{
"info": {
"title": "VMware Identity Manager",
"version": "Build ede7619a82a790498f4ecca11a28bdfd547e64b8",
"description": "VMware Identity Manager REST API documentation.",
"license": {
"url": "http://www.vmware.com/download/eula/identity-manager-terms-of-service.html",
"name": "VMware Identity Manager Terms of Service"
},
"contact": {
"url": "http://www.vmware.com/company/contact_sales.html"
}
},
"paths": {
"/SAAS/jersey/manager/api/scim/Users": {
"post": {
"responses": {
"201": {
"description": "successful operation",
"schema": {
"$ref": "#/definitions/SdkUserResource"
}
},
"409": {
"description": "A user with the same userName already exists"
},
"500": {
"description": "An unexpected error occurred"
},
"400": {
"description": "The specified attributes are invalid or the userName of the user to be created is missing or invalid"
}
},
"parameters": [
{
"description": "list of attributes to return, separated by comma. When specified, the returned created user will only contain the minimal set of user attributes plus the attributes or sub-attributes explicitly requested",
"required": false,
"x-example": "urn:scim:schemas:extension:workspace:1.0:internalUserType,externalId",
"in": "query",
"type": "string",
"name": "attributes"
},
{
"description": "whether or not to send email to set the password. This parameter is used only if the password is not set in the JSON body. If set to 'false', the returned user resource will contain an OTA link to set the password. The default is 'true'",
"default": true,
"required": false,
"x-example": "false",
"in": "query",
"type": "boolean",
"name": "sendMail"
},
{
"description": "the user resource to be created as a JSON string",
"required": true,
"x-examples": {
"default": "{\n \"schemas\": [\n \"urn:scim:schemas:core:1.0\"\n ],\n \"userName\": \"test-user-10\",\n \"name\": {\n \"givenName\": \"firstName 10\",\n \"familyName\": \"lastName 10\"\n },\n \"emails\": [\n {\n \"value\": \"test10@vmware.com\"\n }\n ],\n \"password\": \"123456\"\n }"
},
"name": "body",
"in": "body",
"schema": {
"$ref": "#/definitions/SdkUserResource"
}
}
],
"tags": [
"scim",
"admin"
],
"produces": [
"application/json"
],
"summary": "Create a local user",
"security": [
{
"oauth2": [
"admin"
]
}
],
"operationId": "post-postUser",
"description": "Creates a user in the system directory"
},
"get": {
"responses": {
"200": {
"description": "successful operation",
"schema": {
"$ref": "#/definitions/ResourcesOfUserResource"
}
},
"404": {
"description": "If the query parameter values are invalid for \"sortBy\", \"count\" or \"startIndex\""
},
"400": {
"description": "The specified filter operation is invalid or the specified \"attributes\" are invalid"
}
},
"parameters": [
{
"description": "list of attributes to return, separated by comma. When specified, the retrieved user(s) will only contain the minimal set of user attributes plus the attributes or sub-attributes explicitly requested",
"required": false,
"x-example": "userName,groups",
"in": "query",
"type": "string",
"name": "attributes"
},
{
"description": "when specified, only users matching the filter expression will be returned. The filter must comply with the SCIM specification. Only 'eq','co','sw','gt','ge','lt' and 'le' are currently supported as operators",
"required": false,
"x-example": "userName co \"j\"",
"in": "query",
"type": "string",
"name": "filter"
},
{
"description": "offset of the first user to return in the list of found users. This is used for pagination",
"format": "int32",
"default": 0,
"required": false,
"x-example": 10,
"in": "query",
"type": "integer",
"name": "startIndex"
},
{
"description": "the number of found users to return starting from the given startIndex. This is used for pagination",
"format": "int32",
"default": 20,
"required": false,
"x-example": 50,
"in": "query",
"type": "integer",
"name": "count"
},
{
"description": "the attribute to use to sort the found user",
"required": false,
"x-example": "userName",
"in": "query",
"type": "string",
"name": "sortBy"
},
{
"required": false,
"description": "the direction the resources returned should be sorted in. Allowed values are \"ascending\" and \"descending\".",
"enum": [
"ascending",
"descending"
],
"x-example": "descending",
"in": "query",
"type": "string",
"name": "sortOrder"
},
{
"description": "custom schema extension types for which user schema attributes need to be included",
"required": false,
"x-example": "myCustomSchema",
"in": "query",
"type": "string",
"name": "customSchemaExtensionTypes"
}
],
"tags": [
"scim",
"admin"
],
"produces": [
"application/json"
],
"summary": "Find all users or only users matching a supplied filter",
"security": [
{
"oauth2": [
"admin"
]
}
],
"operationId": "get-getUsers",
"description": "Retrieve all users if no filter is specified, otherwise retrieve all the users matching the given filter.\nThis endpoint complies with the SCIM specifications; see https://tools.ietf.org/html/rfc7644#page-15"
}
},
"/SAAS/jersey/manager/api/scim/Users/.search": {
"post": {
"responses": {
"200": {
"description": "successful operation",
"schema": {
"$ref": "#/definitions/ResourcesOfUserResource"
}
},
"400": {
"description": "The specified search request is invalid"
}
},
"parameters": [
{
"description": "the search request",
"required": true,
"x-examples": {
"default": "{\n\t\"filter\" : \"name.givenName sw \\\"jo\\\"\",\n\t\"attributes\" : \"userName,name.familyName,emails\",\n\t\"sortBy\" : \"name.familyName\"\n}"
},
"name": "body",
"in": "body",
"schema": {
"$ref": "#/definitions/SearchRequest"
}
}
],
"tags": [
"scim",
"admin"
],
"produces": [
"application/json"
],
"summary": "Find all users or only users matching a supplied filter",
"security": [
{
"oauth2": [
"admin"
]
}
],
"operationId": "post-findUsers",
"consumes": [
"application/json"
],
"description": "Retrieve all users if no filter is specified, otherwise retrieve all the users matching the given filter.\nThis endpoint complies with the SCIM specifications, see https://tools.ietf.org/html/rfc7644#page-15.\nIt serves the same function as the GET /scim/Users API but using a POST to allow an unlimited request size."
}
},
"/SAAS/jersey/manager/api/reporting/reports/audit": {
"get": {
"responses": {
"200": {
"description": "successful operation",
"schema": {
"$ref": "#/definitions/ReportsTable"
}
},
"400": {
"description": "One or more of the the specified query parameters are invalid"
}
},
"description": "Optional filters can be applied which will return only audit events that match all the filters specified. Not currently available on the hosted product.",
"parameters": [
{
"description": "filter events generated by this user",
"required": false,
"x-example": "user@domain.com",
"in": "query",
"type": "string",
"name": "actorUserName"
},
{
"required": false,
"type": "string",
"description": "filter specific types of audit events or affected objects",
"name": "objectType",
"in": "query"
},
{
"enum": [
"CREATE",
"DELETE",
"UPDATE",
"LINK",
"UNLINK"
],
"name": "objectAction",
"required": false,
"in": "query",
"type": "string",
"description": "filter specific actions"
},
{
"required": false,
"type": "string",
"description": "filter specific types of linked to object types, only applicable for LINK and UNLINK actions",
"name": "linkedObjectType",
"in": "query"
},
{
"required": false,
"type": "string",
"description": "filter events that affect a specific object instance",
"name": "objectName",
"in": "query"
},
{
"description": "filter events no older than this time, milliseconds since epoch, defaults to 3 days ago (now-96 hours)",
"format": "int64",
"required": false,
"in": "query",
"type": "integer",
"name": "fromMillis"
},
{
"description": "filter events no newer than this time, milliseconds since epoch. Defaults to now",
"format": "int64",
"required": false,
"in": "query",
"type": "integer",
"name": "toMillis"
},
{
"description": "Use offset to page through the results",
"format": "int32",
"default": 0,
"required": false,
"x-example": 2000,
"in": "query",
"type": "integer",
"name": "startIndex"
},
{
"description": "Max page size of the results, max allowed value is 5000",
"format": "int32",
"default": 5000,
"required": false,
"x-example": 1000,
"in": "query",
"type": "integer",
"name": "pageSize"
}
],
"produces": [
"application/vnd.vmware.horizon.manager.reports.table+json"
],
"tags": [
"reports",
"admin"
],
"summary": "Query the audit data for matching records.",
"security": [
{
"oauth2": [
"admin"
]
}
],
"operationId": "get-getAuditReport"
}
},
"/SAAS/jersey/manager/api/reporting/reports/usergroupappdevicescount": {
"get": {
"responses": {
"200": {
"description": "successful operation",
"schema": {
"$ref": "#/definitions/ReportsTable"
}
}
},
"tags": [
"reports",
"admin"
],
"description": "",
"produces": [
"application/vnd.vmware.horizon.manager.reports.table+json"
],
"summary": "Get a summary report of the number of users, groups, resources and devices.",
"security": [
{
"oauth2": [
"admin"
]
}
],
"operationId": "get-getUsersGroupsAppsCountReport"
}
},
"/SAAS/jersey/manager/api/reporting/reports/roles": {
"get": {
"responses": {
"200": {
"description": "successful operation",
"schema": {
"$ref": "#/definitions/ReportsTable"
}
},
"404": {
"description": "A role with the given name does not exist"
},
"400": {
"description": "The role name is invalid"
}
},
"description": "",
"parameters": [
{
"enum": [
"Administrator",
"AdminAPI"
],
"name": "roleName",
"required": true,
"in": "query",
"type": "string",
"description": "The name of the role"
}
],
"produces": [
"application/vnd.vmware.horizon.manager.reports.table+json"
],
"tags": [
"reports",
"admin"
],
"summary": "Get a list of the users belonging to a given role.",
"security": [
{
"oauth2": [
"admin"
]
}
],
"operationId": "get-getRoleMembershipReport"
}
},
"/SAAS/API/1.0/REST/oauth2/activate": {
"post": {
"responses": {
"200": {
"description": "successful operation",
"schema": {
"$ref": "#/definitions/OAuth2ClientActivationDetails"
}
},
"404": {
"description": "Activation failed, organization not found."
