users.

    • first: required (integer)

      Paging offset.

    • max: required (integer)

      Maximum results size.

    Example:

    {
      "data": [
          {
              "id": "a3JuOmlhbTprYWE6Omdyb3VwL0Zvbw==",
              "created": "2021-10-18T14:34:57.286561+04:00",
              "updated": "2021-10-18T14:34:57.286561+04:00",
              "tenantID": "kaa",
              "name": "Foo",
              "path": "/Foo",
              "krn": "krn:iam:kaa::group/Foo"
          }
      ],
      "count": 1,
      "first": 0,
      "max": 10
    }

    HTTP status code 400

    Invalid request.

    HTTP status code 401

    Request is not authenticated.

    HTTP status code 403

    Principal does not have sufficient permissions to perform this operation.

    Secured by oauth_2_0

    Headers

    • Authorization: (string)

      Used to send a valid OAuth 2 access token. Example: "Authorization: Bearer 'access_token'" where 'access_token' must be replaced by a valid OAuth access token. This header is needed only if API authentication is enabled for the service.

    /users/{userID}/groups/add post

    post /users/{userID}/groups/add

    Adds user to groups.

    Secured by oauth_2_0 with scopes:
    • iam:group:user:update

    IAM supports OAuth 2.0 for authenticating all API requests.

    URI Parameters

    • userID: required (string)

      User ID.

      Example:

      a3JuOmlhbTprYWE6dXNlci90ZXN0cGF0aC90c3Nzc2VzM3Qz

    Body

    Media type: application/json

    Type: object

    Properties

    • groupIDs: required (string)

      Group IDs.

    Example:

    {
      "groupIDs": [
        "a3JuOmlhbTprYWE6Omdyb3VwL2Jvbw=="
      ]
    }
    

    HTTP status code 200

    User is successfully added to groups.

    Body

    Media type: application/json

    Type: object

    Properties

    • data: required (object)
      • id: (string)

        User ID.

      • created: required (datetime)

        User creation date.

      • updated: required (datetime)

        User update date.

      • tenantID: required (string)

        Tenant ID that user belongs to.

      • email: (string)

        User's email (required when keycloakIDAsUsername enabled).

      • username: required (string)

        Username (required when keycloakIDAsUsername disbaled).

      • enabled: required (boolean)

        Whether user is enabled or not.

      • path: required (string)

        User's path that is used in KRN.

      • krn: required (string)

        User's KRN.

      • groups: required (array of )

        Groups that user is assigned to.

    Example:

    {
      "data": {
          "id": "a3JuOmlhbTprYWE6OnVzZXIvam9zZXBobW9yZ2Fu",
          "created": "2021-10-18T11:08:09.4919Z",
          "updated": "2021-10-18T11:55:48.367213Z",
          "tenantID": "kaa",
          "email": "josephm@gmail.com",
          "enabled": true,
          "firstName": "MorganUpdated",
          "lastName": "JosephUpdated",
          "username": "josephmorgan",
          "krn": "krn:iam:kaa::user/josephmorgan",
          "path": "/",
          "groups": [
              "a3JuOmlhbTprYWE6Omdyb3VwL0Jvbw=="
          ]
      }
    }

    HTTP status code 400

    Invalid request.

    HTTP status code 401

    Request is not authenticated.

    HTTP status code 403

    Principal does not have sufficient permissions to perform this operation.

    Secured by oauth_2_0

    Headers

    • Authorization: (string)

      Used to send a valid OAuth 2 access token. Example: "Authorization: Bearer 'access_token'" where 'access_token' must be replaced by a valid OAuth access token. This header is needed only if API authentication is enabled for the service.

    /users/{userID}/groups/remove post

    post /users/{userID}/groups/remove

    Removes user from groups.

    Secured by oauth_2_0 with scopes:
    • iam:group:user:update

    IAM supports OAuth 2.0 for authenticating all API requests.

    URI Parameters

    • userID: required (string)

      User ID.

      Example:

      a3JuOmlhbTprYWE6dXNlci90ZXN0cGF0aC90c3Nzc2VzM3Qz

    Body

    Media type: application/json

    Type: object

    Properties

    • groupIDs: required (string)

      Group IDs.

    Example:

    {
      "groupIDs": [
        "a3JuOmlhbTprYWE6Omdyb3VwL2Jvbw=="
      ]
    }
    

    HTTP status code 204

    User is successfully removed from groups.

    HTTP status code 400

    Invalid request.

    HTTP status code 401

    Request is not authenticated.

    HTTP status code 403

    Principal does not have sufficient permissions to perform this operation.

    Secured by oauth_2_0

    Headers

    • Authorization: (string)

      Used to send a valid OAuth 2 access token. Example: "Authorization: Bearer 'access_token'" where 'access_token' must be replaced by a valid OAuth access token. This header is needed only if API authentication is enabled for the service.

    /users/{userID}/policies get

    get /users/{userID}/policies

    Returns policies that user is attached to.

    Secured by oauth_2_0 with scopes:
    • iam:user:read
    • iam:user:policy:read

    IAM supports OAuth 2.0 for authenticating all API requests.

    URI Parameters

    • userID: required (string)

      User ID.

      Example:

      a3JuOmlhbTprYWE6dXNlci90ZXN0cGF0aC90c3Nzc2VzM3Qz

    HTTP status code 200

    Policies that user is attached to are successfully retrieved.

    Body

    Media type: application/json

    Type: object

    Properties

    • data: required (array of Policy)

      Policy list.

      Items: Policy

      • id: required (string)

        Policy ID.

      • krn: required (string)

        Policy KRN.

      • name: required (string)

        Name of the policy.

      • description: required (string)

        Policy description.

      • type: required (one of resource, principal)

        Policy type.

      • statements: required (array of Statement)

        Policy statements.

        Items: Statement

        • actions: required (array of )

          Action list.

        • resources: required (array of )

          Resource list.

        • principals: (array of )

          Principal list.

        • effect: required (one of allow, deny)

          Principal effect.

    • pit: required (string)

      Pit number.

    • sort: required (string)

      Sort type.

    Example:

    {
      "data": [
          {
              "id": "a3JuOmlhbTprYWE6OnBvbGljeS9BZG1pbl91c2VyX3JlYWQ=",
              "krn": "krn:iam:kaa::policy/Admin_user_read",
              "name": "Admin_user_read",
              "description": "Allow user to read admin user",
              "type": "iam",
              "statements": [
                  {
                      "actions": [
                          "iam:user:read"
                      ],
                      "resources": [
                          "krn:iam:kaa::user/admin@example.com"
                      ],
                      "principals": [
                          "krn:iam:kaa::user/admin@example.com",
                          "krn:iam:kaa::user/john",
                          "krn:iam:kaa::user/org1/john",
                          "krn:iam:kaa::user/josephmorgan"
                      ],
                      "effect": "allow"
                  }
              ]
          }
      ],
      "pit": "g-azAwIHa2FhLWlhbRZJdG1kUzlRdVR3YWJaSUE3UEhMTG9RABZzakJqZnhpZVFvMjZITWhXcVRrT2tRAAAAAAAAAEMqFjlOZzk0Yk1iUkVxM0RreGp6cjFLZ0EAB2thYS1pYW0WSXRtZFM5UXVUd2FiWklBN1BITExvUQEWWWF3LW9ma3FRQ21fU3FsT2NDdzluUQAAAAAAAABAXRYzSmk0MnpLYlFWRzNya1I1cy0xdE1nAAEWSXRtZFM5UXVUd2FiWklBN1BITExvUQAA",
      "sort": "[\"allow\",\"krn:iam:kaa:user/admin@example.com\",\"a3JuOmlhbTprYWE6cG9saWN5L0FkbWluX3VzZXJfcmVhZA==\",4294967308]"
    }

    HTTP status code 400

    Invalid request.

    HTTP status code 401

    Request is not authenticated.

    HTTP status code 403

    Principal does not have sufficient permissions to perform this operation.

    Secured by oauth_2_0

    Headers

    • Authorization: (string)

      Used to send a valid OAuth 2 access token. Example: "Authorization: Bearer 'access_token'" where 'access_token' must be replaced by a valid OAuth access token. This header is needed only if API authentication is enabled for the service.

    /users/{userID}/policies/eligible get

    get /users/{userID}/policies/eligible

    Returns policies that user is eligible to be attached to.

    Secured by oauth_2_0 with scopes:
    • iam:user:read
    • iam:user:policy:read

    IAM supports OAuth 2.0 for authenticating all API requests.

    URI Parameters

    • userID: required (string)

      User ID.

      Example:

      a3JuOmlhbTprYWE6dXNlci90ZXN0cGF0aC90c3Nzc2VzM3Qz

    HTTP status code 200

    Body

    Media type: application/json

    Type: object

    Properties

    • data: required (array of Policy)

      Policy list.

      Items: Policy

      • id: required (string)

        Policy ID.

      • krn: required (string)

        Policy KRN.

      • name: required (string)

        Name of the policy.

      • description: required (string)

        Policy description.

      • type: required (one of resource, principal)

        Policy type.

      • statements: required (array of Statement)

        Policy statements.

        Items: Statement

        • actions: required (array of )

          Action list.

        • resources: required (array of )

          Resource list.

        • principals: (array of )

          Principal list.

        • effect: required (one of allow, deny)

          Principal effect.

    • pit: required (string)

      Pit number.

    • sort: required (string)

      Sort type.

