Identity Cloud REST API index
Click the link to download the Identity Cloud REST API Postman collection.
This page features a list of, and links to, all the Identity Cloud REST API operations.
Authentication API
The Authentication API provides methods for creating accounts on, and logging in to, websites and apps.
Access tokens and codes
| Operation | Method |
|---|---|
Get an authorization code Returns an authorization code you can exchange for an access token and a refresh token. Note that this operation can't be used to obtain Hosted Login access and refresh tokens. | POST |
Get an access token Retrieves an Identity Cloud access token. Note that this access token can’t be used to obtain Hosted Login access tokens. | POST |
Exchange an authorization code Returns an Identity Cloud access token for an authenticated user. You need to exchange either an authorization code or a refresh token in order to get an access token. An authorization code is generated when a user is authenticated by using the JavaScript SDK or the Authentication API. Note that the authorization code and refresh tokens used with this operation can’t be exchanged for a Hosted Login access token. See also: | POST |
Complete social registration Completes social registration. With social registration, a user creates an Identity Cloud account by using credentials and profile information derived from a social login identity provider such as Facebook or Twitter. See JavaScript SDK registration overview for a comparison of social logins and registrations and traditional logins and registrations. See also: | POST |
Complete traditional registration Completes a traditional registration. After registration completes, a user can authenticate on your website by using an email address and password. See JavaScript SDK registration overview for a comparison of social logins and registrations and traditional logins and registrations. See also: | POST |
Complete social login Completes social login, a login carried out by first authenticating with a social login identity provider (IdP) and then using the IdP's credentials to log in to Identity Cloud. See JavaScript SDK registration overview for a comparison of social logins and registrations and traditional logins and registrations. See also: | POST |
Complete traditional login Completes a traditional login, a process involving an email address and password. See JavaScript SDK registration overview for a comparison of social logins and registrations and traditional logins and registrations. See also: | POST |
User profiles
| Operation | Method |
|---|---|
Update a user profile Updates a user profile based on input from a user. To make this call, you must have a valid Registration access token for the user profile to be updated. See also: | POST |
Get a verification code Returns a verification code for setting an attribute to the current date and time. This is useful for such tasks as recording the date and time when an email address is verified. | POST |
Set a timestamp Uses a one-time verification code to set a field value to the current date and time. For example, setting the emailVerified attribute to a timestamp indicates that the associated email address has been verified. | POST |
Send a password reset link Sends an email that includes a link for resetting a password. Clicking the link (which includes a one-time pass code) takes the user to a screen where they can reset their password. See also: | POST |
Verify an email address Sends an email that includes a one-use verification link a user can click to complete the email verification process. The destination URL for this link is configured in the verify_email_url setting of the API client used to make the API call. | POST |
Link a social identity to a user account Links a new social identity provider (IdP) to an existing user account. After a provider is linked, you can use that IdP to log on to your Identity Cloud account. Note that social logins can be used in addition to or instead of traditional Identity Cloud logins. In a traditional login, the user logs in by supplying an email address and password. See also: | POST |
Unlink a social identity from a user account Unlinks a social provider from a user account. Once unlinked, the social provider can't be used to sign into that user account. To make this call, you must have a valid Registration access token for the user record being updated. See also: | POST |
Configuration API
The Configuration API is a large collection of endpoints revolving around three areas of Identity Cloud administration:
- Applications, API clients, and settings
- Entity types and attributes
- Flows
Client and Settings APIs
API clients
| Operation | Method |
|---|---|
Get all API clients Returns information about the API clients associated with an application. API clients are primarily used to control access to the Identity Cloud APIs and to help define the user login and registration experience. | GET |
Get an API client Returns information about a specific API client. | GET |
