Base URI : https://custos.scigap.org/apiserver/
Identity Management APIs
Description Method URI Headers Body Params OpenID configuration GET /identity-management/v1.0.0/.well-known/openid-configuration Authorization: Bearer B64Encoded(client Id: client Sec) client_id=XXXXX Local authentication
(Resource owner PW)
POST /identity-management/v1.0.0/token Authorization: Bearer B64Encoded(client Id: client Sec) {
"username":"userA",
"password":"XXXX",
"grant_type":"password"
}Local authentication
(authorization_code)
POST /identity-management/v1.0.0/token Authorization: Bearer B64Encoded(client Id: client Sec) {
"code":"wsxdcfvgbg",
"redirect_uri":"https://domain/callback",
"grant_type":"authorization_code"
}Renew access token
(refresh token grant)
POST /identity-management/v1.0.0/token Authorization: Bearer B64Encoded(client Id: client Sec) {
"code":"wsxdcfvgbg",
"redirect_uri":"https://domain/callback",
"grant_type":"authorization_code"
}Obtain CILogon,
Keycloak credentials
GET /identity-management/v1.0.0/credentials Authorization: Bearer B64Encoded(client Id: client Sec) client_id=XXXXX Logout POST /identity-management/v1.0.0/user/logout
Authorization: Bearer B64Encoded(client Id: client Sec) {
"refresh_token":"xxxxxxx",
"grant_type":"refresh_token"
}
User Management APIs
Description Method URI Headers Body Params Register user POST /user-management/v1.0.0/user Authorization: Bearer B64Encoded(client Id: client Sec) {
"username":"UserA",
"first_name":"Jhon",
"last_name":"Creg",
"email":"jhon@gmail.com",
"password":"12345","temporary_password":false
}Enable user POST /user-management/v1.0.0/user/activation Authorization: Bearer B64Encoded(client Id: client Sec) {
"username":"UserA"
}Disable user POST /user-management/v1.0.0/user/deactivation
Authorization: Bearer B64Encoded(client Id: client Sec) {
"username":"UserA"
}Get user status GET /user-management/v1.0.0/user/activation/status Authorization: Bearer B64Encoded(client Id: client Sec) user.username=UserA Check username is available GET /user-management/v1.0.0/user/availability Authorization: Bearer B64Encoded(client Id: client Sec) user.username=UserA Reset user password PUT /user-management/v1.0.0/user/password Authorization: Bearer B64Encoded(client Id: client Sec) {
"username":"testuser1",
"password":"123456"
}Delete a user DELETE /user-management/v1.0.0/user Authorization: Bearer admin_access_token {
"username":"testuser1"
}Add attributes to users POST /user-management/v1.0.0/attributes Authorization: Bearer user_access_token {
"attributes":[
{
"key":"phone",
"values":["81239153889"]
},
{
"key":"email",
"values":["irjanith@gmail.com","isjarana@gmail.com"]
}],
"users":["username"]
}Delete attributes of users DELETE /user-management/v1.0.0/attributes Authorization: Bearer user_access_token {
"attributes":[
{
"key":"phone",
"values":["81239153889"]
},
{
"key":"email",
"values":["irjanith@gmail.com","isjarana@gmail.com"]
}],
"users":["username"]
}Add roles to user POST /user-management/v1.0.0/users/roles Authorization: Bearer admin_access_token {
"roles":["gateway_provider"],
"usernames":["username"],
"client_level":false
}Delete roles of a user DELETE /user-management/v1.0.0/users/roles Authorization: Bearer admin_access_token {
"realm_roles":["gateway_provider"],
"username":"username"
}Update user profile PUT /user-management/v1.0.0/user/profile Authorization: Bearer B64Encoded(client Id: client Sec) {
"username":"jhon",
"first_name":"Jhon",
"last_name":"Saturday",
"email":"jhon@gmail.com"
}Get users GET /user-management/v1.0.0/users Authorization: Bearer B64Encoded(client Id: client Sec) offset=0
