PingOne Advanced Identity Cloud API
Download OpenAPI specification:Download
The PingOne Advanced Identity Cloud REST API lets you manage your Advanced Identity Cloud tenants. The API exposes access management and identity management endpoints, with additional endpoints specific to Advanced Identity Cloud tenant environments.
We are now publishing the API spec in OpenAPI 3.0. For the legacy Swagger 2.0 spec, please download swagger.yaml, but note that it may not contain all new functionality.
For full PingOne Advanced Identity Cloud documentation, please visit the docs website.
The PingOne Advanced Identity Cloud REST API has two different authentication methods:
- API key and secret: used for tenant read-only operations
- Access token: used for access management operations, identity management operations or tenant write operations
For a summary of how to use these authentication methods, refer to Authenticate to Advanced Identity Cloud REST API.
Environment secrets and variables (ESVs) let you individually configure the development, staging, and production environments in your Advanced Identity Cloud tenant.
Variables are used to set configuration values that need to be different for each tenant environment. For example, an external service might need one URL in your development environment, but a different URL in your production environment.
Variables are not versioned, and can be read back. They should not contain secrets.
Variables are injected into Advanced Identity Cloud configuration when the underlying services are started or restarted.
Get all variables
Authorizations:
query Parameters
| _pageSize | integer [ 1 .. 100 ] Default: 25 Accept-API-Version: resource=2.0 only, maximum number of results returned by endpoint before paging |
| _pagedResultsCookie | string Default: "" Accept-API-Version: resource=2.0 only, opaque data used for paging result data, can be used for paging instead of having to track pageSize and pagedResultsOffset |
| _pagedResultsOffset | integer >= 0 Default: 0 Accept-API-Version: resource=2.0 only, offset of the first result to be returned by endpoint |
| _onlyPending | boolean Default: false Accept-API-Version: resource=2.0 only, returns ESVs with unapplied changes |
header Parameters
| Accept-API-Version | string resource=2.0 |
Responses
Response samples
- 200
- 401
- default
{- "pagedResultsCookie": null,
- "remainingPagedResults": 0,
- "result": [
- {
- "_id": "esv-myvariable1",
- "description": "My variable",
- "expressionType": "list",
- "lastChangeDate": "1999-12-31T23:59:59Z",
- "lastChangedBy": "bjensen",
- "loaded": false,
- "valueBase64": "ZGF0YQ=="
}
], - "resultCount": 4,
- "totalPagedResults": 1,
- "totalPagedResultsPolicy": "string"
}Delete a variable
Authorizations:
path Parameters
| variableId required | string^esv-[a-z0-9_-]{1,124}$ ID of the variable |
header Parameters
| Accept-API-Version | string resource=2.0 |
Responses
Response samples
- 200
- 401
- default
{- "_id": "esv-myvariable1",
- "description": "My variable",
- "expressionType": "list",
- "lastChangeDate": "1999-12-31T23:59:59Z",
- "lastChangedBy": "bjensen",
- "loaded": false,
- "valueBase64": "ZGF0YQ=="
}Get a variable
Authorizations:
path Parameters
| variableId required | string^esv-[a-z0-9_-]{1,124}$ ID of the variable |
header Parameters
| Accept-API-Version | string resource=2.0 |
Responses
Response samples
- 200
- 401
- default
{- "_id": "esv-myvariable1",
- "description": "My variable",
- "expressionType": "list",
- "lastChangeDate": "1999-12-31T23:59:59Z",
- "lastChangedBy": "bjensen",
- "loaded": false,
- "valueBase64": "ZGF0YQ=="
}Set a variable description
Authorizations:
path Parameters
| variableId required | string^esv-[a-z0-9_-]{1,124}$ ID of the variable |
query Parameters
| _action required | string Value: "setDescription" |
header Parameters
| Accept-API-Version | string resource=2.0 |
Request Body schema: application/jsonrequired
The description of this variable
| description required | string <= 1000 characters |
Responses
Request samples
- Payload
{- "description": "My secret"
}Response samples
- 401
- default
{- "code": 401,
- "message": "unauthorized"
}Create or update a variable
Create or update a variable using a predefined name. Once created, a variable name cannot be changed.
Authorizations:
path Parameters
| variableId required | string^esv-[a-z0-9_-]{1,124}$ ID of the variable |
header Parameters
| Accept-API-Version | string resource=2.0 |
Request Body schema: application/jsonrequired
JSON body of the new variable
| description | string <= 1000 characters |
| expressionType | string Enum: "string" "list" "array" "object" "bool" "int" "number" "base64encodedinlined" "keyvaluelist" |
| valueBase64 required | string <byte> ^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[... |
Responses
Request samples
- Payload
{- "description": "My variable",
- "expressionType": "array",
- "valueBase64": "ZGF0YQ=="
}Response samples
- 200
- 401
- default
{- "_id": "esv-myvariable1",
- "description": "My variable",
- "expressionType": "list",
- "lastChangeDate": "1999-12-31T23:59:59Z",
- "lastChangedBy": "bjensen",
- "loaded": false,
- "valueBase64": "ZGF0YQ=="
}Secrets are used to set configuration values that need encrypting. The values may or may not need to be different for each tenant environment. Authorization passwords and authentication signing keys are examples of secrets that might exist in your configuration.
Secrets can have multiple versions enabled to allow rotation, and once set they cannot be read back.
Secrets are injected into Advanced Identity Cloud configuration when the underlying services are started or restarted.
Get all secrets
Get all secrets, but not their secret versions or secret version values.
Authorizations:
query Parameters
| _pageSize | integer [ 1 .. 100 ] Default: 25 Accept-API-Version: resource=2.0 only, maximum number of results returned by endpoint before paging |
| _pagedResultsCookie | string Default: "" Accept-API-Version: resource=2.0 only, opaque data used for paging result data, can be used for paging instead of having to track pageSize and pagedResultsOffset |
| _pagedResultsOffset | integer >= 0 Default: 0 Accept-API-Version: resource=2.0 only, offset of the first result to be returned by endpoint |
| _onlyPending | boolean Default: false Accept-API-Version: resource=2.0 only, returns ESVs with unapplied changes |
header Parameters
| Accept-API-Version | string resource=2.0 |
Responses
Response samples
- 200
- 401
- default
{- "pagedResultsCookie": "null",
- "remainingPagedResults": 0,
- "result": [
- {
- "_id": "esv-mysecret1",
- "activeVersion": "1",
- "description": "My secret",
- "encoding": "generic",
- "lastChangeDate": "1999-12-31T23:59:59Z",
- "lastChangedBy": "bjensen",
- "loaded": true,
- "loadedVersion": "1",
- "useInPlaceholders": true
}
], - "resultCount": 4,
- "totalPagedResults": 1,
- "totalPagedResultsPolicy": "string"
}Delete a secret
Delete a secret and all its secret versions and secret version values.
