openapi: 3.0.1 info: title: IAM Application API Specification description: This specification describes the endpoints of the IAM Application Service. version: 0-SNAPSHOT servers: - url: http://localhost description: local development host tags: - name: IAM Console - Application description: Management functions for applications in IAM Console paths: /application/v1/applications: get: tags: - IAM Console - Application summary: Get applications description: Read applications operationId: getApplications parameters: - name: query in: query required: false content: application/json: schema: $ref: "#/components/schemas/ApplicationQueryV1" - $ref: "#/components/parameters/offset" - $ref: "#/components/parameters/limit" - $ref: "#/components/parameters/count" responses: "200": description: OK headers: Page-Offset: $ref: "#/components/headers/Page-Offset" Page-Limit: $ref: "#/components/headers/Page-Limit" Page-Total: $ref: "#/components/headers/Page-Total" Data-Projected: $ref: "#/components/headers/Data-Projected" content: application/json: schema: type: array items: $ref: "#/components/schemas/ApplicationV1" application/x-ndjson: schema: type: array items: $ref: "#/components/schemas/ApplicationV1" "400": $ref: "#/components/responses/BadRequest" "401": $ref: "#/components/responses/Unauthorized" "403": $ref: "#/components/responses/Forbidden" security: - iam-console-token: [] post: tags: - IAM Console - Application summary: Create new application description: Creates a new application operationId: createApplication requestBody: content: application/json: schema: $ref: "#/components/schemas/ApplicationInV1" required: true responses: "200": description: OK content: application/json: schema: $ref: "#/components/schemas/ApplicationV1" "400": $ref: "#/components/responses/BadRequest" "401": $ref: "#/components/responses/Unauthorized" "403": $ref: "#/components/responses/Forbidden" "409": $ref: "#/components/responses/Conflict" security: - iam-console-token: [] /application/v1/applications/~list: post: tags: - IAM Console - Application summary: List applications description: Reads applications via a posted query operationId: listApplications parameters: - $ref: "#/components/parameters/offset" - $ref: "#/components/parameters/limit" - $ref: "#/components/parameters/count" requestBody: content: application/json: schema: $ref: "#/components/schemas/ApplicationQueryV1" responses: "200": description: OK headers: Page-Offset: $ref: "#/components/headers/Page-Offset" Page-Limit: $ref: "#/components/headers/Page-Limit" Page-Total: $ref: "#/components/headers/Page-Total" Data-Projected: $ref: "#/components/headers/Data-Projected" content: application/json: schema: type: array items: $ref: "#/components/schemas/ApplicationV1" application/x-ndjson: schema: type: array items: $ref: "#/components/schemas/ApplicationV1" "400": $ref: "#/components/responses/BadRequest" "401": $ref: "#/components/responses/Unauthorized" "403": $ref: "#/components/responses/Forbidden" security: - iam-console-token: [] /application/v1/applications/{application-expression}: get: tags: - IAM Console - Application summary: Get application description: Read application by application expression operationId: getApplicationByExpression parameters: - $ref: "#/components/parameters/application-expression" - name: projection in: query required: false content: application/json: schema: $ref: "#/components/schemas/ApplicationProjectionV1" responses: "200": description: OK headers: Data-Projected: $ref: "#/components/headers/Data-Projected" content: application/json: schema: $ref: "#/components/schemas/ApplicationV1" "400": $ref: "#/components/responses/BadRequest" "401": $ref: "#/components/responses/Unauthorized" "403": $ref: "#/components/responses/Forbidden" "404": $ref: "#/components/responses/NotFound" security: - iam-console-token: [] delete: tags: - IAM Console - Application summary: Delete application description: Removes the given applications and any of its tenants. The application must be decommissioned before delete is