Here is
new documentation version.
You are reading outdated documentation, which will be shutdown soon!
REST API
Identity and Access Management API documentation version v1
{schema}://{host}/api/{version}
- schema: required(one of http, https - default: http)
- host: required(string - default: localhost)
- version: required(v1)
Users
Operations on users.
post /users
Registers a new user.
- iam:user:create
IAM supports JWT access tokens for authenticating and authorizing all API requests.
Body
Media type: application/json
Type: object
Properties
- firstName: optional (string)
User's first name.
- lastName: optional (string)
User's last name.
- email: required(string - pattern: ^[a-z0-9]+[\._]?[a-z0-9]+[@][a-z]+[.][a-z]{2,3}$)
User's email (required when keycloakIDAsUsername enabled).
- username: required(string - pattern: ^[a-zA-Z0-9_\-@.]*$)
Username (required when keycloakIDAsUsername disbaled).
- password: required(string)
User's password.
- confirmPassword: required(string)
Confirmation of user's password.
- enabled: optional (boolean)
Whether the user is enabled or not. Default is
false
. - path: optional (string)
User's path that will be used in KRN.
- policyIDs: optional (array of )
Policies that must be attached to the user.
- groups: optional (array of )
Groups that the user must be assigned to.
- sendVerifyEmail: optional (boolean)
Send verify email to user flag.
- redirectUri: optional (string)
Redirect Uri after user verify.
Example:
{
"firstName": "John",
"lastName": "Foo",
"email": "johnfoo@gmail.com",
"enabled": true,
"username": "foojohn",
"password": "YesYkYKpLd6n3dVZ",
"confirmPassword": "YesYkYKpLd6n3dVZ",
"path": "/org1",
"policyIDs": [
"a3JuOmlhbTprYWE6OnBvbGljeS9BZG1pbl91c2VyX3JlYWQ="
],
"groups": [
"a3JuOmlhbTprYWE6Omdyb3VwL0Zvbw=="
],
"sendVerifyEmail": true,
"redirectUri": "http://example.com/"
}
HTTP status code 201
The user is successfully registered.
Body
Media type: application/json
Type: object
Properties
- data: required(object)
- id: required(string)
User ID.
- keycloakID: required(string)
User keycloakID.
- created: required(datetime)
User creation date.
- updated: required(datetime)
User update date.
- tenantID: required(string)
Tenant ID that user belongs to.
- email: optional (string - pattern: ^[a-z0-9]+[\._]?[a-z0-9]+[@][a-z]+[.][a-z]{2,3}$)
User's email.
- username: required(string - pattern: ^[a-zA-Z0-9_\-@.]*$)
Username.
- enabled: required(boolean)
Whether the user is enabled or not.
- path: optional (string)
User's path that is used in KRN.
- krn: required(string - pattern: ^[a-zA-Z0-9_)
User's KRN.
- policyIDs: optional (array of )
Policies that are attached to user.
- groups: optional (array of )
Groups that the user is assigned to.
- sendVerifyEmail: optional (boolean)
Send verify email to user flag.
- redirectUri: optional (string)
Redirect Uri after user verify.
- id: required(string)
Example:
{
"data": {
"id": "a3JuOmlhbTprYWE6OnVzZXIvb3JnMS9qb2hu",
"created": "2021-10-18T10:19:17.530472734Z",
"keycloakID": "e9800d15-7b45-4504-93ef-08788c3d15b1",
"updated": "2021-10-18T10:19:17.530472734Z",
"tenantID": "kaa",
"email": "john@gmail.com",
"enabled": true,
"firstName": "John",
"lastName": "Martin",
"username": "john",
"krn": "krn:iam:kaa::user/org1/john",
"path": "/org1",
"groups": [
"a3JuOmlhbTprYWE6Omdyb3VwL0Zvbw=="
],
"policyIDs": [
"a3JuOmlhbTprYWE6OnBvbGljeS9BZG1pbl91c2VyX3JlYWQ="
],
"sendVerifyEmail": true,
"redirectUri": "http://example.com/"
}
}
HTTP status code 400
Invalid request.
HTTP status code 401
Request is not authenticated.
HTTP status code 403
Principal does not have sufficient permissions to perform this operation.
Secured by IAM
Headers
- Authorization: optional (string)
Used to send a valid JWT access token. Example: "Authorization: Bearer 'access_token'" where 'access_token' must be replaced by a valid JWT access token. This header is needed only if API authentication is enabled for the service. The service authorizes resource access using the Kaa IAM.
get /users
Retrieves users.
- iam:user:read
IAM supports JWT access tokens for authenticating and authorizing all API requests.
Query Parameters
- page: optional (number - default: 1)
Page number.
Example:
1
- pageSize: optional (number - default: 10)
Page size.
Example:
10
- sort: optional (string - default: id)
Sorting field.
Example:
name
- sortOrder: optional (one of asc, desc - default: desc)
Sort order.
Example:
asc
- email: optional (string)
Filter user by email.
Example:
josephmorgan@gmail.com
- path: optional (string)
Filter user by path.
Example:
/org1
HTTP status code 200
Users are successfully retrieved.
Body
Media type: application/json
Type: object
Properties
- data: required(array of RetrieveUser)
Items: RetrieveUser
- id: required(string)
User ID.
- keycloakID: required(string)
User keycloakID.
- created: required(datetime)
User creation date.
- updated: required(datetime)
User update date.
- tenantID: required(string)
Tenant ID that user belongs to.
- email: optional (string - pattern: ^[a-z0-9]+[\._]?[a-z0-9]+[@][a-z]+[.][a-z]{2,3}$)
User's email.
- username: required(string - pattern: ^[a-zA-Z0-9_\-@.]*$)
Username.
- enabled: required(boolean)
Whether the user is enabled or not.
- path: optional (string)
User's path that is used in KRN.
- defaultGroup: optional (string)
User's default group.
- krn: required(string - pattern: ^[a-zA-Z0-9_\-/:*@.]*$)
User's KRN.
- id: required(string)
- count: required(integer)
Total amount of users.
- page: required(integer)
Page number.
- pageSize: required(integer)
Total returned elements.
Example:
{
"data": [
{
"id": "a3JuOmlhbTprYWE6OnVzZXIvcm9iYmll",
"keycloakID": "68a8372d-cc0a-4a42-8a56-099ac466e0bd",
"created": "2021-10-18T08:47:54.219531Z",
"updated": "2021-10-18T08:47:54.219531Z",
"tenantID": "kaa",
"email": "robbie@example.com",
"enabled": true,
"firstName": "",
"lastName": "",
"username": "robbie",
"krn": "krn:iam:kaa::user/robbie",
"path": "/"
},
{
"id": "a3JuOmlhbTprYWE6OnVzZXIvb3JnMS9qb2hu",
"keycloakID": "6f1e8e4b-e9fd-483e-8655-cd9e7bccf5df",
"created": "2021-10-18T10:19:17.530472Z",
"updated": "2021-10-18T10:19:17.530472Z",
"tenantID": "kaa",
"email": "john@gmail.com",
"enabled": true,
"firstName": "John",
"lastName": "Martin",
"username": "john",
"krn": "krn:iam:kaa::user/org1/john",
"path": "/org1"
},
{
"id": "a3JuOmlhbTprYWE6OnVzZXIvdmljdG9y",
"keycloakID": "ddc2eedd-6625-4227-9044-d838018d8bf4",
"created": "2021-10-15T10:58:50.317315Z",
"updated": "2021-10-15T10:58:50.317315Z",
"tenantID": "kaa",
"email": "victor@email.com",
"enabled": true,
"firstName": "Victor",
"lastName": "Charles",
"username": "victor",
"krn": "krn:iam:kaa::user/victor",
"path": "/"
},
{
"id": "a3JuOmlhbTprYWE6OnVzZXIvZnJhbmNlc0BnbWFpbC5jb20=",
"keycloakID": "e5904d33-ea08-41b7-ab33-1001863d73c9",
"created": "2021-10-15T09:58:17.989254Z",
"updated": "2021-10-15T09:58:17.989254Z",
"tenantID": "kaa",
"email": "rances@gmail.com",
"enabled": true,
"firstName": "Frances",
"lastName": "Nathan",
"username": "frances@gmail.com",
"krn": "krn:iam:kaa::user/frances@gmail.com",
"path": "/"
},
{
"id": "a3JuOmlhbTprYWE6OnVzZXIvd2luaWZyZWQ=",
"keycloakID": "74554cff-b260-4055-afab-fd068e433495",
"created": "2021-10-15T14:54:53.679871Z",
"updated": "2021-10-15T15:33:57.90856Z",
"tenantID": "kaa",
"email": "winifred@gmail.com",
"enabled": true,
"firstName": "Winifred",
"lastName": "Theodora",
"username": "winifred",
"krn": "krn:iam:kaa::user/winifred",
"path": "/"
},
{
"id": "a3JuOmlhbTprYWE6OnVzZXIvY2Fyb2xpbmU=",
"keycloakID": "5ed9f438-7afc-4bad-abad-4f06612b2bab",
"created": "2021-10-18T08:14:47.481435Z",
"updated": "2021-10-18T08:14:47.481435Z",
"tenantID": "kaa",
"email": "caroline@gmail.com",
"enabled": true,
"firstName": "Caroline",
"lastName": "Melina",
"username": "caroline",
"krn": "krn:iam:kaa::user/caroline",
"path": "/"
}
],
"count": 6,
"page": 1,
"pageSize": 10
}
HTTP status code 401
Request is not authenticated.
HTTP status code 403
Principal does not have sufficient permissions to perform this operation.
Secured by IAM
Headers
- Authorization: optional (string)
Used to send a valid JWT access token. Example: "Authorization: Bearer 'access_token'" where 'access_token' must be replaced by a valid JWT access token. This header is needed only if API authentication is enabled for the service. The service authorizes resource access using the Kaa IAM.
/users/paths get
get /users/paths
Retrieves unique user paths.
- iam:user:read
IAM supports JWT access tokens for authenticating and authorizing all API requests.
HTTP status code 200
User paths are successfully retrieved.
Body
Media type: application/json
Type: object
Properties
- data: required(array of )
Example:
{
"data": [
"/org1",
"/org2"
]
}
HTTP status code 401
Request is not authenticated.
HTTP status code 403
Principal does not have sufficient permissions to perform this operation.
Secured by IAM
Headers
- Authorization: optional (string)
Used to send a valid JWT access token. Example: "Authorization: Bearer 'access_token'" where 'access_token' must be replaced by a valid JWT access token. This header is needed only if API authentication is enabled for the service. The service authorizes resource access using the Kaa IAM.
/users/delete post
post /users/delete
Bulk deletes users.
- iam:user:delete
IAM supports JWT access tokens for authenticating and authorizing all API requests.
Body
Media type: application/json
Type: object
Properties
- userIDs: required(string)
Example:
{
"userIDs": [
"a3JuOmlhbTprYWE6OnVzZXIvcGF0aC9mb3dsZXI="
]
}
HTTP status code 204
Users successfully deleted.
HTTP status code 400
Invalid request.
HTTP status code 401
Request is not authenticated.
HTTP status code 403
Principal does not have sufficient permissions to perform this operation.
Secured by IAM
Headers
- Authorization: optional (string)
Used to send a valid JWT access token. Example: "Authorization: Bearer 'access_token'" where 'access_token' must be replaced by a valid JWT access token. This header is needed only if API authentication is enabled for the service. The service authorizes resource access using the Kaa IAM.
get /users/me
Retrieve currently authenticated user's information.
- iam:me:read
IAM supports JWT access tokens for authenticating and authorizing all API requests.
HTTP status code 200
The user is successfully retrieved.
Body
Media type: application/json
Type: object
Properties
- data: required(object)
- id: required(string)
User ID.
- keycloakID: required(string)
User keycloakID.
- created: required(datetime)
User creation date.
- updated: required(datetime)
User update date.
- tenantID: required(string)
Tenant ID that user belongs to.
- email: optional (string - pattern: ^[a-z0-9]+[\._]?[a-z0-9]+[@][a-z]+[.][a-z]{2,3}$)
User's email.
- username: required(string - pattern: ^[a-zA-Z0-9_\-@.]*$)
Username.
- enabled: required(boolean)
Whether the user is enabled or not.
- path: optional (string)
User's path that is used in KRN.
- defaultGroup: optional (string)
User's default group.
- krn: required(string - pattern: ^[a-zA-Z0-9_\-/:*@.]*$)
User's KRN.
- id: required(string)
Example:
{
"data": {
"id": "a3JuOmlhbTprYWE6OnVzZXIvam9zZXBobW9yZ2Fu",
"keycloakID": "054b6a1a-3cb1-489b-a6ef-0579bdf3e275",
"created": "2021-10-18T11:08:09.4919Z",
"updated": "2021-10-18T11:08:09.4919Z",
"tenantID": "kaa",
"email": "josephmorgan@gmail.com",
"enabled": true,
"firstName": "Joseph",
"lastName": "Morgan",
"username": "josephmorgan",
"krn": "krn:iam:kaa::user/josephmorgan",
"path": "/"
}
}
HTTP status code 401
Request is not authenticated.
HTTP status code 403
Principal does not have sufficient permissions to perform this operation.
Secured by IAM
Headers
- Authorization: optional (string)
Used to send a valid JWT access token. Example: "Authorization: Bearer 'access_token'" where 'access_token' must be replaced by a valid JWT access token. This header is needed only if API authentication is enabled for the service. The service authorizes resource access using the Kaa IAM.
put /users/me
Updates currently authenticated user's information.
- iam:me:update
IAM supports JWT access tokens for authenticating and authorizing all API requests.
Body
Media type: application/json
Type: object
Properties
- email: optional (string - pattern: ^[a-z0-9]+[\._]?[a-z0-9]+[@][a-z]+[.][a-z]{2,3}$)
User's email.
- firstName: optional (string)
User's first name.
- lastName: optional (string)
User's last name.
- defaultGroup: optional (string)
User's default group.
- enabled: optional (boolean)
Whether the user is enabled or not.
Example:
{
"firstName": "MorganUpdated",
"lastName": "JosephUpdated",
"email": "josephm@gmail.com",
"enabled": true
}
HTTP status code 204
The user is successfully updated.
HTTP status code 400
Invalid request.
HTTP status code 401
Request is not authenticated.
HTTP status code 403
Principal does not have sufficient permissions to perform this operation.
Secured by IAM
Headers
- Authorization: optional (string)
Used to send a valid JWT access token. Example: "Authorization: Bearer 'access_token'" where 'access_token' must be replaced by a valid JWT access token. This header is needed only if API authentication is enabled for the service. The service authorizes resource access using the Kaa IAM.
delete /users/me
Deletes currently authenticated user.
- iam:me:delete
IAM supports JWT access tokens for authenticating and authorizing all API requests.
HTTP status code 204
The user is successfully deleted.
HTTP status code 400
Invalid request.
HTTP status code 401
Request is not authenticated.
HTTP status code 403
Principal does not have sufficient permissions to perform this operation.
Secured by IAM
Headers
- Authorization: optional (string)
Used to send a valid JWT access token. Example: "Authorization: Bearer 'access_token'" where 'access_token' must be replaced by a valid JWT access token. This header is needed only if API authentication is enabled for the service. The service authorizes resource access using the Kaa IAM.
/users/me/krn get
get /users/me/krn
Retrieve the currently authenticated user KRN.
IAM supports JWT access tokens for authenticating and authorizing all API requests.
HTTP status code 200
User krn successfully retrieved.
Body
Media type: application/json
Type: object
Properties
- data: required(string)
Example:
{
"data": "krn:iam:kaa::user/org1/eytan"
}
HTTP status code 400
Invalid request.
HTTP status code 401
Request is not authenticated.
HTTP status code 403
Principal does not have sufficient permissions to perform this operation.
Secured by IAM
Headers
- Authorization: optional (string)
Used to send a valid JWT access token. Example: "Authorization: Bearer 'access_token'" where 'access_token' must be replaced by a valid JWT access token. This header is needed only if API authentication is enabled for the service. The service authorizes resource access using the Kaa IAM.
get /users/me/attributes
Retrieve currently authenticated user's attributes.
- iam:me:read
HTTP status code 200
User attributes are successfully retrieved.
Body
Media type: application/json
Type: json
Content:
{
"required":true,
"type":"object",
"properties":{
"data":{
"required":true,
"type":"array",
"items":[
{
"required":true,
"type":"string"
}
]
}
}
}
Example:
{
"data": {
"lastLogin": [
"23.11.2021"
],
"path": [
"/testpath"
],
"userInfo": [
"Micheal",
"Mark"
]
}
}
HTTP status code 401
Request is not authenticated.
HTTP status code 403
Principal does not have sufficient permissions to perform this operation.
Secured by
put /users/me/attributes
Updates currently authenticated user's attributes.
- iam:me:update
Body
Media type: application/json
Type: json
Content:
{
"required":true,
"type":"object",
"properties":{
"attributes":{
"required":true,
"type":"array",
"items":[
{
"required":true,
"type":"string"
}
]
}
}
}
Example:
{
"attributes": {
"lastLogin": [
"23.11.2021"
],
"userInfo": [
"Micheal",
"Mark"
]
}
}
HTTP status code 204
The user's attributes are successfully updated.
HTTP status code 400
Invalid request.
HTTP status code 401
Request is not authenticated.
HTTP status code 403
Principal does not have sufficient permissions to perform this operation.
Secured by
/users/me/password/change post
post /users/me/password/change
Changes the currently authenticated user's password.
