Download OpenAPI specification:Download
The PingOne Advanced Identity Cloud REST API lets you manage your Advanced Identity Cloud tenants. The API exposes access management and identity management endpoints, with additional endpoints specific to Advanced Identity Cloud tenant environments.
We are now publishing the API spec in OpenAPI 3.0. For the legacy Swagger 2.0 spec, please download swagger.yaml, but note that it may not contain all new functionality.
For full PingOne Advanced Identity Cloud documentation, please visit the docs website.
The PingOne Advanced Identity Cloud REST API has two different authentication methods:
For a summary of how to use these authentication methods, refer to Authenticate to Advanced Identity Cloud REST API.
Environment secrets and variables (ESVs) let you individually configure the development, staging, and production environments in your Advanced Identity Cloud tenant.
Variables are used to set configuration values that need to be different for each tenant environment. For example, an external service might need one URL in your development environment, but a different URL in your production environment.
Variables are not versioned, and can be read back. They should not contain secrets.
Variables are injected into Advanced Identity Cloud configuration when the underlying services are started or restarted.
_pageSize | integer [ 1 .. 100 ] Default: 25 Accept-API-Version: resource=2.0 only, maximum number of results returned by endpoint before paging |
_pagedResultsCookie | string Default: "" Accept-API-Version: resource=2.0 only, opaque data used for paging result data, can be used for paging instead of having to track pageSize and pagedResultsOffset |
_pagedResultsOffset | integer >= 0 Default: 0 Accept-API-Version: resource=2.0 only, offset of the first result to be returned by endpoint |
_onlyPending | boolean Default: false Accept-API-Version: resource=2.0 only, returns ESVs with unapplied changes |
Accept-API-Version | string resource=2.0 |
{- "pagedResultsCookie": null,
- "remainingPagedResults": 0,
- "result": [
- {
- "_id": "esv-myvariable1",
- "description": "My variable",
- "expressionType": "list",
- "lastChangeDate": "1999-12-31T23:59:59Z",
- "lastChangedBy": "bjensen",
- "loaded": false,
- "valueBase64": "ZGF0YQ=="
}
], - "resultCount": 4,
- "totalPagedResults": 1,
- "totalPagedResultsPolicy": "string"
}
variableId required | string^esv-[a-z0-9_-]{1,124}$ ID of the variable |
Accept-API-Version | string resource=2.0 |
{- "_id": "esv-myvariable1",
- "description": "My variable",
- "expressionType": "list",
- "lastChangeDate": "1999-12-31T23:59:59Z",
- "lastChangedBy": "bjensen",
- "loaded": false,
- "valueBase64": "ZGF0YQ=="
}
variableId required | string^esv-[a-z0-9_-]{1,124}$ ID of the variable |
Accept-API-Version | string resource=2.0 |
{- "_id": "esv-myvariable1",
- "description": "My variable",
- "expressionType": "list",
- "lastChangeDate": "1999-12-31T23:59:59Z",
- "lastChangedBy": "bjensen",
- "loaded": false,
- "valueBase64": "ZGF0YQ=="
}
variableId required | string^esv-[a-z0-9_-]{1,124}$ ID of the variable |
_action required | string Value: "setDescription" |
Accept-API-Version | string resource=2.0 |
The description of this variable
description required | string <= 1000 characters |
{- "description": "My secret"
}
{- "code": 401,
- "message": "unauthorized"
}
Create or update a variable using a predefined name. Once created, a variable name cannot be changed.
variableId required | string^esv-[a-z0-9_-]{1,124}$ ID of the variable |
Accept-API-Version | string resource=2.0 |
JSON body of the new variable
description | string <= 1000 characters |
expressionType | string Enum: "string" "list" "array" "object" "bool" "int" "number" "base64encodedinlined" "keyvaluelist" |
valueBase64 required | string <byte> ^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[... |
{- "description": "My variable",
- "expressionType": "array",
- "valueBase64": "ZGF0YQ=="
}
{- "_id": "esv-myvariable1",
- "description": "My variable",
- "expressionType": "list",
- "lastChangeDate": "1999-12-31T23:59:59Z",
- "lastChangedBy": "bjensen",
- "loaded": false,
- "valueBase64": "ZGF0YQ=="
}
Secrets are used to set configuration values that need encrypting. The values may or may not need to be different for each tenant environment. Authorization passwords and authentication signing keys are examples of secrets that might exist in your configuration.
Secrets can have multiple versions enabled to allow rotation, and once set they cannot be read back.
Secrets are injected into Advanced Identity Cloud configuration when the underlying services are started or restarted.
Get all secrets, but not their secret versions or secret version values.
