Overview
Wrapper Service is a proxy service that allows the applications to continue using User Service 2.0 API contract, and Profile Service 1.0 API contract to communicate to User Service 2.1 and Profile Service 2.1 and PingDir backend 2.1.
At the time when User Service 2.1, Profile Service 2.1, and PingDir 2.1 backend are in production, the applications will be automatically re-routed to the Wrapper Service as refered to "soft" upgrade.
The "soft" upgrade does not require any change on the application side, while the "hard" upgrade in the future would require necessay changes from the applications to be compatible with User Service 2.1 and Profile Service 2.1 API contracts, in replacement of the Wrapper Service which will be end of life.
Environments
Wrapper Service is available in the following environments.
| Environment | URL | Postman |
|---|---|---|
|
INT |
|
|
|
UAT |
|
|
|
PROD |
TBD |
TBD |
To Run in Postman with Chrome:
-
If you would like to run Postman with the Chrome extension, please install the extension first.
-
Go to Manage Environments > Wrapper Service INT Run in Postman and supply the correct values for the Client ID and Client Secret.
HTTP verbs
Wrapper Service tries to adhere as closely as possible to standard HTTP and REST conventions in its use of HTTP verbs.
| Verb | Usage |
|---|---|
|
Used to retrieve a resource. |
|
Used to create a new resource. |
|
Used to update an existing resource, including partial updates. |
HTTP status codes
Wrapper Service tries to adhere as closely as possible to standard HTTP and REST conventions in its use of HTTP status codes.
| Status code | Usage |
|---|---|
|
The request completed successfully. |
|
The request was malformed. The response body will include an error providing further information. |
|
The request is unauthorized. The response body will include an error providing further information. |
|
The request is forbidden. The response body will include an error providing further information. |
|
The requested resource did not exist. |
|
The request was invalid. The response body will include a list of errors providing further information. |
|
An error occurred while processing the request. The response body will include an error providing further information. |
Resources
Requesting Credentials
Wrapper Service uses an implementation of OAuth2 to authenticate each incoming request.
Refer to Services and Authentication in Confluence for additional information on authentication and Apigee.
If you already have credentials, then request that your client_id allows for client_credentials grant type and that the resource clauth-wrapper-service and the scope clauth-wrapper-service.application be added to your client_id, and if you want to preform delete operation you should have admin scope clauth-wrapper-service.admin
Access Token
|
Tip
|
All CLP Service resource endpoints are secured.
In order to access these endpoints, you will need to have a valid
Authorization Bearer token in the headers.
You can read more about requesting a Bearer token here
|
Wrapper Service API Contracts
Wrapper Service API is the aggregate of User Service 2.0 APIs and Profile Service 1.0 APIs, includes {User}, {Organization}, {Identity Provider}, {Profile}, {Search/Autocomplete} as follow
User
The User resource is used to get, create, or update users.
Get User By Id
A GET request will get a User by their Id.
Parameters structure
| Parameter | Description |
|---|---|
|
The organization’s id |
|
The user’s id |
Response structure
| Path | Type | Description |
|---|---|---|
|
|
The id for this user |
|
|
The first name of this user |
|
|
The last name of this user |
|
|
The username for this user |
|
|
The email address for this user |
|
|
The enabled status for this user |
|
|
The identity provider for this user |
|
|
The application code for this user |
|
|
The phone number for this user |
|
|
The date the user was created |
|
|
The date and time the user’s password was last changed in unix epoch time |
Example request
$ curl 'http://localhost:8080/organizations/7008458500182019771/users/357894625' -i -X GET \
-H 'Authorization: Bearer 06bef8b7-392e-48a3-80c3-5e81aec3acb7'Example response
HTTP/1.1 200 OK
Content-Type: application/json
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Length: 344
{
"id" : 357894625,
"emailAddress" : "Jada-592054727@smith.com",
"enabled" : true,
"firstName" : "user A1",
"lastName" : "Smith",
"username" : "testSuperAdmin797804231",
"phoneNumber" : "+1 310-333-3333",
"createdDate" : 1729522642,
"identityProvider" : "CLAUTH",
"applicationCode" : "CLP",
"passwordLastModified" : null
}Get User By Login
A GET request will get a User by their username or email address.
Parameters structure
| Parameter | Description |
|---|---|
|
The organization’s id |
| Parameter | Description |
|---|---|
login |
The username or email address of this user (Required) |
Response structure
| Path | Type | Description |
|---|---|---|
|
|
The id for this user |
|
|
The first name of this user |
|
|
The last name of this user |
|
|
The username for this user |
|
|
The email address for this user |
|
|
The enabled status for this user |
|
|
The phone number for this user |
|
|
The date and time the user was created in unix epoch time format |
|
|
The identity provider for this user |
|
|
The date and time the user’s password was last changed in unix epoch time |
|
|
The application code for this user |
Example request
$ curl 'http://localhost:8080/organizations/7008458500182019771/users/search?login=testSuperAdmin-1926113607' -i -X GET \
-H 'Authorization: Bearer 06bef8b7-392e-48a3-80c3-5e81aec3acb7'Example response
HTTP/1.1 200 OK
Content-Type: application/json
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Length: 347
{
"id" : 1700934773,
"emailAddress" : "Jada-225330092@smith.com",
"enabled" : true,
"firstName" : "user A1",
"lastName" : "Smith",
"username" : "testSuperAdmin-1926113607",
"phoneNumber" : "+1 310-333-3333",
"createdDate" : 1729522641,
"identityProvider" : "CLAUTH",
"applicationCode" : "CLP",
"passwordLastModified" : null
}Get Users
A GET request will get all Users for an Organization.