- iam:me:update
IAM supports JWT access tokens for authenticating and authorizing all API requests.
Body
Media type: application/json
Type: object
Properties
- oldPassword: required(string)
User's old password.
- newPassword: required(string)
User's new password.
- confirmPassword: required(string)
User's new password confirmation.
Example:
{
"oldPassword": "YesYkYKpLd6n3dVZ",
"newPassword": "KPJ9KP33afQqG7ke",
"confirmPassword": "KPJ9KP33afQqG7ke"
}
HTTP status code 204
The user's password is successfully changed.
HTTP status code 400
Invalid request.
HTTP status code 401
Request is not authenticated.
HTTP status code 403
Principal does not have sufficient permissions to perform this operation.
Secured by IAM
Headers
- Authorization: optional (string)
Used to send a valid JWT access token. Example: "Authorization: Bearer 'access_token'" where 'access_token' must be replaced by a valid JWT access token. This header is needed only if API authentication is enabled for the service. The service authorizes resource access using the Kaa IAM.
/users/me/password/reset post
post /users/me/password/reset
Reset the currently authenticated user's password.
- iam:me:update
IAM supports JWT access tokens for authenticating and authorizing all API requests.
Body
Media type: application/json
Type: object
Properties
- newPassword: required(string)
User's new password.
- confirmPassword: required(string)
User's new password confirmation.
Example:
{
"newPassword": "hh8VkeHymc3j8NYJ",
"confirmPassword": "hh8VkeHymc3j8NYJ"
}
HTTP status code 204
The user's password is successfully reset.
HTTP status code 400
Invalid request.
HTTP status code 401
Request is not authenticated.
HTTP status code 403
Principal does not have sufficient permissions to perform this operation.
Secured by IAM
Headers
- Authorization: optional (string)
Used to send a valid JWT access token. Example: "Authorization: Bearer 'access_token'" where 'access_token' must be replaced by a valid JWT access token. This header is needed only if API authentication is enabled for the service. The service authorizes resource access using the Kaa IAM.
/users/me/groups get
get /users/me/groups
Retrieves the currently authenticated user's membership groups.
- iam:me:read
- iam:group:me:read
IAM supports JWT access tokens for authenticating and authorizing all API requests.
Query Parameters
- page: optional (number - default: 1)
Page number.
Example:
1
- pageSize: optional (number - default: 10)
Page size.
Example:
10
- sort: optional (string - default: id)
Sorting field.
Example:
name
- sortOrder: optional (one of asc, desc - default: desc)
Sort order.
Example:
asc
HTTP status code 200
Membership groups are successfully retrieved.
Body
Media type: application/json
Type: object
Properties
- data: required(array of Group)
Items: Group
- id: required(string)
Group ID.
- tenantID: required(string)
Tenant ID of the group.
- name: required(string - pattern: ^[a-zA-Z0-9_\-@.]*$)
Group name.
- displayName: required(string)
Group display name.
- path: required(string)
Group path.
- krn: required(string - pattern: ^[a-zA-Z0-9_\-/:*@.]*$)
Group KRN.
- created: required(datetime)
Group registration date in ISO 8601 format (UTC timezone).
- updated: required(datetime)
Group last update date in ISO 8601 format (UTC timezone).
- id: required(string)
- count: required(integer)
Total amount of users.
- page: required(integer)
Page number.
- pageSize: required(integer)
Total returned elements.
Example:
{
"data": [
{
"id": "a3JuOmlhbTprYWE6Omdyb3VwL0Zvbw==",
"created": "2021-10-18T14:34:57.286561+04:00",
"updated": "2021-10-18T14:34:57.286561+04:00",
"tenantID": "kaa",
"name": "Foo",
"path": "/Foo",
"krn": "krn:iam:kaa::group/Foo"
}
],
"count": 1,
"page": 1,
"pageSize": 10
}
HTTP status code 400
Invalid request.
HTTP status code 401
Request is not authenticated.
HTTP status code 403
Principal does not have sufficient permissions to perform this operation.
Secured by IAM
Headers
- Authorization: optional (string)
Used to send a valid JWT access token. Example: "Authorization: Bearer 'access_token'" where 'access_token' must be replaced by a valid JWT access token. This header is needed only if API authentication is enabled for the service. The service authorizes resource access using the Kaa IAM.
/users/me/groups/add post
post /users/me/groups/add
Adds currently authenticated user to the groups.
- iam:me:update
- iam:group:me:add
- iam:me:group:add
IAM supports JWT access tokens for authenticating and authorizing all API requests.
Body
Media type: application/json
Type: object
Properties
- groupIDs: required(string)
Group IDs.
Example:
{
"groupIDs": [
"a3JuOmlhbTprYWE6Omdyb3VwL2Jvbw=="
]
}
HTTP status code 200
User is successfully added to groups.
Body
Media type: application/json
Type: object
Properties
- data: required(object)
- id: required(string)
User ID.
- keycloakID: required(string)
User keycloakID.
- created: required(datetime)
User creation date.
- updated: required(datetime)
User update date.
- tenantID: required(string)
Tenant ID that user belongs to.
- email: optional (string - pattern: ^[a-z0-9]+[\._]?[a-z0-9]+[@][a-z]+[.][a-z]{2,3}$)
User's email.
- username: required(string - pattern: ^[a-zA-Z0-9_\-@.]*$)
Username.
- enabled: required(boolean)
Whether the user is enabled or not.
- path: required(string)
User's path that is used in KRN.
- krn: required(string - pattern: ^[a-zA-Z0-9_\-/:*@.]*$)
User's KRN.
- groups: required(array of )
Groups that the user is assigned to.
- id: required(string)
Example:
{
"data": {
"id": "a3JuOmlhbTprYWE6OnVzZXIvam9zZXBobW9yZ2Fu",
"keycloakID":"0b63d362-9bb0-442d-8104-61cc1abfffcf",
"created": "2021-10-18T11:08:09.4919Z",
"updated": "2021-10-18T11:55:48.367213Z",
"tenantID": "kaa",
"email": "josephm@gmail.com",
"enabled": true,
"firstName": "MorganUpdated",
"lastName": "JosephUpdated",
"username": "josephmorgan",
"krn": "krn:iam:kaa::user/josephmorgan",
"path": "/",
"groups": [
"a3JuOmlhbTprYWE6Omdyb3VwL0Jvbw=="
]
}
}
HTTP status code 400
Invalid request.
HTTP status code 401
Request is not authenticated.
HTTP status code 403
Principal does not have sufficient permissions to perform this operation.
Secured by IAM
Headers
- Authorization: optional (string)
Used to send a valid JWT access token. Example: "Authorization: Bearer 'access_token'" where 'access_token' must be replaced by a valid JWT access token. This header is needed only if API authentication is enabled for the service. The service authorizes resource access using the Kaa IAM.
/users/me/groups/remove post
post /users/me/groups/remove
Removes currently authenticated user from groups.
- iam:me:update
- iam:group:me:remove
- iam:me:group:remove
IAM supports JWT access tokens for authenticating and authorizing all API requests.
Body
Media type: application/json
Type: object
Properties
- groupIDs: required(string)
Group IDs.
Example:
{
"groupIDs": [
"a3JuOmlhbTprYWE6Omdyb3VwL2Jvbw=="
]
}
HTTP status code 204
User is successfully removed from groups.
HTTP status code 400
Invalid request.
HTTP status code 401
Request is not authenticated.
HTTP status code 403
Principal does not have sufficient permissions to perform this operation.
Secured by IAM
Headers
- Authorization: optional (string)
Used to send a valid JWT access token. Example: "Authorization: Bearer 'access_token'" where 'access_token' must be replaced by a valid JWT access token. This header is needed only if API authentication is enabled for the service. The service authorizes resource access using the Kaa IAM.
/users/me/groups/{groupID}/add post
post /users/me/groups/{groupID}/add
Adds currently authenticated user to the group.
- iam:group:me:add
- iam:group:user:add
IAM supports JWT access tokens for authenticating and authorizing all API requests.
URI Parameters
- groupID: required(string)
Group ID.
Example:
a3JuOmlhbTprYWE6Z3JvdXAvY2FsaWZvcm5pYQo=
HTTP status code 204
User successfully added to the group.
HTTP status code 400
Invalid request.
HTTP status code 401
Request is not authenticated.
HTTP status code 403
Principal does not have sufficient permissions to perform this operation.
Secured by IAM
Headers
- Authorization: optional (string)
Used to send a valid JWT access token. Example: "Authorization: Bearer 'access_token'" where 'access_token' must be replaced by a valid JWT access token. This header is needed only if API authentication is enabled for the service. The service authorizes resource access using the Kaa IAM.
/users/me/groups/{groupID}/remove post
post /users/me/groups/{groupID}/remove
Removes currently authenticated from the group.
- iam:group:me:remove
IAM supports JWT access tokens for authenticating and authorizing all API requests.
URI Parameters
- groupID: required(string)
Group ID.
Example:
a3JuOmlhbTprYWE6Z3JvdXAvY2FsaWZvcm5pYQo=
HTTP status code 204
User successfully removed from the group.
HTTP status code 400
Invalid request.
HTTP status code 401
Request is not authenticated.
HTTP status code 403
Principal does not have sufficient permissions to perform this operation.
Secured by IAM
Headers
- Authorization: optional (string)
Used to send a valid JWT access token. Example: "Authorization: Bearer 'access_token'" where 'access_token' must be replaced by a valid JWT access token. This header is needed only if API authentication is enabled for the service. The service authorizes resource access using the Kaa IAM.
/users/me/policies get
get /users/me/policies
Returns policies that currently authenticated the user is attached to.
- iam:me:read
- iam:me:policy:read
IAM supports JWT access tokens for authenticating and authorizing all API requests.
HTTP status code 200
Policies that user is attached to are successfully retrieved.
Body
Media type: application/json
Type: object
Properties
- data: required(array of Policy)
Policy list.
Items: Policy
- id: required(string)
Policy ID.
- krn: required(string - pattern: ^[a-zA-Z0-9_\-/:*@.]*$)
Policy KRN.
- name: required(string - pattern: ^[a-zA-Z0-9_\-]*$)
Name of the policy.
- description: required(string)
Policy description.
- type: required(one of identity, resource)
Policy type.
- origin: required(string)
Policy origin.
- version: required(string)
Policy version.
- statements: required(array of Statement)
Policy statements.
Items: Statement
- actions: required(array of )
Action list.
- resources: required(array of )
Resource list.
- principals: optional (array of )
Principal list.
- description: optional (string)
Description of the statement.
- effect: required(one of allow, deny)
Principal effect.
- actions: required(array of )
- id: required(string)
- pit: required(string)
Pit number.
- sort: required(string)
Sort type.
Example:
{
"data": [
{
"id": "a3JuOmlhbTprYWE6OnBvbGljeS9BZG1pbl91c2VyX3JlYWQ=",
"krn": "krn:iam:kaa::policy/Admin_user_read",
"name": "Admin_user_read",
"description": "Allow user to read admin user",
"type": "identity",
"origin": "api",
"version": "1.0.0",
"statements": [
{
"actions": [
"iam:user:read"
],
"resources": [
"krn:iam:kaa::user/admin@example.com"
],
"principals": [
"krn:iam:kaa::user/admin@example.com",
"krn:iam:kaa::user/john",
"krn:iam:kaa::user/org1/john",
"krn:iam:kaa::user/josephmorgan"
],
"description": "Allow user read action on list of principals",
"effect": "allow"
}
]
}
],
"pit": "g-azAwIHa2FhLWlhbRZJdG1kUzlRdVR3YWJaSUE3UEhMTG9RABZzakJqZnhpZVFvMjZITWhXcVRrT2tRAAAAAAAAAEMqFjlOZzk0Yk1iUkVxM0RreGp6cjFLZ0EAB2thYS1pYW0WSXRtZFM5UXVUd2FiWklBN1BITExvUQEWWWF3LW9ma3FRQ21fU3FsT2NDdzluUQAAAAAAAABAXRYzSmk0MnpLYlFWRzNya1I1cy0xdE1nAAEWSXRtZFM5UXVUd2FiWklBN1BITExvUQAA",
"sort": "[\"allow\",\"krn:iam:kaa:user/admin@example.com\",\"a3JuOmlhbTprYWE6cG9saWN5L0FkbWluX3VzZXJfcmVhZA==\",4294967308]"
}
HTTP status code 400
Invalid request.
HTTP status code 401
Request is not authenticated.
HTTP status code 403
Principal does not have sufficient permissions to perform this operation.
Secured by IAM
Headers
- Authorization: optional (string)
Used to send a valid JWT access token. Example: "Authorization: Bearer 'access_token'" where 'access_token' must be replaced by a valid JWT access token. This header is needed only if API authentication is enabled for the service. The service authorizes resource access using the Kaa IAM.
/users/me/policies/eligible get
get /users/me/policies/eligible
Returns policies that currently authenticated the user is eligible to be attached to.
- iam:me:read
- iam:me:policy:read
IAM supports JWT access tokens for authenticating and authorizing all API requests.
HTTP status code 200
Body
Media type: application/json
Type: object
Properties
- data: required(array of Policy)
Policy list.
Items: Policy
- id: required(string)
Policy ID.
- krn: required(string - pattern: ^[a-zA-Z0-9_\-/:*@.]*$)
Policy KRN.
- name: required(string - pattern: ^[a-zA-Z0-9_\-]*$)
Name of the policy.
- description: required(string)
Policy description.
- type: required(one of identity, resource)
Policy type.
- origin: required(string)
Policy origin.
- version: required(string)
Policy version.
- statements: required(array of Statement)
Policy statements.
Items: Statement
- actions: required(array of )
Action list.
- resources: required(array of )
Resource list.
- principals: optional (array of )
Principal list.
- description: optional (string)
Description of the statement.
- effect: required(one of allow, deny)
Principal effect.
- actions: required(array of )
- id: required(string)
- pit: required(string)
Pit number.
- sort: required(string)
Sort type.
Example:
{
"data": [
{
"id": "a3JuOmlhbTo6a2FhOnBvbGljeS9hZG1pbi1hY2Nlc3M=",
"krn": "krn:iam::kaa:policy/admin-access",
"name": "admin-access",
"type": "identity",
"description": "admin access policy",
"origin": "api",
"version": "1.0.0",
"statements": [
{
"actions": [
"*"
],
"resources": [
"krn:iam:kaa:*"
],
"principals": [
"krn:iam:kaa::user/admin@example.com",
"krn:iam:kaa::user/org1/rayan",
"krn:iam:kaa::group/org1"
],
"effect": "allow"
}
]
},
{
"id": "a3JuOmlhbTprYWE6OnBvbGljeS9uZXctcG9sLWZpbmFs",
"krn": "krn:iam:kaa::policy/new-pol-final",
"name": "new-pol-final",
"type": "identity",
"origin": "api",
"version": "1.0.0",
"statements": [
{
"actions": [
"*"
],
"resources": [
"krn:iam::kaa:*"
],
"principals": [
"krn:iam:kaa::user/admin@example.com",
"krn:iam:kaa::user/org1/rayan"
],
"effect": "allow"
}
]
},
{
"id": "a3JuOmlhbTprYWE6OnBvbGljeS9uZXctdGVzdC1wb2w=",
"krn": "krn:iam:kaa::policy/new-test-pol",
"name": "new-test-pol",
"type": "identity",
"origin": "api",
"version": "1.0.0",
"statements": [
{
"actions": [
"*"
],
"resources": [
"krn:iam:kaa:*"
],
"principals": [
"krn:iam:kaa::user/admin@example.com"
],
"effect": "allow"
}
]
},
{
"id": "a3JuOmlhbTprYWE6OnBvbGljeS91c2Vycy1yZWFkb25seQ==",
"krn": "krn:iam:kaa::policy/users-readonly",
"name": "users-readonly",
"type": "identity",
"origin": "api",
"version": "1.0.0",
"statements": [
{
"actions": [
"iam:user:read"
],
"resources": [
"krn:iam:kaa::user/*"
],
"principals": [
"krn:iam:kaa::user/admin@example.com"
],
"effect": "allow"
},
{
"actions": [
"*"
],
"resources": [
"krn:iam:kaa::policy/*"
],
"principals": [
"krn:iam:kaa::user/admin@example.com"
],
"effect": "allow"
}
]
}
],
"pit": "g-azAwIHa2FhLWlhbRZJdG1kUzlRdVR3YWJaSUE3UEhMTG9RABZzakJqZnhpZVFvMjZITWhXcVRrT2tRAAAAAAAAAENIFjlOZzk0Yk1iUkVxM0RreGp6cjFLZ0EAB2thYS1pYW0WSXRtZFM5UXVUd2FiWklBN1BITExvUQEWSjlwWWxWdEZTUWluSllmZmVkZUMzZwAAAAAAAACjEBZjdDRNcjhXSlRObXZJeVEydTctVHVnAAEWSXRtZFM5UXVUd2FiWklBN1BITExvUQAA",
"sort": "[\"allow\",\"krn:iam:kaa:policy/*\",\"a3JuOmlhbTprYWE6cG9saWN5L3VzZXJzLXJlYWRvbmx5\",17]"
}
HTTP status code 400
Invalid request.
HTTP status code 401
Request is not authenticated.
HTTP status code 403
Principal does not have sufficient permissions to perform this operation.
Secured by IAM
Headers
- Authorization: optional (string)
Used to send a valid JWT access token. Example: "Authorization: Bearer 'access_token'" where 'access_token' must be replaced by a valid JWT access token. This header is needed only if API authentication is enabled for the service. The service authorizes resource access using the Kaa IAM.
