This repository was archived by the owner on Jan 4, 2026. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathswagger.clean.yaml
More file actions
11018 lines (10842 loc) · 352 KB
/
Copy pathswagger.clean.yaml
File metadata and controls
11018 lines (10842 loc) · 352 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
openapi: 3.0.0
info:
version: 1.0.0
title: UEAuth Service
description: "UEAuth is provided by <a href='https://unitedeffects.com'>United Effects Inc</a>. Copyright © 2024, all rights reserved.<br><br>
As a general reference, this provider implements the following OIDC endpoints. All OpenID Connect schema specific endpoints follow the pattern <code>/{group}/path</code>.<br>UE Auth identity and access endpoints follow the pattern <code>/api/{group}/path</code>. Full documentation on the OpenID Connect specification can be found here: <a href='https://openid.net/developers/specs/'>OIDC API DOCUMENTATION</a>.<br><code><br>authorization: '/{group}/auth',<br>
check_session: '/{group}/session/check',<br>
code_verification: '/{group}/device',<br>
device_authorization: '/{group}/device/auth',<br>
end_session: '/{group}/session/end',<br>
introspection: '/{group}/token/introspection',<br>
initial_access: '/{group}/token/initial_access',<br>
jwks: '/{group}/jwks',<br>
pushed_authorization_request: '/{group}/request',<br>
registration: '/{group}/reg',<br>
revocation: '/{group}/token/revocation',<br>
token: '/{group}/token',<br>
userinfo: '/{group}/me'</code><br><br>
<small>Not all of the above endpoints are detailed with contracts in this API documentation. Please reference the <a href='https://openid.net/developers/specs/'>OIDC</a> docs for any path specs not shown.</small><br><br>
<h2>Query and Patch Standards</h2>This API uses <a href='https://www.odata.org/documentation/'>oData</a> and <a href='http://jsonpatch.com/'>JSON Patch</a> as standards for most paginated GET and PATCH methods. You may wish to review these standards."
x-logo:
url: https://ue-platform-content.s3.amazonaws.com/0f8aeec8-8e9b-4629-b06c-6672b4a2e9ad
tags:
- name: OIDC
description: Some Key OIDC endpoints (not all) - see <a href='https://openid.net/developers/specs/'>OIDC API DOCUMENTATION</a>
- name: Users
description: User Accounts unique to the Auth Group. Email must be unique
- name: Profiles
description: Secured Account Profiles
- name: Profile Requests
description: Request access to someone's profile data
- name: Profile Access
description: View access you have or have granted to secured profiles
- name: Clients
description: Reading or Deleting Clients in your Auth Group. User OIDC /reg for Create or Updates
- name: Account Dashboard
description: Manage personal account notifications, organizations, products, and more
- name: Client Access
description: Clients can be supplied with a single product reference and multiple roles to empower them with permissions
- name: Product Keys
description: (WARNING - BETA) Create and manage groupings of long-lived and hidden client-credential tokens that can be used to create marketplace style integrations
- name: Validate Access
description: Use this endpoint to return the access associated to an accessToken or clientCredential
- name: Products
description: Manage Products within your Auth Group
- name: Roles
description: Manage Roles globally for all Products and all Organizations
- name: Permissions
description: Manage Permissinos for one Product at a time.
- name: Notification
description: Manage notifications sent to the http notification plugin. Requires the Notifications plugin to be enabled.
- name: Device Challenge
description: Manage device MFA/Challenge/Sign-on interactions. Requires the MFA Challenge plugin to be enabled.
- name: WebAuthN
description: Manage WebAuthN (passkey) interactions. Requires the WebAuthN plugin to be enabled.
- name: Operations
description: Commands for Artifact or Security Updates
- name: Organizations
description: Manage subsets of the Auth Group data to represent customers, departments, etc. Apply Products to indicate licensed software
- name: Organization Users & Access
description: Managing enterprise access being applied to users
- name: Organization User Profiles
description: Personal information (name, address, number) added and only accessible by the Organization and referenced Account
- name: Organization Notification
description: Manage notifications within the context of an Organization. Requires the plugin to be enabled.
