openapi: 3.0.3 info: title: Rokwire Core Building Block API description: Core Building Block API Documentation version: 1.62.0 servers: - url: https://api.rokwire.illinois.edu/core tags: - name: Services description: Clients applications APIs. - name: Admin description: Clients administration applications APIs. - name: Enc description: APIs consumed by the Encryption building block. - name: BBs description: APIs consumed by the platform building blocks. - name: Third-Party Services description: APIs consumed by third-party services. - name: UI description: Endpoints for HTML webpages - name: System description: System APIs. paths: /services/auth/login: post: tags: - Services summary: Login description: | Login using credentials to retrieve access token, refresh token, and user data requestBody: description: | User credential details and parameters content: application/json: schema: $ref: '#/components/schemas/_shared_req_Login' examples: email-sign_in: summary: Email - sign in value: auth_type: email app_type_identifier: edu.illinois.rokwire org_id: 0a2eff20-e2cd-11eb-af68-60f81db5ecc0 api_key: 95a463e3-2ce8-450b-ba75-d8506b874738 creds: email: test@example.com password: test12345 device: type: mobile device_id: "5555" os: Android email-sign_up: summary: Email - sign up value: auth_type: email app_type_identifier: edu.illinois.rokwire org_id: 0a2eff20-e2cd-11eb-af68-60f81db5ecc0 api_key: 95a463e3-2ce8-450b-ba75-d8506b874738 creds: email: test@example.com password: test12345 params: sign_up: true confirm_password: test12345 preferences: key1: value1 key2: value2 profile: address: address address2: address2 po_box: po box city: city birth_year: 1990 country: county email: email first_name: first name last_name: last name phone: "+000000000000" photo_url: photo url state: state zip_code: zip code privacy: public: false device: type: mobile device_id: "5555" os: Android phone: summary: Phone - sign in OR sign up value: auth_type: twilio_phone app_type_identifier: edu.illinois.rokwire org_id: 0a2eff20-e2cd-11eb-af68-60f81db5ecc0 api_key: 95a463e3-2ce8-450b-ba75-d8506b874738 creds: phone: "+12223334444" code: "123456" preferences: key1: value1 key2: value2 profile: address: address address2: address2 po_box: po box city: city birth_year: 1990 country: county email: email first_name: first name last_name: last name phone: "+000000000000" photo_url: photo url state: state zip_code: zip code privacy: public: false device: type: mobile device_id: "5555" os: Android illinois_oidc: summary: Illinois OIDC login value: auth_type: illinois_oidc app_type_identifier: edu.illinois.rokwire org_id: 0a2eff20-e2cd-11eb-af68-60f81db5ecc0 api_key: 95a463e3-2ce8-450b-ba75-d8506b874738 creds: https://redirect.example.com?code=ai324uith8gSEefesEguorgwsf43 params: redirect_uri: https://redirect.example.com pkce_verifier: w4iuhfq0u43hfq38ghn3gnSFSFiqp3ugnpugnqiprgUGNPINfsdoirpgia preferences: key1: value1 key2: value2 profile: address: address address2: address2 po_box: po box city: city birth_year: 1990 country: county email: email first_name: first name last_name: last name phone: "+000000000000" photo_url: photo url state: state zip_code: zip code privacy: public: false device: type: mobile device_id: "5555" os: Android anonymous: summary: Anonymous login value: auth_type: anonymous app_type_identifier: edu.illinois.rokwire org_id: 0a2eff20-e2cd-11eb-af68-60f81db5ecc0 api_key: 95a463e3-2ce8-450b-ba75-d8506b874738 creds: anonymous_id: dbb5ea5d-6c6c-44b8-9952-7ebf0e844beb device: type: mobile device_id: "5555" os: Android username-sign_in: summary: Username - sign in value: auth_type: username app_type_identifier: edu.illinois.rokwire org_id: 0a2eff20-e2cd-11eb-af68-60f81db5ecc0 api_key: 95a463e3-2ce8-450b-ba75-d8506b874738 creds: username: testName password: test12345 device: type: mobile device_id: "5555" os: Android username-sign_up: summary: Username - sign up value: auth_type: username app_type_identifier: edu.illinois.rokwire org_id: 0a2eff20-e2cd-11eb-af68-60f81db5ecc0 api_key: 95a463e3-2ce8-450b-ba75-d8506b874738 creds: username: testName password: test12345 params: sign_up: true confirm_password: test12345 preferences: key1: value1 key2: value2 profile: address: address address2: address2 po_box: po box city: city birth_year: 1990 country: county email: email first_name: first name last_name: last name phone: "+000000000000" photo_url: photo url state: state zip_code: zip code privacy: public: false device: type: mobile device_id: "5555" os: Android required: true responses: "200": description: Success content: application/json: schema: anyOf: - $ref: '#/components/schemas/_shared_res_Login_Mfa' - $ref: '#/components/schemas/_shared_res_Login' "400": description: Bad request "401": description: Unauthorized "500": description: Internal error content: application/json: schema: type: object properties: status: type: string enum: - invalid - unverified - verification-expired - already-exists - not-found - internal-server-error - shared-credential-unverified description: | - `invalid`: Invalid credentials - `unverified`: Unverified credentials - `verification-expired`: Credentials verification expired. The verification is restarted - `already-exists`: Account already exists when `sign-up=true` - `not-found`: Account could not be found when `sign-up=false` - `internal-server-error`: An undefined error occurred - `shared-credential-unverified`: The shared credential has not been verified yet message: type: string /services/auth/mfa: post: tags: - Services summary: MFA description: | Verify multi-factor authentication credentials to complete login parameters: - name: state in: query description: Login state required: false style: form explode: false schema: type: string requestBody: description: | MFA credentials and parameters content: application/json: schema: $ref: '#/components/schemas/_shared_req_Login_Mfa' required: true responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/_shared_res_Login' "400": description: Bad request "401": description: Unauthorized "500": description: Internal error /services/auth/refresh: post: tags: - Services summary: Refresh description: | Refresh access token using a refresh token requestBody: description: | Refresh token content: application/json: schema: $ref: '#/components/schemas/_shared_req_Refresh' required: true responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/_shared_res_Refresh' "400": description: Bad request "401": description: Unauthorized "500": description: Internal error /services/auth/login-url: post: tags: - Services summary: Get SSO login url description: | Retrieve a pre-formatted SSO login URL requestBody: content: application/json: schema: $ref: '#/components/schemas/_shared_req_LoginUrl' required: true responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/_shared_res_LoginUrl' "400": description: Bad request "401": description: Unauthorized "500": description: Internal error /services/auth/logout: post: tags: - Services summary: Logout description: | Logouts an account security: - bearerAuth: [] requestBody: content: application/json: schema: required: - all_sessions type: object properties: all_sessions: type: boolean default: false responses: "200": description: Success content: text/plain: schema: type: string example: Success "400": description: Bad request "401": description: Unauthorized "500": description: Internal error /services/auth/credential/verify: get: tags: - Services summary: Validate verification code description: | Validates verification code to verify account ownership parameters: - name: id in: query description: Credential ID required: true style: form explode: false schema: type: string - name: code in: query description: Verification code required: true style: form explode: false schema: type: string responses: "200": description: Successful operation content: text/plain: schema: type: string example: Successfully verified code "400": description: Bad request "401": description: Unauthorized "500": description: Internal error /services/auth/credential/send-verify: post: tags: - Services summary: Send verification code to identifier description: | Sends verification code to identifier to verify account ownership requestBody: description: | Account information to be checked content: application/json: schema: $ref: '#/components/schemas/_services_req_credential_send-verify' required: true responses: "200": description: Successful operation content: text/plain: schema: type: string example: Successfully sent verification code "400": description: Bad request "401": description: Unauthorized "500": description: Internal error /services/auth/credential/forgot/initiate: post: tags: - Services summary: Initiate reset credential for a given identifier description: "Email auth type:\nSends the reset password code for a given identifier\nGenerates a reset code and expiry and sends it to the given identifier \n" requestBody: content: application/json: schema: $ref: '#/components/schemas/_services_req_credential_forgot_initiate' required: true responses: "200": description: Success content: text/plain: schema: type: string "400": description: Bad request "401": description: Unauthorized "500": description: Internal error content: application/json: schema: type: object properties: status: type: string enum: - unverified - verification-expired - internal-server-error description: | - `unverified`: Unverified credentials - `verification-expired`: Credentials verification expired. The verification is restarted - `internal-server-error`: An undefined error occurred message: type: string /services/auth/credential/forgot/complete: post: tags: - Services summary: Complete resetting forgotten credential requestBody: content: application/json: schema: $ref: '#/components/schemas/_services_req_credential_forgot_complete' required: true responses: "200": description: Success content: text/plain: schema: type: string "400": description: Bad request "401": description: Unauthorized "500": description: Internal error /services/auth/credential/update: post: tags: - Services summary: Reset a credential from client application description: | Needs user auth token for authorization **Auth:** Requires token from direct user authentication from recent login security: - bearerAuth: [] requestBody: content: application/json: schema: $ref: '#/components/schemas/_services_req_credential_update' required: true responses: "200": description: Success content: text/plain: schema: type: string "400": description: Bad request "401": description: Unauthorized "500": description: Internal error /services/auth/verify-mfa: post: tags: - Services summary: MFA description: | Verify multi-factor authentication credentials to complete MFA registration requestBody: description: | MFA credentials and parameters content: application/json: schema: $ref: '#/components/schemas/_shared_req_Mfa' required: true responses: "200": description: Success content: application/json: schema: type: array items: type: string "400": description: Bad request "401": description: Unauthorized "500": description: Internal error /services/auth/account/exists: post: tags: - Services summary: Check if an account already exists description: | Account exists checks if an account exists for the provided user identifier and auth type requestBody: description: | Account information to be checked content: application/json: schema: $ref: '#/components/schemas/_shared_req_AccountCheck' required: true responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/_shared_res_AccountCheck' "400": description: Bad request "401": description: Unauthorized "500": description: Internal error /services/auth/account/can-sign-in: post: tags: - Services summary: Check if a client can sign in description: | Checks if a client can sign in to an existing account for the provided user identifier and auth type requestBody: description: | Account information to be checked content: application/json: schema: $ref: '#/components/schemas/_shared_req_AccountCheck' required: true responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/_shared_res_AccountCheck' "400": description: Bad request "401": description: Unauthorized "500": description: Internal error /services/auth/account/can-link: post: tags: - Services summary: Check if a client can link an auth type description: | Checks if a client is able to link a new auth type to an account requestBody: description: | Account information to be checked content: application/json: schema: $ref: '#/components/schemas/_shared_req_AccountCheck' required: true responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/_shared_res_AccountCheck' "400": description: Bad request "401": description: Unauthorized "500": description: Internal error /services/auth/account/auth-type/link: post: tags: - Services summary: Link credentials description: | Link credentials to an existing account **Auth:** Requires "authenticated" auth token security: - bearerAuth: [] requestBody: content: application/json: schema: $ref: '#/components/schemas/_services_req_account_auth-type-link' examples: email-sign_up: summary: Email value: auth_type: email app_type_identifier: edu.illinois.rokwire org_id: 0a2eff20-e2cd-11eb-af68-60f81db5ecc0 api_key: 95a463e3-2ce8-450b-ba75-d8506b874738 creds: email: test@example.com password: test12345 params: confirm_password: test12345 phone: summary: Phone value: auth_type: twilio_phone app_type_identifier: edu.illinois.rokwire org_id: 0a2eff20-e2cd-11eb-af68-60f81db5ecc0 api_key: 95a463e3-2ce8-450b-ba75-d8506b874738 creds: phone: "+12223334444" illinois_oidc: summary: Illinois OIDC value: auth_type: illinois_oidc app_type_identifier: edu.illinois.rokwire org_id: 0a2eff20-e2cd-11eb-af68-60f81db5ecc0 api_key: 95a463e3-2ce8-450b-ba75-d8506b874738 creds: https://redirect.example.com?code=ai324uith8gSEefesEguorgwsf43 params: redirect_uri: https://redirect.example.com pkce_verifier: w4iuhfq0u43hfq38ghn3gnSFSFiqp3ugnpugnqiprgUGNPINfsdoirpgia required: true responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/_services_res_account_auth-type-link' "400": description: Bad request "401": description: Unauthorized "500": description: Internal error content: application/json: schema: type: object properties: status: type: string enum: - invalid - unverified - verification-expired - already-exists - not-found - internal-server-error description: | - `invalid`: Invalid credentials - `unverified`: Unverified credentials - `verification-expired`: Credentials verification expired. The verification is restarted - `already-exists`: Auth type identifier already exists - `not-found`: Account could not be found when `sign-up=false` - `internal-server-error`: An undefined error occurred message: type: string delete: tags: - Services summary: Unlink credentials description: | Unlink credentials from an existing account **Auth:** Requires "authenticated" auth token security: - bearerAuth: [] requestBody: content: application/json: schema: $ref: '#/components/schemas/_services_req_account_auth-type-unlink' examples: email: summary: Email value: auth_type: email app_type_identifier: edu.illinois.rokwire identifier: test@example.com phone: summary: Phone value: auth_type: twilio_phone app_type_identifier: edu.illinois.rokwire identifier: "+12223334444" illinois_oidc: summary: Illinois OIDC value: auth_type: illinois_oidc app_type_identifier: edu.illinois.rokwire identifier: "123456789" required: true responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/_services_res_account_auth-type-link' "400": description: Bad request "401": description: Unauthorized "500": description: Internal error /services/auth/authorize-service: post: tags: - Services summary: Authorize service description: | Authorize a third-party service and get a scoped access token that can be used to access its APIs **Auth:** Requires user auth token security: - bearerAuth: [] requestBody: content: application/json: schema: $ref: '#/components/schemas/_services_req_authorize-service' responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/_services_res_authorize-service' examples: authorized: summary: Service authorized value: access_token: string token_type: Bearer approved_scopes: - string unauthorized: summary: Service unauthorized value: service_reg: service_id: string service_account_id: string host: string pub_key: key_pem: string alg: string name: string description: string info_url: string logo_url: string scopes: - scope: string required: true explanation: string first_party: true "400": description: Bad request "401": description: Unauthorized "500": description: Internal error /services/auth/service-regs: get: tags: - Services summary: Get service registrations description: | Returns service registration records **Auth:** Requires auth token security: - bearerAuth: [] parameters: - name: ids in: query description: A comma-separated list of service IDs to return registrations for required: true style: form explode: false schema: type: string responses: "200": description: Success content: application/json: schema: type: array items: $ref: '#/components/schemas/ServiceReg' "400": description: Bad request "401": description: Unauthorized "500": description: Internal error /services/accounts: get: tags: - Services summary: Finds accounts description: | Finds accounts using a set of optional search parameters **Auth:** Requires access token with `get_accounts`, `update_accounts`, or `all_accounts` permission security: - bearerAuth: [] parameters: - name: limit in: query description: The maximum number of accounts to return required: false style: form explode: false schema: type: integer - name: offset in: query description: The index of the first account to return required: false style: form explode: false schema: type: integer - name: account-id in: query description: The account ID required: false style: form explode: false schema: type: string - name: firstname in: query description: The account profile first name required: false style: form explode: false schema: type: string - name: lastname in: query description: The account profile last name required: false style: form explode: false schema: type: string - name: auth-type in: query description: The auth type required: false style: form explode: false schema: type: string - name: auth-type-identifier in: query description: The authentication type identifier required: false style: form explode: false schema: type: string - name: has-permissions in: query description: Account has permissions (permissions, roles, or groups) filter required: false style: form explode: false schema: type: boolean - name: permissions in: query description: A comma-separated list of permission names required: false style: form explode: false schema: type: string - name: role-ids in: query description: A comma-separated list of role IDs required: false style: form explode: false schema: type: string - name: group-ids in: query description: A comma-separated list of group IDs required: false style: form explode: false schema: type: string responses: "200": description: Success content: application/json: schema: type: array items: $ref: '#/components/schemas/PartialAccount' "400": description: Bad request "401": description: Unauthorized "500": description: Internal error post: tags: - Services summary: Create admin account description: | Create a new admin account **Auth:** Requires auth token with `create_accounts` or `all_accounts` permission security: - bearerAuth: [] requestBody: description: | User account details and parameters content: application/json: schema: $ref: '#/components/schemas/_shared_req_CreateAccount' required: true responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/PartialAccount' "400": description: Bad request "401": description: Unauthorized "500": description: Internal error put: tags: - Services summary: Update admin account description: | Update an existing admin account **Auth:** Requires auth token with `update_accounts` or `all_accounts` permission security: - bearerAuth: [] requestBody: description: | User account details and parameters content: application/json: schema: $ref: '#/components/schemas/_shared_req_UpdateAccount' required: true responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/PartialAccount' "400": description: Bad request "401": description: Unauthorized "500": description: Internal error /services/accounts/public: get: tags: - Services summary: Finds public accounts description: | Finds public accounts using search, username, first name, and last name, following id, and follower id security: - bearerAuth: [] parameters: - name: limit in: query description: The maximum number of accounts to return required: false style: form explode: false schema: type: integer - name: offset in: query description: The index of the first account to return required: false style: form explode: false schema: type: integer - name: search in: query description: The search for username, firstname, or lastname required: false style: form explode: false schema: type: string - name: username in: query description: The username required: false style: form explode: false schema: type: string - name: firstname in: query description: The account profile first name required: false style: form explode: false schema: type: string - name: lastname in: query description: The account profile last name required: false style: form explode: false schema: type: string - name: following-id in: query description: The ID of the account being followed required: false style: form explode: false schema: type: string - name: follower-id in: query description: The ID of the account following required: false style: form explode: false schema: type: string - name: unstructured_properties in: query description: Map containing filters by unstructured properties in profile required: false style: form explode: true schema: type: object - name: ids in: query description: A comma-separated list of IDs required: false style: form explode: false schema: type: string responses: "200": description: Success content: application/json: schema: type: array items: $ref: '#/components/schemas/PublicAccount' "400": description: Bad request "401": description: Unauthorized "500": description: Internal error /services/v2/accounts/public: get: tags: - Services summary: Finds public accounts description: | Finds public accounts using search, username, first name, and last name, following id, and follower id security: - bearerAuth: [] parameters: - name: limit in: query description: The maximum number of accounts to return required: false style: form explode: false schema: type: integer - name: offset in: query description: The comma-separated name and ID of the first account to return (lastname,firstname,id) required: false style: form explode: false schema: type: string - name: order in: query description: The sort order to return accounts required: false style: form explode: false schema: type: string enum: - asc - desc - name: search in: query description: The search for username, firstname, or lastname required: false style: form explode: false schema: type: string - name: username in: query description: The username required: false style: form explode: false schema: type: string - name: firstname in: query description: The account profile first name required: false style: form explode: false schema: type: string - name: lastname in: query description: The account profile last name required: false style: form explode: false schema: type: string - name: following-id in: query description: The ID of the account being followed required: false style: form explode: false schema: type: string - name: follower-id in: query description: The ID of the account following required: false style: form explode: false schema: type: string - name: unstructured_properties in: query description: Map containing filters by unstructured properties in profile required: false style: form explode: true schema: type: object - name: ids in: query description: A comma-separated list of IDs required: false style: form explode: false schema: type: string responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/_services_res_accounts-public' "400": description: Bad request "401": description: Unauthorized "500": description: Internal error /services/account: delete: tags: - Services summary: Delete account description: | Deletes account **Auth:** Requires auth token security: - bearerAuth: [] parameters: - name: apps in: query description: A comma-separated list of app_ids required: false style: form explode: false schema: type: string requestBody: description: optional context data per service that should be considered when deleting user data content: application/json: schema: type: array items: $ref: '#/components/schemas/_shared_req_DeleteAccount' examples: single_app_surveys: summary: Retain some survey responses value: - app_id: app_id context: surveys: retain_responses: survey_ids: - survey_id1 - survey_id2 single_app_groups: summary: Retain some groups data value: - app_id: app_id context: groups: retain_posts: group_ids: - group_id1 - group_id2 multiple_app_surveys: summary: Retain some survey responses for multiple apps value: - app_id: app_id1 context: surveys: retain_responses: survey_ids: - survey_id1 - survey_id2 - app_id: app_id2 context: surveys: retain_responses: survey_ids: - survey_id3 - survey_id4 responses: "200": description: Success content: text/plain: schema: type: string example: Success "400": description: Bad request "401": description: Unauthorized "500": description: Internal error get: tags: - Services summary: Get account description: | Gets account **Auth:** Requires auth token security: - bearerAuth: [] responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/Account' "400": description: Bad request "401": description: Unauthorized "500": description: Internal error /services/account/mfa: get: tags: - Services summary: Get account MFA types description: | Get MFA types set up for an account **Auth:** Requires user auth token security: - bearerAuth: [] responses: "200": description: Success content: application/json: schema: type: array items: $ref: '#/components/schemas/_shared_res_Mfa' "400": description: Bad request "401": description: Unauthorized "500": description: Internal error post: tags: - Services summary: Enroll in MFA type description: | Add MFA type to an account **Auth:** Requires user auth token security: - bearerAuth: [] requestBody: description: | MFA enrollment params content: application/json: schema: $ref: '#/components/schemas/_shared_req_Mfa' examples: email: summary: Enroll in email MFA value: identifier: test@test.com type: email required: true responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/_shared_res_Mfa' "400": description: Bad request "401": description: Unauthorized "500": description: Internal error delete: tags: - Services summary: Remove MFA type description: | Remove MFA type from an account **Auth:** Requires user auth token security: - bearerAuth: [] requestBody: description: | MFA params content: application/json: schema: $ref: '#/components/schemas/_shared_req_Mfa' examples: email: summary: Unenroll in email MFA value: identifier: test@test.com type: email responses: "200": description: Success "400": description: Bad request "401": description: Unauthorized "500": description: Internal error /services/account/preferences: put: tags: - Services summary: Update account preferences description: | Updates account preferences **Auth:** Requires auth token security: - bearerAuth: [] requestBody: description: Account preferences content: application/json: schema: type: object required: true responses: "200": description: Success content: text/plain: schema: type: string example: Success "400": description: Bad request "401": description: Unauthorized "500": description: Internal error get: tags: - Services summary: Get preferences description: | Returns account preferences **Auth:** Requires auth token security: - bearerAuth: [] responses: "200": description: Success content: application/json: schema: type: object "400": description: Bad request "401": description: Unauthorized "500": description: Internal error /services/account/profile: get: tags: - Services summary: Get user profile description: | Returns a user profile **Auth:** Requires user auth token security: - bearerAuth: [] responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/Profile' "400": description: Bad request "401": description: Unauthorized "500": description: Internal error put: tags: - Services summary: Update user profile description: | Updates a user profile **Auth:** Requires user auth token security: - bearerAuth: [] requestBody: description: Profile update content: application/json: schema: $ref: '#/components/schemas/Profile' required: true responses: "200": description: Success content: text/plain: schema: type: string example: Success "400": description: Bad request "401": description: Unauthorized "500": description: Internal error /services/account/privacy: get: tags: - Services summary: Get user privacy settings description: | Returns a user's privacy settings **Auth:** Requires user auth token security: - bearerAuth: [] responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/Privacy' "400": description: Bad request "401": description: Unauthorized "500": description: Internal error put: tags: - Services summary: Update user privacy description: | Updates a user privacy **Auth:** Requires user auth token security: - bearerAuth: [] requestBody: description: Privacy update content: application/json: schema: $ref: '#/components/schemas/Privacy' example: public: true field_visibility: profile: first_name: public last_name: connections email: private auth_types: id1: public id2: private external_ids: net_id: connections uin: public username: public required: true responses: "200": description: Success "400": description: Bad request "401": description: Unauthorized "500": description: Internal error /services/account/system-configs: get: tags: - Services summary: Get system configs description: | Returns account system configs **Auth:** Requires auth token security: - bearerAuth: [] responses: "200": description: Success content: application/json: schema: type: object nullable: true "400": description: Bad request "401": description: Unauthorized "500": description: Internal error /services/account/username: put: tags: - Services summary: Update account username description: | Update the username associated with the user's account **Auth:** Requires user access token security: - bearerAuth: [] requestBody: description: Username content: application/json: schema: $ref: '#/components/schemas/Username' required: true responses: "200": description: Success content: text/plain: schema: type: string example: Success "400": description: Bad request "401": description: Unauthorized "500": description: Internal error /services/account/follow: post: tags: - Services summary: Add follower description: | Adds follower to specified user **Auth:** Requires user auth token security: - bearerAuth: [] requestBody: description: Follow relationship content: application/json: schema: $ref: '#/components/schemas/Follow' required: true responses: "200": description: Success content: text/plain: schema: type: string example: Success "400": description: Bad request "401": description: Unauthorized "500": description: Internal error /services/account/follow/{id}: delete: tags: - Services summary: Delete a follow relationship description: | Delete a follow where subject follows userID **Auth:** Requires user auth token security: - bearerAuth: [] parameters: - name: id in: path description: The account ID to stop following required: true style: simple explode: false schema: type: string responses: "200": description: Success "400": description: Bad request "401": description: Unauthorized "500": description: Internal error /services/test: get: tags: - Services summary: Test API.. responses: "200": description: Success content: text/plain: schema: type: string example: Echooo /services/app-configs: post: tags: - Services summary: Gets default app config description: | Returns the default app config for the highest version that is equal to or less than the provided version **Auth:** Requires a valid API Key for access. requestBody: description: | App config query content: application/json: schema: $ref: '#/components/schemas/_shared_req_app-configs' example: version: 1.0.1 app_type_identifier: edu.illinois.rokwire.android api_key: "" responses: "200": description: successfully read app configuration content: application/json: schema: $ref: '#/components/schemas/ApplicationConfig' "400": description: Bad request. "401": description: Unauthorized "404": description: AppConfig not found "500": description: Internal error /services/app-configs/organization: post: tags: - Services summary: Gets organization-specific app configs description: | Returns the app config for the highest version that is equal to or less than the provided version for the currently authenticated organization **Auth:** Requires auth token security: - bearerAuth: [] requestBody: content: application/json: schema: $ref: '#/components/schemas/_shared_req_app-configs-org' example: version: 1.0.1 app_type_identifier: edu.illinois.rokwire.android responses: "200": description: successfully read app configuration content: application/json: schema: $ref: '#/components/schemas/ApplicationConfig' "400": description: Bad request. "401": description: Unauthorized "404": description: AppConfig not found "500": description: Internal error /services/application/configs: post: tags: - Services summary: Gets default app config description: | Returns the default app config for the highest version that is equal to or less than the provided version **Auth:** Requires a valid API Key for access. deprecated: true requestBody: description: | App config query content: application/json: schema: $ref: '#/components/schemas/_shared_req_app-configs' example: version: 1.0.1 app_type_identifier: edu.illinois.rokwire.android api_key: "" responses: "200": description: successfully read app configuration content: application/json: schema: $ref: '#/components/schemas/ApplicationConfig' "400": description: Bad request. "401": description: Unauthorized "404": description: AppConfig not found "500": description: Internal error /services/application/organization/configs: post: tags: - Services summary: Gets organization-specific app configs description: | Returns the app config for the highest version that is equal to or less than the provided version for the currently authenticated organization **Auth:** Requires auth token security: - bearerAuth: [] deprecated: true requestBody: content: application/json: schema: $ref: '#/components/schemas/_shared_req_app-configs-org' example: version: 1.0.1 app_type_identifier: edu.illinois.rokwire.android responses: "200": description: successfully read app configuration content: application/json: schema: $ref: '#/components/schemas/ApplicationConfig' "400": description: Bad request. "401": description: Unauthorized "404": description: AppConfig not found "500": description: Internal error /services/user-data: get: tags: - Services summary: Get user data description: | Gets user data **Auth:** Requires auth token security: - bearerAuth: [] responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/UserData' "400": description: Bad request "401": description: Unauthorized "500": description: Internal errors /admin/auth/login: post: tags: - Admin summary: Login description: | Login using credentials to retrieve access token, refresh token, and user data **Auth:** Requires API key requestBody: description: | User credential details and parameters content: application/json: schema: $ref: '#/components/schemas/_shared_req_Login' examples: email: summary: Email value: auth_type: email app_type_identifier: edu.illinois.rokwire org_id: 0a2eff20-e2cd-11eb-af68-60f81db5ecc0 api_key: 95a463e3-2ce8-450b-ba75-d8506b874738 creds: email: test@example.com password: test12345 device: type: mobile device_id: "5555" os: Android illinois_oidc: summary: Illinois OIDC value: auth_type: illinois_oidc app_type_identifier: edu.illinois.rokwire org_id: 0a2eff20-e2cd-11eb-af68-60f81db5ecc0 api_key: 95a463e3-2ce8-450b-ba75-d8506b874738 creds: https://redirect.example.com?code=ai324uith8gSEefesEguorgwsf43 params: redirect_uri: https://redirect.example.com pkce_verifier: w4iuhfq0u43hfq38ghn3gnSFSFiqp3ugnpugnqiprgUGNPINfsdoirpgia preferences: key1: value1 key2: value2 profile: address: address address2: address2 po_box: po box city: city birth_year: 1990 country: county email: email first_name: first name last_name: last name phone: "+000000000000" photo_url: photo url state: state zip_code: zip code privacy: public: false device: type: mobile device_id: "5555" os: Android required: true responses: "200": description: Success content: application/json: schema: anyOf: - $ref: '#/components/schemas/_shared_res_Login_Mfa' - $ref: '#/components/schemas/_shared_res_Login' "400": description: Bad request "401": description: Unauthorized "500": description: Internal error /admin/auth/mfa: post: tags: - Admin summary: MFA description: | Verify multi-factor authentication credentials to complete login **Auth:** Requires API key parameters: - name: state in: query description: Login state required: false style: form explode: false schema: type: string requestBody: description: | MFA credentials and parameters content: application/json: schema: $ref: '#/components/schemas/_shared_req_Login_Mfa' required: true responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/_shared_res_Login' "400": description: Bad request "401": description: Unauthorized "500": description: Internal error /admin/auth/refresh: post: tags: - Admin summary: Refresh description: | Refresh access token using a refresh token **Auth:** Requires API key requestBody: description: | Refresh token content: application/json: schema: $ref: '#/components/schemas/_shared_req_Refresh' required: true responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/_shared_res_Refresh' "400": description: Bad request "401": description: Unauthorized "500": description: Internal error /admin/auth/login-url: post: tags: - Admin summary: Get SSO login url description: | Retrieve a pre-formatted SSO login URL **Auth:** Requires API key requestBody: content: application/json: schema: $ref: '#/components/schemas/_shared_req_LoginUrl' required: true responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/_shared_res_LoginUrl' "400": description: Bad request "401": description: Unauthorized "500": description: Internal error /admin/auth/verify-mfa: post: tags: - Admin summary: MFA description: | Verify multi-factor authentication credentials to complete MFA registration **Auth:** Requires admin access token requestBody: description: | MFA credentials and parameters content: application/json: schema: $ref: '#/components/schemas/_shared_req_Mfa' required: true responses: "200": description: Success content: application/json: schema: type: array items: type: string "400": description: Bad request "401": description: Unauthorized "500": description: Internal error /admin/auth/app-token: get: tags: - Admin summary: App token description: | Retrieve an admin token for the specified application **Auth:** Requires admin access token security: - bearerAuth: [] parameters: - name: app_id in: query description: The application ID of the token to return required: true style: form explode: false schema: type: string responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/AdminToken' "400": description: Bad request "401": description: Unauthorized "500": description: Internal error /admin/account: get: tags: - Admin summary: Get user account description: | Get the user account **Auth:** Requires admin access token security: - bearerAuth: [] responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/Account' "400": description: Bad request "401": description: Unauthorized "500": description: Internal error /admin/account/mfa: get: tags: - Admin summary: Get account MFA types description: | Get MFA types set up for an account **Auth:** Requires admin access token security: - bearerAuth: [] responses: "200": description: Success content: application/json: schema: type: array items: $ref: '#/components/schemas/_shared_res_Mfa' "400": description: Bad request "401": description: Unauthorized "500": description: Internal error post: tags: - Admin summary: Enroll in MFA type description: | Add MFA type to an account **Auth:** Requires user auth token security: - bearerAuth: [] parameters: - name: type in: query description: MFA type required: true style: form explode: false schema: type: string responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/_shared_res_Mfa' "400": description: Bad request "401": description: Unauthorized "500": description: Internal error delete: tags: - Admin summary: Remove MFA type description: | Remove MFA type from an account **Auth:** Requires user auth token security: - bearerAuth: [] parameters: - name: type in: query description: MFA type required: true style: form explode: false schema: type: string responses: "200": description: Success "400": description: Bad request "401": description: Unauthorized "500": description: Internal error /admin/account/username: put: tags: - Admin summary: Update account username description: | Update the username associated with the user's account **Auth:** Requires user access token security: - bearerAuth: [] requestBody: description: Username content: application/json: schema: $ref: '#/components/schemas/Username' required: true responses: "200": description: Success content: text/plain: schema: type: string example: Success "400": description: Bad request "401": description: Unauthorized "500": description: Internal error /admin/app-configs: post: tags: - Admin summary: Gets default admin app config description: | Returns the default admin app config for the highest version that is equal to or less than the provided version **Auth:** Requires a valid API Key for access. requestBody: description: | App config query content: application/json: schema: $ref: '#/components/schemas/_shared_req_app-configs' example: version: 1.0.1 app_type_identifier: edu.illinois.rokwire.admin.android api_key: "" responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/ApplicationConfig' "400": description: Bad request. "401": description: Unauthorized "404": description: AppConfig not found "500": description: Internal error /admin/app-configs/organization: post: tags: - Admin summary: Gets organization-specific admin app configs description: | Returns the admin app config for the highest version that is equal to or less than the provided version for the currently authenticated organization **Auth:** Requires admin auth token security: - bearerAuth: [] requestBody: content: application/json: schema: $ref: '#/components/schemas/_shared_req_app-configs-org' example: version: 1.0.1 app_type_identifier: edu.illinois.rokwire.admin.android responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/ApplicationConfig' "400": description: Bad request. "401": description: Unauthorized "404": description: AppConfig not found "500": description: Internal error /admin/application/accounts: get: tags: - Admin summary: Finds application accounts description: | Finds accounts for the specified application **Auth:** Requires admin access token with `get_accounts`, `update_accounts`, or `all_accounts` permission security: - bearerAuth: [] parameters: - name: limit in: query description: The maximum number of accounts to return required: false style: form explode: false schema: type: integer - name: offset in: query description: The index of the first account to return required: false style: form explode: false schema: type: integer - name: account-id in: query description: The account ID required: false style: form explode: false schema: type: string - name: firstname in: query description: The account profile first name required: false style: form explode: false schema: type: string - name: lastname in: query description: The account profile last name required: false style: form explode: false schema: type: string - name: auth-type in: query description: The auth type required: false style: form explode: false schema: type: string - name: auth-type-identifier in: query description: The authentication type identifier required: false style: form explode: false schema: type: string - name: has-permissions in: query description: Account has permissions (permissions, roles, or groups) filter required: false style: form explode: false schema: type: boolean - name: permissions in: query description: A comma-separated list of permission names required: false style: form explode: false schema: type: string - name: role-ids in: query description: A comma-separated list of role IDs required: false style: form explode: false schema: type: string - name: user-role in: query description: The user role required: false style: form explode: false schema: type: string - name: group-ids in: query description: A comma-separated list of group IDs required: false style: form explode: false schema: type: string responses: "200": description: Success content: application/json: schema: type: array items: $ref: '#/components/schemas/PartialAccount' "400": description: Bad request "401": description: Unauthorized "500": description: Internal error post: tags: - Admin summary: Create admin accounts deprecated: true description: | Create a new admin account **Auth:** Requires admin access token with `create_accounts` or `all_accounts` permission security: - bearerAuth: [] requestBody: description: | User account details and parameters content: application/json: schema: $ref: '#/components/schemas/_shared_req_CreateAccount' required: true responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/PartialAccount' "400": description: Bad request "401": description: Unauthorized "500": description: Internal error put: tags: - Admin summary: Update admin account description: | Update an existing admin account **Auth:** Requires admin access token with `update_accounts` or `all_accounts` permission security: - bearerAuth: [] requestBody: description: | User account details and parameters content: application/json: schema: $ref: '#/components/schemas/_shared_req_UpdateAccount' required: true responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/PartialAccount' "400": description: Bad request "401": description: Unauthorized "500": description: Internal error /admin/v2/application/accounts: post: tags: - Admin summary: Create accounts description: | Create accounts **Auth:** Requires admin access token with `create_accounts` or `all_accounts` permission security: - bearerAuth: [] requestBody: description: | User account details and parameters content: application/json: schema: type: array items: $ref: '#/components/schemas/_shared_req_CreateAccount' required: true responses: "200": description: Success "400": description: Bad request "401": description: Unauthorized "500": description: Internal error /admin/application/accounts/{id}/devices: get: tags: - Admin summary: Finds application account devices description: | Finds devices for the specified account and application **Auth:** Requires admin access token with `get_account-devices` permission security: - bearerAuth: [] parameters: - name: id in: path description: The account ID required: true style: simple explode: false schema: type: string responses: "200": description: Success content: application/json: schema: type: array items: $ref: '#/components/schemas/Device' "400": description: Bad request "401": description: Unauthorized "500": description: Internal error /admin/application/accounts/{account_id}/login-sessions/{session_id}: delete: tags: - Admin summary: Delete an account session description: | Delete an account session for specific application **Auth:** Requires admin access token with `delete_login-sessions` or `all_login-sessions` permission security: - bearerAuth: [] parameters: - name: session_id in: path description: The sessionID of the login session to delete required: true explode: false schema: type: string - name: account_id in: path description: The accountID of the login session to delete required: true explode: false schema: type: string responses: "200": description: Success content: text/plain: schema: type: string example: Success "400": description: Bad request "401": description: Unauthorized "500": description: Internal error /admin/application/accounts/{id}/permissions: put: tags: - Admin summary: Grant account permissions description: | Grant account permissions **Auth:** Requires admin access token with `update_account-permissions`, `update_accounts`, or `all_accounts` permission security: - bearerAuth: [] parameters: - name: id in: path description: The account ID required: true style: simple explode: false schema: type: string requestBody: description: Permissions content: application/json: schema: $ref: '#/components/schemas/_admin_req_grant-permissions' required: true responses: "200": description: Success content: text/plain: schema: type: string example: Success "400": description: Bad request "401": description: Unauthorized "500": description: Internal error delete: tags: - Admin summary: Delete permissions from account description: | Deletes an existing permissions from account **Auth:** Requires admin access token with `update_account-permissions`, `update_accounts`, or `all_accounts` permission security: - bearerAuth: [] parameters: - name: id in: path description: The account ID required: true style: simple explode: false schema: type: string requestBody: description: Permissions content: application/json: schema: $ref: '#/components/schemas/_admin_req_revoke-permissions' responses: "200": description: Success content: text/plain: schema: type: string example: Success "400": description: Bad request "401": description: Unauthorized "500": description: Internal error /admin/application/accounts/{id}/roles: put: tags: - Admin summary: Grant account roles description: | Grant account roles **Auth:** Requires admin access token with `update_account-auth-roles`, `update_accounts`, or `all_accounts` permission security: - bearerAuth: [] parameters: - name: id in: path description: The account ID required: true style: simple explode: false schema: type: string requestBody: description: Roles content: application/json: schema: $ref: '#/components/schemas/_admin_req_grant-roles-to-account' required: true responses: "200": description: Success content: text/plain: schema: type: string example: Success "400": description: Bad request "401": description: Unauthorized "500": description: Internal error delete: tags: - Admin summary: Delete roles from account description: | Deletes an existing roles from account **Auth:** Requires admin access token with `update_account-auth-roles`, `update_accounts`, or `all_accounts` permission security: - bearerAuth: [] parameters: - name: id in: path description: The account ID required: true style: simple explode: false schema: type: string requestBody: description: Roles content: application/json: schema: $ref: '#/components/schemas/_admin_req_revoke-roles-from-account' responses: "200": description: Success content: text/plain: schema: type: string example: Success "400": description: Bad request "401": description: Unauthorized "500": description: Internal error /admin/application/accounts/{id}/system-configs: get: tags: - Admin summary: Get system configs description: | Returns account system configs **Auth:** Requires admin access token with `get_account-system-configs` or `all_account-system-configs` permission security: - bearerAuth: [] parameters: - name: id in: path description: The account ID required: true style: simple explode: false schema: type: string responses: "200": description: Success content: application/json: schema: type: object nullable: true "400": description: Bad request "401": description: Unauthorized "500": description: Internal error put: tags: - Admin summary: Update account system configs description: | Updates account system configs **Auth:** Requires admin access token with `update_account-system-configs` or `all_account-system-configs` permission security: - bearerAuth: [] parameters: - name: id in: path description: The account ID required: true style: simple explode: false schema: type: string - name: create-anonymous in: query description: Create anonymous account if account with ID cannot be found. Default is `false` required: false style: form explode: false schema: type: boolean requestBody: description: Account system configs (will be merged with existing configs) content: application/json: schema: type: object required: true responses: "200": description: Success content: text/plain: schema: type: string example: Success "400": description: Bad request "401": description: Unauthorized "500": description: Internal error /admin/application/accounts/{id}/verified: put: tags: - Admin summary: Update account verified flag description: | Update the verified flag associated with the specified user's account **Auth:** Requires admin access token with `update_account-verified` permission security: - bearerAuth: [] parameters: - name: id in: path description: The account ID required: true style: simple explode: false schema: type: string requestBody: description: Verified content: application/json: schema: $ref: '#/components/schemas/_admin_req_verified' required: true responses: "200": description: Success content: text/plain: schema: type: string example: Success "400": description: Bad request "401": description: Unauthorized "500": description: Internal error /admin/application/configs: get: tags: - Admin summary: Reads app configs description: | If version is provided, the app config for the highest version that is equal to or less than this value will be returned as the only item in the list. Otherwise it will return a list of all app config versions for the given app_type_id. If org_id is provided, the configs for that organization will be returned, otherwise the default configs will be returned. **Auth:** Requires admin access token with `get_app-configs`, `update_app-configs`, `delete_app-configs`, or `all_app-configs` permission security: - bearerAuth: [] parameters: - name: app_type_id in: query required: true style: form explode: false schema: type: string - name: org_id in: query style: form explode: false schema: type: string - name: version in: query style: form explode: false schema: type: string responses: "200": description: successfully read app configuration content: application/json: schema: type: array items: $ref: '#/components/schemas/ApplicationConfig' "400": description: Bad request. "401": description: Unauthorized "500": description: Internal error post: tags: - Admin summary: Creates app configs description: | Creates a new app config **Auth:** Requires admin access token with `update_app-configs` or `all_app-configs` permission security: - bearerAuth: [] requestBody: description: New app configs content: application/json: schema: $ref: '#/components/schemas/ApplicationConfig' example: version: 1.0.1 app_type_id: 7e037f2d-b423-4b4d-a1bc-18507f81c6d1 org_id: 0a2eff20-e2cd-11eb-af68-60f81db5ecc0 data: {} required: true responses: "200": description: Success content: text/plain: schema: type: string example: Success "400": description: Bad request "401": description: Unauthorized "500": description: Internal error /admin/application/configs/{id}: get: tags: - Admin summary: Reads app configs by ID description: | Get app configs for the provided ID **Auth:** Requires admin access token with `get_app-configs`, `update_app-configs`, `delete_app-configs`, or `all_app-configs` permission security: - bearerAuth: [] parameters: - name: id in: path description: app config id to read required: true style: simple explode: false schema: type: string responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/ApplicationConfig' "400": description: Bad request. "401": description: Unauthorized "500": description: Internal error put: tags: - Admin summary: Updates app config by ID description: | Updates app config with the provided ID **Auth:** Requires admin access token with `update_app-configs` or `all_app-configs` permission security: - bearerAuth: [] parameters: - name: id in: path required: true style: simple explode: false schema: type: string requestBody: description: updated app config content: application/json: schema: $ref: '#/components/schemas/ApplicationConfig' example: version: 1.0.1 app_type_id: 7e037f2d-b423-4b4d-a1bc-18507f81c6d1 org_id: 0a2eff20-e2cd-11eb-af68-60f81db5ecc0 data: url: rokmetro.dev required: true responses: "200": description: Success content: text/plain: schema: type: string example: Success "400": description: Bad request "401": description: Unauthorized "500": description: Internal error delete: tags: - Admin summary: Deletes app config by ID description: | Deletes app config with the provided ID **Auth:** Requires admin access token with `delete_app-configs` or `all_app-configs` permission security: - bearerAuth: [] parameters: - name: id in: path required: true style: simple explode: false schema: type: string responses: "200": description: Success "400": description: Bad request "401": description: Unauthorized "500": description: Internal error /admin/application/filter/accounts: post: tags: - Admin summary: Finds user accounts matching provided filter description: | **Auth:** Requires admin access token with `get_filter-accounts` permission security: - bearerAuth: [] parameters: - name: limit in: query description: The maximum number of accounts to return required: false style: form explode: false schema: type: integer - name: offset in: query description: The index of the first account to return required: false style: form explode: false schema: type: integer requestBody: content: application/json: schema: type: object examples: single_value: summary: Multiple single-value search parameters value: profile.first_name: Example preferences.privacy_level: 4 external_ids.uin: - "123456789" - "12312434" multiple_value: summary: Some single-value, some multi-value search parameters value: profile.first_name: Example preferences.privacy_level: - 3 - 4 - 5 external_ids.uin: - "123456789" - "12312434" required: true responses: "200": description: Success content: application/json: schema: type: array items: type: object "400": description: Bad request "401": description: Unauthorized "403": description: Forbidden "500": description: Internal error /admin/application/filter/accounts/count: post: tags: - Admin summary: Finds the count of user accounts matching filter description: | **Auth:** Requires service access token with `get_filter-accounts-count` permission security: - bearerAuth: [] requestBody: description: | Service account credentials content: application/json: schema: type: object examples: single_value: summary: Multiple single-value search parameters value: profile.first_name: Example preferences.privacy_level: 4 external_ids.uin: - "123456789" - "12312434" multiple_value: summary: Some single-value, some multi-value search parameters value: profile.first_name: Example preferences.privacy_level: - 3 - 4 - 5 external_ids.uin: - "123456789" - "12312434" required: true responses: "200": description: Success content: application/json: schema: type: integer "400": description: Bad request "401": description: Unauthorized "403": description: Forbidden "500": description: Internal error /admin/application/login-sessions: get: tags: - Admin summary: Get application sessions description: | Get application sessions **Auth:** Requires admin access token with `get_login-sessions`, `update_login-sessions`, `delete_login-sessions`, or `all_login-sessions` permission security: - bearerAuth: [] parameters: - name: identifier in: query description: identifier required: false style: form explode: false schema: type: string - name: account-auth-type-identifier in: query description: account auth type identifier required: false style: form explode: false schema: type: string - name: app-type-id in: query description: app type id required: false style: form explode: false schema: type: string - name: app-type-identifier in: query description: app type identifier required: false style: form explode: false schema: type: string - name: anonymous in: query description: anonymous required: false style: form explode: false schema: type: boolean - name: device-id in: query description: device id required: false style: form explode: false schema: type: string - name: ip-address in: query description: ip address required: false style: form explode: false schema: type: string responses: "200": description: Success content: application/json: schema: type: array items: $ref: '#/components/schemas/LoginSession' "400": description: Bad request "401": description: Unauthorized "500": description: Internal error /admin/application/groups: get: tags: - Admin summary: Get application groups description: "Gets application groups\n \n**Auth:** Requires admin access token with at least one of the following permissions:\n- `get_auth-groups`\n- `update_auth-groups`\n- `delete_auth-groups`\n- `all_auth-groups`\n- `update_account-auth-groups`\n- `create_accounts`\n- `update_accounts`\n- `all_accounts`\n" security: - bearerAuth: [] responses: "200": description: Successful operation content: application/json: schema: type: array items: $ref: '#/components/schemas/AppOrgGroup' "400": description: Bad request "401": description: Unauthorized "500": description: Internal error post: tags: - Admin summary: Create application group description: | Create application group **Auth:** Requires admin access token with `update_auth-groups` or `all_auth-groups` permission - bearerAuth: [] security: - bearerAuth: [] requestBody: description: Application group content: application/json: schema: $ref: '#/components/schemas/_admin_req_application_group' required: true responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/AppOrgGroup' "400": description: Bad request "401": description: Unauthorized "500": description: Internal error /admin/application/groups/{id}: put: tags: - Admin summary: Update application group description: | Updates an existing application group **Auth:** Requires admin access token with `update_auth-groups` or `all_auth-groups` permission security: - bearerAuth: [] parameters: - name: id in: path description: The group ID required: true schema: type: string requestBody: description: Application group content: application/json: schema: $ref: '#/components/schemas/_admin_req_application_group' required: true responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/AppOrgGroup' "400": description: Bad request "401": description: Unauthorized "500": description: Internal error delete: tags: - Admin summary: Delete application group description: | Deletes an existing application group **Auth:** Requires admin access token with `delete_auth-groups` or `all_auth-groups` permission security: - bearerAuth: [] parameters: - name: id in: path description: The group ID required: true schema: type: string responses: "200": description: Success "400": description: Bad request "401": description: Unauthorized "500": description: Internal error /admin/application/groups/{id}/accounts: put: tags: - Admin summary: Add accounts to a group description: "Add accounts \n\n**Auth:** Requires admin access token with `update_account-auth-groups`, `update_accounts`, or `all_accounts` permission\n" security: - bearerAuth: [] parameters: - name: id in: path description: The group ID required: true style: simple explode: false schema: type: string requestBody: description: Roles content: application/json: schema: $ref: '#/components/schemas/_admin_req_add-accounts-to-group' required: true responses: "200": description: Success content: text/plain: schema: type: string example: Success "400": description: Bad request "401": description: Unauthorized "500": description: Internal error delete: tags: - Admin summary: Delete accounts from group description: | Deletes an existing accounts from group **Auth:** Requires admin access token with `update_account-auth-groups`, `update_accounts`, or `all_accounts` permission security: - bearerAuth: [] parameters: - name: id in: path description: The group ID required: true style: simple explode: false schema: type: string requestBody: description: account ID for removing content: application/json: schema: $ref: '#/components/schemas/_admin_req_remove-account-from-group' responses: "200": description: Success content: text/plain: schema: type: string example: Success "400": description: Bad request "401": description: Unauthorized "500": description: Internal error /admin/application/permissions: get: tags: - Admin summary: Get application permissions description: | Get application permissions **Auth:** Requires admin access token with at least one of the following permissions: - `get_permissions` - `update_account-permissions` - `create_accounts` - `update_accounts` - `all_accounts` security: - bearerAuth: [] responses: "200": description: Success content: application/json: schema: type: array items: $ref: '#/components/schemas/Permission' "400": description: Bad request "401": description: Unauthorized "500": description: Internal error /admin/application/roles: get: tags: - Admin summary: Get application roles description: "Gets application roles\n\n**Auth:** Requires admin access token with at least one of the following permissions: \n- `get_auth-roles`\n- `update_auth-roles`\n- `delete_auth-roles`\n- `all_auth-roles`\n- `update_account-auth-roles`\n- `create_accounts`\n- `update_accounts`\n- `all_accounts`\n" security: - bearerAuth: [] responses: "200": description: Successful operation content: application/json: schema: type: array items: $ref: '#/components/schemas/AppOrgRole' "400": description: Bad request "401": description: Unauthorized "500": description: Internal error post: tags: - Admin summary: Create application role description: | Creates application role **Auth:** Requires admin access token with `update_auth-roles` or `all_auth-roles` permission security: - bearerAuth: [] requestBody: description: Application role content: application/json: schema: $ref: '#/components/schemas/_admin_req_application_role' required: true responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/AppOrgRole' "400": description: Bad request "401": description: Unauthorized "500": description: Internal error /admin/application/roles/{id}: put: tags: - Admin summary: Update application role description: | Update application role **Auth:** Requires admin access token with `update_auth-roles` or `all_auth-roles` permission security: - bearerAuth: [] parameters: - name: id in: path description: The role ID required: true schema: type: string requestBody: description: Application role content: application/json: schema: $ref: '#/components/schemas/_admin_req_application_role' required: true responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/AppOrgRole' "400": description: Bad request "401": description: Unauthorized "500": description: Internal error delete: tags: - Admin summary: Delete application role description: | Delete application role **Auth:** Requires admin access token with `delete_auth-roles` or `all_auth-roles` permission security: - bearerAuth: [] parameters: - name: id in: path description: The role ID required: true schema: type: string responses: "200": description: Success "400": description: Bad request "401": description: Unauthorized "500": description: Internal error /admin/application/roles/{id}/permissions: put: tags: - Admin summary: Grant permissions to role description: | Grant permissions to role **Auth:** Requires admin access token with `update_auth-roles` or `all_auth-roles` permission security: - bearerAuth: [] parameters: - name: id in: path description: The role ID required: true schema: type: string requestBody: description: Permissions content: application/json: schema: $ref: '#/components/schemas/_admin_req_grant-permissions-to-role' required: true responses: "200": description: Success content: text/plain: schema: type: string example: Success "400": description: Bad request "401": description: Unauthorized "500": description: Internal error /admin/organization/applications: get: tags: - Admin summary: Get applications for an organization description: | Gets applications for an organization **Auth:** Requires admin access token security: - bearerAuth: [] responses: "200": description: Successful operation content: application/json: schema: type: array items: $ref: '#/components/schemas/Application' "400": description: Bad request "401": description: Unauthorized "500": description: Internal error /admin/configs: get: tags: - Admin summary: Get configs description: | Get existing configs by search parameters **Auth:** Requires admin access token with `get_configs_core`, `update_configs_core`, `delete_configs_core`, or `all_configs_core` permission: security: - bearerAuth: [] parameters: - name: type in: query description: config type required: false style: form explode: false schema: type: string responses: "200": description: Success content: application/json: schema: type: array items: $ref: '#/components/schemas/Config' "400": description: Bad request "401": description: Unauthorized "500": description: Internal error post: tags: - Admin summary: Create config description: | Creates a new config **Auth:** Requires admin access token with `update_configs_core` or `all_configs_core` permission security: - bearerAuth: [] requestBody: content: application/json: schema: $ref: '#/components/schemas/_admin_req_create-update-config' examples: system: summary: System-wide config value: type: config_type all_apps: true all_orgs: true system: true data: cors_allowed_origins: - origin1 - origin2 org_admin: summary: Organization-wide config value: type: config_type all_apps: true all_orgs: false system: false data: cors_allowed_origins: - origin1 - origin2 app_org_specific: summary: Application organization specific config value: type: config_type all_apps: false all_orgs: false system: false data: cors_allowed_origins: - origin1 - origin2 required: true responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/Config' "400": description: Bad request "401": description: Unauthorized "500": description: Internal error /admin/configs/{id}: get: tags: - Admin summary: Get config description: | Get an existing config **Auth:** Requires admin access token with `get_configs_core`, `update_configs_core`, `delete_configs_core`, or `all_configs_core` permission security: - bearerAuth: [] parameters: - name: id in: path description: ID of config to retrieve required: true style: simple explode: false schema: type: string responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/Config' "400": description: Bad request "401": description: Unauthorized "500": description: Internal error put: tags: - Admin summary: Update config description: | Updates an existing config **Auth:** Requires admin access token with `update_configs_core` or `all_configs_core` permission security: - bearerAuth: [] parameters: - name: id in: path description: ID of config to update required: true style: simple explode: false schema: type: string requestBody: description: New config content content: application/json: schema: $ref: '#/components/schemas/_admin_req_create-update-config' examples: system: summary: System-wide config value: type: config_type all_apps: true all_orgs: true system: true data: cors_allowed_origins: - origin1 - origin2 org_admin: summary: Organization-wide config value: type: config_type all_apps: true all_orgs: false system: false data: cors_allowed_origins: - origin1 - origin2 app_org_specific: summary: Application organization specific config value: type: config_type all_apps: false all_orgs: false system: false data: cors_allowed_origins: - origin1 - origin2 required: true responses: "200": description: Success content: text/plain: schema: type: string example: Success "400": description: Bad request "401": description: Unauthorized "500": description: Internal error delete: tags: - Admin summary: Delete config description: | Deletes a config **Auth:** Requires admin access token with `delete_configs_core` or `all_configs_core` permission security: - bearerAuth: [] parameters: - name: id in: path description: ID of config to delete required: true style: simple explode: false schema: type: string responses: "200": description: Success content: text/plain: schema: type: string example: Success "400": description: Bad request "401": description: Unauthorized "500": description: Internal error /enc/test: get: tags: - Enc summary: Test API.. responses: "200": description: Success content: text/plain: schema: type: string example: Echooo /bbs/test: get: tags: - BBs summary: Test API.. responses: "200": description: Success content: text/plain: schema: type: string example: Echooo /bbs/service-regs: get: tags: - BBs summary: Get service registrations description: | Returns service registration records parameters: - name: ids in: query description: A comma-separated list of service IDs to return registrations for required: true style: form explode: false schema: type: string responses: "200": description: Success content: application/json: schema: type: array items: $ref: '#/components/schemas/AuthServiceReg' "400": description: Bad request "401": description: Unauthorized "500": description: Internal error /bbs/service-account/{id}: post: tags: - BBs summary: Get service account params description: | Returns service account parameters parameters: - name: id in: path description: ID of the service account required: true style: simple explode: false schema: type: string requestBody: description: | Service account credentials content: application/json: schema: $ref: '#/components/schemas/_services_req_service-accounts_params' examples: static_token: summary: Static token value: auth_type: static_token creds: token: account_token signature: summary: Signature value: auth_type: signature required: true responses: "200": description: Success content: application/json: schema: type: array items: $ref: '#/components/schemas/AppOrgPair' "400": description: Bad request "401": description: Unauthorized "500": description: Internal error /bbs/access-token: post: tags: - BBs summary: Get service account access token description: | Returns a new service account access token requestBody: description: | Service account credentials content: application/json: schema: $ref: '#/components/schemas/_services_req_service-accounts_access-token' examples: static_token: summary: Static token value: account_id: service_account_id app_id: "9766" org_id: 0a2eff20-e2cd-11eb-af68-60f81db5ecc0 auth_type: static_token creds: token: account_token signature: summary: Signature value: account_id: service_account_id app_id: "9766" org_id: 0a2eff20-e2cd-11eb-af68-60f81db5ecc0 auth_type: signature required: true responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/_shared_res_RokwireToken' "400": description: Bad request "401": description: Unauthorized "500": description: Internal error /bbs/access-tokens: post: tags: - BBs summary: Get all service account access tokens description: | Returns a new service account access token for all authorized app org pairs requestBody: description: | Service account credentials content: application/json: schema: $ref: '#/components/schemas/_services_req_service-accounts_access-tokens' examples: static_token: summary: Static token value: account_id: service_account_id auth_type: static_token creds: token: account_token signature: summary: Signature value: account_id: service_account_id auth_type: signature required: true responses: "200": description: Success content: application/json: schema: type: array items: $ref: '#/components/schemas/_services_res_service-accounts_access-tokens' "400": description: Bad request "401": description: Unauthorized "500": description: Internal error /bbs/deleted-memberships: get: tags: - BBs summary: Get deleted accounts description: | Returns a list of deleted account IDs **Auth:** Requires auth token with permission to get deleted accounts security: - bearerAuth: [] parameters: - name: service_id in: query description: The ID of the service making the request required: true style: form explode: false schema: type: string - name: start_time in: query description: The start time for filtering results, specified as a Unix timestamp in seconds required: false style: form explode: false schema: type: integer format: int64 responses: "200": description: Success content: application/json: schema: type: array items: $ref: '#/components/schemas/DeletedAppOrgMembership' "400": description: Bad request "401": description: Unauthorized "500": description: Internal error /bbs/accounts: post: tags: - BBs summary: Finds user accounts description: | Finds accounts for the given app_id and org_id (query or token) **Auth:** Requires service access token with `get_accounts` or `all_accounts` permission security: - bearerAuth: [] parameters: - name: app_id in: query description: The application ID to use to filter accounts required: false style: form explode: false schema: type: string - name: org_id in: query description: The organization ID to use to filter accounts required: false style: form explode: false schema: type: string - name: limit in: query description: The maximum number of accounts to return required: false style: form explode: false schema: type: integer - name: offset in: query description: The index of the first account to return required: false style: form explode: false schema: type: integer requestBody: description: | Service account credentials content: application/json: schema: type: object examples: single_value: summary: Multiple single-value search parameters value: profile.first_name: Example preferences.privacy_level: 4 external_ids.uin: "123456789" multiple_value: summary: Some single-value, some multi-value search parameters value: profile.first_name: Example preferences.privacy_level: - 3 - 4 - 5 external_ids.uin: "123456789" required: true responses: "200": description: Success content: application/json: schema: type: array items: type: object "400": description: Bad request "401": description: Unauthorized "403": description: Forbidden "500": description: Internal error /bbs/accounts/count: post: tags: - BBs summary: Finds the count of user accounts description: | Finds the count of accounts for the given app_id and org_id (query or token) **Auth:** Requires service access token with `get_accounts_count` or `get_accounts_count_limited` permission security: - bearerAuth: [] parameters: - name: app_id in: query description: The application ID to use to filter accounts required: false style: form explode: false schema: type: string - name: org_id in: query description: The organization ID to use to filter accounts required: false style: form explode: false schema: type: string requestBody: description: | Service account credentials content: application/json: schema: type: object examples: single_value: summary: Multiple single-value search parameters value: profile.first_name: Example preferences.privacy_level: 4 external_ids.uin: "123456789" multiple_value: summary: Some single-value, some multi-value search parameters value: profile.first_name: Example preferences.privacy_level: - 3 - 4 - 5 external_ids.uin: "123456789" required: true responses: "200": description: Success content: application/json: schema: type: integer "400": description: Bad request "401": description: Unauthorized "403": description: Forbidden "500": description: Internal error /bbs/accounts/ferpa: get: tags: - BBs summary: Get the account ids with FERPA filed true description: | Get the account ids with FERPA filed true security: - bearerAuth: [] parameters: - name: ids in: query description: A comma-separated list of ids required: false style: form explode: false schema: type: string responses: "200": description: Success content: application/json: schema: type: array items: type: string "400": description: Bad request "401": description: Unauthorized "500": description: Internal error /tps/service-regs: get: tags: - Third-Party Services summary: Get service registrations description: | Returns service registration records parameters: - name: ids in: query description: A comma-separated list of service IDs to return registrations for required: true style: form explode: false schema: type: string responses: "200": description: Success content: application/json: schema: type: array items: $ref: '#/components/schemas/AuthServiceReg' "400": description: Bad request "401": description: Unauthorized "500": description: Internal error /tps/auth-keys: get: tags: - Third-Party Services summary: Get auth public key description: | Returns auth public key in JWKS format responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/JWKS' "400": description: Bad request "401": description: Unauthorized "500": description: Internal error /tps/service-account/{id}: post: tags: - Third-Party Services summary: Get service account params description: | Returns service account parameters parameters: - name: id in: path description: ID of the service account required: true style: simple explode: false schema: type: string requestBody: description: | Service account credentials content: application/json: schema: $ref: '#/components/schemas/_services_req_service-accounts_params' examples: static_token: summary: Static token value: auth_type: static_token creds: token: account_token signature: summary: Signature value: auth_type: signature required: true responses: "200": description: Success content: application/json: schema: type: array items: $ref: '#/components/schemas/AppOrgPair' "400": description: Bad request "401": description: Unauthorized "500": description: Internal error /tps/access-token: post: tags: - Third-Party Services summary: Get service account access token description: | Returns a new service account access token requestBody: description: | Service account credentials content: application/json: schema: $ref: '#/components/schemas/_services_req_service-accounts_access-token' examples: static_token: summary: Static token value: account_id: service_account_id app_id: "9766" org_id: 0a2eff20-e2cd-11eb-af68-60f81db5ecc0 auth_type: static_token creds: token: account_token signature: summary: Signature value: account_id: service_account_id app_id: "9766" org_id: 0a2eff20-e2cd-11eb-af68-60f81db5ecc0 auth_type: signature required: true responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/_shared_res_RokwireToken' "400": description: Bad request "401": description: Unauthorized "500": description: Internal error /tps/access-tokens: post: tags: - Third-Party Services summary: Get all service account access tokens description: | Returns a new service account access token for all authorized app org pairs requestBody: description: | Service account credentials content: application/json: schema: $ref: '#/components/schemas/_services_req_service-accounts_access-tokens' examples: static_token: summary: Static token value: account_id: service_account_id auth_type: static_token creds: token: account_token signature: summary: Signature value: account_id: service_account_id auth_type: signature required: true responses: "200": description: Success content: application/json: schema: type: array items: $ref: '#/components/schemas/_services_res_service-accounts_access-tokens' "400": description: Bad request "401": description: Unauthorized "500": description: Internal error /tps/accounts: post: tags: - Third-Party Services summary: Finds user accounts description: | Finds accounts for the given app_id and org_id (query or token) **Auth:** Requires service access token with `get_accounts` or `all_accounts` permission security: - bearerAuth: [] parameters: - name: app_id in: query description: The application ID to use to filter accounts required: false style: form explode: false schema: type: string - name: org_id in: query description: The organization ID to use to filter accounts required: false style: form explode: false schema: type: string - name: limit in: query description: The maximum number of accounts to return required: false style: form explode: false schema: type: integer - name: offset in: query description: The index of the first account to return required: false style: form explode: false schema: type: integer requestBody: description: | Service account credentials content: application/json: schema: type: object examples: single_value: summary: Multiple single-value search parameters value: profile.first_name: Example preferences.privacy_level: 4 external_ids.uin: "123456789" multiple_value: summary: Some single-value, some multi-value search parameters value: profile.first_name: Example preferences.privacy_level: - 3 - 4 - 5 external_ids.uin: "123456789" required: true responses: "200": description: Success content: application/json: schema: type: array items: type: object "400": description: Bad request "401": description: Unauthorized "403": description: Forbidden "500": description: Internal error /tps/accounts/count: post: tags: - Third-Party Services summary: Finds the count of user accounts description: | Finds the count of accounts for the given app_id and org_id (query or token) **Auth:** Requires service access token with `get_accounts_count` or `get_accounts_count_limited` permission security: - bearerAuth: [] parameters: - name: app_id in: query description: The application ID to use to filter accounts required: false style: form explode: false schema: type: string - name: org_id in: query description: The organization ID to use to filter accounts required: false style: form explode: false schema: type: string requestBody: description: | Service account credentials content: application/json: schema: type: object examples: single_value: summary: Multiple single-value search parameters value: profile.first_name: Example preferences.privacy_level: 4 external_ids.uin: "123456789" multiple_value: summary: Some single-value, some multi-value search parameters value: profile.first_name: Example preferences.privacy_level: - 3 - 4 - 5 external_ids.uin: "123456789" required: true responses: "200": description: Success content: application/json: schema: type: integer "400": description: Bad request "401": description: Unauthorized "403": description: Forbidden "500": description: Internal error /system/auth/app-org-token: get: tags: - System summary: App org token description: | Retrieve a system token for the specified application and organization **Auth:** Requires system access token security: - bearerAuth: [] parameters: - name: app_id in: query description: The application ID of the token to return required: true style: form explode: false schema: type: string - name: org_id in: query description: The organization ID of the token to return required: true style: form explode: false schema: type: string responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/AdminToken' "400": description: Bad request "401": description: Unauthorized "500": description: Internal error /system/organizations/{id}: get: tags: - System summary: Get organization by ID description: | Gets organization by ID **Auth:** Requires system access token with `get_organizations`, `update_organizations`, or `all_organizations` permission security: - bearerAuth: [] parameters: - name: id in: path description: ID of the organization required: true style: simple explode: false schema: type: string responses: "200": description: successful operation content: application/json: schema: $ref: '#/components/schemas/Organization' "400": description: Bad request "401": description: Unauthorized "404": description: Not Found "500": description: Internal error put: tags: - System summary: Update organization by ID description: | Updates organization by ID **Auth:** Requires system access token with `update_organizations` or `all_organizations` permission security: - bearerAuth: [] parameters: - name: id in: path description: ID of the organization that needs to be updated required: true style: simple explode: false schema: type: string requestBody: description: update one organization content: application/json: schema: $ref: '#/components/schemas/Organization' required: true responses: "200": description: Success content: text/plain: schema: type: string example: Success "400": description: Bad request "401": description: Unauthorized "500": description: Internal error /system/organizations: get: tags: - System summary: Get organizations description: | Gets organizations **Auth:** Requires system access token with `get_organizations`, `update_organizations`, or `all_organizations` permission security: - bearerAuth: [] responses: "200": description: Successful operation content: application/json: schema: type: array items: $ref: '#/components/schemas/Organization' "400": description: Bad request "401": description: Unauthorized "500": description: Internal error post: tags: - System summary: Create organization description: | Creates organization **Auth:** Requires system access token with `update_organizations` or `all_organizations` permission