Authority API Spec
| Method | HTTP request |
|---|---|
| Create Access Token | POST /token |
| Delete Claim | DELETE /acr/username_password/admin/claim/{claimName}/delete |
| Delete Group | DELETE /acr/username_password/admin/group/{groupName}/delete |
| Delete Scope | DELETE /acr/username_password/admin/scope/{scopeName}/delete |
| Delete User | DELETE /acr/username_password/admin/user/{username}/delete |
| Update Claim | PATCH /acr/username_password/admin/claim/{claimName}/update |
| Add Scope to Group | PATCH /acr/username_password/admin/group/{groupName}/add/scope |
| Add User to Group | PATCH /acr/username_password/admin/group/{groupName}/add/user |
| Remove Scope from Group | PATCH /acr/username_password/admin/group/{groupName}/remove/scope |
| Remove User To Group | PATCH /acr/username_password/admin/group/{groupName}/remove/user |
| Update Group | PATCH /acr/username_password/admin/group/{groupName}/update |
| Add Claim to Scope | PATCH /acr/username_password/admin/scope/{scopeName}/add/claim |
| Remove Claim from Scope | PATCH /acr/username_password/admin/scope/{scopeName}/remove/claim |
| Update Scope | PATCH /acr/username_password/admin/scope/{scopeName}/update |
| Add Group to User | PATCH /acr/username_password/admin/user/{username}/add/group |
| Add Scope to User | PATCH /acr/username_password/admin/user/{username}/add/scope |
| Restore User | PATCH /acr/username_password/admin/user/{username}/archive/restore |
| Remove Group from User | PATCH /acr/username_password/admin/user/{username}/remove/group |
| Remove Scope from User | PATCH /acr/username_password/admin/user/{username}/remove/scope |
| Update User | PATCH /acr/username_password/admin/user/{username}/update |
| Update Claim of User | PATCH /acr/username_password/admin/user/{username}/update/claim |
| Create Claim | POST /acr/username_password/admin/claim/create |
| Create Group | POST /acr/username_password/admin/group/create |
| Create Scope | POST /acr/username_password/admin/scope/create |
| Create User | POST /acr/username_password/admin/user/create |
| Create User from Email | POST /acr/username_password/admin/user/email/create |
Create Access Token
Creates a new access token.
Route
POST: /token
Request Body
| Field | Type | Required | Description | Example |
|---|---|---|---|---|
| grant_type | string | true | The type of grant for the access token. | client_credentials |
| client_id | string | true | The client ID for authentication. | TestAuth |
| client_secret | string | true | The client secret for authentication. | TestAuthSecret |
| scope | string | true | The scope of the access token. | upe_admin |
Responses
| Status Code | Description | Type |
|---|---|---|
| 200 | Returns an object with the new access token inside. | object |
Authorization
No authorization required.
HTTP request headers
- Content-Type: application/x-www-form-urlencoded
- Accept: application/json
Create Claim
Creates a new claim.
Route
POST: /acr/username_password/admin/claim/create
Request Body
| Field | Type | Required | Description | Example |
|---|---|---|---|---|
| name | string | true | The name of the new claim. | TestClaim |
| type | string | true | The type of the new claim. (Possible values: string, boolean, int, object) | string |
| description | string | The description for the new claim. | This is a test claim. |
Responses
| Status Code | Description | Content Type |
|---|---|---|
| 200 | Returns the newly created claim, if successful. | application/json |
Authorization
Auth Header: ‘Bearer {AccessToken}’
Access Token needs to have the claim upe__can_manage_users.
HTTP request headers
- Content-Type: application/json
- Accept: application/json
Update Claim
Updates claim name and description.
Route
PATCH: /acr/username_password/admin/claim/{claimName}/update
Parameters
| Name | Type | Description | Notes |
|---|---|---|---|
| claimName | string | The current name of the claim. | [default to null] |
Request Body
| Field | Type | Required | Description | Example |
|---|---|---|---|---|
| name | string | Updated name of the claim. | UpdatedTestClaim | |
| description | string | Updated description of the claim. | This is an updated test claim! |
Responses
| Status Code | Description | Content Type |
|---|---|---|
| 200 | Returns the updated claim, if successful. | application/json |
Authorization
Auth Header: ‘Bearer {AccessToken}’
Access Token needs to have the claim upe__can_manage_users.
HTTP request headers
- Content-Type: application/json
- Accept: application/json
Delete Claim
Deletes a claim.
Route
DELETE: /acr/username_password/admin/claim/{claimName}/delete
Parameters
| Name | Type | Description | Notes |
|---|---|---|---|
| claimName | string | The name of the claim. | [default to null] |
Responses
| Status Code | Description | Content Type |
|---|---|---|
| 200 | Returns the deleted claim, if successful. | application/json |
Authorization
Auth Header: ‘Bearer {AccessToken}’
Access Token needs to have the claim upe__can_manage_users.
HTTP request headers
- Content-Type: application/json
- Accept: application/json
Create Scope
Creates a new scope.
Route
POST: /acr/username_password/admin/scope/create
Request Body
| Field | Type | Required | Description | Example |
|---|---|---|---|---|
| name | string | true | The name of the new scope. | TestScope |
| claimNames | string[] | The claims with which the new scope is created. | [“name”, “company”, “website”] | |
| description | string | The description of the new scope. | This is a test scope! |
Responses
| Status Code | Description | Type |
|---|---|---|
| 200 | Returns the newly created scope, if the scope was successfully created. | object |
Authorization
Auth Header: ‘Bearer {AccessToken}’
Access Token needs to have the claim upe__can_manage_users.
HTTP request headers
- Content-Type: application/json
- Accept: application/json
Update Scope
Updates scope name, description or overwrites the claims from a scope.
Route
PATCH: /acr/username_password/admin/scope/{scopeName}/update
Parameters
| Name | Type | Description | Notes |
|---|---|---|---|
| scopeName | string | The current name of the scope. | [default to null] |
Request Body
| Field | Type | Required | Description | Example |
|---|---|---|---|---|
| name | string | Updated name of the scope. | UpdatedTestScope | |
| description | string | Updated description of the scope. | This is an updated test scope! | |
| claimNames | string[] | New claims for the scope. Old claims will be exchanged with the new ones. | [“zoneinfo”, “nickname”] |
Responses
| Status Code | Description | Content Type |
|---|---|---|
| 200 | Returns the updated scope, if successful. | application/json |
Authorization
Auth Header: ‘Bearer {AccessToken}’
Access Token needs to have the claim upe__can_manage_users.
HTTP request headers
- Content-Type: application/json
- Accept: application/json
Add Claim to Scope
Adds a claim to a scope.
Route
PATCH: /acr/username_password/admin/scope/{scopeName}/add/claim
Parameters
| Name | Type | Description | Notes |
|---|---|---|---|
| scopeName | string | The name of the scope. | [default to null] |
Request Body
| Field | Type | Required | Description | Example |
|---|---|---|---|---|
| claimName | string | true | Name of the claim to add. | picture |
Responses
| Status Code | Description | Type |
|---|---|---|
| 200 | Returns the scope, if the claim was successfully added. | object |
Authorization
Auth Header: ‘Bearer {AccessToken}’
Access Token needs to have the claim upe__can_manage_users.
HTTP request headers
- Content-Type: application/json
- Accept: application/json
Remove Claim from Scope
Removes a claim from a scope.
Route
PATCH: /acr/username_password/admin/scope/{scopeName}/remove/claim
Parameters
| Name | Type | Description | Notes |
|---|---|---|---|
| scopeName | string | The name of the scope. | [default to null] |
Request Body
| Field | Type | Required | Description | Example |
|---|---|---|---|---|
| claimName | string | true | Name of the claim to remove from the scope. | picture |
Responses
| Status Code | Description | Type |
|---|---|---|
| 200 | Returns the scope, if the claim was successfully removed. | object |
Authorization
Auth Header: ‘Bearer {AccessToken}’
Access Token needs to have the claim upe__can_manage_users.
HTTP request headers
- Content-Type: application/json
- Accept: application/json
Delete Scope
Deletes a scope.
