Skip to main content

API Usage

Nevis ID provides REST and SOAP APIs for various use cases.

This page describes the API access model for the Nevis ID cloud product. The APIs are exposed on an own domain. Each environment uses a different domain.

  • for the LIVE environment use: https://api.{instance}.getnevis.net,
  • for other environments use: https://api-{environment}.{instance}.getnevis.net

On these domains, all API endpoints of the deployed Nevis components are exposed. In these EXAMPLE project these are:

  • nevisIDM
  • nevisMeta
  • management console

API documentations can be found in the API Docs section.

The API has to be called with a Bearer token in JWT format which has to be created first.

API Creation

  1. Ensure there is a Device Password Policy in the nevisIDM Client API. If missing, create such a policy with the following configuration:

    minLength=32
    checkDictionary=false
    maxLength=100
    minNonAlnum=0
    minNonLetter=0

  2. In the client API Key create a new user, you can use whatever login ID you want, but it is recommended to adhere to consistent naming standards (eg.: api-insert_name).

    • Ensure the created user is a technical user.
    • Fill out name and e-mail address if required.

  3. Open the default profile and add the IDM Role SoapTechAccess and restrict it to the Default client. This limitation is meant as a safeguard and is recommended for all standard technical users.

  4. Go back to the user.

  5. Create a random 64 character secret:

python3 -c "import secrets; print(secrets.token_urlsafe(48))"
# => 6LFQjP86HDFsv-jQgEyFnUNjECriMZoblEsrkFofCbiLmqDojJ8xjFm5hj78yLPk

  1. For the new technical user created in step 2, create a new credential:

    1. Type: Device Password
    2. Policy: Policy created above
    3. New value and confirmation: The value generated in step 5 (6LFQjP8…)
    4. Save the created credential

  2. Get the user ext ID, and credential ext ID.

  3. Create the bearer token by combining {userExtId}:{credExtId}:{randomSecret}

echo -n '1054:1024:6LFQjP86HDFsv-jQgEyFnUNjECriMZoblEsrkFofCbiLmqDojJ8xjFm5hj78yLPk' | \
  base64 | tr -d '='
# => MTA1MjoxMDQ1OjVUMkRRSXY4a0Y0QWxjeVN5VVBkVThRRzFpTlB4YUJOUXpOeEFvWkFoVWNkWHFVVGVHeXE0amRiV255T1dvTnE
  1. API Token created.

Nevis SecToken

With the nevisIDM and nevisMeta REST services (“idm-rest” and “meta-rest” patterns) there is a “Nevis SecToken” pattern assigned. The userId in the SecToken will be the userId of the nevisIDM user that the Bearer token is associated with.

Example REST API queries

nevisIDM

$ curl -X GET "https://api.abc123.getnevis.net/nevisidm/api/oic1.0/userinfo"
  -H "Authorization: Bearer {your token}"
{"sub":"1389"}

nevisMeta

$ curl -X GET "https://api.abc123.getnevis.net/nevismeta/rest/v2/modules/oauthv2/setups" \
  -H "Authorization: Bearer {your token}"
{
  "setupIds" : [ "00000000000000000000000000000000" ]
}

Management Console

$ curl -X GET "https://api.abc123.getnevis.net/nevisadmin/api/v1/me" \
 -H "Authorization: Bearer {your token}"
{
  "userKey" : "admin",
  "email" : "[email protected]",
  "type" : "local"
}