possible. operationId: deleteApplication parameters: - $ref: "#/components/parameters/application-expression" responses: "204": description: The request is processed and no content was returned "400": $ref: "#/components/responses/BadRequest" "401": $ref: "#/components/responses/Unauthorized" "403": $ref: "#/components/responses/Forbidden" "404": $ref: "#/components/responses/NotFound" "409": $ref: "#/components/responses/Conflict" security: - iam-console-token: [] /application/v1/applications/{application-expression}/~archive: post: tags: - IAM Console - Application summary: Archive application description: "Archive the given application, all of its tenants are also archived" operationId: archiveApplication parameters: - $ref: "#/components/parameters/application-expression" - $ref: "#/components/parameters/returnUpdated" responses: "200": description: OK content: application/json: schema: $ref: "#/components/schemas/ApplicationV1" "204": $ref: "#/components/responses/NoContent" "400": $ref: "#/components/responses/BadRequest" "401": $ref: "#/components/responses/Unauthorized" "403": $ref: "#/components/responses/Forbidden" "404": $ref: "#/components/responses/NotFound" "409": $ref: "#/components/responses/Conflict" security: - iam-console-token: [] /application/v1/applications/{application-expression}/~decommission: post: tags: - IAM Console - Application summary: Decommission application description: "Decommission the given application, purging data where possible\ \ for application and associated tenants" operationId: decommissionApplication parameters: - $ref: "#/components/parameters/application-expression" - $ref: "#/components/parameters/returnUpdated" responses: "200": description: OK content: application/json: schema: $ref: "#/components/schemas/ApplicationV1" "204": $ref: "#/components/responses/NoContent" "400": $ref: "#/components/responses/BadRequest" "401": $ref: "#/components/responses/Unauthorized" "403": $ref: "#/components/responses/Forbidden" "404": $ref: "#/components/responses/NotFound" "409": $ref: "#/components/responses/Conflict" security: - iam-console-token: [] /application/v1/applications/{application-expression}/description: put: tags: - IAM Console - Application summary: Set application description description: Updates the application description operationId: setApplicationDescription parameters: - $ref: "#/components/parameters/application-expression" - $ref: "#/components/parameters/returnUpdated" requestBody: content: application/json: schema: $ref: "#/components/schemas/DescriptionValueInV1" required: true responses: "200": description: OK content: application/json: schema: $ref: "#/components/schemas/ApplicationV1" "204": $ref: "#/components/responses/NoContent" "400": $ref: "#/components/responses/BadRequest" "401": $ref: "#/components/responses/Unauthorized" "403": $ref: "#/components/responses/Forbidden" "404": $ref: "#/components/responses/NotFound" security: - iam-console-token: [] delete: tags: - IAM Console - Application summary: Delete application description description: Remove the application description operationId: deleteApplicationDescription parameters: - $ref: "#/components/parameters/application-expression" - $ref: "#/components/parameters/returnUpdated" responses: "200": description: OK content: application/json: schema: $ref: "#/components/schemas/ApplicationV1" "204": $ref: "#/components/responses/NoContent" "400": $ref: "#/components/responses/BadRequest" "401": $ref: "#/components/responses/Unauthorized" "403": $ref: "#/components/responses/Forbidden" "404": $ref: "#/components/responses/NotFound" security: - iam-console-token: [] /application/v1/applications/{application-expression}/name: put: tags: - IAM Console - Application summary: Set application name description: Updates the application name operationId: setApplicationName parameters: - $ref: "#/components/parameters/application-expression" - $ref: "#/components/parameters/returnUpdated" requestBody: content: application/json: schema: $ref: "#/components/schemas/NameRequiredValueInV1" required: true responses: "200": description: OK content: application/json: schema: $ref: "#/components/schemas/ApplicationV1" "204": $ref: "#/components/responses/NoContent" "400": $ref: "#/components/responses/BadRequest" "401": $ref: "#/components/responses/Unauthorized" "403": $ref: "#/components/responses/Forbidden" "404": $ref: "#/components/responses/NotFound" security: - iam-console-token: [] /application/v1/applications/{application-expression}/tags/{tag}: put: tags: - IAM Console - Application summary: Set application tag description: Sets a tag for the given application operationId: setApplicationTag parameters: - $ref: "#/components/parameters/application-expression" - $ref: "#/components/parameters/tag" - $ref: "#/components/parameters/returnUpdated" responses: "200": description: OK content: application/json: schema: $ref: "#/components/schemas/ApplicationV1" "204": $ref: "#/components/responses/NoContent" "400": $ref: "#/components/responses/BadRequest" "401": $ref: "#/components/responses/Unauthorized" "403": $ref: "#/components/responses/Forbidden" "404": $ref: "#/components/responses/NotFound" "409": $ref: "#/components/responses/Conflict" security: - iam-console-token: [] delete: tags: - IAM Console - Application summary: Delete application tag description: Removes given tag for the given application operationId: deleteApplicationTag parameters: - $ref: "#/components/parameters/application-expression" - $ref: "#/components/parameters/returnUpdated" - $ref: "#/components/parameters/tag" responses: "200": description: OK content: application/json: schema: $ref: "#/components/schemas/ApplicationV1" "204": $ref: "#/components/responses/NoContent" "400": $ref: "#/components/responses/BadRequest" "401": $ref: "#/components/responses/Unauthorized" "403": $ref: "#/components/responses/Forbidden" "404": $ref: "#/components/responses/NotFound" security: - iam-console-token: [] components: schemas: ApplicationConditionV1: type: object properties: operator: type: string description: Operator used when combining several conditions together default: AND enum: - AND - OR conditions: maxItems: 32 minItems: 0 type: array description: A list of conditions which in combination with any given fieldConditions and the given operator should result in true. items: $ref: "#/components/schemas/ApplicationConditionV1" applicationId: $ref: "#/components/schemas/StringConditionV1" name: $ref: "#/components/schemas/StringConditionV1" status: $ref: "#/components/schemas/ApplicationStatusConditionV1" tag: $ref: "#/components/schemas/TagConditionV1" changeId: $ref: "#/components/schemas/ChangeIdConditionV1" ApplicationInV1: required: - name type: object properties: applicationIdPrefix: maxLength: 16 pattern: "^[a-zA-Z0-9-_&|#%?<>./:;,!\\[\\]()]{0,16}$" type: string description: This optional field can be used to give a prefix for the applicationId which is about to be created example: portal name: maxLength: 64 minLength: 1 type: string description: "A name, usually for an entity" example: John Doe description: maxLength: 4096 type: string description: "A description, usually for an entity" example: "Lorem ipsum dolor sit amet, consectetur adipiscing elit." tags: maxItems: 10 minItems: 0 type: array description: A set of tags. Any duplicates will be merged. items: maxLength: 20 minLength: 1 type: string description: A label that can be used to distinguish or group an entity example: RED ApplicationProjectionV1: type: object properties: name: $ref: "#/components/schemas/FieldProjectionV1" description: $ref: "#/components/schemas/FieldProjectionV1" tags: $ref: "#/components/schemas/FieldProjectionV1" status: $ref: "#/components/schemas/FieldProjectionV1" createdAt: $ref: "#/components/schemas/FieldProjectionV1" createdBy: $ref: "#/components/schemas/FieldProjectionV1" lastModifiedAt: $ref: "#/components/schemas/FieldProjectionV1" lastModifiedBy: $ref: "#/components/schemas/FieldProjectionV1" ApplicationQueryV1: type: object properties: projection: $ref: "#/components/schemas/ApplicationProjectionV1" filter: $ref: "#/components/schemas/ApplicationConditionV1" sort: type: array items: $ref: "#/components/schemas/ApplicationSortByV1" ApplicationSortByV1: required: - field type: object properties: field: type: string description: The field to sort on enum: - NAME - CHANGE_ID type: type: string description: "An optional type selector for the field. Could be used to\ \ map to underlying field in an array or map. Used together with custom\ \ data, like custom statuses." order: type: string description: "Sorting order. ASC - ascending, DESC - descending" default: ASC enum: - ASC - DESC ApplicationStatusConditionV1: required: - operator type: object properties: operator: type: string description: "Operation applied on conditions made on a field. Example:\ \ AGE_YEAR GREATER_THAN 16. Note that support for respective operator\ \ is dependant on the underlying value type. See separate documentation\ \ for full details." enum: - EQUALS - NOT_EQUALS - ANY_OF - NONE_OF - ALL_OF - EXISTS - NOT_EXISTS values: maxItems: 500 minItems: 0 type: array description: The value(s) to check in conjunction with the supplied operator items: type: string description: The value(s) to check in conjunction with the supplied operator enum: - ACTIVE - ARCHIVED - DECOMMISSIONED description: Filter applications based on their status ApplicationV1: required: - applicationId - changeId - createdAt - createdBy - lastModifiedAt - lastModifiedBy - name - status type: object properties: applicationId: type: string description: The globally unique identifier for an application example: demo-app-6825aa29225146801209ca85 name: type: string description: "A name, usually for an entity" example: John Doe description: type: string description: "A description, usually for an entity" example: "Lorem ipsum dolor sit amet, consectetur adipiscing elit." status: type: string description: The current status of the application. tags: type: array description: A set of tags items: type: string description: A label that can be used to distinguish or group an entity example: RED createdAt: type: string description: UTC date time when entity was created. This string is formatted according to RFC3339. format: date-time createdBy: type: string description: The globally unique identifier for an actor example: user-6825a22e225146801209c9fe lastModifiedAt: type: string description: UTC date time when entity was modified. This string is formatted according to RFC3339. format: date-time lastModifiedBy: type: string description: The globally unique identifier for an actor example: user-6825a22e225146801209c9fe changeId: type: string description: Text representation of changeId sequence number example: "7380283282446876762" ChangeIdConditionV1: required: - operator type: object properties: operator: type: string description: "Operation applied on conditions made on a field. Example:\ \ AGE_YEAR GREATER_THAN 16. Note that support for respective operator\ \ is dependant on the underlying value type. See separate documentation\ \ for full details." enum: - EQUALS - NOT_EQUALS - LESS_THAN - LESS_THAN_OR_EQUALS - GREATER_THAN - GREATER_THAN_OR_EQUALS - ANY_OF - NONE_OF - ALL_OF - EXISTS - NOT_EXISTS values: maxItems: 500 minItems: 0 type: array description: The value(s) to check in conjunction with the supplied operator items: type: string description: Text representation of changeId sequence number example: "7380283282446876762" description: Filter applications based on their changeId DescriptionValueInV1: type: object properties: description: maxLength: 4096 type: string description: "A description, usually for an entity" example: "Lorem ipsum dolor sit amet, consectetur adipiscing elit." description: Envelope message for updating a description ErrorDetailV1: type: object properties: field: type: string description: A reference to a field or parameter which cannot be processed. value: type: string description: The value which could not be processed. message: type: string description: A human readable message of error. Intended for developers. description: 