This repository has been archived by the owner on Apr 27, 2021. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 13
API Reference Resources
HealthCatalystDevTest edited this page Apr 16, 2020
·
45 revisions
Operations for managing clients
POST /v1/clients
| Type | Name | Description | Schema |
|---|---|---|---|
| Body |
Client required |
The client to register | ClientApiModel |
| HTTP Code | Description | Schema |
|---|---|---|
| 201 | Created | ClientApiModel |
| 400 | Client object in body failed validation | Error |
| 403 | Client does not have access | No Content |
| 409 | Client with specified id already exists | Error |
| 415 | Content-Type header was not included in request | Error |
| Type | Name | Scopes |
|---|---|---|
| Unknown | Oauth2 | fabric/authorization.write,fabric/authorization.manageclients |
GET /v1/clients
| HTTP Code | Description | Schema |
|---|---|---|
| 200 | OK | ClientApiModel |
| 403 | Client does not have access | No Content |
| Type | Name | Scopes |
|---|---|---|
| Unknown | Oauth2 | fabric/authorization.read,fabric/authorization.manageclients |
GET /v1/clients/{clientid}
| Type | Name | Description | Schema |
|---|---|---|---|
| Path |
clientid required |
ClientId to use for the request | integer |
| HTTP Code | Description | Schema |
|---|---|---|
| 200 | Client found | ClientApiModel |
| 403 | Client does not have access | No Content |
| 404 | Client with specified id was not found | Error |
| Type | Name | Scopes |
|---|---|---|
| Unknown | Oauth2 | fabric/authorization.read,fabric/authorization.manageclients |
DELETE /v1/clients/{clientid}
| Type | Name | Description | Schema |
|---|---|---|---|
| Path |
clientid required |
ClientId to use for the request | integer |
| HTTP Code | Description | Schema |
|---|---|---|
| 204 | Client deleted | No Content |
| 403 | Client does not have access | No Content |
| 404 | Client with specified id was not found | Error |
| Type | Name | Scopes |
|---|---|---|
| Unknown | Oauth2 | fabric/authorization.write,fabric/authorization.manageclients |
Operations for searching Fabric.Identity
GET /v1/members
| Type | Name | Description | Schema |
|---|---|---|---|
| Query |
client_id required |
Client ID | string |
| Query |
filter optional |
Text filter | string |
| Query |
page_number optional |
Page number | integer |
| Query |
page_size optional |
Page size | integer |
| Query |
sort_direction optional |
Sort direction | string |
| Query |
sort_key optional |
Sort key | string |
| HTTP Code | Description | Schema |
|---|---|---|
| 200 | OK | < MemberSearchResponse > array |
| 206 | Partial success (e.g., results were found in Fabric.Authorization but the call out to Fabric.Identity failed). Properties populated by Fabric.Identity data are FirstName, MiddleName, LastName, and LastLoginDateTimeUtc. | < MemberSearchResponse > array |
| 400 | Group already exists | Error |
| 403 | Client does not have the required scopes to read data in Fabric.Authorization (fabric/authorization.read). | No Content |
| Type | Name | Scopes |
|---|---|---|
| Unknown | Oauth2 | fabric/authorization.read |
Operations for managing groups
POST /v1/groups
GroupSource can be either "Custom" for creating custom groups in Fabric or the displayName of the 3rd party identity provider if the group is from an external Idp. If groupSource is empty, it will be defaulted to the group source defined in the appsettings.json
| Type | Name | Description | Schema |
|---|---|---|---|
| Body |
Group required |
The group to add | GroupRoleApiModel |
| HTTP Code | Description | Schema |
|---|---|---|
| 201 | Created | GroupRoleApiModel |
| 403 | Client does not have access | No Content |
| 409 | Group already exists | Error |
| 415 | Content-Type header was not included in request | Error |
| Type | Name | Scopes |
|---|---|---|
| Unknown | Oauth2 | fabric/authorization.read,fabric/authorization.write |
GET /v1/groups
| Type | Name | Description | Schema |
|---|---|---|---|
| Query |
name required |
the group name | string |
| Query |
type optional |
the type of group, either 'custom' or 'directory' | string |
| HTTP Code | Description | Schema |
|---|---|---|
| 200 | OK | GroupRoleApiModel |
| 400 | No name parameter was provided or an invalid type parameter was provided | Error |
| 403 | Client does not have access | No Content |
| Type | Name | Scopes |
|---|---|---|
| Unknown | Oauth2 | fabric/authorization.read |
Updates a list of groups, useful for syncing 3rd party ID Provider groups with Fabric.Authorization groups.