/users/me/policies/attach post
post /users/me/policies/attach
Attaches the currently authenticated user to the policies.
- iam:me:update
- iam:me:policy:attach
IAM supports JWT access tokens for authenticating and authorizing all API requests.
Body
Media type: application/json
Type: object
Properties
- policyIDs: required(array of )
Policy IDs.
Example:
{
"policyIDs": [
"a3JuOmlhbTprYWE6OnBvbGljeS9Hcm91cC1wb2xpY3k="
]
}
HTTP status code 204
The user is successfully attached to the policies.
HTTP status code 400
Invalid request.
HTTP status code 401
Request is not authenticated.
HTTP status code 403
Principal does not have sufficient permissions to perform this operation.
Secured by IAM
Headers
- Authorization: optional (string)
Used to send a valid JWT access token. Example: "Authorization: Bearer 'access_token'" where 'access_token' must be replaced by a valid JWT access token. This header is needed only if API authentication is enabled for the service. The service authorizes resource access using the Kaa IAM.
/users/me/policies/detach post
post /users/me/policies/detach
Detaches the currently authenticated user from policies.
- iam:me:update
- iam:me:policy:detach
IAM supports JWT access tokens for authenticating and authorizing all API requests.
Body
Media type: application/json
Type: object
Properties
- policyIDs: required(array of )
Policy IDs.
Example:
{
"policyIDs": [
"a3JuOmlhbTprYWE6OnBvbGljeS9Hcm91cC1wb2xpY3k="
]
}
HTTP status code 204
The user is successfully detached from the policies.
HTTP status code 400
Invalid request.
HTTP status code 401
Request is not authenticated.
HTTP status code 403
Principal does not have sufficient permissions to perform this operation.
Secured by IAM
Headers
- Authorization: optional (string)
Used to send a valid JWT access token. Example: "Authorization: Bearer 'access_token'" where 'access_token' must be replaced by a valid JWT access token. This header is needed only if API authentication is enabled for the service. The service authorizes resource access using the Kaa IAM.
get /users/me/policy
Retrieves the currently authenticated user's resource policy.
- iam:me:read
- iam:me:policy:read
IAM supports JWT access tokens for authenticating and authorizing all API requests.
HTTP status code 200
Body
Media type: application/json
Type: object
Properties
- data: required(object)
- id: required(string)
Policy ID.
- krn: required(string - pattern: ^[a-zA-Z0-9_\-/:*@.]*$)
Policy KRN.
- name: required(string - pattern: ^[a-zA-Z0-9_\-]*$)
Name of the policy.
- description: required(string)
Policy description.
- type: required(one of identity, resource)
Policy type.
- origin: required(string)
Policy origin.
- version: required(string)
Policy version.
- statements: required(array of Statement)
Policy statements.
Items: Statement
- actions: required(array of )
Action list.
- resources: required(array of )
Resource list.
- principals: optional (array of )
Principal list.
- description: optional (string)
Description of the statement.
- effect: required(one of allow, deny)
Principal effect.
- actions: required(array of )
- id: required(string)
Example:
{
"data": {
"id": "a3JuOmlhbTprYWE6OnVzZXIvam9zZXBobW9yZ2FuLXJlc291cmNlIg==",
"krn": "krn:iam:kaa::user/josephmorgan",
"name": "krn:iam:kaa::user/josephmorgan",
"description": "Individual resource policy",
"type": "resource",
"origin": "api",
"version": "1.0.0",
"statements": [
{
"actions": [
"*"
],
"resources": [
"krn:iam:kaa::user/josephmorgan"
],
"principals": [
"krn:iam:kaa::user/admin@example.com"
],
"effect": "allow"
},
{
"actions": [
"iam:user:read",
"iam:user:update"
],
"resources": [
"krn:iam:kaa::user/josephmorgan"
],
"principals": [
"krn:iam:kaa::user/josephmorgan"
],
"effect": "allow"
}
]
}
}
HTTP status code 400
Invalid request.
HTTP status code 401
Request is not authenticated.
HTTP status code 403
Principal does not have sufficient permissions to perform this operation.
Secured by IAM
Headers
- Authorization: optional (string)
Used to send a valid JWT access token. Example: "Authorization: Bearer 'access_token'" where 'access_token' must be replaced by a valid JWT access token. This header is needed only if API authentication is enabled for the service. The service authorizes resource access using the Kaa IAM.
put /users/me/policy
Updates currently authenticated user's resource policy.
- iam:me:update
- iam:me:policy:update
IAM supports JWT access tokens for authenticating and authorizing all API requests.
Body
Media type: application/json
Type: object
Properties
- statements: required(array of ResourcePolicyUpdateData)
List of statements.
Items: ResourcePolicyUpdateData
- actions: required(array of )
List of actions that specified.
- principals: required(array of )
List of principals that specified.
- description: optional (string)
Description of the statement.
- effect: required(string)
Principal effect.
- actions: required(array of )
Example:
{
"statements":[
{
"actions":[
"*"
],
"principals":[
"krn:iam:kaa::user/admin@example.com"
],
"effect":"allow",
"description":"Allow admin@example.com user on all actions"
},
{
"actions":[
"iam:user:read",
"iam:user:update"
],
"principals":[
"krn:iam:kaa:;user/josephmorgan"
],
"description":"Allow josephmorgan user on read and update actions",
"effect":"allow"
},
{
"actions":[
"iam:user:*"
],
"principals":[
"krn:iam:kaa::user/patricia"
],
"description":"Allow patricia all user on actions",
"effect":"allow"
}
]
}
HTTP status code 204
Successfully updated resource policy.
HTTP status code 400
Invalid request.
HTTP status code 401
Request is not authenticated.
HTTP status code 403
Principal does not have sufficient permissions to perform this operation.
Secured by IAM
Headers
- Authorization: optional (string)
Used to send a valid JWT access token. Example: "Authorization: Bearer 'access_token'" where 'access_token' must be replaced by a valid JWT access token. This header is needed only if API authentication is enabled for the service. The service authorizes resource access using the Kaa IAM.
get /users/{userID}
Retrieves a specific user.
- iam:user:read
IAM supports JWT access tokens for authenticating and authorizing all API requests.
URI Parameters
- userID: required(string)
User ID.
Example:
a3JuOmlhbTprYWE6dXNlci90ZXN0cGF0aC90c3Nzc2VzM3Qz
HTTP status code 200
The user is successfully retrieved.
Body
Media type: application/json
Type: object
Properties
- data: required(object)
- id: required(string)
User ID.
- keycloakID: required(string)
User keycloakID.
- created: required(datetime)
User creation date.
- updated: required(datetime)
User update date.
- tenantID: required(string)
Tenant ID that user belongs to.
- email: optional (string - pattern: ^[a-z0-9]+[\._]?[a-z0-9]+[@][a-z]+[.][a-z]{2,3}$)
User's email.
- username: required(string - pattern: ^[a-zA-Z0-9_\-@.]*$)
Username.
- enabled: required(boolean)
Whether the user is enabled or not.
- path: optional (string)
User's path that is used in KRN.
- defaultGroup: optional (string)
User's default group.
- krn: required(string - pattern: ^[a-zA-Z0-9_\-/:*@.]*$)
User's KRN.
- id: required(string)
Example:
{
"data": {
"id": "a3JuOmlhbTprYWE6OnVzZXIvam9zZXBobW9yZ2Fu",
"keycloakID": "054b6a1a-3cb1-489b-a6ef-0579bdf3e275",
"created": "2021-10-18T11:08:09.4919Z",
"updated": "2021-10-18T11:08:09.4919Z",
"tenantID": "kaa",
"email": "josephmorgan@gmail.com",
"enabled": true,
"firstName": "Joseph",
"lastName": "Morgan",
"username": "josephmorgan",
"krn": "krn:iam:kaa::user/josephmorgan",
"path": "/"
}
}
HTTP status code 401
Request is not authenticated.
HTTP status code 403
Principal does not have sufficient permissions to perform this operation.
Secured by IAM
Headers
- Authorization: optional (string)
Used to send a valid JWT access token. Example: "Authorization: Bearer 'access_token'" where 'access_token' must be replaced by a valid JWT access token. This header is needed only if API authentication is enabled for the service. The service authorizes resource access using the Kaa IAM.
put /users/{userID}
Updates specific user.
- iam:user:update
IAM supports JWT access tokens for authenticating and authorizing all API requests.
URI Parameters
- userID: required(string)
User ID.
Example:
a3JuOmlhbTprYWE6dXNlci90ZXN0cGF0aC90c3Nzc2VzM3Qz
Body
Media type: application/json
Type: object
Properties
- email: optional (string - pattern: ^[a-z0-9]+[\._]?[a-z0-9]+[@][a-z]+[.][a-z]{2,3}$)
User's email.
- firstName: optional (string)
User's first name.
- lastName: optional (string)
User's last name.
- defaultGroup: optional (string)
User's default group.
- enabled: optional (boolean)
Whether the user is enabled or not.
Example:
{
"firstName": "MorganUpdated",
"lastName": "JosephUpdated",
"email": "josephm@gmail.com",
"enabled": true
}
HTTP status code 204
The user is successfully updated.
HTTP status code 400
Invalid request.
HTTP status code 401
Request is not authenticated.
HTTP status code 403
Principal does not have sufficient permissions to perform this operation.
Secured by IAM
Headers
- Authorization: optional (string)
Used to send a valid JWT access token. Example: "Authorization: Bearer 'access_token'" where 'access_token' must be replaced by a valid JWT access token. This header is needed only if API authentication is enabled for the service. The service authorizes resource access using the Kaa IAM.
delete /users/{userID}
Deletes a specific user.
- iam:user:delete
IAM supports JWT access tokens for authenticating and authorizing all API requests.
URI Parameters
- userID: required(string)
User ID.
Example:
a3JuOmlhbTprYWE6dXNlci90ZXN0cGF0aC90c3Nzc2VzM3Qz
HTTP status code 204
The user is successfully deleted.
HTTP status code 400
Invalid request.
HTTP status code 401
Request is not authenticated.
HTTP status code 403
Principal does not have sufficient permissions to perform this operation.
Secured by IAM
Headers
- Authorization: optional (string)
Used to send a valid JWT access token. Example: "Authorization: Bearer 'access_token'" where 'access_token' must be replaced by a valid JWT access token. This header is needed only if API authentication is enabled for the service. The service authorizes resource access using the Kaa IAM.
get /users/{userID}/attributes
Retrieves a specific user attributes.
- iam:user:read
URI Parameters
- userID: required(string)
User ID.
Example:
a3JuOmlhbTprYWE6dXNlci90ZXN0cGF0aC90c3Nzc2VzM3Qz
HTTP status code 200
User attributes are successfully retrieved.
Body
Media type: application/json
Type: json
Content:
{
"required":true,
"type":"object",
"properties":{
"data":{
"required":true,
"type":"array",
"items":[
{
"required":true,
"type":"string"
}
]
}
}
}
Example:
{
"data": {
"lastLogin": [
"23.11.2021"
],
"path": [
"/testpath"
],
"userInfo": [
"Micheal",
"Mark"
]
}
}
HTTP status code 401
Request is not authenticated.
HTTP status code 403
Principal does not have sufficient permissions to perform this operation.
Secured by
put /users/{userID}/attributes
Updates a specific user attributes.
- iam:user:update
URI Parameters
- userID: required(string)
User ID.
Example:
a3JuOmlhbTprYWE6dXNlci90ZXN0cGF0aC90c3Nzc2VzM3Qz
Body
Media type: application/json
Type: json
Content:
{
"required":true,
"type":"object",
"properties":{
"attributes":{
"required":true,
"type":"array",
"items":[
{
"required":true,
"type":"string"
}
]
}
}
}
Example:
{
"attributes": {
"lastLogin": [
"23.11.2021"
],
"userInfo": [
"Micheal",
"Mark"
]
}
}
HTTP status code 204
User attributes are successfully updated.
HTTP status code 400
Invalid request.
HTTP status code 401
Request is not authenticated.
HTTP status code 403
Principal does not have sufficient permissions to perform this operation.
Secured by
/users/{userID}/password/change post
post /users/{userID}/password/change
Changes the user's password.
- iam:user:update
IAM supports JWT access tokens for authenticating and authorizing all API requests.
URI Parameters
- userID: required(string)
User ID.
Example:
a3JuOmlhbTprYWE6dXNlci90ZXN0cGF0aC90c3Nzc2VzM3Qz
Body
Media type: application/json
Type: object
Properties
- oldPassword: required(string)
User's old password.
- newPassword: required(string)
User's new password.
- confirmPassword: required(string)
User's new password confirmation.
Example:
{
"oldPassword": "YesYkYKpLd6n3dVZ",
"newPassword": "KPJ9KP33afQqG7ke",
"confirmPassword": "KPJ9KP33afQqG7ke"
}
HTTP status code 204
The user's password is successfully changed.
HTTP status code 400
Invalid request.
HTTP status code 401
Request is not authenticated.
HTTP status code 403
Principal does not have sufficient permissions to perform this operation.
Secured by IAM
Headers
- Authorization: optional (string)
Used to send a valid JWT access token. Example: "Authorization: Bearer 'access_token'" where 'access_token' must be replaced by a valid JWT access token. This header is needed only if API authentication is enabled for the service. The service authorizes resource access using the Kaa IAM.
/users/{userID}/password/reset post
post /users/{userID}/password/reset
Reset the user's password.
- iam:user:update
IAM supports JWT access tokens for authenticating and authorizing all API requests.
URI Parameters
- userID: required(string)
User ID.
Example:
a3JuOmlhbTprYWE6dXNlci90ZXN0cGF0aC90c3Nzc2VzM3Qz
Body
Media type: application/json
Type: object
Properties
- newPassword: required(string)
User's new password.
- confirmPassword: required(string)
User's new password confirmation.
Example:
{
"newPassword": "hh8VkeHymc3j8NYJ",
"confirmPassword": "hh8VkeHymc3j8NYJ"
}
HTTP status code 204
User password is successfully reset.
HTTP status code 400
Invalid request.
HTTP status code 401
Request is not authenticated.
HTTP status code 403
Principal does not have sufficient permissions to perform this operation.
Secured by IAM
Headers
- Authorization: optional (string)
Used to send a valid JWT access token. Example: "Authorization: Bearer 'access_token'" where 'access_token' must be replaced by a valid JWT access token. This header is needed only if API authentication is enabled for the service. The service authorizes resource access using the Kaa IAM.
/users/{userID}/groups get
get /users/{userID}/groups
Get membership groups.
- iam:group:read
IAM supports JWT access tokens for authenticating and authorizing all API requests.
URI Parameters
- userID: required(string)
User ID.
Example:
a3JuOmlhbTprYWE6dXNlci90ZXN0cGF0aC90c3Nzc2VzM3Qz
Query Parameters
- page: optional (number - default: 1)
Page number.
Example:
1
- pageSize: optional (number - default: 10)
Page size.
Example:
10
- sort: optional (string - default: id)
Sorting field.
Example:
name
- sortOrder: optional (one of asc, desc - default: desc)
Sort order.
Example:
asc
HTTP status code 200
Membership groups are successfully retrieved.
Body
Media type: application/json
Type: object
Properties
- data: required(array of Group)
Items: Group
- id: required(string)
Group ID.
- tenantID: required(string)
Tenant ID of the group.
- name: required(string - pattern: ^[a-zA-Z0-9_\-@.]*$)
Group name.
- displayName: required(string)
Group display name.
- path: required(string)
Group path.
- krn: required(string - pattern: ^[a-zA-Z0-9_\-/:*@.]*$)
Group KRN.
- created: required(datetime)
Group registration date in ISO 8601 format (UTC timezone).
- updated: required(datetime)
Group last update date in ISO 8601 format (UTC timezone).
- id: required(string)
- count: required(integer)
Total amount of users.
- page: required(integer)
Page number.
- pageSize: required(integer)
Total returned elements.
Example:
{
"data": [
{
"id": "a3JuOmlhbTprYWE6Omdyb3VwL0Zvbw==",
"created": "2021-10-18T14:34:57.286561+04:00",
"updated": "2021-10-18T14:34:57.286561+04:00",
"tenantID": "kaa",
"name": "Foo",
"path": "/Foo",
"krn": "krn:iam:kaa::group/Foo"
}
],
"count": 1,
"page": 1,
"pageSize": 10
}
HTTP status code 400
Invalid request.
HTTP status code 401
Request is not authenticated.
HTTP status code 403
Principal does not have sufficient permissions to perform this operation.
Secured by IAM
Headers
- Authorization: optional (string)
Used to send a valid JWT access token. Example: "Authorization: Bearer 'access_token'" where 'access_token' must be replaced by a valid JWT access token. This header is needed only if API authentication is enabled for the service. The service authorizes resource access using the Kaa IAM.
/users/{userID}/groups/add post
post /users/{userID}/groups/add
Adds the user to groups.
- iam:group:user:add
- iam:user:group:add
IAM supports JWT access tokens for authenticating and authorizing all API requests.
URI Parameters
- userID: required(string)
User ID.
Example:
a3JuOmlhbTprYWE6dXNlci90ZXN0cGF0aC90c3Nzc2VzM3Qz
Body
Media type: application/json
Type: object
Properties
- groupIDs: required(string)
Group IDs.
Example:
{
"groupIDs": [
"a3JuOmlhbTprYWE6Omdyb3VwL2Jvbw=="
]
}
HTTP status code 200
User is successfully added to groups.
