Skip to main content

API Usage

Nevis ID provides REST and SOAP APIs for various use cases.

The APIs are exposed on an own domain. Each environment uses a different domain.

  • for the LIVE environment use: https://api.{instance}.getnevis.net,
  • for other environments use: https://api-{environment}.{instance}.getnevis.net

On these domains, all API endpoints of the deployed Nevis components are exposed. In these EXAMPLE project these are:

  • nevisIDM
  • nevisMeta
  • nevisAdmin4.

API documentations can be found on our dedicated API docs site.

The API has to be called with a Bearer token in JWT format which has to be created first.

API Creation

  1. Ensure there is a Device Password Policy in the nevisIDM Client API. If missing, create such a policy with the following configuration:

    minLength=32
    checkDictionary=false
    maxLength=100
    minNonAlnum=0
    minNonLetter=0

  2. In the client API Key create a new user, you can use whatever login ID you want, but it is recommended to adhere to consistent naming standards (eg.: api-insert_name).

    • Ensure the created user is a technical user.
    • Fill out name and e-mail address if required.

  3. Open the default profile and add the IDM Role SoapTechAccess and restrict it to the Default client. This limitation is meant as a safeguard and is recommended for all standard technical users.

  4. Go back to the user.

  5. Create a random 64 character secret:

python3 -c "import secrets; print(secrets.token_urlsafe(48))"
# => 6LFQjP86HDFsv-jQgEyFnUNjECriMZoblEsrkFofCbiLmqDojJ8xjFm5hj78yLPk

  1. For the new technical user created in step 2, create a new credential:

    1. Type: Device Password
    2. Policy: Policy created above
    3. New value and confirmation: The value generated in step 5 (6LFQjP8…)
    4. Save the created credential

  2. Get the user ext ID, and credential ext ID.

  3. Create the bearer token by combining {userExtId}:{credExtId}:{randomSecret}

echo -n '1054:1024:6LFQjP86HDFsv-jQgEyFnUNjECriMZoblEsrkFofCbiLmqDojJ8xjFm5hj78yLPk' | \
  base64 | tr -d '='
# => MTA1MjoxMDQ1OjVUMkRRSXY4a0Y0QWxjeVN5VVBkVThRRzFpTlB4YUJOUXpOeEFvWkFoVWNkWHFVVGVHeXE0amRiV255T1dvTnE
  1. API Token created.

Nevis SecToken

With the nevisIDM and nevisMeta REST services (“idm-rest” and “meta-rest” patterns) there is a “Nevis SecToken” pattern assigned. The userId in the SecToken will be the userId of the nevisIDM user that the Bearer token is associated with.

Example REST API queries

nevisIDM

$ curl -X GET "https://api.abc123.getnevis.net/nevisidm/api/oic1.0/userinfo"
  -H "Authorization: Bearer {your token}"
{"sub":"1389"}

nevisMeta

$ curl -X GET "https://api.abc123.getnevis.net/nevismeta/rest/v2/modules/oauthv2/setups" \
  -H "Authorization: Bearer {your token}"
{
  "setupIds" : [ "00000000000000000000000000000000" ]
}

nevisAdmin4

$ curl -X GET "https://api.abc123.getnevis.net/nevisadmin/api/v1/me" \
 -H "Authorization: Bearer {your token}"
{
  "userKey" : "admin",
  "email" : "[email protected]",
  "type" : "local"
}