POST /v1/groups/UpdateGroups
| Type | Name | Description | Schema |
|---|---|---|---|
| Body |
Group required |
The groups to update | < GroupRoleApiModel > array |
| HTTP Code | Description | Schema |
|---|---|---|
| 204 | Groups updated | No Content |
| 403 | Client does not have access | No Content |
| 409 | Group already exists | Error |
| 415 | Content-Type header was not included in request | Error |
| Type | Name | Scopes |
|---|---|---|
| Unknown | Oauth2 | fabric/authorization.write |
GET /v1/groups/{groupName}
| Type | Name | Description | Schema |
|---|---|---|---|
| Path |
groupName required |
The name of the group | string |
| Query |
identityProvider optional |
The identity provider (IdP) of the group | string |
| Query |
tenantId optional |
The identity provider (IdP) of the group | string |
| HTTP Code | Description | Schema |
|---|---|---|
| 200 | OK | GroupRoleApiModel |
| 403 | Client does not have access | No Content |
| 404 | Group with specified name was not found | Error |
| Type | Name | Scopes |
|---|---|---|
| Unknown | Oauth2 | fabric/authorization.read |
DELETE /v1/groups/{groupName}
| Type | Name | Description | Schema |
|---|---|---|---|
| Path |
groupName required |
The name of the group | string |
| Query |
identityProvider optional |
The identity provider (IdP) of the group | string |
| Query |
tenantId optional |
The identity provider (IdP) of the group | string |
| HTTP Code | Description | Schema |
|---|---|---|
| 204 | Group deleted | No Content |
| 403 | Client does not have access | No Content |
| 404 | Group with specified name was not found | Error |
| Type | Name | Scopes |
|---|---|---|
| Unknown | Oauth2 | fabric/authorization.write |
PATCH /v1/groups/{groupName}
| Type | Name | Description | Schema |
|---|---|---|---|
| Path |
groupName required |
The name of the group | string |
| Query |
identityProvider optional |
The identity provider (IdP) of the group | string |
| Query |
tenantId optional |
The identity provider (IdP) of the group | string |
| Body |
GroupPatchApiRequest required |
The model containing the fields to update (currently only DisplayName and Description can be modified) | GroupPatchApiRequest |
| HTTP Code | Description | Schema |
|---|---|---|
| 200 | Updated | GroupRoleApiModel |
| 403 | Client does not have access | No Content |
| 404 | Group with specified name does not exist | Error |
| 415 | Content-Type header was not included in request | Error |
| Type | Name | Scopes |
|---|---|---|
| Unknown | Oauth2 | fabric/authorization.write |
POST /v1/groups/{groupName}/groups
- Only custom groups can be a parent group. 2) Only directory groups can be child groups.
