To understand this API's various URL resources and the data it exchanges, it helps to be familiar with the following concepts:

  • Entity. Identity Cloud terminology for a user record (user profile). If you create a new entity, you’re simply creating a new user account.

  • Entity type. Database containing user records (entities). Identity Cloud ships with a single (but highly-customizable) entity type: user. However, you can use the Entity and Entity Type API to create additional entity types.

  • Attribute. Roughly equivalent to a field in a database. Attributes represent the properties found in a user profile. For example, the givenName name attribute stores a user’s first name, and the familyName attribute stores a user’s last name. Use the Entity and Entity Types API to create, modify, and delete attributes, operations that result in changes to your user profiles.

  • Attribute constraint. Additional specifications pertaining to the data that can be maintained in an attribute. For example, the alphabetic constraint limits data in an attribute to the letters A through Z, and the unique constraint specifies that no two user accounts can have the same attribute value (for example, no two users can share an email address).

  • Validation rule. Automated checks that help prevent invalid data from being written to a user profile. For example, the maxLength validation sets the maximum number of characters that can be written to an attribute. That way, you can limit users to using two-character state abbreviations (WA) and prevent them from spelling state names out in full (Washington).

  • Access schema. Defines the attributes that an API client has read or read-write access to. This enables you to do such things as provide support personnel with varying levels of access to a user’s email address or mobile phone number. Some support people might be denied access to these attributes, some might have read-only access, and other support personnel might be able to both read and to change those attribute values.

  • Password history. Also referred to as unique password enforcement. When enabled, prevents users from reusing the same password over and over. You can track, and prohibit the reuse of, as many as the last 10 passwords employed by a user.