security: - bearerAuth: [] requestBody: description: creates one organization content: application/json: schema: $ref: '#/components/schemas/Organization' required: true responses: "200": description: Success content: text/plain: schema: type: string example: Success "400": description: Bad request "401": description: Unauthorized "500": description: Internal error /system/service-regs: get: tags: - System summary: Get service registrations description: | Returns service registration records **Auth:** Requires system access token with `get_service-regs`, `update_service-regs`, `delete_service-regs`, or `all_service-regs` permission security: - bearerAuth: [] parameters: - name: ids in: query description: A comma-separated list of service IDs to return registrations for required: true style: form explode: false schema: type: string responses: "200": description: Success content: application/json: schema: type: array items: $ref: '#/components/schemas/ServiceReg' "400": description: Bad request "401": description: Unauthorized "500": description: Internal error post: tags: - System summary: Register service description: "Creates a new service registration\n\nThe \"service_id\" of the registration must not match an existing registration \n\n**Auth:** Requires system access token with `update_service-regs` or `all_service-regs` permission\n" security: - bearerAuth: [] requestBody: description: service registration record to be added content: application/json: schema: $ref: '#/components/schemas/ServiceReg' required: true responses: "200": description: Success content: text/plain: schema: type: string example: Success "400": description: Bad request "401": description: Unauthorized "500": description: Internal error put: tags: - System summary: Update service registration description: | Update an existing service registration The "service_id" of the registration must match an existing registration **Auth:** Requires system access token with `update_service-regs` or `all_service-regs` permission security: - bearerAuth: [] requestBody: description: Service registration record update to be applied content: application/json: schema: $ref: '#/components/schemas/ServiceReg' required: true responses: "200": description: Success content: text/plain: schema: type: string example: Success "400": description: Bad request "401": description: Unauthorized "500": description: Internal error delete: tags: - System summary: Deregister service description: | Deletes an existing service registration record **Auth:** Requires system access token with `delete_service-regs` or `all_service-regs` permission security: - bearerAuth: [] parameters: - name: id in: query description: The service ID of the registration to delete required: true style: form explode: false schema: type: string responses: "200": description: Success content: text/plain: schema: type: string example: Success "400": description: Bad request "401": description: Unauthorized "500": description: Internal error /system/service-accounts/{id}: get: tags: - System summary: Get service account instance description: | Get service account instance by account ID, app ID, and org ID **Auth:** Requires system access token with `get_service-accounts`, `update_service-accounts`, `delete_service-accounts`, or `all_service-accounts` permission security: - bearerAuth: [] parameters: - name: id in: path description: ID of the service account required: true style: simple explode: false schema: type: string - name: app_id in: query description: Application ID of the service account instance required: true style: form explode: false schema: type: string - name: org_id in: query description: Organization ID of the service account instance required: true style: form explode: false schema: type: string responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/ServiceAccount' "400": description: Bad request "401": description: Unauthorized "500": description: Internal error put: tags: - System summary: Update service account instance description: | Updates a service account instance **Auth:** Requires system access token with `update_service-accounts` or `all_service-accounts` permission security: - bearerAuth: [] parameters: - name: id in: path description: ID of the service account instance required: true style: simple explode: false schema: type: string - name: app_id in: query description: Application ID of the service account instance required: true style: form explode: false schema: type: string - name: org_id in: query description: Organization ID of the service account instance required: true style: form explode: false schema: type: string requestBody: description: | Service account content: application/json: schema: $ref: '#/components/schemas/_system_req_update_service-account' examples: update_account: summary: Update service account value: name: updated_name permissions: - permission1 - new_permission1 scopes: - core:resource.value:get - core:resource.value2.get required: true responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/ServiceAccount' "400": description: Bad request "401": description: Unauthorized "500": description: Internal error delete: tags: - System summary: Deregister service account instance description: | Removes a service account instance **Auth:** Requires system access token with `delete_service-accounts` or `all_service-accounts` permission security: - bearerAuth: [] parameters: - name: id in: path description: ID of the service account instance to delete required: true style: simple explode: false schema: type: string - name: app_id in: query description: Application ID of the service account instance required: true style: form explode: false schema: type: string - name: org_id in: query description: Organization ID of the service account instance required: true style: form explode: false schema: type: string responses: "200": description: Success "400": description: Bad request "401": description: Unauthorized "500": description: Internal error /system/service-accounts: get: tags: - System summary: Get service accounts description: | Get list of all service accounts matching a search **Auth:** Requires system access token with `get_service-accounts`, `update_service-accounts`, `delete_service-accounts`, or `all_service-accounts` permission security: - bearerAuth: [] parameters: - name: account_id in: query description: Service account ID to search for required: false style: form explode: false schema: type: string - name: name in: query description: Service account name to search for required: false style: form explode: false schema: type: string - name: app_id in: query description: Service account app ID to search for required: false style: form explode: false schema: type: string - name: org_id in: query description: Service account org ID to search for required: false style: form explode: false schema: type: string - name: permissions in: query description: A comma-separated list of service account permissions to search for required: false style: form explode: false schema: type: string - name: scopes in: query description: A comma-separated list of service account scopes to search for required: false style: form explode: false schema: type: string responses: "200": description: Success content: application/json: schema: type: array items: $ref: '#/components/schemas/ServiceAccount' "400": description: Bad request "401": description: Unauthorized "500": description: Internal error post: tags: - System summary: Register service account description: | Creates a new service account **Auth:** Requires system access token with `update_service-accounts` or `all_service-accounts` permission security: - bearerAuth: [] parameters: - name: app_id in: query description: Service account app ID to copy from required: false style: form explode: false schema: type: string - name: org_id in: query description: Service account org ID to copy from required: false style: form explode: false schema: type: string requestBody: description: | Service account content: application/json: schema: $ref: '#/components/schemas/ServiceAccount' examples: initial_creds: summary: Register new account with initial credentials value: name: test_account app_id: "9766" org_id: 0a2eff20-e2cd-11eb-af68-60f81db5ecc0 permissions: - permission1 - permission2 scopes: - core:resource.value:get - core:resource.value2.get first_party: true creds: - name: initial_token type: static_token - name: initial_signature type: signature params: key_pem: public_key_pem no_initial_creds: summary: Register new account without initial credentials value: name: test_account app_id: "9766" org_id: 0a2eff20-e2cd-11eb-af68-60f81db5ecc0 permissions: - permission1 - permission2 scopes: - core:resource.value:get - core:resource.value2.get first_party: true copy_from: summary: Register new account instance by copying from existing account instance value: account_id: 12345678-e2cd-11eb-af68-60f81db5ecc0 app_id: "9766" org_id: 0a2eff20-e2cd-11eb-af68-60f81db5ecc0 permissions: - permission1 - permission2 scopes: - core:resource.value:get - core:resource.value2.get required: true responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/ServiceAccount' "400": description: Bad request "401": description: Unauthorized "500": description: Internal error delete: tags: - System summary: Delete service accounts description: | Delete service accounts matching an account ID **Auth:** Requires system access token with `delete_service-accounts` or `all_service-accounts` permission security: - bearerAuth: [] parameters: - name: account_id in: query description: Service account ID to delete required: true style: form explode: false schema: type: string responses: "200": description: Success "400": description: Bad request "401": description: Unauthorized "500": description: Internal error /system/service-accounts/{id}/creds: post: tags: - System summary: Add service account credential description: | Adds a new credential to an existing service account **Auth:** Requires system access token with `update_service-accounts` or `all_service-accounts` permission security: - bearerAuth: [] parameters: - name: id in: path description: ID of the service account to add new credential required: true style: simple explode: false schema: type: string requestBody: description: | Service account credentials content: application/json: schema: $ref: '#/components/schemas/ServiceAccountCredential' examples: static_token: summary: Add static token credential value: name: token_cred type: static_token signature: summary: Add signature credential value: name: signature_cred type: signature params: key_pem: public_key_pem alg: PS256 required: true responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/ServiceAccountCredential' "400": description: Bad request "401": description: Unauthorized "500": description: Internal error delete: tags: - System summary: Remove service account credential description: | Removes a credential from an existing service account **Auth:** Requires system access token with `delete_service-accounts` or `all_service-accounts` permission security: - bearerAuth: [] parameters: - name: id in: path description: ID of the service account to remove credential required: true style: simple explode: false schema: type: string - name: cred_id in: query description: id of the credential to be removed required: true style: form explode: false schema: type: string responses: "200": description: Success "400": description: Bad request "401": description: Unauthorized "500": description: Internal error /system/applications/{id}: get: tags: - System summary: Get application by ID description: | Gets application by provided ID **Auth:** Requires system access token with `get_applications` or `all_applications` permission security: - bearerAuth: [] parameters: - name: id in: path description: ID of the application required: true style: simple explode: false schema: type: string responses: "200": description: successful operation content: application/json: schema: $ref: '#/components/schemas/Application' "400": description: Bad request "401": description: Unauthorized "404": description: Not Found "500": description: Internal error put: tags: - System summary: Update application by ID description: | Updates application by provided ID **Auth:** Requires system access token with `update_applications` or `all_applications` permission security: - bearerAuth: [] parameters: - name: id in: path description: ID of the application required: true style: simple explode: false schema: type: string requestBody: description: updates one application content: application/json: schema: $ref: '#/components/schemas/Application' required: true responses: "200": description: successful operation content: text/plain: schema: type: string example: Success "400": description: Bad request "401": description: Unauthorized "404": description: Not Found "500": description: Internal error /system/applications: get: tags: - System summary: Get applications description: | Gets applications **Auth:** Requires system access token with `get_applications`, `udpate_applications`, or `all_applications` permission security: - bearerAuth: [] responses: "200": description: Successful operation content: application/json: schema: type: array items: $ref: '#/components/schemas/Application' "400": description: Bad request "401": description: Unauthorized "500": description: Internal error post: tags: - System summary: Create application description: | Creates application **Auth:** Requires system access token with `update_applications` or `all_applications` permission security: - bearerAuth: [] requestBody: description: creates one application content: application/json: schema: $ref: '#/components/schemas/Application' required: true responses: "200": description: Success content: text/plain: schema: type: string example: Success "400": description: Bad request "401": description: Unauthorized "500": description: Internal error /system/permissions: post: tags: - System summary: Create permission description: | Creates permission **Auth:** Requires system access token with `update_permissions` or `all_permissions` permission security: - bearerAuth: [] requestBody: description: Permission content: application/json: schema: $ref: '#/components/schemas/Permission' required: true responses: "200": description: Success content: text/plain: schema: type: string example: Success "400": description: Bad request "401": description: Unauthorized "500": description: Internal error put: tags: - System summary: Updates permission description: | Updates permission **Auth:** Requires system access token with `update_permissions` or `all_permissions` permission security: - bearerAuth: [] requestBody: description: Permission content: application/json: schema: $ref: '#/components/schemas/Permission' required: true responses: "200": description: Success content: text/plain: schema: type: string example: Success "400": description: Bad request "401": description: Unauthorized "500": description: Internal error /system/api-keys: get: tags: - System summary: Get API key description: | Returns API key records for given ID or app ID **Auth:** Requires system access token with `get_api-keys`, `update_api-keys`, `delete_api-keys`, or `all_api-keys` permission security: - bearerAuth: [] parameters: - name: id in: query description: The ID of the API key to return. Required if `app_id` is not provided. required: false style: form explode: false schema: type: string - name: app_id in: query description: The app ID of the API keys to return. Required if `id` is not provided. required: false style: form explode: false schema: type: string responses: "200": description: Success content: application/json: schema: type: array items: $ref: '#/components/schemas/APIKey' "400": description: Bad request "401": description: Unauthorized "500": description: Internal error post: tags: - System summary: Create API key description: | Creates a new API key record **Auth:** Requires system access token with `update_api-keys` or `all_api-keys` permission security: - bearerAuth: [] requestBody: description: API key record to be added content: application/json: schema: $ref: '#/components/schemas/APIKey' example: app_id: string key: string required: true responses: "200": description: Success content: text/plain: schema: type: string example: Success "400": description: Bad request "401": description: Unauthorized "500": description: Internal error put: tags: - System summary: Update API key description: | Update an existing API key record Must include the "id" field to identify which key is to be udpated **Auth:** Requires system access token with `update_api-keys` or `all_api-keys` permission security: - bearerAuth: [] requestBody: description: API key record update to be applied content: application/json: schema: $ref: '#/components/schemas/APIKey' required: true responses: "200": description: Success content: text/plain: schema: type: string example: Success "400": description: Bad request "401": description: Unauthorized "500": description: Internal error delete: tags: - System summary: Delete API key description: | Deletes an existing API key record **Auth:** Requires system access token with `delete_api-keys` or `all_api-keys` permission security: - bearerAuth: [] parameters: - name: id in: query description: The ID of the API key to delete required: true style: form explode: false schema: type: string responses: "200": description: Success content: text/plain: schema: type: string example: Success "400": description: Bad request "401": description: Unauthorized "500": description: Internal error /system/auth-types: get: tags: - System summary: Get auth types description: | Gets auth types **Auth:** Requires system access token with `get_auth-types`, `update_auth-types`, or `all_auth-types` permission security: - bearerAuth: [] responses: "200": description: Successful operation content: application/json: schema: type: array items: $ref: '#/components/schemas/AuthType' "400": description: Bad request "401": description: Unauthorized "500": description: Internal error post: tags: - System summary: Create auth type description: | Creates auth type **Auth:** Requires system access token with `update_auth-types` or `all_auth-types` permission security: - bearerAuth: [] requestBody: description: creates one auth-type content: application/json: schema: $ref: '#/components/schemas/AuthType' required: true responses: "200": description: Success content: text/plain: schema: type: string example: Success "400": description: Bad request "401": description: Unauthorized "500": description: Internal error /system/auth-types/{id}: put: tags: - System summary: Update auth type by ID description: | Updates auth type with the provided ID **Auth:** Requires system access token with `update_auth-types` or `all_auth-types` permission security: - bearerAuth: [] parameters: - name: id in: path description: ID of the auth type that needs to be updated required: true schema: type: string requestBody: description: update one auth type content: application/json: schema: $ref: '#/components/schemas/AuthType' required: true responses: "200": description: Success content: text/plain: schema: type: string items: $ref: '#/components/schemas/AuthType' "400": description: Bad request "401": description: Unauthorized "500": description: Internal error /system/app-orgs/{id}: get: tags: - System summary: Get app-org description: | Get app-org by ID **Auth:** Requires system access token with `get_app_orgs` or `all_app_orgs` permission security: - bearerAuth: [] parameters: - name: id in: path description: ID of the app-org to retrieve required: true style: simple explode: false schema: type: string responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/ApplicationOrganization' "400": description: Bad request "401": description: Unauthorized "500": description: Internal error put: tags: - System summary: Update app-org by ID description: | Updates app-org by ID **Auth:** Requires system access token with `update_app_orgs` or `all_app_orgs` permission security: - bearerAuth: [] parameters: - name: id in: path description: ID of the app-org that needs to be updated required: true style: simple explode: false schema: type: string requestBody: description: update one app-org content: application/json: schema: $ref: '#/components/schemas/ApplicationOrganization' required: true responses: "200": description: Success content: text/plain: schema: type: string example: Success "400": description: Bad request "401": description: Unauthorized "500": description: Internal error /system/app-orgs: get: tags: - System summary: Get app-orgs description: | Get all app-orgs matching query **Auth:** Requires system access token with `get_app_orgs` or `all_app_orgs` permission security: - bearerAuth: [] parameters: - name: app_id in: query description: Application ID to search for required: false style: form explode: false schema: type: string - name: org_id in: query description: Organization ID to search for required: false style: form explode: false schema: type: string responses: "200": description: Success content: application/json: schema: type: array items: $ref: '#/components/schemas/ApplicationOrganization' "400": description: Bad request "401": description: Unauthorized "500": description: Internal error post: tags: - System summary: Create app-org description: | Create app-org **Auth:** Requires system access token with `update_app_orgs` or `all_app_orgs` permission security: - bearerAuth: [] requestBody: description: New app-org content: application/json: schema: $ref: '#/components/schemas/ApplicationOrganization' required: true responses: "200": description: Success content: text/plain: schema: type: string example: Success "400": description: Bad request "401": description: Unauthorized "500": description: Internal error /ui/credential/reset: get: tags: - UI summary: Display HTML password reset page description: | Serves an HTML page with password reset form parameters: - name: id in: query description: Credential ID required: true style: form explode: false schema: type: string - name: code in: query description: Reset code required: true style: form explode: false schema: type: string responses: "200": description: Successful operation (HTML) "400": description: Bad request "401": description: Unauthorized "500": description: Internal error /ui/credential/verify: get: tags: - UI summary: Validate verification code description: | Validates verification code to verify account ownership and displays result in an HTML page parameters: - name: id in: query description: Credential ID required: true style: form explode: false schema: type: string - name: code in: query description: Verification code required: true style: form explode: false schema: type: string responses: "200": description: Successful operation (HTML page) "400": description: Bad request "401": description: Unauthorized "500": description: Internal error /version: get: summary: Get service version responses: "200": description: Success content: text/plain: schema: type: string example: v1.1.0 /.well-known/openid-configuration: get: summary: OpenID Connect Discovery responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/OIDCDiscovery' components: securitySchemes: bearerAuth: type: http scheme: bearer bearerFormat: JWT schemas: Config: required: - id - type - app_id - org_id - system - data - date_created - date_updated type: object properties: id: readOnly: true type: string type: type: string app_id: readOnly: true type: string org_id: readOnly: true type: string system: type: boolean data: anyOf: - $ref: '#/components/schemas/EnvConfigData' date_created: readOnly: true type: string date_updated: readOnly: true type: string nullable: true EnvConfigData: type: object properties: cors_allowed_origins: type: array items: type: string nullable: true cors_allowed_headers: type: array items: type: string nullable: true Application: required: - id - name - multi_tenant - admin - code type: object properties: id: readOnly: true type: string name: type: string multi_tenant: type: boolean admin: type: boolean code: type: string types: type: array items: $ref: '#/components/schemas/ApplicationType' ApplicationType: required: - id - identifier type: object properties: id: readOnly: true type: string identifier: type: string name: type: string versions: type: array items: type: string ApplicationOrganization: required: - id - app_id - org_id type: object nullable: true properties: id: readOnly: true type: string app_id: type: string org_id: type: string services_ids: type: array nullable: true items: type: string identity_provider_settings: type: array nullable: true items: $ref: '#/components/schemas/IdentityProviderSettings' supported_auth_types: type: array nullable: true items: $ref: '#/components/schemas/SupportedAuthTypes' logins_session_settings: $ref: '#/components/schemas/LoginSessionSettings' Permission: required: - id - name type: object properties: id: readOnly: true type: string name: type: string description: type: string service_id: type: string assigners: type: array items: type: string date_created: type: string date_updated: type: string AppOrgRole: required: - id - name type: object properties: id: type: string readOnly: true name: type: string description: type: string system: type: boolean date_created: type: string date_updated: type: string application: $ref: '#/components/schemas/Application' permissions: type: array items: $ref: '#/components/schemas/Permission' scopes: type: array items: type: string AppOrgGroup: required: - id - name type: object properties: id: type: string readOnly: true name: type: string description: type: string system: type: boolean date_created: type: string date_updated: type: string application: $ref: '#/components/schemas/Application' permissions: type: array items: $ref: '#/components/schemas/Permission' roles: type: array items: $ref: '#/components/schemas/AppOrgRole' Organization: required: - id - name - type type: object properties: id: readOnly: true type: string name: type: string type: type: string enum: - micro - small - medium - large - huge config: $ref: '#/components/schemas/OrganizationConfig' OrganizationConfig: required: - id - domains type: object properties: id: readOnly: true type: string description: organization config id domains: type: array description: organization domains items: type: string ApplicationConfig: required: - id - app_type_id - version - data type: object properties: id: type: string readOnly: true app_type_id: type: string org_id: type: string version: type: string description: conforms major.minor.patch format data: type: object IdentityProviderSettings: required: - identity_provider_id - user_identifier_field type: object properties: identity_provider_id: type: string user_identifier_field: type: string external_id_fields: type: object additionalProperties: type: string nullable: true first_name_field: type: string middle_name_field: type: string last_name_field: type: string email_field: type: string ferpa_field: type: string roles_field: type: string groups_field: type: string user_specific_fields: type: array items: type: string nullable: true roles: type: object additionalProperties: type: string nullable: true groups: type: object additionalProperties: type: string nullable: true always_sync_profile: type: boolean identity_bb_base_url: type: string identity_bb_profile_fields: type: object additionalProperties: type: string nullable: true admin_app_access_roles: type: array items: type: string SupportedAuthTypes: type: object properties: app_type_id: type: string supported_auth_types: type: array items: $ref: '#/components/schemas/SupportedAuthType' SupportedAuthType: type: object properties: auth_type_id: type: string params: type: object additionalProperties: true nullable: true LoginSessionSettings: type: object properties: max_concurrent_sessions: type: integer inactivity_expire_policy: $ref: '#/components/schemas/InactiveExpirePolicy' time_since_login_expire_policy: $ref: '#/components/schemas/TSLExpirePolicy' yearly_expire_policy: $ref: '#/components/schemas/YearlyExpirePolicy' refresh_grace_period_policy: $ref: '#/components/schemas/RefreshGracePeriodPolicy' YearlyExpirePolicy: type: object required: - active - day - month - hour - min properties: active: type: boolean day: type: integer month: type: integer hour: type: integer min: type: integer InactiveExpirePolicy: type: object required: - active - inactivity_period properties: active: type: boolean inactivity_period: type: integer TSLExpirePolicy: type: object required: - active - time_since_login_period properties: active: type: boolean time_since_login_period: type: integer RefreshGracePeriodPolicy: type: object required: - active - grace_period properties: active: type: boolean grace_period: type: integer PartialApp: required: - id - name - code type: object properties: id: readOnly: true type: string name: type: string code: type: string LoginSession: type: object properties: id: type: string anonymous: type: boolean identifier: type: string auth_type_code: type: string app_org_id: type: string app_type_id: type: string app_type_identifier: type: string account_auth_type_id: type: string account_auth_type_identifier: type: string device_id: type: string nullable: true ip_address: type: string refresh_tokens_count: type: integer state: type: string state_expires: type: string nullable: true mfa_attempts: type: integer date_refreshed: type: string nullable: true date_updated: type: string nullable: true date_created: type: string AuthType: required: - id - code - description - is_external - is_anonymous - use_credentials - ignore_mfa type: object properties: id: readOnly: true type: string code: type: string description: username or email or phone or illinois_oidc etc description: type: string is_external: type: boolean description: says if the users source is external - identity providers is_anonymous: type: boolean description: says if the auth type results in anonymous users use_credentials: type: boolean description: says if the auth type uses credentials ignore_mfa: type: boolean description: says if login using this auth type may bypass account MFA params: type: object additionalProperties: true ServiceAccount: required: - app_id - org_id type: object properties: account_id: type: string name: type: string app_id: type: string org_id: type: string permissions: nullable: true type: array items: type: string scopes: nullable: true type: array items: type: string first_party: type: boolean creds: type: array items: $ref: '#/components/schemas/ServiceAccountCredential' AppOrgPair: required: - app_id - org_id type: object properties: app_id: type: string org_id: type: string ServiceAccountCredential: required: - name - type type: object properties: id: readOnly: true type: string name: type: string type: type: string enum: - static_token - signature params: type: object nullable: true date_created: readOnly: true type: string ServiceReg: required: - service_id - host - name - description - first_party type: object description: Full service registration record properties: service_id: type: string service_account_id: type: string host: type: string pub_key: $ref: '#/components/schemas/PubKey' name: type: string description: type: string info_url: type: string logo_url: type: string scopes: type: array nullable: true items: $ref: '#/components/schemas/ServiceScope' first_party: type: boolean AuthServiceReg: required: - service_id - host type: object description: Service registration record used for auth properties: service_id: type: string service_account_id: type: string host: type: string pub_key: $ref: '#/components/schemas/PubKey' PubKey: required: - key_pem - alg type: object properties: key_pem: type: string alg: type: string ServiceScope: required: - scope - required type: object properties: scope: type: string required: type: boolean explanation: description: Explanation displayed to users for why this scope is requested/required type: string AdminToken: required: - token type: object properties: token: type: string APIKey: required: - app_id - key type: object description: API key record properties: id: type: string app_id: type: string key: type: string JWK: type: object allOf: - $ref: '#/components/schemas/JWKParamsEC' - $ref: '#/components/schemas/JWKParamsOKP' - $ref: '#/components/schemas/JWKParamsRSA' - required: - kty - use - alg - kid description: JSON Web Key (JWK) properties: kty: type: string description: The "kty" (key type) parameter identifies the cryptographic algorithm family used with the key enum: - RSA - EC - OKP use: type: string description: The "use" (public key use) parameter identifies the intended use of the public key enum: - sig alg: type: string description: The "alg" (algorithm) parameter identifies the algorithm intended for use with the key enum: - RS256 - RS384 - RS512 - PS256 - PS384 - PS512 - ES256 - ES384 - ES512 - OKP kid: type: string description: The "kid" (key ID) parameter is used to match a specific key JWKParamsRSA: type: object description: JSON Web Key RSA parameters properties: "n": type: string description: The modulus of the key - Base64URL encoded e: type: string description: The exponent of the key - Base64URL encoded JWKParamsEC: type: object description: JSON Web Key EC parameters properties: crv: type: string description: The curve used with the key x: type: string description: x coordinate of the key - Base64URL encoded "y": type: string description: y coordinate of the key - Base64URL encoded JWKParamsOKP: type: object description: JSON Web Key OKP parameters properties: crv: type: string description: The curve used with the key x: type: string description: x coordinate of the key - Base64URL encoded JWKS: required: - keys type: object description: JSON Web Key Set (JWKS) properties: keys: type: array items: $ref: '#/components/schemas/JWK' OIDCDiscovery: required: - issuer - jwks_uri type: object description: OpenID Connect Discovery Metadata properties: issuer: type: string jwks_uri: type: string Account: required: - id type: object properties: id: readOnly: true type: string app_org: $ref: '#/components/schemas/ApplicationOrganization' username: type: string profile: $ref: '#/components/schemas/Profile' privacy: $ref: '#/components/schemas/Privacy' preferences: type: object nullable: true system_configs: type: object nullable: true anonymous: type: boolean verified: type: boolean system: type: boolean external_ids: type: object nullable: true auth_types: type: array items: $ref: '#/components/schemas/AccountAuthType' permissions: type: array items: $ref: '#/components/schemas/Permission' roles: type: array items: $ref: '#/components/schemas/AppOrgRole' apps: type: array items: $ref: '#/components/schemas/PartialApp' groups: type: array items: $ref: '#/components/schemas/AppOrgGroup' scopes: type: array items: type: string devices: type: array items: $ref: '#/components/schemas/Device' last_login_date: type: string last_access_token_date: type: string most_recent_client_version: type: string PublicAccount: required: - id - is_connection - profile - identifiers type: object properties: id: type: string verified: type: boolean is_following: type: boolean is_connection: type: boolean profile: $ref: '#/components/schemas/ProfileNullable' identifiers: type: array items: $ref: '#/components/schemas/PublicAccountIdentifier' PublicAccountIdentifier: required: - code - identifier type: object properties: code: type: string identifier: type: string PartialAccount: required: - id - app_id - org_id - first_name - last_name - permissions - roles - groups - anonymous - auth_types - date_created type: object properties: id: type: string