For the AOTF App, results are limited to 5 entries.
Requires clauth-user-service-pingdir.audit scope to be added to your Client and User in UAA to be able to use the endpoint.
Parameters structure
| Parameter | Description |
|---|---|
|
The organization’s id |
| Parameter | Description |
|---|---|
applicationCode |
The applicationCode the users are a part of (Optional) |
Response structure
| Path | Type | Description |
|---|---|---|
|
|
The id for a user |
|
|
The first name of a user |
|
|
The last name of a user |
|
|
The username for a user |
|
|
The email address for a user |
|
|
The enabled status for a user |
|
|
The identity provider for a user |
|
|
The phone number for a user |
|
|
The date and time a user was created in unix epoch time format |
|
|
The date and time a user’s password was last changed in unix epoch time format |
|
|
The application code for a user |
Example request
$ curl 'http://localhost:8080/organizations/7008458500182019771/users?applicationCode=clp595' -i -X GET \
-H 'Authorization: Bearer 06bef8b7-392e-48a3-80c3-5e81aec3acb7'Example response
HTTP/1.1 200 OK
Content-Type: application/json
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Length: 767
{
"users" : [ {
"id" : 133968337,
"emailAddress" : "Jada-1826887631@smith.com",
"enabled" : true,
"firstName" : "user A1",
"lastName" : "Smith",
"username" : "testSuperAdmin199719344",
"phoneNumber" : "+1 310-333-3333",
"createdDate" : 1729522643,
"identityProvider" : "CLAUTH",
"applicationCode" : "CLP595",
"passwordLastModified" : null
}, {
"id" : 112468472,
"emailAddress" : "Jada-381904520@smith.com",
"enabled" : true,
"firstName" : "user A1",
"lastName" : "Smith",
"username" : "testSuperAdmin-1946464038",
"phoneNumber" : "+1 310-333-3333",
"createdDate" : 1729522643,
"identityProvider" : "CLAUTH",
"applicationCode" : "CLP595",
"passwordLastModified" : null
} ]
}Create User
A POST request will create a User.
Parameters structure
| Parameter | Description |
|---|---|
|
The organization’s id |
Request structure
| Path | Type | Constraints | Description |
|---|---|---|---|
firstName |
String |
[Must not be empty] |
The first name of this user |
lastName |
String |
[Must not be empty] |
The last name of this user |
username |
String |
Must not contain whitespace and maximum of 55 characters |
The username for this user |
emailAddress |
String |
Must be well-formed email address |
The email address for this user |
applicationCode |
String |
Application code must be between 1 and 100 characters. |
The application code for this user |
applicationName |
String |
Optional field |
The application name used for this user |
identityProvider |
String |
Optional field |
The Identity Provider used for this user. Defaults to CLAUTH |
phoneNumber |
String |
Optional field |
The phone number with country code for this user ie. +1 310-333-3333 |
enabled |
Boolean |
[Must not be null] |
Whether the user is enabled |
customCreateUserEmailText |
String |
Optional field |
The custom text that will be used in the Account Creation email body |
Response structure
| Path | Type | Description |
|---|---|---|
|
|
The id for this user |
|
|
The first name of this user |
|
|
The last name of this user |
|
|
The username for this user |
|
|
The email address for this user |
|
|
The application code for this user |
|
|
The identity provider for this user |
|
|
The phone number with the country code for this user with ie. +1 310-333-3333 |
|
|
The enabled status for this user |
|
|
The date and time the user was created in unix epoch time format |
|
|
The date and time the user was created in unix epoch time format |
Example request
$ curl 'http://localhost:8080/organizations/7008458500182019771/users' -i -X POST \
-H 'Content-Type: application/json;charset=UTF-8' \
-H 'Authorization: Bearer c08fcd7f-c275-47de-9f86-5e1f1e0510fc' \
-d '{
"emailAddress" : "1655166503745672email@example.global",
"enabled" : true,
"firstName" : "firstName",
"lastName" : "lastName",
"username" : "1655166503745672username",
"phoneNumber" : "+1 (310) 333-3333",
"identityProvider" : "CLGX_USER_SSO",
"applicationCode" : "CLP",
"applicationName" : "AppName",
"customCreateUserEmailText" : "Custom copy for new user email"
}'Example response
HTTP/1.1 201 Created
Content-Type: application/json
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Length: 369
{
"id" : 824038226,
"emailAddress" : "1655166503745672email@example.global",
"enabled" : true,
"firstName" : "firstName",
"lastName" : "lastName",
"username" : "1655166503745672username",
"phoneNumber" : "+1 310-333-3333",
"createdDate" : 1729522640,
"identityProvider" : "CLGX_USER_SSO",
"applicationCode" : "CLP",
"passwordLastModified" : null
}Create User with Password
A POST request will create a User with a password.