| Type | Name | Description | Schema |
|---|---|---|---|
| Path |
groupName required |
The name of the group | string |
| Query |
identityProvider optional |
The identity provider (IdP) of the group | string |
| Query |
tenantId optional |
The identity provider (IdP) of the group | string |
| Body |
Groups required |
The directory groups to add | < GroupIdentifierApiRequest > array |
| HTTP Code | Description | Schema |
|---|---|---|
| 200 | Created | GroupRoleApiModel |
| 400 | The specified parent group is a directory group or 1 or more specified child groups is a custom group | Error |
| 403 | Client does not have write access or user does not have permissions to write to grain and securable items for roles tied to custom group | Error |
| 404 | Group with specified name was not found or 1 or more of the specified child groups could not be found | Error |
| 409 | 1 or more directory groups is already a child of the specified custom group | Error |
| 415 | Content-Type header was not included in request | Error |
| Type | Name | Scopes |
|---|---|---|
| Unknown | Oauth2 | fabric/authorization.write |
GET /v1/groups/{groupName}/groups
| Type | Name | Description | Schema |
|---|---|---|---|
| Path |
groupName required |
The name of the group | string |
| Query |
identityProvider optional |
The identity provider (IdP) of the group | string |
| Query |
tenantId optional |
The identity provider (IdP) of the group | string |
| HTTP Code | Description | Schema |
|---|---|---|
| 200 | OK | < GroupRoleApiModel > array |
| 403 | Client does not have access | Error |
| 404 | Custom group with specified name was not found | Error |
| Type | Name | Scopes |
|---|---|---|
| Unknown | Oauth2 | fabric/authorization.read |
DELETE /v1/groups/{groupName}/groups
| Type | Name | Description | Schema |
|---|---|---|---|
| Path |
groupName required |
The name of the group | string |
| Query |
identityProvider optional |
The identity provider (IdP) of the group | string |
| Query |
tenantId optional |
The identity provider (IdP) of the group | string |
| Body |
Groups required |
The groups to remove | < UserIdentifierApiRequest > array |
| HTTP Code | Description | Schema |
|---|---|---|
| 200 | Removed | GroupRoleApiModel |
| 403 | Client does not have write access or user does not have permissions to write to grain and securable items for roles tied to custom group | Error |
| 404 | Group with specified name was not found or 1 or more of the specified child groups could not be found | Error |
| 415 | Content-Type header was not included in request | Error |
| Type | Name | Scopes |
|---|---|---|
| Unknown | Oauth2 | fabric/authorization.write |
POST /v1/groups/{groupName}/roles
| Type | Name | Description | Schema |
|---|---|---|---|
| Path |
groupName required |
The name of the group | string |
| Query |
identityProvider optional |
The identity provider (IdP) of the group | string |
| Query |
tenantId optional |
The identity provider (IdP) of the group | string |
| Body |
Roles required |
The roles to add | < RoleApiModel > array |
| HTTP Code | Description | Schema |
|---|---|---|
| 200 | Roles added to group | GroupRoleApiModel |
| 400 | List of roles in body failed validation | Error |
| 403 | Client does not have access or User does not have access to add the specified roles. | No Content |
| 404 | Group with specified name was not found or the role was not found | Error |
| 409 | Role with specified name already exists for the group | Error |
| 415 | Content-Type header was not included in request | Error |
| Type | Name | Scopes |
|---|---|---|
| Unknown | Oauth2 | fabric/authorization.write |
GET /v1/groups/{groupName}/roles
| Type | Name | Description | Schema |
|---|---|---|---|
| Path |
groupName required |
The name of the group | string |
| Query |
identityProvider optional |
The identity provider (IdP) of the group | string |
| Query |
tenantId optional |
The identity provider (IdP) of the group | string |
| HTTP Code | Description | Schema |
|---|---|---|
| 200 | OK | < RoleApiModel > array |
| 403 | Client does not have access | No Content |
| 404 | Group with specified name was not found | Error |
| Type | Name | Scopes |
|---|---|---|
| Unknown | Oauth2 | fabric/authorization.read |
DELETE /v1/groups/{groupName}/roles
| Type | Name | Description | Schema |
|---|---|---|---|
| Path |
groupName required |
The name of the group | string |
| Query |
identityProvider optional |
