Skip to content
Talk to our solutions team

IAM API

This page documents the Identity and Access Management (IAM) APIs for kis.ai, providing comprehensive endpoints for authentication, authorization, user management, and administrative operations.

GET /iam/health - Get health status of the server

Response Example:

{
"healthy": true,
"dependencies": {},
"memstats": {
"Alloc": 7,
"HeapAlloc": 7,
"HeapSys": 19,
"HeapIdle": 8,
"HeapInUse": 10,
"TotalAlloc": 60224,
"Sys": 27,
"NumGC": 1265
},
"version": ""
}

GET /iam/ready - Get ready status of the server

Response:

ready: true

GET /account/auth/realms - Lists all realms of this product

Response:

{
"default": "users",
"realms": ["users"]
}

GET /account/auth/providers - Lists all auth providers

Parameters:

NameTypeData TypeDescription
realmoptionalstringSpecifies the realm to operate on; defaults to default realm

Response:

{
"providers": [
{
"method": "post",
"name": "password",
"type": "challenge",
"url": "/auth/login/password"
}
]
}

POST /account/auth/login/password - Log in with password as a challenge

Parameters:

NameTypeData TypeDescription
realmoptionalstringSpecifies the realm to operate on; defaults to default realm

Request:

{
"email": "[email protected]",
"password": "strongpassword"
}

Response:

{
"refresh": "<refreshtoken to be substituted>",
"token": "<token to be substituted>"
}

POST /account/auth/login/adminfederation - Federation log in

Parameters:

NameTypeData TypeDescription
realmoptionalstringSpecifies the realm to operate on; defaults to default realm

Request:

{
"email": "[email protected]",
"password": "strongpassword"
}

Response:

{
"refresh": "<refreshtoken to be substituted>",
"token": "<token to be substituted>"
}

POST /account/auth/login/password - Mobile log in

Parameters:

NameTypeData TypeDescription
realmoptionalstringSpecifies the realm to operate on; defaults to default realm

Request:

{
"mobile": "1041917",
"password": "strongpassword"
}

Response:

{
"refresh": "refreshtoken to be substituted",
"token": "token to be substituted"
}

POST /account/auth/login/otpemail - OTP log in

Parameters:

NameTypeData TypeDescription
realmoptionalstringSpecifies the realm to operate on; defaults to default realm

Request:

{
"email": "[email protected]"
}

Response:

{
"message": "otp generated successfully"
}

POST /account/auth/login/otp02 - OTP log in

Parameters:

NameTypeData TypeDescription
realmoptionalstringSpecifies the realm to operate on; defaults to default realm

Request:

{
"email": "[email protected]",
"otp": "something"
}

Response:

{
"token": "<token to be substituted>",
"refresh": "<refresh to be substituted>"
}

POST /account/auth/login/passwordotp - Password login with OTP MFA

Parameters:

NameTypeData TypeDescription
realmoptionalstringSpecifies the realm to operate on; defaults to default realm

Request:

{
"email": "[email protected]",
"password": "something"
}

Response:

{
"message": "mfa is required"
}

POST /account/auth/login/passwordotp - Approve login with OTP MFA

Parameters:

NameTypeData TypeDescription
realmoptionalstringSpecifies the realm to operate on; defaults to default realm

Request:

{
"email": "[email protected]",
"password": "something",
"otp": "otp"
}

Response:

{
"token": "<token to be substituted>",
"refresh": "<refresh to be substituted>"
}

POST /account/auth/login/passwordtotp - Password login with TOTP MFA (Currently Unsupported MFA Type)

Parameters:

NameTypeData TypeDescription
realmoptionalstringSpecifies the realm to operate on; defaults to default realm

Request:

{
"email": "[email protected]",
"password": "something"
}

Response:

{
"message": "mfa is required"
}

POST /account/auth/login/passwordtotp - Approve TOTP MFA login (Currently Unsupported MFA Type)

Parameters:

NameTypeData TypeDescription
realmoptionalstringSpecifies the realm to operate on; defaults to default realm

Request:

{
"email": "[email protected]",
"password": "something",
"totp": "otp"
}

Response:

{
"token": "<token to be substituted>",
"refresh": "<refresh to be substituted>"
}

POST /account/auth/login/passwordhotp - Password login with HOTP MFA (Currently Unsupported MFA Type)

Parameters:

NameTypeData TypeDescription
realmoptionalstringSpecifies the realm to operate on; defaults to default realm

Request:

{
"email": "[email protected]",
"password": "something"
}

Response:

{
"message": "mfa is required"
}

POST /account/auth/login/passwordhotp - Approve HOTP MFA request (Currently Unsupported MFA Type)

Parameters:

NameTypeData TypeDescription
realmoptionalstringSpecifies the realm to operate on; defaults to default realm

Request:

{
"email": "[email protected]",
"hotp": "otp"
}

Response:

{
"token": "<token to be substituted>",
"refresh": "<refresh to be substituted>"
}

POST /account/auth/login/passwordwebauthn - Password login with WebAuthn MFA (Currently Unsupported MFA Type)

Parameters:

NameTypeData TypeDescription
realmoptionalstringSpecifies the realm to operate on; defaults to default realm

Request:

{
"email": "[email protected]",
"password": "something"
}

Response:

{
"token": "<token to be substituted>",
"refresh": "<refresh to be substituted>"
}

POST /account/auth/webauthn/login/begin/:provider - WebAuthn login begin

Query Parameters:

NameTypeData TypeDescription
realmoptionalstringSpecifies the realm to operate on; defaults to default realm

URL Parameters:

NameTypeData TypeDescription
providerrequiredstringSpecifies the provider

Request:

{
"email": "[email protected]",
"password": "something"
}

Response: Contains a cookie and a body:

{
"publicKey": "<webauthn public key>"
}

POST /account/auth/webauthn/login/finish/:provider - WebAuthn login finish

Query Parameters:

NameTypeData TypeDescription
realmoptionalstringSpecifies the realm to operate on; defaults to default realm

URL Parameters:

NameTypeData TypeDescription
providerrequiredstringSpecifies the provider

Request:

{
"email": "[email protected]",
"password": "something"
}

Response:

{
"token": "<token to be substituted>",
"refresh": "<refresh to be substituted>"
}

GET /account/auth/webauthn/register/begin/:provider - WebAuthn register begin

Parameters:

NameTypeData TypeDescription
providerrequiredstringSpecifies the provider

Response: Contains a cookie and a body:

{
"publicKey": "<webauthn public key>"
}

POST /account/auth/webauthn/register/finish/:provider - WebAuthn register finish

Parameters:

NameTypeData TypeDescription
providerrequiredstringSpecifies the provider

Query Parameters:

NameTypeData TypeDescription
realmoptionalstringSpecifies the realm to operate on; defaults to default realm

Request:

{
"id": "string",
"type": "string",
"rawID": "base64",
"clientExtensionResults": {},
"response": {
"clientDataJSON": "base64",
"attestationObject": "base64"
},
"transports": ["strings"]
}

Response: Contains a cookie and a body:

{
"message": "webauthn registration successful"
}

POST /account/auth/login/magic02 - Create magic link login

Parameters:

NameTypeData TypeDescription
realmoptionalstringSpecifies the realm to operate on; defaults to default realm

Request:

{
"email": "[email protected]"
}

Response:

{
"massage": "magic link generated successfully",
"tokenid": "<token to be substituted>"
}

GET /account/auth/login/magic02 - Magic link login method

Parameters:

NameTypeData TypeDescription
realmoptionalstringSpecifies the realm to operate on; defaults to default realm
tokenrequiredstringToken contains the key to obtain the auth token

Response:

{
"token": "<token to be substituted>",
"refresh": "<refresh to be substituted>"
}

POST /account/auth/check/approval/magic02 - Login with the given token

Parameters:

NameTypeData TypeDescription
realmoptionalstringSpecifies the realm to operate on; defaults to default realm

Request:

{
"tokenid": "01G4KPR196C8R210MZXHZNZRAK"
}

Response:

{
"token": "<token to be substituted>",
"refresh": "<refresh to be substituted>"
}

POST /account/auth/login/magicnumbers - Create login with magic numbers

Parameters:

NameTypeData TypeDescription
realmoptionalstringSpecifies the realm to operate on; defaults to default realm

Request:

{
"email": "[email protected]"
}

Response: TokenID is not present in the response if remotelogin is set to false:

{
"message": "magic link generated successfully",
"tokenid": "id of the user_magic_link created",
"number": "chosen number"
}

POST /account/auth/login/magicnumbers - Login with the given magic numbers

Parameters:

NameTypeData TypeDescription
realmoptionalstringSpecifies the realm to operate on; defaults to default realm
tokenrequiredstringToken used to login
numberrequiredstringMagic number required to provide in the request to login

Response:

{
"token": "<token to be substituted>",
"refresh": "<refresh to be substituted>"
}

Check Approved Magic Token With Numbers Login

Section titled “Check Approved Magic Token With Numbers Login”

POST /account/auth/check/approval/magicnumbers - Login with provided token

Parameters:

NameTypeData TypeDescription
realmoptionalstringSpecifies the realm to operate on; defaults to default realm

Request:

{
"tokenid": "<token to be substituted>"
}

Response:

{
"token": "<token to be substituted>",
"refresh": "<refresh to be substituted>"
}

