Skip to main content
Version: 8.2505.x.x RR

nevisIDM Authentication REST API

Introduction

The nevisIDM Authentication REST API enables to authenticate users using their credentials.

Recovery Code

Recovery Code REST Service to authenticate users with recovery codes.

Recovery Code login DTO

The Recovery Code login DTO has the following parameter:

  • code - The recovery code (string).

Recovery Code login

Login with Recovery Code

POST /{clientExtId}/users/{userExtId}/recovery-codes/login/

Log in with a recovery code of the user with the given external ID.

Each code can be used only once.

since 2.78

Required permissions

  • AccessControl.CredentialView
  • AccessControl.CredentialModify
  • AccessControl.CredentialChangeState

Example URI:

POST https://your-host/nevisidm/api/auth/v1/1000/users/1234/recovery-codes/login/

URI Parameters

  • clientExtId string (required) Example: 1000

    ExtID of the client.

  • userExtId string (required) Example: 1234

    ExtID of the user.

Request

  • Headers: Content-Type: application/json
  • Body:
 {
   "code": "abcd-efgh-1234-5678"
 }

Response 204

  • Headers: Content-Type: application/json

Password

Password REST Service to authenticate users with password credential.

Password Login DTO

The password login DTO has the following parameters:

  • password - The password to be verified (string).

Login Status DTO

The login status DTO has the following parameters:

  • statusCode - Indicates login status after processing update login information (integer).
  • description - Human readable login status information (string).

Password login

Login with password credential

POST /{clientExtId}/users/{userExtId}/password/login/

Log in with the defined password credential of the user.

since 2.88

Required permissions

  • AccessControl.CredentialView
  • AccessControl.CredentialModify
  • AccessControl.CredentialChangeState

Example URI

POST https://your-host/nevisidm/api/auth/v1/1000/users/1234/password/login/

URI Parameters

  • clientExtId string (required) Example: 1000

    ExtID of the client.

  • userExtId string (required) Example: 1234

    ExtID of the user.

Request

  • Headers: Content-Type: application/json
  • Body:
{
  "password": "1StrongPassword!"
}

Response 200

  • Headers: Content-Type: application/json
  • Body:
{
  "statusCode": 5,
  "description": "Login Ok"
}

Response 404

  • Headers: Content-Type: application/json
  • Body:
{
  "errors": [
    {
      "code": "errors.noRecord",
      "message": "There is no client with external identifier 'nonExistingClient'"
    }
  ]
}

Response 404

  • Headers: Content-Type: application/json
  • Body:
{
  "errors": [
    {
      "code": "errors.noRecord",
      "message": "There is no user with external identifier 'nonExistingUser' in client 'Default'"
    }
  ]
}

Response 404

  • Headers: Content-Type: application/json
  • Body:
{
  "errors": [
    {
      "code": "errors.noRecord",
      "message": "No password credential defined for user '9999999442'"
    }
  ]
}

Response 422

  • Headers: Content-Type: application/json
  • Body:
{
  "errors": [
    {
      "code": "errors.credentialNotActive",
      "message": "The password credential is not active (current state 'disabled') of user '9999999442'"
    }
  ]
}

Device Password

Device Password REST Service to authenticate users with device password credential.

Device Password Login DTO

The device password login DTO has the following parameters:

  • password - The password to be verified (string).
  • credentialExtId - Credential’s external identifier (aka. device identifier) (string).

Login Status DTO

The login status DTO has the following parameters:

  • statusCode - Indicates login status after processing update login information (integer).
  • description - Human readable login status information (string).

Password login

Login with device password credential

POST /{clientExtId}/users/{userExtId}/device-password/login/

Log in with the defined device password credential of the user.

since 2.88

Required permissions

  • AccessControl.CredentialView
  • AccessControl.CredentialModify
  • AccessControl.CredentialChangeState

Example URI

POST https://your-host/nevisidm/api/auth/v1/1000/users/1234/device-password/login/

URI Parameters

  • clientExtId string (required) Example: 1000

    ExtID of the client.

  • userExtId string (required) Example: 1234

    ExtID of the user.

Request

  • Headers: Content-Type: application/json
  • Body:
{
  "password": "1StrongPassword!"
  "credentialExtId": "user1-devicePassword1"
}

Response 200

  • Headers: Content-Type: application/json
  • Body:
{
  "statusCode": 5,
  "description": "Login Ok"
}

Response 404

  • Headers: Content-Type: application/json
  • Body:
{
  "errors": [
    {
      "code": "errors.noRecord",
      "message": "There is no client with external identifier 'nonExistingClient'"
    }
  ]
}

Response 404

  • Headers: Content-Type: application/json
  • Body:
{
  "errors": [
    {
      "code": "errors.noRecord",
      "message": "There is no user with external identifier 'nonExistingUser' in client 'Default'"
    }
  ]
}

Response 404

  • Headers: Content-Type: application/json
  • Body:
{
  "errors": [
    {
      "code": "errors.noRecord",
      "message": "No device password defined for user '9999999442' with extId 'user1-devicePassword1'"
    }
  ]
}

Response 422

  • Headers: Content-Type: application/json^
  • Body:
{
  "errors": [
    {
      "code": "errors.credentialNotActive",
      "message": "The device password is not active (current state 'disabled') of user '9999999442'"
    }
  ]
}

Context Password

Context Password REST Service to authenticate users with context password credential.

Context Password Login DTO

The password login DTO has the following parameters:

  • password - The password to be verified (string).
  • context - Credential’s context (string).

Login Status DTO

The login status DTO has the following parameters:

  • statusCode - Indicates login status after processing update login information (integer).
  • description - Human readable login status information (string).

Password login

Login with context password credential

POST /{clientExtId}/users/{userExtId}/context-password/login/

Log in with the defined context password credential of the user.

since 2.88

Required permissions

  • AccessControl.CredentialView
  • AccessControl.CredentialModify
  • AccessControl.CredentialChangeState

Example URI

POST https://your-host/nevisidm/api/auth/v1/1000/users/1234/context-password/login/

URI Parameters

  • clientExtId string (required) Example: 1000

    ExtID of the client.

  • userExtId string (required) Example: 1234

    ExtID of the user.

Request

  • Headers: Content-Type: application/json
  • Body:
{
  "password": "1StrongPassword!"
  "context": "user1-context1"
}

Response 200

  • Headers: Content-Type: application/json
  • Body:
{
  "statusCode": 5,
  "description": "Login Ok"
}

Response 404

  • Headers: Content-Type: application/json
  • Body:
{
  "errors": [
    {
      "code": "errors.noRecord",
      "message": "There is no client with external identifier 'nonExistingClient'"
    }
  ]
}

Response 404

  • Headers: Content-Type: application/json
  • Body:
{
  "errors": [
    {
      "code": "errors.noRecord",
      "message": "There is no user with external identifier 'nonExistingUser' in client 'Default'"
    }
  ]
}

Response 404

  • Headers: Content-Type: application/json
  • Body:
{
  "errors": [
    {
      "code": "errors.noRecord",
      "message": "No context password defined for user '9999999442' with context 'user1-context1'"
    }
  ]
}

Response 422

  • Headers: Content-Type: application/json
  • Body:
{
  "errors": [
    {
      "code": "errors.credentialNotActive",
      "message": "The context password is not active (current state 'disabled') in context 'user1-context1' of user '9999999442'"
    }
  ]
}