_pageSize | integer [ 1 .. 100 ] Default: 25 Accept-API-Version: resource=2.0 only, maximum number of results returned by endpoint before paging |
_pagedResultsCookie | string Default: "" Accept-API-Version: resource=2.0 only, opaque data used for paging result data, can be used for paging instead of having to track pageSize and pagedResultsOffset |
_pagedResultsOffset | integer >= 0 Default: 0 Accept-API-Version: resource=2.0 only, offset of the first result to be returned by endpoint |
_onlyPending | boolean Default: false Accept-API-Version: resource=2.0 only, returns ESVs with unapplied changes |
Accept-API-Version | string resource=2.0 |
{- "pagedResultsCookie": "null",
- "remainingPagedResults": 0,
- "result": [
- {
- "_id": "esv-mysecret1",
- "activeVersion": "1",
- "description": "My secret",
- "encoding": "generic",
- "lastChangeDate": "1999-12-31T23:59:59Z",
- "lastChangedBy": "bjensen",
- "loaded": true,
- "loadedVersion": "1",
- "useInPlaceholders": true
}
], - "resultCount": 4,
- "totalPagedResults": 1,
- "totalPagedResultsPolicy": "string"
}
Delete a secret and all its secret versions and secret version values.
secretId required | string^esv-[a-z0-9_-]{1,124}$ ID of the secret |
Accept-API-Version | string resource=2.0 |
{- "_id": "esv-mysecret1",
- "activeVersion": "1",
- "description": "My secret",
- "encoding": "generic",
- "lastChangeDate": "1999-12-31T23:59:59Z",
- "lastChangedBy": "bjensen",
- "loaded": true,
- "loadedVersion": "1",
- "useInPlaceholders": true
}
Get a secret, but not its secret versions or secret version values.
secretId required | string^esv-[a-z0-9_-]{1,124}$ ID of the secret |
Accept-API-Version | string resource=2.0 |
{- "_id": "esv-mysecret1",
- "activeVersion": "1",
- "description": "My secret",
- "encoding": "generic",
- "lastChangeDate": "1999-12-31T23:59:59Z",
- "lastChangedBy": "bjensen",
- "loaded": true,
- "loadedVersion": "1",
- "useInPlaceholders": true
}
secretId required | string^esv-[a-z0-9_-]{1,124}$ ID of the secret |
_action required | string Value: "setDescription" |
The description of this secret
description required | string <= 1000 characters |
{- "description": "My secret"
}
{- "code": 401,
- "message": "unauthorized"
}
Create a secret and its first secret version.
secretId required | string^esv-[a-z0-9_-]{1,124}$ ID of the secret |
Accept-API-Version | string resource=2.0 |
JSON body of the new secret
description | string <= 1000 characters |
encoding required | string Enum: "generic" "pem" "base64hmac" "base64aes" |
useInPlaceholders required | boolean |
valueBase64 required | string <byte> ^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[... |
{- "description": "My secret",
- "encoding": "generic",
- "useInPlaceholders": true,
- "valueBase64": "ZGF0YQ=="
}
{- "_id": "esv-mysecret1",
- "activeVersion": "1",
- "description": "My secret",
- "encoding": "generic",
- "lastChangeDate": "1999-12-31T23:59:59Z",
- "lastChangedBy": "bjensen",
- "loaded": true,
- "loadedVersion": "1",
- "useInPlaceholders": true
}
Get all versions and version metadata of a secret. It is not possible to view the secret values.
secretId required | string^esv-[a-z0-9_-]{1,124}$ ID of the secret |
Accept-API-Version | string resource=2.0 |
[- {
- "createDate": "1999-12-31T23:59:59Z",
- "loaded": false,
- "status": "DISABLED",
- "version": "latest"
}
]
secretId required | string^esv-[a-z0-9_-]{1,124}$ ID of the secret |
_action required | string Value: "create" Can only be create |
Accept-API-Version | string resource=2.0 |
JSON body of the new secret version
valueBase64 required | string <byte> ^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[... |
{- "valueBase64": "ZGF0YQ=="
}
{- "createDate": "1999-12-31T23:59:59Z",
- "loaded": false,
- "status": "DISABLED",
- "version": "latest"
}
secretId required | string^esv-[a-z0-9_-]{1,124}$ ID of the secret |
versionId required | string^latest$|^[0-9]+$ ID of the secret version |
Accept-API-Version | string resource=2.0 |
{- "createDate": "1999-12-31T23:59:59Z",
- "loaded": false,
- "status": "DISABLED",
- "version": "latest"
}
Get a version and version metadata of a secret. It is not possible to view the secret value.
secretId required | string^esv-[a-z0-9_-]{1,124}$ ID of the secret |
versionId required | string^latest$|^[0-9]+$ ID of the secret version |
Accept-API-Version | string resource=2.0 |
{- "createDate": "1999-12-31T23:59:59Z",
- "loaded": false,
- "status": "DISABLED",
- "version": "latest"
}
Update the status of a version of a secret to either ENABLED or DISABLED. The latest version of a secret cannot be updated to a status of DISABLED.
secretId required | string^esv-[a-z0-9_-]{1,124}$ ID of the secret |
versionId required | string^latest$|^[0-9]+$ ID of the secret version |
_action required | string Value: "changestatus" Can only be changestatus |
Accept-API-Version | string resource=2.0 |
JSON body of the new status of the secret version
status required | string Enum: "DISABLED" "ENABLED" |
{- "status": "DISABLED"
}
{- "createDate": "1999-12-31T23:59:59Z",
- "loaded": false,
- "status": "DISABLED",
- "version": "latest"
}
A restart of Advanced Identity Cloud services is used when new variables or secrets have been created and need to be injected into Advanced Identity Cloud configuration.
Get restart status indicating whether any upgrade or rollout restart is taking place on Advanced Identity Cloud services.
Accept-API-Version | string resource=2.0 |
{- "restartStatus": "restarting"
}
Initiate restart of Advanced Identity Cloud services. This will inject any new variables or secrets into Advanced Identity Cloud configuration.
_action required | string Value: "restart" Can only be restart |
Accept-API-Version | string resource=2.0 |
{- "restartStatus": "restarting"
}
Get count of ESV secrets and variables in the environment.
_onlyPending | boolean Default: false Accept-API-Version: resource=2.0 only, returns ESVs with unapplied changes |
Accept-API-Version | string resource=2.0 |
{- "secrets": 10,
- "variables": 0
}
Advanced Identity Cloud lets you run self-service promotions to move configuration between a sequential pair of tenant environments.
Starts the lock process on the lower and upper environments
Accept-API-Version required | string protocol=1.0,resource=1.0 |
{- "description": "Environment lock in progress",
- "promotionId": "ba594bbe-a589-4676-80a4-42975a56f5b6",
- "result": "locking"
}
Start the unlock process on the lower and upper environments.
promotionId required | string Promotion unique identifier |
Accept-API-Version required | string protocol=1.0,resource=1.0 |
{- "description": "Environment unlocked",
- "promotionId": "ba594bbe-a589-4676-80a4-42975a56f5b6",
- "result": "unlocked"
}
Get the lock status of the lower and upper environments.
localLockOnly | boolean If set to true this parameter will only return the lock status of the environment the request is aimed at |
Accept-API-Version required | string protocol=1.0,resource=1.0 |
{- "description": "<meaningful when result=Error>",
- "lowerEnv": {
- "promotionId": "ba594bbe-a589-4676-80a4-42975a56f5b6",
- "proxyState": "string",
- "state": "string"
}, - "promotionId": "ba594bbe-a589-4676-80a4-42975a56f5b6",
- "result": "locked",
- "upperEnv": {
- "promotionId": "ba594bbe-a589-4676-80a4-42975a56f5b6",
- "proxyState": "string",
- "state": "string"
}
}
Get the status of a promotion, if one is in progress.
Accept-API-Version required | string protocol=1.0,resource=1.0 |
{- "blockingError": false,
- "encryptedSecrets": [
- "mySecret"
], - "globalLock": "LOCKED",
- "message": "Environment ready for promotion",
- "missingESVs": [
- "myVariable"
], - "promotionId": "7e7634c3-406e-4d37-80a3-d34461c2f309",
- "status": "READY",
- "timeStamp": "2022-02-01T14:17:02+01:00",
- "type": "promotion"
}
Promote configuration from the lower environment to the upper environment.
Accept-API-Version required | string protocol=1.0,resource=1.0 |
A request body with info required to initiate a promotion
dryRun required | boolean A boolean denoting whether this a dry run |
ignoreEncryptedSecrets | boolean A boolean denoting whether or not to ignore encrypted secrets detected in config during the promotion |
promoter | string The name of the admin user who initiated the promotion |
promotionDescription | string Promoter specified note to make it easier for them to identify what was promoted |
unlockEnvironmentsAfterPromotion | boolean A boolean denoting whether or not to automatically unlock the environments after a successful promotion |
zendeskTicketReference | string A string denoting the Zendesk ticket reference to be added to the promotion commit message |
{- "dryRun": true,
- "ignoreEncryptedSecrets": true,
- "promoter": "string",
- "promotionDescription": "string",
- "unlockEnvironmentsAfterPromotion": true,
- "zendeskTicketReference": "string"
}
{- "result": "Promotion Complete"
}
This will return the contents of the last run config promotion report
Accept-API-Version required | string protocol=1.0,resource=1.0 |
{- "createdDate": "2022-01-27T15-23+00Z",
- "dryRun": true,
- "missingESVs": [
- "myVariable"
], - "previouslyIgnoredEncryptedSecrets": [
- "string"
], - "promoter": "Barb Jensen",
- "promotionDescription": "Promoting our Forgotten Username journey",
- "promotionId": "da0c66a4-9f37-4f9a-9988-0786ad301b17",
- "report": {
- "AMConfig": [
- {
- "configChange": {
- "added": [
- {
- "name": "UMA Provider",
- "realm": "/bravo",
- "uid": "ou=39c08084-1238-43e8-857f-2e11005eac49,ou=scriptConfigurations,ou=default,ou=OrganizationConfig,ou=1.0,ou=ScriptingService,ou=services,o=alpha,ou=services,ou=am-config"
}
], - "deleted": [
- {
- "name": "UMA Provider",
- "realm": "/bravo",
- "uid": "ou=39c08084-1238-43e8-857f-2e11005eac49,ou=scriptConfigurations,ou=default,ou=OrganizationConfig,ou=1.0,ou=ScriptingService,ou=services,o=alpha,ou=services,ou=am-config"
}
], - "modified": [
- {
- "name": "UMA Provider",
- "realm": "/bravo",
- "uid": "ou=39c08084-1238-43e8-857f-2e11005eac49,ou=scriptConfigurations,ou=default,ou=OrganizationConfig,ou=1.0,ou=ScriptingService,ou=services,o=alpha,ou=services,ou=am-config"
}
]
}, - "configItem": "Email > Templates"
}
], - "IDMConfig": [
- {
- "configChange": {
- "added": [
- {
- "name": "UMA Provider",
- "realm": "/bravo",
- "uid": "ou=39c08084-1238-43e8-857f-2e11005eac49,ou=scriptConfigurations,ou=default,ou=OrganizationConfig,ou=1.0,ou=ScriptingService,ou=services,o=alpha,ou=services,ou=am-config"
}
], - "deleted": [
- {
- "name": "UMA Provider",
- "realm": "/bravo",
- "uid": "ou=39c08084-1238-43e8-857f-2e11005eac49,ou=scriptConfigurations,ou=default,ou=OrganizationConfig,ou=1.0,ou=ScriptingService,ou=services,o=alpha,ou=services,ou=am-config"
}
], - "modified": [
- {
- "name": "UMA Provider",
- "realm": "/bravo",
- "uid": "ou=39c08084-1238-43e8-857f-2e11005eac49,ou=scriptConfigurations,ou=default,ou=OrganizationConfig,ou=1.0,ou=ScriptingService,ou=services,o=alpha,ou=services,ou=am-config"
}
]
}, - "configItem": "Email > Templates"
}
]
}, - "reportId": "da0c66a4-9f37-4f9a-9988-0786ad301b17",
- "reportName": "Report_2022-01-27T15-23+00Z_dryrun=true_a7456dd2-1acd-4bd9-8555-d44b2275a2da",
- "type": "promotion"
}
Get a specific promotion report.