Authorizations:
path Parameters
| secretId required | string^esv-[a-z0-9_-]{1,124}$ ID of the secret |
header Parameters
| Accept-API-Version | string resource=2.0 |
Responses
Response samples
- 200
- 401
- default
{- "_id": "esv-mysecret1",
- "activeVersion": "1",
- "description": "My secret",
- "encoding": "generic",
- "lastChangeDate": "1999-12-31T23:59:59Z",
- "lastChangedBy": "bjensen",
- "loaded": true,
- "loadedVersion": "1",
- "useInPlaceholders": true
}Get a secret
Get a secret, but not its secret versions or secret version values.
Authorizations:
path Parameters
| secretId required | string^esv-[a-z0-9_-]{1,124}$ ID of the secret |
header Parameters
| Accept-API-Version | string resource=2.0 |
Responses
Response samples
- 200
- 401
- default
{- "_id": "esv-mysecret1",
- "activeVersion": "1",
- "description": "My secret",
- "encoding": "generic",
- "lastChangeDate": "1999-12-31T23:59:59Z",
- "lastChangedBy": "bjensen",
- "loaded": true,
- "loadedVersion": "1",
- "useInPlaceholders": true
}Set a secret description
Authorizations:
path Parameters
| secretId required | string^esv-[a-z0-9_-]{1,124}$ ID of the secret |
query Parameters
| _action required | string Value: "setDescription" |
Request Body schema: application/jsonrequired
The description of this secret
| description required | string <= 1000 characters |
Responses
Request samples
- Payload
{- "description": "My secret"
}Response samples
- 401
- default
{- "code": 401,
- "message": "unauthorized"
}Create a secret
Create a secret and its first secret version.
Authorizations:
path Parameters
| secretId required | string^esv-[a-z0-9_-]{1,124}$ ID of the secret |
header Parameters
| Accept-API-Version | string resource=2.0 |
Request Body schema: application/jsonrequired
JSON body of the new secret
| description | string <= 1000 characters |
| encoding required | string Enum: "generic" "pem" "base64hmac" "base64aes" |
| useInPlaceholders required | boolean |
| valueBase64 required | string <byte> ^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[... |
Responses
Request samples
- Payload
{- "description": "My secret",
- "encoding": "generic",
- "useInPlaceholders": true,
- "valueBase64": "ZGF0YQ=="
}Response samples
- 200
- 401
- default
{- "_id": "esv-mysecret1",
- "activeVersion": "1",
- "description": "My secret",
- "encoding": "generic",
- "lastChangeDate": "1999-12-31T23:59:59Z",
- "lastChangedBy": "bjensen",
- "loaded": true,
- "loadedVersion": "1",
- "useInPlaceholders": true
}Get all versions of a secret
Get all versions and version metadata of a secret. It is not possible to view the secret values.
Authorizations:
path Parameters
| secretId required | string^esv-[a-z0-9_-]{1,124}$ ID of the secret |
header Parameters
| Accept-API-Version | string resource=2.0 |
Responses
Response samples
- 200
- 401
- default
[- {
- "createDate": "1999-12-31T23:59:59Z",
- "loaded": false,
- "status": "DISABLED",
- "version": "latest"
}
]Create a new version of a secret
Authorizations:
path Parameters
| secretId required | string^esv-[a-z0-9_-]{1,124}$ ID of the secret |
query Parameters
| _action required | string Value: "create" Can only be create |
header Parameters
| Accept-API-Version | string resource=2.0 |
Request Body schema: application/jsonrequired
JSON body of the new secret version
| valueBase64 required | string <byte> ^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[... |
Responses
Request samples
- Payload
{- "valueBase64": "ZGF0YQ=="
}Response samples
- 200
- 401
- default
{- "createDate": "1999-12-31T23:59:59Z",
- "loaded": false,
- "status": "DISABLED",
- "version": "latest"
}Delete a version of a secret
Authorizations:
path Parameters
| secretId required | string^esv-[a-z0-9_-]{1,124}$ ID of the secret |
| versionId required | string^latest$|^[0-9]+$ ID of the secret version |
header Parameters
| Accept-API-Version | string resource=2.0 |
Responses
Response samples
- 200
- 401
- default
{- "createDate": "1999-12-31T23:59:59Z",
- "loaded": false,
- "status": "DISABLED",
- "version": "latest"
}Get a version of a secret
Get a version and version metadata of a secret. It is not possible to view the secret value.
Authorizations:
path Parameters
| secretId required | string^esv-[a-z0-9_-]{1,124}$ ID of the secret |
| versionId required | string^latest$|^[0-9]+$ ID of the secret version |
header Parameters
| Accept-API-Version | string resource=2.0 |
Responses
Response samples
- 200
- 401
- default
{- "createDate": "1999-12-31T23:59:59Z",
- "loaded": false,
- "status": "DISABLED",
- "version": "latest"
}Update the status of a version of a secret
Update the status of a version of a secret to either ENABLED or DISABLED. The latest version of a secret cannot be updated to a status of DISABLED.
Authorizations:
path Parameters
| secretId required | string^esv-[a-z0-9_-]{1,124}$ ID of the secret |
| versionId required | string^latest$|^[0-9]+$ ID of the secret version |
query Parameters
| _action required | string Value: "changestatus" Can only be changestatus |
header Parameters
| Accept-API-Version | string resource=2.0 |
Request Body schema: application/jsonrequired
JSON body of the new status of the secret version
| status required | string Enum: "DISABLED" "ENABLED" |
Responses
Request samples
- Payload
{- "status": "DISABLED"
}Response samples
- 200
- 401
- default
{- "createDate": "1999-12-31T23:59:59Z",
- "loaded": false,
- "status": "DISABLED",
- "version": "latest"
}A restart of Advanced Identity Cloud services is used when new variables or secrets have been created and need to be injected into Advanced Identity Cloud configuration.