Body
Media type: application/json
Type: object
Properties
- data: required(object)
- id: required(string)
User ID.
- keycloakID: required(string)
User keycloakID.
- created: required(datetime)
User creation date.
- updated: required(datetime)
User update date.
- tenantID: required(string)
Tenant ID that user belongs to.
- email: optional (string - pattern: ^[a-z0-9]+[\._]?[a-z0-9]+[@][a-z]+[.][a-z]{2,3}$)
User's email.
- username: required(string - pattern: ^[a-zA-Z0-9_\-@.]*$)
Username.
- enabled: required(boolean)
Whether the user is enabled or not.
- path: required(string)
User's path that is used in KRN.
- krn: required(string - pattern: ^[a-zA-Z0-9_\-/:*@.]*$)
User's KRN.
- groups: required(array of )
Groups that the user is assigned to.
- id: required(string)
Example:
{
"data": {
"id": "a3JuOmlhbTprYWE6OnVzZXIvam9zZXBobW9yZ2Fu",
"keycloakID":"0b63d362-9bb0-442d-8104-61cc1abfffcf",
"created": "2021-10-18T11:08:09.4919Z",
"updated": "2021-10-18T11:55:48.367213Z",
"tenantID": "kaa",
"email": "josephm@gmail.com",
"enabled": true,
"firstName": "MorganUpdated",
"lastName": "JosephUpdated",
"username": "josephmorgan",
"krn": "krn:iam:kaa::user/josephmorgan",
"path": "/",
"groups": [
"a3JuOmlhbTprYWE6Omdyb3VwL0Jvbw=="
]
}
}
HTTP status code 400
Invalid request.
HTTP status code 401
Request is not authenticated.
HTTP status code 403
Principal does not have sufficient permissions to perform this operation.
Secured by IAM
Headers
- Authorization: optional (string)
Used to send a valid JWT access token. Example: "Authorization: Bearer 'access_token'" where 'access_token' must be replaced by a valid JWT access token. This header is needed only if API authentication is enabled for the service. The service authorizes resource access using the Kaa IAM.
/users/{userID}/groups/remove post
post /users/{userID}/groups/remove
Removes the user from groups.
- iam:group:user:remove
- iam:user:group:remove
IAM supports JWT access tokens for authenticating and authorizing all API requests.
URI Parameters
- userID: required(string)
User ID.
Example:
a3JuOmlhbTprYWE6dXNlci90ZXN0cGF0aC90c3Nzc2VzM3Qz
Body
Media type: application/json
Type: object
Properties
- groupIDs: required(string)
Group IDs.
Example:
{
"groupIDs": [
"a3JuOmlhbTprYWE6Omdyb3VwL2Jvbw=="
]
}
HTTP status code 204
User is successfully removed from groups.
HTTP status code 400
Invalid request.
HTTP status code 401
Request is not authenticated.
HTTP status code 403
Principal does not have sufficient permissions to perform this operation.
Secured by IAM
Headers
- Authorization: optional (string)
Used to send a valid JWT access token. Example: "Authorization: Bearer 'access_token'" where 'access_token' must be replaced by a valid JWT access token. This header is needed only if API authentication is enabled for the service. The service authorizes resource access using the Kaa IAM.
/users/{userID}/policies get
get /users/{userID}/policies
Returns policies that user is attached to.
- iam:user:read
- iam:user:policy:read
IAM supports JWT access tokens for authenticating and authorizing all API requests.
URI Parameters
- userID: required(string)
User ID.
Example:
a3JuOmlhbTprYWE6dXNlci90ZXN0cGF0aC90c3Nzc2VzM3Qz
HTTP status code 200
Policies that user is attached to are successfully retrieved.
Body
Media type: application/json
Type: object
Properties
- data: required(array of Policy)
Policy list.
Items: Policy
- id: required(string)
Policy ID.
- krn: required(string - pattern: ^[a-zA-Z0-9_\-/:*@.]*$)
Policy KRN.
- name: required(string - pattern: ^[a-zA-Z0-9_\-]*$)
Name of the policy.
- description: required(string)
Policy description.
- type: required(one of identity, resource)
Policy type.
- origin: required(string)
Policy origin.
- version: required(string)
Policy version.
- statements: required(array of Statement)
Policy statements.
Items: Statement
- actions: required(array of )
Action list.
- resources: required(array of )
Resource list.
- principals: optional (array of )
Principal list.
- description: optional (string)
Description of the statement.
- effect: required(one of allow, deny)
Principal effect.
- actions: required(array of )
- id: required(string)
- pit: required(string)
Pit number.
- sort: required(string)
Sort type.
Example:
{
"data": [
{
"id": "a3JuOmlhbTprYWE6OnBvbGljeS9BZG1pbl91c2VyX3JlYWQ=",
"krn": "krn:iam:kaa::policy/Admin_user_read",
"name": "Admin_user_read",
"description": "Allow user to read admin user",
"type": "identity",
"origin": "api",
"version": "1.0.0",
"statements": [
{
"actions": [
"iam:user:read"
],
"resources": [
"krn:iam:kaa::user/admin@example.com"
],
"principals": [
"krn:iam:kaa::user/admin@example.com",
"krn:iam:kaa::user/john",
"krn:iam:kaa::user/org1/john",
"krn:iam:kaa::user/josephmorgan"
],
"description": "Allow user read action on list of principals",
"effect": "allow"
}
]
}
],
"pit": "g-azAwIHa2FhLWlhbRZJdG1kUzlRdVR3YWJaSUE3UEhMTG9RABZzakJqZnhpZVFvMjZITWhXcVRrT2tRAAAAAAAAAEMqFjlOZzk0Yk1iUkVxM0RreGp6cjFLZ0EAB2thYS1pYW0WSXRtZFM5UXVUd2FiWklBN1BITExvUQEWWWF3LW9ma3FRQ21fU3FsT2NDdzluUQAAAAAAAABAXRYzSmk0MnpLYlFWRzNya1I1cy0xdE1nAAEWSXRtZFM5UXVUd2FiWklBN1BITExvUQAA",
"sort": "[\"allow\",\"krn:iam:kaa:user/admin@example.com\",\"a3JuOmlhbTprYWE6cG9saWN5L0FkbWluX3VzZXJfcmVhZA==\",4294967308]"
}
HTTP status code 400
Invalid request.
HTTP status code 401
Request is not authenticated.
HTTP status code 403
Principal does not have sufficient permissions to perform this operation.
Secured by IAM
Headers
- Authorization: optional (string)
Used to send a valid JWT access token. Example: "Authorization: Bearer 'access_token'" where 'access_token' must be replaced by a valid JWT access token. This header is needed only if API authentication is enabled for the service. The service authorizes resource access using the Kaa IAM.
/users/{userID}/policies/eligible get
get /users/{userID}/policies/eligible
Returns policies that the user is eligible to be attached to.
- iam:user:read
- iam:user:policy:read
IAM supports JWT access tokens for authenticating and authorizing all API requests.
URI Parameters
- userID: required(string)
User ID.
Example:
a3JuOmlhbTprYWE6dXNlci90ZXN0cGF0aC90c3Nzc2VzM3Qz
HTTP status code 200
Body
Media type: application/json
Type: object
Properties
- data: required(array of Policy)
Policy list.
Items: Policy
- id: required(string)
Policy ID.
- krn: required(string - pattern: ^[a-zA-Z0-9_\-/:*@.]*$)
Policy KRN.
- name: required(string - pattern: ^[a-zA-Z0-9_\-]*$)
Name of the policy.
- description: required(string)
Policy description.
- type: required(one of identity, resource)
Policy type.
- origin: required(string)
Policy origin.
- version: required(string)
Policy version.
- statements: required(array of Statement)
Policy statements.
Items: Statement
- actions: required(array of )
Action list.
- resources: required(array of )
Resource list.
- principals: optional (array of )
Principal list.
- description: optional (string)
Description of the statement.
- effect: required(one of allow, deny)
Principal effect.
- actions: required(array of )
- id: required(string)
- pit: required(string)
Pit number.
- sort: required(string)
Sort type.
Example:
{
"data": [
{
"id": "a3JuOmlhbTo6a2FhOnBvbGljeS9hZG1pbi1hY2Nlc3M=",
"krn": "krn:iam::kaa:policy/admin-access",
"name": "admin-access",
"type": "identity",
"description": "admin access policy",
"origin": "api",
"version": "1.0.0",
"statements": [
{
"actions": [
"*"
],
"resources": [
"krn:iam:kaa:*"
],
"principals": [
"krn:iam:kaa::user/admin@example.com",
"krn:iam:kaa::user/org1/rayan",
"krn:iam:kaa::group/org1"
],
"effect": "allow"
}
]
},
{
"id": "a3JuOmlhbTprYWE6OnBvbGljeS9uZXctcG9sLWZpbmFs",
"krn": "krn:iam:kaa::policy/new-pol-final",
"name": "new-pol-final",
"type": "identity",
"origin": "api",
"version": "1.0.0",
"statements": [
{
"actions": [
"*"
],
"resources": [
"krn:iam::kaa:*"
],
"principals": [
"krn:iam:kaa::user/admin@example.com",
"krn:iam:kaa::user/org1/rayan"
],
"effect": "allow"
}
]
},
{
"id": "a3JuOmlhbTprYWE6OnBvbGljeS9uZXctdGVzdC1wb2w=",
"krn": "krn:iam:kaa::policy/new-test-pol",
"name": "new-test-pol",
"type": "identity",
"origin": "api",
"version": "1.0.0",
"statements": [
{
"actions": [
"*"
],
"resources": [
"krn:iam:kaa:*"
],
"principals": [
"krn:iam:kaa::user/admin@example.com"
],
"effect": "allow"
}
]
},
{
"id": "a3JuOmlhbTprYWE6OnBvbGljeS91c2Vycy1yZWFkb25seQ==",
"krn": "krn:iam:kaa::policy/users-readonly",
"name": "users-readonly",
"type": "identity",
"origin": "api",
"version": "1.0.0",
"statements": [
{
"actions": [
"iam:user:read"
],
"resources": [
"krn:iam:kaa::user/*"
],
"principals": [
"krn:iam:kaa::user/admin@example.com"
],
"effect": "allow"
},
{
"actions": [
"*"
],
"resources": [
"krn:iam:kaa::policy/*"
],
"principals": [
"krn:iam:kaa::user/admin@example.com"
],
"effect": "allow"
}
]
}
],
"pit": "g-azAwIHa2FhLWlhbRZJdG1kUzlRdVR3YWJaSUE3UEhMTG9RABZzakJqZnhpZVFvMjZITWhXcVRrT2tRAAAAAAAAAENIFjlOZzk0Yk1iUkVxM0RreGp6cjFLZ0EAB2thYS1pYW0WSXRtZFM5UXVUd2FiWklBN1BITExvUQEWSjlwWWxWdEZTUWluSllmZmVkZUMzZwAAAAAAAACjEBZjdDRNcjhXSlRObXZJeVEydTctVHVnAAEWSXRtZFM5UXVUd2FiWklBN1BITExvUQAA",
"sort": "[\"allow\",\"krn:iam:kaa:policy/*\",\"a3JuOmlhbTprYWE6cG9saWN5L3VzZXJzLXJlYWRvbmx5\",17]"
}
HTTP status code 400
Invalid request.
HTTP status code 401
Request is not authenticated.
HTTP status code 403
Principal does not have sufficient permissions to perform this operation.
Secured by IAM
Headers
- Authorization: optional (string)
Used to send a valid JWT access token. Example: "Authorization: Bearer 'access_token'" where 'access_token' must be replaced by a valid JWT access token. This header is needed only if API authentication is enabled for the service. The service authorizes resource access using the Kaa IAM.
/users/{userID}/policies/attach post
post /users/{userID}/policies/attach
Attaches user to policies.
- iam:user:policy:attach
IAM supports JWT access tokens for authenticating and authorizing all API requests.
URI Parameters
- userID: required(string)
User ID.
Example:
a3JuOmlhbTprYWE6dXNlci90ZXN0cGF0aC90c3Nzc2VzM3Qz
Body
Media type: application/json
Type: object
Properties
- policyIDs: required(array of )
Policy IDs.
Example:
{
"policyIDs": [
"a3JuOmlhbTprYWE6OnBvbGljeS9Hcm91cC1wb2xpY3k="
]
}
HTTP status code 204
The user is successfully attached to the policies.
HTTP status code 400
Invalid request.
HTTP status code 401
Request is not authenticated.
HTTP status code 403
Principal does not have sufficient permissions to perform this operation.
Secured by IAM
Headers
- Authorization: optional (string)
Used to send a valid JWT access token. Example: "Authorization: Bearer 'access_token'" where 'access_token' must be replaced by a valid JWT access token. This header is needed only if API authentication is enabled for the service. The service authorizes resource access using the Kaa IAM.
/users/{userID}/policies/detach post
post /users/{userID}/policies/detach
Detaches user from policies.
- iam:user:policy:attach
IAM supports JWT access tokens for authenticating and authorizing all API requests.
URI Parameters
- userID: required(string)
User ID.
Example:
a3JuOmlhbTprYWE6dXNlci90ZXN0cGF0aC90c3Nzc2VzM3Qz
Body
Media type: application/json
Type: object
Properties
- policyIDs: required(array of )
Policy IDs.
Example:
{
"policyIDs": [
"a3JuOmlhbTprYWE6OnBvbGljeS9Hcm91cC1wb2xpY3k="
]
}
HTTP status code 204
The user is successfully detached from the policies.
HTTP status code 400
Invalid request.
HTTP status code 401
Request is not authenticated.
HTTP status code 403
Principal does not have sufficient permissions to perform this operation.
Secured by IAM
Headers
- Authorization: optional (string)
Used to send a valid JWT access token. Example: "Authorization: Bearer 'access_token'" where 'access_token' must be replaced by a valid JWT access token. This header is needed only if API authentication is enabled for the service. The service authorizes resource access using the Kaa IAM.
get /users/{userID}/policy
Get user resource policy.
- iam:user:policy:read
IAM supports JWT access tokens for authenticating and authorizing all API requests.
URI Parameters
- userID: required(string)
User ID.
Example:
a3JuOmlhbTprYWE6dXNlci90ZXN0cGF0aC90c3Nzc2VzM3Qz
HTTP status code 200
Body
Media type: application/json
Type: object
Properties
- data: required(object)
- id: required(string)
Policy ID.
- krn: required(string - pattern: ^[a-zA-Z0-9_\-/:*@.]*$)
Policy KRN.
- name: required(string - pattern: ^[a-zA-Z0-9_\-]*$)
Name of the policy.
- description: required(string)
Policy description.
- type: required(one of identity, resource)
Policy type.
- origin: required(string)
Policy origin.
- version: required(string)
Policy version.
- statements: required(array of Statement)
Policy statements.
Items: Statement
- actions: required(array of )
Action list.
- resources: required(array of )
Resource list.
- principals: optional (array of )
Principal list.
- description: optional (string)
Description of the statement.
- effect: required(one of allow, deny)
Principal effect.
- actions: required(array of )
- id: required(string)
Example:
{
"data": {
"id": "a3JuOmlhbTprYWE6OnVzZXIvam9zZXBobW9yZ2FuLXJlc291cmNlIg==",
"krn": "krn:iam:kaa::user/josephmorgan",
"name": "krn:iam:kaa::user/josephmorgan",
"description": "Individual resource policy",
"type": "resource",
"origin": "api",
"version": "1.0.0",
"statements": [
{
"actions": [
"*"
],
"resources": [
"krn:iam:kaa::user/josephmorgan"
],
"principals": [
"krn:iam:kaa::user/admin@example.com"
],
"effect": "allow"
},
{
"actions": [
"iam:user:read",
"iam:user:update"
],
"resources": [
"krn:iam:kaa::user/josephmorgan"
],
"principals": [
"krn:iam:kaa::user/josephmorgan"
],
"effect": "allow"
}
]
}
}
HTTP status code 400
Invalid request.
HTTP status code 401
Request is not authenticated.
HTTP status code 403
Principal does not have sufficient permissions to perform this operation.
Secured by IAM
Headers
- Authorization: optional (string)
Used to send a valid JWT access token. Example: "Authorization: Bearer 'access_token'" where 'access_token' must be replaced by a valid JWT access token. This header is needed only if API authentication is enabled for the service. The service authorizes resource access using the Kaa IAM.
put /users/{userID}/policy
Updates resource policy of the user.
- iam:group:policy:update
IAM supports JWT access tokens for authenticating and authorizing all API requests.
URI Parameters
- userID: required(string)
User ID.
Example:
a3JuOmlhbTprYWE6dXNlci90ZXN0cGF0aC90c3Nzc2VzM3Qz
Body
Media type: application/json
Type: object
Properties
- statements: required(array of ResourcePolicyUpdateData)
List of statements.
Items: ResourcePolicyUpdateData
- actions: required(array of )
List of actions that specified.
- principals: required(array of )
List of principals that specified.
- description: optional (string)
Description of the statement.
- effect: required(string)
Principal effect.
- actions: required(array of )
Example:
{
"statements":[
{
"actions":[
"*"
],
"principals":[
"krn:iam:kaa::user/admin@example.com"
],
"effect":"allow",
"description":"Allow admin@example.com user on all actions"
},
{
"actions":[
"iam:user:read",
"iam:user:update"
],
"principals":[
"krn:iam:kaa:;user/josephmorgan"
],
"description":"Allow josephmorgan user on read and update actions",
"effect":"allow"
},
{
"actions":[
"iam:user:*"
],
"principals":[
"krn:iam:kaa::user/patricia"
],
"description":"Allow patricia all user on actions",
"effect":"allow"
}
]
}
HTTP status code 204
Successfully updated resource policy.
HTTP status code 400
Invalid request.
HTTP status code 401
Request is not authenticated.
HTTP status code 403
Principal does not have sufficient permissions to perform this operation.
Secured by IAM
Headers
- Authorization: optional (string)
Used to send a valid JWT access token. Example: "Authorization: Bearer 'access_token'" where 'access_token' must be replaced by a valid JWT access token. This header is needed only if API authentication is enabled for the service. The service authorizes resource access using the Kaa IAM.
Groups
Operations on groups.
post /groups
Creates a new group.
- iam:group:create
IAM supports JWT access tokens for authenticating and authorizing all API requests.
Body
Media type: application/json
Type: object
Properties
- name: required(string - pattern: ^[a-zA-Z0-9_\-@.]*$)
Group name.
- displayName: optional (string)
Group display name.
- parentID: optional (string)
ID of the parent group.
- users: optional (array of )
User IDs that will be added to the group.
- policyIDs: optional (array of )
Policy IDs that that will be attached to the group.
Example:
{
"name": "boo",
"displayName": "boo group",
"parentID": "a3JuOmlhbTprYWE6Omdyb3VwL0Zvbw==",
"users": [
"a3JuOmlhbTprYWE6OnVzZXIvZWR3YXJk"
],
"policyIDs": [
"a3JuOmlhbTprYWE6OnBvbGljeS9BZG1pbl91c2VyX3JlYWQ="
]
}
HTTP status code 201
Group is successfully created.
Body
Media type: application/json
Type: object
Properties
- data: required(object)
- id: required(string)
Group ID.
- tenantID: required(string)
Tenant ID of the group.
- name: required(string - pattern: ^[a-zA-Z0-9_\-@.]*$)
Group name.
- displayName: required(string)
Group display name.
- path: required(string)
Group path.
- krn: required(string - pattern: ^[a-zA-Z0-9_\-/:*@.]*$)
Group KRN.
- created: required(datetime)
Group registration date in ISO 8601 format (UTC timezone).
- updated: required(datetime)
Group last update date in ISO 8601 format (UTC timezone).
- id: required(string)
Example:
{
"data": {
"id": "a3JuOmlhbTprYWE6Omdyb3VwL0Zvby9ib28=",
"created": "2021-10-18T12:27:15.55267632Z",
"updated": "2021-10-18T12:27:15.55267632Z",
"tenantID": "kaa",
"name": "boo",
"displayName": "boo group",
"path": "/Foo/boo",
"krn": "krn:iam:kaa::group/Foo/boo"
}
}
HTTP status code 400
Invalid request.
HTTP status code 401
Request is not authenticated.
HTTP status code 403
Principal does not have sufficient permissions to perform this operation.
Secured by IAM
Headers
- Authorization: optional (string)
Used to send a valid JWT access token. Example: "Authorization: Bearer 'access_token'" where 'access_token' must be replaced by a valid JWT access token. This header is needed only if API authentication is enabled for the service. The service authorizes resource access using the Kaa IAM.
get /groups
Returns group list.
- iam:group:read
IAM supports JWT access tokens for authenticating and authorizing all API requests.
Query Parameters
- page: optional (number - default: 1)
Page number.
Example:
1
- pageSize: optional (number - default: 10)
Page size.
Example:
10
- sort: optional (string - default: id)
Sorting field.
Example:
name
- sortOrder: optional (one of asc, desc - default: desc)
Sort order.
Example:
asc
HTTP status code 200
Groups are successfully retrieved.
Body
Media type: application/json
Type: object
Properties
- data: required(array of Group)
Items: Group
- id: required(string)
Group ID.
- tenantID: required(string)
Tenant ID of the group.
- name: required(string - pattern: ^[a-zA-Z0-9_\-@.]*$)
Group name.
- displayName: required(string)
Group display name.
- path: required(string)
Group path.
- krn: required(string - pattern: ^[a-zA-Z0-9_\-/:*@.]*$)
Group KRN.
- created: required(datetime)
Group registration date in ISO 8601 format (UTC timezone).
- updated: required(datetime)
Group last update date in ISO 8601 format (UTC timezone).
- id: required(string)
- count: required(integer)
Total amount of groups.
- page: required(integer)
Page number.
- pageSize: required(integer)
Page size.
Example:
{
"data": [
{
"id": "a3JuOmlhbTprYWE6Omdyb3VwL2dyb3VwMS9ncm91cDI=",
"created": "2021-10-15T10:49:23.00967Z",
"updated": "2021-10-15T10:49:23.00967Z",
"tenantID": "kaa",
"name": "group2",
"displayName": "group2",
"path": "/group1/group2",
"krn": "krn:iam:kaa::group/group1/group2"
},
{
"id": "a3JuOmlhbTprYWE6Omdyb3VwL29yZzE=",
"created": "2021-10-15T09:58:43.037383Z",
"updated": "2021-10-15T09:58:43.037383Z",
"tenantID": "kaa",
"name": "org1",
"displayName": "organization 1",
"path": "/org1",
"krn": "krn:iam:kaa::group/org1"
},
{
"id": "a3JuOmlhbTprYWE6Omdyb3VwL2dyb3VwMS9ncm91cDIvZ3JvdXAyLTM=",
"created": "2021-10-15T14:57:49.898256Z",
"updated": "2021-10-15T14:57:49.898256Z",
"tenantID": "kaa",
"name": "group2-3",
"displayName": "group 2-3",
"path": "/group1/group2/group2-3",
"krn": "krn:iam:kaa::group/group1/group2/group2-3"
},
{
"id": "a3JuOmlhbTprYWE6Omdyb3VwL0Zvby9ib28=",
"created": "2021-10-18T12:27:15.552676Z",
"updated": "2021-10-18T12:27:15.552676Z",
"tenantID": "kaa",
"name": "boo",
"displayName": "boo group",
"path": "/Foo/boo",
"krn": "krn:iam:kaa::group/Foo/boo"
},
{
"id": "a3JuOmlhbTprYWE6Omdyb3VwL2Jvbw==",
"created": "2021-10-18T12:24:43.692049Z",
"updated": "2021-10-18T12:24:43.692049Z",
"tenantID": "kaa",
"name": "boo",
"displayName": "boo group",
"path": "/boo",
"krn": "krn:iam:kaa::group/boo"
},
{
"id": "a3JuOmlhbTprYWE6Omdyb3VwL2dyb3VwMS9ncm91cDItMQ==",
"created": "2021-10-15T10:50:16.532018Z",
"updated": "2021-10-15T10:50:16.532018Z",
"tenantID": "kaa",
"name": "group2-1",
"displayName": "organization 2-1",
"path": "/group1/group2-1",
"krn": "krn:iam:kaa::group/group1/group2-1"
},
{
"id": "a3JuOmlhbTprYWE6Omdyb3VwL0Jvbw==",
"created": "2021-10-18T11:59:50.222882Z",
"updated": "2021-10-18T11:59:50.222882Z",
"tenantID": "kaa",
"name": "Boo",
"displayName": "organization boo",
"path": "/Boo",
"krn": "krn:iam:kaa::group/Boo"
},
{
"id": "ImtybjppYW06a2FhOjpncm91cC9Gb28=",
"created": "2021-10-18T10:02:07.04474Z",
"updated": "2021-10-18T10:02:07.04474Z",
"tenantID": "kaa",
"name": "Foo",
"displayName": "organization Foo",
"path": "/Foo",
"krn": "krn:iam:kaa::group/Foo"
},
{
"id": "a3JuOmlhbTprYWE6Omdyb3VwL29yZzEvYm9v",
"created": "2021-10-18T12:25:59.595453Z",
"updated": "2021-10-18T12:25:59.595453Z",
"tenantID": "kaa",
"name": "boo",
"displayName": "boo",
"path": "/org1/boo",
"krn": "krn:iam:kaa::group/org1/boo"
},
{
"id": "a3JuOmlhbTprYWE6Omdyb3VwL2dyb3VwMQ==",
"created": "2021-10-15T10:49:04.079399Z",
"updated": "2021-10-15T10:49:04.079399Z",
"tenantID": "kaa",
"name": "group1",
"displayName": "group1",
"path": "/group1",
"krn": "krn:iam:kaa::group/group1"
}
],
"count": 11,
"page": 1,
"pageSize": 10
}
HTTP status code 400
Invalid request.
HTTP status code 401
Request is not authenticated.
HTTP status code 403
Principal does not have sufficient permissions to perform this operation.
Secured by IAM
Headers
- Authorization: optional (string)
Used to send a valid JWT access token. Example: "Authorization: Bearer 'access_token'" where 'access_token' must be replaced by a valid JWT access token. This header is needed only if API authentication is enabled for the service. The service authorizes resource access using the Kaa IAM.
/groups/delete post
post /groups/delete
Bulk group delete.
- iam:group:delete
IAM supports JWT access tokens for authenticating and authorizing all API requests.
Body
Media type: application/json
Type: object
Properties
- groupIDs: required(string)
Group IDs.
Example:
{
"groupIDs": [
"a3JuOmlhbTprYWE6Omdyb3VwL2Jvbw=="
]
}
HTTP status code 204
Groups successfully deleted.
HTTP status code 400
Invalid request.
HTTP status code 401
Request is not authenticated.
HTTP status code 403
Principal does not have sufficient permissions to perform this operation.
Secured by IAM
Headers
- Authorization: optional (string)
Used to send a valid JWT access token. Example: "Authorization: Bearer 'access_token'" where 'access_token' must be replaced by a valid JWT access token. This header is needed only if API authentication is enabled for the service. The service authorizes resource access using the Kaa IAM.
get /groups/{groupID}
Returns group information.
- iam:group:read
IAM supports JWT access tokens for authenticating and authorizing all API requests.
URI Parameters
- groupID: required(string)
Group ID.
Example:
a3JuOmlhbTprYWE6Z3JvdXAvY2FsaWZvcm5pYQo=
HTTP status code 200
Group successfully retrieved.
Body
Media type: application/json
Type: object
Properties
- data: required(object)
- id: required(string)
Group ID.
- tenantID: required(string)
Tenant ID of the group.
- name: required(string - pattern: ^[a-zA-Z0-9_\-@.]*$)
Group name.
- displayName: required(string)
Group display name.
- path: required(string)
Group path.
- krn: required(string - pattern: ^[a-zA-Z0-9_\-/:*@.]*$)
Group KRN.
- created: required(datetime)
Group registration date in ISO 8601 format (UTC timezone).
- updated: required(datetime)
Group last update date in ISO 8601 format (UTC timezone).
- id: required(string)
Example:
{
"data": {
"id": "a3JuOmlhbTprYWE6Omdyb3VwL0Zvby9ib28=",
"created": "2021-10-18T12:27:15.55267632Z",
"updated": "2021-10-18T12:27:15.55267632Z",
"tenantID": "kaa",
"name": "boo",
"displayName": "boo group",
"path": "/Foo/boo",
"krn": "krn:iam:kaa::group/Foo/boo"
}
}
HTTP status code 401
Request is not authenticated.
HTTP status code 403
Principal does not have sufficient permissions to perform this operation.
Secured by IAM
Headers
- Authorization: optional (string)
Used to send a valid JWT access token. Example: "Authorization: Bearer 'access_token'" where 'access_token' must be replaced by a valid JWT access token. This header is needed only if API authentication is enabled for the service. The service authorizes resource access using the Kaa IAM.
put /groups/{groupID}
Update group display name.
- iam:group:udpate
IAM supports JWT access tokens for authenticating and authorizing all API requests.
URI Parameters
- groupID: required(string)
Group ID.
Example:
a3JuOmlhbTprYWE6Z3JvdXAvY2FsaWZvcm5pYQo=
Body
Media type: application/json
Type: object
Properties
- displayName: required(string)
Example:
{
"displayName": "updated org1"
}
HTTP status code 204
Group display name successfully updated.
HTTP status code 400
Invalid request.
HTTP status code 401
Request is not authenticated.
HTTP status code 403
Principal does not have sufficient permissions to perform this operation.
Secured by IAM
Headers
- Authorization: optional (string)
Used to send a valid JWT access token. Example: "Authorization: Bearer 'access_token'" where 'access_token' must be replaced by a valid JWT access token. This header is needed only if API authentication is enabled for the service. The service authorizes resource access using the Kaa IAM.
delete /groups/{groupID}
Deletes a single group.
- iam:group:delete
IAM supports JWT access tokens for authenticating and authorizing all API requests.
URI Parameters
- groupID: required(string)
Group ID.
Example:
a3JuOmlhbTprYWE6Z3JvdXAvY2FsaWZvcm5pYQo=
HTTP status code 204
Group is successfully deleted.
HTTP status code 401
Request is not authenticated.
HTTP status code 403
Principal does not have sufficient permissions to perform this operation.
Secured by IAM
Headers
- Authorization: optional (string)
Used to send a valid JWT access token. Example: "Authorization: Bearer 'access_token'" where 'access_token' must be replaced by a valid JWT access token. This header is needed only if API authentication is enabled for the service. The service authorizes resource access using the Kaa IAM.
/groups/{groupID}/members get
get /groups/{groupID}/members
Returns group members.
- iam:group:user:read
IAM supports JWT access tokens for authenticating and authorizing all API requests.
URI Parameters
- groupID: required(string)
Group ID.
Example:
a3JuOmlhbTprYWE6Z3JvdXAvY2FsaWZvcm5pYQo=
Query Parameters
- page: optional (number - default: 1)
Page number.
Example:
1
- pageSize: optional (number - default: 10)
Page size.
Example:
10
- sort: optional (string - default: id)
Sorting field.
Example:
name
- sortOrder: optional (one of asc, desc - default: desc)
Sort order.
Example:
asc
HTTP status code 200
Members are successfully retrieved.
Body
Media type: application/json
Type: object
Properties
- data: required(array of RetrieveUser)
List of group members.
Items: RetrieveUser
- id: required(string)
User ID.
- keycloakID: required(string)
User keycloakID.
- created: required(datetime)
User creation date.
- updated: required(datetime)
User update date.
- tenantID: required(string)
Tenant ID that user belongs to.
- email: optional (string - pattern: ^[a-z0-9]+[\._]?[a-z0-9]+[@][a-z]+[.][a-z]{2,3}$)
User's email.
- username: required(string - pattern: ^[a-zA-Z0-9_\-@.]*$)
Username.
- enabled: required(boolean)
Whether the user is enabled or not.
- path: optional (string)
User's path that is used in KRN.
- defaultGroup: optional (string)
User's default group.
- krn: required(string - pattern: ^[a-zA-Z0-9_\-/:*@.]*$)
User's KRN.
- id: required(string)
- count: required(integer)
Total amount of users.
- page: required(integer)
Page number.
- pageSize: required(integer)
Total returned elements.
Example:
{
"data": [
{
"id": "a3JuOmlhbTprYWE6OnVzZXIvZWR3YXJk",
"keycloakID":"9c19cd39-ffb4-4bae-a72d-01fbd7e6ec72",
"created": "2021-10-15T09:58:17.989254Z",
"updated": "2021-10-15T09:58:17.989254Z",
"tenantID": "kaa",
"email": "edward@gmail.com",
"enabled": true,
"firstName": "Edward",
"lastName": "Davidson",
"username": "edward@mail.com",
"krn": "krn:iam:kaa::user/edward",
"path": "/"
}
],
"count": 1,
"page": 1,
"pageSize": 10
}
HTTP status code 401
Request is not authenticated.
HTTP status code 403
Principal does not have sufficient permissions to perform this operation.
Secured by IAM
Headers
- Authorization: optional (string)
Used to send a valid JWT access token. Example: "Authorization: Bearer 'access_token'" where 'access_token' must be replaced by a valid JWT access token. This header is needed only if API authentication is enabled for the service. The service authorizes resource access using the Kaa IAM.
/groups/{groupID}/members/eligible get
get /groups/{groupID}/members/eligible
Returns eligible group members.
- iam:group:user:read
IAM supports JWT access tokens for authenticating and authorizing all API requests.
URI Parameters
- groupID: required(string)
Group ID.
Example:
a3JuOmlhbTprYWE6Z3JvdXAvY2FsaWZvcm5pYQo=
Query Parameters
- page: optional (number - default: 1)
Page number.
Example:
1
- pageSize: optional (number - default: 10)
Page size.
Example:
10
- sort: optional (string - default: id)
Sorting field.
Example:
name
- sortOrder: optional (one of asc, desc - default: desc)
Sort order.
Example:
asc
- email: optional (string)
Filter user by email.
Example:
josephmorgan@gmail.com
- path: optional (string)
Filter user by path.
Example:
/org1
HTTP status code 200
Eligible group members are successfully retrieved.
Body
Media type: application/json
Type: object
Properties
- data: required(array of RetrieveUser)
List of group members.
Items: RetrieveUser
- id: required(string)
User ID.
- keycloakID: required(string)
User keycloakID.
- created: required(datetime)
User creation date.
- updated: required(datetime)
User update date.
- tenantID: required(string)
Tenant ID that user belongs to.
- email: optional (string - pattern: ^[a-z0-9]+[\._]?[a-z0-9]+[@][a-z]+[.][a-z]{2,3}$)
User's email.
- username: required(string - pattern: ^[a-zA-Z0-9_\-@.]*$)
Username.
- enabled: required(boolean)
Whether the user is enabled or not.
- path: optional (string)
User's path that is used in KRN.
- defaultGroup: optional (string)
User's default group.
- krn: required(string - pattern: ^[a-zA-Z0-9_\-/:*@.]*$)
User's KRN.
- id: required(string)
- count: required(integer)
Total amount of users.
- page: required(integer)
Page number.
- pageSize: required(integer)
Total returned elements.
Example:
{
"data": [
{
"id": "a3JuOmlhbTprYWE6OnVzZXIvam9zZXBobW9yZ2Fu",
"keycloakID": "22178aa8-5c89-4862-919c-de0b9ad056c5",
"created": "2021-10-18T11:08:09.4919Z",
"updated": "2021-10-18T11:55:48.367213Z",
"tenantID": "kaa",
"email": "josephm@gmail.com",
"enabled": true,
"firstName": "MorganUpdated",
"lastName": "JosephUpdated",
"username": "josephmorgan",
"krn": "krn:iam:kaa::user/josephmorgan",
"path": "/"
}
],
"count": 1,
"page": 0,
"pageSize": 10
}
HTTP status code 401
Request is not authenticated.
HTTP status code 403
Principal does not have sufficient permissions to perform this operation.
Secured by IAM
Headers
- Authorization: optional (string)
Used to send a valid JWT access token. Example: "Authorization: Bearer 'access_token'" where 'access_token' must be replaced by a valid JWT access token. This header is needed only if API authentication is enabled for the service. The service authorizes resource access using the Kaa IAM.
/groups/{groupID}/members/add post
post /groups/{groupID}/members/add
Adds users to a group.
- iam:group:user:add
- iam:user:group:add
IAM supports JWT access tokens for authenticating and authorizing all API requests.
URI Parameters
- groupID: required(string)
Group ID.
Example:
a3JuOmlhbTprYWE6Z3JvdXAvY2FsaWZvcm5pYQo=
Body
Media type: application/json
Type: object
Properties
- userIDs: required(array of )
User IDs to be added to the group.
Example:
{
"userIDs": [
"a3JuOmlhbTprYWE6OnVzZXIvam9zZXBobW9yZ2Fu"
]
}
HTTP status code 204
Users are successfully added.
HTTP status code 400
Invalid request.
HTTP status code 401
Request is not authenticated.
HTTP status code 403
Principal does not have sufficient permissions to perform this operation.
Secured by IAM
Headers
- Authorization: optional (string)
Used to send a valid JWT access token. Example: "Authorization: Bearer 'access_token'" where 'access_token' must be replaced by a valid JWT access token. This header is needed only if API authentication is enabled for the service. The service authorizes resource access using the Kaa IAM.
/groups/{groupID}/members/remove post
post /groups/{groupID}/members/remove
Removes users from a group.
- iam:group:user:remove
- iam:user:group:remove
IAM supports JWT access tokens for authenticating and authorizing all API requests.
URI Parameters
- groupID: required(string)
Group ID.
Example:
a3JuOmlhbTprYWE6Z3JvdXAvY2FsaWZvcm5pYQo=
Body
Media type: application/json
Type: object
Properties
- userIDs: required(array of )
User IDs to be removed from the group.
Example:
{
"userIDs": [
"a3JuOmlhbTprYWE6OnVzZXIvam9zZXBobW9yZ2Fu"
]
}
HTTP status code 204
Users are successfully removed.
HTTP status code 400
Invalid request.
HTTP status code 401
Request is not authenticated.
HTTP status code 403
Principal does not have sufficient permissions to perform this operation.
Secured by IAM
Headers
- Authorization: optional (string)
Used to send a valid JWT access token. Example: "Authorization: Bearer 'access_token'" where 'access_token' must be replaced by a valid JWT access token. This header is needed only if API authentication is enabled for the service. The service authorizes resource access using the Kaa IAM.
/groups/{groupID}/policies get
get /groups/{groupID}/policies
Gets group policies.
- iam:group:read
- iam:group:policy:read
IAM supports JWT access tokens for authenticating and authorizing all API requests.
URI Parameters
- groupID: required(string)
Group ID.
Example:
a3JuOmlhbTprYWE6Z3JvdXAvY2FsaWZvcm5pYQo=
HTTP status code 200
Group policies are successfully retrived.
Body
Media type: application/json
Type: object
Properties
- data: required(array of Policy)
Policy list.
Items: Policy
- id: required(string)
Policy ID.
- krn: required(string - pattern: ^[a-zA-Z0-9_\-/:*@.]*$)
Policy KRN.
- name: required(string - pattern: ^[a-zA-Z0-9_\-]*$)
Name of the policy.
- description: required(string)
Policy description.
- type: required(one of identity, resource)
Policy type.
- origin: required(string)
Policy origin.
- version: required(string)
Policy version.
- statements: required(array of Statement)
Policy statements.
Items: Statement
- actions: required(array of )
Action list.
- resources: required(array of )
Resource list.
- principals: optional (array of )
Principal list.
- description: optional (string)
Description of the statement.
- effect: required(one of allow, deny)
Principal effect.
- actions: required(array of )
- id: required(string)
- pit: required(string)
Pit number.
- sort: required(string)
Sort type.
Example:
{
"data": [
{
"id": "a3JuOmlhbTprYWE6OnBvbGljeS9BZG1pbl91c2VyX3JlYWQi",
"krn": "krn:iam:kaa::policy/Admin_user_read",
"name": "Admin_user_read",
"description": "Allow user to read admin user",
"type": "identity",
"origin": "api",
"version": "1.0.0",
"statements": [
{
"actions": [
"iam:group:*"
],
"resources": [
"krn:iam:kaa::user/admin@example.com"
],
"principals": [
"krn:iam:kaa::user/admin@example.com",
"krn:iam:kaa::user/john",
"krn:iam:kaa::user/org1/john",
"krn:iam:kaa::user/path/caro",
"krn:iam:kaa::user/josephmorgan",
"krn:iam:kaa::group/boo",
"krn:iam:kaa::group/org1/boo",
"krn:iam:kaa::group/Foo/boo"
],
"effect": "allow"
}
]
}
],
"pit": "g-azAwIHa2FhLWlhbRZJdG1kUzlRdVR3YWJaSUE3UEhMTG9RABZzakJqZnhpZVFvMjZITWhXcVRrT2tRAAAAAAAAAEP2FjlOZzk0Yk1iUkVxM0RreGp6cjFLZ0EAB2thYS1pYW0WSXRtZFM5UXVUd2FiWklBN1BITExvUQEWSjlwWWxWdEZTUWluSllmZmVkZUMzZwAAAAAAAACj8RZjdDRNcjhXSlRObXZJeVEydTctVHVnAAEWSXRtZFM5UXVUd2FiWklBN1BITExvUQAA",
"sort": "[\"allow\",\"krn:iam:kaa:user/admin@example.com\",\"a3JuOmlhbTprYWE6cG9saWN5L0FkbWluX3VzZXJfcmVhZA==\",4294967311]"
}
HTTP status code 401
Request is not authenticated.
HTTP status code 403
Principal does not have sufficient permissions to perform this operation.
Secured by IAM
Headers
- Authorization: optional (string)
Used to send a valid JWT access token. Example: "Authorization: Bearer 'access_token'" where 'access_token' must be replaced by a valid JWT access token. This header is needed only if API authentication is enabled for the service. The service authorizes resource access using the Kaa IAM.
/groups/{groupID}/policies/eligible get
get /groups/{groupID}/policies/eligible
Gets eligible group policies.
- iam:group:read
- iam:group:policy:read
IAM supports JWT access tokens for authenticating and authorizing all API requests.
URI Parameters
- groupID: required(string)
Group ID.
Example:
a3JuOmlhbTprYWE6Z3JvdXAvY2FsaWZvcm5pYQo=
HTTP status code 200
Eligible group policies are successfully retrived.
Body
Media type: application/json
Type: object
Properties
- data: required(array of Policy)
Policy list.
Items: Policy
- id: required(string)
Policy ID.
- krn: required(string - pattern: ^[a-zA-Z0-9_\-/:*@.]*$)
Policy KRN.
- name: required(string - pattern: ^[a-zA-Z0-9_\-]*$)
Name of the policy.
- description: required(string)
Policy description.
- type: required(one of identity, resource)
Policy type.
- origin: required(string)
Policy origin.
- version: required(string)
Policy version.
- statements: required(array of Statement)
Policy statements.
Items: Statement
- actions: required(array of )
Action list.
- resources: required(array of )
Resource list.
- principals: optional (array of )
Principal list.
- description: optional (string)
Description of the statement.
- effect: required(one of allow, deny)
Principal effect.
- actions: required(array of )
- id: required(string)
- pit: required(string)
Pit number.
- sort: required(string)
Sort type.
Example:
{
"data": [
{
"id": "a3JuOmlhbTprYWE6OnBvbGljeS9hZG1pbi1hY2Nlc3M=",
"krn": "krn:iam:kaa::policy/admin-access",
"name": "admin-access",
"type": "identity",
"origin": "api",
"version": "1.0.0",
"statements": [
{
"actions": [
"*"
],
"resources": [
"krn:iam:kaa:*"
],
"principals": [
"krn:iam:kaa::user/admin@example.com",
"krn:iam:kaa::user/Hi/test2",
"krn:iam:kaa::group/org1"
],
"effect": "allow"
}
]
},
{
"id": "a3JuOmlhbTprYWE6OnBvbGljeS9uZXctcG9sLWZpbmFs",
"krn": "krn:iam:kaa::policy/new-pol-final",
"name": "new-pol-final",
"type": "identity",
"origin": "api",
"version": "1.0.0",
"statements": [
{
"actions": [
"*"
],
"resources": [
"krn:iam:kaa:*"
],
"principals": [
"krn:iam:kaa::user/admin@example.com",
"krn:iam:kaa::user/Hui/test2",
"krn:iam:kaa::user/josephmorgan"
],
"effect": "allow"
}
]
},
{
"id": "a3JuOmlhbTprYWE6OnBvbGljeS9uZXctdGVzdC1wb2w=",
"krn": "krn:iam:kaa::policy/new-test-pol",
"name": "new-test-pol",
"type": "identity",
"origin": "api",
"version": "1.0.0",
"statements": [
{
"actions": [
"*"
],
"resources": [
"krn:iam:kaa:*"
],
"principals": [
"krn:iam:kaa::user/admin@example.com"
],
"effect": "allow"
}
]
},
{
"id": "a3JuOmlhbTprYWE6OnBvbGljeS91c2Vycy1yZWFkb25seQ==",
"krn": "krn:iam:kaa::policy/users-readonly",
"name": "users-readonly",
"type": "identity",
"origin": "api",
"version": "1.0.0",
"statements": [
{
"actions": [
"iam:user:read"
],
"resources": [
"krn:iam:kaa::user/*"
],
"principals": [
"krn:iam:kaa::user/admin@example.com"
],
"effect": "allow"
},
{
"actions": [
"*"
],
"resources": [
"krn:iam:kaa::policy/*"
],
"principals": [
"krn:iam:kaa::user/admin@example.com"
],
"effect": "allow"
}
]
}
],
"pit": "g-azAwIHa2FhLWlhbRZJdG1kUzlRdVR3YWJaSUE3UEhMTG9RABZKOXBZbFZ0RlNRaW5KWWZmZWRlQzNnAAAAAAAAAKRvFmN0NE1yOFdKVE5tdkl5UTJ1Ny1UdWcAB2thYS1pYW0WSXRtZFM5UXVUd2FiWklBN1BITExvUQEWWWF3LW9ma3FRQ21fU3FsT2NDdzluUQAAAAAAAABBHhYzSmk0MnpLYlFWRzNya1I1cy0xdE1nAAEWSXRtZFM5UXVUd2FiWklBN1BITExvUQAA",
"sort": "[\"allow\",\"krn:iam:kaa:policy/*\",\"a3JuOmlhbTprYWE6cG9saWN5L3Jvb3QtcG9saWN5\",2]"
}
HTTP status code 401
Request is not authenticated.
HTTP status code 403
Principal does not have sufficient permissions to perform this operation.
Secured by IAM
Headers
- Authorization: optional (string)
Used to send a valid JWT access token. Example: "Authorization: Bearer 'access_token'" where 'access_token' must be replaced by a valid JWT access token. This header is needed only if API authentication is enabled for the service. The service authorizes resource access using the Kaa IAM.
/groups/{groupID}/policies/attach post
post /groups/{groupID}/policies/attach
Attaches policies to a group.
- iam:group:policy:attach
IAM supports JWT access tokens for authenticating and authorizing all API requests.
URI Parameters
- groupID: required(string)
Group ID.
Example:
a3JuOmlhbTprYWE6Z3JvdXAvY2FsaWZvcm5pYQo=
Body
Media type: application/json
Type: object
Properties
- policyIDs: required(array of )
Policy IDs.
Example:
{
"policyIDs": [
"a3JuOmlhbTprYWE6OnBvbGljeS9Hcm91cC1wb2xpY3k="
]
}
HTTP status code 204
Group is successfully attached to policies.
HTTP status code 400
Invalid request.
HTTP status code 401
Request is not authenticated.
HTTP status code 403
Principal does not have sufficient permissions to perform this operation.
Secured by IAM
Headers
- Authorization: optional (string)
Used to send a valid JWT access token. Example: "Authorization: Bearer 'access_token'" where 'access_token' must be replaced by a valid JWT access token. This header is needed only if API authentication is enabled for the service. The service authorizes resource access using the Kaa IAM.
/groups/{groupID}/policies/detach post
post /groups/{groupID}/policies/detach
Detaches policies from a group.
- iam:group:policy:attach
IAM supports JWT access tokens for authenticating and authorizing all API requests.
URI Parameters
- groupID: required(string)
Group ID.
Example:
a3JuOmlhbTprYWE6Z3JvdXAvY2FsaWZvcm5pYQo=
Body
Media type: application/json
Type: object
Properties
- policyIDs: required(array of )
Policy IDs.
Example:
{
"policyIDs": [
"a3JuOmlhbTprYWE6OnBvbGljeS9Hcm91cC1wb2xpY3k="
]
}
HTTP status code 204
Group is successfully detached from policies.
HTTP status code 400
Invalid request.
HTTP status code 401
Request is not authenticated.
HTTP status code 403
Principal does not have sufficient permissions to perform this operation.
Secured by IAM
Headers
- Authorization: optional (string)
Used to send a valid JWT access token. Example: "Authorization: Bearer 'access_token'" where 'access_token' must be replaced by a valid JWT access token. This header is needed only if API authentication is enabled for the service. The service authorizes resource access using the Kaa IAM.
get /groups/{groupID}/policy
Gets group's resource policies.
- iam:group:policy:read
IAM supports JWT access tokens for authenticating and authorizing all API requests.
URI Parameters
- groupID: required(string)
Group ID.
Example:
a3JuOmlhbTprYWE6Z3JvdXAvY2FsaWZvcm5pYQo=
HTTP status code 200
Successfully retrived group resource policies.
Body
Media type: application/json
Type: object
Properties
- data: required(object)
- id: required(string)
Policy ID.
- krn: required(string - pattern: ^[a-zA-Z0-9_\-/:*@.]*$)
Policy KRN.
- name: required(string - pattern: ^[a-zA-Z0-9_\-]*$)
Name of the policy.
- description: required(string)
Policy description.
- type: required(one of identity, resource)
Policy type.
- origin: required(string)
Policy origin.
- version: required(string)
Policy version.
- statements: required(array of Statement)
Policy statements.
Items: Statement
- actions: required(array of )
Action list.
- resources: required(array of )
Resource list.
- principals: optional (array of )
Principal list.
- description: optional (string)
Description of the statement.
- effect: required(one of allow, deny)
Principal effect.
- actions: required(array of )
- id: required(string)
Example:
{
"data": {
"id": "a3JuOmlhbTprYWE6Omdyb3VwL0Zvby9ib28=",
"krn": "krn:iam:kaa::group/Foo/boo",
"name": "krn:iam:kaa::group/Foo/boo",
"description": "Individual resource policy",
"type": "resource",
"origin": "api",
"version": "1.0.0",
"statements": [
{
"actions": [
"iam:group:read",
"iam:group:delete"
],
"resources": [
"krn:iam:kaa::group/Foo/boo"
],
"principals": [
"krn:iam:kaa::user/josephmorgan"
],
"description": "Allow principals josephmorgan to read and delete Foo/boo",
"effect": "allow"
},
{
"actions": [
"iam:group:read"
],
"resources": [
"krn:iam:kaa::group/Foo/boo"
],
"principals": [
"krn:iam:kaa::group/Foo/boo"
],
"description": "Allow principals Foo/boo to read resource group/Foo/boo",
"effect": "allow"
}
]
}
}
HTTP status code 401
Request is not authenticated.
HTTP status code 403
Principal does not have sufficient permissions to perform this operation.
Secured by IAM
Headers
- Authorization: optional (string)
Used to send a valid JWT access token. Example: "Authorization: Bearer 'access_token'" where 'access_token' must be replaced by a valid JWT access token. This header is needed only if API authentication is enabled for the service. The service authorizes resource access using the Kaa IAM.
put /groups/{groupID}/policy
Updates resource policy of the group.
- iam:group:policy:update
IAM supports JWT access tokens for authenticating and authorizing all API requests.
URI Parameters
- groupID: required(string)
Group ID.
Example:
a3JuOmlhbTprYWE6Z3JvdXAvY2FsaWZvcm5pYQo=
Body
Media type: application/json
Type: object
Properties
- statements: required(array of ResourcePolicyUpdateData)
List of statements.
Items: ResourcePolicyUpdateData
- actions: required(array of )
List of actions that specified.
- principals: required(array of )
List of principals that specified.
- description: optional (string)
Description of the statement.
- effect: required(string)
Principal effect.
- actions: required(array of )
Example:
{
"statements":[
{
"actions":[
"*"
],
"principals":[
"krn:iam:kaa::user/josephmorgan"
],
"description": "Allow principals josephmorgan to do all",
"effect":"allow"
},
{
"actions":[
"iam:group:read"
],
"principals":[
"krn:iam:kaa::group/Foo/boo"
],
"description": "Allow principals Foo/boo to read",
"effect":"allow"
},
{
"actions":[
"iam:group:*"
],
"principals":[
"krn:iam:kaa::user/patricia"
],
"description": "Allow patricia all on group action",
"effect":"allow"
}
]
}
HTTP status code 204
Successfully updated group resource policies.
HTTP status code 400
Invalid request.
HTTP status code 401
Request is not authenticated.
HTTP status code 403
Principal does not have sufficient permissions to perform this operation.
Secured by IAM
Headers
- Authorization: optional (string)
Used to send a valid JWT access token. Example: "Authorization: Bearer 'access_token'" where 'access_token' must be replaced by a valid JWT access token. This header is needed only if API authentication is enabled for the service. The service authorizes resource access using the Kaa IAM.
Policies
Operations on policies.
post /policies
Creates policy.
- iam:policy:create
IAM supports JWT access tokens for authenticating and authorizing all API requests.
Body
Media type: application/json
Type: object
Properties
- name: required(string - pattern: ^[a-zA-Z0-9_\-]*$)
Policy name.
- description: optional (string)
Policy description.
- type: required(one of identity, resource)
Policy type.
- statements: required(array of CreatePolicyStatement)
Policy statements.
Items: CreatePolicyStatement
- actions: required(array of )
Action list.
- resources: required(array of )
Resource list.
- description: optional (string)
Description of the statement.
- role: optional (string)
Statement role identifier.
- effect: required(one of allow, deny)
Principal effect.
- actions: required(array of )
Example:
{
"name": "Allow-all-on-user1",
"description": "policy description",
"type": "identity",
"statements": [
{
"actions": [
"iam:user:*"
],
"resources": [
"krn:iam:kaa::policy/user1"
],
"effect": "allow",
"description": "Allow all on user operation at user1"
}
]
}
HTTP status code 201
Policy is successfully created.
Body
Media type: application/json
Type: object
Properties
- data: required(object)
Policy.
- id: required(string)
Policy ID.
- krn: required(string - pattern: ^[a-zA-Z0-9_\-/:*@.]*$)
Policy KRN.
- name: required(string - pattern: ^[a-zA-Z0-9_\-]*$)
Name of the policy.
- description: required(string)
Policy description.
- type: required(one of identity, resource)
Policy type.
- origin: required(string)
Policy origin.
- version: required(string)
Policy version.
- statements: required(array of Statement)
Policy statements.
Items: Statement
- actions: required(array of )
Action list.
- resources: required(array of )
Resource list.
- principals: optional (array of )
Principal list.
- description: optional (string)
Description of the statement.
- effect: required(one of allow, deny)
Principal effect.
- actions: required(array of )
- id: required(string)
Example:
{
"data": {
"id": "a3JuOmlhbTprYWE6OnBvbGljeS9BbGxvdy1hbGwtb24tdXNlcjE=",
"krn": "krn:iam:kaa::policy/Allow-all-on-user1",
"name": "Allow-all-on-user1",
"description": "Allow all on user1",
"type": "identity",
"origin": "api",
"version": "1.0.0",
"statements": [
{
"actions": [
"iam:user:*"
],
"resources": [
"krn:iam:kaa::user/user1"
],
"principals": [
"krn:iam:kaa::user/admin@example.com"
],
"effect": "allow"
}
]
}
}
HTTP status code 400
Invalid request.
HTTP status code 401
Request is not authenticated.
HTTP status code 403
Principal does not have sufficient permissions to perform this operation.
Secured by IAM
Headers
- Authorization: optional (string)
Used to send a valid JWT access token. Example: "Authorization: Bearer 'access_token'" where 'access_token' must be replaced by a valid JWT access token. This header is needed only if API authentication is enabled for the service. The service authorizes resource access using the Kaa IAM.
get /policies
Returns policies.
- iam:policy:read
IAM supports JWT access tokens for authenticating and authorizing all API requests.
Query Parameters
- page: optional (number - default: 1)
Page number.
Example:
1
- pageSize: optional (number - default: 10)
Page size.
Example:
10
- sort: optional (string - default: id)
Sorting field.
Example:
name
- sortOrder: optional (one of asc, desc - default: desc)
Sort order.
Example:
asc
HTTP status code 200
Policies are successfully retrieved.
Body
Media type: application/json
Type: object
Properties
- data: required(array of Policy)
Policy list.
Items: Policy
- id: required(string)
Policy ID.
- krn: required(string - pattern: ^[a-zA-Z0-9_\-/:*@.]*$)
Policy KRN.
- name: required(string - pattern: ^[a-zA-Z0-9_\-]*$)
Name of the policy.
- description: required(string)
Policy description.
- type: required(one of identity, resource)
Policy type.
- origin: required(string)
Policy origin.
- version: required(string)
Policy version.
- statements: required(array of Statement)
Policy statements.
Items: Statement
- actions: required(array of )
Action list.
- resources: required(array of )
Resource list.
- principals: optional (array of )
Principal list.
- description: optional (string)
Description of the statement.
- effect: required(one of allow, deny)
Principal effect.
- actions: required(array of )
- id: required(string)
- pit: required(string)
Pit number.
- sort: required(string)
Sort type.
Example:
{
"data": [
{
"id": "a3JuOmlhbTprYWE6OnBvbGljeS9BZG1pbl91c2VyX3JlYWQ=",
"krn": "krn:iam:kaa::policy/Admin_user_read",
"name": "Admin_user_read",
"description": "Allow user to read admin user",
"type": "identity",
"origin": "api",
"version": "1.0.0",
"statements": [
{
"actions": [
"iam:user:read"
],
"resources": [
"krn:iam:kaa::user/admin@example.com"
],
"principals": [
"krn:iam:kaa::user/admin@example.com",
"krn:iam:kaa::user/john",
"krn:iam:kaa::user/org1/john",
"krn:iam:kaa::user/josephmorgan"
],
"description": "Allow user read action on list of principals",
"effect": "allow"
}
]
}
],
"pit": "g-azAwIHa2FhLWlhbRZJdG1kUzlRdVR3YWJaSUE3UEhMTG9RABZzakJqZnhpZVFvMjZITWhXcVRrT2tRAAAAAAAAAEMqFjlOZzk0Yk1iUkVxM0RreGp6cjFLZ0EAB2thYS1pYW0WSXRtZFM5UXVUd2FiWklBN1BITExvUQEWWWF3LW9ma3FRQ21fU3FsT2NDdzluUQAAAAAAAABAXRYzSmk0MnpLYlFWRzNya1I1cy0xdE1nAAEWSXRtZFM5UXVUd2FiWklBN1BITExvUQAA",
"sort": "[\"allow\",\"krn:iam:kaa:user/admin@example.com\",\"a3JuOmlhbTprYWE6cG9saWN5L0FkbWluX3VzZXJfcmVhZA==\",4294967308]"
}
HTTP status code 400
Invalid request.
HTTP status code 401
Request is not authenticated.
HTTP status code 403
Principal does not have sufficient permissions to perform this operation.
Secured by IAM
Headers
- Authorization: optional (string)
Used to send a valid JWT access token. Example: "Authorization: Bearer 'access_token'" where 'access_token' must be replaced by a valid JWT access token. This header is needed only if API authentication is enabled for the service. The service authorizes resource access using the Kaa IAM.
/policies/evaluate/resources post
post /policies/evaluate/resources
Returns a subset of resources provided in the request, against which a given action is permitted.
IAM supports JWT access tokens for authenticating and authorizing all API requests.
Body
Media type: application/json
Type: object
Properties
- action: required(string - pattern: ^[a-z:*\-]*$)
Action.
- resources: required(array of )
List of resource KRNs.
Example:
{
"action": "iam:user:read",
"resources": ["krn:iam:kaa::user/admin@example.com", "krn:iam:kaa::user/morgan"]
}
HTTP status code 200
HTTP status code 400
Invalid request.
HTTP status code 401
Request is not authenticated.
HTTP status code 403
Principal does not have sufficient permissions to perform this operation.
Secured by IAM
Headers
- Authorization: optional (string)
Used to send a valid JWT access token. Example: "Authorization: Bearer 'access_token'" where 'access_token' must be replaced by a valid JWT access token. This header is needed only if API authentication is enabled for the service. The service authorizes resource access using the Kaa IAM.
/policies/evaluate/actions post
post /policies/evaluate/actions
Provides a list of all permitted actions on the resources specified in the request.
IAM supports JWT access tokens for authenticating and authorizing all API requests.
Body
Media type: application/json
Type: object
Properties
- actions: optional (array of )
List of requested actions.
- resources: required(array of )
List of resource KRNs.
Example:
{
"actions": ["iam:user:read"],
"resources": ["krn:iam:kaa:user/admin@example.com"]
}
HTTP status code 200
Evaluation results.
Body
Media type: application/json
Type: json
Content:
{
"required":true,
"type":"object",
"properties":{
"data":{
"required":true,
"type":"object",
"properties":{
"required":true,
"type":"object",
"resources":{
"required":true,
"type":"object"
}
}
},
"pit":{
"required":true,
"type":"string"
},
"sort":{
"required":true,
"type":"array"
}
}
}
Example:
{
"data": {
"resources": {
"krn:iam:kaa:user/admin@example.com": {
"allow": [
"iam:user:read",
"*"
],
"deny": null
},
"krn:iam:kaa:user/morgan": {
"allow": [
"iam:user:read",
"*"
],
"deny": null
}
}
},
"pit": "n5qzAwIHa2FhLWlhbRZkTThXa0ZIR1RVQ0pqRDgwTXZETVRRABY3QkdMZ1IxRVNZQ0NVU1pOVGhvb293AAAAAAAAAADJFkNpc2hVd3E1UWwyTDBTTEN2SUZjR3cAB2thYS1pYW0WZE04V2tGSEdUVUNKakQ4ME12RE1UUQEWN0JHTGdSMUVTWUNDVVNaTlRob29vdwAAAAAAAAAAyhZDaXNoVXdxNVFsMkwwU0xDdklGY0d3AAEWZE04V2tGSEdUVUNKakQ4ME12RE1UUQAA",
"sort": "[\"allow\",\"krn:iam:kaa:*\",\"a3JuOmlhbTprYWE6OnBvbGljeS9hZG1pbi1hY2Nlc3M=\",4]"
}
HTTP status code 400
Invalid request.
HTTP status code 401
Request is not authenticated.
HTTP status code 403
Principal does not have sufficient permissions to perform this operation.
Secured by IAM
Headers
- Authorization: optional (string)
Used to send a valid JWT access token. Example: "Authorization: Bearer 'access_token'" where 'access_token' must be replaced by a valid JWT access token. This header is needed only if API authentication is enabled for the service. The service authorizes resource access using the Kaa IAM.
get /policies/{policyID}
Returns policy information.
- iam:policy:read
IAM supports JWT access tokens for authenticating and authorizing all API requests.
URI Parameters
- policyID: required(string)
Policy ID.
Example:
a3JuOmlhbTprYWE6Z3JvdXAvY2FsaWZvcm5pYQo=
HTTP status code 200
Policy is successfully retrieved.
Body
Media type: application/json
Type: object
Properties
- data: required(object)
- id: required(string)
Policy ID.
- krn: required(string - pattern: ^[a-zA-Z0-9_\-/:*@.]*$)
Policy KRN.
- name: required(string - pattern: ^[a-zA-Z0-9_\-]*$)
Name of the policy.
- description: required(string)
Policy description.
- type: required(one of identity, resource)
Policy type.
- origin: required(string)
Policy origin.
- version: required(string)
Policy version.
- statements: required(array of Statement)
Policy statements.
Items: Statement
- actions: required(array of )
Action list.
- resources: required(array of )
Resource list.
- principals: optional (array of )
Principal list.
- description: optional (string)
Description of the statement.
- effect: required(one of allow, deny)
Principal effect.
- actions: required(array of )
- id: required(string)
Example:
{
"data": {
"id": "a3JuOmlhbTprYWE6OnBvbGljeS9wb2xpY3ktbmFtZQ==",
"name": "policy-name",
"krn": "krn:iam:kaa::policy/policy-name",
"description": "Individual resource policy",
"type": "resource",
"origin": "api",
"version": "1.0.0",
"statements": [
{
"actions": [
"iam:user:read",
"iam:user:update",
"iam:user:delete"
],
"resources": [
"krn:iam:kaa::policy/user1"
],
"principals": [
"krn:iam:kaa::user/admin@example.com"
],
"description": "Allow user actions on principal admin@example.com",
"effect": "allow"
}
]
}
}
HTTP status code 400
Invalid request.
HTTP status code 401
Request is not authenticated.
HTTP status code 403
Principal does not have sufficient permissions to perform this operation.
Secured by IAM
Headers
- Authorization: optional (string)
Used to send a valid JWT access token. Example: "Authorization: Bearer 'access_token'" where 'access_token' must be replaced by a valid JWT access token. This header is needed only if API authentication is enabled for the service. The service authorizes resource access using the Kaa IAM.
put /policies/{policyID}
Updates policy.
- iam:policy:update
IAM supports JWT access tokens for authenticating and authorizing all API requests.
URI Parameters
- policyID: required(string)
Policy ID.
Example:
a3JuOmlhbTprYWE6Z3JvdXAvY2FsaWZvcm5pYQo=
Body
Media type: application/json
Type: object
Properties
- name: required(string - pattern: ^[a-zA-Z0-9_\-]*$)
Name of the policy.
- description: required(string)
Policy description.
- type: required(one of identity, resource)
Policy type.
- statements: required(array of CreatePolicyStatement)
Policy statements.
Items: CreatePolicyStatement
- actions: required(array of )
Action list.
- resources: required(array of )
Resource list.
- description: optional (string)
Description of the statement.
- role: optional (string)
Statement role identifier.
- effect: required(one of allow, deny)
Principal effect.
- actions: required(array of )
Example:
{
"name": "policy-name",
"description": "policy description",
"type": "identity",
"statements": [
{
"actions": [
"iam:user:read",
"iam:user:update",
"iam:user:delete"
],
"resources": [
"krn:iam:kaa::policy/user1"
],
"description": "Allow all on user operation at user1",
"effect": "allow"
}
]
}
HTTP status code 204
Policy is successfully updated.
HTTP status code 400
Invalid request.
HTTP status code 401
Request is not authenticated.
HTTP status code 403
Principal does not have sufficient permissions to perform this operation.
Secured by IAM
Headers
- Authorization: optional (string)
Used to send a valid JWT access token. Example: "Authorization: Bearer 'access_token'" where 'access_token' must be replaced by a valid JWT access token. This header is needed only if API authentication is enabled for the service. The service authorizes resource access using the Kaa IAM.
delete /policies/{policyID}
Deletes policy.
- iam:policy:delete
IAM supports JWT access tokens for authenticating and authorizing all API requests.
URI Parameters
- policyID: required(string)
Policy ID.
Example:
a3JuOmlhbTprYWE6Z3JvdXAvY2FsaWZvcm5pYQo=
HTTP status code 204
Policy is successfully deleted.
HTTP status code 400
Invalid request.
HTTP status code 401
Request is not authenticated.
HTTP status code 403
Principal does not have sufficient permissions to perform this operation.
Secured by IAM
Headers
- Authorization: optional (string)
Used to send a valid JWT access token. Example: "Authorization: Bearer 'access_token'" where 'access_token' must be replaced by a valid JWT access token. This header is needed only if API authentication is enabled for the service. The service authorizes resource access using the Kaa IAM.
/policies/{policyID}/principals/attach post
post /policies/{policyID}/principals/attach
Attaches principals to a policy.
- iam:policy:attach
IAM supports JWT access tokens for authenticating and authorizing all API requests.
URI Parameters
- policyID: required(string)
Policy ID.
Example:
a3JuOmlhbTprYWE6Z3JvdXAvY2FsaWZvcm5pYQo=
Body
Media type: application/json
Type: object
Properties
- principals: required(array of )
Principal IDs.
Example:
{
"principals": [
"a3JuOmlhbTprYWE6OnVzZXIvam9zZXBobW9yZ2Fu"
]
}
HTTP status code 204
Principals are successfully attached to a policy.
HTTP status code 400
Invalid request.
HTTP status code 401
Request is not authenticated.
HTTP status code 403
Principal does not have sufficient permissions to perform this operation.
Secured by IAM
Headers
- Authorization: optional (string)
Used to send a valid JWT access token. Example: "Authorization: Bearer 'access_token'" where 'access_token' must be replaced by a valid JWT access token. This header is needed only if API authentication is enabled for the service. The service authorizes resource access using the Kaa IAM.
/policies/{policyID}/principals/detach post
post /policies/{policyID}/principals/detach
Detaches principals from a policy.
- iam:policy:detach
IAM supports JWT access tokens for authenticating and authorizing all API requests.
URI Parameters
- policyID: required(string)
Policy ID.
Example:
a3JuOmlhbTprYWE6Z3JvdXAvY2FsaWZvcm5pYQo=
Body
Media type: application/json
Type: object
Properties
- principals: required(array of )
Principal IDs.
Example:
{
"principals": [
"a3JuOmlhbTprYWE6OnVzZXIvam9zZXBobW9yZ2Fu"
]
}
HTTP status code 204
Principals are successfully detached from a policy.
HTTP status code 400
Invalid request.
HTTP status code 401
Request is not authenticated.
HTTP status code 403
Principal does not have sufficient permissions to perform this operation.
Secured by IAM
Headers
- Authorization: optional (string)
Used to send a valid JWT access token. Example: "Authorization: Bearer 'access_token'" where 'access_token' must be replaced by a valid JWT access token. This header is needed only if API authentication is enabled for the service. The service authorizes resource access using the Kaa IAM.
Migrate
Migrate users and groups from Keycloak to IAM (works when migrationEndpoints enabled in the configuration).
/tenant/migrate/users post
post /tenant/migrate/users
Asynchronous user migration from Keycloak to IAM.
IAM supports JWT access tokens for authenticating and authorizing all API requests.
Query Parameters
- tenant: optional (string)
Tenant ID.
Example:
kaa
HTTP status code 202
Migration is on the process (in case query parameter specified, will migrate for one tenant, and return taskID but without query parameters migrates for all tenants returns only status code).
Body
Media type: application/json
Type: object
Properties
- taskID: optional (string)
Task ID.
Example:
{
"taskID": "0dfe658a-a15c-407d-9c4e-95960b837cf2"
}
HTTP status code 400
Invalid request.
HTTP status code 401
Request is not authenticated.
HTTP status code 403
Principal does not have sufficient permissions to perform this operation.
Secured by IAM
Headers
- Authorization: optional (string)
Used to send a valid JWT access token. Example: "Authorization: Bearer 'access_token'" where 'access_token' must be replaced by a valid JWT access token. This header is needed only if API authentication is enabled for the service. The service authorizes resource access using the Kaa IAM.
/tenant/migrate/users/tasks get
get /tenant/migrate/users/tasks
Tasks for authenticated tenants (to provide tenant as a query parameter is only available for tenant Kaa).
IAM supports JWT access tokens for authenticating and authorizing all API requests.
Query Parameters
- page: optional (number - default: 1)
Page number.
Example:
1
- pageSize: optional (number - default: 10)
Page size.
Example:
10
- status: optional (one of InProgress, Completed, Failed)
Status of task.
Example:
Completed
- tenant: optional (string)
Tenant ID.
Example:
kaa
HTTP status code 200
Migration tasks status.
Body
Media type: application/json
Type: object
Properties
- data: required(object)
- id: optional (string)
Task ID.
- created: required(datetime)
Task creation date.
- updated: required(datetime)
Task update date.
- tenantID: required(string)
Tenant ID that user belongs to.
- status: required(one of InProgress, Completed, Failed)
Task ID.
- messages: required(object)
Message based on task status.
- errors: required(string)
Message of raised error from migration operation.
- userMigration: required(boolean)
Indicates whether it is users or groups migration.
- id: optional (string)
- page: required(string)
Page number.
- pageSize: required(string)
Page size number.
Example:
{
"data": [
{
"id": "8d530302-679f-4a31-ad55-aea8061d4081",
"created": "2021-12-10T15:26:00.540385+04:00",
"updated": "2021-12-10T15:26:07.344133+04:00",
"tenantID": "e02e0679-2de5-48af-a2f0-c650356dc739",
"status": "Completed",
"messages": null,
"errors": "",
"userMigration": true
},
{
"id": "c0d757c2-764b-433a-aa8c-0ebf6428888e",
"created": "2021-12-10T15:26:07.345959+04:00",
"updated": "2021-12-10T15:26:07.347192+04:00",
"tenantID": "a0fe5076-42ca-4c94-92f5-bc5c964045f2",
"status": "Failed",
"messages": null,
"errors": "tenant is deleted",
"userMigration": true
},
{
"id": "19189680-ac2f-4ec4-8c3f-b795c1c3277c",
"created": "2021-12-10T15:26:07.348684+04:00",
"updated": "2021-12-10T15:26:07.349952+04:00",
"tenantID": "d9300595-5720-45b7-8fc5-b118e79f9ab3",
"status": "Failed",
"messages": null,
"errors": "tenant is deleted",
"userMigration": true
},
{
"id": "aa405b40-40e0-4e0b-b90e-2f17986f6aed",
"created": "2021-12-10T15:26:07.351316+04:00",
"updated": "2021-12-10T15:26:07.352675+04:00",
"tenantID": "1ee320c5-2a17-4c25-95ba-e20214a50f49",
"status": "Failed",
"messages": null,
"errors": "tenant is deleted",
"userMigration": true
},
{
"id": "563c15c8-1382-411e-98d5-7b3efc432b57",
"created": "2021-12-10T15:26:07.354651+04:00",
"updated": "2021-12-10T15:26:07.356091+04:00",
"tenantID": "45e7d6af-4bec-43b2-b885-98ebd8e73b63",
"status": "Failed",
"messages": null,
"errors": "tenant is deleted",
"userMigration": true
},
{
"id": "c8c2b84c-270d-458e-983f-23a4c159dfc7",
"created": "2021-12-10T15:26:07.357629+04:00",
"updated": "2021-12-10T15:26:07.414962+04:00",
"tenantID": "130c79ee-150d-4a6f-8749-0302bc01d743",
"status": "Failed",
"messages": null,
"errors": "404 Not Found: Realm does not exist",
"userMigration": true
},
{
"id": "9cafd71e-a12b-4bba-94f0-21a012994357",
"created": "2021-12-10T15:26:07.419286+04:00",
"updated": "2021-12-10T15:26:07.421147+04:00",
"tenantID": "5f313fee-7337-4f70-a152-7a0c194fc1cb",
"status": "Failed",
"messages": null,
"errors": "tenant is deleted",
"userMigration": true
},
{
"id": "03184c80-e0a2-491e-aa71-c72d7cd419c8",
"created": "2021-12-10T15:26:07.424028+04:00",
"updated": "2021-12-10T15:26:07.426239+04:00",
"tenantID": "c95f1b60-4f7d-4b1e-b7b5-35c3b4f0a0f8",
"status": "Failed",
"messages": null,
"errors": "tenant is deleted",
"userMigration": true
},
{
"id": "1400930c-a369-4287-ae38-843a30d4d0cb",
"created": "2021-12-10T15:26:07.428167+04:00",
"updated": "2021-12-10T15:26:07.500517+04:00",
"tenantID": "d2fb4972-4f1e-478f-8539-ed50720a3fce",
"status": "Failed",
"messages": null,
"errors": "404 Not Found: Realm does not exist",
"userMigration": true
},
{
"id": "c63b5ce4-25cb-404f-9511-77a17b0d8ec3",
"created": "2021-12-10T16:03:16.135469+04:00",
"updated": "2021-12-10T16:03:24.465874+04:00",
"tenantID": "e02e0679-2de5-48af-a2f0-c650356dc739",
"status": "Completed",
"messages": null,
"errors": "",
"userMigration": true
}
],
"page": 1,
"pageSize": 10
}
HTTP status code 400
Invalid request.
HTTP status code 401
Request is not authenticated.
HTTP status code 403
Principal does not have sufficient permissions to perform this operation.
Secured by IAM
Headers
- Authorization: optional (string)
Used to send a valid JWT access token. Example: "Authorization: Bearer 'access_token'" where 'access_token' must be replaced by a valid JWT access token. This header is needed only if API authentication is enabled for the service. The service authorizes resource access using the Kaa IAM.
/tenant/migrate/users/tasks/{task-id} get
get /tenant/migrate/users/tasks/{task-id}
Returns tasks by its ID.
IAM supports JWT access tokens for authenticating and authorizing all API requests.
URI Parameters
- task-id: required(string)
HTTP status code 200
Migration task status by task ID.
Body
Media type: application/json
Type: object
Properties
- data: required(object)
- id: optional (string)
Task ID.
- created: required(datetime)
Task creation date.
- updated: required(datetime)
Task update date.
- tenantID: required(string)
Tenant ID that user belongs to.
- status: required(one of InProgress, Completed, Failed)
Task ID.
- messages: required(object)
Message based on task status.
- errors: required(string)
Message of raised error from migration operation.
- userMigration: required(boolean)
Indicates whether it is users or groups migration.
- id: optional (string)
Example:
{
"data":{
"id":"c63b5ce4-25cb-404f-9511-77a17b0d8ec3",
"created":"2021-12-10T16:03:16.135469+04:00",
"updated":"2021-12-10T16:03:24.465874+04:00",
"tenantID":"e02e0679-2de5-48af-a2f0-c650356dc739",
"status":"Completed",
"messages":null,
"errors":"",
"userMigration":true
}
}
HTTP status code 400
Invalid request.
HTTP status code 401
Request is not authenticated.
HTTP status code 403
Principal does not have sufficient permissions to perform this operation.
Secured by IAM
Headers
- Authorization: optional (string)
Used to send a valid JWT access token. Example: "Authorization: Bearer 'access_token'" where 'access_token' must be replaced by a valid JWT access token. This header is needed only if API authentication is enabled for the service. The service authorizes resource access using the Kaa IAM.
/tenant/migrate/groups post
post /tenant/migrate/groups
Asynchronous groups migration from Keycloak to IAM.
IAM supports JWT access tokens for authenticating and authorizing all API requests.
Query Parameters
- tenant: optional (string)
Tenant ID.
Example:
kaa
HTTP status code 202
Migration is on the process (in case query parameter specified, will migrate for one tenant, and return taskID but without query parameters migrates for all tenants returns only status code).
Body
Media type: application/json
Type: object
Properties
- taskID: optional (string)
Task ID.
Example:
{
"taskID": "0dfe658a-a15c-407d-9c4e-95960b837cf2"
}
HTTP status code 400
Invalid request.
HTTP status code 401
Request is not authenticated.
HTTP status code 403
Principal does not have sufficient permissions to perform this operation.
Secured by IAM
Headers
- Authorization: optional (string)
Used to send a valid JWT access token. Example: "Authorization: Bearer 'access_token'" where 'access_token' must be replaced by a valid JWT access token. This header is needed only if API authentication is enabled for the service. The service authorizes resource access using the Kaa IAM.
/tenant/migrate/groups/tasks get
get /tenant/migrate/groups/tasks
Tasks for authenticated tenants (to provide tenant as a query parameter is only available for tenant Kaa).
IAM supports JWT access tokens for authenticating and authorizing all API requests.
Query Parameters
- page: optional (number - default: 1)
Page number.
Example:
1
- pageSize: optional (number - default: 10)
Page size.
Example:
10
- status: optional (one of InProgress, Completed, Failed)
Status of task.
Example:
Completed
- tenant: optional (string)
Tenant ID.
Example:
kaa
HTTP status code 200
Migration tasks status.
Body
Media type: application/json
Type: object
Properties
- data: required(object)
- id: optional (string)
Task ID.
- created: required(datetime)
Task creation date.
- updated: required(datetime)
Task update date.
- tenantID: required(string)
Tenant ID that user belongs to.
- status: required(one of InProgress, Completed, Failed)
Task ID.
- messages: required(object)
Message based on task status.
- errors: required(string)
Message of raised error from migration operation.
- userMigration: required(boolean)
Indicates whether it is users or groups migration.
- id: optional (string)
- page: required(string)
Page number.
- pageSize: required(string)
Page size number.
Example:
{
"data": [
{
"id": "8d530302-679f-4a31-ad55-aea8061d4081",
"created": "2021-12-10T15:26:00.540385+04:00",
"updated": "2021-12-10T15:26:07.344133+04:00",
"tenantID": "e02e0679-2de5-48af-a2f0-c650356dc739",
"status": "Completed",
"messages": null,
"errors": "",
"userMigration": true
},
{
"id": "c0d757c2-764b-433a-aa8c-0ebf6428888e",
"created": "2021-12-10T15:26:07.345959+04:00",
"updated": "2021-12-10T15:26:07.347192+04:00",
"tenantID": "a0fe5076-42ca-4c94-92f5-bc5c964045f2",
"status": "Failed",
"messages": null,
"errors": "tenant is deleted",
"userMigration": true
},
{
"id": "19189680-ac2f-4ec4-8c3f-b795c1c3277c",
"created": "2021-12-10T15:26:07.348684+04:00",
"updated": "2021-12-10T15:26:07.349952+04:00",
"tenantID": "d9300595-5720-45b7-8fc5-b118e79f9ab3",
"status": "Failed",
"messages": null,
"errors": "tenant is deleted",
"userMigration": true
},
{
"id": "aa405b40-40e0-4e0b-b90e-2f17986f6aed",
"created": "2021-12-10T15:26:07.351316+04:00",
"updated": "2021-12-10T15:26:07.352675+04:00",
"tenantID": "1ee320c5-2a17-4c25-95ba-e20214a50f49",
"status": "Failed",
"messages": null,
"errors": "tenant is deleted",
"userMigration": true
},
{
"id": "563c15c8-1382-411e-98d5-7b3efc432b57",
"created": "2021-12-10T15:26:07.354651+04:00",
"updated": "2021-12-10T15:26:07.356091+04:00",
"tenantID": "45e7d6af-4bec-43b2-b885-98ebd8e73b63",
"status": "Failed",
"messages": null,
"errors": "tenant is deleted",
"userMigration": true
},
{
"id": "c8c2b84c-270d-458e-983f-23a4c159dfc7",
"created": "2021-12-10T15:26:07.357629+04:00",
"updated": "2021-12-10T15:26:07.414962+04:00",
"tenantID": "130c79ee-150d-4a6f-8749-0302bc01d743",
"status": "Failed",
"messages": null,
"errors": "404 Not Found: Realm does not exist",
"userMigration": true
},
{
"id": "9cafd71e-a12b-4bba-94f0-21a012994357",
"created": "2021-12-10T15:26:07.419286+04:00",
"updated": "2021-12-10T15:26:07.421147+04:00",
"tenantID": "5f313fee-7337-4f70-a152-7a0c194fc1cb",
"status": "Failed",
"messages": null,
"errors": "tenant is deleted",
"userMigration": true
},
{
"id": "03184c80-e0a2-491e-aa71-c72d7cd419c8",
"created": "2021-12-10T15:26:07.424028+04:00",
"updated": "2021-12-10T15:26:07.426239+04:00",
"tenantID": "c95f1b60-4f7d-4b1e-b7b5-35c3b4f0a0f8",
"status": "Failed",
"messages": null,
"errors": "tenant is deleted",
"userMigration": true
},
{
"id": "1400930c-a369-4287-ae38-843a30d4d0cb",
"created": "2021-12-10T15:26:07.428167+04:00",
"updated": "2021-12-10T15:26:07.500517+04:00",
"tenantID": "d2fb4972-4f1e-478f-8539-ed50720a3fce",
"status": "Failed",
"messages": null,
"errors": "404 Not Found: Realm does not exist",
"userMigration": true
},
{
"id": "c63b5ce4-25cb-404f-9511-77a17b0d8ec3",
"created": "2021-12-10T16:03:16.135469+04:00",
"updated": "2021-12-10T16:03:24.465874+04:00",
"tenantID": "e02e0679-2de5-48af-a2f0-c650356dc739",
"status": "Completed",
"messages": null,
"errors": "",
"userMigration": true
}
],
"page": 1,
"pageSize": 10
}
HTTP status code 400
Invalid request.
HTTP status code 401
Request is not authenticated.
HTTP status code 403
Principal does not have sufficient permissions to perform this operation.
Secured by IAM
Headers
- Authorization: optional (string)
Used to send a valid JWT access token. Example: "Authorization: Bearer 'access_token'" where 'access_token' must be replaced by a valid JWT access token. This header is needed only if API authentication is enabled for the service. The service authorizes resource access using the Kaa IAM.
/tenant/migrate/groups/tasks/{task-id} get
get /tenant/migrate/groups/tasks/{task-id}
Returns tasks by its ID.
IAM supports JWT access tokens for authenticating and authorizing all API requests.
URI Parameters
- task-id: required(string)
HTTP status code 200
Migration task status by task ID.
Body
Media type: application/json
Type: object
Properties
- data: required(object)
- id: optional (string)
Task ID.
- created: required(datetime)
Task creation date.
- updated: required(datetime)
Task update date.
- tenantID: required(string)
Tenant ID that user belongs to.
- status: required(one of InProgress, Completed, Failed)
Task ID.
- messages: required(object)
Message based on task status.
- errors: required(string)
Message of raised error from migration operation.
- userMigration: required(boolean)
Indicates whether it is users or groups migration.
- id: optional (string)
Example:
{
"data":{
"id":"c63b5ce4-25cb-404f-9511-77a17b0d8ec3",
"created":"2021-12-10T16:03:16.135469+04:00",
"updated":"2021-12-10T16:03:24.465874+04:00",
"tenantID":"e02e0679-2de5-48af-a2f0-c650356dc739",
"status":"Completed",
"messages":null,
"errors":"",
"userMigration":false
}
}
HTTP status code 400
Invalid request.
HTTP status code 401
Request is not authenticated.
HTTP status code 403
Principal does not have sufficient permissions to perform this operation.
Secured by IAM
Headers
- Authorization: optional (string)
Used to send a valid JWT access token. Example: "Authorization: Bearer 'access_token'" where 'access_token' must be replaced by a valid JWT access token. This header is needed only if API authentication is enabled for the service. The service authorizes resource access using the Kaa IAM.