Federation & Social Login
The Federation & Social Login APIs are the primary APIs of Nevis ID. Most of these endpoints do not exist by default — they are exposed when you configure the corresponding pattern in the management console.
The tables below list the endpoints in this section, the pattern that exposes each one, and how they are typically used. The paths in the Path column reflect the defaults exposed by each pattern; the pattern usually allows you to configure a different path. The Method cells link to the page that documents the operation.
Public endpoints
These endpoints are intended to be exposed to the internet and called by external clients or relying parties. The pattern defines the path, the authentication, and the authorization rules applied to the endpoint.
| Path | Methods | Purpose | Pattern |
|---|---|---|---|
/oauth2/authorize | GET, POST | Authorization request entry point for OAuth 2.0 / OpenID Connect flows | OAuth 2.0 Authorization Server / OpenID Provider |
/oauth2/token | POST | Issue access, refresh, and ID tokens | OAuth 2.0 Authorization Server / OpenID Provider |
/par | POST | Pushed Authorization Request (RFC 9126) | OAuth 2.0 / OpenID Connect Pushed Authorization Request Endpoint |
/oauth/introspect | POST | Token introspection (RFC 7662) | OAuth 2.0 / OpenID Connect Token Introspection Endpoint |
/oauth/revoke | POST | Token revocation (RFC 7009) | OAuth 2.0 / OpenID Connect Token Revocation Endpoint |
/userinfo | GET, POST | OpenID Connect UserInfo | OAuth 2.0 / OpenID Connect User Info |
/.well-known/openid-configuration | GET | OAuth 2.0 / OpenID Connect server metadata | OAuth 2.0 / OpenID Connect Metadata Endpoint |
/.well-known/jwks.json | GET | Public signing keys (JWKs) | OAuth 2.0 / OpenID Connect JWKs Endpoint |
/meta/SAML2.0 | GET | SAML 2.0 metadata for IDP entities | SAML IDP (when Metadata Service is enabled) |
The most important pattern is the OAuth 2.0 Authorization Server / OpenID Provider. You can add multiple instances of this pattern to expose several authorization servers — in that case the introspection, revocation, PAR, and metadata endpoints are also instantiated per authorization server.
Administration endpoints
These endpoints administer the Federation configuration in nevisMeta — setups, OAuth clients, resource servers, refresh tokens, persisted consents.
They are exposed via the nevisMeta REST Service pattern, which serves them under the /nevismeta/rest prefix.
The pattern requires authentication; integrators call these endpoints with a Bearer token as described in API Usage.
The EXAMPLE project uses this pattern to expose them on the api domain.
| Path | Methods | Purpose |
|---|---|---|
/nevismeta/rest/v2/modules/{module}/setups | GET, POST | List or create setups of a module |
/nevismeta/rest/v2/modules/{module}/setups/{setupId} | GET, PUT, DELETE | Read, update, or delete a setup |
/nevismeta/rest/v2/modules/{module}/setups/{setupId}/snapshots | GET | List snapshots of a setup |
/nevismeta/rest/v2/modules/{module}/setups/{setupId}/snapshots/{snapshotId} | GET, DELETE | Read or delete a future snapshot of a setup |
/nevismeta/rest/v2/modules/{module}/setups/{setupId}/clients | GET, POST | List or create OAuth clients of a setup (no dedicated page for POST — see Client management) |
/nevismeta/rest/v2/modules/{module}/setups/{setupId}/clients/names | GET | List all client names of a setup |
/nevismeta/rest/v2/modules/{module}/setups/{setupId}/clients/{clientId} | GET, PUT, DELETE | Read, update, or delete a client (no dedicated page for GET — see Client management) |
/nevismeta/rest/v2/modules/{module}/setups/{setupId}/clients/{clientId}/snapshots | GET | List snapshots of a client |
/nevismeta/rest/v2/modules/{module}/setups/{setupId}/clients/{clientId}/snapshots/{snapshotId} | GET, DELETE | Read or delete a future snapshot of a client |
/nevismeta/rest/v2/modules/{module}/setups/{setupId}/client-id-translator | GET | Translate an OAuth client_id to the internal nevisMeta entity ID |
/nevismeta/rest/v3/modules/{module}/setups/{setupId}/clients | POST | Create a client via Dynamic Client Registration |
/nevismeta/rest/v2/modules/{module}/setups/{setupId}/resource-servers | GET, POST | List or create resource servers of a setup |
/nevismeta/rest/v2/modules/{module}/setups/{setupId}/resource-servers/{resourceId} | GET, PUT, DELETE | Read, update, or delete a resource server |
/nevismeta/rest/v2/modules/{module}/setups/{setupId}/resource-servers/{resourceId}/snapshots | GET | List snapshots of a resource server |
/nevismeta/rest/v2/modules/{module}/setups/{setupId}/resource-servers/{resourceId}/snapshots/{snapshotId} | GET, DELETE | Read or delete a future snapshot of a resource server |
/nevismeta/rest/v2/modules/{module}/setups/{setupId}/consents | GET | List persisted consents of a setup |
/nevismeta/rest/v3/modules/{module}/setups/{setupId}/clients/{clientId}/persisted-consent | DELETE | Delete a persisted consent |
/nevismeta/rest/v2/modules/{module}/setups/{setupId}/tokens | GET, DELETE | List refresh tokens of a setup, or delete a user's refresh tokens |
/nevismeta/rest/v2/modules/{module}/setups/{setupId}/tokens/{token} | GET, DELETE | Read or delete a single refresh token |