Tokens Vault REST API

The TokensVault endpoint allows searching for pseudonymizations tokens in an exported audit log to get their original value.

Note: The API version supported by HID Authentication Service is 10.3.0.

To use the version-specific parameters/attributes, you must add api-version=N to the query parameter.

Previous versions of the API are also supported with the corresponding functionality. For details of the version updates, see SCIM API Revision History.

Method Details

HTTPS Method Entity Action Request URI Description

GET

Read

/scim/{tenant}/v2/TokensVault

Get all tokens filtered by attributes

GET

Read

/scim/{tenant}/v2/TokensVault/{uid}

Get the original (clear) value of a token

POST

Search

/scim/{tenant}/v2/TokensVault/.search

Search for pseudonymizations tokens in the audit

Required Permissions

Function Required Permissions

GET

Read Token

POST

Search Token

Get a Token Clear Value

[GET] /TokensVault/{uid}

Where {uid} is the token.

Copy

Sample Request URI

[GET] /scim/{tenant}/v2/TokensVault/e52bbe12-6c9e-4b05-b622-af57ceaccf06
Copy

Sample Response

{
    "schemas": ["urn:hid:scim:api:idp:2.0:PseudonymizationToken"],
    "token": "e52bbe12-6c9e-4b05-b622-af57ceaccf06",
    "value": "myuser@company.com"
}

Search for Tokens

Supported search criteria are:

SCIM Attribute Operators supported Description

ownerId

eq

User ID of the token owner

ownerExtId

eq

User external ID of the token owner

token

eq

Unique token value (same as a GET Token Value in Get a Token Clear Value)

value

eq

Token’s original (clear) value

Copy

Sample Request URI

[POST] /scim/{tenant}/v2/TokensVault/.search
Copy

Sample Request

{ 
    "schemas": ["urn:ietf:params:scim:api:messages:2.0:SearchRequest"],
    "filter": "ownerExtId eq myuser",
    "count": 2,
    "startIndex": 1
}

Where:

  • The filter attribute can be used to reduce the number of records you want to see.

    You can use the and operator within the filters.

  • The following attributes can be used for a paginated search:

    • count can be used to limit the size of the search results

    • startIndex specifies the index of the first result returned (where 0 will returned the same paginated result as 1)

    The result will contain a totalResults attribute to allow you to compute the number of pages.

    Important:

    The maximum number of rows returned per request is 100, even if you specify a higher count value. Therefore, for lists that are longer than 100 elements, it is mandatory for you to paginate the results.

Copy

Sample Response

{
    "schemas": ["urn:ietf:params:scim:api:messages:2.0:ListResponse"],
    "totalResults": 2,
    "resources": [
        {
            "schemas": ["urn:hid:scim:api:idp:2.0:PseudonymizationToken"],
            "token": "b0152e88-cad6-4e1d-90c5-2a2154100a88",
            "value": "my firstname",
            "ownerId": "11438",
            "ownerExtId": "myuser"
        },
        {
            "schemas": ["urn:hid:scim:api:idp:2.0:PseudonymizationToken"],
            "token": "f97be5d9-c0e8-4955-a480-6a6b3b470adf",
            "value": "+33601020304",
            "ownerId": "11438",
            "ownerExtId": "myuser"
        }
    ]
}
Note: For further information, see Searching with the SCIM API.