'Additional information about the error ' ErrorV1: required: - errorId - occurredAt type: object properties: errorId: type: string description: "An error identifier for the request, to be provided in troubleshooting." code: type: string description: |- An error code which describes this error. Documented per service and endpoint. See respective ErrorCodeRegistry DTO for possible error codes. message: type: string description: A human readable message of error. Intended for developers. details: type: array description: Additional information about the error which can be used in troubleshooting. items: $ref: "#/components/schemas/ErrorDetailV1" occurredAt: type: string description: The timestamp when the error occurred. This string is formatted according to RFC3339. format: date-time FieldProjectionV1: type: object properties: mode: $ref: "#/components/schemas/ProjectionModeTypeV1" description: Field projection settings IamApplicationErrorCodeRegistryV1: type: object properties: createApplication: type: string enum: - INPUT_MALFORMED - AUTHENTICATION_FAILED - AUTHENTICATION_EXPIRED - AUTHENTICATION_REVOKED - AUTHENTICATION_INVALID_APPLICATION - AUTHORIZATION_MISSING_PERMISSION - IAM_APPLICATION_LIMIT_EXCEEDED getApplication: type: string enum: - INPUT_MALFORMED - AUTHENTICATION_FAILED - AUTHENTICATION_EXPIRED - AUTHENTICATION_REVOKED - AUTHENTICATION_INVALID_APPLICATION - AUTHORIZATION_MISSING_PERMISSION - IAM_APPLICATION_NOT_FOUND listApplications: type: string enum: - INPUT_MALFORMED - AUTHENTICATION_FAILED - AUTHENTICATION_EXPIRED - AUTHENTICATION_REVOKED - AUTHENTICATION_INVALID_APPLICATION - AUTHORIZATION_MISSING_PERMISSION deleteApplication: type: string enum: - INPUT_MALFORMED - AUTHENTICATION_FAILED - AUTHENTICATION_EXPIRED - AUTHENTICATION_REVOKED - AUTHENTICATION_INVALID_APPLICATION - AUTHORIZATION_MISSING_PERMISSION - IAM_DECOMMISSIONED_PRIOR_DELETE setApplicationName: type: string enum: - INPUT_MALFORMED - AUTHENTICATION_FAILED - AUTHENTICATION_EXPIRED - AUTHENTICATION_REVOKED - AUTHENTICATION_INVALID_APPLICATION - AUTHORIZATION_MISSING_PERMISSION - IAM_APPLICATION_NOT_FOUND setApplicationDescription: type: string enum: - INPUT_MALFORMED - AUTHENTICATION_FAILED - AUTHENTICATION_EXPIRED - AUTHENTICATION_REVOKED - AUTHENTICATION_INVALID_APPLICATION - AUTHORIZATION_MISSING_PERMISSION - IAM_APPLICATION_NOT_FOUND deleteApplicationDescription: type: string enum: - INPUT_MALFORMED - AUTHENTICATION_FAILED - AUTHENTICATION_EXPIRED - AUTHENTICATION_REVOKED - AUTHENTICATION_INVALID_APPLICATION - AUTHORIZATION_MISSING_PERMISSION - IAM_APPLICATION_NOT_FOUND setApplicationTag: type: string enum: - INPUT_MALFORMED - AUTHENTICATION_FAILED - AUTHENTICATION_EXPIRED - AUTHENTICATION_REVOKED - AUTHENTICATION_INVALID_APPLICATION - AUTHORIZATION_MISSING_PERMISSION - IAM_APPLICATION_NOT_FOUND - IAM_TAG_LIMIT_EXCEEDED deleteApplicationTag: type: string enum: - INPUT_MALFORMED - AUTHENTICATION_FAILED - AUTHENTICATION_EXPIRED - AUTHENTICATION_REVOKED - AUTHENTICATION_INVALID_APPLICATION - AUTHORIZATION_MISSING_PERMISSION - IAM_APPLICATION_NOT_FOUND archiveApplication: type: string enum: - INPUT_MALFORMED - AUTHENTICATION_FAILED - AUTHENTICATION_EXPIRED - AUTHENTICATION_REVOKED - AUTHENTICATION_INVALID_APPLICATION - AUTHORIZATION_MISSING_PERMISSION - IAM_APPLICATION_NOT_FOUND - IAM_ILLEGAL_STATUS_TRANSITION decommissionApplication: type: string enum: - INPUT_MALFORMED - AUTHENTICATION_FAILED - AUTHENTICATION_EXPIRED - AUTHENTICATION_REVOKED - AUTHENTICATION_INVALID_APPLICATION - AUTHORIZATION_MISSING_PERMISSION - IAM_APPLICATION_NOT_FOUND description: |- This entry describes possible error codes that may be returned by their respective operation. These can be used to apply logic upon receiving an error response. NameRequiredValueInV1: required: - name type: object properties: name: maxLength: 64 minLength: 1 type: string description: "A name, usually for an entity" example: John Doe description: Envelope message for updating a name ProjectionModeTypeV1: type: string description: Indicates if