reportId required | string Promotion report unique identifier |
Accept-API-Version required | string protocol=1.0,resource=1.0 |
{- "createdDate": "2022-01-27T15-23+00Z",
- "dryRun": true,
- "missingESVs": [
- "myVariable"
], - "previouslyIgnoredEncryptedSecrets": [
- "string"
], - "promoter": "Barb Jensen",
- "promotionDescription": "Promoting our Forgotten Username journey",
- "promotionId": "da0c66a4-9f37-4f9a-9988-0786ad301b17",
- "report": {
- "AMConfig": [
- {
- "configChange": {
- "added": [
- {
- "name": "UMA Provider",
- "realm": "/bravo",
- "uid": "ou=39c08084-1238-43e8-857f-2e11005eac49,ou=scriptConfigurations,ou=default,ou=OrganizationConfig,ou=1.0,ou=ScriptingService,ou=services,o=alpha,ou=services,ou=am-config"
}
], - "deleted": [
- {
- "name": "UMA Provider",
- "realm": "/bravo",
- "uid": "ou=39c08084-1238-43e8-857f-2e11005eac49,ou=scriptConfigurations,ou=default,ou=OrganizationConfig,ou=1.0,ou=ScriptingService,ou=services,o=alpha,ou=services,ou=am-config"
}
], - "modified": [
- {
- "name": "UMA Provider",
- "realm": "/bravo",
- "uid": "ou=39c08084-1238-43e8-857f-2e11005eac49,ou=scriptConfigurations,ou=default,ou=OrganizationConfig,ou=1.0,ou=ScriptingService,ou=services,o=alpha,ou=services,ou=am-config"
}
]
}, - "configItem": "Email > Templates"
}
], - "IDMConfig": [
- {
- "configChange": {
- "added": [
- {
- "name": "UMA Provider",
- "realm": "/bravo",
- "uid": "ou=39c08084-1238-43e8-857f-2e11005eac49,ou=scriptConfigurations,ou=default,ou=OrganizationConfig,ou=1.0,ou=ScriptingService,ou=services,o=alpha,ou=services,ou=am-config"
}
], - "deleted": [
- {
- "name": "UMA Provider",
- "realm": "/bravo",
- "uid": "ou=39c08084-1238-43e8-857f-2e11005eac49,ou=scriptConfigurations,ou=default,ou=OrganizationConfig,ou=1.0,ou=ScriptingService,ou=services,o=alpha,ou=services,ou=am-config"
}
], - "modified": [
- {
- "name": "UMA Provider",
- "realm": "/bravo",
- "uid": "ou=39c08084-1238-43e8-857f-2e11005eac49,ou=scriptConfigurations,ou=default,ou=OrganizationConfig,ou=1.0,ou=ScriptingService,ou=services,o=alpha,ou=services,ou=am-config"
}
]
}, - "configItem": "Email > Templates"
}
]
}, - "reportId": "da0c66a4-9f37-4f9a-9988-0786ad301b17",
- "reportName": "Report_2022-01-27T15-23+00Z_dryrun=true_a7456dd2-1acd-4bd9-8555-d44b2275a2da",
- "type": "promotion"
}
Get a provisional report of changes since the last time the lower environment was promoted to the upper environment. The report generated is for informational purposes only and may not reflect all the changes in a full promotion. A dry-run promotion is always recommended prior to a full promotion between environments.
Accept-API-Version required | string protocol=1.0,resource=1.0 |
{- "createdDate": "2022-01-27T15-23+00Z",
- "dryRun": true,
- "missingESVs": [
- "myVariable"
], - "previouslyIgnoredEncryptedSecrets": [
- "string"
], - "promoter": "Barb Jensen",
- "promotionDescription": "Promoting our Forgotten Username journey",
- "promotionId": "da0c66a4-9f37-4f9a-9988-0786ad301b17",
- "report": {
- "AMConfig": [
- {
- "configChange": {
- "added": [
- {
- "name": "UMA Provider",
- "realm": "/bravo",
- "uid": "ou=39c08084-1238-43e8-857f-2e11005eac49,ou=scriptConfigurations,ou=default,ou=OrganizationConfig,ou=1.0,ou=ScriptingService,ou=services,o=alpha,ou=services,ou=am-config"
}
], - "deleted": [
- {
- "name": "UMA Provider",
- "realm": "/bravo",
- "uid": "ou=39c08084-1238-43e8-857f-2e11005eac49,ou=scriptConfigurations,ou=default,ou=OrganizationConfig,ou=1.0,ou=ScriptingService,ou=services,o=alpha,ou=services,ou=am-config"
}
], - "modified": [
- {
- "name": "UMA Provider",
- "realm": "/bravo",
- "uid": "ou=39c08084-1238-43e8-857f-2e11005eac49,ou=scriptConfigurations,ou=default,ou=OrganizationConfig,ou=1.0,ou=ScriptingService,ou=services,o=alpha,ou=services,ou=am-config"
}
]
}, - "configItem": "Email > Templates"
}
], - "IDMConfig": [
- {
- "configChange": {
- "added": [
- {
- "name": "UMA Provider",
- "realm": "/bravo",
- "uid": "ou=39c08084-1238-43e8-857f-2e11005eac49,ou=scriptConfigurations,ou=default,ou=OrganizationConfig,ou=1.0,ou=ScriptingService,ou=services,o=alpha,ou=services,ou=am-config"
}
], - "deleted": [
- {
- "name": "UMA Provider",
- "realm": "/bravo",
- "uid": "ou=39c08084-1238-43e8-857f-2e11005eac49,ou=scriptConfigurations,ou=default,ou=OrganizationConfig,ou=1.0,ou=ScriptingService,ou=services,o=alpha,ou=services,ou=am-config"
}
], - "modified": [
- {
- "name": "UMA Provider",
- "realm": "/bravo",
- "uid": "ou=39c08084-1238-43e8-857f-2e11005eac49,ou=scriptConfigurations,ou=default,ou=OrganizationConfig,ou=1.0,ou=ScriptingService,ou=services,o=alpha,ou=services,ou=am-config"
}
]
}, - "configItem": "Email > Templates"
}
]
}, - "reportId": "da0c66a4-9f37-4f9a-9988-0786ad301b17",
- "reportName": "Report_2022-01-27T15-23+00Z_dryrun=true_a7456dd2-1acd-4bd9-8555-d44b2275a2da",
- "type": "promotion"
}
Get a provisional rollback report of changes when we rollback the configuration to the previous promotion.
Accept-API-Version required | string protocol=1.0,resource=1.0 |
{- "createdDate": "2022-01-27T15-23+00Z",
- "dryRun": true,
- "missingESVs": [
- "myVariable"
], - "previouslyIgnoredEncryptedSecrets": [
- "string"
], - "promoter": "Barb Jensen",
- "promotionDescription": "Promoting our Forgotten Username journey",
- "promotionId": "da0c66a4-9f37-4f9a-9988-0786ad301b17",
- "report": {
- "AMConfig": [
- {
- "configChange": {
- "added": [
- {
- "name": "UMA Provider",
- "realm": "/bravo",
- "uid": "ou=39c08084-1238-43e8-857f-2e11005eac49,ou=scriptConfigurations,ou=default,ou=OrganizationConfig,ou=1.0,ou=ScriptingService,ou=services,o=alpha,ou=services,ou=am-config"
}
], - "deleted": [
- {
- "name": "UMA Provider",
- "realm": "/bravo",
- "uid": "ou=39c08084-1238-43e8-857f-2e11005eac49,ou=scriptConfigurations,ou=default,ou=OrganizationConfig,ou=1.0,ou=ScriptingService,ou=services,o=alpha,ou=services,ou=am-config"
}
], - "modified": [
- {
- "name": "UMA Provider",
- "realm": "/bravo",
- "uid": "ou=39c08084-1238-43e8-857f-2e11005eac49,ou=scriptConfigurations,ou=default,ou=OrganizationConfig,ou=1.0,ou=ScriptingService,ou=services,o=alpha,ou=services,ou=am-config"
}
]
}, - "configItem": "Email > Templates"
}
], - "IDMConfig": [
- {
- "configChange": {
- "added": [
- {
- "name": "UMA Provider",
- "realm": "/bravo",
- "uid": "ou=39c08084-1238-43e8-857f-2e11005eac49,ou=scriptConfigurations,ou=default,ou=OrganizationConfig,ou=1.0,ou=ScriptingService,ou=services,o=alpha,ou=services,ou=am-config"
}
], - "deleted": [
- {
- "name": "UMA Provider",
- "realm": "/bravo",
- "uid": "ou=39c08084-1238-43e8-857f-2e11005eac49,ou=scriptConfigurations,ou=default,ou=OrganizationConfig,ou=1.0,ou=ScriptingService,ou=services,o=alpha,ou=services,ou=am-config"
}
], - "modified": [
- {
- "name": "UMA Provider",
- "realm": "/bravo",
- "uid": "ou=39c08084-1238-43e8-857f-2e11005eac49,ou=scriptConfigurations,ou=default,ou=OrganizationConfig,ou=1.0,ou=ScriptingService,ou=services,o=alpha,ou=services,ou=am-config"
}
]
}, - "configItem": "Email > Templates"
}
]
}, - "reportId": "da0c66a4-9f37-4f9a-9988-0786ad301b17",
- "reportName": "Report_2022-01-27T15-23+00Z_dryrun=true_a7456dd2-1acd-4bd9-8555-d44b2275a2da",
- "type": "promotion"
}
Get a list of previous promotion reports in date order.