Get restart status
Get restart status indicating whether any upgrade or rollout restart is taking place on Advanced Identity Cloud services.
Authorizations:
header Parameters
| Accept-API-Version | string resource=2.0 |
Responses
Response samples
- 200
- 401
- 500
{- "restartStatus": "restarting"
}Initiate restart
Initiate restart of Advanced Identity Cloud services. This will inject any new variables or secrets into Advanced Identity Cloud configuration.
Authorizations:
query Parameters
| _action required | string Value: "restart" Can only be restart |
header Parameters
| Accept-API-Version | string resource=2.0 |
Responses
Response samples
- 200
- 401
- default
{- "restartStatus": "restarting"
}Get count of ESVs
Get count of ESV secrets and variables in the environment.
Authorizations:
query Parameters
| _onlyPending | boolean Default: false Accept-API-Version: resource=2.0 only, returns ESVs with unapplied changes |
header Parameters
| Accept-API-Version | string resource=2.0 |
Responses
Response samples
- 200
- 401
- 500
{- "secrets": 10,
- "variables": 0
}Advanced Identity Cloud lets you run self-service promotions to move configuration between a sequential pair of tenant environments.
Lock environments
Starts the lock process on the lower and upper environments
Authorizations:
header Parameters
| Accept-API-Version required | string protocol=1.0,resource=1.0 |
Responses
Response samples
- 202
- 401
- 409
- 500
{- "description": "Environment lock in progress",
- "promotionId": "ba594bbe-a589-4676-80a4-42975a56f5b6",
- "result": "locking"
}Unlock environments
Start the unlock process on the lower and upper environments.
Authorizations:
path Parameters
| promotionId required | string Promotion unique identifier |
header Parameters
| Accept-API-Version required | string protocol=1.0,resource=1.0 |
Responses
Response samples
- 200
- 202
- 401
- 409
- 500
{- "description": "Environment unlocked",
- "promotionId": "ba594bbe-a589-4676-80a4-42975a56f5b6",
- "result": "unlocked"
}Get lock status
Get the lock status of the lower and upper environments.
Authorizations:
query Parameters
| localLockOnly | boolean If set to true this parameter will only return the lock status of the environment the request is aimed at |
header Parameters
| Accept-API-Version required | string protocol=1.0,resource=1.0 |
Responses
Response samples
- 200
- 401
- 500
{- "description": "<meaningful when result=Error>",
- "lowerEnv": {
- "promotionId": "ba594bbe-a589-4676-80a4-42975a56f5b6",
- "proxyState": "string",
- "state": "string"
}, - "promotionId": "ba594bbe-a589-4676-80a4-42975a56f5b6",
- "result": "locked",
- "upperEnv": {
- "promotionId": "ba594bbe-a589-4676-80a4-42975a56f5b6",
- "proxyState": "string",
- "state": "string"
}
}Get promotion status
Get the status of a promotion, if one is in progress.
Authorizations:
header Parameters
| Accept-API-Version required | string protocol=1.0,resource=1.0 |
Responses
Response samples
- 200
- 401
{- "blockingError": false,
- "encryptedSecrets": [
- "mySecret"
], - "globalLock": "LOCKED",
- "message": "Environment ready for promotion",
- "missingESVs": [
- "myVariable"
], - "promotionId": "7e7634c3-406e-4d37-80a3-d34461c2f309",
- "status": "READY",
- "timeStamp": "2022-02-01T14:17:02+01:00",
- "type": "promotion"
}Run a promotion
Promote configuration from the lower environment to the upper environment.
Authorizations:
header Parameters
| Accept-API-Version required | string protocol=1.0,resource=1.0 |
Request Body schema: application/jsonrequired
A request body with info required to initiate a promotion
| dryRun required | boolean A boolean denoting whether this a dry run |
| ignoreEncryptedSecrets | boolean A boolean denoting whether or not to ignore encrypted secrets detected in config during the promotion |
| promoter | string The name of the admin user who initiated the promotion |
| promotionDescription | string Promoter specified note to make it easier for them to identify what was promoted |
| unlockEnvironmentsAfterPromotion | boolean A boolean denoting whether or not to automatically unlock the environments after a successful promotion |
| zendeskTicketReference | string A string denoting the Zendesk ticket reference to be added to the promotion commit message |
Responses
Request samples
- Payload
{- "dryRun": true,
- "ignoreEncryptedSecrets": true,
- "promoter": "string",
- "promotionDescription": "string",
- "unlockEnvironmentsAfterPromotion": true,
- "zendeskTicketReference": "string"
}Response samples
- 202
- 401
- 409
- default
{- "result": "Promotion Complete"
}Get last promotion report
This will return the contents of the last run config promotion report
Authorizations:
header Parameters
| Accept-API-Version required | string protocol=1.0,resource=1.0 |
Responses
Response samples
- 200
- 401
- default
{- "createdDate": "2022-01-27T15-23+00Z",
- "dryRun": true,
- "missingESVs": [