Parameters structure
| Parameter | Description |
|---|---|
|
The organization’s id |
Request structure
| Path | Type | Constraints | Description |
|---|---|---|---|
firstName |
String |
[] |
The first name of this user |
lastName |
String |
[] |
The last name of this user |
username |
String |
Must not contain whitespace and maximum of 55 characters |
The username for this user |
emailAddress |
String |
Must be well-formed email address |
The email address for this user |
password |
String |
Must not be empty |
The new user password |
confirmPassword |
String |
Must not be empty |
The new user password |
identityProvider |
String |
Optional field |
The Identity Provider used for this user. Defaults to CLAUTH |
phoneNumber |
Null |
Optional field |
The phone number with country code for this user ie. +1 310-333-3333 |
identityProvider |
String |
Optional field |
The Identity Provider used for this user. Defaults to CLAUTH |
company |
String |
Optional field |
The company |
applicationCode |
String |
Application code must be between 1 and 100 characters. |
The application code for this user |
enabled |
Boolean |
[Must not be null] |
Whether the user is enabled |
customCreateUserEmailText |
String |
Optional field |
The custom text that will be used in the Account Creation email body |
Response structure
| Path | Type | Description |
|---|---|---|
|
|
The id for this user |
|
|
The first name of this user |
|
|
The last name of this user |
|
|
The username for this user |
|
|
The email address for this user |
|
|
The application code for this user |
|
|
The identity provider for this user |
|
|
The phone number with the country code for this user with ie. +1 310-333-3333 |
|
|
The enabled status for this user |
|
|
The date and time the user was created in unix epoch time format |
|
|
The date and time the user was created in unix epoch time format |
Example request
$ curl 'http://localhost:8080/v2/organizations/7008458500182019771/users' -i -X POST \
-H 'Content-Type: application/json;charset=UTF-8' \
-H 'Authorization: Bearer c08fcd7f-c275-47de-9f86-5e1f1e0510fc' \
-d '{
"emailAddress" : "1655165515296909email_@example.com",
"enabled" : true,
"firstName" : "first_name",
"lastName" : "last_name",
"username" : "1655165515296909user_name",
"phoneNumber" : null,
"identityProvider" : "CLAUTH",
"applicationCode" : "SF1655165515296909",
"company" : "CLPNAME",
"password" : "KawahiPulusu1$",
"confirmPassword" : "KawahiPulusu1$",
"customCreateUserEmailText" : "someCustomEmailText"
}'Example response
HTTP/1.1 201 Created
Content-Type: application/json
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Length: 365
{
"id" : 643077195,
"emailAddress" : "1655165515296909email_@example.com",
"enabled" : true,
"firstName" : "first_name",
"lastName" : "last_name",
"username" : "1655165515296909user_name",
"phoneNumber" : null,
"createdDate" : 1729522639,
"identityProvider" : "CLAUTH",
"applicationCode" : "SF1655165515296909",
"passwordLastModified" : null
}Create Users
A POST request will create a batch of Users.
Parameters structure
Unresolved directive in index.adoc - include::/home/jenkins/agent/workspace/rm_CLAuth-Wrapper-Service_master/build/generated-snippets/createUsers/path-parameters.adoc[]
Request structure
Unresolved directive in index.adoc - include::/home/jenkins/agent/workspace/rm_CLAuth-Wrapper-Service_master/build/generated-snippets/createUsers/request-fields.adoc[]
Response structure
Unresolved directive in index.adoc - include::/home/jenkins/agent/workspace/rm_CLAuth-Wrapper-Service_master/build/generated-snippets/createUsers/response-fields.adoc[]
Example request
Unresolved directive in index.adoc - include::/home/jenkins/agent/workspace/rm_CLAuth-Wrapper-Service_master/build/generated-snippets/createUsers/curl-request.adoc[]
Example response
Unresolved directive in index.adoc - include::/home/jenkins/agent/workspace/rm_CLAuth-Wrapper-Service_master/build/generated-snippets/createUsers/http-response.adoc[]
Update User
A PUT request will update a User.
Parameters structure
| Parameter | Description |
|---|---|
|
The organization’s id |
|
The user’s id |
Request structure
| Path | Type | Constraints | Description |
|---|---|---|---|
firstName |
String |
[Must not be empty] |
The first name of this user |
lastName |
String |
[Must not be empty] |
The last name of this user |
username |
String |
Must not contain whitespace |
The username for this user |
emailAddress |
String |
Must be well-formed email address |
The email address for this user |
enabled |
Boolean |
[Must not be null] |
Whether the user is enabled |
identityProvider |
String |
Optional |
The Identity Provider used for this user. Defaults to CLAUTH |
phoneNumber |
String |
Must be a valid phone number |
The phone number for this user |
Response structure
| Path | Type | Description |
|---|---|---|
|
|
The id for this user |
|
|
The first name of this user |
|
|
The last name of this user |
|
|
The username for this user |
|
|
The email address for this user |
|
|
The enabled status for this user |
|
|
The enabled status for this user |
|
|
The identity provider for this user |
|
|
The phone number for this user |
|
|
The date and time the user was created in unix epoch time |
|
|
The date and time the user’s password was last changed in unix epoch time |
|
|
The date and time the user was created in unix epoch time format |
Example request
$ curl 'http://localhost:8080/organizations/7008458500182019771/users/413804498' -i -X PUT \
-H 'Content-Type: application/json;charset=UTF-8' \
-H 'Authorization: Bearer 06bef8b7-392e-48a3-80c3-5e81aec3acb7' \
-d '{
"emailAddress" : "Jada-2062957604@smith.com",
"enabled" : true,
"firstName" : "John",
"lastName" : "Picard",
"username" : "testSuperAdmin1113672195",
"phoneNumber" : "+1 (310)333-3333",
"identityProvider" : "CLAUTH"
}'Example response
HTTP/1.1 200 OK
Content-Type: application/json
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Length: 344
{
"id" : 413804498,
"emailAddress" : "Jada-2062957604@smith.com",
"enabled" : true,
"firstName" : "John",
"lastName" : "Picard",
"username" : "testSuperAdmin1113672195",
"phoneNumber" : "+1 310-333-3333",
"createdDate" : 1729522644,
"identityProvider" : "CLAUTH",
"applicationCode" : "CLP",
"passwordLastModified" : null
}Check Password Complexity
A POST which checks a password to see if it meets complexity requirements / policy.
Request structure
| Path | Type | Constraints | Description |
|---|---|---|---|
token |
String |
[Must not be empty] |
The user token |
password |
String |
[Must be well-formed, Must not be empty] |
The new user password |
applicationCode |
String |
Non mandatory field |
The user’s application code |
Response structure
| Path | Type | Description |
|---|---|---|
|
|
The length check flag |
|
|
The uppercase check flag |
|
|
The lowercase check flag |
|
|
The special character check flag |
|
|
The digit check flag |
|
|
The excluded words check flag |
|
|
The account name check flag |
|
|
The history check flag |
|
|
The message |
|
|
The policy compliant check flag |
Example request
$ curl 'http://localhost:8080/users/checkPasswordComplexity' -i -X POST \
-H 'Content-Type: application/json;charset=UTF-8' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer 4b90df10-724a-4df9-9037-c69058cd5ca7' \
-d '{"token":"5a9a596d-310d-40e3-8c70-cfdb5e4f5542","password":"Um1#3U6$","applicationCode":""}'Example response
HTTP/1.1 200 OK
Content-Type: application/json
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Length: 315
{
"lengthCheckValid" : true,
"uppercaseCheckValid" : true,
"lowercaseCheckValid" : true,
"digitCheckValid" : true,
"excludeWordsCheckValid" : true,
"accountNameCheckValid" : true,
"passwordHistoryCheckValid" : true,
"specialCharacterCheckValid" : true,
"message" : "",
"policyCompliant" : true
}Validate Password (Authenticate)
A POST to validate the user’s username and password (authenticate a user).
Intended for use with single sign on authentication mechanisms like PingFederate.
Request structure
| Path | Type | Constraints | Description |
|---|---|---|---|
username |
String |
[Must not be empty] |
The user’s username |
password |
String |
[Must not be empty] |
The user’s password |
Response structure
| Path | Type | Description |
|---|---|---|
|
|
The user’s login name |
|
|
The result of the login attempt |
|
|
The user ID |
|
|
The user’s organization ID |
Example request
$ curl 'http://localhost:8080/users/validatePassword' -i -X POST \
-H 'Content-Type: application/json;charset=UTF-8' \
-H 'Authorization: Bearer 442703ba-67cc-47e9-83c2-36098a353871' \
-d '{
"username" : "userName-820292933",
"password" : "Um123456$$"
}'Example response
HTTP/1.1 200 OK
Content-Type: application/json
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Length: 133
{
"username" : "userName-820292933",
"status" : "AUTHORIZED",
"userId" : 1309640540,
"organizationId" : 7008458500182019771
}Get Reset Token
A POST request that will get a reset token for the provided user.
Requires clauth-user-service-pingdir.password scope to be added to your Client and User in UAA to be able to use the endpoint.
