openapi: 3.0.1 info: title: IAM Administrator Management API Specification description: This specification describes the endpoints of the IAM Administrator Management service. version: 0-SNAPSHOT servers: - url: http://localhost description: local development host tags: - name: IAM Console Administrator Management description: Management functions for IAM Console administrators paths: /administrator/v1/administrators: get: tags: - IAM Console Administrator Management summary: Get administrators description: Read administrators operationId: getAdministrators parameters: - name: query in: query required: false content: application/json: schema: $ref: "#/components/schemas/AdministratorQueryV1" - $ref: "#/components/parameters/offset" - $ref: "#/components/parameters/limit" - $ref: "#/components/parameters/count" responses: "200": description: OK headers: Page-Offset: $ref: "#/components/headers/Page-Offset" Page-Limit: $ref: "#/components/headers/Page-Limit" Page-Total: $ref: "#/components/headers/Page-Total" Data-Projected: $ref: "#/components/headers/Data-Projected" content: application/json: schema: type: array items: $ref: "#/components/schemas/AdministratorV1" application/x-ndjson: schema: type: array items: $ref: "#/components/schemas/AdministratorV1" "400": $ref: "#/components/responses/BadRequest" "401": $ref: "#/components/responses/Unauthorized" "403": $ref: "#/components/responses/Forbidden" security: - iam-console-token: [] /administrator/v1/administrators/~claim-by-invite: post: tags: - IAM Console Administrator Management summary: Claim administrator by invite description: Claim an administrator with the invite code and the used identity provider authentication operationId: claimAdministrator parameters: - $ref: "#/components/parameters/Idp-Key" requestBody: content: application/json: schema: $ref: "#/components/schemas/AdministratorInviteClaimInV1" required: true responses: "200": description: OK content: application/json: schema: $ref: "#/components/schemas/AdministratorInviteClaimV1" "400": $ref: "#/components/responses/BadRequest" "401": $ref: "#/components/responses/Unauthorized" "403": $ref: "#/components/responses/Forbidden" "409": $ref: "#/components/responses/Conflict" security: - external-token: [] /administrator/v1/administrators/~invite: post: tags: - IAM Console Administrator Management summary: Invite administrator description: Create new administrator and an invite for this administrator operationId: inviteAdministrator requestBody: content: application/json: schema: $ref: "#/components/schemas/AdministratorInviteInV1" required: true responses: "200": description: OK content: application/json: schema: $ref: "#/components/schemas/AdministratorWithInviteCodeV1" "400": $ref: "#/components/responses/BadRequest" "401": $ref: "#/components/responses/Unauthorized" "403": $ref: "#/components/responses/Forbidden" "409": $ref: "#/components/responses/Conflict" security: - iam-console-token: [] /administrator/v1/administrators/~list: post: tags: - IAM Console Administrator Management summary: List administrators description: Reads administrators via a posted query operationId: listAdministrators parameters: - $ref: "#/components/parameters/offset" - $ref: "#/components/parameters/limit" - $ref: "#/components/parameters/count" requestBody: content: application/json: schema: $ref: "#/components/schemas/AdministratorQueryV1" responses: "200": description: OK headers: Page-Offset: $ref: "#/components/headers/Page-Offset" Page-Limit: $ref: "#/components/headers/Page-Limit" Page-Total: $ref: "#/components/headers/Page-Total" Data-Projected: $ref: "#/components/headers/Data-Projected" content: application/json: schema: type: array items: $ref: "#/components/schemas/AdministratorV1" application/x-ndjson: schema: type: array items: $ref: "#/components/schemas/AdministratorV1" "400": $ref: "#/components/responses/BadRequest" "401": $ref: "#/components/responses/Unauthorized" "403": $ref: "#/components/responses/Forbidden" security: - iam-console-token: [] /administrator/v1/administrators/~register: post: tags: - IAM Console Administrator Management summary: Register administrator description: Create a new administrator with a given identity operationId: registerAdministrator requestBody: content: application/json: schema: $ref: "#/components/schemas/AdministratorRegisterInV1" required: true responses: "200": description: OK content: application/json: schema: $ref: "#/components/schemas/AdministratorV1" "400": $ref: "#/components/responses/BadRequest" "401": $ref: "#/components/responses/Unauthorized" "403": $ref: "#/components/responses/Forbidden" "409": $ref: "#/components/responses/Conflict" security: - iam-console-token: [] /administrator/v1/administrators/{administrator-expression}: get: tags: - IAM Console Administrator Management summary: Get administrator description: Read administrator by administrator expression operationId: getAdministratorByExpression parameters: - $ref: "#/components/parameters/administrator-expression" - name: projection in: query required: false content: application/json: schema: $ref: "#/components/schemas/AdministratorProjectionV1" responses: "200": description: OK headers: Data-Projected: $ref: "#/components/headers/Data-Projected" content: application/json: schema: $ref: "#/components/schemas/AdministratorV1" "400": $ref: "#/components/responses/BadRequest" "401": $ref: "#/components/responses/Unauthorized" "403": $ref: "#/components/responses/Forbidden" "404": $ref: "#/components/responses/NotFound" security: - iam-console-token: [] delete: tags: - IAM Console Administrator Management summary: Delete administrator description: Removes the referenced administrator operationId: deleteAdministrator parameters: - $ref: "#/components/parameters/administrator-expression" responses: "204": description: The request is processed and no content was returned "400": $ref: "#/components/responses/BadRequest" "401": $ref: "#/components/responses/Unauthorized" "403": $ref: "#/components/responses/Forbidden" "404": $ref: "#/components/responses/NotFound" "409": $ref: "#/components/responses/Conflict" security: - iam-console-token: [] /administrator/v1/administrators/{administrator-expression}/accesses: post: tags: - IAM Console Administrator Management summary: Add administrator access description: Add accesses for the referenced administrator operationId: addAdministratorAccess parameters: - $ref: "#/components/parameters/administrator-expression" - $ref: "#/components/parameters/returnUpdated" requestBody: content: application/json: schema: type: array items: $ref: "#/components/schemas/AdministratorAccessInV1" application/x-ndjson: schema: type: array items: $ref: "#/components/schemas/AdministratorAccessInV1" required: true responses: "200": description: OK content: application/json: schema: $ref: "#/components/schemas/AdministratorV1" "204": $ref: "#/components/responses/NoContent" "400": $ref: "#/components/responses/BadRequest" "401": $ref: "#/components/responses/Unauthorized" "403": $ref: "#/components/responses/Forbidden" "404": $ref: "#/components/responses/NotFound" "409": $ref: "#/components/responses/Conflict" security: - iam-console-token: [] /administrator/v1/administrators/{administrator-expression}/accesses/{administrator-access-id}: delete: tags: - IAM Console Administrator Management summary: Delete administrator access description: Removes the referenced administrator access operationId: deleteAdministratorAccess parameters: - $ref: "#/components/parameters/administrator-expression" - $ref: "#/components/parameters/administrator-access-id" - $ref: "#/components/parameters/returnUpdated" responses: "200": description: OK content: '*/*': schema: $ref: "#/components/schemas/AdministratorV1" "204": $ref: "#/components/responses/NoContent" "400": $ref: "#/components/responses/BadRequest" "401": $ref: "#/components/responses/Unauthorized" "403": $ref: "#/components/responses/Forbidden" "404": $ref: "#/components/responses/NotFound" "409": $ref: "#/components/responses/Conflict" security: - iam-console-token: [] /administrator/v1/administrators/{administrator-expression}/avatar: put: tags: - IAM Console Administrator Management summary: Set administrator avatar uri description: Update the avatar uri for the referenced administrator operationId: setAvatar parameters: - $ref: "#/components/parameters/administrator-expression" - $ref: "#/components/parameters/returnUpdated" requestBody: content: application/json: schema: $ref: "#/components/schemas/AdministratorAvatarInV1" required: true responses: "200": description: OK content: application/json: schema: $ref: "#/components/schemas/AdministratorV1" "204": $ref: "#/components/responses/NoContent" "400": $ref: "#/components/responses/BadRequest" "401": $ref: "#/components/responses/Unauthorized" "403": $ref: "#/components/responses/Forbidden" "404": $ref: "#/components/responses/NotFound" "409": $ref: "#/components/responses/Conflict" security: - iam-console-token: [] delete: tags: - IAM Console Administrator Management summary: Delete administrator avatar uri description: Removes any avatar configuration for the referenced administrator operationId: deleteAvatar parameters: - $ref: "#/components/parameters/administrator-expression" - $ref: "#/components/parameters/returnUpdated" responses: "200": description: OK content: application/json: schema: $ref: "#/components/schemas/AdministratorV1" "204": $ref: "#/components/responses/NoContent" "400": $ref: "#/components/responses/BadRequest" "401": $ref: "#/components/responses/Unauthorized" "403": $ref: "#/components/responses/Forbidden" "404": $ref: "#/components/responses/NotFound" "409": $ref: "#/components/responses/Conflict" security: - iam-console-token: [] /administrator/v1/administrators/{administrator-expression}/identity-provider-affiliations: post: tags: - IAM Console Administrator Management summary: Add administrator identity provider affiliation description: Add ido affiliations for the referenced administrator operationId: addAdministratorIdpAffiliation parameters: - $ref: "#/components/parameters/administrator-expression" - $ref: "#/components/parameters/returnUpdated" requestBody: content: application/json: schema: type: array items: $ref: "#/components/schemas/AdministratorIdpAffiliationInV1" application/x-ndjson: schema: type: array items: $ref: "#/components/schemas/AdministratorIdpAffiliationInV1" required: true responses: "200": description: OK content: application/json: schema: $ref: "#/components/schemas/AdministratorV1" "204": $ref: "#/components/responses/NoContent" "400": $ref: "#/components/responses/BadRequest" "401": $ref: "#/components/responses/Unauthorized" "403": $ref: "#/components/responses/Forbidden" "404": $ref: "#/components/responses/NotFound" "409": $ref: "#/components/responses/Conflict" security: - iam-console-token: [] /administrator/v1/administrators/{administrator-expression}/identity-provider-affiliations/{administrator-idp-affiliation-id}: delete: tags: - IAM Console Administrator Management summary: Delete administrator identity provider affiliation description: Removes the referenced administrator identity provider affiliation operationId: deleteAdministratorIdpAffiliation parameters: - $ref: "#/components/parameters/administrator-expression" - $ref: "#/components/parameters/administrator-idp-affiliation-id" - $ref: "#/components/parameters/returnUpdated" responses: "200": description: OK content: '*/*': schema: $ref: "#/components/schemas/AdministratorV1" "204": $ref: "#/components/responses/NoContent" "400": $ref: "#/components/responses/BadRequest" "401": $ref: "#/components/responses/Unauthorized" "403": $ref: "#/components/responses/Forbidden" "404": $ref: "#/components/responses/NotFound" "409": $ref: "#/components/responses/Conflict" security: - iam-console-token: [] /administrator/v1/administrators/{administrator-expression}/invite: put: tags: - IAM Console Administrator Management summary: Renew administrator invite description: Renews an existing invitation for the referenced administrator operationId: renewAdministratorInvitation parameters: - $ref: "#/components/parameters/administrator-expression" responses: "200": description: OK content: application/json: schema: $ref: "#/components/schemas/AdministratorWithInviteCodeV1" "400": $ref: "#/components/responses/BadRequest" "401": $ref: "#/components/responses/Unauthorized" "403": $ref: "#/components/responses/Forbidden" "404": $ref: "#/components/responses/NotFound" "409": $ref: "#/components/responses/Conflict" security: - iam-console-token: [] delete: tags: - IAM Console Administrator Management summary: Withdraw administrator invite description: Withdraws an existing invitation for the referenced administrator operationId: withdrawAdministratorInvitation parameters: - $ref: "#/components/parameters/administrator-expression" - $ref: "#/components/parameters/returnUpdated" responses: "200": description: OK content: application/json: schema: $ref: "#/components/schemas/AdministratorV1" "204": $ref: "#/components/responses/NoContent" "400": $ref: "#/components/responses/BadRequest" "401": $ref: "#/components/responses/Unauthorized" "403": $ref: "#/components/responses/Forbidden" "404": $ref: "#/components/responses/NotFound" "409": $ref: "#/components/responses/Conflict" security: - iam-console-token: [] /administrator/v1/administrators/{administrator-expression}/invite/~prolong: post: tags: - IAM Console Administrator Management summary: Prolong administrator invite description: Prolongs an existing invitation expiration timestamp for the referenced administrator operationId: prolongAdministratorInvitation parameters: - $ref: "#/components/parameters/administrator-expression" - $ref: "#/components/parameters/returnUpdated" responses: "200": description: OK content: application/json: schema: $ref: "#/components/schemas/AdministratorV1" "204": $ref: "#/components/responses/NoContent" "400": $ref: "#/components/responses/BadRequest" "401": $ref: "#/components/responses/Unauthorized" "403": $ref: "#/components/responses/Forbidden" "404": $ref: "#/components/responses/NotFound" "409": $ref: "#/components/responses/Conflict" security: - iam-console-token: [] /administrator/v1/administrators/{administrator-expression}/name: put: tags: - IAM Console Administrator Management summary: Set administrator name description: Update the name for the referenced administrator operationId: setName parameters: - $ref: "#/components/parameters/administrator-expression" - $ref: "#/components/parameters/returnUpdated" requestBody: content: application/json: schema: $ref: "#/components/schemas/NameRequiredValueInV1" required: true responses: "200": description: OK content: application/json: schema: $ref: "#/components/schemas/AdministratorV1" "204": $ref: "#/components/responses/NoContent" "400": $ref: "#/components/responses/BadRequest" "401": $ref: "#/components/responses/Unauthorized" "403": $ref: "#/components/responses/Forbidden" "404": $ref: "#/components/responses/NotFound" "409": $ref: "#/components/responses/Conflict" security: - iam-console-token: [] /administrator/v1/administrators/{administrator-expression}/tags/{tag}: put: tags: - IAM Console Administrator Management summary: Set administrator tag description: Sets a tag for the given administrator operationId: setAdministratorTag parameters: - $ref: "#/components/parameters/administrator-expression" - $ref: "#/components/parameters/tag" - $ref: "#/components/parameters/returnUpdated" responses: "200": description: OK content: application/json: schema: $ref: "#/components/schemas/AdministratorV1" "204": $ref: "#/components/responses/NoContent" "400": $ref: "#/components/responses/BadRequest" "401": $ref: "#/components/responses/Unauthorized" "403": $ref: "#/components/responses/Forbidden" "404": $ref: "#/components/responses/NotFound" "409": $ref: "#/components/responses/Conflict" security: - iam-console-token: [] delete: tags: - IAM Console Administrator Management summary: Delete administrator tag description: Removes given tag for the given administrator operationId: deleteAdministratorTag parameters: - $ref: "#/components/parameters/administrator-expression" - $ref: "#/components/parameters/returnUpdated" - $ref: "#/components/parameters/tag" responses: "200": description: OK content: application/json: schema: $ref: "#/components/schemas/AdministratorV1" "204": $ref: "#/components/responses/NoContent" "400": $ref: "#/components/responses/BadRequest" "401": $ref: "#/components/responses/Unauthorized" "403": $ref: "#/components/responses/Forbidden" "404": $ref: "#/components/responses/NotFound" security: - iam-console-token: [] components: schemas: AdministratorAccessApplicationV1: required: - applicationId type: object properties: applicationId: type: string description: The globally unique identifier for an application description: Represents an access to a specific application. AdministratorAccessInV1: required: - role type: object properties: role: type: string description: A role in the account application enum: - ACCOUNT_ADMINISTRATOR - APPLICATION_ADMINISTRATOR - TENANT_ADMINISTRATOR application: maxLength: 64 minLength: 1 pattern: "^[a-zA-Z0-9-_.]{1,64}$" type: string description: The globally unique identifier for an application tenant: maxLength: 64 minLength: 1 pattern: "^[a-zA-Z0-9-_.]{1,64}$" type: string description: The globally unique identifier for a tenant description: Represents an access which points to a role and any associated resource access AdministratorAccessTenantV1: required: - applicationId - tenantId type: object properties: applicationId: type: string description: The globally unique identifier for an application tenantId: type: string description: The globally unique identifier for a tenant description: Represents an access to a specific tenant. AdministratorAccessV1: required: - accessId - role type: object properties: accessId: type: string description: The globally unique identifier for an user access role: type: string description: A role in the account application application: $ref: "#/components/schemas/AdministratorAccessApplicationV1" tenant: $ref: "#/components/schemas/AdministratorAccessTenantV1" description: Represents an access which points to a role and any associated resource access AdministratorAvatarInV1: type: object properties: avatarUri: type: string description: An image uri to use as the avatar image for an administrator format: uri description: Avatar configuration AdministratorAvatarV1: type: object properties: avatarUri: type: string description: An image uri to use as the avatar image for an administrator description: Avatar configuration AdministratorConditionV1: type: object properties: operator: type: string description: Operator used when combining several conditions together default: AND enum: - AND - OR conditions: maxItems: 32 minItems: 0 type: array description: A list of conditions which in combination with any given fieldConditions and the given operator should result in true. items: $ref: "#/components/schemas/AdministratorConditionV1" administratorId: $ref: "#/components/schemas/StringConditionV1" name: $ref: "#/components/schemas/StringConditionV1" status: $ref: "#/components/schemas/StringConditionV1" role: $ref: "#/components/schemas/AdministratorRoleConditionV1" tag: $ref: "#/components/schemas/TagConditionV1" identityUsername: $ref: "#/components/schemas/StringConditionV1" inviteStatus: $ref: "#/components/schemas/AdministratorInviteStatusCondition" inviteExpireAt: $ref: "#/components/schemas/ZonedDateTimeConditionV1" changeId: $ref: "#/components/schemas/ChangeIdConditionV1" AdministratorIdpAffiliationInV1: required: - idpKey - username type: object properties: idpKey: maxLength: 64 minLength: 1 pattern: "^[a-zA-Z0-9-_.]{1,64}$" type: string description: An identity provider key which is used to identity a specific identity provider configuration. example: idp-1 username: maxLength: 256 minLength: 1 type: string description: The username of a subject for an identity provider. Usually an email address or AD name. Used when the 'subject' is not known. description: Represent an identity provider account reference for an administrator AdministratorIdpAffiliationV1: required: - administratorIdpAffiliationId - idpKey type: object properties: administratorIdpAffiliationId: type: string description: The globally unique identifier for an user idp affiliation idpKey: type: string description: An identity provider key which is used to identity a specific identity provider configuration. username: type: string description: The username of a subject for an identity provider. Usually an email address or AD name. Used when the 'subject' is not known. verifiedAt: type: string description: UTC date time when idpAffiliation was first used. This string is formatted according to RFC3339. format: date-time description: Represent an identity provider account reference for a user AdministratorInviteClaimInV1: required: - code type: object properties: code: type: string description: An invite code which can be used to complete an administrator claim flow description: Account user invite claim which is used to associate the caller with the referenced account user AdministratorInviteClaimV1: required: - accountId - administratorId - applicationId - tenantId type: object properties: accountId: type: string description: The globally unique identifier for an account applicationId: type: string description: The globally unique identifier for an application tenantId: type: string description: The globally unique identifier for a tenant administratorId: type: string description: The globally unique identifier for an user description: Meta information for a claimed administrator AdministratorInviteInV1: required: - accesses - name type: object properties: name: maxLength: 64 minLength: 1 type: string description: "A name, usually for an entity" example: John Doe tags: maxItems: 10 minItems: 0 type: array description: A set of tags. Any duplicates will be merged. items: maxLength: 20 minLength: 1 type: string description: A label that can be used to distinguish or group an entity example: RED avatar: $ref: "#/components/schemas/AdministratorAvatarInV1" accesses: maxItems: 100 minItems: 1 type: array description: Role(s) of this administrator and any specific resource access items: $ref: "#/components/schemas/AdministratorAccessInV1" description: Represents an end user in the iam console application AdministratorInviteStatusCondition: required: - operator type: object properties: operator: type: string description: "Operation applied on conditions made on a field. Example:\ \ AGE_YEAR GREATER_THAN 16. Note that support for respective operator\ \ is dependant on the underlying value type. See separate documentation\ \ for full details." enum: - EQUALS - NOT_EQUALS - ANY_OF - NONE_OF - ALL_OF - EXISTS - NOT_EXISTS values: maxItems: 500 minItems: 0 type: array description: The value(s) to check in conjunction with the supplied operator items: type: string description: The value(s) to check in conjunction with the supplied operator enum: - PENDING - WITHDRAWN - CLAIMED description: Filter administrators based on their invite status AdministratorInviteV1: required: - status - statusTimestamp type: object properties: expireAt: type: string description: The expiration timestamp of the current invitation code. This string is formatted according to RFC3339. format: date-time status: type: string description: The invite's status statusTimestamp: type: string description: The timestamp of the current status. This string is formatted according to RFC3339. format: date-time description: Represents an end user in the iam console application. Note that the code is only passed once throughout the system AdministratorProjectionV1: type: object properties: name: $ref: "#/components/schemas/FieldProjectionV1" tags: $ref: "#/components/schemas/FieldProjectionV1" status: $ref: "#/components/schemas/FieldProjectionV1" avatarUri: $ref: "#/components/schemas/FieldProjectionV1" accesses: $ref: "#/components/schemas/FieldProjectionV1" identities: $ref: "#/components/schemas/FieldProjectionV1" invite: $ref: "#/components/schemas/FieldProjectionV1" createdAt: $ref: "#/components/schemas/FieldProjectionV1" createdBy: $ref: "#/components/schemas/FieldProjectionV1" lastModifiedAt: $ref: "#/components/schemas/FieldProjectionV1" lastModifiedBy: $ref: "#/components/schemas/FieldProjectionV1" AdministratorQueryV1: type: object properties: projection: $ref: "#/components/schemas/AdministratorProjectionV1" filter: $ref: "#/components/schemas/AdministratorConditionV1" sort: type: array items: $ref: "#/components/schemas/AdministratorSortByV1" AdministratorRegisterInV1: required: - accesses - idpAffiliation - name type: object properties: name: maxLength: 64 minLength: 1 type: string description: "A name, usually for an entity" example: John Doe tags: maxItems: 10 minItems: 0 type: array description: A set of tags. Any duplicates will be merged. items: maxLength: 20 minLength: 1 type: string description: A label that can be used to distinguish or group an entity example: RED avatar: $ref: "#/components/schemas/AdministratorAvatarInV1" accesses: maxItems: 100 minItems: 1 type: array description: Role(s) of this administrator and any specific resource access items: $ref: "#/components/schemas/AdministratorAccessInV1" idpAffiliation: $ref: "#/components/schemas/AdministratorIdpAffiliationInV1" description: Represents an end user in the iam console application AdministratorRoleConditionV1: required: - operator type: object properties: operator: type: string description: "Operation applied on conditions made on a field. Example:\ \ AGE_YEAR GREATER_THAN 16. Note that support for respective operator\ \ is dependant on the underlying value type. See separate documentation\ \ for full details." enum: - EQUALS - NOT_EQUALS - ANY_OF - NONE_OF - ALL_OF - EXISTS - NOT_EXISTS values: maxItems: 500 minItems: 0 type: array description: The value(s) to check in conjunction with the supplied operator items: type: string description: The value(s) to check in conjunction with the supplied operator enum: - ACCOUNT_OWNER - ACCOUNT_ADMINISTRATOR - APPLICATION_ADMINISTRATOR - TENANT_ADMINISTRATOR description: Filter administrators based on their role AdministratorSortByV1: required: - field type: object properties: field: type: string description: The field to sort on enum: - NAME - STATUS - CHANGE_ID type: type: string description: "An optional type selector for the field. Could be used to\ \ map to underlying field in an array or map. Used together with custom\ \ data, like custom statuses." order: type: string description: "Sorting order. ASC - ascending, DESC - descending" default: ASC enum: - ASC - DESC AdministratorV1: required: - accesses - administratorId - changeId - createdAt - createdBy - lastModifiedAt - lastModifiedBy - name - status type: object properties: administratorId: type: string description: The globally unique identifier for an user name: type: string description: "A name, usually for an entity" example: John Doe tags: type: array description: A set of tags items: type: string description: A label that can be used to distinguish or group an entity example: RED status: type: string description: The current status of the administrator avatar: $ref: "#/components/schemas/AdministratorAvatarV1" accesses: type: array description: Role(s) of this administrator and any specific resource access items: $ref: "#/components/schemas/AdministratorAccessV1" idpAffiliations: type: array description: Identity provider affiliations that the end user can use for authentication items: $ref: "#/components/schemas/AdministratorIdpAffiliationV1" invite: $ref: "#/components/schemas/AdministratorInviteV1" createdAt: type: string description: UTC date time when entity was created. This string is formatted according to RFC3339. format: date-time createdBy: type: string description: The globally unique identifier for an actor lastModifiedAt: type: string description: UTC date time when entity was modified. This string is formatted according to RFC3339. format: date-time lastModifiedBy: type: string description: The globally unique identifier for an actor changeId: type: string description: Text representation of changeId sequence number example: "7380283282446876762" description: Represents an end user in the iam console application AdministratorWithInviteCodeV1: required: - accesses - administratorId - changeId - createdAt - createdBy - inviteCode - lastModifiedAt - lastModifiedBy - name - status type: object properties: inviteCode: type: string description: An invite code which can be used to complete an administrator claim flow administratorId: type: string description: The globally unique identifier for an user name: type: string description: "A name, usually for an entity" example: John Doe tags: type: array description: A set of tags items: type: string description: A label that can be used to distinguish or group an entity example: RED status: type: string description: The current status of the administrator avatar: $ref: "#/components/schemas/AdministratorAvatarV1" accesses: type: array description: Role(s) of this administrator and any specific resource access items: $ref: "#/components/schemas/AdministratorAccessV1" idpAffiliations: type: array description: Identity provider affiliations that the end user can use for authentication items: $ref: "#/components/schemas/AdministratorIdpAffiliationV1" invite: $ref: "#/components/schemas/AdministratorInviteV1" createdAt: type: string description: UTC date time when entity was created. This string is formatted according to RFC3339. format: date-time createdBy: type: string description: The globally unique identifier for an actor lastModifiedAt: type: string description: UTC date time when entity was modified. This string is formatted according to RFC3339. format: date-time lastModifiedBy: type: string description: The globally unique identifier for an actor changeId: type: string description: Text representation of changeId sequence number example: "7380283282446876762" description: Represents an end user in the iam console application ChangeIdConditionV1: required: - operator type: object properties: operator: type: string description: "Operation applied on conditions made on a field. Example:\ \ AGE_YEAR GREATER_THAN 16. Note that support for respective operator\ \ is dependant on the underlying value type. See separate documentation\ \ for full details." enum: - EQUALS - NOT_EQUALS - LESS_THAN - LESS_THAN_OR_EQUALS - GREATER_THAN - GREATER_THAN_OR_EQUALS - ANY_OF - NONE_OF - ALL_OF - EXISTS - NOT_EXISTS values: maxItems: 500 minItems: 0 type: array description: The value(s) to check in conjunction with the supplied operator items: type: string description: Text representation of changeId sequence number example: "7380283282446876762" description: Filter administrators based on their changeId ErrorDetailV1: type: object properties: field: type: string description: A reference to a field or parameter which cannot be processed. value: type: string description: The value which could not be processed. message: type: string description: A human readable message of error. Intended for developers. description: 'Additional information about the error ' ErrorV1: required: - errorId - occurredAt type: object properties: errorId: type: string description: "An error identifier for the request, to be provided in troubleshooting." code: type: string description: |- An error code which describes this error. Documented per service and endpoint. See respective ErrorCodeRegistry DTO for possible error codes. message: type: string description: A human readable message of error. Intended for developers. details: type: array description: Additional information about the error which can be used in troubleshooting. items: $ref: "#/components/schemas/ErrorDetailV1" occurredAt: type: string description: The timestamp when the error occurred. This string is formatted according to RFC3339. format: date-time FieldProjectionV1: type: object properties: mode: $ref: "#/components/schemas/ProjectionModeTypeV1" description: Field projection settings IamAdministratorErrorCodeRegistryV1: type: object properties: registerAdministrator: type: string enum: - INPUT_MALFORMED - AUTHENTICATION_FAILED - AUTHENTICATION_EXPIRED - AUTHENTICATION_REVOKED - AUTHENTICATION_INVALID_APPLICATION - AUTHORIZATION_MISSING_PERMISSION - IAM_APPLICATION_NOT_FOUND - IAM_TENANT_NOT_FOUND - IAM_ADMINISTRATOR_IDENTITY_RESERVED inviteAdministrator: type: string enum: - INPUT_MALFORMED - AUTHENTICATION_FAILED - AUTHENTICATION_EXPIRED - AUTHENTICATION_REVOKED - AUTHENTICATION_INVALID_APPLICATION - AUTHORIZATION_MISSING_PERMISSION - IAM_APPLICATION_NOT_FOUND - IAM_TENANT_NOT_FOUND getAdministrator: type: string enum: - INPUT_MALFORMED - AUTHENTICATION_FAILED - AUTHENTICATION_EXPIRED - AUTHENTICATION_REVOKED - AUTHENTICATION_INVALID_APPLICATION - AUTHORIZATION_MISSING_PERMISSION - IAM_ADMINISTRATOR_NOT_FOUND listAdministrators: type: string enum: - INPUT_MALFORMED - AUTHENTICATION_FAILED - AUTHENTICATION_EXPIRED - AUTHENTICATION_REVOKED - AUTHENTICATION_INVALID_APPLICATION - AUTHORIZATION_MISSING_PERMISSION deleteAdministrator: type: string enum: - INPUT_MALFORMED - AUTHENTICATION_FAILED - AUTHENTICATION_EXPIRED - AUTHENTICATION_REVOKED - AUTHENTICATION_INVALID_APPLICATION - AUTHORIZATION_MISSING_PERMISSION - AUTHORIZATION_RULE_VIOLATION setName: type: string enum: - INPUT_MALFORMED - AUTHENTICATION_FAILED - AUTHENTICATION_EXPIRED - AUTHENTICATION_REVOKED - AUTHENTICATION_INVALID_APPLICATION - AUTHORIZATION_MISSING_PERMISSION - IAM_ADMINISTRATOR_NOT_FOUND setAvatar: type: string enum: - INPUT_MALFORMED - AUTHENTICATION_FAILED - AUTHENTICATION_EXPIRED - AUTHENTICATION_REVOKED - AUTHENTICATION_INVALID_APPLICATION - AUTHORIZATION_MISSING_PERMISSION - IAM_ADMINISTRATOR_NOT_FOUND deleteAvatar: type: string enum: - INPUT_MALFORMED - AUTHENTICATION_FAILED - AUTHENTICATION_EXPIRED - AUTHENTICATION_REVOKED - AUTHENTICATION_INVALID_APPLICATION - AUTHORIZATION_MISSING_PERMISSION - IAM_ADMINISTRATOR_NOT_FOUND setAdministratorTag: type: string enum: - INPUT_MALFORMED - AUTHENTICATION_FAILED - AUTHENTICATION_EXPIRED - AUTHENTICATION_REVOKED - AUTHENTICATION_INVALID_APPLICATION - AUTHORIZATION_MISSING_PERMISSION - IAM_ADMINISTRATOR_NOT_FOUND - IAM_TAG_LIMIT_EXCEEDED deleteAdministratorTag: type: string enum: - INPUT_MALFORMED - AUTHENTICATION_FAILED - AUTHENTICATION_EXPIRED - AUTHENTICATION_REVOKED - AUTHENTICATION_INVALID_APPLICATION - AUTHORIZATION_MISSING_PERMISSION - IAM_ADMINISTRATOR_NOT_FOUND addAdministratorAccess: type: string enum: - INPUT_MALFORMED - AUTHENTICATION_FAILED - AUTHENTICATION_EXPIRED - AUTHENTICATION_REVOKED - AUTHENTICATION_INVALID_APPLICATION - AUTHORIZATION_MISSING_PERMISSION - IAM_ADMINISTRATOR_NOT_FOUND - IAM_APPLICATION_NOT_FOUND - IAM_TENANT_NOT_FOUND deleteAdministratorAccess: type: string enum: - INPUT_MALFORMED - AUTHENTICATION_FAILED - AUTHENTICATION_EXPIRED - AUTHENTICATION_REVOKED - AUTHENTICATION_INVALID_APPLICATION - AUTHORIZATION_MISSING_PERMISSION - AUTHORIZATION_RULE_VIOLATION - IAM_ADMINISTRATOR_NOT_FOUND addAdministratorIdpAffiliation: type: string enum: - INPUT_MALFORMED - AUTHENTICATION_FAILED - AUTHENTICATION_EXPIRED - AUTHENTICATION_REVOKED - AUTHENTICATION_INVALID_APPLICATION - AUTHORIZATION_MISSING_PERMISSION - IAM_ADMINISTRATOR_NOT_FOUND - IAM_ADMINISTRATOR_IDENTITY_RESERVED deleteAdministratorIdpAffiliation: type: string enum: - INPUT_MALFORMED - AUTHENTICATION_FAILED - AUTHENTICATION_EXPIRED - AUTHENTICATION_REVOKED - AUTHENTICATION_INVALID_APPLICATION - AUTHORIZATION_MISSING_PERMISSION - IAM_ADMINISTRATOR_NOT_FOUND claimAdministrator: type: string enum: - INPUT_MALFORMED - AUTHENTICATION_FAILED - AUTHENTICATION_EXPIRED - AUTHENTICATION_REVOKED - AUTHENTICATION_IDP_NOT_FOUND - AUTHORIZATION_MISSING_PERMISSION - INVITE_REJECTED - IAM_ADMINISTRATOR_IDENTITY_RESERVED - INVITE_CLAIMED - INPUT_TOO_MANY_REQUESTS renewAdministratorInvitation: type: string enum: - INPUT_MALFORMED - AUTHENTICATION_FAILED - AUTHENTICATION_EXPIRED - AUTHENTICATION_REVOKED - AUTHENTICATION_INVALID_APPLICATION - AUTHORIZATION_MISSING_PERMISSION - IAM_ADMINISTRATOR_NOT_FOUND withdrawAdministratorInvitation: type: string enum: - INPUT_MALFORMED - AUTHENTICATION_FAILED - AUTHENTICATION_EXPIRED - AUTHENTICATION_REVOKED - AUTHENTICATION_INVALID_APPLICATION - AUTHORIZATION_MISSING_PERMISSION - IAM_ADMINISTRATOR_NOT_FOUND prolongInvitation: type: string enum: - INPUT_MALFORMED - AUTHENTICATION_FAILED - AUTHENTICATION_EXPIRED - AUTHENTICATION_REVOKED - AUTHENTICATION_INVALID_APPLICATION - AUTHORIZATION_MISSING_PERMISSION - IAM_ADMINISTRATOR_NOT_FOUND - INVITE_NOT_FOUND - INVITE_CLAIMED - INVITE_WITHDRAWN description: |- This entry describes possible error codes that may be returned by their respective operation. These can be used to apply logic upon receiving an error response. NameRequiredValueInV1: required: - name type: object properties: name: maxLength: 64 minLength: 1 type: string description: "A name, usually for an entity" example: John Doe description: Envelope message for updating a name ProjectionModeTypeV1: type: string description: Indicates if the field shall be included in the result. Defaults to INCLUDE if omitted. default: INCLUDE enum: - INCLUDE - EXCLUDE StringConditionV1: required: - operator type: object properties: operator: type: string description: "Operation applied on conditions made on a field. Example:\ \ AGE_YEAR GREATER_THAN 16. Note that support for respective operator\ \ is dependant on the underlying value type. See separate documentation\ \ for full details." enum: - EQUALS - NOT_EQUALS - LESS_THAN - LESS_THAN_OR_EQUALS - GREATER_THAN - GREATER_THAN_OR_EQUALS - REGEXP - ANY_OF - NONE_OF - ALL_OF - EXISTS - NOT_EXISTS values: maxItems: 500 minItems: 0 type: array description: The value(s) to check in conjunction with the supplied operator items: type: string description: The value(s) to check in conjunction with the supplied operator description: Filter administrators based on their identity username TagConditionV1: required: - operator type: object properties: operator: type: string description: "Operation applied on conditions made on a field. Example:\ \ AGE_YEAR GREATER_THAN 16. Note that support for respective operator\ \ is dependant on the underlying value type. See separate documentation\ \ for full details." enum: - LIKE - ANY_OF values: maxItems: 500 minItems: 0 type: array description: The value(s) to check in conjunction with the supplied operator items: type: string description: The value(s) to check in conjunction with the supplied operator description: Filter administrators based on their tags ZonedDateTimeConditionV1: required: - operator type: object properties: operator: type: string description: "Operation applied on conditions made on a field. Example:\ \ AGE_YEAR GREATER_THAN 16. Note that support for respective operator\ \ is dependant on the underlying value type. See separate documentation\ \ for full details." enum: - PASSED - NOT_PASSED - EQUALS - NOT_EQUALS - LESS_THAN - LESS_THAN_OR_EQUALS - GREATER_THAN - GREATER_THAN_OR_EQUALS - ANY_OF - NONE_OF - ALL_OF - EXISTS - NOT_EXISTS values: maxItems: 500 minItems: 0 type: array description: The value(s) to check in conjunction with the supplied operator items: type: string description: The value(s) to check in conjunction with the supplied operator format: date-time description: Filter administrators based on their invite expiration timestamp responses: NoContent: description: The request is processed and no content was returned BadRequest: description: "The request is malformed, see error data for additional information" content: application/json: schema: $ref: "#/components/schemas/ErrorV1" Unauthorized: description: The request did not have valid authentication credentials content: application/json: schema: $ref: "#/components/schemas/ErrorV1" Forbidden: description: The requester is not authorized to perform this action content: application/json: schema: $ref: "#/components/schemas/ErrorV1" NotFound: description: The resource could not be found content: application/json: schema: $ref: "#/components/schemas/ErrorV1" Conflict: description: "The request could not be processed due to a conflict in state,\ \ see error data for additional information" content: application/json: schema: $ref: "#/components/schemas/ErrorV1" parameters: Idp-Key: name: Idp-Key in: header required: true schema: maxLength: 64 minLength: 1 pattern: "^[a-zA-Z0-9-_.]{1,64}$" type: string description: An identity provider key which is used to identity a specific identity provider configuration. example: idp-1 administrator-access-id: name: administrator-access-id in: path required: true schema: maxLength: 64 minLength: 1 pattern: "^[a-zA-Z0-9-_.]{1,64}$" type: string description: The globally unique identifier for an user access administrator-expression: name: administrator-expression in: path required: true schema: pattern: "^[a-zA-Z0-9-_.]{1,64}$|^[a-zA-Z0-9-_.]{1,64}=.{1,128}$|^myself$" type: string description: "Used to identify a specific account user. The available options\ \ are: \n* '{administratorId}' - direct administratorId reference\n* 'myself'\ \ - the account user identified by the used access token" administrator-idp-affiliation-id: name: administrator-idp-affiliation-id in: path required: true schema: maxLength: 64 minLength: 1 pattern: "^[a-zA-Z0-9-_.]{1,64}$" type: string description: The globally unique identifier for an user idp affiliation count: name: count in: query description: Count the total amount of matched records for the given query schema: type: boolean default: false limit: name: limit in: query description: Maximum limit of returned results schema: type: integer format: int32 default: 500 offset: name: offset in: query description: Offset is used to skip results in pagination schema: type: integer format: int32 default: 0 returnUpdated: name: returnUpdated in: query description: To return the entity after successful update or not schema: type: boolean default: false tag: name: tag in: path required: true schema: maxLength: 20 minLength: 1 type: string description: A label that can be used to distinguish or group an entity example: RED headers: Data-Projected: description: States if the returned data was projected. Defaults to 'false' if omitted required: false schema: type: boolean Idp-Key: description: IdpKey to be used when matching given credentials for the current application idp configurations required: true schema: pattern: "^[a-zA-Z0-9-_.]{1,64}$" type: string Page-Limit: description: The backend determined limit that was used for the query required: true schema: type: integer format: int32 Page-Offset: description: "The used offset for the query, used for pagination" required: true schema: type: integer format: int32 Page-Total: description: The amount of matched records for the query required: false schema: type: integer format: int32 securitySchemes: external-token: type: http scheme: bearer bearerFormat: External token issued by a trusted identity provider iam-console-token: type: http scheme: bearer bearerFormat: IAM issued jwt token for the IAM console application