POST /account/auth/jwt/refresh - Refresh the token

Parameters:

NameTypeData TypeDescription
realmoptionalstringSpecifies the realm to operate on; defaults to default realm

Request:

{
"token": "<token to be substituted>"
}

Response:

{
"token": "<token to be substituted>",
"refresh": "<refresh to be substituted>"
}

GET /account/auth/kisai/approve - Kisai auth login

Response:

{
"token": "<token to be substituted>",
"refresh": "<refresh to be substituted>"
}

GET /account/auth/callback/:provider - OAuth Callback

Parameters:

NameTypeData TypeDescription
providerrequiredstringSpecifies the provider

Response:

{
"token": "<token to be substituted>",
"refresh": "<refresh to be substituted>"
}

POST /account/auth/check/mfa/passwordtotp - Check TOTP login validity

Parameters:

NameTypeData TypeDescription
realmoptionalstringSpecifies the realm to operate on; defaults to default realm

Request:

{
"name": "nameregistered",
"totp": "559202"
}

Response:

{
"message": "totp is valid"
}

POST /account/auth/check/mfa/passwordhotp - Check HOTP login validity

Parameters:

NameTypeData TypeDescription
realmoptionalstringSpecifies the realm to operate on; defaults to default realm

Request:

{
"hotp": "123123"
}

Response:

{
"message": "hotp is valid"
}

POST /account/user/resetrequest - User password reset request

Parameters:

NameTypeData TypeDescription
realmoptionalstringSpecifies the realm to operate on; defaults to default realm

Request:

{
"email": "[email protected]"
}

Response:

{
"message": "reset request generated successfully and sent to email"
}

GET /account/user/validatetoken/:resettoken/:email - Validate token password request

URL Parameters:

NameTypeData TypeDescription
resettokenrequiredstringToken received for the reset request
emailrequiredstringEmail for which password reset was requested

Query Parameters:

NameTypeData TypeDescription
realmoptionalstringSpecifies the realm to operate on; defaults to default realm

Request:

{
"email": "[email protected]"
}

Response:

{
"message": "token is valid"
}

POST /account/user/resetpasswordwithtoken - User password reset link

Query Parameters:

NameTypeData TypeDescription
realmoptionalstringSpecifies the realm to operate on; defaults to default realm

Request:

{
"email": "[email protected]",
"token": "<token>",
"password": "<new password>"
}

Response:

{
"message": "password reset successful"
}

POST /account/auth/updatepassword - Update password

Parameters:

NameTypeData TypeDescription
realmoptionalstringSpecifies the realm to operate on; defaults to default realm

Request:

{
"currentpassword": "<current password>",
"password": "<new password>"
}

Response:

{
"message": "password update successful"
}

POST /account/auth/add/mfa/passwordtotp - Add TOTP to logged in user

Parameters:

NameTypeData TypeDescription
realmoptionalstringSpecifies the realm to operate on; defaults to default realm

Request:

{
"name": "device01"
}

Response:

{
"message": "totp mfa registered successfully",
"uri": "<totpUri>"
}

POST /account/auth/add/mfa/passwordhotp - Add HOTP to logged in user

Parameters:

NameTypeData TypeDescription
realmoptionalstringSpecifies the realm to operate on; defaults to default realm

Request:

{
"name": "device01"
}

Response:

{
"message": "hotp mfa registered successfully",
"uri": "<hotpUri>"
}

User Remove TOTP/HOTP/WebAuthn MFA Provider

Section titled “User Remove TOTP/HOTP/WebAuthn MFA Provider”

POST /account/auth/remove/mfa/passwordtotp - Remove MFA for account

Parameters:

NameTypeData TypeDescription
realmoptionalstringSpecifies the realm to operate on; defaults to default realm

Response:

{
"message": "mfa removed successfully"
}

POST /account/auth/apikey - Add API key to a service

Request:

{
"service": "<service to add the api key to>",
"expiry": 30,
"capabilities": {
"read": "allow"
}
}

Response:

{
"capabilities": {
"read": "allow"
},
"createdby": "<email logged in with>",
"createdon": "<timestamp>",
"deletedby": null,
"deletedon": null,
"expiresat": "<expiry timestamp>",
"id": "<id>",
"key": "<base64 encoded key>",
"secret": "<base64 encoded secret>",
"service": "<service this api key is valid at>",
"updatedby": "<email logged in with>",
"updatedon": "<timestamp>"
}

GET /account/auth/apikey - List API keys to a service

Parameters:

NameTypeData TypeDescription
servicerequiredstringSelects the service to list the API keys for

Response:

{
"apikeys": [
{
"capabilities": {
"read": "allow"
},
"createdby": "<email logged in with>",
"createdon": "<timestamp>",
"deletedby": null,
"deletedon": null,
"expiresat": "<expiry timestamp>",
"id": "<id>",
"key": "<base64 encoded key>",
"secret": "<base64 encoded secret>",
"service": "<service this api key is valid at>",
"updatedby": "<email logged in with>",
"updatedon": "<timestamp>"
}
]
}

GET /account/auth/apikey - List API keys by ID

Parameters:

NameTypeData TypeDescription
idrequiredstringSelects the API key to return by its id

Response:

{
"apikeys": {
"capabilities": {
"read": "allow"
},
"createdby": "<email logged in with>",
"createdon": "<timestamp>",
"deletedby": null,
"deletedon": null,
"expiresat": "<expiry timestamp>",
"id": "<id>",
"key": "<base64 encoded key>",
"secret": "<base64 encoded secret>",
"service": "<service this api key is valid at>",
"updatedby": "<email logged in with>",
"updatedon": "<timestamp>"
}
}

POST /account/admin/user - Create a user to the realm

Parameters:

NameTypeData TypeDescription
realmoptionalstringSpecifies the realm to operate on; defaults to default realm

Request:

{
"firstname": "<first name>",
"middlename": "<middle name>",
"lastname": "<last name>",
"email": "<email>",
"active": true,
"additional fields": "defined in the realm"
}

Response:

{
"data": {
"users": {
"active": true,
"createdby": "<admin email>",
"createdon": "<timestamp>",
"deletedby": null,
"deletedon": null,
"displayname": "<display name>",
"email": "<user's email>",
"firstname": "<first name>",
"id": "<id>",
"lastname": "<last name>",
"locked": false,
"meta": {},
"middlename": "<middle name>",
"mobile": null,
"properties": {},
"tags": null,
"updatedby": "<admin email>",
"updatedon": "<timestamp>",
"version": 1
}
}
}

PUT /account/admin/user - Update the details of the user with id

Parameters:

NameTypeData TypeDescription
realmoptionalstringSpecifies the realm to operate on; defaults to default realm

Request:

{
"id": "<user's id>",
"<key to change>": "<new value>"
}

Response:

{
"data": {
"users": {
"active": true,
"createdby": "<admin email>",
"createdon": "<timestamp>",
"deletedby": null,
"deletedon": null,
"displayname": "<display name>",
"email": "<user's email>",
"firstname": "<first name>",
"id": "<id>",
"lastname": "<last name>",
"locked": false,
"meta": {},
"middlename": "<middle name>",
"mobile": null,
"properties": {},
"tags": null,
"updatedby": "<admin email>",
"updatedon": "<timestamp>",
"version": 2
}
}
}

GET /account/admin/user/email/:useremail - Get user details by the email

URL Parameters:

NameTypeData TypeDescription
useremailrequiredstringEmail of the user to get

Query Parameters:

NameTypeData TypeDescription
realmoptionalstringSpecifies the realm to operate on; defaults to default realm

Response:

{
"data": {
"users": {
"active": true,
"createdby": "<admin email>",
"createdon": "<timestamp>",
"deletedby": null,
"deletedon": null,
"displayname": "<display name>",
"email": "<user's email>",
"firstname": "<first name>",
"id": "<id>",
"lastname": "<last name>",
"locked": false,
"meta": {},
"middlename": "<middle name>",
"mobile": null,
"properties": {},
"tags": null,
"updatedby": "<admin email>",
"updatedon": "<timestamp>",
"version": 2
}
}
}

GET /account/admin/user/id/:id - Get user details by the id

URL Parameters:

NameTypeData TypeDescription
idrequiredstringID of the user to get

Query Parameters:

NameTypeData TypeDescription
realmoptionalstringSpecifies the realm to operate on; defaults to default realm

Response:

{
"data": {
"users": {
"active": true,
"createdby": "<admin email>",
"createdon": "<timestamp>",
"deletedby": null,
"deletedon": null,
"displayname": "<display name>",
"email": "<user's email>",
"firstname": "<first name>",
"id": "<id>",
"lastname": "<last name>",
"locked": false,
"meta": {},
"middlename": "<middle name>",
"mobile": null,
"properties": {},
"tags": null,
"updatedby": "<admin email>",
"updatedon": "<timestamp>",
"version": 2
}
}
}

DELETE /account/admin/user/id/:id - Delete user by the id

URL Parameters:

NameTypeData TypeDescription
idrequiredstringID of the user to delete

Query Parameters:

NameTypeData TypeDescription
realmoptionalstringSpecifies the realm to operate on; defaults to default realm

Response:

user deleted

GET /account/admin/users - List the users in the realm

Parameters:

NameTypeData TypeDescription
versionoptionalintegerSpecifies the version of the user object to get
realmoptionalstringSpecifies the realm to operate on; defaults to default realm

Response:

{
"data": {
"users": [
{
"active": true,
"createdby": "<admin email>",
"createdon": "<timestamp>",
"deletedby": null,
"deletedon": null,
"displayname": "<display name>",
"email": "<user's email>",
"firstname": "<first name>",
"id": "<id>",
"lastname": "<last name>",
"locked": false,
"meta": {},
"middlename": "<middle name>",
"mobile": null,
"properties": {},
"tags": null,
"updatedby": "<admin email>",
"updatedon": "<timestamp>",
"version": 2
}
]
}
}

GET /account/admin/user/lock - Lock the user

Parameters:

NameTypeData TypeDescription
realmoptionalstringSpecifies the realm to operate on; defaults to default realm
emailoptionalstringSpecifies the email to be locked

Response:

{
"data": {
"users": {
"active": true,
"createdby": "<admin email>",
"createdon": "<timestamp>",
"deletedby": null,
"deletedon": null,
"displayname": "<display name>",
"email": "<user's email>",
"firstname": "<first name>",
"id": "<id>",
"lastname": "<last name>",
"locked": true,
"meta": {},
"middlename": "<middle name>",
"mobile": null,
"properties": {},
"tags": null,
"updatedby": "<admin email>",
"updatedon": "<timestamp>",
"version": 1
}
}
}

GET /account/admin/user/unlock - Unlock the user

Parameters:

NameTypeData TypeDescription
realmoptionalstringSpecifies the realm to operate on; defaults to default realm
emailoptionalstringSpecifies the email to be unlocked

Response:

{
"data": {
"users": {
"active": true,
"createdby": "<admin email>",
"createdon": "<timestamp>",
"deletedby": null,
"deletedon": null,
"displayname": "<display name>",
"email": "<user's email>",
"firstname": "<first name>",
"id": "<id>",
"lastname": "<last name>",
"locked": false,
"meta": {},
"middlename": "<middle name>",
"mobile": null,
"properties": {},
"tags": null,
"updatedby": "<admin email>",
"updatedon": "<timestamp>",
"version": 1
}
}
}

POST /account/admin/tenant - Create a tenant

Request:

{
"slug": "lq",
"displayname": "lq-admin",
"namespace": "kisai",
"domain": "kisai.io",
"active": true
}

Response:

{
"data": {
"tenant": {
"active": true,
"createdby": "<admin email>",
"createdon": "<timestamp>",
"deletedby": null,
"deletedon": null,
"id": "<id>",
"updatedby": "<admin email>",
"updatedon": "<timestamp>",
"version": 1,
"slug": "lq",
"displayname": "lq-admin",
"namespace": "kisai",
"domain": "kisai.io",
"properties": {},
"active": true
}
}
}

PUT /account/admin/tenant - Update a tenant

Request:

{
"slug": "lq",
"active": false
}

Response:

{
"data": {
"tenant": {
"active": true,
"createdby": "<admin email>",
"createdon": "<timestamp>",
"deletedby": null,
"deletedon": null,
"id": "<id>",
"updatedby": "<admin email>",
"updatedon": "<timestamp>",
"version": 1,
"slug": "lq",
"displayname": "lq-admin",
"namespace": "kisai",
"domain": "kisai.io",
"properties": {},
"active": false
}
}
}

GET /account/admin/tenant/slug/:slug - Get a tenant by slug

Parameters:

NameTypeData TypeDescription
slugrequiredstringSelect the tenant to return based on slug

Response:

{
"data": {
"tenant": {
"active": true,
"createdby": "<admin email>",
"createdon": "<timestamp>",
"deletedby": null,
"deletedon": null,
"id": "<id>",
"updatedby": "<admin email>",
"updatedon": "<timestamp>",
"version": 1,
"slug": "lq",
"displayname": "lq-admin",
"namespace": "kisai",
"domain": "kisai.io",
"properties": {},
"active": false
}
}
}

GET /account/admin/tenant - Get tenants

Response:

{
"data": {
"tenant": [
{
"active": true,
"createdby": "<admin email>",
"createdon": "<timestamp>",
"deletedby": null,
"deletedon": null,
"id": "<id>",
"updatedby": "<admin email>",
"updatedon": "<timestamp>",
"version": 1,
"slug": "lq",
"displayname": "lq-admin",
"namespace": "kisai",
"domain": "kisai.io",
"properties": {},
"active": false
}
]
}
}

DELETE /account/admin/tenant/slug/:slug - Delete a tenant by slug

Parameters:

NameTypeData TypeDescription
slugrequiredstringSelect the tenant to delete based on slug

Response:

{
"data": {
"tenant": {
"active": true,
"createdby": "<admin email>",
"createdon": "<timestamp>",
"deletedby": "<admin email>",
"deletedon": "<timestamp>",
"id": "<id>",
"updatedby": "<admin email>",
"updatedon": "<timestamp>",
"version": 1,
"slug": "lq",
"displayname": "lq-admin",
"namespace": "kisai",
"domain": "kisai.io",
"properties": {},
"active": false
}
}
}

POST /account/admin/role - Create a role

Request:

{
"displayname": "dev3",
"slug": "dev3",
"active": true
}

Response:

{
"data": {
"role": {
"active": true,
"createdby": "<admin email>",
"createdon": "<timestamp>",
"deletedby": "<admin email>",
"deletedon": "<timestamp>",
"displayname": "dev3",
"id": "<id>",
"properties": {},
"slug": "dev3",
"updatedby": "<admin email>",
"updatedon": "<timestamp>",
"version": 1
}
}
}

PUT /account/admin/role - Update a role

Request:

{
"id": "<id>",
"active": false
}

Response:

{
"data": {
"role": {
"active": false,
"createdby": "<admin email>",
"createdon": "<timestamp>",
"deletedby": "<admin email>",
"deletedon": "<timestamp>",
"displayname": "dev3",
"id": "<id>",
"properties": {},
"slug": "dev3",
"updatedby": "<admin email>",
"updatedon": "<timestamp>",
"version": 2
}
}
}

GET /account/admin/role/:slug - Get a role by slug

URL Parameters:

NameTypeData TypeDescription
slugrequiredstringSelect the role to get based on slug

Response:

{
"data": {
"role": {
"active": false,
"createdby": "<admin email>",
"createdon": "<timestamp>",
"deletedby": "<admin email>",
"deletedon": "<timestamp>",
"displayname": "dev3",
"id": "<id>",
"properties": {},
"slug": "dev3",
"updatedby": "<admin email>",
"updatedon": "<timestamp>",
"version": 2
}
}
}

GET /account/admin/role - Get all roles

Response:

{
"data": {
"role": [
{
"active": false,
"createdby": "<admin email>",
"createdon": "<timestamp>",
"deletedby": "<admin email>",
"deletedon": "<timestamp>",
"displayname": "dev3",
"id": "<id>",
"properties": {},
"slug": "dev3",
"updatedby": "<admin email>",
"updatedon": "<timestamp>",
"version": 2
}
]
}
}

DELETE /account/admin/role/:slug - Delete a role by slug

URL Parameters:

NameTypeData TypeDescription
slugrequiredstringSelect the role to delete based on slug

Response:

{
"data": {
"role": {
"active": false,
"createdby": "<admin email>",
"createdon": "<timestamp>",
"deletedby": "<admin email>",
"deletedon": "<timestamp>",
"displayname": "dev3",
"id": "<id>",
"properties": {},
"slug": "dev3",
"updatedby": "<admin email>",
"updatedon": "<timestamp>",
"version": 2
}
}
}

Admin Tenant & Role User Management Endpoints

Section titled “Admin Tenant & Role User Management Endpoints”

GET /account/admin/tenant/slug/:slug/users - Get user details by the tenant slug

URL Parameters:

NameTypeData TypeDescription
slugrequiredstringSelect the tenant to get users based on slug

Response:

{
"data": {
"users": [
{
"active": true,
"createdby": "<admin email>",
"createdon": "<timestamp>",
"deletedby": null,
"deletedon": null,
"displayname": "<display name>",
"email": "<user's email>",
"firstname": "<first name>",
"id": "<id>",
"lastname": "<last name>",
"locked": false,
"meta": {},
"middlename": "<middle name>",
"mobile": null,
"properties": {},
"tags": null,
"updatedby": "<admin email>",
"updatedon": "<timestamp>",
"version": 2
}
]
}
}

POST /account/admin/role/add/user - Add role to user

Request:

{
"email": "[email protected]",
"role": "dev2",
"starttime": "2019-08-26T08:00:05Z"
}

Response:

{
"data": {
"users": {
"active": true,
"createdby": "<admin email>",
"createdon": "<timestamp>",
"deletedby": null,
"deletedon": null,
"displayname": "<display name>",
"email": "<user's email>",
"firstname": "<first name>",
"id": "<id>",
"lastname": "<last name>",
"locked": false,
"meta": {},
"middlename": "<middle name>",
"mobile": null,
"properties": {
"roles": [
{
"name": "dev2"
}
]
},
"tags": null,
"updatedby": "<admin email>",
"updatedon": "<timestamp>",
"version": 2
}
}
}

POST /account/admin/role/remove/user - Remove role from user

Request:

{
"email": "[email protected]",
"role": "dev2"
}

Response:

{
"data": {
"users": {
"active": true,
"createdby": "<admin email>",
"createdon": "<timestamp>",
"deletedby": null,
"deletedon": null,
"displayname": "<display name>",
"email": "<user's email>",
"firstname": "<first name>",
"id": "<id>",
"lastname": "<last name>",
"locked": false,
"meta": {},
"middlename": "<middle name>",
"mobile": null,
"properties": {},
"tags": null,
"updatedby": "<admin email>",
"updatedon": "<timestamp>",
"version": 2
}
}
}

GET /account/admin/role/slug/:slug/users - Get users for role

URL Parameters:

NameTypeData TypeDescription
slugrequiredstringRole’s slug

Response:

{
"data": {
"users": [
{
"active": true,
"createdby": "<admin email>",
"createdon": "<timestamp>",
"deletedby": null,
"deletedon": null,
"displayname": "<display name>",
"email": "<user's email>",
"firstname": "<first name>",
"id": "<id>",
"lastname": "<last name>",
"locked": false,
"meta": {},
"middlename": "<middle name>",
"mobile": null,
"properties": {
"roles": [
{
"name": "dev2"
}
]
},
"tags": null,
"updatedby": "<admin email>",
"updatedon": "<timestamp>",
"version": 2
}
]
}
}

POST /account/admin/realm - Create a realm

Request:

{
"name": "users",
"realmtype": "default",
"properties": {}
}

Response:

{
"data": {
"realm": {
"active": true,
"createdby": "<admin email>",
"createdon": "<timestamp>",
"deletedby": null,
"deletedon": null,
"name": "users",
"realmtype": "default",
"properties": {},
"id": "<id>",
"updatedby": "<admin email>",
"updatedon": "<timestamp>",
"version": 1
}
}
}

GET /account/admin/realm/:id - Get realm by id

URL Parameters:

NameTypeData TypeDescription
idrequiredstringRealm id

Response:

{
"data": {
"realm": {
"active": true,
"createdby": "<admin email>",
"createdon": "<timestamp>",
"deletedby": null,
"deletedon": null,
"name": "users",
"realmtype": "default",
"properties": {},
"id": "<id>",
"updatedby": "<admin email>",
"updatedon": "<timestamp>",
"version": 1
}
}
}

PUT /account/admin/realm - Update realm

Request:

{
"id": "<id of the realm>",
"name": "users2",
"<key to change>": "<value to change>"
}

Response:

{
"data": {
"realm": {
"active": true,
"createdby": "<admin email>",
"createdon": "<timestamp>",
"deletedby": null,
"deletedon": null,
"name": "users2",
"realmtype": "default",
"properties": {},
"id": "<id>",
"updatedby": "<admin email>",
"updatedon": "<timestamp>",
"version": 2
}
}
}

DELETE /account/admin/realm/:id - Delete realm by ID

URL Parameters:

NameTypeData TypeDescription
idrequiredstringRealm id

Response:

{
"data": {
"realm": {
"active": true,
"createdby": "<admin email>",
"createdon": "<timestamp>",
"deletedby": "<admin email>",
"deletedon": "<timestamp>",
"name": "users2",
"properties": {},
"realm_history": null,
"realmtype": "default",
"id": "<id>",
"updatedby": "<admin email>",
"updatedon": "<timestamp>",
"version": 2
}
}
}

GET /account/admin/realm - Get all realms

Response:

{
"data": {
"realm": {
"active": true,
"createdby": "<admin email>",
"createdon": "<timestamp>",
"deletedby": null,
"deletedon": null,
"name": "users",
"realmtype": "default",
"properties": {},
"id": "<id>",
"updatedby": "<admin email>",
"updatedon": "<timestamp>",
"version": 2
}
}
}

POST /account/index/users - Reindex IAM users

Response:

re-indexed successfully

GET /account/auth/validate - User validate JWT token

Response:

{
"user": {
"aud": "janus",
"cluster": "dev01-forge-cluster-01-nikithenv01",
"customer": "tenb",
"dc": "dev01-forge-01",
"env": "nikithenv01",
"exp": 1697399734,
"flowtype": "normal",
"iat": 1697393734,
"product": "surveyapp",
"realm": "users",
"roles": "",
"tenant": "nineb",
"ulid": "01HCT8SWSVR2NB0DG4EFW33K32",
"user": "<email>",
"userdisplayname": "admin ",
"useremail": "<email>",
"userfullname": " ",
"userid": "01GGCG5ZPVXWA17JFGTS1HD03F",
"useridentity": "email"
}
}

GET /account/auth/session/refresh - User auth refresh session

Query Parameters:

NameTypeData TypeDescription
refreshtokenrequiredbooleanRefresh the token

Response:

{
"user": {
"aud": "janus",
"cluster": "dev01-forge-cluster-01-nikithenv01",
"customer": "tenb",
"dc": "dev01-forge-01",
"env": "nikithenv01",
"exp": 1697399734,
"flowtype": "normal",
"iat": 1697393734,
"product": "surveyapp",
"realm": "users",
"roles": "",
"tenant": "nineb",
"ulid": "01HCT8SWSVR2NB0DG4EFW33K32",
"user": "<email>",
"userdisplayname": "admin ",
"useremail": "<email>",
"userfullname": " ",
"userid": "01GGCG5ZPVXWA17JFGTS1HD03F",
"useridentity": "email"
}
}

POST /account/user/preferences/notification - Get user preferences

Query Parameters:

NameTypeData TypeDescription
realmoptionalstringSpecifies the realm to operate on; defaults to default realm

Response:

{
"user": {
"firstname": "<firstname>",
"lastname": "<lastname>",
"email": "<email>",
"mobile": "<mobile>",
"preferences": {}
}
}

POST /account/authorize - Execute authorize rule

Request:

{
"module": "/iam/access",
"rule": "admin",
"payload": {}
}

Response:

{
"result": ["true"]
}

GET /account/auth/logout - User logout

Response:

{
"status": "success",
"message": "logged out"
}

GET /account/admin/user/tag/:name - Get users with tag

URL Parameters:

NameTypeData TypeDescription
namerequiredstringName of the tag

Response:

{
"data": {
"users": [
{
"active": true,
"createdby": "<admin email>",
"createdon": "<timestamp>",
"deletedby": null,
"deletedon": null,
"displayname": "<display name>",
"email": "<user's email>",
"firstname": "<first name>",
"id": "<id>",
"lastname": "<last name>",
"locked": false,
"meta": {},
"middlename": "<middle name>",
"mobile": null,
"properties": {},
"tags": ["<name>"],
"updatedby": "<admin email>",
"updatedon": "<timestamp>",
"version": 2
}
]
}
}

POST /account/user/signup - New user signup

Example Request:

{
"firstname": "Firstname",
"middlename": "",
"lastname": "Lastname",
"email": "[email protected]",
"active": true
}

Example Response:

{
"data": {
"users": {
"active": true,
"createdby": "anonymous",
"createdon": "2023-10-30T14:52:13+04:00",
"deletedby": null,
"deletedon": null,
"displayname": "Firstname Lastname",
"email": "[email protected]",
"firstname": "Firstname",
"id": "01HE03CW81XC3D0WZR9SPNKX0E",
"lastname": "Lastname",
"locked": false,
"meta": {},
"middlename": "",
"mobile": null,
"password": null,
"properties": {},
"tags": null,
"updatedby": "anonymous",
"updatedon": "2023-10-30T14:52:13+04:00",
"version": 1
}
}
}

GET /account/user/list - List all users

Example Response:

{
"data": {
"users": [
{
"displayname": "admin ",
"email": "[email protected]",
"id": "01GGCG5ZPVXWA17JFGTS1HD03F"
},
{
"displayname": "name name",
"email": "[email protected]",
"id": "01HCSAPQ9T81KRMTVAR8K2B97Y"
},
{
"displayname": "Firstname Lastname",
"email": "[email protected]",
"id": "01HE03CW81XC3D0WZR9SPNKX0E"
}
]
}
}

GET /account/user - Get logged in user’s details

Example Response:

{
"user": {
"createdby": "system",
"createdon": "2020-07-14T21:30:24.286221+04:00",
"deletedby": null,
"deletedon": null,
"displayname": "admin ",
"email": "[email protected]",
"firstname": "admin",
"id": "01GGCG5ZPVXWA17JFGTS1HD03F",
"lastname": " ",
"meta": {},
"middlename": " ",
"mobile": null,
"properties": {},
"tags": null,
"updatedby": "system",
"updatedon": "2020-07-14T21:30:24.286221+04:00",
"version": 1
}
}

PUT /account/user - Update logged in user’s details

Example Request:

{
"firstname": "admin",
"middlename": "admin",
"lastname": "admin",
"displayname": "admin admin admin"
}

Example Response:

{
"user": {
"createdby": "system",
"createdon": "2020-07-14T21:30:24.286221+04:00",
"deletedby": null,
"deletedon": null,
"displayname": "admin admin admin",
"email": "[email protected]",
"firstname": "admin",
"id": "01GGCG5ZPVXWA17JFGTS1HD03F",
"lastname": "admin",
"meta": {},
"middlename": "admin",
"mobile": null,
"properties": {},
"tags": null,
"updatedby": "[email protected]",
"updatedon": "2023-10-30T15:14:17+04:00",
"version": 2
}
}