- "myVariable"
], - "previouslyIgnoredEncryptedSecrets": [
- "string"
], - "promoter": "Barb Jensen",
- "promotionDescription": "Promoting our Forgotten Username journey",
- "promotionId": "da0c66a4-9f37-4f9a-9988-0786ad301b17",
- "report": {
- "AMConfig": [
- {
- "configChange": {
- "added": [
- {
- "name": "UMA Provider",
- "realm": "/bravo",
- "uid": "ou=39c08084-1238-43e8-857f-2e11005eac49,ou=scriptConfigurations,ou=default,ou=OrganizationConfig,ou=1.0,ou=ScriptingService,ou=services,o=alpha,ou=services,ou=am-config"
}
], - "deleted": [
- {
- "name": "UMA Provider",
- "realm": "/bravo",
- "uid": "ou=39c08084-1238-43e8-857f-2e11005eac49,ou=scriptConfigurations,ou=default,ou=OrganizationConfig,ou=1.0,ou=ScriptingService,ou=services,o=alpha,ou=services,ou=am-config"
}
], - "modified": [
- {
- "name": "UMA Provider",
- "realm": "/bravo",
- "uid": "ou=39c08084-1238-43e8-857f-2e11005eac49,ou=scriptConfigurations,ou=default,ou=OrganizationConfig,ou=1.0,ou=ScriptingService,ou=services,o=alpha,ou=services,ou=am-config"
}
]
}, - "configItem": "Email > Templates"
}
], - "IDMConfig": [
- {
- "configChange": {
- "added": [
- {
- "name": "UMA Provider",
- "realm": "/bravo",
- "uid": "ou=39c08084-1238-43e8-857f-2e11005eac49,ou=scriptConfigurations,ou=default,ou=OrganizationConfig,ou=1.0,ou=ScriptingService,ou=services,o=alpha,ou=services,ou=am-config"
}
], - "deleted": [
- {
- "name": "UMA Provider",
- "realm": "/bravo",
- "uid": "ou=39c08084-1238-43e8-857f-2e11005eac49,ou=scriptConfigurations,ou=default,ou=OrganizationConfig,ou=1.0,ou=ScriptingService,ou=services,o=alpha,ou=services,ou=am-config"
}
], - "modified": [
- {
- "name": "UMA Provider",
- "realm": "/bravo",
- "uid": "ou=39c08084-1238-43e8-857f-2e11005eac49,ou=scriptConfigurations,ou=default,ou=OrganizationConfig,ou=1.0,ou=ScriptingService,ou=services,o=alpha,ou=services,ou=am-config"
}
]
}, - "configItem": "Email > Templates"
}
]
}, - "reportId": "da0c66a4-9f37-4f9a-9988-0786ad301b17",
- "reportName": "Report_2022-01-27T15-23+00Z_dryrun=true_a7456dd2-1acd-4bd9-8555-d44b2275a2da",
- "type": "promotion"
}Get a promotion report
Get a specific promotion report.
Authorizations:
path Parameters
| reportId required | string Promotion report unique identifier |
header Parameters
| Accept-API-Version required | string protocol=1.0,resource=1.0 |
Responses
Response samples
- 200
- 401
- 404
- 500
{- "createdDate": "2022-01-27T15-23+00Z",
- "dryRun": true,
- "missingESVs": [
- "myVariable"
], - "previouslyIgnoredEncryptedSecrets": [
- "string"
], - "promoter": "Barb Jensen",
- "promotionDescription": "Promoting our Forgotten Username journey",
- "promotionId": "da0c66a4-9f37-4f9a-9988-0786ad301b17",
- "report": {
- "AMConfig": [
- {
- "configChange": {
- "added": [
- {
- "name": "UMA Provider",
- "realm": "/bravo",
- "uid": "ou=39c08084-1238-43e8-857f-2e11005eac49,ou=scriptConfigurations,ou=default,ou=OrganizationConfig,ou=1.0,ou=ScriptingService,ou=services,o=alpha,ou=services,ou=am-config"
}
], - "deleted": [
- {
- "name": "UMA Provider",
- "realm": "/bravo",
- "uid": "ou=39c08084-1238-43e8-857f-2e11005eac49,ou=scriptConfigurations,ou=default,ou=OrganizationConfig,ou=1.0,ou=ScriptingService,ou=services,o=alpha,ou=services,ou=am-config"
}
], - "modified": [
- {
- "name": "UMA Provider",
- "realm": "/bravo",
- "uid": "ou=39c08084-1238-43e8-857f-2e11005eac49,ou=scriptConfigurations,ou=default,ou=OrganizationConfig,ou=1.0,ou=ScriptingService,ou=services,o=alpha,ou=services,ou=am-config"
}
]
}, - "configItem": "Email > Templates"
}
], - "IDMConfig": [
- {
- "configChange": {
- "added": [
- {
- "name": "UMA Provider",
- "realm": "/bravo",
- "uid": "ou=39c08084-1238-43e8-857f-2e11005eac49,ou=scriptConfigurations,ou=default,ou=OrganizationConfig,ou=1.0,ou=ScriptingService,ou=services,o=alpha,ou=services,ou=am-config"
}
], - "deleted": [
- {
- "name": "UMA Provider",
- "realm": "/bravo",
- "uid": "ou=39c08084-1238-43e8-857f-2e11005eac49,ou=scriptConfigurations,ou=default,ou=OrganizationConfig,ou=1.0,ou=ScriptingService,ou=services,o=alpha,ou=services,ou=am-config"
}
], - "modified": [
- {
- "name": "UMA Provider",
- "realm": "/bravo",
- "uid": "ou=39c08084-1238-43e8-857f-2e11005eac49,ou=scriptConfigurations,ou=default,ou=OrganizationConfig,ou=1.0,ou=ScriptingService,ou=services,o=alpha,ou=services,ou=am-config"
}
]
}, - "configItem": "Email > Templates"
}
]
}, - "reportId": "da0c66a4-9f37-4f9a-9988-0786ad301b17",
- "reportName": "Report_2022-01-27T15-23+00Z_dryrun=true_a7456dd2-1acd-4bd9-8555-d44b2275a2da",
- "type": "promotion"
}Get a provisional promotion report
Get a provisional report of changes since the last time the lower environment was promoted to the upper environment. The report generated is for informational purposes only and may not reflect all the changes in a full promotion. A dry-run promotion is always recommended prior to a full promotion between environments.