The identity provider (IdP) of the group | string |
| Query |
tenantId optional |
The identity provider (IdP) of the group | string |
| Body |
Roles required |
The roles to delete | < RoleIdentifierApiRequest > array |
| HTTP Code | Description | Schema |
|---|---|---|
| 200 | Updated group entity including any mapped roles | GroupRoleApiModel |
| 403 | Client does not have access | Error |
| 404 | Group with specified name was not found or the role was not found | Error |
| Type | Name | Scopes |
|---|---|---|
| Unknown | Oauth2 | fabric/authorization.write |
GET /v1/groups/{groupName}/users
| Type | Name | Description | Schema |
|---|---|---|---|
| Path |
groupName required |
The name of the group | string |
| Query |
identityProvider optional |
The identity provider (IdP) of the group | string |
| Query |
tenantId optional |
The identity provider (IdP) of the group | string |
| HTTP Code | Description | Schema |
|---|---|---|
| 200 | OK | < UserApiModel > array |
| 403 | Client does not have access | Error |
| 404 | Group with specified name was not found | Error |
| Type | Name | Scopes |
|---|---|---|
| Unknown | Oauth2 | fabric/authorization.read |
DELETE /v1/groups/{groupName}/users
| Type | Name | Description | Schema |
|---|---|---|---|
| Path |
groupName required |
The name of the group | string |
| Query |
identityProvider optional |
The identity provider (IdP) of the group | string |
| Query |
tenantId optional |
The identity provider (IdP) of the group | string |
| Body |
identityProvider required |
3rd party identity provider (IdP) of the user | string |
| Body |
subjectId required |
Subject ID of the user | string |
| HTTP Code | Description | Schema |
|---|---|---|
| 200 | Updated group entity including any mapped users | GroupUserApiModel |
| 403 | Client does not have access | Error |
| 404 | Group with specified name was not found or the user was not found | Error |
| Type | Name | Scopes |
|---|---|---|
| Unknown | Oauth2 | fabric/authorization.write |
GET /v1/groups/{groupName}/{grain}/{securableItem}/roles
| Type | Name | Description | Schema |
|---|---|---|---|
| Path |
groupName required |
The name of the group | string |
| Query |
grain optional |
grain | string |
| Query |
identityProvider optional |
The identity provider (IdP) of the group | string |
| Query |
securableItem optional |
securable item | string |
| Query |
tenantId optional |
The identity provider (IdP) of the group | string |
| HTTP Code | Description | Schema |
|---|---|---|
| 200 | OK | < RoleApiModel > array |
| 403 | Client does not have access | No Content |
| 404 | Group with specified name was not found | Error |
| Type | Name | Scopes |
|---|---|---|
| Unknown | Oauth2 | fabric/authorization.read |
Operations for managing permissions
POST /v1/permissions
| Type | Name | Description | Schema |
|---|---|---|---|
| Body |
Permission required |
The permission to add | PermissionApiModel |
| HTTP Code | Description | Schema |
|---|---|---|
| 201 | Permission was created | No Content |
| 400 | Permission data in body is invalid | Error |
| 403 | Client does not have access | No Content |
| 409 | Permission with the specified id already exists | No Content |
| 415 | Content-Type header was not included in request | Error |
| Type | Name | Scopes |
|---|---|---|
| Unknown | Oauth2 | fabric/authorization.write |
GET /v1/permissions/{grain}/{securableItem}
| Type | Name | Description | Schema |
|---|---|---|---|
| Path |
grain required |
The top level grain to return permissions for | string |
| Path |
securableItem required |
The specific securableItem within the grain to return permissions for | string |
| HTTP Code | Description | Schema |
|---|---|---|
| 200 | OK | < PermissionApiModel > array |
| 403 | Client does not have access | No Content |
| Type | Name | Scopes |
|---|---|---|
| Unknown | Oauth2 | fabric/authorization.read |
GET /v1/permissions/{grain}/{securableItem}/{permissionName}
| Type | Name | Description | Schema |
|---|---|---|---|
| Path |
grain required |
The top level grain to return permissions for | string |
| Path |
permissionName required |
The name of the permission | string |
| Path |
securableItem required |
The specific securableItem within the grain to return permissions for | string |
| HTTP Code | Description | Schema |
|---|---|---|
| 200 | OK | < PermissionApiModel > array |
| 403 | Client does not have access | No Content |
| Type | Name | Scopes |
|---|---|---|
| Unknown | Oauth2 | fabric/authorization.read |
GET /v1/permissions/{permissionId}
| Type | Name | Description | Schema |
|---|---|---|---|
| Path |
permissionId required |
The id of the permission | string |
| HTTP Code | Description | Schema |
|---|---|---|
| 200 | Permission was found | PermissionApiModel |
| 400 | Permission id must be a Guid | Error |
| 403 | Client does not have access | No Content |
| 404 | Permission with the specified id was not found | No Content |
| Type | Name | Scopes |
|---|---|---|
| Unknown | Oauth2 | fabric/authorization.read |
DELETE /v1/permissions/{permissionId}
| Type | Name | Description | Schema |
|---|---|---|---|
| Path |
permissionId required |
The id of the permission | string |
| HTTP Code | Description | Schema |
|---|---|---|
| 204 | Permission with the specified id was deleted | No Content |
| 400 | Permission id must be a guid | Error |
| 403 | Client does not have access | No Content |
| 404 | Permission with specified id was not found | Error |
| Type | Name | Scopes |
|---|---|---|
| Unknown | Oauth2 | fabric/authorization.write |
Operations for managing roles
POST /v1/roles
| Type | Name | Description | Schema |
|---|---|---|---|
| Body |
Role required |
The role to add | RoleApiModel |
| HTTP Code | Description | Schema |
|---|---|---|
| 201 | Created | RoleApiModel |
| 400 | Role with specified id already exists or Role object in body failed validation | Error |
| 403 | Client does not have access | No Content |
| 409 | Role with specified id already exists | Error |
| 415 | Content-Type header was not included in request | Error |
| Type | Name | Scopes |
|---|---|---|
| Unknown | Oauth2 | fabric/authorization.write |
GET /v1/roles/{grain}/{securableItem}
| Type | Name | Description | Schema |
|---|---|---|---|
| Path |
grain required |
The top level grain to return permissions for | string |
| Path |
securableItem required |
The specific securableItem within the grain to return permissions for | string |
| HTTP Code | Description | Schema |
|---|---|---|
| 200 | OK | No Content |
| 403 | Client does not have access | No Content |
| Type | Name | Scopes |
|---|---|---|
| Unknown | Oauth2 | fabric/authorization.read |
GET /v1/roles/{grain}/{securableItem}/{roleName}
| Type | Name | Description | Schema |
|---|---|---|---|
| Path |
grain required |
The top level grain to return permissions for | string |
| Path |
roleName required |
The name of the role | string |
| Path |
securableItem required |
The specific securableItem within the grain to return permissions for | string |
| HTTP Code | Description | Schema |
|---|---|---|
| 200 | Role with specified name was found | < RoleApiModel > array |
| 403 | Client does not have access | No Content |
| Type | Name | Scopes |
|---|---|---|
| Unknown | Oauth2 | fabric/authorization.read |
DELETE /v1/roles/{roleId}
| Type | Name | Description | Schema |
|---|---|---|---|
| Path |
roleId required |
The id of the role | string |
| HTTP Code | Description | Schema |
|---|---|---|
| 204 | Role with the specified id was deleted | No Content |
| 400 | Invalid roled id provided | Error |
| 403 | Client does not have access | No Content |
| 404 | Role with specified id was not found | No Content |
| Type | Name | Scopes |
|---|---|---|
| Unknown | Oauth2 | fabric/authorization.write |
PATCH /v1/roles/{roleId}
| Type | Name | Description | Schema |
|---|---|---|---|
| Path |
roleId required |
The id of the role | string |
| Body |
RolePatchApiRequest required |
The model containing the fields to update (currently only DisplayName and Description can be modified) | RolePatchApiRequest |
| HTTP Code | Description | Schema |
|---|---|---|
| 200 | Updated | RoleApiModel |
| 403 | Client does not have access | No Content |
| 404 | Role with specified id does not exist | Error |
| 415 | Content-Type header was not included in request | Error |
| Type | Name | Scopes |
|---|---|---|
| Unknown | Oauth2 | fabric/authorization.write |
POST /v1/roles/{roleId}/permissions
| Type | Name | Description | Schema |
|---|---|---|---|
| Path |
roleId required |
The id of the role | string |
| Body |
List of permissions required |
The list of permissions to add to the role | < PermissionApiModel > array |
| HTTP Code | Description | Schema |
|---|---|---|
| 201 | Permission added to role | RoleApiModel |
| 400 | Invalid role id, no permissions specified to add, incompatible permission provided, or permission id was not provided | Error |