Request structure
| Path | Type | Constraints | Description |
|---|---|---|---|
emailAddress |
String |
Required field |
The user’s email address |
applicationCode |
Null |
Non mandatory field |
The user’s application code |
Response structure
| Path | Type | Description |
|---|---|---|
|
|
Error status of the request |
|
|
The password reset token |
|
|
The user’s identity provider |
|
|
The user’s application code |
Example request
$ curl 'http://localhost:8080/getResetToken' -i -X POST \
-H 'Content-Type: application/json;charset=UTF-8' \
-H 'Authorization: Bearer 442703ba-67cc-47e9-83c2-36098a353871' \
-d '{
"emailAddress" : "userName-2026007455@example.com",
"applicationCode" : null
}'Example response
HTTP/1.1 200 OK
Content-Type: application/json
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Length: 135
{
"error" : false,
"token" : "e7c846b4-efc4-4be7-8bca-c920b7f68137",
"identityProvider" : "CLAUTH",
"applicationCode" : "CLP"
}Reset Password
A POST request that will set a user’s password.
Requires clauth-user-service-pingdir.password scope to be added to your Client and User in UAA to be able to use the endpoint.
Request structure
| Path | Type | Constraints | Description |
|---|---|---|---|
token |
String |
[Must not be empty] |
The user token |
password |
String |
[Must be well-formed, Must not be empty] |
The new user password |
applicationCode |
String |
Non mandatory field |
The user’s application code |
Example request
$ curl 'http://localhost:8080/users/setPassword' -i -X POST \
-H 'Content-Type: application/json;charset=UTF-8' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer 442703ba-67cc-47e9-83c2-36098a353871' \
-d '{"token":"c0e92595-8868-452e-8746-b7cd8cda01e6","password":"P@ssw0rd1234","applicationCode":""}'Example response
HTTP/1.1 200 OK
Content-Type: application/json
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Length: 128
{
"emailAddress" : "userName-967997679@example.com",
"applicationCodes" : [ "CLP" ],
"passwordLastModified" : 1729522659
}Update Password
A POST request that will update a user’s password.
Request structure
| Path | Type | Constraints | Description |
|---|---|---|---|
login |
String |
[Must not be empty] |
User login |
currentPassword |
String |
[Must not be empty] |
Current user password |
newPassword |
String |
[Must not be empty] |
New password |
Example request
$ curl 'http://localhost:8080/passwords' -i -X POST \
-H 'Content-Type: application/json;charset=UTF-8' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer 442703ba-67cc-47e9-83c2-36098a353871' \
-d '{"login":"userName-1282099849","currentPassword":"Um123456$$","newPassword":"newP4ssw0rd1$"}'Example response
HTTP/1.1 200 OK
Content-Type: application/json
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Length: 37
{
"login" : "userName-1282099849"
}Get Application Codes
A GET request that will retrieve application codes for a user.
For the AOTF App, results are limited to 5 entries.
Parameters structure
| Parameter | Description |
|---|---|
|
The organization’s id |
|
The user’s id |
Response structure
| Path | Type | Description |
|---|---|---|
|
|
The application code id |
|
|
The application code |
Example request
$ curl 'http://localhost:8080/organizations/7008458500182019771/users/1008458500182019771/applications' -i -X GET \
-H 'Authorization: Bearer 06bef8b7-392e-48a3-80c3-5e81aec3acb7'Example response
HTTP/1.1 200 OK
Content-Type: application/json
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Length: 279
{
"applications" : [ {
"id" : "0000000",
"applicationCode" : "753POL"
}, {
"id" : "0000000",
"applicationCode" : "753LOP"
}, {
"id" : "0000000",
"applicationCode" : "879testAppCode2"
}, {
"id" : "0000000",
"applicationCode" : "CLP"
} ]
}Add Application Codes
A POST request that will add application codes for a user to gain access.
Parameters structure
| Parameter | Description |
|---|---|
|
The organization’s id |
|
The user’s id |
Request structure
| Path | Type | Constraints | Description |
|---|---|---|---|
applicationCodes |
Array |
Each appCode must be between 1 and 20 characters, Application code can only have letters, numbers and underscores. |
List of application codes to add to user |
Example request
$ curl 'http://localhost:8080/organizations/7008458500182019771/users/1008458500182019771/applications' -i -X POST \
-H 'Content-Type: application/json;charset=UTF-8' \
-H 'Authorization: Bearer 06bef8b7-392e-48a3-80c3-5e81aec3acb7' \
-d '{
"applicationCodes" : [ "753LOP", "753POL" ]
}'Example response
HTTP/1.1 200 OK
Content-Type: application/json
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Length: 279
{
"applications" : [ {
"id" : "0000000",
"applicationCode" : "879testAppCode2"
}, {
"id" : "0000000",
"applicationCode" : "753LOP"
}, {
"id" : "0000000",
"applicationCode" : "CLP"
}, {
"id" : "0000000",
"applicationCode" : "753POL"
} ]
}Delete Application Code
A DELETE request that will remove an application code for a user to remove access
Parameters structure
| Parameter | Description |
|---|---|
|
The organization’s id |
|
The user’s id |
|
The user’s associated application code to remove |
Example request
$ curl 'http://localhost:8080/organizations/7008458500182019771/users/1008458500182019771/applications/FOLNEW' -i -X DELETE \
-H 'Authorization: Bearer 4bcc0e08-0e0d-4137-9e47-e29266673f1f'Example response
HTTP/1.1 204 No Content
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENYOrganization
The Organization resource is used to create organizations.