},
"500": {
"description": "Activation failed, unknown error."
},
"400": {
"description": "Activation failed, activation code is invalid or not specified."
}
},
"description": "This endpoint is used in the dynamic mobile registration flow. The activation code is obtained by calling the /SAAS/auth/device/register endpoint. The client_secret and client_id returned in this call will be used in the call to the /SAAS/auth/oauthtoken endpoint.",
"parameters": [
{
"required": true,
"in": "body",
"description": "the activation code",
"name": "body",
"schema": {
"type": "string"
}
}
],
"tags": [
"mobile",
"oauth2"
],
"summary": "Activate the device client by exchanging an activation code for a client ID and client secret.",
"operationId": "post-activateOauth2Client"
}
},
"/SAAS/jersey/manager/api/reporting/reports/resourcetypelaunchfordays": {
"get": {
"responses": {
"200": {
"description": "successful operation",
"schema": {
"$ref": "#/definitions/ReportsTable"
}
}
},
"tags": [
"reports",
"admin"
],
"description": "",
"produces": [
"application/vnd.vmware.horizon.manager.reports.table+json"
],
"summary": "Get a report that shows the total number of launches per day for each resource type, for the last 7 days.",
"security": [
{
"oauth2": [
"admin"
]
}
],
"operationId": "get-getResourceTypeLaunchFor7DaysReport"
}
},
"/SAAS/jersey/manager/api/scim/Users/{id}": {
"get": {
"responses": {
"200": {
"description": "successful operation",
"schema": {
"$ref": "#/definitions/SdkUserResource"
}
}
},
"parameters": [
{
"description": "the id of the user to retrieve",
"required": true,
"x-example": "d24afa39-05a1-433f-8aa9-ad41c9a3d394",
"in": "path",
"type": "string",
"name": "id"
},
{
"required": false,
"type": "string",
"description": "when specified, the returned user will contain the minimal set of user attributes plus the attributes or sub-attributes explicitly requested",
"in": "query",
"name": "attributes"
},
{
"description": "the directory identifier. This identifier will be used to retrieve local directory's user attribute definitions (if any). If not specified, the user attribute definitions defined for the tenant will be used.",
"required": false,
"x-example": "ca6c160e-5bb9-422c-8d71-777a90241dea",
"in": "query",
"type": "string",
"name": "directoryUuid"
},
{
"description": "custom schema extension types for which user schema attributes needs to be included",
"required": false,
"x-example": "my-custom-schema",
"in": "query",
"type": "string",
"name": "customSchemaExtensionTypes"
}
],
"tags": [
"scim",
"admin"
],
"produces": [
"application/json"
],
"summary": "Get a user by id",
"security": [
{
"oauth2": [
"admin"
]
}
],
"operationId": "get-getUser",
"description": "The user id is a unique internal identifier and can be retrieved using the search API /scim/Users?filter=..."
},
"delete": {
"responses": {
"404": {
"description": "The specified user does not exist"
},
"500": {
"description": "An unexpected error occurred"
}
},
"parameters": [
{
"description": "the id of the user to delete",
"required": true,
"x-example": "d24afa39-05a1-433f-8aa9-ad41c9a3d394",
"in": "path",
"type": "string",
"name": "id"
}
],
"tags": [
"scim",
"admin"
],
"produces": [
"application/json"
],
"summary": "Delete a user found by id",
"security": [
{
"oauth2": [
"admin"
]
}
],
"operationId": "delete-deleteUser",
"description": "The user id is a unique internal identifier and can be retrieved using the search API /scim/Users?filter=..."
},
"patch": {
"responses": {
"404": {
"description": "The specified user does not exist."
},
"403": {
"description": "The user is not a local user and can not be updated"
},
"500": {
"description": "An unexpected error occurred"
},
"400": {
"description": "The supplied JSON is incorrect"
}
},
"parameters": [
{
"description": "the id of the user to update",
"required": true,
"x-example": "d24afa39-05a1-433f-8aa9-ad41c9a3d394",
"in": "path",
"type": "string",
"name": "id"
},
{
"description": "the user resource updated information as a JSON string",
"required": true,
"x-examples": {
"default": "{ \"name\": { \"givenName\": \"Updated given name\" }}"
},
"name": "body",
"in": "body",
"schema": {
"$ref": "#/definitions/SdkUserResource"
}
}
],
"tags": [
"scim",
"admin"
],
"produces": [
"application/json"
],
"summary": "Update a user found by id",
"security": [
{
"oauth2": [
"admin"
]
}
],
"operationId": "patch-patchUser",
"description": "Updates user's information. The user id is a unique internal identifier and can be retrieved using the search API /scim/Users?filter=...\nPatch operation allows to send in the request only attributes that need to be changed."
}
},
"/SAAS/auth/oauth2/authorize": {
"get": {
"responses": {
"200": {
"description": "successful operation",
"schema": {
"type": "string"
}
},
"400": {
"description": "The error can be any of those: no client_id has been specified, the client_id does not exist, the redirect_uri has not been specified or does not match. The error message will contain 'error' and 'error_description' fields. See the OAuth2.0 spec for further details."
}
},
"description": "This is the starting point of the OAuth 2.0 flow to authenticate end users from your application.This authorization endpoint complies with the OAuth 2.0 specifications and must be used by clients to authenticate users and obtain an authorization code. To use this endpoint, your application must be registered as an OAuth 2.0 client in VMware Identity Manager and have the 'authorization_code' grant type enabled.",
"parameters": [
{
"description": "Specifies the callback endpoint in your application that will receive the authorization code. It must match the redirect_uri defined in your OAuth2.0 client registration in VMware Identity Manager. When sending the redirect_uri as a URL parameter it has to be URL encoded.",
"required": true,
"x-example": "https://example-app.com/redirect?auth%3Doauth",
"in": "query",
"type": "string",
"name": "redirect_uri"
},
{
"description": "This is the identifier of the OAuth 2.0 client that was registered in VMware Identity Manager.",
"required": true,
"x-example": "Example_AppID",
"in": "query",
"type": "string",
"name": "client_id"
},
{
"description": "Specifies how the application should receive the authorization response. Only 'code' is supported.",
"required": true,
"x-example": "code",
"in": "query",
"type": "string",
"name": "response_type"
},
{
"description": "A random string that your application generates and that will be sent back as a parameter during the URI redirection.",
"required": false,
"x-example": "5aPY-C1JSeyTiUPWV_DLDw",
"in": "query",
"type": "string",
"name": "state"
},
{
"description": "The list of scopes of the authorization request separated by a space and is URL encoded. The scopes must be equivalent or a subset of the scopes defined in the OAuth2.0 client.",
"required": false,
"x-example": "openid+profile+email+user",
"in": "query",
"type": "string",
"name": "scope"
},
{
"required": false,
"type": "string",
"description": "Specifies the user's domain. If this parameter is specified, the login screen will skip the domain selection page. This can be used when it is known that a single domain is used or the domain information can be inferred automatically (from the username for example).This is a VMware Identity Manager optional parameter and is not in the OAuth 2.0 specification. ",
"in": "query",
"name": "domain"
},
{
"required": false,
"type": "string",
"description": "Specifies the user's login. In case your application already knows what user is going to login, and VMware Identity Manager will have to pass this user to a third-party IdP, then adding this parameter will send the username as part of the SAML request. This is a VMware Identity Manager optional parameter and is not in the OAuth 2.0 specification.",
"in": "query",
"name": "u"
}
],
"tags": [
"oauth2",
"login"
],
"summary": "OAuth 2.0 authorization endpoint",
"operationId": "get-doOAuth2Authorize"
}
},
"/SAAS/jersey/manager/api/reporting/reports/recentusers": {
"get": {
"responses": {
"200": {
"description": "successful operation",
"schema": {
"$ref": "#/definitions/ReportsTable"
}
}
},
"description": "Includes the date and time they last logged in and their username, sorted by most recent.",
"parameters": [
{
"description": "Include logins no older than this many days ago, from today",
"format": "int32",
"default": 3,
"required": false,
"x-example": 30,
"in": "query",
"type": "integer",
"name": "fromDays"
},
{
"description": "Include login no newer than this many days from today, 0=today",
"format": "int32",
"default": 0,
"required": false,
"x-example": 10,
"in": "query",
"type": "integer",
"name": "toDays"
},
{
"description": "Use offset to page through the results",
"format": "int32",
"default": 0,
"required": false,
"x-example": 2000,
"in": "query",
"type": "integer",
"name": "startIndex"
},
{
"description": "Max page size of the results, max allowed value is 5000",
"format": "int32",
"default": 5000,
"required": false,
"x-example": 1000,
"in": "query",
"type": "integer",
"name": "pageSize"
}
],
"produces": [
"application/vnd.vmware.horizon.manager.reports.table+json"
],
"tags": [
"reports",
"admin"
],
"summary": "Get a report of the users that have logged in for a given time interval.",
"security": [
{
"oauth2": [
"admin"
]
}
],
"operationId": "get-getRecentUsersReport"
}
},
"/SAAS/jersey/manager/api/reporting/reports/appadoption": {
"get": {
"responses": {
"200": {
"description": "successful operation",
"schema": {
"$ref": "#/definitions/ReportsTable"
}
}
},
"description": "Adoption rate is determined as the percentage of users that are entitled to the resource that have launched the resource.\nIncludes the name of the resource, its type, how many users are entitled, how many have launched the resource at least once, and the adoption percentage.\nDAY = past day\nWEEK = past week\nMONTH = past month\nQUARTER = past 12 weeks",