Authorizations:
header Parameters
| Accept-API-Version required | string protocol=1.0,resource=1.0 |
Responses
Response samples
- 200
- 401
- default
{- "createdDate": "2022-01-27T15-23+00Z",
- "dryRun": true,
- "missingESVs": [
- "myVariable"
], - "previouslyIgnoredEncryptedSecrets": [
- "string"
], - "promoter": "Barb Jensen",
- "promotionDescription": "Promoting our Forgotten Username journey",
- "promotionId": "da0c66a4-9f37-4f9a-9988-0786ad301b17",
- "report": {
- "AMConfig": [
- {
- "configChange": {
- "added": [
- {
- "name": "UMA Provider",
- "realm": "/bravo",
- "uid": "ou=39c08084-1238-43e8-857f-2e11005eac49,ou=scriptConfigurations,ou=default,ou=OrganizationConfig,ou=1.0,ou=ScriptingService,ou=services,o=alpha,ou=services,ou=am-config"
}
], - "deleted": [
- {
- "name": "UMA Provider",
- "realm": "/bravo",
- "uid": "ou=39c08084-1238-43e8-857f-2e11005eac49,ou=scriptConfigurations,ou=default,ou=OrganizationConfig,ou=1.0,ou=ScriptingService,ou=services,o=alpha,ou=services,ou=am-config"
}
], - "modified": [
- {
- "name": "UMA Provider",
- "realm": "/bravo",
- "uid": "ou=39c08084-1238-43e8-857f-2e11005eac49,ou=scriptConfigurations,ou=default,ou=OrganizationConfig,ou=1.0,ou=ScriptingService,ou=services,o=alpha,ou=services,ou=am-config"
}
]
}, - "configItem": "Email > Templates"
}
], - "IDMConfig": [
- {
- "configChange": {
- "added": [
- {
- "name": "UMA Provider",
- "realm": "/bravo",
- "uid": "ou=39c08084-1238-43e8-857f-2e11005eac49,ou=scriptConfigurations,ou=default,ou=OrganizationConfig,ou=1.0,ou=ScriptingService,ou=services,o=alpha,ou=services,ou=am-config"
}
], - "deleted": [
- {
- "name": "UMA Provider",
- "realm": "/bravo",
- "uid": "ou=39c08084-1238-43e8-857f-2e11005eac49,ou=scriptConfigurations,ou=default,ou=OrganizationConfig,ou=1.0,ou=ScriptingService,ou=services,o=alpha,ou=services,ou=am-config"
}
], - "modified": [
- {
- "name": "UMA Provider",
- "realm": "/bravo",
- "uid": "ou=39c08084-1238-43e8-857f-2e11005eac49,ou=scriptConfigurations,ou=default,ou=OrganizationConfig,ou=1.0,ou=ScriptingService,ou=services,o=alpha,ou=services,ou=am-config"
}
]
}, - "configItem": "Email > Templates"
}
]
}, - "reportId": "da0c66a4-9f37-4f9a-9988-0786ad301b17",
- "reportName": "Report_2022-01-27T15-23+00Z_dryrun=true_a7456dd2-1acd-4bd9-8555-d44b2275a2da",
- "type": "promotion"
}Get a provisional rollback report
Get a provisional rollback report of changes when we rollback the configuration to the previous promotion.
Authorizations:
header Parameters
| Accept-API-Version required | string protocol=1.0,resource=1.0 |
Responses
Response samples
- 200
- 401
- default
{- "createdDate": "2022-01-27T15-23+00Z",
- "dryRun": true,
- "missingESVs": [
- "myVariable"
], - "previouslyIgnoredEncryptedSecrets": [
- "string"
], - "promoter": "Barb Jensen",
- "promotionDescription": "Promoting our Forgotten Username journey",
- "promotionId": "da0c66a4-9f37-4f9a-9988-0786ad301b17",
- "report": {
- "AMConfig": [
- {
- "configChange": {
- "added": [
- {
- "name": "UMA Provider",
- "realm": "/bravo",
- "uid": "ou=39c08084-1238-43e8-857f-2e11005eac49,ou=scriptConfigurations,ou=default,ou=OrganizationConfig,ou=1.0,ou=ScriptingService,ou=services,o=alpha,ou=services,ou=am-config"
}
], - "deleted": [
- {
- "name": "UMA Provider",
- "realm": "/bravo",
- "uid": "ou=39c08084-1238-43e8-857f-2e11005eac49,ou=scriptConfigurations,ou=default,ou=OrganizationConfig,ou=1.0,ou=ScriptingService,ou=services,o=alpha,ou=services,ou=am-config"
}
], - "modified": [
- {
- "name": "UMA Provider",
- "realm": "/bravo",
- "uid": "ou=39c08084-1238-43e8-857f-2e11005eac49,ou=scriptConfigurations,ou=default,ou=OrganizationConfig,ou=1.0,ou=ScriptingService,ou=services,o=alpha,ou=services,ou=am-config"
}
]
}, - "configItem": "Email > Templates"
}
], - "IDMConfig": [
- {
- "configChange": {
- "added": [
- {
- "name": "UMA Provider",
- "realm": "/bravo",
- "uid": "ou=39c08084-1238-43e8-857f-2e11005eac49,ou=scriptConfigurations,ou=default,ou=OrganizationConfig,ou=1.0,ou=ScriptingService,ou=services,o=alpha,ou=services,ou=am-config"
}
], - "deleted": [
- {
- "name": "UMA Provider",
- "realm": "/bravo",
- "uid": "ou=39c08084-1238-43e8-857f-2e11005eac49,ou=scriptConfigurations,ou=default,ou=OrganizationConfig,ou=1.0,ou=ScriptingService,ou=services,o=alpha,ou=services,ou=am-config"
}
], - "modified": [
- {
- "name": "UMA Provider",
- "realm": "/bravo",
- "uid": "ou=39c08084-1238-43e8-857f-2e11005eac49,ou=scriptConfigurations,ou=default,ou=OrganizationConfig,ou=1.0,ou=ScriptingService,ou=services,o=alpha,ou=services,ou=am-config"
}
]
}, - "configItem": "Email > Templates"
}
]
}, - "reportId": "da0c66a4-9f37-4f9a-9988-0786ad301b17",
- "reportName": "Report_2022-01-27T15-23+00Z_dryrun=true_a7456dd2-1acd-4bd9-8555-d44b2275a2da",
- "type": "promotion"
}Get promotion reports
Get a list of previous promotion reports in date order.
Authorizations:
header Parameters
| Accept-API-Version required | string protocol=1.0,resource=1.0 |
Responses
Response samples
- 200
- 401
- 500
[- {
- "createdDate": "2022-01-19T13:04:00Z",
- "dryRun": true,
- "promotionId": "7575f185-cd0b-4823-b8b1-f677895291d4",
- "reportId": "d19e140-8325-4669-b9f3-1cd82784e24e",
- "type": "rollback"
}, - {
- "createdDate": "2022-01-19T13:05:00Z",
- "dryRun": true,
- "promotionId": "7575f185-cd0b-4823-b8b1-f677895291dt",
- "reportId": "d19e140-8325-4669-b9f3-1cd82784e24f",
- "type": "promotion"
}
]Rollback a promotion
Rollback the most recent configuration promotion.
Authorizations:
header Parameters
| Accept-API-Version required | string protocol=1.0,resource=1.0 |
Request Body schema: application/jsonrequired
A request body with info required to initiate a rollback
| promoter | string The name of the admin user who initiated the promotion |
| promotionDescription | string Promoter specified note to make it easier for them to identify what was promoted |
| unlockEnvironmentsAfterPromotion | boolean A boolean denoting whether or not to automatically unlock the environments after a successful promotion |
| zendeskTicketReference | string A string denoting the Zendesk ticket reference to be added to the promotion commit message |
Responses
Request samples
- Payload
{- "promoter": "string",
- "promotionDescription": "string",
- "unlockEnvironmentsAfterPromotion": true,
- "zendeskTicketReference": "string"
}Response samples
- 202
- 401
- 409
- default
{- "result": "Rollback Complete"
}Advanced Identity Cloud gives you the ability to configure various environment settings via REST.
Get all certificates
Returns all certificates installed in the tenant.
Authorizations:
Responses
Response samples
- 200
- 401
- 403
- 500
[- {
- "active": true,
- "certificate": "string",
- "expireTime": "string",
- "id": "string",
- "issuer": "string",
- "live": true,
- "subject": "string",
- "subjectAlternativeNames": [
- "string"
], - "validFromTime": "string"
}
]Create certificate
Upload a new certificate to the tenant.
Authorizations:
Request Body schema: application/jsonrequired
JSON body of the new certificate
| active | boolean The active status of the certificate. Set this to true for the certificate to actively be served. |
| certificate required | string The PEM formatted certificate. |
| privateKey required | string The private key for the certificate. For security reasons, only insert requests include this field. |
Responses
Request samples
- Payload
{- "active": true,
- "certificate": "string",
- "privateKey": "string"
}Response samples
- 200
- 400
- 401
- 403
- 500
{- "active": true,
- "certificate": "string",
- "expireTime": "string",
- "id": "string",
- "issuer": "string",
- "live": true,
- "subject": "string",
- "subjectAlternativeNames": [
- "string"
], - "validFromTime": "string"
}Delete certificate by ID
Deletes a certificate installed on the tenant. This certificate must be disabled before deletion will be allowed.
Authorizations:
path Parameters
| id required | string ID of the certificate resource |
Responses
Response samples
- 400
- 401
- 403
- 500
{- "code": 400,
- "message": "string"
}Get certificate by ID
Returns information about a certificate installed on the tenant.
Authorizations:
path Parameters
| id required | string ID of the certificate resource |
Responses
Response samples
- 200
- 401
- 403
- 404
- 500
{- "active": true,
- "certificate": "string",
- "expireTime": "string",
- "id": "string",
- "issuer": "string",
- "live": true,
- "subject": "string",
- "subjectAlternativeNames": [
- "string"
], - "validFromTime": "string"
}Update certificate by ID
Updates information about a certificate installed on the tenant. This can be used to enable / disable certificates.
Authorizations:
path Parameters
| id required | string ID of the certificate resource |
Request Body schema: application/jsonrequired
JSON body of the updated certificate
| active | boolean The active status of the certificate. Set this to true for the certificate to actively be served. |
Responses
Request samples
- Payload
{- "active": true
}Response samples
- 200
- 400
- 401
- 403
- 404
- 500
{- "active": true,
- "certificate": "string",
- "expireTime": "string",
- "id": "string",
- "issuer": "string",
- "live": true,
- "subject": "string",
- "subjectAlternativeNames": [
- "string"
], - "validFromTime": "string"
}Get all CSRs
Returns all certificate signing requests created in the environment
Authorizations:
Responses
Response samples
- 200
- 401
- 403
- 500
[- {
- "algorithm": "string",
- "certificateID": "string",
- "createdDate": "2006-01-02T15:04:05Z07:00",
- "id": "string",
- "request": "string",
- "subject": "string",
- "subjectAlternativeNames": [
- "string"
]
}
]Create CSR
Create a new certificate signing request
Authorizations:
Request Body schema: application/jsonrequired
JSON body of the new certificate signing request
| algorithm | string Default: "rsa" Enum: "rsa" "ecdsa" The algorithm for the private key. The encryption algorithm will either be RSA-2048 or ECDSA P-256 depending on the algorithm choice. The default is RSA-2048. |
| businessCategory | string Category of business, such as "Private Organization", “Government Entity”, “Business Entity”, or “Non-Commercial Entity”. Relevant for EV certificates. |
| city | string |
| commonName | string Domain name that the SSL certificate is securing |
| country | string[A-Z]{2} Two-letter ISO-3166 country code |
string^\S+@\S+$ | |
| jurisdictionCity | string This field contains only information relevant to the Jurisdiction of Incorporation or Registration. Relevant for EV certificates. |
| jurisdictionCountry | string This field contains only information relevant to the Jurisdiction of Incorporation or Registration. Relevant for EV certificates. |
| jurisdictionState | string This field contains only information relevant to the Jurisdiction of Incorporation or Registration. Relevant for EV certificates. |
| organization | string Full name of company |
| organizationalUnit | string Company section or department |
| postalCode | string |
| serialNumber | string The Registration (or similar) Number assigned to the Subject by the Incorporating or Registration Agency in its Jurisdiction of Incorporation or Registration. Relevant for EV certificates. |
| state | string |
| streetAddress | string |
| subjectAlternativeNames | Array of strings Default: [] Additional domain or domains that the SSL certificate is securing |
Responses
Request samples
- Payload
{- "algorithm": "rsa",
- "subjectAlternativeNames": [ ]
}Response samples
- 200
- 400
- 401
- 403
- 500
{- "algorithm": "string",
- "certificateID": "string",
- "createdDate": "2006-01-02T15:04:05Z07:00",
- "id": "string",
- "request": "string",
- "subject": "string",
- "subjectAlternativeNames": [
- "string"
]
}Get CSR by ID
Returns information about a CSR created in the tenant.
Authorizations:
path Parameters
| id required | string ID of the CSR |
Responses
Response samples
- 200
- 401
- 403
- 404
- 500
{- "algorithm": "string",
- "certificateID": "string",
- "createdDate": "2006-01-02T15:04:05Z07:00",
- "id": "string",
- "request": "string",
- "subject": "string",
- "subjectAlternativeNames": [
- "string"
]
}Update CSR by ID
Upload a certificate to complete a CSR request, installing the certificate in the tenant. Only the certificate field can be set on an upload request.
Authorizations:
path Parameters
| id required | string ID of the certificateSigningRequest |
Request Body schema: application/jsonrequired
JSON body of the new certificate signing request
| certificate required | string The matching signed certificate for the request. This should only be set on update requests to upload the certificate. |
Responses
Request samples
- Payload
{- "certificate": "string"
}Response samples
- 200
- 400
- 401
- 403
- 404
- 500
{- "algorithm": "string",
- "certificateID": "string",
- "createdDate": "2006-01-02T15:04:05Z07:00",
- "id": "string",
- "request": "string",
- "subject": "string",
- "subjectAlternativeNames": [
- "string"
]
}Set enforced content security policy
Specify enforced content security policy
Authorizations:
Request Body schema: application/jsonrequired
Enforced content security policy to apply to the tenant
| active | boolean |
object |
Responses
Request samples
- Payload
{- "active": true,
- "directives": {
- "property1": [
- "string"
], - "property2": [
- "string"
]
}
}Response samples
- 200
- 401
- 403
- 500
{- "active": true,
- "directives": {
- "property1": [
- "string"
], - "property2": [
- "string"
]
}
}Set report-only content security policy
Specify report-only content security policy
Authorizations:
Request Body schema: application/jsonrequired
Enforced content security policy to apply to the tenant
| active | boolean |
object |
Responses
Request samples
- Payload
{- "active": true,
- "directives": {
- "property1": [
- "string"
], - "property2": [
- "string"
]
}
}Response samples
- 200
- 401
- 403
- 500
{- "active": true,
- "directives": {
- "property1": [
- "string"
], - "property2": [
- "string"
]
}
}Set cookie domains
Specify cookie domains
Authorizations:
Request Body schema: application/jsonrequired
Cookie domains
| domains | Array of strings Cookie domains |
Responses
Request samples
- Payload
{- "domains": [
- "string"
]
}Response samples
- 200
- 400
- 401
- 403
- 500
{- "domains": [
- "string"
]
}Verify a CNAME
Verify a CNAME
Authorizations:
query Parameters
| _action required | string Value: "verify" Requested action type |
Request Body schema: application/jsonrequired
Custom domain
| name required | string The canonical name of the domain to be validated. |
Responses
Request samples
- Payload
{- "name": "string"
}Response samples
- 400
- 401
- 403
- 500
{- "code": 400,
- "message": "string"
}Set custom domains
Specify custom domains
Authorizations:
path Parameters
| realm required | string Enum: "alpha" "bravo" Realm for the domain |
Request Body schema: application/jsonrequired
Custom domains
| domains | Array of strings Custom domains |
Responses
Request samples
- Payload
{- "domains": [
- "string"
]
}Response samples
- 200
- 400
- 401
- 403
- 500
{- "domains": [
- "string"
]
}Set enforcement of federation
Specify which admin groups are required to use federation
Authorizations:
Request Body schema: application/jsonrequired
Enforcement settings to apply to the tenant
| groups required | string Enum: "none" "non-global" "all" |
Responses
Request samples
- Payload
{- "groups": "none"
}Response samples
- 200
- 401
- 403
- 500
{- "groups": "none"
}Set SSO cookie configuration
Specify SSO cookie configuration
Authorizations:
Request Body schema: application/jsonrequired
SSO cookie configuration to apply to the tenant
| name required | string^[a-zA-Z0-9]{1,32}$ |
Responses
Request samples
- Payload
{- "name": "string"
}Response samples
- 200
- 401
- 403
- 500
{- "name": "string"
}Get Proxy Connect header rules
Returns all user configured Proxy Connect header rules in the tenant.
Authorizations:
Responses
Response samples
- 200
- 401
- 403
- 500
{- "enabled": true,
- "headers": [
- {
- "header": "string",
- "value": "string"
}
], - "requestId": "string",
- "requestStatus": "PENDING"
}Set/Update Proxy Connect header rules
Sets/Updates user configured Proxy Connect header rules in the tenant.
Authorizations:
Request Body schema: application/jsonrequired
JSON body of Proxy Connect header rules
| enabled required | boolean Enables Proxy Connect header rules |
Array of objects Request with headers allowed to access the tenant |
Responses
Request samples
- Payload
{- "enabled": true,
- "headers": [
- {
- "header": "string",
- "value": "string"
}
]
}Response samples
- 200
- 400
- 401
- 403
- 500
{- "enabled": true,
- "headers": [
- {
- "header": "string",
- "value": "string"
}
], - "requestId": "string",
- "requestStatus": "PENDING"
}Set/Update Proxy Connect IP rules
Sets/Updates user configured Proxy Connect IP rules in the tenant.
Authorizations:
Request Body schema: application/jsonrequired
JSON body of Proxy Connect IP rules
| enabled required | boolean Enables Proxy Connect IP rules |
| ipRanges | Array of strings IP addresses allowed to access the tenant |
Responses
Request samples
- Payload
{- "enabled": true,
- "ipRanges": [
- "string"
]
}Response samples
- 200
- 400
- 401
- 403
- 500
{- "enabled": true,
- "ipRanges": [
- "string"
], - "requestId": "string",
- "requestStatus": "PENDING"
}Get API keys
Get API keys
Authorizations:
query Parameters
| _prettyPrint | boolean Default: false |
Responses
Response samples
- 200
- 400
- 500
{- "pagedResultsCookie": null,
- "remainingPagedResults": 0,
- "result": [
- {
- "api_key_id": "6bb87441bf070d79cd6bbe59125c92d3",
- "created_at": "2020-05-18T20:38:36.738153Z",
- "name": "Log access API key"
}
], - "resultCount": 1,
- "totalPagedResults": 1,
- "totalPagedResultsPolicy": "NONE"
}Create API key
Create API key
Authorizations:
query Parameters
| _action | string create |
Request Body schema: application/json
API key create request
| name | string |
Responses
Request samples
- Payload
{- "name": "string"
}Response samples
- 200
- 400
- 500
{- "api_key_id": "6bb87441bf070d79cd6bbe59125c92d3",
- "api_key_secret": "4a813e5f3cc012426ed4d30cb0950b9a3182b07b2f9978075a6d2088a5ca8cce",
- "created_at": "2020-05-18T20:38:36.738153Z",
- "name": "Log access API key"
}Get API key
Get API key
Authorizations:
path Parameters
| api_key_id required | string >= 1 |
query Parameters
| _prettyPrint | boolean Default: false |
Responses
Response samples
- 200
- 400
- 404
- 500
{- "api_key_id": "6bb87441bf070d79cd6bbe59125c92d3",
- "created_at": "2020-05-18T20:38:36.738153Z",
- "name": "Log access API key"
}Get log events
Get log events
Authorizations:
query Parameters
| source | string |
| beginTime | string <date-time> |
| endTime | string <date-time> |
| _pageSize | integer |
| _pagedResultsCookie | string |
| _prettyPrint | boolean Default: false |
| _sortKeys | string |
| _queryFilter | string |
| transactionId | string |
Responses
Response samples
- 200
- 400
- 429
- 500
{- "pagedResultsCookie": "789A6SDF78967FSD89A67689FDAS",
- "remainingPagedResults": -1,
- "result": [
- {
- "payload": {
- "_id": "92c9b6a4-f36f-438a-b1d4-c6e6bd909da6-783933",
- "client": {
- "ip": "198.51.101.0"
}, - "component": "OAuth",
- "eventName": "AM-ACCESS-ATTEMPT",
- "http": {
- "request": {
- "headers": {
- "content-type": [
- "application/x-www-form-urlencoded"
], - "host": [
- "<tenant-env-fqdn>"
], - "user-agent": [
- "Apache-HttpClient/4.5.13 (Java/11.0.11)"
], - "x-forwarded-for": [
- "198.51.101.0, 203.0.116.0, 192.0.3.255"
], - "x-forwarded-proto": [
- "https"
]
}, - "method": "POST",
- "secure": true
}
}, - "level": "INFO",
- "realm": "/alpha",
- "request": {
- "detail": {
- "client_id": "RCSClient",
- "grant_type": "client_credentials",
- "scope": "fr:idm:*"
}
}, - "source": "audit",
- "timestamp": "2019-08-24T14:15:22Z",
- "topic": "access",
- "transactionId": "1634116808645-2e50ecbf0df5407a6870-226587/0"
}, - "source": "am-authentication",
- "timestamp": "2019-08-24T14:15:22Z",
- "type": "application/json"
}
], - "resultCount": 1,
- "totalPagedResults": -1,
- "totalPagedResultsPolicy": "NONE"
}Get log sources
Get log sources
Authorizations:
query Parameters
| _pageSize | integer |
| _pagedResouresOffset | integer |
| _prettyPrint | boolean Default: false |
Responses
Response samples
- 200
- 400
{- "pagedResultsCookie": null,
- "remainingPagedResults": 0,
- "result": [
- "am-access",
- "am-activity",
- "am-authentication",
- "am-config",
- "am-core",
- "am-everything",
- "idm-access",
- "idm-activity",
- "idm-authentication",
- "idm-config",
- "idm-core",
- "idm-everything",
- "idm-recon",
- "idm-sync"
], - "resultCount": 4,
- "totalPagedResults": 1,
- "totalPagedResultsPolicy": "NONE"
}Tail log events
Tail log events
Authorizations:
query Parameters
| source | string |
| _pagedResultsCookie | string |
| _prettyPrint | boolean Default: false |
| _queryFilter | string |
| transactionId | string |
Responses
Response samples
- 200
- 400
- 429
- 500
{- "pagedResultsCookie": "789A6SDF78967FSD89A67689FDAS",
- "remainingPagedResults": -1,
- "result": [
- {
- "payload": {
- "_id": "92c9b6a4-f36f-438a-b1d4-c6e6bd909da6-783933",
- "client": {
- "ip": "198.51.101.0"
}, - "component": "OAuth",
- "eventName": "AM-ACCESS-ATTEMPT",
- "http": {
- "request": {
- "headers": {
- "content-type": [
- "application/x-www-form-urlencoded"
], - "host": [
- "<tenant-env-fqdn>"
], - "user-agent": [
- "Apache-HttpClient/4.5.13 (Java/11.0.11)"
], - "x-forwarded-for": [
- "198.51.101.0, 203.0.116.0, 192.0.3.255"
], - "x-forwarded-proto": [
- "https"
]
}, - "method": "POST",
- "secure": true
}
}, - "level": "INFO",
- "realm": "/alpha",
- "request": {
- "detail": {
- "client_id": "RCSClient",
- "grant_type": "client_credentials",
- "scope": "fr:idm:*"
}
}, - "source": "audit",
- "timestamp": "2019-08-24T14:15:22Z",
- "topic": "access",
- "transactionId": "1634116808645-2e50ecbf0df5407a6870-226587/0"
}, - "source": "am-authentication",
- "timestamp": "2019-08-24T14:15:22Z",
- "type": "application/json"
}
], - "resultCount": 1,
- "totalPagedResults": -1,
- "totalPagedResultsPolicy": "NONE"
}AM prometheus metrics
AM prometheus metrics
Authorizations:
Responses
Response samples
- 200
- 500
# HELP am_cts_task_queue_size number of operations waiting in a CTS queue # TYPE am_cts_task_queue_size gauge am_cts_task_queue_size{kubernetes_pod_name="am-568cc4fbb6-cjnpg",} 0.0
IDM prometheus metrics
IDM prometheus metrics
Authorizations:
Responses
Response samples
- 200
- 500
# HELP idm_audit Generated from Dropwizard metric import (metric=audit.access, type=summary) # TYPE idm_audit summary idm_audit_total{kubernetes_pod_name="idm-0",audit_topic="access",} 3304.0