limit=10
user.id=username
Select users by attributes GET /user-management/v1.0.0/users/profile Authorization: Bearer B64Encoded(client Id: client Sec) user_profile.attributes.key=key
user_profile.attributes.value=value
Link duplicate user accounts
(copy attributes from previous account to current account)
POST /user-management/v1.0.0/user/profile/mapper Authorization: Bearer admin_access_token {
"current_username":"UserB",
"previous_username":"UserA",
"linking_attributes":["phone","email"]
}Make a user an admin POST /user-management/v1.0.0/user/admin
Authorization: Bearer admin_access_token {
"username":"user a"
}Remove admin user DELETE /user-management/v1.0.0/user/admin Authorization: Bearer admin_access_token {
"username":"user a"
}
Group Management APIs
Description Method URI Headers Body Params Create groups POST /group-management/v1.0.0/groupsAuthorization: Bearer B64Encoded(client Id: client Sec) {
"clientId":"custos Id",
"groups": [ {
"name": "Test grouping",
"ownerId":"username",
"description":"This is test group.",
"realm_roles": [],
"client_roles": [],
"attributes": [],
"sub_groups": []
}]
}Update group PUT /group-management/v1.0.0/group/{id} Authorization: Bearer B64Encoded(client Id: client Sec) {
"clientId":"custos Id",
"group": {
"name": "Read Only Admin Users",
"ownerId":"admin",
"description":"Group of admin users with read-only access.",
"realm_roles": [],
"client_roles": [],
"attributes": [],
"sub_groups": []
}
}Delete group DELETE /group-management/v1.0.0/group/{id} Authorization: Bearer B64Encoded(client Id: client Sec) Find group GET /group-management/v1.0.0/group Authorization: Bearer B64Encoded(client Id: client Sec) group.id=groupId /
group.name=groupX
Get all groups GET group-management/v1.0.0/groups Authorization: Bearer B64Encoded(client Id: client Sec) Add user to group POST /group-management/v1.0.0/user/group/membership Authorization: Bearer B64Encoded(client Id: client Sec) {
"group_id":"30c93703-2843-46a4-9551-4ea5ccb7fa4d",
"username":"username",
"membership_type":"MEMBER"
}Remove user from group DELETE /group-management/v1.0.0/user/group/membership Authorization: Bearer B64Encoded(client Id: client Sec) {
"group_id":"30c93703-2843-46a4-9551-4ea5ccb7fa4d",
"username":"username",
"membership_type":"MEMBER"
}Add child group POST /group-management/v1.0.0/group/membership Authorization: Bearer B64Encoded(client Id: client Sec) {
"child_id":"30c93703-2843-46a4-9551-4ea5ccb7fa4d",
"parent_id":"30c93703-2843-5678-9551-4ea5ccb7fa4d"
}Remove child group from parent group DELETE group-management/v1.0.0/group/membership Authorization: Bearer B64Encoded(client Id: client Sec) {
"child_id":"30c93703-2843-46a4-9551-4ea5ccb7fa4d",
"parent_id":"30c93703-2843-5678-9551-4ea5ccb7fa4d"
}Get all child groups GET /group-management/v1.0.0/groups/memberships/child Authorization: Bearer B64Encoded(client Id: client Sec) group.id=groupX Get all users of group GET /group-management/v1.0.0/user/group/memberships/child Authorization: Bearer B64Encoded(client Id: client Sec) group.id=groupX Get all groups of user GET /group-management/v1.0.0/user/group/memberships Authorization: Bearer B64Encoded(client Id: client Sec) profile.username=username Change group membership PUT /group-management/v1.0.0/user/group/membership Authorization: Bearer B64Encoded(client Id: client Sec) {
"group_id":"30c93703-2843-46a4-9551-4ea5ccb7fa4d",
"username":"username",
"type":"ADMIN"
}
Secret Management APIs
