- Overview
- Resources
- API summary
- List groups
- Get a group
- Create a new group
- Modify a group’s name
- Delete a group
- Move a group
- List users affected by moving a group
- List properties
- Get a property
- Move a property
- List users for property
- Get a property’s resources
- List roles
- Create a role
- Get a role
- Edit a role
- Delete a role
- List grantable roles
- View your profile
- Edit your profile
- Rotate your password
- Set two-factor authentication
- Update notifications
- List users
- Create a new user
- Get a user
- Remove a user
- Update a user’s notifications
- Reset a user’s password
- Update a user
- List blocked properties
- Update blocked properties
- Modify a user’s group and role assignments
- Set a user’s two-factor authentication
- Lock a user’s account
- Unlock a user’s account
- Set a user’s password
- View password policy
- View contact types
- View supported countries
- View states
- View timeout policies
- View languages
- View time zones
- View products
- View password policy for a user profile
- View contact types for a user profile
- View supported countries for a user profile
- View states for a user profile
- View timeout policies for a user profile
- View languages for a user profile
- View time zones for a user profile
- View products for a user profile
- Data
- Errors
Identity Management: User Administration API v2
Manage accounts for users, and control their access to groups and properties.
Learn more:
Download this API’s RAML and JSON schema descriptors.
Overview
Identity Management: User Administration API lets administrators programmatically manage users and their access to Akamai applications and resources. Additionally, administrators can programmatically maintain user accounts and other general user information, manage groups and group access, and perform other administrative tasks.
If you are not an administrator, you can use a part of this API to update your own profile information, or move groups and properties provided you have the proper role assignments to do so.
To manage API clients, see Identity Management API.
NOTE: This most recent API version 2 supersedes the earlier version 1. Upgrade to this new version of the API at your earliest opportunity. See User Admin API for the older API.
Who should use this API
Account administrators should use this API to perform tasks to or for other users in addition to all tasks regular users perform.
Users, or non-administrators, can use this API to manage groups, create or update roles, edit their own information, or move properties between groups. Users can also block property access to other users.
Getting started
Review Get Started on tools that Akamai provides for all its APIs.
First-time users need to create an API client with access to the Identity Management: User Administration API through the Identity Management application in Luna Control Center. Alternatively, administrators can create an API client for themselves in the Identity Management application in Luna, and then change the owner of the client from themselves to another user.
Review Authorize Your Client to create your API access credentials and authorizations. As detailed in the The API Identity Model section, you then access the API using custom hostnames that looks like this:
https://akzz-XXXXXXXXXXXXXXXX-XXXXXXXXXXXXXXXX.luna.akamaiapis.net.Review the Authorize Your Client section to make sure the identity under which you provision the API can access its full range of functionality. Use the Identity Management application to expand access if necessary, or the Identity Management API as a programmatic alternative.
Resources
This section specifies the User Admin API’s URL resources and parameters, providing details to interact with each operation, and guidance on the workflow through the API.
The following summarizes the main set of resources available to administrators and to other users:
Group: Groups are organizational containers for the objects you use on Luna Control Center. Groups can contain other groups, primary objects like properties, and secondary objects like edge hostnames or CP codes. Groups are organized as a nested tree structure that cascade permissions. You can move a nested group to another position within the tree structure, but that may affect users’ access to objects it contains due to cascading permissions.
Property: A configuration file specifying how Akamai serves your web content. The Property Manager API (PAPI) allows you to manage property configurations and assign them to groups when you first create them.
Blocked Property: Administrators can block a user’s access to any property, overriding any available role already assigned to a user to further restrict access.
Users: A user is a person with access to Luna Control Center.
Profile: A profile refers to a user’s information such as address and personal phone number. Users can edit their own profiles, but only administrators can edit profiles belonging to other users. Users can’t disable their TFA settings if the account they belong to has TFA enabled by default.
Administrators: Administrators are a subset of users with additional permissions. can have different levels of access, like API provisioning, moving groups or properties, or creating new users or modify existing ones. Response data may be redacted based on your access rights if you are a lower-level administrator.
Common Resources: This refers to commonly accessible read-only information that may apply across all users on an account. It includes locale, security policies, and the set of available products. The API provides a different set of common resource operations for access by administrators and for other users.
Notification: Users configure email notifications for reminders to rotate passwords, or to learn about maintenance issues for each product.
Role: Roles are lists of permissions that are explicitly tied to both a user and a group. Users need roles to act on objects in a group. It is the combination of user, role, and group that grants a user access to the objects they need. Roles may restrict access for a limited set of a group’s resources.
Grantable Role: These contain certain Akamai-defined atomic permissions that, when grouped together, give you access to applications and resources. The permissions included in a grantable role depend on what products are available on your contract, information the Contract API provides.
API summary
Download the RAML descriptors for this API.
| Operation | Method | Endpoint |
|---|---|---|
| Groups | ||
| List Groups | GET | /identity-management/ |
| Get a Group | GET | /identity-management/ |
| Create a New Group | POST | /identity-management/ |
| Modify a Group’s Name | PUT | /identity-management/ |
| Delete a Group | DELETE | /identity-management/ |
| Move a Group | POST | /identity-management/ |
| List Users Affected by Moving a Group | GET | /identity-management/ |
| Properties | ||
| List Properties | GET | /identity-management/ |
| Get a Property | GET | /identity-management/ |
| Move a Property | PUT | /identity-management/ |
| List Users for Property | GET | /identity-management/ |
| Get a Property’s Resources | GET | /identity-management/ |
| Roles | ||
| List Roles | GET | /identity-management/ |
| Create a Role | POST | /identity-management/ |
| Get a Role | GET | /identity-management/ |
| Edit a Role | PUT | /identity-management/ |
| Delete a Role | DELETE | /identity-management/ |
| List Grantable Roles | GET | /identity-management/ |
| Your User Profile | ||
| View Your Profile | GET | /identity-management/ |
| Edit Your Profile | PUT | /identity-management/ |
| Rotate Your Password | POST | /identity-management/ |
| Set Two-Factor Authentication | PUT | /identity-management/ |
| Update Notifications | PUT | /identity-management/ |
| Users, for Administrators | ||
| List Users | GET | /identity-management/ |
| Create a New User | POST | /identity-management/ |
| Get a User | GET | /identity-management/ |
| Remove a User | DELETE | /identity-management/ |
| Update a User’s Notifications | PUT | /identity-management/ |
| Reset a User’s Password | POST | /identity-management/ |
| Update a User | PUT | /identity-management/ |
| List Blocked Properties | GET | /identity-management/ |
| Update Blocked Properties | PUT | /identity-management/ |
| Modify a User’s Group and Role Assignments | PUT | /identity-management/ |
| Set a User’s Two-Factor Authentication | PUT | /identity-management/ |
| Lock a User’s Account | POST | /identity-management/ |
| Unlock a User’s Account | POST | /identity-management/ |
| Set a User’s Password | POST | /identity-management/ |
| Common Resources, for Administrators | ||
| View Password Policy | GET | /identity-management/ |
| View Contact Types | GET | /identity-management/ |
| View Supported Countries | GET | /identity-management/ |
| View States | GET | /identity-management/ |
| View Timeout Policies | GET | /identity-management/ |
| View Languages | GET | /identity-management/ |
| View Time Zones | GET | /identity-management/ |
| View Products | GET | /identity-management/ |
| Common Resources, for Users | ||
| View Password Policy for a User Profile | GET | /identity-management/ |
| View Contact Types for a User Profile | GET | /identity-management/ |
| View Supported Countries for a User Profile | GET | /identity-management/ |
| View States for a User Profile | GET | /identity-management/ |
| View Timeout Policies for a User Profile | GET | /identity-management/ |
| View Languages for a User Profile | GET | /identity-management/ |
| View Time Zones for a User Profile | GET | /identity-management/ |
| View Products for a User Profile | GET | /identity-management/ |
List groups
List all groups in which you have a scope of admin
for the current account and contract type. The account and
contract type are determined by the access tokens in your API
client.
GET /identity-management/
Sample: /identity-management/
| Parameter | Type | Sample | Description |
|---|---|---|---|
| Optional query parameters | |||
actions |
Boolean | true |
When enabled, the response includes information about actions such as edit or delete that you can take for the object. Not to be confused with the action parameter, which applies to the Set Two-Factor Authentication operation. |
Status 200
application/json
Response Body:
[
{
"groupId": 12345,
"groupName": "Top Level group",
"createdDate": "2012-04-28T00:00:00.000Z",
"createdBy": "johndoe",
"modifiedDate": "2012-04-28T00:00:00.000Z",
"modifiedBy": "johndoe",
"actions": {
"edit": true,
"delete": false
},
"subGroups": [
{
"groupId": 11111,
"groupName": "First Level SubGroup",
"createdDate": "2013-10-29T19:05:52.000Z",
"createdBy": "johndoe",
"modifiedDate": "2017-07-25T22:30:20.000Z",
"modifiedBy": "lionelmessi",
"parentGroupId": 12345,
"actions": {
"edit": true,
"delete": false
},
"subGroups": [
{
"groupId": 54321,
"groupName": "Second Level SubGroup",
"createdDate": "2017-07-25T22:30:47.000Z",
"createdBy": "Company",
"modifiedDate": "2017-07-25T22:30:47.000Z",
"modifiedBy": "Company",
"parentGroupId": 11111,
"actions": {
"edit": true,
"delete": false
},
"subGroups": []
}
]
}
]
}
]
If you want available actions returned for each group, enable the
actionsquery parameter.Make a GET request to
/identity-management/.v2/ user-admin/ groups{?actions}
The response contains an array of Group objects.
Get a group
Return a group’s details.
GET /identity-management/
Sample: /identity-management/
| Parameter | Type | Sample | Description |
|---|---|---|---|
| URL parameters | |||
groupId |
Integer | 19807 |
A unique identifier for a group. |
| Optional query parameters | |||
actions |
Boolean | true |
When enabled, the response includes information about actions such as edit or delete that you can take for the object. Not to be confused with the action parameter, which applies to the Set Two-Factor Authentication operation. |
Status 200
application/json
Response Body:
{
"groupId": 12345,
"groupName": "TopLevelGroup",
"createdDate": "2012-04-28T00:00:00.000Z",
"createdBy": "johndoe",
"modifiedDate": "2012-04-28T00:00:00.000Z",
"modifiedBy": "johndoe",
"actions": {
"edit": true,
"delete": false
},
"subGroups": [
{
"groupId": 11111,
"groupName": "First Level SubGroup",
"createdDate": "2013-10-29T19:05:52.000Z",
"createdBy": "johndoe",
"modifiedDate": "2017-07-25T22:30:20.000Z",
"modifiedBy": "lionelmessi",
"parentGroupId": 12345,
"actions": {
"edit": true,
"delete": false
},
"subGroups": [
{
"groupId": 123456,
"groupName": "Second Level SubGroup",
"createdDate": "2017-07-25T22:30:47.000Z",
"createdBy": "Company",
"modifiedDate": "2017-07-25T22:30:47.000Z",
"modifiedBy": "Company",
"parentGroupId": 11111,
"actions": {
"edit": true,
"delete": false
},
"subGroups": []
}
]
}
]
}
Run the List Groups operation and select the relevant
groupId.Optionally enable the
actionsquery parameter to return the set of actions available to users for this group.Make a GET request to
/identity-management/.v2/ user-admin/ groups/ {groupId}{?actions}
The response is a Group object.
Create a new group
Create a new group within a parent group you specify in the request.
POST /identity-management/
Sample: /identity-management/
Content-Type: application/json
Request Body:
{
"groupName": "New Sub Group"
}
| Parameter | Type | Sample | Description |
|---|---|---|---|
| URL parameters | |||
groupId |
Integer | 19807 |
A unique identifier for a group. |
Status 200
application/json
Response Body:
{
"groupId": 111898,
"groupName": "New Sub Group",
"parentGroupId": 19807,
"createdDate": "2017-09-18T19:03:28.000Z",
"createdBy": "johndoe",
"modifiedDate": "2017-09-18T19:03:28.000Z",
"modifiedBy": "johndoe"
}
Modify a group’s name
Change the name of the group.
PUT /identity-management/
Sample: /identity-management/
Content-Type: application/json
Request Body:
{
"groupName": "Change Group Name"
}
| Parameter | Type | Sample | Description |
|---|---|---|---|
| URL parameters | |||
groupId |
Integer | 19807 |
A unique identifier for a group. |
Status 201
application/json
Response Body:
{
"groupId": 12345,
"groupName": "Change Group Name",
"createdDate": "2012-04-28T00:00:00.000Z",
"createdBy": "johndoe",
"modifiedDate": "2012-04-28T00:00:00.000Z",
"modifiedBy": "johndoe",
"actions": {
"edit": true,
"delete": false
},
"subGroups": [
{
"groupId": 11111,
"groupName": "First Level SubGroup",
"createdDate": "2013-10-29T19:05:52.000Z",
"createdBy": "johndoe",
"modifiedDate": "2017-07-25T22:30:20.000Z",
"modifiedBy": "janelane",
"parentGroupId": 12345,
"actions": {
"edit": true,
"delete": false
},
"subGroups": [
{
"groupId": 67890,
"groupName": "Second Level SubGroup",
"createdDate": "2017-07-25T22:30:47.000Z",
"createdBy": "Company",
"modifiedDate": "2017-07-25T22:30:47.000Z",
"modifiedBy": "Company",
"parentGroupId": 11111,
"actions": {
"edit": true,
"delete": false
},
"subGroups": []
}
]
}
]
}
Run the List Groups operation and select the relevant
groupId.Run the Get a Group operation.
The response is a Group object. Edit the
groupNamein the object.PUT the object to
/identity-management/.v2/ user-admin/ groups/ {groupId}
The response reflects the modified Group object.
Delete a group
You can only delete a sub-group, and only if that sub-group does not include any users.
DELETE /identity-management/
Sample: /identity-management/
| Parameter | Type | Sample | Description |
|---|---|---|---|
| URL parameters | |||
groupId |
Integer | 19807 |
A unique identifier for a group. |
Status 204
Run the List Groups operation and select the relevant
groupIdURL parameter.Make a DELETE request to
/identity-management/.v2/ user-admin/ groups/ {groupId}
Move a group
Move a nested group into another group in the same account.
POST /identity-management/
Content-Type: application/json
Request Body:
{
"sourceGroupId": 12345,
"destinationGroupId": 54321
}
Status 204
Run the List Groups operation.
Select the
groupIdfor the group you want to move, and assign it as thesourceGroupId.Select the
groupIdfor the group you want to move it to, and assign it as thedestinationGroupId.Create a MoveGroup object featuring the
sourceGroupIdanddestinationGroupId.POST the object to
/identity-management/.v2/ user-admin/ groups/ move
List users affected by moving a group
List users who are affected when a group is moved. Users may
lose or gain access to resources depending on the roles and
permissions associated with the new parent group. Users with
a userType of lostAccess lose their access to the
source group. If the userType is gainAccess, they
gain access to the resources in the source group. Users who
have inherited access to a group lose access to that group
if it moves out of its the hierarchy that gives them those
access rights. If the group moves to another parent group to
which they have access, they still have access to the
group you move. Likewise, when a group is moved to its new
location, users who inherit their access rights from the new
parent group gain access to the resources in the group
you move.
GET /identity-management/
Sample: /identity-management/
| Parameter | Type | Sample | Description |
|---|---|---|---|
| URL parameters | |||
sourceGroupId |
Integer | 106532 |
The groupId for the group you want to move. |
destinationGroupId |
Integer | 19807 |
The groupId for the group you are putting the other group into. |
| Optional query parameters | |||
userType |
Enumeration | lostAccess |
Filters users by whether they lost access or gained access. If set to lostAccess, the response includes users who lost access to the resources in the group that was moved. If set to gainAccess, the response includes users who gained access to the resources in the group that was moved. |
Status 200
application/json
Response Body:
[
{
"uiIdentityId": "A-B-12345",
"firstName": "John",
"lastName": "Doe",
"accountId": "1-2ABCD",
"email": "john.doe@mycompany.com",
"uiUserName": "john.doe@mycompany.com",
"lastLoginDate": "2017-08-03T21:15:27.000Z"
},
{
"uiIdentityId": "1-2A3BCD",
"firstName": "Lionel",
"lastName": "Messi",
"accountId": "1-2ABCD",
"email": "lionel.messi@barcelona.com",
"uiUserName": "lionel.messi@barcelona.com",
"lastLoginDate": "2016-09-07T00:00:00.000Z"
}
]
Run the List Groups operation.
Select the
groupIdfor the group you are moving, and assign it as thesourceGroupIdURL parameter.Select the
groupIdfor the group you are moving the group to, and assign it as thedestinationGroupIdURL parameter.Optionally set the
userTypequery parameter to filter users who gain or lose access to thesourceGroup.Make a GET request to
/identity-management/.v2/ user-admin/ groups/ move/ {sourceGroupId}/ {destinationGroupId}/ affected-users{?userType}
The response lists each User affected by moving the group.
List properties
Return a list of properties for an account.
Include the groupId parameter in your request to filter the
results by group.
GET /identity-management/
Sample: /identity-management/
| Parameter | Type | Sample | Description |
|---|---|---|---|
| Optional query parameters | |||
groupId |
Integer | 3456789 |
A unique identifier for a group. |
Status 200
application/json
Response Body:
[
{
"groupName": "Group 1",
"groupId": 99999,
"propertyId": 99999999,
"propertyTypeDescription": "On Demand Media",
"propertyName": "0rb-test-01.com",
"actions": {
"move": true
}
},
{
"groupName": "Group 2",
"groupId": 99999,
"propertyId": 88888888,
"propertyTypeDescription": "On Demand Media",
"propertyName": "0rb-test-01.com_clone",
"actions": {
"move": true
}
}
]
Optionally run the List Groups operation and select the
groupIdto filter results.Make a GET request to
/identity-management/.v2/ user-admin/ properties{?groupId}
The response is a list of Property objects.
Get a property
Get information about a property.
GET /identity-management/
Sample: /identity-management/
| Parameter | Type | Sample | Description |
|---|---|---|---|
| URL parameters | |||
propertyId |
Integer | 9678999 |
A unique identifier for a property. |
Status 200
application/json
Response Body:
{
"createdDate": "2017-07-27T18:11:25.000Z",
"createdBy": "doe.john@example.com",
"modifiedDate": "2017-07-27T18:11:25.000Z",
"modifiedBy": "doe.john@example.com",
"groupName": "Sales Team",
"groupId": 45678,
"arlConfigFile": "abc-dn123-abcde.akamaiorigin.net.xml",
"propertyId": 9678999,
"propertyName": "abc-dn123-abcde.akamaiorigin.net"
}
Run the List Properties operation and select the relevant
propertyId.Make a GET request to
/identity-management/.v2/ user-admin/ properties/ {propertyId}
The response is a Property object.
Move a property
Move a Property from one group to another group. You can only move a property into another group within the same group hierarchy. Depending on your role in the destination group, you may lose access to resources the property uses.
PUT /identity-management/
Sample: /identity-management/
Content-Type: application/json
Request Body:
{
"sourceGroupId": 11111,
"destinationGroupId": 22222
}
| Parameter | Type | Sample | Description |
|---|---|---|---|
| URL parameters | |||
propertyId |
Integer | 9678999 |
A unique identifier for a property. |
Status 204
Run the List Properties operation.
Select the relevant
propertyIdof the property you want to move.From the same object, select the
groupIdand assign it as thesourceGroupId.Run the List Groups operation and select the
groupIdfor the group you want to move the property to asdestinationGroupId.Create a MoveGroup object featuring the
sourceGroupIdanddestinationGroupId.PUT the object to
/identity-management/.v2/ user-admin/ properties/ {propertyId}
List users for property
List users who can access this property.
GET /identity-management/
Sample: /identity-management/
| Parameter | Type | Sample | Description |
|---|---|---|---|
| URL parameters | |||
propertyId |
Integer | 9678999 |
A unique identifier for a property. |
| Required query parameters | |||
groupId |
Integer | 45678 |
A unique identifier for a group. |
Status 200
application/json
Response Body:
[
{
"uiIdentityId": "1-ABCDEF",
"uiUserName": "jdoe",
"firstName": "John",
"lastName": "Doe",
"roleId": 73587,
"groupId": 99999,
"roleName": "Custom role # 73587",
"roleDescription": "Description"
},
{
"uiIdentityId": "1-ABCDEH",
"uiUserName": "jlane",
"firstName": "Jane",
"lastName": "Lane",
"roleId": 73617,
"groupId": 99999,
"roleName": "Custom role # 73617",
"roleDescription": "Description"
}
]
Run the List Properties operation and select the relevant
propertyId.From the same object, select the
groupId.Make a GET request to
/identity-management/.v2/ user-admin/ properties/ {propertyId}/ users{?groupId}
The response is an array of User objects.
Get a property’s resources
List of resources the property uses.
GET /identity-management/
Sample: /identity-management/
| Parameter | Type | Sample | Description |
|---|---|---|---|
| URL parameters | |||
propertyId |
Integer | 9678999 |
A unique identifier for a property. |
| Required query parameters | |||
groupId |
Integer | 45678 |
A unique identifier for a group. |
Status 200
application/json
Response Body:
[
{
"resourceId": 111111,
"resourceType": "arlfile",
"resourceName": "abc-dn123-abcde.akamaiorigin.net.xml",
"modifiedDate": "2017-09-07T17:00:58.000Z"
},
{
"resourceId": 8988898,
"resourceType": "cpcode",
"resourceName": "mycpcodeexample(123456)",
"modifiedDate": "2017-04-24T16:19:27.000Z"
}
]
Run the List Properties operation and select the relevant
propertyId.From the same object, select the
groupId.Make a GET request to
/identity-management/.v2/ user-admin/ properties/ {propertyId}/ resources{?groupId}
The response is an array of Resource objects.
List roles
List roles for the current account and contract type. The account and contract type are determined by the access tokens in your API client.
GET /identity-management/
Sample: /identity-management/
| Parameter | Type | Sample | Description |
|---|---|---|---|
| Optional query parameters | |||
actions |
Boolean | true |
When enabled, the response includes information about actions such as edit or delete that you can take for the object. Not to be confused with the action parameter, which applies to the Set Two-Factor Authentication operation. |
groupId |
Integer | 1234567 |
A unique identifier for a group. |
ignoreContext |
Boolean | true |
When enabled, returns all the roles for the current account, ignoring the contract type associated with your API client. |
users |
Boolean | true |
When enabled, returns users assigned to the roles. |
Status 200
application/json
Response Body:
[
{
"roleId": 123456,
"roleName": "View Only",
"roleDescription": "This role will allow you to view",
"type": "custom",
"createdDate": "2017-07-27T18:11:25.000Z",
"createdBy": "john.doe@mycompany.com",
"modifiedDate": "2017-07-27T18:11:25.000Z",
"modifiedBy": "john.doe@mycompany.com",
"actions": {
"edit": true,
"delete": true
}
},
{
"roleId": 13,
"roleName": "Accounting",
"roleDescription": "This role allows for 'read only'",
"type": "standard",
"createdBy": "Company",
"modifiedBy": "Company",
"actions": {
"edit": false,
"delete": false
},
"numUsers": 2,
"users": [
{
"uiIdentityId": "A-B-1BCDEF",
"firstName": "John",
"lastName": "Doe",
"accountId": "1-7XYZT",
"email": "john.doe@mycompany.com",
"lastLoginDate": "2017-08-03T21:15:27.000Z"
},
{
"uiIdentityId": "1-ABCDE",
"firstName": "Jane",
"lastName": "Lane",
"accountId": "1-7XYZA",
"email": "lane.jane@mycompany.com",
"lastLoginDate": "2016-09-07T00:00:00.000Z"
}
]
}
]
Optionally enable the
actionsquery parameter to return the actions available to users for this role.Optionally run the List Groups operation and select the
groupIdyou want to use to filter results.Optionally enable the
usersquery parameter to return users who have roles assigned. This filters users at the account level.Optionally enable the
ignoreContextquery parameter to return roles regardless of context.Make a GET request to
/identity-management/.v2/ user-admin/ roles{?actions, groupId, users, ignoreContext} The response is an array of Role objects.
Create a role
Create a custom role. Roles exist at the account level regardless of group, but are constrained by contract type. If you create a role under one contract type, you cannot apply that role to groups belonging to a different contract type, even if they are in the same account.
POST /identity-management/
Content-Type: application/json
Request Body:
{
"roleName": "Edit Reports",
"roleDescription": "This role will let the users to Edit/Create Reports",
"grantedRoles": [
{
"grantedRoleId": 2051
}
]
}
Status 200
application/json
Response Body:
{
"roleId": 12345678,
"roleName": "Edit Role",
"roleDescription": "This role will let the users to Edit/Create Reports",
"type": "custom",
"createdDate": "2017-09-11T13:43:54.005Z",
"createdBy": "johndoe",
"modifiedDate": "2017-09-11T13:43:54.005Z",
"modifiedBy": "johndoe",
"actions": {
"edit": true,
"delete": true
},
"grantedRoles": [
{
"grantedRoleId": 1234,
"grantedRoleName": "Some Role"
}
],
"users": [
{
"uiIdentityId": "A-B-12345",
"firstName": "John",
"lastName": "Doe",
"accountId": "1-234A",
"email": "john.doe@mycompany.com",
"lastLoginDate": "2016-01-13T17:53:57Z"
}
]
}
Get a role
Get details for a specific role.
GET /identity-management/
Sample: /identity-management/
| Parameter | Type | Sample | Description |
|---|---|---|---|
| URL parameters | |||
roleId |
Integer | 45678 |
A unique identifier for a role. |
| Optional query parameters | |||
actions |
Boolean | true |
When enabled, the response includes information about actions such as edit or delete that you can take for the object. Not to be confused with the action parameter, which applies to the Set Two-Factor Authentication operation. |
grantedRoles |
Boolean | true |
When enabled, the response lists granted roles assigned for a role. |
Status 200
application/json
Response Body:
{
"roleId": 123456,
"roleName": "Security View Only",
"roleDescription": "This role will allow you to look at the security reports",
"type": "custom",
"createdDate": "2017-07-27T18:11:25.000Z",
"createdBy": "john.doe@mycompany.com",
"modifiedDate": "2017-07-27T18:11:25.000Z",
"modifiedBy": "john.doe@mycompany.com",
"actions": {
"edit": false,
"delete": false
},
"users": [
{
"uiIdentityId": "A-B-12345",
"firstName": "John",
"lastName": "Doe",
"accountId": "1-2ABC",
"email": "john.doe@mycompany.com",
"lastLoginDate": "2017-08-03T21:15:27.000Z"
},
{
"uiIdentityId": "1-2ABCD",
"firstName": "Jane",
"lastName": "Lane",
"accountId": "1-7XYZ",
"email": "lane.jane@mycompany.com",
"lastLoginDate": "2016-09-07T00:00:00.000Z"
}
],
"grantedRoles": [
{
"grantedRoleId": 12345,
"grantedRoleName": "SecurityViewOnly"
}
]
}
Run the List Roles operation and select the relevant
roleId.Optionally enable the
grantedRolesquery parameter to return roles granted to this role.Optionally enable the
actionsquery parameter to return the set of actions available to users for this role.Optionally enable the
usersquery parameter to return users who have roles assigned.Make a GET request to
/identity-management/.v2/ user-admin/ roles/ {roleId}{?grantedRoles, actions, users}
Edit a role
Add or remove permissions from a role. Additionally, edit the name, description, etc.
PUT /identity-management/
Sample: /identity-management/
Content-Type: application/json
Request Body:
{
"roleName": "Edit Reports",
"roleDescription": "This role will let the users to Edit/Create Reports",
"grantedRoles": [
{
"grantedRoleId": 2063
}
]
}
| Parameter | Type | Sample | Description |
|---|---|---|---|
| URL parameters | |||
roleId |
Integer | 45678 |
A unique identifier for a role. |
Status 200
application/json
Response Body:
{
"roleId": 100645,
"roleName": "Edit Reports",
"roleDescription": "This role will let the users to Edit/Create Reports",
"type": "custom",
"createdDate": "2017-09-11T13:43:54.000Z",
"createdBy": "johndoe",
"modifiedDate": "2017-09-11T13:47:32.000Z",
"modifiedBy": "johndoe",
"actions": {
"edit": true,
"delete": true
},
"grantedRoles": [
{
"grantedRoleId": 2063,
"grantedRoleName": "View Audience Analytics Reports"
}
]
}
Run the List Roles operation and select the relevant
roleId.Run the Get a Role operation.
Modify the response object.
PUT the object back to
/identity-management/.v2/ user-admin/ roles/ {roleId}
The response reflects the modified Role object.
Delete a role
This operation is only allowed if the role is not assigned to any users.
DELETE /identity-management/
Sample: /identity-management/
| Parameter | Type | Sample | Description |
|---|---|---|---|
| URL parameters | |||
roleId |
Integer | 45678 |
A unique identifier for a role. |
Status 204
Run the List Roles operation and select the relevant
roleId.Make a DELETE request to
/identity-management/.v2/ user-admin/ roles/ {roleId}
List grantable roles
List which grantable roles you can include in a new custom role or add to an existing custom role.
GET /identity-management/
Status 200
application/json
Response Body:
[
{
"grantedRoleId": 2051,
"grantedRoleName": "WAF Strict WhiteList"
},
{
"grantedRoleId": 1032,
"grantedRoleName": "License Delivery Configurations - Manage"
},
{
"grantedRoleId": 2063,
"grantedRoleName": "View Audience Analytics Reports"
},
{
"grantedRoleId": 77852,
"grantedRoleName": "RealUserMonitoring - View Only"
},
{
"grantedRoleId": 32,
"grantedRoleName": "Enhanced DNS - All privileges (add/edit/view)"
}
]
View your profile
Return your own profile information. To make changes to your profile, run the Edit Your Profile operation.
GET /identity-management/
Sample: /identity-management/
| Parameter | Type | Sample | Description |
|---|---|---|---|
| Optional query parameters | |||
actions |
Boolean | true |
When enabled, the response includes information about actions such as edit or delete that you can take for the object. Not to be confused with the action parameter, which applies to the Set Two-Factor Authentication operation. |
authGrants |
Boolean | true |
When enabled, include the list of your group and role assignments. |
notifications |
Boolean | true |
When enabled, include which product notifications you subscribe to. |
Status 200
application/json
Response Body:
{
"uiIdentityId": "A-B-123456",
"firstName": "John",
"lastName": "Doe",
"uiUserName": "john.doe@mycompany.com",
"email": "john.doe@mycompany.com",
"lastLoginDate": "2016-01-13T17:53:57Z",
"tfaEnabled": true,
"country": "USA",
"phone": "3456788765",
"contactType": "Prolexic",
"isLocked": false,
"timeZone": "GMT",
"preferredLanguage": "English",
"sessionTimeOut": 30,
"passwordExpiryDate": "2018-01-13T17:53:57Z",
"secondaryEmail": "john-doe@gmail.com",
"mobilePhone": "3456787657",
"address": "first Street",
"city": "Santa Clara",
"state": "CA",
"zipCode": "34567",
"jobTitle": "Engineer",
"actions": {
"resetPassword": true,
"delete": true,
"edit": true,
"apiClient": true,
"thirdPartyAccess": true
},
"authGrants": [
{
"groupId": 12345,
"groupName": "MyGroup",
"roleId": 16,
"roleName": "Publisher",
"roleDescription": "This is a new role that has been created to"
}
],
"notifications": {
"enable": true,
"options": {
"upgrade": [
"NetStorage",
"Other Upgrade Notifications (Planned)"
],
"proactive": [
"EdgeScape",
"EdgeSuite (HTTP Content Delivery)"
],
"passwordExpiry": true
}
}
}
Enable the
actionsquery parameter to return the set of actions available to users for this user.Enable the
authGrantsquery parameter to return a list of the user’s group and role assignments.Enable the
notificationsquery parameter to return a list of product-notification emails a user subscribes to.Make a GET request to
/identity-management/.v2/ user-admin/ user-profile{?actions, authGrants, notifications}
The response is a User object.
Edit your profile
Update your basic profile information. You can update simple items like your name or phone number, but you cannot update your group or role assignments through this operation.
PUT /identity-management/
Content-Type: application/json
Request Body:
{
"firstName": "John",
"lastName": "Doe",
"tfaEnabled": true,
"country": "USA",
"phone": "3456788765",
"contactType": "Billing",
"timeZone": "GMT",
"preferredLanguage": "English",
"sessionTimeOut": 30,
"secondaryEmail": "john.doe@mycompany.com",
"mobilePhone": "3456787657",
"address": "first Street",
"city": "Santa Clara",
"state": "CA",
"zipCode": "34567",
"jobTitle": "Engineer"
}
Status 200
application/json
Response Body:
{
"uiIdentityId": "1-ABCDE",
"firstName": "John",
"lastName": "Doe",
"tfaEnabled": true,
"country": "USA",
"email": "john.doe@mycompany.com",
"phone": "3456788765",
"contactType": "Billing",
"timeZone": "GMT",
"preferredLanguage": "English",
"sessionTimeOut": 30,
"secondaryEmail": "john-doe@gmail.com",
"mobilePhone": "3456787657",
"address": "first Street",
"city": "Santa Clara",
"state": "CA",
"zipCode": "34567",
"jobTitle": "Engineer"
}
Run the View Your Profile operation to get your user profile.
Edit the User response object.
PUT the object to
/identity-management/.v2/ user-admin/ user-profile/ basic-info
The response reflects the modified User object.
Rotate your password
To update or change your password, include your old password and your new password in the request body. Run the View Password Policy operation before you create your new password to ensure it adheres to your policy. If you pass your existing password incorrectly and make too many login attempts, your account locks.
POST /identity-management/
Content-Type: application/json
Request Body:
{
"currentPassword": "abcbd",
"newPassword": "abcdg"
}
Status 204
Create a RotatePassword object, featuring both
currentPasswordandnewPassword.POST the object to
/identity-management/.v2/ user-admin/ user-profile/ change-password
Set two-factor authentication
Enable or disable two-factor
authentication (TFA) on your profile. An account administrator
must disable TFA for you if the account is set to enable.
If the account does not specify a TFA setting, you can
disable TFA on your profile yourself. You can always set TFA
to enable regardless of account-level settings. If you have TFA enabled, reset TFA clears your TFA settings and you will be asked to set up TFA the next time you log into Luna Control Center.
PUT /identity-management/
Sample: /identity-management/
| Parameter | Type | Sample | Description |
|---|---|---|---|
| Optional query parameters | |||
action |
Enumeration | enable |
The actions you can perform for TFA on your own profile, either enable, disable, or reset. Not to be confused with the actions parameter, which applies to the various operations that retrieve user data. |
Status 204
Optionally specify the
actionquery parameter toenable,disable, orresetTFA settings.Make a PUT request to
/identity-management/.v2/ user-admin/ user-profile/ tfa{?action}
Update notifications
Subscribe to notifications emails for password expiration reminders, proactive maintenance emails, and upgrade notification emails. Make a PUT request with a Notifications object.
PUT /identity-management/
Content-Type: application/json
Request Body:
{
"enableEmailNotifications": true,
"options": {
"upgrade": [
"NetStorage",
"Other Upgrade Notifications (Planned)"
],
"proactive": [
"EdgeScape",
"EdgeSuite (HTTP Content Delivery)"
],
"passwordExpiry": true
}
}
Status 200
application/json
Response Body:
{
"enableEmailNotifications": true,
"options": {
"upgrade": [
"NetStorage",
"Other Upgrade Notifications (Planned)"
],
"proactive": [
"EdgeScape",
"EdgeSuite (HTTP Content Delivery)"
],
"passwordExpiry": true
}
}
List users
Return a list of users who have access on this
account. The account is determined by the tokens in
your API client. You can pass a groupId to filter users based
on group. Additionally, you can return additional user
information such as what product notifications they subscribe
to, or what group and role assignments they have. Set
actions=true to return what actions you can take on each user.
GET /identity-management/
Sample: /identity-management/
| Parameter | Type | Sample | Description |
|---|---|---|---|
| Optional query parameters | |||
actions |
Boolean | true |
When enabled, the response includes information about actions such as edit or delete that you can take for the object. In this case, users. Not to be confused with the action parameter, which applies to the Set Two-Factor Authentication operation. |
authGrants |
Boolean | true |
When enabled, include the list of the user’s group and role assignments. |
groupId |
Integer | 19807 |
A unique identifier for a group. |
Status 200
application/json
Response Body:
[
{
"uiIdentityId": "A-B-123456",
"firstName": "John",
"lastName": "Doe",
"uiUserName": "johndoe",
"email": "john.doe@mycompany.com",
"accountId": "1-123A",
"phone": "3456788765",
"timezone": "GMT",
"lastLoginDate": "2016-01-13T17:53:57Z",
"contactType": "Billing",
"preferredLanguage": "English",
"sessionTimeOut": 14400,
"passwordExpiryDate": "2018-01-13T17:53:57Z",
"secondaryEmail": "john_doe@gmail.com",
"mobilePhone": "3456789999",
"street": "First Street",
"city": "Santa Clara",
"state": "CA",
"zipCode": "34567",
"country": "USA",
"jobTitle": "engineer",
"tfaEnabled": true,
"isLocked": false,
"actions": {
"resetPassword": true,
"delete": true,
"edit": true,
"apiClient": true,
"thirdPartyAccess": true,
"isCloneable": true
},
"authGrants": [
{
"groupId": 12345,
"roleId": 12,
"groupName": "mygroup",
"roleName": "admin",
"roleDescription": "This is a new role that has been created to",
"isBlocked": false
}
]
}
]
Run the List Groups operation and select the relevant
groupId.Enable the
authGrantsquery parameter to return users’ groups and role assignments.Enable the
actionsquery parameter to return what actions you can take on each user.Make a GET request to
/identity-management/.v2/ user-admin/ ui-identities{?groupId, authGrants, notifications, actions}
The response is an array of User objects.
Create a new user
Create a new user in the account specified in your own API client credentials. Optionally send a randomly generated, one-time use password to the new user. If you send the email with the password directly to the user, the response for this operation does not include that password. If you do not send the password to the user through email, the password is included in the response.
POST /identity-management/
Sample: /identity-management/
Content-Type: application/json
Request Body:
{
"firstName": "John",
"lastName": "Doe",
"uiUserName": "john.doe@mycompany.com",
"email": "john.doe@mycompany.com",
"phone": "(123) 321-1234",
"timeZone": "GMT",
"tfaEnabled": true,
"contactType": "Billing",
"preferredLanguage": "English",
"sessionTimeOut": 64800,
"passwordExpiryDate": "2018-05-05T22:38:39.000Z",
"address": "TBD",
"city": "TBD",
"state": "CA",
"country": "USA",
"secondaryEmail": "john-doe@gmail.com",
"mobilePhone": "3456787657",
"zipCode": "34567",
"jobTitle": "Engineer",
"authGrants": [
{
"groupId": 12345,
"roleId": 3,
"groupName": "MyGroup",
"roleName": "Admin",
"roleDescription": "This role provides the maximum access to users.",
"subGroups": [
{
"groupId": 54321,
"groupName": "MySubGroup",
"subGroups": [
{
"groupId": 56789,
"groupName": "MyNewSubGroup"
}
]
}
]
}
],
"notifications": {
"enableEmailNotifications": true,
"options": {
"upgrade": [
"NetStorage",
"Other Upgrade Notifications (Planned)"
],
"proactive": [
"EdgeScape",
"EdgeSuite (HTTP Content Delivery)"
],
"passwordExpiry": true
}
}
}
| Parameter | Type | Sample | Description |
|---|---|---|---|
| Optional query parameters | |||
sendEmail |
Boolean | false |
When sendEmail=true, send a one-time password to the new user. |
Status 200
application/json
Response Body:
{
"uiIdentityId": "A-BC-1234567",
"userPassword": "bcasXY8",
"firstName": "John",
"lastName": "Doe",
"uiUserName": "john.doe@mycompany.com",
"email": "john.doe@mycompany.com",
"phone": "(123) 321-1234",
"timeZone": "GMT",
"tfaEnabled": true,
"contactType": "Billing",
"preferredLanguage": "English",
"sessionTimeOut": 64800,
"passwordExpiryDate": "2018-05-05T22:38:39.000Z",
"address": "TBD",
"city": "TBD",
"state": "CA",
"country": "USA",
"authGrants": [
{
"groupId": 12345,
"roleId": 3,
"groupName": "MyGroup",
"roleName": "Admin",
"roleDescription": "This role provides the maximum access to users.",
"subGroups": [
{
"groupId": 54321,
"groupName": "MySubGroup",
"subGroups": [
{
"groupId": 56789,
"groupName": "MyNewSubGroup"
}
]
}
]
}
],
"actions": {
"resetPassword": true,
"edit": true,
"isCloneable": true,
"delete": true,
"thirdPartyAccess": false,
"apiClient": true
},
"notifications": {
"enableEmailNotifications": true,
"options": {
"upgrade": [
"24x7"
],
"proactive": [
"Security"
],
"passwordExpiry": true
}
}
}
Get a user
Return a specific user’s profile. Note that the
uiIdentityId corresponds to the contactId in version 1 of
the User Admin API.
GET /identity-management/
Sample: /identity-management/
| Parameter | Type | Sample | Description |
|---|---|---|---|
| URL parameters | |||
uiIdentityId |
Integer | 45678 |
A unique identifier for a user. This corresponds to the contactId in version 1 of the User Admin API. |
| Optional query parameters | |||
actions |
Boolean | true |
When enabled, the response includes information about actions such as edit or delete that you can take for the object. In this case, users. Not to be confused with the action parameter, which applies to the Set Two-Factor Authentication operation. |
authGrants |
Boolean | true |
When enabled, include the list of your group and role assignments. |
notifications |
Boolean | true |
When enabled, include which product notifications you subscribe to. |
Status 200
application/json
Response Body:
[
{
"uiIdentityId": "A-B-123456",
"firstName": "John",
"lastName": "Doe",
"uiUserName": "johndoe",
"email": "john.doe@mycompany.com",
"accountId": "1-123A",
"phone": "3456788765",
"timezone": "GMT",
"lastLoginDate": "2016-01-13T17:53:57Z",
"contactType": "Billing",
"preferredLanguage": "English",
"sessionTimeOut": 14400,
"passwordExpiryDate": "2018-01-13T17:53:57Z",
"secondaryEmail": "john_doe@gmail.com",
"mobilePhone": "3456789999",
"street": "First Street",
"city": "Santa Clara",
"state": "CA",
"zipCode": "34567",
"country": "USA",
"jobTitle": "engineer",
"isLocked": false,
"notifications": {
"enableEmailNotifications": true,
"options": {
"upgrade": [
"NetStorage",
"Other Upgrade Notifications (Planned)"
]
},
"proactive": [
"EdgeScape",
"EdgeSuite (HTTP Content Delivery)"
],
"passwordExpiry": true
},
"tfaEnabled": true,
"actions": {
"resetPassword": true,
"delete": true,
"edit": true,
"apiClient": true,
"thirdPartyAccess": true,
"isCloneable": true
},
"authGrants": [
{
"groupId": 12345,
"roleId": 12,
"groupName": "mygroup",
"roleName": "admin",
"roleDescription": "This is a new role that has been created to",
"isBlocked": false
}
]
}
]
Run the List Users operation and select the relevant
uiIdentityIdURL parameter.Enable the
authGrantsquery parameter to return users’ groups and role assignments.Enable the
notificationsquery parameter to return which product-notification emails a user subscribes to.Enable the
actionsquery parameter to return what actions you can take on each user.Make a GET request to
/identity-management/.v2/ user-admin/ ui-identities/ {uiIdentityId}{?actions, authGrants, notifications}
The response is a User object.
Remove a user
You can only delete users who do not have any API or Webservices clients. To delete users, first transfer their API clients and delete their Webservices clients.
DELETE /identity-management/
Sample: /identity-management/
| Parameter | Type | Sample | Description |
|---|---|---|---|
| URL parameters | |||
uiIdentityId |
Integer | 45678 |
A unique identifier for a user. This corresponds to the contactId in version 1 of the User Admin API. |
Status 200
Run the List Users operation and select the relevant
uiIdentityIdURL parameter.Make a DELETE request to
/identity-management/.v2/ user-admin/ ui-identities/ {uiIdentityId}
Update a user’s notifications
Subscribe or un-subscribe users to product notification emails.
PUT /identity-management/
Sample: /identity-management/
Content-Type: application/json
Request Body:
{
"enableEmailNotifications": true,
"options": {
"upgrade": [
"NetStorage",
"Other Upgrade Notifications (Planned)"
],
"proactive": [
"EdgeScape",
"EdgeSuite (HTTP Content Delivery)"
],
"passwordExpiry": true
}
}
| Parameter | Type | Sample | Description |
|---|---|---|---|
| URL parameters | |||
uiIdentityId |
Integer | 45678 |
A unique identifier for a user. This corresponds to the contactId in version 1 of the User Admin API. |
Status 200
application/json
Response Body:
{
"enableEmailNotifications": true,
"options": {
"upgrade": [
"NetStorage",
"Other Upgrade Notifications (Planned)"
],
"proactive": [
"EdgeScape",
"EdgeSuite (HTTP Content Delivery)"
],
"passwordExpiry": true
}
}
Run the List Users operation and select the relevant
uiIdentityIdURL parameter.Build a Notifications object.
PUT the object to
/identity-management/.v2/ user-admin/ ui-identities/ {uiIdentityId}/ notifications
The response reflects the Notifications object.
Reset a user’s password
Optionally send a one-time use password to the user. If you send the email with the password directly to the user, the response for this operation does not include that password. If you do not send the password to the user through email, the password is included in the response.
POST /identity-management/
Sample: /identity-management/
| Parameter | Type | Sample | Description |
|---|---|---|---|
| URL parameters | |||
uiIdentityId |
Integer | 45678 |
A unique identifier for a user. This corresponds to the contactId in version 1 of the User Admin API. |
| Optional query parameters | |||
sendEmail |
Boolean | false |
When sendEmail=true, send a one-time password to the new user. |
Status 200
application/json
Response Body:
{
"newPassword": "abc123"
}
Status 204
Run the List Users operation and select the relevant
uiIdentityIdURL parameter.Enable the
sendEmailquery parameter to send the new user a randomly generated, one-time use password.Make a POST request to
/identity-management/.v2/ user-admin/ ui-identities/ {uiIdentityId}/ reset-password{?sendEmail}
If sendEmail is false, a 200 response object contains the user’s
new password, otherwise it is a simple 204 response.
Update a user
Modify user information. Pass the entire body of data in the request, including members you’re not changing, or unspecified data will be removed.
PUT /identity-management/
Sample: /identity-management/
Content-Type: application/json
Request Body:
{
"firstName": "John",
"lastName": "Doe",
"tfaEnabled": true,
"country": "USA",
"phone": "3456788765",
"contactType": "Billing",
"timeZone": "GMT",
"preferredLanguage": "English",
"sessionTimeOut": 30,
"secondaryEmail": "john.doe@mycompany.com",
"mobilePhone": "3456787657",
"address": "first Street",
"city": "Santa Clara",
"state": "CA",
"zipCode": "34567",
"jobTitle": "Engineer"
}
| Parameter | Type | Sample | Description |
|---|---|---|---|
| URL parameters | |||
uiIdentityId |
Integer | 45678 |
A unique identifier for a user. This corresponds to the contactId in version 1 of the User Admin API. |
Status 200
application/json
Response Body:
{
"uiIdentityId": "1-ABCDE",
"firstName": "John",
"lastName": "Doe",
"tfaEnabled": true,
"country": "USA",
"email": "john.doe@mycompany.com",
"phone": "3456788765",
"contactType": "Billing",
"timeZone": "GMT",
"preferredLanguage": "English",
"sessionTimeOut": 30,
"secondaryEmail": "john-doe@gmail.com",
"mobilePhone": "3456787657",
"address": "first Street",
"city": "Santa Clara",
"state": "CA",
"zipCode": "34567",
"jobTitle": "Engineer"
}
Run the List Users operation and select the relevant
uiIdentityIdURL parameter.Run the Get a User operation.
Modify the response object.
PUT the object to
/identity-management/.v2/ user-admin/ ui-identities/ {uiIdentityId}/ basic-info
The response reflects the modified User object.
List blocked properties
Return all properties a user does not have access to in a group
GET /identity-management/
Sample: /identity-management/
| Parameter | Type | Sample | Description |
|---|---|---|---|
| URL parameters | |||
uiIdentityId |
Integer | 45678 |
A unique identifier for a user. This corresponds to the contactId in version 1 of the User Admin API. |
groupId |
Integer | 19807 |
A unique identifier for a group. |
Status 200
application/json
Response Body:
[
11111111,
22222222
]
Run the List Users operation and select the relevant
uiIdentityIdURL parameter.Run the List Groups operation and select the relevant
groupId.Make a GET request to
/identity-management/.v2/ user-admin/ ui-identities/ {uiIdentityId}/ groups/ {groupId}/ blocked-properties The response is a list of
propertyIdvalues.Optionally run the Get a Property operation to get more information on a specific property.
Update blocked properties
Remove or grant user access to properties. By default, users have access to all properties in a group.
PUT /identity-management/
Sample: /identity-management/
Content-Type: application/json
Request Body:
[
11111111,
22222222
]
| Parameter | Type | Sample | Description |
|---|---|---|---|
| URL parameters | |||
uiIdentityId |
Integer | 45678 |
A unique identifier for a user. This corresponds to the contactId in version 1 of the User Admin API. |
groupId |
Integer | 19807 |
A unique identifier for a group. |
Status 200
application/json
Response Body:
[
11111111,
22222222
]
Run the List Users operation and select the relevant
uiIdentityIdURL parameter.Run the List Groups operation and select the relevant
groupId.Run the List Properties operation to retrieve a set of
propertyIdvalues.Create an array of
propertyIdvalues to pass in the request body.PUT the array to
/identity-management/.v2/ user-admin/ ui-identities/ {uiIdentityId}/ groups/ {groupId}/ blocked-properties
The response is a list of propertyId values.
Modify a user’s group and role assignments
Edit what groups a user has access to, and how the use can interact with the objects in those groups.
PUT /identity-management/
Sample: /identity-management/
Content-Type: application/json
Request Body:
[
{
"groupId": 12345,
"roleId": 16,
"subGroups": [
{
"groupId": 54321,
"roleId": null,
"subGroups": []
}
]
}
]
| Parameter | Type | Sample | Description |
|---|---|---|---|
| URL parameters | |||
uiIdentityId |
Integer | 45678 |
A unique identifier for a user. This corresponds to the contactId in version 1 of the User Admin API. |
Status 200
application/json
Response Body:
[
{
"groupId": 12345,
"roleId": 16,
"groupName": "Company",
"roleName": "Publisher",
"roleDescription": "This is a new role that has been created to",
"isBlocked": false,
"subGroups": [
{
"groupId": 11111,
"roleId": null,
"groupName": "Sub Group",
"roleName": "",
"roleDescription": "",
"isBlocked": false,
"subGroups": []
}
]
}
]
Run the List Users operation and select the relevant
uiIdentityIdURL parameter.Form a User.authGrants[] object.
Make a PUT request to
/identity-management/.v2/ user-admin/ ui-identities/ {uiIdentityId}/ authGrants The response is a User.authGrants[] object.
Set a user’s two-factor authentication
Actions for this
operation are enable, disable, and reset. Users can make five
attempts to log in with TFA before their accounts lock. If
the account locks, set reset=true to unlock the account
and set the login counter to 0. Not to be confused with the actions parameter, which applies to the various operations that retrieve user data.
PUT /identity-management/
Sample: /identity-management/
| Parameter | Type | Sample | Description |
|---|---|---|---|
| URL parameters | |||
uiIdentityId |
Integer | 45678 |
A unique identifier for a user. This corresponds to the contactId in version 1 of the User Admin API. |
| Optional query parameters | |||
actions |
Boolean | true |
When enabled, the response includes information about actions such as edit or delete that you can take for the object. Not to be confused with the action parameter, which applies to the Set Two-Factor Authentication operation. |
Status 204
Run the List Users operation and select the relevant
uiIdentityIdURL parameter.Set the
actionquery parameter toenable,disable, orreset.Make a PUT request to
/identity-management/.v2/ user-admin/ ui-identities/ {uiIdentityId}/ tfa{?action}
Lock a user’s account
Prevent a user from logging in to Luna Control center.
POST /identity-management/
Sample: /identity-management/
| Parameter | Type | Sample | Description |
|---|---|---|---|
| URL parameters | |||
uiIdentityId |
Integer | 45678 |
A unique identifier for a user. This corresponds to the contactId in version 1 of the User Admin API. |
Status 204
Run the List Users operation and select the relevant
uiIdentityIdURL parameter.Make a POST request to
/identity-management/.v2/ user-admin/ ui-identities/ {uiIdentityId}/ lock
Unlock a user’s account
Release the lock on a user’s account and allow them to access Luna Control Center.
POST /identity-management/
Sample: /identity-management/
| Parameter | Type | Sample | Description |
|---|---|---|---|
| URL parameters | |||
uiIdentityId |
Integer | 45678 |
A unique identifier for a user. This corresponds to the contactId in version 1 of the User Admin API. |
Status 204
Run the List Users operation and select the relevant
uiIdentityIdURL parameter.Make a POST request to
/identity-management/.v2/ user-admin/ ui-identities/ {uiIdentityId}/ unlock
Set a user’s password
Set a specific password for a user. This differs from Reset a User’s Password because this password may be used more than once, and is not randomly generated.
POST /identity-management/
Sample: /identity-management/
Content-Type: application/json
Request Body:
{
"newPassword": "abc123"
}
| Parameter | Type | Sample | Description |
|---|---|---|---|
| URL parameters | |||
uiIdentityId |
Integer | 45678 |
A unique identifier for a user. This corresponds to the contactId in version 1 of the User Admin API. |
| Optional query parameters | |||
sendEmail |
Boolean | false |
When sendEmail=true, send a one-time password to the new user. |
Status 200
application/json
Response Body:
{
"newPassword": "abc123"
}
Status 204
Run the List Users operation and select the relevant
uiIdentityIdURL parameter.Enable the
sendEmailquery parameter to send the new user a randomly generated, one-time use password.Make a POST request to
/identity-management/.v2/ user-admin/ ui-identities/ {uiIdentityId}/ restricted/ set-password{?sendEmail}
If sendEmail is false, a 200 response object contains the user’s
new password, otherwise it is a simple 204 response.
View password policy
Return the password policy for the current account. The current account is determined by the tokens in your API client. Administrators use this operation to set a user’s password policy. Users who modify it need to run View Password Policy for a User Profile.
GET /identity-management/
Status 200
application/json
Response Body:
{
"pwclass": "aka90",
"minLength": 8,
"minLetters": 1,
"minDigits": 1,
"caseDif": 0,
"minNonAlpha": 0,
"maxRepeating": 2,
"minReuse": 4,
"rotateFrequency": 90
}
View contact types
List all the possible contact types that
Akamai supports. Use the values from this operation to add or
update a user’s contactType.
Administrators use this operation to set a user’s
contact type.
Users who modify it need to run
View Contact Types for a User Profile.
GET /identity-management/
Status 200
application/json
Response Body:
[
"Billing",
"Technical Decision Maker",
"Business Decision Maker",
"Security"
]
View supported countries
Return all the possible countries that Akamai supports. Use the values from this operation to add or update a user’s country information. Administrators use this operation to set a user’s country. Users who modify it need to run View Supported Countries for a User Profile.
GET /identity-management/
Status 200
application/json
Response Body:
[
"Lao People's Democratic Republ",
"Greece",
"Greenland",
"Grenada",
"Tanzania, United Republic of",
"Thailand",
"Togo",
"Tokelau",
"Tonga",
"Djibouti",
"Dominica",
"Christmas Island",
"Cocos (Keeling) Islands",
"Colombia",
"Comoros",
"Curacao"
]
View states
List U.S. states or Canadian provinces. If
country=USA you may enter a value of TBD if you don’t
know a user’s state.
Administrators use this operation to set a user’s state.
Users who modify it need to run
View States for a User Profile.
GET /identity-management/
Sample: /identity-management/
| Parameter | Type | Sample | Description |
|---|---|---|---|
| URL parameters | |||
country |
String | canada |
Specifies a U.S. state or Canadian province. |
Status 200
application/json
Response Body:
[
"AB",
"BC",
"PQ",
"NS",
"NT",
"NU",
"QC",
"YK",
"NB",
"MB",
"PE",
"TBD",
"NF",
"SK",
"ON"
]
Run the View Supported Countries operation.
Choose a value from the response array and assign it as the
countryURL parameter.Make a GET request to
/identity-management/.v2/ user-admin/ common/ countries/ {country}/ states
The response is a list of states or provinces.
View timeout policies
Lists all the possible session timeout
policies that Akamai supports. Use the values from this
operation to set the sessionTimeout for a user. The name
for each timeout period is in minutes, and the time value is
in seconds.
Administrators use this operation to set a user’s
timeout policy.
Users who modify it need to run
View Timeout Policies for a User Profile.
GET /identity-management/
Status 200
application/json
Response Body:
[
{
"name": "after15Minutes",
"value": 900
},
{
"name": "after30Minutes",
"value": 1800
},
{
"name": "after45Minutes",
"value": 2700
},
{
"name": "after1Hour",
"value": 3600
},
{
"name": "after2Hours",
"value": 7200
},
{
"name": "after4Hours",
"value": 14400
},
{
"name": "after18Hours",
"value": 64800
}
]
View languages
List all the possible languages Akamai
supports. Use the values from this API to set the preferred
language for a user. Users should see the Luna Control
Center in the language you set for them.
Administrators use this operation to set a user’s
preferred language.
Users who modify it need to run
View Languages for a User Profile.
GET /identity-management/
Status 200
application/json
Response Body:
[
"Deutsch",
"English",
"Espa\u00f1ol",
"Espa\u00f1ol (Espa\u00f1a)",
"Fran\u00e7ais",
"Italiano",
"Portugu\u00eas",
"\u4e2d\u6587 (\u7b80\u4f53)",
"\u4e2d\u6587 (\u7e41\u9ad4)",
"\u65e5\u672c\u8a9e",
"\ud55c\uad6d\uc5b4"
]
View time zones
List all time zones Akamai supports. Time
zones are in ISO 8601 format. Use the values from this operation to
set the timeZone for a user.
Administrators use this operation to set a user’s
time zone.
Users who modify it need to run
View Time Zones for a User Profile.
GET /identity-management/
Status 200
application/json
Response Body:
[
{
"timezone": "Asia/Rangoon",
"description": "Asia/Rangoon GMT+6"
},
{
"timezone": "Australia/Sydney",
"description": "Australia/Sydney GMT+10"
},
{
"timezone": "Etc/GMT+3",
"description": "Etc/GMT+3"
}
]
View products
Return all products a user can subscribe to and receive notifications for on the account. The account is determined by the tokens in your API client. Administrators use this operation to set the products for which users receive notifications. Users who modify this set need to run View Products for a User Profile.
GET /identity-management/
Status 200
application/json
Response Body:
[
"EdgeComputing for Java",
"Streaming",
"Enhanced DNS",
"Site Delivery",
"Secure FreeFlow (HTTPS Content Delivery using ARLs)",
"Log Delivery Service",
"Site Acceleration",
"Web Application Accelerator",
"EdgeScape",
"Security",
"NetStorage"
]
View password policy for a user profile
Return the password policy for the current account. The current account is determined by the tokens in your API client. Users can run this operation to modify their own profile’s password policy. Administrators who modify a user’s profile should run the View Password Policy operation.
GET /identity-management/
Status 200
application/json
Response Body:
{
"pwclass": "aka90",
"minLength": 8,
"minLetters": 1,
"minDigits": 1,
"caseDif": 0,
"minNonAlpha": 0,
"maxRepeating": 2,
"minReuse": 4,
"rotateFrequency": 90
}
View contact types for a user profile
List all the possible contact types that
Akamai supports. Use the values from this operation to add or
update a user’s contactType.
Users can run this operation to modify their own profile’s
contact types. Administrators who modify a user’s profile
should run the
View Contact Types
operation.
GET /identity-management/
Status 200
application/json
Response Body:
[
"Billing",
"Technical Decision Maker",
"Business Decision Maker",
"Security"
]
View supported countries for a user profile
Return all the possible countries that Akamai supports. Use the values from this operation to add or update a user’s country information. Users can run this operation to set their country in their own profile. Administrators who modify a user’s profile should run the View Supported Countries operation.
GET /identity-management/
Status 200
application/json
Response Body:
[
"Lao People's Democratic Republ",
"Greece",
"Greenland",
"Grenada",
"Tanzania, United Republic of",
"Thailand",
"Togo",
"Tokelau",
"Tonga",
"Djibouti",
"Dominica",
"Christmas Island",
"Cocos (Keeling) Islands",
"Colombia",
"Comoros",
"Curacao"
]
View states for a user profile
Returns country states. Users can run this operation to set their state in their own profile. Administrators who modify a user’s profile should run the View States operation.
GET /identity-management/
Sample: /identity-management/
| Parameter | Type | Sample | Description |
|---|---|---|---|
| URL parameters | |||
country |
String | canada |
Can be set to any country name, but only returns lists of states and provinces for USA and Canada. |
Status 200
application/json
Response Body:
[
"AB",
"BC",
"PQ",
"NS",
"NT",
"NU",
"QC",
"YK",
"NB",
"MB",
"PE",
"TBD",
"NF",
"SK",
"ON"
]
Run the View Supported Countries for a User Profile operation.
Choose a value from the response array and assign it as
countryURL parameter.Make a GET request to
/identity-management/.v2/ user-profile/ common/ countries/ {country}/ states
The response is a list of states or provinces.
View timeout policies for a user profile
Lists all the possible session timeout
policies that Akamai supports. Use the values from this
operation to set the sessionTimeout for a user. The name
for each timeout period is in minutes, and the time value is
in seconds.
Users can run this operation to modify their own profile’s
timeout policy. Administrators who modify a user’s profile
should run the
View Timeout Policies
operation.
GET /identity-management/
Status 200
application/json
Response Body:
[
{
"name": "after15Minutes",
"value": 900
},
{
"name": "after30Minutes",
"value": 1800
},
{
"name": "after45Minutes",
"value": 2700
},
{
"name": "after1Hour",
"value": 3600
},
{
"name": "after2Hours",
"value": 7200
},
{
"name": "after4Hours",
"value": 14400
},
{
"name": "after18Hours",
"value": 64800
}
]
View languages for a user profile
List all the possible languages Akamai
supports. Use the values from this API to set the preferred
language for a user. Users should see the Luna Control
Center in the language you set for them.
Users can run this operation to set their own profile’s
preferred language. Administrators who modify a user’s profile
should run the
View Languages
operation.
GET /identity-management/
Status 200
application/json
Response Body:
[
"Deutsch",
"English",
"Espa\u00f1ol",
"Espa\u00f1ol (Espa\u00f1a)",
"Fran\u00e7ais",
"Italiano",
"Portugu\u00eas",
"\u4e2d\u6587 (\u7b80\u4f53)",
"\u4e2d\u6587 (\u7e41\u9ad4)",
"\u65e5\u672c\u8a9e",
"\ud55c\uad6d\uc5b4"
]
View time zones for a user profile
List all time zones Akamai supports. Time
zones are in ISO 8601 format. Use the values from this operation to
set the timeZone for a user.
Users can run this operation to modify their own profile’s
time zone. Administrators who modify a user’s profile
should run the
View Time Zones
operation.
GET /identity-management/
Status 200
application/json
Response Body:
[
{
"timezone": "Asia/Rangoon",
"description": "Asia/Rangoon GMT+6"
},
{
"timezone": "Australia/Sydney",
"description": "Australia/Sydney GMT+10"
},
{
"timezone": "Etc/GMT+3",
"description": "Etc/GMT+3"
}
]
View products for a user profile
Return all products a user can subscribe to and receive notifications for on the account. The account is determined by the tokens in your API client. Users can run this operation to modify the set of products for which they receive notifications. Administrators who modify a user’s profile should run the View Products operation.
GET /identity-management/
Status 200
application/json
Response Body:
[
"EdgeComputing for Java",
"Streaming",
"Enhanced DNS",
"Site Delivery",
"Secure FreeFlow (HTTPS Content Delivery using ARLs)",
"Log Delivery Service",
"Site Acceleration",
"Web Application Accelerator",
"EdgeScape",
"Security",
"NetStorage"
]
Data
This section provides details for each type of data object the API exchanges.
Download the JSON schemas for this API.
The data schema tables below list membership requirements as follows:
| ✓ | Member is required to be present, regardless of whether its value is empty or null. |
| ○ | Member is optional, and may be omitted in some cases. |
Group
Encapsulates information about a group.
Download schema:
GroupResponse.json
Sample GET response:
{
"groupId": 12345,
"groupName": "TopLevelGroup",
"createdDate": "2012-04-28T00:00:00.000Z",
"createdBy": "johndoe",
"modifiedDate": "2012-04-28T00:00:00.000Z",
"modifiedBy": "johndoe",
"actions": {
"edit": true,
"delete": false
},
"subGroups": [
{
"groupId": 11111,
"groupName": "First Level SubGroup",
"createdDate": "2013-10-29T19:05:52.000Z",
"createdBy": "johndoe",
"modifiedDate": "2017-07-25T22:30:20.000Z",
"modifiedBy": "lionelmessi",
"parentGroupId": 12345,
"actions": {
"edit": true,
"delete": false
},
"subGroups": [
{
"groupId": 123456,
"groupName": "Second Level SubGroup",
"createdDate": "2017-07-25T22:30:47.000Z",
"createdBy": "Company",
"modifiedDate": "2017-07-25T22:30:47.000Z",
"modifiedBy": "Company",
"parentGroupId": 11111,
"actions": {
"edit": true,
"delete": false
},
"subGroups": []
}
]
}
]
}
Group members
| Member | Type | Required | Description |
|---|---|---|---|
actions |
Group. |
○ | Encapsulates permissions available to the user for this group. This data is available when you specify the actions parameter of the same name, not to be confused with the action parameter, which applies to the Set Two-Factor Authentication operation. |
createdBy |
String | ○ | Read-only. The user name or email of the person who created the group. |
createdDate |
String | ○ | Read-only. ISO 8601 timestamp indicating when the group was originally created. |
groupId |
Integer | ○ | Read-only. Unique identifier for each group. |
groupName |
String | ○ | The name you supply for the group. |
modifiedBy |
String | ○ | Read-only. The username or email of the last person to edit the group. |
modifiedDate |
String | ○ | Read-only. ISO 8601 timestamp indicating when the group was last updated. |
parentGroupId |
Integer | ○ | Read-only. For nested groups, identifies the parent group to which the current group belongs. |
subGroups |
Object | ○ | Array of nested Group objects. |
Group.actions: Encapsulates permissions available to the user for this group. This data is available when you specify the actions parameter of the same name, not to be confused with the action parameter, which applies to the Set Two-Factor Authentication operation. |
|||
delete |
Boolean | ○ | Whether the user can remove items from the group. |
edit |
Boolean | ○ | Whether the user can modify items in the group. |
Property
Encapsulates information about a property.
Download schema:
PropertyResponse.json
Sample GET response:
{
"createdDate": "2017-07-27T18:11:25.000Z",
"createdBy": "doe.john@example.com",
"modifiedDate": "2017-07-27T18:11:25.000Z",
"modifiedBy": "doe.john@example.com",
"groupName": "Sales Team",
"groupId": 45678,
"arlConfigFile": "abc-dn123-abcde.akamaiorigin.net.xml",
"propertyId": 9678999,
"propertyName": "abc-dn123-abcde.akamaiorigin.net"
}
Property members
| Member | Type | Required | Description |
|---|---|---|---|
arlConfigFile |
String | ✓ | The configuration file. The arlConfigFile is the same as the propertyName with an xml extension. |
createdBy |
String | ✓ | Read-only. The user name or email of the person who created the property. |
createdDate |
String | ✓ | Read-only. ISO 8601 timestamp indicating when the property was originally created. |
groupId |
Integer | ✓ | Read-only. Unique identifier for each group. |
groupName |
String | ✓ | The name you supply for the group. |
modifiedBy |
String | ✓ | Read-only. The username or email of the last person to edit the property. |
modifiedDate |
String | ✓ | Read-only. ISO 8601 timestamp indicating when the property was last updated. |
propertyId |
Integer | ✓ | Read-only. Unique identifier for each property. |
propertyName |
String | ✓ | The name you supply for the property. |
Resource
Encapsulates information about resources.
Download schema:
ResourceItem.json
Sample GET response:
[
{
"resourceId": 111111,
"resourceType": "arlfile",
"resourceName": "abc-dn123-abcde.akamaiorigin.net.xml",
"modifiedDate": "2017-09-07T17:00:58.000Z"
},
{
"resourceId": 8988898,
"resourceType": "cpcode",
"resourceName": "mycpcodeexample(123456)",
"modifiedDate": "2017-04-24T16:19:27.000Z"
}
]
Resource members
| Member | Type | Required | Description |
|---|---|---|---|
modifiedDate |
String | ○ | Read-only. ISO 8601 timestamp indicating when the resource was last updated. |
resourceId |
Integer | ○ | Read-only. Unique identifier for each resource. |
resourceName |
String | ○ | The name you supply for the resource. |
resourceType |
Enumeration | ○ | The type of the resource, either cname, arlfile, cpcode, storagegroup, fpdomain, or edns. |
User
Encapsulates information about each user.
Download schema:
UserResponse.json
Sample GET response:
[
{
"uiIdentityId": "A-B-123456",
"firstName": "John",
"lastName": "Doe",
"uiUserName": "johndoe",
"email": "john.doe@mycompany.com",
"accountId": "1-123A",
"phone": "3456788765",
"timezone": "GMT",
"lastLoginDate": "2016-01-13T17:53:57Z",
"contactType": "Billing",
"preferredLanguage": "English",
"sessionTimeOut": 14400,
"passwordExpiryDate": "2018-01-13T17:53:57Z",
"secondaryEmail": "john_doe@gmail.com",
"mobilePhone": "3456789999",
"street": "First Street",
"city": "Santa Clara",
"state": "CA",
"zipCode": "34567",
"country": "USA",
"jobTitle": "engineer",
"tfaEnabled": true,
"isLocked": false,
"actions": {
"resetPassword": true,
"delete": true,
"edit": true,
"apiClient": true,
"thirdPartyAccess": true,
"isCloneable": true
},
"authGrants": [
{
"groupId": 12345,
"roleId": 12,
"groupName": "mygroup",
"roleName": "admin",
"roleDescription": "This is a new role that has been created to",
"isBlocked": false
}
]
}
]
User members
| Member | Type | Required | Description |
|---|---|---|---|
actions |
User. |
○ | Encapsulates permissions available to the user for this group. This data is available when you specify the actions parameter of the same name, not to be confused with the action parameter, which applies to the Set Two-Factor Authentication operation. |
authGrants |
User. |
○ | A user’s role assignments, per group. |
email |
String | ✓ | The user’s email address. |
firstName |
String | ✓ | The user’s first name. |
isLocked |
Boolean | ○ | The user’s lock status. |
lastName |
String | ✓ | The user’s surname. |
phone |
String | ✓ | The user’s main phone number, represented as a ten-digit integer within a string. |
timezone |
String | ○ | The user’s time zone, any of the values available from the View Time Zones operation. |
uiIdentityId |
String | ✓ | Read-only. A unique identifier for a user’s profile, which corresponds to a user’s actual profile or client ID. |
uiUserName |
String | ○ | A user’s loginId. Typically, a user’s email address. |
User.actions: Encapsulates permissions available to the user for this group. This data is available when you specify the actions parameter of the same name, not to be confused with the action parameter, which applies to the Set Two-Factor Authentication operation. |
|||
apiClient |
Boolean | ✓ | Allows the admin to create an API client. |
delete |
Boolean | ✓ | Whether the user is deletable. |
edit |
Boolean | ✓ | Whether the user is editable. |
isCloneable |
Boolean | ✓ | If true an admin can create a new user with the same permissions as this user. |
resetPassword |
Boolean | ✓ | Allows an admin to send a user a password by email or see a one-time token |
thirdPartyAccess |
Boolean | ✓ | Allows the admin to manage extended access. |
| User.authGrants[]: A user’s role assignments, per group. | |||
groupId |
Integer | ○ | Read-only. Unique identifier for each group. |
groupName |
String | ○ | The name you supply for the group. |
isBlocked |
Boolean | ○ | Whether a user’s access is blocked for a group. |
roleDescription |
String | ○ | Descriptive text for the role. |
roleId |
Integer | ○ | Read-only. Unique identifier for each role. |
roleName |
String | ○ | The name you supply for the role. |
Role
A role that includes granted roles.
Download schema:
RoleWithGrantedRoles.json
Sample GET response:
{
"roleId": 123456,
"roleName": "Security View Only",
"roleDescription": "This role will allow you to look at the security reports",
"type": "custom",
"createdDate": "2017-07-27T18:11:25.000Z",
"createdBy": "john.doe@mycompany.com",
"modifiedDate": "2017-07-27T18:11:25.000Z",
"modifiedBy": "john.doe@mycompany.com",
"actions": {
"edit": false,
"delete": false
},
"users": [
{
"uiIdentityId": "A-B-12345",
"firstName": "John",
"lastName": "Doe",
"accountId": "1-2ABC",
"email": "john.doe@mycompany.com",
"lastLoginDate": "2017-08-03T21:15:27.000Z"
},
{
"uiIdentityId": "1-2ABCD",
"firstName": "Jane",
"lastName": "Lane",
"accountId": "1-7XYZ",
"email": "lane.jane@mycompany.com",
"lastLoginDate": "2016-09-07T00:00:00.000Z"
}
],
"grantedRoles": [
{
"grantedRoleId": 12345,
"grantedRoleName": "SecurityViewOnly"
}
]
}
Role members
| Member | Type | Required | Description |
|---|---|---|---|
actions |
Role. |
○ | Encapsulates permissions available to the user for this group. This data is available when you specify the actions parameter of the same name, not to be confused with the action parameter, which applies to the Set Two-Factor Authentication operation. |
createdBy |
String | ✓ | Read-only. The user name or email of the person who created the granted role. |
createdDate |
String | ✓ | Read-only. ISO 8601 timestamp indicating when the granted role was originally created. |
modifiedBy |
String | ✓ | Read-only. The username or email of the last person to edit the granted role. |
modifiedDate |
String | ✓ | Read-only. ISO 8601 timestamp indicating when the granted role was last updated. |
roleDescription |
String | ✓ | Descriptive text for the role. |
roleId |
Integer | ✓ | Read-only. Unique identifier for each role. |
roleName |
String | ✓ | The name you supply for the role. |
type |
Enumeration | ✓ | Whether the role is a standard or custom role. |
Role.actions: Encapsulates permissions available to the user for this group. This data is available when you specify the actions parameter of the same name, not to be confused with the action parameter, which applies to the Set Two-Factor Authentication operation. |
|||
delete |
Boolean | ○ | Whether the user can remove items from the group. |
edit |
Boolean | ○ | Whether the user can modify items in the group. |
GrantableRole
Encapsulates identifiers for granted roles.
Download schema:
GrantedRole.json
Sample GET response:
[
{
"grantedRoleId": 2051,
"grantedRoleName": "WAF Strict WhiteList"
},
{
"grantedRoleId": 1032,
"grantedRoleName": "License Delivery Configurations - Manage"
},
{
"grantedRoleId": 2063,
"grantedRoleName": "View Audience Analytics Reports"
},
{
"grantedRoleId": 77852,
"grantedRoleName": "RealUserMonitoring - View Only"
},
{
"grantedRoleId": 32,
"grantedRoleName": "Enhanced DNS - All privileges (add/edit/view)"
}
]
GrantableRole members
| Member | Type | Required | Description |
|---|---|---|---|
grantedRoleId |
Integer | ○ | Read-only. Unique identifier for each granted role. |
grantedRoleName |
String | ○ | The name you supply for the granted role. |
Notifications
Encapsulates the types of email notifications you can receive.
Download schema:
NotificationsResponse.json
Sample PUT response:
{
"enableEmailNotifications": true,
"options": {
"upgrade": [
"NetStorage",
"Other Upgrade Notifications (Planned)"
],
"proactive": [
"EdgeScape",
"EdgeSuite (HTTP Content Delivery)"
],
"passwordExpiry": true
}
}
Notifications members
| Member | Type | Required | Description |
|---|---|---|---|
enableEmailNotifications |
Boolean | ○ | If true, suspend email notifications. If false, send email notifications. |
options |
Notifications. |
○ | Specific notification types users can subscribe to. |
| Notifications.options: Specific notification types users can subscribe to. | |||
passwordExpiry |
Boolean | ○ | Send emails regarding password expiration. |
proactive |
Array | ○ | A list of products subscribed to for proactive notification emails. |
upgrade |
Array | ○ | A list of products subscribed to for upgrade notification emails. |
MoveGroup
Describes the request body to move one group under another group, or to move a property from one group to another.
Download schema:
MoveGroupRequest.json
Sample POST request:
{
"sourceGroupId": 12345,
"destinationGroupId": 54321
}
MoveGroup members
| Member | Type | Required | Description |
|---|---|---|---|
destinationGroupId |
Integer | ✓ | Identifies the group to which you want to move the property. |
sourceGroupId |
Integer | ✓ | Identifies the group from which you want to move the property. |
RotatePassword
Uses the old password to authenticate you are who you say you are when you update your password. Includes the new password.
Download schema:
ChangePasswordRequest.json
Sample POST request:
{
"currentPassword": "abcbd",
"newPassword": "abcdg"
}
RotatePassword members
| Member | Type | Required | Description |
|---|---|---|---|
currentPassword |
String | ✓ | Your existing password. |
newPassword |
String | ✓ | Your new password. |
PasswordPolicy
Encapsulates all information for a password policy.
Download schema:
PortalPasswordClass.json
Sample GET response:
{
"pwclass": "aka90",
"minLength": 8,
"minLetters": 1,
"minDigits": 1,
"caseDif": 0,
"minNonAlpha": 0,
"maxRepeating": 2,
"minReuse": 4,
"rotateFrequency": 90
}
PasswordPolicy members
| Member | Type | Required | Description |
|---|---|---|---|
caseDif |
Integer | ✓ | The number of characters that at minimum, must be in a different case. For example, a value of 1 means at least one letter must be uppercase if the rest are lowercase. |
maxRepeating |
Integer | ✓ | The maximum allowed number of repeating characters. |
minDigits |
Integer | ✓ | The minimum number of digits in a password. |
minLength |
Integer | ✓ | The minimum length of a password. |
minLetters |
Integer | ✓ | The minimum number of letters in a password. |
minNonAlpha |
Integer | ✓ | The minimum number of non-alphabetic characters in a password. |
minReuse |
Integer | ✓ | The minimum number of previous passwords to retain to prevent password reuse. |
pwclass |
String | ✓ | A unique identifier for a password policy. |
rotateFrequency |
Integer | ○ | The number of days a password is valid. |
TimeoutPolicy
Specifies session timeout policy options that can be assigned to each user.
Download schema:
SessionTimeoutPolicy.json
Sample GET:
[
{
"name": "after15Minutes",
"value": 900
},
{
"name": "after30Minutes",
"value": 1800
},
{
"name": "after45Minutes",
"value": 2700
},
{
"name": "after1Hour",
"value": 3600
},
{
"name": "after2Hours",
"value": 7200
},
{
"name": "after4Hours",
"value": 14400
},
{
"name": "after18Hours",
"value": 64800
}
]
TimeoutPolicy members
| Member | Type | Required | Description |
|---|---|---|---|
name |
String | ✓ | The unit of time in which the timeout is measured. The timeout is measured in seconds. |
value |
Integer | ✓ | The number of seconds until the timeout. |
TimeZone
Specifies time zones that can be assigned to each user.
Download schema:
TimeZone.json
Sample GET:
[
{
"timezone": "Asia/Rangoon",
"description": "Asia/Rangoon GMT+6"
},
{
"timezone": "Australia/Sydney",
"description": "Australia/Sydney GMT+10"
},
{
"timezone": "Etc/GMT+3",
"description": "Etc/GMT+3"
}
]
TimeZone members
| Member | Type | Required | Description |
|---|---|---|---|
description |
String | ✓ | The description of a time zone, including the GMT +/-. |
timezone |
String | ✓ | The time zone ID. |
Errors
This section provides details on the data object that reflects the API’s common response to error cases, and lists the API’s range of response status codes for both error and success cases.
Error responses
This API adheres to the HTTP Problem Details standard.
HTTP status codes
This section lists the full range of response codes the API may generate.
| Code | Description |
|---|---|
| 200 | The operation was successful. |
| 201 | Resource successfully created. |
| 204 | Successfully processed request. Empty/no response body. |
| 400 | Bad Request. |
| 401 | Authentication failure. |
| 403 | Access is forbidden. |
| 404 | Resource not found. |
| 405 | Method not supported. |
| 409 | Conflict with current state of resource. |
| 415 | Unsupported media type. |
| 500 | Internal server error. |
| 502 | Platform timeout error. |
| 503 | Too many requests. Service is temporarily unavailable. |
| 507 | Insufficient storage for size of request. Try again later. |
Last modified: 11/14/2017