Credential REST API
The Credential endpoint allows creating and managing credentials used to authenticate users.
Credentials are stored in devices and contain information used to authenticate users, and are linked to a credential type which defines the credential parameters leveraged during user authentication.
To use the version-specific parameters/attributes, you must add api-version=N to the query parameter.
Previous versions of the API are also supported with the corresponding functionality.
Method Details
HTTPS Method | Entity Action | Request URI | Description |
---|---|---|---|
GET |
Read |
/scim/{tenant}/v2/Credential |
Retrieve credentials filtered by attributes |
GET |
Read |
/scim/{tenant}/v2/Credential/{id}:(String) |
Retrieve a known credential |
POST |
Search |
/scim/{tenant}/v2/Credential/.search |
Search for credential |
PUT |
Replace |
/scim/{tenant}/v2/Credential/{id}:(String) |
Fully replace a known credential |
DELETE |
Delete |
/scim/{tenant}/v2/Credential/{id}:(String) |
Delete a known credential |
Required Permissions
Function | Required Permissions |
---|---|
GET |
|
REPLACE |
|
DELETE |
|
SEARCH |
If the 'owner.value' filter is used:
Else:
|
Get a Credential
[GET] /Credential/{id}
Sample Response
{
"schemas": ["urn:hid:scim:api:idp:2.0:Credential"],
"id": "11385",
"externalId": "jdoeCT_ACODE",
"meta": {
"resourceType": "Credential",
"location": "https://[base-server-url]/scim/tenant/v2/Credential/11385",
"version": "1"
},
"type": "CT_ACODE",
"status": {
"status": "ACTIVE",
"active": true,
"expiryDate": "2018-11-21T14:14:59Z"
},
"attributes": [
{
"name": "MY_ATTR0",
"type": "string",
"value": "value0",
"readOnly": false
},
{
"name": "MY_ATTR1",
"type": "string",
"value": "value1",
"readOnly": false
},
{
"name": "EXPIRY_THRESHOLD_OF_ACTIVATION_CODE",
"type": "string",
"value": "-1",
"readOnly": false
}
],
"totalUsed": "0"
}
Replace a Credential
[PUT] /Credential/{id}
Accept: application/scim+json
Updatable attributes:
-
status.status
-
attributes
Current Status | Possible Transition |
---|---|
PENDING |
ACTIVE |
ACTIVE |
SUSPENDED, REVOKED |
SUSPENDED |
ACTIVE, REVOKED |
REVOKED |
TERMINATED |
If any of the sections are removed from the PUT, then that section will not be updated.
If an element is removed from an extension, it will be deleted.
To create your own attributes, refer to Configure Credential Types.
Sample Request to update the credential from the previous GET Credential sample. The updates are:
-
Attribute MY-ATTR0 is removed.
-
Attribute MY-ATTR2 value is changed.
{
"schemas": ["urn:hid:scim:api:idp:2.0:Credential"],
"id": "11385",
"externalId": "jdoeCT_ACODE",
"meta": {
"resourceType": "Credential",
"created": "2017-11-21T13:58:40Z",
"location": "https://[base-server-url]/scim/tenant/v2/Credential/11385",
"version": "1"
},
"type": "CT_ACODE",
"status": {
"status": "ACTIVE",
"active": true,
"expiryDate": "2018-11-21T13:58:40Z",
"startDate": "2017-11-21T13:58:40Z"
},
"attributes": [ {
"name": "EXPIRY_THRESHOLD_OF_ACTIVATION_CODE",
"type": "string",
"value": "-1",
"readOnly": false
},
{
"name": "MY_ATTR1",
"type": "string",
"value": "new value1",
"readOnly": false
}],
"totalUsed": "0"
}
Sample Response
{
"schemas": ["urn:hid:scim:api:idp:2.0:Credential"],
"id": "11385",
"externalId": "jdoeCT_ACODE",
"meta": {
"resourceType": "Credential",
"location": "https://[base-server-url]/scim/tenant/v2/Credential/11385",
"version": "1"
},
"type": "CT_ACODE",
"status": {
"status": "ACTIVE",
"active": true,
"expiryDate": "2018-11-21T14:16:07Z"
},
"attributes": [
{
"name": "MY_ATTR1",
"type": "string",
"value": "new value1",
"readOnly": false
},
{
"name": "EXPIRY_THRESHOLD_OF_ACTIVATION_CODE",
"type": "string",
"value": "-1",
"readOnly": false
}
],
"totalUsed": "0"
}
Search for a Credential
Supported search criteria are:
SCIM Attribute | Operators supported |
---|---|
type |
eq |
attributes.value |
eq, co, sw, ew |
externalid |
eq |
id |
eq |
status.expiryDate |
eq, gt, lt |
status.startDate |
eq |
status.status |
eq |
owner.value |
eq |
Where the filter attribute can be used to reduce the number of records you want to see.
You can use the and operator within the filters.
Delete a Credential
All the delete endpoints follow the same standard pattern and can be reached through the following URL pattern:
Accept: application/scim+json