Description Method URI Headers Body Params Get JWKS GET /resource-secret-management/v1.0.0/openid-connect/certs Authorization: Bearer B64Encoded(client Id: client Sec) Generate SSH credential POST /resource-secret-management/v1.0.0/secret/ssh Authorization: Bearer B64Encoded(client Id: client Sec) {
"metadata" : {
"client_id":"custosId",
"description":"Admin user SSH for Gateway phasta",
"owner_id":"username"
}
}Get SSH credential GET /resource-secret-management/v1.0.0/secret/ssh Authorization: Bearer B64Encoded(client Id: client Sec) token=credential_token
Delete SSH credential DELETE /resource-secret-management/v1.0.0/secret/ssh Authorization: Bearer B64Encoded(client Id: client Sec) token=credential_token
Save password credential POST /resource-secret-management/v1.0.0/secret/password Authorization: Bearer B64Encoded(client Id: client Sec) {
"metadata" : {
"client_id":"custosId",
"description":"Admin user SSH for Gateway phasta",
"owner_id":"username"
},
"password":"passwordToBeSaved"
}Get password credential GET /resource-secret-management/v1.0.0/secret/password Authorization: Bearer B64Encoded(client Id: client Sec) client_id=xxxxx
token=credential_token
Delete password credential DELETE /resource-secret-management/v1.0.0/secret/password Authorization: Bearer B64Encoded(client Id: client Sec) client_id=xxxxx
token=credential_token
Generate x509 certificate POST /resource-secret-management/v1.0.0/secret/certificate Authorization: Bearer B64Encoded(client Id: client Sec) {
"metadata" : {
"client_id":"custosId",
"description":"Admin user SSH for Gateway phasta",
"owner_id":"username"
}
}Get certificate GET /resource-secret-management/v1.0.0/secret/certificate Authorization: Bearer B64Encoded(client Id: client Sec) client_id=xxxxx
token=credential_token
Delete certificate DELETE /resource-secret-management/v1.0.0/secret/certificate Authorization: Bearer B64Encoded(client Id: client Sec) client_id=xxxxx
token=credential_token
Get all resource credential simmaries GET /resource-secret-management/v1.0.0/secret/summaries Authorization: Bearer B64Encoded(client Id: client Sec) client_id=xxxxxx
accessible_tokens=axsdcfvgbhbnh
Set KV credential POST /resource-secret-management/v1.0.0/secret/kvAuthorization: Bearer B64Encoded(client Id: client Sec)
user-token: user_token
{
"metadata" : {
"client_id":"custosId",
"description":"sample key"
},
"key":"vault_key",
"value":"axsdcfvgbhnhnhnhJKNM"
}Get KV credential GET /resource-secret-management/v1.0.0/secret/kvAuthorization: Bearer B64Encoded(client Id: client Sec)
user-token: user_token
metadata.client_id=custosId
key=vault_key
Update KV credential PUT /resource-secret-management/v1.0.0/secret/kvAuthorization: Bearer B64Encoded(client Id: client Sec)
user-token: user_token
{
"metadata" : {
"client_id":"custosId",
"description":"sample key"
},
"key":"vault_key",
"value":"axsdcfvgbhnhnhnhJKNM"
}Delete KV credential DELETE /resource-secret-management/v1.0.0/secret/kvAuthorization: Bearer B64Encoded(client Id: client Sec)
user-token: user_token
{
"metadata" : {
"client_id":"custosId",
"description":"sample key"
},
"key":"vault_key"
}
Sharing Management APIs
Description Method URI Headers Body Params Create an entity type POST /sharing-management/v1.0.0/entity/type Authorization: Bearer B64Encoded(client Id: client Sec) {
"client_id":"custosId",
"entity_type":{
"id":"EXPERIMENT",
"name":"EXPERIMENT",
"description":"Experiment entity type"
}
}Update entity type PUT /sharing-management/v1.0.0/entity/type Authorization: Bearer B64Encoded(client Id: client Sec) {
"client_id":"custosId",
"entity_type":{
"id":"EXPERIMENT",
"name":"EXPERIMENT",
"description":"Experiment entity type"
}
