Identity Management API

These endpoints allow to interact with the configured identity provider.

Please note, that not all functions are supported by all identity providers. In case a function is not supported, an UnsupportedOperationException gets thrown. All calls - except the GET methods - are logged in the audit log.

Method Endpoint

GET

/cxf/bpc-core/im/users

Description

Get a list of all users as JSON.

When used with Keycloak one of these Keycloak roles are needed: admin, realm-admin, manage-users, query-users

Returns

The requested data as JSON.

Example response
[
  {
    "id": "bpcadmin",
    "userName": "bpcadmin",
    "displayName": "bpcadmin",
    "firstName": "Timo",
    "lastName": "Virt",
    "email": "bpcadmin@example.com"
  },
  {
    "id": "of",
    "userName": "of",
    "displayName": "of",
    "firstName": "Oliver",
    "lastName": "Fürniß",
    "email": "of@virtimo.de"
  }
]

HTTP Status Code

  • 200 : OK

  • 500 : No identity manager found or another failure

  • 503 : Not supported by the used identity provider

Content-Type

  • application/json; charset=UTF-8

Required Access Rights

The logged in user or API Key must have either the following role or right.

  • Role : IDENTITY_MANAGER_ADMIN

  • Right : IDENTITY_MANAGER_USERS_READ

POST

/cxf/bpc-core/im/users

Description

Add a user by providing the data as JSON in the body.

When used with Keycloak one of these Keycloak roles are needed: admin, realm-admin, manage-users

Example body
{
  "id": "42",
  "password": "1234567890",
  "firstName": "Hans",
  "lastName": "Schmidt",
  "email": "hans.schmidt@example.com"
}

Consumes

  • application/json

Returns

HTTP Status Code

  • 200 : OK

  • 500 : Failure due to one of the following reasons:

    • Mandatory user id not given

    • Mandatory password not given

    • No identity manager found or another failure

  • 503 : Not supported by the used identity provider

Required Access Rights

The logged in user or API Key must have either the following role or right.

  • Role : IDENTITY_MANAGER_ADMIN

  • Right : IDENTITY_MANAGER_USERS_ADD

PUT

/cxf/bpc-core/im/users/{userId}

Description

Update a user by providing the data as JSON in the body.

When used with Keycloak one of these Keycloak roles are needed: admin, realm-admin, manage-users

Example body
{
  "firstName": "Hans",
  "lastName": "Test",
  "email": "hans.test@example.com"
}

Consumes

  • application/json

Path Parameter

userId

the ID of the user to update

Returns

HTTP Status Code

  • 200 : OK

  • 500 : Failure due to one of the following reasons:

    • Mandatory user id not given

    • No identity manager found or another failure

  • 503 : Not supported by the used identity provider

Required Access Rights

The logged in user or API Key must have either the following role or right.

  • Role : IDENTITY_MANAGER_ADMIN

  • Right : IDENTITY_MANAGER_USERS_UPDATE

PATCH

/cxf/bpc-core/im/users/{userId}

Description

Update the password of a user.

When used with Keycloak one of these Keycloak roles are needed: admin, realm-admin, manage-users

Example form
password=<new password>

Path Parameter

userId

the ID of the user

Form Parameter

password

the users new password

Returns

HTTP Status Code

  • 200 : OK

  • 500 : Failure due to one of the following reasons:

    • Mandatory user id not given

    • Mandatory user password not given

    • No identity manager found or another failure

  • 503 : Not supported by the used identity provider

Required Access Rights

The logged in user or API Key must have either the following role or right.

  • Role : IDENTITY_MANAGER_ADMIN

  • Right : IDENTITY_MANAGER_USERS_UPDATE

DELETE

/cxf/bpc-core/im/users/{userId}

Description

Delete a user.

When used with Keycloak one of these Keycloak roles are needed: admin, realm-admin, manage-users

Path Parameter

userId

the ID of the user to delete

Returns

HTTP Status Code

  • 200 : OK

  • 500 : Failure due to one of the following reasons:

    • Mandatory user id not given

    • No identity manager found or another failure

  • 503 : Not supported by the used identity provider

Required Access Rights

The logged in user or API Key must have either the following role or right.

  • Role : IDENTITY_MANAGER_ADMIN

  • Right : IDENTITY_MANAGER_USERS_UPDATE

GET

/cxf/bpc-core/im/organisations

Description

Get all organisations as a JSON array.

When used with Keycloak one of these Keycloak roles are needed: admin, realm-admin, manage-users, view-users, query-groups

Returns

The requested data.

Example response
[
  "virtimo",
  "users",
  "admins"
]

HTTP Status Code

  • 200 : OK

  • 500 : No identity manager found or another failure

  • 503 : Not supported by the used identity provider

Content-Type

  • application/json; charset=UTF-8

Required Access Rights

A logged in user or API Key is required.

GET

/cxf/bpc-core/im/roles

Description

Get all roles as a JSON array.

When used with Keycloak one of these Keycloak roles are needed: admin, realm-admin, manage-realm, view-realm, query-clients, query-users, query-groups, query-realms, manage-clients, view-clients

Returns

The requested data.

Example response
[
  "offline_access",
  "uma_authorization",
  "uma_protection",
  "bpcadmin",
  "bpcuser"
]

HTTP Status Code

  • 200 : OK

  • 500 : No identity manager found or another failure

  • 503 : Not supported by the used identity provider

Content-Type

  • application/json; charset=UTF-8

Required Access Rights

A logged in user or API Key is required.

GET

/cxf/bpc-core/im/rights

Description

Get all rights as a JSON array.

Returns

The requested data.

Example response
[
  "IDENTITY_MANAGER_USER_ORGANISATIONS_READ",
  "CUSTOM_RIGHT"
]

HTTP Status Code

  • 200 : OK

  • 500 : No identity manager found or another failure

  • 503 : Not supported by the used identity provider

Content-Type

  • application/json; charset=UTF-8

Required Access Rights

A logged in user or API Key is required.

GET

/cxf/bpc-core/im/users/{userId}/organisations

Description

Get the organisations of a user as JSON a array.

When used with Keycloak one of these Keycloak roles are needed: admin, realm-admin, manage-users, (view-users AND query-users)

Path Parameter

userId

the ID of the user

Returns

The requested data.

Example response
[
  "virtimo"
]

HTTP Status Code

  • 200 : OK

  • 500 : Failure due to one of the following reasons:

    • User does not exist

    • No identity manager found or another failure

  • 503 : Not supported by the used identity provider

Content-Type

  • application/json; charset=UTF-8

Required Access Rights

The logged in user or API Key must have either the following role or right.

  • Role : IDENTITY_MANAGER_ADMIN

  • Right : IDENTITY_MANAGER_USER_ORGANISATIONS_READ

POST

/cxf/bpc-core/im/users/{userId}/organisations

Description

Add an organisation to a user by providing the data as JSON in the body.

Example body
{
  "id": "virtimo"
}

Consumes

  • application/json

Path Parameter

userId

the ID of the user

Returns

HTTP Status Code

  • 200 : OK

  • 500 : Failure due to one of the following reasons:

    • Mandatory user id not given

    • Mandatory organisation not given

    • No identity manager found or another failure

  • 503 : Not supported by the used identity provider

Required Access Rights

The logged in user or API Key must have either the following role or right.

  • Role : IDENTITY_MANAGER_ADMIN

  • Right : IDENTITY_MANAGER_USERS_UPDATE

DELETE

/cxf/bpc-core/im/users/{userId}/organisations/{organisationName}

Description

Delete the organisation of a user.

Path Parameter

userId

the ID of the user

organisationName

the name of the organisation to delete

Returns

HTTP Status Code

  • 200 : OK

  • 500 : Failure due to one of the following reasons:

    • Mandatory user id not given

    • Mandatory organisation not given

    • No identity manager found or another failure

  • 503 : Not supported by the used identity provider

Required Access Rights

The logged in user or API Key must have either the following role or right.

  • Role : IDENTITY_MANAGER_ADMIN

  • Right : IDENTITY_MANAGER_USERS_UPDATE

GET

/cxf/bpc-core/im/users/{userId}/roles

Description

Get the roles of a user as a JSON array.

When used with Keycloak one of these Keycloak roles are needed: admin, realm-admin, manage-users, (view-users AND query-users)

Path Parameter

userId

the id of the user

Returns

The requested data.

Example response
[
  "EAI Developer",
  "System Administrator"
]

HTTP Status Code

  • 200 : OK

  • 500 : Failure due to one of the following reasons:

    • User does not exist

    • No identity manager found or another failure

  • 503 : Not supported by the used identity provider

Content-Type

  • application/json; charset=UTF-8

Required Access Rights

The logged in user or API Key must have either the following role or right.

  • Role : IDENTITY_MANAGER_ADMIN

  • Right : IDENTITY_MANAGER_USER_ROLES_READ

POST

/cxf/bpc-core/im/users/{userId}/roles

Description

Add a role to a user by providing the data as JSON in the body.

Example body
{
  "id": "EAI Developer"
}

Consumes

  • application/json

Path Parameter

userId

the ID of the user

Returns

HTTP Status Code

  • 200 : OK

  • 500 : Failure due to one of the following reasons:

    • Mandatory user id not given

    • Mandatory role not given

    • No identity manager found or another failure

  • 503 : Not supported by the used identity provider

Required Access Rights

The logged in user or API Key must have either the following role or right.

  • Role : IDENTITY_MANAGER_ADMIN

  • Right : IDENTITY_MANAGER_USERS_UPDATE

DELETE

/cxf/bpc-core/im/users/{userId}/roles/{roleName}

Description

Delete the role of a user.

Consumes

  • application/json

Path Parameter

userId

the ID of the user

roleName

the name of the role to delete

Returns

HTTP Status Code

  • 200 : OK

  • 500 : Failure due to one of the following reasons:

    • Mandatory user id not given

    • Mandatory role not given

    • No identity manager found or another failure

  • 503 : Not supported by the used identity provider

Required Access Rights

The logged in user or API Key must have either the following role or right.

  • Role : IDENTITY_MANAGER_ADMIN

  • Right : IDENTITY_MANAGER_USERS_UPDATE

GET

/cxf/bpc-core/im/users/{userId}/rights

Description

Get the rights of a user as a JSON array.

Path Parameter

userId

the id of the user

Returns

The requested data.

Example response
[
  "CUSTOM_RIGHT1",
  "CUSTOM_RIGHT2"
]

HTTP Status Code

  • 200 : OK

  • 500 : Failure due to one of the following reasons:

    • User does not exist

    • No identity manager found or another failure

  • 503 : Not supported by the used identity provider

Content-Type

  • application/json; charset=UTF-8

Required Access Rights

The logged in user or API Key must have either the following role or right.

  • Role : IDENTITY_MANAGER_ADMIN

  • Right : IDENTITY_MANAGER_USER_RIGHTS_READ

POST

/cxf/bpc-core/im/users/{userId}/rights

Description

Add a right to a user by providing the data as JSON in the body.

Example body
{
  "id": "CUSTOM_RIGHT3"
}

Consumes

  • application/json

Path Parameter

userId

the ID of the user

Returns

HTTP Status Code

  • 200 : OK

  • 500 : Failure due to one of the following reasons:

    • Mandatory user id not given

    • Mandatory right not given

    • No identity manager found or another failure

  • 503 : Not supported by the used identity provider

Required Access Rights

The logged in user or API Key must have either the following role or right.

  • Role : IDENTITY_MANAGER_ADMIN

  • Right : IDENTITY_MANAGER_USERS_UPDATE

DELETE

/cxf/bpc-core/im/users/{userId}/rights/{rightName}

Description

Delete the right of a user.

Consumes

  • application/json

Path Parameter

userId

the ID of the user

rightName

the name of the right to delete

Returns

HTTP Status Code

  • 200 : OK

  • 500 : Failure due to one of the following reasons:

    • Mandatory user id not given

    • Mandatory right not given

    • No identity manager found or another failure

  • 503 : Not supported by the used identity provider

Required Access Rights

The logged in user or API Key must have either the following role or right.

  • Role : IDENTITY_MANAGER_ADMIN

  • Right : IDENTITY_MANAGER_USERS_UPDATE

GET

/cxf/bpc-core/im/users/{userId}

Description

Get the data of a user.

When used with Keycloak one of these Keycloak roles are needed: admin, realm-admin, manage-users, (query-users and view-users)

Path Parameter

userId

the ID of the user

Returns

The requested data.

Example response
{
  "id": "66",
  "userName": "of",
  "firstName": "Oliver",
  "lastName": "Fürniß",
  "displayName": "of",
  "email": "of@virtimo.de",
  "organisations": [
    "virtimo"
  ],
  "roles": [
    "bpcadmin"
  ],
  "rights": [
    "loadModule_vam",
    "loadModule_monitor",
    "loadModule_dashboard"
  ]
}

HTTP Status Code

  • 200 : OK

  • 500 : Failure due to one of the following reasons:

    • User does not exist

    • No identity manager found or another failure

  • 503 : Not supported by the used identity provider

Content-Type

  • application/json; charset=UTF-8

Required Access Rights

The logged in user or API Key must have either the following role or right.

  • Role : IDENTITY_MANAGER_ADMIN

  • Right : IDENTITY_MANAGER_USER_READ
Press Esc to exit full screen
Modal image placeholder
Press Esc to exit full screen