openapi: 3.0.1 info: title: IAM Tenant API Specification description: This specification describes the endpoints of the IAM Tenant Service. version: 0-SNAPSHOT servers: - url: http://localhost description: local development host tags: - name: IAM Console - Tenant description: Management functions for tenants - name: IAM Console - Tenant Actor description: Management functions for tenant actors paths: /tenant/v1/tenants: get: tags: - IAM Console - Tenant summary: Get tenants description: Read tenants operationId: getTenants parameters: - name: query in: query required: false content: application/json: schema: $ref: "#/components/schemas/TenantQueryV1" - $ref: "#/components/parameters/offset" - $ref: "#/components/parameters/limit" - $ref: "#/components/parameters/count" responses: "200": description: OK headers: Page-Offset: $ref: "#/components/headers/Page-Offset" Page-Limit: $ref: "#/components/headers/Page-Limit" Page-Total: $ref: "#/components/headers/Page-Total" Data-Projected: $ref: "#/components/headers/Data-Projected" content: application/json: schema: type: array items: $ref: "#/components/schemas/TenantV1" application/x-ndjson: schema: type: array items: $ref: "#/components/schemas/TenantV1" "400": $ref: "#/components/responses/BadRequest" "401": $ref: "#/components/responses/Unauthorized" "403": $ref: "#/components/responses/Forbidden" security: - iam-console-token: [] post: tags: - IAM Console - Tenant summary: Create new tenant description: Creates a new tenant for a given application operationId: createTenant requestBody: content: application/json: schema: $ref: "#/components/schemas/TenantInV1" required: true responses: "200": description: OK content: application/json: schema: $ref: "#/components/schemas/TenantV1" "400": $ref: "#/components/responses/BadRequest" "401": $ref: "#/components/responses/Unauthorized" "403": $ref: "#/components/responses/Forbidden" "409": $ref: "#/components/responses/Conflict" security: - iam-console-token: [] /tenant/v1/tenants/~list: post: tags: - IAM Console - Tenant summary: List tenants description: Read tenants via a posted query operationId: listTenants parameters: - $ref: "#/components/parameters/offset" - $ref: "#/components/parameters/limit" - $ref: "#/components/parameters/count" requestBody: content: application/json: schema: $ref: "#/components/schemas/TenantQueryV1" responses: "200": description: OK headers: Page-Offset: $ref: "#/components/headers/Page-Offset" Page-Limit: $ref: "#/components/headers/Page-Limit" Page-Total: $ref: "#/components/headers/Page-Total" Data-Projected: $ref: "#/components/headers/Data-Projected" content: application/json: schema: type: array items: $ref: "#/components/schemas/TenantV1" application/x-ndjson: schema: type: array items: $ref: "#/components/schemas/TenantV1" "400": $ref: "#/components/responses/BadRequest" "401": $ref: "#/components/responses/Unauthorized" "403": $ref: "#/components/responses/Forbidden" security: - iam-console-token: [] /tenant/v1/tenants/{tenant-expression}: get: tags: - IAM Console - Tenant summary: Get tenant description: Read tenant by tenant expression operationId: getTenantByExpression parameters: - $ref: "#/components/parameters/tenant-expression" - name: projection in: query required: false content: application/json: schema: $ref: "#/components/schemas/TenantProjectionV1" responses: "200": description: OK headers: Data-Projected: $ref: "#/components/headers/Data-Projected" content: application/json: schema: $ref: "#/components/schemas/TenantV1" "400": $ref: "#/components/responses/BadRequest" "401": $ref: "#/components/responses/Unauthorized" "403": $ref: "#/components/responses/Forbidden" "404": $ref: "#/components/responses/NotFound" security: - iam-console-token: [] delete: tags: - IAM Console - Tenant summary: Delete tenant description: Removes the given tenant. The tenant must be decommissioned before delete is possible. operationId: deleteTenant parameters: - $ref: "#/components/parameters/tenant-expression" responses: "204": description: The request is processed and no content was returned "400": $ref: "#/components/responses/BadRequest" "401": $ref: "#/components/responses/Unauthorized" "403": $ref: "#/components/responses/Forbidden" "404": $ref: "#/components/responses/NotFound" "409": $ref: "#/components/responses/Conflict" security: - iam-console-token: [] /tenant/v1/tenants/{tenant-expression}/~activate: post: tags: - IAM Console - Tenant summary: Activate tenant description: "Activates the given tenant, enabling login" operationId: activateTenant parameters: - $ref: "#/components/parameters/tenant-expression" - $ref: "#/components/parameters/returnUpdated" responses: "200": description: OK content: application/json: schema: $ref: "#/components/schemas/TenantV1" "204": $ref: "#/components/responses/NoContent" "400": $ref: "#/components/responses/BadRequest" "401": $ref: "#/components/responses/Unauthorized" "403": $ref: "#/components/responses/Forbidden" "404": $ref: "#/components/responses/NotFound" "409": $ref: "#/components/responses/Conflict" security: - iam-console-token: [] /tenant/v1/tenants/{tenant-expression}/~archive: post: tags: - IAM Console - Tenant summary: Archive tenant description: "Archive the given tenant, no longer possible to reactivate tenant\ \ and all tokens are revoked" operationId: archiveTenant parameters: - $ref: "#/components/parameters/tenant-expression" - $ref: "#/components/parameters/returnUpdated" responses: "200": description: OK content: application/json: schema: $ref: "#/components/schemas/TenantV1" "204": $ref: "#/components/responses/NoContent" "400": $ref: "#/components/responses/BadRequest" "401": $ref: "#/components/responses/Unauthorized" "403": $ref: "#/components/responses/Forbidden" "404": $ref: "#/components/responses/NotFound" "409": $ref: "#/components/responses/Conflict" security: - iam-console-token: [] /tenant/v1/tenants/{tenant-expression}/~deactivate: post: tags: - IAM Console - Tenant summary: Deactivate tenant description: "Deactivates the given tenant, revoking all tokens and disable\ \ login" operationId: deactivateTenant parameters: - $ref: "#/components/parameters/tenant-expression" - $ref: "#/components/parameters/returnUpdated" responses: "200": description: OK content: application/json: schema: $ref: "#/components/schemas/TenantV1" "204": $ref: "#/components/responses/NoContent" "400": $ref: "#/components/responses/BadRequest" "401": $ref: "#/components/responses/Unauthorized" "403": $ref: "#/components/responses/Forbidden" "404": $ref: "#/components/responses/NotFound" "409": $ref: "#/components/responses/Conflict" security: - iam-console-token: [] /tenant/v1/tenants/{tenant-expression}/~decommission: post: tags: - IAM Console - Tenant summary: Decommission tenant description: "Decommission the given tenant, purging data where possible" operationId: decommissionTenant parameters: - $ref: "#/components/parameters/tenant-expression" - $ref: "#/components/parameters/returnUpdated" responses: "200": description: OK content: application/json: schema: $ref: "#/components/schemas/TenantV1" "204": $ref: "#/components/responses/NoContent" "400": $ref: "#/components/responses/BadRequest" "401": $ref: "#/components/responses/Unauthorized" "403": $ref: "#/components/responses/Forbidden" "404": $ref: "#/components/responses/NotFound" "409": $ref: "#/components/responses/Conflict" security: - iam-console-token: [] /tenant/v1/tenants/{tenant-expression}/actors/~invite: post: tags: - IAM Console - Tenant Actor summary: Invite actor into tenant description: Enrolls a new actor with the given details into the given tenant and return its invite code operationId: inviteTenantActor parameters: - $ref: "#/components/parameters/tenant-expression" requestBody: content: application/json: schema: $ref: "#/components/schemas/TenantActorInviteInV1" required: true responses: "200": description: OK content: application/json: schema: $ref: "#/components/schemas/TenantActorV1" "400": $ref: "#/components/responses/BadRequest" "401": $ref: "#/components/responses/Unauthorized" "403": $ref: "#/components/responses/Forbidden" "404": $ref: "#/components/responses/NotFound" "409": $ref: "#/components/responses/Conflict" security: - iam-console-token: [] /tenant/v1/tenants/{tenant-expression}/actors/~register: post: tags: - IAM Console - Tenant Actor summary: Register actor into tenant description: Enrolls a new actor with the given details and idp affiliations into the given tenant operationId: registerTenantActor parameters: - $ref: "#/components/parameters/tenant-expression" requestBody: content: application/json: schema: $ref: "#/components/schemas/TenantActorRegisterInV1" required: true responses: "200": description: OK content: application/json: schema: $ref: "#/components/schemas/TenantActorV1" "400": $ref: "#/components/responses/BadRequest" "401": $ref: "#/components/responses/Unauthorized" "403": $ref: "#/components/responses/Forbidden" "404": $ref: "#/components/responses/NotFound" "409": $ref: "#/components/responses/Conflict" security: - iam-console-token: [] /tenant/v1/tenants/{tenant-expression}/description: put: tags: - IAM Console - Tenant summary: Set tenant description description: Updates the description for a tenant operationId: setTenantDescription parameters: - $ref: "#/components/parameters/tenant-expression" - $ref: "#/components/parameters/returnUpdated" requestBody: content: application/json: schema: $ref: "#/components/schemas/DescriptionValueInV1" required: true responses: "200": description: OK content: application/json: schema: $ref: "#/components/schemas/TenantV1" "204": $ref: "#/components/responses/NoContent" "400": $ref: "#/components/responses/BadRequest" "401": $ref: "#/components/responses/Unauthorized" "403": $ref: "#/components/responses/Forbidden" "404": $ref: "#/components/responses/NotFound" security: - iam-console-token: [] delete: tags: - IAM Console - Tenant summary: Delete tenant description description: Removes the description for a tenant operationId: deleteTenantDescription parameters: - $ref: "#/components/parameters/tenant-expression" - $ref: "#/components/parameters/returnUpdated" responses: "200": description: OK content: application/json: schema: $ref: "#/components/schemas/TenantV1" "204": $ref: "#/components/responses/NoContent" "400": $ref: "#/components/responses/BadRequest" "401": $ref: "#/components/responses/Unauthorized" "403": $ref: "#/components/responses/Forbidden" "404": $ref: "#/components/responses/NotFound" security: - iam-console-token: [] /tenant/v1/tenants/{tenant-expression}/name: put: tags: - IAM Console - Tenant summary: Set tenant name description: Updates the name for a tenant operationId: setTenantName parameters: - $ref: "#/components/parameters/tenant-expression" - $ref: "#/components/parameters/returnUpdated" requestBody: content: application/json: schema: $ref: "#/components/schemas/NameRequiredValueInV1" required: true responses: "200": description: OK content: application/json: schema: $ref: "#/components/schemas/TenantV1" "204": $ref: "#/components/responses/NoContent" "400": $ref: "#/components/responses/BadRequest" "401": $ref: "#/components/responses/Unauthorized" "403": $ref: "#/components/responses/Forbidden" "404": $ref: "#/components/responses/NotFound" security: - iam-console-token: [] /tenant/v1/tenants/{tenant-expression}/tags/{tag}: put: tags: - IAM Console - Tenant summary: Set tenant tag description: Sets a tag for the given tenant operationId: setTenantTag parameters: - $ref: "#/components/parameters/tenant-expression" - $ref: "#/components/parameters/tag" - $ref: "#/components/parameters/returnUpdated" responses: "200": description: OK content: application/json: schema: $ref: "#/components/schemas/TenantV1" "204": $ref: "#/components/responses/NoContent" "400": $ref: "#/components/responses/BadRequest" "401": $ref: "#/components/responses/Unauthorized" "403": $ref: "#/components/responses/Forbidden" "404": $ref: "#/components/responses/NotFound" "409": $ref: "#/components/responses/Conflict" security: - iam-console-token: [] delete: tags: - IAM Console - Tenant summary: Delete tenant tag description: Removes given tag for the given tenant operationId: deleteTenantTag parameters: - $ref: "#/components/parameters/tenant-expression" - $ref: "#/components/parameters/tag" - $ref: "#/components/parameters/returnUpdated" responses: "200": description: OK content: application/json: schema: $ref: "#/components/schemas/TenantV1" "204": $ref: "#/components/responses/NoContent" "400": $ref: "#/components/responses/BadRequest" "401": $ref: "#/components/responses/Unauthorized" "403": $ref: "#/components/responses/Forbidden" "404": $ref: "#/components/responses/NotFound" security: - iam-console-token: [] components: schemas: ActorInviteInV1: required: - expireInSecs type: object properties: expireInSecs: maximum: 1209600 exclusiveMaximum: false minimum: 1 exclusiveMinimum: false type: integer description: Number of seconds until the invite code expire format: int32 default: 604800 description: Actor invite configuration details. An invitation code will be returned when creating this actor which can be used to claim created actor. ChangeIdConditionV1: required: - operator type: object properties: operator: type: string description: "Operation applied on conditions made on a field. Example:\ \ AGE_YEAR GREATER_THAN 16. Note that support for respective operator\ \ is dependant on the underlying value type. See separate documentation\ \ for full details." enum: - EQUALS - NOT_EQUALS - LESS_THAN - LESS_THAN_OR_EQUALS - GREATER_THAN - GREATER_THAN_OR_EQUALS - ANY_OF - NONE_OF - ALL_OF - EXISTS - NOT_EXISTS values: maxItems: 500 minItems: 0 type: array description: The value(s) to check in conjunction with the supplied operator items: type: string description: Text representation of changeId sequence number example: "7380283282446876762" description: Filter tenants based on their changeId DescriptionValueInV1: type: object properties: description: maxLength: 4096 type: string description: "A description, usually for an entity" example: "Lorem ipsum dolor sit amet, consectetur adipiscing elit." description: Envelope message for updating a description ErrorDetailV1: type: object properties: field: type: string description: A reference to a field or parameter which cannot be processed. value: type: string description: The value which could not be processed. message: type: string description: A human readable message of error. Intended for developers. description: 'Additional information about the error ' ErrorV1: required: - errorId - occurredAt type: object properties: errorId: type: string description: "An error identifier for the request, to be provided in troubleshooting." code: type: string description: |- An error code which describes this error. Documented per service and endpoint. See respective ErrorCodeRegistry DTO for possible error codes. message: type: string description: A human readable message of error. Intended for developers. details: type: array description: Additional information about the error which can be used in troubleshooting. items: $ref: "#/components/schemas/ErrorDetailV1" occurredAt: type: string description: The timestamp when the error occurred. This string is formatted according to RFC3339. format: date-time FieldProjectionV1: type: object properties: mode: $ref: "#/components/schemas/ProjectionModeTypeV1" description: Field projection settings IamTenantErrorCodeRegistryV1: type: object properties: createTenant: type: string enum: - INPUT_MALFORMED - AUTHENTICATION_FAILED - AUTHENTICATION_EXPIRED - AUTHENTICATION_REVOKED - AUTHENTICATION_INVALID_APPLICATION - AUTHORIZATION_MISSING_PERMISSION - IAM_APPLICATION_NOT_ACTIVE - IAM_APPLICATION_NOT_FOUND - IAM_TENANT_LIMIT_EXCEEDED deleteTenant: type: string enum: - INPUT_MALFORMED - AUTHENTICATION_FAILED - AUTHENTICATION_EXPIRED - AUTHENTICATION_REVOKED - AUTHENTICATION_INVALID_APPLICATION - AUTHORIZATION_MISSING_PERMISSION - IAM_DECOMMISSIONED_PRIOR_DELETE getTenant: type: string enum: - INPUT_MALFORMED - AUTHENTICATION_FAILED - AUTHENTICATION_EXPIRED - AUTHENTICATION_REVOKED - AUTHENTICATION_INVALID_APPLICATION - AUTHORIZATION_MISSING_PERMISSION - IAM_TENANT_NOT_FOUND listTenants: type: string enum: - INPUT_MALFORMED - AUTHENTICATION_FAILED - AUTHENTICATION_EXPIRED - AUTHENTICATION_REVOKED - AUTHENTICATION_INVALID_APPLICATION - AUTHORIZATION_MISSING_PERMISSION setTenantName: type: string enum: - INPUT_MALFORMED - AUTHENTICATION_FAILED - AUTHENTICATION_EXPIRED - AUTHENTICATION_REVOKED - AUTHENTICATION_INVALID_APPLICATION - AUTHORIZATION_MISSING_PERMISSION - IAM_TENANT_NOT_FOUND setTenantDescription: type: string enum: - INPUT_MALFORMED - AUTHENTICATION_FAILED - AUTHENTICATION_EXPIRED - AUTHENTICATION_REVOKED - AUTHENTICATION_INVALID_APPLICATION - AUTHORIZATION_MISSING_PERMISSION - IAM_TENANT_NOT_FOUND deleteTenantDescription: type: string enum: - INPUT_MALFORMED - AUTHENTICATION_FAILED - AUTHENTICATION_EXPIRED - AUTHENTICATION_REVOKED - AUTHENTICATION_INVALID_APPLICATION - AUTHORIZATION_MISSING_PERMISSION - IAM_TENANT_NOT_FOUND setTenantTag: type: string enum: - INPUT_MALFORMED - AUTHENTICATION_FAILED - AUTHENTICATION_EXPIRED - AUTHENTICATION_REVOKED - AUTHENTICATION_INVALID_APPLICATION - AUTHORIZATION_MISSING_PERMISSION - IAM_TENANT_NOT_FOUND - IAM_TAG_LIMIT_EXCEEDED deleteTenantTag: type: string enum: - INPUT_MALFORMED - AUTHENTICATION_FAILED - AUTHENTICATION_EXPIRED - AUTHENTICATION_REVOKED - AUTHENTICATION_INVALID_APPLICATION - AUTHORIZATION_MISSING_PERMISSION - IAM_TENANT_NOT_FOUND activateTenant: type: string enum: - INPUT_MALFORMED - AUTHENTICATION_FAILED - AUTHENTICATION_EXPIRED - AUTHENTICATION_REVOKED - AUTHENTICATION_INVALID_APPLICATION - AUTHORIZATION_MISSING_PERMISSION - IAM_TENANT_NOT_FOUND - IAM_ILLEGAL_STATUS_TRANSITION deactivateTenant: type: string enum: - INPUT_MALFORMED - AUTHENTICATION_FAILED - AUTHENTICATION_EXPIRED - AUTHENTICATION_REVOKED - AUTHENTICATION_INVALID_APPLICATION - AUTHORIZATION_MISSING_PERMISSION - IAM_TENANT_NOT_FOUND - IAM_ILLEGAL_STATUS_TRANSITION archiveTenant: type: string enum: - INPUT_MALFORMED - AUTHENTICATION_FAILED - AUTHENTICATION_EXPIRED - AUTHENTICATION_REVOKED - AUTHENTICATION_INVALID_APPLICATION - AUTHORIZATION_MISSING_PERMISSION - IAM_TENANT_NOT_FOUND - IAM_ILLEGAL_STATUS_TRANSITION decommissionTenant: type: string enum: - INPUT_MALFORMED - AUTHENTICATION_FAILED - AUTHENTICATION_EXPIRED - AUTHENTICATION_REVOKED - AUTHENTICATION_INVALID_APPLICATION - AUTHORIZATION_MISSING_PERMISSION - IAM_TENANT_NOT_FOUND registerTenantActor: type: string enum: - INPUT_MALFORMED - AUTHENTICATION_FAILED - AUTHENTICATION_EXPIRED - AUTHENTICATION_REVOKED - AUTHENTICATION_INVALID_APPLICATION - AUTHORIZATION_MISSING_PERMISSION - IAM_TENANT_NOT_FOUND - IAM_TENANT_NOT_ACTIVE - ACTOR_CUSTOM_ID_RESERVED - ACTOR_IDENTITY_RESERVED - ACTOR_IDP_NOT_FOUND - ACTOR_ROLE_NOT_FOUND inviteTenantActor: type: string enum: - INPUT_MALFORMED - AUTHENTICATION_FAILED - AUTHENTICATION_EXPIRED - AUTHENTICATION_REVOKED - AUTHENTICATION_INVALID_APPLICATION - AUTHORIZATION_MISSING_PERMISSION - IAM_TENANT_NOT_FOUND - IAM_TENANT_NOT_ACTIVE - ACTOR_CUSTOM_ID_RESERVED - ACTOR_IDENTITY_RESERVED - ACTOR_IDP_NOT_FOUND - ACTOR_ROLE_NOT_FOUND description: |- This entry describes possible error codes that may be returned by their respective operation. These can be used to apply logic upon receiving an error response. IdpAffiliationInV1: required: - idpKey type: object properties: idpKey: maxLength: 64 minLength: 1 pattern: "^[a-zA-Z0-9-_.]