}Delete entity type DELETE /sharing-management/v1.0.0/entity/type Authorization: Bearer B64Encoded(client Id: client Sec) {
"client_id":"custosId",
"entity_type":{
"id":"EXPERIMENT"
}
}Get entity type GET /sharing-management/v1.0.0/entity/type Authorization: Bearer B64Encoded(client Id: client Sec) client_id=custosId
entity_type.id=EXPERIMENT
Get entity types GET /sharing-management/v1.0.0/entity/types Authorization: Bearer B64Encoded(client Id: client Sec) client_id=custosId Create a permission type POST /sharing-management/v1.0.0/permission/type Authorization: Bearer B64Encoded(client Id: client Sec) {
"client_id":"custosId",
"permission_type":{
"id":"READ",
"name":"READ Permission",
"description":"Permission type READ"
}
}Update permission type PUT /sharing-management/v1.0.0/permission/type Authorization: Bearer B64Encoded(client Id: client Sec) {
"client_id":"custosId",
"permission_type":{
"id":"READ",
"name":"READ Permission",
"description":"Permission type READ"
}
}Delete permission type DELETE /sharing-management/v1.0.0/permission/type Authorization: Bearer B64Encoded(client Id: client Sec) {
"client_id":"custosID",
"permission_type":{
"id":"READ"
}
}Get permission types GET /sharing-management/v1.0.0/permission/types Authorization: Bearer B64Encoded(client Id: client Sec) client_id=custosId Create an entity POST /sharing-management/v1.0.0/entity Authorization: Bearer B64Encoded(client Id: client Sec) {
"client_id":"custoId",
"entity":{
"id":"exp99",
"name":"EXperment 9",
"description":"Experiment 9",
"type":"API",
"owner_id":"admin",
"parent_id":""
}
}Update entity PUT /sharing-management/v1.0.0/entity Authorization: Bearer B64Encoded(client Id: client Sec) {
"client_id":"custoId",
"entity":{
"id":"exp99",
"name":"EXperment 9",
"description":"Experiment 9",
"type":"API",
"owner_id":"admin",
"parent_id":""
}
}Delete entity DELETE /sharing-management/v1.0.0/entity Authorization: Bearer B64Encoded(client Id: client Sec) {
"client_id":"custoId",
"entity":{
"id":"exp99"
}
}Search entities POST /sharing-management/v1.0.0/entities Authorization: Bearer B64Encoded(client Id: client Sec) {
"client_id":"custosId",
"search_criteria":[{
"search_field":"ENTITY_TYPE_ID",
"value":"PROJECT",
"condition":"EQUAL"
},
{
"search_field":"OWNER_ID",
"value":"admin",
"condition":"EQUAL"
}
]
}Share entity with user POST /sharing-management/v1.0.0/users/share Authorization: Bearer B64Encoded(client Id: client Sec) {
"client_id":"custosId",
"entity":{
"id":"qasxdfmklasxcv"
},
"permission_type":{
"id":"WRITE"
},
"owner_id":["testuser2"],
"cascade":"true"
}Share entity with group POST /sharing-management/v1.0.0/groups/shareAuthorization: Bearer B64Encoded(client Id: client Sec) {
"client_id":"custosId",
"entity":{
"id":"qasxdfmklasxcv"
},
"permission_type":{
"id":"READ"
},
"owner_id":["30c93703-2843-46a4-9551-4ea5ccb7fa4d"],
"cascade":"true"
}Revoke entity sharing of user DELETE /sharing-management/v1.0.0/users/share Authorization: Bearer B64Encoded(client Id: client Sec) {
"client_id":"custosId",
"entity":{
"id":"qasxdfmklasxcv"
},
"permission_type":{
"id":"WRITE"
},
"owner_id":["testuser2"],
"cascade":"true"
}Revoke entity sharing of group DELETE /sharing-management/v1.0.0/groups/share Authorization: Bearer B64Encoded(client Id: client Sec) {
"client_id":"custosId",
"entity":{
"id":"qasxdfmklasxcv"
},
"permission_type":{
"id":"READ"
},
"owner_id":["30c93703-2843-46a4-9551-4ea5ccb7fa4d"],
"cascade":"true"
}Check user access for an entity GET /sharing-management/v1.0.0/entity/user/access Authorization: Bearer B64Encoded(client Id: client Sec) client_id=custosId,
entity.id=qasedrvgbt,
permission_type.id=READ,