"parameters": [
{
"enum": [
"DAY",
"WEEK",
"MONTH",
"QUARTER"
],
"name": "interval",
"required": true,
"in": "query",
"type": "string",
"description": "Generate report for this past time interval"
}
],
"produces": [
"application/vnd.vmware.horizon.manager.reports.table+json"
],
"tags": [
"reports",
"admin"
],
"summary": "Get a report on the adoption of resources for a given time interval, sorted by the highest adoption rate.",
"security": [
{
"oauth2": [
"admin"
]
}
],
"operationId": "get-getApplicationAdoptionReport"
}
},
"/SAAS/jersey/manager/api/reporting/reports/resourcetypelaunch": {
"get": {
"responses": {
"200": {
"description": "successful operation",
"schema": {
"$ref": "#/definitions/ReportsTable"
}
}
},
"description": "",
"parameters": [
{
"enum": [
"DAY",
"WEEK",
"MONTH",
"QUARTER"
],
"name": "interval",
"required": true,
"in": "query",
"type": "string",
"description": "Count the launches for this past time interval"
}
],
"produces": [
"application/vnd.vmware.horizon.manager.reports.table+json"
],
"tags": [
"reports",
"admin"
],
"summary": "Get the report that shows the total number of launches per resource type for a given time interval.",
"security": [
{
"oauth2": [
"admin"
]
}
],
"operationId": "get-getResourceTypeLaunchReport"
}
},
"/SAAS/jersey/manager/api/reporting/reports/appusage": {
"get": {
"responses": {
"200": {
"description": "successful operation",
"schema": {
"$ref": "#/definitions/ReportsTable"
}
}
},
"description": "Includes the name of the resource, its type, how many users are entitled, and the licensing information.\nDAY = past day\nWEEK = past week\nMONTH = past month\nQUARTER = past 12 weeks",
"parameters": [
{
"enum": [
"DAY",
"WEEK",
"MONTH",
"QUARTER"
],
"name": "interval",
"required": true,
"in": "query",
"type": "string",
"description": "Generate report for this past time interval"
}
],
"produces": [
"application/vnd.vmware.horizon.manager.reports.table+json"
],
"tags": [
"reports",
"admin"
],
"summary": "Get a report on the usage of resources for a given time interval, sorted by the most launched. Resources that have never been launched during the selected interval will not be included in the report.",
"security": [
{
"oauth2": [
"admin"
]
}
],
"operationId": "get-getApplicationUsageReport"
}
},
"/SAAS/jersey/manager/api/reporting/reports/activity": {
"get": {
"responses": {
"200": {
"description": "successful operation",
"schema": {
"$ref": "#/definitions/ReportsTable"
}
}
},
"description": "Includes the number of logins and launches, the users, groups, resources and entitlements that were added, updated and removed.\nDAY = past day\nWEEK = past week\nMONTH = past month\nQUARTER = past 12 weeks",
"parameters": [
{
"enum": [
"DAY",
"WEEK",
"MONTH",
"QUARTER"
],
"name": "interval",
"required": true,
"in": "query",
"type": "string",
"description": "Generate report for this past time interval"
}
],
"produces": [
"application/vnd.vmware.horizon.manager.reports.table+json"
],
"tags": [
"reports",
"admin"
],
"summary": "Get the activity summary report for a given time interval.",
"security": [
{
"oauth2": [
"admin"
]
}
],
"operationId": "get-getActivitySummaryReport"
}
},
"/SAAS/jersey/manager/api/reporting/reports/appentitlement": {
"get": {
"responses": {
"200": {
"description": "successful operation",
"schema": {
"$ref": "#/definitions/ReportsTable"
}
}
},
"description": "Includes each user's name, email, role and their groups.",
"parameters": [
{
"required": true,
"type": "string",
"description": "The UUID of the catalog item to get entitlements for",
"name": "appId",
"in": "query"
}
],
"produces": [
"application/vnd.vmware.horizon.manager.reports.table+json"
],
"tags": [
"reports",
"admin"
],
"summary": "Get a report of the users entitled to a catalog item.",
"security": [
{
"oauth2": [
"admin"
]
}
],
"operationId": "get-getApplicationEntitlementReport"
}
},
"/SAAS/auth/oauthtoken": {
"post": {
"description": "This token endpoint complies with the OAuth 2.0 specifications and must be used by client to obtain an access token with client authentication.",
"parameters": [
{
"required": true,
"type": "string",
"description": "Specifies the OAuth grant type the client is making. VMware Identity Manager supports the following grant types from the OAuth specifications: authorization_code, password, client_credentials, and refresh_token. VMware Identity Manager also supports the grant type urn:ietf:params:oauth:grant-type:jwt-bearer for using JWTs for authorization as described in the JWT Bearer Token Profiles for OAuth 2.0 specifications.",
"in": "query",
"name": "grant_type"
},
{
"description": "The client identifier. If the HTTP Basic authentication scheme is not used, client must specify the client identifier using this request parameter. The use of HTTP Basic is recommended.\n",
"required": false,
"x-example": "Example_AppID",
"in": "query",
"type": "string",
"name": "client_id"
},
{
"required": false,
"type": "string",
"description": "The username, UTF-8 encoded. Required only if the grant_type is 'password'",
"in": "query",
"name": "username"
},
{
"required": false,
"type": "string",
"description": "The password, UTF-8 encoded. Required only if the grant_type is 'password'",
"in": "query",
"name": "password"
},
{
"required": false,
"type": "string",
"description": "The domain the user belongs to. Optional and only used if the grant_type is 'password'",
"in": "query",
"name": "domain"
},
{
"required": false,
"type": "string",
"description": "The list of scopes of the access request. Required only if the grant_type is 'password'",
"in": "query",
"name": "scope"
},
{
"required": false,
"type": "string",
"description": "The authorization code received from the authorize request. Required only if the grant_type is 'authorization_code'",
"in": "query",
"name": "code"
},
{
"required": false,
"type": "string",
"description": "The redirect_uri as provided to the authorize request. Required only if the grant_type is 'authorization_code'",
"in": "query",
"name": "redirect_uri"
}
],
"tags": [
"oauth2",
"login"
],
"summary": "Obtain an OAuth 2.0 access token and optionally a refresh token",
"security": [
{
"basic_auth": []
}
],
"operationId": "post-handleRequest",
"responses": {
"200": {
"description": "Successful",
"schema": {
"$ref": "#/definitions/OAuth2Token"
}
},
"405": {
"description": "The HTTP method might be incorrect, make sure you use the POST method."
},
"401": {
"description": "The client authentication failed. Check the 'Authorization' header."
},
"500": {
"description": "The grant_type is incorrect or absent."
},
"400": {
"description": "The error can be any of those: the provided grant type is not supported, the request is missing a required parameter, the client authentication failed, the provided authorization grant is invalid, the authenticated client is not authorized to use this authorization grant type. The error message will contain 'error' and 'error_description' fields. See the OAuth2.0 spec for further details."
}
}
}
},
"/SAAS/API/1.0/REST/auth/token": {
"get": {
"responses": {
"200": {
"description": "successful operation",
"schema": {
"type": "string"
}
}
},
"description": "This endpoint allows applications to validate the access token issued by VMware Identity Manager, and to retrieve the public key used to sign the token.",
"parameters": [
{
"required": true,
"description": "the type of operation to perform on the token. Use \"isValid\" to validate a token, \"isRevoked\" to check the revocation status, and \"publicKey\" to retrieve the public key",
"enum": [
"isValid",
"isRevoked",
"publicKey"
],
"in": "query",
"type": "string",
"name": "attribute"
},
{
"required": false,
"type": "string",
"description": "the tenant to retrieve the public key for (only valid when attribute is publicKey), if the tenant is different from the one in the request URL",
"in": "query",
"name": "tenant"
},
{
"required": false,
"description": "the format of the public key (only valid when attribute is publicKey). Use \"pem\" to retrieve the key in PEM format, \"jwks\" to get the key in JWKS format, and \"jwk\" to get in the key in the JWK format (early draft)",
"default": "jwk",
"enum": [
"pem",
"jwks",
"jwk"
],
"in": "query",
"type": "string",
"name": "format"
}
],
"tags": [
"oauth2",
"oidc"
],
"summary": "Retrieve the public key to validate a token or check the given access token",
"operationId": "get-getTokenAttribute"
}
},
"/SAAS/jersey/manager/api/scim/Groups/.search": {
"post": {
"responses": {
"200": {
"description": "successful operation",
"schema": {
"$ref": "#/definitions/ResourcesOfGroupResource"
}
},
"400": {
"description": "The specified search request is invalid"
}
},
"parameters": [
{
"description": "the search request",
"required": true,
"x-examples": {
"default": "{\n\t\"filter\" : \"displayName co \\\"internal\\\"\",\n\t\"attributes\" : \"displayName\",\n\t\"sortBy\" : \"displayName\"\n}"
},
"name": "body",
"in": "body",
"schema": {
"$ref": "#/definitions/SearchRequest"
}
}
],
"tags": [
"scim",
"admin"
],
"produces": [
"application/json"
],
"summary": "Find all groups or only groups matching a supplied filter",
"security": [
{
"oauth2": [
"admin"
]
}
],
"operationId": "post-findGroups",
"consumes": [
"application/json"
],
"description": "Retrieve all groups if no filter is specified, otherwise retrieve all the groups matching the given filter.\nThis endpoint complies with the SCIM specifications, see https://tools.ietf.org/html/rfc7644#page-15.\nThis serves the same function as the GET /scim/Groups API but using a POST method so that the length of the request is not limited."
}
},
"/SAAS/auth/device/register": {
"post": {
"responses": {
"200": {
"description": "successful operation",
"schema": {
"type": "string"
}
},
"302": {
"description": "VMware Identity Manager will redirect to the specified redirect_uri. The redirect URL will contain 'error' and 'error_description' query parameters if there is an error: the response_type is invalid or missing, the specified scope is unknown. Otherwise the redirect URL will contain the state, the activation code and the authorization code to exchange respectively in the activation and authorization subsequent requests."
},
"400": {
"description": "The error can be any of those: the app_product_id does not exist, the user_device is not specified or incorrect, the redirect_uri is not specified or invalid or does not match the one in the app_product_id."
}
},
"description": "This endpoint is the starting point of a mobile device dynamic client registration flow.",
"parameters": [
{
"description": "Specifies the name of the template that was registered with VMware Identity Manager.",
"required": true,
"x-example": "VMware-AppAuth-Samples-Template",
"in": "query",
"type": "string",
"name": "app_product_id"
},
{
"description": "A JSON representation of a user's device. It contains device information.",
"required": true,
"x-example": "%7B%22osFamily%22%3A%22Android%22%2C%22extendedAttributeMap%22%3A%7B%22model%22%3A%22Android+SDK+built+for+x86%22%7D%2C%22machineName%22%3A%22unknown%22%2C%22osVersion%22%3A24%2C%22osName%22%3A%22Android%22%2C%22deviceId%22%3A%227ea00d46-35eb-4cd9-951a-4b790c14bb4f%22%7D",
"in": "query",
"type": "string",
"name": "user_device"
},
{
"description": "A unique identifier for the user's device.",
"required": true,
"x-example": "my+Android+123456",
"in": "query",
"type": "string",
"name": "device_name"
},
{
"description": "Must be 'code'.",
"required": true,
"x-example": "code",
"in": "query",
"type": "string",
"name": "response_type"
},
{
"description": "Specifies the callback endpoint in your application that will receive the authorization code. It must match the redirect_uri defined in the pre-created template in VMware Identity Manager. When sending the redirect_uri as a URL parameter it has to be URL encoded.",
"required": true,
"x-example": "com.vmware.idm.samples.mobilesso%3A%2F%2Foauth2redirect",
"in": "query",
"type": "string",
"name": "redirect_uri"
},
{
"description": "A random string that your application generates and that will be sent back as a parameter during the URI redirection.",
"required": false,
"x-example": "5aPY-C1JSeyTiUPWV_DLDw",
"in": "query",
"type": "string",
"name": "state"
},
{
"description": "The list of scopes of the authorization request separated by space and is URL encoded. The scopes must be equivalent or a subset of the scopes defined in the template.",
"required": false,
"x-example": "openid+profile+email+user",
"in": "query",
"type": "string",
"name": "scope"
}
],
"tags": [
"mobile",
"oauth2",
"login"
],
"summary": "Authenticate a user on a device by registering the user's device in the system.",
"operationId": "post-doDeviceRegister"
},
"get": {
"responses": {
"200": {
"description": "successful operation",
"schema": {
"type": "string"
}
},
"302": {
"description": "VMware Identity Manager will redirect to the specified redirect_uri. The redirect URL will contain 'error' and 'error_description' query parameters if there is an error: the response_type is invalid or missing, the specified scope is unknown. Otherwise the redirect URL will contain the state, the activation code and the authorization code to exchange respectively in the activation and authorization subsequent requests."
},
"400": {
"description": "The error can be any of those: the app_product_id does not exist, the user_device is not specified or incorrect, the redirect_uri is not specified or invalid or does not match the one in the app_product_id."
}
},
"description": "This endpoint is the starting point of a mobile device dynamic client registration flow.",
"parameters": [
{
"description": "Specifies the name of the template that was registered with VMware Identity Manager.",
"required": true,
"x-example": "VMware-AppAuth-Samples-Template",
"in": "query",
"type": "string",
"name": "app_product_id"
},
{
"description": "A JSON representation of a user's device. It contains device information.",
"required": true,
"x-example": "%7B%22osFamily%22%3A%22Android%22%2C%22extendedAttributeMap%22%3A%7B%22model%22%3A%22Android+SDK+built+for+x86%22%7D%2C%22machineName%22%3A%22unknown%22%2C%22osVersion%22%3A24%2C%22osName%22%3A%22Android%22%2C%22deviceId%22%3A%227ea00d46-35eb-4cd9-951a-4b790c14bb4f%22%7D",
"in": "query",
"type": "string",
"name": "user_device"
},
{
"description": "A unique identifier for the user's device.",
"required": true,
"x-example": "my+Android+123456",
"in": "query",
"type": "string",
"name": "device_name"
},
{
"description": "Must be 'code'.",
"required": true,
"x-example": "code",
"in": "query",
"type": "string",
"name": "response_type"
},
{
"description": "Specifies the callback endpoint in your application that will receive the authorization code. It must match the redirect_uri defined in the pre-created template in VMware Identity Manager. When sending the redirect_uri as a URL parameter it has to be URL encoded.",
"required": true,
"x-example": "com.vmware.idm.samples.mobilesso%3A%2F%2Foauth2redirect",
"in": "query",
"type": "string",
"name": "redirect_uri"
},
{
"description": "A random string that your application generates and that will be sent back as a parameter during the URI redirection.",
"required": false,
"x-example": "5aPY-C1JSeyTiUPWV_DLDw",
"in": "query",
"type": "string",
"name": "state"
},
{
"description": "The list of scopes of the authorization request separated by space and is URL encoded. The scopes must be equivalent or a subset of the scopes defined in the template.",
"required": false,
"x-example": "openid+profile+email+user",
"in": "query",
"type": "string",
"name": "scope"
}
],
"tags": [
"mobile",
"oauth2",
"login"
],
"summary": "Authenticate a user on a device by registering the user's device in the system.",
"operationId": "get-doDeviceRegister"
}
},
"/SAAS/jersey/manager/api/scim/Roles/{id}": {
"get": {
"responses": {
"200": {
"description": "successful operation",
"schema": {
"$ref": "#/definitions/SdkRoleResource"
}
},
"404": {
"description": "If role id is not found"
},
"500": {
"description": "An unexpected error occurred"
},
"400": {
"description": "One or more of the specified \"attributes\" parameter values is invalid"
}
},
"parameters": [
{
"description": "the id of the role to retrieve",
"required": true,
"x-example": "a1ac2b75-6c41-45e9-8349-59746c529ccb",
"in": "path",
"type": "string",
"name": "id"
},
{
"description": "list of attributes to return, separated by comma. When specified, the retrieved role will only contain the minimal set of role attributes plus the attributes or sub-attributes explicitly requested, i.e. {urn}:{Attribute name}.{Sub-Attribute name}",
"required": false,
"x-example": "displayName,meta.version,urn:scim:schemas:extension:workspace:1.0:description,",
"in": "query",
"type": "string",
"name": "attributes"
}
],
"tags": [
"scim",
"admin"
],
"produces": [
"application/json"
],
"summary": "Get a role by id",
"security": [
{
"oauth2": [
"admin"
]
}
],
"operationId": "get-getRole",
"description": "Get additional role information using the role unique identifier (id). The role id can be retrieved using the search API /scim/Roles?filter=..."
},
"patch": {
"responses": {
"404": {
"description": "If role or role member id is not found"
},
"403": {
"description": "Unauthorized"
},
"401": {
"description": "No authentication provided"
},
"500": {
"description": "Server error while patching SCIM role"
},
"400": {
"description": "If the supplied serialized JSON role is malformed"
}
},
"parameters": [
{
"description": "the id of the role to update",
"required": true,
"x-example": "a1ac2b75-6c41-45e9-8349-59746c529ccb",
"in": "path",
"type": "string",
"name": "id"
},
{
"description": "the role resource to be updated as a JSON string",
"required": true,
"x-examples": {
"default": "{\n \"schemas\": [\n \"urn:scim:schemas:core:1.0\"\n ],\n \"members\": \n {\n \"value\": \"8142e325-18b0-4fc3-af52-3f650f7dacf8\"\n \"type\" : \"User\" }\n }"
},
"name": "body",
"in": "body",
"schema": {
"$ref": "#/definitions/SdkRoleResource"
}
}
],
"tags": [
"scim",
"admin"
],
"produces": [
"application/json"
],
"summary": "Update a role found by id",
"security": [
{
"oauth2": [
"admin"
]
}
],
"operationId": "patch-patchRole",
"consumes": [
"application/json"
],
"description": "Updates role's information. Commonly used to assign users to this role. The role id is a unique internal identifier and can be retrieved using the search API /scim/Roles?filter=...\nPatch operation allows to send in the request the attributes that need to be changed only."
}
},
"/SAAS/jersey/manager/api/scim/Me": {
"get": {
"responses": {
"200": {
"description": "successful operation",
"schema": {
"$ref": "#/definitions/SdkUserResource"
}
},
"400": {
"description": "The specified \"attributes\" parameter is invalid"
}
},
"parameters": [
{
"description": "list of attributes to return, separated by comma. When specified, the retrieved user will only contain the minimal set of user attributes plus the attributes or sub-attributes explicitly requested",
"required": false,
"x-example": "userName,groups",
"in": "query",
"type": "string",
"name": "attributes"
},
{
"description": "custom schema extension types for which user schema attributes need to be included",
"required": false,
"x-example": "myCustomSchema",
"in": "query",
"type": "string",
"name": "customSchemaExtensionTypes"
}
],
"tags": [
"scim",
"user"
],
"produces": [
"application/json"
],
"summary": "Provides information about the logged-in user.",
"security": [
{
"oauth2": [
"user"
]
}
],
"operationId": "get-getUserForAuthenticatedUser",
"description": "Display the information for the user associated with the provided access token. The user's attributes can be filtered using the 'attributes' parameter."
}
},
"/SAAS/jersey/manager/api/scim/Roles": {
"get": {
"responses": {
"200": {
"description": "successful operation",
"schema": {
"$ref": "#/definitions/ResourcesOfRoleResource"
}
},
"404": {
"description": "If the query parameter values are invalid for \"count\" or \"startIndex\""
},
"500": {
"description": "An unexpected error occurred"
},
"400": {
"description": "The specified \"filter\" or \"attributes\" parameter values are invalid"
}
},
"parameters": [
{
"description": "list of attributes to return, separated by comma. When specified, the retrieved role(s)will only contain the minimal set of role attributes plus the attributes or sub-attributes explicitly requested, i.e. {urn}:{Attribute name}.{Sub-Attribute name}",
"required": false,
"x-example": "displayName,meta.version,urn:scim:schemas:extension:workspace:1.0:description,",
"in": "query",
"type": "string",
"name": "attributes"
},
{
"description": "when specified, only roles matching the filter expression will be returned. The filter must comply with the SCIM specification. Only 'eq','co','sw','gt','ge','lt' and 'le' are currently supported as operators",
"required": false,
"x-example": "displayName co \"User\"",
"in": "query",
"type": "string",
"name": "filter"
},
{
"description": "offset of the first role to return in the list of found roles",
"format": "int32",
"required": false,
"x-example": 10,
"in": "query",
"type": "integer",
"name": "startIndex"
},
{
"description": "the number of found roles to return starting from the given startIndex",
"format": "int32",
"required": false,
"x-example": 50,
"in": "query",
"type": "integer",
"name": "count"
}
],
"tags": [
"scim",
"admin"
],
"produces": [
"application/json"
],
"summary": "Find all roles or only roles matching a supplied filter",
"security": [
{
"oauth2": [
"admin"
]
}
],
"operationId": "get-getRoles",
"description": "The role id is a unique internal identifier and can be retrieved using the search API /scim/Roles?filter="
}
},
"/SAAS/jersey/manager/api/reporting/reports/loginchart": {
"get": {
"responses": {
"200": {
"description": "successful operation",
"schema": {
"$ref": "#/definitions/ChartDefinition"
}
}
},
"description": "DAY = past day, aggregated per hour\nWEEK = past week, aggregated per day\nMONTH = past month, aggregated per day\nQUARTER = past 12 weeks, aggregated per week",
"parameters": [
{
"enum": [
"DAY",
"WEEK",
"MONTH",
"QUARTER"
],
"name": "interval",
"required": true,
"in": "query",
"type": "string",
"description": "Chart the logins for this past time interval"
}
],
"produces": [
"application/vnd.vmware.horizon.manager.reports.chart+json"
],
"tags": [
"reports",
"admin"
],
"summary": "Get a chart of the logins for a given time interval.",
"security": [
{
"oauth2": [
"admin"
]
}
],
"operationId": "get-getLoginChartReport"
}
},
"/SAAS/jersey/manager/api/entitlements/search": {
"post": {
"responses": {
"200": {
"description": "successful operation",
"schema": {
"$ref": "#/definitions/Entitlements"
}
},
"404": {
"description": "The given user ID does not exist."
},
"403": {
"description": "The user token is invalid or the user does not have the required permissions to retrieve the entitlement information for the requested user ID."
},
"500": {
"description": "Failed to fetch entitlements."
},
"400": {
"description": "Invalid or no search criteria defined in request body or number of provided category labels exceeds the maximum allowed value."
}
},
"parameters": [
{
"description": "Offset of the first catalog item to return in the list of found cagtalog items. This is used for pagination",
"format": "int32",
"default": 0,
"required": false,
"x-example": 10,
"in": "query",
"type": "integer",
"name": "startIndex"
},
{
"description": "The number of found catalog items to return starting from the given startIndex. This is used for pagination",
"format": "int32",
"default": 20,
"required": false,
"x-example": 50,
"in": "query",
"type": "integer",
"name": "pageSize"
},
{
"description": "Whether to return only catalog items that are visible on the user portal, or return both visible and hidden catalog items",
"default": true,
"required": false,
"x-example": true,
"in": "query",
"type": "boolean",
"name": "showVisibleAppsOnly"
},
{
"description": "The user ID",
"required": false,
"x-example": "b26c4e15-c664-49c3-88d5-cd15c9939ce6",
"in": "query",
"type": "string",
"name": "userId"
},
{
"description": "Always use application/vnd.vmware.horizon.manager.entitlements.v2.entitlement.list+json which returns VMware Identity Manager user IDs. application/vnd.vmware.horizon.manager.entitlements.entitlement.list+json used to return external user IDs and is now deprecated.",
"required": true,
"x-example": "application/vnd.vmware.horizon.manager.entitlements.v2.entitlement.list+json",
"in": "header",
"type": "string",
"name": "Accept"
},
{
"description": "the search criteria for filtering the returned catalog item list",
"required": true,
"x-examples": {
"default": "{\n \"catalogTypes\": [\"VIEW\", \"VIEWAPP\"],\n \"activationStates\": [\"ACTIVATED\"]\n}"
},
"name": "body",
"in": "body",
"schema": {
"$ref": "#/definitions/SearchCriteria"
}
}
],
"produces": [
"application/vnd.vmware.horizon.manager.entitlements.entitlement.list+json",
"application/vnd.vmware.horizon.manager.entitlements.v2.entitlement.list+json"
],
"description": "Retrieve entitlements for the authenticated user or for a given user ID
",
"tags": [
"entitlement search",
"user"
],
"summary": "search entitlements for the authenticated user or for a given user ID",
"security": [
{
"oauth2": [
"user",
"admin"
]
}
],
"consumes": [
"application/vnd.vmware.horizon.manager.entitlements.search+json"
],
"operationId": "post-searchEntitlements"
}
},
"/SAAS/jersey/manager/api/reporting/reports/devices": {
"get": {
"responses": {
"200": {
"description": "successful operation",
"schema": {
"$ref": "#/definitions/ReportsTable"
}
},
"404": {
"description": "A group with the given UUID does not exist"
},
"400": {
"description": "The groupId is not a valid UUID"
}
},
"description": "",
"parameters": [
{
"required": true,
"type": "string",
"description": "The UUID of the group",
"name": "groupId",
"in": "query"
},
{
"description": "Use offset to page through the results",
"format": "int32",
"default": 0,
"required": false,
"x-example": 2000,
"in": "query",
"type": "integer",
"name": "startIndex"
},
{
"description": "Max page size of the results, max allowed value is 5000",
"format": "int32",
"default": 5000,
"required": false,
"x-example": 1000,
"in": "query",
"type": "integer",
"name": "pageSize"
}
],
"produces": [
"application/vnd.vmware.horizon.manager.reports.table+json"
],
"tags": [
"reports",
"admin"
],
"summary": "Get a report that shows the device information for all the users in a group.",
"security": [
{
"oauth2": [
"admin"
]
}
],
"operationId": "get-getUserDeviceReport"
}
},
"/SAAS/auth/.well-known/openid-configuration": {
"get": {
"description": "This endpoint follows the specification defined at http://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata. It provides a mechanism for an OpenID Connect Relying Party to discover the End-User's OpenID Provider and obtain information needed to interact with it, including its OAuth 2.0 endpoint locations.",
"summary": "OpenID Connect discovery endpoint",
"responses": {
"200": {
"description": "successful operation",
"schema": {
"$ref": "#/definitions/OpenIDConfiguration"
}
}
},
"tags": [
"oauth2",
"oidc"
],
"operationId": "get-getOpenIDConfiguration"
}
},
"/SAAS/jersey/manager/api/reporting/reports/appactivity": {
"get": {
"responses": {
"200": {
"description": "successful operation",
"schema": {
"$ref": "#/definitions/ReportsTable"
}
},
"404": {
"description": "A group with the given UUID does not exist"
},
"400": {
"description": "The groupId is not a valid UUID"
}
},
"description": "",
"parameters": [
{
"required": true,
"type": "string",
"description": "The UUID of the group",
"name": "groupId",
"in": "query"
},
{
"description": "Use offset to page through the users in the group (NOTE: user many have more than one entry in the report)",
"format": "int32",
"default": 0,
"required": false,
"x-example": 2000,
"in": "query",
"type": "integer",
"name": "startIndex"
},
{
"description": "Max page size of the users in the group, max allowed value is 5000 (NOTE: user many have more than one entry in the report, so returned page size may be more)",
"format": "int32",
"default": 5000,
"required": false,
"x-example": 1000,
"in": "query",
"type": "integer",
"name": "pageSize"
}
],
"produces": [
"application/vnd.vmware.horizon.manager.reports.table+json"
],
"tags": [
"reports",
"admin"
],
"summary": "Get a report of all the resources for the users in a group and when each user last launched them, with the device used.",
"security": [
{
"oauth2": [
"admin"
]
}
],
"operationId": "get-getApplicationActivityReport"
}
},
"/SAAS/jersey/manager/api/oauth2clients": {
"post": {
"responses": {
"201": {
"description": "successful operation",
"schema": {
"$ref": "#/definitions/OAuth2ClientTypeInfo"
}
},
"500": {
"description": "If an unexpected error occurred or if client id already exists"
},
"400": {
"description": "Invalid provided OAuth2 client information. Could be unpermitted characters in client id, invalid scope string, redirect uri missing or not in a url format in an authorization_code grant client, invalid grant type etc."
}
},
"produces": [
"application/vnd.vmware.horizon.manager.oauth2client+json"
],
"tags": [
"admin",
"oauth2"
],
"summary": "Create a new OAuth 2.0 client",
"security": [
{
"oauth2": [
"admin"
]
}
],
"operationId": "post-createGenericOAuth2Client",
"consumes": [
"application/vnd.vmware.horizon.manager.oauth2client+json"
],
"description": "This endpoint is used to define a new OAuth2 Client on VMware Identity Manager. An OAuth2 Client can be a Service Client('client credentials' OAuth2 grant type), or a User Client('authorization_code' or 'password' OAuth2 grant types). This definition will enable a service or its users to authenticate to VMware Identity Manager using the OAuth2 protocol."
},
"get": {
"description": "This endpoint is used to read the list of OAuth 2.0 clients VMware Identity Manager has registered.",
"produces": [
"application/vnd.vmware.horizon.manager.oauth2clientsummarylist+json"
],
"tags": [
"admin",
"oauth2"
],
"summary": "List existing OAuth 2.0 clients",
"security": [
{
"oauth2": [
"admin"
]
}
],
"operationId": "get-getOAuth2ClientSummaryList",
"responses": {
"200": {
"description": "successful operation",
"schema": {
"$ref": "#/definitions/OAuth2ClientSummaryList"
}
}
}
}
},
"/SAAS/jersey/manager/api/entitlements/definitions/catalogitems/{catalogItemId}/{subjectType}/{subjectId}": {
"put": {
"description": "Updates an entitlement definition. Only the catalog 'activationPolicy' value can be updated in this way ('AUTOMATIC' or 'USER_ACTIVATED').
An entitlement definition is the attachment of a user or group to a catalog item.
Catalog ID is a unique internal identifier and can be retrieved using the catalogitems/search API.
The user/group ID can be searched using the SCIM API: /scim/Users?filter=... or /scim/Groups?filter=
Put operation requires resending all attributes (not just the ones that need change).",
"parameters": [
{
"description": "The entitled catalog ID",
"format": "uuid",
"required": true,
"x-example": "d24afa39-05a1-433f-8aa9-ad41c9a3d394",
"in": "path",
"type": "string",
"name": "catalogItemId"
},
{
"required": true,
"description": "Specify which type of subject type.",
"enum": [
"users",
"groups"
],
"x-example": "users",
"in": "path",
"type": "string",
"name": "subjectType"
},
{
"description": "The ID of the user or group to entitle",
"required": true,
"x-example": "d24afa39-05a1-433f-8aa9-ad41c9a3e395",
"in": "path",
"type": "string",
"name": "subjectId"
},
{
"description": "the entitlement definition updated information as a JSON string",
"required": true,
"x-examples": {
"com.vmware.horizon.entitlement.model.EntitlementDefinitionTO": "{ \"catalogItemId\": \"0e2ec563-c4c3-4b01-8f1d-0513d62e41c2\",\"sujectType\": \"USERS\", \"sujectId\": \"083ed8e6-6a39-461a-b0de-e9800e245900\",\"activationPolicy\": \"USER_ACTIVATED\"}"
},
"name": "body",
"in": "body",
"schema": {
"$ref": "#/definitions/EntitlementDefinitionTO"
}
}
],
"tags": [
"admin",
"entitlement definition"
],
"produces": [
"application/vnd.vmware.horizon.manager.entitlements.definition+json"
],
"summary": "Update an entitlement definition",
"security": [
{
"oauth2": [
"admin"
]
}
],
"operationId": "put-updateEntitlementDefinition",
"consumes": [
"application/vnd.vmware.horizon.manager.entitlements.definition+json"
],
"responses": {
"200": {
"description": "successful operation",
"schema": {
"$ref": "#/definitions/EntitlementDefinition"
}
},
"404": {
"description": "The requested entitlement definition doesn't exist. The response includes detailed reason codes: catalogitem.not.found, user.not.found, NOT_FOUND (subject type not found), entitlement.definition.not.found."
},
"403": {
"description": "The user does not have the required permissions to update the entitlement."
},
"400": {
"description": "The supplied JSON is incorrect"
}
}
},
"get": {
"description": "Retrieve entitlement definition information for a given catalog item and user/group pair, if exists.
",
"parameters": [
{
"description": "The ID of the catalog item to which the subject is entitled.",
"format": "uuid",
"required": true,
"x-example": "85c040cf-b389-41a0-9efe-c7ca64f993c7",
"in": "path",
"type": "string",
"name": "catalogItemId"
},
{
"required": true,
"description": "The type of entity that you want to entitle the catalog item to.",
"enum": [
"users",
"groups"
],
"x-example": "users",
"in": "path",
"type": "string",
"name": "subjectType"
},
{
"description": "The ID of the user or group to which the catalog item is entitled. This is usually the VMware Identity Manager UUID and not an external ID.",
"required": true,
"x-example": "8dbdc5a6-1fb4-4a17-a25c-6a3744fb40db",
"in": "path",
"type": "string",
"name": "subjectId"
}
],
"tags": [
"admin",
"entitlement definition"
],
"produces": [
"application/vnd.vmware.horizon.manager.entitlements.definition+json"
],
"summary": "Get entitlement of a given catalog item to a given subject (user/group)",
"security": [
{
"oauth2": [
"admin"
]
}
],
"operationId": "get-getEntitlementDefinition",
"responses": {
"200": {
"description": "successful operation",
"schema": {
"$ref": "#/definitions/EntitlementDefinition"
}
},
"404": {
"description": "The requested entitlement definition doesn't exist. The response includes detailed reason codes: catalogitem.not.found, user.not.found, NOT_FOUND (subject type not found),entitlement.definition.not.found."
},
"403": {
"description": "The user does not have the required permissions to retrieve the entitlement information."
}
}
},
"delete": {
"responses": {
"404": {
"description": "The requested entitlement does not exist. The response includes detailed reason codes: catalogitem.not.found, user.not.found, NOT_FOUND (subject type not found),entitlement.definition.not.found."
},
"403": {
"description": "The user does not have the required permissions to delete the entitlement."
},
"400": {
"description": "The supplied subject type does not match any of the supported types ('users' or 'groups')"
}
},
"parameters": [
{
"description": "The ID of the catalog item to which the subject is entitled.",
"format": "uuid",
"required": true,
"x-example": "85c040cf-b389-41a0-9efe-c7ca64f993c7",
"in": "path",
"type": "string",
"name": "catalogItemId"
},
{
"required": true,
"description": "The type of entity that you want to entitle the catalog item to.",
"enum": [
"users",
"groups"
],
"x-example": "users",
"in": "path",
"type": "string",
"name": "subjectType"
},
{
"description": "The user or group ID to which the catalog item is entitled. This is the VMware Identity Manager UUID and not an external ID.",
"required": true,
"x-example": "8dbdc5a6-1fb4-4a17-a25c-6a3744fb40db",
"in": "path",
"type": "string",
"name": "subjectId"
}
],
"tags": [
"admin",
"entitlement definition"
],
"summary": "Delete an entitlement definition.",
"security": [
{
"oauth2": [
"admin"
]
}
],
"operationId": "delete-deleteEntitlementDefinition",
"description": "Delete entitlement definition information for a given catalog item and user/group pair, if exists.
"
}
},
"/SAAS/jersey/manager/api/scim/Schemas": {
"get": {
"responses": {
"200": {
"description": "successful operation",
"schema": {
"$ref": "#/definitions/ResourceDescriptor"
}
},
"400": {
"description": "No \"filter\" has been specified or the specified \"filter\" is invalid: an operator other than 'eq' has been specified, the given schema does not exist or the equality is not based on the 'name'"
}
},
"parameters": [
{
"description": "Only schemas matching the filter expression will be returned. Only 'eq' is supported as an operator for this filter",
"required": false,
"x-example": "name eq \"User\"",
"in": "query",
"type": "string",
"name": "filter"
},
{
"description": "The directory UUID. If specified, the schema associated to this particular directory will be returned as well, if any. Only available for the 'User' schema ",
"required": false,
"x-example": "name eq \"User\"",
"in": "query",
"type": "string",
"name": "directoryUuid"
},
{
"required": false,
"type": "string",
"description": "The list of custom schemas separated by a comma. If specified, the specified schema(s) attributes will be returned as well. Only available for the 'User' schema",
"in": "query",
"name": "customSchemaExtensionTypes"
}
],
"tags": [
"scim",
"admin"
],
"produces": [
"application/json"
],
"summary": "Find specific schema using the supplied filter",
"security": [
{
"oauth2": [
"admin"
]
}
],
"operationId": "get-getSchemas",
"description": "It is not possible to list all the available schemas, a filter must be specified. The filter only supports the equality operator ('eq') on the 'name' attribute"
}
},
"/SAAS/jersey/manager/api/scim/Groups/{id}": {
"get": {
"responses": {
"200": {
"description": "successful operation",
"schema": {
"$ref": "#/definitions/SdkGroupResource"
}
}
},
"parameters": [
{
"description": "the id of the group to retrieve",
"required": true,
"x-example": "a1ac2b75-6c41-45e9-8349-59746c529ccb",
"in": "path",
"type": "string",
"name": "id"
},
{
"description": "when specified, the returned group will contain the minimal set of user attributes plus the attributes or sub-attributes explicitly requested",
"required": false,
"x-example": "displayName",
"in": "query",
"type": "string",
"name": "attributes"
}
],
"tags": [
"scim",
"admin"
],
"produces": [
"application/json"
],
"summary": "Get a group by id",
"security": [
{
"oauth2": [
"admin"
]
}
],
"operationId": "get-getGroup",
"description": "The group id is a unique internal identifier and can be retrieved using the search API /scim/Groups?filter=..."
},
"delete": {
"responses": {
"404": {
"description": "The specified group does not exist."
},
"500": {
"description": "An unexpected error occurred."
}
},
"parameters": [
{
"description": "the id of the group to delete",
"required": true,
"x-example": "d24afa39-05a1-433f-8aa9-ad41c9a3d394",
"in": "path",
"type": "string",
"name": "id"
}
],
"tags": [
"scim",
"admin"
],
"produces": [
"application/json"
],
"summary": "Delete a group found by id",
"security": [
{
"oauth2": [
"admin"
]
}
],
"operationId": "delete-deleteGroup",
"description": "The group id is a unique internal identifier and can be retrieved using the search API /scim/Groups?filter=..."
},
"patch": {
"responses": {
"500": {
"description": "An unexpected error occurred"
},
"400": {
"description": "The supplied JSON is incorrect"
}
},
"parameters": [
{
"description": "the id of the group to update",
"required": true,
"x-example": "d24afa39-05a1-433f-8aa9-ad41c9a3d394",
"in": "path",
"type": "string",
"name": "id"
},
{
"description": "the group resource updated information as a JSON string",
"required": true,
"x-examples": {
"default": "{ \"name\": { \"displayName\": \"updated group name\" }}"
},
"name": "body",
"in": "body",
"schema": {
"$ref": "#/definitions/SdkGroupResource"
}
}
],
"tags": [
"scim",
"admin"
],
"produces": [
"application/json"
],
"summary": "Update a group found by id",
"security": [
{
"oauth2": [
"admin"
]
}
],
"operationId": "patch-patchGroup",
"consumes": [
"application/json"
],
"description": "Updates group's information. The group id is a unique internal identifier and can be retrieved using the search API /scim/Groups?filter=...\nPatch operation allows to send in the request only attributes that need to be changed."
}
},
"/SAAS/jersey/manager/api/oauth2clients/{id}": {
"put": {
"responses": {
"201": {
"description": "successful operation",
"schema": {
"$ref": "#/definitions/OAuth2ClientTypeInfo"
}
},
"404": {
"description": "If oauth2client id is not found"
},
"500": {
"description": "When changing the existing client ID is attempted or if an unexpected error occurred"
},
"400": {
"description": "If the provided client information is malformed"
}
},
"parameters": [
{
"description": "the id of the oauth2client to be updated",
"required": true,
"x-example": "auth_grant_oauthclient1",
"in": "path",
"type": "string",
"name": "id"
}
],
"tags": [
"admin",
"oauth2"
],
"produces": [
"application/vnd.vmware.horizon.manager.oauth2client+json"
],
"summary": "Update an existing OAuth 2.0 client",
"security": [
{
"oauth2": [
"admin"
]
}
],
"operationId": "put-updateOAuth2Client",
"consumes": [
"application/vnd.vmware.horizon.manager.oauth2client+json"
],
"description": "This endpoint is used to update information of an existing client, using a client id. Renaming the client (update client id) is not supported; To rename a client, it needs to be deleted first and then re-created"
},
"get": {
"responses": {
"200": {
"description": "successful operation",
"schema": {
"$ref": "#/definitions/OAuth2ClientTypeInfo"
}
},
"404": {
"description": "If the OAuth2 client id is null or not found"
}
},
"parameters": [
{
"description": "the id of the oauth2client to retrieve",
"required": true,
"x-example": "auth_grant_oauthclient1",
"in": "path",
"type": "string",
"name": "id"
}
],
"tags": [
"admin",
"oauth2"
],
"produces": [
"application/vnd.vmware.horizon.manager.oauth2client+json",
"application/vnd.vmware.horizon.manager.clientcredentialsoauth2client+json",
"application/vnd.vmware.horizon.manager.classicoauth2client+json"
],
"summary": "View an existing OAuth 2.0 client",
"security": [
{
"oauth2": [
"admin"
]
}
],
"operationId": "get-getOAuth2Client",
"description": "This endpoint is used to get full details of a registered OAuth 2.0 Client on VMware Identity Manager"
},
"delete": {
"description": "This endpoint is used to delete an existing client. Once deleted, the client information, its associated suite tokens, activation tokens, authorization codes, access tokens and refresh tokens will be lost. The operation cannot be undone",
"parameters": [
{
"description": "the id of the OAuth2 client to be deleted",
"required": true,
"x-example": "auth_grant_oauthclient1",
"in": "path",
"type": "string",
"name": "id"
}
],
"tags": [
"admin",
"oauth2"
],
"summary": "Delete an OAuth 2.0 client",
"security": [
{
"oauth2": [
"admin"
]
}
],
"operationId": "delete-deleteOAuth2Client",
"responses": {
"404": {
"description": "given client does not exist"
},
"204": {
"description": "successful operation",
"schema": {
"$ref": "#/definitions/OAuth2ClientTypeInfo"
}
}
}
}
},
"/SAAS/jersey/manager/api/scim/Groups": {
"post": {
"responses": {
"201": {
"description": "successful operation",
"schema": {
"$ref": "#/definitions/SdkGroupResource"
}
},
"409": {
"description": "A group with the same displayName already exists"
},
"400": {
"description": "The specified attributes are invalid or the displayName of the group to be created is missing or invalid"
}
},
"parameters": [
{
"description": "list of attributes to return, separated by comma. When specified, the returned created group will only contain the minimal set of group attributes plus the attributes or sub-attributes explicitly requested",
"required": false,
"x-example": "urn:scim:schemas:extension:workspace:1.0:domain,groupName",
"in": "query",
"type": "string",
"name": "attributes"
},
{
"description": "the group resource to be created as a JSON string",
"required": true,
"x-examples": {
"default": "{\n\t\"schemas\": [ \"urn:scim:schemas:core:1.0\" ], \n\t\"displayName\": \"test-group\"\n}"
},
"name": "body",
"in": "body",
"schema": {
"$ref": "#/definitions/SdkGroupResource"
}
}
],
"tags": [
"scim",
"admin"
],
"produces": [
"application/json"
],
"summary": "Create a local group",
"security": [
{
"oauth2": [
"admin"
]
}
],
"operationId": "post-postGroup",
"consumes": [
"application/json"
],
"description": "Creates a group in the system directory"
},
"get": {
"responses": {
"200": {
"description": "successful operation",
"schema": {
"$ref": "#/definitions/ResourcesOfGroupResource"
}
},
"404": {
"description": "If the query parameter values are invalid for \"count\" or \"startIndex\""
},
"400": {
"description": "The specified filter operation is invalid or the specified \"attributes\" are invalid or the \"sortBy\" parameter is invalid"
}
},
"parameters": [
{
"description": "list of attributes to return, separated by comma. When specified, the retrieved group(s) will only contain the minimal set of group attributes plus the attributes or sub-attributes explicitly requested",
"required": false,
"x-example": "displayName,urn:scim:schemas:extension:workspace:1.0:email",
"in": "query",
"type": "string",
"name": "attributes"
},
{
"description": "when specified, only users matching the filter expression will be returned. The filter must comply with the SCIM specification. Only 'eq','co','sw','gt','ge','lt' and 'le' are currently supported as operators",
"required": false,
"x-example": "displayName co \"test\"",
"in": "query",
"type": "string",
"name": "filter"
},
{
"description": "offset of the first group to return in the list of found groups",
"format": "int32",
"required": false,
"x-example": 10,
"in": "query",
"type": "integer",
"name": "startIndex"
},
{
"description": "the number of found groups to return starting from the given startIndex",
"format": "int32",
"required": false,
"x-example": 50,
"in": "query",
"type": "integer",
"name": "count"
},
{
"description": "the attribute to use to sort the found group",
"required": false,
"x-example": "displayName",
"in": "query",
"type": "string",
"name": "sortBy"
},
{
"required": false,
"description": "the direction the resources returned should be sorted in. Allowed values are \"ascending\" and \"descending\"",
"enum": [
"ascending",
"descending"
],
"in": "query",
"type": "string",
"name": "sortOrder"
}
],
"tags": [
"scim",
"admin"
],
"produces": [
"application/json"
],
"summary": "Find all groups or only groups matching a supplied filter",
"security": [
{
"oauth2": [
"admin"
]
}
],
"operationId": "get-getGroups",
"description": "Retrieve all groups if no filter is specified, otherwise retrieve all the groups matching the given filter.\nThis endpoint complies with the SCIM specifications; see https://tools.ietf.org/html/rfc7644#page-15"
}
}
},
"schemes": [
"https"
],
"tags": [
{
"name": "admin"
},
{
"name": "oauth2"
},
{
"name": "scim"
},
{
"name": "user"
}
],
"basePath": "/",
"securityDefinitions": {
"oauth2": {
"scopes": {
"admin": "The admin role",
"user": "The user role"
},
"tokenUrl": "/SAAS/auth/oauthtoken",
"description": "The OAuth2.0 authentication scheme to access all APIs. VMware Identity Manager supports 'Authorization Code', 'Resource Owner Password Credentials' and 'Client Credentials' as defined by the OAuth 2.0 spec.",
"flow": "accessCode",
"type": "oauth2",
"authorizationUrl": "/SAAS/auth/oauth2/authorize"
},
"basic_auth": {
"type": "basic",
"description": "The HTTP Basic authentication scheme. The 'Authorization' header is formed using 'Basic ' + base64Encode(client_id + ':' + client_secret)"
}
},
"host": "localhost:8080",
"definitions": {
"Entitlement": {
"type": "object",
"properties": {
"approvalMessage": {
"readOnly": true,
"type": "string",
"example": "Approved.",
"description": "The message that the external approval system sent in response to the approval request. "
},
"name": {
"readOnly": true,
"type": "string",
"example": "Example Web Application",
"description": "The catalog item name"
},
"catalogType": {
"enum": [
"SAAS",
"VIEW",
"VIEWAPP",
"THINAPP",
"APPV",
"XENAPP",
"XENAPPDELIVERYGROUP",
"WEBAPPLINK",
"DESKTONEDESKTOP",
"DESKTONEAPPLICATION",
"NATIVEAPP",
"ANYAPP"
],
"type": "string",
"example": "SAAS",
"description": "The catalog item type category (used for searching catalog items)"
},
"deviceActivations": {
"additionalProperties": {
"$ref": "#/definitions/DeviceState"
},
"readOnly": true,
"type": "object",
"example": "User1-Win10",
"description": "List of devices on which the catalog item was activated"
},
"catalogItemId": {
"readOnly": true,
"example": "042eb1e6-61b0-451b-b35e-e9811e2459a2",
"type": "string",
"description": "The catalog item ID",
"format": "uuid"
},
"perDeviceActivationRequired": {
"readOnly": true,
"type": "boolean",
"example": false,
"description": "Whether to activate the application on each device individually. If set to \"true\", the activation will only apply to the current device."
},
"userId": {
"readOnly": true,
"type": "string",
"example": "083ed8e6-6a39-461a-b0de-e9800e245900",
"description": "The user ID"
},
"activationPolicy": {
"readOnly": true,
"enum": [
"USER_ACTIVATED",
"AUTOMATIC"
],
"type": "string",
"example": "AUTOMATIC",
"description": "The type of activation the catalog item will require before showing on the user portal"
},
"catalogItemType": {
"readOnly": true,
"enum": [
"Saml11",
"Saml20",
"ReferredMobile",
"HostedMobile",
"VvpImage",
"DataModule",
"ViewPool",
"ViewApp",
"ThinApp",
"AppV",
"AppBlast",
"XenApp",
"XenAppDeliveryGroup",
"WSFed12",
"ExchangeConfig",
"VPNConfig",
"WifiConfig",
"WebAppLink",
"DesktoneDesktop",
"DesktoneApplication",
"NativeApp",
"AnyApp"
],
"type": "string",
"example": "Saml20",
"description": "The specific catalog item type (used for application launch by VMware Identity Manager)"
},
"visible": {
"readOnly": true,
"type": "boolean",
"example": true,
"description": "Whether to display the catalog item on the user portal. If set to \"false\", the catalog item will not show on any user portal even when in activated state."
},
"internal": {
"readOnly": true,
"type": "boolean",
"description": "In the context of Workspace One application on a mobile device. internal = \"false\" indicates to the WS1 Application that the catalog item can be launched from outside the company VPN"
},
"_links": {
"additionalProperties": {
"$ref": "#/definitions/Link"
},
"readOnly": true,
"type": "object"
},
"activationState": {
"readOnly": true,
"enum": [
"NOT_ACTIVATED",
"ACTIVATION_REQUESTED",
"ACTIVATION_IN_PROGRESS",
"ACTIVATION_FAILED",
"ACTIVATED",
"DEACTIVATION_REQUESTED",
"DEACTIVATION_IN_PROGRESS",
"DEACTIVATION_FAILED",
"DEACTIVATED"
],
"type": "string",
"example": "ACTIVATED",
"description": "The catalog item activation state on the user portal. \"ACTIVATED\" means that the catalog item can be displayed on the user portal. In \"NOT_ACTIVATED\" state, the catalog item will be hidden even if the user is entitled."
},
"approvalRequired": {
"readOnly": true,
"type": "boolean",
"example": true,
"description": "Whether additional external approval is required in order to activate the catalog item."
},
"description": {
"readOnly": true,
"type": "string",
"example": "This is a Service Provider Sample Application.",
"description": "The catalog item description"
}
},
"description": "The entitlement object."
},
"OAuth2ClientTypeInfo": {
"required": [
"authGrantTypes",
"clientId",
"scope"
],
"type": "object",
"properties": {
"accessTokenTTL": {
"format": "int32",
"type": "integer",
"description": "How long in minutes new access tokens issued to this client should live",
"example": 10080
},
"tokenType": {
"enum": [
"Bearer"
],
"type": "string",
"example": "Bearer",
"description": "type of the tokens that can be requested"
},
"displayUserGrant": {
"default": false,
"type": "boolean",
"example": false,
"description": "Indicates whether to display grant page to user or not. If the value is set to false, then access is granted to clients according to org policy without asking user. Default is 'true'"
},
"strData": {
"type": "string",
"example": "1.1.1.1:8080",
"description": "General purpose data bucket for storing additional data for a client, such as agent ip and port"
},
"rememberAs": {
"type": "string",
"example": "my application client credentials oauth2 client",
"description": "A friendly name this native app/device is remembered as. Set by the admin"
},
"tokenLength": {
"format": "int32",
"type": "integer",
"description": "The length of the refresh token to be returned in bytes (only applicable if authGrantTypes includes \"refresh_token\"). Currently the refresh token length is constant and this value is ignored.",
"example": 32
},
"clientId": {
"type": "string",
"example": "my-auth-grant-client1",
"description": "The OAuth 2.0 Client identifier that the client uses to identify itself during the OAuth2 exchanges. The client ID must contain only alphanumeric (A-Z, a-z, 0-9), period (.), underscore (_), hyphen (-) and at sign (@) characters"
},
"internalSystemClient": {
"default": false,
"type": "boolean",
"example": false,
"description": "When set to true, OAuth2 Client will become undeletable from the VMware Identity Admin UI. Default is 'false'"
},
"secret": {
"type": "string",
"example": "my-auth-grant-client1-secret",
"description": "The OAuth 2.0 Client secret (a string provided by an admin or a VMware Identity Manager auto-generated string). If secret string not provided, an auto-generated secret will be returned. Secret field is mandatory in Authorization Code and Client Credentials Grant flows. If the secret field is omitted or left blank in Resource Owner grant flow, no secret will be required to authenticate the client"
},
"refreshTokenTTL": {
"format": "int32",
"type": "integer",
"description": " How long in minutes new refresh tokens issued to this client should live (only applicable if authGrantTypes includes \"refresh_token\")",
"example": 525600
},
"_links": {
"additionalProperties": {
"$ref": "#/definitions/Link"
},
"readOnly": true,
"type": "object"
},
"inheritanceAllowed": {
"default": false,
"type": "boolean",
"example": true,
"description": "If set to 'true' will allow the child tenants to look up clientId and secret at the root level. Default is 'false'"
},
"resourceUuid": {
"format": "uuid",
"type": "string",
"description": "UUID of a VMware Identity application. Only users who are entitled to this application will be able to authenticate via this client.",
"example": "9e70bee8-3a55-4413-8418-454e7278093e"
},
"activationToken": {
"type": "string",
"example": "eyJvdGEiOiIzOkhyYUwzQ2hTWGJKd3hzSnNCdkc2cjM0eDZDRng4blFkIiwidXJsIjoiaHR0cHM6Ly9ndy1hYS5ocy50cmNpbnQuY29tLyIsInRpZCI6Imd3LWFhIn0=",
"description": "A one time token that can be used to securely activate an application with the client id and secret. Generating an activation token is currently not supported through this API"
},
"scope": {
"type": "string",
"example": "admin user openid profile email",
"description": "list of space-delimited access request scopes that are allowed by this OAuth 2.0 Client. Available scope options are: admin- Admin Level Access, user - User Level Access, profile - Access to User's profile (FirstName//LastName//Display Name//Image), email - Access to User's Email, uuid - Access for a specific application/resource which matches this UUID"
},
"authGrantTypes": {
"type": "string",
"example": "authorization_code client_credentials password",
"description": "list of space-delimited Oauth 2.0 Access Grant Types that are enabled in this OAuth 2.0 Client. Available Grant types are: authorization_code client_credentials password"
},
"redirectUri": {
"type": "string",
"example": "https://*.hostname1.com/auth/* https://*.hostname2.com/auth/*",
"description": "A space/comma separated list of absolute URIs of application endpoints that are allowed to receive the authorization code and access token. The redirect_uri sent by the application as part of the Authorization Code Grant Oauth 2.0 flow is verified against this list. A Wildcard can be substituted for any string to skip the check for a particular URL section"
},
"refreshTokenIdleTTL": {
"format": "int32",
"type": "integer",
"description": " How long in minutes new refresh tokens issued to this client can idle (only applicable if authGrantTypes includes \"refresh_token\"), its value should be less than refresh token ttl value",
"example": 525600
}
},
"description": "OAuth 2.0 Client Settings"
},
"EntryString": {
"type": "object",
"properties": {
"operation": {
"type": "string"
},
"type": {
"type": "string"
},
"primary": {
"type": "boolean"
},
"value": {
"type": "string"
},
"display": {
"type": "string"
}
}
},
"SdkGroupResource": {
"type": "object",
"properties": {
"displayName": {
"type": "string"
},
"resourceDescriptor": {
"$ref": "#/definitions/ResourceDescriptor"
},
"urn:scim:schemas:extension:workspace:1.0": {
"description": "The group's attributes specific to the 'urn:scim:schemas:extension:workspace:1.0' schema.",
"$ref": "#/definitions/WorkspaceSchemaGroupAttributes"
},
"scimObject": {
"$ref": "#/definitions/SCIMObject"
},
"meta": {
"$ref": "#/definitions/Meta"
},
"externalId": {
"type": "string"
},
"members": {
"items": {
"$ref": "#/definitions/EntryString"
},
"type": "array"
},
"id": {
"type": "string"
},
"schemas": {
"uniqueItems": true,
"items": {
"type": "string"
},
"type": "array",
"description": "The set of schemas that are currently contributing attributes to this group"
}
},
"description": "The SCIM group resource object. It extends the standard SCIM group resource, see https://tools.ietf.org/html/rfc7643"
},
"ReportsTable": {
"type": "object",
"properties": {
"header": {
"items": {
"type": "string"
},
"type": "array",
"description": "The headers for each column, as i18n messages"
},
"headerArg": {
"items": {
"type": "string"
},
"type": "array",
"description": "The values of any positional arguments for the header messages (max one per header)"
},
"_links": {
"additionalProperties": {
"$ref": "#/definitions/Link"
},
"readOnly": true,
"type": "object"
},
"data": {
"items": {
"items": {
"type": "string"
},
"type": "array"
},
"type": "array",
"description": "The table rows. Each entry represents an audit event and each audit even is represented by an array of 5 elements: