Credential API

Overview

This document describes the Onegini IdP API operations to validate credentials

Version information

Version : 1.0.0

Paths

Validate action token

POST /api/credentials/tokens/validate

Description

The endpoint allows to validate action token

Parameters

Type Name Description Schema
Header X-Onegini-Flow-Context-Params
optional		 Additional flow context parameters.

Allowed format is "key1=value1;key2=value2"		 string
Body Body
required		 Request parameters must include Action Token that will be validated Body

Body

Name Description Schema
token
required		 Action Token to validate
Example : "8a7sdasydage2h323bnaswz6stday2h3g1jh23vnvavwedqy"		 string

Responses

HTTP Code Description Schema
204 Action Token validated successfully No Content
400 Bad request ErrorResponse
401 Validation failed ErrorResponse
503 Feature not available ErrorResponse

Consumes

  • application/json

Produces

  • application/json

Security

Type Name
basic basic_auth

Example HTTP request

Request path
/api/credentials/tokens/validate
Request header
"string"
Request body
{
  "token" : "8a7sdasydage2h323bnaswz6stday2h3g1jh23vnvavwedqy"
}

Example HTTP response

Response 400
{
  "Missing parameter" : {
    "error_code" : 3001,
    "error_message" : "Missing required request parameter"
  },
  "Feature access token login disabled" : {
    "error_code" : 1028,
    "error_message" : "Feature `action token login` disabled"
  }
}
Response 401
{
  "Invalid Token" : {
    "error_code" : 3011,
    "error_message" : "Invalid Action Token"
  }
}
Response 503
{
  "Response" : {
    "error_code" : 1001,
    "error_message" : "The credentials API is currently not available"
  }
}

Validate person credentials

POST /api/credentials/validate

Description

The endpoint allows to validate person credentials

Parameters

Type Name Description Schema
Header X-Onegini-Flow-Context-Params
optional		 Additional flow context parameters.

Allowed format is "key1=value1;key2=value2"		 string
Body Body
required		 Request parameters must include username, encrypted password and encryption parameter to ensure the encryption security Body

Body

Name Description Schema
encryption_parameter
required		 Initialization vector used by encryption algorithm
Example : "BVLdWx//evkFUt1bH/96+Q=="		 string
password
required		 User password [encrypted]
Example : "o/MCR6uS/RAmOse1+3ngU6gjf/+r8h4xWw=="		 string
username
required		 Username
Example : "[email protected]"		 string

Responses

HTTP Code Description Schema
200 Credentials validated successfully Profile
400 Bad request ErrorResponse
401 Invalid credentials No Content
403 Attribute missing ErrorResponse
503 Feature not available ErrorResponse

Consumes

  • application/json

Produces

  • application/json

Security

Type Name
basic basic_auth

Example HTTP request

Request path
/api/credentials/validate
Request header
"string"
Request body
{
  "username" : "[email protected]",
  "password" : "o/MCR6uS/RAmOse1+3ngU6gjf/+r8h4xWw==",
  "encryption_parameter" : "BVLdWx//evkFUt1bH/96+Q=="
}

Example HTTP response

Response 200
{
  "gender" : "M",
  "name" : {
    "first_name" : "John William",
    "last_name" : "Doe",
    "initials" : "J.W.D",
    "display_name" : "Mr John W. Doe, Msc."
  },
  "date_of_birth" : "1995-05-24",
  "email_addresses" : [ {
    "primary" : true,
    "verified" : false,
    "tag" : "work email",
    "value" : "[email protected]"
  } ],
  "phone_numbers" : [ {
    "primary" : true,
    "verified" : true,
    "tag" : "mobile number",
    "value" : "+31 654 321 098"
  } ],
  "addresses" : [ {
    "house_number" : 9,
    "house_number_addition" : "2nd floor, 101",
    "street_name" : "Main street",
    "city" : "Woerden",
    "postal_code" : "1000 AA, 12345-6789",
    "region" : "Utrecht",
    "country_code" : "NL",
    "company_name" : "Onegini",
    "attentation" : "John Doe",
    "primary" : true
  } ],
  "custom_attributes" : [ {
    "name" : "myCRM",
    "value" : "ABC123456"
  } ],
  "preferred_locale" : "en_US"
}
Response 400
{
  "Missing parameter" : {
    "error_code" : 3001,
    "error_message" : "Missing required request parameter"
  },
  "Invalid encryption parameter" : {
    "error_code" : 3002,
    "error_message" : "Invalid parameter encryption"
  }
}
Response 403
{
  "Response" : {
    "error_code" : 3003,
    "error_message" : "Person found but is missing one or more verified attributes which are required"
  }
}
Response 503
{
  "Response" : {
    "error_code" : 1001,
    "error_message" : "The credentials API is currently not available"
  }
}