Get Organization
A GET request will get an Organization by id.
Parameters structure
| Parameter | Description |
|---|---|
|
The organization’s id |
Response structure
| Path | Type | Description |
|---|---|---|
|
|
The id of the organization |
|
|
The name of the organization |
Example request
$ curl 'http://localhost:8080/organizations/7008458500182019771' -i -X GET \
-H 'Authorization: Bearer 06bef8b7-392e-48a3-80c3-5e81aec3acb7'Example response
HTTP/1.1 200 OK
Content-Type: application/json
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Length: 65
{
"id" : 7008458500182019771,
"name" : "Starfleet493856673"
}Get Organizations
A GET request will get all Organizations. For the AOTF App, results are limited to 5 entries.
Request structure
| Parameter | Description |
|---|---|
applicationCode |
The application code to search for (Optional) |
Response structure
| Path | Type | Description |
|---|---|---|
|
|
An array of organizations |
|
|
The id for an organization |
|
|
The name of an organization |
Example request
$ curl 'http://localhost:8080/organizations?applicationCode=CLP' -i -X GET \
-H 'Authorization: Bearer 06bef8b7-392e-48a3-80c3-5e81aec3acb7'Example response
HTTP/1.1 200 OK
Content-Type: application/json
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Length: 315
{
"organizations" : [ {
"id" : 972989421,
"name" : "Starfleet1655158501992785"
}, {
"id" : 17310761,
"name" : "test organization name 43"
}, {
"id" : 2136732824,
"name" : "TestOrganizationWithoutLegacyID"
}, {
"id" : 7008458500182019771,
"name" : "Starfleet493856673"
} ]
}Create Organization
A POST request will create an Organization.
Request structure
| Path | Type | Constraints | Description |
|---|---|---|---|
name |
String |
Must not be empty (allows special characters) |
The name for this organization |
applicationCode |
String |
Optional. Must be between 1 and 20 characters, Application code can only have letters, numbers and underscores. |
The application code associated with this organization |
Response structure
| Path | Type | Description |
|---|---|---|
|
|
The id for this organization |
|
|
The name for this organization |
|
|
The application code for this organization |
Example request
$ curl 'http://localhost:8080/organizations' -i -X POST \
-H 'Content-Type: application/json;charset=UTF-8' \
-H 'Authorization: Bearer 06bef8b7-392e-48a3-80c3-5e81aec3acb7' \
-d '{
"name" : "Starfleet1655158501992785",
"applicationCode" : "CLP"
}'Example response
HTTP/1.1 201 Created
Content-Type: application/json
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Length: 91
{
"id" : 972989421,
"name" : "Starfleet1655158501992785",
"applicationCode" : "CLP"
}Update Organization
A PUT request will update an Organization’s name. Requires clauth-user-service-pingdir.admin scope to be added to your Client and User in UAA to be able to use the endpoint.
Request structure
| Path | Type | Constraints | Description |
|---|---|---|---|
name |
String |
Must be unique |
The name for this organization |
Response structure
| Path | Type | Description |
|---|---|---|
|
|
The id for this organization |
|
|
The updated name for this organization |
Example request
$ curl 'http://localhost:8080/organizations/7008458500182019771' -i -X PUT \
-H 'Content-Type: application/json;charset=UTF-8' \
-H 'Authorization: Bearer 4bcc0e08-0e0d-4137-9e47-e29266673f1f' \
-d '{
"name" : "Starfleet493856673"
}'Example response
HTTP/1.1 200 OK
Content-Type: application/json
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Length: 65
{
"id" : 7008458500182019771,
"name" : "Starfleet493856673"
}Identity Provider
Get IDP Information for a User
A GET request will get Identity Provider information for a User by Username or EmailAddress.
Request structure
| Parameter | Description |
|---|---|
userLogin |
The user’s username or email address for login |
Response structure
| Path | Type | Description |
|---|---|---|
|
|
Boolean value indicating whether the user was found |
|
|
The user’s username or email address provided by the 'userLogin' query parameter |
|
|
The name of the user’s Identity Provider |
Example request
$ curl 'http://localhost:8080/idps?userLogin=testSuperAdmin193' -i -X GET \
-H 'Content-Type: application/json;charset=UTF-8' \
-H 'Authorization: Bearer 4bcc0e08-0e0d-4137-9e47-e29266673f1f'Example response
HTTP/1.1 200 OK
Content-Type: application/json
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Length: 86
{
"userLogin" : "testSuperAdmin193",
"idpName" : "CLAUTH",
"userExists" : true
}Search (Autocomplete)
The search resource is used to search through users and organizations to find them.
Search for Users and Organizations
A GET request will get users (up to 5) and organizations (up to 5) for a given input and optional AppCode.
