#%RAML 0.8 title: Authorization API baseUri: https://api.covapp.io/authz/v1 protocols: - HTTPS schemas: - resourceReference: | { "id" : "http://api.covisint.com/schema/resourceReference", "$schema" : "http://json-schema.org/draft-04/schema", "description" : "Schema representing links", "type" : "object", "properties" : { "id" : { "type" : "string", "description" : "The unique identifier for the resource.", "required": true }, "type" : { "type" : "string", "description" : "The type of the resource." }, "realm" : { "type" : "string", "description" : "The realm of the resource." } } } - namedResourceReference: "{\n \"id\" : \"http://api.covisint.com/schema/namedScopedResource\",\n \ \"$schema\" : \"http://json-schema.org/draft-04/schema\",\n \"type\" : \"object\",\n \ \"description\" : \"Expands on the basic resource reference and adds internationalized name and description.\",\n \"extends\" : {\n \"$ref\" : \"http://api.covisint.com/schema/resourceReference#\"\n \ },\n \"properties\" : {\n \"name\" : { \n \"description\": \"Internationalized resource name.\",\n \"$ref\" : \"http://api.covisint.com/idm/schema/internationalString#\"\n \ },\n \"description\" : { \n \"description\": \"Internationalized resource description.\",\n \"$ref\" : \"http://api.covisint.com/idm/schema/internationalString#\"\n \ }\n }\n}\n" - resource: | { "id" : "http://api.covisint.com/schema/resource", "$schema" : "http://json-schema.org/draft-04/schema", "description" : "Core schema", "definitions" : { "resource" : { "id" : "resource", "type" : "object", "description" : "A basic resource.", "properties" : { "id" : { "type" : "string", "maxLength" : 64, "description" : "The unique identifier for this resource.", "required": true }, "version": { "type" : "number", "minimum" : 0, "maximum" : 9223372036854775807, "description" : "The current version for this resource. Exists once the resource has been saved. This is mandatory for PUT requests, but should not be supplied for POST requests.", "required": false }, "creator" : { "type" : "string", "maxLength" : 64, "description" : "The creator of this resource. This read-only field is ignored by the server, and is overlayed with the value supplied in the x-requestor header.", "required": true, "readonly": true }, "creatorAppId" : { "type" : "string", "maxLength" : 64, "description" : "The id of the application used to create this resource. This read-only field is ignored by the server, and is overlayed with the value supplied in the x-requestor-app header.", "required": true, "readonly": true }, "creation" : { "type" : "number", "minimum" : 0, "maximum" : 9223372036854775807, "description" : "This read only property is ignored by the server and the system will overlay with the time, in milliseconds since the epoch, when this resource was created.", "required": true, "readonly": true } } } } } - resourceV2: "{\n \"id\" : \"http://api.covisint.com/schema/resourceV2\",\n \"$schema\" : \"http://json-schema.org/draft-04/schema\",\n \"description\" : \"Core schema\",\n \ \"definitions\" : {\n \"resource\" : {\n \"id\" : \"resourceV2\",\n \ \"type\" : \"object\",\n \"description\" : \"A basic resource (version V2).\",\n \"properties\" : {\n \"id\" : {\n \"type\" : \"string\",\n \ \"maxLength\" : 64,\n \"description\" : \"The unique identifier for this resource.\",\n \"required\": true\n },\n \"version\": {\n \"type\" : \"string\",\n \"description\" : \"The current version for this resource. Exists once the resource has been saved. This is mandatory for PUT requests, but should not be supplied for POST requests.\",\n \"required\": false\n },\n \"creator\" : {\n \"type\" : \"string\",\n \ \"maxLength\" : 64,\n \"description\" : \"The creator of this resource. This read-only field is ignored by the server, and is overlayed with the value supplied in the x-requestor header.\",\n \"required\": true,\n \ \"readonly\": true\n },\n \"creatorAppId\" : {\n \"type\" : \"string\",\n \"maxLength\" : 64,\n \"description\" : \"The id of the application used to create this resource. This read-only field is ignored by the server, and is overlayed with the value supplied in the x-requestor-app header.\",\n \"required\": true,\n \"readonly\": true\n },\n \ \"creation\" : {\n \"type\" : \"number\",\n \"minimum\" : 0,\n \"maximum\" : 9223372036854775807,\n \"description\" : \"This read only property is ignored by the server and the system will overlay with the time, in milliseconds since the epoch, when this resource was created.\",\n \ \"required\": true,\n \"readonly\": true\n }\n }\n \ }\n } \n}\n" - realmScopedResource: "{\n \"id\" : \"http://api.covisint.com/schema/realmScopedResource\",\n \ \"$schema\" : \"http://json-schema.org/draft-04/schema\",\n \"type\" : \"object\",\n \ \"description\" : \"Expands on the base resource and adds a realm attribute.\",\n \ \"extends\" : {\n \"$ref\" : \"http://api.covisint.com/schema/resource#\"\n \ },\n \"properties\" : {\n \"realm\" : {\n \"type\" : \"string\",\n \ \"maxLength\" : 25,\n \"pattern\" : \"^[A-Za-z0-9]{2,25}$\",\n \"description\" : \"The realm in which this resource is being created. This read-only field is ignored by the server, and is overlayed with the value supplied in the x-realm header.\",\n \"required\": true,\n \"readonly\": true \n \ }\n }\n}\n" - realmScopedResourceV2: "{\n \"id\" : \"http://api.covisint.com/schema/realmScopedResourceV2\",\n \ \"$schema\" : \"http://json-schema.org/draft-04/schema\",\n \"type\" : \"object\",\n \ \"description\" : \"A realm scoped resource (version V2). Expands on the base resource (version V2) and adds a realm attribute.\",\n \"extends\" : {\n \"$ref\" : \"http://api.covisint.com/schema/resourceV2#\"\n },\n \"properties\" : {\n \ \"realm\" : {\n \"type\" : \"string\",\n \"maxLength\" : 25,\n \"pattern\" : \"^[A-Za-z0-9]{2,25}$\",\n \"description\" : \"The realm in which this resource is being created. This read-only field is ignored by the server, and is overlayed with the value supplied in the x-realm header.\",\n \"required\": true,\n \"readonly\": true \n }\n }\n} \n" - errorResponseSchema: "{\n \"id\" : \"http://api.covisint.com/schema/errorResponseSchema\",\n \ \"$schema\" : \"http://json-schema.org/draft-04/schema\",\n \"type\" : \"object\",\n \ \"description\" : \"Representation of an HTTP 4xx/5xx error response.\",\n \"properties\" : {\n \"status\" : { \n \"type\" : \"number\",\n \"minimum\" : 400,\n \ \"maximum\" : 599,\n \"description\" : \"The HTTP status code.\",\n \ \"required\": true\n },\n \"apiMessage\" : { \n \"type\" : \"string\",\n \ \"description\" : \"A helpful, human-readable description of the error, useful for basic diagnostics.\" \n },\n \"apiStatusCode\" : {\n \"type\" : \"string\",\n \"description\" : \"The API-specific status code.\"\n }\n \ }\n}\n" - serviceCode: "{\n \"id\" : \"http://api.covisint.com/schema/serviceCodes\",\n \"$schema\" : \"http://json-schema.org/draft-04/schema\",\n \"type\": \"object\",\n \"description\": \"The site/service/location codes granted along with a service.\",\n \"properties\": {\n \"code\": { \"type\": \"string\", \"required\": true, \"maxLength\": 200, \"description\": \"The code value.\" },\n \"codeKind\": { \"type\": \"string\", \"required\": true, \"maxLength\": 36, \"description\": \"The associated business unit.\" }\n }\n} \n" - serviceCodes: | { "type" : "array", "description" : "The site/service/location codes granted along with the service, if any.", "items" : { "$ref" : "http://api.covisint.com/schema/serviceCode#"}, "required": false } - address: | { "id" : "http://api.covisint.com/idm/schema/address", "$schema" : "http://json-schema.org/draft-04/schema", "type" : "object", "description" : "A container for the subject's address elements.", "properties" : { "type" : "string", "streets" : { "type" : "array", "description" : "An array of address streets (i.e. address line 1, 2, 3).", "minItems" : 0, "items" : { "type": "string", "maxLength" : 255 } }, "city" : { "type" : "string", "maxLength" : 60, "description" : "The city name." }, "state" : { "type" : "string", "maxLength" : 60, "description" : "The state/province name or code." }, "postal" : { "type" : "string", "maxLength" : 10, "description" : "The postal or zip code." }, "country" : { "type" : "string", "minLength" : 2, "maxLength" : 3, "description" : "The ISO country code. http://en.wikipedia.org/wiki/ISO_3166-1_alpha-2"} } } - phone: "{\n \"id\" : \"http://api.covisint.com/idm/schema/phone\",\n \"$schema\" : \"http://json-schema.org/draft-04/schema\",\n \"type\" : \"object\",\n \"description\" : \"A container for phone number details.\",\n \"properties\" : {\n \"number\" : { \"type\" : \"string\",\"maxLength\" : 100, \"description\" : \"The phone number.\" },\n \"type\" : { \"enum\" : [ \"main\", \"mobile\", \"fax\" ], \"description\" : \"The phone number type.\" }\n },\n \"required\" : [ \"type\" ]\n} \n" - internationalString: | { "id": "http://api.covisint.com/idm/schema/internationalString", "$schema": "http://json-schema.org/draft-04/schema", "type": "array", "description" : "An internationalized string value, supporting one or more language translations.", "minItems": 1, "items": { "type": "object", "properties": { "lang": { "type": "string", "maxLength": 10, "description": "The language or locale in which the text is written." }, "text": { "type": "string", "maxLength": 2000, "description": "The internationalized text value." } } } } - tags: | { "id": "http://api.covisint.com/idm/schema/tag", "$schema": "http://json-schema.org/draft-04/schema", "type": "array", "description" : "The tags associated with a resource. This array is read-only, and may be modified on the resource endpoint with the appropriate tagging APIs.", "minItems": 1, "items": { "type": "object", "properties": { "tagName": { "type": "string", "description": "The tag associated with a resource." } } } } - baseDefinitionResource: "{\n \"id\" : \"http://api.covisint.com/schema/baseDefinitionResource\",\n \ \"$schema\" : \"http://json-schema.org/draft-04/schema\",\n \"type\" : \"object\",\n \ \"description\" : \"A base rule definition(version V1). Expands on the base resource (version V2) and adds a realm attribute.\",\n \"extends\": {\n \"$ref\" : \"http://api.covisint.com/schema/realmScopedResourceV2#\"\n },\n \"properties\": {\n \"name\": {\n \"description\": \"The application name (internationalized).\",\n \ \"required\": true,\n \"$ref\": \"http://api.covisint.com/schema/internationalString#\"\n \ },\n \"description\": {\n \"required\": false,\n \"description\": \"The application description (internationalized).\",\n \"$ref\" : \"http://api.covisint.com/idm/schema/internationalString#\"\n \ }, \n \"properties\":{\n \"type\":\"array\",\n \"description\":\"Properties used by the implementation.\",\n \"required\":false,\n \"minItems\":0,\n \ \"items\":[ \n { \n \"anyOf\": [\n {\n \ \"type\": \"string\",\n \"description\": \"The name of the property.\",\n \"required\": true\n },\n \ {\n \"type\": \"string\",\n \"description\": \"The value of the property.\",\n \"required\": true\n }\n \ ]\n }\n ]\n }\n }\n}\n" - baseActionDefinitionResource: | { "id" : "http://api.covisint.com/schema/baseActionDefinitionResource", "$schema" : "http://json-schema.org/draft-04/schema", "type" : "object", "description" : "A base action action definition. Expands on the base definition resource ", "extends": { "$ref" : "http://api.covisint.com/schema/baseDefinitionResource#" }, "properties": { "type": { "description": "Type of action definition.", "enum": [ "SEND_APPLICATION_NOTIFICATION", "SEND_COMMAND", "SEND_NOTIFICATION" ], "required": true } } } - baseTriggerDefinitionResource: | { "id" : "http://api.covisint.com/schema/baseTriggerDefinitionResource", "$schema" : "http://json-schema.org/draft-04/schema", "type" : "object", "description" : "A base action trigger definition. Expands on the base definition resource ", "extends": { "$ref" : "http://api.covisint.com/schema/baseDefinitionResource#" }, "properties": { "type": { "description": "Type of trigger definition.", "enum": [ "DEVICE_SEND_EVENT", "DEVICE_LIFECYCLE_STATE_CHANGE", "DEVICE_OPERATIONAL_STATE_CHANGE" ], "required": true } } } - authorizationRequest: "{\n \"id\" : \"http://api.covisint.com/schema/authorizationRequest/v1\",\n \ \"$schema\" : \"http://json-schema.org/draft-04/schema\",\n \"type\" : \"object\",\n \ \"description\" : \"Schema respresenting an authorization request.\",\n \"properties\" : {\n \"subject\": {\n \"description\": \"The subject requesting the authorization.\",\n \ \"$ref\": \"http://api.covisint.com/schema/resourceReference#\",\n \"required\":true,\n \ \"properties\":{\n \"type\" : {\n \"required\" : true,\n \ \"enum\": [ \"PERSON\", \"DEVICE\" ]\n } \n }\n \ },\n \"resource\": {\n \"description\": \"The resource for which authorization is requested.\",\n \"$ref\": \"http://api.covisint.com/schema/resourceReference#\",\n \ \"required\":true,\n \"properties\":{\n \"type\" : {\n \"required\" : true,\n \"enum\": [ \"PERSON\", \"DEVICE\" ]\n } \n \ }\n },\n \"action\": {\n \"type\": \"string\", \n \"description\": \"The requested action.\",\n \"required\": true\n },\n \"environmentAttributes\": {\n \"type\": \"array\", \n \"required\": false,\n \"description\": \"The environment context attributes.\",\n \"items\": {\n \"type\": \"object\",\n \"properties\": {\n \"name\": { \"type\": \"string\", \"description\": \"The environment attribute name.\", \"required\": true },\n \ \"value\": { \"type\": \"string\", \"description\": \"The environment attribute value.\", \"required\": true }\n }\n }\n }\n }\n}\n" - authorizationResponse: "{\n \"id\" : \"http://api.covisint.com/schema/authorizationResponse/v1\",\n \ \"$schema\" : \"http://json-schema.org/draft-04/schema\",\n \"type\" : \"object\",\n \ \"description\" : \"Schema respresenting an authorization response.\",\n \"properties\" : {\n \"instant\" : { \n \"type\" : \"number\", \n \"description\" : \"The time, in milliseconds since the epoch, when the authorization took place.\"\n \ },\n \"authorizationRequest\": { \n \"description\": \"The authorization request associated with this response.\",\n \"$ref\": \"http://api.covisint.com/schema/authorizationRequest/v1#\"\n \ },\n \"authorizationResult\" : { \n \"type\" : \"string\",\n \"enum\" : [ \"PERMIT\", \"DENY\", \"INDETERMINATE\", \"NOT_APPLICABLE\" ],\n \"description\" : \"The status of the authorization request.\"\n }\n }\n}\n" - authorizationPolicy: "{\n \"id\" : \"http://api.covisint.com/schema/authorization/v1\",\n \ \"$schema\" : \"http://json-schema.org/draft-04/schema\",\n \"type\" : \"object\",\n \ \"description\" : \"Schema respresenting an authorization policy resource.\",\n \ \"extends\" : {\n \"$ref\" : \"http://api.covisint.com/schema/realmScopedResourceV2#\"\n \ },\n \"properties\" : {\n \"name\": {\n \"description\": \"The authorization policy name (internationalized).\",\n \"required\": true, \n \"$ref\": \"http://api.covisint.com/idm/schema/internationalString#\"\n },\n \"description\": {\n \"description\": \"The authorization policy description (internationalized).\",\n \ \"required\": false,\n \"$ref\": \"http://api.covisint.com/idm/schema/internationalString#\"\n \ },\n \"active\":{\n \"type\" : \"boolean\",\n \"description\": \"Indicates whether this authorization policy is active. Defaults to false.\",\n \ \"required\": false,\n \"default\": false\n },\n \"subjectTypes\": {\n \"type\": \"array\",\n \"minItems\": 1,\n \"description\": \"The subject types associated with this authorization policy. The type ANY indicates that this authorization policy can be evaluated for any subject type, and it cannot be combined with other subject types for a policy.\",\n \"required\": true,\n \ \"items\": {\n \"type\": \"string\"\n },\n \"enum\": [\"PERSON\", \"DEVICE\", \"ANY\"]\n },\n \"resourceTypes\": {\n \"type\": \"array\",\n \ \"minItems\": 1,\n \"description\": \"The resource types associated with this authorization policy. The type ANY indicates that this authorization policy can be evaluated for any resource type, and it cannot be combined with other subject types for a policy.\",\n \"required\": true,\n \"items\": {\n \"type\": \"string\"\n },\n \"enum\": [\"PERSON\", \"DEVICE\", \"ANY\"]\n }, \n \"actions\": {\n \"type\": \"array\",\n \"minItems\": 1,\n \"description\": \"The actions that this authorization policy can be evaluated against. An action ANY indicated that this authorization policy can be evaluated for any action, and it cannot be combined with other actions for a policy.\",\n \"required\": true,\n \"items\": {\n \"type\": \"string\"\n }\n }, \n \"script\": {\n \"type\": \"string\",\n \ \"minLength\": 1,\n \"description\": \"The base64 encoded authorization javascript that will perform the actual evaluation logic.\",\n \"required\": true\n }\n } \n}\n" - policyManifest: "{\n \"id\" : \"http://api.covisint.com/schema/authorization/v1\",\n \ \"$schema\" : \"http://json-schema.org/draft-04/schema\",\n \"type\" : \"object\",\n \ \"description\" : \"Schema respresenting a policy manifest resource.\",\n \"extends\" : {\n \"$ref\" : \"http://api.covisint.com/schema/resourceV2#\"\n },\n \"properties\" : {\n \"pipUrl\": {\n \"type\": \"string\",\n \"minLength\": 1,\n \ \"description\": \"The policy information point service url associated with this policy manifest.\",\n \"required\": true\n } \n } \n}\n" - pipMetadata: "{\n \"id\" : \"http://api.covisint.com/schema/pipMetadata/v1\",\n \ \"$schema\" : \"http://json-schema.org/draft-04/schema\",\n \"type\" : \"object\",\n \ \"description\" : \"Schema respresenting a policy information point metadata.\",\n \ \"properties\" : {\n \"metadata\" : { \n \"type\" : \"object\", \n \"description\" : \"The metadata associated with a resource type.\"\n }\n }\n}\n" traits: - secured: usage: Apply this to any method that needs to be secured. Requests with this trait require authentication using a bearer token. headers: Authorization: description: Access token that is obtained from the /token endpoint of the oauth API. pattern: "^Bearer .*$" example: Bearer ZCtYUGpYRXpET0JvVE1rZzlWV3I1Yk required: true responses: 401: &6 description: Unauthenticated request. This is returned if the access token is missing, invalid, or expired. Access tokens are obtained through the /token endpoint of the Oauth API. body: application/vnd.com.covisint.error.v1+json: schema: errorResponseSchema 403: &7 description: Unauthorized request. The requestor is not authorized to perform the requested operation. body: application/vnd.com.covisint.error.v1+json: schema: errorResponseSchema - unsecured: usage: Apply this to any method that needs to be unsecured. Requests with this trait does not require any authentication. headers: SolutionInstanceId: description: The solution instance id. example: ZCtYUGpYRXpET0JvVE1rZzlWV3I1Yk required: true responses: 400: description: Bad request. Please provide the valid solution instance id. body: application/vnd.com.covisint.error.v1+json: schema: errorResponseSchema - getResponse: responses: 404: &3 description: | The URI requested is invalid or the resource requested does not exist. ___ Substatus codes and error messages are mentioned below: + (If a resource id is a URI parameter) framework:resource:missing - A resource with the following ID was not found: {resourceId} + No message for an invalid URI body: application/vnd.com.covisint.error.v1+json: schema: errorResponseSchema 406: &1 description: | Unable to produce content of specified 'Accept' media type ___ Substatus codes and error messages are mentioned below: + framework:request:unsupported:mediatype - The server is unable to produce content of type {acceptMediaType} body: application/vnd.com.covisint.error.v1+json: schema: errorResponseSchema 500: &2 description: | An unknown server error occurred ___ Substatus codes and error messages are mentioned below: + framework:unknown body: application/vnd.com.covisint.error.v1+json: schema: errorResponseSchema - getSearchResponse: responses: 406: *1 500: *2 - postResponse: responses: 406: *1 415: &4 description: | Unable to consume content of specified 'Content-Type' media type ___ Substatus codes and error messages are mentioned below: + framework:request:unsupported:mediatype - The server is unable to consume content of type {contentMediaType} body: application/vnd.com.covisint.error.v1+json: schema: errorResponseSchema 500: *2 - deleteResponse: responses: 500: *2 - putResponse: responses: 404: *3 406: *1 409: &5 description: | There is a conflict in identifying the resource being acted on. There are two categories. (1) The unique identifier in the URL and in the body are different. (2) The current version of the resource being updated and the version sent in the body of the request. This may be an indication that the resource has changed since the client loaded it. The conflict should be resolved and the update resubmitted with the current version of the resource. + framework:resource:conflict + framework:resource:conflict:id - The ID of the resource in the request, {requestedId}, does not match the ID of the given resource, {resourceId} + framework:resource:conflict:version - The version of the provided resource, {requestVersion}, does not match the current version of the resource, {latestVersion} body: application/vnd.com.covisint.error.v1+json: schema: errorResponseSchema 415: *4 500: *2 - putResponseV2: responses: 404: *3 406: *1 409: description: | There is a conflict in identifying the resource being acted on. The unique identifier in the URL and body are different. + framework:resource:conflict + framework:resource:conflict:id - The ID of the resource in the request, {requestedId}, does not match the ID of the given resource, {resourceId} body: application/vnd.com.covisint.error.v1+json: schema: errorResponseSchema 415: *4 500: *2 - putCreateResponse: responses: 406: *1 409: *5 415: *4 500: *2 - taskResponse: responses: 401: *6 403: *7 500: *2 - pagableRequest: queryParameters: page: description: Which page to return in the paginated results. The first page is page 1. type: integer required: false minimum: 1 default: 1 pageSize: description: How many items per page in the paginated results. type: integer required: false minimum: 1 default: 50 maximum: 200 - taggable: queryParameters: tag: description: Get the resource based on specified tag. Multiple parameters are allowed and the search results will be a union. type: string required: false - sortable: queryParameters: sortBy: description: Sort the results based on some criteria. example: +creation, -name (These will sort by creation ascending, name descending. If "+/-" prefix is omitted, then an ascending sort is assumed). type: string required: false - searchable: description: Search resources based on the given filter parameters. Search is case-insensitive. <> <> "/tasks/authorize": description: Authorization endpoint. post: is: - postResponse - secured description: Authorizes the subject to perform the requested action against the specified resource. headers: Accept: description: Media type. example: application/vnd.com.covisint.platform.authorization.response.v1+json, application/vnd.com.covisint.platform.authorization.response.v1+protobuf type: string required: true body: application/vnd.com.covisint.platform.authorization.request.v1+json: schema: authorizationRequest application/vnd.com.covisint.platform.authorization.request.v1+protobuf: schema: authorizationRequest responses: 200: description: The authorization response. body: application/vnd.com.covisint.platform.authorization.response.v1+json: schema: authorizationResponse application/vnd.com.covisint.platform.authorization.response.v1+protobuf: schema: authorizationResponse 400: description: "There was a problem with the client's request\n___ \nSubstatus codes and error messages are mentioned below:\n+ framework:request\n+ framework:request:io\n+ framework:request:io:read - Invalid input. There was an error while parsing.\n+ framework:request:io:read:parsing\n+ framework:request:io:write\n+ framework:request:header:missing - Missing request header: {headerName}\n+ framework:request:param:missing - Missing request parameter: {queryParameterName}\n+ framework:request:data:missing - The following information was missing from the resource: {resourceFieldName(s)}\n+ framework:request:data:invalid - The following information should not be part of the resource: {resourceFieldName}\n+ framework:resource:data:illegal - The following information was illegal from the resource: {fieldSpecificError(s)}\n+ framework:request:invalid:header:value - Invalid x-requestor header value. Valid values are [person, application]\n+ authorization.invalid.subject.type - The supported types are\n+ authorization.invalid.resource.type - The supported types are\n+ authorization.request.policy.not.defined - No authorization policy is defined for the request \n" body: application/vnd.com.covisint.error.v1+json: schema: errorResponseSchema "/authorizationPolicies": is: - secured description: Collection endpoint for authorization policies. get: is: - searchable: since: "[Since:1.0]" entitlement: "[Entitlement:authorization-search-policies]" - getSearchResponse - pagableRequest headers: Accept: description: Media type. example: application/vnd.com.covisint.platform.authorization.policy.v1+json, application/vnd.com.covisint.platform.authorization.policy.v1+protobuf type: string required: true queryParameters: id: description: Retrieve authorization policies with the specified id. Multiple parameters are supported and the search results will be a union. type: string required: false name: description: Retrieve authorization policies with the specified name. Multiple parameters are supported and the search results will be a union. type: string required: false description: description: Retrieve authorization policies with the specified description. Multiple parameters are supported and the search results will be a union. type: string required: false active: description: Retrieve the active/inactive authorization policies. type: boolean required: false action: description: Retrieve the authorization policies with the specified action. Multiple parameters are supported and the search results will be a union. type: string required: false subjectType: description: Retrieve the authorization policies with the specified subject type. Multiple parameters are supported and the search results will be a union. type: string required: false resourceType: description: Retrieve the authorization policies with the specified resource type. Multiple parameters are supported and the search results will be a union. type: string required: false sortBy: description: Sort the search results. type: string required: false enum: - "+creation" - "-creation" responses: 200: description: All authorization policies that satisfy the query parameters were successfully retrieved (response collection may be empty). body: application/vnd.com.covisint.platform.authorization.policy.v1+json: schema: authorizationPolicy application/vnd.com.covisint.platform.authorization.policy.v1+protobuf: schema: authorizationPolicy 400: description: | There was a problem with the client's request ___ Substatus codes and error messages are mentioned below: + framework:request + framework:request:io + framework:request:io:read - Invalid input. There was an error while parsing. + framework:request:io:read:parsing + framework:request:io:write + framework:request:header:missing - Missing request header: {headerName} + framework:request:param:missing - Missing request parameter: {queryParameterName} + framework:request:data:missing - The following information was missing from the resource: {resourceFieldName(s)} + framework:request:invalid:header:value - Invalid x-requestor header value. Valid values are [person, application] body: application/vnd.com.covisint.error.v1+json: schema: errorResponseSchema post: description: Create a new authorization policy. headers: Accept: description: Media type. example: application/vnd.com.covisint.platform.authorization.policy.v1+json, application/vnd.com.covisint.platform.authorization.policy.v1+protobuf type: string required: true is: - postResponse body: application/vnd.com.covisint.platform.authorization.policy.v1+json: schema: authorizationPolicy application/vnd.com.covisint.platform.authorization.policy.v1+protobuf: schema: authorizationPolicy responses: 201: description: The authorization policy was successfully created. body: application/vnd.com.covisint.platform.authorization.policy.v1+json: schema: authorizationPolicy application/vnd.com.covisint.platform.authorization.policy.v1+protobuf: schema: authorizationPolicy 400: description: |- There was a problem with the client's request ___ Substatus codes and error messages are mentioned below: + framework:request + framework:request:io + framework:request:io:read - Invalid input. There was an error while parsing. + framework:request:io:read:parsing + framework:request:io:write + framework:request:header:missing - Missing request header: {headerName} + framework:request:param:missing - Missing request parameter: {queryParameterName} + framework:request:data:missing - The following information was missing from the resource: {resourceFieldName(s)} + framework:request:data:invalid - The following information should not be part of the resource: {resourceFieldName} + framework:resource:data:illegal - The following information was illegal from the resource: {fieldSpecificError(s)} + framework:request:invalid:header:value - Invalid x-requestor header value. Valid values are [person, application] + authorization.policy.invalid.subject.type.combination - The type ANY should not be used in combination with other types + authorization.policy.invalid.resource.type.combination - The type ANY should not be used in combination with other types + authorization.policy.invalid.action.combination - The action ANY should not be used in combination with other actions + authorization.policy.invalid.action - The action ANY is allowed only for a default policy + authorization.policy.duplicate - Duplicate policy. Authorization policies are already present for the following [subject, resource, action] - {combinations} + authorization.policy.script.invalid.base64.encoded - The authorization policy script is not Base64 encoded + authorization.policy.script.syntax.error - The authorization policy script has a syntax error + authorization.policy.script.error - The authorization script has an error. {scriptSpecificError(s)} + authorization.invalid.subject.type - The supported types are + authorization.invalid.resource.type - The supported types are body: application/vnd.com.covisint.error.v1+json: schema: errorResponseSchema "/{authorizationPolicyId}": is: - secured description: Endpoint for an individual authorization policy. uriParameters: authorizationPolicyId: description: The authorization policy id. type: string required: true get: is: - getResponse description: Returns an authorization policy by its unique identifier. headers: Accept: description: Media type. example: application/vnd.com.covisint.platform.authorization.policy.v1+json, application/vnd.com.covisint.platform.authorization.policy.v1+protobuf type: string required: true responses: 200: description: The requested authorization policy was found and is returned in the response body. body: application/vnd.com.covisint.platform.authorization.policy.v1+json: schema: authorizationPolicy application/vnd.com.covisint.platform.authorization.policy.v1+protobuf: schema: authorizationPolicy 400: description: | There was a problem with the client's request ___ Substatus codes are mentioned below: + framework:request:invalid:header:value - Invalid x-requestor header value. Valid values are [person, application] body: application/vnd.com.covisint.error.v1+json: schema: errorResponseSchema put: is: - putResponseV2 description: Updates an authorization policy. headers: Accept: description: Media type example: application/vnd.com.covisint.platform.authorization.policy.v1+json, application/vnd.com.covisint.platform.authorization.policy.v1+protobuf type: string required: true body: application/vnd.com.covisint.platform.authorization.policy.v1+json: schema: authorizationPolicy application/vnd.com.covisint.platform.authorization.policy.v1+protobuf: schema: authorizationPolicy responses: 200: description: The authorization policy was successfully updated. body: application/vnd.com.covisint.platform.authorization.policy.v1+json: schema: authorizationPolicy application/vnd.com.covisint.platform.authorization.policy.v1+protobuf: schema: authorizationPolicy 400: description: |- There was a problem with the client's request ___ Substatus codes and error messages are mentioned below: + framework:request + framework:request:io + framework:request:io:read - Invalid input. There was an error while parsing. + framework:request:io:read:parsing + framework:request:io:write + framework:request:header:missing - Missing request header: {headerName} + framework:request:param:missing - Missing request parameter: {queryParameterName} + framework:request:data:missing - The following information was missing from the resource: {resourceFieldName(s)} + framework:request:data:invalid - The following information should not be part of the resource: {resourceFieldName} + framework:resource:data:illegal - The following information was illegal from the resource: {fieldSpecificError(s)} + framework:request:invalid:header:value - Invalid x-requestor header value. Valid values are [person, application] + authorization.policy.invalid.subject.type.combination - The type ANY should not be used in combination with other types + authorization.policy.invalid.resource.type.combination - The type ANY should not be used in combination with other types + authorization.policy.invalid.action.combination - The action ANY should not be used in combination with other actions + authorization.policy.invalid.action - The action ANY is allowed only for a default policy + authorization.policy.duplicate - Duplicate policy. Authorization policies are already present for the following [subject, resource, action] - {combinations} + authorization.policy.script.invalid.base64.encoded - The authorization policy script is not Base64 encoded + authorization.policy.script.syntax.error - The authorization policy script has a syntax error + authorization.policy.script.error - The authorization script has an error. {scriptSpecificError(s)} + authorization.invalid.subject.type - The supported types are + authorization.invalid.resource.type - The supported types are body: application/vnd.com.covisint.error.v1+json: schema: errorResponseSchema "/tasks/activate": is: - secured description: Authorization policy activation endpoint. post: description: Activates the specified authorization policy. responses: 204: description: Authorization policy was sucessfully activated. 400: description: | There was a problem with the client's request ___ Substatus codes are mentioned below: + framework:request:invalid:header:value - Invalid x-requestor header value. Valid values are [person, application] body: application/vnd.com.covisint.error.v1+json: schema: errorResponseSchema 404: description: | There was a problem with the client's request ___ Substatus codes are mentioned below: + framework:resource:missing - A resource with the following ID was not found: {resourceId} body: application/vnd.com.covisint.error.v1+json: schema: errorResponseSchema "/tasks/deactivate": is: - secured description: Authorization policy deactivation endpoint. post: description: Deactivates the specified authorization policy. responses: 204: description: Authorization policy was sucessfully deactivated. 