readOnly: true app_id: type: string org_id: type: string first_name: type: string last_name: type: string system: type: boolean username: type: string permissions: type: array items: $ref: '#/components/schemas/Permission' roles: type: array items: $ref: '#/components/schemas/AppOrgRole' groups: type: array items: $ref: '#/components/schemas/AppOrgGroup' apps: type: array items: $ref: '#/components/schemas/PartialApp' scopes: type: array items: type: string auth_types: type: array items: $ref: '#/components/schemas/AccountAuthType' system_configs: type: object nullable: true params: type: object nullable: true anonymous: type: boolean privacy: $ref: '#/components/schemas/Privacy' verified: type: boolean date_created: readOnly: true type: string date_updated: type: string nullable: true external_ids: type: object nullable: true DeletedAppOrgMembership: allOf: - $ref: '#/components/schemas/AppOrgPair' - required: - memberships type: object properties: memberships: type: array items: $ref: '#/components/schemas/DeletedMembership' DeletedMembership: required: - account_id type: object properties: account_id: readOnly: true type: string external_ids: type: object nullable: true additionalProperties: type: string context: type: object Profile: required: - id type: object properties: id: readOnly: true type: string photo_url: type: string pronunciation_url: type: string pronouns: type: string first_name: type: string last_name: type: string email: type: string nullable: true phone: type: string nullable: true birth_year: type: integer nullable: true address: type: string nullable: true address2: type: string nullable: true po_box: type: string nullable: true city: type: string nullable: true zip_code: type: string nullable: true state: type: string nullable: true country: type: string nullable: true website: type: string unstructured_properties: type: object nullable: true ProfileNullable: type: object nullable: true properties: photo_url: type: string nullable: true pronunciation_url: type: string nullable: true pronouns: type: string nullable: true first_name: type: string nullable: true last_name: type: string nullable: true email: type: string nullable: true phone: type: string nullable: true birth_year: type: integer nullable: true address: type: string nullable: true address2: type: string nullable: true po_box: type: string nullable: true city: type: string nullable: true zip_code: type: string nullable: true state: type: string nullable: true country: type: string nullable: true website: type: string nullable: true unstructured_properties: type: object nullable: true Privacy: type: object properties: public: type: boolean nullable: true field_visibility: type: object additionalProperties: true nullable: true PrivacyNullable: type: object nullable: true properties: public: type: boolean nullable: true field_visibility: type: object additionalProperties: true nullable: true Username: required: - username type: object properties: username: type: string AccountAuthType: required: - id - code - identifier type: object properties: id: type: string code: type: string identifier: type: string params: type: object additionalProperties: true nullable: true active: type: boolean unverified: type: boolean Device: required: - id - type type: object properties: id: readOnly: true type: string device_id: type: string nullable: true type: type: string enum: - mobile - web - desktop - other os: type: string Follow: required: - id - follower_id - following_id type: object properties: id: readOnly: true type: string following_id: type: string follower_id: readOnly: true type: string UserData: type: object properties: account: $ref: '#/components/schemas/Account' login_sessions: type: array items: $ref: '#/components/schemas/LoginSession' _shared_req_Login: required: - auth_type - app_type_identifier - org_id - api_key - device type: object properties: auth_type: type: string enum: - email - twilio_phone - illinois_oidc - anonymous - username app_type_identifier: type: string org_id: type: string api_key: type: string creds: anyOf: - $ref: '#/components/schemas/_shared_req_CredsEmail' - $ref: '#/components/schemas/_shared_req_CredsTwilioPhone' - $ref: '#/components/schemas/_shared_req_CredsOIDC' - $ref: '#/components/schemas/_shared_req_CredsAPIKey' - $ref: '#/components/schemas/_shared_req_CredsUsername' params: type: object anyOf: - $ref: '#/components/schemas/_shared_req_ParamsEmail' - $ref: '#/components/schemas/_shared_req_ParamsOIDC' - $ref: '#/components/schemas/_shared_req_ParamsNone' - $ref: '#/components/schemas/_shared_req_ParamsUsername' device: $ref: '#/components/schemas/Device' profile: $ref: '#/components/schemas/ProfileNullable' privacy: $ref: '#/components/schemas/PrivacyNullable' preferences: type: object nullable: true username: type: string nullable: true _shared_req_Login_Mfa: required: - api_key - account_id - session_id - state - identifier - type - code type: object properties: api_key: type: string account_id: type: string session_id: type: string state: type: string identifier: type: string type: type: string enum: - email - phone - totp - recovery code: type: string _shared_req_LoginUrl: required: - auth_type - app_type_identifier - org_id - api_key - redirect_uri type: object properties: auth_type: type: string enum: - illinois_oidc app_type_identifier: type: string org_id: type: string api_key: type: string redirect_uri: type: string _shared_req_Refresh: required: - api_key - refresh_token type: object properties: api_key: type: string refresh_token: type: string _shared_req_Mfa: required: - identifier - type type: object properties: identifier: type: string type: type: string enum: - email - phone - totp code: type: string _shared_req_CreateAccount: required: - auth_type - identifier type: object properties: auth_type: type: string enum: - email - illinois_oidc identifier: type: string permissions: type: array items: type: string role_ids: type: array items: type: string group_ids: type: array items: type: string scopes: type: array items: type: string profile: $ref: '#/components/schemas/ProfileNullable' privacy: $ref: '#/components/schemas/PrivacyNullable' username: type: string nullable: true _shared_req_UpdateAccount: required: - auth_type - identifier type: object properties: auth_type: type: string enum: - email - illinois_oidc identifier: type: string permissions: type: array items: type: string role_ids: type: array items: type: string group_ids: type: array items: type: string scopes: type: array items: type: string _shared_req_DeleteAccount: required: - app_id type: object properties: app_id: writeOnly: true type: string context: type: object _shared_req_AccountCheck: required: - auth_type - app_type_identifier - org_id - api_key - user_identifier type: object properties: auth_type: type: string enum: - username - email - twilio_phone - illinois_oidc - anonymous app_type_identifier: type: string org_id: type: string api_key: type: string user_identifier: type: string _shared_req_CredsEmail: required: - email - password type: object description: Auth login creds for auth_type="email" properties: email: type: string password: type: string _shared_req_CredsTwilioPhone: type: object description: Auth login creds for auth_type="twilio_phone" required: - phone properties: phone: type: string code: type: string _shared_req_CredsOIDC: type: string description: | Auth login creds for auth_type="oidc" (or variants) - full redirect URI received from OIDC provider _shared_req_CredsUsername: required: - username - password type: object description: Auth login creds for auth_type="username" properties: username: type: string password: type: string _shared_req_CredsAPIKey: type: object description: Auth login creds for auth_type="anonymous" properties: anonymous_id: type: string _shared_req_ParamsEmail: type: object description: Auth login params for auth_type="email" properties: confirm_password: type: string description: This should match the `creds` password field when sign_up=true. This should be verified on the client side as well to reduce invalid requests. sign_up: type: boolean _shared_req_ParamsOIDC: type: object description: Auth login params for auth_type="oidc" (or variants) properties: redirect_uri: type: string pkce_verifier: type: string _shared_req_ParamsUsername: type: object description: Auth login params for auth_type="username" properties: confirm_password: type: string description: This should match the `creds` password field when sign_up=true. This should be verified on the client side as well to reduce invalid requests. sign_up: type: boolean _shared_req_ParamsNone: type: object description: Auth login request params for unlisted auth_types (None) nullable: true _shared_req_ParamsSetEmailCredential: required: - new_password - confirm_password type: object properties: new_password: type: string confirm_password: type: string _shared_req_app-configs: required: - app_type_identifier - version - api_key type: object properties: app_type_identifier: type: string version: type: string description: conforms major.minor.patch format api_key: type: string _shared_req_app-configs-org: required: - app_type_identifier - version type: object properties: app_type_identifier: type: string version: type: string description: conforms major.minor.patch format _shared_res_Login: type: object properties: token: $ref: '#/components/schemas/_shared_res_RokwireToken' account: $ref: '#/components/schemas/Account' params: type: object nullable: true anyOf: - $ref: '#/components/schemas/_shared_res_ParamsOIDC' - $ref: '#/components/schemas/_shared_res_ParamsAPIKey' - $ref: '#/components/schemas/_shared_res_ParamsNone' message: type: string _shared_res_Login_Mfa: required: - enrolled - account_id - session_id - state type: object properties: enrolled: type: array items: $ref: '#/components/schemas/_shared_res_Mfa' account_id: type: string session_id: type: string state: type: string params: type: object nullable: true anyOf: - $ref: '#/components/schemas/_shared_res_ParamsOIDC' - $ref: '#/components/schemas/_shared_res_ParamsAPIKey' - $ref: '#/components/schemas/_shared_res_ParamsNone' _shared_res_LoginUrl: required: - login_url type: object properties: login_url: type: string params: type: object description: Params to be submitted with 'login' request (if necessary) _shared_res_Refresh: type: object properties: token: $ref: '#/components/schemas/_shared_res_RokwireToken' params: type: object nullable: true anyOf: - $ref: '#/components/schemas/_shared_res_ParamsOIDC' - $ref: '#/components/schemas/_shared_res_ParamsAPIKey' - $ref: '#/components/schemas/_shared_res_ParamsNone' _shared_res_Mfa: type: object properties: type: type: string verified: type: boolean params: type: object _shared_res_AccountCheck: type: boolean _shared_res_ParamsAPIKey: type: object description: Auth login response params for auth_type="anonymous" properties: anonymous_id: type: string _shared_res_ParamsOIDC: type: object description: Auth login response params for auth_type="oidc" (or variants) properties: oidc_token: type: object properties: id_token: type: string access_token: type: string refresh_token: type: string token_type: type: string redirect_uri: type: string _shared_res_ParamsNone: type: object description: Auth login response params for unlisted auth_types (None) nullable: true _shared_res_RokwireToken: type: object properties: access_token: description: The user's access token to be provided to authorize access to ROKWIRE APIs type: string refresh_token: description: A refresh token that can be used to get a new access token once the one provided expires type: string token_type: description: The type of the provided tokens to be specified when they are sent in the "Authorization" header type: string enum: - Bearer _services_req_account_auth-type-link: required: - auth_type - app_type_identifier - creds type: object properties: auth_type: type: string enum: - email - twilio_phone - illinois_oidc - username app_type_identifier: type: string creds: anyOf: - $ref: '#/components/schemas/_shared_req_CredsEmail' - $ref: '#/components/schemas/_shared_req_CredsTwilioPhone' - $ref: '#/components/schemas/_shared_req_CredsOIDC' params: type: object anyOf: - $ref: '#/components/schemas/_shared_req_ParamsEmail' - $ref: '#/components/schemas/_shared_req_ParamsOIDC' - $ref: '#/components/schemas/_shared_req_ParamsNone' _services_req_account_auth-type-unlink: required: - auth_type - app_type_identifier - identifier type: object properties: auth_type: type: string enum: - email - twilio_phone - illinois_oidc - username app_type_identifier: type: string identifier: type: string _services_res_account_auth-type-link: required: - auth_types type: object properties: message: type: string nullable: true auth_types: type: array items: $ref: '#/components/schemas/AccountAuthType' _services_req_credential_update: required: - account_auth_type_id type: object properties: account_auth_type_id: type: string params: type: object anyOf: - $ref: '#/components/schemas/_shared_req_ParamsSetEmailCredential' _services_req_credential_send-verify: required: - auth_type - app_type_identifier - org_id - api_key - identifier type: object properties: identifier: type: string org_id: type: string api_key: type: string app_type_identifier: type: string auth_type: type: string enum: - email _services_req_credential_forgot_initiate: required: - auth_type - app_type_identifier - org_id - api_key - identifier type: object properties: auth_type: type: string enum: - email app_type_identifier: type: string org_id: type: string api_key: type: string identifier: type: string _services_req_credential_forgot_complete: required: - credential_id - reset_code type: object properties: credential_id: type: string reset_code: type: string params: type: object anyOf: - $ref: '#/components/schemas/_shared_req_ParamsSetEmailCredential' _services_req_authorize-service: required: - service_id type: object properties: service_id: type: string approved_scopes: description: Scopes to be granted to this service in this and future tokens. Replaces existing scopes if present. type: array items: type: string _services_res_authorize-service: type: object properties: access_token: type: string token_type: description: The type of the provided tokens to be specified when they are sent in the "Authorization" header type: string enum: - Bearer approved_scopes: type: array items: type: string service_reg: $ref: '#/components/schemas/ServiceReg' _services_res_accounts-public: required: - total - counts - accounts type: object properties: total: type: integer counts: type: object additionalProperties: type: integer accounts: type: array items: $ref: '#/components/schemas/PublicAccount' _services_req_service-accounts_params: required: - auth_type type: object properties: auth_type: type: string enum: - static_token - signature creds: $ref: '#/components/schemas/_services_service-accounts_CredsStaticToken' _services_req_service-accounts_access-token: required: - account_id - app_id - org_id - auth_type type: object properties: account_id: type: string app_id: type: string org_id: type: string auth_type: type: string enum: - static_token - signature creds: $ref: '#/components/schemas/_services_service-accounts_CredsStaticToken' _services_req_service-accounts_access-tokens: required: - account_id - auth_type type: object properties: account_id: type: string auth_type: type: string enum: - static_token - signature creds: $ref: '#/components/schemas/_services_service-accounts_CredsStaticToken' _services_res_service-accounts_access-tokens: required: - app_id - org_id - token type: object properties: app_id: type: string org_id: type: string token: $ref: '#/components/schemas/_shared_res_RokwireToken' _services_service-accounts_CredsStaticToken: required: - token type: object description: Service account token for auth_type="static_token" properties: token: type: string _admin_req_application_role: required: - name - description - permissions type: object properties: name: type: string description: type: string system: type: boolean permissions: type: array items: type: string scopes: type: array items: type: string _admin_req_application_group: required: - name - description type: object properties: name: type: string description: type: string system: type: boolean permissions: type: array items: type: string roles: type: array items: type: string account_ids: nullable: true type: array items: type: string _admin_req_add-accounts-to-group: required: - account_ids type: object properties: account_ids: type: array items: type: string _admin_req_remove-account-from-group: required: - account_ids type: object properties: account_ids: type: array items: type: string _admin_req_grant-roles-to-account: required: - role_ids type: object properties: role_ids: type: array items: type: string _admin_req_revoke-roles-from-account: required: - role_ids type: object properties: role_ids: type: array items: type: string _admin_req_grant-permissions: required: - permissions type: object properties: permissions: type: array items: type: string _admin_req_revoke-permissions: required: - permissions type: object properties: permissions: type: array items: type: string _admin_req_grant-permissions-to-role: required: - permissions type: object properties: permissions: type: array items: type: string _admin_req_verified: required: - verified type: object properties: verified: type: boolean _admin_req_create-update-config: required: - type - system - data type: object properties: type: type: string all_apps: type: boolean nullable: true all_orgs: type: boolean nullable: true system: type: boolean data: anyOf: - $ref: '#/components/schemas/EnvConfigData' _system_req_update_service-account: type: object properties: name: type: string permissions: nullable: true type: array items: type: string scopes: nullable: true type: array items: type: string