| 403 | Client does not have access | No Content |
| 404 | Role not found or permission not found | Error |
| 409 | Permission with the specified id already exists for the role | Error |
| 415 | Content-Type header was not included in request | Error |
| Type | Name | Scopes |
|---|---|---|
| Unknown | Oauth2 | fabric/authorization.write |
DELETE /v1/roles/{roleId}/permissions
| Type | Name | Description | Schema |
|---|---|---|---|
| Path |
roleId required |
The id of the role | string |
| Body |
List of permissions required |
The list of permissions to add to the role | < PermissionApiModel > array |
| HTTP Code | Description | Schema |
|---|---|---|
| 201 | Permission removed from role | RoleApiModel |
| 400 | Invalid role id or no permissions specified to delete from role | Error |
| 403 | Client does not have access | No Content |
| 404 | Role not found or permission not found | Error |
| Type | Name | Scopes |
|---|---|---|
| Unknown | Oauth2 | fabric/authorization.write |
Operations for managing Securable Items
GET /v1/securableitems
| HTTP Code | Description | Schema |
|---|---|---|
| 200 | OK | SecurableItemApiModel |
| 403 | Client does not have access | No Content |
| 404 | The client was not found by client id | No Content |
| Type | Name | Scopes |
|---|---|---|
| Unknown | Oauth2 | fabric/authorization.read |
GET /v1/securableitems/{securableItemId}
| Type | Name | Description | Schema |
|---|---|---|---|
| Path |
securableItemId required |
The id of the securable item | string |
| HTTP Code | Description | Schema |
|---|---|---|
| 200 | OK | SecurableItemApiModel |
| 400 | The securable item id must be a guid | Error |
| 403 | Client does not have access | No Content |
| 404 | The client was not found by client id or the securable item was not found | No Content |
| Type | Name | Scopes |
|---|---|---|
| Unknown | Oauth2 | fabric/authorization.read |
Operations related to user permissions
POST /v1/user
| Type | Name | Description | Schema |
|---|---|---|---|
| Body |
User required |
The user to add | UserApiModel |
| HTTP Code | Description | Schema |
|---|---|---|
| 201 | Created | UserApiModel |
| 400 | User object in body failed validation | Error |
| 403 | User does not have access | No Content |
| 409 | User with specified IdentityProvider and Subject already exists | Error |
| 415 | Content-Type header was not included in request | Error |
| Type | Name | Scopes |
|---|---|---|
| Unknown | Oauth2 | fabric/authorization.write |
GET /v1/user/permissions
| HTTP Code | Description | Schema |
|---|---|---|
| 200 | OK | UserPermissionsApiModel |
| 403 | Client does not have access | No Content |
| Type | Name | Scopes |
|---|---|---|
| Unknown | Oauth2 | fabric/authorization.read |
GET /v1/user/{identityProvider}/{subjectId}/groups
| Type | Name | Description | Schema |
|---|---|---|---|
| Path |
subjectId required |
Subject ID (from external identity provider) | string |
| HTTP Code | Description | Schema |
|---|---|---|
| 200 | List of GroupUserApiModel entities representing groups in which the user belongs | < GroupUserApiModel > array |
| 403 | Client does not have access | No Content |
| 404 | User was not found | Error |
| Type | Name | Scopes |
|---|---|---|
| Unknown | Oauth2 | fabric/authorization.read |
POST /v1/user/{identityProvider}/{subjectId}/permissions
| Type | Name | Description | Schema |
|---|---|---|---|
| Path |
identityProvider required |
External identity provider name | string |
| Path |
subjectId required |
Subject ID (from external identity provider) | string |
| Body |
GranularPermissions required |
The permissions to add for the user. | < PermissionApiModel > array |
| HTTP Code | Description | Schema |
|---|---|---|
| 204 | Granular permissions were added | No Content |
| 400 | No permissions to add included in request. | No Content |
| 403 | Client does not have access | No Content |
| 409 | The permissions specified already exist either as duplicates or with a different permission action than the one specified or a permission is in the request as both allow and deny | No Content |
| 415 | Content-Type header was not included in request | Error |
| Type | Name | Scopes |
|---|---|---|
| Unknown | Oauth2 | fabric/authorization.manageclients |
Gets permissions for specified user. Note this will only retrieve 1) granular permissions and 2) permissions under roles mapped to Custom groups.