    Example:

    {
        "data": [
            {
                "id": "a3JuOmlhbTo6a2FhOnBvbGljeS8xMjM=",
                "krn": "krn:iam::kaa:policy/123",
                "name": "123",
                "type": "iam",
                "statements": [
                    {
                        "actions": [
                            "*"
                        ],
                        "resources": [
                            "krn:iam:kaa:*"
                        ],
                        "principals": [
                            "krn:iam:kaa::user/admin@example.com",
                            "krn:iam:kaa::user/Hui/test2",
                            "krn:iam:kaa::group/org1"
                        ],
                        "effect": "allow"
                    }
                ]
            },
            {
                "id": "a3JuOmlhbTprYWE6OnBvbGljeS9uZXctcG9sLWZpbmFs",
                "krn": "krn:iam:kaa::policy/new-pol-final",
                "name": "new-pol-final",
                "type": "iam",
                "statements": [
                    {
                        "actions": [
                            "*"
                        ],
                        "resources": [
                            "krn:iam::kaa:*"
                        ],
                        "principals": [
                            "krn:iam:kaa::user/admin@example.com",
                            "krn:iam:kaa::user/Hui/test2"
                        ],
                        "effect": "allow"
                    }
                ]
            },
            {
                "id": "a3JuOmlhbTprYWE6OnBvbGljeS9uZXctdGVzdC1wb2w=",
                "krn": "krn:iam:kaa::policy/new-test-pol",
                "name": "new-test-pol",
                "type": "iam",
                "statements": [
                    {
                        "actions": [
                            "*"
                        ],
                        "resources": [
                            "krn:iam:kaa:*"
                        ],
                        "principals": [
                            "krn:iam:kaa::user/admin@example.com"
                        ],
                        "effect": "allow"
                    }
                ]
            },
            {
                "id": "a3JuOmlhbTprYWE6OnBvbGljeS91c2Vycy1yZWFkb25seQ==",
                "krn": "krn:iam:kaa::policy/users-readonly",
                "name": "users-readonly",
                "type": "iam",
                "statements": [
                    {
                        "actions": [
                            "iam:user:read"
                        ],
                        "resources": [
                            "krn:iam:kaa::user/*"
                        ],
                        "principals": [
                            "krn:iam:kaa::user/admin@example.com"
                        ],
                        "effect": "allow"
                    },
                    {
                        "actions": [
                            "*"
                        ],
                        "resources": [
                            "krn:iam:kaa::policy/*"
                        ],
                        "principals": [
                            "krn:iam:kaa::user/admin@example.com"
                        ],
                        "effect": "allow"
                    }
                ]
            }
        ],
        "pit": "g-azAwIHa2FhLWlhbRZJdG1kUzlRdVR3YWJaSUE3UEhMTG9RABZzakJqZnhpZVFvMjZITWhXcVRrT2tRAAAAAAAAAENIFjlOZzk0Yk1iUkVxM0RreGp6cjFLZ0EAB2thYS1pYW0WSXRtZFM5UXVUd2FiWklBN1BITExvUQEWSjlwWWxWdEZTUWluSllmZmVkZUMzZwAAAAAAAACjEBZjdDRNcjhXSlRObXZJeVEydTctVHVnAAEWSXRtZFM5UXVUd2FiWklBN1BITExvUQAA",
        "sort": "[\"allow\",\"krn:iam:kaa:policy/*\",\"a3JuOmlhbTprYWE6cG9saWN5L3VzZXJzLXJlYWRvbmx5\",17]"
    }

    HTTP status code 400

    Invalid request.

    HTTP status code 401

    Request is not authenticated.

    HTTP status code 403

    Principal does not have sufficient permissions to perform this operation.

    Secured by oauth_2_0

    Headers

    • Authorization: (string)

      Used to send a valid OAuth 2 access token. Example: "Authorization: Bearer 'access_token'" where 'access_token' must be replaced by a valid OAuth access token. This header is needed only if API authentication is enabled for the service.

    /users/{userID}/policies/attach post

    post /users/{userID}/policies/attach

    Attaches user to policies.

    Secured by oauth_2_0 with scopes:
    • iam:user:policy:attach

    IAM supports OAuth 2.0 for authenticating all API requests.

    URI Parameters

    • userID: required (string)

      User ID.

      Example:

      a3JuOmlhbTprYWE6dXNlci90ZXN0cGF0aC90c3Nzc2VzM3Qz

    Body

    Media type: application/json

    Type: object

    Properties

    • policyIDs: required (array of )

      Policy IDs.

    Example:

    {
      "policyIDs": [
        "a3JuOmlhbTprYWE6OnBvbGljeS9Hcm91cC1wb2xpY3k="
      ]
    }
    

    HTTP status code 204

    User is successfully attached to the policies.

    HTTP status code 400

    Invalid request.

    HTTP status code 401

    Request is not authenticated.

    HTTP status code 403

    Principal does not have sufficient permissions to perform this operation.

    Secured by oauth_2_0

    Headers

    • Authorization: (string)

      Used to send a valid OAuth 2 access token. Example: "Authorization: Bearer 'access_token'" where 'access_token' must be replaced by a valid OAuth access token. This header is needed only if API authentication is enabled for the service.

    /users/{userID}/policies/detach post

    post /users/{userID}/policies/detach

    Detaches user from policies.

    Secured by oauth_2_0 with scopes:
    • iam:user:policy:attach

    IAM supports OAuth 2.0 for authenticating all API requests.

    URI Parameters

    • userID: required (string)

      User ID.

      Example:

      a3JuOmlhbTprYWE6dXNlci90ZXN0cGF0aC90c3Nzc2VzM3Qz

    Body

    Media type: application/json

    Type: object

    Properties

    • policyIDs: required (array of )

      Policy IDs.

    Example:

    {
      "policyIDs": [
        "a3JuOmlhbTprYWE6OnBvbGljeS9Hcm91cC1wb2xpY3k="
      ]
    }
    

    HTTP status code 204

    User is successfully detached from the policies.

    HTTP status code 400

    Invalid request.

    HTTP status code 401

    Request is not authenticated.

    HTTP status code 403

    Principal does not have sufficient permissions to perform this operation.

    Secured by oauth_2_0

    Headers

    • Authorization: (string)

      Used to send a valid OAuth 2 access token. Example: "Authorization: Bearer 'access_token'" where 'access_token' must be replaced by a valid OAuth access token. This header is needed only if API authentication is enabled for the service.

    /users/{userID}/policy get put

    get /users/{userID}/policy

    Get user resource policy.

    Secured by oauth_2_0 with scopes:
    • iam:user:policy:read

    IAM supports OAuth 2.0 for authenticating all API requests.

    URI Parameters

    • userID: required (string)

      User ID.

      Example:

      a3JuOmlhbTprYWE6dXNlci90ZXN0cGF0aC90c3Nzc2VzM3Qz

    HTTP status code 200

    Body

    Media type: application/json

    Type: object

    Properties

    • data: required (object)
      • id: required (string)

        Policy ID.

      • krn: required (string)

        Policy KRN.

      • name: required (string)

        Name of the policy.

      • description: required (string)

        Policy description.

      • type: required (one of resource, principal)

        Policy type.

      • statements: required (array of Statement)

        Policy statements.

        Items: Statement

        • actions: required (array of )

          Action list.

        • resources: required (array of )

          Resource list.

        • principals: (array of )

          Principal list.

        • effect: required (one of allow, deny)

          Principal effect.

    Example:

    {
        "data": {
            "id": "a3JuOmlhbTprYWE6OnVzZXIvam9zZXBobW9yZ2FuLXJlc291cmNlIg==",
            "krn": "krn:iam:kaa::user/josephmorgan",
            "name": "krn:iam:kaa::user/josephmorgan-resource",
            "description": "Determines access to resource",
            "type": "resource",
            "statements": [
                {
                    "actions": [
                        "*"
                    ],
                    "resources": [
                        "krn:iam:kaa::user/josephmorgan"
                    ],
                    "principals": [
                        "krn:iam:kaa::user/admin@example.com"
                    ],
                    "effect": "allow"
                },
                {
                    "actions": [
                        "iam:user:read",
                        "iam:user:update"
                    ],
                    "resources": [
                        "krn:iam:kaa::user/josephmorgan"
                    ],
                    "principals": [
                        "krn:iam:kaa::user/josephmorgan"
                    ],
                    "effect": "allow"
                }
            ]
        }
    }

    HTTP status code 400

    Invalid request.

    HTTP status code 401

    Request is not authenticated.

    HTTP status code 403

    Principal does not have sufficient permissions to perform this operation.

    Secured by oauth_2_0

    Headers

    • Authorization: (string)

      Used to send a valid OAuth 2 access token. Example: "Authorization: Bearer 'access_token'" where 'access_token' must be replaced by a valid OAuth access token. This header is needed only if API authentication is enabled for the service.

    put /users/{userID}/policy

    Updates resource policy of the user.

    Secured by oauth_2_0 with scopes:
    • iam:group:policy:update

    IAM supports OAuth 2.0 for authenticating all API requests.

    URI Parameters

    • userID: required (string)

      User ID.

      Example:

      a3JuOmlhbTprYWE6dXNlci90ZXN0cGF0aC90c3Nzc2VzM3Qz

    Body

    Media type: application/json

    Type: object

    Properties

    • statements: required (array of ResourcePolicyUpdateData)

      List of statements.

      Items: ResourcePolicyUpdateData

      • actions: required (array of )

        List of actions that specified.

      • principals: required (array of )

        List of principals that specified.

      • effect: required (string)

        Principal effect.

