Identity Management API Resources

This API requires an OPEN Identity ID. The OPEN Identity ID is visible in the credential details section of the OPEN Identity details page. To retrieve the ID:

  1. In LUNA, Navigate to the OPEN Identity detail page.

  2. Retrieve the ID from underneath API Client name.

  3. Insert the ID in each endpoint where applicable.

API Summary

Operation Method Endpoint
Credentials   (download RAML)
List Credentials GET /identity-management/v1/open-identities/{openIdentityId}/credentials
Create a Credential POST /identity-management/v1/open-identities/{openIdentityId}/credentials
Get a Credential GET /identity-management/v1/open-identities/{openIdentityId}/credentials/{credentialId}
Update a Credential PUT /identity-management/v1/open-identities/{openIdentityId}/credentials/{credentialId}
Remove a Credential DELETE /identity-management/v1/open-identities/{openIdentityId}/credentials/{credentialId}
Deactivate All Credentials POST /identity-management/v1/open-identities/{openIdentityId}/credentials/deactivate

List Credentials

Provide a list of credentials belonging to an OPEN identity.

GET /identity-management/v1/open-identities/{openIdentityId}/credentials

Sample: /identity-management/v1/open-identities/pa444oyidwo6j4hy/credentials

Parameter Type Sample Description
URL Parameters
openIdentityId String pa444oyidwo6j4hy A unique identifier for each OPEN identity.

Status 200 application/json

Schema: credentials.json

Response:

[
    {
        "status": "ACTIVE",
        "description": "John's access to Property Manager",
        "expiresOn": "2018-11-01T23:06:59.000Z",
        "createdOn": "2016-11-01T23:06:59.000Z",
        "credentialId": 99999,
        "clientToken": "akaa-6dydkaj7a6rroil4-m6qeabciz3u2mnrw"
    },
    {
        "status": "INACTIVE",
        "description": "John's access to Event Center",
        "expiresOn": "2018-11-01T23:06:59.000Z",
        "createdOn": "2016-11-01T23:06:59.000Z",
        "credentialId": 88888,
        "clientToken": "akaa-6dydkaj7a6ppoil4-m6qnn72iz999mnrw"
    }
]
  1. Retrieve identityID using the instructions in Getting Started.

  2. Make a GET request to /identity-management/v1/open-identities/{openIdentityId}/credentials.

Create a Credential

Create a new credential for an OPEN identity. Only the owner of an identity can create credentials for it. Credentials have an active status and expire two years from the creation date by default. Run the Update a Credential operation to change the expiration date, description or status. Save information from the response information like the credentialID for future use. This is the only time you will see the client secret. If you do not save it at this time, you will need to create a new credential.

POST /identity-management/v1/open-identities/{openIdentityId}/credentials

Sample: /identity-management/v1/open-identities/pa444oyidwo6j4hy/credentials

Parameter Type Sample Description
URL Parameters
openIdentityId String pa444oyidwo6j4hy A unique identifier for each OPEN identity.

Status 200 application/json

Schema: credential.json

Response:

{
    "status": "ACTIVE",
    "clientSecret": "aasd3adHRjBfroGqYC/rc/jDaZTZxssdaa/YjD6uA=",
    "description": "New credential for John.",
    "expiresOn": "2018-11-01T23:06:59.000Z",
    "createdOn": "2016-11-01T23:06:59.000Z",
    "credentialId": 14111,
    "clientToken": "akaa-6dydkaj7a6ppoil4-m6qeb72iz3u2mnrw"
}
  1. If you don’t already have an identityId, get one as described in Getting Started.

  2. Make a POST request to /identity-management/v1/open-identities/{openIdentityId}/credentials.

Get a Credential

Provide details for a single credential. Use Update a Credential to change the credential’s expiration date, or toggle the credential’s activation status.

GET /identity-management/v1/open-identities/{openIdentityId}/credentials/{credentialId}

Sample: /identity-management/v1/open-identities/pa444oyidwo6j4hy/credentials/345678

Parameter Type Sample Description
URL Parameters
openIdentityId String pa444oyidwo6j4hy A unique identifier for each OPEN identity.
credentialId Number 345678 A credential’s unique identifier.

Status 200 application/json

Schema: credential-nosecret.json

Response:

{
    "status": "ACTIVE",
    "description": "Credential with no secret",
    "expiresOn": "2018-11-01T23:06:59.000Z",
    "createdOn": "2016-11-01T23:06:59.000Z",
    "credentialId": 99999,
    "clientToken": "akaa-6dydkak7a6mmoil4-m6qxy72iz3u2bbrw"
}
  1. If you don’t already have an identityId, get one as described in Getting Started.

  2. Use List Credentials to retrieve a specific credentialId.

  3. Make a GET request to /identity-management/v1/open-identities/{openIdentityId}/credential/{credentialId}.

Update a Credential

Edit credential details. You can change the expiration date, description, or toggle the activation status. This is not the same as rotating a credential. For credential rotation, see Rotate Credentials.

PUT /identity-management/v1/open-identities/{openIdentityId}/credentials/{credentialId}

Sample: /identity-management/v1/open-identities/pa444oyidwo6j4hy/credentials/345678

Content-Type: application/json

Schema: update-credential.json

Request:

{
    "status": "ACTIVE",
    "description": "John's access to Luna.",
    "expiresOn": "2018-02-24T22:43:12Z"
}
Parameter Type Sample Description
URL Parameters
openIdentityId String pa444oyidwo6j4hy A unique identifier for each OPEN identity.
credentialId Number 345678 A credential’s unique identifier.

Status 200 application/json

Schema: credential-nosecret.json

Response:

{
    "status": "ACTIVE",
    "description": "Update this credential",
    "expiresOn": "2018-10-11T23:06:59.000Z"
}
  1. If you don’t already have an identityId, get one as described in Getting Started.

  2. Use List Credentials to retrieve a specific credentialId.

  3. Build a PUT object.

  4. Make a PUT request to /identity-management/v1/open-identities/{openIdentityId}/credential/{credentialId}.

Remove a Credential

Delete a credential. You can only delete inactive credentials.

DELETE /identity-management/v1/open-identities/{openIdentityId}/credentials/{credentialId}

Sample: /identity-management/v1/open-identities/pa444oyidwo6j4hy/credentials/345678

Parameter Type Sample Description
URL Parameters
openIdentityId String pa444oyidwo6j4hy A unique identifier for each OPEN identity.
credentialId Number 345678 A credential’s unique identifier.

Status 200

  1. If you don’t already have an identityId, get one as described in Getting Started.

  2. Use List Credentials to retrieve a specific credentialId.

  3. Make a DELETE request to /identity-management/v1/open-identities/{openIdentityId}/credential/{credentialId}.

Deactivate All Credentials

Deactivate all credentials for an Open Identity. This does not delete the OPEN identity or the credentials. To deactivate a single credential, run the Update a Credential operation and set the status to INACTIVE.

POST /identity-management/v1/open-identities/{openIdentityId}/credentials/deactivate

Sample: /identity-management/v1/open-identities/pa444oyidwo6j4hy/credentials/deactivate

Parameter Type Sample Description
URL Parameters
openIdentityId String pa444oyidwo6j4hy A unique identifier for each OPEN identity.

Status 200

  1. If you don’t already have identityId, get one as described in Getting Started.

  2. Make a POST request to /identity-management/v1/open-identities/{openIdentityId}/credentials/deactivate.


Last modified: 1/17/2017