400: description: | There was a problem with the client's request ___ Substatus codes are mentioned below: + framework:request:invalid:header:value - Invalid x-requestor header value. Valid values are [person, application] body: application/vnd.com.covisint.error.v1+json: schema: errorResponseSchema 404: description: | There was a problem with the client's request ___ Substatus codes are mentioned below: + framework:resource:missing - A resource with the following ID was not found: {resourceId} body: application/vnd.com.covisint.error.v1+json: schema: errorResponseSchema "/policyManifests": is: - secured description: Collection endpoint for policy manifests. get: is: - searchable: since: "[Since:100.0]" entitlement: "[Entitlement:authorization-search-policy-manifests]" - getSearchResponse - pagableRequest headers: Accept: description: Media type. example: application/vnd.com.covisint.platform.policy.manifest.v1+json, application/vnd.com.covisint.platform.policy.manifest.v1+protobuf type: string required: true queryParameters: id: description: Retrieve policy manifests with the specified id. Multiple parameters are supported and the search results will be a union. type: string required: false pipUrl: description: Retrieve policy manifests with the specified policy information point url. Multiple parameters are supported and the search results will be a union. type: string required: false sortBy: description: Sort the search results. type: string required: false enum: - "+creation" - "-creation" responses: 200: description: All policy manifests that satisfy the query parameters were successfully retrieved (response collection may be empty). body: application/vnd.com.covisint.platform.policy.manifest.v1+json: schema: policyManifest application/vnd.com.covisint.platform.policy.manifest.v1+protobuf: schema: policyManifest 400: description: | There was a problem with the client's request ___ Substatus codes and error messages are mentioned below: + framework:request + framework:request:io + framework:request:io:read - Invalid input. There was an error while parsing. + framework:request:io:read:parsing + framework:request:io:write + framework:request:header:missing - Missing request header: {headerName} + framework:request:param:missing - Missing request parameter: {queryParameterName} + framework:request:data:missing - The following information was missing from the resource: {resourceFieldName(s)} + framework:request:invalid:header:value - Invalid x-requestor header value. Valid values are [person, application] body: application/vnd.com.covisint.error.v1+json: schema: errorResponseSchema "/pip/metadata/{resourceType}": description: Endpoint for policy information point metadata. uriParameters: resourceType: description: The resource type. type: string required: true get: is: - getResponse - secured description: Returns the policy information point metadata for the given resource type. headers: Accept: description: Media type. example: application/vnd.com.covisint.platform.pip.metadata.v1+json, application/vnd.com.covisint.platform.pip.metadata.v1+protobuf type: string required: true responses: 200: description: The requested policy information point metadata for a resource type was found and is returned in the response body. body: application/vnd.com.covisint.platform.pip.metadata.v1+json: schema: pipMetadata application/vnd.com.covisint.platform.pip.metadata.v1+protobuf: schema: pipMetadata 400: description: | There was a problem with the client's request ___ Substatus codes are mentioned below: + framework:request:invalid:header:value - Invalid x-requestor header value. Valid values are [person, application] body: application/vnd.com.covisint.error.v1+json: schema: errorResponseSchema "/{authorizationPolicyId}": description: Endpoint for policy information point metadata for a specific authorization policy. uriParameters: authorizationPolicyId: description: The authorization policy id. type: string required: true get: is: - getResponse - secured description: Returns the policy information point metadata for the given resource type and authorization policy id. headers: Accept: description: Media type. example: application/vnd.com.covisint.platform.pip.metadata.v1+json, application/vnd.com.covisint.platform.pip.metadata.v1+protobuf type: string required: true responses: 200: description: The requested policy information point metadata for an authorization policy was found and is returned in the response body. body: application/vnd.com.covisint.platform.pip.metadata.v1+json: schema: pipMetadata application/vnd.com.covisint.platform.pip.metadata.v1+protobuf: schema: pipMetadata 400: description: | There was a problem with the client's request ___ Substatus codes are mentioned below: + framework:request:invalid:header:value - Invalid x-requestor header value. Valid values are [person, application] body: application/vnd.com.covisint.error.v1+json: schema: errorResponseSchema