    Example:

    {
      "statements": [
          {
              "actions": [
                  "*"
              ],
              "principals": [
                  "krn:iam:kaa::user/admin@example.com"
              ],
              "effect": "allow"
          },
          {
              "actions": [
                  "iam:user:read",
                  "iam:user:update"
              ],
              "principals": [
                  "krn:iam:kaa:;user/josephmorgan"
              ],
              "effect": "allow"
          },
          {
            "actions": [
                "iam:user:*"
            ],
            "principals": [
                "krn:iam:kaa::user/user1uuid"
            ],
            "effect": "allow"
        }
      ]
    }

    HTTP status code 204

    Successfully updated resource policy.

    HTTP status code 400

    Invalid request.

    HTTP status code 401

    Request is not authenticated.

    HTTP status code 403

    Principal does not have sufficient permissions to perform this operation.

    Secured by oauth_2_0

    Headers

    • Authorization: (string)

      Used to send a valid OAuth 2 access token. Example: "Authorization: Bearer 'access_token'" where 'access_token' must be replaced by a valid OAuth access token. This header is needed only if API authentication is enabled for the service.

    Groups

    Operations on groups.

    /groups post get

    post /groups

    Creates a new group.

    Secured by oauth_2_0 with scopes:
    • iam:group:create

    IAM supports OAuth 2.0 for authenticating all API requests.

    Body

    Media type: application/json

    Type: object

    Properties

    • name: required (string)

      Group name.

    • displayName: (string)

      Group display name.

    • parentID: (string)

      ID of the parent group.

    • users: (array of )

      User IDs that will be added to the group.

    • policyIDs: (array of )

      Policy IDs that that will be attached to the group.

    Example:

    {
      "name": "boo",
      "displayName": "boo group",
      "parentID": "a3JuOmlhbTprYWE6Omdyb3VwL0Zvbw==",
      "users": [
        "a3JuOmlhbTprYWE6OnVzZXIvZWR3YXJk"
      ],
      "policyIDs": [
        "a3JuOmlhbTprYWE6OnBvbGljeS9BZG1pbl91c2VyX3JlYWQ="
      ]
    }
    

    HTTP status code 201

    Body

    Media type: application/json

    Type: object

    Properties

    • data: required (object)
      • id: required (string)

        Group ID.

      • tenantID: required (string)

        Tenant ID of the group.

      • name: required (string)

        Group name.

      • displayName: required (string)

        Group display name.

      • path: required (string)

        Group path.

      • krn: required (string)

        Group KRN.

      • created: required (datetime)

        Group registration date in ISO 8601 format (UTC timezone).

      • updated: required (datetime)

        Group last update date in ISO 8601 format (UTC timezone).

    Example:

    {
      "data": {
          "id": "a3JuOmlhbTprYWE6Omdyb3VwL0Zvby9ib28=",
          "created": "2021-10-18T12:27:15.55267632Z",
          "updated": "2021-10-18T12:27:15.55267632Z",
          "tenantID": "kaa",
          "name": "boo",
          "displayName": "boo group",
          "path": "/Foo/boo",
          "krn": "krn:iam:kaa::group/Foo/boo"
      }
    }

    HTTP status code 400

    Invalid request.

    HTTP status code 401

    Request is not authenticated.

    HTTP status code 403

    Principal does not have sufficient permissions to perform this operation.

    Secured by oauth_2_0

    Headers

    • Authorization: (string)

      Used to send a valid OAuth 2 access token. Example: "Authorization: Bearer 'access_token'" where 'access_token' must be replaced by a valid OAuth access token. This header is needed only if API authentication is enabled for the service.

    get /groups

    Returns group list.

    Secured by oauth_2_0 with scopes:
    • iam:group:read

    IAM supports OAuth 2.0 for authenticating all API requests.

    Query Parameters

    • page: (number - default: 1)

      Page number.

      Example:

      1
    • pageSize: (number - default: 10)

      Page size.

      Example:

      10
    • sort: (string - default: id)

      Sorting field.

      Example:

      name
    • sortOrder: (one of asc, desc - default: desc)

      Sort order.

      Example:

      asc

    HTTP status code 200

    Groups are successfully retrieved.

    Body

    Media type: application/json

    Type: object

    Properties

    • data: required (array of Group)

      Items: Group

      • id: required (string)

        Group ID.

      • tenantID: required (string)

        Tenant ID of the group.

      • name: required (string)

        Group name.

      • displayName: required (string)

        Group display name.

      • path: required (string)

        Group path.

      • krn: required (string)

        Group KRN.

      • created: required (datetime)

        Group registration date in ISO 8601 format (UTC timezone).

      • updated: required (datetime)

        Group last update date in ISO 8601 format (UTC timezone).

    • count: required (integer)

      Total amount of groups.

    • page: required (integer)

      Page number.

    • pageSize: required (integer)

      Page size.

    Example:

    {
      "data": [
          {
              "id": "a3JuOmlhbTprYWE6Omdyb3VwL2dyb3VwMS9ncm91cDI=",
              "created": "2021-10-15T10:49:23.00967Z",
              "updated": "2021-10-15T10:49:23.00967Z",
              "tenantID": "kaa",
              "name": "group2",
              "displayName": "group2",
              "path": "/group1/group2",
              "krn": "krn:iam:kaa::group/group1/group2"
          },
          {
              "id": "a3JuOmlhbTprYWE6Omdyb3VwL29yZzE=",
              "created": "2021-10-15T09:58:43.037383Z",
              "updated": "2021-10-15T09:58:43.037383Z",
              "tenantID": "kaa",
              "name": "org1",
              "displayName": "organization 1",
              "path": "/org1",
              "krn": "krn:iam:kaa::group/org1"
          },
          {
              "id": "a3JuOmlhbTprYWE6Omdyb3VwL2dyb3VwMS9ncm91cDIvZ3JvdXAyLTM=",
              "created": "2021-10-15T14:57:49.898256Z",
              "updated": "2021-10-15T14:57:49.898256Z",
              "tenantID": "kaa",
              "name": "group2-3",
              "displayName": "group 2-3",
              "path": "/group1/group2/group2-3",
              "krn": "krn:iam:kaa::group/group1/group2/group2-3"
          },
          {
              "id": "a3JuOmlhbTprYWE6Omdyb3VwL0Zvby9ib28=",
              "created": "2021-10-18T12:27:15.552676Z",
              "updated": "2021-10-18T12:27:15.552676Z",
              "tenantID": "kaa",
              "name": "boo",
              "displayName": "boo group",
              "path": "/Foo/boo",
              "krn": "krn:iam:kaa::group/Foo/boo"
          },
          {
              "id": "a3JuOmlhbTprYWE6Omdyb3VwL2Jvbw==",
              "created": "2021-10-18T12:24:43.692049Z",
              "updated": "2021-10-18T12:24:43.692049Z",
              "tenantID": "kaa",
              "name": "boo",
              "displayName": "boo group",
              "path": "/boo",
              "krn": "krn:iam:kaa::group/boo"
          },
          {
              "id": "a3JuOmlhbTprYWE6Omdyb3VwL2dyb3VwMS9ncm91cDItMQ==",
              "created": "2021-10-15T10:50:16.532018Z",
              "updated": "2021-10-15T10:50:16.532018Z",
              "tenantID": "kaa",
              "name": "group2-1",
              "displayName": "organization 2-1",
              "path": "/group1/group2-1",
              "krn": "krn:iam:kaa::group/group1/group2-1"
          },
          {
              "id": "a3JuOmlhbTprYWE6Omdyb3VwL0Jvbw==",
              "created": "2021-10-18T11:59:50.222882Z",
              "updated": "2021-10-18T11:59:50.222882Z",
              "tenantID": "kaa",
              "name": "Boo",
              "displayName": "organization boo",
              "path": "/Boo",
              "krn": "krn:iam:kaa::group/Boo"
          },
          {
              "id": "ImtybjppYW06a2FhOjpncm91cC9Gb28=",
              "created": "2021-10-18T10:02:07.04474Z",
              "updated": "2021-10-18T10:02:07.04474Z",
              "tenantID": "kaa",
              "name": "Foo",
              "displayName": "organization Foo",
              "path": "/Foo",
              "krn": "krn:iam:kaa::group/Foo"
          },
          {
              "id": "a3JuOmlhbTprYWE6Omdyb3VwL29yZzEvYm9v",
              "created": "2021-10-18T12:25:59.595453Z",
              "updated": "2021-10-18T12:25:59.595453Z",
              "tenantID": "kaa",
              "name": "boo",
              "displayName": "boo",
              "path": "/org1/boo",
              "krn": "krn:iam:kaa::group/org1/boo"
          },
          {
              "id": "a3JuOmlhbTprYWE6Omdyb3VwL2dyb3VwMQ==",
              "created": "2021-10-15T10:49:04.079399Z",
              "updated": "2021-10-15T10:49:04.079399Z",
              "tenantID": "kaa",
              "name": "group1",
              "displayName": "group1",
              "path": "/group1",
              "krn": "krn:iam:kaa::group/group1"
          }
      ],
      "count": 11,
      "page": 1,
      "pageSize": 10
    }

    HTTP status code 400

    Invalid request.

    HTTP status code 401

    Request is not authenticated.

    HTTP status code 403

    Principal does not have sufficient permissions to perform this operation.

    Secured by oauth_2_0

    Headers

    • Authorization: (string)

      Used to send a valid OAuth 2 access token. Example: "Authorization: Bearer 'access_token'" where 'access_token' must be replaced by a valid OAuth access token. This header is needed only if API authentication is enabled for the service.

