Katanemo - identity, and fine-grained authorization for modern { API-first } software companies. (1.0.0)
Download OpenAPI specification:Download
With Katanemo developers can add support for users, enterprise SSO, machine keys and fine-grained authorization in minutes.
Create Service
Create a Service in Katanemo. Once a service is created Katanemo identity and authorization capabilities on behalf of SaaS (API) Developers
Request Body schema: multipart/form-data
Details about the service, including the text-representation of the service APIs.
| name required | string Service Name |
| description | string Service Description |
| redirectUrl required | string Redirect URL after a successful login. |
| apiSpecFile required | string <binary> openapi service json or yaml file |
| authExclusionPaths | Array of strings List of paths for which we do not require authentication |
| displayName | string Display name of the service/company used in the Sign up, Login, Logout and other relevant branding pages |
| logoUrl | string The URL for the service/company Logo used in the Sign up, Login, Logout and other relevant branding pages |
| detailsImageUrl | string The URL of image showing details about the service to be displayed on the sign-up page. |
| termsUrl | string The URL for the terms of the service |
| privacyUrl | string The URL for the privacy of the service |
| docsUrl | string The URL for the documentation of the service |
Responses
Response samples
- 200
- 400
- 401
- 409
- 429
- 500
- default
{- "accountId": "string",
- "serviceId": "string",
- "serviceName": "string",
- "description": "string",
- "onboardURL": "string",
- "redirectUrl": "string",
- "apiSpecFileContents": "string",
- "apis": [
- "string"
], - "authExclusionPaths": [
- "string"
], - "version": 0,
- "updatedAt": 0,
- "createdAt": 0,
- "displayName": "string",
- "logoUrl": "string",
- "detailsImageUrl": "string",
- "termsUrl": "string",
- "privacyUrl": "string",
- "docsUrl": "string"
}List Services
List services that belong to a particular developer. Requires bearer token authorization
Responses
Response samples
- 200
- 400
- 401
- 409
- 429
- 500
- default
[- {
- "accountId": "string",
- "serviceId": "string",
- "serviceName": "string",
- "description": "string",
- "onboardURL": "string",
- "redirectUrl": "string",
- "apiSpecFileContents": "string",
- "apis": [
- "string"
], - "authExclusionPaths": [
- "string"
], - "version": 0,
- "updatedAt": 0,
- "createdAt": 0,
- "displayName": "string",
- "logoUrl": "string",
- "detailsImageUrl": "string",
- "termsUrl": "string",
- "privacyUrl": "string",
- "docsUrl": "string"
}
]Get Details for Katanemo AAA
Gets details about Katanemo's AAA SaaS service. Katanemo is powered by Katanemo, and our 3xA service uses the same core identity and authorization capabilities that we offer SaaS (API) developers
Responses
Response samples
- 200
- 400
- 401
- 409
- 429
- 500
- default
{- "accountId": "string",
- "serviceId": "string",
- "serviceName": "string",
- "description": "string",
- "onboardURL": "string",
- "redirectUrl": "string",
- "apiSpecFileContents": "string",
- "apis": [
- "string"
], - "authExclusionPaths": [
- "string"
], - "version": 0,
- "updatedAt": 0,
- "createdAt": 0,
- "displayName": "string",
- "logoUrl": "string",
- "detailsImageUrl": "string",
- "termsUrl": "string",
- "privacyUrl": "string",
- "docsUrl": "string"
}Get Service
Gets a Katanemo Service. The principal token must be present in the bearer header to retrieve the service details, unless the service is public
path Parameters
| serviceId required | string |
Responses
Response samples
- 200
- 400
- 401
- 409
- 429
- 500
- default
{- "accountId": "string",
- "serviceId": "string",
- "serviceName": "string",
- "description": "string",
- "onboardURL": "string",
- "redirectUrl": "string",
- "apiSpecFileContents": "string",
- "apis": [
- "string"
], - "authExclusionPaths": [
- "string"
], - "version": 0,
- "updatedAt": 0,
- "createdAt": 0,
- "displayName": "string",
- "logoUrl": "string",
- "detailsImageUrl": "string",
- "termsUrl": "string",
- "privacyUrl": "string",
- "docsUrl": "string"
}Update Service
Update Service. Requires bearer token authorization for the caller updating the service
path Parameters
| serviceId required | string |
Request Body schema: multipart/form-data
Service object of the service being updated.
| name | string Service Name |
| description | string Service Description |
| redirectUrl | string Redirect URL after a successful login. |
| apiSpecFile | string <binary> openapi service json or yaml file |
| authExclusionPaths | Array of strings List of paths for which we do not require authentication |
| displayName | string Display name of the service/company used in the Sign up, Login, Logout and other relevant branding pages |
| logoUrl | string The URL for the service/company Logo used in the Sign up, Login, Logout and other relevant branding pages |
| detailsImageUrl | string The URL of image showing details about the service to be displayed on the sign-up page. |
| termsUrl | string The URL for the terms of the service |
| privacyUrl | string The URL for the privacy of the service |
| docsUrl | string The URL for the documentatio of the service |
Responses
Response samples
- 200
- 400
- 401
- 409
- 429
- 500
- default
{- "accountId": "string",
- "serviceId": "string",
- "serviceName": "string",
- "description": "string",
- "onboardURL": "string",
- "redirectUrl": "string",
- "apiSpecFileContents": "string",
- "apis": [
- "string"
], - "authExclusionPaths": [
- "string"
], - "version": 0,
- "updatedAt": 0,
- "createdAt": 0,
- "displayName": "string",
- "logoUrl": "string",
- "detailsImageUrl": "string",
- "termsUrl": "string",
- "privacyUrl": "string",
- "docsUrl": "string"
}Delete Service
Deletes a service. Note the delete operation is a 'soft' delete where by organizations can't access your service. Requires a bearer token to validate that the caller can delete the service.
path Parameters
| serviceId required | string |
Responses
Response samples
- 400
- 401
- 409
- 429
- 500
- default
{- "message": "string",
- "errorCode": "string"
}Add tags to a resource
Add tags (key/value pair) to a particular resource that is created for a service, for a particular organization account id.
path Parameters
| serviceId required | string |
Request Body schema: application/json
Tags and resource id
| serviceIdPath | string |
| serviceId required | string |
| name required | string |
| resourceId required | string |
| accountId | string |
| token | string |
required | object |
Responses
Request samples
- Payload
{- "serviceIdPath": "string",
- "serviceId": "string",
- "name": "string",
- "resourceId": "string",
- "accountId": "string",
- "token": "string",
- "tags": {
- "property1": [
- "string"
], - "property2": [
- "string"
]
}
}Response samples
- 200
- 400
- 401
- 409
- 429
- 500
- default
{- "serviceIdPath": "string",
- "serviceId": "string",
- "name": "string",
- "resourceId": "string",
- "accountId": "string",
- "token": "string",
- "tags": {
- "property1": [
- "string"
], - "property2": [
- "string"
]
}
}Gets tags for a resource
Gets tags associated with a resource of a service
path Parameters
| serviceId required | string |
Request Body schema: application/json
Tags and resource id
| resourceName required | string |
| resourceId required | string |
| accountId required | string |
Responses
Request samples
- Payload
{- "resourceName": "string",
- "resourceId": "string",
- "accountId": "string"
}Response samples
- 200
- 400
- 401
- 409
- 429
- 500
{- "serviceIdPath": "string",
- "serviceId": "string",
- "name": "string",
- "resourceId": "string",
- "accountId": "string",
- "token": "string",
- "tags": {
- "property1": [
- "string"
], - "property2": [
- "string"
]
}
}JWKS endpoint for Service
Gets public key that can be used to verify jwt token issued by Katanemo. This API does not require bearer authorization
path Parameters
| serviceId required | string |
Responses
Response samples
- 200
- 400
- 401
- 409
- 429
- 500
- default
{- "keys": [
- {
- "kid": "string",
- "alg": "string",
- "e": "string",
- "n": "string",
- "use": "string",
- "kty": "string"
}
]
}Sign-up for Service
Onborad customers to a particular SaaS service managed by Katanemo. Generates email verification workflows and creates an organization for the customer subscribing to this particular service
path Parameters
| serviceId required | string |
Request Body schema: application/json
Signup Info of the service developer or a service subscriber
| emailAddress required | string Email address of user signing up for the service. |
Responses
Request samples
- Payload
{- "emailAddress": "string"
}Response samples
- 200
- 400
- 401
- 409
- 429
- 500
- default
{- "accountId": "string"
}Confirm User
Confirm that the user belongs to the organization (email) they signed-up with. Used by Katanemo to verify developers signing-up for its 3xA service and for service developers on-boarding their customers (subscribers)
path Parameters
| confirmationCode required | string |
Responses
Response samples
- 200
- 400
- 401
- 409
- 429
- 500
- default
{- "session": "string",
- "accountId": "string",
- "emailAddress": "string",
- "serviceId": "string"
}Set Password
Allows the user to set password after verficiation via a session token.
path Parameters
| serviceId required | string |
Request Body schema: application/json
Set password info
| emailAddress required | string Email address of the user. |
| session required | string Session information of the user from confirm user respoonse. |
| password required | string Password of the user for the user to be used in future. |
Responses
Request samples
- Payload
{- "emailAddress": "string",
- "session": "string",
- "password": "string"
}Response samples
- 400
- 401
- 409
- 429
- 500
- default
{- "message": "string",
- "errorCode": "string"
}Get password policy
Gets the password policy (length, characters, etc), to help the user set the correct password
path Parameters
| serviceId required | string |
Responses
Response samples
- 200
- 400
- 401
- 409
- 429
- 500
{- "minimumLegnth": 0,
- "requiredNumbers": true,
- "requireSymbols": true,
- "requireUpperCase": true,
- "requireLowerCase": true
}Login-init (SSO vs. Password)
Login-init helps developers determine if the user should be presented a SAML/SSO workflow or a user/password sign-in experience.
path Parameters
| serviceId required | string |
Request Body schema: application/json
Login info (email) of the user
| emailAddress required | string Email address of the developer account's user |
| state | string Optional state parameters |
Responses
Request samples
- Payload
{- "emailAddress": "string",
- "state": "string"
}Response samples
- 200
- 400
- 401
- 409
- 429
- 500
- default
{- "ssoEnabled": true,
- "ssoRedirectUrl": "string"
}Login (Password)
Login to any katanemo service. serviceId indicates service user is logging in to.
path Parameters
| serviceId required | string |
Request Body schema: application/json
Login info of a user
| emailAddress required | string Email address of the developer account's user |
| password required | string Password of the user |
| skipRedirect | boolean By default login will redirect to service redirect URL, if this parameter is set as true then response will be returned. |
| state | string Optional state parameter. |
Responses
Request samples
- Payload
{- "emailAddress": "string",
- "password": "string",
- "skipRedirect": true,
- "state": "string"
}Response samples
- 200
- 400
- 401
- 409
- 429
- 500
- default
{- "token": "string"
}Katamemo's APIs that help achieve customers and developers achieve fine-grained access controls (roles, abac, etc.)
Add tags to a resource
Add tags (key/value pair) to a particular resource that is created for a service, for a particular organization account id.
path Parameters
| serviceId required | string |
Request Body schema: application/json
Tags and resource id
| serviceIdPath | string |
| serviceId required | string |
| name required | string |
| resourceId required | string |
| accountId | string |
| token | string |
required | object |
Responses
Request samples
- Payload
{- "serviceIdPath": "string",
- "serviceId": "string",
- "name": "string",
- "resourceId": "string",
- "accountId": "string",
- "token": "string",
- "tags": {
- "property1": [
- "string"
], - "property2": [
- "string"
]
}
}Response samples
- 200
- 400
- 401
- 409
- 429
- 500
- default
{- "serviceIdPath": "string",
- "serviceId": "string",
- "name": "string",
- "resourceId": "string",
- "accountId": "string",
- "token": "string",
- "tags": {
- "property1": [
- "string"
], - "property2": [
- "string"
]
}
}Gets tags for a resource
Gets tags associated with a resource of a service
path Parameters
| serviceId required | string |
Request Body schema: application/json
Tags and resource id
| resourceName required | string |
| resourceId required | string |
| accountId required | string |
Responses
Request samples
- Payload
{- "resourceName": "string",
- "resourceId": "string",
- "accountId": "string"
}Response samples
- 200
- 400
- 401
- 409
- 429
- 500
{- "serviceIdPath": "string",
- "serviceId": "string",
- "name": "string",
- "resourceId": "string",
- "accountId": "string",
- "token": "string",
- "tags": {
- "property1": [
- "string"
], - "property2": [
- "string"
]
}
}Assign role
Assign role to an identity principal
Request Body schema: application/json
Role assignment
| principalId required | string |
| roleId required | string |
Responses
Request samples
- Payload
{- "principalId": "string",
- "roleId": "string"
}Response samples
- 200
- 400
- 401
- 409
- 429
- 500
- default
{- "accountId": "string",
- "serviceId": "string",
- "userId": "string",
- "isAdmin": true,
- "isActive": true,
- "token": "string",
- "tags": {
- "property1": [
- "string"
], - "property2": [
- "string"
]
}, - "roles": [
- "roleId1",
- "roleId2",
- "roleId3"
]
}Assume role
Creates a token with requested roleId
Request Body schema: application/json
Role assignment
| principalId required | string |
| roleId required | string |
Responses
Request samples
- Payload
{- "principalId": "string",
- "roleId": "string"
}Response samples
- 200
- 400
- 401
- 409
- 429
- 500
- default
"string"List Roles
Returns a list of all roles belonging to provided organization ID
path Parameters
| accountId required | string |
Responses
Response samples
- 200
- 400
- 401
- 409
- 429
- 500
- default
[- {
- "accountId": "string",
- "roleId": "string",
- "rolename": "string",
- "description": "string",
- "serviceId": "string",
- "policy": {
- "policyContent": "string"
}, - "version": 0,
- "updatedAt": 0,
- "createdAt": 0
}
]Creates Role
Creates a new Role
path Parameters
| accountId required | string |
Request Body schema: application/json
Role to add to the system
| accountId | string AccountId |
| rolename | string Role name |
| description | string Role description |
| serviceId | string ID of the service |
object (Policy) |
Responses
Request samples
- Payload
{- "accountId": "string",
- "rolename": "string",
- "description": "string",
- "serviceId": "string",
- "policy": {
- "policyContent": "string"
}
}Response samples
- 200
- 400
- 401
- 409
- 429
- 500
- default
{- "accountId": "string",
- "roleId": "string",
- "rolename": "string",
- "description": "string",
- "serviceId": "string",
- "policy": {
- "policyContent": "string"
}, - "version": 0,
- "updatedAt": 0,
- "createdAt": 0
}Get Role
Gets a particular role for an organization
path Parameters
| accountId required | string |
| roleId required | string |
Responses
Response samples
- 200
- 400
- 401
- 409
- 429
- 500
- default
{- "accountId": "string",
- "roleId": "string",
- "rolename": "string",
- "description": "string",
- "serviceId": "string",
- "policy": {
- "policyContent": "string"
}, - "version": 0,
- "updatedAt": 0,
- "createdAt": 0
}Update Role
Update role
path Parameters
| accountId required | string |
| roleId required | string |
Request Body schema: application/json
Role object that is being updated.
| accountId | string AccountId |
| rolename | string Role name |
| description | string Role description |
| serviceId | string ID of the service |
object (Policy) |
Responses
Request samples
- Payload
{- "accountId": "string",
- "rolename": "string",
- "description": "string",
- "serviceId": "string",
- "policy": {
- "policyContent": "string"
}
}Response samples
- 200
- 400
- 401
- 409
- 429
- 500
- default
{- "accountId": "string",
- "roleId": "string",
- "rolename": "string",
- "description": "string",
- "serviceId": "string",
- "policy": {
- "policyContent": "string"
}, - "version": 0,
- "updatedAt": 0,
- "createdAt": 0
}Create API Key
Creates a new client key for accessing a developers APIs
path Parameters
| accountId required | string |
Request Body schema: application/json
| defaultRoleId required | string |
| clientName required | string |
Responses
Request samples
- Payload
{- "defaultRoleId": "string",
- "clientName": "string"
}Response samples
- 200
- 400
- 401
- 409
- 429
- 500
- default
{- "clientId": "string",
- "clientSecret": "string"
}List API Keys
List all client keys for an organization accessing a developers service
path Parameters
| accountId required | string |
Responses
Response samples
- 200
- 400
- 401
- 409
- 429
- 500
- default
[- {
- "accountId": "string",
- "roles": [
- "roleId1",
- "roleId2",
- "roleId3"
], - "clientName": "string",
- "clientKeyId": "string",
- "serviceId": "string",
- "isActive": true
}
]Get API Key
Get details of a particular API key for an organization.
path Parameters
| accountId required | string |
| keyId required | string |
Responses
Response samples
- 200
- 400
- 401
- 409
- 429
- 500
- default
{- "accountId": "string",
- "roles": [
- "roleId1",
- "roleId2",
- "roleId3"
], - "clientName": "string",
- "clientKeyId": "string",
- "serviceId": "string",
- "isActive": true
}Get Token
Returns a short-lived token for API key/secret pair. Tokens contain claims that identify what a principal can or cannot do.
Request Body schema: application/json
| clientId | string |
| clientSecret | string |
Responses
Request samples
- Payload
{- "clientId": "string",
- "clientSecret": "string"
}Response samples
- 200
- 400
- 401
- 409
- 429
- 500
- default
{- "accessToken": "string"
}OAuth Token
Get an OAuth2.0 Token for an Authorization Code
Request Body schema: application/json
| code | string |
| clientId | string |
| clientSecret | string |
Responses
Request samples
- Payload
{- "code": "string",
- "clientId": "string",
- "clientSecret": "string"
}Response samples
- 200
- 400
- 401
- 409
- 429
- 500
- default
{- "idToken": "string",
- "accessToken": "string",
- "expiresIn": 0,
- "tokenType": "string"
}List Organizations
Returns an object with information regarding an account which is present in the token
Responses
Response samples
- 200
- 400
- 401
- 409
- 429
- 500
- default
{- "accountId": "string",
- "name": "string",
- "adminAccount": "string",
- "domainVerificationCode": "string",
- "domain": "string",
- "domainVerified": true,
- "usersCount": 0,
- "rolesCount": 0,
- "oidcConnectionsCount": 0,
- "samlConnectionsCount": 0,
- "defaultConnection": "string",
- "defaultConnectionType": "string",
- "launchedServices": [
- "string"
], - "subscribedServices": [
- "string"
], - "subscribers": [
- "string"
]
}Get Organization
Returns an object with information regarding an account
path Parameters
| accountId required | string |
Responses
Response samples
- 200
- 400
- 401
- 409
- 429
- 500
- default
{- "accountId": "string",
- "name": "string",
- "adminAccount": "string",
- "domainVerificationCode": "string",
- "domain": "string",
- "domainVerified": true,
- "usersCount": 0,
- "rolesCount": 0,
- "oidcConnectionsCount": 0,
- "samlConnectionsCount": 0,
- "defaultConnection": "string",
- "defaultConnectionType": "string",
- "launchedServices": [
- "string"
], - "subscribedServices": [
- "string"
], - "subscribers": [
- "string"
]
}Update Organization
Returns status code for successful or failed update.
path Parameters
| accountId required | string |
Request Body schema: application/json
Update account object
| name required | string Organization's account name to be dupated. |
Responses
Request samples
- Payload
{- "name": "string"
}Response samples
- 400
- 401
- 409
- 429
- 500
- default
{- "message": "string",
- "errorCode": "string"
}Verify Domain
Triggers the domain verification flow. If TXT record is created and has the correct verification code, the domain is verified.
path Parameters
| accountId required | string |
Responses
Response samples
- 400
- 401
- 409
- 429
- 500
- default
{- "message": "string",
- "errorCode": "string"
}List Users
Returns a list of all users belonging to provided organization ID
path Parameters
| accountId required | string |
Responses
Response samples
- 200
- 400
- 401
- 409
- 429
- 500
- default
[- {
- "accountId": "string",
- "serviceId": "string",
- "userId": "string",
- "isAdmin": true,
- "isActive": true,
- "token": "string",
- "tags": {
- "property1": [
- "string"
], - "property2": [
- "string"
]
}, - "roles": [
- "roleId1",
- "roleId2",
- "roleId3"
]
}
]Invite User
Creates a new User and triggers an email verification workflow, followed by set-password
path Parameters
| accountId required | string |
Request Body schema: application/json
User information
| accountId required | string Tenant name |
| userId | string email address of the user |
object | |
| roles | Array of strings |
Responses
Request samples
- Payload
{- "accountId": "string",
- "userId": "string",
- "tags": {
- "property1": [
- "string"
], - "property2": [
- "string"
]
}, - "roles": [
- "roleId1",
- "roleId2",
- "roleId3"
]
}Response samples
- 200
- 400
- 401
- 409
- 429
- 500
- default
{- "accountId": "string",
- "serviceId": "string",
- "userId": "string",
- "isAdmin": true,
- "isActive": true,
- "token": "string",
- "tags": {
- "property1": [
- "string"
], - "property2": [
- "string"
]
}, - "roles": [
- "roleId1",
- "roleId2",
- "roleId3"
]
}Get User
Get a specific user for a particular organization
path Parameters
| accountId required | string |
| userId required | string |
Responses
Response samples
- 200
- 400
- 401
- 409
- 429
- 500
- default
{- "accountId": "string",
- "serviceId": "string",
- "userId": "string",
- "isAdmin": true,
- "isActive": true,
- "token": "string",
- "tags": {
- "property1": [
- "string"
], - "property2": [
- "string"
]
}, - "roles": [
- "roleId1",
- "roleId2",
- "roleId3"
]
}Update user
Updates a User account
path Parameters
| userId required | string |
| accountId required | string |
Request Body schema: application/json
User information
| accountId required | string Tenant name |
| userId | string email address of the user |
object | |
| roles | Array of strings |
Responses
Request samples
- Payload
{- "accountId": "string",
- "userId": "string",
- "tags": {
- "property1": [
- "string"
], - "property2": [
- "string"
]
}, - "roles": [
- "roleId1",
- "roleId2",
- "roleId3"
]
}Response samples
- 200
- 400
- 401
- 409
- 429
- 500
- default
{- "accountId": "string",
- "serviceId": "string",
- "userId": "string",
- "isAdmin": true,
- "isActive": true,
- "token": "string",
- "tags": {
- "property1": [
- "string"
], - "property2": [
- "string"
]
}, - "roles": [
- "roleId1",
- "roleId2",
- "roleId3"
]
}List Roles
Returns a list of all roles belonging to provided organization ID
path Parameters
| accountId required | string |
Responses
Response samples
- 200
- 400
- 401
- 409
- 429
- 500
- default
[- {
- "accountId": "string",
- "roleId": "string",
- "rolename": "string",
- "description": "string",
- "serviceId": "string",
- "policy": {
- "policyContent": "string"
}, - "version": 0,
- "updatedAt": 0,
- "createdAt": 0
}
]Creates Role
Creates a new Role
path Parameters
| accountId required | string |
Request Body schema: application/json
Role to add to the system
| accountId | string AccountId |
| rolename | string Role name |
| description | string Role description |
| serviceId | string ID of the service |
object (Policy) |
Responses
Request samples
- Payload
{- "accountId": "string",
- "rolename": "string",
- "description": "string",
- "serviceId": "string",
- "policy": {
- "policyContent": "string"
}
}Response samples
- 200
- 400
- 401
- 409
- 429
- 500
- default
{- "accountId": "string",
- "roleId": "string",
- "rolename": "string",
- "description": "string",
- "serviceId": "string",
- "policy": {
- "policyContent": "string"
}, - "version": 0,
- "updatedAt": 0,
- "createdAt": 0
}Get Role
Gets a particular role for an organization
path Parameters
| accountId required | string |
| roleId required | string |
Responses
Response samples
- 200
- 400
- 401
- 409
- 429
- 500
- default
{- "accountId": "string",
- "roleId": "string",
- "rolename": "string",
- "description": "string",
- "serviceId": "string",
- "policy": {
- "policyContent": "string"
}, - "version": 0,
- "updatedAt": 0,
- "createdAt": 0
}Update Role
Update role
path Parameters
| accountId required | string |
| roleId required | string |
Request Body schema: application/json
Role object that is being updated.
| accountId | string AccountId |
| rolename | string Role name |
| description | string Role description |
| serviceId | string ID of the service |
object (Policy) |
Responses
Request samples
- Payload
{- "accountId": "string",
- "rolename": "string",
- "description": "string",
- "serviceId": "string",
- "policy": {
- "policyContent": "string"
}
}Response samples
- 200
- 400
- 401
- 409
- 429
- 500
- default
{- "accountId": "string",
- "roleId": "string",
- "rolename": "string",
- "description": "string",
- "serviceId": "string",
- "policy": {
- "policyContent": "string"
}, - "version": 0,
- "updatedAt": 0,
- "createdAt": 0
}Create API Key
Creates a new client key for accessing a developers APIs
path Parameters
| accountId required | string |
Request Body schema: application/json
| defaultRoleId required | string |
| clientName required | string |
Responses
Request samples
- Payload
{- "defaultRoleId": "string",
- "clientName": "string"
}Response samples
- 200
- 400
- 401
- 409
- 429
- 500
- default
{- "clientId": "string",
- "clientSecret": "string"
}List API Keys
List all client keys for an organization accessing a developers service
path Parameters
| accountId required | string |
Responses
Response samples
- 200
- 400
- 401
- 409
- 429
- 500
- default
[- {
- "accountId": "string",
- "roles": [
- "roleId1",
- "roleId2",
- "roleId3"
], - "clientName": "string",
- "clientKeyId": "string",
- "serviceId": "string",
- "isActive": true
}
]Get API Key
Get details of a particular API key for an organization.
path Parameters
| accountId required | string |
| keyId required | string |
Responses
Response samples
- 200
- 400
- 401
- 409
- 429
- 500
- default
{- "accountId": "string",
- "roles": [
- "roleId1",
- "roleId2",
- "roleId3"
], - "clientName": "string",
- "clientKeyId": "string",
- "serviceId": "string",
- "isActive": true
}List Users
Returns a list of all users belonging to provided organization ID
path Parameters
| accountId required | string |
Responses
Response samples
- 200
- 400
- 401
- 409
- 429
- 500
- default
[- {
- "accountId": "string",
- "serviceId": "string",
- "userId": "string",
- "isAdmin": true,
- "isActive": true,
- "token": "string",
- "tags": {
- "property1": [
- "string"
], - "property2": [
- "string"
]
}, - "roles": [
- "roleId1",
- "roleId2",
- "roleId3"
]
}
]Invite User
Creates a new User and triggers an email verification workflow, followed by set-password
path Parameters
| accountId required | string |
Request Body schema: application/json
User information
| accountId required | string Tenant name |
| userId | string email address of the user |
object | |
| roles | Array of strings |
Responses
Request samples
- Payload
{- "accountId": "string",
- "userId": "string",
- "tags": {
- "property1": [
- "string"
], - "property2": [
- "string"
]
}, - "roles": [
- "roleId1",
- "roleId2",
- "roleId3"
]
}Response samples
- 200
- 400
- 401
- 409
- 429
- 500
- default
{- "accountId": "string",
- "serviceId": "string",
- "userId": "string",
- "isAdmin": true,
- "isActive": true,
- "token": "string",
- "tags": {
- "property1": [
- "string"
], - "property2": [
- "string"
]
}, - "roles": [
- "roleId1",
- "roleId2",
- "roleId3"
]
}Get User
Get a specific user for a particular organization
path Parameters
| accountId required | string |
| userId required | string |
Responses
Response samples
- 200
- 400
- 401
- 409
- 429
- 500
- default
{- "accountId": "string",
- "serviceId": "string",
- "userId": "string",
- "isAdmin": true,
- "isActive": true,
- "token": "string",
- "tags": {
- "property1": [
- "string"
], - "property2": [
- "string"
]
}, - "roles": [
- "roleId1",
- "roleId2",
- "roleId3"
]
}Update user
Updates a User account
path Parameters
| userId required | string |
| accountId required | string |
Request Body schema: application/json
User information
| accountId required | string Tenant name |
| userId | string email address of the user |
object | |
| roles | Array of strings |
Responses
Request samples
- Payload
{- "accountId": "string",
- "userId": "string",
- "tags": {
- "property1": [
- "string"
], - "property2": [
- "string"
]
}, - "roles": [
- "roleId1",
- "roleId2",
- "roleId3"
]
}Response samples
- 200
- 400
- 401
- 409
- 429
- 500
- default
{- "accountId": "string",
- "serviceId": "string",
- "userId": "string",
- "isAdmin": true,
- "isActive": true,
- "token": "string",
- "tags": {
- "property1": [
- "string"
], - "property2": [
- "string"
]
}, - "roles": [
- "roleId1",
- "roleId2",
- "roleId3"
]
}Create API Key
Creates a new client key for accessing a developers APIs
path Parameters
| accountId required | string |
Request Body schema: application/json
| defaultRoleId required | string |
| clientName required | string |
Responses
Request samples
- Payload
{- "defaultRoleId": "string",
- "clientName": "string"
}Response samples
- 200
- 400
- 401
- 409
- 429
- 500
- default
{- "clientId": "string",
- "clientSecret": "string"
}List API Keys
List all client keys for an organization accessing a developers service
path Parameters
| accountId required | string |
Responses
Response samples
- 200
- 400
- 401
- 409
- 429
- 500
- default
[- {
- "accountId": "string",
- "roles": [
- "roleId1",
- "roleId2",
- "roleId3"
], - "clientName": "string",
- "clientKeyId": "string",
- "serviceId": "string",
- "isActive": true
}
]Get API Key
Get details of a particular API key for an organization.
path Parameters
| accountId required | string |
| keyId required | string |
Responses
Response samples
- 200
- 400
- 401
- 409
- 429
- 500
- default
{- "accountId": "string",
- "roles": [
- "roleId1",
- "roleId2",
- "roleId3"
], - "clientName": "string",
- "clientKeyId": "string",
- "serviceId": "string",
- "isActive": true
}List Access logs
Return a list of access logs that belong to a particular service and orgaization
path Parameters
| serviceId required | string |
| accountId required | string |
query Parameters
| startTime required | string Start time of log entries in the format YYYY-MM-DDThh-mm-ss (e.g. 2023-01-15T15-28-58 which means 2023-01-15 15:28:58) |
| endTime required | string End time of log entries in the format YYYY-MM-DDThh-mm-ss (e.g. 2023-01-15T15-28-58 which means 2023-01-15 15:28:58) |
Responses
Response samples
- 200
- 400
- 401
- 409
- 429
- 500
- default
[- {
- "timestamp": "string",
- "accountId": "string",
- "serviceId": "string",
- "path": "string",
- "operation": "string",
- "principal": "string",
- "authenticationCode": 0,
- "authorizationCode": 0
}
]List OIDC Connections
Returns a list of all OIDC connections belonging to provided organization
path Parameters
| accountId required | string |
Responses
Response samples
- 200
- 400
- 401
- 409
- 429
- 500
- default
[- {
- "oidcConfigEndpoint": "string",
- "redirectURL": "string",
- "name": "string",
- "clientId": "string",
- "clientSecret": "string",
- "nonce": "string",
- "state": "string",
- "accountId": "string",
- "serviceId": "string",
- "authorizationEndpoint": "string",
- "tokenEndpoint": "string",
- "userInfoEndpoint": "string",
- "issuerEndpoint": "string",
- "jwksEndpoint": "string",
- "connectionId": "string"
}
]Creates OIDC connection
Creates a new OIDC connection
path Parameters
| accountId required | string |
Request Body schema: application/json
ODIC connection attributes
| oidcConfigEndpoint required | string OIDC configuration URL |
| redirectURL | string Callback URL for OIDC IdP |
| name | string Name of the OIDC connection |
| clientId required | string |
| clientSecret required | string |
| nonce | string |
| state | string |
| accountId | string |
| serviceId | string |
| authorizationEndpoint | string |
| tokenEndpoint | string |
| userInfoEndpoint | string |
| issuerEndpoint | string |
| jwksEndpoint | string |
| connectionId | string |
Responses
Request samples
- Payload
{- "oidcConfigEndpoint": "string",
- "redirectURL": "string",
- "name": "string",
- "clientId": "string",
- "clientSecret": "string",
- "nonce": "string",
- "state": "string",
- "accountId": "string",
- "serviceId": "string",
- "authorizationEndpoint": "string",
- "tokenEndpoint": "string",
- "userInfoEndpoint": "string",
- "issuerEndpoint": "string",
- "jwksEndpoint": "string",
- "connectionId": "string"
}Response samples
- 200
- 400
- 401
- 409
- 429
- 500
- default
{- "oidcConfigEndpoint": "string",
- "redirectURL": "string",
- "name": "string",
- "clientId": "string",
- "clientSecret": "string",
- "nonce": "string",
- "state": "string",
- "accountId": "string",
- "serviceId": "string",
- "authorizationEndpoint": "string",
- "tokenEndpoint": "string",
- "userInfoEndpoint": "string",
- "issuerEndpoint": "string",
- "jwksEndpoint": "string",
- "connectionId": "string"
}Update OIDC connection
Updates a OIDC connection
path Parameters
| accountId required | string |
| connectionId required | string |
Request Body schema: application/json
OIDC connection attributes
| oidcConfigEndpoint required | string OIDC configuration URL |
| redirectURL | string Callback URL for OIDC IdP |
| name | string Name of the OIDC connection |
| clientId required | string |
| clientSecret required | string |
| nonce | string |
| state | string |
| accountId | string |
| serviceId | string |
| authorizationEndpoint | string |
| tokenEndpoint | string |
| userInfoEndpoint | string |
| issuerEndpoint | string |
| jwksEndpoint | string |
| connectionId | string |
Responses
Request samples
- Payload
{- "oidcConfigEndpoint": "string",
- "redirectURL": "string",
- "name": "string",
- "clientId": "string",
- "clientSecret": "string",
- "nonce": "string",
- "state": "string",
- "accountId": "string",
- "serviceId": "string",
- "authorizationEndpoint": "string",
- "tokenEndpoint": "string",
- "userInfoEndpoint": "string",
- "issuerEndpoint": "string",
- "jwksEndpoint": "string",
- "connectionId": "string"
}Response samples
- 200
- 400
- 401
- 409
- 429
- 500
- default
{- "oidcConfigEndpoint": "string",
- "redirectURL": "string",
- "name": "string",
- "clientId": "string",
- "clientSecret": "string",
- "nonce": "string",
- "state": "string",
- "accountId": "string",
- "serviceId": "string",
- "authorizationEndpoint": "string",
- "tokenEndpoint": "string",
- "userInfoEndpoint": "string",
- "issuerEndpoint": "string",
- "jwksEndpoint": "string",
- "connectionId": "string"
}Get OIDC connection
Get details of an OIDC connection
path Parameters
| accountId required | string |
| connectionId required | string |
Responses
Response samples
- 200
- 400
- 401
- 409
- 429
- 500
- default
{- "oidcConfigEndpoint": "string",
- "redirectURL": "string",
- "name": "string",
- "clientId": "string",
- "clientSecret": "string",
- "nonce": "string",
- "state": "string",
- "accountId": "string",
- "serviceId": "string",
- "authorizationEndpoint": "string",
- "tokenEndpoint": "string",
- "userInfoEndpoint": "string",
- "issuerEndpoint": "string",
- "jwksEndpoint": "string",
- "connectionId": "string"
}OIDC Callback
Handles OIDC login callback
path Parameters
| accountId required | string |
| connectionId required | string |
query Parameters
| code required | string Authorization code returned by the OIDC provider |
| state required | string Authorization code returned by the OIDC provider |
Responses
Response samples
- default
{- "code": 0,
- "message": "string"
}List SAML Connections
Returns a list of all SAML connections belonging to provided organization
path Parameters
| accountId required | string |
Responses
Response samples
- 200
- 400
- 401
- 409
- 429
- 500
- default
[- {
- "connectionId": "string",
- "idProvider": "string",
- "state": "string",
- "name": "string",
- "defaultRoleId": "string",
- "loginLink": "string",
- "metadataLink": "string",
- "acsLink": "string",
- "audienceLink": "string",
- "attributeRoleMappings": [
- {
- "attribute": "string",
- "value": "string",
- "roleId": "string"
}
], - "rootURL": "string",
- "accountId": "string",
- "serviceId": "string"
}
]Creates SAML connection
Creates a new SAML connection
path Parameters
| accountId required | string |
Request Body schema: application/json
SAML connection attributes
| connectionId | string |
| idProvider required | string |
| state | string |
| name | string |
| defaultRoleId required | string |
| loginLink | string |
| metadataLink | string |
| acsLink | string |
| audienceLink | string |
Array of objects (AttributeRoleMapping) | |
| rootURL | string |
| accountId required | string |
| serviceId required | string |
Responses
Request samples
- Payload
{- "connectionId": "string",
- "idProvider": "string",
- "state": "string",
- "name": "string",
- "defaultRoleId": "string",
- "loginLink": "string",
- "metadataLink": "string",
- "acsLink": "string",
- "audienceLink": "string",
- "attributeRoleMappings": [
- {
- "attribute": "string",
- "value": "string",
- "roleId": "string"
}
], - "rootURL": "string",
- "accountId": "string",
- "serviceId": "string"
}Response samples
- 200
- 400
- 401
- 409
- 429
- 500
- default
{- "connectionId": "string",
- "idProvider": "string",
- "state": "string",
- "name": "string",
- "defaultRoleId": "string",
- "loginLink": "string",
- "metadataLink": "string",
- "acsLink": "string",
- "audienceLink": "string",
- "attributeRoleMappings": [
- {
- "attribute": "string",
- "value": "string",
- "roleId": "string"
}
], - "rootURL": "string",
- "accountId": "string",
- "serviceId": "string"
}Update SAML connection
Updates a SAML connection
path Parameters
| accountId required | string |
| connectionId required | string |
Request Body schema: application/json
SAML connection attributes
| connectionId | string |
| idProvider required | string |
| state | string |
| name | string |
| defaultRoleId required | string |
| loginLink | string |
| metadataLink | string |
| acsLink | string |
| audienceLink | string |
Array of objects (AttributeRoleMapping) | |
| rootURL | string |
| accountId required | string |
| serviceId required | string |
Responses
Request samples
- Payload
{- "connectionId": "string",
- "idProvider": "string",
- "state": "string",
- "name": "string",
- "defaultRoleId": "string",
- "loginLink": "string",
- "metadataLink": "string",
- "acsLink": "string",
- "audienceLink": "string",
- "attributeRoleMappings": [
- {
- "attribute": "string",
- "value": "string",
- "roleId": "string"
}
], - "rootURL": "string",
- "accountId": "string",
- "serviceId": "string"
}Response samples
- 200
- 400
- 401
- 409
- 429
- 500
- default
{- "connectionId": "string",
- "idProvider": "string",
- "state": "string",
- "name": "string",
- "defaultRoleId": "string",
- "loginLink": "string",
- "metadataLink": "string",
- "acsLink": "string",
- "audienceLink": "string",
- "attributeRoleMappings": [
- {
- "attribute": "string",
- "value": "string",
- "roleId": "string"
}
], - "rootURL": "string",
- "accountId": "string",
- "serviceId": "string"
}Get connection
Retreive a SAML connection
path Parameters
| accountId required | string |
| connectionId required | string |
Responses
Response samples
- 200
- 400
- 401
- 409
- 429
- 500
- default
{- "connectionId": "string",
- "idProvider": "string",
- "state": "string",
- "name": "string",
- "defaultRoleId": "string",
- "loginLink": "string",
- "metadataLink": "string",
- "acsLink": "string",
- "audienceLink": "string",
- "attributeRoleMappings": [
- {
- "attribute": "string",
- "value": "string",
- "roleId": "string"
}
], - "rootURL": "string",
- "accountId": "string",
- "serviceId": "string"
}MAP SAML Attributes
Creates a new attribute mapping for a SAML connection
path Parameters
| accountId required | string |
| connectionId required | string |
Request Body schema: application/json
SAML user attributes to role mapping
| attribute required | string |
| value required | string |
| roleId required | string |
Responses
Request samples
- Payload
{- "attribute": "string",
- "value": "string",
- "roleId": "string"
}Response samples
- 200
- 400
- 401
- 409
- 429
- 500
- default
{- "connectionId": "string",
- "idProvider": "string",
- "state": "string",
- "name": "string",
- "defaultRoleId": "string",
- "loginLink": "string",
- "metadataLink": "string",
- "acsLink": "string",
- "audienceLink": "string",
- "attributeRoleMappings": [
- {
- "attribute": "string",
- "value": "string",
- "roleId": "string"
}
], - "rootURL": "string",
- "accountId": "string",
- "serviceId": "string"
}Triggers SAML SSO
Triggers SAML login for a particular connection. Account can have multiple SAML connections. It redirects to the login URL corresponding to a particular connection.
path Parameters
| connectionId required | string |
| accountId required | string |
Responses
Response samples
- default
{- "code": 0,
- "message": "string"
}SAML Callback
Handle SAML login callback with SAML assertion. It can be passed as query parameter or payload.
path Parameters
| accountId required | string |
| connectionId required | string |
query Parameters
| SAMLResponse | string SAML response returned by the SAML IDP |
Request Body schema: application/x-www-form-urlencoded
| SAMLResponse | string SAML response returned by the SAML IDP |
Responses
Response samples
- default
{- "code": 0,
- "message": "string"
}Response samples
- 200
- 400
- 401
- 409
- 429
- 500
- default
[- {
- "accountId": "string",
- "roleId": "string",
- "rolename": "string",
- "description": "string",
- "serviceId": "string",
- "policy": {
- "policyContent": "string"
}, - "version": 0,
- "updatedAt": 0,
- "createdAt": 0
}
]Get Resource Tags
Get all resource tags associated with a Katanemo Service.
path Parameters
| serviceId required | string |
query Parameters
| limit | integer |
Responses
Response samples
- 200
- 400
- 401
- 409
- 429
- 500
- default
[- {
- "serviceIdPath": "string",
- "serviceId": "string",
- "name": "string",
- "resourceId": "string",
- "accountId": "string",
- "token": "string",
- "tags": {
- "property1": [
- "string"
], - "property2": [
- "string"
]
}
}
]