Request structure
| Parameter | Description |
|---|---|
input |
The searched user’s username or email |
applicationCode |
The searched user’s application code (Optional) |
Response structure
| Path | Type | Description |
|---|---|---|
|
|
The id for a user |
|
|
The first name of a user |
|
|
The last name of a user |
|
|
The username for a user |
|
|
The email address for a user |
|
|
The enabled status for this user |
|
|
The phone number for this user |
|
|
The organization id this user belongs to |
|
|
The organization name this user belongs to |
|
|
The date and time the user was created in unix epoch time |
|
|
The date and time the user’s password was last changed in unix epoch time |
|
|
The identity provider for this user |
|
|
The application code for this user |
|
|
The organization |
Example request
$ curl 'http://localhost:8080/autocomplete?input=smith699&applicationCode=CLP' -i -X GET \
-H 'Authorization: Bearer 4bcc0e08-0e0d-4137-9e47-e29266673f1f'Example response
HTTP/1.1 200 OK
Content-Type: application/json
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Length: 933
{
"user_result_set" : [ {
"id" : 375477904,
"emailAddress" : "Jada641@smith699.com",
"enabled" : true,
"firstName" : "user A1",
"lastName" : "Smith",
"username" : "testSuperAdmin980",
"phoneNumber" : null,
"createdDate" : 1729522631,
"identityProvider" : "CLAUTH",
"applicationCode" : "CLP",
"passwordLastModified" : null,
"organizationId" : 7008458500182019771,
"organizationName" : "TestOrganization"
}, {
"id" : 1491604041,
"emailAddress" : "Will888@smith699.com",
"enabled" : true,
"firstName" : "user A2",
"lastName" : "Smith",
"username" : "testPassExp669",
"phoneNumber" : null,
"createdDate" : 1729522631,
"identityProvider" : "CLAUTH",
"applicationCode" : "CLP",
"passwordLastModified" : null,
"organizationId" : 7008458500182019771,
"organizationName" : "TestOrganization"
} ],
"organization_result_set" : [ ]
}Profile
The Profile resource is used to get, create, or update Profiles.
Create Profile
A POST request will create and return "Profile".
Request Fields
| Path | Type | Constraints | Description |
|---|---|---|---|
identityProvider |
String |
The profiles user authenticated method |
|
userName |
String |
The profiles user name |
|
userId |
String |
The profile’s user id |
|
customerNumber |
String |
The profile’s customer/organization id |
|
applicationCode |
String |
The profile’s application code |
|
metadata |
Object |
The profile’s metadata |
|
metadata.abcRole |
String |
The profile’s metadata key value pair |
Example request
$ curl 'http://localhost:8080/profiles' -i -X POST \
-H 'Content-Type: application/json;charset=UTF-8' \
-H 'Authorization: Bearer 06bef8b7-392e-48a3-80c3-5e81aec3acb7' \
-d '{
"identityProvider" : "CLGX_USER_SSO",
"userName" : "userName142",
"userId" : "1364672356",
"customerNumber" : "customerNumber142",
"applicationCode" : "APP",
"metadata" : {
"abcRole" : "abcValue"
}
}'Response structure
| Path | Type | Description |
|---|---|---|
|
|
The profile’s id |
|
|
The profile’s user authenticated method |
|
|
The profile’s user name |
|
|
The profile’s user id |
|
|
The profile’s customer/organization id |
|
|
The profile’s application code |
|
|
The profile’s metadata |
|
|
The profile’s metadata key value pair |
Example response
HTTP/1.1 201 Created
Content-Type: application/json
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Length: 268
{
"id" : "07308ca7-6206-4f85-b126-0240d9835ca5",
"identityProvider" : "CLGX_USER_SSO",
"userName" : "userName142",
"userId" : "1364672356",
"customerNumber" : "customerNumber142",
"applicationCode" : "APP",
"metadata" : {
"abcRole" : "abcValue"
}
}Get Profile
A GET request will return "Profile".
Path Parameters
| Parameter | Description |
|---|---|
|
The id of the profile to get |
Example request
$ curl 'http://localhost:8080/profiles/39eddd2d-1d22-47e5-86b0-057f87bcc8ff' -i -X GET \
-H 'Authorization: Bearer 06bef8b7-392e-48a3-80c3-5e81aec3acb7'Response structure
| Path | Type | Description |
|---|---|---|
|
|
The profile’s id |
|
|
The profile’s user authenticated method |
|
|
The profile’s user name |
|
|
The profile’s user id |
|
|
The profile’s customer/organization id |
|
|
The profile’s application code |
|
|
The profile’s metadata |
|
|
The profile’s metadata key value pair |
Example response
HTTP/1.1 200 OK
Content-Type: application/json
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Length: 281
{
"id" : "39eddd2d-1d22-47e5-86b0-057f87bcc8ff",
"identityProvider" : "CLGX_USER_SSO",
"userName" : "userName1655170379317313",
"userId" : "922601926",
"customerNumber" : "some custId",
"applicationCode" : "APP1234",
"metadata" : {
"some key" : "some value"
}
}Get Profiles
A GET request will return list of "Profiles" by parameters.