Route
DELETE: /acr/username_password/admin/scope/{scopeName}/delete
Parameters
| Name | Type | Description | Notes |
|---|---|---|---|
| scopeName | string | The name of the scope. | [default to null] |
Responses
| Status Code | Description | Type |
|---|---|---|
| 200 | Returns the deleted scope, if the scope was successfully deleted. | object |
Authorization
Auth Header: ‘Bearer {AccessToken}’
Access Token needs to have the claim upe__can_manage_users.
HTTP request headers
- Content-Type: Not Defined
- Accept: application/json
Create User
Creates a new user.
Route
POST: /acr/username_password/admin/user/create
Request Body
| Name | Type | Description | Required | Example |
|---|---|---|---|---|
| name | string | The updated name of the group. | true | ”TestUser” |
| password | string | The password for the new user. | true | ”Password123” |
| groupIds | string[] | Ids of groups assigned to user | [“87d086d8-2314-4506-b332-de622ceb11cd”] | |
| scopeIds | string[] | Ids of scopes assigned to user | [“87d086d8-2314-4506-b332-de622ceb11cd”] | |
| claimValues | object | Values of Claims assigned to User | { "email": "TestUser@test-email.com", "upe_admin": true } |
Responses
| Status Code | Description | Type |
|---|---|---|
| 200 | Returns an object with the new user inside. | object |
Authorization
Auth Header: ‘Bearer {AccessToken}’
Access Token needs to have the claim upe__can_manage_users.
HTTP request headers
- Content-Type: application/json
- Accept: application/json
Create User from Email
Creates a new user with his e-mail instead of an username.
Route
POST: /acr/username_password/admin/user/email/create/
Request Body
| Name | Type | Description | Required | Example |
|---|---|---|---|---|
| string | Email of the new user. (It’s used as Username) | true | ”Test.User@5Minds.de” | |
| password | string | Password for the new user. | true | ”Password123” |
| givenName | string | Given name or first name of the user. | ”John” | |
| familyName | string | Surname or last name of the user. | ”Doe” | |
| company | string | The company of the user. | ”5Minds” |
Responses
| Status Code | Description | Type |
|---|---|---|
| 200 | Returns an object with the new user inside. | object |
Authorization
Auth Header: ‘Bearer {AccessToken}’
Access Token needs to have the claim upe__can_manage_users.
HTTP request headers
- Content-Type: application/json
- Accept: application/json
Update User
Update username and password from a user.
Route
PATCH: /acr/username_password/admin/user/{username}/update
Parameters
| Name | Type | Description | Notes |
|---|---|---|---|
| username | string | The current name of the user. | [default to null] |
Request Body
| Field | Type | Required | Description | Example |
|---|---|---|---|---|
| name | string | true | Updated name of the user. | UpdatedTestUser |
| password | string | Updated password for the user. | UpdatedPassword123 |
Responses
| Status Code | Description | Type |
|---|---|---|
| 200 | Returns an object with the updated user inside. | object |
Authorization
Auth Header: ‘Bearer {AccessToken}’
Access Token needs to have the claim upe__can_manage_users.
HTTP request headers
- Content-Type: application/json
- Accept: application/json
Update Claim of User
Updates a claim from a user.
Route
PATCH: /acr/username_password/admin/user/{username}/update/claim
Parameters
| Name | Type | Description | Notes |
|---|---|---|---|
| username | string | The name of the user. | [default to null] |
Request Body
| Field | Type | Required | Description | Example |
|---|---|---|---|---|
| claimName | string | true | Name of the claim. | phone_number |
| claimValue | any | Value of the claim. | 012517 |
Responses
| Status Code | Description | Content Type |
|---|---|---|
| 200 | Returns the updated claim, if successful. | application/json |
Authorization
Auth Header: ‘Bearer {AccessToken}’
Access Token needs to have the claim upe__can_manage_users.
HTTP request headers
- Content-Type: application/json
- Accept: application/json
Add Group to User
Adds a group to a user.
Route
PATCH: /acr/username_password/admin/user/{username}/add/group
Parameters
| Name | Type | Description | Notes |
|---|---|---|---|
| username | string | The name of the user. | [default to null] |
Request Body
| Name | Type | Description | Required | Example |
|---|---|---|---|---|
| groupName | string | Name of the group. | true | ”TestGroup” |
Responses
| Status Code | Description | Type |
|---|---|---|
| 200 | Returns an object with the updated user inside. | object |
Authorization
Auth Header: ‘Bearer {AccessToken}’
Access Token needs to have the claim upe__can_manage_users.
HTTP request headers
- Content-Type: application/json
- Accept: application/json
Add Scope to User
Adds a scope to a user.
Route
PATCH: /acr/username_password/admin/user/{username}/add/scope
Parameters
| Name | Type | Description | Notes |
|---|---|---|---|
| username | string | The name of the user. | [default to null] |
Request Body
| Name | Type | Description | Example |
|---|---|---|---|
| scopeName | string | Name of the scope. | ”phone” |
Responses
| Status Code | Description | Type |
|---|---|---|
| 200 | Returns an object with the updated inside. | object |
Authorization
Auth Header: ‘Bearer {AccessToken}’
Access Token needs to have the claim upe__can_manage_users.
HTTP request headers
- Content-Type: application/json
- Accept: application/json
Remove Group from User
Removes a group from a user.
Route
DELETE: /acr/username_password/admin/user/{username}/remove/group
Parameters
| Name | Type | Description | Notes |
|---|---|---|---|
| username | string | The name of the user. | [default to null] |
Request Body
| Field | Type | Required | Description | Example |
|---|---|---|---|---|
| groupName | string | true | Name of the group. | TestGroup |
Responses
| Status Code | Description | Type |
|---|---|---|
| 200 | Returns an object with the updated user inside. | object |
Authorization
Auth Header: ‘Bearer {AccessToken}’
Access Token needs to have the claim upe__can_manage_users.
HTTP request headers
- Content-Type: application/json
- Accept: application/json
Remove Scope from User
Removes a scope from a user.
Route
PATCH: /acr/username_password/admin/user/{username}/remove/scope
Parameters
| Name | Type | Description | Notes |
|---|---|---|---|
| username | string | The name of the user. | [default to null] |
Request Body
| Field | Type | Required | Description | Example |
|---|---|---|---|---|
| scopeName | string | true | Name of the scope. | phone |
Responses
| Status Code | Description | Type |
|---|---|---|
| 200 | Returns an object with the updated user inside. | object |
Authorization
Auth Header: ‘Bearer {AccessToken}’
Access Token needs to have the claim upe__can_manage_users.
HTTP request headers
- Content-Type: application/json
- Accept: application/json
Delete User
Delete or archive a user.
Route
DELETE: /acr/username_password/admin/user/{username}/delete
Parameters
| Name | Type | Description | Notes |
|---|---|---|---|
| username | string | The name of the user. | [default to null] |
Request Body
| Field | Type | Required | Description | Example |
|---|---|---|---|---|
| archiveUser | boolean | When true, the user will be archived instead of deleted. | false |
Responses
| Status Code | Description | Type |
|---|---|---|
| 200 | Returns an object with the deleted user inside. | object |
Authorization
Auth Header: ‘Bearer {AccessToken}’
Access Token needs to have the claim upe__can_manage_users.
HTTP request headers
- Content-Type: application/json
- Accept: application/json
Restore User
Restore a user.
Route
PATCH: /acr/username_password/admin/user/{username}/archive/restore
Parameters
| Name | Type | Description | Notes |
|---|---|---|---|
| username | string | The name of the user. |
Responses
| Status Code | Description | Type |
|---|---|---|
| 200 | Returns an object with the restored user inside. | object |
Authorization
Auth Header: ‘Bearer {AccessToken}’
Access Token needs to have the claim upe__can_manage_users.
HTTP request headers
- Content-Type: Not defined
- Accept: application/json
Create Group
Creates a new group.
Route
POST: /acr/username_password/admin/group/create
Request Body
| Field | Type | Required | Description | Example |
|---|---|---|---|---|
| name | string | true | The name of the new group. | TestGroup |
| description | string | The description for the new group. | This is a test group. |
Responses
| Status Code | Description | Type |
|---|---|---|
| 200 | Returns the newly created group, if successful. | object |
Authorization
Auth Header: ‘Bearer {AccessToken}’
Access Token needs to have the claim upe__can_manage_users.
HTTP request headers
- Content-Type: application/json
- Accept: application/json
Update Group
Updates the name or description of a group.
Route
PATCH: /acr/username_password/admin/group/{groupName}/update
Parameters
| Name | Type | Description | Notes |
|---|---|---|---|
| groupName | string | The current name of the group. | [default to null] |
Request Body
| Field | Type | Required | Description | Example |
|---|---|---|---|---|
| name | string | The updated name of the group. | TestUpdatedGroup | |
| description | string | The description for the updated group. | This is an updated test group. |
Responses
| Status Code | Description | Type |
|---|---|---|
| 200 | Returns the updated group, if the update was successful. | object |
Authorization
Auth Header: ‘Bearer {AccessToken}’
Access Token needs to have the claim upe__can_manage_users.
HTTP request headers
- Content-Type: application/json
- Accept: application/json
Add Scope to Group
Adds a scope to a group.
Route
PATCH: /acr/username_password/admin/group/{groupName}/add/scope
Parameters
| Name | Type | Description | Notes |
|---|---|---|---|
| groupName | string | The current name of the group. | [default to null] |
Request Body
| Field | Type | Required | Description | Example |
|---|---|---|---|---|
| scopeName | string | true | The name of the scope. | openid |
Responses
| Status Code | Description | Type |
|---|---|---|
| 200 | Returns all claims from the group, if successful. | object |
Authorization
Auth Header: ‘Bearer {AccessToken}’
Access Token needs to have the claim upe__can_manage_users.
HTTP request headers
- Content-Type: application/json
- Accept: application/json
Add User to Group
Adds a user to a group.
Route
PATCH: /acr/username_password/admin/group/{groupName}/add/user
Parameters
| Name | Type | Description | Notes |
|---|---|---|---|
| groupName | string | The name of the group. | [default to null] |
Request Body
| Field | Type | Required | Description | Example |
|---|---|---|---|---|
| username | string | true | The name of the user. | TestUser |
Responses
| Status Code | Description | Type |
|---|---|---|
| 200 | Returns the group with all associated users, if the user was successfully added. | object |
Authorization
Auth Header: ‘Bearer {AccessToken}’
Access Token needs to have the claim upe__can_manage_users.
HTTP request headers
- Content-Type: application/json
- Accept: application/json
Remove Scope from Group
Removes a scope from a group.
Route
PATCH: /acr/username_password/admin/group/{groupName}/remove/scope
Parameters
| Name | Type | Description | Notes |
|---|---|---|---|
| groupName | string | The current name of the group. | [default to null] |
Request Body
| Field | Type | Required | Description | Example |
|---|---|---|---|---|
| scopeName | string | true | The name of the scope to remove. | openid |
Responses
| Status Code | Description | Type |
|---|---|---|
| 200 | Returns all claims from the group, if the scope was successfully removed. | object |
Authorization
Auth Header: ‘Bearer {AccessToken}’
Access Token needs to have the claim upe__can_manage_users.
HTTP request headers
- Content-Type: application/json
- Accept: application/json
Remove User from Group
Removes a user from a group.
Route
PATCH: /acr/username_password/admin/group/{groupName}/remove/user
Parameters
| Name | Type | Description | Notes |
|---|---|---|---|
| groupName | string | The name of the group. | [default to null] |
Request Body
| Field | Type | Required | Description | Example |
|---|---|---|---|---|
| username | string | true | The name of the user to remove from the group. | TestUser |
Responses
| Status Code | Description | Type |
|---|---|---|
| 200 | Returns the group with all associated users, if the user was successfully removed. | object |
Authorization
Auth Header: ‘Bearer {AccessToken}’
Access Token needs to have the claim upe__can_manage_users.
HTTP request headers
- Content-Type: application/json
- Accept: application/json
Delete Group
Deletes a group.
Route
DELETE: /acr/username_password/admin/group/{groupName}/delete
Parameters
| Name | Type | Description | Notes |
|---|---|---|---|
| groupName | string | The current name of the group. | [default to null] |
Responses
| Status Code | Description | Type |
|---|---|---|
| 200 | Returns the deleted group, if deletion was successful. | object |
Authorization
Auth Header: ‘Bearer {AccessToken}’
Access Token needs to have the claim upe__can_manage_users.
HTTP request headers
- Content-Type: Not Defined
- Accept: application/json