    /groups/delete post

    post /groups/delete

    Bulk group delete.

    Secured by oauth_2_0 with scopes:
    • iam:group:delete

    IAM supports OAuth 2.0 for authenticating all API requests.

    Body

    Media type: application/json

    Type: object

    Properties

    • groupIDs: required (string)

      Group IDs.

    Example:

    {
      "groupIDs": [
        "a3JuOmlhbTprYWE6Omdyb3VwL2Jvbw=="
      ]
    }
    

    HTTP status code 204

    Groups successfully deleted.

    HTTP status code 400

    Invalid request.

    HTTP status code 401

    Request is not authenticated.

    HTTP status code 403

    Principal does not have sufficient permissions to perform this operation.

    Secured by oauth_2_0

    Headers

    • Authorization: (string)

      Used to send a valid OAuth 2 access token. Example: "Authorization: Bearer 'access_token'" where 'access_token' must be replaced by a valid OAuth access token. This header is needed only if API authentication is enabled for the service.

    /groups/{groupID} get put delete

    get /groups/{groupID}

    Returns group information.

    Secured by oauth_2_0 with scopes:
    • iam:group:read

    IAM supports OAuth 2.0 for authenticating all API requests.

    URI Parameters

    • groupID: required (string)

      Group ID.

      Example:

      a3JuOmlhbTprYWE6Z3JvdXAvY2FsaWZvcm5pYQo=

    HTTP status code 200

    Group successfully retrieved.

    Body

    Media type: application/json

    Type: object

    Properties

    • data: required (object)
      • id: required (string)

        Group ID.

      • tenantID: required (string)

        Tenant ID of the group.

      • name: required (string)

        Group name.

      • displayName: required (string)

        Group display name.

      • path: required (string)

        Group path.

      • krn: required (string)

        Group KRN.

      • created: required (datetime)

        Group registration date in ISO 8601 format (UTC timezone).

      • updated: required (datetime)

        Group last update date in ISO 8601 format (UTC timezone).

    Example:

    {
      "data": {
          "id": "a3JuOmlhbTprYWE6Omdyb3VwL0Zvby9ib28=",
          "created": "2021-10-18T12:27:15.55267632Z",
          "updated": "2021-10-18T12:27:15.55267632Z",
          "tenantID": "kaa",
          "name": "boo",
          "displayName": "boo group",
          "path": "/Foo/boo",
          "krn": "krn:iam:kaa::group/Foo/boo"
      }
    }

    HTTP status code 401

    Request is not authenticated.

    HTTP status code 403

    Principal does not have sufficient permissions to perform this operation.

    Secured by oauth_2_0

    Headers

    • Authorization: (string)

      Used to send a valid OAuth 2 access token. Example: "Authorization: Bearer 'access_token'" where 'access_token' must be replaced by a valid OAuth access token. This header is needed only if API authentication is enabled for the service.

    put /groups/{groupID}

    Update group display name.

    Secured by oauth_2_0 with scopes:
    • iam:group:udpate

    IAM supports OAuth 2.0 for authenticating all API requests.

    URI Parameters

    • groupID: required (string)

      Group ID.

      Example:

      a3JuOmlhbTprYWE6Z3JvdXAvY2FsaWZvcm5pYQo=

    Body

    Media type: application/json

    Type: object

    Properties

    • displayName: required (string)

    Example:

    {
        "displayName": "updated org1"
    }

    HTTP status code 204

    Group display name successfully updated.

    HTTP status code 400

    Invalid request.

    HTTP status code 401

    Request is not authenticated.

    HTTP status code 403

    Principal does not have sufficient permissions to perform this operation.

    Secured by oauth_2_0

    Headers

    • Authorization: (string)

      Used to send a valid OAuth 2 access token. Example: "Authorization: Bearer 'access_token'" where 'access_token' must be replaced by a valid OAuth access token. This header is needed only if API authentication is enabled for the service.

    delete /groups/{groupID}

    Deletes a single group.

    Secured by oauth_2_0 with scopes:
    • iam:group:delete

    IAM supports OAuth 2.0 for authenticating all API requests.

    URI Parameters

    • groupID: required (string)

      Group ID.

      Example:

      a3JuOmlhbTprYWE6Z3JvdXAvY2FsaWZvcm5pYQo=

    HTTP status code 204

    Group is successfully deleted.

    HTTP status code 401

    Request is not authenticated.

    HTTP status code 403

    Principal does not have sufficient permissions to perform this operation.

    Secured by oauth_2_0

    Headers

    • Authorization: (string)

      Used to send a valid OAuth 2 access token. Example: "Authorization: Bearer 'access_token'" where 'access_token' must be replaced by a valid OAuth access token. This header is needed only if API authentication is enabled for the service.

    /groups/{groupID}/members get

    get /groups/{groupID}/members

    Returns group members.

    Secured by oauth_2_0 with scopes:
    • iam:group:user:read

    IAM supports OAuth 2.0 for authenticating all API requests.

    URI Parameters

    • groupID: required (string)

      Group ID.

      Example:

      a3JuOmlhbTprYWE6Z3JvdXAvY2FsaWZvcm5pYQo=

    Query Parameters

    • first: (integer - default: 0)

      Paging offset.

      Example:

      2
    • max: (integer - default: 10)

      Maximum results size.

      Example:

      20

    HTTP status code 200

    Members are successfully retrieved.

    Body

    Media type: application/json

    Type: object

    Properties

    • data: required (array of RetriveUser)

      List of group members.

      Items: RetriveUser

      • id: (string)

        User ID.

      • created: required (datetime)

        User creation date.

      • updated: required (datetime)

        User update date.

      • tenantID: required (string)

        Tenant ID that user belongs to.

      • email: (string)

        User's email (required when keycloakIDAsUsername enabled).

      • username: required (string)

        Username (required when keycloakIDAsUsername disbaled).

      • enabled: required (boolean)

        Whether user is enabled or not.

      • path: (string)

        User's path that is used in KRN.

      • krn: required (string)

        User's KRN.

    • count: required (integer)

      Total amount of users.

    • first: required (integer)

      Paging offset.

    • max: required (integer)

      Maximum results size.

    Example:

    {
      "data": [
          {
              "id": "a3JuOmlhbTprYWE6OnVzZXIvZWR3YXJk",
              "created": "2021-10-15T09:58:17.989254Z",
              "updated": "2021-10-15T09:58:17.989254Z",
              "tenantID": "kaa",
              "email": "edward@gmail.com",
              "enabled": true,
              "firstName": "Edward",
              "lastName": "Davidson",
              "username": "edward@mail.com",
              "krn": "krn:iam:kaa::user/edward",
              "path": "/"
          }
      ],
      "count": 1,
      "first": 0,
      "max": 10
    }

    HTTP status code 401

    Request is not authenticated.

    HTTP status code 403

    Principal does not have sufficient permissions to perform this operation.

    Secured by oauth_2_0

    Headers

    • Authorization: (string)

      Used to send a valid OAuth 2 access token. Example: "Authorization: Bearer 'access_token'" where 'access_token' must be replaced by a valid OAuth access token. This header is needed only if API authentication is enabled for the service.

    /groups/{groupID}/members/eligible get

    get /groups/{groupID}/members/eligible

    Returns eligible group members.

    Secured by oauth_2_0 with scopes:
    • iam:group:user:read

    IAM supports OAuth 2.0 for authenticating all API requests.

    URI Parameters

    • groupID: required (string)

      Group ID.

      Example:

      a3JuOmlhbTprYWE6Z3JvdXAvY2FsaWZvcm5pYQo=

    Query Parameters

    • first: (integer - default: 0)

      Paging offset.

      Example:

      2
    • max: (integer - default: 10)

      Maximum results size.

      Example:

      20

    HTTP status code 200

    Eligible group members are successfully retrieved.

    Body

    Media type: application/json

    Type: object

    Properties

    • data: required (array of RetriveUser)

      List of group members.

      Items: RetriveUser

      • id: (string)

        User ID.

      • created: required (datetime)

        User creation date.

      • updated: required (datetime)

        User update date.

      • tenantID: required (string)

        Tenant ID that user belongs to.

      • email: (string)

        User's email (required when keycloakIDAsUsername enabled).

      • username: required (string)

        Username (required when keycloakIDAsUsername disbaled).

      • enabled: required (boolean)

        Whether user is enabled or not.

      • path: (string)

        User's path that is used in KRN.

      • krn: required (string)

        User's KRN.

    • count: required (integer)

      Total amount of users.

    • first: required (integer)

      Paging offset.

    • max: required (integer)

      Maximum results size.

    Example:

    {
        "data": [
            {
                "id": "a3JuOmlhbTprYWE6OnVzZXIvam9zZXBobW9yZ2Fu",
                "created": "2021-10-18T11:08:09.4919Z",
                "updated": "2021-10-18T11:55:48.367213Z",
                "tenantID": "kaa",
                "email": "josephm@gmail.com",
                "enabled": true,
                "firstName": "MorganUpdated",
                "lastName": "JosephUpdated",
                "username": "josephmorgan",
                "krn": "krn:iam:kaa::user/josephmorgan",
                "path": "/"
            }
        ],
        "count": 1,
        "page": 0,
        "pageSize": 10
    }

    HTTP status code 401

    Request is not authenticated.

    HTTP status code 403

    Principal does not have sufficient permissions to perform this operation.

    Secured by oauth_2_0

    Headers

    • Authorization: (string)

      Used to send a valid OAuth 2 access token. Example: "Authorization: Bearer 'access_token'" where 'access_token' must be replaced by a valid OAuth access token. This header is needed only if API authentication is enabled for the service.

