Base URI : https://custos.scigap.org/apiserver/

Identity Management APIs

  • DescriptionMethodURIHeadersBodyParams
    OpenID configurationGET/identity-management/v1.0.0/.well-known/openid-configurationAuthorization: Bearer B64Encoded(client Id: client Sec)
    client_id=XXXXX

    Local authentication

    (Resource owner PW)

    POST/identity-management/v1.0.0/tokenAuthorization: Bearer B64Encoded(client Id: client Sec){
    "username":"userA",
    "password":"XXXX",
    "grant_type":"password"
    }

    Local authentication

    (authorization_code)

    POST/identity-management/v1.0.0/tokenAuthorization: Bearer B64Encoded(client Id: client Sec){
    "code":"wsxdcfvgbg",
    "redirect_uri":"https://domain/callback",
    "grant_type":"authorization_code"
    }

    Renew access token

    (refresh token grant)

    POST/identity-management/v1.0.0/tokenAuthorization: Bearer B64Encoded(client Id: client Sec){
    "code":"wsxdcfvgbg",
    "redirect_uri":"https://domain/callback",
    "grant_type":"authorization_code"
    }

    Obtain CILogon,

    Keycloak credentials

    GET/identity-management/v1.0.0/credentialsAuthorization: Bearer B64Encoded(client Id: client Sec)
    client_id=XXXXX
    LogoutPOST

    /identity-management/v1.0.0/user/logout

    Authorization: Bearer B64Encoded(client Id: client Sec)
    {
    "refresh_token":"xxxxxxx",
    "grant_type":"refresh_token"
    }

User Management APIs

  • DescriptionMethodURIHeadersBodyParams
    Register userPOST/user-management/v1.0.0/userAuthorization: Bearer B64Encoded(client Id: client Sec)

    {
    "username":"UserA",
    "first_name":"Jhon",
    "last_name":"Creg",
    "email":"jhon@gmail.com",
    "password":"12345",

    "temporary_password":false
    }


    Enable userPOST/user-management/v1.0.0/user/activationAuthorization: Bearer B64Encoded(client Id: client Sec)

    {
    "username":"UserA"
    }


    Disable userPOST

    /user-management/v1.0.0/user/deactivation

    Authorization: Bearer B64Encoded(client Id: client Sec){
    "username":"UserA"
    }

    Get user statusGET/user-management/v1.0.0/user/activation/statusAuthorization: Bearer B64Encoded(client Id: client Sec)
    user.username=UserA
    Check username is availableGET/user-management/v1.0.0/user/availabilityAuthorization: Bearer B64Encoded(client Id: client Sec)
    user.username=UserA
    Reset user passwordPUT/user-management/v1.0.0/user/passwordAuthorization: Bearer B64Encoded(client Id: client Sec)

    {
    "username":"testuser1",
    "password":"123456"
    }


    Delete a userDELETE/user-management/v1.0.0/userAuthorization: Bearer admin_access_token{
    "username":"testuser1"
    }

    Add attributes to  usersPOST/user-management/v1.0.0/attributesAuthorization: Bearer user_access_token{
    "attributes":[
    {
    "key":"phone",
    "values":["81239153889"]
    },
    {
    "key":"email",
    "values":["irjanith@gmail.com","isjarana@gmail.com"]
    }],
    "users":["username"]
    }

    Delete attributes of usersDELETE/user-management/v1.0.0/attributesAuthorization: Bearer user_access_token{
    "attributes":[
    {
    "key":"phone",
    "values":["81239153889"]
    },
    {
    "key":"email",
    "values":["irjanith@gmail.com","isjarana@gmail.com"]
    }],
    "users":["username"]
    }

    Add roles to userPOST /user-management/v1.0.0/users/rolesAuthorization: Bearer admin_access_token{
    "roles":["gateway_provider"],
    "usernames":["username"],
    "client_level":false
    }

    Delete roles of a userDELETE/user-management/v1.0.0/users/rolesAuthorization: Bearer admin_access_token{
    "realm_roles":["gateway_provider"],
    "username":"username"
    }

    Update user profilePUT/user-management/v1.0.0/user/profileAuthorization: Bearer B64Encoded(client Id: client Sec){
    "username":"jhon",
    "first_name":"Jhon",
    "last_name":"Saturday",
    "email":"jhon@gmail.com"
    }

    Get usersGET/user-management/v1.0.0/usersAuthorization: Bearer B64Encoded(client Id: client Sec)

    offset=0

    limit=10

    user.id=username

    Select users by attributesGET/user-management/v1.0.0/users/profileAuthorization: Bearer B64Encoded(client Id: client Sec)

    user_profile.attributes.key=key

    user_profile.attributes.value=value

    Link duplicate user accounts

    (copy attributes from previous account to current account)

    POST/user-management/v1.0.0/user/profile/mapperAuthorization: Bearer admin_access_token{
      "current_username":"UserB",
      "previous_username":"UserA",
      "linking_attributes":["phone","email"]
    }

    Make a user an adminPOST

    /user-management/v1.0.0/user/admin

    Authorization: Bearer admin_access_token{
    "username":"user a"
    }

    Remove admin userDELETE/user-management/v1.0.0/user/adminAuthorization: Bearer admin_access_token{
    "username":"user a"
    }

Group Management APIs

  • DescriptionMethodURIHeadersBodyParams
    Create groupsPOST
    /group-management/v1.0.0/groups
    Authorization: Bearer B64Encoded(client Id: client Sec)

    {
    "clientId":"custos Id",
    "groups": [ {
    "name": "Test grouping",
    "ownerId":"username",
    "description":"This is test group.",
    "realm_roles": [],
    "client_roles": [],
    "attributes": [],
    "sub_groups": []
    }]
    }


    Update groupPUT/group-management/v1.0.0/group/{id}Authorization: Bearer B64Encoded(client Id: client Sec)

    {
    "clientId":"custos Id",
    "group": {
    "name": "Read Only Admin Users",
    "ownerId":"admin",
    "description":"Group of admin users with read-only access.",
    "realm_roles": [],
    "client_roles": [],
    "attributes": [],
    "sub_groups": []
    }
    }


    Delete groupDELETE/group-management/v1.0.0/group/{id}Authorization: Bearer B64Encoded(client Id: client Sec)

    Find groupGET/group-management/v1.0.0/groupAuthorization: Bearer B64Encoded(client Id: client Sec)

    group.id=groupId /

    group.name=groupX

    Get all groupsGETgroup-management/v1.0.0/groupsAuthorization: Bearer B64Encoded(client Id: client Sec)

    Add user to groupPOST/group-management/v1.0.0/user/group/membershipAuthorization: Bearer B64Encoded(client Id: client Sec)

    {
    "group_id":"30c93703-2843-46a4-9551-4ea5ccb7fa4d",
    "username":"username",
    "membership_type":"MEMBER"
    }


    Remove user from groupDELETE/group-management/v1.0.0/user/group/membershipAuthorization: Bearer B64Encoded(client Id: client Sec){
    "group_id":"30c93703-2843-46a4-9551-4ea5ccb7fa4d",
    "username":"username",
    "membership_type":"MEMBER"
    }

    Add child groupPOST/group-management/v1.0.0/group/membershipAuthorization: Bearer B64Encoded(client Id: client Sec){
    "child_id":"30c93703-2843-46a4-9551-4ea5ccb7fa4d",
    "parent_id":"30c93703-2843-5678-9551-4ea5ccb7fa4d"
    }

    Remove child group from parent groupDELETEgroup-management/v1.0.0/group/membershipAuthorization: Bearer B64Encoded(client Id: client Sec){
    "child_id":"30c93703-2843-46a4-9551-4ea5ccb7fa4d",
    "parent_id":"30c93703-2843-5678-9551-4ea5ccb7fa4d"
    }

    Get all child groupsGET/group-management/v1.0.0/groups/memberships/childAuthorization: Bearer B64Encoded(client Id: client Sec)
    group.id=groupX
    Get all users of groupGET/group-management/v1.0.0/user/group/memberships/childAuthorization: Bearer B64Encoded(client Id: client Sec)
    group.id=groupX
    Get all groups of userGET /group-management/v1.0.0/user/group/membershipsAuthorization: Bearer B64Encoded(client Id: client Sec)
    profile.username=username
    Change group membershipPUT/group-management/v1.0.0/user/group/membershipAuthorization: Bearer B64Encoded(client Id: client Sec){
    "group_id":"30c93703-2843-46a4-9551-4ea5ccb7fa4d",
    "username":"username",
    "type":"ADMIN"
    }

Secret Management APIs

  • DescriptionMethodURIHeadersBodyParams
    Get JWKSGET/resource-secret-management/v1.0.0/openid-connect/certsAuthorization: Bearer B64Encoded(client Id: client Sec)

    Generate SSH credentialPOST/resource-secret-management/v1.0.0/secret/sshAuthorization: Bearer B64Encoded(client Id: client Sec)

    {
    "metadata" : {
    "client_id":"custosId",
    "description":"Admin user SSH for Gateway phasta",
    "owner_id":"username"
    }
    }


    Get SSH credentialGET/resource-secret-management/v1.0.0/secret/sshAuthorization: Bearer B64Encoded(client Id: client Sec)

    client_id=xxxxx

    token=credential_token

    Delete SSH credentialDELETE/resource-secret-management/v1.0.0/secret/sshAuthorization: Bearer B64Encoded(client Id: client Sec)

    client_id=xxxxx

    token=credential_token

    Save password credentialPOST/resource-secret-management/v1.0.0/secret/passwordAuthorization: Bearer B64Encoded(client Id: client Sec)

    {
    "metadata" : {
    "client_id":"custosId",
    "description":"Admin user SSH for Gateway phasta",
    "owner_id":"username"
    },
    "password":"passwordToBeSaved"
    }


    Get password credentialGET/resource-secret-management/v1.0.0/secret/passwordAuthorization: Bearer B64Encoded(client Id: client Sec)

    client_id=xxxxx

    token=credential_token

    Delete password credentialDELETE/resource-secret-management/v1.0.0/secret/passwordAuthorization: Bearer B64Encoded(client Id: client Sec)

    client_id=xxxxx

    token=credential_token

    Generate x509 certificatePOST/resource-secret-management/v1.0.0/secret/certificateAuthorization: Bearer B64Encoded(client Id: client Sec){
    "metadata" : {
    "client_id":"custosId",
    "description":"Admin user SSH for Gateway phasta",
    "owner_id":"username"
    }
    }

    Get certificateGET/resource-secret-management/v1.0.0/secret/certificateAuthorization: Bearer B64Encoded(client Id: client Sec)

    client_id=xxxxx

    token=credential_token

    Delete certificateDELETE/resource-secret-management/v1.0.0/secret/certificateAuthorization: Bearer B64Encoded(client Id: client Sec)

    client_id=xxxxx

    token=credential_token

    Get all resource credential simmariesGET/resource-secret-management/v1.0.0/secret/summariesAuthorization: Bearer B64Encoded(client Id: client Sec)

    client_id=xxxxxx

    accessible_tokens=axsdcfvgbhbnh

    Set KV credentialPOST
    /resource-secret-management/v1.0.0/secret/kv

    Authorization: Bearer B64Encoded(client Id: client Sec)

    user-token: user_token

    {
    "metadata" : {
    "client_id":"custosId",
    "description":"sample key"
    },
    "key":"vault_key",
    "value":"axsdcfvgbhnhnhnhJKNM"
    }


    Get KV credentialGET
    /resource-secret-management/v1.0.0/secret/kv

    Authorization: Bearer B64Encoded(client Id: client Sec)

    user-token: user_token


    metadata.client_id=custosId

    key=vault_key

    Update KV credentialPUT
    /resource-secret-management/v1.0.0/secret/kv

    Authorization: Bearer B64Encoded(client Id: client Sec)

    user-token: user_token

    {
    "metadata" : {
    "client_id":"custosId",
    "description":"sample key"
    },
    "key":"vault_key",
    "value":"axsdcfvgbhnhnhnhJKNM"
    }

    Delete KV credentialDELETE
    /resource-secret-management/v1.0.0/secret/kv

    Authorization: Bearer B64Encoded(client Id: client Sec)

    user-token: user_token

    {
    "metadata" : {
    "client_id":"custosId",
    "description":"sample key"
    },
    "key":"vault_key"
    }

Sharing Management APIs

  • DescriptionMethodURIHeadersBodyParams
    Create an entity typePOST/sharing-management/v1.0.0/entity/typeAuthorization: Bearer B64Encoded(client Id: client Sec)

    {
    "client_id":"custosId",
    "entity_type":{
    "id":"EXPERIMENT",
    "name":"EXPERIMENT",
    "description":"Experiment entity type"
    }
    }


    Update entity typePUT/sharing-management/v1.0.0/entity/typeAuthorization: Bearer B64Encoded(client Id: client Sec){
    "client_id":"custosId",
    "entity_type":{
    "id":"EXPERIMENT",
    "name":"EXPERIMENT",
    "description":"Experiment entity type"
    }
    }

    Delete entity typeDELETE/sharing-management/v1.0.0/entity/typeAuthorization: Bearer B64Encoded(client Id: client Sec){
    "client_id":"custosId",
    "entity_type":{
    "id":"EXPERIMENT"
    }
    }

    Get entity typeGET/sharing-management/v1.0.0/entity/typeAuthorization: Bearer B64Encoded(client Id: client Sec)

    client_id=custosId

    entity_type.id=EXPERIMENT

    Get entity typesGET/sharing-management/v1.0.0/entity/typesAuthorization: Bearer B64Encoded(client Id: client Sec)
    client_id=custosId
    Create a permission typePOST/sharing-management/v1.0.0/permission/typeAuthorization: Bearer B64Encoded(client Id: client Sec)

    {
    "client_id":"custosId",
    "permission_type":{
    "id":"READ",
    "name":"READ Permission",
    "description":"Permission type READ"
    }
    }


    Update permission typePUT/sharing-management/v1.0.0/permission/typeAuthorization: Bearer B64Encoded(client Id: client Sec)

    {
    "client_id":"custosId",
    "permission_type":{
    "id":"READ",
    "name":"READ Permission",
    "description":"Permission type READ"
    }
    }


    Delete permission typeDELETE/sharing-management/v1.0.0/permission/typeAuthorization: Bearer B64Encoded(client Id: client Sec)

    {
    "client_id":"custosID",
    "permission_type":{
    "id":"READ"
    }
    }


    Get permission typesGET/sharing-management/v1.0.0/permission/typesAuthorization: Bearer B64Encoded(client Id: client Sec)
    client_id=custosId
    Create an entityPOST/sharing-management/v1.0.0/entityAuthorization: Bearer B64Encoded(client Id: client Sec)

    {
    "client_id":"custoId",
    "entity":{
    "id":"exp99",
    "name":"EXperment 9",
    "description":"Experiment 9",
    "type":"API",
    "owner_id":"admin",
    "parent_id":""
    }
    }


    Update entityPUT/sharing-management/v1.0.0/entityAuthorization: Bearer B64Encoded(client Id: client Sec){
    "client_id":"custoId",
    "entity":{
    "id":"exp99",
    "name":"EXperment 9",
    "description":"Experiment 9",
    "type":"API",
    "owner_id":"admin",
    "parent_id":""
    }
    }

    Delete entityDELETE/sharing-management/v1.0.0/entityAuthorization: Bearer B64Encoded(client Id: client Sec){
    "client_id":"custoId",
    "entity":{
    "id":"exp99"
    }
    }

    Search entitiesPOST/sharing-management/v1.0.0/entitiesAuthorization: Bearer B64Encoded(client Id: client Sec)

    {
    "client_id":"custosId",
    "search_criteria":[{
    "search_field":"ENTITY_TYPE_ID",
    "value":"PROJECT",
    "condition":"EQUAL"
    },
    {
    "search_field":"OWNER_ID",
    "value":"admin",
    "condition":"EQUAL"
    }
    ]
    }


    Share entity with userPOST/sharing-management/v1.0.0/users/shareAuthorization: Bearer B64Encoded(client Id: client Sec)

    {
    "client_id":"custosId",
    "entity":{
    "id":"qasxdfmklasxcv"
    },
    "permission_type":{
    "id":"WRITE"
    },
    "owner_id":["testuser2"],
    "cascade":"true"
    }


    Share entity with groupPOST
    /sharing-management/v1.0.0/groups/share
    Authorization: Bearer B64Encoded(client Id: client Sec)

    {
    "client_id":"custosId",
    "entity":{
    "id":"qasxdfmklasxcv"
    },
    "permission_type":{
    "id":"READ"
    },
    "owner_id":["30c93703-2843-46a4-9551-4ea5ccb7fa4d"],
    "cascade":"true"
    }


    Revoke entity sharing of  userDELETE/sharing-management/v1.0.0/users/shareAuthorization: Bearer B64Encoded(client Id: client Sec){
    "client_id":"custosId",
    "entity":{
    "id":"qasxdfmklasxcv"
    },
    "permission_type":{
    "id":"WRITE"
    },
    "owner_id":["testuser2"],
    "cascade":"true"
    }

    Revoke entity sharing  of groupDELETE/sharing-management/v1.0.0/groups/shareAuthorization: Bearer B64Encoded(client Id: client Sec){
    "client_id":"custosId",
    "entity":{
    "id":"qasxdfmklasxcv"
    },
    "permission_type":{
    "id":"READ"
    },
    "owner_id":["30c93703-2843-46a4-9551-4ea5ccb7fa4d"],
    "cascade":"true"
    }

    Check user access for an entityGET/sharing-management/v1.0.0/entity/user/accessAuthorization: Bearer B64Encoded(client Id: client Sec)

    client_id=custosId,

    entity.id=qasedrvgbt,

    permission_type.id=READ,

    owner_id=testuser2

    Get a list of shared usersGET/sharing-management/v1.0.0/users/shareAuthorization: Bearer B64Encoded(client Id: client Sec)

    client_id=custosId,

    entity.id=qasedrvgbt,

    permission_type.id=READ

    Get a list of shared groupsGET
    /sharing-management/v1.0.0/groups/share
    Authorization: Bearer B64Encoded(client Id: client Sec)

    client_id=custosId,

    entity.id=qasedrvgbt,

    permission_type.id=READ

Agent Management (Community Accounts) APIs

  • DescriptionMethodURIHeadersBodyParams
    Enable agentsPOST/agent-management/v1.0.0/enableAuthorization: Bearer admin_access_token

    Configure token timePOST/agent-management/v1.0.0/token/configurationAuthorization: Bearer admin_access_token

    {
    "access_token_life_time":700
    }


    Configure agent client rolesPOST/agent-management/v1.0.0/rolesAuthorization: Bearer admin_access_token

    {"roles":[{
    "name":"testing",
    "description":"testing role"
    }

    ],

    "client_level": true
    }


    Register agentPOST/agent-management/v1.0.0/agentAuthorization: Bearer admin_access_token

    {
    "id":"agent123",
    "realm_roles":["owner"],

          “client_roles”:[“testing”]
    "attributes":[{
    "key":"agent_cluster_id"
    "values":["123123131"]
    }]

    }

    Get agentGET/agent-management/v1.0.0/agent/{agentId}Authorization: Bearer admin_access_token

    Delete agentDELETE/agent-management/v1.0.0/agent/{agentId}Authorization: Bearer admin_access_token

    Disable agentPOST/agent-management/v1.0.0/agent/deactivation/{agentId}Authorization: Bearer admin_access_token

    Enable agentPOST/agent-management/v1.0.0/agent/activation/{agentId}Authorization: Bearer admin_access_token

    Add agent attributesPOST/agent-management/v1.0.0/agent/attributesAuthorization: Bearer admin_access_token

    {
    "agents":["agentlmc"],
    "attributes":[{
        "key":"agent_test",
        "values":["tesitng"]
    }]
    }


    Delete agent attributesDELETE/agent-management/v1.0.0/agent/attributesAuthorization: Bearer admin_access_token{
    "agents":["agentlmc"],
    "attributes":[{
        "key":"agent_test",
        "values":["tesitng"]
    }]
    }

    Add roles to agentPOST/agent-management/v1.0.0/agent/rolesAuthorization: Bearer admin_access_token

    {

    "agents":["xxxtttyyyaswed"],

    "roles":["testing"],

    "client_level":true

    }


    Delete roles from agentDELETE/agent-management/v1.0.0/agent/rolesAuthorization: Bearer admin_access_token

    {

    "id":"agentlmc",

    "roles":["test"]

    }


    Add protocol mapperPOST/agent-management/v1.0.0/protocol/mapperAuthorization: Bearer admin_access_token

    {
    "name":"realm_role_mapper",
    "claim_name":"realm_roles",
    "claim_type":"STRING",
    "mapper_type":"USER_REALM_ROLE",
    "add_to_id_token":true,
    "add_to_access_token":true,
    "add_to_user_info":true,
    "multi_valued":true,
    "aggregate_attribute_values":false
    }


    Get all agentsGET/agent-management/v1.0.0/agentsAuthorization: Bearer admin_access_token

    Obtain access tokenPOST/identity-management/v1.0.0/agent/token/{client_id}Authorization: Bearer B64Encoded(agentId:agent Sec){
    "grant_type":"client_credentials"
    }

    Refresh access tokenPOST/identity-management/v1.0.0/agent/token/{client_id}Authorization: Bearer B64Encoded(agentId:agent Sec){
    "grant_type":"refresh_token",
    "refresh_token":"XXXX"
    }

    Eng agent sessionPOST

    /identity-management/v1.0.0/agent/logout/{client_id}

    Authorization: Bearer B64Encoded(agentId:agent Sec)

    {
    "refresh_token":"XXXX"
    }


Audit Logs

  • DescriptionsMethodURIHeadersBodyParams
    Enable loggingPOST/log-management/v1.0.0/statusAuthorization: Bearer admin_access_token

    Fetch logsGET/log-management/v1.0.0/logsAuthorization: Bearer B64Encoded(client Id: client Sec)

    offset=0

    limit=0

    service_name=org.apache.custos.user.management.service.UserManagementService

    event_type=findUsers

  • No labels