- name: Organization Domains
description: Separate an Organization into smaller subsets to which product access can be assigned
- name: Organization Products
description: Access products associated to your Organization
- name: Organization Permissions
description: Access permissions of products associated to your Organization
- name: Organization Roles
description: Manage Roles specific to a single organization. Sometimes referred to as "Custom Roles"
- name: System
paths:
# Device Challenge
/api/{group}/mfa/callback:
post:
tags:
- Device Challenge
summary: Callback used by provider to communicate user approval or denial of challenge
description: When configuring an MFA provider, you will likely need to provide a callback uri.
operationId: mfaCallback
parameters:
- name: group
in: path
description: the auth group ID associated to your business account
schema:
type: string
required: true
responses:
'204':
description: callback accepted
'400':
$ref: '#/components/responses/BadRequest'
requestBody:
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/callbackRequest'
/api/{group}/mfa/{key}/account/{account}/interaction/{uid}/status:
get:
tags:
- Device Challenge
summary: Poll UE Auth for a response to a challenge.
description: You can poll UE Auth for the response to a challenge sent to a user.
operationId: mfaStatus
parameters:
- name: group
in: path
description: the auth group ID associated to your business account
schema:
type: string
required: true
- name: key
in: path
description: the providerKey (id) returned by the challenge request
schema:
type: string
required: true
- name: account
in: path
description: the account Id being challenged
schema:
type: string
required: true
- name: uid
in: path
description: the interaction Id or state used to ensure secure interaction
schema:
type: string
required: true
responses:
'204':
description: approved
'206':
description: not yet approved
'400':
$ref: '#/components/responses/BadRequest'
/api/{group}/mfa/instructions:
post:
tags:
- Device Challenge
summary: Request an account be bound and instructions for device setup be provided
description: This API is multi-purpose, responding to a request based on which properties have been provided. See request object for details.
operationId: mfaInstructions
parameters:
- name: group
in: path
description: the auth group ID associated to your business account
schema:
type: string
required: true
responses:
'200':
description: successful operation
content:
application/json:
schema:
$ref: '#/components/schemas/mfaInstructions'
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'427':
$ref: '#/components/responses/ExpectationFailed'
security:
- bearer: []
- basic: []
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/mfaRequestBind'
required: true
/api/{group}/mfa/safe-recovery:
post:
tags:
- Device Challenge
summary: Request to verify your identity via email or an existing MFA device
description: This API allows a user to validate who they are through email or a challenge. This is used as part of MFA recovery when the user wants to bind to a new device. Security on this is an initial access token as provided by the instructions endpoint.
operationId: mfaSafeRecovery
parameters:
- name: group
in: path
description: the auth group ID associated to your business account
schema:
type: string
required: true
responses:
'200':
description: successful operation
content:
application/json:
schema:
$ref: '#/components/schemas/mfaSafeRecovery'
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'427':
$ref: '#/components/responses/ExpectationFailed'
security:
- bearer: [ ]
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/sendMfaSafeRecovery'
required: true
/api/{group}/device/challenge:
put:
tags:
- Device Challenge
summary: BETA - Send custom transaction challenges to a registered device within your AuthGroup.
description: BETA - Send custom transaction challenges to a registered device within your AuthGroup. This API allows you to define and send a transaction challenge with a callback that is called when the user responds.
operationId: customChallenge
parameters:
- name: group
in: path
description: the auth group ID associated to your business account
schema:
type: string
required: true
responses:
'200':
description: successful operation
content:
application/json:
schema:
type: object
properties:
key:
type: string
format: uuid
accountId:
type: string
format: uuid
state:
type: string
description: cryptographically secure 64 character value
callback:
type: string
format: uri
duration:
type: string
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'427':
$ref: '#/components/responses/ExpectationFailed'
security:
- bearer: [ ]
requestBody:
required: true
content:
application/json:
schema:
type: object
required:
- title
- header
- message
- lookup
properties:
title:
type: string
description: The title of your transaction challenge
header:
type: string
description: The header that is displayed to the user on the auth app
message:
type: string
description: The message the user will see in the auth app
lookup:
type: string
description: The email address or account ID of the user
state:
type: string
description: A unique cryptographically secure value to mark this transaction. If not provided, one will be generated. If unsure, we recommend letting UE Auth generate it.
duration:
type: string
description: How long should the system wait before the request expires? 5m (five minutes), 10m (ten minutes), etc.
