diff --git a/agent.json b/agent.json index 80812df..f339f29 100644 --- a/agent.json +++ b/agent.json @@ -137,8 +137,7 @@ "info": { "title": "Entitlements Agent (PDP)", "description": "", - "version": "", - "contact": {} + "version": "" }, "servers": [ { @@ -160,7 +159,8 @@ "properties": { "featureKey": { "type": "string", - "example": "example-feature-key" + "example": "example-feature-key", + "description": "" } }, "required": [ @@ -172,11 +172,13 @@ "properties": { "userId": { "type": "string", - "example": "6c2ce177-66cd-4163-a012-b7833255a490" + "example": "6c2ce177-66cd-4163-a012-b7833255a490", + "description": "" }, "tenantId": { "type": "string", - "example": "f21ca66c-d23b-496f-b805-121ed37eb46a" + "example": "f21ca66c-d23b-496f-b805-121ed37eb46a", + "description": "" }, "permissions": { "example": [ @@ -186,13 +188,15 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "" }, "attributes": { "type": "object", "example": { "exampleAttribute": "example-value" - } + }, + "description": "" } }, "required": [ @@ -211,14 +215,17 @@ "MISSING_ROUTE", "ROUTE_DENIED" ], - "example": "MISSING_FEATURE" + "example": "MISSING_FEATURE", + "description": "" }, "monitoring": { - "type": "boolean" + "type": "boolean", + "description": "" }, "result": { "type": "boolean", - "example": false + "example": false, + "description": "" } }, "required": [ @@ -230,13 +237,16 @@ "properties": { "decision_id": { "type": "string", - "example": "df5dae62-be02-4333-bbe1-f7220e13c6c3" + "example": "df5dae62-be02-4333-bbe1-f7220e13c6c3", + "description": "" }, "metrics": { - "type": "object" + "type": "object", + "description": "" }, "result": { - "$ref": "#/components/schemas/EntitlementsResult" + "$ref": "#/components/schemas/EntitlementsResult", + "description": "" } }, "required": [ @@ -250,7 +260,8 @@ "properties": { "permissionKey": { "type": "string", - "example": "example.permission.read" + "example": "example.permission.read", + "description": "" } }, "required": [ @@ -270,11 +281,13 @@ "DELETE", "*" ], - "example": "GET" + "example": "GET", + "description": "" }, "path": { "type": "string", - "example": "/example" + "example": "/example", + "description": "" } }, "required": [ @@ -284,8 +297,5 @@ } } }, - "x-readme": { - "explorer-enabled": true, - "proxy-enabled": true - } + "x-tagGroups": [] } \ No newline at end of file diff --git a/applications.json b/applications.json new file mode 100644 index 0000000..87becf7 --- /dev/null +++ b/applications.json @@ -0,0 +1,764 @@ +{ + "openapi": "3.0.0", + "paths": { + "/resources/applications/v1": { + "get": { + "operationId": "getApplications", + "summary": "Get all applications for an environment", + "description": "Get all applications for an environment", + "parameters": [ + { + "name": "_accessType", + "required": false, + "in": "query", + "schema": { + "enum": [ + "FREE_ACCESS", + "MANAGED_ACCESS" + ], + "type": "string" + }, + "description": "" + }, + { + "name": "_isDefault", + "required": false, + "in": "query", + "schema": { + "type": "boolean" + }, + "description": "" + }, + { + "name": "_isActive", + "required": false, + "in": "query", + "schema": { + "type": "boolean" + }, + "description": "" + }, + { + "name": "ids", + "required": false, + "in": "query", + "schema": { + "type": "string" + }, + "description": "" + } + ], + "responses": { + "200": { + "description": "", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "$ref": "#/components/schemas/ApplicationsResponse" + } + } + } + } + } + }, + "tags": [ + "Management | Applications" + ] + }, + "post": { + "operationId": "createApplication", + "summary": "Create application", + "description": "Create application", + "parameters": [], + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/CreateApplicationRequest" + } + } + } + }, + "responses": { + "201": { + "description": "", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ApplicationsResponse" + } + } + } + } + }, + "tags": [ + "Management | Applications" + ] + } + }, + "/resources/applications/v1/default": { + "get": { + "operationId": "getDefaultApplication", + "summary": "Get the default application for an environment", + "description": "Get the default application for an environment", + "parameters": [], + "responses": { + "200": { + "description": "", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ApplicationsResponse" + } + } + } + } + }, + "tags": [ + "Management | Applications" + ] + } + }, + "/resources/applications/v1/{id}": { + "get": { + "operationId": "getApplicationById", + "summary": "Get application by ID", + "description": "Get application by ID", + "parameters": [ + { + "name": "id", + "required": true, + "in": "path", + "schema": { + "type": "string" + }, + "description": "" + } + ], + "responses": { + "200": { + "description": "", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ApplicationsResponse" + } + } + } + } + }, + "tags": [ + "Management | Applications" + ] + }, + "patch": { + "operationId": "updateApplication", + "summary": "Update an application", + "description": "Update an application", + "parameters": [ + { + "name": "id", + "required": true, + "in": "path", + "schema": { + "type": "string" + }, + "description": "" + } + ], + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/UpdateApplicationRequest" + } + } + } + }, + "responses": { + "201": { + "description": "" + } + }, + "tags": [ + "Management | Applications" + ] + }, + "delete": { + "operationId": "deleteApplication", + "summary": "Delete an application", + "description": "Delete an application", + "parameters": [ + { + "name": "id", + "required": true, + "in": "path", + "schema": { + "type": "string" + }, + "description": "" + } + ], + "responses": { + "200": { + "description": "" + } + }, + "tags": [ + "Management | Applications" + ] + } + }, + "/resources/applications/tenant-assignments/v1": { + "get": { + "operationId": "getApplicationsTenantsAssignments", + "summary": "Get application to tenants assignments", + "description": "Get application to tenants assignments", + "parameters": [ + { + "name": "appIds", + "required": false, + "in": "query", + "schema": { + "type": "string" + }, + "description": "" + }, + { + "name": "tenantIds", + "required": false, + "in": "query", + "schema": { + "type": "string" + }, + "description": "" + }, + { + "name": "frontegg-tenant-id", + "in": "header", + "description": "The tenant ID identifier", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "$ref": "#/components/schemas/ApplicationsTenantAssignmentResponse" + } + } + } + } + } + }, + "tags": [ + "Management | Applications" + ] + } + }, + "/resources/applications/tenant-assignments/v1/{appId}": { + "get": { + "operationId": "getApplicationTenantsAssignmentsByAppId", + "summary": "Get tenants assignments for an application", + "description": "Get tenants assignments for an application", + "parameters": [ + { + "name": "appId", + "required": true, + "in": "path", + "schema": { + "type": "string" + }, + "description": "" + } + ], + "responses": { + "200": { + "description": "", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ApplicationTenantsResponse" + } + } + } + } + }, + "tags": [ + "Management | Applications" + ] + }, + "post": { + "operationId": "createApplicationTenantAssignment", + "summary": "Create application to tenant assignment", + "description": "Create application to tenant assignment", + "parameters": [ + { + "name": "appId", + "required": true, + "in": "path", + "schema": { + "type": "string" + }, + "description": "" + } + ], + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/CreateApplicationTenantRequest" + } + } + } + }, + "responses": { + "201": { + "description": "", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ApplicationsTenantAssignmentResponse" + } + } + } + } + }, + "tags": [ + "Management | Applications" + ] + } + }, + "/resources/applications/tenant-assignments/v1/{appId}/{tenantId}": { + "delete": { + "operationId": "deleteApplicationTenantAssignment", + "summary": "Delete application to tenant assignment", + "description": "Delete application to tenant assignment", + "parameters": [ + { + "name": "appId", + "required": true, + "in": "path", + "schema": { + "type": "string" + }, + "description": "" + }, + { + "name": "tenantId", + "required": true, + "in": "path", + "schema": { + "type": "string" + }, + "description": "" + } + ], + "responses": { + "200": { + "description": "" + } + }, + "tags": [ + "Management | Applications" + ] + } + }, + "/resources/applications/v1/credentials/{appId}": { + "get": { + "operationId": "getApplicationClientCredentials", + "summary": "Get application client credentials", + "description": "Get application client credentials", + "parameters": [ + { + "name": "appId", + "required": true, + "in": "path", + "schema": { + "type": "string" + }, + "description": "" + } + ], + "responses": { + "200": { + "description": "", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ApplicationsClientCredentialsResponse" + } + } + } + } + }, + "tags": [ + "Management | Applications" + ] + } + }, + "/resources/applications/v1/credentials/regenerate": { + "post": { + "operationId": "regenerateApplicationClientCredentials", + "summary": "Regenerate application client credentials", + "description": "Regenerate application client credentials", + "parameters": [], + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/RegenerateApplicationClientCredentialsRequest" + } + } + } + }, + "responses": { + "201": { + "description": "" + } + }, + "tags": [ + "Management | Applications" + ] + } + } + }, + "info": { + "title": "Applications", + "description": "", + "version": "" + }, + "servers": [ + { + "url": "https://api.frontegg.com/applications", + "description": "EU Region" + }, + { + "url": "https://api.us.frontegg.com/applications", + "description": "US Region" + }, + { + "url": "https://api.ca.frontegg.com/applications", + "description": "CA Region" + }, + { + "url": "https://api.au.frontegg.com/applications", + "description": "AU Region" + }, + { + "url": "https://{domain}.frontegg.com/applications", + "description": "Frontegg sub-domain for use with user tokens", + "variables": { + "domain": { + "default": "app-xxx" + } + } + } + ], + "components": { + "securitySchemes": { + "bearer": { + "scheme": "bearer", + "bearerFormat": "JWT", + "type": "http" + } + }, + "schemas": { + "ApplicationsResponse": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "" + }, + "accessType": { + "type": "string", + "enum": [ + "FREE_ACCESS", + "MANAGED_ACCESS" + ], + "description": "" + }, + "appURL": { + "type": "string", + "description": "" + }, + "loginURL": { + "type": "string", + "description": "" + }, + "isDefault": { + "type": "boolean", + "description": "" + }, + "isActive": { + "type": "boolean", + "description": "" + }, + "name": { + "type": "string", + "description": "" + }, + "logoURL": { + "type": "string", + "description": "" + }, + "createdAt": { + "type": "string", + "description": "" + }, + "updatedAt": { + "type": "string", + "description": "" + }, + "type": { + "type": "string", + "description": "" + }, + "frontendStack": { + "type": "string", + "description": "" + }, + "description": { + "type": "string", + "description": "" + }, + "integrationFinishedAt": { + "type": "string", + "description": "" + } + }, + "required": [ + "id", + "accessType", + "appURL", + "loginURL", + "isDefault", + "isActive", + "name", + "logoURL", + "createdAt", + "updatedAt", + "type", + "frontendStack", + "description", + "integrationFinishedAt" + ] + }, + "CreateApplicationRequest": { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "" + }, + "appURL": { + "type": "string", + "description": "" + }, + "loginURL": { + "type": "string", + "description": "" + }, + "logoURL": { + "type": "string", + "description": "" + }, + "accessType": { + "type": "string", + "enum": [ + "FREE_ACCESS", + "MANAGED_ACCESS" + ], + "description": "" + }, + "isDefault": { + "type": "boolean", + "default": false, + "description": "" + }, + "isActive": { + "type": "boolean", + "default": true, + "description": "" + }, + "type": { + "type": "string", + "default": "web", + "enum": [ + "web", + "mobile-ios", + "mobile-android", + "other" + ], + "description": "" + }, + "frontendStack": { + "type": "string", + "default": "react", + "enum": [ + "react", + "vue", + "angular", + "next.js", + "vanilla.js", + "ionic", + "flutter", + "react-native", + "kotlin", + "swift" + ], + "description": "" + }, + "description": { + "type": "string", + "description": "" + } + }, + "required": [ + "name", + "appURL", + "loginURL" + ] + }, + "UpdateApplicationRequest": { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "" + }, + "appURL": { + "type": "string", + "description": "" + }, + "loginURL": { + "type": "string", + "description": "" + }, + "logoURL": { + "type": "string", + "description": "" + }, + "accessType": { + "type": "string", + "enum": [ + "FREE_ACCESS", + "MANAGED_ACCESS" + ], + "description": "" + }, + "isDefault": { + "type": "boolean", + "default": false, + "description": "" + }, + "isActive": { + "type": "boolean", + "default": true, + "description": "" + }, + "type": { + "type": "string", + "default": "web", + "description": "" + }, + "frontendStack": { + "type": "string", + "default": "react", + "description": "" + }, + "description": { + "type": "string", + "description": "" + } + } + }, + "ApplicationsTenantAssignmentResponse": { + "type": "object", + "properties": { + "tenantId": { + "type": "string", + "description": "" + }, + "appIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "" + } + }, + "required": [ + "tenantId", + "appIds" + ] + }, + "ApplicationTenantsResponse": { + "type": "object", + "properties": { + "tenantIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "" + } + }, + "required": [ + "tenantIds" + ] + }, + "CreateApplicationTenantRequest": { + "type": "object", + "properties": { + "tenantId": { + "type": "string", + "description": "" + } + }, + "required": [ + "tenantId" + ] + }, + "ApplicationsClientCredentialsResponse": { + "type": "object", + "properties": { + "clientSecret": { + "type": "string", + "description": "" + } + }, + "required": [ + "clientSecret" + ] + }, + "RegenerateApplicationClientCredentialsRequest": { + "type": "object", + "properties": { + "appId": { + "type": "string", + "description": "" + } + }, + "required": [ + "appId" + ] + } + } + }, + "x-tagGroups": [] +} \ No newline at end of file diff --git a/audits.json b/audits.json new file mode 100644 index 0000000..2b68273 --- /dev/null +++ b/audits.json @@ -0,0 +1,913 @@ +{ + "openapi": "3.0.0", + "paths": { + "/": { + "get": { + "operationId": "AuditsController_getAudits", + "summary": "Get audits", + "description": "This route gets all audit logs for a tenant. Send the tenant’s id in the **`frontegg-tenant-id`** header to declare the tenant. Optionally, use the query params to filter and organize the results. There's a limit of 200 audits. You can use the 'offset' query param to get the following 200 results. For example: \n?count=200&offset=0&sortBy=createdAt&sortDirection=desc returns audits 1-200, \n?count=200&offset=200&sortBy=createdAt&sortDirection=desc returns audits 201-400", + "deprecated": true, + "parameters": [ + { + "name": "vendorId", + "required": true, + "in": "query", + "schema": { + "type": "string" + }, + "description": "" + }, + { + "name": "tenantId", + "required": true, + "in": "query", + "schema": { + "type": "string" + }, + "description": "" + }, + { + "name": "limit", + "required": false, + "in": "query", + "schema": { + "type": "number" + }, + "description": "" + }, + { + "name": "offset", + "required": true, + "in": "query", + "schema": { + "type": "number" + }, + "description": "" + }, + { + "name": "count", + "required": true, + "in": "query", + "schema": { + "type": "number" + }, + "description": "" + }, + { + "name": "paginationMode", + "required": false, + "in": "query", + "schema": { + "type": "string" + }, + "description": "" + }, + { + "name": "filter", + "required": false, + "in": "query", + "schema": { + "type": "string" + }, + "description": "" + }, + { + "name": "sortBy", + "required": false, + "in": "query", + "schema": { + "pattern": "/^[a-zA-z0-9_]+$/", + "type": "string" + }, + "description": "" + }, + { + "name": "sortDirection", + "required": false, + "in": "query", + "schema": { + "pattern": "/^(a|de)sc$/i", + "type": "string" + }, + "description": "" + }, + { + "name": "frontegg-tenant-id", + "in": "header", + "description": "The tenant ID identifier", + "required": false, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "" + } + }, + "tags": [ + "Main" + ] + }, + "post": { + "operationId": "AuditsController_addAudits", + "summary": "Add audits", + "description": "Add audits", + "parameters": [ + { + "name": "frontegg-tenant-id", + "in": "header", + "description": "The tenant ID identifier", + "required": true, + "schema": { + "type": "string" + } + } + ], + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/AuditRequest" + } + } + } + }, + "responses": { + "202": { + "description": "" + } + }, + "tags": [ + "Main" + ] + } + }, + "/stats": { + "get": { + "operationId": "AuditsController_getAuditsStats", + "summary": "Get audits statistics", + "description": "Get audits statistics", + "parameters": [ + { + "name": "frontegg-tenant-id", + "in": "header", + "description": "The tenant ID identifier", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "" + } + }, + "tags": [ + "Main" + ] + } + }, + "/export/csv": { + "post": { + "operationId": "AuditsController_exportCsv", + "summary": "Export CSV", + "description": "Export CSV", + "deprecated": true, + "parameters": [ + { + "name": "vendorId", + "required": true, + "in": "query", + "schema": { + "type": "string" + }, + "description": "" + }, + { + "name": "tenantId", + "required": true, + "in": "query", + "schema": { + "type": "string" + }, + "description": "" + }, + { + "name": "limit", + "required": false, + "in": "query", + "schema": { + "type": "number" + }, + "description": "" + }, + { + "name": "offset", + "required": true, + "in": "query", + "schema": { + "type": "number" + }, + "description": "" + }, + { + "name": "count", + "required": true, + "in": "query", + "schema": { + "type": "number" + }, + "description": "" + }, + { + "name": "paginationMode", + "required": false, + "in": "query", + "schema": { + "type": "string" + }, + "description": "" + }, + { + "name": "filter", + "required": false, + "in": "query", + "schema": { + "type": "string" + }, + "description": "" + }, + { + "name": "sortBy", + "required": false, + "in": "query", + "schema": { + "pattern": "/^[a-zA-z0-9_]+$/", + "type": "string" + }, + "description": "" + }, + { + "name": "sortDirection", + "required": false, + "in": "query", + "schema": { + "pattern": "/^(a|de)sc$/i", + "type": "string" + }, + "description": "" + }, + { + "name": "frontegg-tenant-id", + "in": "header", + "description": "The tenant ID identifier", + "required": true, + "schema": { + "type": "string" + } + } + ], + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ExportCSV" + } + } + } + }, + "responses": { + "201": { + "description": "" + } + }, + "tags": [ + "Main" + ] + } + }, + "/export/csv/v2": { + "post": { + "operationId": "AuditsController_exportCsvToStream", + "summary": "Export CSV to stream", + "description": "Export CSV to stream", + "parameters": [ + { + "name": "vendorId", + "required": true, + "in": "query", + "schema": { + "type": "string" + }, + "description": "" + }, + { + "name": "tenantId", + "required": true, + "in": "query", + "schema": { + "type": "string" + }, + "description": "" + }, + { + "name": "limit", + "required": false, + "in": "query", + "schema": { + "type": "number" + }, + "description": "" + }, + { + "name": "offset", + "required": true, + "in": "query", + "schema": { + "type": "number" + }, + "description": "" + }, + { + "name": "count", + "required": true, + "in": "query", + "schema": { + "type": "number" + }, + "description": "" + }, + { + "name": "paginationMode", + "required": false, + "in": "query", + "schema": { + "type": "string" + }, + "description": "" + }, + { + "name": "filter", + "required": false, + "in": "query", + "schema": { + "type": "string" + }, + "description": "" + }, + { + "name": "sortBy", + "required": false, + "in": "query", + "schema": { + "pattern": "/^[a-zA-z0-9_]+$/", + "type": "string" + }, + "description": "" + }, + { + "name": "sortDirection", + "required": false, + "in": "query", + "schema": { + "pattern": "/^(a|de)sc$/i", + "type": "string" + }, + "description": "" + }, + { + "name": "frontegg-tenant-id", + "in": "header", + "description": "The tenant ID identifier", + "required": true, + "schema": { + "type": "string" + } + } + ], + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ExportCSV" + } + } + } + }, + "responses": { + "201": { + "description": "" + } + }, + "tags": [ + "Main" + ] + } + }, + "/resources/audits/v2": { + "get": { + "operationId": "AuditsController_V2_getAudits", + "summary": "Get audits (V2)", + "description": "This route gets all audit logs for a tenant. Send the tenant’s id in the **`frontegg-tenant-id`** header to declare the tenant. Optionally, use the query params to filter and organize the results. There's a limit of 200 audits. You can use the 'offset' query param to get the following 200 results. For example: \n?count=200&offset=0&sortBy=createdAt&sortDirection=desc returns audits 1-200, \n?count=200&offset=200&sortBy=createdAt&sortDirection=desc returns audits 201-400", + "parameters": [ + { + "name": "created_from", + "required": false, + "in": "query", + "schema": { + "format": "date-time", + "type": "string" + }, + "description": "" + }, + { + "name": "created_to", + "required": false, + "in": "query", + "schema": { + "format": "date-time", + "type": "string" + }, + "description": "" + }, + { + "name": "tenant_ids", + "required": false, + "in": "query", + "schema": { + "type": "array", + "items": { + "type": "string" + } + }, + "description": "" + }, + { + "name": "users", + "required": false, + "in": "query", + "schema": { + "type": "array", + "items": { + "type": "string" + } + }, + "description": "" + }, + { + "name": "email", + "required": false, + "in": "query", + "schema": { + "type": "array", + "items": { + "type": "string" + } + }, + "description": "" + }, + { + "name": "count", + "required": true, + "in": "query", + "schema": { + "minimum": 1, + "maximum": 200, + "type": "number" + }, + "description": "" + }, + { + "name": "offset", + "required": true, + "in": "query", + "schema": { + "minimum": 0, + "type": "number" + }, + "description": "" + }, + { + "name": "sortBy", + "required": false, + "in": "query", + "schema": { + "pattern": "/^[a-zA-z0-9_]+$/", + "type": "string" + }, + "description": "" + }, + { + "name": "sortDirection", + "required": false, + "in": "query", + "schema": { + "pattern": "/^(a|de)sc$/i", + "type": "string" + }, + "description": "" + }, + { + "name": "filter", + "required": false, + "in": "query", + "schema": { + "type": "string" + }, + "description": "" + }, + { + "name": "featureFlagId", + "required": false, + "in": "query", + "schema": { + "type": "string" + }, + "description": "" + }, + { + "name": "frontegg-tenant-id", + "in": "header", + "description": "The tenant ID identifier", + "required": false, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "" + } + }, + "tags": [ + "Main" + ] + } + }, + "/resources/audits/v2/export/csv": { + "post": { + "operationId": "AuditsController_V2_exportCsvToStream", + "summary": "Export CSV to stream (V2)", + "description": "Export CSV to stream", + "parameters": [ + { + "name": "created_from", + "required": false, + "in": "query", + "schema": { + "format": "date-time", + "type": "string" + }, + "description": "" + }, + { + "name": "created_to", + "required": false, + "in": "query", + "schema": { + "format": "date-time", + "type": "string" + }, + "description": "" + }, + { + "name": "tenant_ids", + "required": false, + "in": "query", + "schema": { + "type": "array", + "items": { + "type": "string" + } + }, + "description": "" + }, + { + "name": "users", + "required": false, + "in": "query", + "schema": { + "type": "array", + "items": { + "type": "string" + } + }, + "description": "" + }, + { + "name": "email", + "required": false, + "in": "query", + "schema": { + "type": "array", + "items": { + "type": "string" + } + }, + "description": "" + }, + { + "name": "count", + "required": true, + "in": "query", + "schema": { + "minimum": 1, + "maximum": 200, + "type": "number" + }, + "description": "" + }, + { + "name": "offset", + "required": true, + "in": "query", + "schema": { + "minimum": 0, + "type": "number" + }, + "description": "" + }, + { + "name": "sortBy", + "required": false, + "in": "query", + "schema": { + "pattern": "/^[a-zA-z0-9_]+$/", + "type": "string" + }, + "description": "" + }, + { + "name": "sortDirection", + "required": false, + "in": "query", + "schema": { + "pattern": "/^(a|de)sc$/i", + "type": "string" + }, + "description": "" + }, + { + "name": "filter", + "required": false, + "in": "query", + "schema": { + "type": "string" + }, + "description": "" + }, + { + "name": "featureFlagId", + "required": false, + "in": "query", + "schema": { + "type": "string" + }, + "description": "" + }, + { + "name": "frontegg-tenant-id", + "in": "header", + "description": "The tenant ID identifier", + "required": true, + "schema": { + "type": "string" + } + } + ], + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ExportCSV" + } + } + } + }, + "responses": { + "200": { + "description": "" + } + }, + "tags": [ + "Main" + ] + } + }, + "/resources/metrics/v1": { + "get": { + "operationId": "MetricsController_getMetrics", + "summary": "Get metrics", + "description": "Get metrics", + "parameters": [ + { + "name": "from", + "required": false, + "in": "query", + "schema": { + "type": "number" + }, + "description": "" + }, + { + "name": "to", + "required": false, + "in": "query", + "schema": { + "type": "number" + }, + "description": "" + }, + { + "name": "limit", + "required": false, + "in": "query", + "schema": { + "type": "number" + }, + "description": "" + }, + { + "name": "frequency", + "required": false, + "in": "query", + "schema": { + "type": "number" + }, + "description": "" + } + ], + "responses": { + "200": { + "description": "", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/MetricsResponseDto" + } + } + } + } + }, + "tags": [ + "Metrics" + ] + } + } + }, + "info": { + "title": "Audits Overview", + "description": "", + "version": "" + }, + "servers": [ + { + "url": "https://api.frontegg.com/audits", + "description": "EU Region" + }, + { + "url": "https://api.us.frontegg.com/audits", + "description": "US Region" + }, + { + "url": "https://api.ca.frontegg.com/audits", + "description": "CA Region" + }, + { + "url": "https://api.au.frontegg.com/audits", + "description": "AU Region" + }, + { + "url": "https://{domain}.frontegg.com/audits", + "description": "Frontegg sub-domain for use with user tokens", + "variables": { + "domain": { + "default": "app-xxx" + } + } + } + ], + "components": { + "securitySchemes": { + "bearer": { + "scheme": "bearer", + "bearerFormat": "JWT", + "type": "http" + } + }, + "schemas": { + "AuditRequest": { + "type": "object", + "properties": { + "severity": { + "type": "string", + "enum": [ + "Info", + "Medium", + "High", + "Critical", + "Error" + ], + "description": "" + } + }, + "required": [ + "severity" + ] + }, + "Property": { + "type": "object", + "properties": { + "displayName": { + "type": "string", + "description": "" + }, + "name": { + "type": "string", + "description": "" + } + }, + "required": [ + "displayName", + "name" + ] + }, + "ExportCSV": { + "type": "object", + "properties": { + "properties": { + "type": "array", + "items": { + "$ref": "#/components/schemas/Property" + }, + "description": "" + } + }, + "required": [ + "properties" + ] + }, + "TopResources": { + "type": "object", + "properties": {} + }, + "TopTenants": { + "type": "object", + "properties": {} + }, + "MetricsResponseDto": { + "type": "object", + "properties": { + "topResources": { + "$ref": "#/components/schemas/TopResources", + "description": "" + }, + "topTenants": { + "$ref": "#/components/schemas/TopTenants", + "description": "" + }, + "auditsCounterByTime": { + "type": "object", + "description": "" + } + }, + "required": [ + "topResources", + "topTenants", + "auditsCounterByTime" + ] + } + } + }, + "security": [ + { + "bearer": [] + } + ], + "x-readme": { + "explorer-enabled": true, + "proxy-enabled": true + }, + "x-tagGroups": [ + { + "name": "Management", + "tags": [ + "Metrics" + ] + }, + { + "name": "Self-Service", + "tags": [ + "Main" + ] + } + ] +} \ No newline at end of file diff --git a/entitlements.json b/entitlements.json index 014eb58..cfe6025 100644 --- a/entitlements.json +++ b/entitlements.json @@ -1,11 +1,131 @@ { "openapi": "3.0.0", "paths": { + "/resources/plans/v1/tenant/{tenantId}": { + "get": { + "operationId": "PlansControllerV1_getTenantPlans", + "x-tag": "Plans (Formerly Bundles)", + "summary": "Get Tenant Plans", + "description": "Retrieve a paginated list of plans belongs to the tenant, with the abillity to search, order and filter by related entities", + "parameters": [ + { + "name": "tenantId", + "required": true, + "in": "path", + "schema": { + "type": "string" + }, + "description": "" + }, + { + "name": "offset", + "required": false, + "in": "query", + "description": "Page offset of the results to return", + "example": "0", + "schema": { + "default": 0, + "type": "number" + } + }, + { + "name": "limit", + "required": false, + "in": "query", + "description": "Number of results per page", + "example": "10", + "schema": { + "default": 10, + "type": "number" + } + }, + { + "name": "filter", + "required": false, + "in": "query", + "description": "Search input, searchable by `name`", + "example": "search-text", + "schema": { + "type": "string" + } + }, + { + "name": "orderBy", + "required": false, + "in": "query", + "description": "Field to order results by create date (`createdAt`) or expiration date (`expirationDate`)", + "example": "name", + "schema": { + "enum": [ + "name", + "createdAt" + ], + "type": "string" + } + }, + { + "name": "sortType", + "required": false, + "in": "query", + "description": "Sort type, ASC for ascending, DESC for descending", + "example": "DESC", + "schema": { + "enum": [ + "ASC", + "DESC" + ], + "type": "string" + } + }, + { + "name": "excludeNonEntitledPlans", + "required": false, + "in": "query", + "description": "Boolean value to include related entities in the response", + "schema": { + "type": "boolean" + } + } + ], + "responses": { + "200": { + "description": "", + "content": { + "application/json": { + "schema": { + "allOf": [ + { + "$ref": "#/components/schemas/PageDto" + }, + { + "properties": { + "items": { + "type": "array", + "items": { + "$ref": "#/components/schemas/PlanDto" + } + }, + "hasNext": { + "type": "boolean" + } + } + } + ] + } + } + } + } + }, + "tags": [ + "Plans (Formerly Bundles)" + ] + } + }, "/resources/plans/v1": { "get": { "operationId": "PlansControllerV1_getPlans", "x-tag": "Plans (Formerly Bundles)", - "summary": "Get Plan", + "summary": "Get Plans", "description": "Retrieve a paginated list of plans, with the abillity to search, order and filter by related entities", "parameters": [ { @@ -106,15 +226,6 @@ "type": "string" } } - }, - { - "name": "includeTenantEntitlements", - "required": false, - "in": "query", - "description": "The tenant id to get the related entitlements for", - "schema": { - "type": "string" - } } ], "responses": { @@ -196,7 +307,8 @@ "in": "path", "schema": { "type": "string" - } + }, + "description": "" } ], "responses": { @@ -227,7 +339,8 @@ "in": "path", "schema": { "type": "string" - } + }, + "description": "" } ], "requestBody": { @@ -268,7 +381,8 @@ "in": "path", "schema": { "type": "string" - } + }, + "description": "" } ], "responses": { @@ -294,7 +408,8 @@ "in": "path", "schema": { "type": "string" - } + }, + "description": "" }, { "name": "offset", @@ -446,7 +561,8 @@ "in": "path", "schema": { "type": "string" - } + }, + "description": "" } ], "requestBody": { @@ -482,7 +598,8 @@ "in": "path", "schema": { "type": "string" - } + }, + "description": "" } ], "requestBody": { @@ -511,6 +628,7 @@ "x-tag": "API Access Control", "summary": "Get Routes", "description": "Retrieve all routes", + "deprecated": true, "parameters": [], "responses": { "200": { @@ -577,7 +695,8 @@ "in": "path", "schema": { "type": "string" - } + }, + "description": "" } ], "responses": { @@ -608,7 +727,8 @@ "in": "path", "schema": { "type": "string" - } + }, + "description": "" } ], "responses": { @@ -632,7 +752,8 @@ "in": "path", "schema": { "type": "string" - } + }, + "description": "" } ], "requestBody": { @@ -662,23 +783,6 @@ ] } }, - "/resources/routes/v1/import-open-api": { - "post": { - "operationId": "RoutesControllerV1_importOpenApi", - "x-tag": "API Access Control", - "summary": "Import Open API", - "description": "Imports an Open API specifications in JSON format", - "parameters": [], - "responses": { - "200": { - "description": "" - } - }, - "tags": [ - "API Access Control" - ] - } - }, "/resources/routes/v1/{id}/rules": { "put": { "operationId": "RoutesControllerV1_replaceRules", @@ -692,7 +796,8 @@ "in": "path", "schema": { "type": "string" - } + }, + "description": "" } ], "requestBody": { @@ -970,7 +1075,8 @@ "in": "path", "schema": { "type": "string" - } + }, + "description": "" } ], "requestBody": { @@ -1004,7 +1110,8 @@ "in": "path", "schema": { "type": "string" - } + }, + "description": "" } ], "responses": { @@ -1064,7 +1171,8 @@ "in": "path", "schema": { "type": "string" - } + }, + "description": "" } ], "requestBody": { @@ -1382,7 +1490,8 @@ "in": "path", "schema": { "type": "string" - } + }, + "description": "" } ], "responses": { @@ -1413,7 +1522,8 @@ "in": "path", "schema": { "type": "string" - } + }, + "description": "" } ], "requestBody": { @@ -1454,7 +1564,8 @@ "in": "path", "schema": { "type": "string" - } + }, + "description": "" } ], "responses": { @@ -1467,6 +1578,22 @@ ] } }, + "/resources/entitlements/v2/dummy": { + "get": { + "operationId": "EntitlementsControllerV2_dummyFunction", + "parameters": [], + "responses": { + "200": { + "description": "" + } + }, + "tags": [ + "Entitlements" + ], + "description": "Dummy desc", + "summary": "Dummy summary" + } + }, "/resources/feature-flags/v1": { "get": { "operationId": "FeatureFlagsControllerV1_getFeatureFlags", @@ -1610,7 +1737,8 @@ "in": "path", "schema": { "type": "string" - } + }, + "description": "" } ], "responses": { @@ -1641,7 +1769,8 @@ "in": "path", "schema": { "type": "string" - } + }, + "description": "" } ], "requestBody": { @@ -1682,7 +1811,8 @@ "in": "path", "schema": { "type": "string" - } + }, + "description": "" } ], "responses": { @@ -1698,16 +1828,32 @@ }, "info": { "title": "Entitlements Service", - "description": "Description", - "version": "", - "contact": {} + "description": "", + "version": "" }, "servers": [ + { + "url": "https://api.frontegg.com/entitlements", + "description": "EU Region" + }, + { + "url": "https://api.us.frontegg.com/entitlements", + "description": "US Region" + }, + { + "url": "https://api.ca.frontegg.com/entitlements", + "description": "CA Region" + }, + { + "url": "https://api.au.frontegg.com/entitlements", + "description": "AU Region" + }, { "url": "https://{domain}.frontegg.com/entitlements", + "description": "Frontegg sub-domain for use with user tokens", "variables": { "domain": { - "default": "api" + "default": "app-xxx" } } } @@ -2089,12 +2235,14 @@ "id": { "type": "string", "readOnly": true, - "example": "b796239c-6641-4cf3-9ff3-658ad4049131" + "example": "b796239c-6641-4cf3-9ff3-658ad4049131", + "description": "" }, "routeId": { "type": "string", "readOnly": true, - "example": "b796239c-6641-4cf3-9ff3-658ad4049131" + "example": "b796239c-6641-4cf3-9ff3-658ad4049131", + "description": "" }, "type": { "type": "string", @@ -2103,12 +2251,14 @@ "enum": [ "feature", "permission" - ] + ], + "description": "" }, "value": { "type": "string", "readOnly": true, - "example": "my-feature-key" + "example": "my-feature-key", + "description": "" } }, "required": [ @@ -2124,7 +2274,8 @@ "id": { "type": "string", "readOnly": true, - "example": "b796239c-6641-4cf3-9ff3-658ad4049131" + "example": "b796239c-6641-4cf3-9ff3-658ad4049131", + "description": "" }, "method": { "type": "string", @@ -2137,22 +2288,26 @@ "PATCH", "DELETE", "*" - ] + ], + "description": "" }, "path": { "type": "string", "readOnly": true, - "example": "/users" + "example": "/users", + "description": "" }, "priority": { "type": "number", "readOnly": true, - "example": 100 + "example": 100, + "description": "" }, "description": { "type": "string", "readOnly": true, - "example": "This is an example route" + "example": "This is an example route", + "description": "" }, "policyType": { "type": "string", @@ -2162,14 +2317,16 @@ "allow", "deny", "ruleBased" - ] + ], + "description": "" }, "rules": { "readOnly": true, "type": "array", "items": { "$ref": "#/components/schemas/RouteRuleDto" - } + }, + "description": "" } }, "required": [ @@ -2314,12 +2471,14 @@ "id": { "type": "string", "readOnly": true, - "example": "b796239c-6641-4cf3-9ff3-658ad4049131" + "example": "b796239c-6641-4cf3-9ff3-658ad4049131", + "description": "" }, "vendorId": { "type": "string", "readOnly": true, - "example": "b796239c-6641-4cf3-9ff3-658ad4049131" + "example": "b796239c-6641-4cf3-9ff3-658ad4049131", + "description": "" }, "accessControlMode": { "type": "string", @@ -2328,7 +2487,8 @@ "enum": [ "guard", "monitor" - ] + ], + "description": "" } }, "required": [ @@ -3061,21 +3221,5 @@ "bearer": [] } ], - "x-readme": { - "explorer-enabled": true, - "proxy-enabled": true - }, - "x-tagGroups": [ - { - "name": "Management", - "tags": [ - "Plans (Formerly Bundles)", - "API Access Control", - "API Access Control Configs", - "Features", - "Entitlements", - "Feature Flags" - ] - } - ] + "x-tagGroups": [] } \ No newline at end of file diff --git a/identity.json b/identity.json index bb9bc4d..d685f84 100644 --- a/identity.json +++ b/identity.json @@ -1,51 +1,57 @@ { "openapi": "3.0.0", "paths": { - "/resources/applications/v1/{appId}/users": { - "get": { - "operationId": "ApplicationsControllerV1_getUsersForApplication", - "summary": "Get users for application", - "description": "This route gets users for an application.", + "/resources/tenants/access-tokens/v1": { + "post": { + "operationId": "TenantAccessTokensV1Controller_createTenantAccessToken", + "summary": "Create tenant access token", "parameters": [ { - "name": "appId", + "name": "frontegg-tenant-id", + "in": "header", + "description": "The tenant ID identifier", "required": true, - "in": "path", "schema": { "type": "string" } } ], + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/CreateTenantAccessTokenRequest" + } + } + } + }, "responses": { - "200": { + "201": { "description": "", "content": { "application/json": { "schema": { - "type": "array", - "items": { - "type": "string" - } + "$ref": "#/components/schemas/TenantAccessTokenResponse" } } } } }, "tags": [ - "User management (multi-app)" - ] - } - }, - "/resources/applications/v1/{userId}/apps": { + "API (tenant) tokens" + ], + "description": "" + }, "get": { - "operationId": "ApplicationsControllerV1_getApplicationsForUser", - "summary": "Get applications for user", - "description": "This route gets applications for a user.", + "operationId": "TenantAccessTokensV1Controller_getTenantAccessTokens", + "summary": "Get tenant access tokens", "parameters": [ { - "name": "userId", + "name": "frontegg-tenant-id", + "in": "header", + "description": "The tenant ID identifier", "required": true, - "in": "path", "schema": { "type": "string" } @@ -57,121 +63,120 @@ "content": { "application/json": { "schema": { - "type": "array", - "items": { - "type": "string" - } + "$ref": "#/components/schemas/GetTenantAccessTokensResponse" } } } } }, "tags": [ - "User management (multi-app)" - ] + "API (tenant) tokens" + ], + "description": "" } }, - "/resources/applications/v1/users-apps": { - "get": { - "operationId": "ApplicationsControllerV1_getApplicationsForMultipleUsers", - "summary": "Get applications for multiple users", - "description": "This route gets applications for multiple users.", + "/resources/tenants/access-tokens/v1/{id}": { + "delete": { + "operationId": "TenantAccessTokensV1Controller_deleteTenantAccessToken", + "summary": "Delete tenant access token", "parameters": [ { - "name": "userIds", + "name": "frontegg-tenant-id", + "in": "header", + "description": "The tenant ID identifier", "required": true, - "in": "query", "schema": { - "type": "array", - "items": { - "type": "string" - } + "type": "string" } + }, + { + "name": "id", + "required": true, + "in": "path", + "schema": { + "type": "string" + }, + "description": "" } ], "responses": { "200": { - "description": "", - "content": { - "application/json": { - "schema": { - "type": "array", - "items": { - "$ref": "#/components/schemas/UserApplicationsResponseDto" - } - } - } - } + "description": "" } }, "tags": [ - "User management (multi-app)" - ] + "API (tenant) tokens" + ], + "description": "" } }, - "/resources/applications/v1/apps-users": { - "get": { - "operationId": "ApplicationsControllerV1_getUsersForMultipleApplications", - "summary": "Get users for multiple applications", - "description": "This route gets users for multiple applications.", + "/resources/tenants/api-tokens/v1": { + "post": { + "operationId": "TenantApiTokensV1Controller_createTenantApiToken", + "summary": "Create client credentials token", + "description": "Do not use. Instead, use v2 of this route.", + "deprecated": true, "parameters": [ { - "name": "appIds", + "name": "frontegg-tenant-id", + "in": "header", + "description": "The tenant ID identifier", "required": true, - "in": "query", "schema": { - "type": "array", - "items": { - "type": "string" - } + "type": "string" } } ], + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/CreateTenantApiTokenDto" + } + } + } + }, "responses": { - "200": { + "201": { "description": "", "content": { "application/json": { "schema": { - "type": "array", - "items": { - "$ref": "#/components/schemas/ApplicationUsersResponseDto" - } + "$ref": "#/components/schemas/CreateTenantApiTokenResponseDto" } } } } }, "tags": [ - "User management (multi-app)" + "API (tenant) tokens" ] - } - }, - "/resources/applications/v1": { - "post": { - "operationId": "ApplicationsControllerV1_assignUsersToApplication", - "summary": "Assign users to application", - "description": "This route assigns users to an application.", - "parameters": [], - "requestBody": { - "required": true, - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/AssignUsersToAppRequestDto" - } + }, + "get": { + "operationId": "TenantApiTokensV1Controller_getTenantsApiTokens", + "summary": "Get client credentials tokens", + "description": "This route gets all API tokens for a specific tenant. Send the tenant’s ID in the **`frontegg-tenant-id`** header.", + "parameters": [ + { + "name": "frontegg-tenant-id", + "in": "header", + "description": "The tenant ID identifier", + "required": true, + "schema": { + "type": "string" } } - }, + ], "responses": { - "201": { + "200": { "description": "", "content": { "application/json": { "schema": { "type": "array", "items": { - "$ref": "#/components/schemas/ApplicationUserTenantsResponseDto" + "$ref": "#/components/schemas/GetTenantApiTokensResponse" } } } @@ -179,137 +184,105 @@ } }, "tags": [ - "User management (multi-app)" + "API (tenant) tokens" ] - }, + } + }, + "/resources/tenants/api-tokens/v1/{id}": { "delete": { - "operationId": "ApplicationsControllerV1_unassignUsersFromApplication", - "summary": "Unassign users from application", - "description": "This route unassigns users from an application.", - "parameters": [], - "requestBody": { - "required": true, - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/UnassignUsersFromAppRequestDto" - } + "operationId": "TenantApiTokensV1Controller_deleteTenantApiToken", + "summary": "Delete client credentials token", + "description": "This route deletes a tenant API token. Send the token ID as the path param. Send the tenant’s ID in the **`frontegg-tenant-id`** header.", + "parameters": [ + { + "name": "id", + "required": true, + "in": "path", + "schema": { + "type": "string" + }, + "description": "" + }, + { + "name": "frontegg-tenant-id", + "in": "header", + "description": "The tenant ID identifier", + "required": true, + "schema": { + "type": "string" } } - }, + ], "responses": { "200": { "description": "" } }, "tags": [ - "User management (multi-app)" + "API (tenant) tokens" ] - } - }, - "/resources/applications/v1/apps-user": { - "post": { - "operationId": "ApplicationsControllerV1_assignUserToMultipleApplications", - "summary": "Assign user to multiple applications", - "description": "This route assigns user to multiple applications.", - "parameters": [], + }, + "patch": { + "operationId": "TenantApiTokensV1Controller_updateTenantApiToken", + "summary": "Update client credentials token", + "description": "This route updates a tenant API token. Send the tenant’s ID in the **`frontegg-tenant-id`** header. Optionally, send as POST body params values for description, roles, and permissions for the token.", + "parameters": [ + { + "name": "id", + "required": true, + "in": "path", + "schema": { + "type": "string" + }, + "description": "" + }, + { + "name": "frontegg-tenant-id", + "in": "header", + "description": "The tenant ID identifier", + "required": true, + "schema": { + "type": "string" + } + } + ], "requestBody": { "required": true, "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/AssignUserToMultipleApplicationsRequestDto" + "$ref": "#/components/schemas/UpdateApiTokenDto" } } } }, "responses": { - "201": { + "200": { "description": "", "content": { "application/json": { "schema": { - "type": "array", - "items": { - "$ref": "#/components/schemas/ApplicationUserTenantsResponseDto" - } + "$ref": "#/components/schemas/UpdateTenantApiTokenResponseDto" } } } } }, "tags": [ - "User management (multi-app)" - ] - } - }, - "/resources/applications/v1/user-apps": { - "delete": { - "operationId": "ApplicationsControllerV1_unassignUserFromMultipleApplications", - "summary": "Unassign user from multiple applications", - "description": "This route unassigns user from multiple applications.", - "parameters": [], - "requestBody": { - "required": true, - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/UnassignUserFromMultipleAppsRequestDto" - } - } - } - }, - "responses": { - "200": { - "description": "" - } - }, - "tags": [ - "User management (multi-app)" + "API (tenant) tokens" ] } }, - "/resources/applications/user-tenants/active/v1": { - "get": { - "operationId": "ApplicationsActiveUserTenantsControllerV1_getUserApplicationActiveTenants", - "summary": "Get user active tenants in applications", - "description": "This route gets the active user tenants for an application.", - "parameters": [ - { - "name": "frontegg-user-id", - "in": "header", - "description": "The user ID identifier", - "required": true, - "schema": { - "type": "string" - } - } - ], - "responses": { - "200": { - "description": "", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/UserApplicationActiveTenantsResponseDto" - } - } - } - } - }, - "tags": [ - "User management (multi-app)" - ] - }, - "put": { - "operationId": "ApplicationsActiveUserTenantsControllerV1_switchUserApplicationActiveTenant", - "summary": "Switch users active tenant in applications", - "description": "This route updates the active user tenants for an application.", + "/resources/tenants/api-tokens/v2": { + "post": { + "operationId": "TenantApiTokensV2Controller_createTenantApiToken", + "summary": "Create client credentials token", + "description": "This route creates a tenant API token. Send the tenant’s ID in the **`frontegg-tenant-id`** header. Optionally, send as POST body params values for metadata, description, roles, and permissions for the token.

You can get roles & permissions via API", "parameters": [ { - "name": "frontegg-user-id", + "name": "frontegg-tenant-id", "in": "header", - "description": "The user ID identifier", + "description": "The tenant ID identifier", "required": true, "schema": { "type": "string" @@ -321,18 +294,25 @@ "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/SwitchApplicationActiveUserTenantsRequestDto" + "$ref": "#/components/schemas/CreateTenantApiTokenDto" } } } }, "responses": { - "200": { - "description": "" + "201": { + "description": "", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/CreateTenantApiTokenResponseDto" + } + } + } } }, "tags": [ - "User management (multi-app)" + "API (tenant) tokens" ] } }, @@ -402,59 +382,66 @@ ] } }, - "/resources/auth/v1/user": { - "post": { - "operationId": "AuthenticatioAuthenticationControllerV1_authenticateLocalUser", - "summary": "Authenticate user with password", - "description": "This route authenticates a local user using email and password. Send the **`frontegg-vendor-host`** as a header to declare which vendor. This is your domain name in the Frontegg Portal ➜ Workspace Settings ➜ Domains ➜ Domain Name. Optionally, send login information for the user as POST body params. Include the invitation token if the user is signing up by invitation. Send the recaptcha token if the recaptcha is enabled for login.", + "/resources/tenants/invites/v1/user": { + "get": { + "operationId": "TenantInvitesController_getTenantInviteForUser", + "summary": "Get tenant invite of user", + "description": "This route gets an invitation for a specific user to join a tenant. Send the user’s ID in the **`frontegg-user-id`** header and the tenant’s ID in the **`frontegg-tenant-id`** header.", "parameters": [ { - "name": "frontegg-vendor-host", + "name": "frontegg-user-id", "in": "header", - "description": "The vendor host domain", - "required": false, + "description": "The user ID identifier", + "required": true, "schema": { "type": "string" } - } - ], - "requestBody": { - "required": true, - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/AuthenticateUserPasswordDto" - } + }, + { + "name": "frontegg-tenant-id", + "in": "header", + "description": "The tenant ID identifier", + "required": true, + "schema": { + "type": "string" } } - }, + ], "responses": { "200": { "description": "", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/AuthenticationResponseDto" + "$ref": "#/components/schemas/InviteTokenDto" } } } } }, "tags": [ - "General" + "Account invitations" ] - } - }, - "/resources/auth/v1/user/token/refresh": { + }, "post": { - "operationId": "AuthenticatioAuthenticationControllerV1_refreshToken", - "summary": "Refresh user JWT token ", - "description": "This route refreshes a JWT based on the refresh token expiration time. If the refresh token is valid, the route returns a new JWT and refresh token. Please note that the route expects the refresh cookie of the logged in user as well. Send the **`frontegg-vendor-host`** as a header to declare which vendor. This is your domain name in the Frontegg Portal ➜ Workspace Settings ➜ Domains ➜ Domain Name. Configure your JWT settings in the Frontegg Portal.", + "operationId": "TenantInvitesController_createTenantInviteForUser", + "summary": "Create tenant invite for user", + "description": "This route creates an invitation for a specific user to join a tenant. Send the user’s ID in the **`frontegg-user-id`** header and the tenant’s ID in the **`frontegg-tenant-id`** header. To create a general invitation, use the general invitation route.", "parameters": [ { - "name": "frontegg-vendor-host", + "name": "frontegg-user-id", + "in": "header", + "description": "The user ID identifier", "required": true, + "schema": { + "type": "string" + } + }, + { + "name": "frontegg-tenant-id", "in": "header", + "description": "The tenant ID identifier", + "required": true, "schema": { "type": "string" } @@ -465,7 +452,7 @@ "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/RefreshTokenDto" + "$ref": "#/components/schemas/CreateInviteTokenRequestForUser" } } } @@ -476,74 +463,53 @@ "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/AuthenticationResponseDto" + "$ref": "#/components/schemas/InviteTokenDto" } } } } }, "tags": [ - "General" + "Account invitations" ] - } - }, - "/resources/auth/v1/logout": { - "post": { - "operationId": "AuthenticatioAuthenticationControllerV1_logout", - "summary": "Logout user", - "description": "This route logs out a user using the refresh token that is passed as a cookie. Send the **`frontegg-vendor-host`** as a header to declare which vendor. This route is designed for Frontegg embedded login or integrations that use only Frontegg APIs", + }, + "delete": { + "operationId": "TenantInvitesController_deleteTenantInviteForUser", + "summary": "Delete tenant invite of user", + "description": "This route deletes an invitation for a specific user to join a tenant. Send the user’s ID in the **`frontegg-user-id`** header and the tenant’s ID in the **`frontegg-tenant-id`** header. To delete a general invitation, use the general invitation route.", "parameters": [ { - "name": "frontegg-vendor-host", + "name": "frontegg-user-id", + "in": "header", + "description": "The user ID identifier", "required": true, + "schema": { + "type": "string" + } + }, + { + "name": "frontegg-tenant-id", "in": "header", + "description": "The tenant ID identifier", + "required": true, "schema": { "type": "string" } } ], - "responses": { - "201": { - "description": "" - } - }, - "tags": [ - "General" - ] - } - }, - "/resources/auth/v1/user/mfa/recover": { - "post": { - "operationId": "AuthenticationMFAControllerV1_recoverMfa", - "summary": "Recover MFA", - "description": "This route recovers MFA for a non logged-in user. Send the user’s email and a recovery code as params in the POST body. The recovery code comes from the MFA authenticator app when you set up MFA.", - "parameters": [], - "requestBody": { - "required": true, - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/RecoverMfaDto" - } - } - } - }, "responses": { "200": { "description": "" } }, "tags": [ - "MFA" + "Account invitations" ] - } - }, - "/resources/users/v1/mfa/disable": { - "post": { - "operationId": "UsersMfaControllerV1_disableAuthAppMfa", - "summary": "Disable authenticator app MFA", - "description": "This route disables MFA enrollment for a logged-in user for a specific tenant. Send the **`frontegg-user-id`** header to declare which user. The MFA token should be obtained from the authenticator app. A vendor token is required for this route, it can be obtained from the vendor authentication route.", - "deprecated": true, + }, + "patch": { + "operationId": "TenantInvitesController_updateTenantInviteForUser", + "summary": "Update tenant invite of user", + "description": "This route updates an invitation for a specific user to join a tenant. In order to set up a specific expiration time, use the expiresInMinutes to declare when the invite is being invalidated. The shouldSendEmail boolean declares wether an invitation email will be sent or not. Send the user’s ID in the **`frontegg-user-id`** header and the tenant’s ID in the **`frontegg-tenant-id`** header. A vendor token is required for this route, it can be obtained from the vendor authentication route.", "parameters": [ { "name": "frontegg-user-id", @@ -553,6 +519,15 @@ "schema": { "type": "string" } + }, + { + "name": "frontegg-tenant-id", + "in": "header", + "description": "The tenant ID identifier", + "required": true, + "schema": { + "type": "string" + } } ], "requestBody": { @@ -560,652 +535,365 @@ "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/DisableMFAAuthAppRequest" + "$ref": "#/components/schemas/UpdateInviteTokenRequest" } } } }, "responses": { "200": { - "description": "" + "description": "", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/InviteTokenDto" + } + } + } } }, "tags": [ - "MFA" + "Account invitations" ] } }, - "/resources/users/v1/mfa/authenticator/{deviceId}/disable/verify": { + "/resources/tenants/invites/v1/verify": { "post": { - "operationId": "UsersMfaControllerV1_disableAuthenticatorMfa", - "summary": "Disable authenticator app MFA", - "description": "This route disables MFA enrollment for a logged-in user for a specific tenant. Send the **`frontegg-user-id`** header to declare which user. The MFA token should be obtained from the authenticator app. A vendor token is required for this route, it can be obtained from the vendor authentication route.", - "parameters": [ - { - "name": "deviceId", - "required": true, - "in": "path", - "schema": { - "type": "string" - } - }, - { - "name": "frontegg-user-id", - "in": "header", - "description": "The user ID identifier", - "required": true, - "schema": { - "type": "string" - } - } - ], + "operationId": "TenantInvitesController_verifyTenantInvite", + "summary": "Verify tenant invite", + "description": "This route verifies a tenant invitation. Pass the invitation token as the token param. A vendor token