owner_id=testuser2
Get a list of shared users GET /sharing-management/v1.0.0/users/share Authorization: Bearer B64Encoded(client Id: client Sec) client_id=custosId,
entity.id=qasedrvgbt,
permission_type.id=READ
Get a list of shared groups GET /sharing-management/v1.0.0/groups/shareAuthorization: Bearer B64Encoded(client Id: client Sec) client_id=custosId,
entity.id=qasedrvgbt,
permission_type.id=READ
Agent Management (Community Accounts) APIs
Description Method URI Headers Body Params Enable agents POST /agent-management/v1.0.0/enable Authorization: Bearer admin_access_token Configure token time POST /agent-management/v1.0.0/token/configuration Authorization: Bearer admin_access_token {
"access_token_life_time":700
}Configure agent client roles POST /agent-management/v1.0.0/roles Authorization: Bearer admin_access_token {"roles":[{
"name":"testing",
"description":"testing role"
}
],
"client_level": true
}Register agent POST /agent-management/v1.0.0/agent Authorization: Bearer admin_access_token {
“client_roles”:[“testing”]
"id":"agent123",
"realm_roles":["owner"],
"attributes":[{
"key":"agent_cluster_id"
"values":["123123131"]
}]
}Get agent GET /agent-management/v1.0.0/agent/{agentId} Authorization: Bearer admin_access_token Delete agent DELETE /agent-management/v1.0.0/agent/{agentId} Authorization: Bearer admin_access_token Disable agent POST /agent-management/v1.0.0/agent/deactivation/{agentId} Authorization: Bearer admin_access_token Enable agent POST /agent-management/v1.0.0/agent/activation/{agentId} Authorization: Bearer admin_access_token Add agent attributes POST /agent-management/v1.0.0/agent/attributes Authorization: Bearer admin_access_token {
"agents":["agentlmc"],
"attributes":[{
"key":"agent_test",
"values":["tesitng"]
}]
}Delete agent attributes DELETE /agent-management/v1.0.0/agent/attributes Authorization: Bearer admin_access_token {
"agents":["agentlmc"],
"attributes":[{
"key":"agent_test",
"values":["tesitng"]
}]
}Add roles to agent POST /agent-management/v1.0.0/agent/roles Authorization: Bearer admin_access_token {
"agents":["xxxtttyyyaswed"],
"roles":["testing"],
"client_level":true
}
Delete roles from agent DELETE /agent-management/v1.0.0/agent/roles Authorization: Bearer admin_access_token {
"id":"agentlmc",
"roles":["test"]
}
Add protocol mapper POST /agent-management/v1.0.0/protocol/mapper Authorization: Bearer admin_access_token {
"name":"realm_role_mapper",
"claim_name":"realm_roles",
"claim_type":"STRING",
"mapper_type":"USER_REALM_ROLE",
"add_to_id_token":true,
"add_to_access_token":true,
"add_to_user_info":true,
"multi_valued":true,
"aggregate_attribute_values":false
}Get all agents GET /agent-management/v1.0.0/agents Authorization: Bearer admin_access_token Obtain access token POST /identity-management/v1.0.0/agent/token/{client_id} Authorization: Bearer B64Encoded(agentId:agent Sec) {
"grant_type":"client_credentials"
}Refresh access token POST /identity-management/v1.0.0/agent/token/{client_id} Authorization: Bearer B64Encoded(agentId:agent Sec) {
"grant_type":"refresh_token",
"refresh_token":"XXXX"
}Eng agent session POST /identity-management/v1.0.0/agent/logout/{client_id}
Authorization: Bearer B64Encoded(agentId:agent Sec) {
"refresh_token":"XXXX"
}
Audit Logs
Descriptions Method URI Headers Body Params Enable logging POST /log-management/v1.0.0/status Authorization: Bearer admin_access_token Fetch logs GET /log-management/v1.0.0/logs Authorization: Bearer B64Encoded(client Id: client Sec) offset=0
limit=0
service_name=org.apache.custos.user.management.service.UserManagementService
event_type=findUsers