Definitions

Address

Name Description Schema
attentation
optional		 'To attention of' field
Example : "John Doe"		 string
city
optional		 Name of the city
Example : "Woerden"		 string
company_name
optional		 Name of the company
Example : "Onegini"		 string
country_code
optional		 Country code
Example : "NL"		 string
house_number
optional		 Numeric part of the house number
Example : 9		 integer
house_number_addition
optional		 Any addition that further clarifies the house number
Example : "2nd floor, 101"		 string
postal_code
optional		 Postal code
Example : "1000 AA, 12345-6789"		 string
primary
optional		 Flag to indicate whether this is the primary person's address
Example : true		 boolean
region
optional		 Name of the region, province or state
Example : "Utrecht"		 string
street_name
optional		 Name of the street
Example : "Main street"		 string

CustomAttribute

Name Description Schema
name
optional		 Attribute name
Example : "myCRM"		 string
value
optional		 Attribute value
Example : "ABC123456"		 string

EmailAddress

Name Description Schema
primary
optional		 Flag to indicate whether this is the primary person's email address
Example : true		 boolean
tag
optional		 An optional tag to indicate the difference (eg. private email, work email)
Example : "work email"		 string
value
optional		 Email address value
Example : "[email protected]"		 string (email)
verified
optional		 An optional flag to indicate whether this email address has been verified
Example : false		 boolean

ErrorResponse

Name Description Schema
error_code
optional		 Example : 1001 integer (int32)
error_message
optional		 Example : "Requested feature is currently not available" string

Gender

The gender of the person. Possible values: M (male), F (female), U (undefined)

Type : enum (M, F, U)

Name

Name Description Schema
display_name
optional		 Displayed name, e.g. Mr John W. Doe, MSc. If no displayName is specified, firstName + lastName is returned
Example : "Mr John W. Doe, Msc."		 string
first_name
optional		 Person first name(s)
Example : "John William"		 string
initials
optional		 Person initials
Example : "J.W.D"		 string
last_name
optional		 Person last name
Example : "Doe"		 string

PhoneNumber

Name Description Schema
primary
optional		 Flag to indicate whether this is the primary person's phone number
Example : true		 boolean
tag
optional		 An optional tag to indicate the difference (eg. home number, mobile number, fax)
Example : "mobile number"		 string
value
optional		 Phone number value
Example : "+31 654 321 098"		 string (email)
verified
optional		 An optional flag to indicate whether this phone number has been verified
Example : true		 boolean

Profile

Name Description Schema
addresses
optional		 Collection of person's (postal) addresses, can be empty
Example : [ "[address](#address)" ]		 < Address > array
custom_attributes
optional		 Collection of person's custom attributes, can be empty
Example : [ "[customattribute](#customattribute)" ]		 < CustomAttribute > array
date_of_birth
optional		 Timezone independent representation of a birth date
Example : "1995-05-24"		 string
email_addresses
required		 Collection of person's email addresses. Profile must contain at least one email address attribute
Example : [ "[emailaddress](#emailaddress)" ]		 < EmailAddress > array
gender
optional		 Example : "[gender](#gender)" Gender
name
optional		 Example : "[name](#name)" Name
phone_numbers
optional		 Collection of person's phone numbers, can be empty
Example : [ "[phonenumber](#phonenumber)" ]		 < PhoneNumber > array
preferred_locale
optional		 Preferred locale
Example : "en_US"		 string

Security

basic_auth

Type : basic