callback:
type: string
format: uri
description: What url should UE Auth send a POST request to notify of a response?
post:
tags:
- Device Challenge
summary: For an account with a saved state session, initiate a device based challenge.
description: For an account with a saved state session, initiate a device based challenge.
operationId: deviceSendChallenge
parameters:
- name: group
in: path
description: the auth group ID associated to your business account
schema:
type: string
required: true
responses:
'200':
description: successful operation
content:
application/json:
schema:
type: object
properties:
accountId:
type: string
format: uuid
response:
type: object
description: response from provider
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'427':
$ref: '#/components/responses/ExpectationFailed'
security:
- bearer: [ ]
requestBody:
content:
application/json:
schema:
type: object
properties:
lookup:
type: string
description: an email, username, or phone number
state:
type: string
description: a previously saved state session to ensure this endpoint is not abused
required: true
# WebAuthN
/api/{group}/webauthn/bind:
post:
tags:
- WebAuthN
summary: Initiate binding a user local device webAuthN using a state value and token
description: Initiate binding a user local device webAuthN using a state value and token
operationId: webAuthNBind
parameters:
- name: group
in: path
description: the auth group ID associated to your business account
schema:
type: string
required: true
responses:
'200':
description: successful operation
content:
application/json:
schema:
type: object
properties:
registrationOptions:
type: object
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'427':
$ref: '#/components/responses/ExpectationFailed'
security:
- bearer: [ ]
requestBody:
content:
application/json:
schema:
type: object
properties:
state:
type: string
required: true
/api/{group}/webauthn/finish:
post:
tags:
- WebAuthN
summary: Complete webAuthN user to local device binding
description: Complete webAuthN user to local device binding
operationId: webAuthNFinish
parameters:
- name: group
in: path
description: the auth group ID associated to your business account
schema:
type: string
required: true
responses:
'200':
description: successful operation
content:
application/json:
schema:
type: object
properties:
success:
type: boolean
default: true
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'427':
$ref: '#/components/responses/ExpectationFailed'
security:
- bearer: [ ]
requestBody:
content:
application/json:
schema:
type: object
properties:
state:
type: string
credential:
type: object
required: true
/api/{group}/webauthn/authenticate:
post:
tags:
- WebAuthN
summary: Initiate a webAuthN (passkey) authentication
description: Initiate a webAuthN (passkey) authentication
operationId: webAuthNAuth
parameters:
- name: group
in: path
description: the auth group ID associated to your business account
schema:
type: string
required: true
responses:
'200':
description: successful operation
content:
application/json:
schema:
type: object
properties:
success:
type: boolean
default: true
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'427':
$ref: '#/components/responses/ExpectationFailed'
security:
- bearer: [ ]
requestBody:
content:
application/json:
schema:
type: object
properties:
email:
type: string
format: email
required: true
# Account APIs
/api/account/groups:
get:
tags:
- Users
summary: Lookup any AuthGroups a user owns
description: Lookup any AuthGroups a user owns. Must be a root user or Notifications must be on so an email can be sent to the user.
operationId: findAccountGroups
parameters:
- name: lookup
in: query
description: the email address of a person
required: true
schema:
type: string
responses:
'200':
description: successful operation
content:
application/json:
schema:
properties:
type:
type: string
example: Account
data:
type: array
items:
type: object
properties:
count:
type: number
groups:
type: object
properties:
_id:
type: string
email:
type: string
group:
type: object
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'404':
$ref: '#/components/responses/NotFound'
'405':
$ref: '#/components/responses/InvalidInput'
'417':
$ref: '#/components/responses/ExpectationFailed'
security:
- bearer: []
- openId: []
/api/{group}/account:
post:
tags:
- Users
summary: Register a new user
description: Register a new user to an Auth Group independant of any organization or other access considerations. Self-registration is possible if the Auth Group has defined locked=false. Otherwise, an appropriately permissioned member of the Auth Group must create the user. Please note that the only data provided by this endpoint (or any Account API) is the id, username, and email (and creat/modify/active meta data) of the user within this AuthGroup. The Account record holds no personal information aside from this email address and an optional phone number which is only visible to that Account owner; however, if you supply profile information, a secured profile record will be generated which the account holder can administrate later.