{1,64}$" type: string description: An identity provider key which is used to identity a specific identity provider configuration. example: idp-1 subject: maxLength: 256 minLength: 1 type: string description: The id of the subject for an identity provider. username: maxLength: 256 minLength: 1 type: string description: The username of a subject for an identity provider. Usually an email address or AD name. Used when the 'subject' is not known. description: Reference to a subject for a specific identity provider. At least one of 'subject' or 'username' must be defined. IdpAffiliationV1: required: - createdAt - createdBy - idpAffiliationId - idpKey - lastModifiedAt - lastModifiedBy - subjectPoolKey type: object properties: idpAffiliationId: type: string description: The globally unique identifier for an actor identity provider affiliation idpKey: type: string description: An identity provider key which is used to identity a specific identity provider configuration. subjectPoolKey: type: string description: The subject pool identifies the database where the end user is stored. Primarily used where multiple oauth or oidc configurations are used but the origin of the user is the same. subject: type: string description: The id of the subject for an identity provider. username: type: string description: The username of a subject for an identity provider. Usually an email address or AD name. Used when the 'subject' is not known. verifiedAt: type: string description: UTC date time when idpAffiliation was first used. This string is formatted according to RFC3339. format: date-time createdAt: type: string description: UTC date time when entity was created. This string is formatted according to RFC3339. format: date-time createdBy: type: string description: The globally unique identifier for an actor example: user-6825a22e225146801209c9fe lastModifiedAt: type: string description: UTC date time when entity was modified. This string is formatted according to RFC3339. format: date-time lastModifiedBy: type: string description: The globally unique identifier for an actor example: user-6825a22e225146801209c9fe description: Reference to a subject for a specific identity provider. At least one of 'subject' or 'username' must be defined. NameRequiredValueInV1: required: - name type: object properties: name: maxLength: 64 minLength: 1 type: string description: "A name, usually for an entity" example: John Doe description: Envelope message for updating a name ProjectionModeTypeV1: type: string description: Indicates if the field shall be included in the result. Defaults to INCLUDE if omitted. default: INCLUDE enum: - INCLUDE - EXCLUDE StatusPreviousValueV1: required: - createdAt - createdBy - replacedAt - replacedBy - value type: object properties: value: type: string description: A status value example: Operational createdAt: type: string description: UTC date time when the status was created. This string is formatted according to RFC3339. format: date-time createdBy: type: string description: The globally unique identifier for an actor example: user-6825a22e225146801209c9fe replacedAt: type: string description: UTC date time when the status ended. This string is formatted according to RFC3339. format: date-time replacedBy: type: string description: The globally unique identifier for an actor example: user-6825a22e225146801209c9fe description: A historic status value StatusV1: required: - createdAt - createdBy - value type: object properties: value: type: string description: A status value example: Operational createdAt: type: string description: UTC date time when the status was created. This string is formatted according to RFC3339. format: date-time createdBy: type: string description: The globally unique identifier for an actor example: user-6825a22e225146801209c9fe previousValues: type: array description: "Historic values for this status, ordered by descending createdAt" items: $ref: "#/components/schemas/StatusPreviousValueV1" description: Statuses for an entity and any historic values. StringConditionV1: required: - operator type: object properties: operator: type: string description: "Operation applied on conditions made on a field. Example:\ \ AGE_YEAR GREATER_THAN 16. Note that support for respective operator\ \ is dependant on the underlying value type. See separate documentation\ \ for full details." enum: - EQUALS - NOT_EQUALS - LESS_THAN - LESS_THAN_OR_EQUALS - GREATER_THAN - GREATER_THAN_OR_EQUALS - REGEXP - ANY_OF - NONE_OF - ALL_OF - EXISTS - NOT_EXISTS values: maxItems: 500 minItems: 0 type: array description: The value(s) to check in conjunction with the supplied operator items: type: string description: The value(s) to check in conjunction with the supplied operator description: Filter tenants based on their name TagConditionV1: required: - operator type: object properties: operator: type: string description: "Operation applied on conditions made on a field. Example:\ \ AGE_YEAR GREATER_THAN 16. Note that support for respective operator\ \ is dependant on the underlying value type. See separate documentation\ \ for full details." enum: - LIKE - ANY_OF values: maxItems: 500 minItems: 0 type: array description: The value(s) to check in conjunction with the supplied operator items: type: string description: The value(s) to check in conjunction with the supplied operator description: Filter tenants based on their tags TenantActorAccessInV1: required: - role type: object properties: role: maxLength: 64 minLength: 1 pattern: "^[a-zA-Z0-9-_.]{1,64}$" type: string description: "The identifier of a role, also know as 'roleKey'" example: ADMINISTRATOR description: A tenant actor access entry details which role the tenant actor should have. TenantActorInviteInV1: required: - accesses - invite - type type: object properties: actorIdPrefix: maxLength: 16 pattern: "^[a-zA-Z0-9-_&|#%?<>./:;,!\\[\\]()]{0,16}$" type: string description: This optional field can be used to give a prefix for the actorId which is about to be created example: user name: maxLength: 256 type: string description: "A name, usually for an entity" example: John Doe description: maxLength: 4096 type: string description: "A description, usually for an entity" example: "Lorem ipsum dolor sit amet, consectetur adipiscing elit." type: maxLength: 256 minLength: 1 pattern: "^[a-zA-Z0-9-_.]{1,256}$" type: string description: "The actor type. Used to distinguish different variants and\ \ to tie configurations, permissions and rules." example: "PERSON, DEVICE" accesses: maxItems: 100 minItems: 1 type: array description: Configured accesses for this actor. At least one role must be present and it will not have any explicit resource associations. items: $ref: "#/components/schemas/TenantActorAccessInV1" invite: $ref: "#/components/schemas/ActorInviteInV1" description: The tenant actor represents a subset of the actor entity and is used to bootstrap the initial administrators of a tenant. TenantActorRegisterInV1: required: - accesses - idpAffiliations - type type: object properties: actorIdPrefix: maxLength: 16 pattern: "^[a-zA-Z0-9-_&|#%?<>./:;,!\\[\\]()]{0,16}$" type: string description: This optional field can be used to give a prefix for the actorId which is about to be created example: user name: maxLength: 256 type: string description: "A name, usually for an entity" example: John Doe description: maxLength: 4096 type: string description: "A description, usually for an entity" example: "Lorem ipsum dolor sit amet, consectetur adipiscing elit." type: maxLength: 256 minLength: 1 pattern: "^[a-zA-Z0-9-_.]{1,256}$" type: string description: "The actor type. Used to distinguish different variants and\ \ to tie configurations, permissions and rules." example: "PERSON, DEVICE" accesses: maxItems: 100 minItems: 1 type: array description: Configured accesses for this actor. At least one role must be present and it will not have any explicit resource associations. items: $ref: "#/components/schemas/TenantActorAccessInV1" idpAffiliations: maxItems: 100 minItems: 1 type: array description: Configured idpAffiliations for this actor. At least one idpAffiliation must be present to enable login. items: $ref: "#/components/schemas/IdpAffiliationInV1" description: The tenant actor represents a subset of the actor entity and is used to bootstrap the initial administrators of a tenant. TenantActorV1: required: - actorId - changeId - createdAt - createdBy - lastModifiedAt - lastModifiedBy - roles - status - tenantId - type type: object properties: actorId: type: string description: The globally unique identifier for an actor example: user-6825a22e225146801209c9fe name: type: string description: The tenant actor name description: type: string description: "A description, usually for an entity" example: "Lorem ipsum dolor sit amet, consectetur adipiscing elit." type: type: string description: "The actor type. Used to distinguish different variants and\ \ to tie configurations, permissions and rules." example: "PERSON, DEVICE" status: $ref: "#/components/schemas/StatusV1" roles: type: array description: Configured roles for this actor. At least one role must be present and it will not have any explicit resource associations. items: type: string description: "The identifier of a role, also know as 'roleKey'" example: ADMINISTRATOR idpAffiliations: type: array description: Configured idpAffiliations for this actor. At least one idpAffiliation must be present to enable login. items: $ref: "#/components/schemas/IdpAffiliationV1" inviteCode: type: string description: An invite code which can be used to complete an administrator claim flow tenantId: type: string description: The globally unique identifier for a tenant example: prod-6825a9f4225146801209ca84 createdAt: type: string description: UTC date time when entity was created. This string is formatted according to RFC3339. format: date-time createdBy: type: string description: The globally unique identifier for an actor example: user-6825a22e225146801209c9fe lastModifiedAt: type: string description: UTC date time when entity was modified. This string is formatted according to RFC3339. format: date-time lastModifiedBy: type: string description: The globally unique identifier for an actor example: user-6825a22e225146801209c9fe changeId: type: string description: Text representation of changeId sequence number example: "7380283282446876762" description: The tenant actor represents a subset of the actor entity and is used to bootstrap the initial administrators of a tenant. TenantConditionV1: type: object properties: operator: type: string description: Operator used when combining several conditions together default: AND enum: - AND - OR conditions: maxItems: 32 minItems: 0 type: array description: A list of conditions which in combination with any given fieldConditions and the given operator should result in true. items: $ref: "#/components/schemas/TenantConditionV1" tenantId: $ref: "#/components/schemas/StringConditionV1" applicationId: $ref: "#/components/schemas/StringConditionV1" name: $ref: "#/components/schemas/StringConditionV1" status: $ref: "#/components/schemas/TenantStatusConditionV1" tag: $ref: "#/components/schemas/TagConditionV1" changeId: $ref: "#/components/schemas/ChangeIdConditionV1" TenantInV1: required: - applicationId - name - status type: object properties: applicationId: maxLength: 64 minLength: 1 pattern: "^[a-zA-Z0-9-_.]{1,64}$" type: string description: The globally unique identifier for an application example: demo-app-6825aa29225146801209ca85 tenantIdPrefix: maxLength: 16 pattern: "^[a-zA-Z0-9-_&|#%?<>./:;,!\\[\\]()]{0,16}$" type: string description: This optional field can be used to give a prefix for the tenantId which is about to be created example: production name: maxLength: 64 minLength: 1 type: string description: "A name, usually for an entity" example: John Doe description: maxLength: 4096 type: string description: "A description, usually for an entity" example: "Lorem ipsum dolor sit amet, consectetur adipiscing elit." status: type: string description: The initial status for the tenant enum: - ACTIVE - INACTIVE tags: maxItems: 10 minItems: 0 type: array description: A set of tags. Any duplicates will be merged. items: maxLength: 20 minLength: 1 type: string description: A label that can be used to distinguish or group an entity example: RED TenantProjectionV1: type: object properties: name: $ref: "#/components/schemas/FieldProjectionV1" description: $ref: "#/components/schemas/FieldProjectionV1" tags: $ref: "#/components/schemas/FieldProjectionV1" status: $ref: "#/components/schemas/FieldProjectionV1" createdAt: $ref: "#/components/schemas/FieldProjectionV1" createdBy: $ref: "#/components/schemas/FieldProjectionV1" lastModifiedAt: $ref: "#/components/schemas/FieldProjectionV1" lastModifiedBy: $ref: "#/components/schemas/FieldProjectionV1" TenantQueryV1: type: object properties: projection: $ref: "#/components/schemas/TenantProjectionV1" filter: $ref: "#/components/schemas/TenantConditionV1" sort: type: array items: $ref: "#/components/schemas/TenantSortByV1" TenantSortByV1: required: - field type: object properties: field: type: string description: The field to sort on enum: - NAME - CHANGE_ID type: type: string description: "An optional type selector for the field. Could be used to\ \ map to underlying field in an array or map. Used together with custom\ \ data, like custom statuses." order: type: string description: "Sorting order. ASC - ascending, DESC - descending" default: ASC enum: - ASC - DESC TenantStatusConditionV1: required: - operator type: object properties: operator: type: string description: "Operation applied on conditions made on a field. Example:\ \ AGE_YEAR GREATER_THAN 16. Note that support for respective operator\ \ is dependant on the underlying value type. See separate documentation\ \ for full details." enum: - EQUALS - NOT_EQUALS - ANY_OF - NONE_OF - ALL_OF - EXISTS - NOT_EXISTS values: maxItems: 500 minItems: 0 type: array description: The value(s) to check in conjunction with the supplied operator items: type: string description: The value(s) to check in conjunction with the supplied operator enum: - ACTIVE - INACTIVE - ARCHIVED - DECOMMISSIONED description: Filter tenants based on their status TenantV1: required: - applicationId - changeId - createdAt - createdBy - lastModifiedAt - lastModifiedBy - name - status - tenantId type: object properties: tenantId: type: string description: The globally unique identifier for a tenant example: prod-6825a9f4225146801209ca84 applicationId: type: string description: The globally unique identifier for an application example: demo-app-6825aa29225146801209ca85 name: type: string description: "A name, usually for an entity" example: John Doe description: type: string description: "A description, usually for an entity" example: "Lorem ipsum dolor sit amet, consectetur adipiscing elit." status: type: string description: The current status of the tenant. tags: type: array description: A set of tags items: type: string description: A label that can be used to distinguish or group an entity example: RED createdAt: type: string description: UTC date time when entity was created. This string is formatted according to RFC3339. format: date-time createdBy: type: string description: The globally unique identifier for an actor example: user-6825a22e225146801209c9fe lastModifiedAt: type: string description: UTC date time when entity was modified. This string is formatted according to RFC3339. format: date-time lastModifiedBy: type: string description: The globally unique identifier for an actor example: user-6825a22e225146801209c9fe changeId: type: string description: Text representation of changeId sequence number example: "7380283282446876762" responses: NoContent: description: The request is processed and no content was returned BadRequest: description: "The request is malformed, see error data for additional information" content: application/json: schema: $ref: "#/components/schemas/ErrorV1" Unauthorized: description: The request did not have valid authentication credentials content: application/json: schema: $ref: "#/components/schemas/ErrorV1" Forbidden: description: The requester is not authorized to perform this action content: application/json: schema: $ref: "#/components/schemas/ErrorV1" NotFound: description: The resource could not be found content: application/json: schema: $ref: "#/components/schemas/ErrorV1" Conflict: description: "The request could not be processed due to a conflict in state,\ \ see error data for additional information" content: application/json: schema: $ref: "#/components/schemas/ErrorV1" parameters: count: name: count in: query description: Count the total amount of matched records for the given query schema: type: boolean default: false limit: name: limit in: query description: Maximum limit of returned results schema: type: integer format: int32 default: 500 offset: name: offset in: query description: Offset is used to skip results in pagination schema: type: integer format: int32 default: 0 returnUpdated: name: returnUpdated in: query description: To return the entity after successful update or not schema: type: boolean default: false tag: name: tag in: path required: true schema: maxLength: 20 minLength: 1 type: string description: A label that can be used to distinguish or group an entity example: RED tenant-expression: name: tenant-expression in: path required: true schema: pattern: "^[a-zA-Z0-9-_.]{1,64}$" type: string description: "Used to identify a specific tenantId. The available options\ \ are: \n* '{tenantId}' - direct tenantId reference" headers: Data-Projected: description: States if the returned data was projected. Defaults to 'false' if omitted required: false schema: type: boolean Page-Limit: description: The backend determined limit that was used for the query required: true schema: type: integer format: int32 Page-Offset: description: "The used offset for the query, used for pagination" required: true schema: type: integer format: int32 Page-Total: description: The amount of matched records for the query required: false schema: type: integer format: int32 securitySchemes: iam-console-token: type: http scheme: bearer bearerFormat: IAM issued jwt token for the IAM console application