    /groups/{groupID}/members/{userID} post delete

    post /groups/{groupID}/members/{userID}

    Adds a member to a group.

    Secured by oauth_2_0 with scopes:
    • iam:group:user:update

    IAM supports OAuth 2.0 for authenticating all API requests.

    URI Parameters

    • groupID: required (string)

      Group ID.

      Example:

      a3JuOmlhbTprYWE6Z3JvdXAvY2FsaWZvcm5pYQo=
    • userID: required (string)

      User ID.

      Example:

      a3JuOmlhbTprYWE6dXNlci90ZXN0cGF0aC90c3Nzc2VzM3Qz

    HTTP status code 204

    Member is successfully added.

    HTTP status code 400

    Invalid request.

    HTTP status code 401

    Request is not authenticated.

    HTTP status code 403

    Principal does not have sufficient permissions to perform this operation.

    Secured by oauth_2_0

    Headers

    • Authorization: (string)

      Used to send a valid OAuth 2 access token. Example: "Authorization: Bearer 'access_token'" where 'access_token' must be replaced by a valid OAuth access token. This header is needed only if API authentication is enabled for the service.

    delete /groups/{groupID}/members/{userID}

    Deletes a member from a group.

    Secured by oauth_2_0 with scopes:
    • iam:group:user:delete

    IAM supports OAuth 2.0 for authenticating all API requests.

    URI Parameters

    • groupID: required (string)

      Group ID.

      Example:

      a3JuOmlhbTprYWE6Z3JvdXAvY2FsaWZvcm5pYQo=
    • userID: required (string)

      User ID.

      Example:

      a3JuOmlhbTprYWE6dXNlci90ZXN0cGF0aC90c3Nzc2VzM3Qz

    HTTP status code 204

    User is successfully deleted from the group.

    HTTP status code 400

    Invalid request.

    HTTP status code 401

    Request is not authenticated.

    HTTP status code 403

    Principal does not have sufficient permissions to perform this operation.

    Secured by oauth_2_0

    Headers

    • Authorization: (string)

      Used to send a valid OAuth 2 access token. Example: "Authorization: Bearer 'access_token'" where 'access_token' must be replaced by a valid OAuth access token. This header is needed only if API authentication is enabled for the service.

    /groups/{groupID}/members/add post

    post /groups/{groupID}/members/add

    Adds users to a group.

    Secured by oauth_2_0 with scopes:
    • iam:group:user:update

    IAM supports OAuth 2.0 for authenticating all API requests.

    URI Parameters

    • groupID: required (string)

      Group ID.

      Example:

      a3JuOmlhbTprYWE6Z3JvdXAvY2FsaWZvcm5pYQo=

    Body

    Media type: application/json

    Type: object

    Properties

    • userIDs: required (array of )

      User IDs to be added to the group.

    Example:

    {
      "userIDs": [
        "a3JuOmlhbTprYWE6OnVzZXIvam9zZXBobW9yZ2Fu"
      ]
    }
    

    HTTP status code 204

    Users are successfully added.

    HTTP status code 400

    Invalid request.

    HTTP status code 401

    Request is not authenticated.

    HTTP status code 403

    Principal does not have sufficient permissions to perform this operation.

    Secured by oauth_2_0

    Headers

    • Authorization: (string)

      Used to send a valid OAuth 2 access token. Example: "Authorization: Bearer 'access_token'" where 'access_token' must be replaced by a valid OAuth access token. This header is needed only if API authentication is enabled for the service.

    /groups/{groupID}/members/remove post

    post /groups/{groupID}/members/remove

    Removes users from a group.

    Secured by oauth_2_0 with scopes:
    • iam:group:user:delete

    IAM supports OAuth 2.0 for authenticating all API requests.

    URI Parameters

    • groupID: required (string)

      Group ID.

      Example:

      a3JuOmlhbTprYWE6Z3JvdXAvY2FsaWZvcm5pYQo=

    Body

    Media type: application/json

    Type: object

    Properties

    • userIDs: required (array of )

      User IDs to be removed from the group.

    Example:

    {
      "userIDs": [
        "a3JuOmlhbTprYWE6OnVzZXIvam9zZXBobW9yZ2Fu"
      ]
    }
    

    HTTP status code 204

    Users are successfully removed.

    HTTP status code 400

    Invalid request.

    HTTP status code 401

    Request is not authenticated.

    HTTP status code 403

    Principal does not have sufficient permissions to perform this operation.

    Secured by oauth_2_0

    Headers

    • Authorization: (string)

      Used to send a valid OAuth 2 access token. Example: "Authorization: Bearer 'access_token'" where 'access_token' must be replaced by a valid OAuth access token. This header is needed only if API authentication is enabled for the service.

    /groups/{groupID}/policies get

    get /groups/{groupID}/policies

    Gets group policies.

    Secured by oauth_2_0 with scopes:
    • iam:group:read
    • iam:group:policy:read

    IAM supports OAuth 2.0 for authenticating all API requests.

    URI Parameters

    • groupID: required (string)

      Group ID.

      Example:

      a3JuOmlhbTprYWE6Z3JvdXAvY2FsaWZvcm5pYQo=

    HTTP status code 200

    Body

    Media type: application/json

    Type: object

    Properties

    • data: required (array of Policy)

      Policy list.

      Items: Policy

      • id: required (string)

        Policy ID.

      • krn: required (string)

        Policy KRN.

      • name: required (string)

        Name of the policy.

      • description: required (string)

        Policy description.

      • type: required (one of resource, principal)

        Policy type.

      • statements: required (array of Statement)

        Policy statements.

        Items: Statement

        • actions: required (array of )

          Action list.

        • resources: required (array of )

          Resource list.

        • principals: (array of )

          Principal list.

        • effect: required (one of allow, deny)

          Principal effect.

    • pit: required (string)

      Pit number.

    • sort: required (string)

      Sort type.

    Example:

    {
      "data": [
          {
              "id": "a3JuOmlhbTprYWE6OnBvbGljeS9BZG1pbl91c2VyX3JlYWQi",
              "krn": "krn:iam:kaa::policy/Admin_user_read",
              "name": "Admin_user_read",
              "description": "Allow user to read admin user",
              "type": "iam",
              "statements": [
                  {
                      "actions": [
                          "iam:group:*"
                      ],
                      "resources": [
                          "krn:iam:kaa::user/admin@example.com"
                      ],
                      "principals": [
                          "krn:iam:kaa::user/admin@example.com",
                          "krn:iam:kaa::user/john",
                          "krn:iam:kaa::user/org1/john",
                          "krn:iam:kaa::user/path/caro",
                          "krn:iam:kaa::user/josephmorgan",
                          "krn:iam:kaa::group/boo",
                          "krn:iam:kaa::group/org1/boo",
                          "krn:iam:kaa::group/Foo/boo"
                      ],
                      "effect": "allow"
                  }
              ]
          }
      ],
      "pit": "g-azAwIHa2FhLWlhbRZJdG1kUzlRdVR3YWJaSUE3UEhMTG9RABZzakJqZnhpZVFvMjZITWhXcVRrT2tRAAAAAAAAAEP2FjlOZzk0Yk1iUkVxM0RreGp6cjFLZ0EAB2thYS1pYW0WSXRtZFM5UXVUd2FiWklBN1BITExvUQEWSjlwWWxWdEZTUWluSllmZmVkZUMzZwAAAAAAAACj8RZjdDRNcjhXSlRObXZJeVEydTctVHVnAAEWSXRtZFM5UXVUd2FiWklBN1BITExvUQAA",
      "sort": "[\"allow\",\"krn:iam:kaa:user/admin@example.com\",\"a3JuOmlhbTprYWE6cG9saWN5L0FkbWluX3VzZXJfcmVhZA==\",4294967311]"
    }

    HTTP status code 401

    Request is not authenticated.

    HTTP status code 403

    Principal does not have sufficient permissions to perform this operation.

    Secured by oauth_2_0

    Headers

    • Authorization: (string)

      Used to send a valid OAuth 2 access token. Example: "Authorization: Bearer 'access_token'" where 'access_token' must be replaced by a valid OAuth access token. This header is needed only if API authentication is enabled for the service.

    /groups/{groupID}/policies/eligible get

    get /groups/{groupID}/policies/eligible

    Gets eligible group policies.

    Secured by oauth_2_0 with scopes:
    • iam:group:read
    • iam:group:policy:read

    IAM supports OAuth 2.0 for authenticating all API requests.

    URI Parameters

    • groupID: required (string)

      Group ID.

      Example:

      a3JuOmlhbTprYWE6Z3JvdXAvY2FsaWZvcm5pYQo=

    HTTP status code 200

    Body

    Media type: application/json

    Type: object

    Properties

    • data: required (array of Policy)

      Policy list.

      Items: Policy

      • id: required (string)

        Policy ID.

      • krn: required (string)

        Policy KRN.

      • name: required (string)

        Name of the policy.

      • description: required (string)

        Policy description.

      • type: required (one of resource, principal)

        Policy type.

      • statements: required (array of Statement)

        Policy statements.

        Items: Statement

        • actions: required (array of )

          Action list.

        • resources: required (array of )

          Resource list.

        • principals: (array of )

          Principal list.

        • effect: required (one of allow, deny)

          Principal effect.

    • pit: required (string)

      Pit number.

    • sort: required (string)

      Sort type.

    Example:

    {
        "data": [
            {
                "id": "a3JuOmlhbTprYWE6OnBvbGljeS8xMjM=",
                "krn": "krn:iam:kaa::policy/123",
                "name": "123",
                "type": "iam",
                "statements": [
                    {
                        "actions": [
                            "*"
                        ],
                        "resources": [
                            "krn:iam:kaa:*"
                        ],
                        "principals": [
                            "krn:iam:kaa::user/admin@example.com",
                            "krn:iam:kaa::user/Hi/test2",
                            "krn:iam:kaa::group/org1"
                        ],
                        "effect": "allow"
                    }
                ]
            },
            {
                "id": "a3JuOmlhbTprYWE6OnBvbGljeS9uZXctcG9sLWZpbmFs",
                "krn": "krn:iam:kaa::policy/new-pol-final",
                "name": "new-pol-final",
                "type": "iam",
                "statements": [
                    {
                        "actions": [
                            "*"
                        ],
                        "resources": [
                            "krn:iam:kaa:*"
                        ],
                        "principals": [
                            "krn:iam:kaa::user/admin@example.com",
                            "krn:iam:kaa::user/Hui/test2",
                            "krn:iam:kaa::user/josephmorgan"
                        ],
                        "effect": "allow"
                    }
                ]
            },
            {
                "id": "a3JuOmlhbTprYWE6OnBvbGljeS9uZXctdGVzdC1wb2w=",
                "krn": "krn:iam:kaa::policy/new-test-pol",
                "name": "new-test-pol",
                "type": "iam",
                "statements": [
                    {
                        "actions": [
                            "*"
                        ],
                        "resources": [
                            "krn:iam:kaa:*"
                        ],
                        "principals": [
                            "krn:iam:kaa::user/admin@example.com"
                        ],
                        "effect": "allow"
                    }
                ]
            },
            {
                "id": "a3JuOmlhbTprYWE6OnBvbGljeS91c2Vycy1yZWFkb25seQ==",
                "krn": "krn:iam:kaa::policy/users-readonly",
                "name": "users-readonly",
                "type": "iam",
                "statements": [
                    {
                        "actions": [
                            "iam:user:read"
                        ],
                        "resources": [
                            "krn:iam:kaa::user/*"
                        ],
                        "principals": [
                            "krn:iam:kaa::user/admin@example.com"
                        ],
                        "effect": "allow"
                    },
                    {
                        "actions": [
                            "*"
                        ],
                        "resources": [
                            "krn:iam:kaa::policy/*"
                        ],
                        "principals": [
                            "krn:iam:kaa::user/admin@example.com"
                        ],
                        "effect": "allow"
                    }
                ]
            }
        ],
        "pit": "g-azAwIHa2FhLWlhbRZJdG1kUzlRdVR3YWJaSUE3UEhMTG9RABZKOXBZbFZ0RlNRaW5KWWZmZWRlQzNnAAAAAAAAAKRvFmN0NE1yOFdKVE5tdkl5UTJ1Ny1UdWcAB2thYS1pYW0WSXRtZFM5UXVUd2FiWklBN1BITExvUQEWWWF3LW9ma3FRQ21fU3FsT2NDdzluUQAAAAAAAABBHhYzSmk0MnpLYlFWRzNya1I1cy0xdE1nAAEWSXRtZFM5UXVUd2FiWklBN1BITExvUQAA",
        "sort": "[\"allow\",\"krn:iam:kaa:policy/*\",\"a3JuOmlhbTprYWE6cG9saWN5L3Jvb3QtcG9saWN5\",2]"
    }

    HTTP status code 401

    Request is not authenticated.

    HTTP status code 403

    Principal does not have sufficient permissions to perform this operation.

    Secured by oauth_2_0

    Headers

    • Authorization: (string)

      Used to send a valid OAuth 2 access token. Example: "Authorization: Bearer 'access_token'" where 'access_token' must be replaced by a valid OAuth access token. This header is needed only if API authentication is enabled for the service.

    /groups/{groupID}/policies/attach post

    post /groups/{groupID}/policies/attach

    Attaches policies to a group.

    Secured by oauth_2_0 with scopes:
    • iam:group:policy:attach

    IAM supports OAuth 2.0 for authenticating all API requests.

    URI Parameters

    • groupID: required (string)

      Group ID.

      Example:

      a3JuOmlhbTprYWE6Z3JvdXAvY2FsaWZvcm5pYQo=

    Body

    Media type: application/json

    Type: object

    Properties

    • policyIDs: required (array of )

      Policy IDs.

    Example:

    {
      "policyIDs": [
        "a3JuOmlhbTprYWE6OnBvbGljeS9Hcm91cC1wb2xpY3k="
      ]
    }
    

    HTTP status code 204

    Group is successfully attached to policies.

    HTTP status code 400

    Invalid request.

    HTTP status code 401

    Request is not authenticated.

    HTTP status code 403

    Principal does not have sufficient permissions to perform this operation.

    Secured by oauth_2_0

    Headers

    • Authorization: (string)

      Used to send a valid OAuth 2 access token. Example: "Authorization: Bearer 'access_token'" where 'access_token' must be replaced by a valid OAuth access token. This header is needed only if API authentication is enabled for the service.

    /groups/{groupID}/policies/detach post

    post /groups/{groupID}/policies/detach

    Detaches policies from a group.

    Secured by oauth_2_0 with scopes:
    • iam:group:policy:attach

    IAM supports OAuth 2.0 for authenticating all API requests.

    URI Parameters

    • groupID: required (string)

      Group ID.

      Example:

      a3JuOmlhbTprYWE6Z3JvdXAvY2FsaWZvcm5pYQo=

    Body

    Media type: application/json

    Type: object

    Properties

    • policyIDs: required (array of )

      Policy IDs.

    Example:

    {
      "policyIDs": [
        "a3JuOmlhbTprYWE6OnBvbGljeS9Hcm91cC1wb2xpY3k="
      ]
    }
    

    HTTP status code 204

    Group is successfully detached from policies.

    HTTP status code 400

    Invalid request.

    HTTP status code 401

    Request is not authenticated.

    HTTP status code 403

    Principal does not have sufficient permissions to perform this operation.

    Secured by oauth_2_0

    Headers

    • Authorization: (string)

      Used to send a valid OAuth 2 access token. Example: "Authorization: Bearer 'access_token'" where 'access_token' must be replaced by a valid OAuth access token. This header is needed only if API authentication is enabled for the service.

    /groups/{groupID}/policy get put

    get /groups/{groupID}/policy

    Gets group's resource policies.

    Secured by oauth_2_0 with scopes:
    • iam:group:policy:read

    IAM supports OAuth 2.0 for authenticating all API requests.

    URI Parameters

    • groupID: required (string)

      Group ID.

      Example:

      a3JuOmlhbTprYWE6Z3JvdXAvY2FsaWZvcm5pYQo=

    HTTP status code 200

    Body

    Media type: application/json

    Type: object

    Properties

    • data: required (object)
      • id: required (string)

        Policy ID.

      • krn: required (string)

        Policy KRN.

      • name: required (string)

        Name of the policy.

      • description: required (string)

        Policy description.

      • type: required (one of resource, principal)

        Policy type.

      • statements: required (array of Statement)

        Policy statements.

        Items: Statement

        • actions: required (array of )

          Action list.

        • resources: required (array of )

          Resource list.

        • principals: (array of )

          Principal list.

        • effect: required (one of allow, deny)

          Principal effect.

    Example:

    {
        "data": {
            "id": "a3JuOmlhbTprYWE6Omdyb3VwL0Zvby9ib28=",
            "krn": "krn:iam:kaa::group/Foo/boo",
            "name": "krn:iam:kaa::group/Foo/boo-resource",
            "description": "Determines access to resource",
            "type": "resource",
            "statements": [
                {
                    "actions": [
                        "*"
                    ],
                    "resources": [
                        "krn:iam:kaa::group/Foo/boo"
                    ],
                    "principals": [
                        "krn:iam:kaa::user/josephmorgan"
                    ],
                    "effect": "allow"
                },
                {
                    "actions": [
                        "iam:group:read"
                    ],
                    "resources": [
                        "krn:iam:kaa::group/Foo/boo"
                    ],
                    "principals": [
                        "krn:iam:kaa::group/Foo/boo"
                    ],
                    "effect": "allow"
                }
            ]
        }
    }

    HTTP status code 401

    Request is not authenticated.

    HTTP status code 403

    Principal does not have sufficient permissions to perform this operation.

    Secured by oauth_2_0

    Headers

    • Authorization: (string)

      Used to send a valid OAuth 2 access token. Example: "Authorization: Bearer 'access_token'" where 'access_token' must be replaced by a valid OAuth access token. This header is needed only if API authentication is enabled for the service.

    put /groups/{groupID}/policy

    Updates resource policy of the group.

    Secured by oauth_2_0 with scopes:
    • iam:group:policy:update

    IAM supports OAuth 2.0 for authenticating all API requests.

    URI Parameters

    • groupID: required (string)

      Group ID.

      Example:

      a3JuOmlhbTprYWE6Z3JvdXAvY2FsaWZvcm5pYQo=

    Body

    Media type: application/json

    Type: object

    Properties

    • statements: required (array of ResourcePolicyUpdateData)

      List of statements.

      Items: ResourcePolicyUpdateData

      • actions: required (array of )

        List of actions that specified.

      • principals: required (array of )

        List of principals that specified.

      • effect: required (string)

        Principal effect.

    Example:

    {
        "statements":[
            {
                "actions":[
                    "*"
                ],
                "principals":[
                    "krn:iam:kaa::user/josephmorgan"
                ],
                "effect":"allow"
            },
            {
                "actions":[
                    "iam:group:read"
                ],
                "principals":[
                    "krn:iam:kaa::group/Foo/boo"
                ],
                "effect":"allow"
            },
            {
                "actions":[
                    "iam:group:*"
                ],
                "principals":[
                    "krn:iam:kaa::user/user1uuid"
                ],
                "effect":"allow"
            }
        ]
    }

    HTTP status code 204

    Successfully updated group resource policies.

    HTTP status code 400

    Invalid request.

    HTTP status code 401

    Request is not authenticated.

    HTTP status code 403

    Principal does not have sufficient permissions to perform this operation.

    Secured by oauth_2_0

    Headers

    • Authorization: (string)

      Used to send a valid OAuth 2 access token. Example: "Authorization: Bearer 'access_token'" where 'access_token' must be replaced by a valid OAuth access token. This header is needed only if API authentication is enabled for the service.

    Policies

    Operations on policies.

    /policies post get

    post /policies

    Creates policy.

    Secured by oauth_2_0 with scopes:
    • iam:policy:create

    IAM supports OAuth 2.0 for authenticating all API requests.

    Body

    Media type: application/json

    Type: object

    Properties

    • name: required (string)

      Policy name.

    • description: (string)

      Policy description.

    • type: required (one of resource, iam, group)

      Policy type.

    • statements: required (array of CreatePolicyStatement)

      Policy statements.

      Items: CreatePolicyStatement

      • actions: required (array of )

        Action list.

      • resources: required (array of )

        Resource list.

      • effect: required (one of allow, deny)

        Principal effect.

    Example:

    {
      "name": "Allow-all-on-user1",
      "description": "policy description",
      "type": "iam",
      "statements": [
        {
          "actions": [
            "iam:user:*"
          ],
          "resources": [
            "krn:iam:kaa::policy/user1"
          ],
          "effect": "allow"
        }
      ]
    }
    

    HTTP status code 201

    Body

    Media type: application/json

    Type: object

    Properties

    • data: required (object)

      Policy.

      • id: required (string)

        Policy ID.

      • krn: required (string)

        Policy KRN.

      • name: required (string)

        Name of the policy.

      • description: required (string)

        Policy description.

      • type: required (one of resource, principal)

        Policy type.

      • statements: required (array of Statement)

        Policy statements.

        Items: Statement

        • actions: required (array of )

          Action list.

        • resources: required (array of )

          Resource list.

        • principals: (array of )

          Principal list.

        • effect: required (one of allow, deny)

          Principal effect.

    Example:

    {
      "data": {
          "id": "a3JuOmlhbTprYWE6OnBvbGljeS9BbGxvdy1hbGwtb24tdXNlcjE=",
          "krn": "krn:iam:kaa::policy/Allow-all-on-user1",
          "name": "Allow-all-on-user1",
          "description": "policy description",
          "type": "iam",
          "statements": [
              {
                  "actions": [
                      "iam:user:*"
                  ],
                  "resources": [
                      "krn:iam:kaa::policy/user1"
                  ],
                  "principals": [
                      "krn:iam:kaa::user/admin@example.com"
                  ],
                  "effect": "allow"
              }
          ]
      }
    }

    HTTP status code 400

    Invalid request.

    HTTP status code 401

    Request is not authenticated.

    HTTP status code 403

    Principal does not have sufficient permissions to perform this operation.

    Secured by oauth_2_0

    Headers

    • Authorization: (string)

      Used to send a valid OAuth 2 access token. Example: "Authorization: Bearer 'access_token'" where 'access_token' must be replaced by a valid OAuth access token. This header is needed only if API authentication is enabled for the service.

    get /policies

    Returns policies.

    Secured by oauth_2_0 with scopes:
    • iam:policy:read

    IAM supports OAuth 2.0 for authenticating all API requests.

    Query Parameters

    • type: (one of resource, iam, group - default: iam)

      Type of the policy.

      Example:

      iam
    • actions: (string)

      Actions to get policies accordingly.

      Example:

      iam:user:read,iam:user:delete
    • size: (number - default: 10)

      Size of the policies to get.

      Example:

      5
    • pit: (string)

      Pit(point in time) number from previous request.

    • sort: (string)

      Sort from previous request.

    HTTP status code 200

    Body

    Media type: application/json

    Type: object

    Properties

    • data: required (array of Policy)

      Policy list.

      Items: Policy

      • id: required (string)

        Policy ID.

      • krn: required (string)

        Policy KRN.

      • name: required (string)

        Name of the policy.

      • description: required (string)

        Policy description.

      • type: required (one of resource, principal)

        Policy type.

      • statements: required (array of Statement)

        Policy statements.

        Items: Statement

        • actions: required (array of )

          Action list.

        • resources: required (array of )

          Resource list.

        • principals: (array of )

          Principal list.

        • effect: required (one of allow, deny)

          Principal effect.

    • pit: required (string)

      Pit number.

    • sort: required (string)

      Sort type.

    Example:

    {
      "data": [
          {
              "id": "a3JuOmlhbTprYWE6OnBvbGljeS9BZG1pbl91c2VyX3JlYWQ=",
              "krn": "krn:iam:kaa::policy/Admin_user_read",
              "name": "Admin_user_read",
              "description": "Allow user to read admin user",
              "type": "iam",
              "statements": [
                  {
                      "actions": [
                          "iam:user:read"
                      ],
                      "resources": [
                          "krn:iam:kaa::user/admin@example.com"
                      ],
                      "principals": [
                          "krn:iam:kaa::user/admin@example.com",
                          "krn:iam:kaa::user/john",
                          "krn:iam:kaa::user/org1/john",
                          "krn:iam:kaa::user/josephmorgan"
                      ],
                      "effect": "allow"
                  }
              ]
          }
      ],
      "pit": "g-azAwIHa2FhLWlhbRZJdG1kUzlRdVR3YWJaSUE3UEhMTG9RABZzakJqZnhpZVFvMjZITWhXcVRrT2tRAAAAAAAAAEMqFjlOZzk0Yk1iUkVxM0RreGp6cjFLZ0EAB2thYS1pYW0WSXRtZFM5UXVUd2FiWklBN1BITExvUQEWWWF3LW9ma3FRQ21fU3FsT2NDdzluUQAAAAAAAABAXRYzSmk0MnpLYlFWRzNya1I1cy0xdE1nAAEWSXRtZFM5UXVUd2FiWklBN1BITExvUQAA",
      "sort": "[\"allow\",\"krn:iam:kaa:user/admin@example.com\",\"a3JuOmlhbTprYWE6cG9saWN5L0FkbWluX3VzZXJfcmVhZA==\",4294967308]"
    }

    HTTP status code 400

    Invalid request.

    HTTP status code 401

    Request is not authenticated.

    HTTP status code 403

    Principal does not have sufficient permissions to perform this operation.

    Secured by oauth_2_0

    Headers

    • Authorization: (string)

      Used to send a valid OAuth 2 access token. Example: "Authorization: Bearer 'access_token'" where 'access_token' must be replaced by a valid OAuth access token. This header is needed only if API authentication is enabled for the service.

    /policies/evaluate/resources post

    post /policies/evaluate/resources

    Returns a subset of resources provided in the request, against which a given action is permitted.

    Secured by oauth_2_0

    IAM supports OAuth 2.0 for authenticating all API requests.

    Body

    Media type: application/json

    Type: object

    Properties

    • action: required (string)

      Action.

    • resources: required (array of )

      List of resource KRNs.

    Example:

    {
      "action": "iam:user:read",
      "resources": ["krn:iam:kaa::user/edward", "krn:iam:kaa::user/org1/louise"]
    }
    

    HTTP status code 200

    Body

    Media type: application/json

    Type: object

    Properties

    • data: required (array of )

      List of resource KRNs.

    • pit: required (string)

      Pit number.

    • sort: required (string)

      Sort type.

    Example:

    {
      "data": [
        "krn:iam:kaa::user/edward",
        "krn:iam:kaa::user/org1/louise"
      ],
      "pit": "n5qzAwIHa2FhLWlhbRZfYklub0ZVQlJZR3BDV1M0cGNhVlJRABZoNXVEQ0dMTVRycUVzaHY1ZEFleUR3AAAAAAAAAAbbFkp6Y1hlWm91UlUtemNiR25WNE5pMlEAB2thYS1pYW0WX2JJbm9GVUJSWUdwQ1dTNHBjYVZSUQEWaDV1RENHTE1UcnFFc2h2NWRBZXlEdwAAAAAAAAAG3BZKemNYZVpvdVJVLXpjYkduVjROaTJRAAEWX2JJbm9GVUJSWUdwQ1dTNHBjYVZSUQAA",
      "sort": "[\"allow\",\"krn:iam:kaa::user/edward\",\"a3JuOmlhbTprYWE6OnBvbGljeS9yb290LXBvbGljeQ==\",4294967309]"
    }
    

    HTTP status code 400

    Invalid request.

    HTTP status code 401

    Request is not authenticated.

    HTTP status code 403

    Principal does not have sufficient permissions to perform this operation.

    Secured by oauth_2_0

    Headers

    • Authorization: (string)

      Used to send a valid OAuth 2 access token. Example: "Authorization: Bearer 'access_token'" where 'access_token' must be replaced by a valid OAuth access token. This header is needed only if API authentication is enabled for the service.

    /policies/evaluate/actions post

    post /policies/evaluate/actions

    Provides a list of all permitted actions on the resources specified in the request.

    Secured by oauth_2_0

    IAM supports OAuth 2.0 for authenticating all API requests.

    Body

    Media type: application/json

    Type: object

    Properties

    • actions: (array of )

      List of requested actions.

    • resources: required (array of )

      List of resource KRNs.

    Example:

    {
      "resources": ["krn:iam:kaa::user/edward", "krn:iam:kaa::user/org1/louise"]
    }
    

    HTTP status code 200

    Body

    Media type: application/json

    Type: object

    Properties

    • data: required (object)
      • allow: required (string)
      • deny: required (string)
    • pit: required (string)

      Pit number.

    • sort: required (string)

      Sort type.

    Example:

    {
      "data": {
        "resources": {
          "krn:iam:kaa::user/edward": {
            "allow": [
              "iam:group:read",
              "iam:user:read"
            ],
            "deny": [
              "iam:policy:*"
            ]
          },
          "krn:iam:kaa::user/org1/louise": {
            "allow": [
              "iam:user:*",
              "iam:group:*",
              "iam:policy:*"
            ],
            "deny": null
          }
        }
      },
      "pit": "n5qzAwIHa2FhLWlhbRZfYklub0ZVQlJZR3BDV1M0cGNhVlJRABZoNXVEQ0dMTVRycUVzaHY1ZEFleUR3AAAAAAAAAAbbFkp6Y1hlWm91UlUtemNiR25WNE5pMlEAB2thYS1pYW0WX2JJbm9GVUJSWUdwQ1dTNHBjYVZSUQEWaDV1RENHTE1UcnFFc2h2NWRBZXlEdwAAAAAAAAAG3BZKemNYZVpvdVJVLXpjYkduVjROaTJRAAEWX2JJbm9GVUJSWUdwQ1dTNHBjYVZSUQAA",
      "sort": "[\"allow\",\"krn:iam:kaa::user/edward\",\"a3JuOmlhbTprYWE6OnBvbGljeS9yb290LXBvbGljeQ==\",4294967309]"
    }
    

    HTTP status code 400

    Invalid request.

    HTTP status code 401

    Request is not authenticated.

    HTTP status code 403

    Principal does not have sufficient permissions to perform this operation.

    Secured by oauth_2_0

    Headers

    • Authorization: (string)

      Used to send a valid OAuth 2 access token. Example: "Authorization: Bearer 'access_token'" where 'access_token' must be replaced by a valid OAuth access token. This header is needed only if API authentication is enabled for the service.

    /policies/{policyID} get put delete

    get /policies/{policyID}

    Returns policy information.

    Secured by oauth_2_0 with scopes:
    • iam:policy:read

    IAM supports OAuth 2.0 for authenticating all API requests.

    URI Parameters

    • policyID: required (string)

      Policy ID.

      Example:

      a3JuOmlhbTprYWE6Z3JvdXAvY2FsaWZvcm5pYQo=

    HTTP status code 200

    Policy is successfully retrieved.

    Body

    Media type: application/json

    Type: object

    Properties

    • data: required (object)
      • id: required (string)

        Policy ID.

      • krn: required (string)

        Policy KRN.

      • name: required (string)

        Name of the policy.

      • description: required (string)

        Policy description.

      • type: required (one of resource, principal)

        Policy type.

      • statements: required (array of Statement)

        Policy statements.

        Items: Statement

        • actions: required (array of )

          Action list.

        • resources: required (array of )

          Resource list.

        • principals: (array of )

          Principal list.

        • effect: required (one of allow, deny)

          Principal effect.

    Example:

    {
      "data": {
        "id": "a3JuOmlhbTprYWE6OnBvbGljeS9wb2xpY3ktbmFtZQ==",
        "name": "policy-name",
        "krn": "krn:iam:kaa::policy/policy-name",
        "description": "policy description",
        "type": "resource",
        "statements": [
          {
            "actions": [
              "iam:user:read",
              "iam:user:update",
              "iam:user:delete"
            ],
            "resources": [
              "krn:iam:kaa::policy/user1"
            ],
            "principals": [
              "krn:iam:kaa::user/admin@example.com"
            ],
            "effect": "allow"
          }
        ]
      }
    }
    

    HTTP status code 400

    Invalid request.

    HTTP status code 401

    Request is not authenticated.

    HTTP status code 403

    Principal does not have sufficient permissions to perform this operation.

    Secured by oauth_2_0

    Headers

    • Authorization: (string)

      Used to send a valid OAuth 2 access token. Example: "Authorization: Bearer 'access_token'" where 'access_token' must be replaced by a valid OAuth access token. This header is needed only if API authentication is enabled for the service.

    put /policies/{policyID}

    Updates policy.

    Secured by oauth_2_0 with scopes:
    • iam:policy:update

    IAM supports OAuth 2.0 for authenticating all API requests.

    URI Parameters

    • policyID: required (string)

      Policy ID.

      Example:

      a3JuOmlhbTprYWE6Z3JvdXAvY2FsaWZvcm5pYQo=

    Body

    Media type: application/json

    Type: object

    Properties

    • name: required (string)

      Name of the policy.

    • description: required (string)

      Policy description.

    • type: required (one of resource, principal)

      Policy type.

    • statements: required (array of CreatePolicyStatement)

      Policy statements.

      Items: CreatePolicyStatement

      • actions: required (array of )

        Action list.

      • resources: required (array of )

        Resource list.

      • effect: required (one of allow, deny)

        Principal effect.

    Example:

    { 
      "name": "policy-name",
      "description": "policy description",
      "type": "iam",
      "statements": [
        {
          "actions": [
            "iam:user:read",
            "iam:user:update",
            "iam:user:delete"
          ],
          "resources": [
            "krn:iam:kaa::policy/user1"
          ],
          "effect": "allow"
        }
      ]
    }
    

    HTTP status code 204

    Policy is successfully updated.

    HTTP status code 400

    Invalid request.

    HTTP status code 401

    Request is not authenticated.

    HTTP status code 403

    Principal does not have sufficient permissions to perform this operation.

    Secured by oauth_2_0

    Headers

    • Authorization: (string)

      Used to send a valid OAuth 2 access token. Example: "Authorization: Bearer 'access_token'" where 'access_token' must be replaced by a valid OAuth access token. This header is needed only if API authentication is enabled for the service.

    delete /policies/{policyID}

    Deletes policy.

    Secured by oauth_2_0 with scopes:
    • iam:policy:delete

    IAM supports OAuth 2.0 for authenticating all API requests.

    URI Parameters

    • policyID: required (string)

      Policy ID.

      Example:

      a3JuOmlhbTprYWE6Z3JvdXAvY2FsaWZvcm5pYQo=

    HTTP status code 204

    Policy is successfully deleted.

    HTTP status code 400

    Invalid request.

    HTTP status code 401

    Request is not authenticated.

    HTTP status code 403

    Principal does not have sufficient permissions to perform this operation.

    Secured by oauth_2_0

    Headers

    • Authorization: (string)

      Used to send a valid OAuth 2 access token. Example: "Authorization: Bearer 'access_token'" where 'access_token' must be replaced by a valid OAuth access token. This header is needed only if API authentication is enabled for the service.

    /policies/{policyID}/principals/attach post

    post /policies/{policyID}/principals/attach

    Attaches principals to a policy.

    Secured by oauth_2_0 with scopes:
    • iam:policy:attach

    IAM supports OAuth 2.0 for authenticating all API requests.

    URI Parameters

    • policyID: required (string)

      Policy ID.

      Example:

      a3JuOmlhbTprYWE6Z3JvdXAvY2FsaWZvcm5pYQo=

    Body

    Media type: application/json

    Type: object

    Properties

    • principals: required (array of )

      Principal IDs.

    Example:

    {
      "principals": [
        "a3JuOmlhbTprYWE6OnVzZXIvam9zZXBobW9yZ2Fu"
      ]
    }
    

    HTTP status code 204

    Principals are successfully attached to a policy.

    HTTP status code 400

    Invalid request.

    HTTP status code 401

    Request is not authenticated.

    HTTP status code 403

    Principal does not have sufficient permissions to perform this operation.

    Secured by oauth_2_0

    Headers

    • Authorization: (string)

      Used to send a valid OAuth 2 access token. Example: "Authorization: Bearer 'access_token'" where 'access_token' must be replaced by a valid OAuth access token. This header is needed only if API authentication is enabled for the service.

    /policies/{policyID}/principals/detach post

    post /policies/{policyID}/principals/detach

    Detaches principals from a policy.

    Secured by oauth_2_0 with scopes:
    • iam:policy:detach

    IAM supports OAuth 2.0 for authenticating all API requests.

    URI Parameters

    • policyID: required (string)

      Policy ID.

      Example:

      a3JuOmlhbTprYWE6Z3JvdXAvY2FsaWZvcm5pYQo=

    Body

    Media type: application/json

    Type: object

    Properties

    • principals: required (array of )

      Principal IDs.

    Example:

    {
      "principals": [
        "a3JuOmlhbTprYWE6OnVzZXIvam9zZXBobW9yZ2Fu"
      ]
    }
    

    HTTP status code 204

    Principals are successfully detached from a policy.

    HTTP status code 400

    Invalid request.

    HTTP status code 401

    Request is not authenticated.

    HTTP status code 403

    Principal does not have sufficient permissions to perform this operation.

    Secured by oauth_2_0

    Headers

    • Authorization: (string)

      Used to send a valid OAuth 2 access token. Example: "Authorization: Bearer 'access_token'" where 'access_token' must be replaced by a valid OAuth access token. This header is needed only if API authentication is enabled for the service.