operationId: writeAccount
parameters:
- name: group
in: path
description: the auth group ID associated to your business account
schema:
type: string
required: true
responses:
'201':
description: successful operation
content:
application/json:
schema:
oneOf:
- $ref: '#/components/schemas/getAccount'
- $ref: '#/components/schemas/firstAccountWrite'
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'404':
$ref: '#/components/responses/NotFound'
'405':
$ref: '#/components/responses/InvalidInput'
'417':
$ref: '#/components/responses/ExpectationFailed'
security:
- bearer: []
- openId: []
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/writeAccount'
description: Account data to be written
required: true
/api/{group}/organization/{org}/accounts/search:
get:
tags:
- Organization Users & Access
summary: Search Accounts in the authGroup with an org context
description: Allows you to search accounts in the authgroup using a text search
operationId: searchAccountsFromOrg
parameters:
- name: group
in: path
description: the auth group ID associated to your business account
schema:
type: string
required: true
- name: org
in: path
description: the organization context
schema:
type: string
required: true
- name: q
in: query
description: keyword search
required: true
schema:
type: string
- name: restrictEmail
in: query
description: restrict the search to specific email domains. comma dilimited
example: example.com,google.com,test.com
schema:
type: string
responses:
'200':
description: successful operation
content:
application/json:
schema:
properties:
type:
type: string
example: Account
data:
$ref: '#/components/schemas/searchAccounts'
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'404':
$ref: '#/components/responses/NotFound'
'405':
$ref: '#/components/responses/InvalidInput'
'417':
$ref: '#/components/responses/ExpectationFailed'
security:
- bearer: []
- openId: []
/api/{group}/accounts/search:
get:
tags:
- Users
summary: Search Accounts in the authGroup
description: Allows you to search accounts in the authgroup using a text search
operationId: searchAccounts
parameters:
- name: group
in: path
description: the auth group ID associated to your business account
schema:
type: string
required: true
- name: q
in: query
description: keyword search
required: true
schema:
type: string
- name: restrictEmail
in: query
description: restrict the search to specific email domains. comma dilimited
example: example.com,google.com,test.com
schema:
type: string
responses:
'200':
description: successful operation
content:
application/json:
schema:
properties:
type:
type: string
example: Account
data:
$ref: '#/components/schemas/searchAccounts'
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'404':
$ref: '#/components/responses/NotFound'
'405':
$ref: '#/components/responses/InvalidInput'
'417':
$ref: '#/components/responses/ExpectationFailed'
security:
- bearer: []
- openId: []
/api/{group}/accounts:
post:
tags:
- Users
summary: Import users to the Auth Group
description: This API allows you to import an array of users to the Auth Group independant of any organization or other access considerations. This API cannot be used for self-registration. Passwords are automatically generated and all users must claim their accounts. No profile data can be added with this API.
operationId: importAccounts
parameters:
- name: group
in: path
description: the auth group ID associated to your business account
schema:
type: string
required: true
responses:
'201':
description: successful operation
content:
application/json:
schema:
properties:
type:
type: string
example: 'Accounts'
data:
type: object
properties:
attempted:
type: number
description: how many attempted
ok:
type: number
description: how many successfully written?
failed:
type: array
items:
type: object
description: which accounts failed and why
success:
type: array
items:
$ref: '#/components/schemas/getAccount'
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'404':
$ref: '#/components/responses/NotFound'
'405':
$ref: '#/components/responses/InvalidInput'
'417':
$ref: '#/components/responses/ExpectationFailed'
security:
- bearer: [ ]
- openId: [ ]
requestBody:
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/importAccount'
description: Account data to be written
required: true
get:
tags:
- Users
summary: Retrieve all users in the Auth Group
description: This will return every Account (user) associated to the Auth Group.
operationId: getAccounts
parameters:
- name: group
in: path
description: the auth group ID associated to your business account
schema:
type: string
required: true
- name: $filter
in: query
description: oData filter Query
required: false
schema:
type: string
- name: $select
in: query
description: oData select Query
required: false
schema:
type: string
- name: $orderby
in: query
description: oData orderby Query
required: false
schema:
type: string
- name: $skip
in: query
description: oData skip Query
required: false
schema:
type: string
- name: $top
in: query
description: oData top Query
required: false
schema:
type: string
responses:
'200':
description: successful operation
content:
application/json:
schema:
$ref: '#/components/schemas/getAccounts'
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'404':
$ref: '#/components/responses/NotFound'
'405':
$ref: '#/components/responses/InvalidInput'
'417':
$ref: '#/components/responses/ExpectationFailed'
security:
- bearer: []
- openId: []
'/api/{group}/account/{id}':
get:
tags:
- Users
summary: Find a User with ID
description: Identify a single user by their user ID. If you enter "me" in the ID field, it will return your own information.
operationId: getAccount
parameters:
- name: group
in: path
description: the auth group ID associated to your business account
schema:
type: string
required: true
- name: id
in: path
description: id of account type to return
required: true
schema:
type: string
responses:
'200':
description: successful operation
content:
application/json:
schema:
$ref: '#/components/schemas/getAccount'
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'404':
$ref: '#/components/responses/NotFound'
'405':
$ref: '#/components/responses/InvalidInput'
'417':
$ref: '#/components/responses/ExpectationFailed'
security:
- bearer: []
- openId: []
delete:
tags:
- Users
summary: Hard delete a user
description: This request will completely remove the unique Account from the AuthGroup. You should be careful with this method as it may lead to unforeseen data states such as orphaned records if you have tightly integrated with this API.
operationId: deleteAccount
parameters:
- name: group
in: path
description: the auth group ID associated to your business account
schema:
type: string
required: true
- name: id
in: path
description: id of account type to delete
required: true
schema:
type: string
responses:
'200':
description: successful operation
content:
application/json:
schema:
$ref: '#/components/schemas/getAccount'
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'404':
$ref: '#/components/responses/NotFound'
'405':
$ref: '#/components/responses/InvalidInput'
'417':
$ref: '#/components/responses/ExpectationFailed'
security:
- bearer: []
- openId: []
patch:
tags:
- Users
summary: Patch an existing User
description: This allows you to update an Account record. While there is a permission to allow administrators of the AuthGroup to do this, it is recommended that you typically allow users themselves to manage their information unless they request assistance.
operationId: patchAccount
parameters:
- name: group
in: path
description: the auth group ID associated to your business account
schema:
type: string
required: true
- name: id
in: path
description: id of account to update
required: true
schema:
type: string
responses:
'201':
description: successful operation
content:
application/json:
schema:
$ref: '#/components/schemas/getAccount'
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'404':
$ref: '#/components/responses/NotFound'
'405':
$ref: '#/components/responses/InvalidInput'
'417':
$ref: '#/components/responses/ExpectationFailed'
security:
- bearer: []
- openId: []
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/jsonPatch'
description: JSON Patch specific to your account object
required: true
/api/{group}/account/codes:
put:
tags:
- Users
summary: Create Account Recovery Codes
description: Recovery codes are 10 hashed strings that are only ever displayed when the user generates them. In the event of an account lockout, they can be used to restore access and reset password should no other option be available. If lost, they must be reset. They cannot be updated and hitting this endpoint more than once will reset them.
operationId: writeRecoveryCodes
parameters:
- name: group
in: path
description: the auth group ID associated to your business account
schema:
type: string
required: true
responses:
'200':
description: successful operation
content:
application/json:
schema:
type: object
properties:
type:
type: string
example: Accounts
data:
type: array
items:
type: string
description: the codes
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'404':
$ref: '#/components/responses/NotFound'
'405':
$ref: '#/components/responses/InvalidInput'
'417':
$ref: '#/components/responses/ExpectationFailed'
security:
- bearer: []
- openId: []
/api/{group}/account/panic:
put:
tags:
- Users
summary: Immediately Lock an Account
description: If a user notices unusual activity, they can immediately lock their account. This action requires recovery codes to undo. If the user has not generated recovery codes, they will need to contact an administrator for assistance. This action will also kill all active sessions for the user. PLEASE NOTE, if JWT tokens have been issued for the account, this will not disable them. Always ensure that Access Tokens have reasonable expiration times to avoid issues with locked accounts and live active JWT tokens.
operationId: lockMyAccount
parameters:
- name: group
in: path
description: the auth group ID associated to your business account
schema:
type: string
required: true
responses:
'204':
description: successful operation
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'