is required for this route, it can be obtained from the vendor authentication route.", + "parameters": [], "requestBody": { "required": true, "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/DisableMFAAuthAppRequest" + "$ref": "#/components/schemas/VerifyInviteTokenRequest" } } } }, "responses": { "200": { - "description": "" + "description": "", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/InviteTokenDto" + } + } + } } }, "tags": [ - "MFA" + "Account invitations" ] } }, - "/resources/users/v1/mfa/sms/{deviceId}/disable": { - "post": { - "operationId": "UsersMfaControllerV1_preDisableSMSMfa", - "summary": "Pre-disable SMS MFA", - "parameters": [ - { - "name": "deviceId", - "required": true, - "in": "path", - "schema": { - "type": "string" - } - }, - { - "name": "frontegg-user-id", - "in": "header", - "description": "The user ID identifier", - "required": true, - "schema": { - "type": "string" - } - }, - { - "name": "frontegg-tenant-id", - "in": "header", - "description": "The tenant ID identifier", - "required": true, - "schema": { - "type": "string" + "/resources/tenants/invites/v1/configuration": { + "get": { + "operationId": "getInvitationConfiguration", + "summary": "Get tenant invite configuration", + "description": "This route checks if the vendor allows tenant invitations and if notifications are active. A vendor token is required for this route, it can be obtained from the vendor authentication route.", + "parameters": [], + "responses": { + "200": { + "description": "", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/InvitationConfigurationResponse" + } + } } } - ], + }, + "tags": [ + "Account invitations" + ] + } + }, + "/resources/tenants/invites/v1": { + "post": { + "operationId": "TenantInvitesController_createTenantInvite", + "summary": "Create tenant invite", + "description": "This route creates a general invitation token. To create an invitation token for a specific tenant, send the tenant’s ID in the request’s body. To create an invitation token for a specific user of a tenant, you can add the user ID on the body params. If a user ID was provided, you can decide wether to send an email to the user or not via the shouldSendEmail param. In order to set up a specific expiration time, use the expiresInMinutes to declare when the invite is being invalidated. A vendor token is required for this route, it can be obtained from the vendor authentication route.", + "parameters": [], "requestBody": { "required": true, "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/RequestDisableMFARequest" + "$ref": "#/components/schemas/CreateInviteTokenRequest" + } + } + } + }, + "responses": { + "201": { + "description": "", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/InviteTokenDto" + } } } } }, + "tags": [ + "Account invitations settings" + ] + } + }, + "/resources/tenants/invites/v1/all": { + "get": { + "operationId": "TenantInvitesController_getAllInvites", + "summary": "Get all tenant invites", + "description": "This route gets all invitations for all tenants. A vendor token is required for this route, it can be obtained from the vendor authentication route.", + "parameters": [], "responses": { "200": { "description": "", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/RequestDisableMFASMSResponse" + "type": "array", + "items": { + "$ref": "#/components/schemas/InviteTokenDto" + } } } } } }, "tags": [ - "MFA" + "Account invitations settings" ] } }, - "/resources/users/v1/mfa/sms/{deviceId}/disable/verify": { - "post": { - "operationId": "UsersMfaControllerV1_disableSMSMfa", - "summary": "Disable SMS MFA", + "/resources/tenants/invites/v1/token/{id}": { + "delete": { + "operationId": "TenantInvitesController_deleteTenantInvite", + "summary": "Delete a tenant invite", + "description": "This route deletes an invitation to join a tenant using the invitation ID. You can find it via the Get all tenant invites API. Send the invitation ID as a path param - you can get if via the **Get all tenant invites** API. A vendor token is required for this route, it can be obtained from the vendor authentication route.", "parameters": [ { - "name": "deviceId", + "name": "id", "required": true, "in": "path", "schema": { "type": "string" - } - }, - { - "name": "frontegg-user-id", - "in": "header", - "description": "The user ID identifier", - "required": true, - "schema": { - "type": "string" - } + }, + "description": "" } ], - "requestBody": { - "required": true, - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/DisableMFASMSRequest" - } - } - } - }, "responses": { "200": { "description": "" } }, "tags": [ - "MFA" + "Account invitations settings" ] } }, - "/resources/auth/v1/user/mfa/verify": { - "post": { - "operationId": "AuthenticationMFAControllerV1_verifyAuthenticatorMfaCode", - "summary": "Verify MFA using code from authenticator app", - "description": "This route verifies the MFA code from an authenticator app. Send the **`frontegg-vendor-host`** as a header. This is your domain name in the Frontegg Portal ➜ Workspace Settings ➜ Domains ➜ Domain Name. Send information required for MFA in the POST body. The `value` is the service name from your Authentication Settings in the Frontegg Portal. The MFA token is from the authenticator app.", - "deprecated": true, + "/resources/configurations/v1/activation/strategies": { + "get": { + "operationId": "ActivationStrategyControllerV1_getActivationStrategy", + "summary": "Get activation strategies", "parameters": [], - "requestBody": { - "required": true, - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/VerifyMFAAuthAppRequest" + "responses": { + "200": { + "description": "", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ActivationStrategyResponse" + } } } } }, - "responses": { - "201": { - "description": "" - } - }, "tags": [ - "MFA" - ] - } - }, - "/resources/auth/v1/user/mfa/emailcode": { + "Account invitations settings" + ], + "description": "" + }, "post": { - "operationId": "AuthenticationMFAControllerV1_preVerifyEmailOtcMfa", - "summary": "Request verify MFA using email code", + "operationId": "ActivationStrategyControllerV1_createOrUpdateActivationStrategy", + "summary": "Create or update activation strategy", "parameters": [], "requestBody": { "required": true, "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/AuthRequestVerifyMfaRequest" + "$ref": "#/components/schemas/CreateOrUpdateActivationStrategyRequest" } } } }, "responses": { - "201": { + "200": { "description": "" } }, "tags": [ - "MFA" - ] + "Account invitations settings" + ], + "description": "" } }, - "/resources/auth/v1/user/mfa/emailcode/verify": { - "post": { - "operationId": "AuthenticationMFAControllerV1_verifyEmailOtcMfa", - "summary": "Verify MFA using email code", + "/resources/configurations/v1/invitation/strategies": { + "get": { + "operationId": "InvitationStrategyControllerV1_getInvitationStrategy", + "summary": "Get invitation strategies", "parameters": [], - "requestBody": { - "required": true, - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/VerifyMFAEmailOTCRequest" + "responses": { + "200": { + "description": "", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/InvitationStrategyResponse" + } } } } }, - "responses": { - "201": { - "description": "" - } - }, "tags": [ - "MFA" - ] - } - }, - "/resources/auth/v1/user/mfa/authenticator/enroll": { + "Account invitations settings" + ], + "description": "" + }, "post": { - "operationId": "AuthenticationMFAControllerV1_preEnrollAuthenticatorMfa", - "summary": "Pre enroll MFA using Authenticator App", + "operationId": "InvitationStrategyControllerV1_createOrUpdateInvitationStrategy", + "summary": "Create or update invitation strategy", "parameters": [], "requestBody": { "required": true, "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/AuthRequestEnrollMFARequest" + "$ref": "#/components/schemas/CreateOrUpdateInvitationStrategyRequest" } } } }, "responses": { - "201": { + "200": { "description": "" } }, "tags": [ - "MFA" - ] + "Account invitations settings" + ], + "description": "" } }, - "/resources/auth/v1/user/mfa/authenticator/enroll/verify": { - "post": { - "operationId": "AuthenticationMFAControllerV1_enrollAuthenticatorMfa", - "summary": "Enroll MFA using Authenticator App", - "parameters": [], - "requestBody": { - "required": true, - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/VerifyEnrollMFAAuthAppRequest" - } - } - } - }, - "responses": { - "201": { - "description": "" - } - }, - "tags": [ - "MFA" - ] - } - }, - "/resources/auth/v1/user/mfa/authenticator/{deviceId}/verify": { - "post": { - "operationId": "AuthenticationMFAControllerV1_verifyAuthenticatorMfa", - "summary": "Verify MFA using authenticator app", - "description": "This route verifies MFA as part of the authentication process. Send the **`frontegg-vendor-host`** as a header. This is your domain name in the Frontegg Portal ➜ Workspace Settings ➜ Domains ➜ Domain Name. Send information required for MFA in the POST body. The `value` is the service name from your Authentication Settings in the Frontegg Portal. The MFA token is from the authenticator app.", - "parameters": [ - { - "name": "deviceId", - "required": true, - "in": "path", - "schema": { - "type": "string" - } - } - ], - "requestBody": { - "required": true, - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/VerifyMFAAuthAppRequest" - } - } - } - }, - "responses": { - "201": { - "description": "" - } - }, - "tags": [ - "MFA" - ] - } - }, - "/resources/auth/v1/user/mfa/sms/enroll": { - "post": { - "operationId": "AuthenticationMFAControllerV1_preEnrollSmsMfa", - "summary": "Pre-enroll MFA using sms", - "parameters": [], - "requestBody": { - "required": true, - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/RequestEnrollMFASMSRequest" - } - } - } - }, - "responses": { - "201": { - "description": "" - } - }, - "tags": [ - "MFA" - ] - } - }, - "/resources/auth/v1/user/mfa/sms/enroll/verify": { - "post": { - "operationId": "AuthenticationMFAControllerV1_enrollSmsMfa", - "summary": "Enroll MFA using sms", - "parameters": [], - "requestBody": { - "required": true, - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/VerifyEnrollMFASMSRequest" - } - } - } - }, - "responses": { - "201": { - "description": "" - } - }, - "tags": [ - "MFA" - ] - } - }, - "/resources/auth/v1/user/mfa/sms/{deviceId}": { - "post": { - "operationId": "AuthenticationMFAControllerV1_preVerifySmsMfa", - "summary": "Request to verify MFA using sms", + "/resources/roles/v2": { + "get": { + "operationId": "PermissionsControllerV2_getAllRoles", + "summary": "Get roles v2", + "description": "This route returns all roles for vendor. Each role is an object containing the name, permissions, and other defining information.", "parameters": [ { - "name": "deviceId", - "required": true, - "in": "path", + "name": "_limit", + "required": false, + "in": "query", "schema": { - "type": "string" - } - } - ], - "requestBody": { - "required": true, - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/AuthRequestVerifyMfaRequest" - } - } - } - }, - "responses": { - "201": { + "minimum": 1, + "maximum": 2000, + "default": 50, + "type": "number" + }, "description": "" - } - }, - "tags": [ - "MFA" - ] - } - }, - "/resources/auth/v1/user/mfa/sms/{deviceId}/verify": { - "post": { - "operationId": "AuthenticationMFAControllerV1_verifySmsMfa", - "summary": "Verify MFA using sms", - "parameters": [ + }, { - "name": "deviceId", + "name": "_sortBy", "required": true, - "in": "path", + "in": "query", "schema": { + "enum": [ + "key", + "name", + "description", + "isDefault", + "firstUserRole", + "level", + "updatedAt", + "createdAt", + "permissions", + "userTenants", + "groups" + ], "type": "string" - } - } - ], - "requestBody": { - "required": true, - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/VerifyMFASMSRequest" - } - } - } - }, - "responses": { - "201": { - "description": "" - } - }, - "tags": [ - "MFA" - ] - } - }, - "/resources/auth/v1/user/mfa/webauthn/enroll": { - "post": { - "operationId": "AuthenticationMFAControllerV1_preEnrollWebauthnMfa", - "summary": "Pre enroll MFA using WebAuthN", - "parameters": [], - "requestBody": { - "required": true, - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/AuthRequestEnrollMFARequest" - } - } - } - }, - "responses": { - "201": { + }, "description": "" - } - }, - "tags": [ - "MFA" - ] - } - }, - "/resources/auth/v1/user/mfa/webauthn/enroll/verify": { - "post": { - "operationId": "AuthenticationMFAControllerV1_enrollWebauthnMfa", - "summary": "Enroll MFA using WebAuthN", - "parameters": [], - "requestBody": { - "required": true, - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/VerifyEnrollMFAWebAuthnRequest" - } - } - } - }, - "responses": { - "201": { - "description": "" - } - }, - "tags": [ - "MFA" - ] - } - }, - "/resources/auth/v1/user/mfa/webauthn/{deviceId}": { - "post": { - "operationId": "AuthenticationMFAControllerV1_preVerifyWebauthnMfa", - "summary": "Request verify MFA using WebAuthN", - "parameters": [ + }, { - "name": "deviceId", - "required": true, - "in": "path", + "name": "_levels", + "required": false, + "in": "query", "schema": { - "type": "string" - } - } - ], - "requestBody": { - "required": true, - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/AuthRequestVerifyMfaRequest" + "type": "array", + "items": { + "type": "number" } - } - } - }, - "responses": { - "201": { + }, "description": "" - } - }, - "tags": [ - "MFA" - ] - } - }, - "/resources/auth/v1/user/mfa/webauthn/{deviceId}/verify": { - "post": { - "operationId": "AuthenticationMFAControllerV1_verifyWebauthnMfa", - "summary": "Verify MFA using webauthn", - "parameters": [ + }, { - "name": "deviceId", - "required": true, - "in": "path", + "name": "_tenantIds", + "required": false, + "in": "query", "schema": { - "type": "string" - } - } - ], - "requestBody": { - "required": true, - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/VerifyMFAWebAuthnRequest" + "type": "array", + "items": { + "type": "string" } - } - } - }, - "responses": { - "201": { + }, "description": "" - } - }, - "tags": [ - "MFA" - ] - } - }, - "/resources/configurations/v1/mfa-policy/allow-remember-device": { - "get": { - "operationId": "SecurityPolicyController_checkIfAllowToRememberDevice", - "summary": "Check if remember device allowed", - "description": "This route checks if remember device is allowed for all tenants. To check if remember device is allowed for a specific tenant, send the tenant’s ID in the **`frontegg-tenant-id`** header. Get the mfa token from the authenticator app and send it as a query params.", - "parameters": [ - { - "name": "frontegg-tenant-id", - "in": "header", - "description": "The tenant ID identifier", - "required": false, - "schema": { - "type": "string" - } }, { - "name": "mfaToken", - "required": true, + "name": "_offset", + "required": false, "in": "query", - "description": "MFA token from the response body of the first factor authentication", - "schema": { - "type": "string" - } - } - ], - "responses": { - "200": { - "description": "", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/CheckAllowRememberResponse" - } - } - } - } - }, - "tags": [ - "MFA" - ] - } - }, - "/resources/users/v1/mfa/enroll": { - "post": { - "operationId": "UsersMfaControllerV1_enrollAuthAppMfa", - "summary": "Enroll authenticator app MFA", - "description": "This route enrolls MFA for a logged-in user for a specific tenant. Send the **`frontegg-user-id`** header to declare which user. A vendor token is required for this route, it can be obtained from the vendor authentication route.", - "deprecated": true, - "parameters": [ - { - "name": "frontegg-user-id", - "in": "header", - "description": "The user ID identifier", - "required": true, - "schema": { - "type": "string" - } - } - ], - "responses": { - "200": { - "description": "", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/RequestEnrollAuthenticatorAppMfaResponse" - } - } - } - } - }, - "tags": [ - "MFA" - ] - } - }, - "/resources/users/v1/mfa/authenticator/enroll": { - "post": { - "operationId": "UsersMfaControllerV1_enrollAuthenticatorMfa", - "summary": "Enroll authenticator app MFA", - "description": "This route enrolls MFA for a logged-in user for a specific tenant. Send the **`frontegg-user-id`** header to declare which user. A vendor token is required for this route, it can be obtained from the vendor authentication route.", - "parameters": [ + "schema": { + "minimum": 0, + "default": 0, + "type": "number" + }, + "description": "" + }, { - "name": "frontegg-user-id", + "name": "_order", + "required": false, + "in": "query", + "schema": { + "enum": [ + "ASC", + "DESC" + ], + "type": "string" + }, + "description": "" + }, + { + "name": "_filter", + "required": false, + "in": "query", + "schema": { + "type": "string" + }, + "description": "" + }, + { + "name": "frontegg-tenant-id", "in": "header", - "description": "The user ID identifier", - "required": true, + "description": "For relating a role to a specific tenant, use `get tenants` API to find the tenant ids", + "required": false, "schema": { "type": "string" } @@ -1217,29 +905,26 @@ "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/RequestEnrollAuthenticatorAppMfaResponse" + "$ref": "#/components/schemas/RoleResponse" } } } } }, "tags": [ - "MFA" + "Account roles" ] - } - }, - "/resources/users/v1/mfa/enroll/verify": { + }, "post": { - "operationId": "UsersMfaControllerV1_verifyAuthAppMfaEnrollment", - "summary": "Verify authenticator app MFA enrollment", - "description": "This route verifies MFA enrollment using a QR code. Send the **`frontegg-user-id`** header to declare which user. Send information required for MFA in the POST body. The MFA token should be obtained from the authenticator app after scanning the QR code received . A vendor token is required for this route, it can be obtained from the vendor authentication route.", - "deprecated": true, + "operationId": "RolesControllerV2_addRole", + "summary": "Create a new role", + "description": "This route adds a new role for a specific tenant. Send the tenant ID in the **`frontegg-tenant-id`** header. Add the required permissions within the request body to customize the role.", "parameters": [ { - "name": "frontegg-user-id", + "name": "frontegg-tenant-id", "in": "header", - "description": "The user ID identifier", - "required": true, + "description": "For relating a role to a specific tenant, use `get tenants` API to find the tenant ids", + "required": false, "schema": { "type": "string" } @@ -1250,7 +935,7 @@ "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/VerifyEnrollMFAUserAuthAppRequest" + "$ref": "#/components/schemas/AddRoleWithPermissionsRequest" } } } @@ -1261,142 +946,135 @@ "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/VerifyEnrollMFAResponse" + "$ref": "#/components/schemas/AddRoleWithPermissionsResponse" } } } } }, "tags": [ - "MFA" + "Account roles" ] } }, - "/resources/users/v1/mfa/authenticator/enroll/verify": { - "post": { - "operationId": "UsersMfaControllerV1_verifyAuthenticatorMfaEnrollment", - "summary": "Verify authenticator app MFA enrollment", - "description": "This route verifies MFA enrollment using a QR code. Send the **`frontegg-user-id`** header to declare which user. Send information required for MFA in the POST body. The MFA token should be obtained from the authenticator app after scanning the QR code received . A vendor token is required for this route, it can be obtained from the vendor authentication route.", + "/resources/roles/v2/distinct-levels": { + "get": { + "operationId": "RolesControllerV2_getDistinctLevels", + "summary": "Get distinct levels of roles", + "description": "This route returns all levels from roles for vendor.", "parameters": [ { - "name": "frontegg-user-id", + "name": "frontegg-tenant-id", "in": "header", - "description": "The user ID identifier", - "required": true, + "description": "For relating a role to a specific tenant, use `get tenants` API to find the tenant ids", + "required": false, "schema": { "type": "string" } } ], - "requestBody": { - "required": true, - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/VerifyEnrollMFAUserAuthAppRequest" - } - } - } - }, "responses": { "200": { - "description": "", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/VerifyEnrollMFAResponse" - } - } - } + "description": "" } }, "tags": [ - "MFA" + "Account roles" ] } }, - "/resources/users/v1/mfa/sms/enroll": { - "post": { - "operationId": "UsersMfaControllerV1_preEnrollSmsMfa", - "summary": "Enroll SMS MFA", + "/resources/roles/v2/distinct-tenants": { + "get": { + "operationId": "RolesControllerV2_getDistinctTenants", + "summary": "Get distinct assigned tenants of roles", + "description": "This route returns all assigned tenant ids from roles for vendor.", "parameters": [ { - "name": "frontegg-user-id", + "name": "frontegg-tenant-id", "in": "header", - "description": "The user ID identifier", - "required": true, + "description": "For relating a role to a specific tenant, use `get tenants` API to find the tenant ids", + "required": false, "schema": { "type": "string" } } ], - "requestBody": { - "required": true, - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/RequestEnrollMFASMSRequest" - } - } - } - }, "responses": { "200": { "description": "" } }, "tags": [ - "MFA" + "Account roles" ] } }, - "/resources/users/v1/mfa/sms/enroll/verify": { + "/resources/configurations/v1": { "post": { - "operationId": "UsersMfaControllerV1_enrollSmsMfa", - "summary": "Verify MFA enrollment", - "parameters": [ - { - "name": "frontegg-user-id", - "in": "header", - "description": "The user ID identifier", - "required": true, - "schema": { - "type": "string" - } - } - ], + "operationId": "VendorConfigController_addOrUpdateConfig", + "summary": "Update identity management configuration", + "description": "This route updates the identity management configuration for a vendor. Send values in the POST body for params that you want to add or update. See the dropdown for available values for each param.", + "parameters": [], "requestBody": { "required": true, "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/VerifyEnrollMFASMSRequest" + "$ref": "#/components/schemas/VendorConfigRequest" } } } }, + "responses": { + "201": { + "description": "", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/VendorConfigResponse" + } + } + } + } + }, + "tags": [ + "Core settings" + ] + }, + "get": { + "operationId": "VendorConfigController_getVendorConfig", + "summary": "Get identity management configuration", + "description": "This route gets the identity management configuration for a vendor.", + "parameters": [], "responses": { "200": { - "description": "" + "description": "", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/VendorConfigResponse" + } + } + } } }, "tags": [ - "MFA" + "Core settings" ] } }, - "/resources/auth/v1/passwordless/smscode/prelogin": { + "/resources/configurations/v1/captcha-policy": { "post": { - "operationId": "AuthenticationPasswordlessControllerV1_smsCodePreLogin", - "summary": "SMS code prelogin", - "description": "This route triggers the system to send an SMS to the user and is the first step when authenticating using the sms otc passwordless mechanism. Send the **`frontegg-vendor-host`** as a header to declare which vendor. This is your domain name in the Frontegg Portal ➜ Workspace Settings ➜ Domains ➜ Domain Name. Send the user's email as POST body params. Include the invitation token if the user is signing up by invitation. Send the recaptcha token if the recaptcha is enabled for login.", + "operationId": "CaptchaPolicyController_createCaptchaPolicy", + "summary": "Create captcha policy", + "description": "This route creates a captcha policy for all tenants. To enable the Captcha Policy, make sure to set the enabled variable to true, the site key and secret key to the ones you got from reCaptcha and the minimum score to a number between 0 to 1.", "parameters": [], "requestBody": { "required": true, "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/PasswordlessAuthenticationSmsOtcPreloginDto" + "$ref": "#/components/schemas/CaptchaPolicyRequest" } } } @@ -1407,65 +1085,104 @@ "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/PasswordlessAuthenticationSmsOTCPreloginResponseDto" + "$ref": "#/components/schemas/CaptchaPolicyResponse" } } } - }, - "400": { - "description": "User does not have a phone number" } }, "tags": [ - "Passwordless" + "Core settings" ] - } - }, - "/resources/auth/v1/passwordless/smscode/postlogin": { - "post": { - "operationId": "AuthenticationPasswordlessControllerV1_smsCodePostLogin", - "summary": "SMS code postlogin", - "description": "This route authenticates a local user and is the second step when authenticating using the sms otc passwordless mechanism. Send the **`frontegg-vendor-host`** as a header to declare which vendor. This is your domain name in the Frontegg Portal ➜ Workspace Settings ➜ Domains ➜ Domain Name. Send the user's token id as a POST body params. Include the invitation token if the user is signing up by invitation. Send the recaptcha token if the recaptcha is enabled for login. The route returns the refresh cookie and JWT.", + }, + "put": { + "operationId": "CaptchaPolicyController_updateCaptchaPolicy", + "summary": "Update captcha policy", + "description": "This route updates a captcha policy for all tenants. To enable the Captcha Policy, make sure to set the enabled variable to true, the site key and secret key to the ones you got from reCaptcha and the minimum score to a number between 0 to 1.", "parameters": [], "requestBody": { "required": true, "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/AuthenticateUserPasswordlessDto" + "$ref": "#/components/schemas/CaptchaPolicyRequest" } } } }, "responses": { - "201": { + "200": { "description": "", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/AuthenticationResponseDto" + "$ref": "#/components/schemas/CaptchaPolicyResponse" } } } } }, "tags": [ - "Passwordless" + "Core settings" + ] + }, + "get": { + "operationId": "CaptchaPolicyController_getCaptchaPolicy", + "summary": "Get captcha policy", + "description": "This route gets the captcha policy. It returns the policy’s ID, site key, secret key, minimum score and ignored emails and wether the . ", + "parameters": [], + "responses": { + "200": { + "description": "", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/CaptchaPolicyResponse" + } + } + } + } + }, + "tags": [ + "Core settings" + ] + } + }, + "/resources/configurations/v1/basic": { + "get": { + "operationId": "VendorConfigController_getVendorConfigBasic", + "summary": "Get identity management configuration", + "description": "This route gets the identity management configuration for a vendor.", + "parameters": [], + "responses": { + "200": { + "description": "", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/VendorConfigBasicResponse" + } + } + } + } + }, + "tags": [ + "Core settings" ] } }, - "/resources/auth/v1/passwordless/magiclink/prelogin": { + "/resources/sso/custom/v1": { "post": { - "operationId": "AuthenticationPasswordlessControllerV1_magicLinkPrelogin", - "summary": "Magic link prelogin", - "description": "This route triggers the system to send the magic link to the user and is the first step when authenticating a local user with the magic link passwordless mechanism. Send the **`frontegg-vendor-host`** as a header to declare which vendor. This is your domain name in the Frontegg Portal ➜ Workspace Settings ➜ Domains ➜ Domain Name. Send the user's email as POST body params. Include the invitation token if the user is signing up by invitation. Send the recaptcha token if the recaptcha is enabled for login.", + "operationId": "CustomSsoV1Controller_createSsoProvider", + "summary": "Create custom oauth provider", + "description": "This route creates a custom social login provider using OAuth details of the identity provider", "parameters": [], "requestBody": { "required": true, "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/PasswordlessAuthenticationPreloginDto" + "$ref": "#/components/schemas/CreateCustomSsoRequestDto" } } } @@ -1473,61 +1190,99 @@ "responses": { "200": { "description": "" - }, - "400": { - "description": "Invalid authentication type, magic link authentication should be enabled" } }, "tags": [ - "Passwordless" + "Custom social OAuth provider" + ] + }, + "get": { + "operationId": "SsoV2Controller_getSsoProviders", + "summary": "Get custom oauth provider", + "description": "This route fetches the custom social login providers on an environment", + "parameters": [], + "responses": { + "200": { + "description": "" + } + }, + "tags": [ + "Custom social OAuth provider" ] } }, - "/resources/auth/v1/passwordless/magiclink/postlogin": { - "post": { - "operationId": "AuthenticationPasswordlessControllerV1_magicLinkPostLogin", - "summary": "Magic link postlogin", - "description": "This route authenticates a local user and is the second step when using the magic link passwordless mechanism. Send the **`frontegg-vendor-host`** as a header to declare which vendor. This is your domain name in the Frontegg Portal ➜ Workspace Settings ➜ Domains ➜ Domain Name. Send the user's token id as POST body params. Include the invitation token if the user is signing up by invitation. Send the recaptcha token if the recaptcha is enabled for login. The route returns the refresh cookie and JWT.", - "parameters": [], + "/resources/sso/custom/v1/{id}": { + "patch": { + "operationId": "CustomSsoV1Controller_updateSsoProvider", + "summary": "Update custom oauth provider", + "description": "This route updates the custom social login provider on an environment by ID", + "parameters": [ + { + "name": "id", + "required": true, + "in": "path", + "schema": { + "type": "string" + }, + "description": "" + } + ], "requestBody": { "required": true, "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/AuthenticateUserPasswordlessDto" + "$ref": "#/components/schemas/UpdateCustomSsoRequestDto" } } } }, "responses": { - "201": { - "description": "", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/AuthenticationResponseDto" - } - } - } + "200": { + "description": "" } }, "tags": [ - "Passwordless" + "Custom social OAuth provider" + ] + }, + "delete": { + "operationId": "CustomSsoV1Controller_deleteCustomSsoConfig", + "summary": "Delete custom oauth provider", + "description": "This route deletes the custom social login provider on an environment by ID", + "parameters": [ + { + "name": "id", + "required": true, + "in": "path", + "schema": { + "type": "string" + }, + "description": "" + } + ], + "responses": { + "200": { + "description": "" + } + }, + "tags": [ + "Custom social OAuth provider" ] } }, - "/resources/auth/v1/passwordless/code/prelogin": { + "/resources/migrations/v1/auth0": { "post": { - "operationId": "AuthenticationPasswordlessControllerV1_emailCodePrelogin", - "summary": "OTC (One-Time Code) prelogin", - "description": "This route triggers the system to send a one-time code to the user and is the first step when authenticating a local user using the email otc passwordless mechanism. Send the **`frontegg-vendor-host`** as a header to declare which vendor. This is your domain name in the Frontegg Portal ➜ Workspace Settings ➜ Domains ➜ Domain Name. Send the user's email as POST body params. Include the invitation token if the user is signing up by invitation. Send the recaptcha token if the recaptcha is enabled for login.", + "operationId": "UsersControllerV1_migrateUserFromAuth0", + "summary": "Migrate from Auth0", + "description": "This route enables you to migrate your users from Auth0 to Frontegg easily. Add the Domain, Client ID, Secret and the tenant’s ID Field Name - they’ll be found on Auth0 and the migration will be as smooth as possible.", "parameters": [], "requestBody": { "required": true, "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/PasswordlessAuthenticationPreloginDto" + "$ref": "#/components/schemas/Auth0Configuration" } } } @@ -1535,28 +1290,25 @@ "responses": { "201": { "description": "" - }, - "400": { - "description": "Invalid authentication type, OTC (One-Time Code) authentication should be enabled" } }, "tags": [ - "Passwordless" + "Data migration" ] } }, - "/resources/auth/v1/passwordless/code/postlogin": { + "/resources/migrations/v1/local": { "post": { - "operationId": "AuthenticationPasswordlessControllerV1_emailCodePostLogin", - "summary": "OTC (One-Time Code) postlogin", - "description": "This route authenticates a local user and is the second step when using the email otc passwordless mechanism. Send the **`frontegg-vendor-host`** as a header to declare which vendor. This is your domain name in the Frontegg Portal ➜ Workspace Settings ➜ Domains ➜ Domain Name. Send the user's token id as POST body params. Include the invitation token if the user is signing up by invitation. Send the recaptcha token if the recaptcha is enabled for login. The route returns the refresh cookie and JWT.", + "operationId": "UsersControllerV1_migrateUserForVendor", + "summary": "Migrate a vendor user", + "description": "This route enables you to migrate a user by sending the following required fields: user’s email, their tenantId and metadata, a new user will be created. This endpoint takes other properties as well, such as the user’s name, their phone number, hashed password, etc...", "parameters": [], "requestBody": { "required": true, "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/AuthenticateUserPasswordlessDto" + "$ref": "#/components/schemas/MigrateUserRequest" } } } @@ -1567,150 +1319,191 @@ "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/AuthenticationResponseDto" + "$ref": "#/components/schemas/UserDto" } } } } }, "tags": [ - "Passwordless" + "Data migration" ] } }, - "/resources/tenants/invites/v1": { + "/resources/migrations/v1/local/bulk": { "post": { - "operationId": "TenantInvitesController_createTenantInvite", - "summary": "Create tenant invite", - "description": "This route creates a general invitation token. To create an invitation token for a specific tenant, send the tenant’s ID in the request’s body. To create an invitation token for a specific user of a tenant, you can add the user ID on the body params. If a user ID was provided, you can decide wether to send an email to the user or not via the shouldSendEmail param. In order to set up a specific expiration time, use the expiresInMinutes to declare when the invite is being invalidated. A vendor token is required for this route, it can be obtained from the vendor authentication route.", + "operationId": "UsersControllerV1_bulkMigrateUserForVendor", + "summary": "Migrate vendor users in bulk", + "description": "This route enables you to migrate users in bulk. Expects an array of `users`. Each entry must include a user's `email` and `tenantId`, which specifies that user's parent account. Use the the other fields as needed to store additional information. We recommend using the `metadata` property if you need to store custom information in a user's object.", "parameters": [], "requestBody": { "required": true, "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/CreateInviteTokenRequest" + "$ref": "#/components/schemas/MigrateUsersRequest" } } } }, "responses": { - "201": { + "202": { "description": "", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/InviteTokenDto" + "$ref": "#/components/schemas/MigrationContext" } } } } }, "tags": [ - "Account invitations settings" + "Data migration" ] } }, - "/resources/tenants/invites/v1/all": { + "/resources/migrations/v1/local/bulk/status/{migrationId}": { "get": { - "operationId": "TenantInvitesController_getAllInvites", - "summary": "Get all tenant invites", - "description": "This route gets all invitations for all tenants. A vendor token is required for this route, it can be obtained from the vendor authentication route.", - "parameters": [], + "operationId": "UsersControllerV1_checkBulkMigrationStatus", + "summary": "Check status of bulk migration", + "description": "This route returns the status of a pending or completed migration. The payload includes the migration's current `state`, the number of migrated users, and any errors that occured during migration. Payload is limited to 1,000 users.", + "parameters": [ + { + "name": "migrationId", + "required": true, + "in": "path", + "schema": { + "type": "string" + }, + "description": "" + } + ], "responses": { "200": { "description": "", "content": { "application/json": { "schema": { - "type": "array", - "items": { - "$ref": "#/components/schemas/InviteTokenDto" - } + "$ref": "#/components/schemas/MigrationObject" } } } } }, "tags": [ - "Account invitations settings" + "Data migration" ] } }, - "/resources/tenants/invites/v1/token/{id}": { - "delete": { - "operationId": "TenantInvitesController_deleteTenantInvite", - "summary": "Delete a tenant invite", - "description": "This route deletes an invitation to join a tenant using the invitation ID. You can find it via the Get all tenant invites API. Send the invitation ID as a path param - you can get if via the **Get all tenant invites** API. A vendor token is required for this route, it can be obtained from the vendor authentication route.", - "parameters": [ - { - "name": "id", - "required": true, - "in": "path", - "schema": { - "type": "string" + "/resources/configurations/v1/delegation": { + "get": { + "operationId": "DelegationConfigurationControllerV1_getDelegationConfiguration", + "x-vendor-only": "true", + "summary": "Get delegation configuration", + "description": "Get information about the delegation configuration (if enabled). A [vendor token](/reference/authenticate_vendor) is required for this route.", + "parameters": [], + "responses": { + "200": { + "description": "", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/GetDelegationConfigurationResponseDto" + } + } } } - ], + }, + "tags": [ + "Delegation" + ] + }, + "post": { + "operationId": "DelegationConfigurationControllerV1_createOrUpdateDelegationConfiguration", + "x-vendor-only": "true", + "summary": "Create or update delegation configuration", + "description": "Enable or disable the ability to use delegation in a token exchange flow. A [vendor token](/reference/authenticate_vendor) is required for this route.", + "parameters": [], + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/CreateDelegationConfigurationRequestDto" + } + } + } + }, "responses": { "200": { "description": "" } }, "tags": [ - "Account invitations settings" + "Delegation" ] } }, - "/resources/configurations/v1/activation/strategies": { - "get": { - "operationId": "ActivationStrategyControllerV1_getActivationStrategy", - "summary": "Get activation strategies", + "/resources/configurations/restrictions/v1/email-domain": { + "post": { + "operationId": "DomainRestrictionsController_createDomainRestriction", + "summary": "Create domain restriction", + "description": "This route creates a new domain restriction for a tenant. Send values in the POST body as objects. See the dropdowns for available values for each object param.", "parameters": [], + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/DomainRestrictionsCreateRequest" + } + } + } + }, "responses": { - "200": { + "201": { "description": "", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/ActivationStrategyResponse" + "$ref": "#/components/schemas/DomainRestrictionsResponse" } } } } }, "tags": [ - "Account invitations settings" + "Domain restrictions" ] }, - "post": { - "operationId": "ActivationStrategyControllerV1_createOrUpdateActivationStrategy", - "summary": "Create or update activation strategy", + "get": { + "operationId": "DomainRestrictionsController_getDomainRestrictions", + "summary": "Get domain restrictions", + "description": "This route gets the domain restrictions for a tenant.", "parameters": [], - "requestBody": { - "required": true, - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/CreateOrUpdateActivationStrategyRequest" + "responses": { + "200": { + "description": "", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/DomainRestrictionsResponse" + } } } } }, - "responses": { - "200": { - "description": "" - } - }, "tags": [ - "Account invitations settings" + "Domain restrictions" ] } }, - "/resources/configurations/v1/invitation/strategies": { + "/resources/configurations/restrictions/v1/email-domain/config": { "get": { - "operationId": "InvitationStrategyControllerV1_getInvitationStrategy", - "summary": "Get invitation strategies", + "operationId": "DomainRestrictionsController_getDomainRestrictionsConfig", + "summary": "Get domain restrictions", + "description": "This route gets the domain restrictions for a tenant.", "parameters": [], "responses": { "200": { @@ -1718,52 +1511,27 @@ "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/InvitationStrategyResponse" + "$ref": "#/components/schemas/DomainRestrictionsConfigResponse" } } } } }, "tags": [ - "Account invitations settings" + "Domain restrictions" ] }, "post": { - "operationId": "InvitationStrategyControllerV1_createOrUpdateInvitationStrategy", - "summary": "Create or update invitation strategy", - "parameters": [], - "requestBody": { - "required": true, - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/CreateOrUpdateInvitationStrategyRequest" - } - } - } - }, - "responses": { - "200": { - "description": "" - } - }, - "tags": [ - "Account invitations settings" - ] - } - }, - "/resources/configurations/v1": { - "post": { - "operationId": "VendorConfigController_addOrUpdateConfig", - "summary": "Update identity management configuration", - "description": "This route updates the identity management configuration for a vendor. Send values in the POST body for params that you want to add or update. See the dropdown for available values for each param.", + "operationId": "DomainRestrictionsController_updateDomainRestrictionsConfig", + "summary": "Change domain restrictions config list type and toggle it off/on", + "description": "This route updates domain restrictions config, can toggle check on/off.", "parameters": [], "requestBody": { "required": true, "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/VendorConfigRequest" + "$ref": "#/components/schemas/DomainRestrictionsConfigUpdateRequest" } } } @@ -1774,50 +1542,55 @@ "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/VendorConfigResponse" + "$ref": "#/components/schemas/DomainRestrictionsConfigResponse" } } } } }, "tags": [ - "Core settings" + "Domain restrictions" ] - }, - "get": { - "operationId": "VendorConfigController_getVendorConfig", - "summary": "Get identity management configuration", - "description": "This route gets the identity management configuration for a vendor.", - "parameters": [], + } + }, + "/resources/configurations/restrictions/v1/email-domain/{id}": { + "delete": { + "operationId": "DomainRestrictionsController_deleteDomainRestriction", + "summary": "Delete domain restriction", + "description": "This route deletes domain restriction.", + "parameters": [ + { + "name": "id", + "required": true, + "in": "path", + "schema": { + "type": "string" + }, + "description": "" + } + ], "responses": { "200": { - "description": "", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/VendorConfigResponse" - } - } - } + "description": "" } }, "tags": [ - "Core settings" + "Domain restrictions" ] } }, - "/resources/configurations/v1/captcha-policy": { + "/resources/configurations/restrictions/v1/email-domain/replace-bulk": { "post": { - "operationId": "CaptchaPolicyController_createCaptchaPolicy", - "summary": "Create captcha policy", - "description": "This route creates a captcha policy for all tenants. To enable the Captcha Policy, make sure to set the enabled variable to true, the site key and secret key to the ones you got from reCaptcha and the minimum score to a number between 0 to 1.", + "operationId": "DomainRestrictionsController_createBulkDomainsRestriction", + "summary": "Replace bulk domain restriction", + "description": "This route replaces all domains from the incoming request", "parameters": [], "requestBody": { "required": true, "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/CaptchaPolicyRequest" + "$ref": "#/components/schemas/DomainRestrictionsBulkRequestRequest" } } } @@ -1828,51 +1601,53 @@ "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/CaptchaPolicyResponse" + "type": "array", + "items": { + "$ref": "#/components/schemas/DomainRestrictionsResponse" + } } } } } }, "tags": [ - "Core settings" + "Domain restrictions" ] - }, - "put": { - "operationId": "CaptchaPolicyController_updateCaptchaPolicy", - "summary": "Update captcha policy", - "description": "This route updates a captcha policy for all tenants. To enable the Captcha Policy, make sure to set the enabled variable to true, the site key and secret key to the ones you got from reCaptcha and the minimum score to a number between 0 to 1.", + } + }, + "/resources/mail/v1/configurations": { + "post": { + "operationId": "MailConfigController_createOrUpdateMailConfig", + "summary": "Create or update configuration", + "description": "Frontegg sends emails via SendGrid. If you already have an account on SendGrid and you wish emails to be sent from your SendGrid account, pass the SendGrid secret key as a body param. A vendor token is required for this route, it can be obtained from the vendor authentication route.", + "deprecated": true, "parameters": [], "requestBody": { "required": true, "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/CaptchaPolicyRequest" + "$ref": "#/components/schemas/CreateOrUpdateMailConfigRequestDto" } } } }, "responses": { "200": { - "description": "", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/CaptchaPolicyResponse" - } - } - } + "description": "" + }, + "201": { + "description": "" } }, "tags": [ - "Core settings" + "Email configuration" ] }, "get": { - "operationId": "CaptchaPolicyController_getCaptchaPolicy", - "summary": "Get captcha policy", - "description": "This route gets the captcha policy. It returns the policy’s ID, site key, secret key, minimum score and ignored emails and wether the . ", + "operationId": "MailConfigController_getMailConfig", + "summary": "Get configuration", + "description": "This route returns the mail configuration setup on Frontegg for your SendGrid account. A vendor token is required for this route, it can be obtained from the vendor authentication route.", "parameters": [], "responses": { "200": { @@ -1880,176 +1655,315 @@ "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/CaptchaPolicyResponse" + "$ref": "#/components/schemas/GetMailConfigResponseDto" } } } } }, "tags": [ - "Core settings" + "Email configuration" ] - } - }, - "/resources/configurations/v1/basic": { - "get": { - "operationId": "VendorConfigController_getVendorConfigBasic", - "summary": "Get identity management configuration", - "description": "This route gets the identity management configuration for a vendor.", + }, + "delete": { + "operationId": "MailConfigController_deleteMailConfig", + "summary": "Delete configuration", + "description": "A vendor token is required for this route, it can be obtained from the vendor authentication route.", "parameters": [], "responses": { "200": { - "description": "", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/VendorConfigBasicResponse" + "description": "" + } + }, + "tags": [ + "Email configuration" + ] + } + }, + "/resources/mail/v2/configurations": { + "post": { + "operationId": "MailConfigController_createOrUpdateMailConfigV2", + "summary": "Create or update configuration v2", + "description": "Configure and manage email settings with our controller, supporting SES, Mailgun, and SendGrid. Easily set the email provider and sender details, include additional parameters as needed, and send configuration data via POST. A vendor token from the authentication route is required.", + "parameters": [], + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "payload": { + "oneOf": [ + { + "$ref": "#/components/schemas/SendGridDto" + }, + { + "$ref": "#/components/schemas/SesDto" + }, + { + "$ref": "#/components/schemas/MailgunDto" + }, + { + "$ref": "#/components/schemas/SesRoleDto" + } + ] + } } } } } }, + "responses": { + "201": { + "description": "" + } + }, "tags": [ - "Core settings" + "Email configuration" ] } }, - "/resources/sso/custom/v1": { + "/resources/mail/v1/configs/templates": { "post": { - "operationId": "CustomSsoV1Controller_createSsoProvider", - "summary": "Create custom oauth provider", - "description": "This route creates a custom social login provider using OAuth details of the identity provider", + "operationId": "MailV1Controller_addOrUpdateTemplate", + "summary": "Add or update template", + "description": "This route creates or updates an email template. Select the email template using the type. The type value needs to be the name of one of the Frontegg email templates. See the dropdown for available values. Also, set the sender using senderEmail. Optionally, include values for the other available body params. Send the information for the template in the POST body. A vendor token is required for this route, it can be obtained from the vendor authentication route.", "parameters": [], "requestBody": { "required": true, "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/CreateCustomSsoRequestDto" + "$ref": "#/components/schemas/CreateTemplateDto" } } } }, "responses": { - "200": { + "201": { "description": "" } }, "tags": [ - "Custom social OAuth provider" + "Email templates" ] }, "get": { - "operationId": "SsoV2Controller_getSsoProviders", - "summary": "Get custom oauth provider", - "description": "This route fetches the custom social login providers on an environment", - "parameters": [], + "operationId": "MailV1Controller_getTemplateConfiguration", + "summary": "Get template", + "description": "This route gets all the vendor’s email templates. In order to get a specific template, pass its type as a query param. A vendor token is required for this route, it can be obtained from the vendor authentication route.", + "parameters": [ + { + "name": "type", + "required": false, + "in": "query", + "schema": { + "enum": [ + "ResetPassword", + "ActivateUser", + "InviteToTenant", + "PwnedPassword", + "MagicLink", + "OTC", + "ConnectNewDevice", + "UserUsedInvitation", + "ResetPhoneNumber", + "BulkInvitesToTenant", + "MFAEnroll", + "MFAUnenroll", + "NewMFAMethod", + "MFARecoveryCode", + "RemoveMFAMethod", + "EmailVerification", + "BruteForceProtection", + "SuspiciousIP", + "MFAOTC", + "ImpossibleTravel", + "BotDetection", + "SmsAuthenticationEnabled", + "UnlockUser", + "UnlockUserSuccess", + "ActivateUserWithCode", + "InviteToTenantWithCode" + ], + "type": "string" + }, + "description": "" + } + ], "responses": { "200": { - "description": "" + "description": "", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "$ref": "#/components/schemas/GetTemplateResponseDto" + } + } + } + } } }, "tags": [ - "Custom social OAuth provider" + "Email templates" ] } }, - "/resources/sso/custom/v1/{id}": { - "patch": { - "operationId": "CustomSsoV1Controller_updateSsoProvider", - "summary": "Update custom oauth provider", - "description": "This route updates the custom social login provider on an environment by ID", + "/resources/mail/v1/configs/templates/{templateId}": { + "delete": { + "operationId": "MailV1Controller_deleteTemplate", + "summary": "Delete template", + "description": "This route deletes specified email template. Select the email template using the ID of the template - which can be obtained via the **Get template** API. A vendor token is required for this route, it can be obtained from the vendor authentication route.", "parameters": [ { - "name": "id", + "name": "templateId", "required": true, "in": "path", "schema": { "type": "string" - } + }, + "description": "" } ], - "requestBody": { - "required": true, - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/UpdateCustomSsoRequestDto" - } - } - } - }, "responses": { "200": { "description": "" } }, "tags": [ - "Custom social OAuth provider" + "Email templates" ] - }, - "delete": { - "operationId": "CustomSsoV1Controller_deleteCustomSsoConfig", - "summary": "Delete custom oauth provider", - "description": "This route deletes the custom social login provider on an environment by ID", + } + }, + "/resources/mail/v1/configs/{type}/default": { + "get": { + "operationId": "MailV1Controller_getDefaultTemplateConfiguration", + "summary": "Get default template by type", + "description": "This route gets default email template by type, pass required type as a query param.", "parameters": [ { - "name": "id", + "name": "type", "required": true, "in": "path", + "description": "The email template type", "schema": { + "enum": [ + "ResetPassword", + "ActivateUser", + "InviteToTenant", + "PwnedPassword", + "MagicLink", + "OTC", + "ConnectNewDevice", + "UserUsedInvitation", + "ResetPhoneNumber", + "BulkInvitesToTenant", + "MFAEnroll", + "MFAUnenroll", + "NewMFAMethod", + "MFARecoveryCode", + "RemoveMFAMethod", + "EmailVerification", + "BruteForceProtection", + "SuspiciousIP", + "MFAOTC", + "ImpossibleTravel", + "BotDetection", + "SmsAuthenticationEnabled", + "UnlockUser", + "UnlockUserSuccess", + "ActivateUserWithCode", + "InviteToTenantWithCode" + ], "type": "string" } } ], "responses": { "200": { - "description": "" + "description": "", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/GetTemplateResponseDto" + } + } + } } }, "tags": [ - "Custom social OAuth provider" + "Email templates" ] } }, - "/resources/migrations/v1/auth0": { + "/resources/auth/v1/user": { "post": { - "operationId": "UsersControllerV1_migrateUserFromAuth0", - "summary": "Migrate from Auth0", - "description": "This route enables you to migrate your users from Auth0 to Frontegg easily. Add the Domain, Client ID, Secret and the tenant’s ID Field Name - they’ll be found on Auth0 and the migration will be as smooth as possible.", - "parameters": [], + "operationId": "AuthenticatioAuthenticationControllerV1_authenticateLocalUser", + "summary": "Authenticate user with password", + "description": "This route authenticates a local user using email and password. Send the **`frontegg-vendor-host`** as a header to declare which vendor. This is your domain name in the Frontegg Portal ➜ Workspace Settings ➜ Domains ➜ Domain Name. Optionally, send login information for the user as POST body params. Include the invitation token if the user is signing up by invitation. Send the recaptcha token if the recaptcha is enabled for login.", + "parameters": [ + { + "name": "frontegg-vendor-host", + "in": "header", + "description": "The vendor host domain", + "required": false, + "schema": { + "type": "string" + } + } + ], "requestBody": { "required": true, "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/Auth0Configuration" + "$ref": "#/components/schemas/AuthenticateUserPasswordDto" } } } }, "responses": { - "201": { - "description": "" + "200": { + "description": "", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/AuthenticationResponseDto" + } + } + } } }, "tags": [ - "Data migration" + "General" ] } }, - "/resources/migrations/v1/local": { + "/resources/auth/v1/user/token/refresh": { "post": { - "operationId": "UsersControllerV1_migrateUserForVendor", - "summary": "Migrate a vendor user", - "description": "This route enables you to migrate a user by sending the following required fields: user’s email, their tenantId and metadata, a new user will be created. This endpoint takes other properties as well, such as the user’s name, their phone number, hashed password, etc...", - "parameters": [], + "operationId": "AuthenticatioAuthenticationControllerV1_refreshToken", + "summary": "Refresh user JWT token ", + "description": "This route refreshes a JWT based on the refresh token expiration time. If the refresh token is valid, the route returns a new JWT and refresh token. Please note that the route expects the refresh cookie of the logged in user as well. Send the **`frontegg-vendor-host`** as a header to declare which vendor. This is your domain name in the Frontegg Portal ➜ Workspace Settings ➜ Domains ➜ Domain Name. Configure your JWT settings in the Frontegg Portal.", + "parameters": [ + { + "name": "frontegg-vendor-host", + "required": true, + "in": "header", + "schema": { + "type": "string" + }, + "description": "" + } + ], "requestBody": { "required": true, "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/MigrateUserRequest" + "$ref": "#/components/schemas/RefreshTokenDto" } } } @@ -2060,303 +1974,311 @@ "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/UserDto" + "$ref": "#/components/schemas/AuthenticationResponseDto" } } } } }, "tags": [ - "Data migration" + "General" ] } }, - "/resources/migrations/v1/local/bulk": { + "/resources/auth/v1/logout": { "post": { - "operationId": "UsersControllerV1_bulkMigrateUserForVendor", - "summary": "Migrate vendor users in bulk", - "description": "This route enables you to migrate users in bulk. Expects an array of `users`. Each entry must include a user's `email` and `tenantId`, which specifies that user's parent account. Use the the other fields as needed to store additional information. We recommend using the `metadata` property if you need to store custom information in a user's object.", + "operationId": "AuthenticatioAuthenticationControllerV1_logout", + "summary": "Logout user", + "description": "This route logs out a user using the refresh token that is passed as a cookie. Send the **`frontegg-vendor-host`** as a header to declare which vendor. This route is designed for Frontegg embedded login or integrations that use only Frontegg APIs", + "parameters": [ + { + "name": "frontegg-vendor-host", + "required": true, + "in": "header", + "schema": { + "type": "string" + }, + "description": "" + } + ], + "responses": { + "201": { + "description": "" + } + }, + "tags": [ + "General" + ] + } + }, + "/resources/configurations/v1/restrictions/ip/config": { + "post": { + "operationId": "IPRestrictionsControllerV1_createDomainRestriction", + "summary": "Create or update IP restriction configuration (ALLOW/BLOCK)", + "description": "This route creates or updates ip restrictions config.", "parameters": [], "requestBody": { "required": true, "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/MigrateUsersRequest" + "$ref": "#/components/schemas/CreateOrUpdateIpRestrictionConfigDto" } } } }, "responses": { - "202": { - "description": "", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/MigrationContext" - } - } - } + "201": { + "description": "" } }, "tags": [ - "Data migration" + "IP restrictions" + ] + }, + "get": { + "operationId": "IPRestrictionsControllerV1_getIpRestrictionConfig", + "summary": "Get IP restriction configuration (ALLOW/BLOCK)", + "description": "This route gets the ip restrictions config for a tenant.", + "parameters": [], + "responses": { + "200": { + "description": "" + } + }, + "tags": [ + "IP restrictions" ] } }, - "/resources/migrations/v1/local/bulk/status/{migrationId}": { + "/resources/configurations/v1/restrictions/ip": { "get": { - "operationId": "UsersControllerV1_checkBulkMigrationStatus", - "summary": "Check status of bulk migration", - "description": "This route returns the status of a pending or completed migration. The payload includes the migration's current `state`, the number of migrated users, and any errors that occured during migration. Payload is limited to 1,000 users.", + "operationId": "IPRestrictionsControllerV1_getAllIpRestrictions", + "summary": "Get all IP restrictions", + "description": "This route gets the ip restrictions for a tenant.", "parameters": [ { - "name": "migrationId", - "required": true, - "in": "path", + "name": "_limit", + "required": false, + "in": "query", + "schema": { + "minimum": 1, + "type": "number" + }, + "description": "" + }, + { + "name": "_offset", + "required": false, + "in": "query", + "schema": { + "minimum": 0, + "type": "number" + }, + "description": "" + }, + { + "name": "_filter", + "required": false, + "in": "query", "schema": { "type": "string" - } + }, + "description": "" } ], "responses": { "200": { - "description": "", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/MigrationObject" - } - } - } - } - }, - "tags": [ - "Data migration" - ] - } - }, - "/resources/configurations/v1/delegation": { - "get": { - "operationId": "DelegationConfigurationControllerV1_getDelegationConfiguration", - "x-vendor-only": "true", - "summary": "Get delegation configuration", - "description": "Get information about the delegation configuration (if enabled). A vendor token is required for this route.", - "parameters": [], - "responses": { - "200": { - "description": "", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/GetDelegationConfigurationResponseDto" - } - } - } + "description": "" } }, "tags": [ - "Delegation" + "IP restrictions" ] }, "post": { - "operationId": "DelegationConfigurationControllerV1_createOrUpdateDelegationConfiguration", - "x-vendor-only": "true", - "summary": "Create or update delegation configuration", - "description": "Enable or disable the ability to use delegation in a token exchange flow. A vendor token is required for this route.", + "operationId": "IPRestrictionsControllerV1_createIpRestriction", + "summary": "Create IP restriction", + "description": "This route creates or updates ip restriction for a tenant. Send values in the POST body as objects. See the dropdowns for available values for each object param.", "parameters": [], "requestBody": { "required": true, "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/CreateDelegationConfigurationRequestDto" + "$ref": "#/components/schemas/CreateOrUpdateIpRestrictionDto" } } } }, "responses": { - "200": { + "201": { "description": "" } }, "tags": [ - "Delegation" + "IP restrictions" ] } }, - "/resources/mail/v1/configurations": { + "/resources/configurations/v1/restrictions/ip/verify": { "post": { - "operationId": "MailConfigController_createOrUpdateMailConfig", - "summary": "Create or update configuration", - "description": "Frontegg sends emails via SendGrid. If you already have an account on SendGrid and you wish emails to be sent from your SendGrid account, pass the SendGrid secret key as a body param. A vendor token is required for this route, it can be obtained from the vendor authentication route.", - "deprecated": true, + "operationId": "IPRestrictionsControllerV1_testCurrentIp", + "summary": "Test Current IP", + "description": "This route checks if current ip is allowed.", "parameters": [], - "requestBody": { - "required": true, - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/CreateOrUpdateMailConfigRequestDto" - } - } - } - }, "responses": { - "200": { - "description": "" - }, "201": { "description": "" } }, "tags": [ - "Email configuration" + "IP restrictions" ] - }, - "get": { - "operationId": "MailConfigController_getMailConfig", - "summary": "Get configuration", - "description": "This route returns the mail configuration setup on Frontegg for your SendGrid account. A vendor token is required for this route, it can be obtained from the vendor authentication route.", + } + }, + "/resources/configurations/v1/restrictions/ip/verify/allow": { + "post": { + "operationId": "testCurrentIpInAllowList", + "summary": "Test current IP is in allow list", + "description": "This route checks if current ip is active in the allow list.", "parameters": [], "responses": { - "200": { - "description": "", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/GetMailConfigResponseDto" - } - } - } + "201": { + "description": "" } }, "tags": [ - "Email configuration" + "IP restrictions" ] - }, + } + }, + "/resources/configurations/v1/restrictions/ip/{id}": { "delete": { - "operationId": "MailConfigController_deleteMailConfig", - "summary": "Delete configuration", - "description": "A vendor token is required for this route, it can be obtained from the vendor authentication route.", - "parameters": [], + "operationId": "IPRestrictionsControllerV1_deleteIpRestrictionById", + "summary": "Delete IP restriction by IP", + "description": "This route deletes ip restriction.", + "parameters": [ + { + "name": "id", + "required": true, + "in": "path", + "schema": { + "type": "string" + }, + "description": "" + } + ], "responses": { "200": { "description": "" } }, "tags": [ - "Email configuration" + "IP restrictions" ] } }, - "/resources/mail/v2/configurations": { + "/resources/configurations/v1/lockout-policy": { "post": { - "operationId": "MailConfigController_createOrUpdateMailConfigV2", - "summary": "Create or update configuration v2", - "description": "Configure and manage email settings with our controller, supporting SES, Mailgun, and SendGrid. Easily set the email provider and sender details, include additional parameters as needed, and send configuration data via POST. A vendor token from the authentication route is required.", - "parameters": [], + "operationId": "LockoutPolicyController_createLockoutPolicy", + "summary": "Create lockout policy", + "description": "This route creates a lockout policy for all tenants. To create a lockout policy for a specific tenant, send the tenant’s ID in the **`frontegg-tenant-id`** header. To enable the Lockout Policy, make sure to set the enabled variable to true and the maximum attempts to a number of your preference.", + "parameters": [ + { + "name": "frontegg-tenant-id", + "in": "header", + "description": "The tenant ID identifier", + "required": false, + "schema": { + "type": "string" + } + } + ], "requestBody": { "required": true, "content": { "application/json": { "schema": { - "type": "object", - "properties": { - "payload": { - "oneOf": [ - { - "$ref": "#/components/schemas/SendGridDto" - }, - { - "$ref": "#/components/schemas/SesDto" - }, - { - "$ref": "#/components/schemas/MailgunDto" - }, - { - "$ref": "#/components/schemas/SesRoleDto" - } - ] - } - } + "$ref": "#/components/schemas/LockoutPolicyRequest" } } } }, "responses": { "201": { - "description": "" + "description": "", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/LockoutPolicyResponse" + } + } + } + }, + "409": { + "description": "Lockout Policy already exists" } }, "tags": [ - "Email configuration" + "Lockout policy" ] - } - }, - "/resources/mail/v1/configs/templates": { - "post": { - "operationId": "MailV1Controller_addOrUpdateTemplate", - "summary": "Add or update template", - "description": "This route creates or updates an email template. Select the email template using the type. The type value needs to be the name of one of the Frontegg email templates. See the dropdown for available values. Also, set the sender using senderEmail. Optionally, include values for the other available body params. Send the information for the template in the POST body. A vendor token is required for this route, it can be obtained from the vendor authentication route.", - "parameters": [], + }, + "patch": { + "operationId": "LockoutPolicyController_updateLockoutPolicy", + "summary": "Update lockout policy", + "description": "This route updates a lockout policy for all tenants. To update a lockout policy for a specific tenant, send the tenant’s ID in the **`frontegg-tenant-id`** header. To disable the lockout policy, make sure to set the enabled variable to false. The maximum attempts variable can also be changed to a number of your preference", + "parameters": [ + { + "name": "frontegg-tenant-id", + "in": "header", + "description": "The tenant ID identifier", + "required": false, + "schema": { + "type": "string" + } + } + ], "requestBody": { "required": true, "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/CreateTemplateDto" + "$ref": "#/components/schemas/LockoutPolicyRequest" } } } }, "responses": { - "201": { - "description": "" + "200": { + "description": "", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/LockoutPolicyResponse" + } + } + } + }, + "404": { + "description": "Lockout Policy not found. Try to use the Create Lockout Policy API" } }, "tags": [ - "Email templates" + "Lockout policy" ] }, "get": { - "operationId": "MailV1Controller_getTemplateConfiguration", - "summary": "Get template", - "description": "This route gets all the vendor’s email templates. In order to get a specific template, pass its type as a query param. A vendor token is required for this route, it can be obtained from the vendor authentication route.", + "operationId": "LockoutPolicyController_getLockoutPolicy", + "summary": "Get lockout policy", + "description": "This route gets the lockout policy for all tenants or one tenant specifically. To get the lockout policy for a specific tenant, send the tenant’s ID in the **`frontegg-tenant-id`** header.", "parameters": [ { - "name": "type", - "required": false, - "in": "query", - "schema": { - "enum": [ - "ResetPassword", - "ActivateUser", - "InviteToTenant", - "PwnedPassword", - "MagicLink", - "OTC", - "ConnectNewDevice", - "UserUsedInvitation", - "ResetPhoneNumber", - "BulkInvitesToTenant", - "MFAEnroll", - "MFAUnenroll", - "NewMFAMethod", - "MFARecoveryCode", - "RemoveMFAMethod", - "EmailVerification", - "BruteForceProtection", - "SuspiciousIP", - "MFAOTC", - "ImpossibleTravel", - "BotDetection", - "SmsAuthenticationEnabled", - "UnlockUser", - "UnlockUserSuccess", - "ActivateUserWithCode", - "InviteToTenantWithCode" - ], + "name": "frontegg-tenant-id", + "in": "header", + "description": "The tenant ID identifier", + "required": false, + "schema": { "type": "string" } } @@ -2367,30 +2289,30 @@ "content": { "application/json": { "schema": { - "type": "array", - "items": { - "$ref": "#/components/schemas/GetTemplateResponseDto" - } + "$ref": "#/components/schemas/LockoutPolicyResponse" } } } + }, + "404": { + "description": "Lockout policy is not defined" } }, "tags": [ - "Email templates" + "Lockout policy" ] } }, - "/resources/mail/v1/configs/templates/{templateId}": { - "delete": { - "operationId": "MailV1Controller_deleteTemplate", - "summary": "Delete template", - "description": "This route deletes specified email template. Select the email template using the ID of the template - which can be obtained via the **Get template** API. A vendor token is required for this route, it can be obtained from the vendor authentication route.", + "/resources/vendor-only/users/access-tokens/v1/active": { + "get": { + "operationId": "VendorOnlyUserAccessTokensV1Controller_getActiveAccessTokens", + "summary": "Get active access tokens list", "parameters": [ { - "name": "templateId", + "name": "frontegg-tenant-id", + "in": "header", + "description": "The tenant ID identifier", "required": true, - "in": "path", "schema": { "type": "string" } @@ -2398,56 +2320,47 @@ ], "responses": { "200": { - "description": "" + "description": "", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "type": "string" + } + } + } + } } }, "tags": [ - "Email templates" - ] + "M2M tokens" + ], + "description": "" } }, - "/resources/mail/v1/configs/{type}/default": { + "/resources/vendor-only/users/access-tokens/v1/{id}": { "get": { - "operationId": "MailV1Controller_getDefaultTemplateConfiguration", - "summary": "Get default template by type", - "description": "This route gets default email template by type, pass required type as a query param.", + "operationId": "VendorOnlyUserAccessTokensV1Controller_getUserAccessTokenData", + "summary": "Get user access token data", "parameters": [ { - "name": "type", + "name": "frontegg-tenant-id", + "in": "header", + "description": "The tenant ID identifier", "required": true, - "in": "path", - "description": "The email template type", "schema": { - "enum": [ - "ResetPassword", - "ActivateUser", - "InviteToTenant", - "PwnedPassword", - "MagicLink", - "OTC", - "ConnectNewDevice", - "UserUsedInvitation", - "ResetPhoneNumber", - "BulkInvitesToTenant", - "MFAEnroll", - "MFAUnenroll", - "NewMFAMethod", - "MFARecoveryCode", - "RemoveMFAMethod", - "EmailVerification", - "BruteForceProtection", - "SuspiciousIP", - "MFAOTC", - "ImpossibleTravel", - "BotDetection", - "SmsAuthenticationEnabled", - "UnlockUser", - "UnlockUserSuccess", - "ActivateUserWithCode", - "InviteToTenantWithCode" - ], "type": "string" } + }, + { + "name": "id", + "required": true, + "in": "path", + "schema": { + "type": "string" + }, + "description": "" } ], "responses": { @@ -2456,21 +2369,22 @@ "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/GetTemplateResponseDto" + "$ref": "#/components/schemas/AuthUserAccessTokenResponse" } } } } }, "tags": [ - "Email templates" - ] + "M2M tokens" + ], + "description": "" } }, - "/resources/vendor-only/users/access-tokens/v1/active": { + "/resources/vendor-only/tenants/access-tokens/v1/{id}": { "get": { - "operationId": "VendorOnlyUserAccessTokensV1Controller_getActiveAccessTokens", - "summary": "Get active access tokens list", + "operationId": "VendorOnlyTenantAccessTokensV1Controller_getTenantAccessTokenData", + "summary": "Get tenant access token data", "parameters": [ { "name": "frontegg-tenant-id", @@ -2480,6 +2394,15 @@ "schema": { "type": "string" } + }, + { + "name": "id", + "required": true, + "in": "path", + "schema": { + "type": "string" + }, + "description": "" } ], "responses": { @@ -2488,410 +2411,588 @@ "content": { "application/json": { "schema": { - "type": "array", - "items": { - "type": "string" - } + "$ref": "#/components/schemas/AuthTenantAccessTokenResponse" } } } } }, "tags": [ - "M2M" + "M2M tokens" + ], + "description": "" + } + }, + "/resources/auth/v1/user/mfa/recover": { + "post": { + "operationId": "AuthenticationMFAControllerV1_recoverMfa", + "summary": "Recover MFA", + "description": "This route recovers MFA for a non logged-in user. Send the user’s email and a recovery code as params in the POST body. The recovery code comes from the MFA authenticator app when you set up MFA.", + "parameters": [], + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/RecoverMfaDto" + } + } + } + }, + "responses": { + "200": { + "description": "" + } + }, + "tags": [ + "MFA" ] } }, - "/resources/vendor-only/users/access-tokens/v1/{id}": { - "get": { - "operationId": "VendorOnlyUserAccessTokensV1Controller_getUserAccessTokenData", - "summary": "Get user access token data", + "/resources/users/v1/mfa/disable": { + "post": { + "operationId": "UsersMfaControllerV1_disableAuthAppMfa", + "summary": "Disable authenticator app MFA", + "description": "This route disables MFA enrollment for a logged-in user for a specific tenant. Send the **`frontegg-user-id`** header to declare which user. The MFA token should be obtained from the authenticator app. A vendor token is required for this route, it can be obtained from the vendor authentication route.", + "deprecated": true, "parameters": [ { - "name": "frontegg-tenant-id", + "name": "frontegg-user-id", "in": "header", - "description": "The tenant ID identifier", + "description": "The user ID identifier", "required": true, "schema": { "type": "string" } + } + ], + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/DisableMFAAuthAppRequest" + } + } + } + }, + "responses": { + "200": { + "description": "" + } + }, + "tags": [ + "MFA" + ] + } + }, + "/resources/users/v1/mfa/authenticator/{deviceId}/disable/verify": { + "post": { + "operationId": "UsersMfaControllerV1_disableAuthenticatorMfa", + "summary": "Disable authenticator app MFA", + "description": "This route disables MFA enrollment for a logged-in user for a specific tenant. Send the **`frontegg-user-id`** header to declare which user. The MFA token should be obtained from the authenticator app. A vendor token is required for this route, it can be obtained from the vendor authentication route.", + "parameters": [ + { + "name": "deviceId", + "required": true, + "in": "path", + "schema": { + "type": "string" + }, + "description": "" }, { - "name": "id", + "name": "frontegg-user-id", + "in": "header", + "description": "The user ID identifier", + "required": true, + "schema": { + "type": "string" + } + } + ], + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/DisableMFAAuthAppRequest" + } + } + } + }, + "responses": { + "200": { + "description": "" + } + }, + "tags": [ + "MFA" + ] + } + }, + "/resources/users/v1/mfa/sms/{deviceId}/disable": { + "post": { + "operationId": "UsersMfaControllerV1_preDisableSMSMfa", + "summary": "Pre-disable SMS MFA", + "parameters": [ + { + "name": "deviceId", "required": true, "in": "path", "schema": { "type": "string" + }, + "description": "" + }, + { + "name": "frontegg-user-id", + "in": "header", + "description": "The user ID identifier", + "required": true, + "schema": { + "type": "string" + } + }, + { + "name": "frontegg-tenant-id", + "in": "header", + "description": "The tenant ID identifier", + "required": true, + "schema": { + "type": "string" + } + } + ], + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/RequestDisableMFARequest" + } } } - ], + }, "responses": { "200": { "description": "", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/AuthUserAccessTokenResponse" + "$ref": "#/components/schemas/RequestDisableMFASMSResponse" } } } } }, "tags": [ - "M2M" - ] + "MFA" + ], + "description": "" } }, - "/resources/vendor-only/tenants/access-tokens/v1/{id}": { - "get": { - "operationId": "VendorOnlyTenantAccessTokensV1Controller_getTenantAccessTokenData", - "summary": "Get tenant access token data", + "/resources/users/v1/mfa/sms/{deviceId}/disable/verify": { + "post": { + "operationId": "UsersMfaControllerV1_disableSMSMfa", + "summary": "Disable SMS MFA", "parameters": [ { - "name": "frontegg-tenant-id", - "in": "header", - "description": "The tenant ID identifier", + "name": "deviceId", "required": true, + "in": "path", "schema": { "type": "string" - } + }, + "description": "" }, { - "name": "id", + "name": "frontegg-user-id", + "in": "header", + "description": "The user ID identifier", "required": true, - "in": "path", "schema": { "type": "string" } } ], - "responses": { - "200": { - "description": "", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/AuthTenantAccessTokenResponse" - } + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/DisableMFASMSRequest" } } } }, + "responses": { + "200": { + "description": "" + } + }, "tags": [ - "M2M" - ] + "MFA" + ], + "description": "" } }, - "/resources/configurations/v1/mfa": { + "/resources/auth/v1/user/mfa/verify": { "post": { - "operationId": "MfaController_upsertMfaConfig", - "summary": "Update MFA configuration", - "description": "This route updates the MFA configuration for a vendor. Send values in the POST body as objects for params that you want to add or update. See the dropdowns for available values for each object param.", + "operationId": "AuthenticationMFAControllerV1_verifyAuthenticatorMfaCode", + "summary": "Verify MFA using code from authenticator app", + "description": "This route verifies the MFA code from an authenticator app. Send the **`frontegg-vendor-host`** as a header. This is your domain name in the Frontegg Portal ➜ Workspace Settings ➜ Domains ➜ Domain Name. Send information required for MFA in the POST body. The `value` is the service name from your Authentication Settings in the Frontegg Portal. The MFA token is from the authenticator app.", + "deprecated": true, "parameters": [], "requestBody": { "required": true, "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/MfaConfigRequest" + "$ref": "#/components/schemas/VerifyMFAAuthAppRequest" } } } }, "responses": { "201": { - "description": "", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/MfaConfigResponse" - } - } - } + "description": "" } }, "tags": [ - "MFA configuration" + "MFA" ] - }, - "get": { - "operationId": "MfaController_getMfaConfig", - "summary": "Get MFA configuration", - "description": "This route gets the MFA configuration for a vendor.", + } + }, + "/resources/auth/v1/user/mfa/emailcode": { + "post": { + "operationId": "AuthenticationMFAControllerV1_preVerifyEmailOtcMfa", + "summary": "Request verify MFA using email code", "parameters": [], - "responses": { - "200": { - "description": "", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/MfaConfigResponse" - } + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/AuthRequestVerifyMfaRequest" } } } }, + "responses": { + "201": { + "description": "" + } + }, "tags": [ - "MFA configuration" - ] + "MFA" + ], + "description": "" } }, - "/resources/permissions/v1/categories": { - "get": { - "operationId": "PermissionsCategoriesController_getAllCategoriesWithPermissions", - "summary": "Get permissions categories", - "description": "This route returns all permissions categories for a vendor. Each category is an object containing the name, description, permissions, and other defining information.", + "/resources/auth/v1/user/mfa/emailcode/verify": { + "post": { + "operationId": "AuthenticationMFAControllerV1_verifyEmailOtcMfa", + "summary": "Verify MFA using email code", "parameters": [], - "responses": { - "200": { - "description": "", - "content": { - "application/json": { - "schema": { - "type": "array", - "items": { - "$ref": "#/components/schemas/PermissionCategoryResponseDto" - } - } + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/VerifyMFAEmailOTCRequest" } } } }, + "responses": { + "201": { + "description": "" + } + }, "tags": [ - "Permission categories" - ] - }, + "MFA" + ], + "description": "" + } + }, + "/resources/auth/v1/user/mfa/authenticator/enroll": { "post": { - "operationId": "PermissionsCategoriesController_createPermissionCategory", - "summary": "Create category", - "description": "Use this route to add a new permissions category. Each category you add requires you to send information about the category in the POST body. Note that you do not associate the category with permissions here. You do that using the add and update permission routes where you send the category ID as a body parameter.", + "operationId": "AuthenticationMFAControllerV1_preEnrollAuthenticatorMfa", + "summary": "Pre enroll MFA using Authenticator App", "parameters": [], "requestBody": { "required": true, "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/CreateCategoryDto" + "$ref": "#/components/schemas/AuthRequestEnrollMFARequest" } } } }, "responses": { "201": { - "description": "", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/PermissionCategoryResponseDto" - } - } - } + "description": "" } }, "tags": [ - "Permission categories" - ] + "MFA" + ], + "description": "" } }, - "/resources/permissions/v1/categories/{categoryId}": { - "patch": { - "operationId": "PermissionsCategoriesController_updateCategory", - "summary": "Update category", - "description": "This route updates an existing permissions category. Add the category ID as a path parameter to the route url to specify which category you are updating. Send the updated information about the category in the PATCH body. Note that here is not where you update the permissions associated with the category. Use the add or update permissions routes to do that. Use the **Get categories** API to get ", - "parameters": [ - { - "name": "categoryId", - "required": true, - "in": "path", - "schema": { - "type": "string" - } - } - ], + "/resources/auth/v1/user/mfa/authenticator/enroll/verify": { + "post": { + "operationId": "AuthenticationMFAControllerV1_enrollAuthenticatorMfa", + "summary": "Enroll MFA using Authenticator App", + "parameters": [], "requestBody": { "required": true, "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/UpdateCategoryDto" + "$ref": "#/components/schemas/VerifyEnrollMFAAuthAppRequest" } } } }, "responses": { - "200": { + "201": { "description": "" } }, "tags": [ - "Permission categories" - ] - }, - "delete": { - "operationId": "PermissionsCategoriesController_deleteCategory", - "summary": "Delete category", - "description": "This route deletes a category. Add the category ID as a path parameter to the route url to specify which category you are deleting. Use the **Get categories** API to get the category ID.", + "MFA" + ], + "description": "" + } + }, + "/resources/auth/v1/user/mfa/authenticator/{deviceId}/verify": { + "post": { + "operationId": "AuthenticationMFAControllerV1_verifyAuthenticatorMfa", + "summary": "Verify MFA using authenticator app", + "description": "This route verifies MFA as part of the authentication process. Send the **`frontegg-vendor-host`** as a header. This is your domain name in the Frontegg Portal ➜ Workspace Settings ➜ Domains ➜ Domain Name. Send information required for MFA in the POST body. The `value` is the service name from your Authentication Settings in the Frontegg Portal. The MFA token is from the authenticator app.", "parameters": [ { - "name": "categoryId", + "name": "deviceId", "required": true, "in": "path", "schema": { "type": "string" - } + }, + "description": "" } ], + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/VerifyMFAAuthAppRequest" + } + } + } + }, "responses": { - "200": { + "201": { "description": "" } }, "tags": [ - "Permission categories" + "MFA" ] } }, - "/resources/permissions/v1": { - "get": { - "operationId": "PermissionsControllerV1_getAllPermissions", - "summary": "Get permissions", - "description": "This route returns all permissions for the vendor. Each permission is an object containing the name, description, assigned roles, categories, and other defining information.", + "/resources/auth/v1/user/mfa/sms/enroll": { + "post": { + "operationId": "AuthenticationMFAControllerV1_preEnrollSmsMfa", + "summary": "Pre-enroll MFA using sms", "parameters": [], - "responses": { - "200": { - "description": "", - "content": { - "application/json": { - "schema": { - "type": "array", - "items": { - "$ref": "#/components/schemas/PermissionResponse" - } - } + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/RequestEnrollMFASMSRequest" } } } }, + "responses": { + "201": { + "description": "" + } + }, "tags": [ - "Permissions" - ] - }, + "MFA" + ], + "description": "" + } + }, + "/resources/auth/v1/user/mfa/sms/enroll/verify": { "post": { - "operationId": "PermissionsControllerV1_addPermissions", - "summary": "Create permissions", - "description": "This route adds a new permission. Each permission you add requires information about the permission in the POST body. Note that you do not associate permissions to the role here. Use the associate permission to roles route to do that.", + "operationId": "AuthenticationMFAControllerV1_enrollSmsMfa", + "summary": "Enroll MFA using sms", "parameters": [], "requestBody": { "required": true, "content": { "application/json": { "schema": { - "type": "array", - "items": { - "$ref": "#/components/schemas/AddPermissionRequest" - } + "$ref": "#/components/schemas/VerifyEnrollMFASMSRequest" } } } }, "responses": { "201": { - "description": "", - "content": { - "application/json": { - "schema": { - "type": "array", - "items": { - "$ref": "#/components/schemas/PermissionResponse" - } - } - } - } + "description": "" } }, "tags": [ - "Permissions" - ] + "MFA" + ], + "description": "" } }, - "/resources/permissions/v1/{permissionId}": { - "delete": { - "operationId": "PermissionsControllerV1_deletePermission", - "summary": "Delete permission", - "description": "This route deletes a permission. Add the permission ID as a path parameter to the route url to specify which permission you are deleting. Use the **Get permissions** API to get the permission ID.", + "/resources/auth/v1/user/mfa/sms/{deviceId}": { + "post": { + "operationId": "AuthenticationMFAControllerV1_preVerifySmsMfa", + "summary": "Request to verify MFA using sms", "parameters": [ { - "name": "permissionId", + "name": "deviceId", "required": true, "in": "path", "schema": { "type": "string" - } + }, + "description": "" } ], + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/AuthRequestVerifyMfaRequest" + } + } + } + }, "responses": { - "204": { + "201": { "description": "" } }, "tags": [ - "Permissions" - ] - }, - "patch": { - "operationId": "PermissionsControllerV1_updatePermission", - "summary": "Update permission", - "description": "This route updates an existing permission. Add the permission ID as a path parameter to the route url to specify which permission you are updating. Send the updated information about the permission in the PATCH body. Note that you do not update roles for the permission here. Use the associate permission to roles route to do that.", + "MFA" + ], + "description": "" + } + }, + "/resources/auth/v1/user/mfa/sms/{deviceId}/verify": { + "post": { + "operationId": "AuthenticationMFAControllerV1_verifySmsMfa", + "summary": "Verify MFA using sms", "parameters": [ { - "name": "permissionId", + "name": "deviceId", "required": true, "in": "path", "schema": { "type": "string" + }, + "description": "" + } + ], + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/VerifyMFASMSRequest" + } } } + }, + "responses": { + "201": { + "description": "" + } + }, + "tags": [ + "MFA" ], + "description": "" + } + }, + "/resources/auth/v1/user/mfa/webauthn/enroll": { + "post": { + "operationId": "AuthenticationMFAControllerV1_preEnrollWebauthnMfa", + "summary": "Pre enroll MFA using WebAuthN", + "parameters": [], "requestBody": { "required": true, "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/UpdatePermissionRequest" + "$ref": "#/components/schemas/AuthRequestEnrollMFARequest" } } } }, "responses": { - "200": { - "description": "", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/PermissionResponse" - } + "201": { + "description": "" + } + }, + "tags": [ + "MFA" + ], + "description": "" + } + }, + "/resources/auth/v1/user/mfa/webauthn/enroll/verify": { + "post": { + "operationId": "AuthenticationMFAControllerV1_enrollWebauthnMfa", + "summary": "Enroll MFA using WebAuthN", + "parameters": [], + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/VerifyEnrollMFAWebAuthnRequest" } } } }, + "responses": { + "201": { + "description": "" + } + }, "tags": [ - "Permissions" - ] + "MFA" + ], + "description": "" } }, - "/resources/permissions/v1/{permissionId}/roles": { - "put": { - "operationId": "PermissionsControllerV1_setRolesToPermission", - "summary": "Set a permission to multiple roles", - "description": "This route associates a permission to multiple roles. Add the permission ID as a path parameter to the route url and include the role IDs in the request body as an array of strings. Any pre-existing roles associated with the permission will stay associated. Use the **Get roles** API to get the role IDs.", + "/resources/auth/v1/user/mfa/webauthn/{deviceId}": { + "post": { + "operationId": "AuthenticationMFAControllerV1_preVerifyWebauthnMfa", + "summary": "Request verify MFA using WebAuthN", "parameters": [ { - "name": "permissionId", + "name": "deviceId", "required": true, "in": "path", "schema": { "type": "string" - } + }, + "description": "" } ], "requestBody": { @@ -2899,75 +3000,81 @@ "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/AddRolesToPermissionRequest" + "$ref": "#/components/schemas/AuthRequestVerifyMfaRequest" } } } }, "responses": { - "200": { - "description": "", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/PermissionResponse" - } - } - } + "201": { + "description": "" } }, "tags": [ - "Permissions" - ] + "MFA" + ], + "description": "" } }, - "/resources/permissions/v1/classification": { - "put": { - "operationId": "PermissionsControllerV1_updatePermissionsAssignmentType", - "summary": "Set permissions classification", - "description": "This route accepts an array of **`permissionIds`** and the type for these permissions classifications. This allows segregating which permissions will be used from self service", - "parameters": [], + "/resources/auth/v1/user/mfa/webauthn/{deviceId}/verify": { + "post": { + "operationId": "AuthenticationMFAControllerV1_verifyWebauthnMfa", + "summary": "Verify MFA using webauthn", + "parameters": [ + { + "name": "deviceId", + "required": true, + "in": "path", + "schema": { + "type": "string" + }, + "description": "" + } + ], "requestBody": { "required": true, "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/ClassifyPermissionsDto" + "$ref": "#/components/schemas/VerifyMFAWebAuthnRequest" } } } }, "responses": { - "200": { - "description": "", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/PermissionResponse" - } - } - } + "201": { + "description": "" } }, "tags": [ - "Permissions" - ] + "MFA" + ], + "description": "" } }, - "/resources/roles/v1": { + "/resources/configurations/v1/mfa-policy/allow-remember-device": { "get": { - "operationId": "PermissionsControllerV1_getAllRoles", - "summary": "Get roles", - "description": "This route returns all roles for all tenants. To get a role for a specific tenant, send the tenant ID in the **`frontegg-tenant-id`** header. Each role is an object containing the name, permissions, and other defining information.", + "operationId": "SecurityPolicyController_checkIfAllowToRememberDevice", + "summary": "Check if remember device allowed", + "description": "This route checks if remember device is allowed for all tenants. To check if remember device is allowed for a specific tenant, send the tenant’s ID in the **`frontegg-tenant-id`** header. Get the mfa token from the authenticator app and send it as a query params.", "parameters": [ { "name": "frontegg-tenant-id", "in": "header", - "description": "For relating a role to a specific tenant, use `get tenants` API to find the tenant ids", + "description": "The tenant ID identifier", "required": false, "schema": { "type": "string" } + }, + { + "name": "mfaToken", + "required": true, + "in": "query", + "description": "MFA token from the response body of the first factor authentication", + "schema": { + "type": "string" + } } ], "responses": { @@ -2976,118 +3083,96 @@ "content": { "application/json": { "schema": { - "type": "array", - "items": { - "$ref": "#/components/schemas/RoleResponse" - } + "$ref": "#/components/schemas/CheckAllowRememberResponse" } } } } }, "tags": [ - "Roles" + "MFA" ] - }, + } + }, + "/resources/users/v1/mfa/enroll": { "post": { - "operationId": "PermissionsControllerV1_addRoles", - "summary": "Create roles", - "description": "This route adds a new role for all tenants. To add a role for a specific tenant, send tenant ID in the **`frontegg-tenant-id`** header. Each role you add requires information about the role in the POST body. Note that you do not assign permissions to the role here. Use the attach permissions to role route to do that.", + "operationId": "UsersMfaControllerV1_enrollAuthAppMfa", + "summary": "Enroll authenticator app MFA", + "description": "This route enrolls MFA for a logged-in user for a specific tenant. Send the **`frontegg-user-id`** header to declare which user. A vendor token is required for this route, it can be obtained from the vendor authentication route.", + "deprecated": true, "parameters": [ { - "name": "frontegg-tenant-id", + "name": "frontegg-user-id", "in": "header", - "description": "For relating a role to a specific tenant, use `get tenants` API to find the tenant ids", - "required": false, - "schema": { - "type": "string" - } - } - ], - "requestBody": { - "required": true, - "content": { - "application/json": { - "schema": { - "type": "array", - "items": { - "$ref": "#/components/schemas/AddRoleRequest" - } - } + "description": "The user ID identifier", + "required": true, + "schema": { + "type": "string" } } - }, + ], "responses": { - "201": { + "200": { "description": "", "content": { "application/json": { "schema": { - "type": "array", - "items": { - "$ref": "#/components/schemas/RoleResponse" - } + "$ref": "#/components/schemas/RequestEnrollAuthenticatorAppMfaResponse" } } } } }, "tags": [ - "Roles" + "MFA" ] } }, - "/resources/roles/v1/{roleId}": { - "delete": { - "operationId": "PermissionsControllerV1_deleteRole", - "summary": "Delete role", - "description": "This route deletes a role. Add the role ID as a path parameter to the route url to specify which role you are deleting.", + "/resources/users/v1/mfa/authenticator/enroll": { + "post": { + "operationId": "UsersMfaControllerV1_enrollAuthenticatorMfa", + "summary": "Enroll authenticator app MFA", + "description": "This route enrolls MFA for a logged-in user for a specific tenant. Send the **`frontegg-user-id`** header to declare which user. A vendor token is required for this route, it can be obtained from the vendor authentication route.", "parameters": [ { - "name": "roleId", - "required": true, - "in": "path", - "schema": { - "type": "string" - } - }, - { - "name": "frontegg-tenant-id", + "name": "frontegg-user-id", "in": "header", - "description": "For relating a role to a specific tenant, use `get tenants` API to find the tenant ids", - "required": false, + "description": "The user ID identifier", + "required": true, "schema": { "type": "string" } } ], "responses": { - "204": { - "description": "" + "200": { + "description": "", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/RequestEnrollAuthenticatorAppMfaResponse" + } + } + } } }, "tags": [ - "Roles" + "MFA" ] - }, - "patch": { - "operationId": "PermissionsControllerV1_updateRole", - "summary": "Update role", - "description": "This route updates an existing role. Add the role ID as a path parameter to the route url to specify which role you are updating. Send the updated information about the role in the PATCH body. Note that you do not update permissions for the role here. Use the attach permissions to role route to do that. Use the **Get roles** API to get the role ID.", + } + }, + "/resources/users/v1/mfa/enroll/verify": { + "post": { + "operationId": "UsersMfaControllerV1_verifyAuthAppMfaEnrollment", + "summary": "Verify authenticator app MFA enrollment", + "description": "This route verifies MFA enrollment using a QR code. Send the **`frontegg-user-id`** header to declare which user. Send information required for MFA in the POST body. The MFA token should be obtained from the authenticator app after scanning the QR code received . A vendor token is required for this route, it can be obtained from the vendor authentication route.", + "deprecated": true, "parameters": [ { - "name": "roleId", - "required": true, - "in": "path", - "schema": { - "type": "string" - } - }, - { - "name": "frontegg-tenant-id", + "name": "frontegg-user-id", "in": "header", - "description": "For relating a role to a specific tenant, use `get tenants` API to find the tenant ids", - "required": false, + "description": "The user ID identifier", + "required": true, "schema": { "type": "string" } @@ -3098,7 +3183,7 @@ "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/UpdateRoleRequest" + "$ref": "#/components/schemas/VerifyEnrollMFAUserAuthAppRequest" } } } @@ -3109,36 +3194,28 @@ "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/RoleResponse" + "$ref": "#/components/schemas/VerifyEnrollMFAResponse" } } } } }, "tags": [ - "Roles" + "MFA" ] } }, - "/resources/roles/v1/{roleId}/permissions": { - "put": { - "operationId": "PermissionsControllerV1_setPermissionsToRole", - "summary": "Assign permissions to a role", - "description": "This route assigns permissions to a role. Add the role ID as a path parameter to the route url and include the permission IDs in the request body as an array of strings. Any pre-existing permissions will be overridden by the new permissions. Use the get roles API to get the role IDs. Use the **Get permissions** API to get the permissions IDs.", + "/resources/users/v1/mfa/authenticator/enroll/verify": { + "post": { + "operationId": "UsersMfaControllerV1_verifyAuthenticatorMfaEnrollment", + "summary": "Verify authenticator app MFA enrollment", + "description": "This route verifies MFA enrollment using a QR code. Send the **`frontegg-user-id`** header to declare which user. Send information required for MFA in the POST body. The MFA token should be obtained from the authenticator app after scanning the QR code received . A vendor token is required for this route, it can be obtained from the vendor authentication route.", "parameters": [ { - "name": "roleId", - "required": true, - "in": "path", - "schema": { - "type": "string" - } - }, - { - "name": "frontegg-tenant-id", + "name": "frontegg-user-id", "in": "header", - "description": "For relating a role to a specific tenant, use `get tenants` API to find the tenant ids", - "required": false, + "description": "The user ID identifier", + "required": true, "schema": { "type": "string" } @@ -3149,7 +3226,7 @@ "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/AddPermissionToRoleRequest" + "$ref": "#/components/schemas/VerifyEnrollMFAUserAuthAppRequest" } } } @@ -3160,175 +3237,191 @@ "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/RoleResponse" + "$ref": "#/components/schemas/VerifyEnrollMFAResponse" } } } } }, "tags": [ - "Roles" + "MFA" ] } }, - "/resources/configurations/v1/sms": { + "/resources/users/v1/mfa/sms/enroll": { "post": { - "operationId": "VendorSmsController_createSmsVendorConfig", - "summary": "Creates or updates a vendor SMS config", - "description": "This route creates or updates SMS configuration for a vendor.", - "parameters": [], + "operationId": "UsersMfaControllerV1_preEnrollSmsMfa", + "summary": "Enroll SMS MFA", + "parameters": [ + { + "name": "frontegg-user-id", + "in": "header", + "description": "The user ID identifier", + "required": true, + "schema": { + "type": "string" + } + } + ], "requestBody": { "required": true, "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/CreateSmsVendorConfigRequest" - } - } - } - }, - "responses": { - "200": { - "description": "", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/SmsVendorConfigResponse" - } - } - } - }, - "201": { - "description": "", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/SmsVendorConfigResponse" - } + "$ref": "#/components/schemas/RequestEnrollMFASMSRequest" } } } }, - "tags": [ - "SMS configuration" - ] - }, - "delete": { - "operationId": "VendorSmsController_deleteSmsVendorConfig", - "summary": "Deletes a vendor SMS config", - "parameters": [], "responses": { "200": { "description": "" } }, "tags": [ - "SMS configuration" - ] - }, - "get": { - "operationId": "VendorSmsController_getSmsVendorConfig", - "summary": "Gets a vendor SMS config", - "parameters": [], - "responses": { - "200": { - "description": "", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/SmsVendorConfigResponse" - } + "MFA" + ], + "description": "" + } + }, + "/resources/users/v1/mfa/sms/enroll/verify": { + "post": { + "operationId": "UsersMfaControllerV1_enrollSmsMfa", + "summary": "Verify MFA enrollment", + "parameters": [ + { + "name": "frontegg-user-id", + "in": "header", + "description": "The user ID identifier", + "required": true, + "schema": { + "type": "string" + } + } + ], + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/VerifyEnrollMFASMSRequest" } } } }, - "tags": [ - "SMS configuration" - ] - } - }, - "/resources/configurations/v1/sms/templates": { - "get": { - "operationId": "VendorSmsController_getAllSmsTemplates", - "summary": "Gets vendor SMS templates", - "parameters": [], "responses": { "200": { - "description": "", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/SmsTemplateResponse" - } - } - } + "description": "" } }, "tags": [ - "SMS templates" - ] + "MFA" + ], + "description": "" } }, - "/resources/configurations/v1/sms/templates/{type}": { - "get": { - "operationId": "VendorSmsController_getSmsTemplate", - "summary": "Gets vendor SMS template by type", + "/resources/configurations/v1/mfa-policy": { + "post": { + "operationId": "SecurityPolicyController_createMfaPolicy", + "summary": "Create MFA policy", + "description": "This route creates the MFA policy globally or for a specific tenant. To create an MFA policy for a specific tenant, send the tenant’s ID in the **`frontegg-tenant-id`** header.", "parameters": [ { - "name": "type", - "required": true, - "in": "path", + "name": "frontegg-tenant-id", + "in": "header", + "description": "The tenant ID identifier", + "required": false, "schema": { "type": "string" } } ], + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/MfaPolicyRequest" + } + } + } + }, "responses": { - "200": { + "201": { "description": "", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/SmsTemplateResponse" + "$ref": "#/components/schemas/MfaPolicyResponse" } } } + }, + "409": { + "description": "MFA Policy already exists. Try to use the Update MFA Policy API" } }, "tags": [ - "SMS templates" + "MFA Settings" ] }, - "delete": { - "operationId": "VendorSmsController_deleteSmsTemplate", - "summary": "Deletes vendor SMS template by type", + "patch": { + "operationId": "SecurityPolicyController_updateSecurityPolicy", + "summary": "Update security policy", + "description": "This route updates the MFA policy for all tenants. To update an MFA policy for a specific tenant, send the tenant’s ID in the **`frontegg-tenant-id`** header.", "parameters": [ { - "name": "type", - "required": true, - "in": "path", + "name": "frontegg-tenant-id", + "in": "header", + "description": "The tenant ID identifier", + "required": false, "schema": { "type": "string" } } ], + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/MfaPolicyRequest" + } + } + } + }, "responses": { "200": { - "description": "" + "description": "", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/MfaPolicyResponse" + } + } + } + }, + "400": { + "description": "Missing parameters to update" + }, + "404": { + "description": "Security policy not found" } }, "tags": [ - "SMS templates" + "MFA Settings" ] }, - "post": { - "operationId": "VendorSmsController_createSmsTemplate", - "summary": "Create or update a vendor SMS template", + "put": { + "operationId": "SecurityPolicyController_upsertSecurityPolicy", + "summary": "Upsert security policy", + "description": "This route creates or updates the MFA policy for all tenants. To create or update an MFA policy for a specific tenant, send the tenant’s ID in the **`frontegg-tenant-id`** header.", "parameters": [ { - "name": "type", - "required": true, - "in": "path", + "name": "frontegg-tenant-id", + "in": "header", + "description": "The tenant ID identifier", + "required": false, "schema": { "type": "string" } @@ -3339,7 +3432,7 @@ "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/CreateSmsTemplateRequest" + "$ref": "#/components/schemas/MfaPolicyRequest" } } } @@ -3350,36 +3443,26 @@ "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/SmsTemplateResponse" - } - } - } - }, - "201": { - "description": "", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/SmsTemplateResponse" + "$ref": "#/components/schemas/MfaPolicyResponse" } } } } }, "tags": [ - "SMS templates" + "MFA Settings" ] - } - }, - "/resources/configurations/v1/sms/templates/{type}/default": { + }, "get": { - "operationId": "VendorSmsController_getSmsDefaultTemplate", - "summary": "Gets vendor default SMS template by type", + "operationId": "SecurityPolicyController_getSecurityPolicy", + "summary": "Get security policy", + "description": "This route gets the MFA policy for all tenants. To get the MFA policy for a specific tenant, send the tenant’s ID in the **`frontegg-tenant-id`** header.", "parameters": [ { - "name": "type", - "required": true, - "in": "path", + "name": "frontegg-tenant-id", + "in": "header", + "description": "The tenant ID identifier", + "required": false, "schema": { "type": "string" } @@ -3391,37 +3474,103 @@ "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/SmsTemplateResponse" + "$ref": "#/components/schemas/MfaPolicyResponse" } } } + }, + "404": { + "description": "Security Policy not found. MFA is disabled" } }, "tags": [ - "SMS templates" + "MFA Settings" ] } }, - "/resources/configurations/sessions/v1/vendor": { + "/resources/configurations/v1/mfa/strategies": { "get": { - "operationId": "SessionConfigurationControllerV1_getVendorSessionConfiguration", - "summary": "Get environment session configuration", + "operationId": "MFAStrategiesControllerV1_getMFAStrategies", + "summary": "Get MFA strategies", "parameters": [], "responses": { "200": { + "description": "", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/MFAStrategiesResponse" + } + } + } + } + }, + "tags": [ + "MFA Settings" + ], + "description": "" + }, + "post": { + "operationId": "MFAStrategiesControllerV1_createOrUpdateMFAStrategy", + "summary": "Create or update MFA strategy", + "parameters": [], + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/CreateOrUpdateMFAStrategyRequest" + } + } + } + }, + "responses": { + "201": { "description": "" } }, "tags": [ - "Sessions configuration" - ] + "MFA Settings" + ], + "description": "" } }, - "/resources/user-sources/v1": { + "/resources/configurations/v1/mfa": { + "post": { + "operationId": "MfaController_upsertMfaConfig", + "summary": "Update MFA configuration", + "description": "This route updates the MFA configuration for a vendor. Send values in the POST body as objects for params that you want to add or update. See the dropdowns for available values for each object param.", + "parameters": [], + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/MfaConfigRequest" + } + } + } + }, + "responses": { + "201": { + "description": "", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/MfaConfigResponse" + } + } + } + } + }, + "tags": [ + "MFA configuration" + ] + }, "get": { - "operationId": "UserSourcesControllerV1_getUserSources", - "summary": "Get vendor user sources", - "description": "This route gets all vendor's user sources. A vendor token is required for this route.", + "operationId": "MfaController_getMfaConfig", + "summary": "Get MFA configuration", + "description": "This route gets the MFA configuration for a vendor.", "parameters": [], "responses": { "200": { @@ -3429,60 +3578,69 @@ "content": { "application/json": { "schema": { - "type": "array", - "items": { - "$ref": "#/components/schemas/GetUserSourceExtendedResponseDTO" - } + "$ref": "#/components/schemas/MfaConfigResponse" } } } } }, "tags": [ - "User sources (pools)" + "MFA configuration" ] } }, - "/resources/user-sources/v1/{id}": { - "get": { - "operationId": "UserSourcesControllerV1_getUserSource", - "summary": "Get vendor user source", - "description": "This route gets a user source by id. A vendor token is required for this route.", + "/resources/configurations/v1/password": { + "post": { + "operationId": "PasswordPolicyController_addOrUpdatePasswordConfig", + "summary": "Update password configuration", + "description": "This route updates the password policy for all tenants. To update the password policy for a specific tenant, send the tenant’s ID in the **`frontegg-tenant-id`** header. Send the updated values as POST body params.", "parameters": [ { - "name": "id", - "required": true, - "in": "path", + "name": "frontegg-tenant-id", + "in": "header", + "description": "The tenant ID identifier", + "required": false, "schema": { "type": "string" } } ], + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/PasswordConfigRequest" + } + } + } + }, "responses": { - "200": { + "201": { "description": "", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/GetUserSourceResponseDTO" + "$ref": "#/components/schemas/PasswordConfigResponse" } } } } }, "tags": [ - "User sources (pools)" + "Password settings" ] }, - "delete": { - "operationId": "UserSourcesControllerV1_deleteUserSource", - "summary": "Delete user source", - "description": "This route deletes a user source. A vendor token is required for this route.", + "get": { + "operationId": "PasswordPolicyController_getPasswordConfig", + "summary": "Gets password policy configuration", + "description": "This route gets the password policy for all tenants. To get the password policy for a specific tenant, send the tenant’s ID in the **`frontegg-tenant-id`** header.", "parameters": [ { - "name": "id", - "required": true, - "in": "path", + "name": "frontegg-tenant-id", + "in": "header", + "description": "The tenant ID identifier", + "required": false, "schema": { "type": "string" } @@ -3490,26 +3648,43 @@ ], "responses": { "200": { - "description": "" + "description": "", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/PasswordConfigResponse" + } + } + } } }, "tags": [ - "User sources (pools)" + "Password settings" ] } }, - "/resources/user-sources/v1/external/auth0": { + "/resources/configurations/v1/password-history-policy": { "post": { - "operationId": "UserSourcesControllerV1_createAuth0ExternalUserSource", - "summary": "Create Auth0 external user source", - "description": "This route creates a new external user source. A vendor token is required for this route.", - "parameters": [], + "operationId": "PasswordHistoryPolicyController_createPolicy", + "summary": "Create password history policy", + "description": "This route creates the password history policy for all tenants. To create a password history policy for a specific tenant, send the tenant’s ID in the **`frontegg-tenant-id`** header. To enable the Password History, make sure to set the enabled variable to true and the password history size to a number between 1 to 10.", + "parameters": [ + { + "name": "frontegg-tenant-id", + "in": "header", + "description": "The tenant ID identifier", + "required": false, + "schema": { + "type": "string" + } + } + ], "requestBody": { "required": true, "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/CreateAuth0ExternalUserSourceRequestDTO" + "$ref": "#/components/schemas/PasswordHistoryPolicyRequest" } } } @@ -3520,159 +3695,161 @@ "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/CreateUserSourceResponse" + "$ref": "#/components/schemas/PasswordHistoryPolicyResponse" } } } + }, + "409": { + "description": "Policy already exists. Use the Update Password History Policy API." } }, "tags": [ - "User sources (pools)" + "Password settings" ] - } - }, - "/resources/user-sources/v1/external/cognito": { - "post": { - "operationId": "UserSourcesControllerV1_createCognitoExternalUserSource", - "summary": "Create Cognito external user source", - "description": "This route creates a new external user source. A vendor token is required for this route.", - "parameters": [], + }, + "patch": { + "operationId": "PasswordHistoryPolicyController_updatePolicy", + "summary": "Update password history policy", + "description": "This route updates the password history policy for all tenants. To update a password history policy for a specific tenant, send the tenant’s ID in the **`frontegg-tenant-id`** header. To disable the password history policy, make sure to set the enabled variable to false. The password history size can also be changed to a number between 1 to 10", + "parameters": [ + { + "name": "frontegg-tenant-id", + "in": "header", + "description": "The tenant ID identifier", + "required": false, + "schema": { + "type": "string" + } + } + ], "requestBody": { "required": true, "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/CreateCognitoExternalUserSourceRequestDTO" + "$ref": "#/components/schemas/PasswordHistoryPolicyRequest" } } } }, "responses": { - "201": { + "200": { "description": "", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/CreateUserSourceResponse" + "$ref": "#/components/schemas/PasswordHistoryPolicyResponse" } } } + }, + "404": { + "description": "History size must to be between 1 to 10" } }, "tags": [ - "User sources (pools)" + "Password settings" ] - } - }, - "/resources/user-sources/v1/external/firebase": { - "post": { - "operationId": "UserSourcesControllerV1_createFirebaseExternalUserSource", - "summary": "Create Firebase external user source", - "description": "This route creates a new external user source. A vendor token is required for this route.", - "parameters": [], - "requestBody": { - "required": true, - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/CreateFirebaseExternalUserSourceRequestDTO" - } + }, + "get": { + "operationId": "PasswordHistoryPolicyController_getPolicy", + "summary": "Get password history policy", + "description": "This route gets the password history policy for all tenants or one tenant specifically. To create a password history policy for a specific tenant, send the tenant’s ID in the **`frontegg-tenant-id`** header.", + "parameters": [ + { + "name": "frontegg-tenant-id", + "in": "header", + "description": "The tenant ID identifier", + "required": false, + "schema": { + "type": "string" } } - }, + ], "responses": { - "201": { + "200": { "description": "", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/CreateUserSourceResponse" + "$ref": "#/components/schemas/PasswordHistoryPolicyResponse" } } } + }, + "404": { + "description": "Password History Policy not found. Policy is disabled" } }, "tags": [ - "User sources (pools)" + "Password settings" ] } }, - "/resources/user-sources/v1/external/custom-code": { + "/resources/users/v1/passwords/reset": { "post": { - "operationId": "UserSourcesControllerV1_createCustomCodeExternalUserSource", - "summary": "Create Custom-Code external user source", - "description": "This route creates a new external user source. A vendor token is required for this route.", + "operationId": "UsersPasswordControllerV1_resetPassword", + "summary": "Reset password", + "description": "This route sends a reset password email to the user. Send the user’s email in the POST body. If your email template uses metadata, send email metadata in the POST body, too.", "parameters": [], "requestBody": { "required": true, "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/CreateCustomCodeExternalUserSourceRequestDTO" + "$ref": "#/components/schemas/ResetPasswordDto" } } } }, "responses": { "201": { - "description": "", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/CreateUserSourceResponse" - } - } - } + "description": "" } }, "tags": [ - "User sources (pools)" + "Password settings" ] } }, - "/resources/user-sources/v1/federation": { + "/resources/users/v1/passwords/reset/verify": { "post": { - "operationId": "UserSourcesControllerV1_createFederationUserSource", - "summary": "Create Federation user source", - "description": "This route creates a new federation user source. A vendor token is required for this route.", + "operationId": "UsersPasswordControllerV1_verifyResetPassword", + "summary": "Verify password", + "description": "This route verifies a user’s password using a verification token. Send the userId, token, and password in the POST body. For the token, see the route under users for generating user password reset token.", "parameters": [], "requestBody": { "required": true, "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/CreateFederationUserSourceRequestDTO" + "$ref": "#/components/schemas/VerifyPasswordDto" } } } }, "responses": { "201": { - "description": "", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/CreateUserSourceResponse" - } - } - } + "description": "" } }, "tags": [ - "User sources (pools)" + "Password settings" ] } }, - "/resources/user-sources/v1/external/auth0/{id}": { - "put": { - "operationId": "UserSourcesControllerV1_updateAuth0ExternalUserSource", - "summary": "Update Auth0 external user source", - "description": "This route updates an external user source. A vendor token is required for this route.", + "/resources/users/v1/passwords/change": { + "post": { + "operationId": "UsersPasswordControllerV1_changePassword", + "summary": "Change password", + "description": "This route changes the password for a logged-in user. Send the **`frontegg-user-id`** and **`frontegg-tenant-id`** headers to declare which user and which tenant. Send the current and new passwords in the POST body.", "parameters": [ { - "name": "id", + "name": "frontegg-user-id", + "in": "header", + "description": "The user ID identifier", "required": true, - "in": "path", "schema": { "type": "string" } @@ -3683,112 +3860,135 @@ "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/UpdateExternalAuth0UserSourceRequestDTO" + "$ref": "#/components/schemas/UpdateUserPasswordDto" } } } }, "responses": { - "200": { + "201": { "description": "" } }, "tags": [ - "User sources (pools)" + "Password settings" ] } }, - "/resources/user-sources/v1/external/cognito/{id}": { - "put": { - "operationId": "UserSourcesControllerV1_updateCognitoExternalUserSource", - "summary": "Update Cognito external user source", - "description": "This route updates an external user source. A vendor token is required for this route.", + "/resources/users/v1/passwords/config": { + "get": { + "operationId": "UsersPasswordControllerV1_getUserPasswordConfig", + "summary": "Get strictest password configuration", + "description": "This route gets the user’s hardest password configuration. This is useful when a user belongs to multiple tenants and does not have the same password complexity for all of them. The route returns the strictest setting the user is subject to.", "parameters": [ { - "name": "id", - "required": true, - "in": "path", + "name": "userId", + "required": false, + "in": "query", "schema": { "type": "string" - } + }, + "description": "" } ], + "responses": { + "200": { + "description": "", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/PasswordConfigResponse" + } + } + } + } + }, + "tags": [ + "Password settings" + ] + } + }, + "/resources/auth/v1/passwordless/smscode/prelogin": { + "post": { + "operationId": "AuthenticationPasswordlessControllerV1_smsCodePreLogin", + "summary": "SMS code prelogin", + "description": "This route triggers the system to send an SMS to the user and is the first step when authenticating using the sms otc passwordless mechanism. Send the **`frontegg-vendor-host`** as a header to declare which vendor. This is your domain name in the Frontegg Portal ➜ Workspace Settings ➜ Domains ➜ Domain Name. Send the user's email as POST body params. Include the invitation token if the user is signing up by invitation. Send the recaptcha token if the recaptcha is enabled for login.", + "parameters": [], "requestBody": { "required": true, "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/UpdateExternalCognitoUserSourceRequestDTO" + "$ref": "#/components/schemas/PasswordlessAuthenticationSmsOtcPreloginDto" } } } }, "responses": { - "200": { - "description": "" + "201": { + "description": "", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/PasswordlessAuthenticationSmsOTCPreloginResponseDto" + } + } + } + }, + "400": { + "description": "User does not have a phone number" } }, "tags": [ - "User sources (pools)" + "Passwordless" ] } }, - "/resources/user-sources/v1/external/firebase/{id}": { - "put": { - "operationId": "UserSourcesControllerV1_updateFirebaseExternalUserSource", - "summary": "Update Firebase external user source", - "description": "This route updates an external user source. A vendor token is required for this route.", - "parameters": [ - { - "name": "id", - "required": true, - "in": "path", - "schema": { - "type": "string" - } - } - ], + "/resources/auth/v1/passwordless/smscode/postlogin": { + "post": { + "operationId": "AuthenticationPasswordlessControllerV1_smsCodePostLogin", + "summary": "SMS code postlogin", + "description": "This route authenticates a local user and is the second step when authenticating using the sms otc passwordless mechanism. Send the **`frontegg-vendor-host`** as a header to declare which vendor. This is your domain name in the Frontegg Portal ➜ Workspace Settings ➜ Domains ➜ Domain Name. Send the user's token id as a POST body params. Include the invitation token if the user is signing up by invitation. Send the recaptcha token if the recaptcha is enabled for login. The route returns the refresh cookie and JWT.", + "parameters": [], "requestBody": { "required": true, "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/UpdateExternalFirebaseUserSourceRequestDTO" + "$ref": "#/components/schemas/AuthenticateUserPasswordlessDto" } } } }, "responses": { - "200": { - "description": "" + "201": { + "description": "", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/AuthenticationResponseDto" + } + } + } } }, "tags": [ - "User sources (pools)" + "Passwordless" ] } }, - "/resources/user-sources/v1/external/custom-code/{id}": { - "put": { - "operationId": "UserSourcesControllerV1_updateCustomCodeExternalUserSource", - "summary": "Update Custom-Code external user source", - "description": "This route updates an external user source. A vendor token is required for this route.", - "parameters": [ - { - "name": "id", - "required": true, - "in": "path", - "schema": { - "type": "string" - } - } - ], + "/resources/auth/v1/passwordless/magiclink/prelogin": { + "post": { + "operationId": "AuthenticationPasswordlessControllerV1_magicLinkPrelogin", + "summary": "Magic link prelogin", + "description": "This route triggers the system to send the magic link to the user and is the first step when authenticating a local user with the magic link passwordless mechanism. Send the **`frontegg-vendor-host`** as a header to declare which vendor. This is your domain name in the Frontegg Portal ➜ Workspace Settings ➜ Domains ➜ Domain Name. Send the user's email as POST body params. Include the invitation token if the user is signing up by invitation. Send the recaptcha token if the recaptcha is enabled for login.", + "parameters": [], "requestBody": { "required": true, "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/UpdateExternalCustomCodeUserSourceRequestDTO" + "$ref": "#/components/schemas/PasswordlessAuthenticationPreloginDto" } } } @@ -3796,60 +3996,61 @@ "responses": { "200": { "description": "" + }, + "400": { + "description": "Invalid authentication type, magic link authentication should be enabled" } }, "tags": [ - "User sources (pools)" + "Passwordless" ] } }, - "/resources/user-sources/v1/federation/{id}": { - "put": { - "operationId": "UserSourcesControllerV1_updateFederationUserSource", - "summary": "Update Federation user source", - "description": "This route updates a federation user source. A vendor token is required for this route.", - "parameters": [ - { - "name": "id", - "required": true, - "in": "path", - "schema": { - "type": "string" - } - } - ], + "/resources/auth/v1/passwordless/magiclink/postlogin": { + "post": { + "operationId": "AuthenticationPasswordlessControllerV1_magicLinkPostLogin", + "summary": "Magic link postlogin", + "description": "This route authenticates a local user and is the second step when using the magic link passwordless mechanism. Send the **`frontegg-vendor-host`** as a header to declare which vendor. This is your domain name in the Frontegg Portal ➜ Workspace Settings ➜ Domains ➜ Domain Name. Send the user's token id as POST body params. Include the invitation token if the user is signing up by invitation. Send the recaptcha token if the recaptcha is enabled for login. The route returns the refresh cookie and JWT.", + "parameters": [], "requestBody": { "required": true, "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/UpdateFederationUserSourceRequestDTO" + "$ref": "#/components/schemas/AuthenticateUserPasswordlessDto" } } } }, "responses": { - "200": { - "description": "" + "201": { + "description": "", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/AuthenticationResponseDto" + } + } + } } }, "tags": [ - "User sources (pools)" + "Passwordless" ] } }, - "/resources/user-sources/v1/assign": { + "/resources/auth/v1/passwordless/code/prelogin": { "post": { - "operationId": "UserSourcesControllerV1_assignUserSource", - "summary": "Assign applications to a user source", - "description": "This route assigns applications to a user source. A vendor token is required for this route.", + "operationId": "AuthenticationPasswordlessControllerV1_emailCodePrelogin", + "summary": "OTC (One-Time Code) prelogin", + "description": "This route triggers the system to send a one-time code to the user and is the first step when authenticating a local user using the email otc passwordless mechanism. Send the **`frontegg-vendor-host`** as a header to declare which vendor. This is your domain name in the Frontegg Portal ➜ Workspace Settings ➜ Domains ➜ Domain Name. Send the user's email as POST body params. Include the invitation token if the user is signing up by invitation. Send the recaptcha token if the recaptcha is enabled for login.", "parameters": [], "requestBody": { "required": true, "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/AssignApplicationsToUserSourceRequestDTO" + "$ref": "#/components/schemas/PasswordlessAuthenticationPreloginDto" } } } @@ -3857,54 +4058,55 @@ "responses": { "201": { "description": "" + }, + "400": { + "description": "Invalid authentication type, OTC (One-Time Code) authentication should be enabled" } }, "tags": [ - "User sources (pools)" + "Passwordless" ] } }, - "/resources/user-sources/v1/unassign": { + "/resources/auth/v1/passwordless/code/postlogin": { "post": { - "operationId": "UserSourcesControllerV1_unassignUserSource", - "summary": "Unassign applications from a user source", - "description": "This route unassigns applications from a user source. A vendor token is required for this route.", + "operationId": "AuthenticationPasswordlessControllerV1_emailCodePostLogin", + "summary": "OTC (One-Time Code) postlogin", + "description": "This route authenticates a local user and is the second step when using the email otc passwordless mechanism. Send the **`frontegg-vendor-host`** as a header to declare which vendor. This is your domain name in the Frontegg Portal ➜ Workspace Settings ➜ Domains ➜ Domain Name. Send the user's token id as POST body params. Include the invitation token if the user is signing up by invitation. Send the recaptcha token if the recaptcha is enabled for login. The route returns the refresh cookie and JWT.", "parameters": [], "requestBody": { "required": true, "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/UnassignApplicationsFromUserSourceRequestDTO" + "$ref": "#/components/schemas/AuthenticateUserPasswordlessDto" } } } }, "responses": { "201": { - "description": "" + "description": "", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/AuthenticationResponseDto" + } + } + } } }, "tags": [ - "User sources (pools)" + "Passwordless" ] } }, - "/resources/user-sources/v1/{id}/users": { + "/resources/permissions/v1": { "get": { - "operationId": "UserSourcesControllerV1_getUserSourceUsers", - "summary": "Get user source users", - "description": "This route gets all of users of a user source. A vendor token is required for this route.", - "parameters": [ - { - "name": "id", - "required": true, - "in": "path", - "schema": { - "type": "string" - } - } - ], + "operationId": "PermissionsControllerV1_getAllPermissions", + "summary": "Get permissions", + "description": "This route returns all permissions for the vendor. Each permission is an object containing the name, description, assigned roles, categories, and other defining information.", + "parameters": [], "responses": { "200": { "description": "", @@ -3913,7 +4115,7 @@ "schema": { "type": "array", "items": { - "$ref": "#/components/schemas/GetUserSourceUsersResponseDTO" + "$ref": "#/components/schemas/PermissionResponse" } } } @@ -3921,199 +4123,169 @@ } }, "tags": [ - "User sources (pools)" + "Permissions" ] - } - }, - "/resources/vendor-only/users/v1/{userId}": { - "get": { - "operationId": "VendorOnlyUsers_getUserById", - "summary": "Get user", - "description": "This route gets a user by its ID regardless of any tenant the user belongs to. Send the user’s ID as a path params. The route is for vendor-use only.", - "parameters": [ - { - "name": "userId", - "required": true, - "in": "path", - "schema": { - "type": "string" + }, + "post": { + "operationId": "PermissionsControllerV1_addPermissions", + "summary": "Create permissions", + "description": "This route adds a new permission. Each permission you add requires information about the permission in the POST body. Note that you do not associate permissions to the role here. Use the associate permission to roles route to do that.", + "parameters": [], + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "$ref": "#/components/schemas/AddPermissionRequest" + } + } } } - ], + }, "responses": { - "200": { + "201": { "description": "", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/UserDto" + "type": "array", + "items": { + "$ref": "#/components/schemas/PermissionResponse" + } } } } } }, "tags": [ - "Users" + "Permissions" ] } }, - "/resources/vendor-only/users/v1/{userId}/mfa/unenroll": { - "post": { - "operationId": "VendorOnlyUsers_MFAUnenroll", - "summary": "Unenroll user from MFA globally", - "description": "This route unenrolls a user from MFA regardless of any tenant the user belongs to. Send the user’s ID as a path params. The route is for vendor-use only.", + "/resources/permissions/v1/{permissionId}": { + "delete": { + "operationId": "PermissionsControllerV1_deletePermission", + "summary": "Delete permission", + "description": "This route deletes a permission. Add the permission ID as a path parameter to the route url to specify which permission you are deleting. Use the **Get permissions** API to get the permission ID.", "parameters": [ { - "name": "userId", + "name": "permissionId", "required": true, "in": "path", "schema": { "type": "string" - } + }, + "description": "" } ], "responses": { - "200": { + "204": { "description": "" } }, "tags": [ - "Users" + "Permissions" ] - } - }, - "/resources/vendor-only/users/v1/passwords/verify": { - "post": { - "operationId": "VendorOnlyUsers_verifyUserPassword", - "summary": "Verify user's password", - "description": "This route verify user email and password. Send the user’s email and password and the response will be true or false. The route is for vendor-use only.", - "parameters": [], - "requestBody": { - "required": true, - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/ValidateUserPasswordRequest" - } - } - } - }, - "responses": { - "200": { - "description": "", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/ValidateUserPasswordResponse" - } - } - } + }, + "patch": { + "operationId": "PermissionsControllerV1_updatePermission", + "summary": "Update permission", + "description": "This route updates an existing permission. Add the permission ID as a path parameter to the route url to specify which permission you are updating. Send the updated information about the permission in the PATCH body. Note that you do not update roles for the permission here. Use the associate permission to roles route to do that.", + "parameters": [ + { + "name": "permissionId", + "required": true, + "in": "path", + "schema": { + "type": "string" + }, + "description": "" } - }, - "tags": [ - "Users" - ] - } - }, - "/resources/vendor-only/users/v1": { - "post": { - "operationId": "VendorOnlyUsers_createUser", - "summary": "Create user", - "description": "This route creates a user and allows setting **`mfaBypass`** property on that user for testing purposes. The route is for vendor-use only.", - "parameters": [], + ], "requestBody": { "required": true, "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/CreateUserDtoVendorOnly" + "$ref": "#/components/schemas/UpdatePermissionRequest" } } } }, "responses": { - "201": { + "200": { "description": "", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/UserDto" + "$ref": "#/components/schemas/PermissionResponse" } } } } }, "tags": [ - "Users" + "Permissions" ] } }, - "/resources/tenants/users/v1/statuses": { - "get": { - "operationId": "get", - "summary": "Get users tenants statuses", - "description": "This route gets the tenants statuses of vendor users. Expects an array of **`userIds`** with max of 200 and optionally an array of **`userTenantStatuses`** as query params. Note that there is a limit of 2000 tenants statuses per user.", + "/resources/permissions/v1/{permissionId}/roles": { + "put": { + "operationId": "PermissionsControllerV1_setRolesToPermission", + "summary": "Set a permission to multiple roles", + "description": "This route associates a permission to multiple roles. Add the permission ID as a path parameter to the route url and include the role IDs in the request body as an array of strings. Any pre-existing roles associated with the permission will stay associated. Use the **Get roles** API to get the role IDs.", "parameters": [ { - "name": "userIds", + "name": "permissionId", "required": true, - "in": "query", - "description": "User IDs", - "schema": { - "type": "array", - "items": { - "type": "string" - } - } - }, - { - "name": "userTenantStatuses", - "required": false, - "in": "query", - "description": "Tenant Statuses", + "in": "path", "schema": { - "type": "array", - "items": { - "type": "string", - "enum": [ - "PendingInvitation", - "PendingLogin", - "Activated", - "NotActivated" - ] + "type": "string" + }, + "description": "" + } + ], + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/AddRolesToPermissionRequest" } } } - ], + }, "responses": { "200": { "description": "", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/UserTenantStatusesResponse" + "$ref": "#/components/schemas/PermissionResponse" } } } } }, "tags": [ - "Users" + "Permissions" ] } }, - "/resources/users/temporary/v1/configuration": { + "/resources/permissions/v1/classification": { "put": { - "operationId": "TemporaryUsersV1Controller_updateConfiguration", - "summary": "Set temporary users configuration", - "description": "This route updates the settings for temporary users, use it to enable or disable it for an environment", + "operationId": "PermissionsControllerV1_updatePermissionsAssignmentType", + "summary": "Set permissions classification", + "description": "This route accepts an array of **`permissionIds`** and the type for these permissions classifications. This allows segregating which permissions will be used from self service", "parameters": [], "requestBody": { "required": true, "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/TemporaryUsersConfigurationDto" + "$ref": "#/components/schemas/ClassifyPermissionsDto" } } } @@ -4124,20 +4296,22 @@ "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/TemporaryUsersConfigurationDto" + "$ref": "#/components/schemas/PermissionResponse" } } } } }, "tags": [ - "Users" + "Permissions" ] - }, + } + }, + "/resources/permissions/v1/categories": { "get": { - "operationId": "TemporaryUsersV1Controller_getConfiguration", - "summary": "Gets temporary users configuration", - "description": "This route get the settings for temporary users, use it to check whether the policy is's enabled or disabled", + "operationId": "PermissionsCategoriesController_getAllCategoriesWithPermissions", + "summary": "Get permissions categories", + "description": "This route returns all permissions categories for a vendor. Each category is an object containing the name, description, permissions, and other defining information.", "parameters": [], "responses": { "200": { @@ -4145,131 +4319,116 @@ "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/TemporaryUsersConfigurationDto" + "type": "array", + "items": { + "$ref": "#/components/schemas/PermissionCategoryResponseDto" + } } } } } }, "tags": [ - "User management" + "Permissions categories" ] - } - }, - "/resources/users/bulk/v1/invite": { + }, "post": { - "operationId": "UsersBulkControllerV1_bulkInviteUsers", - "summary": "Invite users to tenant in bulk", - "description": "This route enables you to invite users to tenant in bulk. Expects an array of `users`. Each entry must include a user's `email`.", - "parameters": [ - { - "name": "frontegg-tenant-id", - "in": "header", - "description": "The tenant ID identifier", - "required": true, - "schema": { - "type": "string" - } - } - ], + "operationId": "PermissionsCategoriesController_createPermissionCategory", + "summary": "Create category", + "description": "Use this route to add a new permissions category. Each category you add requires you to send information about the category in the POST body. Note that you do not associate the category with permissions here. You do that using the add and update permission routes where you send the category ID as a body parameter.", + "parameters": [], "requestBody": { "required": true, "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/UsersBulkInviteRequestDto" + "$ref": "#/components/schemas/CreateCategoryDto" } } } }, "responses": { - "202": { + "201": { "description": "", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/TaskContext" + "$ref": "#/components/schemas/PermissionCategoryResponseDto" } } } } }, "tags": [ - "Users" + "Permissions categories" ] } }, - "/resources/users/bulk/v1/status/{id}": { - "get": { - "operationId": "UsersBulkControllerV1_getBulkInviteStatus", - "summary": "Get status of bulk invite task", - "description": "This route enables you to invite users to tenant in bulk. Expects an array of `users`. Each entry must include a user's `email`.", + "/resources/permissions/v1/categories/{categoryId}": { + "patch": { + "operationId": "PermissionsCategoriesController_updateCategory", + "summary": "Update category", + "description": "This route updates an existing permissions category. Add the category ID as a path parameter to the route url to specify which category you are updating. Send the updated information about the category in the PATCH body. Note that here is not where you update the permissions associated with the category. Use the add or update permissions routes to do that. Use the **Get categories** API to get ", "parameters": [ { - "name": "id", + "name": "categoryId", "required": true, "in": "path", "schema": { "type": "string" - } + }, + "description": "" } ], + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/UpdateCategoryDto" + } + } + } + }, "responses": { "200": { "description": "" } }, "tags": [ - "Users" + "Permissions categories" ] - } - }, - "/resources/users/v1/email": { - "get": { - "operationId": "UsersControllerV1_getUserByEmail", - "summary": "Get user by email", - "description": "This route get user by email", + }, + "delete": { + "operationId": "PermissionsCategoriesController_deleteCategory", + "summary": "Delete category", + "description": "This route deletes a category. Add the category ID as a path parameter to the route url to specify which category you are deleting. Use the **Get categories** API to get the category ID.", "parameters": [ { - "name": "email", + "name": "categoryId", "required": true, - "in": "query", + "in": "path", "schema": { "type": "string" - } + }, + "description": "" } ], "responses": { "200": { - "description": "", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/CoreUserDto" - } - } - } + "description": "" } }, "tags": [ - "Users" + "Permissions categories" ] } }, - "/resources/users/v1/{id}": { - "get": { - "operationId": "UsersControllerV1_getUserById", - "summary": "Get user by ID", - "description": "This route gets a specific user from a tenant. Send the tenant’s ID in the **`frontegg-tenant-id`** header to declare which tenant and send the user’s ID as a path params to declare which user. A vendor token is required for this route, it can be obtained from the vendor authentication route.", + "/resources/users/access-tokens/v1": { + "post": { + "operationId": "UserAccessTokensV1Controller_createUserAccessToken", + "summary": "Create user access token", "parameters": [ - { - "name": "id", - "required": true, - "in": "path", - "schema": { - "type": "string" - } - }, { "name": "frontegg-tenant-id", "in": "header", @@ -4278,35 +4437,12 @@ "schema": { "type": "string" } - } - ], - "responses": { - "200": { - "description": "", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/UserDto" - } - } - } - } - }, - "tags": [ - "Users" - ] - } - }, - "/resources/users/v1/{userId}": { - "put": { - "operationId": "UsersControllerV1_updateUserForVendor", - "summary": "Update user globally", - "description": "This route updates a user’s information globally, not just for a specific tenant. Send the user’s ID as a path params to identify specific user. Send the updated user values within the PUT body. The PUT request does a complete update of the resource, so include values for all of the body params that you want to have values. This is a global update, so do not send a **`frontegg-tenant-id`** within the header.", - "parameters": [ + }, { - "name": "userId", + "name": "frontegg-user-id", + "in": "header", + "description": "The user ID identifier", "required": true, - "in": "path", "schema": { "type": "string" } @@ -4317,45 +4453,46 @@ "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/UpdateVendorUserDto" + "$ref": "#/components/schemas/CreateUserAccessTokenRequest" } } } }, "responses": { - "200": { + "201": { "description": "", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/UserDto" + "$ref": "#/components/schemas/UserAccessTokenResponse" } } } } }, "tags": [ - "Users" - ] + "Personal tokens" + ], + "description": "" }, - "delete": { - "operationId": "UsersControllerV1_removeUserFromTenant", - "summary": "Remove user", - "description": "This route removes a user globally or from a specific tenant. To remove the user globally, no need to send a **`frontegg-tenant-id`**. To remove the user from only a specific tenant, send the tenant’s ID in the **`frontegg-tenant-id`** header. Send the user's ID as a path params to declare which user you are removing. A vendor token is required for this route, it can be obtained from the vendor authentication route.", + "get": { + "operationId": "UserAccessTokensV1Controller_getUserAccessTokens", + "summary": "Get user access tokens", "parameters": [ { - "name": "userId", + "name": "frontegg-tenant-id", + "in": "header", + "description": "The tenant ID identifier", "required": true, - "in": "path", "schema": { "type": "string" } }, { - "name": "frontegg-tenant-id", + "name": "frontegg-user-id", "in": "header", - "description": "The tenant ID identifier (optional)", - "required": false, + "description": "The user ID identifier", + "required": true, "schema": { "type": "string" } @@ -4363,27 +4500,53 @@ ], "responses": { "200": { - "description": "" + "description": "", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/GetUserAccessTokensResponse" + } + } + } } }, "tags": [ - "User management" - ] + "Personal tokens" + ], + "description": "" } }, - "/resources/users/v1/{userId}/verify": { - "post": { - "operationId": "UsersControllerV1_verifyUser", - "summary": "Verify user", - "description": "This route marks a user as verified. Send the user’s ID as a path params. A vendor token is required for this route, it can be obtained from the vendor authentication route.", + "/resources/users/access-tokens/v1/{id}": { + "delete": { + "operationId": "UserAccessTokensV1Controller_deleteUserAccessToken", + "summary": "Delete user access token by token ID", "parameters": [ { - "name": "userId", + "name": "frontegg-tenant-id", + "in": "header", + "description": "The tenant ID identifier", + "required": true, + "schema": { + "type": "string" + } + }, + { + "name": "frontegg-user-id", + "in": "header", + "description": "The user ID identifier", "required": true, - "in": "path", "schema": { "type": "string" } + }, + { + "name": "id", + "required": true, + "in": "path", + "schema": { + "type": "string" + }, + "description": "" } ], "responses": { @@ -4392,20 +4555,31 @@ } }, "tags": [ - "Users" - ] + "Personal tokens" + ], + "description": "" } }, - "/resources/users/v1/{userId}/invisible": { - "put": { - "operationId": "UsersControllerV1_setUserInvisibleMode", - "summary": "Make user invisible", - "description": "This route sets whether a user is invisible or visible. If a user is invisible, the user data remains in the Frontegg system but the user will not appear in the list of users in the admin box. An invisible user remains part of the tenant. Send the user’s ID as a path params. Also send as a PUT body params a Boolean value for invisible. True is invisible and false is visible. A vendor token is required for this route, it can be obtained from the vendor authentication route.", + "/resources/users/api-tokens/v1": { + "post": { + "operationId": "UserApiTokensV1Controller_createTenantApiToken", + "summary": "Create user client credentials token", + "description": "This route creates a user-specific API token. Send the user’s ID in the **`frontegg-user-id`** header and the tenant’s ID in the **`frontegg-tenant-id`** header. Optionally, send as POST body params values for metadata and description.", "parameters": [ { - "name": "userId", + "name": "frontegg-tenant-id", + "in": "header", + "description": "The tenant ID identifier", + "required": true, + "schema": { + "type": "string" + } + }, + { + "name": "frontegg-user-id", + "in": "header", + "description": "The user ID identifier", "required": true, - "in": "path", "schema": { "type": "string" } @@ -4416,162 +4590,160 @@ "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/UpdateUserInvisibleDto" + "$ref": "#/components/schemas/CreateUserApiTokenDto" } } } }, "responses": { - "200": { + "201": { "description": "", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/UserDto" + "$ref": "#/components/schemas/CreateUserApiTokenResponseDto" } } } } }, "tags": [ - "Users" + "Personal tokens" ] - } - }, - "/resources/users/v1/{userId}/superuser": { - "put": { - "operationId": "UsersControllerV1_setUserSuperuserMode", - "summary": "Make User superuser", - "description": "This route sets a user as a super-user. Note that super-user functionality is no longer maintained due to incompatibility with newer features. A super user has access to all tenants within the workspace. Send the user ID as the path params. Also send as a PUT body params a Boolean value for super user. True is super user and false is not. A vendor token is required for this route, it can be obtained from the vendor authentication route.", + }, + "get": { + "operationId": "UserApiTokensV1Controller_getApiTokens", + "summary": "Get user client credentials tokens", + "description": "This route gets a user-specific API token. Send the user’s ID in the **`frontegg-user-id`** header and the tenant’s ID in the **`frontegg-tenant-id`** header.", "parameters": [ { - "name": "userId", + "name": "frontegg-tenant-id", + "in": "header", + "description": "The tenant ID identifier", "required": true, - "in": "path", "schema": { "type": "string" } - } - ], - "requestBody": { - "required": true, - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/UpdateUserSuperuserDto" - } + }, + { + "name": "frontegg-user-id", + "in": "header", + "description": "The user ID identifier", + "required": true, + "schema": { + "type": "string" } } - }, + ], "responses": { "200": { "description": "", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/UserDto" + "type": "array", + "items": { + "$ref": "#/components/schemas/GetUserApiTokensResponseDto" + } } } } } }, "tags": [ - "Users" + "Personal tokens" ] } }, - "/resources/users/v1/{userId}/tenant": { - "put": { - "operationId": "UsersControllerV1_updateUserTenantForVendor", - "summary": "Set user's tenant", - "description": "This route is for the vendor to set the active tenant of a user. The active tenant is the tenant the user will see in their admin portal and also the tenant for which the API reference will default to in situations where a route is tenant specific. Send the user ID as a path param and the tenant ID as a PUT body param. When using a non-existing tenant ID, there will be a tenant create for the provided ID. A vendor token is required for this route, it can be obtained from the vendor authentication route.", + "/resources/users/api-tokens/v1/{id}": { + "delete": { + "operationId": "UserApiTokensV1Controller_deleteApiToken", + "summary": "Delete user client credentials token by token ID", + "description": "This route deletes a user-specific API token. Send the token as the ID path param. Send the user’s ID in the **`frontegg-user-id`** header and the tenant’s ID in the **`frontegg-tenant-id`** header. Optionally, send as POST body params values for metadata and description.", "parameters": [ { - "name": "userId", + "name": "frontegg-tenant-id", + "in": "header", + "description": "The tenant ID identifier", "required": true, - "in": "path", "schema": { "type": "string" } - } - ], - "requestBody": { - "required": true, - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/UpdateUserTenantWithValidationDto" - } + }, + { + "name": "frontegg-user-id", + "in": "header", + "description": "The user ID identifier", + "required": true, + "schema": { + "type": "string" } + }, + { + "name": "id", + "required": true, + "in": "path", + "schema": { + "type": "string" + }, + "description": "" } - }, + ], "responses": { "200": { - "description": "", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/UserDto" - } - } - } + "description": "" } }, "tags": [ - "Users" + "Personal tokens" ] - }, - "post": { - "operationId": "UsersControllerV1_addUserToTenantForVendor", - "summary": "Add user to tenant", - "description": "This route adds a user to a tenant. Send the user ID as a path params and the tenant ID as a POST body params. To skip the invite email requirement, pass as an optional POST body params for skipInviteEmail. Set its value to true to skip the invite email. A vendor token is required for this route, it can be obtained from the vendor authentication route.", + } + }, + "/resources/roles/v1": { + "get": { + "operationId": "PermissionsControllerV1_getAllRoles", + "summary": "Get roles", + "description": "This route returns all roles for all tenants. To get a role for a specific tenant, send the tenant ID in the **`frontegg-tenant-id`** header. Each role is an object containing the name, permissions, and other defining information.", "parameters": [ { - "name": "userId", - "required": true, - "in": "path", + "name": "frontegg-tenant-id", + "in": "header", + "description": "For relating a role to a specific tenant, use `get tenants` API to find the tenant ids", + "required": false, "schema": { "type": "string" } } ], - "requestBody": { - "required": true, - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/AddUserToTenantRequest" - } - } - } - }, "responses": { - "201": { + "200": { "description": "", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/UserDto" + "type": "array", + "items": { + "$ref": "#/components/schemas/RoleResponse" + } } } } } }, "tags": [ - "Users" + "Roles" ] - } - }, - "/resources/users/v1/{userId}/email": { - "put": { - "operationId": "UsersControllerV1_updateUserEmail", - "summary": "Update user email", - "description": "This route updates the email address for a user globally, regardless of tenant. Send the user’s ID as a path params. Send the user’s new email address as a PUT body params.", + }, + "post": { + "operationId": "PermissionsControllerV1_addRoles", + "summary": "Create roles", + "description": "This route adds a new role for all tenants. To add a role for a specific tenant, send tenant ID in the **`frontegg-tenant-id`** header. Each role you add requires information about the role in the POST body. Note that you do not assign permissions to the role here. Use the attach permissions to role route to do that.", "parameters": [ { - "name": "userId", - "required": true, - "in": "path", + "name": "frontegg-tenant-id", + "in": "header", + "description": "For relating a role to a specific tenant, use `get tenants` API to find the tenant ids", + "required": false, "schema": { "type": "string" } @@ -4582,191 +4754,196 @@ "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/UpdateUserEmailDto" + "type": "array", + "items": { + "$ref": "#/components/schemas/AddRoleRequest" + } } } } }, "responses": { - "200": { + "201": { "description": "", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/UserDto" + "type": "array", + "items": { + "$ref": "#/components/schemas/RoleResponse" + } } } } } }, "tags": [ - "Users" + "Roles" ] } }, - "/resources/users/v1/{userId}/links/generate-activation-token": { - "post": { - "operationId": "UsersControllerV1_generateUserActivationLink", - "summary": "Generate activation token", - "description": "This route generates a new activation token for a user. Send the user’s ID as a path params. You may need this route in combination with the routes under Users Activation. It will not send the activation email itself, but return the activation link and token. A vendor token is required for this route, it can be obtained from the vendor authentication route.", + "/resources/roles/v1/{roleId}": { + "delete": { + "operationId": "PermissionsControllerV1_deleteRole", + "summary": "Delete role", + "description": "This route deletes a role. Add the role ID as a path parameter to the route url to specify which role you are deleting.", "parameters": [ { - "name": "userId", + "name": "roleId", "required": true, "in": "path", + "schema": { + "type": "string" + }, + "description": "" + }, + { + "name": "frontegg-tenant-id", + "in": "header", + "description": "For relating a role to a specific tenant, use `get tenants` API to find the tenant ids", + "required": false, "schema": { "type": "string" } } ], "responses": { - "201": { - "description": "", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/GenerateUserActivationLinkResponseDto" - } - } - } + "204": { + "description": "" } }, "tags": [ - "Users" + "Roles" ] - } - }, - "/resources/users/v1/{userId}/links/generate-password-reset-token": { - "post": { - "operationId": "UsersControllerV1_generateUserPasswordResetLink", - "summary": "Generate password reset token", - "description": "This route generates a password reset token for a user. Send the user’s ID as a path params. You may need this route in combination with the routes under Users Passwords. It will not send the reset password email itself, but return the reset link and token. A vendor token is required for this route, it can be obtained from the vendor authentication route.", + }, + "patch": { + "operationId": "PermissionsControllerV1_updateRole", + "summary": "Update role", + "description": "This route updates an existing role. Add the role ID as a path parameter to the route url to specify which role you are updating. Send the updated information about the role in the PATCH body. Note that you do not update permissions for the role here. Use the attach permissions to role route to do that. Use the **Get roles** API to get the role ID.", "parameters": [ { - "name": "userId", + "name": "roleId", "required": true, "in": "path", "schema": { "type": "string" + }, + "description": "" + }, + { + "name": "frontegg-tenant-id", + "in": "header", + "description": "For relating a role to a specific tenant, use `get tenants` API to find the tenant ids", + "required": false, + "schema": { + "type": "string" + } + } + ], + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/UpdateRoleRequest" + } } } - ], + }, "responses": { - "201": { + "200": { "description": "", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/GenerateUserResetPasswordLinkResponseDto" + "$ref": "#/components/schemas/RoleResponse" } } } } }, "tags": [ - "Users" + "Roles" ] } }, - "/resources/users/v1/{userId}/unlock": { - "post": { - "operationId": "UsersControllerV1_unlockUser", - "summary": "Unlock user", - "description": "This route unlocks a locked user. An unlocked user can sign in and use the system globally, regardless of the tenant. To unlock a user, call this route and send the user’s ID as a path params. A vendor token is required for this route, it can be obtained from the vendor authentication route.", + "/resources/roles/v1/{roleId}/permissions": { + "put": { + "operationId": "PermissionsControllerV1_setPermissionsToRole", + "summary": "Assign permissions to a role", + "description": "This route assigns permissions to a role. Add the role ID as a path parameter to the route url and include the permission IDs in the request body as an array of strings. Any pre-existing permissions will be overridden by the new permissions. Use the get roles API to get the role IDs. Use the **Get permissions** API to get the permissions IDs.", "parameters": [ { - "name": "userId", + "name": "roleId", "required": true, "in": "path", "schema": { "type": "string" - } - } - ], - "responses": { - "200": { + }, "description": "" - } - }, - "tags": [ - "Users" - ] - } - }, - "/resources/users/v1/{userId}/lock": { - "post": { - "operationId": "UsersControllerV1_lockUser", - "summary": "Lock user", - "description": "This route locks a user. A locked user cannot sign in or use the system globally, regardless of the tenant. To lock a user, call this route and send the user’s ID as a path params. A vendor token is required for this route, it can be obtained from the vendor authentication route.", - "parameters": [ + }, { - "name": "userId", - "required": true, - "in": "path", + "name": "frontegg-tenant-id", + "in": "header", + "description": "For relating a role to a specific tenant, use `get tenants` API to find the tenant ids", + "required": false, "schema": { "type": "string" } } ], - "responses": { - "200": { - "description": "" - } - }, - "tags": [ - "Users" - ] - } - }, - "/resources/users/v1/tenants/migrate": { - "put": { - "operationId": "UsersControllerV1_moveAllUsersTenants", - "summary": "Move all users from one tenant to another", - "description": "This route migrates all the users from the source tenant to the target. Specify in the request body the srcTenantId (the source tenant ID) and targetTenantId (the target tenant ID). A vendor token is required for this route, it can be obtained from the vendor authentication route.", - "parameters": [], "requestBody": { "required": true, "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/MigrateUsersFromTenantToTenantRequest" + "$ref": "#/components/schemas/AddPermissionToRoleRequest" } } } }, "responses": { "200": { - "description": "" + "description": "", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/RoleResponse" + } + } + } } }, "tags": [ - "Users" + "Roles" ] } }, - "/resources/tenants/invites/v1/user": { + "/resources/users/phone-numbers/v1": { "get": { - "operationId": "TenantInvitesController_getTenantInviteForUser", - "summary": "Get tenant invite of user", - "description": "This route gets an invitation for a specific user to join a tenant. Send the user’s ID in the **`frontegg-user-id`** header and the tenant’s ID in the **`frontegg-tenant-id`** header.", + "operationId": "UserPhoneNumbersControllerV1_getAllPhoneNumbers", + "summary": "Get all phone numbers", + "description": "This route returns all user phone numbers.", "parameters": [ { - "name": "frontegg-user-id", - "in": "header", - "description": "The user ID identifier", - "required": true, + "name": "_limit", + "required": false, + "in": "query", "schema": { - "type": "string" - } + "minimum": 1, + "type": "number" + }, + "description": "" }, { - "name": "frontegg-tenant-id", - "in": "header", - "description": "The tenant ID identifier", - "required": true, + "name": "_offset", + "required": false, + "in": "query", "schema": { - "type": "string" - } + "minimum": 0, + "type": "number" + }, + "description": "" } ], "responses": { @@ -4775,121 +4952,154 @@ "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/InviteTokenDto" + "$ref": "#/components/schemas/UserPhoneNumberResponseDto" } } } } }, "tags": [ - "Account invitations" + "SMS" ] }, "post": { - "operationId": "TenantInvitesController_createTenantInviteForUser", - "summary": "Create tenant invite for user", - "description": "This route creates an invitation for a specific user to join a tenant. Send the user’s ID in the **`frontegg-user-id`** header and the tenant’s ID in the **`frontegg-tenant-id`** header. To create a general invitation, use the general invitation route.", - "parameters": [ - { - "name": "frontegg-user-id", - "in": "header", - "description": "The user ID identifier", - "required": true, - "schema": { - "type": "string" + "operationId": "UserPhoneNumbersControllerV1_createUserPhoneNumber", + "summary": "Set phone number for a user", + "description": "This route creates new user phone number. By default verification code will be sent to the user. To create phone number without verification code, send **`verify`** as part of the request with value **`false`**.", + "parameters": [], + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/CreateUserPhoneNumberRequestDto" + } } - }, - { - "name": "frontegg-tenant-id", - "in": "header", - "description": "The tenant ID identifier", - "required": true, - "schema": { - "type": "string" + } + }, + "responses": { + "201": { + "description": "", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/UserPhoneNumberCreatedResponseDto" + } + } } } - ], + }, + "tags": [ + "SMS" + ] + } + }, + "/resources/users/phone-numbers/v1/preverify": { + "post": { + "operationId": "UserPhoneNumbersControllerV1_preVerifyUserPhoneNumber", + "summary": "Pre-verify user's phone number", + "description": "This route sends OTC to users phone number for verification.", + "parameters": [], "requestBody": { "required": true, "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/CreateInviteTokenRequestForUser" + "$ref": "#/components/schemas/PreVerifyUserPhoneNumberRequestDto" } } } }, "responses": { - "201": { + "200": { "description": "", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/InviteTokenDto" + "$ref": "#/components/schemas/UserPhoneNumberCreatedResponseDto" } } } } }, "tags": [ - "Account invitations" + "SMS" ] - }, - "delete": { - "operationId": "TenantInvitesController_deleteTenantInviteForUser", - "summary": "Delete tenant invite of user", - "description": "This route deletes an invitation for a specific user to join a tenant. Send the user’s ID in the **`frontegg-user-id`** header and the tenant’s ID in the **`frontegg-tenant-id`** header. To delete a general invitation, use the general invitation route.", - "parameters": [ - { - "name": "frontegg-user-id", - "in": "header", - "description": "The user ID identifier", - "required": true, - "schema": { - "type": "string" - } - }, - { - "name": "frontegg-tenant-id", - "in": "header", - "description": "The tenant ID identifier", - "required": true, - "schema": { - "type": "string" + } + }, + "/resources/users/phone-numbers/v1/verify": { + "post": { + "operationId": "UserPhoneNumbersControllerV1_verifyCreateUserPhoneNumber", + "summary": "Verify creation of phone number for user", + "description": "This route verifies user phone number using OTC code that was sent to the user.", + "parameters": [], + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/VerifyPhoneNumberOTCRequestDto" + } } } - ], + }, "responses": { "200": { "description": "" } }, "tags": [ - "Account invitations" + "SMS" ] - }, - "patch": { - "operationId": "TenantInvitesController_updateTenantInviteForUser", - "summary": "Update tenant invite of user", - "description": "This route updates an invitation for a specific user to join a tenant. In order to set up a specific expiration time, use the expiresInMinutes to declare when the invite is being invalidated. The shouldSendEmail boolean declares wether an invitation email will be sent or not. Send the user’s ID in the **`frontegg-user-id`** header and the tenant’s ID in the **`frontegg-tenant-id`** header. A vendor token is required for this route, it can be obtained from the vendor authentication route.", + } + }, + "/resources/users/phone-numbers/v1/{id}": { + "delete": { + "operationId": "UserPhoneNumbersControllerV1_deleteUserPhoneNumber", + "summary": "Delete user's phone number", + "description": "This route starts delete process for user phone number. Verification code will be sent to the user. Phone number wont be deleted until delete verification.", "parameters": [ { - "name": "frontegg-user-id", - "in": "header", - "description": "The user ID identifier", + "name": "id", "required": true, + "in": "path", "schema": { "type": "string" + }, + "description": "" + } + ], + "responses": { + "200": { + "description": "", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/UserPhoneNumberDeleteCodeResponseDto" + } + } } - }, + } + }, + "tags": [ + "SMS" + ] + } + }, + "/resources/users/phone-numbers/v1/{id}/delete/verify": { + "post": { + "operationId": "UserPhoneNumbersControllerV1_verifyDeleteUserPhoneNumber", + "summary": "Verify delete user's phone number", + "description": "This route verifies delete of user phone number using OTC code that was sent to the user and deletes phone number.", + "parameters": [ { - "name": "frontegg-tenant-id", - "in": "header", - "description": "The tenant ID identifier", + "name": "id", "required": true, + "in": "path", "schema": { "type": "string" - } + }, + "description": "" } ], "requestBody": { @@ -4897,40 +5107,33 @@ "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/UpdateInviteTokenRequest" + "$ref": "#/components/schemas/VerifyPhoneNumberOTCRequestDto" } } } }, "responses": { "200": { - "description": "", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/InviteTokenDto" - } - } - } + "description": "" } }, "tags": [ - "Account invitations" + "SMS" ] } }, - "/resources/tenants/invites/v1/verify": { + "/resources/configurations/v1/sms": { "post": { - "operationId": "TenantInvitesController_verifyTenantInvite", - "summary": "Verify tenant invite", - "description": "This route verifies a tenant invitation. Pass the invitation token as the token param. A vendor token is required for this route, it can be obtained from the vendor authentication route.", + "operationId": "VendorSmsController_createSmsVendorConfig", + "summary": "Creates or updates a vendor SMS config", + "description": "This route creates or updates SMS configuration for a vendor.", "parameters": [], "requestBody": { "required": true, "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/VerifyInviteTokenRequest" + "$ref": "#/components/schemas/CreateSmsVendorConfigRequest" } } } @@ -4941,76 +5144,66 @@ "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/InviteTokenDto" + "$ref": "#/components/schemas/SmsVendorConfigResponse" } } } - } - }, - "tags": [ - "Account invitations" - ] - } - }, - "/resources/tenants/invites/v1/configuration": { - "get": { - "operationId": "getInvitationConfiguration", - "summary": "Get tenant invite configuration", - "description": "This route checks if the vendor allows tenant invitations and if notifications are active. A vendor token is required for this route, it can be obtained from the vendor authentication route.", - "parameters": [], - "responses": { - "200": { + }, + "201": { "description": "", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/InvitationConfigurationResponse" + "$ref": "#/components/schemas/SmsVendorConfigResponse" } } } } }, "tags": [ - "Account invitations" + "SMS configuration" ] - } - }, - "/resources/configurations/restrictions/v1/email-domain": { - "post": { - "operationId": "DomainRestrictionsController_createDomainRestriction", - "summary": "Create domain restriction", - "description": "This route creates a new domain restriction for a tenant. Send values in the POST body as objects. See the dropdowns for available values for each object param.", + }, + "delete": { + "operationId": "VendorSmsController_deleteSmsVendorConfig", + "summary": "Deletes a vendor SMS config", "parameters": [], - "requestBody": { - "required": true, - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/DomainRestrictionsCreateRequest" - } - } + "responses": { + "200": { + "description": "" } }, + "tags": [ + "SMS configuration" + ], + "description": "" + }, + "get": { + "operationId": "VendorSmsController_getSmsVendorConfig", + "summary": "Gets a vendor SMS config", + "parameters": [], "responses": { - "201": { + "200": { "description": "", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/DomainRestrictionsResponse" + "$ref": "#/components/schemas/SmsVendorConfigResponse" } } } } }, "tags": [ - "Domain restrictions" - ] - }, + "SMS configuration" + ], + "description": "" + } + }, + "/resources/configurations/v1/sms/templates": { "get": { - "operationId": "DomainRestrictionsController_getDomainRestrictions", - "summary": "Get domain restrictions", - "description": "This route gets the domain restrictions for a tenant.", + "operationId": "VendorSmsController_getAllSmsTemplates", + "summary": "Gets vendor SMS templates", "parameters": [], "responses": { "200": { @@ -5018,129 +5211,232 @@ "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/DomainRestrictionsResponse" + "$ref": "#/components/schemas/SmsTemplateResponse" } } } } }, "tags": [ - "Domain restrictions" - ] + "SMS templates" + ], + "description": "" } }, - "/resources/configurations/restrictions/v1/email-domain/config": { + "/resources/configurations/v1/sms/templates/{type}": { "get": { - "operationId": "DomainRestrictionsController_getDomainRestrictionsConfig", - "summary": "Get domain restrictions", - "description": "This route gets the domain restrictions for a tenant.", - "parameters": [], + "operationId": "VendorSmsController_getSmsTemplate", + "summary": "Gets vendor SMS template by type", + "parameters": [ + { + "name": "type", + "required": true, + "in": "path", + "schema": { + "type": "string" + }, + "description": "" + } + ], "responses": { "200": { "description": "", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/DomainRestrictionsConfigResponse" + "$ref": "#/components/schemas/SmsTemplateResponse" } } } } }, "tags": [ - "Domain restrictions" - ] + "SMS templates" + ], + "description": "" + }, + "delete": { + "operationId": "VendorSmsController_deleteSmsTemplate", + "summary": "Deletes vendor SMS template by type", + "parameters": [ + { + "name": "type", + "required": true, + "in": "path", + "schema": { + "type": "string" + }, + "description": "" + } + ], + "responses": { + "200": { + "description": "" + } + }, + "tags": [ + "SMS templates" + ], + "description": "" }, "post": { - "operationId": "DomainRestrictionsController_updateDomainRestrictionsConfig", - "summary": "Change domain restrictions config list type and toggle it off/on", - "description": "This route updates domain restrictions config, can toggle check on/off.", - "parameters": [], + "operationId": "VendorSmsController_createSmsTemplate", + "summary": "Create or update a vendor SMS template", + "parameters": [ + { + "name": "type", + "required": true, + "in": "path", + "schema": { + "type": "string" + }, + "description": "" + } + ], "requestBody": { "required": true, "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/DomainRestrictionsConfigUpdateRequest" + "$ref": "#/components/schemas/CreateSmsTemplateRequest" } } } }, "responses": { + "200": { + "description": "", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/SmsTemplateResponse" + } + } + } + }, "201": { "description": "", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/DomainRestrictionsConfigResponse" + "$ref": "#/components/schemas/SmsTemplateResponse" } } } } }, "tags": [ - "Domain restrictions" - ] + "SMS templates" + ], + "description": "" } }, - "/resources/configurations/restrictions/v1/email-domain/{id}": { - "delete": { - "operationId": "DomainRestrictionsController_deleteDomainRestriction", - "summary": "Delete domain restriction", - "description": "This route deletes domain restriction.", + "/resources/configurations/v1/sms/templates/{type}/default": { + "get": { + "operationId": "VendorSmsController_getSmsDefaultTemplate", + "summary": "Gets vendor default SMS template by type", "parameters": [ { - "name": "id", + "name": "type", "required": true, "in": "path", "schema": { "type": "string" + }, + "description": "" + } + ], + "responses": { + "200": { + "description": "", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/SmsTemplateResponse" + } + } } } + }, + "tags": [ + "SMS templates" ], + "description": "" + } + }, + "/resources/configurations/sessions/v1/vendor": { + "get": { + "operationId": "SessionConfigurationControllerV1_getVendorSessionConfiguration", + "summary": "Get environment session configuration", + "parameters": [], "responses": { "200": { "description": "" } }, "tags": [ - "Domain restrictions" - ] + "Sessions configuration" + ], + "description": "" } }, - "/resources/configurations/restrictions/v1/email-domain/replace-bulk": { + "/resources/configurations/sessions/v1": { + "get": { + "operationId": "SessionConfigurationControllerV1_getSessionConfiguration", + "summary": "Get tenant or vendor default session configuration", + "description": "This route gets the Session configuration for the entire environment or a specific tenant. To get the Session configuration for a specific tenant, send the tenant’s id in the **`frontegg-tenant-id`** header", + "parameters": [ + { + "name": "frontegg-tenant-id", + "in": "header", + "description": "The tenant ID identifier", + "required": false, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "" + } + }, + "tags": [ + "Sessions management" + ] + }, "post": { - "operationId": "DomainRestrictionsController_createBulkDomainsRestriction", - "summary": "Replace bulk domain restriction", - "description": "This route replaces all domains from the incoming request", - "parameters": [], + "operationId": "SessionConfigurationControllerV1_createSessionConfiguration", + "summary": "Create or update tenant or vendor default session configuration", + "description": "This route creates or updates Session configuration for the entire environment or a specific tenant. To update the Session configuration for a specific tenant, send the tenant’s ID in the **`frontegg-tenant-id`** header", + "parameters": [ + { + "name": "frontegg-tenant-id", + "in": "header", + "description": "The tenant ID identifier", + "required": false, + "schema": { + "type": "string" + } + } + ], "requestBody": { "required": true, "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/DomainRestrictionsBulkRequestRequest" + "$ref": "#/components/schemas/CreateSessionConfigurationRequest" } } } }, "responses": { "201": { - "description": "", - "content": { - "application/json": { - "schema": { - "type": "array", - "items": { - "$ref": "#/components/schemas/DomainRestrictionsResponse" - } - } - } - } + "description": "" } }, "tags": [ - "Domain restrictions" + "Sessions management" ] } }, @@ -5161,7 +5457,8 @@ "rolesAndUsers" ], "type": "string" - } + }, + "description": "" } ], "responses": { @@ -5229,7 +5526,8 @@ "rolesAndUsers" ], "type": "string" - } + }, + "description": "" } ], "requestBody": { @@ -5271,7 +5569,8 @@ "in": "path", "schema": { "type": "string" - } + }, + "description": "" } ], "requestBody": { @@ -5311,7 +5610,8 @@ "in": "path", "schema": { "type": "string" - } + }, + "description": "" } ], "responses": { @@ -5334,7 +5634,8 @@ "in": "path", "schema": { "type": "string" - } + }, + "description": "" }, { "name": "_groupsRelations", @@ -5347,7 +5648,8 @@ "rolesAndUsers" ], "type": "string" - } + }, + "description": "" } ], "responses": { @@ -5426,7 +5728,8 @@ "in": "path", "schema": { "type": "string" - } + }, + "description": "" } ], "requestBody": { @@ -5459,7 +5762,8 @@ "in": "path", "schema": { "type": "string" - } + }, + "description": "" } ], "requestBody": { @@ -5494,7 +5798,8 @@ "in": "path", "schema": { "type": "string" - } + }, + "description": "" } ], "requestBody": { @@ -5527,7 +5832,8 @@ "in": "path", "schema": { "type": "string" - } + }, + "description": "" } ], "requestBody": { @@ -5567,7 +5873,8 @@ "rolesAndUsers" ], "type": "string" - } + }, + "description": "" }, { "name": "_limit", @@ -5576,115 +5883,8 @@ "schema": { "minimum": 1, "type": "number" - } - }, - { - "name": "_offset", - "required": false, - "in": "query", - "schema": { - "minimum": 0, - "type": "number" - } - }, - { - "name": "_sortBy", - "required": false, - "in": "query", - "schema": { - "enum": [ - "id", - "name", - "createdAt", - "updatedAt" - ], - "type": "string" - } - }, - { - "name": "_order", - "required": false, - "in": "query", - "schema": { - "enum": [ - "ASC", - "DESC" - ], - "type": "string" - } - } - ], - "responses": { - "200": { - "description": "", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/GroupResponse" - } - } - } - } - }, - "tags": [ - "User groups" - ] - } - }, - "/resources/configurations/v1/restrictions/ip/config": { - "post": { - "operationId": "IPRestrictionsControllerV1_createDomainRestriction", - "summary": "Create or update IP restriction configuration (ALLOW/BLOCK)", - "description": "This route creates or updates ip restrictions config.", - "parameters": [], - "requestBody": { - "required": true, - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/CreateOrUpdateIpRestrictionConfigDto" - } - } - } - }, - "responses": { - "201": { - "description": "" - } - }, - "tags": [ - "IP restrictions" - ] - }, - "get": { - "operationId": "IPRestrictionsControllerV1_getIpRestrictionConfig", - "summary": "Get IP restriction configuration (ALLOW/BLOCK)", - "description": "This route gets the ip restrictions config for a tenant.", - "parameters": [], - "responses": { - "200": { + }, "description": "" - } - }, - "tags": [ - "IP restrictions" - ] - } - }, - "/resources/configurations/v1/restrictions/ip": { - "get": { - "operationId": "IPRestrictionsControllerV1_getAllIpRestrictions", - "summary": "Get all IP restrictions", - "description": "This route gets the ip restrictions for a tenant.", - "parameters": [ - { - "name": "_limit", - "required": false, - "in": "query", - "schema": { - "minimum": 1, - "type": "number" - } }, { "name": "_offset", @@ -5693,246 +5893,133 @@ "schema": { "minimum": 0, "type": "number" - } + }, + "description": "" }, { - "name": "_filter", + "name": "_sortBy", "required": false, "in": "query", - "schema": { - "type": "string" - } - } - ], - "responses": { - "200": { - "description": "" - } - }, - "tags": [ - "IP restrictions" - ] - }, - "post": { - "operationId": "IPRestrictionsControllerV1_createIpRestriction", - "summary": "Create IP restriction", - "description": "This route creates or updates ip restriction for a tenant. Send values in the POST body as objects. See the dropdowns for available values for each object param.", - "parameters": [], - "requestBody": { - "required": true, - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/CreateOrUpdateIpRestrictionDto" - } - } - } - }, - "responses": { - "201": { - "description": "" - } - }, - "tags": [ - "IP restrictions" - ] - } - }, - "/resources/configurations/v1/restrictions/ip/verify": { - "post": { - "operationId": "IPRestrictionsControllerV1_testCurrentIp", - "summary": "Test Current IP", - "description": "This route checks if current ip is allowed.", - "parameters": [], - "responses": { - "201": { - "description": "" - } - }, - "tags": [ - "IP restrictions" - ] - } - }, - "/resources/configurations/v1/restrictions/ip/verify/allow": { - "post": { - "operationId": "testCurrentIpInAllowList", - "summary": "Test current IP is in allow list", - "description": "This route checks if current ip is active in the allow list.", - "parameters": [], - "responses": { - "201": { - "description": "" - } - }, - "tags": [ - "IP restrictions" - ] - } - }, - "/resources/configurations/v1/restrictions/ip/{id}": { - "delete": { - "operationId": "IPRestrictionsControllerV1_deleteIpRestrictionById", - "summary": "Delete IP restriction by IP", - "description": "This route deletes ip restriction.", - "parameters": [ - { - "name": "id", - "required": true, - "in": "path", - "schema": { - "type": "string" - } - } - ], - "responses": { - "200": { - "description": "" - } - }, - "tags": [ - "IP restrictions" - ] - } - }, - "/resources/configurations/v1/lockout-policy": { - "post": { - "operationId": "LockoutPolicyController_createLockoutPolicy", - "summary": "Create lockout policy", - "description": "This route creates a lockout policy for all tenants. To create a lockout policy for a specific tenant, send the tenant’s ID in the **`frontegg-tenant-id`** header. To enable the Lockout Policy, make sure to set the enabled variable to true and the maximum attempts to a number of your preference.", - "parameters": [ + "schema": { + "enum": [ + "id", + "name", + "createdAt", + "updatedAt" + ], + "type": "string" + }, + "description": "" + }, { - "name": "frontegg-tenant-id", - "in": "header", - "description": "The tenant ID identifier", + "name": "_order", "required": false, + "in": "query", "schema": { + "enum": [ + "ASC", + "DESC" + ], "type": "string" - } + }, + "description": "" } ], - "requestBody": { - "required": true, - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/LockoutPolicyRequest" - } - } - } - }, "responses": { - "201": { + "200": { "description": "", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/LockoutPolicyResponse" + "$ref": "#/components/schemas/GroupResponse" } } } - }, - "409": { - "description": "Lockout Policy already exists" } }, "tags": [ - "Lockout policy" + "User groups" ] - }, - "patch": { - "operationId": "LockoutPolicyController_updateLockoutPolicy", - "summary": "Update lockout policy", - "description": "This route updates a lockout policy for all tenants. To update a lockout policy for a specific tenant, send the tenant’s ID in the **`frontegg-tenant-id`** header. To disable the lockout policy, make sure to set the enabled variable to false. The maximum attempts variable can also be changed to a number of your preference", + } + }, + "/resources/tenants/users/v1/{userId}/disable": { + "post": { + "operationId": "UsersTenantsControllerV1_disableUserTenant", + "summary": "Disable user tenant", + "description": "This route disable a user. A disabled user cannot log in to the tenant or use the system. To disable a user, call this route and send the user’s ID as a path params.", "parameters": [ { - "name": "frontegg-tenant-id", - "in": "header", - "description": "The tenant ID identifier", - "required": false, + "name": "userId", + "required": true, + "in": "path", "schema": { "type": "string" - } + }, + "description": "" } ], - "requestBody": { - "required": true, - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/LockoutPolicyRequest" - } - } - } - }, "responses": { "200": { - "description": "", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/LockoutPolicyResponse" - } - } - } + "description": "" }, - "404": { - "description": "Lockout Policy not found. Try to use the Create Lockout Policy API" + "201": { + "description": "" + }, + "403": { + "description": "" } }, "tags": [ - "Lockout policy" + "User management" ] - }, - "get": { - "operationId": "LockoutPolicyController_getLockoutPolicy", - "summary": "Get lockout policy", - "description": "This route gets the lockout policy for all tenants or one tenant specifically. To get the lockout policy for a specific tenant, send the tenant’s ID in the **`frontegg-tenant-id`** header.", + } + }, + "/resources/tenants/users/v1/{userId}/enable": { + "post": { + "operationId": "UsersTenantsControllerV1_enableUserTenant", + "summary": "Enable user tenant", + "description": "This route enables a disabled user. An enabled user can log in and use the system. To enable a user, call this route and send the user’s ID as a path params.", "parameters": [ { - "name": "frontegg-tenant-id", - "in": "header", - "description": "The tenant ID identifier", - "required": false, + "name": "userId", + "required": true, + "in": "path", "schema": { "type": "string" - } + }, + "description": "" } ], "responses": { "200": { - "description": "", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/LockoutPolicyResponse" - } - } - } + "description": "" }, - "404": { - "description": "Lockout policy is not defined" + "201": { + "description": "" + }, + "403": { + "description": "" } }, "tags": [ - "Lockout policy" + "User management" ] } }, - "/resources/configurations/v1/mfa-policy": { - "post": { - "operationId": "SecurityPolicyController_createMfaPolicy", - "summary": "Create MFA policy", - "description": "This route creates the MFA policy globally or for a specific tenant. To create an MFA policy for a specific tenant, send the tenant’s ID in the **`frontegg-tenant-id`** header.", + "/resources/users/temporary/v1/{userId}": { + "put": { + "operationId": "TemporaryUsersV1Controller_editTimeLimit", + "summary": "Sets a permanent user to temporary", + "description": "This route updates the settings for temporary users, use it to enable or disable it for an environment", "parameters": [ { - "name": "frontegg-tenant-id", - "in": "header", - "description": "The tenant ID identifier", - "required": false, + "name": "userId", + "required": true, + "in": "path", "schema": { "type": "string" - } + }, + "description": "" } ], "requestBody": { @@ -5940,7 +6027,7 @@ "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/MfaPolicyRequest" + "$ref": "#/components/schemas/TemporaryUserDto" } } } @@ -5951,87 +6038,74 @@ "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/MfaPolicyResponse" + "$ref": "#/components/schemas/TemporaryUserDto" } } } - }, - "409": { - "description": "MFA Policy already exists. Try to use the Update MFA Policy API" } }, "tags": [ - "MFA settings" + "User management" ] }, - "patch": { - "operationId": "SecurityPolicyController_updateSecurityPolicy", - "summary": "Update security policy", - "description": "This route updates the MFA policy for all tenants. To update an MFA policy for a specific tenant, send the tenant’s ID in the **`frontegg-tenant-id`** header.", + "delete": { + "operationId": "TemporaryUsersV1Controller_setUserPermanent", + "summary": "Sets a temporary user to permanent", + "description": "This route sets an existing temporary user as permanent. Send the user’s ID as a path params.", "parameters": [ { - "name": "frontegg-tenant-id", - "in": "header", - "description": "The tenant ID identifier", - "required": false, + "name": "userId", + "required": true, + "in": "path", "schema": { "type": "string" - } + }, + "description": "" } ], - "requestBody": { - "required": true, - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/MfaPolicyRequest" - } - } + "responses": { + "200": { + "description": "" } }, + "tags": [ + "User management" + ] + } + }, + "/resources/users/temporary/v1/configuration": { + "get": { + "operationId": "TemporaryUsersV1Controller_getConfiguration", + "summary": "Gets temporary users configuration", + "description": "This route get the settings for temporary users, use it to check whether the policy is's enabled or disabled", + "parameters": [], "responses": { "200": { "description": "", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/MfaPolicyResponse" + "$ref": "#/components/schemas/TemporaryUsersConfigurationDto" } } } - }, - "400": { - "description": "Missing parameters to update" - }, - "404": { - "description": "Security policy not found" } }, "tags": [ - "MFA settings" + "User management" ] }, "put": { - "operationId": "SecurityPolicyController_upsertSecurityPolicy", - "summary": "Upsert security policy", - "description": "This route creates or updates the MFA policy for all tenants. To create or update an MFA policy for a specific tenant, send the tenant’s ID in the **`frontegg-tenant-id`** header.", - "parameters": [ - { - "name": "frontegg-tenant-id", - "in": "header", - "description": "The tenant ID identifier", - "required": false, - "schema": { - "type": "string" - } - } - ], + "operationId": "TemporaryUsersV1Controller_updateConfiguration", + "summary": "Set temporary users configuration", + "description": "This route updates the settings for temporary users, use it to enable or disable it for an environment", + "parameters": [], "requestBody": { "required": true, "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/MfaPolicyRequest" + "$ref": "#/components/schemas/TemporaryUsersConfigurationDto" } } } @@ -6042,82 +6116,65 @@ "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/MfaPolicyResponse" + "$ref": "#/components/schemas/TemporaryUsersConfigurationDto" } } } } }, "tags": [ - "MFA settings" + "Users" ] - }, - "get": { - "operationId": "SecurityPolicyController_getSecurityPolicy", - "summary": "Get security policy", - "description": "This route gets the MFA policy for all tenants. To get the MFA policy for a specific tenant, send the tenant’s ID in the **`frontegg-tenant-id`** header.", + } + }, + "/resources/sub-tenants/users/v1/{userId}/access": { + "put": { + "operationId": "UsersControllerV1_setUserRolesFromSubTenants", + "summary": "Set sub-account access for a user", + "description": "This route sets sub-account access for users as true or false", "parameters": [ { - "name": "frontegg-tenant-id", - "in": "header", - "description": "The tenant ID identifier", - "required": false, + "name": "userId", + "required": true, + "in": "path", "schema": { "type": "string" - } + }, + "description": "" } ], - "responses": { - "200": { - "description": "", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/MfaPolicyResponse" - } + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/UpdateSubAccountAccessRequestDto" } } - }, - "404": { - "description": "Security Policy not found. MFA is disabled" } }, - "tags": [ - "MFA settings" - ] - } - }, - "/resources/configurations/v1/mfa/strategies": { - "get": { - "operationId": "MFAStrategiesControllerV1_getMFAStrategies", - "summary": "Get MFA strategies", - "parameters": [], "responses": { "200": { - "description": "", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/MFAStrategiesResponse" - } - } - } + "description": "" } }, "tags": [ - "MFA settings" + "User management" ] - }, + } + }, + "/resources/users/v1/activate/reset": { "post": { - "operationId": "MFAStrategiesControllerV1_createOrUpdateMFAStrategy", - "summary": "Create or update MFA strategy", + "operationId": "UsersActivationControllerV1_resetActivationToken", + "summary": "Reset user activation token", + "description": "This route resets the activation token for a user and triggers a new activation email being sent to the user’s email.", "parameters": [], "requestBody": { "required": true, "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/CreateOrUpdateMFAStrategyRequest" + "$ref": "#/components/schemas/ResetActivationTokenDto" } } } @@ -6128,21 +6185,21 @@ } }, "tags": [ - "MFA settings" + "User management" ] } }, - "/resources/configurations/v1/password": { + "/resources/users/v1/invitation/reset": { "post": { - "operationId": "PasswordPolicyController_addOrUpdatePasswordConfig", - "summary": "Update password configuration", - "description": "This route updates the password policy for all tenants. To update the password policy for a specific tenant, send the tenant’s ID in the **`frontegg-tenant-id`** header. Send the updated values as POST body params.", + "operationId": "UsersTenantManagementControllerV1_resetTenantInvitationToken", + "summary": "Reset invitation", + "description": "This route resets an invitation for a user to join a specific tenant. Send the tenant’s ID in the **`frontegg-tenant-id`** header and the user's email in the POST body. It returns a new invitation link with a new token.", "parameters": [ { "name": "frontegg-tenant-id", "in": "header", "description": "The tenant ID identifier", - "required": false, + "required": true, "schema": { "type": "string" } @@ -6153,65 +6210,151 @@ "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/PasswordConfigRequest" + "$ref": "#/components/schemas/ResetTenantInvitationDto" } } } }, "responses": { - "201": { - "description": "", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/PasswordConfigResponse" - } - } - } + "200": { + "description": "" } }, "tags": [ - "Password settings" + "User management" ] - }, - "get": { - "operationId": "PasswordPolicyController_getPasswordConfig", - "summary": "Gets password policy configuration", - "description": "This route gets the password policy for all tenants. To get the password policy for a specific tenant, send the tenant’s ID in the **`frontegg-tenant-id`** header.", + } + }, + "/resources/users/v1/invitation/reset/all": { + "post": { + "operationId": "UsersTenantManagementControllerV1_resetAllTenantsInvitationToken", + "summary": "Reset all invitation tokens", + "description": "This route resets all invitation for a user to join all sub tenants which currently have invitation token. Send the tenant’s ID in the **`frontegg-tenant-id`** header and the user's email in the POST body. It returns a new invitation link with a new token.", "parameters": [ { "name": "frontegg-tenant-id", "in": "header", "description": "The tenant ID identifier", - "required": false, + "required": true, "schema": { "type": "string" } } ], - "responses": { - "200": { - "description": "", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/PasswordConfigResponse" - } + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ResetTenantInvitationDto" } } } }, + "responses": { + "200": { + "description": "" + } + }, "tags": [ - "Password settings" + "User management" ] } }, - "/resources/configurations/v1/password-history-policy": { - "post": { - "operationId": "PasswordHistoryPolicyController_createPolicy", - "summary": "Create password history policy", - "description": "This route creates the password history policy for all tenants. To create a password history policy for a specific tenant, send the tenant’s ID in the **`frontegg-tenant-id`** header. To enable the Password History, make sure to set the enabled variable to true and the password history size to a number between 1 to 10.", + "/resources/users/v3": { + "get": { + "operationId": "UsersControllerV3_getUsers", + "summary": "Get users", + "description": "This route gets all users for a tenant OR environment. Send the tenant’s ID in the **`frontegg-tenant-id`** header to declare which tenant or leave it empty for all tenants' users", "parameters": [ + { + "name": "_limit", + "required": false, + "in": "query", + "description": "The default limit is 50 users per request, the maximum is 200", + "schema": { + "type": "number" + } + }, + { + "name": "_includeSubTenants", + "required": false, + "in": "query", + "description": "when passing a user id, gives the option to include or not include sub tenants when searching users", + "schema": { + "default": true, + "type": "boolean" + } + }, + { + "name": "_offset", + "required": false, + "in": "query", + "schema": { + "minimum": 0, + "type": "number" + }, + "description": "" + }, + { + "name": "_email", + "required": false, + "in": "query", + "schema": { + "type": "string" + }, + "description": "" + }, + { + "name": "_tenantId", + "required": false, + "in": "query", + "schema": { + "type": "string" + }, + "description": "" + }, + { + "name": "ids", + "required": false, + "in": "query", + "schema": { + "type": "string" + }, + "description": "" + }, + { + "name": "_sortBy", + "required": false, + "in": "query", + "schema": { + "enum": [ + "createdAt", + "name", + "email", + "id", + "verified", + "isLocked", + "provider", + "tenantId" + ], + "type": "string" + }, + "description": "" + }, + { + "name": "_order", + "required": false, + "in": "query", + "schema": { + "enum": [ + "ASC", + "DESC" + ], + "type": "string" + }, + "description": "" + }, { "name": "frontegg-tenant-id", "in": "header", @@ -6222,40 +6365,41 @@ } } ], - "requestBody": { - "required": true, - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/PasswordHistoryPolicyRequest" - } - } - } - }, "responses": { - "201": { + "200": { "description": "", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/PasswordHistoryPolicyResponse" + "$ref": "#/components/schemas/UserV3Dto" } } } - }, - "409": { - "description": "Policy already exists. Use the Update Password History Policy API." } }, "tags": [ - "Password settings" + "User management" ] - }, - "patch": { - "operationId": "PasswordHistoryPolicyController_updatePolicy", - "summary": "Update password history policy", - "description": "This route updates the password history policy for all tenants. To update a password history policy for a specific tenant, send the tenant’s ID in the **`frontegg-tenant-id`** header. To disable the password history policy, make sure to set the enabled variable to false. The password history size can also be changed to a number between 1 to 10", + } + }, + "/resources/users/v3/roles": { + "get": { + "operationId": "UsersControllerV3_getUsersRoles", + "summary": "Get users roles", + "description": "This route gets all users roles for a tenant. Send the tenant’s ID in the **`frontegg-tenant-id`** header to declare which tenant.", "parameters": [ + { + "name": "ids", + "required": true, + "in": "query", + "schema": { + "type": "array", + "items": { + "type": "string" + } + }, + "description": "" + }, { "name": "frontegg-tenant-id", "in": "header", @@ -6266,40 +6410,41 @@ } } ], - "requestBody": { - "required": true, - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/PasswordHistoryPolicyRequest" - } - } - } - }, "responses": { "200": { "description": "", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/PasswordHistoryPolicyResponse" + "$ref": "#/components/schemas/GetUserRolesResponse" } } } - }, - "404": { - "description": "History size must to be between 1 to 10" } }, "tags": [ - "Password settings" + "User management" ] - }, + } + }, + "/resources/users/v3/groups": { "get": { - "operationId": "PasswordHistoryPolicyController_getPolicy", - "summary": "Get password history policy", - "description": "This route gets the password history policy for all tenants or one tenant specifically. To create a password history policy for a specific tenant, send the tenant’s ID in the **`frontegg-tenant-id`** header.", + "operationId": "UsersControllerV3_getUsersGroups", + "summary": "Get users groups", + "description": "This route gets all users groups for a tenant. Send the tenant’s ID in the **`frontegg-tenant-id`** header to declare which tenant.", "parameters": [ + { + "name": "ids", + "required": true, + "in": "query", + "schema": { + "type": "array", + "items": { + "type": "string" + } + }, + "description": "" + }, { "name": "frontegg-tenant-id", "in": "header", @@ -6316,144 +6461,146 @@ "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/PasswordHistoryPolicyResponse" + "$ref": "#/components/schemas/GetUserGroupsResponse" } } } - }, - "404": { - "description": "Password History Policy not found. Policy is disabled" } }, "tags": [ - "Password settings" + "User management" ] } }, - "/resources/users/v1/passwords/reset": { + "/resources/users/v3/me/unlock": { "post": { - "operationId": "UsersPasswordControllerV1_resetPassword", - "summary": "Reset password", - "description": "This route sends a reset password email to the user. Send the user’s email in the POST body. If your email template uses metadata, send email metadata in the POST body, too.", + "operationId": "UsersControllerV3_unlock", + "summary": "Unlock user", "parameters": [], "requestBody": { "required": true, "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/ResetPasswordDto" + "$ref": "#/components/schemas/UnlockUserRequestDto" } } } }, "responses": { - "201": { + "200": { "description": "" } }, "tags": [ - "Password settings" - ] + "User management" + ], + "description": "" } }, - "/resources/users/v1/passwords/reset/verify": { + "/resources/users/v2": { "post": { - "operationId": "UsersPasswordControllerV1_verifyResetPassword", - "summary": "Verify password", - "description": "This route verifies a user’s password using a verification token. Send the userId, token, and password in the POST body. For the token, see the route under users for generating user password reset token.", - "parameters": [], + "operationId": "UsersControllerV2_createUser", + "summary": "Invite user", + "description": "This route creates a user for a specific tenant. Send the tenant’s ID in the **`frontegg-tenant-id`** header to declare to what tenant this user is assigned. Send the user's information in the POST body. The user's email and metadata are required. The metadata can be empty, like `{}`.", + "parameters": [ + { + "name": "frontegg-tenant-id", + "in": "header", + "description": "The tenant ID identifier", + "required": true, + "schema": { + "type": "string" + } + } + ], "requestBody": { "required": true, "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/VerifyPasswordDto" + "$ref": "#/components/schemas/CreateUserDto" } } } }, "responses": { "201": { - "description": "" + "description": "", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/UserCreatedResponse" + } + } + } } }, "tags": [ - "Password settings" + "User management" ] } }, - "/resources/users/v1/passwords/change": { - "post": { - "operationId": "UsersPasswordControllerV1_changePassword", - "summary": "Change password", - "description": "This route changes the password for a logged-in user. Send the **`frontegg-user-id`** and **`frontegg-tenant-id`** headers to declare which user and which tenant. Send the current and new passwords in the POST body.", - "parameters": [ - { - "name": "frontegg-user-id", - "in": "header", - "description": "The user ID identifier", - "required": true, - "schema": { - "type": "string" - } - } - ], + "/resources/users/v2/me": { + "put": { + "operationId": "UsersControllerV2_updateUserProfile", + "summary": "Update user profile", + "description": "This route updates a logged-in user's profile. Send the updated values in the PUT body. Mind to use your Frontegg subdomain/custom domain as a host. A user token is required for this route. A user token can be obtained after user authentication.", + "parameters": [], "requestBody": { "required": true, "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/UpdateUserPasswordDto" + "$ref": "#/components/schemas/UpdateUserDto" } } } }, "responses": { - "201": { - "description": "" + "200": { + "description": "", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/UserDto" + } + } + } } }, "tags": [ - "Password settings" + "User management" ] - } - }, - "/resources/users/v1/passwords/config": { + }, "get": { - "operationId": "UsersPasswordControllerV1_getUserPasswordConfig", - "summary": "Get strictest password configuration", - "description": "This route gets the user’s hardest password configuration. This is useful when a user belongs to multiple tenants and does not have the same password complexity for all of them. The route returns the strictest setting the user is subject to.", - "parameters": [ - { - "name": "userId", - "required": false, - "in": "query", - "schema": { - "type": "string" - } - } - ], + "operationId": "UsersControllerV2_getUserProfile", + "summary": "Get user profile", + "description": "This route gets a logged-in user's profile. No params required. Mind to use your Frontegg subdomain/custom domain as a host. A user token is required for this route. A user token can be obtained after user authentication.", + "parameters": [], "responses": { "200": { "description": "", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/PasswordConfigResponse" + "$ref": "#/components/schemas/UserDto" } } } } }, "tags": [ - "Password settings" + "User management" ] } }, - "/resources/users/access-tokens/v1": { + "/resources/users/v1": { "post": { - "operationId": "UserAccessTokensV1Controller_createUserAccessToken", - "summary": "Create user access token", + "operationId": "UsersControllerV1_createUser", + "summary": "Create user", + "description": "Use the V2 route for Invite User. This route is no longer relevant.", + "deprecated": true, "parameters": [ { "name": "frontegg-tenant-id", @@ -6463,15 +6610,6 @@ "schema": { "type": "string" } - }, - { - "name": "frontegg-user-id", - "in": "header", - "description": "The user ID identifier", - "required": true, - "schema": { - "type": "string" - } } ], "requestBody": { @@ -6479,7 +6617,7 @@ "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/CreateUserAccessTokenRequest" + "$ref": "#/components/schemas/CreateUserDto" } } } @@ -6490,117 +6628,162 @@ "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/UserAccessTokenResponse" + "$ref": "#/components/schemas/UserCreatedResponse" } } } } }, "tags": [ - "Personal tokens" + "User management" ] }, - "get": { - "operationId": "UserAccessTokensV1Controller_getUserAccessTokens", - "summary": "Get user access tokens", + "put": { + "operationId": "UsersControllerV1_updateUser", + "summary": "Update user", + "description": "This route updates a user’s information for a specific tenant. Send the **`frontegg-user-id`** and **`frontegg-tenant-id`** headers to declare which user and which tenant.", "parameters": [ { - "name": "frontegg-tenant-id", + "name": "frontegg-user-id", "in": "header", - "description": "The tenant ID identifier", + "description": "The user ID identifier", "required": true, "schema": { "type": "string" } }, { - "name": "frontegg-user-id", + "name": "frontegg-tenant-id", "in": "header", - "description": "The user ID identifier", + "description": "The tenant ID identifier", "required": true, "schema": { "type": "string" } } ], + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/UpdateUserDto" + } + } + } + }, "responses": { "200": { "description": "", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/GetUserAccessTokensResponse" + "$ref": "#/components/schemas/UserDto" } } } } }, "tags": [ - "Personal tokens" + "User management" ] } }, - "/resources/users/access-tokens/v1/{id}": { + "/resources/users/v1/{userId}": { "delete": { - "operationId": "UserAccessTokensV1Controller_deleteUserAccessToken", - "summary": "Delete user access token by token ID", + "operationId": "UsersControllerV1_removeUserFromTenant", + "summary": "Remove user", + "description": "This route removes a user globally or from a specific tenant. To remove the user globally, no need to send a **`frontegg-tenant-id`**. To remove the user from only a specific tenant, send the tenant’s ID in the **`frontegg-tenant-id`** header. Send the user's ID as a path params to declare which user you are removing. A vendor token is required for this route, it can be obtained from the vendor authentication route.", "parameters": [ { - "name": "frontegg-tenant-id", - "in": "header", - "description": "The tenant ID identifier", + "name": "userId", "required": true, + "in": "path", "schema": { "type": "string" - } + }, + "description": "" }, { - "name": "frontegg-user-id", + "name": "frontegg-tenant-id", "in": "header", - "description": "The user ID identifier", - "required": true, + "description": "The tenant ID identifier (optional)", + "required": false, "schema": { "type": "string" } - }, + } + ], + "responses": { + "200": { + "description": "" + } + }, + "tags": [ + "User management" + ] + }, + "put": { + "operationId": "UsersControllerV1_updateUserForVendor", + "summary": "Update user globally", + "description": "This route updates a user’s information globally, not just for a specific tenant. Send the user’s ID as a path params to identify specific user. Send the updated user values within the PUT body. The PUT request does a complete update of the resource, so include values for all of the body params that you want to have values. This is a global update, so do not send a **`frontegg-tenant-id`** within the header.", + "parameters": [ { - "name": "id", + "name": "userId", "required": true, "in": "path", "schema": { "type": "string" - } + }, + "description": "" } ], + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/UpdateVendorUserDto" + } + } + } + }, "responses": { "200": { - "description": "" + "description": "", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/UserDto" + } + } + } } }, "tags": [ - "Personal tokens" + "Users" ] } }, - "/resources/users/api-tokens/v1": { + "/resources/users/v1/{userId}/roles": { "post": { - "operationId": "UserApiTokensV1Controller_createTenantApiToken", - "summary": "Create user client credentials token", - "description": "This route creates a user-specific API token. Send the user’s ID in the **`frontegg-user-id`** header and the tenant’s ID in the **`frontegg-tenant-id`** header. Optionally, send as POST body params values for metadata and description.", + "operationId": "UsersControllerV1_addRolesToUser", + "summary": "Assign roles to user", + "description": "This route associates roles to a specific user for a specific tenant. Send the tenant’s ID in the frontegg-tenant-id header to declare which tenant. Send the role IDs in the POST body. The role IDs need to be an array of strings. Also send the user's ID as a path params.", "parameters": [ { - "name": "frontegg-tenant-id", - "in": "header", - "description": "The tenant ID identifier", + "name": "userId", "required": true, + "in": "path", "schema": { "type": "string" - } + }, + "description": "" }, { - "name": "frontegg-user-id", + "name": "frontegg-tenant-id", "in": "header", - "description": "The user ID identifier", + "description": "The tenant ID identifier", "required": true, "schema": { "type": "string" @@ -6612,7 +6795,7 @@ "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/CreateUserApiTokenDto" + "$ref": "#/components/schemas/AssignUserToRolesDto" } } } @@ -6623,75 +6806,73 @@ "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/CreateUserApiTokenResponseDto" + "$ref": "#/components/schemas/AssignUserToRolesResponseDto" } } } } }, "tags": [ - "Personal tokens" + "User management" ] }, - "get": { - "operationId": "UserApiTokensV1Controller_getApiTokens", - "summary": "Get user client credentials tokens", - "description": "This route gets a user-specific API token. Send the user’s ID in the **`frontegg-user-id`** header and the tenant’s ID in the **`frontegg-tenant-id`** header.", + "delete": { + "operationId": "UsersControllerV1_deleteRolesFromUser", + "summary": "Unassign roles from user", + "description": "This route disassociates roles from a specific user for a specific tenant. Send the tenant’s ID in the frontegg-tenant-id header to declare which tenant. Send the role IDs in the POST body. The role IDs need to be an array of strings. Also send the user's ID as a path params.", "parameters": [ { - "name": "frontegg-tenant-id", - "in": "header", - "description": "The tenant ID identifier", + "name": "userId", "required": true, + "in": "path", "schema": { "type": "string" - } + }, + "description": "" }, { - "name": "frontegg-user-id", + "name": "frontegg-tenant-id", "in": "header", - "description": "The user ID identifier", + "description": "The tenant ID identifier", "required": true, "schema": { "type": "string" } } ], + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/UnassignUserFromRolesDto" + } + } + } + }, "responses": { "200": { "description": "", "content": { "application/json": { "schema": { - "type": "array", - "items": { - "$ref": "#/components/schemas/GetUserApiTokensResponseDto" - } + "$ref": "#/components/schemas/DeleteUserToRolesResponseDto" } } } } }, "tags": [ - "Personal tokens" + "User management" ] } }, - "/resources/users/api-tokens/v1/{id}": { - "delete": { - "operationId": "UserApiTokensV1Controller_deleteApiToken", - "summary": "Delete user client credentials token by token ID", - "description": "This route deletes a user-specific API token. Send the token as the ID path param. Send the user’s ID in the **`frontegg-user-id`** header and the tenant’s ID in the **`frontegg-tenant-id`** header. Optionally, send as POST body params values for metadata and description.", + "/resources/users/v1/tenant": { + "put": { + "operationId": "UsersControllerV1_updateUserTenant", + "summary": "Update user's active tenant", + "description": "This route updates the logged in user’s tenant. The user uses it when they have multiple tenants and they want to change the current tenant they log in to. Send the **`frontegg-user-id`** and **`frontegg-tenant-id`** headers to declare which user and which tenant to update when the request is sent with a vendor token. Send the tenant ID in the PUT body.", "parameters": [ - { - "name": "frontegg-tenant-id", - "in": "header", - "description": "The tenant ID identifier", - "required": true, - "schema": { - "type": "string" - } - }, { "name": "frontegg-user-id", "in": "header", @@ -6702,77 +6883,96 @@ } }, { - "name": "id", + "name": "frontegg-tenant-id", + "in": "header", + "description": "The tenant ID identifier", "required": true, - "in": "path", "schema": { "type": "string" } } ], + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/UpdateUserTenantDto" + } + } + } + }, "responses": { "200": { - "description": "" + "description": "", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/UserDto" + } + } + } } }, "tags": [ - "Personal tokens" + "User management" ] } }, - "/resources/roles/v2": { + "/resources/users/v1/query/phrase": { "get": { - "operationId": "PermissionsControllerV2_getAllRoles", - "summary": "Get roles v2", - "description": "This route returns all roles for vendor. Each role is an object containing the name, permissions, and other defining information.", + "operationId": "UsersControllerV1_searchUsers", + "summary": "Get users with fuzzy search", + "description": "This route retrieves all users for a specific tenant or environment. To filter by tenant, include the tenant's ID in the **`frontegg-tenant-id`** header; otherwise, leave it empty to retrieve users from all tenants. In addition to all standard Get users query params, this route supports phrase search, allowing for complex queries using parameters such as contains, excludes, optional and approximate matching.", "parameters": [ { "name": "_limit", "required": false, "in": "query", + "description": "The default limit is 50 users per request, the maximum is 200", "schema": { - "minimum": 1, - "maximum": 2000, - "default": 50, "type": "number" } }, { - "name": "_sortBy", - "required": true, + "name": "_includeSubTenants", + "required": false, "in": "query", + "description": "when passing a user id, gives the option to include or not include sub tenants when searching users", "schema": { - "enum": [ - "key", - "name", - "description", - "isDefault", - "firstUserRole", - "level", - "updatedAt", - "createdAt", - "permissions", - "userTenants", - "groups" - ], - "type": "string" + "default": true, + "type": "boolean" } }, { - "name": "_levels", + "name": "_phraseSearchContains", "required": false, "in": "query", + "description": "Pass a list of strings, separated by comma, to search for users that contain all of the strings in the list", "schema": { "type": "array", "items": { - "type": "number" + "type": "string" } } }, { - "name": "_tenantIds", + "name": "_phraseSearchExcludes", + "required": false, + "in": "query", + "description": "Pass a list of strings, separated by comma, to search for users that do not contain any of the strings in the list", + "schema": { + "type": "array", + "items": { + "type": "string" + } + } + }, + { + "name": "_phraseSearchOptional", "required": false, "in": "query", + "description": "Pass a list of strings, separated by comma, to search for users that contain at least one of the strings in the list", "schema": { "type": "array", "items": { @@ -6780,40 +6980,89 @@ } } }, + { + "name": "_phraseSearchApproximate", + "required": false, + "in": "query", + "description": "When true, the search will be approximate (fuzzy), meaning it will include similar characters to the ones in the search string", + "schema": { + "default": false, + "type": "boolean" + } + }, { "name": "_offset", "required": false, "in": "query", "schema": { "minimum": 0, - "default": 0, "type": "number" - } + }, + "description": "" }, { - "name": "_order", + "name": "_email", + "required": false, + "in": "query", + "schema": { + "type": "string" + }, + "description": "" + }, + { + "name": "_tenantId", + "required": false, + "in": "query", + "schema": { + "type": "string" + }, + "description": "" + }, + { + "name": "ids", + "required": false, + "in": "query", + "schema": { + "type": "string" + }, + "description": "" + }, + { + "name": "_sortBy", "required": false, "in": "query", "schema": { "enum": [ - "ASC", - "DESC" + "createdAt", + "name", + "email", + "id", + "verified", + "isLocked", + "provider", + "tenantId" ], "type": "string" - } + }, + "description": "" }, { - "name": "_filter", + "name": "_order", "required": false, "in": "query", "schema": { + "enum": [ + "ASC", + "DESC" + ], "type": "string" - } + }, + "description": "" }, { "name": "frontegg-tenant-id", "in": "header", - "description": "For relating a role to a specific tenant, use `get tenants` API to find the tenant ids", + "description": "The tenant ID identifier", "required": false, "schema": { "type": "string" @@ -6826,29 +7075,31 @@ "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/RoleResponse" + "$ref": "#/components/schemas/UserV3Dto" } } } } }, "tags": [ - "Account roles" + "User management" ] - }, + } + }, + "/resources/users/v1/activate": { "post": { - "operationId": "RolesControllerV2_addRole", - "summary": "Create a new role", - "description": "This route adds a new role for a specific tenant. Send the tenant ID in the **`frontegg-tenant-id`** header. Add the required permissions within the request body to customize the role.", + "operationId": "UsersActivationControllerV1_activateUser", + "summary": "Activate user", + "description": "This route activates a non-activated user. You can use it to create your own activation flow. Send the **`frontegg-vendor-host`** as a header to declare which vendor. This is your domain name in the Frontegg Portal ➜ Workspace Settings ➜ Domains ➜ Domain Name. Send the required userId and activation token in the POST body. For generating an activation token, see the route under users for generating an activation token. If the vendor's sign in flow requires a password or recaptcha, send those values in the POST body. Instead of this route, consider using our email template for user activation.", "parameters": [ { - "name": "frontegg-tenant-id", + "name": "frontegg-vendor-host", + "required": true, "in": "header", - "description": "For relating a role to a specific tenant, use `get tenants` API to find the tenant ids", - "required": false, "schema": { "type": "string" - } + }, + "description": "" } ], "requestBody": { @@ -6856,7 +7107,7 @@ "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/AddRoleWithPermissionsRequest" + "$ref": "#/components/schemas/ActivateUserDto" } } } @@ -6867,138 +7118,176 @@ "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/AddRoleWithPermissionsResponse" + "$ref": "#/components/schemas/AuthenticationResponseDto" } } } } }, "tags": [ - "Account roles" + "User management" ] } }, - "/resources/roles/v2/distinct-levels": { - "get": { - "operationId": "RolesControllerV2_getDistinctLevels", - "summary": "Get distinct levels of roles", - "description": "This route returns all levels from roles for vendor.", + "/resources/users/v1/activate/code": { + "post": { + "operationId": "UsersActivationControllerV1_activateUserWithCode", + "summary": "Activate user with code", + "description": "This route activates a non-activated user. You can use it to create your own activation flow. Send the **`frontegg-vendor-host`** as a header to declare which vendor. This is your domain name in the Frontegg Portal ➜ Workspace Settings ➜ Domains ➜ Domain Name. Send the required userId, activation token and code in the POST body. For generating an activation token, see the route under users for generating an activation token. If the vendor's sign in flow requires a password or recaptcha, send those values in the POST body. Instead of this route, consider using our email template for user activation.", "parameters": [ { - "name": "frontegg-tenant-id", + "name": "frontegg-vendor-host", + "required": true, "in": "header", - "description": "For relating a role to a specific tenant, use `get tenants` API to find the tenant ids", - "required": false, "schema": { "type": "string" - } + }, + "description": "" } ], + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ActivateUserWithCodeDto" + } + } + } + }, "responses": { "200": { - "description": "" + "description": "", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/AuthenticationResponseDto" + } + } + } } }, "tags": [ - "Account roles" + "User management" ] } }, - "/resources/roles/v2/distinct-tenants": { + "/resources/users/v1/activate/strategy": { "get": { - "operationId": "RolesControllerV2_getDistinctTenants", - "summary": "Get distinct assigned tenants of roles", - "description": "This route returns all assigned tenant ids from roles for vendor.", + "operationId": "UsersActivationControllerV1_getActivationStrategy", + "summary": "Get user activation strategy", + "description": "This route gets a user’s activation strategy. The activation strategy tells the vendor whether the user needs to set a password. Send the required userId and activation token in the POST body. For the activation token, see the route under users for generating an activation token. The route returns a Boolean called shouldSetPassword. If it is true, the user needs to to set a password. If it is false, the user does not need to set a password. For instance, SSO users do not set passwords.", "parameters": [ { - "name": "frontegg-tenant-id", - "in": "header", - "description": "For relating a role to a specific tenant, use `get tenants` API to find the tenant ids", - "required": false, + "name": "userId", + "required": true, + "in": "query", "schema": { "type": "string" - } + }, + "description": "" + }, + { + "name": "token", + "required": true, + "in": "query", + "schema": { + "type": "string" + }, + "description": "" } ], "responses": { "200": { - "description": "" + "description": "", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/GetActivateStrategyResponseDto" + } + } + } } }, "tags": [ - "Account roles" + "User management" ] } }, - "/resources/configurations/sessions/v1": { - "get": { - "operationId": "SessionConfigurationControllerV1_getSessionConfiguration", - "summary": "Get tenant or vendor default session configuration", - "description": "This route gets the Session configuration for the entire environment or a specific tenant. To get the Session configuration for a specific tenant, send the tenant’s id in the **`frontegg-tenant-id`** header", - "parameters": [ - { - "name": "frontegg-tenant-id", - "in": "header", - "description": "The tenant ID identifier", - "required": false, - "schema": { - "type": "string" + "/resources/users/v1/invitation/accept": { + "post": { + "operationId": "UsersTenantManagementControllerV1_acceptInvitation", + "summary": "Accept invitation", + "description": "This route accepts an invitation for a user to join a specific tenant. Send the required userId and invitation token in the POST body. The userId and invitation token appear as a query params in the url Frontegg sends to the user in the activation email.", + "parameters": [], + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/AcceptInvitationDto" + } } } - ], + }, "responses": { "200": { "description": "" + }, + "201": { + "description": "" } }, "tags": [ - "Sessions management" + "User management" ] - }, + } + }, + "/resources/users/v1/invitation/accept/code": { "post": { - "operationId": "SessionConfigurationControllerV1_createSessionConfiguration", - "summary": "Create or update tenant or vendor default session configuration", - "description": "This route creates or updates Session configuration for the entire environment or a specific tenant. To update the Session configuration for a specific tenant, send the tenant’s ID in the **`frontegg-tenant-id`** header", - "parameters": [ - { - "name": "frontegg-tenant-id", - "in": "header", - "description": "The tenant ID identifier", - "required": false, - "schema": { - "type": "string" - } - } - ], + "operationId": "UsersTenantManagementControllerV1_acceptInvitationWithCode", + "summary": "Accept invitation with code", + "parameters": [], "requestBody": { "required": true, "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/CreateSessionConfigurationRequest" + "$ref": "#/components/schemas/AcceptInvitationWithCodeDto" } } } }, "responses": { - "201": { + "200": { "description": "" } }, "tags": [ - "Sessions management" - ] + "User management" + ], + "description": "" } }, - "/resources/tenants/access-tokens/v1": { + "/resources/users/v1/signUp": { "post": { - "operationId": "TenantAccessTokensV1Controller_createTenantAccessToken", - "summary": "Create tenant access token", + "operationId": "UsersControllerV1_signUpUser", + "summary": "Signup user", + "description": "This route is for signing up a new user and new tenant. Send the **`frontegg-vendor-host`** header. This is your domain name in the Frontegg Portal ➜ Workspace Settings ➜ Domains ➜ Domain Name. Send the user's information in the POST body. The user's email, provider, companyName, and metadata are required. The provider is the authentication provider, like local, saml, google, github. See the dropdown for available values. The metadata can be empty, like `{}`. You also can send in the POST body additional information as shown in the example. A vendor token is required for this route, it can be obtained from the vendor authentication route.", "parameters": [ { - "name": "frontegg-tenant-id", + "name": "frontegg-vendor-host", + "required": true, "in": "header", - "description": "The tenant ID identifier", + "schema": { + "type": "string" + }, + "description": "" + }, + { + "name": "frontegg-application-id", + "in": "header", + "description": "The application id", "required": true, "schema": { "type": "string" @@ -7010,76 +7299,65 @@ "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/CreateTenantAccessTokenRequest" + "$ref": "#/components/schemas/SignUpUserDto" } } } }, "responses": { + "200": { + "description": "" + }, "201": { "description": "", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/TenantAccessTokenResponse" + "$ref": "#/components/schemas/SignUpResponseDto" } } } } }, "tags": [ - "API (tenant) tokens" + "User management" ] - }, + } + }, + "/resources/users/v3/me": { "get": { - "operationId": "TenantAccessTokensV1Controller_getTenantAccessTokens", - "summary": "Get tenant access tokens", - "parameters": [ - { - "name": "frontegg-tenant-id", - "in": "header", - "description": "The tenant ID identifier", - "required": true, - "schema": { - "type": "string" - } - } - ], + "operationId": "UsersControllerV3_getUserProfile", + "summary": "Get user profile", + "description": "This route gets a logged-in user's profile. No params required. Mind to use your Frontegg subdomain/custom domain as a host. A user token is required for this route. A user token can be obtained after user authentication.", + "parameters": [], "responses": { "200": { "description": "", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/GetTenantAccessTokensResponse" + "$ref": "#/components/schemas/UserV3Dto" } } } } }, "tags": [ - "API (tenant) tokens" + "User management" ] } }, - "/resources/tenants/access-tokens/v1/{id}": { - "delete": { - "operationId": "TenantAccessTokensV1Controller_deleteTenantAccessToken", - "summary": "Delete tenant access token", + "/resources/users/v2/me/tenants": { + "get": { + "operationId": "UsersControllerV2_getUserTenants", + "summary": "Get user tenants", + "description": "This route gets the list of tenants that a logged-in user belongs to. No params required. Mind to use your Frontegg subdomain/custom domain as a host. A user token is required for this route. A user token can be obtained after user authentication.", "parameters": [ { - "name": "frontegg-tenant-id", + "name": "frontegg-user-id", "in": "header", - "description": "The tenant ID identifier", - "required": true, - "schema": { - "type": "string" - } - }, - { - "name": "id", + "description": "The user ID identifier", "required": true, - "in": "path", "schema": { "type": "string" } @@ -7087,70 +7365,107 @@ ], "responses": { "200": { - "description": "" + "description": "", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "$ref": "#/components/schemas/UserTenantDataDto" + } + } + } + } } }, "tags": [ - "API (tenant) tokens" + "User management" ] } }, - "/resources/tenants/api-tokens/v1": { - "post": { - "operationId": "TenantApiTokensV1Controller_createTenantApiToken", - "summary": "Create client credentials token", - "description": "Do not use. Instead, use v2 of this route.", - "deprecated": true, - "parameters": [ - { - "name": "frontegg-tenant-id", - "in": "header", - "description": "The tenant ID identifier", - "required": true, - "schema": { - "type": "string" + "/resources/users/v2/me/hierarchy": { + "get": { + "operationId": "UsersControllerV2_getUserTenantsHierarchy", + "summary": "Get user tenants' hierarchy", + "description": "This route gets the list of tenants with hierarchy metadata that a logged-in user belongs to. If the user is a member of several tenants in a tree some might be reduced. No params required. Mind to use your Frontegg subdomain/custom domain as a host. A user token is required for this route. A user token can be obtained after user authentication.", + "parameters": [], + "responses": { + "200": { + "description": "", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/GetUserTenantsHierarchyResponseDto" + } + } } } - ], - "requestBody": { - "required": true, - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/CreateTenantApiTokenDto" + }, + "tags": [ + "User management" + ] + } + }, + "/resources/users/v1/me/authorization": { + "get": { + "operationId": "UsersControllerV1_getMeAuthorization", + "summary": "Get user permissions and roles", + "description": "This route gets the list of permissions and roles that a logged-in user has. No params required. Mind to use your Frontegg subdomain/custom domain as a host. A user token is required for this route. A user token can be obtained after user authentication.", + "parameters": [], + "responses": { + "200": { + "description": "", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/MeAuthorizationResponseDto" + } } } } }, + "tags": [ + "User management" + ] + } + }, + "/resources/users/v1/me/tenants": { + "get": { + "operationId": "UsersControllerV1_getUserTenants", + "summary": "Get user tenants", + "description": "This route gets the list of tenants that a logged-in user belongs to. No params required. Mind to use your Frontegg subdomain/custom domain as a host. A user token is required for this route. A user token can be obtained after user authentication.", + "parameters": [], "responses": { - "201": { + "200": { "description": "", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/CreateTenantApiTokenResponseDto" + "$ref": "#/components/schemas/GetUserTenantsResponseDto" } } } } }, "tags": [ - "API (tenant) tokens" + "User management" ] - }, + } + }, + "/resources/applications/v1/{appId}/users": { "get": { - "operationId": "TenantApiTokensV1Controller_getTenantsApiTokens", - "summary": "Get client credentials tokens", - "description": "This route gets all API tokens for a specific tenant. Send the tenant’s ID in the **`frontegg-tenant-id`** header.", + "operationId": "ApplicationsControllerV1_getUsersForApplication", + "summary": "Get users for application", + "description": "This route gets users for an application.", "parameters": [ { - "name": "frontegg-tenant-id", - "in": "header", - "description": "The tenant ID identifier", + "name": "appId", "required": true, + "in": "path", "schema": { "type": "string" - } + }, + "description": "" } ], "responses": { @@ -7161,7 +7476,7 @@ "schema": { "type": "array", "items": { - "$ref": "#/components/schemas/GetTenantApiTokensResponse" + "type": "string" } } } @@ -7169,219 +7484,196 @@ } }, "tags": [ - "API (tenant) tokens" + "User management (multi-app)" ] } }, - "/resources/tenants/api-tokens/v1/{id}": { - "delete": { - "operationId": "TenantApiTokensV1Controller_deleteTenantApiToken", - "summary": "Delete client credentials token", - "description": "This route deletes a tenant API token. Send the token ID as the path param. Send the tenant’s ID in the **`frontegg-tenant-id`** header.", + "/resources/applications/v1/{userId}/apps": { + "get": { + "operationId": "ApplicationsControllerV1_getApplicationsForUser", + "summary": "Get applications for user", + "description": "This route gets applications for a user.", "parameters": [ { - "name": "id", + "name": "userId", "required": true, "in": "path", "schema": { "type": "string" - } - }, - { - "name": "frontegg-tenant-id", - "in": "header", - "description": "The tenant ID identifier", - "required": true, - "schema": { - "type": "string" - } + }, + "description": "" } ], "responses": { "200": { - "description": "" + "description": "", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "type": "string" + } + } + } + } } }, "tags": [ - "API (tenant) tokens" + "User management (multi-app)" ] - }, - "patch": { - "operationId": "TenantApiTokensV1Controller_updateTenantApiToken", - "summary": "Update client credentials token", - "description": "This route updates a tenant API token. Send the tenant’s ID in the **`frontegg-tenant-id`** header. Optionally, send as POST body params values for description, roles, and permissions for the token.", + } + }, + "/resources/applications/v1/users-apps": { + "get": { + "operationId": "ApplicationsControllerV1_getApplicationsForMultipleUsers", + "summary": "Get applications for multiple users", + "description": "This route gets applications for multiple users.", "parameters": [ { - "name": "id", - "required": true, - "in": "path", - "schema": { - "type": "string" - } - }, - { - "name": "frontegg-tenant-id", - "in": "header", - "description": "The tenant ID identifier", + "name": "userIds", "required": true, + "in": "query", "schema": { - "type": "string" - } - } - ], - "requestBody": { - "required": true, - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/UpdateApiTokenDto" + "type": "array", + "items": { + "type": "string" } - } + }, + "description": "" } - }, + ], "responses": { "200": { "description": "", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/UpdateTenantApiTokenResponseDto" + "type": "array", + "items": { + "$ref": "#/components/schemas/UserApplicationsResponseDto" + } } } } } }, "tags": [ - "API (tenant) tokens" + "User management (multi-app)" ] } }, - "/resources/tenants/api-tokens/v2": { - "post": { - "operationId": "TenantApiTokensV2Controller_createTenantApiToken", - "summary": "Create client credentials token", - "description": "This route creates a tenant API token. Send the tenant’s ID in the **`frontegg-tenant-id`** header. Optionally, send as POST body params values for metadata, description, roles, and permissions for the token.

You can get roles & permissions via API", + "/resources/applications/v1/apps-users": { + "get": { + "operationId": "ApplicationsControllerV1_getUsersForMultipleApplications", + "summary": "Get users for multiple applications", + "description": "This route gets users for multiple applications.", "parameters": [ { - "name": "frontegg-tenant-id", - "in": "header", - "description": "The tenant ID identifier", + "name": "appIds", "required": true, + "in": "query", "schema": { - "type": "string" - } - } - ], - "requestBody": { - "required": true, - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/CreateTenantApiTokenDto" + "type": "array", + "items": { + "type": "string" } - } + }, + "description": "" } - }, + ], "responses": { - "201": { + "200": { "description": "", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/CreateTenantApiTokenResponseDto" + "type": "array", + "items": { + "$ref": "#/components/schemas/ApplicationUsersResponseDto" + } } } } } }, "tags": [ - "API (tenant) tokens" + "User management (multi-app)" ] } }, - "/resources/tenants/users/v1/{userId}/disable": { + "/resources/applications/v1": { "post": { - "operationId": "UsersTenantsControllerV1_disableUserTenant", - "summary": "Disable user tenant", - "description": "This route disable a user. A disabled user cannot log in to the tenant or use the system. To disable a user, call this route and send the user’s ID as a path params.", - "parameters": [ - { - "name": "userId", - "required": true, - "in": "path", - "schema": { - "type": "string" + "operationId": "ApplicationsControllerV1_assignUsersToApplication", + "summary": "Assign users to application", + "description": "This route assigns users to an application.", + "parameters": [], + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/AssignUsersToAppRequestDto" + } } } - ], + }, "responses": { - "200": { - "description": "" - }, "201": { - "description": "" - }, - "403": { - "description": "" + "description": "", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "$ref": "#/components/schemas/ApplicationUserTenantsResponseDto" + } + } + } + } } }, "tags": [ - "User management" + "User management (multi-app)" ] - } - }, - "/resources/tenants/users/v1/{userId}/enable": { - "post": { - "operationId": "UsersTenantsControllerV1_enableUserTenant", - "summary": "Enable user tenant", - "description": "This route enables a disabled user. An enabled user can log in and use the system. To enable a user, call this route and send the user’s ID as a path params.", - "parameters": [ - { - "name": "userId", - "required": true, - "in": "path", - "schema": { - "type": "string" + }, + "delete": { + "operationId": "ApplicationsControllerV1_unassignUsersFromApplication", + "summary": "Unassign users from application", + "description": "This route unassigns users from an application.", + "parameters": [], + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/UnassignUsersFromAppRequestDto" + } } } - ], + }, "responses": { "200": { "description": "" - }, - "201": { - "description": "" - }, - "403": { - "description": "" } }, "tags": [ - "User management" + "User management (multi-app)" ] } }, - "/resources/users/temporary/v1/{userId}": { - "put": { - "operationId": "TemporaryUsersV1Controller_editTimeLimit", - "summary": "Sets a permanent user to temporary", - "description": "This route updates the settings for temporary users, use it to enable or disable it for an environment", - "parameters": [ - { - "name": "userId", - "required": true, - "in": "path", - "schema": { - "type": "string" - } - } - ], + "/resources/applications/v1/apps-user": { + "post": { + "operationId": "ApplicationsControllerV1_assignUserToMultipleApplications", + "summary": "Assign user to multiple applications", + "description": "This route assigns user to multiple applications.", + "parameters": [], "requestBody": { "required": true, "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/TemporaryUserDto" + "$ref": "#/components/schemas/AssignUserToMultipleApplicationsRequestDto" } } } @@ -7392,312 +7684,240 @@ "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/TemporaryUserDto" + "type": "array", + "items": { + "$ref": "#/components/schemas/ApplicationUserTenantsResponseDto" + } } } } } }, "tags": [ - "User management" + "User management (multi-app)" ] - }, + } + }, + "/resources/applications/v1/user-apps": { "delete": { - "operationId": "TemporaryUsersV1Controller_setUserPermanent", - "summary": "Sets a temporary user to permanent", - "description": "This route sets an existing temporary user as permanent. Send the user’s ID as a path params.", - "parameters": [ - { - "name": "userId", - "required": true, - "in": "path", - "schema": { - "type": "string" + "operationId": "ApplicationsControllerV1_unassignUserFromMultipleApplications", + "summary": "Unassign user from multiple applications", + "description": "This route unassigns user from multiple applications.", + "parameters": [], + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/UnassignUserFromMultipleAppsRequestDto" + } } } - ], + }, "responses": { "200": { "description": "" } }, "tags": [ - "User management" + "User management (multi-app)" ] } }, - "/resources/sub-tenants/users/v1/{userId}/access": { - "put": { - "operationId": "UsersControllerV1_setUserRolesFromSubTenants", - "summary": "Set sub-account access for a user", + "/resources/applications/user-tenants/active/v1": { + "get": { + "operationId": "ApplicationsActiveUserTenantsControllerV1_getUserApplicationActiveTenants", + "summary": "Get user active tenants in applications", + "description": "This route gets the active user tenants for an application.", "parameters": [ { - "name": "userId", + "name": "frontegg-user-id", + "in": "header", + "description": "The user ID identifier", "required": true, - "in": "path", "schema": { "type": "string" } } ], - "requestBody": { - "required": true, - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/UpdateSubAccountAccessRequestDto" - } - } - } - }, "responses": { "200": { - "description": "" + "description": "", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/UserApplicationActiveTenantsResponseDto" + } + } + } } }, "tags": [ - "User management" + "User management (multi-app)" ] - } - }, - "/resources/users/v1/activate/reset": { - "post": { - "operationId": "UsersActivationControllerV1_resetActivationToken", - "summary": "Reset user activation token", - "description": "This route resets the activation token for a user and triggers a new activation email being sent to the user’s email.", - "parameters": [], + }, + "put": { + "operationId": "ApplicationsActiveUserTenantsControllerV1_switchUserApplicationActiveTenant", + "summary": "Switch users active tenant in applications", + "description": "This route updates the active user tenants for an application.", + "parameters": [ + { + "name": "frontegg-user-id", + "in": "header", + "description": "The user ID identifier", + "required": true, + "schema": { + "type": "string" + } + } + ], "requestBody": { "required": true, "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/ResetActivationTokenDto" + "$ref": "#/components/schemas/SwitchApplicationActiveUserTenantsRequestDto" } } } }, "responses": { - "201": { + "200": { "description": "" } }, "tags": [ - "User management" + "User management (multi-app)" ] } }, - "/resources/users/v1/invitation/reset": { - "post": { - "operationId": "UsersTenantManagementControllerV1_resetTenantInvitationToken", - "summary": "Reset invitation", - "description": "This route resets an invitation for a user to join a specific tenant. Send the tenant’s ID in the **`frontegg-tenant-id`** header and the user's email in the POST body. It returns a new invitation link with a new token.", + "/resources/users/sessions/v1/me": { + "get": { + "operationId": "UserSessionsControllerV1_getActiveSessions", + "summary": "Get user's active sessions", + "description": "This route returns all the user's active sessions. Specify the user by sending its ID in frontegg-user-id header.", "parameters": [ { - "name": "frontegg-tenant-id", + "name": "frontegg-user-id", "in": "header", - "description": "The tenant ID identifier", + "description": "The user ID identifier", "required": true, "schema": { "type": "string" } } ], - "requestBody": { - "required": true, - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/ResetTenantInvitationDto" - } - } - } - }, "responses": { "200": { "description": "" } }, "tags": [ - "User management" + "User sessions" ] } }, - "/resources/users/v1/invitation/reset/all": { - "post": { - "operationId": "UsersTenantManagementControllerV1_resetAllTenantsInvitationToken", - "summary": "Reset all invitation tokens", - "description": "This route resets all invitation for a user to join all sub tenants which currently have invitation token. Send the tenant’s ID in the **`frontegg-tenant-id`** header and the user's email in the POST body. It returns a new invitation link with a new token.", + "/resources/users/sessions/v1/me/all": { + "delete": { + "operationId": "UserSessionsControllerV1_deleteAllUserActiveSessions", + "summary": "Delete all user sessions", + "description": "This route deletes all user's session. Specify the user by sending its ID in frontegg-user-id header.", "parameters": [ { - "name": "frontegg-tenant-id", + "name": "frontegg-user-id", "in": "header", - "description": "The tenant ID identifier", + "description": "The user ID identifier", "required": true, "schema": { "type": "string" } } ], - "requestBody": { - "required": true, - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/ResetTenantInvitationDto" - } - } - } - }, "responses": { "200": { "description": "" } }, "tags": [ - "User management" + "User sessions" ] } }, - "/resources/users/v3": { - "get": { - "operationId": "UsersControllerV3_getUsers", - "summary": "Get users", - "description": "This route gets all users for a tenant OR environment. Send the tenant’s ID in the **`frontegg-tenant-id`** header to declare which tenant or leave it empty for all tenants' users", + "/resources/users/sessions/v1/me/{id}": { + "delete": { + "operationId": "UserSessionsControllerV1_deleteUserSession", + "summary": "Delete single user's session", + "description": "This route deletes user's session. Specify the user by sending its ID in frontegg-user-id header and the session ID in the url param.", "parameters": [ { - "name": "_limit", - "required": false, - "in": "query", - "description": "The default limit is 50 users per request, the maximum is 200", - "schema": { - "type": "number" - } - }, - { - "name": "_includeSubTenants", - "required": false, - "in": "query", - "description": "when passing a user id, gives the option to include or not include sub tenants when searching users", - "schema": { - "default": true, - "type": "boolean" - } - }, - { - "name": "_offset", - "required": false, - "in": "query", - "schema": { - "minimum": 0, - "type": "number" - } - }, - { - "name": "_email", - "required": false, - "in": "query", - "schema": { - "type": "string" - } - }, - { - "name": "_tenantId", - "required": false, - "in": "query", - "schema": { - "type": "string" - } - }, - { - "name": "ids", - "required": false, - "in": "query", - "schema": { - "type": "string" - } - }, - { - "name": "_sortBy", - "required": false, - "in": "query", - "schema": { - "enum": [ - "createdAt", - "name", - "email", - "id", - "verified", - "isLocked", - "provider", - "tenantId" - ], - "type": "string" - } - }, - { - "name": "_order", - "required": false, - "in": "query", + "name": "id", + "required": true, + "in": "path", "schema": { - "enum": [ - "ASC", - "DESC" - ], "type": "string" - } + }, + "description": "" }, { - "name": "frontegg-tenant-id", + "name": "frontegg-user-id", "in": "header", - "description": "The tenant ID identifier", - "required": false, + "description": "The user ID identifier", + "required": true, "schema": { "type": "string" } } ], + "responses": { + "200": { + "description": "" + } + }, + "tags": [ + "User sessions" + ] + } + }, + "/resources/user-sources/v1": { + "get": { + "operationId": "UserSourcesControllerV1_getUserSources", + "summary": "Get vendor user sources", + "description": "This route gets all vendor's user sources. A [vendor token](/reference/authenticate_vendor) is required for this route.", + "parameters": [], "responses": { "200": { "description": "", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/UserV3Dto" + "type": "array", + "items": { + "$ref": "#/components/schemas/GetUserSourceExtendedResponseDTO" + } } } } } }, "tags": [ - "User management" + "User sources (pools)" ] } }, - "/resources/users/v3/roles": { + "/resources/user-sources/v1/{id}": { "get": { - "operationId": "UsersControllerV3_getUsersRoles", - "summary": "Get users roles", - "description": "This route gets all users roles for a tenant. Send the tenant’s ID in the **`frontegg-tenant-id`** header to declare which tenant.", + "operationId": "UserSourcesControllerV1_getUserSource", + "summary": "Get vendor user source", + "description": "This route gets a user source by id. A [vendor token](/reference/authenticate_vendor) is required for this route.", "parameters": [ { - "name": "ids", + "name": "id", "required": true, - "in": "query", - "schema": { - "type": "array", - "items": { - "type": "string" - } - } - }, - { - "name": "frontegg-tenant-id", - "in": "header", - "description": "The tenant ID identifier", - "required": false, + "in": "path", "schema": { "type": "string" - } + }, + "description": "" } ], "responses": { @@ -7706,108 +7926,86 @@ "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/GetUserRolesResponse" + "$ref": "#/components/schemas/GetUserSourceResponseDTO" } } } } }, "tags": [ - "User management" + "User sources (pools)" ] - } - }, - "/resources/users/v3/groups": { - "get": { - "operationId": "UsersControllerV3_getUsersGroups", - "summary": "Get users groups", - "description": "This route gets all users groups for a tenant. Send the tenant’s ID in the **`frontegg-tenant-id`** header to declare which tenant.", + }, + "delete": { + "operationId": "UserSourcesControllerV1_deleteUserSource", + "summary": "Delete user source", + "description": "This route deletes a user source. A [vendor token](/reference/authenticate_vendor) is required for this route.", "parameters": [ { - "name": "ids", + "name": "id", "required": true, - "in": "query", - "schema": { - "type": "array", - "items": { - "type": "string" - } - } - }, - { - "name": "frontegg-tenant-id", - "in": "header", - "description": "The tenant ID identifier", - "required": false, + "in": "path", "schema": { "type": "string" - } + }, + "description": "" } ], "responses": { "200": { - "description": "", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/GetUserGroupsResponse" - } - } - } + "description": "" } }, "tags": [ - "User management" + "User sources (pools)" ] } }, - "/resources/users/v3/me/unlock": { + "/resources/user-sources/v1/external/auth0": { "post": { - "operationId": "UsersControllerV3_unlock", - "summary": "Unlock user", + "operationId": "UserSourcesControllerV1_createAuth0ExternalUserSource", + "summary": "Create Auth0 external user source", + "description": "This route creates a new external user source. A [vendor token](/reference/authenticate_vendor) is required for this route.", "parameters": [], "requestBody": { "required": true, "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/UnlockUserRequestDto" + "$ref": "#/components/schemas/CreateAuth0ExternalUserSourceRequestDTO" } } } }, "responses": { - "200": { - "description": "" + "201": { + "description": "", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/CreateUserSourceResponse" + } + } + } } }, "tags": [ - "User management" + "User sources (pools)" ] } }, - "/resources/users/v2": { + "/resources/user-sources/v1/external/cognito": { "post": { - "operationId": "UsersControllerV2_createUser", - "summary": "Invite user", - "description": "This route creates a user for a specific tenant. Send the tenant’s ID in the **`frontegg-tenant-id`** header to declare to what tenant this user is assigned. Send the user's information in the POST body. The user's email and metadata are required. The metadata can be empty, like `{}`.", - "parameters": [ - { - "name": "frontegg-tenant-id", - "in": "header", - "description": "The tenant ID identifier", - "required": true, - "schema": { - "type": "string" - } - } - ], + "operationId": "UserSourcesControllerV1_createCognitoExternalUserSource", + "summary": "Create Cognito external user source", + "description": "This route creates a new external user source. A [vendor token](/reference/authenticate_vendor) is required for this route.", + "parameters": [], "requestBody": { "required": true, "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/CreateUserDto" + "$ref": "#/components/schemas/CreateCognitoExternalUserSourceRequestDTO" } } } @@ -7818,94 +8016,95 @@ "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/UserCreatedResponse" + "$ref": "#/components/schemas/CreateUserSourceResponse" } } } } }, "tags": [ - "User management" + "User sources (pools)" ] } }, - "/resources/users/v2/me": { - "put": { - "operationId": "UsersControllerV2_updateUserProfile", - "summary": "Update user profile", - "description": "This route updates a logged-in user's profile. Send the updated values in the PUT body. Mind to use your Frontegg subdomain/custom domain as a host. A user token is required for this route. A user token can be obtained after user authentication.", + "/resources/user-sources/v1/external/firebase": { + "post": { + "operationId": "UserSourcesControllerV1_createFirebaseExternalUserSource", + "summary": "Create Firebase external user source", + "description": "This route creates a new external user source. A [vendor token](/reference/authenticate_vendor) is required for this route.", "parameters": [], "requestBody": { "required": true, "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/UpdateUserDto" + "$ref": "#/components/schemas/CreateFirebaseExternalUserSourceRequestDTO" } } } }, "responses": { - "200": { + "201": { "description": "", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/UserDto" + "$ref": "#/components/schemas/CreateUserSourceResponse" } } } } }, "tags": [ - "User management" + "User sources (pools)" ] - }, - "get": { - "operationId": "UsersControllerV2_getUserProfile", - "summary": "Get user profile", - "description": "This route gets a logged-in user's profile. No params required. Mind to use your Frontegg subdomain/custom domain as a host. A user token is required for this route. A user token can be obtained after user authentication.", + } + }, + "/resources/user-sources/v1/external/custom-code": { + "post": { + "operationId": "UserSourcesControllerV1_createCustomCodeExternalUserSource", + "summary": "Create Custom-Code external user source", + "description": "This route creates a new external user source. A [vendor token](/reference/authenticate_vendor) is required for this route.", "parameters": [], + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/CreateCustomCodeExternalUserSourceRequestDTO" + } + } + } + }, "responses": { - "200": { + "201": { "description": "", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/UserDto" + "$ref": "#/components/schemas/CreateUserSourceResponse" } } } } }, "tags": [ - "User management" + "User sources (pools)" ] } }, - "/resources/users/v1": { + "/resources/user-sources/v1/federation": { "post": { - "operationId": "UsersControllerV1_createUser", - "summary": "Create user", - "description": "Use the V2 route for Invite User. This route is no longer relevant.", - "deprecated": true, - "parameters": [ - { - "name": "frontegg-tenant-id", - "in": "header", - "description": "The tenant ID identifier", - "required": true, - "schema": { - "type": "string" - } - } - ], + "operationId": "UserSourcesControllerV1_createFederationUserSource", + "summary": "Create Federation user source", + "description": "This route creates a new federation user source. A [vendor token](/reference/authenticate_vendor) is required for this route.", + "parameters": [], "requestBody": { "required": true, "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/CreateUserDto" + "$ref": "#/components/schemas/CreateFederationUserSourceRequestDTO" } } } @@ -7916,38 +8115,67 @@ "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/UserCreatedResponse" + "$ref": "#/components/schemas/CreateUserSourceResponse" } } } } }, "tags": [ - "User management" + "User sources (pools)" ] - }, + } + }, + "/resources/user-sources/v1/external/auth0/{id}": { "put": { - "operationId": "UsersControllerV1_updateUser", - "summary": "Update user", - "description": "This route updates a user’s information for a specific tenant. Send the **`frontegg-user-id`** and **`frontegg-tenant-id`** headers to declare which user and which tenant.", + "operationId": "UserSourcesControllerV1_updateAuth0ExternalUserSource", + "summary": "Update Auth0 external user source", + "description": "This route updates an external user source. A [vendor token](/reference/authenticate_vendor) is required for this route.", "parameters": [ { - "name": "frontegg-user-id", - "in": "header", - "description": "The user ID identifier", + "name": "id", "required": true, + "in": "path", "schema": { "type": "string" + }, + "description": "" + } + ], + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/UpdateExternalAuth0UserSourceRequestDTO" + } } - }, + } + }, + "responses": { + "200": { + "description": "" + } + }, + "tags": [ + "User sources (pools)" + ] + } + }, + "/resources/user-sources/v1/external/cognito/{id}": { + "put": { + "operationId": "UserSourcesControllerV1_updateCognitoExternalUserSource", + "summary": "Update Cognito external user source", + "description": "This route updates an external user source. A [vendor token](/reference/authenticate_vendor) is required for this route.", + "parameters": [ { - "name": "frontegg-tenant-id", - "in": "header", - "description": "The tenant ID identifier", + "name": "id", "required": true, + "in": "path", "schema": { "type": "string" - } + }, + "description": "" } ], "requestBody": { @@ -7955,50 +8183,35 @@ "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/UpdateUserDto" + "$ref": "#/components/schemas/UpdateExternalCognitoUserSourceRequestDTO" } } } }, "responses": { "200": { - "description": "", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/UserDto" - } - } - } + "description": "" } }, "tags": [ - "User management" + "User sources (pools)" ] } }, - "/resources/users/v1/{userId}/roles": { - "post": { - "operationId": "UsersControllerV1_addRolesToUser", - "summary": "Assign roles to user", - "description": "This route associates roles to a specific user for a specific tenant. Send the tenant’s ID in the **`frontegg-tenant-id`** header to declare which tenant. Send the role IDs in the POST body. The role IDs need to be an array of strings. Also send the user's ID as a path params.", + "/resources/user-sources/v1/external/firebase/{id}": { + "put": { + "operationId": "UserSourcesControllerV1_updateFirebaseExternalUserSource", + "summary": "Update Firebase external user source", + "description": "This route updates an external user source. A [vendor token](/reference/authenticate_vendor) is required for this route.", "parameters": [ { - "name": "userId", + "name": "id", "required": true, "in": "path", "schema": { "type": "string" - } - }, - { - "name": "frontegg-tenant-id", - "in": "header", - "description": "The tenant ID identifier", - "required": true, - "schema": { - "type": "string" - } + }, + "description": "" } ], "requestBody": { @@ -8006,48 +8219,35 @@ "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/AssignUserToRolesDto" + "$ref": "#/components/schemas/UpdateExternalFirebaseUserSourceRequestDTO" } } } }, "responses": { - "201": { - "description": "", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/AssignUserToRolesResponseDto" - } - } - } + "200": { + "description": "" } }, "tags": [ - "User management" + "User sources (pools)" ] - }, - "delete": { - "operationId": "UsersControllerV1_deleteRolesFromUser", - "summary": "Unassign roles from user", - "description": "This route disassociates roles from a specific user for a specific tenant. Send the tenant’s ID in the **`frontegg-tenant-id`** header to declare which tenant. Send the role IDs in the POST body. The role IDs need to be an array of strings. Also send the user's ID as a path params.", + } + }, + "/resources/user-sources/v1/external/custom-code/{id}": { + "put": { + "operationId": "UserSourcesControllerV1_updateCustomCodeExternalUserSource", + "summary": "Update Custom-Code external user source", + "description": "This route updates an external user source. A [vendor token](/reference/authenticate_vendor) is required for this route.", "parameters": [ { - "name": "userId", + "name": "id", "required": true, "in": "path", "schema": { "type": "string" - } - }, - { - "name": "frontegg-tenant-id", - "in": "header", - "description": "The tenant ID identifier", - "required": true, - "schema": { - "type": "string" - } + }, + "description": "" } ], "requestBody": { @@ -8055,51 +8255,35 @@ "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/UnassignUserFromRolesDto" + "$ref": "#/components/schemas/UpdateExternalCustomCodeUserSourceRequestDTO" } } } }, "responses": { "200": { - "description": "", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/DeleteUserToRolesResponseDto" - } - } - } + "description": "" } }, "tags": [ - "User management" + "User sources (pools)" ] } }, - "/resources/users/v1/tenant": { + "/resources/user-sources/v1/federation/{id}": { "put": { - "operationId": "UsersControllerV1_updateUserTenant", - "summary": "Update user's active tenant", - "description": "This route updates the logged in user’s tenant. The user uses it when they have multiple tenants and they want to change the current tenant they log in to. Send the **`frontegg-user-id`** and **`frontegg-tenant-id`** headers to declare which user and which tenant to update when the request is sent with a vendor token. Send the tenant ID in the PUT body.", + "operationId": "UserSourcesControllerV1_updateFederationUserSource", + "summary": "Update Federation user source", + "description": "This route updates a federation user source. A [vendor token](/reference/authenticate_vendor) is required for this route.", "parameters": [ { - "name": "frontegg-user-id", - "in": "header", - "description": "The user ID identifier", - "required": true, - "schema": { - "type": "string" - } - }, - { - "name": "frontegg-tenant-id", - "in": "header", - "description": "The tenant ID identifier", + "name": "id", "required": true, + "in": "path", "schema": { "type": "string" - } + }, + "description": "" } ], "requestBody": { @@ -8107,170 +8291,123 @@ "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/UpdateUserTenantDto" + "$ref": "#/components/schemas/UpdateFederationUserSourceRequestDTO" } } } }, "responses": { "200": { - "description": "", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/UserDto" - } - } - } + "description": "" } }, "tags": [ - "User management" + "User sources (pools)" ] } }, - "/resources/users/v1/query/phrase": { - "get": { - "operationId": "UsersControllerV1_searchUsers", - "summary": "Get users with fuzzy search", - "description": "This route retrieves all users for a specific tenant or environment. To filter by tenant, include the tenant's ID in the **`frontegg-tenant-id`** header; otherwise, leave it empty to retrieve users from all tenants. In addition to all standard Get users query params, this route supports phrase search, allowing for complex queries using parameters such as contains, excludes, optional and approximate matching.", - "parameters": [ - { - "name": "_limit", - "required": false, - "in": "query", - "description": "The default limit is 50 users per request, the maximum is 200", - "schema": { - "type": "number" - } - }, - { - "name": "_includeSubTenants", - "required": false, - "in": "query", - "description": "when passing a user id, gives the option to include or not include sub tenants when searching users", - "schema": { - "default": true, - "type": "boolean" - } - }, - { - "name": "_phraseSearchContains", - "required": false, - "in": "query", - "description": "Pass a list of strings, separated by comma, to search for users that contain all of the strings in the list", - "schema": { - "type": "array", - "items": { - "type": "string" - } - } - }, - { - "name": "_phraseSearchExcludes", - "required": false, - "in": "query", - "description": "Pass a list of strings, separated by comma, to search for users that do not contain any of the strings in the list", - "schema": { - "type": "array", - "items": { - "type": "string" - } - } - }, - { - "name": "_phraseSearchOptional", - "required": false, - "in": "query", - "description": "Pass a list of strings, separated by comma, to search for users that contain at least one of the strings in the list", - "schema": { - "type": "array", - "items": { - "type": "string" + "/resources/user-sources/v1/assign": { + "post": { + "operationId": "UserSourcesControllerV1_assignUserSource", + "summary": "Assign applications to a user source", + "description": "This route assigns applications to a user source. A [vendor token](/reference/authenticate_vendor) is required for this route.", + "parameters": [], + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/AssignApplicationsToUserSourceRequestDTO" } } - }, - { - "name": "_phraseSearchApproximate", - "required": false, - "in": "query", - "description": "When true, the search will be approximate (fuzzy), meaning it will include similar characters to the ones in the search string", - "schema": { - "default": false, - "type": "boolean" - } - }, - { - "name": "_offset", - "required": false, - "in": "query", - "schema": { - "minimum": 0, - "type": "number" - } - }, - { - "name": "_email", - "required": false, - "in": "query", - "schema": { - "type": "string" - } - }, - { - "name": "_tenantId", - "required": false, - "in": "query", - "schema": { - "type": "string" - } - }, - { - "name": "ids", - "required": false, - "in": "query", - "schema": { - "type": "string" - } - }, - { - "name": "_sortBy", - "required": false, - "in": "query", - "schema": { - "enum": [ - "createdAt", - "name", - "email", - "id", - "verified", - "isLocked", - "provider", - "tenantId" - ], - "type": "string" + } + }, + "responses": { + "201": { + "description": "" + } + }, + "tags": [ + "User sources (pools)" + ] + } + }, + "/resources/user-sources/v1/unassign": { + "post": { + "operationId": "UserSourcesControllerV1_unassignUserSource", + "summary": "Unassign applications from a user source", + "description": "This route unassigns applications from a user source. A [vendor token](/reference/authenticate_vendor) is required for this route.", + "parameters": [], + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/UnassignApplicationsFromUserSourceRequestDTO" + } } - }, + } + }, + "responses": { + "201": { + "description": "" + } + }, + "tags": [ + "User sources (pools)" + ] + } + }, + "/resources/user-sources/v1/{id}/users": { + "get": { + "operationId": "UserSourcesControllerV1_getUserSourceUsers", + "summary": "Get user source users", + "description": "This route gets all of users of a user source. A [vendor token](/reference/authenticate_vendor) is required for this route.", + "parameters": [ { - "name": "_order", - "required": false, - "in": "query", + "name": "id", + "required": true, + "in": "path", "schema": { - "enum": [ - "ASC", - "DESC" - ], "type": "string" + }, + "description": "" + } + ], + "responses": { + "200": { + "description": "", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "$ref": "#/components/schemas/GetUserSourceUsersResponseDTO" + } + } + } } - }, + } + }, + "tags": [ + "User sources (pools)" + ] + } + }, + "/resources/vendor-only/users/v1/{userId}": { + "get": { + "operationId": "VendorOnlyUsers_getUserById", + "summary": "Get user", + "description": "This route gets a user by its ID regardless of any tenant the user belongs to. Send the user’s ID as a path params. The route is for vendor-use only.", + "parameters": [ { - "name": "frontegg-tenant-id", - "in": "header", - "description": "The tenant ID identifier", - "required": false, + "name": "userId", + "required": true, + "in": "path", "schema": { "type": "string" - } + }, + "description": "" } ], "responses": { @@ -8279,38 +8416,55 @@ "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/UserV3Dto" + "$ref": "#/components/schemas/UserDto" } } } } }, "tags": [ - "User management" + "Users" ] } }, - "/resources/users/v1/activate": { + "/resources/vendor-only/users/v1/{userId}/mfa/unenroll": { "post": { - "operationId": "UsersActivationControllerV1_activateUser", - "summary": "Activate user", - "description": "This route activates a non-activated user. You can use it to create your own activation flow. Send the **`frontegg-vendor-host`** as a header to declare which vendor. This is your domain name in the Frontegg Portal ➜ Workspace Settings ➜ Domains ➜ Domain Name. Send the required userId and activation token in the POST body. For generating an activation token, see the route under users for generating an activation token. If the vendor's sign in flow requires a password or recaptcha, send those values in the POST body. Instead of this route, consider using our email template for user activation.", + "operationId": "VendorOnlyUsers_MFAUnenroll", + "summary": "Unenroll user from MFA globally", + "description": "This route unenrolls a user from MFA regardless of any tenant the user belongs to. Send the user’s ID as a path params. The route is for vendor-use only.", "parameters": [ { - "name": "frontegg-vendor-host", + "name": "userId", "required": true, - "in": "header", + "in": "path", "schema": { "type": "string" - } + }, + "description": "" } ], + "responses": { + "200": { + "description": "" + } + }, + "tags": [ + "Users" + ] + } + }, + "/resources/vendor-only/users/v1/passwords/verify": { + "post": { + "operationId": "VendorOnlyUsers_verifyUserPassword", + "summary": "Verify user's password", + "description": "This route verify user email and password. Send the user’s email and password and the response will be true or false. The route is for vendor-use only.", + "parameters": [], "requestBody": { "required": true, "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/ActivateUserDto" + "$ref": "#/components/schemas/ValidateUserPasswordRequest" } } } @@ -8321,37 +8475,84 @@ "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/AuthenticationResponseDto" + "$ref": "#/components/schemas/ValidateUserPasswordResponse" } } } } }, "tags": [ - "User management" + "Users" ] } }, - "/resources/users/v1/activate/strategy": { + "/resources/vendor-only/users/v1": { + "post": { + "operationId": "VendorOnlyUsers_createUser", + "summary": "Create user", + "description": "This route creates a user and allows setting **`mfaBypass`** property on that user for testing purposes. The route is for vendor-use only.", + "parameters": [], + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/CreateUserDtoVendorOnly" + } + } + } + }, + "responses": { + "201": { + "description": "", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/UserDto" + } + } + } + } + }, + "tags": [ + "Users" + ] + } + }, + "/resources/tenants/users/v1/statuses": { "get": { - "operationId": "UsersActivationControllerV1_getActivationStrategy", - "summary": "Get user activation strategy", - "description": "This route gets a user’s activation strategy. The activation strategy tells the vendor whether the user needs to set a password. Send the required userId and activation token in the POST body. For the activation token, see the route under users for generating an activation token. The route returns a Boolean called shouldSetPassword. If it is true, the user needs to to set a password. If it is false, the user does not need to set a password. For instance, SSO users do not set passwords.", + "operationId": "get", + "summary": "Get users tenants statuses", + "description": "This route gets the tenants statuses of vendor users. Expects an array of **`userIds`** with max of 200 and optionally an array of **`userTenantStatuses`** as query params. Note that there is a limit of 2000 tenants statuses per user.", "parameters": [ { - "name": "userId", + "name": "userIds", "required": true, "in": "query", + "description": "User IDs", "schema": { - "type": "string" + "type": "array", + "items": { + "type": "string" + } } }, { - "name": "token", - "required": true, + "name": "userTenantStatuses", + "required": false, "in": "query", + "description": "Tenant Statuses", "schema": { - "type": "string" + "type": "array", + "items": { + "type": "string", + "enum": [ + "PendingInvitation", + "PendingLogin", + "Activated", + "NotActivated" + ] + } } } ], @@ -8361,29 +8562,39 @@ "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/GetActivateStrategyResponseDto" + "$ref": "#/components/schemas/UserTenantStatusesResponse" } } } } }, "tags": [ - "User management" + "Users" ] } }, - "/resources/users/v1/invitation/accept": { + "/resources/users/phone-numbers/v1/vendor/{userId}": { "post": { - "operationId": "UsersTenantManagementControllerV1_acceptInvitation", - "summary": "Accept invitation", - "description": "This route accepts an invitation for a user to join a specific tenant. Send the required userId and activation token in the POST body. The userId and activation token appear as a query params in the url Frontegg sends to the user in the activation email.", - "parameters": [], + "operationId": "UserPhoneNumbersControllerV1_createUserPhoneNumberVendor", + "summary": "Create user phone number verified by default", + "description": "This route creates new user phone number, phone numbers added by vendor will be automatically verified.", + "parameters": [ + { + "name": "userId", + "required": true, + "in": "path", + "schema": { + "type": "string" + }, + "description": "" + } + ], "requestBody": { "required": true, "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/AcceptInvitationDto" + "$ref": "#/components/schemas/PreVerifyUserPhoneNumberRequestDto" } } } @@ -8394,28 +8605,55 @@ } }, "tags": [ - "User management" + "Users" ] } }, - "/resources/users/v1/signUp": { - "post": { - "operationId": "UsersControllerV1_signUpUser", - "summary": "Signup user", - "description": "This route is for signing up a new user and new tenant. Send the **`frontegg-vendor-host`** header. This is your domain name in the Frontegg Portal ➜ Workspace Settings ➜ Domains ➜ Domain Name. Send the user's information in the POST body. The user's email, provider, companyName, and metadata are required. The provider is the authentication provider, like local, saml, google, github. See the dropdown for available values. The metadata can be empty, like `{}`. You also can send in the POST body additional information as shown in the example. A vendor token is required for this route, it can be obtained from the vendor authentication route.", + "/resources/users/phone-numbers/v1/vendor/{userId}/{phoneId}": { + "delete": { + "operationId": "UserPhoneNumbersControllerV1_deleteUserPhoneNumberVendor", + "summary": "Delete user phone number by vendor", + "description": "This route deletes user phone number without verification.", "parameters": [ { - "name": "frontegg-vendor-host", + "name": "phoneId", "required": true, - "in": "header", + "in": "path", "schema": { "type": "string" - } + }, + "description": "" }, { - "name": "frontegg-application-id", + "name": "userId", + "required": true, + "in": "path", + "schema": { + "type": "string" + }, + "description": "" + } + ], + "responses": { + "200": { + "description": "" + } + }, + "tags": [ + "Users" + ] + } + }, + "/resources/users/bulk/v1/invite": { + "post": { + "operationId": "UsersBulkControllerV1_bulkInviteUsers", + "summary": "Invite users to tenant in bulk", + "description": "This route enables you to invite users to tenant in bulk. Expects an array of `users`. Each entry must include a user's `email`.", + "parameters": [ + { + "name": "frontegg-tenant-id", "in": "header", - "description": "The application id", + "description": "The tenant ID identifier", "required": true, "schema": { "type": "string" @@ -8427,169 +8665,106 @@ "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/SignUpUserDto" - } - } - } - }, - "responses": { - "200": { - "description": "" - }, - "201": { - "description": "", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/SignUpResponseDto" - } + "$ref": "#/components/schemas/UsersBulkInviteRequestDto" } } } }, - "tags": [ - "User management" - ] - } - }, - "/resources/users/v3/me": { - "get": { - "operationId": "UsersControllerV3_getUserProfile", - "summary": "Get user profile", - "description": "This route gets a logged-in user's profile. No params required. Mind to use your Frontegg subdomain/custom domain as a host. A user token is required for this route. A user token can be obtained after user authentication.", - "parameters": [], "responses": { - "200": { + "202": { "description": "", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/UserV3Dto" + "$ref": "#/components/schemas/TaskContext" } } } } }, "tags": [ - "User management" + "Users" ] } }, - "/resources/users/v2/me/tenants": { + "/resources/users/bulk/v1/status/{id}": { "get": { - "operationId": "UsersControllerV2_getUserTenants", - "summary": "Get user tenants", - "description": "This route gets the list of tenants that a logged-in user belongs to. No params required. Mind to use your Frontegg subdomain/custom domain as a host. A user token is required for this route. A user token can be obtained after user authentication.", + "operationId": "UsersBulkControllerV1_getBulkInviteStatus", + "summary": "Get status of bulk invite task", + "description": "This route enables you to invite users to tenant in bulk. Expects an array of `users`. Each entry must include a user's `email`.", "parameters": [ { - "name": "frontegg-user-id", - "in": "header", - "description": "The user ID identifier", + "name": "id", "required": true, + "in": "path", "schema": { "type": "string" - } + }, + "description": "" } ], "responses": { "200": { - "description": "", - "content": { - "application/json": { - "schema": { - "type": "array", - "items": { - "$ref": "#/components/schemas/UserTenantDataDto" - } - } - } - } - } - }, - "tags": [ - "User management" - ] - } - }, - "/resources/users/v2/me/hierarchy": { - "get": { - "operationId": "UsersControllerV2_getUserTenantsHierarchy", - "summary": "Get user tenants' hierarchy", - "description": "This route gets the list of tenants with hierarchy metadata that a logged-in user belongs to. If the user is a member of several tenants in a tree some might be reduced. No params required. Mind to use your Frontegg subdomain/custom domain as a host. A user token is required for this route. A user token can be obtained after user authentication.", - "parameters": [], - "responses": { - "200": { - "description": "", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/GetUserTenantsHierarchyResponseDto" - } - } - } + "description": "" } }, "tags": [ - "User management" + "Users" ] } }, - "/resources/users/v1/me/authorization": { + "/resources/users/v1/email": { "get": { - "operationId": "UsersControllerV1_getMeAuthorization", - "summary": "Get user permissions and roles", - "description": "This route gets the list of permissions and roles that a logged-in user has. No params required. Mind to use your Frontegg subdomain/custom domain as a host. A user token is required for this route. A user token can be obtained after user authentication.", - "parameters": [], - "responses": { - "200": { - "description": "", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/MeAuthorizationResponseDto" - } - } - } + "operationId": "UsersControllerV1_getUserByEmail", + "summary": "Get user by email", + "description": "This route get user by email", + "parameters": [ + { + "name": "email", + "required": true, + "in": "query", + "schema": { + "type": "string" + }, + "description": "" } - }, - "tags": [ - "User management" - ] - } - }, - "/resources/users/v1/me/tenants": { - "get": { - "operationId": "UsersControllerV1_getUserTenants", - "summary": "Get user tenants", - "description": "This route gets the list of tenants that a logged-in user belongs to. No params required. Mind to use your Frontegg subdomain/custom domain as a host. A user token is required for this route. A user token can be obtained after user authentication.", - "parameters": [], + ], "responses": { "200": { "description": "", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/GetUserTenantsResponseDto" + "$ref": "#/components/schemas/CoreUserDto" } } } } }, "tags": [ - "User management" + "Users" ] } }, - "/resources/users/sessions/v1/me": { + "/resources/users/v1/{id}": { "get": { - "operationId": "UserSessionsControllerV1_getActiveSessions", - "summary": "Get user's active sessions", - "description": "This route returns all the user's active sessions. Specify the user by sending its ID in frontegg-user-id header.", + "operationId": "UsersControllerV1_getUserById", + "summary": "Get user by ID", + "description": "This route gets a specific user from a tenant. Send the tenant’s ID in the **`frontegg-tenant-id`** header to declare which tenant and send the user’s ID as a path params to declare which user. A vendor token is required for this route, it can be obtained from the vendor authentication route.", "parameters": [ { - "name": "frontegg-user-id", + "name": "id", + "required": true, + "in": "path", + "schema": { + "type": "string" + }, + "description": "" + }, + { + "name": "frontegg-tenant-id", "in": "header", - "description": "The user ID identifier", + "description": "The tenant ID identifier", "required": true, "schema": { "type": "string" @@ -8598,28 +8773,35 @@ ], "responses": { "200": { - "description": "" + "description": "", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/UserDto" + } + } + } } }, "tags": [ - "User sessions" + "Users" ] } }, - "/resources/users/sessions/v1/me/all": { - "delete": { - "operationId": "UserSessionsControllerV1_deleteAllUserActiveSessions", - "summary": "Delete all user sessions", - "description": "This route deletes all user's session. Specify the user by sending its ID in frontegg-user-id header.", + "/resources/users/v1/{userId}/verify": { + "post": { + "operationId": "UsersControllerV1_verifyUser", + "summary": "Verify user", + "description": "This route marks a user as verified. Send the user’s ID as a path params. A vendor token is required for this route, it can be obtained from the vendor authentication route.", "parameters": [ { - "name": "frontegg-user-id", - "in": "header", - "description": "The user ID identifier", + "name": "userId", "required": true, + "in": "path", "schema": { "type": "string" - } + }, + "description": "" } ], "responses": { @@ -8628,248 +8810,294 @@ } }, "tags": [ - "User sessions" + "Users" ] } }, - "/resources/users/sessions/v1/me/{id}": { - "delete": { - "operationId": "UserSessionsControllerV1_deleteUserSession", - "summary": "Delete single user's session", - "description": "This route deletes user's session. Specify the user by sending its ID in frontegg-user-id header and the session ID in the url param.", + "/resources/users/v1/{userId}/invisible": { + "put": { + "operationId": "UsersControllerV1_setUserInvisibleMode", + "summary": "Make user invisible", + "description": "This route sets whether a user is invisible or visible. If a user is invisible, the user data remains in the Frontegg system but the user will not appear in the list of users in the admin box. An invisible user remains part of the tenant. Send the user’s ID as a path params. Also send as a PUT body params a Boolean value for invisible. True is invisible and false is visible. A vendor token is required for this route, it can be obtained from the vendor authentication route.", "parameters": [ { - "name": "id", + "name": "userId", "required": true, "in": "path", "schema": { "type": "string" - } - }, - { - "name": "frontegg-user-id", - "in": "header", - "description": "The user ID identifier", - "required": true, - "schema": { - "type": "string" - } + }, + "description": "" } ], + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/UpdateUserInvisibleDto" + } + } + } + }, "responses": { "200": { - "description": "" + "description": "", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/UserDto" + } + } + } } }, "tags": [ - "User sessions" + "Users" ] } }, - "/resources/users/phone-numbers/v1": { - "get": { - "operationId": "UserPhoneNumbersControllerV1_getAllPhoneNumbers", - "summary": "Get all phone numbers", - "description": "This route returns all user phone numbers.", + "/resources/users/v1/{userId}/superuser": { + "put": { + "operationId": "UsersControllerV1_setUserSuperuserMode", + "summary": "Make User superuser", + "description": "This route sets a user as a super-user. Note that super-user functionality is no longer maintained due to incompatibility with newer features. A super user has access to all tenants within the workspace. Send the user ID as the path params. Also send as a PUT body params a Boolean value for super user. True is super user and false is not. A vendor token is required for this route, it can be obtained from the vendor authentication route.", "parameters": [ { - "name": "_limit", - "required": false, - "in": "query", - "schema": { - "minimum": 1, - "type": "number" - } - }, - { - "name": "_offset", - "required": false, - "in": "query", - "schema": { - "minimum": 0, - "type": "number" - } + "name": "userId", + "required": true, + "in": "path", + "schema": { + "type": "string" + }, + "description": "" } ], + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/UpdateUserSuperuserDto" + } + } + } + }, "responses": { "200": { "description": "", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/UserPhoneNumberResponseDto" + "$ref": "#/components/schemas/UserDto" } } } } }, "tags": [ - "User Phone Numbers" + "Users" ] - }, - "post": { - "operationId": "UserPhoneNumbersControllerV1_createUserPhoneNumber", - "summary": "Create user phone number", - "description": "This route creates new user phone number. By default verification code will be sent to the user. To create phone number without verification code, send **`verify`** as part of the request with value **`false`**.", - "parameters": [], + } + }, + "/resources/users/v1/{userId}/tenant": { + "put": { + "operationId": "UsersControllerV1_updateUserTenantForVendor", + "summary": "Set user's tenant", + "description": "This route is for the vendor to set the active tenant of a user. The active tenant is the tenant the user will see in their admin portal and also the tenant for which the API reference will default to in situations where a route is tenant specific. Send the user ID as a path param and the tenant ID as a PUT body param. When using a non-existing tenant ID, there will be a tenant create for the provided ID. A vendor token is required for this route, it can be obtained from the vendor authentication route.", + "parameters": [ + { + "name": "userId", + "required": true, + "in": "path", + "schema": { + "type": "string" + }, + "description": "" + } + ], "requestBody": { "required": true, "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/CreateUserPhoneNumberRequestDto" + "$ref": "#/components/schemas/UpdateUserTenantWithValidationDto" } } } }, "responses": { - "201": { + "200": { "description": "", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/UserPhoneNumberCreatedResponseDto" + "$ref": "#/components/schemas/UserDto" } } } } }, "tags": [ - "User Phone Numbers" + "Users" ] - } - }, - "/resources/users/phone-numbers/v1/preverify": { + }, "post": { - "operationId": "UserPhoneNumbersControllerV1_preVerifyUserPhoneNumber", - "summary": "Pre Verify User Phone Number", - "description": "This route sends OTC to users phone number for verification.", - "parameters": [], + "operationId": "UsersControllerV1_addUserToTenantForVendor", + "summary": "Add user to tenant", + "description": "This route adds a user to a tenant. Send the user ID as a path params and the tenant ID as a POST body params. To skip the invite email requirement, pass as an optional POST body params for skipInviteEmail. Set its value to true to skip the invite email. A vendor token is required for this route, it can be obtained from the vendor authentication route.", + "parameters": [ + { + "name": "userId", + "required": true, + "in": "path", + "schema": { + "type": "string" + }, + "description": "" + } + ], "requestBody": { "required": true, "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/PreVerifyUserPhoneNumberRequestDto" + "$ref": "#/components/schemas/AddUserToTenantRequest" } } } }, "responses": { - "200": { + "201": { "description": "", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/UserPhoneNumberCreatedResponseDto" + "$ref": "#/components/schemas/UserDto" } } } } }, "tags": [ - "User Phone Numbers" + "Users" ] } }, - "/resources/users/phone-numbers/v1/verify": { - "post": { - "operationId": "UserPhoneNumbersControllerV1_verifyCreateUserPhoneNumber", - "summary": "Verify create user phone number", - "description": "This route verifies user phone number using OTC code that was sent to the user.", - "parameters": [], + "/resources/users/v1/{userId}/email": { + "put": { + "operationId": "UsersControllerV1_updateUserEmail", + "summary": "Update user email", + "description": "This route updates the email address for a user globally, regardless of tenant. Send the user’s ID as a path params. Send the user’s new email address as a PUT body params.", + "parameters": [ + { + "name": "userId", + "required": true, + "in": "path", + "schema": { + "type": "string" + }, + "description": "" + } + ], "requestBody": { "required": true, "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/VerifyPhoneNumberOTCRequestDto" + "$ref": "#/components/schemas/UpdateUserEmailDto" } } } }, "responses": { "200": { - "description": "" + "description": "", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/UserDto" + } + } + } } }, "tags": [ - "User Phone Numbers" + "Users" ] } }, - "/resources/users/phone-numbers/v1/{id}": { - "delete": { - "operationId": "UserPhoneNumbersControllerV1_deleteUserPhoneNumber", - "summary": "Delete user phone number", - "description": "This route starts delete process for user phone number. Verification code will be sent to the user. Phone number wont be deleted until delete verification.", + "/resources/users/v1/{userId}/links/generate-activation-token": { + "post": { + "operationId": "UsersControllerV1_generateUserActivationLink", + "summary": "Generate activation token", + "description": "This route generates a new activation token for a user. Send the user’s ID as a path params. You may need this route in combination with the routes under Users Activation. It will not send the activation email itself, but return the activation link and token. A vendor token is required for this route, it can be obtained from the vendor authentication route.", "parameters": [ { - "name": "id", + "name": "userId", "required": true, "in": "path", "schema": { "type": "string" - } + }, + "description": "" } ], "responses": { - "200": { + "201": { "description": "", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/UserPhoneNumberDeleteCodeResponseDto" + "$ref": "#/components/schemas/GenerateUserActivationLinkResponseDto" } } } } }, "tags": [ - "User Phone Numbers" + "Users" ] } }, - "/resources/users/phone-numbers/v1/{id}/delete/verify": { + "/resources/users/v1/{userId}/links/generate-password-reset-token": { "post": { - "operationId": "UserPhoneNumbersControllerV1_verifyDeleteUserPhoneNumber", - "summary": "Verify delete dser phone number", - "description": "This route verifies delete of user phone number using OTC code that was sent to the user and deletes phone number.", + "operationId": "UsersControllerV1_generateUserPasswordResetLink", + "summary": "Generate password reset token", + "description": "This route generates a password reset token for a user. Send the user’s ID as a path params. You may need this route in combination with the routes under Users Passwords. It will not send the reset password email itself, but return the reset link and token. A vendor token is required for this route, it can be obtained from the vendor authentication route.", "parameters": [ { - "name": "id", + "name": "userId", "required": true, "in": "path", "schema": { "type": "string" - } + }, + "description": "" } ], - "requestBody": { - "required": true, - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/VerifyPhoneNumberOTCRequestDto" + "responses": { + "201": { + "description": "", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/GenerateUserResetPasswordLinkResponseDto" + } } } } }, - "responses": { - "200": { - "description": "" - } - }, "tags": [ - "User Phone Numbers" + "Users" ] } }, - "/resources/users/phone-numbers/v1/vendor/{userId}": { + "/resources/users/v1/{userId}/unlock": { "post": { - "operationId": "UserPhoneNumbersControllerV1_createUserPhoneNumberVendor", - "summary": "Create user phone number by vendor", - "description": "This route creates new user phone number, phone numbers added by vendor will be automatically verified.", + "operationId": "UsersControllerV1_unlockUser", + "summary": "Unlock user", + "description": "This route unlocks a locked user. An unlocked user can sign in and use the system globally, regardless of the tenant. To unlock a user, call this route and send the user’s ID as a path params. A vendor token is required for this route, it can be obtained from the vendor authentication route.", "parameters": [ { "name": "userId", @@ -8877,51 +9105,34 @@ "in": "path", "schema": { "type": "string" - } + }, + "description": "" } ], - "requestBody": { - "required": true, - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/PreVerifyUserPhoneNumberRequestDto" - } - } - } - }, "responses": { - "201": { + "200": { "description": "" } }, "tags": [ - "User Phone Numbers", - "Vendor-only user management" + "Users" ] } }, - "/resources/users/phone-numbers/v1/vendor/{userId}/{phoneId}": { - "delete": { - "operationId": "UserPhoneNumbersControllerV1_deleteUserPhoneNumberVendor", - "summary": "Delete user phone number by vendor", - "description": "This route deletes user phone number without verification.", + "/resources/users/v1/{userId}/lock": { + "post": { + "operationId": "UsersControllerV1_lockUser", + "summary": "Lock user", + "description": "This route locks a user. A locked user cannot sign in or use the system globally, regardless of the tenant. To lock a user, call this route and send the user’s ID as a path params. A vendor token is required for this route, it can be obtained from the vendor authentication route.", "parameters": [ - { - "name": "phoneId", - "required": true, - "in": "path", - "schema": { - "type": "string" - } - }, { "name": "userId", "required": true, "in": "path", "schema": { "type": "string" - } + }, + "description": "" } ], "responses": { @@ -8930,15 +9141,40 @@ } }, "tags": [ - "User Phone Numbers", - "Vendor-only user management" + "Users" + ] + } + }, + "/resources/users/v1/tenants/migrate": { + "put": { + "operationId": "UsersControllerV1_moveAllUsersTenants", + "summary": "Move all users from one tenant to another", + "description": "This route migrates all the users from the source tenant to the target. Specify in the request body the srcTenantId (the source tenant ID) and targetTenantId (the target tenant ID). A vendor token is required for this route, it can be obtained from the vendor authentication route.", + "parameters": [], + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/MigrateUsersFromTenantToTenantRequest" + } + } + } + }, + "responses": { + "200": { + "description": "" + } + }, + "tags": [ + "Users" ] } } }, "info": { - "title": "Authentication and Identity Management", - "description": "Test description", + "title": "Identity Management", + "description": "", "version": "" }, "servers": [ @@ -8981,36 +9217,45 @@ "type": "object", "properties": { "id": { - "type": "string" + "type": "string", + "description": "" }, "key": { - "type": "string" + "type": "string", + "description": "" }, "name": { - "type": "string" + "type": "string", + "description": "" }, "description": { - "type": "string" + "type": "string", + "description": "" }, "createdAt": { "format": "date-time", - "type": "string" + "type": "string", + "description": "" }, "updatedAt": { "format": "date-time", - "type": "string" + "type": "string", + "description": "" }, "roleIds": { "type": "array", "items": { "type": "string" - } + }, + "description": "" }, "categoryId": { - "type": "string" + "type": "string", + "description": "" }, "fePermission": { - "type": "boolean" + "type": "boolean", + "description": "" } }, "required": [ @@ -9029,16 +9274,20 @@ "type": "object", "properties": { "key": { - "type": "string" + "type": "string", + "description": "" }, "name": { - "type": "string" + "type": "string", + "description": "" }, "description": { - "type": "string" + "type": "string", + "description": "" }, "categoryId": { - "type": "string" + "type": "string", + "description": "" }, "assignmentType": { "type": "string", @@ -9046,7 +9295,8 @@ "NEVER", "ALWAYS", "ASSIGNABLE" - ] + ], + "description": "" } }, "required": [ @@ -9058,16 +9308,20 @@ "type": "object", "properties": { "key": { - "type": "string" + "type": "string", + "description": "" }, "name": { - "type": "string" + "type": "string", + "description": "" }, "description": { - "type": "string" + "type": "string", + "description": "" }, "categoryId": { - "type": "string" + "type": "string", + "description": "" } } }, @@ -9093,7 +9347,8 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "" }, "type": { "type": "string", @@ -9101,7 +9356,8 @@ "NEVER", "ALWAYS", "ASSIGNABLE" - ] + ], + "description": "" } }, "required": [ @@ -9113,21 +9369,26 @@ "type": "object", "properties": { "id": { - "type": "string" + "type": "string", + "description": "" }, "name": { - "type": "string" + "type": "string", + "description": "" }, "description": { "type": "string", - "nullable": true + "nullable": true, + "description": "" }, "createdAt": { "format": "date-time", - "type": "string" + "type": "string", + "description": "" }, "feCategory": { - "type": "boolean" + "type": "boolean", + "description": "" } }, "required": [ @@ -9142,10 +9403,12 @@ "type": "object", "properties": { "name": { - "type": "string" + "type": "string", + "description": "" }, "description": { - "type": "string" + "type": "string", + "description": "" } }, "required": [ @@ -9156,10 +9419,12 @@ "type": "object", "properties": { "name": { - "type": "string" + "type": "string", + "description": "" }, "description": { - "type": "string" + "type": "string", + "description": "" } } }, @@ -9167,7 +9432,8 @@ "type": "object", "properties": { "description": { - "type": "string" + "type": "string", + "description": "" }, "expiresInMinutes": { "type": "number", @@ -9180,21 +9446,26 @@ "type": "object", "properties": { "id": { - "type": "string" + "type": "string", + "description": "" }, "description": { - "type": "string" + "type": "string", + "description": "" }, "createdAt": { "format": "date-time", - "type": "string" + "type": "string", + "description": "" }, "secret": { - "type": "string" + "type": "string", + "description": "" }, "expires": { "format": "date-time", - "type": "string" + "type": "string", + "description": "" } }, "required": [ @@ -9209,7 +9480,8 @@ "type": "array", "items": { "$ref": "#/components/schemas/UserAccessTokenResponse" - } + }, + "description": "" } }, "required": [ @@ -9220,7 +9492,8 @@ "type": "object", "properties": { "description": { - "type": "string" + "type": "string", + "description": "" }, "expiresInMinutes": { "type": "number", @@ -9240,21 +9513,26 @@ "type": "object", "properties": { "id": { - "type": "string" + "type": "string", + "description": "" }, "description": { - "type": "string" + "type": "string", + "description": "" }, "createdAt": { "format": "date-time", - "type": "string" + "type": "string", + "description": "" }, "secret": { - "type": "string" + "type": "string", + "description": "" }, "expires": { "format": "date-time", - "type": "string" + "type": "string", + "description": "" }, "roleIds": { "description": "Array of role ids", @@ -9265,7 +9543,8 @@ }, "createdByUserId": { "type": "string", - "nullable": true + "nullable": true, + "description": "" } }, "required": [ @@ -9282,7 +9561,8 @@ "type": "array", "items": { "$ref": "#/components/schemas/TenantAccessTokenResponse" - } + }, + "description": "" } }, "required": [ @@ -9293,29 +9573,35 @@ "type": "object", "properties": { "userId": { - "type": "string" + "type": "string", + "description": "" }, "id": { - "type": "string" + "type": "string", + "description": "" }, "tenantId": { - "type": "string" + "type": "string", + "description": "" }, "permissions": { "type": "array", "items": { "type": "string" - } + }, + "description": "" }, "roles": { "type": "array", "items": { "type": "string" - } + }, + "description": "" }, "expires": { "format": "date-time", - "type": "string" + "type": "string", + "description": "" } }, "required": [ @@ -9330,26 +9616,31 @@ "type": "object", "properties": { "id": { - "type": "string" + "type": "string", + "description": "" }, "tenantId": { - "type": "string" + "type": "string", + "description": "" }, "permissions": { "type": "array", "items": { "type": "string" - } + }, + "description": "" }, "roles": { "type": "array", "items": { "type": "string" - } + }, + "description": "" }, "expires": { "format": "date-time", - "type": "string" + "type": "string", + "description": "" } }, "required": [ @@ -9363,10 +9654,12 @@ "type": "object", "properties": { "recoveryCode": { - "type": "string" + "type": "string", + "description": "" }, "email": { - "type": "string" + "type": "string", + "description": "" } }, "required": [ @@ -9378,11 +9671,13 @@ "type": "object", "properties": { "defaultTokenExpiration": { - "type": "number" + "type": "number", + "description": "" }, "defaultRefreshTokenExpiration": { "type": "number", - "maximum": 15552000 + "maximum": 15552000, + "description": "" }, "cookieSameSite": { "enum": [ @@ -9390,45 +9685,56 @@ "LAX", "NONE" ], - "type": "string" + "type": "string", + "description": "" }, "machineToMachineAuthStrategy": { "enum": [ "ClientCredentials", "AccessToken" ], - "type": "string" + "type": "string", + "description": "" }, "allowSignups": { - "type": "boolean" + "type": "boolean", + "description": "" }, "apiTokensEnabled": { - "type": "boolean" + "type": "boolean", + "description": "" }, "allowOverridePasswordComplexity": { - "type": "boolean" + "type": "boolean", + "description": "" }, "allowOverridePasswordExpiration": { - "type": "boolean" + "type": "boolean", + "description": "" }, "allowOverrideEnforcePasswordHistory": { - "type": "boolean" + "type": "boolean", + "description": "" }, "jwtAlgorithm": { "enum": [ "HS256", "RS256" ], - "type": "string" + "type": "string", + "description": "" }, "allowNotVerifiedUsersLogin": { - "type": "boolean" + "type": "boolean", + "description": "" }, "forcePermissions": { - "type": "boolean" + "type": "boolean", + "description": "" }, "addSamlAttributesToJwt": { - "type": "boolean" + "type": "boolean", + "description": "" }, "authStrategy": { "enum": [ @@ -9438,28 +9744,36 @@ "NoLocalAuthentication", "SmsCode" ], - "type": "string" + "type": "string", + "description": "" }, "defaultPasswordlessTokenExpiration": { - "type": "number" + "type": "number", + "description": "" }, "forceSameDeviceOnAuth": { - "type": "boolean" + "type": "boolean", + "description": "" }, "allowTenantInvitations": { - "type": "boolean" + "type": "boolean", + "description": "" }, "rotateRefreshTokens": { - "type": "boolean" + "type": "boolean", + "description": "" }, "skipTenantValidation": { - "type": "boolean" + "type": "boolean", + "description": "" }, "addRolesToJwt": { - "type": "boolean" + "type": "boolean", + "description": "" }, "addPermissionsToJwt": { - "type": "boolean" + "type": "boolean", + "description": "" } } }, @@ -9467,16 +9781,20 @@ "type": "object", "properties": { "id": { - "type": "string" + "type": "string", + "description": "" }, "defaultTokenExpiration": { - "type": "number" + "type": "number", + "description": "" }, "defaultRefreshTokenExpiration": { - "type": "number" + "type": "number", + "description": "" }, "publicKey": { - "type": "string" + "type": "string", + "description": "" }, "cookieSameSite": { "enum": [ @@ -9484,38 +9802,48 @@ "LAX", "NONE" ], - "type": "string" + "type": "string", + "description": "" }, "allowSignups": { - "type": "boolean" + "type": "boolean", + "description": "" }, "apiTokensEnabled": { - "type": "boolean" + "type": "boolean", + "description": "" }, "allowOverridePasswordComplexity": { - "type": "boolean" + "type": "boolean", + "description": "" }, "allowOverridePasswordExpiration": { - "type": "boolean" + "type": "boolean", + "description": "" }, "allowOverrideEnforcePasswordHistory": { - "type": "boolean" + "type": "boolean", + "description": "" }, "jwtAlgorithm": { "enum": [ "RS256", "HS256" ], - "type": "string" + "type": "string", + "description": "" }, "jwtSecret": { - "type": "string" + "type": "string", + "description": "" }, "allowNotVerifiedUsersLogin": { - "type": "boolean" + "type": "boolean", + "description": "" }, "forcePermissions": { - "type": "boolean" + "type": "boolean", + "description": "" }, "authStrategy": { "enum": [ @@ -9525,38 +9853,48 @@ "NoLocalAuthentication", "SmsCode" ], - "type": "string" + "type": "string", + "description": "" }, "defaultPasswordlessTokenExpiration": { - "type": "number" + "type": "number", + "description": "" }, "forceSameDeviceOnAuth": { - "type": "boolean" + "type": "boolean", + "description": "" }, "allowTenantInvitations": { - "type": "boolean" + "type": "boolean", + "description": "" }, "rotateRefreshTokens": { - "type": "boolean" + "type": "boolean", + "description": "" }, "machineToMachineAuthStrategy": { "enum": [ "ClientCredentials", "AccessToken" ], - "type": "string" + "type": "string", + "description": "" }, "addRolesToJwt": { - "type": "boolean" + "type": "boolean", + "description": "" }, "addPermissionsToJwt": { - "type": "boolean" + "type": "boolean", + "description": "" }, "refreshTokensRotationLimit": { - "type": "number" + "type": "number", + "description": "" }, "addSamlAttributesToJwt": { - "type": "boolean" + "type": "boolean", + "description": "" } }, "required": [ @@ -9590,10 +9928,12 @@ "type": "object", "properties": { "active": { - "type": "boolean" + "type": "boolean", + "description": "" }, "serviceName": { - "type": "string" + "type": "string", + "description": "" } }, "required": [ @@ -9605,11 +9945,13 @@ "type": "object", "properties": { "active": { - "type": "boolean" + "type": "boolean", + "description": "" }, "tokenLifetimeSeconds": { "type": "number", - "minimum": 300 + "minimum": 300, + "description": "" } }, "required": [ @@ -9621,14 +9963,17 @@ "type": "object", "properties": { "active": { - "type": "boolean" + "type": "boolean", + "description": "" }, "tokenLifetimeSeconds": { "type": "number", - "minimum": 300 + "minimum": 300, + "description": "" }, "sender": { - "type": "string" + "type": "string", + "description": "" } }, "required": [ @@ -9641,13 +9986,16 @@ "type": "object", "properties": { "authenticationApp": { - "$ref": "#/components/schemas/MfaAuthAppConfig" + "$ref": "#/components/schemas/MfaAuthAppConfig", + "description": "" }, "sms": { - "$ref": "#/components/schemas/MfaSmsConfig" + "$ref": "#/components/schemas/MfaSmsConfig", + "description": "" }, "email": { - "$ref": "#/components/schemas/MfaEmailConfig" + "$ref": "#/components/schemas/MfaEmailConfig", + "description": "" } } }, @@ -9655,10 +10003,12 @@ "type": "object", "properties": { "active": { - "type": "boolean" + "type": "boolean", + "description": "" }, "serviceName": { - "type": "string" + "type": "string", + "description": "" } }, "required": [ @@ -9670,10 +10020,12 @@ "type": "object", "properties": { "active": { - "type": "boolean" + "type": "boolean", + "description": "" }, "tokenLifetimeSeconds": { - "type": "number" + "type": "number", + "description": "" } }, "required": [ @@ -9685,13 +10037,16 @@ "type": "object", "properties": { "active": { - "type": "boolean" + "type": "boolean", + "description": "" }, "tokenLifetimeSeconds": { - "type": "number" + "type": "number", + "description": "" }, "sender": { - "type": "string" + "type": "string", + "description": "" } }, "required": [ @@ -9704,13 +10059,16 @@ "type": "object", "properties": { "authenticationApp": { - "$ref": "#/components/schemas/AuthenticationAppConfiguration" + "$ref": "#/components/schemas/AuthenticationAppConfiguration", + "description": "" }, "sms": { - "$ref": "#/components/schemas/SmsConfiguration" + "$ref": "#/components/schemas/SmsConfiguration", + "description": "" }, "email": { - "$ref": "#/components/schemas/EmailConfiguration" + "$ref": "#/components/schemas/EmailConfiguration", + "description": "" } }, "required": [ @@ -9723,22 +10081,28 @@ "type": "object", "properties": { "allowPassphrases": { - "type": "boolean" + "type": "boolean", + "description": "" }, "maxLength": { - "type": "number" + "type": "number", + "description": "" }, "minLength": { - "type": "number" + "type": "number", + "description": "" }, "minPhraseLength": { - "type": "number" + "type": "number", + "description": "" }, "minOptionalTestsToPass": { - "type": "number" + "type": "number", + "description": "" }, "blockPwnedPasswords": { - "type": "boolean" + "type": "boolean", + "description": "" } } }, @@ -9746,22 +10110,28 @@ "type": "object", "properties": { "allowPassphrases": { - "type": "boolean" + "type": "boolean", + "description": "" }, "maxLength": { - "type": "number" + "type": "number", + "description": "" }, "minLength": { - "type": "number" + "type": "number", + "description": "" }, "minPhraseLength": { - "type": "number" + "type": "number", + "description": "" }, "minOptionalTestsToPass": { - "type": "number" + "type": "number", + "description": "" }, "blockPwnedPasswords": { - "type": "boolean" + "type": "boolean", + "description": "" } }, "required": [ @@ -9797,24 +10167,30 @@ "type": "object", "properties": { "id": { - "type": "string" + "type": "string", + "description": "" }, "enforceMFAType": { - "type": "string" + "type": "string", + "description": "" }, "allowRememberMyDevice": { - "type": "boolean" + "type": "boolean", + "description": "" }, "mfaDeviceExpiration": { - "type": "number" + "type": "number", + "description": "" }, "createdAt": { "format": "date-time", - "type": "string" + "type": "string", + "description": "" }, "updatedAt": { "format": "date-time", - "type": "string" + "type": "string", + "description": "" } }, "required": [ @@ -9847,21 +10223,26 @@ "type": "object", "properties": { "id": { - "type": "string" + "type": "string", + "description": "" }, "enabled": { - "type": "boolean" + "type": "boolean", + "description": "" }, "maxAttempts": { - "type": "number" + "type": "number", + "description": "" }, "createdAt": { "format": "date-time", - "type": "string" + "type": "string", + "description": "" }, "updatedAt": { "format": "date-time", - "type": "string" + "type": "string", + "description": "" } }, "required": [ @@ -9897,21 +10278,26 @@ "type": "object", "properties": { "id": { - "type": "string" + "type": "string", + "description": "" }, "enabled": { - "type": "boolean" + "type": "boolean", + "description": "" }, "historySize": { - "type": "number" + "type": "number", + "description": "" }, "createdAt": { "format": "date-time", - "type": "string" + "type": "string", + "description": "" }, "updatedAt": { "format": "date-time", - "type": "string" + "type": "string", + "description": "" } }, "required": [ @@ -9926,16 +10312,20 @@ "type": "object", "properties": { "enabled": { - "type": "boolean" + "type": "boolean", + "description": "" }, "siteKey": { - "type": "string" + "type": "string", + "description": "" }, "secretKey": { - "type": "string" + "type": "string", + "description": "" }, "minScore": { - "type": "number" + "type": "number", + "description": "" }, "ignoredEmails": { "description": "Captcha validation will be skipped for those emails.", @@ -9956,33 +10346,41 @@ "type": "object", "properties": { "id": { - "type": "string" + "type": "string", + "description": "" }, "siteKey": { - "type": "string" + "type": "string", + "description": "" }, "secretKey": { - "type": "string" + "type": "string", + "description": "" }, "enabled": { - "type": "boolean" + "type": "boolean", + "description": "" }, "minScore": { - "type": "number" + "type": "number", + "description": "" }, "ignoredEmails": { "type": "array", "items": { "type": "string" - } + }, + "description": "" }, "createdAt": { "format": "date-time", - "type": "string" + "type": "string", + "description": "" }, "updatedAt": { "format": "date-time", - "type": "string" + "type": "string", + "description": "" } }, "required": [ @@ -10028,10 +10426,12 @@ "UnlockUserSuccess", "ActivateUserWithCode", "InviteToTenantWithCode" - ] + ], + "description": "" }, "senderEmail": { - "type": "string" + "type": "string", + "description": "" }, "redirectURL": { "type": "string", @@ -10039,19 +10439,24 @@ }, "htmlTemplate": { "type": "string", - "maxLength": 100000 + "maxLength": 100000, + "description": "" }, "subject": { - "type": "string" + "type": "string", + "description": "" }, "fromName": { - "type": "string" + "type": "string", + "description": "" }, "successRedirectUrl": { - "type": "string" + "type": "string", + "description": "" }, "active": { - "type": "boolean" + "type": "boolean", + "description": "" } }, "required": [ @@ -10062,34 +10467,44 @@ "type": "object", "properties": { "htmlTemplate": { - "type": "string" + "type": "string", + "description": "" }, "senderEmail": { - "type": "string" + "type": "string", + "description": "" }, "redirectURL": { - "type": "string" + "type": "string", + "description": "" }, "successRedirectUrl": { - "type": "string" + "type": "string", + "description": "" }, "subject": { - "type": "string" + "type": "string", + "description": "" }, "fromName": { - "type": "string" + "type": "string", + "description": "" }, "active": { - "type": "boolean" + "type": "boolean", + "description": "" }, "type": { - "type": "object" + "type": "object", + "description": "" }, "redirectURLPattern": { - "type": "string" + "type": "string", + "description": "" }, "successRedirectUrlPattern": { - "type": "string" + "type": "string", + "description": "" } }, "required": [ @@ -10107,7 +10522,8 @@ "type": "object", "properties": { "secret": { - "type": "string" + "type": "string", + "description": "" } }, "required": [ @@ -10118,21 +10534,25 @@ "type": "object", "properties": { "secret": { - "type": "string" + "type": "string", + "description": "" }, "createdAt": { "format": "date-time", - "type": "string" + "type": "string", + "description": "" }, "updatedAt": { "format": "date-time", - "type": "string" + "type": "string", + "description": "" }, "extension": { "type": "array", "items": { "type": "object" - } + }, + "description": "" }, "provider": { "type": "string", @@ -10141,7 +10561,8 @@ "mailgun", "ses", "ses-role" - ] + ], + "description": "" } }, "required": [ @@ -10159,10 +10580,12 @@ "type": "string", "enum": [ "sendgrid" - ] + ], + "description": "" }, "secret": { - "type": "string" + "type": "string", + "description": "" } }, "required": [ @@ -10177,16 +10600,20 @@ "type": "string", "enum": [ "ses" - ] + ], + "description": "" }, "secret": { - "type": "string" + "type": "string", + "description": "" }, "id": { - "type": "string" + "type": "string", + "description": "" }, "region": { - "type": "string" + "type": "string", + "description": "" } }, "required": [ @@ -10203,13 +10630,16 @@ "type": "string", "enum": [ "mailgun" - ] + ], + "description": "" }, "secret": { - "type": "string" + "type": "string", + "description": "" }, "domain": { - "type": "string" + "type": "string", + "description": "" }, "region": { "default": "us", @@ -10219,7 +10649,8 @@ "EU": "eu" } ], - "type": "number" + "type": "number", + "description": "" } }, "required": [ @@ -10236,13 +10667,16 @@ "type": "string", "enum": [ "ses-role" - ] + ], + "description": "" }, "secret": { - "type": "string" + "type": "string", + "description": "" }, "region": { - "type": "string" + "type": "string", + "description": "" } }, "required": [ @@ -10259,7 +10693,8 @@ "description": "Extra data that will be encoded as part of the JWT" }, "description": { - "type": "string" + "type": "string", + "description": "" }, "roleIds": { "description": "Array of role ids. Either this or permissionIds must be provided, but not both.", @@ -10281,21 +10716,26 @@ "type": "object", "properties": { "clientId": { - "type": "string" + "type": "string", + "description": "" }, "description": { "type": "string", - "nullable": true + "nullable": true, + "description": "" }, "tenantId": { - "type": "string" + "type": "string", + "description": "" }, "secret": { - "type": "string" + "type": "string", + "description": "" }, "createdByUserId": { "type": "string", - "nullable": true + "nullable": true, + "description": "" }, "metadata": { "type": "object", @@ -10303,7 +10743,8 @@ }, "createdAt": { "format": "date-time", - "type": "string" + "type": "string", + "description": "" }, "permissionIds": { "description": "Array of permission ids", @@ -10321,7 +10762,8 @@ }, "expires": { "format": "date-time", - "type": "string" + "type": "string", + "description": "" } }, "required": [ @@ -10338,18 +10780,22 @@ "type": "object", "properties": { "clientId": { - "type": "string" + "type": "string", + "description": "" }, "description": { "type": "string", - "nullable": true + "nullable": true, + "description": "" }, "tenantId": { - "type": "string" + "type": "string", + "description": "" }, "createdByUserId": { "type": "string", - "nullable": true + "nullable": true, + "description": "" }, "metadata": { "type": "object", @@ -10357,7 +10803,8 @@ }, "createdAt": { "format": "date-time", - "type": "string" + "type": "string", + "description": "" }, "permissionIds": { "description": "Array of permission ids. Either this or roleIds will be present, but not both.", @@ -10375,7 +10822,8 @@ }, "expires": { "format": "date-time", - "type": "string" + "type": "string", + "description": "" } }, "required": [ @@ -10394,7 +10842,8 @@ "type": "object", "properties": { "description": { - "type": "string" + "type": "string", + "description": "" }, "roleIds": { "description": "Array of role ids", @@ -10416,18 +10865,22 @@ "type": "object", "properties": { "clientId": { - "type": "string" + "type": "string", + "description": "" }, "description": { "type": "string", - "nullable": true + "nullable": true, + "description": "" }, "tenantId": { - "type": "string" + "type": "string", + "description": "" }, "createdByUserId": { "type": "string", - "nullable": true + "nullable": true, + "description": "" }, "metadata": { "type": "object", @@ -10435,7 +10888,8 @@ }, "createdAt": { "format": "date-time", - "type": "string" + "type": "string", + "description": "" }, "permissionIds": { "description": "Array of permission ids", @@ -10453,7 +10907,8 @@ }, "expires": { "format": "date-time", - "type": "string" + "type": "string", + "description": "" } }, "required": [ @@ -10473,7 +10928,8 @@ "description": "Extra data that will be encoded as part of the JWT" }, "description": { - "type": "string" + "type": "string", + "description": "" }, "expiresInMinutes": { "type": "number", @@ -10487,10 +10943,12 @@ "type": "object", "properties": { "clientId": { - "type": "string" + "type": "string", + "description": "" }, "description": { - "type": "string" + "type": "string", + "description": "" }, "metadata": { "type": "object", @@ -10498,14 +10956,17 @@ }, "createdAt": { "format": "date-time", - "type": "string" + "type": "string", + "description": "" }, "secret": { - "type": "string" + "type": "string", + "description": "" }, "expires": { "format": "date-time", - "type": "string" + "type": "string", + "description": "" } }, "required": [ @@ -10520,10 +10981,12 @@ "type": "object", "properties": { "clientId": { - "type": "string" + "type": "string", + "description": "" }, "description": { - "type": "string" + "type": "string", + "description": "" }, "metadata": { "type": "object", @@ -10531,11 +10994,13 @@ }, "createdAt": { "format": "date-time", - "type": "string" + "type": "string", + "description": "" }, "expires": { "format": "date-time", - "type": "string" + "type": "string", + "description": "" } }, "required": [ @@ -10549,45 +11014,57 @@ "type": "object", "properties": { "id": { - "type": "string" + "type": "string", + "description": "" }, "vendorId": { - "type": "string" + "type": "string", + "description": "" }, "tenantId": { - "type": "string" + "type": "string", + "description": "" }, "key": { - "type": "string" + "type": "string", + "description": "" }, "name": { - "type": "string" + "type": "string", + "description": "" }, "description": { - "type": "string" + "type": "string", + "description": "" }, "isDefault": { - "type": "boolean" + "type": "boolean", + "description": "" }, "firstUserRole": { - "type": "boolean" + "type": "boolean", + "description": "" }, "level": { - "type": "number" + "type": "number", + "description": "" }, "createdAt": { "format": "date-time", - "type": "string" + "type": "string", + "description": "" }, "updatedAt": { "format": "date-time", - "type": "string" + "type": "string", + "description": "" }, "permissions": { "type": "array", "items": { "type": "string" - } + }, + "description": "" } }, "required": [ @@ -10609,20 +11086,24 @@ "type": "object", "properties": { "tenantId": { - "type": "string" + "type": "string", + "description": "" }, "roles": { "type": "array", "items": { "$ref": "#/components/schemas/RoleResponse" - } + }, + "description": "" }, "temporaryExpirationDate": { "format": "date-time", - "type": "string" + "type": "string", + "description": "" }, "isDisabled": { - "type": "boolean" + "type": "boolean", + "description": "" } }, "required": [ @@ -10634,96 +11115,121 @@ "type": "object", "properties": { "id": { - "type": "string" + "type": "string", + "description": "" }, "email": { - "type": "string" + "type": "string", + "description": "" }, "name": { - "type": "string" + "type": "string", + "description": "" }, "profilePictureUrl": { - "type": "string" + "type": "string", + "description": "" }, "sub": { - "type": "string" + "type": "string", + "description": "" }, "verified": { - "type": "boolean" + "type": "boolean", + "description": "" }, "mfaEnrolled": { - "type": "boolean" + "type": "boolean", + "description": "" }, "mfaBypass": { - "type": "boolean" + "type": "boolean", + "description": "" }, "phoneNumber": { - "type": "string" + "type": "string", + "description": "" }, "roles": { "type": "array", "items": { "$ref": "#/components/schemas/RoleResponse" - } + }, + "description": "" }, "permissions": { "type": "array", "items": { "$ref": "#/components/schemas/PermissionResponse" - } + }, + "description": "" }, "provider": { - "type": "string" + "type": "string", + "description": "" }, "tenantId": { - "type": "string" + "type": "string", + "description": "" }, "tenantIds": { "type": "array", "items": { "type": "string" - } + }, + "description": "" }, "activatedForTenant": { - "type": "boolean" + "type": "boolean", + "description": "" }, "isLocked": { - "type": "boolean" + "type": "boolean", + "description": "" }, "tenants": { "type": "array", "items": { "$ref": "#/components/schemas/UserTenantDto" - } + }, + "description": "" }, "invisible": { - "type": "boolean" + "type": "boolean", + "description": "" }, "superUser": { - "type": "boolean" + "type": "boolean", + "description": "" }, "metadata": { - "type": "string" + "type": "string", + "description": "" }, "vendorMetadata": { - "type": "string" + "type": "string", + "description": "" }, "createdAt": { "format": "date-time", - "type": "string" + "type": "string", + "description": "" }, "lastLogin": { "format": "date-time", - "type": "string" + "type": "string", + "description": "" }, "groups": { "type": "array", "items": { "type": "object" - } + }, + "description": "" }, "subAccountAccessAllowed": { - "type": "boolean" + "type": "boolean", + "description": "" }, "managedBy": { "enum": [ @@ -10731,7 +11237,8 @@ "scim2", "external" ], - "type": "string" + "type": "string", + "description": "" } }, "required": [ @@ -10757,10 +11264,12 @@ "type": "object", "properties": { "email": { - "type": "string" + "type": "string", + "description": "" }, "password": { - "type": "string" + "type": "string", + "description": "" } }, "required": [ @@ -10776,13 +11285,16 @@ "type": "object", "properties": { "email": { - "type": "string" + "type": "string", + "description": "" }, "name": { - "type": "string" + "type": "string", + "description": "" }, "password": { - "type": "string" + "type": "string", + "description": "" }, "metadata": { "type": "string", @@ -10800,7 +11312,8 @@ } }, "tenantId": { - "type": "string" + "type": "string", + "description": "" }, "expirationInSeconds": { "type": "number", @@ -10820,16 +11333,20 @@ "type": "object", "properties": { "tenantId": { - "type": "string" + "type": "string", + "description": "" }, "userId": { - "type": "string" + "type": "string", + "description": "" }, "expiresInMinutes": { - "type": "number" + "type": "number", + "description": "" }, "shouldSendEmail": { - "type": "boolean" + "type": "boolean", + "description": "" } }, "required": [ @@ -10840,29 +11357,37 @@ "type": "object", "properties": { "id": { - "type": "string" + "type": "string", + "description": "" }, "vendorId": { - "type": "string" + "type": "string", + "description": "" }, "tenantId": { - "type": "string" + "type": "string", + "description": "" }, "userId": { - "type": "string" + "type": "string", + "description": "" }, "token": { - "type": "string" + "type": "string", + "description": "" }, "expires": { "format": "date-time", - "type": "string" + "type": "string", + "description": "" }, "shouldSendEmail": { - "type": "boolean" + "type": "boolean", + "description": "" }, "name": { - "type": "string" + "type": "string", + "description": "" } }, "required": [ @@ -10878,10 +11403,12 @@ "type": "object", "properties": { "expiresInMinutes": { - "type": "number" + "type": "number", + "description": "" }, "shouldSendEmail": { - "type": "boolean" + "type": "boolean", + "description": "" } }, "required": [ @@ -10893,10 +11420,12 @@ "type": "object", "properties": { "expiresInMinutes": { - "type": "number" + "type": "number", + "description": "" }, "shouldSendEmail": { - "type": "boolean" + "type": "boolean", + "description": "" } } }, @@ -10904,7 +11433,8 @@ "type": "object", "properties": { "token": { - "type": "string" + "type": "string", + "description": "" } }, "required": [ @@ -10915,10 +11445,12 @@ "type": "object", "properties": { "tenantInvitationsAllowed": { - "type": "boolean" + "type": "boolean", + "description": "" }, "emailsEnabled": { - "type": "boolean" + "type": "boolean", + "description": "" } }, "required": [ @@ -10930,12 +11462,14 @@ "type": "object", "properties": { "isActive": { - "type": "boolean" + "type": "boolean", + "description": "" }, "timeout": { "type": "number", "minimum": 60, - "maximum": 2073600 + "maximum": 2073600, + "description": "" } }, "required": [ @@ -10947,11 +11481,13 @@ "type": "object", "properties": { "isActive": { - "type": "boolean" + "type": "boolean", + "description": "" }, "timeout": { "type": "number", - "minimum": 60 + "minimum": 60, + "description": "" } }, "required": [ @@ -10963,11 +11499,13 @@ "type": "object", "properties": { "isActive": { - "type": "boolean" + "type": "boolean", + "description": "" }, "maxSessions": { "type": "number", - "minimum": 1 + "minimum": 1, + "description": "" } }, "required": [ @@ -10979,13 +11517,16 @@ "type": "object", "properties": { "sessionIdleTimeoutConfiguration": { - "$ref": "#/components/schemas/SessionIdleTimeoutConfigurationDto" + "$ref": "#/components/schemas/SessionIdleTimeoutConfigurationDto", + "description": "" }, "sessionTimeoutConfiguration": { - "$ref": "#/components/schemas/SessionTimeoutConfigurationDto" + "$ref": "#/components/schemas/SessionTimeoutConfigurationDto", + "description": "" }, "sessionConcurrentConfiguration": { - "$ref": "#/components/schemas/SessionConcurrentConfigurationDto" + "$ref": "#/components/schemas/SessionConcurrentConfigurationDto", + "description": "" } } }, @@ -10999,10 +11540,12 @@ "WebAuthnCrossPlatform", "SMS" ], - "type": "string" + "type": "string", + "description": "" }, "isActive": { - "type": "boolean" + "type": "boolean", + "description": "" } }, "required": [ @@ -11017,7 +11560,8 @@ "type": "array", "items": { "$ref": "#/components/schemas/MFAStrategyResponse" - } + }, + "description": "" } }, "required": [ @@ -11028,7 +11572,8 @@ "type": "object", "properties": { "isActive": { - "type": "boolean" + "type": "boolean", + "description": "" }, "strategy": { "type": "string", @@ -11037,7 +11582,8 @@ "WebAuthnPlatform", "WebAuthnCrossPlatform", "SMS" - ] + ], + "description": "" } }, "required": [ @@ -11049,39 +11595,50 @@ "type": "object", "properties": { "id": { - "type": "string" + "type": "string", + "description": "" }, "vendorId": { - "type": "string" + "type": "string", + "description": "" }, "tenantId": { - "type": "string" + "type": "string", + "description": "" }, "key": { - "type": "string" + "type": "string", + "description": "" }, "name": { - "type": "string" + "type": "string", + "description": "" }, "description": { - "type": "string" + "type": "string", + "description": "" }, "isDefault": { - "type": "boolean" + "type": "boolean", + "description": "" }, "firstUserRole": { - "type": "boolean" + "type": "boolean", + "description": "" }, "level": { - "type": "number" + "type": "number", + "description": "" }, "createdAt": { "format": "date-time", - "type": "string" + "type": "string", + "description": "" }, "updatedAt": { "format": "date-time", - "type": "string" + "type": "string", + "description": "" } }, "required": [ @@ -11102,23 +11659,29 @@ "type": "object", "properties": { "id": { - "type": "string" + "type": "string", + "description": "" }, "email": { - "type": "string" + "type": "string", + "description": "" }, "name": { - "type": "string" + "type": "string", + "description": "" }, "profilePictureUrl": { - "type": "string" + "type": "string", + "description": "" }, "createdAt": { "format": "date-time", - "type": "string" + "type": "string", + "description": "" }, "activatedForTenant": { - "type": "boolean" + "type": "boolean", + "description": "" } }, "required": [ @@ -11134,46 +11697,56 @@ "type": "object", "properties": { "id": { - "type": "string" + "type": "string", + "description": "" }, "name": { - "type": "string" + "type": "string", + "description": "" }, "color": { - "type": "string" + "type": "string", + "description": "" }, "description": { - "type": "string" + "type": "string", + "description": "" }, "metadata": { - "type": "string" + "type": "string", + "description": "" }, "roles": { "type": "array", "items": { "$ref": "#/components/schemas/RoleDto" - } + }, + "description": "" }, "users": { "type": "array", "items": { "$ref": "#/components/schemas/GroupUserDto" - } + }, + "description": "" }, "managedBy": { "enum": [ "frontegg", "scim2" ], - "type": "string" + "type": "string", + "description": "" }, "createdAt": { "format": "date-time", - "type": "string" + "type": "string", + "description": "" }, "updatedAt": { "format": "date-time", - "type": "string" + "type": "string", + "description": "" } }, "required": [ @@ -11196,7 +11769,8 @@ "type": "array", "items": { "$ref": "#/components/schemas/GroupResponse" - } + }, + "description": "" } }, "required": [ @@ -11269,10 +11843,12 @@ "type": "object", "properties": { "enabled": { - "type": "boolean" + "type": "boolean", + "description": "" }, "rolesEnabled": { - "type": "boolean" + "type": "boolean", + "description": "" } }, "required": [ @@ -11337,7 +11913,8 @@ "type": "object", "properties": { "tenantId": { - "type": "string" + "type": "string", + "description": "" }, "status": { "type": "string", @@ -11346,7 +11923,8 @@ "PendingLogin", "Activated", "NotActivated" - ] + ], + "description": "" } }, "required": [ @@ -11358,7 +11936,8 @@ "type": "object", "properties": { "userId": { - "type": "string" + "type": "string", + "description": "" }, "tenantsStatuses": { "description": "Tenants Statuses", @@ -11377,13 +11956,16 @@ "type": "object", "properties": { "key": { - "type": "string" + "type": "string", + "description": "" }, "name": { - "type": "string" + "type": "string", + "description": "" }, "description": { - "type": "string" + "type": "string", + "description": "" }, "isDefault": { "type": "boolean", @@ -11432,13 +12014,16 @@ "description": "Role level for roles elevation, lower level means stronger role." }, "key": { - "type": "string" + "type": "string", + "description": "" }, "name": { - "type": "string" + "type": "string", + "description": "" }, "description": { - "type": "string" + "type": "string", + "description": "" } } }, @@ -11461,13 +12046,16 @@ "type": "object", "properties": { "key": { - "type": "string" + "type": "string", + "description": "" }, "name": { - "type": "string" + "type": "string", + "description": "" }, "description": { - "type": "string" + "type": "string", + "description": "" }, "isDefault": { "type": "boolean", @@ -11481,7 +12069,8 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "" } }, "required": [ @@ -11495,31 +12084,39 @@ "type": "object", "properties": { "id": { - "type": "string" + "type": "string", + "description": "" }, "vendorId": { - "type": "string" + "type": "string", + "description": "" }, "tenantId": { - "type": "string" + "type": "string", + "description": "" }, "key": { - "type": "string" + "type": "string", + "description": "" }, "name": { - "type": "string" + "type": "string", + "description": "" }, "description": { - "type": "string" + "type": "string", + "description": "" }, "isDefault": { - "type": "boolean" + "type": "boolean", + "description": "" }, "permissions": { "type": "array", "items": { "type": "string" - } + }, + "description": "" } }, "required": [ @@ -11538,7 +12135,8 @@ "properties": { "expirationInSeconds": { "type": "number", - "minimum": 300 + "minimum": 300, + "description": "" } }, "required": [ @@ -11549,7 +12147,8 @@ "type": "object", "properties": { "enabled": { - "type": "boolean" + "type": "boolean", + "description": "" } }, "required": [ @@ -11560,24 +12159,30 @@ "type": "object", "properties": { "id": { - "type": "string" + "type": "string", + "description": "" }, "userId": { - "type": "string" + "type": "string", + "description": "" }, "phoneNumber": { - "type": "string" + "type": "string", + "description": "" }, "verified": { - "type": "boolean" + "type": "boolean", + "description": "" }, "createdAt": { "format": "date-time", - "type": "string" + "type": "string", + "description": "" }, "updatedAt": { "format": "date-time", - "type": "string" + "type": "string", + "description": "" } }, "required": [ @@ -11648,20 +12253,25 @@ "properties": { "email": { "type": "string", - "format": "email" + "format": "email", + "description": "" }, "name": { - "type": "string" + "type": "string", + "description": "" }, "profilePictureUrl": { "type": "string", - "maxLength": 4095 + "maxLength": 4095, + "description": "" }, "password": { - "type": "string" + "type": "string", + "description": "" }, "phoneNumber": { - "type": "string" + "type": "string", + "description": "" }, "provider": { "type": "string", @@ -11676,7 +12286,8 @@ "scim2", "slack", "apple" - ] + ], + "description": "" }, "metadata": { "type": "string", @@ -11684,16 +12295,19 @@ "example": "{}" }, "skipInviteEmail": { - "type": "boolean" + "type": "boolean", + "description": "" }, "roleIds": { "type": "array", "items": { "type": "string" - } + }, + "description": "" }, "emailMetadata": { - "type": "object" + "type": "object", + "description": "" }, "expirationInSeconds": { "type": "number", @@ -11701,7 +12315,8 @@ "description": "Temporary user expiration in seconds" }, "verified": { - "type": "boolean" + "type": "boolean", + "description": "" } }, "required": [ @@ -11715,7 +12330,8 @@ "type": "array", "items": { "$ref": "#/components/schemas/UserBulkInviteRequestDto" - } + }, + "description": "" } }, "required": [ @@ -11730,13 +12346,16 @@ "type": "object", "properties": { "domain": { - "type": "string" + "type": "string", + "description": "" }, "clientId": { - "type": "string" + "type": "string", + "description": "" }, "secret": { - "type": "string" + "type": "string", + "description": "" }, "tenantIdFieldName": { "type": "string", @@ -11772,7 +12391,8 @@ "description": "The password hash. For SCrypt should include the salt and key seperated by the salt separator" }, "passwordHashType": { - "$ref": "#/components/schemas/PasswordHashingType" + "$ref": "#/components/schemas/PasswordHashingType", + "description": "" }, "passwordHashConfig": { "type": "string", @@ -11796,7 +12416,8 @@ "slack", "apple" ], - "default": "local" + "default": "local", + "description": "" }, "metadata": { "type": "string", @@ -11816,20 +12437,25 @@ } }, "email": { - "type": "string" + "type": "string", + "description": "" }, "tenantId": { - "type": "string" + "type": "string", + "description": "" }, "name": { - "type": "string" + "type": "string", + "description": "" }, "profilePictureUrl": { "type": "string", - "maxLength": 4095 + "maxLength": 4095, + "description": "" }, "authenticatorAppMfaSecret": { - "type": "string" + "type": "string", + "description": "" } }, "required": [ @@ -11844,7 +12470,8 @@ "type": "array", "items": { "$ref": "#/components/schemas/MigrateUserRequest" - } + }, + "description": "" } }, "required": [ @@ -11855,7 +12482,8 @@ "type": "object", "properties": { "migrationId": { - "type": "string" + "type": "string", + "description": "" } }, "required": [ @@ -11870,7 +12498,8 @@ "type": "object", "properties": { "allowAccess": { - "type": "boolean" + "type": "boolean", + "description": "" } }, "required": [ @@ -11882,10 +12511,12 @@ "properties": { "email": { "type": "string", - "format": "email" + "format": "email", + "description": "" }, "emailMetadata": { - "type": "object" + "type": "object", + "description": "" } }, "required": [ @@ -11896,13 +12527,16 @@ "type": "object", "properties": { "userId": { - "type": "string" + "type": "string", + "description": "" }, "token": { - "type": "string" + "type": "string", + "description": "" }, "password": { - "type": "string" + "type": "string", + "description": "" } }, "required": [ @@ -11915,10 +12549,12 @@ "type": "object", "properties": { "password": { - "type": "string" + "type": "string", + "description": "" }, "newPassword": { - "type": "string" + "type": "string", + "description": "" } }, "required": [ @@ -11931,10 +12567,12 @@ "properties": { "email": { "type": "string", - "format": "email" + "format": "email", + "description": "" }, "emailMetadata": { - "type": "object" + "type": "object", + "description": "" } }, "required": [ @@ -11946,37 +12584,48 @@ "type": "object", "properties": { "type": { - "type": "string" + "type": "string", + "description": "" }, "clientId": { - "type": "string" + "type": "string", + "description": "" }, "secret": { - "type": "string" + "type": "string", + "description": "" }, "redirectUrl": { - "type": "string" + "type": "string", + "description": "" }, "authorizationUrl": { - "type": "string" + "type": "string", + "description": "" }, "tokenUrl": { - "type": "string" + "type": "string", + "description": "" }, "userInfoUrl": { - "type": "string" + "type": "string", + "description": "" }, "scopes": { - "type": "string" + "type": "string", + "description": "" }, "ssoLogoUrl": { - "type": "string" + "type": "string", + "description": "" }, "displayName": { - "type": "string" + "type": "string", + "description": "" }, "active": { - "type": "boolean" + "type": "boolean", + "description": "" } }, "required": [ @@ -11997,37 +12646,48 @@ "type": "object", "properties": { "type": { - "type": "string" + "type": "string", + "description": "" }, "clientId": { - "type": "string" + "type": "string", + "description": "" }, "secret": { - "type": "string" + "type": "string", + "description": "" }, "redirectUrl": { - "type": "string" + "type": "string", + "description": "" }, "authorizationUrl": { - "type": "string" + "type": "string", + "description": "" }, "tokenUrl": { - "type": "string" + "type": "string", + "description": "" }, "userInfoUrl": { - "type": "string" + "type": "string", + "description": "" }, "scopes": { - "type": "string" + "type": "string", + "description": "" }, "ssoLogoUrl": { - "type": "string" + "type": "string", + "description": "" }, "displayName": { - "type": "string" + "type": "string", + "description": "" }, "active": { - "type": "boolean" + "type": "boolean", + "description": "" } } }, @@ -12035,13 +12695,15 @@ "type": "object", "properties": { "userId": { - "type": "string" + "type": "string", + "description": "" }, "appIds": { "type": "array", "items": { "type": "string" - } + }, + "description": "" } }, "required": [ @@ -12053,13 +12715,15 @@ "type": "object", "properties": { "appId": { - "type": "string" + "type": "string", + "description": "" }, "userIds": { "type": "array", "items": { "type": "string" - } + }, + "description": "" } }, "required": [ @@ -12071,16 +12735,19 @@ "type": "object", "properties": { "appId": { - "type": "string" + "type": "string", + "description": "" }, "tenantId": { - "type": "string" + "type": "string", + "description": "" }, "userIds": { "type": "array", "items": { "type": "string" - } + }, + "description": "" } }, "required": [ @@ -12093,14 +12760,17 @@ "type": "object", "properties": { "appId": { - "type": "string" + "type": "string", + "description": "" }, "userTenantId": { - "type": "string" + "type": "string", + "description": "" }, "createdAt": { "format": "date-time", - "type": "string" + "type": "string", + "description": "" } }, "required": [ @@ -12113,16 +12783,19 @@ "type": "object", "properties": { "userId": { - "type": "string" + "type": "string", + "description": "" }, "tenantId": { - "type": "string" + "type": "string", + "description": "" }, "appIds": { "type": "array", "items": { "type": "string" - } + }, + "description": "" } }, "required": [ @@ -12135,16 +12808,19 @@ "type": "object", "properties": { "appId": { - "type": "string" + "type": "string", + "description": "" }, "tenantId": { - "type": "string" + "type": "string", + "description": "" }, "userIds": { "type": "array", "items": { "type": "string" - } + }, + "description": "" } }, "required": [ @@ -12157,16 +12833,19 @@ "type": "object", "properties": { "userId": { - "type": "string" + "type": "string", + "description": "" }, "tenantId": { - "type": "string" + "type": "string", + "description": "" }, "appIds": { "type": "array", "items": { "type": "string" - } + }, + "description": "" } }, "required": [ @@ -12179,10 +12858,12 @@ "type": "object", "properties": { "tenantId": { - "type": "string" + "type": "string", + "description": "" }, "applicationId": { - "type": "string" + "type": "string", + "description": "" } }, "required": [ @@ -12197,7 +12878,8 @@ "type": "array", "items": { "$ref": "#/components/schemas/UserApplicationActiveTenantResponse" - } + }, + "description": "" } }, "required": [ @@ -12263,7 +12945,8 @@ "type": "object", "properties": { "token": { - "type": "string" + "type": "string", + "description": "" } } }, @@ -12279,10 +12962,12 @@ "type": "object", "properties": { "otcToken": { - "type": "string" + "type": "string", + "description": "" }, "code": { - "type": "string" + "type": "string", + "description": "" } }, "required": [ @@ -12294,7 +12979,8 @@ "type": "object", "properties": { "email": { - "type": "string" + "type": "string", + "description": "" } }, "required": [ @@ -12305,78 +12991,100 @@ "type": "object", "properties": { "id": { - "type": "string" + "type": "string", + "description": "" }, "email": { - "type": "string" + "type": "string", + "description": "" }, "name": { - "type": "string" + "type": "string", + "description": "" }, "profilePictureUrl": { - "type": "string" + "type": "string", + "description": "" }, "sub": { - "type": "string" + "type": "string", + "description": "" }, "verified": { - "type": "boolean" + "type": "boolean", + "description": "" }, "mfaEnrolled": { - "type": "boolean" + "type": "boolean", + "description": "" }, "mfaBypass": { - "type": "boolean" + "type": "boolean", + "description": "" }, "phoneNumber": { - "type": "string" + "type": "string", + "description": "" }, "provider": { - "type": "string" + "type": "string", + "description": "" }, "tenantId": { - "type": "string" + "type": "string", + "description": "" }, "tenantIds": { "type": "array", "items": { "type": "string" - } + }, + "description": "" }, "activatedForTenant": { - "type": "boolean" + "type": "boolean", + "description": "" }, "isLocked": { - "type": "boolean" + "type": "boolean", + "description": "" }, "tenants": { "type": "array", "items": { "$ref": "#/components/schemas/UserTenantDto" - } + }, + "description": "" }, "invisible": { - "type": "boolean" + "type": "boolean", + "description": "" }, "superUser": { - "type": "boolean" + "type": "boolean", + "description": "" }, "metadata": { - "type": "string" + "type": "string", + "description": "" }, "vendorMetadata": { - "type": "string" + "type": "string", + "description": "" }, "createdAt": { "format": "date-time", - "type": "string" + "type": "string", + "description": "" }, "lastLogin": { "format": "date-time", - "type": "string" + "type": "string", + "description": "" }, "subAccountAccessAllowed": { - "type": "boolean" + "type": "boolean", + "description": "" }, "managedBy": { "enum": [ @@ -12384,7 +13092,8 @@ "scim2", "external" ], - "type": "string" + "type": "string", + "description": "" } }, "required": [ @@ -12416,7 +13125,8 @@ "type": "object", "properties": { "token": { - "type": "string" + "type": "string", + "description": "" } }, "required": [ @@ -12428,20 +13138,25 @@ "properties": { "email": { "type": "string", - "format": "email" + "format": "email", + "description": "" }, "name": { - "type": "string" + "type": "string", + "description": "" }, "profilePictureUrl": { "type": "string", - "maxLength": 4095 + "maxLength": 4095, + "description": "" }, "password": { - "type": "string" + "type": "string", + "description": "" }, "phoneNumber": { - "type": "string" + "type": "string", + "description": "" }, "provider": { "type": "string", @@ -12456,7 +13171,8 @@ "scim2", "slack", "apple" - ] + ], + "description": "" }, "metadata": { "type": "string", @@ -12464,16 +13180,19 @@ "example": "{}" }, "skipInviteEmail": { - "type": "boolean" + "type": "boolean", + "description": "" }, "roleIds": { "type": "array", "items": { "type": "string" - } + }, + "description": "" }, "emailMetadata": { - "type": "object" + "type": "object", + "description": "" }, "expirationInSeconds": { "type": "number", @@ -12489,49 +13208,61 @@ "type": "object", "properties": { "id": { - "type": "string" + "type": "string", + "description": "" }, "email": { - "type": "string" + "type": "string", + "description": "" }, "verified": { - "type": "boolean" + "type": "boolean", + "description": "" }, "name": { - "type": "string" + "type": "string", + "description": "" }, "profilePictureUrl": { - "type": "string" + "type": "string", + "description": "" }, "roles": { "type": "array", "items": { "type": "string" - } + }, + "description": "" }, "permissions": { "type": "array", "items": { "type": "string" - } + }, + "description": "" }, "metadata": { - "type": "string" + "type": "string", + "description": "" }, "createdAt": { "format": "date-time", - "type": "string" + "type": "string", + "description": "" }, "lastLogin": { "format": "date-time", - "type": "string" + "type": "string", + "description": "" }, "activatedForTenant": { - "type": "boolean" + "type": "boolean", + "description": "" }, "temporaryExpirationDate": { "format": "date-time", - "type": "string" + "type": "string", + "description": "" } } }, @@ -12540,12 +13271,14 @@ "properties": { "phoneNumber": { "type": "string", - "pattern": "^\\+[1-9]{1}(\\-?)(([0-9])(\\-?)){5,13}(([0-9]$){1})" + "pattern": "^\\+[1-9]{1}(\\-?)(([0-9])(\\-?)){5,13}(([0-9]$){1})", + "description": "" }, "profilePictureUrl": { "type": "string", "nullable": true, - "maxLength": 4095 + "maxLength": 4095, + "description": "" }, "metadata": { "type": "string", @@ -12553,7 +13286,8 @@ "example": "{}" }, "name": { - "type": "string" + "type": "string", + "description": "" } } }, @@ -12561,78 +13295,100 @@ "type": "object", "properties": { "id": { - "type": "string" + "type": "string", + "description": "" }, "email": { - "type": "string" + "type": "string", + "description": "" }, "name": { - "type": "string" + "type": "string", + "description": "" }, "profilePictureUrl": { - "type": "string" + "type": "string", + "description": "" }, "sub": { - "type": "string" + "type": "string", + "description": "" }, "verified": { - "type": "boolean" + "type": "boolean", + "description": "" }, "mfaEnrolled": { - "type": "boolean" + "type": "boolean", + "description": "" }, "mfaBypass": { - "type": "boolean" + "type": "boolean", + "description": "" }, "phoneNumber": { - "type": "string" + "type": "string", + "description": "" }, "provider": { - "type": "string" + "type": "string", + "description": "" }, "tenantId": { - "type": "string" + "type": "string", + "description": "" }, "tenantIds": { "type": "array", "items": { "type": "string" - } + }, + "description": "" }, "activatedForTenant": { - "type": "boolean" + "type": "boolean", + "description": "" }, "isLocked": { - "type": "boolean" + "type": "boolean", + "description": "" }, "tenants": { "type": "array", "items": { "$ref": "#/components/schemas/UserTenantDto" - } + }, + "description": "" }, "invisible": { - "type": "boolean" + "type": "boolean", + "description": "" }, "superUser": { - "type": "boolean" + "type": "boolean", + "description": "" }, "metadata": { - "type": "string" + "type": "string", + "description": "" }, "vendorMetadata": { - "type": "string" + "type": "string", + "description": "" }, "createdAt": { "format": "date-time", - "type": "string" + "type": "string", + "description": "" }, "lastLogin": { "format": "date-time", - "type": "string" + "type": "string", + "description": "" }, "subAccountAccessAllowed": { - "type": "boolean" + "type": "boolean", + "description": "" }, "managedBy": { "type": "string", @@ -12640,7 +13396,8 @@ "frontegg", "scim2", "external" - ] + ], + "description": "" } }, "required": [ @@ -12667,7 +13424,8 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "" } }, "required": [ @@ -12678,26 +13436,33 @@ "type": "object", "properties": { "id": { - "type": "string" + "type": "string", + "description": "" }, "key": { - "type": "string" + "type": "string", + "description": "" }, "name": { - "type": "string" + "type": "string", + "description": "" }, "description": { - "type": "string" + "type": "string", + "description": "" }, "isDefault": { - "type": "boolean" + "type": "boolean", + "description": "" }, "level": { - "type": "number" + "type": "number", + "description": "" }, "createdAt": { "format": "date-time", - "type": "string" + "type": "string", + "description": "" } }, "required": [ @@ -12714,16 +13479,19 @@ "type": "object", "properties": { "tenantId": { - "type": "string" + "type": "string", + "description": "" }, "userId": { - "type": "string" + "type": "string", + "description": "" }, "roles": { "type": "array", "items": { "$ref": "#/components/schemas/IRole" - } + }, + "description": "" } }, "required": [ @@ -12739,7 +13507,8 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "" } }, "required": [ @@ -12750,16 +13519,19 @@ "type": "object", "properties": { "tenantId": { - "type": "string" + "type": "string", + "description": "" }, "userId": { - "type": "string" + "type": "string", + "description": "" }, "roles": { "type": "array", "items": { "$ref": "#/components/schemas/IRole" - } + }, + "description": "" } }, "required": [ @@ -12784,7 +13556,8 @@ "type": "object", "properties": { "invisible": { - "type": "boolean" + "type": "boolean", + "description": "" } }, "required": [ @@ -12795,7 +13568,8 @@ "type": "object", "properties": { "superUser": { - "type": "boolean" + "type": "boolean", + "description": "" } }, "required": [ @@ -12807,12 +13581,14 @@ "properties": { "phoneNumber": { "type": "string", - "pattern": "^\\+[1-9]{1}(\\-?)(([0-9])(\\-?)){5,13}(([0-9]$){1})" + "pattern": "^\\+[1-9]{1}(\\-?)(([0-9])(\\-?)){5,13}(([0-9]$){1})", + "description": "" }, "profilePictureUrl": { "type": "string", "nullable": true, - "maxLength": 4095 + "maxLength": 4095, + "description": "" }, "metadata": { "type": "string", @@ -12828,7 +13604,8 @@ "description": "Indicates whether MFA should be bypassed for this user" }, "name": { - "type": "string" + "type": "string", + "description": "" } } }, @@ -12840,7 +13617,8 @@ "description": "Desired tenant to set as active tenant for user" }, "validateTenantExist": { - "type": "boolean" + "type": "boolean", + "description": "" } }, "required": [ @@ -12851,13 +13629,16 @@ "type": "object", "properties": { "validateTenantExist": { - "type": "boolean" + "type": "boolean", + "description": "" }, "tenantId": { - "type": "string" + "type": "string", + "description": "" }, "skipInviteEmail": { - "type": "boolean" + "type": "boolean", + "description": "" } }, "required": [ @@ -12869,7 +13650,8 @@ "properties": { "email": { "type": "string", - "format": "email" + "format": "email", + "description": "" } }, "required": [ @@ -12880,13 +13662,16 @@ "type": "object", "properties": { "link": { - "type": "string" + "type": "string", + "description": "" }, "token": { - "type": "string" + "type": "string", + "description": "" }, "userId": { - "type": "string" + "type": "string", + "description": "" } }, "required": [ @@ -12899,13 +13684,16 @@ "type": "object", "properties": { "link": { - "type": "string" + "type": "string", + "description": "" }, "token": { - "type": "string" + "type": "string", + "description": "" }, "userId": { - "type": "string" + "type": "string", + "description": "" } }, "required": [ @@ -12918,10 +13706,12 @@ "type": "object", "properties": { "srcTenantId": { - "type": "string" + "type": "string", + "description": "" }, "targetTenantId": { - "type": "string" + "type": "string", + "description": "" } }, "required": [ @@ -12933,31 +13723,39 @@ "type": "object", "properties": { "id": { - "type": "string" + "type": "string", + "description": "" }, "name": { - "type": "string" + "type": "string", + "description": "" }, "type": { - "type": "string" + "type": "string", + "description": "" }, "description": { - "type": "string" + "type": "string", + "description": "" }, "appIds": { "type": "array", "items": { "type": "string" - } + }, + "description": "" }, "index": { - "type": "number" + "type": "number", + "description": "" }, "configuration": { - "type": "object" + "type": "object", + "description": "" }, "usersCount": { - "type": "number" + "type": "number", + "description": "" } }, "required": [ @@ -12975,28 +13773,35 @@ "type": "object", "properties": { "id": { - "type": "string" + "type": "string", + "description": "" }, "name": { - "type": "string" + "type": "string", + "description": "" }, "type": { - "type": "string" + "type": "string", + "description": "" }, "description": { - "type": "string" + "type": "string", + "description": "" }, "appIds": { "type": "array", "items": { "type": "string" - } + }, + "description": "" }, "index": { - "type": "number" + "type": "number", + "description": "" }, "configuration": { - "type": "object" + "type": "object", + "description": "" } }, "required": [ @@ -13020,7 +13825,8 @@ "type": "string", "enum": [ "dynamic" - ] + ], + "description": "" } }, "required": [ @@ -13035,7 +13841,8 @@ "type": "string", "enum": [ "new" - ] + ], + "description": "" } }, "required": [ @@ -13053,7 +13860,8 @@ "type": "string", "enum": [ "static" - ] + ], + "description": "" } }, "required": [ @@ -13068,7 +13876,8 @@ "type": "string", "enum": [ "from-source" - ] + ], + "description": "" } }, "required": [ @@ -13109,7 +13918,8 @@ { "$ref": "#/components/schemas/UserSourceNewTenantConfig" } - ] + ], + "description": "" } }, "required": [ @@ -13162,25 +13972,31 @@ "type": "object", "properties": { "id": { - "type": "string" + "type": "string", + "description": "" }, "name": { - "type": "string" + "type": "string", + "description": "" }, "type": { - "type": "string" + "type": "string", + "description": "" }, "appIds": { "type": "array", "items": { "type": "string" - } + }, + "description": "" }, "description": { - "type": "string" + "type": "string", + "description": "" }, "index": { - "type": "number" + "type": "number", + "description": "" } }, "required": [ @@ -13238,7 +14054,8 @@ { "$ref": "#/components/schemas/UserSourceNewTenantConfig" } - ] + ], + "description": "" } }, "required": [ @@ -13293,37 +14110,48 @@ "type": "object", "properties": { "type": { - "type": "string" + "type": "string", + "description": "" }, "project_id": { - "type": "string" + "type": "string", + "description": "" }, "private_key_id": { - "type": "string" + "type": "string", + "description": "" }, "private_key": { - "type": "string" + "type": "string", + "description": "" }, "client_email": { - "type": "string" + "type": "string", + "description": "" }, "client_id": { - "type": "string" + "type": "string", + "description": "" }, "auth_uri": { - "type": "string" + "type": "string", + "description": "" }, "token_uri": { - "type": "string" + "type": "string", + "description": "" }, "auth_provider_x509_cert_url": { - "type": "string" + "type": "string", + "description": "" }, "client_x509_cert_url": { - "type": "string" + "type": "string", + "description": "" }, "universe_domain": { - "type": "string" + "type": "string", + "description": "" } }, "required": [ @@ -13356,7 +14184,8 @@ "description": "The firebase Web API Key" }, "serviceAccount": { - "$ref": "#/components/schemas/FirebaseServiceAccountConfig" + "$ref": "#/components/schemas/FirebaseServiceAccountConfig", + "description": "" }, "tenantConfig": { "oneOf": [ @@ -13366,7 +14195,8 @@ { "$ref": "#/components/schemas/UserSourceNewTenantConfig" } - ] + ], + "description": "" } }, "required": [ @@ -13426,10 +14256,12 @@ "description": "Whether to migrate the users" }, "codePayload": { - "type": "string" + "type": "string", + "description": "" }, "getUserCodePayload": { - "type": "string" + "type": "string", + "description": "" }, "tenantConfig": { "oneOf": [ @@ -13439,7 +14271,8 @@ { "$ref": "#/components/schemas/UserSourceFromSourceTenantConfig" } - ] + ], + "description": "" } }, "required": [ @@ -13516,7 +14349,8 @@ { "$ref": "#/components/schemas/UserSourceNewTenantConfig" } - ] + ], + "description": "" } }, "required": [ @@ -13733,11 +14567,13 @@ "type": "object", "properties": { "email": { - "type": "string" + "type": "string", + "description": "" }, "lastLogin": { "format": "date-time", - "type": "string" + "type": "string", + "description": "" } }, "required": [ @@ -13753,7 +14589,8 @@ "enum": [ "code", "link" - ] + ], + "description": "" } }, "required": [ @@ -13763,12 +14600,18 @@ "CreateOrUpdateActivationStrategyRequest": { "type": "object", "properties": { + "codeExpiration": { + "type": "number", + "minimum": 60, + "description": "" + }, "strategy": { "type": "string", "enum": [ "code", "link" - ] + ], + "description": "" } }, "required": [ @@ -13783,7 +14626,8 @@ "enum": [ "code", "link" - ] + ], + "description": "" } }, "required": [ @@ -13793,17 +14637,11 @@ "CreateOrUpdateInvitationStrategyRequest": { "type": "object", "properties": { - "strategy": { - "type": "string", - "enum": [ - "code", - "link" - ] + "codeExpiration": { + "type": "number", + "description": "" } - }, - "required": [ - "strategy" - ] + } }, "CreateOrUpdateIpRestrictionConfigDto": { "type": "object", @@ -13813,10 +14651,12 @@ "ALLOW", "BLOCK" ], - "type": "string" + "type": "string", + "description": "" }, "isActive": { - "type": "boolean" + "type": "boolean", + "description": "" } } }, @@ -13828,17 +14668,20 @@ "description": "IP or CIDR (v4 and v6 are supported)" }, "description": { - "type": "string" + "type": "string", + "description": "" }, "strategy": { "type": "string", "enum": [ "ALLOW", "BLOCK" - ] + ], + "description": "" }, "isActive": { - "type": "boolean" + "type": "boolean", + "description": "" } }, "required": [ @@ -13851,14 +14694,16 @@ "properties": { "domain": { "type": "string", - "pattern": "domainRegex" + "pattern": "domainRegex", + "description": "" }, "type": { "type": "string", "enum": [ "ALLOW", "BLOCK" - ] + ], + "description": "" } }, "required": [ @@ -13870,17 +14715,20 @@ "type": "object", "properties": { "id": { - "type": "string" + "type": "string", + "description": "" }, "domain": { - "type": "string" + "type": "string", + "description": "" }, "type": { "enum": [ "ALLOW", "BLOCK" ], - "type": "string" + "type": "string", + "description": "" } }, "required": [ @@ -13893,17 +14741,20 @@ "type": "object", "properties": { "active": { - "type": "boolean" + "type": "boolean", + "description": "" }, "listType": { "enum": [ "ALLOW", "BLOCK" ], - "type": "string" + "type": "string", + "description": "" }, "blockPublicDomains": { - "type": "boolean" + "type": "boolean", + "description": "" } }, "required": [ @@ -13916,17 +14767,20 @@ "type": "object", "properties": { "active": { - "type": "boolean" + "type": "boolean", + "description": "" }, "blockPublicDomains": { - "type": "boolean" + "type": "boolean", + "description": "" }, "type": { "type": "string", "enum": [ "ALLOW", "BLOCK" - ] + ], + "description": "" } }, "required": [ @@ -13941,14 +14795,16 @@ "enum": [ "ALLOW", "BLOCK" - ] + ], + "description": "" }, "domains": { "type": "array", "items": { "type": "string", "pattern": "domainRegexString" - } + }, + "description": "" } }, "required": [ @@ -13989,7 +14845,8 @@ "type": "object", "properties": { "forcePermissions": { - "type": "boolean" + "type": "boolean", + "description": "" } }, "required": [ @@ -14000,19 +14857,24 @@ "type": "object", "properties": { "userId": { - "type": "string" + "type": "string", + "description": "" }, "token": { - "type": "string" + "type": "string", + "description": "" }, "password": { - "type": "string" + "type": "string", + "description": "" }, "recaptchaToken": { - "type": "string" + "type": "string", + "description": "" }, "lastTermsCheck": { - "type": "string" + "type": "string", + "description": "" } }, "required": [ @@ -14024,17 +14886,20 @@ "type": "object", "properties": { "id": { - "type": "string" + "type": "string", + "description": "" }, "deviceType": { "type": "string", "enum": [ "Platform", "CrossPlatform" - ] + ], + "description": "" }, "name": { - "type": "string" + "type": "string", + "description": "" } }, "required": [ @@ -14047,10 +14912,12 @@ "type": "object", "properties": { "id": { - "type": "string" + "type": "string", + "description": "" }, "phoneNumber": { - "type": "string" + "type": "string", + "description": "" } }, "required": [ @@ -14062,7 +14929,8 @@ "type": "object", "properties": { "id": { - "type": "string" + "type": "string", + "description": "" } }, "required": [ @@ -14073,7 +14941,8 @@ "type": "object", "properties": { "email": { - "type": "string" + "type": "string", + "description": "" } }, "required": [ @@ -14087,25 +14956,29 @@ "type": "array", "items": { "$ref": "#/components/schemas/UserMFAWebAuthnDeviceResponse" - } + }, + "description": "" }, "phones": { "type": "array", "items": { "$ref": "#/components/schemas/UserMFAPhoneDeviceResponse" - } + }, + "description": "" }, "authenticators": { "type": "array", "items": { "$ref": "#/components/schemas/UserMFAAuthenticatorAppResponse" - } + }, + "description": "" }, "emails": { "type": "array", "items": { "$ref": "#/components/schemas/UserMFAEmailCodeResponse" - } + }, + "description": "" } }, "required": [ @@ -14120,52 +14993,68 @@ "properties": { "tokenType": { "type": "string", - "default": "bearer" + "default": "bearer", + "description": "" }, "mfaRequired": { - "type": "boolean" + "type": "boolean", + "description": "" }, "mfaToken": { - "type": "string" + "type": "string", + "description": "" }, "mfaEnrolled": { - "type": "boolean" + "type": "boolean", + "description": "" }, "mfaDevices": { - "$ref": "#/components/schemas/UserMFADevicesResponse" + "$ref": "#/components/schemas/UserMFADevicesResponse", + "description": "" }, "mfaStrategies": { - "type": "object" + "type": "object", + "description": "" }, "qrCode": { - "type": "string" + "type": "string", + "description": "" }, "recoveryCode": { - "type": "string" + "type": "string", + "description": "" }, "accessToken": { - "type": "string" + "type": "string", + "description": "" }, "refreshToken": { - "type": "string" + "type": "string", + "description": "" }, "expiresIn": { - "type": "number" + "type": "number", + "description": "" }, "expires": { - "type": "string" + "type": "string", + "description": "" }, "userId": { - "type": "string" + "type": "string", + "description": "" }, "userEmail": { - "type": "string" + "type": "string", + "description": "" }, "emailVerified": { - "type": "boolean" + "type": "boolean", + "description": "" }, "isBreachedPassword": { - "type": "boolean" + "type": "boolean", + "description": "" } }, "required": [ @@ -14176,11 +15065,46 @@ "expires" ] }, + "ActivateUserWithCodeDto": { + "type": "object", + "properties": { + "userId": { + "type": "string", + "description": "" + }, + "token": { + "type": "string", + "description": "" + }, + "password": { + "type": "string", + "description": "" + }, + "recaptchaToken": { + "type": "string", + "description": "" + }, + "lastTermsCheck": { + "type": "string", + "description": "" + }, + "code": { + "type": "string", + "description": "" + } + }, + "required": [ + "userId", + "token", + "code" + ] + }, "GetActivateStrategyResponseDto": { "type": "object", "properties": { "shouldSetPassword": { - "type": "boolean" + "type": "boolean", + "description": "" } }, "required": [ @@ -14191,16 +15115,20 @@ "type": "object", "properties": { "email": { - "type": "string" + "type": "string", + "description": "" }, "password": { - "type": "string" + "type": "string", + "description": "" }, "recaptchaToken": { - "type": "string" + "type": "string", + "description": "" }, "invitationToken": { - "type": "string" + "type": "string", + "description": "" } }, "required": [ @@ -14216,10 +15144,12 @@ "type": "object", "properties": { "clientId": { - "type": "string" + "type": "string", + "description": "" }, "secret": { - "type": "string" + "type": "string", + "description": "" } }, "required": [ @@ -14231,16 +15161,20 @@ "type": "object", "properties": { "access_token": { - "type": "string" + "type": "string", + "description": "" }, "refresh_token": { - "type": "string" + "type": "string", + "description": "" }, "expires_in": { - "type": "number" + "type": "number", + "description": "" }, "expires": { - "type": "string" + "type": "string", + "description": "" } }, "required": [ @@ -14254,7 +15188,8 @@ "type": "object", "properties": { "refreshToken": { - "type": "string" + "type": "string", + "description": "" } }, "required": [ @@ -14265,19 +15200,24 @@ "type": "object", "properties": { "recaptchaToken": { - "type": "string" + "type": "string", + "description": "" }, "invitationToken": { - "type": "string" + "type": "string", + "description": "" }, "email": { - "type": "string" + "type": "string", + "description": "" }, "userId": { - "type": "string" + "type": "string", + "description": "" }, "phoneNumber": { - "type": "string" + "type": "string", + "description": "" } }, "required": [ @@ -14290,10 +15230,12 @@ "type": "object", "properties": { "phoneNumber": { - "type": "string" + "type": "string", + "description": "" }, "resetPhoneNumberToken": { - "type": "string" + "type": "string", + "description": "" } } }, @@ -14305,10 +15247,12 @@ "description": "One time code to login with - get it from the email sent after prelogin request" }, "recaptchaToken": { - "type": "string" + "type": "string", + "description": "" }, "invitationToken": { - "type": "string" + "type": "string", + "description": "" } }, "required": [ @@ -14319,16 +15263,20 @@ "type": "object", "properties": { "recaptchaToken": { - "type": "string" + "type": "string", + "description": "" }, "invitationToken": { - "type": "string" + "type": "string", + "description": "" }, "email": { - "type": "string" + "type": "string", + "description": "" }, "userId": { - "type": "string" + "type": "string", + "description": "" } }, "required": [ @@ -14340,13 +15288,16 @@ "type": "object", "properties": { "value": { - "type": "string" + "type": "string", + "description": "" }, "mfaToken": { - "type": "string" + "type": "string", + "description": "" }, "rememberDevice": { - "type": "boolean" + "type": "boolean", + "description": "" } }, "required": [ @@ -14358,7 +15309,8 @@ "type": "object", "properties": { "mfaToken": { - "type": "string" + "type": "string", + "description": "" } }, "required": [ @@ -14369,16 +15321,20 @@ "type": "object", "properties": { "otcToken": { - "type": "string" + "type": "string", + "description": "" }, "code": { - "type": "string" + "type": "string", + "description": "" }, "mfaToken": { - "type": "string" + "type": "string", + "description": "" }, "rememberDevice": { - "type": "boolean" + "type": "boolean", + "description": "" } }, "required": [ @@ -14391,7 +15347,8 @@ "type": "object", "properties": { "mfaToken": { - "type": "string" + "type": "string", + "description": "" } }, "required": [ @@ -14402,13 +15359,16 @@ "type": "object", "properties": { "token": { - "type": "string" + "type": "string", + "description": "" }, "mfaToken": { - "type": "string" + "type": "string", + "description": "" }, "rememberDevice": { - "type": "boolean" + "type": "boolean", + "description": "" } }, "required": [ @@ -14421,7 +15381,8 @@ "properties": { "phoneNumber": { "type": "string", - "pattern": "phoneNumberRegexp" + "pattern": "phoneNumberRegexp", + "description": "" } }, "required": [ @@ -14432,10 +15393,12 @@ "type": "object", "properties": { "otcToken": { - "type": "string" + "type": "string", + "description": "" }, "code": { - "type": "string" + "type": "string", + "description": "" } }, "required": [ @@ -14447,16 +15410,20 @@ "type": "object", "properties": { "otcToken": { - "type": "string" + "type": "string", + "description": "" }, "code": { - "type": "string" + "type": "string", + "description": "" }, "mfaToken": { - "type": "string" + "type": "string", + "description": "" }, "rememberDevice": { - "type": "boolean" + "type": "boolean", + "description": "" } }, "required": [ @@ -14469,10 +15436,12 @@ "type": "object", "properties": { "clientDataJSON": { - "type": "string" + "type": "string", + "description": "" }, "attestationObject": { - "type": "string" + "type": "string", + "description": "" } }, "required": [ @@ -14484,17 +15453,20 @@ "type": "object", "properties": { "id": { - "type": "string" + "type": "string", + "description": "" }, "response": { - "$ref": "#/components/schemas/WebAuthNClientResponse" + "$ref": "#/components/schemas/WebAuthNClientResponse", + "description": "" }, "deviceType": { "type": "string", "enum": [ "Platform", "CrossPlatform" - ] + ], + "description": "" } }, "required": [ @@ -14510,19 +15482,24 @@ "enum": [ "Platform", "CrossPlatform" - ] + ], + "description": "" }, "webauthnToken": { - "type": "string" + "type": "string", + "description": "" }, "options": { - "$ref": "#/components/schemas/VerifyNewWebAuthnDeviceRequest" + "$ref": "#/components/schemas/VerifyNewWebAuthnDeviceRequest", + "description": "" }, "mfaToken": { - "type": "string" + "type": "string", + "description": "" }, "rememberDevice": { - "type": "boolean" + "type": "boolean", + "description": "" } }, "required": [ @@ -14536,16 +15513,20 @@ "type": "object", "properties": { "clientDataJSON": { - "type": "string" + "type": "string", + "description": "" }, "authenticatorData": { - "type": "string" + "type": "string", + "description": "" }, "signature": { - "type": "string" + "type": "string", + "description": "" }, "userHandle": { - "type": "string" + "type": "string", + "description": "" } }, "required": [ @@ -14559,16 +15540,20 @@ "type": "object", "properties": { "id": { - "type": "string" + "type": "string", + "description": "" }, "response": { - "$ref": "#/components/schemas/WebAuthNResponse" + "$ref": "#/components/schemas/WebAuthNResponse", + "description": "" }, "recaptchaToken": { - "type": "string" + "type": "string", + "description": "" }, "invitationToken": { - "type": "string" + "type": "string", + "description": "" } }, "required": [ @@ -14580,16 +15565,20 @@ "type": "object", "properties": { "webauthnToken": { - "type": "string" + "type": "string", + "description": "" }, "options": { - "$ref": "#/components/schemas/AuthenticateUserWebAuthNDto" + "$ref": "#/components/schemas/AuthenticateUserWebAuthNDto", + "description": "" }, "mfaToken": { - "type": "string" + "type": "string", + "description": "" }, "rememberDevice": { - "type": "boolean" + "type": "boolean", + "description": "" } }, "required": [ @@ -14618,7 +15607,8 @@ "type": "object", "properties": { "token": { - "type": "string" + "type": "string", + "description": "" } }, "required": [ @@ -14629,7 +15619,8 @@ "type": "object", "properties": { "recoveryCode": { - "type": "string" + "type": "string", + "description": "" } }, "required": [ @@ -14640,10 +15631,12 @@ "type": "object", "properties": { "userId": { - "type": "string" + "type": "string", + "description": "" }, "token": { - "type": "string" + "type": "string", + "description": "" } }, "required": [ @@ -14651,6 +15644,28 @@ "token" ] }, + "AcceptInvitationWithCodeDto": { + "type": "object", + "properties": { + "userId": { + "type": "string", + "description": "" + }, + "token": { + "type": "string", + "description": "" + }, + "code": { + "type": "string", + "description": "" + } + }, + "required": [ + "userId", + "token", + "code" + ] + }, "SignUpUserDto": { "type": "object", "properties": { @@ -14666,48 +15681,60 @@ "scim2", "slack", "apple" - ] + ], + "description": "" }, "metadata": { "type": "string", "description": "Stringified JSON object. Use the JSON.stringify() method." }, "email": { - "type": "string" + "type": "string", + "description": "" }, "name": { - "type": "string" + "type": "string", + "description": "" }, "profilePictureUrl": { "type": "string", - "maxLength": 4095 + "maxLength": 4095, + "description": "" }, "password": { - "type": "string" + "type": "string", + "description": "" }, "phoneNumber": { - "type": "string" + "type": "string", + "description": "" }, "skipInviteEmail": { - "type": "boolean" + "type": "boolean", + "description": "" }, "roleIds": { "type": "array", "items": { "type": "string" - } + }, + "description": "" }, "emailMetadata": { - "type": "object" + "type": "object", + "description": "" }, "companyName": { - "type": "string" + "type": "string", + "description": "" }, "recaptchaToken": { - "type": "string" + "type": "string", + "description": "" }, "invitationToken": { - "type": "string" + "type": "string", + "description": "" } }, "required": [ @@ -14720,16 +15747,20 @@ "type": "object", "properties": { "shouldActivate": { - "type": "boolean" + "type": "boolean", + "description": "" }, "userId": { - "type": "string" + "type": "string", + "description": "" }, "tenantId": { - "type": "string" + "type": "string", + "description": "" }, "authResponse": { - "$ref": "#/components/schemas/AuthenticationResponseDto" + "$ref": "#/components/schemas/AuthenticationResponseDto", + "description": "" } } }, @@ -14737,10 +15768,12 @@ "type": "object", "properties": { "tenantId": { - "type": "string" + "type": "string", + "description": "" }, "name": { - "type": "string" + "type": "string", + "description": "" } }, "required": [ @@ -14759,13 +15792,15 @@ "type": "array", "items": { "$ref": "#/components/schemas/RoleResponse" - } + }, + "description": "" }, "permissions": { "type": "array", "items": { "$ref": "#/components/schemas/PermissionResponse" - } + }, + "description": "" } }, "required": [ @@ -14791,48 +15826,48 @@ "API token", "General", "MFA", - "Users", - "Passwordless" + "Passwordless", + "SMS" ] }, { "name": "Management", "tags": [ - "Account invitation settings", + "Account invitations settings", "Core settings", "Custom social OAuth provider", "Data migration", "Delegation", "Email configuration", "Email templates", - "M2M", + "M2M tokens", "MFA configuration", - "Permission categories", + "Permissions categories", "Permissions", "Roles", "SMS configuration", "SMS templates", "Sessions configuration", "User sources (pools)", - "Users 1" + "Users" ] }, { - "name": "Self-service", + "name": "Self-Service", "tags": [ - "User management", "Account invitations", + "Account roles", + "API (tenant) tokens", "Domain restrictions", "IP restrictions", "Lockout policy", "MFA settings", "Password settings", "Personal tokens", - "Account roles", "Sessions management", - "API (tenant) tokens", - "User sessions", - "User groups" + "User groups", + "User management", + "User sessions" ] }, { diff --git a/scim.json b/scim.json index 177c754..4c102b6 100644 --- a/scim.json +++ b/scim.json @@ -13,7 +13,8 @@ "in": "query", "schema": { "type": "string" - } + }, + "description": "" }, { "name": "source", @@ -21,7 +22,8 @@ "in": "query", "schema": { "type": "string" - } + }, + "description": "" }, { "name": "connectionName", @@ -29,7 +31,8 @@ "in": "query", "schema": { "type": "string" - } + }, + "description": "" }, { "name": "id", @@ -37,7 +40,8 @@ "in": "query", "schema": { "type": "string" - } + }, + "description": "" } ], "responses": { @@ -56,7 +60,7 @@ } }, "tags": [ - "SCIM Configurations" + "Management | SCIM" ] }, "post": { @@ -97,7 +101,7 @@ } }, "tags": [ - "SCIM Setup" + "Self-service | SCIM configurations" ] } }, @@ -113,7 +117,8 @@ "in": "path", "schema": { "type": "string" - } + }, + "description": "" }, { "name": "frontegg-tenant-id", @@ -138,7 +143,7 @@ } }, "tags": [ - "SCIM Setup" + "Self-service | SCIM configurations" ] }, "patch": { @@ -152,7 +157,8 @@ "in": "path", "schema": { "type": "string" - } + }, + "description": "" }, { "name": "frontegg-tenant-id", @@ -180,7 +186,7 @@ } }, "tags": [ - "SCIM Setup" + "Self-service | SCIM configurations" ] }, "delete": { @@ -194,7 +200,8 @@ "in": "path", "schema": { "type": "string" - } + }, + "description": "" }, { "name": "frontegg-tenant-id", @@ -212,17 +219,16 @@ } }, "tags": [ - "SCIM Setup" + "Self-service | SCIM configurations" ] } } }, "info": { - "title": "Provisioning (SCIM) Service", + "title": "Directory", "description": "", "version": "" }, - "tags": [], "servers": [ { "url": "https://api.frontegg.com/directory", @@ -263,28 +269,35 @@ "type": "object", "properties": { "id": { - "type": "string" + "type": "string", + "description": "" }, "tenantId": { - "type": "string" + "type": "string", + "description": "" }, "connectionName": { - "type": "string" + "type": "string", + "description": "" }, "source": { - "type": "string" + "type": "string", + "description": "" }, "syncToUserManagement": { - "type": "boolean" + "type": "boolean", + "description": "" }, "lastSync": { "format": "date-time", "type": "string", - "nullable": true + "nullable": true, + "description": "" }, "createdAt": { "format": "date-time", - "type": "string" + "type": "string", + "description": "" } }, "required": [ @@ -307,13 +320,16 @@ "okta", "azure-ad", "other" - ] + ], + "description": "" }, "connectionName": { - "type": "string" + "type": "string", + "description": "" }, "syncToUserManagement": { - "type": "boolean" + "type": "boolean", + "description": "" } }, "required": [ @@ -324,13 +340,16 @@ "type": "object", "properties": { "id": { - "type": "string" + "type": "string", + "description": "" }, "connectionName": { - "type": "string" + "type": "string", + "description": "" }, "token": { - "type": "string" + "type": "string", + "description": "" } }, "required": [ @@ -343,7 +362,8 @@ "type": "object", "properties": { "syncToUserManagement": { - "type": "boolean" + "type": "boolean", + "description": "" } }, "required": [ @@ -352,18 +372,5 @@ } } }, - "x-tagGroups": [ - { - "name": "Management", - "tags": [ - "SCIM Configurations" - ] - }, - { - "name": "Self-Service", - "tags": [ - "SCIM Setup" - ] - } - ] + "x-tagGroups": [] } \ No newline at end of file diff --git a/sso.json b/sso.json index 0bf4924..94b72b6 100644 --- a/sso.json +++ b/sso.json @@ -20,7 +20,7 @@ } }, "tags": [ - "SAML Configurations Details" + "Self-service | SAML configurations" ] } }, @@ -36,7 +36,7 @@ } }, "tags": [ - "SAML Configurations Details" + "Self-service | SAML configurations" ] } }, @@ -62,7 +62,7 @@ } }, "tags": [ - "SSO Settings" + "Management | SSO configurations" ] } }, @@ -98,7 +98,7 @@ } }, "tags": [ - "SSO Configurations" + "Self-service | SSO configurations" ] }, "get": { @@ -122,7 +122,7 @@ } }, "tags": [ - "SSO Configurations" + "Self-service | SSO configurations" ] } }, @@ -147,7 +147,8 @@ "in": "path", "schema": { "type": "string" - } + }, + "description": "" } ], "responses": { @@ -156,7 +157,7 @@ } }, "tags": [ - "SSO Configurations" + "Self-service | SSO configurations" ] } }, @@ -192,7 +193,7 @@ } }, "tags": [ - "SSO Configurations" + "Self-service | SSO configurations" ] } }, @@ -217,7 +218,8 @@ "in": "path", "schema": { "type": "string" - } + }, + "description": "" } ], "requestBody": { @@ -236,7 +238,7 @@ } }, "tags": [ - "SSO Configurations" + "Self-service | SSO configurations" ] } }, @@ -261,7 +263,8 @@ "in": "path", "schema": { "type": "string" - } + }, + "description": "" } ], "requestBody": { @@ -280,7 +283,7 @@ } }, "tags": [ - "SSO Configurations" + "Self-service | SSO configurations" ] } }, @@ -305,7 +308,8 @@ "in": "path", "schema": { "type": "string" - } + }, + "description": "" }, { "name": "domainId", @@ -313,7 +317,8 @@ "in": "path", "schema": { "type": "string" - } + }, + "description": "" } ], "responses": { @@ -322,7 +327,7 @@ } }, "tags": [ - "SSO Configurations" + "Self-service | SSO configurations" ] } }, @@ -347,7 +352,8 @@ "in": "path", "schema": { "type": "string" - } + }, + "description": "" }, { "name": "domainId", @@ -355,7 +361,8 @@ "in": "path", "schema": { "type": "string" - } + }, + "description": "" } ], "responses": { @@ -364,7 +371,7 @@ } }, "tags": [ - "SSO Configurations" + "Self-service | SSO configurations" ] } }, @@ -389,7 +396,8 @@ "in": "path", "schema": { "type": "string" - } + }, + "description": "" }, { "name": "domainId", @@ -397,7 +405,8 @@ "in": "path", "schema": { "type": "string" - } + }, + "description": "" } ], "responses": { @@ -406,7 +415,7 @@ } }, "tags": [ - "SSO Configurations" + "Self-service | SSO configurations" ] } }, @@ -431,7 +440,8 @@ "in": "path", "schema": { "type": "string" - } + }, + "description": "" } ], "requestBody": { @@ -450,7 +460,7 @@ } }, "tags": [ - "SSO Configurations" + "Self-service | SSO configurations" ] }, "get": { @@ -473,7 +483,8 @@ "in": "path", "schema": { "type": "string" - } + }, + "description": "" } ], "responses": { @@ -482,7 +493,7 @@ } }, "tags": [ - "SSO Configurations" + "Self-service | SSO configurations" ] } }, @@ -507,7 +518,8 @@ "in": "path", "schema": { "type": "string" - } + }, + "description": "" } ], "requestBody": { @@ -526,7 +538,7 @@ } }, "tags": [ - "SSO Configurations" + "Self-service | SSO configurations" ] }, "get": { @@ -549,7 +561,8 @@ "in": "path", "schema": { "type": "string" - } + }, + "description": "" } ], "responses": { @@ -558,7 +571,7 @@ } }, "tags": [ - "SSO Configurations" + "Self-service | SSO configurations" ] } }, @@ -583,7 +596,8 @@ "in": "path", "schema": { "type": "string" - } + }, + "description": "" }, { "name": "groupId", @@ -591,7 +605,8 @@ "in": "path", "schema": { "type": "string" - } + }, + "description": "" } ], "requestBody": { @@ -610,7 +625,7 @@ } }, "tags": [ - "SSO Configurations" + "Self-service | SSO configurations" ] }, "delete": { @@ -633,7 +648,8 @@ "in": "path", "schema": { "type": "string" - } + }, + "description": "" }, { "name": "groupId", @@ -641,7 +657,8 @@ "in": "path", "schema": { "type": "string" - } + }, + "description": "" } ], "responses": { @@ -650,7 +667,7 @@ } }, "tags": [ - "SSO Configurations" + "Self-service | SSO configurations" ] } }, @@ -676,7 +693,7 @@ } }, "tags": [ - "SSO Settings" + "Management | SSO configurations" ] }, "get": { @@ -690,7 +707,7 @@ } }, "tags": [ - "SSO Settings" + "Management | SSO configurations" ] } }, @@ -706,7 +723,8 @@ "in": "path", "schema": { "type": "string" - } + }, + "description": "" } ], "responses": { @@ -715,7 +733,7 @@ } }, "tags": [ - "SSO Settings" + "Management | SSO configurations" ] } }, @@ -731,7 +749,8 @@ "in": "path", "schema": { "type": "string" - } + }, + "description": "" } ], "requestBody": { @@ -750,7 +769,7 @@ } }, "tags": [ - "SSO Settings" + "Management | SSO configurations" ] } }, @@ -766,7 +785,7 @@ } }, "tags": [ - "SSO Settings" + "Management | SSO configurations" ] }, "put": { @@ -790,7 +809,7 @@ } }, "tags": [ - "SSO Settings" + "Management | SSO configurations" ] } }, @@ -816,7 +835,7 @@ } }, "tags": [ - "SSO Configurations" + "Self-service | SSO configurations" ] }, "get": { @@ -830,7 +849,7 @@ } }, "tags": [ - "SSO Configurations" + "Self-service | SSO configurations" ] } }, @@ -853,7 +872,7 @@ } }, "tags": [ - "OIDC Configurations Details" + "Self-service | OIDC configurations" ] }, "post": { @@ -877,14 +896,14 @@ } }, "tags": [ - "SSO Settings" + "Management | SSO configurations" ] } } }, "info": { - "title": "Single Sign-On Service", - "description": "SSO descriptions", + "title": "Team Management", + "description": "", "version": "" }, "servers": [ @@ -931,40 +950,52 @@ "type": "object", "properties": { "enabled": { - "type": "boolean" + "type": "boolean", + "description": "" }, "ssoEndpoint": { - "type": "string" + "type": "string", + "description": "" }, "publicCertificate": { - "type": "string" + "type": "string", + "description": "" }, "signRequest": { - "type": "boolean" + "type": "boolean", + "description": "" }, "acsUrl": { - "type": "string" + "type": "string", + "description": "" }, "spEntityId": { - "type": "string" + "type": "string", + "description": "" }, "type": { - "type": "string" + "type": "string", + "description": "" }, "oidcClientId": { - "type": "string" + "type": "string", + "description": "" }, "oidcSecret": { - "type": "string" + "type": "string", + "description": "" }, "configMetadata": { - "type": "object" + "type": "object", + "description": "" }, "overrideActiveTenant": { - "type": "boolean" + "type": "boolean", + "description": "" }, "subAccountAccessLimit": { - "type": "number" + "type": "number", + "description": "" } }, "required": [ @@ -986,7 +1017,8 @@ "type": "object", "properties": { "metadata": { - "type": "string" + "type": "string", + "description": "" } }, "required": [ @@ -1004,7 +1036,8 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "" } }, "required": [ @@ -1015,13 +1048,15 @@ "type": "object", "properties": { "group": { - "type": "string" + "type": "string", + "description": "" }, "roleIds": { "type": "array", "items": { "type": "string" - } + }, + "description": "" } }, "required": [ @@ -1033,13 +1068,15 @@ "type": "object", "properties": { "group": { - "type": "string" + "type": "string", + "description": "" }, "roleIds": { "type": "array", "items": { "type": "string" - } + }, + "description": "" } }, "required": [ @@ -1051,7 +1088,8 @@ "type": "object", "properties": { "email": { - "type": "string" + "type": "string", + "description": "" } }, "required": [ @@ -1066,13 +1104,16 @@ "type": "object", "properties": { "unspecifiedTenantStrategy": { - "type": "string" + "type": "string", + "description": "" }, "active": { - "type": "boolean" + "type": "boolean", + "description": "" }, "useActiveTenant": { - "type": "boolean" + "type": "boolean", + "description": "" } }, "required": [ @@ -1085,13 +1126,16 @@ "type": "object", "properties": { "allowVerifiedUsersToAddDomains": { - "type": "boolean" + "type": "boolean", + "description": "" }, "skipDomainVerification": { - "type": "boolean" + "type": "boolean", + "description": "" }, "bypassDomainCrossValidation": { - "type": "boolean" + "type": "boolean", + "description": "" } }, "required": [ @@ -1108,7 +1152,8 @@ "type": "object", "properties": { "active": { - "type": "boolean" + "type": "boolean", + "description": "" }, "redirectUri": { "type": "string", @@ -1121,20 +1166,5 @@ } } }, - "x-tagGroups": [ - { - "name": "Management", - "tags": [ - "SSO Settings" - ] - }, - { - "name": "Self-Service", - "tags": [ - "SAML Configurations Details", - "OIDC Configurations Details", - "SSO Configurations" - ] - } - ] + "x-tagGroups": [] } \ No newline at end of file diff --git a/tenants.json b/tenants.json index bf61971..031f29f 100644 --- a/tenants.json +++ b/tenants.json @@ -24,7 +24,7 @@ } }, "tags": [ - "Tenants (Accounts)" + "Management | Tenants" ] }, "put": { @@ -39,7 +39,8 @@ "in": "path", "schema": { "type": "string" - } + }, + "description": "" } ], "requestBody": { @@ -61,13 +62,13 @@ } }, "tags": [ - "Tenants (Accounts)" + "Management | Tenants" ] }, "delete": { "operationId": "TenantControllerV1_deleteTenant", "summary": "Delete tenant (account)", - "description": "Removes a tenant and all users of that tenant.If tenant is a part of the hierarchy, then all of its sub-tenants are assigned to deleted tenant's parent. A vendor token is required for this route, it can be obtained from the vendor authentication route.", + "description": "Removes a tenant and all users of that tenant. If a tenant is part of the hierarchy, then all of its sub-tenants are assigned to a deleted tenant's parent. A vendor token is required for this route, it can be obtained from the vendor authentication route.", "parameters": [ { "name": "tenantId", @@ -75,7 +76,8 @@ "in": "path", "schema": { "type": "string" - } + }, + "description": "" } ], "responses": { @@ -84,7 +86,7 @@ } }, "tags": [ - "Tenants (Accounts)" + "Management | Tenants" ] } }, @@ -110,7 +112,7 @@ } }, "tags": [ - "Tenants (Accounts)" + "Management | Tenants" ] }, "delete": { @@ -124,7 +126,7 @@ } }, "tags": [ - "Tenants (Accounts)" + "Management | Tenants" ] } }, @@ -140,7 +142,8 @@ "in": "path", "schema": { "type": "string" - } + }, + "description": "" } ], "requestBody": { @@ -162,7 +165,7 @@ } }, "tags": [ - "Tenants (Accounts)" + "Management | Tenants" ] } }, @@ -178,7 +181,8 @@ "in": "path", "schema": { "type": "string" - } + }, + "description": "" }, { "name": "key", @@ -186,7 +190,8 @@ "in": "path", "schema": { "type": "string" - } + }, + "description": "" } ], "responses": { @@ -195,7 +200,7 @@ } }, "tags": [ - "Tenants (Accounts)" + "Management | Tenants" ] } }, @@ -203,15 +208,73 @@ "get": { "operationId": "TenantControllerV2_getTenants", "summary": "Get tenants", - "description": "This route returns all roles for all tenants. To get a role for a specific tenant, send the tenant id in the **`frontegg-tenant-id`** header. Each role is an object containing the name, permissions, and other defining information.", - "parameters": [], + "description": "This route returns all accounts (tenants) for and environment.", + "parameters": [ + { + "name": "_limit", + "required": false, + "in": "query", + "description": "The default limit is 50 tenants per request, the maximum is 200", + "schema": { + "type": "number" + } + }, + { + "name": "_offset", + "required": false, + "in": "query", + "schema": { + "type": "number" + }, + "description": "" + }, + { + "name": "_filter", + "required": false, + "in": "query", + "description": "This param allows filtering the request using an account's name or tenantId", + "schema": { + "type": "string" + } + }, + { + "name": "_sortBy", + "required": false, + "in": "query", + "description": "This param allows sorting the results via createdAt, name, tenantId", + "schema": { + "type": "string" + } + }, + { + "name": "_order", + "required": false, + "in": "query", + "description": "This param can be used together with sortBy and define the order as ACS or DESC", + "schema": { + "type": "string" + } + }, + { + "name": "_tenantIds", + "required": false, + "in": "query", + "description": "This param allows passing specific tenantIds and getting only these tenants data", + "schema": { + "type": "array", + "items": { + "type": "string" + } + } + } + ], "responses": { "200": { "description": "" } }, "tags": [ - "Tenants (Accounts)" + "Management | Tenants" ] } }, @@ -227,7 +290,8 @@ "in": "path", "schema": { "type": "string" - } + }, + "description": "" } ], "responses": { @@ -236,7 +300,7 @@ } }, "tags": [ - "Tenants (Accounts)" + "Management | Tenants" ] }, "put": { @@ -250,7 +314,8 @@ "in": "path", "schema": { "type": "string" - } + }, + "description": "" } ], "requestBody": { @@ -269,7 +334,7 @@ } }, "tags": [ - "Tenants (Accounts)" + "Management | Tenants" ] } }, @@ -295,7 +360,7 @@ } }, "tags": [ - "Sub-Accounts" + "Self-service | Sub-accounts" ] } }, @@ -311,7 +376,8 @@ "in": "path", "schema": { "type": "string" - } + }, + "description": "" } ], "requestBody": { @@ -330,7 +396,7 @@ } }, "tags": [ - "Sub-Accounts" + "Self-service | Sub-accounts" ] } }, @@ -346,7 +412,8 @@ "in": "path", "schema": { "type": "string" - } + }, + "description": "" } ], "requestBody": { @@ -365,7 +432,7 @@ } }, "tags": [ - "Sub-Accounts" + "Self-service | Sub-accounts" ] } }, @@ -381,7 +448,8 @@ "in": "path", "schema": { "type": "string" - } + }, + "description": "" } ], "responses": { @@ -390,7 +458,7 @@ } }, "tags": [ - "Sub-Accounts" + "Self-service | Sub-accounts" ] } }, @@ -416,7 +484,7 @@ } }, "tags": [ - "Accounts Settings" + "Self-service | Accounts settings" ] }, "put": { @@ -453,7 +521,7 @@ } }, "tags": [ - "Accounts Settings" + "Self-service | Accounts settings" ] } }, @@ -479,7 +547,7 @@ } }, "tags": [ - "Accounts Settings" + "Self-service | Accounts settings" ] } }, @@ -504,8 +572,9 @@ } }, "tags": [ - "Tenants migration" - ] + "Management | Tenant migration" + ], + "description": "" } }, "/resources/migrations/v1/tenants/status/{migrationId}": { @@ -519,7 +588,8 @@ "in": "path", "schema": { "type": "string" - } + }, + "description": "" } ], "responses": { @@ -528,8 +598,9 @@ } }, "tags": [ - "Tenants migration" - ] + "Management | Tenant migration" + ], + "description": "" } }, "/resources/hierarchy/v1": { @@ -554,7 +625,7 @@ } }, "tags": [ - "Sub-Accounts" + "Self-service | Sub-accounts" ] }, "post": { @@ -578,7 +649,7 @@ } }, "tags": [ - "Account Hierarchy" + "Management | Sub-accounts" ] }, "delete": { @@ -605,7 +676,7 @@ } }, "tags": [ - "Account Hierarchy" + "Management | Sub-accounts" ] } }, @@ -631,7 +702,7 @@ } }, "tags": [ - "Sub-Accounts" + "Self-service | Sub-accounts" ] } }, @@ -657,13 +728,13 @@ } }, "tags": [ - "Sub-Accounts" + "Self-service | Sub-accounts" ] } } }, "info": { - "title": "Account Management Service", + "title": "Tenants", "description": "", "version": "" }, @@ -689,7 +760,7 @@ "description": "Frontegg sub-domain for use with user tokens", "variables": { "domain": { - "default": "app-xxxx" + "default": "app-xxx" } } } @@ -711,45 +782,56 @@ "description": "Send your own unique tenantId or Frontegg will auto-generate a UUID" }, "name": { - "type": "string" + "type": "string", + "description": "" }, "status": { "type": "string", "description": "This field can be used for custom logic, it is not enforced in Frontegg flows" }, "website": { - "type": "string" + "type": "string", + "description": "" }, "applicationUrl": { - "type": "string" + "type": "string", + "description": "" }, "logo": { "type": "string", "description": "Base64-encoded image to use as logo." }, "logoUrl": { - "type": "string" + "type": "string", + "description": "" }, "address": { - "type": "string" + "type": "string", + "description": "" }, "timezone": { - "type": "string" + "type": "string", + "description": "" }, "currency": { - "type": "string" + "type": "string", + "description": "" }, "creatorName": { - "type": "string" + "type": "string", + "description": "" }, "creatorEmail": { - "type": "string" + "type": "string", + "description": "" }, "isReseller": { - "type": "boolean" + "type": "boolean", + "description": "" }, "parentTenantId": { - "type": "string" + "type": "string", + "description": "" } } }, @@ -768,7 +850,8 @@ "maximumUsers": 50 } } - ] + ], + "description": "" } }, "required": [ @@ -783,13 +866,16 @@ "type": "object", "properties": { "tenantId": { - "type": "string" + "type": "string", + "description": "" }, "name": { - "type": "string" + "type": "string", + "description": "" }, "parentTenantId": { - "type": "string" + "type": "string", + "description": "" }, "status": { "type": "string", @@ -800,16 +886,20 @@ "description": "Base64-encoded image to use as logo." }, "logoUrl": { - "type": "string" + "type": "string", + "description": "" }, "creatorName": { - "type": "string" + "type": "string", + "description": "" }, "creatorEmail": { - "type": "string" + "type": "string", + "description": "" }, "isReseller": { - "type": "boolean" + "type": "boolean", + "description": "" } }, "required": [ @@ -837,7 +927,8 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "" } }, "required": [ @@ -848,10 +939,12 @@ "type": "object", "properties": { "parentTenantId": { - "type": "string" + "type": "string", + "description": "" }, "childTenantId": { - "type": "string" + "type": "string", + "description": "" } } }, @@ -866,21 +959,5 @@ "bearer": [] } ], - "x-tagGroups": [ - { - "name": "Management", - "tags": [ - "Tenants (Accounts)", - "Tenants Migration", - "Account Hierarchy" - ] - }, - { - "name": "Self-Service", - "tags": [ - "Sub-Accounts", - "Accounts Settings" - ] - } - ] + "x-tagGroups": [] } \ No newline at end of file