GET /v1/user/{identityProvider}/{subjectId}/permissions
| Type | Name | Description | Schema |
|---|---|---|---|
| Path |
identityProvider required |
External identity provider name | string |
| Path |
subjectId required |
Subject ID (from external identity provider) | string |
| HTTP Code | Description | Schema |
|---|---|---|
| 200 | OK | < ResolvedPermissionApiModel > array |
| 403 | Client does not have access | No Content |
| Type | Name | Scopes |
|---|---|---|
| Unknown | Oauth2 | fabric/authorization.read |
DELETE /v1/user/{identityProvider}/{subjectId}/permissions
| Type | Name | Description | Schema |
|---|---|---|---|
| Path |
identityProvider required |
External identity provider name | string |
| Path |
subjectId required |
Subject ID (from external identity provider) | string |
| Body |
GranularPermissions required |
The permissions to delete from the user. | < PermissionApiModel > array |
| HTTP Code | Description | Schema |
|---|---|---|
| 204 | The permissions were deleted | No Content |
| 400 | No permissions were specified or the permissions specified do not exist or already exist with a different permission action. | No Content |
| 403 | Client does not have access | No Content |
| Type | Name | Scopes |
|---|---|---|
| Unknown | Oauth2 | fabric/authorization.manageclients |
POST /v1/user/{identityProvider}/{subjectId}/roles
| Type | Name | Description | Schema |
|---|---|---|---|
| Body |
Roles required |
The roles to add | < RoleApiModel > array |
| HTTP Code | Description | Schema |
|---|---|---|
| 200 | Roles added. | UserApiModel |
| 400 | List of roles in body failed validation | Error |
| 403 | User does not have access to add the specified roles. | No Content |
| 404 | Specified user does not exist | Error |
| 415 | Content-Type header was not included in request | Error |
| Type | Name | Scopes |
|---|---|---|
| Unknown | Oauth2 | fabric/authorization.write |
GET /v1/user/{identityProvider}/{subjectId}/roles
| Type | Name | Description | Schema |
|---|---|---|---|
| Path |
identityProvider required |
External identity provider name | string |
| Path |
subjectId required |
Subject ID (from external identity provider) | string |
| HTTP Code | Description | Schema |
|---|---|---|
| 200 | List of roles representing the roles this user has been directly associated to. | < RoleApiModel > array |
| 403 | Client does not have access | No Content |
| 404 | User was not found | Error |
| Type | Name | Scopes |
|---|---|---|
| Unknown | Oauth2 | fabric/authorization.read |
DELETE /v1/user/{identityProvider}/{subjectId}/roles
| Type | Name | Description | Schema |
|---|---|---|---|
| Body |
Roles required |
The roles to delete. | < RoleApiModel > array |
| HTTP Code | Description | Schema |
|---|---|---|
| 200 | Roles deleted. | UserApiModel |
| 400 | List of roles in body failed validation | Error |
| 403 | User does not have access to add the specified roles. | No Content |
| 404 | Specified user does not exist | Error |
| 415 | Content-Type header was not included in request | Error |
| Type | Name | Scopes |
|---|---|---|
| Unknown | Oauth2 | fabric/authorization.write |