Modify an API client Modifies permissions and settings for an API client. | PUT |
Reset an API client secret Resets the client secret for an API client. For example, you might reset the secret if you believe that secret has been exposed to unauthorized users or if someone who had access to the secret has left your organization. It's recommended that you contact your Akamai representative before resetting the client secret for an owner client. | POST |
Create an API client Creates an API client. | POST |
Delete an API client Deletes an existing API client. You can't delete an API client assigned the owner feature. | DELETE |
Application and client settings
| Operation | Method |
|---|---|
Get all application and client settings Returns settings and values for the specified API client. This operation returns both the application settings and the settings applied specifically to the API client. Your operation must have owner permissions in order to return the global settings. | GET |
Get all the standard application settings Returns information about Identity Cloud's predefined application and client settings. Custom settings that you’ve added yourself aren’t returned by this operation. | GET |
Modify application settings Modifies the global settings for an application. | PUT |
Get API client settings Returns the settings associated with a specific API client. In the API response, client settings, global settings, and custom settings are returned as separate JSON objects. | GET |
Modify API client settings Modifies the client settings associated with a specific API client. | PUT |
Entity Type APIs
| Operation | Method |
|---|---|
Get all entity types Returns information about the entity types associated with an application. Entity types are databases that store user profile information. | GET |
Get an entity type Returns information about the specified entity type. | GET |
Get the attributes in an entity type Returns detailed information about each attribute in an entity type, including the attribute name and datatype. Attributes (roughly equivalent to database fields) represent individual bits of user information such as a user’s first name or a user’s email address. | GET |
Get an entity type attribute Returns detailed information about the specified attribute, including the attribute name and data type. | GET |
Flows and flow management APIs
Flows
| Operation | Method |
|---|---|
Get all flows Returns the flows associated with an application. Flows are JSON files that, among other things, help determine the look and feel of the user experience. | GET |
Get a flow Returns information about the specified flow. | GET |
Get all the versions of a flow Returns a list of available versions for a flow. Each time you make and save a change to a flow (for example, adding a new field or deleting an existing translation) a new flow version is created. | GET |
Get a specific flow version Returns the specified version of a flow. | GET |
Modify a flow Updates or replaces the userData object or the entity type schemas object assigned to the flow. The userData object lists the schema attributes to be stored in the janrainCaptureProfileData object in local storage following a successful authentication. The schemas object contains the name of your user profile databases. | PUT |
Copy a flow Creates a new flow by copying an existing flow. This operation can't be used to overwrite an existing flow, it can only be used to create a brand-new flow. | POST |
Promote a flow Promotes a flow to another application. Promoting a flow simply means copying that flow from one application (such as your development environment) to another application (such as your production environment). | POST |
Restore a flow Restores a flow to a previous version of that flow. When you restore a flow, the selected version becomes the current (HEAD) version of the flow. | POST |
Fields
| Operation | Method |
|---|---|
Get all the fields in a flow Returns a list of fields defined in the flow. Fields provide a link between onscreen form elements and their underlying user profile attributes. For example, onscreen a user might enter their first name in a field labeled First Name. In turn, the value entered in that field will be written to the givenName attribute in the user’s user profile. | GET |
Get a field Returns information about a field. | GET |
Modify a field Updates a field. | PUT |
Create a field Creates a new field and adds that field to a flow. See also: | POST |
Remove a field Removes a field from the flow. This operation also removes the field from any forms that reference the field. | DELETE |
Forms
| Operation | Method |
|---|---|
Get all the forms in a flow Returns a list of forms in the flow. Forms serve as a container for fields. For example, the traditionalRegistrationForm form contains fields for all the information (name, email address, password, phone number, etc.) you want to collect from a user when creating their user account. | GET |
Get a form Returns detailed information about the specified form. | GET |
Modify a form Updates or replaces the list of fields and features in the form. Any fields added to the form must already exist in the flow. See also: | PUT |
Create a form Creates a form. | POST |
Delete a form Deletes the specified form, but without deleting the fields associated with the form. | DELETE |
Email templates
| Operation | Method |
|---|---|
Get all the email templates in a flow Returns a list of all the transaction email templates in the specified locale. Transactional emails are emails automatically sent by Identity Cloud in response to specific user activities. For example, after a user creates an account an email is sent asking the user to verify their email address. | GET |
Get an email template Returns information about the specified email template. | GET |
Modify an email template Modifies an email template. Note that, while you can modify your email templates, you can’t delete those templates nor can you create new templates. See also: | PUT |
Get the body of an email template Returns the body for an email template. | GET |
Modify the body of an email template Returns the body for an email template. | PUT |
Get the subject of an email template Returns the subject line for an email template. | GET |
Modify the subject of an email template Updates the subject line for an email template. | PUT |
Hosted Login upgrades
| Operation | Method |
|---|---|
Get all available Hosted Login upgrades Returns the version numbers of Hosted Login you can upgrade to. | GET |
Get Hosted Login upgrade requirements Returns information about the fields, translations, and screens that need to be added to or removed from a flow to make that flow compatible with the specified version of Hosted Login. | GET |
Upgrade Hosted Login Adds the fields, translations, and screens required to help ensure that a flow is compatible with the specified version of Hosted Login. | POST |
Hosted Login links
| Operation | Method |
|---|---|
Get all the Hosted Login links in a flow Returns a collection of all the Hosted Login links defined within the specified flow. These links appear on Hosted Login screens and direct your users to locations such as your help center or privacy policy. | GET |
Get a Hosted Login link Returns detailed information about a Hosted Login link. | GET |
Modify a Hosted Login link Updates a Hosted Login link. See also: | PUT |
Create a Hosted Login link Creates a new Hosted Login link . See also: | POST |
Delete a Hosted Login link Deletes the specified Hosted Login link. | DELETE |
Hosted Login 2FA messages
| Operation | Method |
|---|---|
Get all the 2FA messages in a flow Returns information about the two-factor authentication (2FA) messages included in a flow. See also: | GET |
Get a 2FA message Returns the specified two-factor authentication (2FA) message. Note that each 2FA message actually consists of: 1) an SMS message; 2) a plain-text email message; and 3) an HTML-formatted email message. See also: | GET |
Add the default 2FA messages to a flow Adds the default collection of two-factor authentication (2FA) messages to the specified flow. See also: | POST |
Modify a 2FA message Modifies the specified two-factor authentication (2FA) message. See also: | PUT |
Locales
| Operation | Method |
|---|---|
Get all the locales in a flow Returns a list of all the locales associated with a flow. Each locale represents a specific language, region, and collection of locale variant preferences. Having different locales enable you to better personalize the user login and registration experience. | GET |
Get all the localized fields in a flow /config/{app_id}/flows/{flow}/locales/{locale}/fields Returns a list of fields defined for the specified locale. | GET |
Create a localized field Adds a field to the specified locale. | POST |
Get a localized field Returns information about a localized field. | GET |
Modify a localized field Updates a localized field. | PUT |
Strings
| Operation | Method |
|---|---|
Get all the strings in a flow Returns the strings defined in the flow. Strings are text elements that aren’t tied to a specific form. | GET |
Get a string Returns information about the specified string. | GET |
Create a string Adds a string to the flow. | POST |
Modify a string Updates or replaces a string. | PUT |
Delete a string Removes a string from a flow. | DELETE |
Get all the localized strings in a flow Returns a list of all the localized strings defined in a flow. | GET |
Get a localized string Returns information about the localized string. | GET |
Create a localized string Adds a localized string to a flow. | POST |
Modify a localized string Updates or replaces a localized string in the flow. | PUT |
Delete a localized string Removes a localized string from a flow. | DELETE |
Screens
| Operation | Method |
|---|---|
Get all the screens in a flow Returns the screens associated with a flow. | GET |
Get a screen Returns information about a specific screen. | GET |
Modify a screen Updates property values for the specified screen. | PUT |