Path Parameters
| Parameter | Description |
|---|---|
identityProvider |
Identity provider of the profile to retrieve (Case Insensitive), optional |
applicationCode |
Application code of the profile to retrieve (Case Insensitive), optional |
Example request
$ curl 'http://localhost:8080/profiles?identityProvider=CLGX_USER_SSO&applicationCode=APP86407867' -i -X GET \
-H 'Authorization: Bearer 06bef8b7-392e-48a3-80c3-5e81aec3acb7'Response structure
| Path | Type | Description |
|---|---|---|
|
|
The profiles id |
|
|
The profiles user authenticated method |
|
|
The profiles user name |
|
|
The profiles user id |
|
|
The profiles customer/organization id |
|
|
The profiles application code |
|
|
The profiles metadata |
|
|
The profiles metadata key value pair |
Example response
HTTP/1.1 200 OK
Content-Type: application/json
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Length: 328
{
"profiles" : [ {
"id" : "abbba78e-58a2-4a6a-afca-b5ab38597997",
"identityProvider" : "CLGX_USER_SSO",
"userName" : "userName1655177383299397",
"userId" : "380234516",
"customerNumber" : "some custId",
"applicationCode" : "APP86407867",
"metadata" : {
"some key" : "some value"
}
} ]
}Search Profile
A GET request will find "Profile" by parameters.
Request Parameters
| Parameter | Description |
|---|---|
userName |
Username of the profile to retrieve (Case Insensitive) |
identityProvider |
Identity provider of the profile to retrieve (Case Insensitive) |
applicationCode |
Application code of the profile to retrieve (Case Insensitive) |
Example request
$ curl 'http://localhost:8080/profiles/search?userName=userName1655172783808888&identityProvider=CLGX_USER_SSO&applicationCode=APP1234' -i -X GET \
-H 'Authorization: Bearer 06bef8b7-392e-48a3-80c3-5e81aec3acb7'Response structure
| Path | Type | Description |
|---|---|---|
|
|
The profile’s id |
|
|
The profile’s user authenticated method |
|
|
The profile’s user name |
|
|
The profile’s user id |
|
|
The profile’s customer/organization id |
|
|
The profile’s application code |
|
|
The profile’s metadata |
|
|
The profile’s metadata key value pair |
Example response
HTTP/1.1 200 OK
Content-Type: application/json
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Length: 281
{
"id" : "3f9dd35e-5c11-499f-bbb8-cf3af10c6b59",
"identityProvider" : "CLGX_USER_SSO",
"userName" : "userName1655172783808888",
"userId" : "663502486",
"customerNumber" : "some custId",
"applicationCode" : "APP1234",
"metadata" : {
"some key" : "some value"
}
}Update Profile
A PUT request will return "Profile".
Request Fields
| Path | Type | Constraints | Description |
|---|---|---|---|
identityProvider |
String |
The profile’s user authenticated method |
|
userName |
String |
The profile’s user name |
|
userId |
String |
The profile’s user id |
|
customerNumber |
String |
The profile’s customer/organization id |
|
applicationCode |
String |
The profile’s application code |
|
metadata |
Object |
The profile’s metadata |
|
metadata.new key |
String |
The profile’s metadata key value pair |
Example request
$ curl 'http://localhost:8080/profiles/b611b62b-d796-4d11-a468-54bada348be8' -i -X PUT \
-H 'Content-Type: application/json;charset=UTF-8' \
-H 'Authorization: Bearer 06bef8b7-392e-48a3-80c3-5e81aec3acb7' \
-d '{
"identityProvider" : "CLGX_USER_SSO",
"userName" : "userName414",
"userId" : "829120329",
"customerNumber" : "customerNumber",
"applicationCode" : "APP12345",
"metadata" : {
"new key" : "new value"
}
}'Response structure
| Path | Type | Description |
|---|---|---|
|
|
The profile’s id |
|
|
The profile’s user authenticated method |
|
|
The profile’s user name |
|
|
The profile’s user id |
|
|
The profile’s customer/organization id |
|
|
The profile’s application code |
|
|
The profile’s metadata |
|
|
The profile’s metadata key value pair |
Example response
HTTP/1.1 200 OK
Content-Type: application/json
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Length: 273
{
"id" : "b611b62b-d796-4d11-a468-54bada348be8",
"identityProvider" : "CLGX_USER_SSO",
"userName" : "userName414414",
"userId" : "829120329",
"customerNumber" : "customerNumber",
"applicationCode" : "APP12345",
"metadata" : {
"new key" : "new value"
}
}Delete Profile
A DELETE request will return "Profile".
Path Parameters
| Parameter | Description |
|---|---|
|
The id of the profile to delete |
Example request
$ curl 'http://localhost:8080/profiles/06a65a36-97e0-4fe8-bab3-bc292e5b264c' -i -X DELETE \
-H 'Authorization: Bearer 4bcc0e08-0e0d-4137-9e47-e29266673f1f'Example response
HTTP/1.1 204 No Content
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY