Identity Management: User Administration API Data

This section provides details for each type of data object the API exchanges. The data schema tables below list membership requirements as follows:

Member is required to be present, regardless of whether the value is empty or null.
Member is optional, and may be omitted in some cases.

Schemas

Group

Encapsulates information about a group.

Sample GET response:

{
    "groupId": 12345,
    "groupName": "TopLevelGroup",
    "createdDate": "2012-04-28T00:00:00.000Z",
    "createdBy": "johndoe",
    "modifiedDate": "2012-04-28T00:00:00.000Z",
    "modifiedBy": "johndoe",
    "actions": {
        "edit": true,
        "delete": false
    },
    "subGroups": [
        {
            "groupId": 11111,
            "groupName": "First Level SubGroup",
            "createdDate": "2013-10-29T19:05:52.000Z",
            "createdBy": "johndoe",
            "modifiedDate": "2017-07-25T22:30:20.000Z",
            "modifiedBy": "lionelmessi",
            "parentGroupId": 12345,
            "actions": {
                "edit": true,
                "delete": false
            },
            "subGroups": [
                {
                    "groupId": 123456,
                    "groupName": "Second Level SubGroup",
                    "createdDate": "2017-07-25T22:30:47.000Z",
                    "createdBy": "Company",
                    "modifiedDate": "2017-07-25T22:30:47.000Z",
                    "modifiedBy": "Company",
                    "parentGroupId": 11111,
                    "actions": {
                        "edit": true,
                        "delete": false
                    },
                    "subGroups": []
                }
            ]
        }
    ]
}

Group Members

Member Type Required Description
actions Group.actions Encapsulates permissions available to the user for this group. This data is available when you specify the actions parameter of the same name, not to be confused with the action parameter, which applies to the Set Two-Factor Authentication operation.
createdBy String Read-only. The user name or email of the person who created the group.
createdDate String Read-only. ISO 8601 timestamp indicating when the group was originally created.
groupId Integer Read-only. Unique identifier for each group.
groupName String The name you supply for the group.
modifiedBy String Read-only. The username or email of the last person to edit the group.
modifiedDate String Read-only. ISO 8601 timestamp indicating when the group was last updated.
parentGroupId Integer Read-only. For nested groups, identifies the parent group to which the current group belongs.
subGroups Object Array of nested Group objects.

Group.actions  

Encapsulates permissions available to the user for this group. This data is available when you specify the actions parameter of the same name, not to be confused with the action parameter, which applies to the Set Two-Factor Authentication operation.

Member Type Required Description
delete Boolean Whether the user can remove items from the group.
edit Boolean Whether the user can modify items in the group.

Property

Encapsulates information about a property.

Sample GET response:

{
    "createdDate": "2017-07-27T18:11:25.000Z",
    "createdBy": "doe.john@example.com",
    "modifiedDate": "2017-07-27T18:11:25.000Z",
    "modifiedBy": "doe.john@example.com",
    "groupName": "Sales Team",
    "groupId": 45678,
    "arlConfigFile": "abc-dn123-abcde.akamaiorigin.net.xml",
    "propertyId": 9678999,
    "propertyName": "abc-dn123-abcde.akamaiorigin.net"
}

Property Members

Member Type Required Description
arlConfigFile String The configuration file. The arlConfigFile is the same as the propertyName with an xml extension.
createdBy String Read-only. The user name or email of the person who created the property.
createdDate String Read-only. ISO 8601 timestamp indicating when the property was originally created.
groupId Integer Read-only. Unique identifier for each group.
groupName String The name you supply for the group.
modifiedBy String Read-only. The username or email of the last person to edit the property.
modifiedDate String Read-only. ISO 8601 timestamp indicating when the property was last updated.
propertyId Integer Read-only. Unique identifier for each property.
propertyName String The name you supply for the property.

Resource

Encapsulates information about resources.

Sample GET response:

[
    {
        "resourceId": 111111,
        "resourceType": "arlfile",
        "resourceName": "abc-dn123-abcde.akamaiorigin.net.xml",
        "modifiedDate": "2017-09-07T17:00:58.000Z"
    },
    {
        "resourceId": 8988898,
        "resourceType": "cpcode",
        "resourceName": "mycpcodeexample(123456)",
        "modifiedDate": "2017-04-24T16:19:27.000Z"
    }
]

Resource Members

Member Type Required Description
modifiedDate String Read-only. ISO 8601 timestamp indicating when the resource was last updated.
resourceId Integer Read-only. Unique identifier for each resource.
resourceName String The name you supply for the resource.
resourceType Enumeration The type of the resource, either cname, arlfile, cpcode, storagegroup, fpdomain, or edns.

User

Encapsulates information about each user.

Sample GET response:

[
    {
        "uiIdentityId": "A-B-123456",
        "firstName": "John",
        "lastName": "Doe",
        "uiUserName": "johndoe",
        "email": "john.doe@mycompany.com",
        "accountId": "1-123A",
        "phone": "3456788765",
        "timezone": "GMT",
        "lastLoginDate": "2016-01-13T17:53:57Z",
        "contactType": "Billing",
        "preferredLanguage": "English",
        "sessionTimeOut": 14400,
        "passwordExpiryDate": "2018-01-13T17:53:57Z",
        "secondaryEmail": "john_doe@gmail.com",
        "mobilePhone": "3456789999",
        "street": "First Street",
        "city": "Santa Clara",
        "state": "CA",
        "zipCode": "34567",
        "country": "USA",
        "jobTitle": "engineer",
        "tfaEnabled": true,
        "isLocked": false,
        "actions": {
            "resetPassword": true,
            "delete": true,
            "edit": true,
            "apiClient": true,
            "thirdPartyAccess": true,
            "isCloneable": true
        },
        "authGrants": [
            {
                "groupId": 12345,
                "roleId": 12,
                "groupName": "mygroup",
                "roleName": "admin",
                "roleDescription": "This is a new role that has been created to",
                "isBlocked": false
            }
        ]
    }
]

User Members

Member Type Required Description
actions User.actions Encapsulates permissions available to the user for this group. This data is available when you specify the actions parameter of the same name, not to be confused with the action parameter, which applies to the Set Two-Factor Authentication operation.
authGrants User.authGrants[n] A user’s role assignments, per group.
email String The user’s email address.
firstName String The user’s first name.
isLocked Boolean The user’s lock status.
lastName String The user’s surname.
phone String The user’s main phone number, represented as a ten-digit integer within a string.
timezone String The user’s time zone, any of the values available from the View Time Zones operation.
uiIdentityId String Read-only. A unique identifier for a user’s profile, which corresponds to a user’s actual profile or client ID.
uiUserName String A user’s loginId. Typically, a user’s email address.

User.actions  

Encapsulates permissions available to the user for this group. This data is available when you specify the actions parameter of the same name, not to be confused with the action parameter, which applies to the Set Two-Factor Authentication operation.

Member Type Required Description
apiClient Boolean Allows the admin to create an API client.
delete Boolean Whether the user is deletable.
edit Boolean Whether the user is editable.
isCloneable Boolean If true an admin can create a new user with the same permissions as this user.
resetPassword Boolean Allows an admin to send a user a password by email or see a one-time token
thirdPartyAccess Boolean Allows the admin to manage extended access.

User.authGrants[n]  

A user’s role assignments, per group.

Member Type Required Description
groupId Integer Read-only. Unique identifier for each group.
groupName String The name you supply for the group.
isBlocked Boolean Whether a user’s access is blocked for a group.
roleDescription String Descriptive text for the role.
roleId Integer Read-only. Unique identifier for each role.
roleName String The name you supply for the role.

Role

A role that includes granted roles.

Sample GET response:

{
    "roleId": 123456,
    "roleName": "Security View Only",
    "roleDescription": "This role will allow you to look at the security reports",
    "type": "custom",
    "createdDate": "2017-07-27T18:11:25.000Z",
    "createdBy": "john.doe@mycompany.com",
    "modifiedDate": "2017-07-27T18:11:25.000Z",
    "modifiedBy": "john.doe@mycompany.com",
    "actions": {
        "edit": false,
        "delete": false
    },
    "users": [
        {
            "uiIdentityId": "A-B-12345",
            "firstName": "John",
            "lastName": "Doe",
            "accountId": "1-2ABC",
            "email": "john.doe@mycompany.com",
            "lastLoginDate": "2017-08-03T21:15:27.000Z"
        },
        {
            "uiIdentityId": "1-2ABCD",
            "firstName": "Jane",
            "lastName": "Lane",
            "accountId": "1-7XYZ",
            "email": "lane.jane@mycompany.com",
            "lastLoginDate": "2016-09-07T00:00:00.000Z"
        }
    ],
    "grantedRoles": [
        {
            "grantedRoleId": 12345,
            "grantedRoleName": "SecurityViewOnly"
        }
    ]
}

Role Members

Member Type Required Description
actions Role.actions Encapsulates permissions available to the user for this group. This data is available when you specify the actions parameter of the same name, not to be confused with the action parameter, which applies to the Set Two-Factor Authentication operation.
createdBy String Read-only. The user name or email of the person who created the granted role.
createdDate String Read-only. ISO 8601 timestamp indicating when the granted role was originally created.
modifiedBy String Read-only. The username or email of the last person to edit the granted role.
modifiedDate String Read-only. ISO 8601 timestamp indicating when the granted role was last updated.
roleDescription String Descriptive text for the role.
roleId Integer Read-only. Unique identifier for each role.
roleName String The name you supply for the role.
type Enumeration Whether the role is a standard or custom role.

Role.actions  

Encapsulates permissions available to the user for this group. This data is available when you specify the actions parameter of the same name, not to be confused with the action parameter, which applies to the Set Two-Factor Authentication operation.