the field shall be included in the result. Defaults to INCLUDE if omitted. default: INCLUDE enum: - INCLUDE - EXCLUDE StringConditionV1: required: - operator type: object properties: operator: type: string description: "Operation applied on conditions made on a field. Example:\ \ AGE_YEAR GREATER_THAN 16. Note that support for respective operator\ \ is dependant on the underlying value type. See separate documentation\ \ for full details." enum: - EQUALS - NOT_EQUALS - LESS_THAN - LESS_THAN_OR_EQUALS - GREATER_THAN - GREATER_THAN_OR_EQUALS - REGEXP - ANY_OF - NONE_OF - ALL_OF - EXISTS - NOT_EXISTS values: maxItems: 500 minItems: 0 type: array description: The value(s) to check in conjunction with the supplied operator items: type: string description: The value(s) to check in conjunction with the supplied operator description: Filter applications based on their name TagConditionV1: required: - operator type: object properties: operator: type: string description: "Operation applied on conditions made on a field. Example:\ \ AGE_YEAR GREATER_THAN 16. Note that support for respective operator\ \ is dependant on the underlying value type. See separate documentation\ \ for full details." enum: - LIKE - ANY_OF values: maxItems: 500 minItems: 0 type: array description: The value(s) to check in conjunction with the supplied operator items: type: string description: The value(s) to check in conjunction with the supplied operator description: Filter applications based on their tags responses: NoContent: description: The request is processed and no content was returned BadRequest: description: "The request is malformed, see error data for additional information" content: application/json: schema: $ref: "#/components/schemas/ErrorV1" Unauthorized: description: The request did not have valid authentication credentials content: application/json: schema: $ref: "#/components/schemas/ErrorV1" Forbidden: description: The requester is not authorized to perform this action content: application/json: schema: $ref: "#/components/schemas/ErrorV1" NotFound: description: The resource could not be found content: application/json: schema: $ref: "#/components/schemas/ErrorV1" Conflict: description: "The request could not be processed due to a conflict in state,\ \ see error data for additional information" content: application/json: schema: $ref: "#/components/schemas/ErrorV1" parameters: application-expression: name: application-expression in: path required: true schema: pattern: "^[a-zA-Z0-9-_.]{1,64}$" type: string description: "Used to identify a specific applicationId. The available options\ \ are: \n* '{applicationId}' - direct applicationId reference" count: name: count in: query description: Count the total amount of matched records for the given query schema: type: boolean default: false limit: name: limit in: query description: Maximum limit of returned results schema: type: integer format: int32 default: 500 offset: name: offset in: query description: Offset is used to skip results in pagination schema: type: integer format: int32 default: 0 returnUpdated: name: returnUpdated in: query description: To return the entity after successful update or not schema: type: boolean default: false tag: name: tag in: path required: true schema: maxLength: 20 minLength: 1 type: string description: A label that can be used to distinguish or group an entity example: RED headers: Data-Projected: description: States if the returned data was projected. Defaults to 'false' if omitted required: false schema: type: boolean Page-Limit: description: The backend determined limit that was used for the query required: true schema: type: integer format: int32 Page-Offset: description: "The used offset for the query, used for pagination" required: true schema: type: integer format: int32 Page-Total: description: The amount of matched records for the query required: false schema: type: integer format: int32 securitySchemes: iam-console-token: type: http scheme: bearer bearerFormat: IAM issued jwt token for the IAM console application