Accept-API-Version required | string protocol=1.0,resource=1.0 |
[- {
- "createdDate": "2022-01-19T13:04:00Z",
- "dryRun": true,
- "promotionId": "7575f185-cd0b-4823-b8b1-f677895291d4",
- "reportId": "d19e140-8325-4669-b9f3-1cd82784e24e",
- "type": "rollback"
}, - {
- "createdDate": "2022-01-19T13:05:00Z",
- "dryRun": true,
- "promotionId": "7575f185-cd0b-4823-b8b1-f677895291dt",
- "reportId": "d19e140-8325-4669-b9f3-1cd82784e24f",
- "type": "promotion"
}
]
Rollback the most recent configuration promotion.
Accept-API-Version required | string protocol=1.0,resource=1.0 |
A request body with info required to initiate a rollback
promoter | string The name of the admin user who initiated the promotion |
promotionDescription | string Promoter specified note to make it easier for them to identify what was promoted |
unlockEnvironmentsAfterPromotion | boolean A boolean denoting whether or not to automatically unlock the environments after a successful promotion |
zendeskTicketReference | string A string denoting the Zendesk ticket reference to be added to the promotion commit message |
{- "promoter": "string",
- "promotionDescription": "string",
- "unlockEnvironmentsAfterPromotion": true,
- "zendeskTicketReference": "string"
}
{- "result": "Rollback Complete"
}
Advanced Identity Cloud gives you the ability to configure various environment settings via REST.
Returns all certificates installed in the tenant.
[- {
- "active": true,
- "certificate": "string",
- "expireTime": "string",
- "id": "string",
- "issuer": "string",
- "live": true,
- "subject": "string",
- "subjectAlternativeNames": [
- "string"
], - "validFromTime": "string"
}
]
Upload a new certificate to the tenant.
JSON body of the new certificate
active | boolean The active status of the certificate. Set this to true for the certificate to actively be served. |
certificate required | string The PEM formatted certificate. |
privateKey required | string The private key for the certificate. For security reasons, only insert requests include this field. |
{- "active": true,
- "certificate": "string",
- "privateKey": "string"
}
{- "active": true,
- "certificate": "string",
- "expireTime": "string",
- "id": "string",
- "issuer": "string",
- "live": true,
- "subject": "string",
- "subjectAlternativeNames": [
- "string"
], - "validFromTime": "string"
}
Deletes a certificate installed on the tenant. This certificate must be disabled before deletion will be allowed.
id required | string ID of the certificate resource |
{- "code": 400,
- "message": "string"
}
Returns information about a certificate installed on the tenant.
id required | string ID of the certificate resource |
{- "active": true,
- "certificate": "string",
- "expireTime": "string",
- "id": "string",
- "issuer": "string",
- "live": true,
- "subject": "string",
- "subjectAlternativeNames": [
- "string"
], - "validFromTime": "string"
}
Updates information about a certificate installed on the tenant. This can be used to enable / disable certificates.
id required | string ID of the certificate resource |
JSON body of the updated certificate
active | boolean The active status of the certificate. Set this to true for the certificate to actively be served. |
{- "active": true
}
{- "active": true,
- "certificate": "string",
- "expireTime": "string",
- "id": "string",
- "issuer": "string",
- "live": true,
- "subject": "string",
- "subjectAlternativeNames": [
- "string"
], - "validFromTime": "string"
}
Returns all certificate signing requests created in the environment
[- {
- "algorithm": "string",
- "certificateID": "string",
- "createdDate": "2006-01-02T15:04:05Z07:00",
- "id": "string",
- "request": "string",
- "subject": "string",
- "subjectAlternativeNames": [
- "string"
]
}
]
Create a new certificate signing request
JSON body of the new certificate signing request
algorithm | string Default: "rsa" Enum: "rsa" "ecdsa" The algorithm for the private key. The encryption algorithm will either be RSA-2048 or ECDSA P-256 depending on the algorithm choice. The default is RSA-2048. |
businessCategory | string Category of business, such as "Private Organization", “Government Entity”, “Business Entity”, or “Non-Commercial Entity”. Relevant for EV certificates. |
city | string |
commonName | string Domain name that the SSL certificate is securing |
country | string[A-Z]{2} Two-letter ISO-3166 country code |
string^\S+@\S+$ | |
jurisdictionCity | string This field contains only information relevant to the Jurisdiction of Incorporation or Registration. Relevant for EV certificates. |
jurisdictionCountry | string This field contains only information relevant to the Jurisdiction of Incorporation or Registration. Relevant for EV certificates. |
jurisdictionState | string This field contains only information relevant to the Jurisdiction of Incorporation or Registration. Relevant for EV certificates. |
organization | string Full name of company |
organizationalUnit | string Company section or department |
postalCode | string |
serialNumber | string The Registration (or similar) Number assigned to the Subject by the Incorporating or Registration Agency in its Jurisdiction of Incorporation or Registration. Relevant for EV certificates. |
state | string |
streetAddress | string |
subjectAlternativeNames | Array of strings Default: [] Additional domain or domains that the SSL certificate is securing |
{- "algorithm": "rsa",
- "subjectAlternativeNames": [ ]
}
{- "algorithm": "string",
- "certificateID": "string",
- "createdDate": "2006-01-02T15:04:05Z07:00",
- "id": "string",
- "request": "string",
- "subject": "string",
- "subjectAlternativeNames": [
- "string"
]
}
Returns information about a CSR created in the tenant.
id required | string ID of the CSR |
{- "algorithm": "string",
- "certificateID": "string",
- "createdDate": "2006-01-02T15:04:05Z07:00",
- "id": "string",
- "request": "string",
- "subject": "string",
- "subjectAlternativeNames": [
- "string"
]
}
Upload a certificate to complete a CSR request, installing the certificate in the tenant. Only the certificate
field can be set on an upload request.
id required | string ID of the certificateSigningRequest |
JSON body of the new certificate signing request
certificate required | string The matching signed certificate for the request. This should only be set on update requests to upload the certificate. |
{- "certificate": "string"
}
{- "algorithm": "string",
- "certificateID": "string",
- "createdDate": "2006-01-02T15:04:05Z07:00",
- "id": "string",
- "request": "string",
- "subject": "string",
- "subjectAlternativeNames": [
- "string"
]
}
Specify enforced content security policy
Enforced content security policy to apply to the tenant
active | boolean |
object |
{- "active": true,
- "directives": {
- "property1": [
- "string"
], - "property2": [
- "string"
]
}
}
{- "active": true,
- "directives": {
- "property1": [
- "string"
], - "property2": [
- "string"
]
}
}
Specify report-only content security policy
Enforced content security policy to apply to the tenant
active | boolean |
object |
{- "active": true,
- "directives": {
- "property1": [
- "string"
], - "property2": [
- "string"
]
}
}
{- "active": true,
- "directives": {
- "property1": [
- "string"
], - "property2": [
- "string"
]
}
}
Specify cookie domains
Cookie domains
domains | Array of strings Cookie domains |
{- "domains": [
- "string"
]
}
{- "domains": [
- "string"
]
}
Verify a CNAME
_action required | string Value: "verify" Requested action type |
Custom domain
name required | string The canonical name of the domain to be validated. |
{- "name": "string"
}
{- "code": 400,
- "message": "string"
}
Specify custom domains
realm required | string Enum: "alpha" "bravo" Realm for the domain |
Custom domains
domains | Array of strings Custom domains |
{- "domains": [
- "string"
]
}
{- "domains": [
- "string"
]
}
Specify which admin groups are required to use federation
Enforcement settings to apply to the tenant
groups required | string Enum: "none" "non-global" "all" |
{- "groups": "none"
}
{- "groups": "none"
}
Specify SSO cookie configuration
SSO cookie configuration to apply to the tenant
name required | string^[a-zA-Z0-9]{1,32}$ |
{- "name": "string"
}
{- "name": "string"
}
Returns all user configured Proxy Connect header rules in the tenant.
{- "enabled": true,
- "headers": [
- {
- "header": "string",
- "value": "string"
}
], - "requestId": "string",
- "requestStatus": "PENDING"
}
Sets/Updates user configured Proxy Connect header rules in the tenant.
JSON body of Proxy Connect header rules
enabled required | boolean Enables Proxy Connect header rules |
Array of objects Request with headers allowed to access the tenant |
{- "enabled": true,
- "headers": [
- {
- "header": "string",
- "value": "string"
}
]
}
{- "enabled": true,
- "headers": [
- {
- "header": "string",
- "value": "string"
}
], - "requestId": "string",
- "requestStatus": "PENDING"
}
Sets/Updates user configured Proxy Connect IP rules in the tenant.
JSON body of Proxy Connect IP rules
enabled required | boolean Enables Proxy Connect IP rules |
ipRanges | Array of strings IP addresses allowed to access the tenant |
{- "enabled": true,
- "ipRanges": [
- "string"
]
}
{- "enabled": true,
- "ipRanges": [
- "string"
], - "requestId": "string",
- "requestStatus": "PENDING"
}
Get API keys
_prettyPrint | boolean Default: false |
{- "pagedResultsCookie": null,
- "remainingPagedResults": 0,
- "result": [
- {
- "api_key_id": "6bb87441bf070d79cd6bbe59125c92d3",
- "created_at": "2020-05-18T20:38:36.738153Z",
- "name": "Log access API key"
}
], - "resultCount": 1,
- "totalPagedResults": 1,
- "totalPagedResultsPolicy": "NONE"
}
Create API key
_action | string create |
API key create request
name | string |
{- "name": "string"
}
{- "api_key_id": "6bb87441bf070d79cd6bbe59125c92d3",
- "api_key_secret": "4a813e5f3cc012426ed4d30cb0950b9a3182b07b2f9978075a6d2088a5ca8cce",
- "created_at": "2020-05-18T20:38:36.738153Z",
- "name": "Log access API key"
}
Get API key
api_key_id required | string >= 1 |
_prettyPrint | boolean Default: false |
{- "api_key_id": "6bb87441bf070d79cd6bbe59125c92d3",
- "created_at": "2020-05-18T20:38:36.738153Z",
- "name": "Log access API key"
}
Get log events
source | string |
beginTime | string <date-time> |
endTime | string <date-time> |
_pageSize | integer |
_pagedResultsCookie | string |
_prettyPrint | boolean Default: false |
_sortKeys | string |
_queryFilter | string |
transactionId | string |
{- "pagedResultsCookie": "789A6SDF78967FSD89A67689FDAS",
- "remainingPagedResults": -1,
- "result": [
- {
- "payload": {
- "_id": "92c9b6a4-f36f-438a-b1d4-c6e6bd909da6-783933",
- "client": {
- "ip": "198.51.101.0"
}, - "component": "OAuth",
- "eventName": "AM-ACCESS-ATTEMPT",
- "http": {
- "request": {
- "headers": {
- "content-type": [
- "application/x-www-form-urlencoded"
], - "host": [
- "<tenant-env-fqdn>"
], - "user-agent": [
- "Apache-HttpClient/4.5.13 (Java/11.0.11)"
], - "x-forwarded-for": [
- "198.51.101.0, 203.0.116.0, 192.0.3.255"
], - "x-forwarded-proto": [
- "https"
]
}, - "method": "POST",
- "secure": true
}
}, - "level": "INFO",
- "realm": "/alpha",
- "request": {
- "detail": {
- "client_id": "RCSClient",
- "grant_type": "client_credentials",
- "scope": "fr:idm:*"
}
}, - "source": "audit",
- "timestamp": "2019-08-24T14:15:22Z",
- "topic": "access",
- "transactionId": "1634116808645-2e50ecbf0df5407a6870-226587/0"
}, - "source": "am-authentication",
- "timestamp": "2019-08-24T14:15:22Z",
- "type": "application/json"
}
], - "resultCount": 1,
- "totalPagedResults": -1,
- "totalPagedResultsPolicy": "NONE"
}
Get log sources
_pageSize | integer |
_pagedResouresOffset | integer |
_prettyPrint | boolean Default: false |
{- "pagedResultsCookie": null,
- "remainingPagedResults": 0,
- "result": [
- "am-access",
- "am-activity",
- "am-authentication",
- "am-config",
- "am-core",
- "am-everything",
- "idm-access",
- "idm-activity",
- "idm-authentication",
- "idm-config",
- "idm-core",
- "idm-everything",
- "idm-recon",
- "idm-sync"
], - "resultCount": 4,
- "totalPagedResults": 1,
- "totalPagedResultsPolicy": "NONE"
}
Tail log events
source | string |
_pagedResultsCookie | string |
_prettyPrint | boolean Default: false |
_queryFilter | string |
transactionId | string |
{- "pagedResultsCookie": "789A6SDF78967FSD89A67689FDAS",
- "remainingPagedResults": -1,
- "result": [
- {
- "payload": {
- "_id": "92c9b6a4-f36f-438a-b1d4-c6e6bd909da6-783933",
- "client": {
- "ip": "198.51.101.0"
}, - "component": "OAuth",
- "eventName": "AM-ACCESS-ATTEMPT",
- "http": {
- "request": {
- "headers": {
- "content-type": [
- "application/x-www-form-urlencoded"
], - "host": [
- "<tenant-env-fqdn>"
], - "user-agent": [
- "Apache-HttpClient/4.5.13 (Java/11.0.11)"
], - "x-forwarded-for": [
- "198.51.101.0, 203.0.116.0, 192.0.3.255"
], - "x-forwarded-proto": [
- "https"
]
}, - "method": "POST",
- "secure": true
}
}, - "level": "INFO",
- "realm": "/alpha",
- "request": {
- "detail": {
- "client_id": "RCSClient",
- "grant_type": "client_credentials",
- "scope": "fr:idm:*"
}
}, - "source": "audit",
- "timestamp": "2019-08-24T14:15:22Z",
- "topic": "access",
- "transactionId": "1634116808645-2e50ecbf0df5407a6870-226587/0"
}, - "source": "am-authentication",
- "timestamp": "2019-08-24T14:15:22Z",
- "type": "application/json"
}
], - "resultCount": 1,
- "totalPagedResults": -1,
- "totalPagedResultsPolicy": "NONE"
}
AM prometheus metrics
# HELP am_cts_task_queue_size number of operations waiting in a CTS queue # TYPE am_cts_task_queue_size gauge am_cts_task_queue_size{kubernetes_pod_name="am-568cc4fbb6-cjnpg",} 0.0
IDM prometheus metrics
# HELP idm_audit Generated from Dropwizard metric import (metric=audit.access, type=summary) # TYPE idm_audit summary idm_audit_total{kubernetes_pod_name="idm-0",audit_topic="access",} 3304.0