Member Type Required Description
delete Boolean Whether the user can remove items from the group.
edit Boolean Whether the user can modify items in the group.

GrantableRole

Encapsulates identifiers for granted roles.

Sample GET response:

[
    {
        "grantedRoleId": 2051,
        "grantedRoleName": "WAF Strict WhiteList"
    },
    {
        "grantedRoleId": 1032,
        "grantedRoleName": "License Delivery Configurations - Manage"
    },
    {
        "grantedRoleId": 2063,
        "grantedRoleName": "View Audience Analytics Reports"
    },
    {
        "grantedRoleId": 77852,
        "grantedRoleName": "RealUserMonitoring - View Only"
    },
    {
        "grantedRoleId": 32,
        "grantedRoleName": "Enhanced DNS - All privileges (add/edit/view)"
    }
]

GrantableRole Members

Member Type Required Description
grantedRoleId Integer Read-only. Unique identifier for each granted role.
grantedRoleName String The name you supply for the granted role.

Notifications

Encapsulates the types of email notifications you can receive.

Sample PUT response:

{
    "enableEmailNotifications": true,
    "options": {
        "upgrade": [
            "NetStorage",
            "Other Upgrade Notifications (Planned)"
        ],
        "proactive": [
            "EdgeScape",
            "EdgeSuite (HTTP Content Delivery)"
        ],
        "passwordExpiry": true
    }
}

Notifications Members

Member Type Required Description
enableEmailNotifications Boolean If true, suspend email notifications. If false, send email notifications.
options Notifications.options Specific notification types users can subscribe to.

Notifications.options  

Specific notification types users can subscribe to.

Member Type Required Description
passwordExpiry Boolean Send emails regarding password expiration.
proactive Array A list of products subscribed to for proactive notification emails.
upgrade Array A list of products subscribed to for upgrade notification emails.

MoveGroup

Describes the request body to move one group under another group, or to move a property from one group to another.

Sample POST request:

{
    "sourceGroupId": 12345,
    "destinationGroupId": 54321
}

MoveGroup Members

Member Type Required Description
destinationGroupId Integer Identifies the group to which you want to move the property.
sourceGroupId Integer Identifies the group from which you want to move the property.

RotatePassword

Uses the old password to authenticate you are who you say you are when you update your password. Includes the new password.

Sample POST request:

{
    "currentPassword": "abcbd",
    "newPassword": "abcdg"
}

RotatePassword Members

Member Type Required Description
currentPassword String Your existing password.
newPassword String Your new password.

PasswordPolicy

Encapsulates all information for a password policy.

Sample GET response:

{
    "pwclass": "aka90",
    "minLength": 8,
    "minLetters": 1,
    "minDigits": 1,
    "caseDif": 0,
    "minNonAlpha": 0,
    "maxRepeating": 2,
    "minReuse": 4,
    "rotateFrequency": 90
}

PasswordPolicy Members

Member Type Required Description
caseDif Integer The number of characters that at minimum, must be in a different case. For example, a value of 1 means at least one letter must be uppercase if the rest are lowercase.
maxRepeating Integer The maximum allowed number of repeating characters.
minDigits Integer The minimum number of digits in a password.
minLength Integer The minimum length of a password.
minLetters Integer The minimum number of letters in a password.
minNonAlpha Integer The minimum number of non-alphabetic characters in a password.
minReuse Integer The minimum number of previous passwords to retain to prevent password reuse.
pwclass String A unique identifier for a password policy.
rotateFrequency Integer The number of days a password is valid.

TimeoutPolicy

Specifies session timeout policy options that can be assigned to each user.

Sample GET:

[
    {
        "name": "after15Minutes",
        "value": 900
    },
    {
        "name": "after30Minutes",
        "value": 1800
    },
    {
        "name": "after45Minutes",
        "value": 2700
    },
    {
        "name": "after1Hour",
        "value": 3600
    },
    {
        "name": "after2Hours",
        "value": 7200
    },
    {
        "name": "after4Hours",
        "value": 14400
    },
    {
        "name": "after18Hours",
        "value": 64800
    }
]

TimeoutPolicy Members

Member Type Required Description
name String The unit of time in which the timeout is measured. The timeout is measured in seconds.
value Integer The number of seconds until the timeout.

TimeZone

Specifies time zones that can be assigned to each user.

Sample GET:

[
    {
        "timezone": "Asia/Rangoon",
        "description": "Asia/Rangoon GMT+6"
    },
    {
        "timezone": "Australia/Sydney",
        "description": "Australia/Sydney GMT+10"
    },
    {
        "timezone": "Etc/GMT+3",
        "description": "Etc/GMT+3"
    }
]

TimeZone Members

Member Type Required Description
description String The description of a time zone, including the GMT +/-.
timezone String The time zone ID.

Last modified: 11/14/2017