Create a screen Creates a new screen. New screens are primarily designed for use with the JavaScript SDK. | POST |
Delete a screen Deletes the specified screen. Be forewarned that it’s possible (although not recommended) to delete the default screens that ship with Hosted Login and the JavaScript SDK. | DELETE |
Translations
| Operation | Method |
|---|---|
Get all the translations in a flow Returns all the translations in a flow. | GET |
Get a translation Returns all the translations for the specified translation key (i.e., all the translated values of a word or phrase). | GET |
Create a translation Creates a translation for the specified locale. You’re on your own to provide the correctly translated value. | POST |
Delete a translation Deletes a translation. | DELETE |
/config/{app_id}/flows/{flow}/translations Updates an existing translation. See also: | PATCH |
Custom Provider API
The Custom Provider API enables organizations to leverage almost any social login IdP they want, as long as that identity provider uses one of the following protocols:
- OAuth 2.0
- OpenID Connect
- SAML 2
| Operation | Method |
|---|---|
Get all social login applications Returns information about your social login applications. You need a social login application to configure social login for Hosted Login and to create custom providers. | GET |
Get a social login application /{customerId}/v2/config/low/services/engage-v2/apps/{appId} Returns detailed information about a specific social login application. | GET |
Get all the custom providers in an application /{customerId}/v2/config/low/services/engage-v2/apps/{appId}/custom-providers Returns information about your custom providers. Custom providers are social login identity providers (IdPs) that weren't predefined by Akamai. Most IdPs that support OAuth 2.0, OpenID Connect, or SAML2 can be configured as custom providers. | GET |
/{customerId}/v2/config/low/services/engage-v2/apps/{appId}/custom-providers/{providerId} Returns detailed information about the specified custom provider. | GET |
/{customerId}/v2/config/low/services/engage-v2/apps/{appId}/custom-providers/{providerId} Modifies a custom provider. | PATCH |
/{customerId}/v2/config/low/services/engage-v2/apps/{appId}/custom-providers Creates a custom provider. The social login identity provider being used as a custom provider needs to support OAuth 2.0, OpenID Connect, or SAML2. See also: | POST |
Entity and Entity Type API
API operations for managing user profiles and user profile databases.
Entities and user profiles
| Operation | Method |
|---|---|
Get a user profile Returns the specified user profile. By default, this endpoint returns all the attributes associated with the user profile. However, it’s also possible to return a specified subset of attributes. | POST |
Search for user profiles Searches an entity type for users meeting the specified criteria. For example, you might search for all the users who have not logged on since a specified date, or for all the users whose accounts were created after that date. | POST |
Count user profiles Returns the number of user profiles in an entity type that meet the specified criteria. For example, you might return the number of users who live in France or the number of users who work for Akamai. | POST |
Modify a user profile Updates a user profile. Note that this operation only modifies attributes specified in the request. Any attributes not included in the request are left exactly as-is. | POST |
Replace a user profile Replaces all the attribute values in a user profile with a new set of attribute values. By default, any attributes not included in your operation are replaced with null values. | POST |
Create a user profile Creates a user profile. Note that, because of database replication requirements, it might take a few minutes for the new user profile to be available to other operations. | POST |
Create multiple user profiles Creates multiple user profiles with a single operation. Note that your request body can't be larger than 5 MB. If you encounter a client intended to send too large body error you must reduce the size of the request body. For example, you might divide the list of accounts to be created in half, then use two API calls instead of one. See also: | POST |
Delete a user profile Deletes the specified user profile. Alternatively, you can use this endpoint to delete a child attribute of a plural attribute. In that case, only the child attribute is deleted and the rest of the user profile remains as-is. | POST |
Invalidate user access tokens Removes all existing access grants issued to the user, including all the access tokens, refresh tokens, and refresh secrets. | POST |
Entity types
| Operation | Method |
|---|---|
Get all entity types Returns information about your entity types. An entity type is a user profile data store. | POST |
Get an entity type Returns detailed information about the specified entity type. | POST |
Create an entity type Creates an entity type. See also: | POST |
Attributes, validations, and constraints
| Operation | Method |
|---|---|
Create an attribute Adds an attribute to an entity type. This operation also adds the new attribute to all existing user profiles. | POST |
Delete an attribute Removes an attribute from an entity type. Note that all the data associated with this attribute is deleted as well. That means that the attribute and its value are removed from each user profile in the entity type. | POST |
Get all validation rules Returns all the data validation rules configured for the specified entity type. Identity Cloud uses these rules to validate attribute data with each user profile update. | POST |
Create a validation rule Creates a data validation rule for specified attributes in your schema. | POST |
Delete a validation rule Removes the specified validation rule. | POST |
Assign constraints to an attribute Configures the list of constraints for an attribute. Constraints place restrictions on the type of data that can be stored in an attribute. | POST |
Unique password enforcement
| Operation | Method |
|---|---|
Modify password history settings Manages the password history settings for an entity type. Password history tracks the last 1-10 passwords employed by a user, and prevents the user from setting their password to any of those prior values. See also: | POST |
Access Schemas
| Operation | Method |
|---|---|
Get an access schema Retrieves the access schema for the specified API client. An access schema defines the subset of attributes to which a client has read or write access. Note that access schemas only apply to API-based implementations of the Identity Cloud. If you're using a JavaScript SDK-based implementation of Identity Cloud then access to forms and fields is managed by the flow rather than by an access schema. | POST |
Create an access schema Creates an access schema for the specified API client. Each client can have one read access schema and one write access schema. Note that access schemas only apply to API-based implementations of the Identity Cloud. If you're using a JavaScript SDK-based implementation of Identity Cloud then access to forms and fields is managed by the flow rather than by an access schema. | POST |
Delete an access schema Deletes the specified access schema for a client. Deleting an access schema gives a client read or write access to all attributes. Note that access schemas only apply to API-based implementations of the Identity Cloud. If you're using a JavaScript SDK-based implementation of Identity Cloud then access to forms and fields is managed by the flow rather than by an access schema. | POST |
Legacy Clients and Settings API
Manages API clients and applications. As the word "legacy" implies, this API no longer represents the preferred way to programmatically manage API clients and applications. Instead, we recommend you use the Configuration API.
API clients
| Operation | Method |
|---|---|
List all API clients Returns a list of API clients, optionally filtered by client feature. API clients manage access to Identity Cloud APIs. Note that only the owner client can run this operation. | POST |
Modify API client features Modifies the client features for an API client. Features define the permissions assigned to an API client. See also: | POST |
Reset an API client secret Resets the client secret for the specified API client. | POST |
Rename an API client Assigns a new name to an API client. Note that, for API clients, the client name and the client description refer to the same value. | POST |
Create an API client Creates an API client. | POST |
Delete an API client Deletes an API client. | POST |
Modify an API client allowlist Modifies the IP allowlist for the specified API client. When used, the allowlist specifies the range of IP addresses that can use the client when calling Identity Cloud APIs. By default, IP allowlists are set to ["0.0.0.0"], allowing access to the client from any IP address. | POST |
Clear an API client allowlist Clears the IP allowlist for the specified API client. | POST |
Published Settings
| Operation | Method |
|---|---|
Get published application settings Returns a list of published settings files for the application. Published client settings do such things as support a configurable minimum age requirement for registration or track user acceptance of different terms of service and privacy policies. With this operation at least three files are returned, including a JSON file for each settings version and both a JSON file and a JavaScript file pointing to the location where the most recent file versions are hosted. If no members are included, all the published settings files assigned to the application are be returned. | POST |
Get published client settings Returns the published settings for the specified API client and version. If the version member isn't included, the most recent version of the published settings is returned. | POST |
Publish application and API client settings Publishes settings to a JSON file available for client-side use with the Registration user interface. This allows the settings to be loaded prior to any server-side operations. | POST |
Delete published settings Deletes the published settings for the specified API client and version. If the version member isn't included, all versions of the settings published for the API client are deleted. | POST |
Application and Client Settings
| Operation | Method |
|---|---|
Get an API client settings value Returns the value associated with a settings key. If the key has no value at the client scope then the application scope value is returned instead. A null value is returned if the key has no application value either. | POST |
Get an application setting value Returns the value of an application settings key. | POST |
Get multiple API client setting values Returns values for multiple keys. By design, values are returned for keys configured at the client scope. If a key doesn't exist at the client scope the value of the key as configured at the application scope is returned instead. | POST |
Delete an application settings key Deletes an application settings key. | POST |
Get all API client setting values Returns all the settings for the specified API client, including all settings configured at the application scope. If a key is defined in both the client and application settings only the client-specific value is returned. | POST |
Get all API client setting keys Returns all the setting keys for a client, including those from the application-wide default settings. | POST |
Delete an API client setting Deletes a settings key from an API client. | POST |
Modify an API client setting Assigns a setting and setting value to an API client. If the specified setting doesn't exist, it's created. If the setting does exists, then the current value of that setting is overwritten. | POST |
Modify an application setting Creates or updates a setting in the application-wide default settings. If the setting doesn't exist, a new setting is created. If the setting does exist, the current value of that setting is overwritten. | POST |
Modify multiple application settings Creates or updates a setting in the application-wide default settings. If the setting doesn't exist, a new setting is created. If the setting does exist, the current value of that setting is overwritten. | POST |
Modify multiple API client settings Assigns multiple settings for the specified API client. If a setting doesn't, a new setting is created. If the setting does exist, the current value of that setting is overwritten. | POST |
Hosted Login API
Your primary toolset for managing Hosted Login, Identity Cloud’s preferred method for managing user logins and registrations.
Tokens
| Operation | Methods |
|---|---|
Get an administrative access token Requests an administrative access token. An administrative access token is needed to call the other Hosted Login configuration endpoints. | POST |
Introspect an access or refresh token Returns the current state of a Hosted Login access or refresh token. If the token is active then additional claims associated with the token are also returned. | POST |
Revoke an access or refresh token Revokes a previously-issued access token or refresh token. After an access token has been revoked that token can't be used to access a protected resource. After a refresh token has been revoked that token can’t be used to request a new access token and the existing access token is also revoked. | POST |
OpenID Connect Endpoints
| Operation | Method |
|---|---|
Get your discovery document Returns the discovery document, a set of OpenID Connect values that can be retrieved by a client. These values enable OIDC clients to configure themselves. See also: | GET |
Get your JSON web keys Returns information about the JSON web keys (JWK) assigned to a customer. JSON web keys are public cryptographic keys used to verify the signatures on Hosted Login identity tokens. See also: | GET |
Get userinfo Information Returns user profile information from the userinfo endpoint. | GET |
OpenID Connect Clients
| Operation | Method |
|---|---|
Get all OpenID Connect clients Returns information about all the OpenID Connect clients assigned to a customer. | GET |
Get an OpenID Connect client Returns information about an OpenID Connect client. | GET |
Modify an OpenID Connect client Modifies the specified OpenID Connect client. | PUT |
Get an OpenID Connect client secret /{customerId}/config/clients/{oidcClientId}/secret Returns the client secret for the specified OIDC client. Note that this is the only way to return the secret for a confidential or configuration client. | GET |
Reset an OpenID Connect client secret Resets the client secret for an OpenID Connect confidential client or configuration client. Resetting the secret enables you to rotate client secrets or to change a client secret you believe might have been compromised. | PUT |
Create an OpenID Connect client Creates an OpenID Connect client. See also: | POST |
Delete an OpenID Conect client Deletes the specified OpenID Connect. | DELETE |
Login Policies
| Operation | Method |
|---|---|
Get all login policies Returns information about the login policies associated with the specified customer. Login policies help manage the user login experience by doing such things as specifying the exact path to the Capture domain and the user profile entity type, and defining the login URL for the directory. See also: | GET |
Get a login policy Returns information about the specified login policy. All OpenID Connect clients used for logins and registrations need to be assigned a login policy. | GET |
Modify a login policy Returns information about the specified login policy. All OpenID Connect clients used for logins and registrations need to be assigned a login policy. See also: | PUT |
Create a login policy Creates a login policy. Login policies help manage the user login experience by doing such things as specifying the exact path to the Capture domain and the user profile entity type, and defining the login URL. See also: | POST |
Delete a login policy Deletes the specified login policy. Login policies help manage the user login experience by doing such things as: specifying the exact path to the Capture domain and the user profile entity type, and defining the login URL. See also: | DELETE |
Get a login policy's push claim status Returns information about a login policy’s push claims status. Push claims centralize and standardize the user profile information added to an identity token or made available from the userinfo endpoint following a successful authentication. See also: | GET |
Modify a login policy's push claim status Enables or disables push claims for the specified login policy. Push claims centralize and standardize the user profile information added to an identity token or made available from the userinfo endpoint following a successful authentication. See also: : | PUT |
Get a login policy's allowed response types Returns information about the response types assigned to the specified login policy. In an authorization request, the response_type parameter specifies the items clients expect to get back from the authorization server following a successful authentication. See also: | GET |
Modify a login policy's allowed response types /{customerId}/config/loginPolicies/{loginPolicyId}/allowedResponseTypes Modifies the response types assigned to the specified login policy. In an authorization request, the response_type parameter specifies the items clients expect to get back from the authorization server following a successful authentication. See also: | PUT |
Token Policies
| Operation | Method |
|---|---|
Get all token policies Returns information about your token policies. Token policies specify token lifetimes and define the allowed scopes for OpenID Connect clients. See also: | GET |
Get a token policy Returns information about the specified token policy. Token policies specify token lifetimes and define the allowed scopes for OpenID Connect clients. | GET |
Modify a token policy Modifies a token policy. Token policies specify token lifetimes and define the allowed scopes for OpenID Connect clients. See also: | PUT |
Create a token policy Creates a token policy. Token policies specify token lifetimes and define the allowed scopes for OpenID Connect clients associated. See also: | POST |
Delete a token policy Deletes a token policy. Token policies specify token lifetimes and define the allowed scopes for OpenID Connect clients. See also: | DELETE |
Get a token policy's allowed grant types Returns information about the grant types defined in the specified token policy. A grant is a standard methodology for obtaining tokens and, as a result, obtaining access to resources. See also: | GET |
Modify a token policy's allowed grant types Modifies the grant types supported by the specified token policy. A grant is a standard methodology for obtaining tokens and, as a result, obtaining access to resources. See also: | PUT |
Get a token policy's allowed resource indicators Returns information about the resource indicators supported by the specified token policy. Resource indicators are identifiers representing items that can be referenced when using the resource parameter. See also: | GET |
Modify a token policy's allowed resource indicators Modifies the resource indicators supported by the specified token policy. Resource indicators are identifiers representing items that can be referenced when using the resource parameter. See also: | PUT |
Authorization requests. logins, and logouts
| Operation | Method |
|---|---|
Submit an authorization request Requests Hosted Login authorization for an end user. See also: | POST |
Logout from Hosted Login Logs a user out of a Hosted Login session. | GET |
SIEM Event Delivery API
Operations for managing Identity Cloud’s Security Event and Information Management (SIEM) service. SIEM is a recognized standard for collecting, aggregating, and analyzing events that take place on a website or within an app.
| Operation | Method |
|---|---|
Get the SIEM event service status Returns the SIEM event delivery service activation or deactivation status for the specified application. See also: | GET |
Activate the SIEM event service Activates the SIEM event delivery service. You can't collect SIEM events unless the service is activated. See also: | POST |
Deactivate the SIEM event service Deactivates the SIEM event delivery service for the specified application. After you call this operation, SIEM event messages for the application are no longer delivered. See also: | POST |
Get the SIEM event blocklist Returns a list of the SIEM event delivery service event types blocked for the specified application. If an event type is blocked, event messages for that event aren't delivered. For example, if you block the new_email_verification event you won’t receive a notification when a user verifies an email address. See also: | POST |
Add an event to the SIEM event blocklist Adds an event to the SIEM event delivery service event types blocked for the specified application. If an event type is blocked, event messages for that event aren't delivered. | GET |
Remove an event from the SIEM event blocklist Removes one or more events from an application’s SIEM event delivery service blocklist. After an event is removed from the blocklist you'll receive a notification each time that event occurs. See also: | POST |
Get the SIEM event service public keys Returns information about the public keys assigned to the specified application. Use public keys to connect to the Amazon S3 bucket and download the event messages delivered by the SIEM event delivery service. See also: | POST |
Assign a public key to the SIEM event service Assigns public keys to the specified application. Use public keys to connect to the Amazon S3 bucket and download event messages delivered by the SIEM event delivery service. Organizations can assign a maximum of 10 public keys to their S3 bucket. However, you can delete one or more of your older keys and replace them with new keys. See also: | GET |
Delete a SIEM event service public key Removes SIEM event delivery service public keys. See also: | POST |
Social API
Manages and configures social login, the technology enabling users to create, and then log in to, an Identity Cloud website by using their Facebook account, their Twitter account, or an account created with any of the other supported social login identity providers.
Tokens and Authentication
| Operation | Method |
|---|---|
Authenticate a social login Authenticates a social login user. | POST |
Exchange a social login token for an access token Exchanges a social login identity provider token for an Identity Cloud social login token. | POST |
Social Login Providers
| Operation | Method |
|---|---|
Get all social login providers Returns a list of configured providers for an application. | POST |
Get all configured social login providers Returns a list of configured social login identity providers for an application. | POST |
Configure social login authentication providers Defines the list of social login identity providers that appear on the sign-in and registration pages. This is the same list of providers maintained by the Social Login dashboard. | POST |
Social Login Settings and Configuration
| Operation | Method |
|---|---|
Get a domain allowlist Returns all the domains on the social login allowlist. If the allowlist is configured, then only the domains included on that list can communicate with your social login application. | POST |
Add a domain to a domain allowlist Replaces the social login allowlist for an application. If the allowlist is configured, then only the domains included on that list can communicate with your social login application. | POST |
Modify a domain allowlist Modifies the domains on the social login allowlist. If the allowlist is configured, only the domains included on that list can communicate with your social login application. | POST |
Get all social login application settings View social login application settings. | POST |
Modify social login application settings Configures social login application settings. | POST |
User Profiles
| Operation | Method |
|---|---|
Associate an identity provider with a primary key Associates a primary key with a user’s social identity. | POST |
Remove an identity provider from a primary key Removes a social login identity provider from a primary key. | POST |
Webhooks v3 API
Sends you near real-time notifications any time a user account is created, deleted, or modified.
Webhook Subscriptions
| Operation | Method |
|---|---|
Get all Webhooks v3 subscriptions Returns information about the webhook subscriptions assigned to customer. | GET |
Get a Webhooks v3 subscription Returns information about the specified webhooks subscription. | GET |
Modify a Webhooks v3 subscription Modifies a webhooks subscription. See also: | PATCH |
Create a Webhooks v3 subscription Creates a webhooks subscription. See also: | POST |
Delete a Webhooks v3 subscription Deletes the specified webhook subscription. | DELETE |
Webhook Events
| Operation | Method |
|---|---|
View a summary of Webhooks v3 events Returns a high-level status summary of all events that have been generated for a given webhooks subscription in the last 7 days. | GET |
List Webhooks v3 events Returns event notifications for the specified webhooks subscription. See also: | GET |
Get a Webhooks v3 event Returns information about the specified webhooks event. See also: | GET |
Get a Webhooks v3 event's event history Returns the event history for the specified webhooks event.
| GET |
Redeliver a Webhooks v3 event Schedules the specified event for redelivery to your listener endpoint. See also: | POST |
Send a Webhooks v3 test notification Sends a test notification to your listener endpoint. | POST |
Webhooks v3 access tokens
| Operation | Method |
|---|---|
Get a Webhooks v3 administrative access token Requests an administrative access token for calling the other Webhooks v3 API endpoints. | POST |
Updated 19 days ago