#%RAML 0.8 title: MFA API baseUri: "https://api.us1.covisint.com/mfa/v1" protocols: [HTTPS] schemas: - resourceReference: | { "id" : "http://api.covisint.com/schema/resourceReference", "$schema" : "http://json-schema.org/draft-04/schema", "description" : "Schema representing links", "type" : "object", "properties" : { "id" : { "type" : "string", "description" : "The unique identifier for the resource." }, "type" : { "type" : "string", "description" : "The type of the resource." }, "realm" : { "type" : "string", "description" : "The realm of the resource." } } , "required":[ "id" ] } - namedResourceReference: | { "id" : "http://api.covisint.com/schema/namedScopedResource", "$schema" : "http://json-schema.org/draft-04/schema", "type" : "object", "description" : "Expands on the basic resource reference and adds internationalized name and description.", "extends" : { "$ref" : "http://api.covisint.com/schema/resourceReference#" }, "properties" : { "name" : { "description": "Internationalized resource name.", "$ref" : "http://api.covisint.com/idm/schema/internationalString#" }, "description" : { "description": "Internationalized resource description.", "$ref" : "http://api.covisint.com/idm/schema/internationalString#" } } } - resource: | { "id" : "http://api.covisint.com/schema/resource", "$schema" : "http://json-schema.org/draft-04/schema", "description" : "Core schema", "definitions" : { "resource" : { "id" : "resource", "type" : "object", "description" : "A basic resource.", "properties" : { "id" : { "type" : "string", "maxLength" : 64, "description" : "The unique identifier for this resource." }, "version": { "type" : "number", "minimum" : 0, "maximum" : 9223372036854775807, "description" : "The current version for this resource. Exists once the resource has been saved. This is mandatory for PUT requests, but should not be supplied for POST requests." }, "creator" : { "type" : "string", "maxLength" : 64, "description" : "The creator of this resource. This read-only field is ignored by the server, and is overlayed with the value supplied in the x-requestor header.", "readonly": true }, "creatorAppId" : { "type" : "string", "maxLength" : 64, "description" : "The id of the application used to create this resource. This read-only field is ignored by the server, and is overlayed with the value supplied in the x-requestor-app header.", "readonly": true }, "creation" : { "type" : "number", "minimum" : 0, "maximum" : 9223372036854775807, "description" : "This read only property is ignored by the server and the system will overlay with the time, in milliseconds since the epoch, when this resource was created.", "readonly": true } } , "required":[ "id", "creator", "creatorAppId", "creation" ] } } } - resourceV2: | { "id" : "http://api.covisint.com/schema/resourceV2", "$schema" : "http://json-schema.org/draft-04/schema", "description" : "Core schema", "definitions" : { "resource" : { "id" : "resourceV2", "type" : "object", "description" : "A basic resource (version V2).", "properties" : { "id" : { "type" : "string", "maxLength" : 64, "description" : "The unique identifier for this resource." }, "version": { "type" : "string", "description" : "The current version for this resource. Exists once the resource has been saved. This is mandatory for PUT requests, but should not be supplied for POST requests." }, "creator" : { "type" : "string", "maxLength" : 64, "description" : "The creator of this resource. This read-only field is ignored by the server, and is overlayed with the value supplied in the x-requestor header.", "readonly": true }, "creatorAppId" : { "type" : "string", "maxLength" : 64, "description" : "The id of the application used to create this resource. This read-only field is ignored by the server, and is overlayed with the value supplied in the x-requestor-app header.", "readonly": true }, "creation" : { "type" : "number", "minimum" : 0, "maximum" : 9223372036854775807, "description" : "This read only property is ignored by the server and the system will overlay with the time, in milliseconds since the epoch, when this resource was created.", "readonly": true } } , "required":[ "id", "creator", "creatorAppId", "creation" ] } } } - realmScopedResource: | { "id" : "http://api.covisint.com/schema/realmScopedResource", "$schema" : "http://json-schema.org/draft-04/schema", "type" : "object", "description" : "Expands on the base resource and adds a realm attribute.", "extends" : { "$ref" : "http://api.covisint.com/schema/resource#" }, "properties" : { "realm" : { "type" : "string", "maxLength" : 25, "pattern" : "^[A-Za-z0-9]{2,25}$", "description" : "The realm in which this resource is being created. This read-only field is ignored by the server, and is overlayed with the value supplied in the x-realm header.", "readonly": true } } , "required":[ "realm" ] } - realmScopedResourceV2: | { "id" : "http://api.covisint.com/schema/realmScopedResourceV2", "$schema" : "http://json-schema.org/draft-04/schema", "type" : "object", "description" : "A realm scoped resource (version V2). Expands on the base resource (version V2) and adds a realm attribute.", "extends" : { "$ref" : "http://api.covisint.com/schema/resourceV2#" }, "properties" : { "realm" : { "type" : "string", "maxLength" : 25, "pattern" : "^[A-Za-z0-9]{2,25}$", "description" : "The realm in which this resource is being created. This read-only field is ignored by the server, and is overlayed with the value supplied in the x-realm header.", "readonly": true } } , "required":[ "realm" ] } - errorResponseSchema: | { "id" : "http://api.covisint.com/schema/errorResponseSchema", "$schema" : "http://json-schema.org/draft-04/schema", "type" : "object", "description" : "Representation of an HTTP 4xx/5xx error response.", "properties" : { "status" : { "type" : "number", "minimum" : 400, "maximum" : 599, "description" : "The HTTP status code." }, "apiMessage" : { "type" : "string", "description" : "A helpful, human-readable description of the error, useful for basic diagnostics." }, "apiStatusCode" : { "type" : "string", "description" : "The API-specific status code." } } , "required":[ "status" ] } - serviceCode: | { "id" : "http://api.covisint.com/schema/serviceCodes", "$schema" : "http://json-schema.org/draft-04/schema", "type": "object", "description": "The site/service/location codes granted along with a service.", "properties": { "code": { "type": "string", "maxLength": 200, "description": "The code value." }, "codeKind": { "type": "string", "maxLength": 36, "description": "The associated business unit." } } , "required":[ "code", "codeKind" ] } - serviceCodes: | { "type" : "array", "description" : "The site/service/location codes granted along with the service, if any.", "items" : { "$ref" : "http://api.covisint.com/schema/serviceCode#"}, "required": false } - address: | { "id" : "http://api.covisint.com/idm/schema/address", "$schema" : "http://json-schema.org/draft-04/schema", "type" : "object", "description" : "A container for the subject's address elements.", "properties" : { "streets" : { "type" : "array", "description" : "An array of address streets (i.e. address line 1, 2, 3).", "minItems" : 0, "items" : { "type" : "string", "maxLength" : 255 } }, "city" : { "type" : "string", "maxLength" : 60, "description" : "The city name." }, "state" : { "type" : "string", "maxLength" : 60, "description" : "The state/province name or code." }, "postal" : { "type" : "string", "maxLength" : 10, "description" : "The postal or zip code." }, "country" : { "type" : "string", "minLength" : 2, "maxLength" : 3, "description" : "The ISO country code. http://en.wikipedia.org/wiki/ISO_3166-1_alpha-2"} } } - phone: | { "id" : "http://api.covisint.com/idm/schema/phone", "$schema" : "http://json-schema.org/draft-04/schema", "type" : "object", "description" : "A container for phone number details.", "properties" : { "number" : { "type" : "string","maxLength" : 100, "description" : "The phone number." }, "type" : { "enum" : [ "main", "mobile", "fax" ], "description" : "The phone number type." } }, "required" : [ "type" ] } - internationalString: | { "id": "http://api.covisint.com/idm/schema/internationalString", "$schema": "http://json-schema.org/draft-04/schema", "type": "array", "description" : "An internationalized string value, supporting one or more language translations.", "minItems": 1, "items": { "type": "object", "properties": { "lang": { "type": "string", "maxLength": 10, "description": "The language or locale in which the text is written." }, "text": { "type": "string", "maxLength": 2000, "description": "The internationalized text value." } } } } - tags: | { "id": "http://api.covisint.com/idm/schema/tag", "$schema": "http://json-schema.org/draft-04/schema", "type": "array", "description" : "The tags associated with a resource. This array is read-only, and may be modified on the resource endpoint with the appropriate tagging APIs.", "minItems": 1, "items": { "type": "object", "properties": { "tagName": { "type": "string", "description": "The tag associated with a resource." } } } } - baseDefinitionResource: | { "id" : "http://api.covisint.com/schema/baseDefinitionResource", "$schema" : "http://json-schema.org/draft-04/schema", "type" : "object", "description" : "A base rule definition(version V1). Expands on the base resource (version V2) and adds a realm attribute.", "extends": { "$ref" : "http://api.covisint.com/schema/realmScopedResourceV2#" }, "properties": { "name": { "description": "The application name (internationalized).", "$ref": "http://api.covisint.com/schema/internationalString#" }, "description": { "description": "The application description (internationalized).", "$ref" : "http://api.covisint.com/idm/schema/internationalString#" }, "properties":{ "type":"array", "description":"Properties used by the implementation.", "minItems":0, "items":[ { "anyOf": [ { "type": "string", "description": "The name of the property." }, { "type": "string", "description": "The value of the property." } ] } ] } , "required":[ "items" ] } , "required":[ "name" ] } - baseActionDefinitionResource: | { "id" : "http://api.covisint.com/schema/baseActionDefinitionResource", "$schema" : "http://json-schema.org/draft-04/schema", "type" : "object", "description" : "A base action action definition. Expands on the base definition resource ", "extends": { "$ref" : "http://api.covisint.com/schema/baseDefinitionResource#" }, "properties": { "type": { "description": "Type of action definition.", "enum": [ "SEND_APPLICATION_NOTIFICATION", "SEND_COMMAND", "SEND_NOTIFICATION" ], "required": true } } , "required":[ "type" ] } - baseTriggerDefinitionResource: | { "id" : "http://api.covisint.com/schema/baseTriggerDefinitionResource", "$schema" : "http://json-schema.org/draft-04/schema", "type" : "object", "description" : "A base action trigger definition. Expands on the base definition resource ", "extends": { "$ref" : "http://api.covisint.com/schema/baseDefinitionResource#" }, "properties": { "type": { "description": "Type of trigger definition.", "enum": [ "DEVICE_SEND_EVENT", "DEVICE_LIFECYCLE_STATE_CHANGE", "DEVICE_OPERATIONAL_STATE_CHANGE" ] } } , "required":[ "type" ] } - dataType: | { "id" : "http://api.covisint.com/schema/dataType", "$schema" : "http://json-schema.org/draft-04/schema", "description" : "Data type enum.", "enum":[ "string", "integer", "bool", "decimal" ] } - attribute: | { "id" : "http://api.covisint.com/schema/attribute", "$schema" : "http://json-schema.org/draft-04/schema", "type" : "object", "description" : "An attribute.", "properties" : { "oneOf" : [ { "attributeTypeId" : { "type" : "string", "description" : "The attribute type id." } }, { "attributeType" : { "description" : "The full attribute type definition.", "$ref" : "http://api.covisint.com/schema/attributeType#" } } ], "value" : { "type" : "any", "description" : "The attribute value." } } , "required":[ "attributeTypeId" ] } - attributes: | { "id" : "http://api.covisint.com/schema/attributes", "$schema" : "http://json-schema.org/draft-04/schema", "type" : "array", "description" : "Collection of attributes.", "items" : { "$ref" : "http://api.covisint.com/schema/attribute#" } } - expression: | { "id" : "http://api.covisint.com/schema/expression#", "$schema" : "http://json-schema.org/draft-04/schema", "description" : "The DSL for defining conditional expressions.", "oneOf" : [ { "type" : "object", "properties" : { "any" : { "type" : "array", "description" : "An aggregate expression representing an 'any' condition.", "items" : { "$ref" : "http://api.covisint.com/schema/expression#" } } } }, { "type" : "object", "properties" : { "all" : { "type" : "array", "description" : "An aggregate expression representing an 'all' condition.", "items" : { "$ref" : "http://api.covisint.com/schema/expression#" } } } }, { "type" : "object", "description" : "A simple leaf-node expression. The format of this expression is: '(f:, v:())'. The supported expressions are: equal, notEqual, startsWith, endsWith, matches, greaterThan, greaterThanOrEqual, lessThan, lessThanOrEqual. The field name can be a simple field name i.e. 'id' or hierarchical field name using dot-notation like 'resource.id' / 'resource.tag[0]' . The value corresponding to the field name provided should always be a simple data type and cannot be an array or an object.", "properties" : { "expr" : { "type" : "string" } } , "required":[ "expr" ] } ] } - risk: | { "id" : "http://api.covisint.com/schema/risk", "$schema" : "http://json-schema.org/draft-04/schema", "type": "object", "properties": { "userId": { "type": "string", "description": "This is the cuid of the user." }, "languageId": { "type": "integer", "description": "This is language id of currect user." }, "isAuthedBrowser": { "type": "boolean", "description": "This indicates if the browser was multi factor authenticated before." }, "ipAddress": { "type": "string", "description":"The ip address of requesting client." }, "mfaPolicyId": { "type": "string", "description":"The mfa policy id to evaluate the risk against." }, "providerId": { "type": "number", "description":"The provider id to evaluate the risk against." }, "mfaPolicyType": { "type": "string", "enum" : [ "Person", "Realm"], "description": "The mfa policy type to distinguish user defined policy from others." }, "loginTime": { "type": "number", "description":"The time of this login attempt." }, "latitude": { "type": "number", "description":"The latitude of the geo location in signed number format." }, "longitude": { "type": "number", "description":"The longitude of the geo location in signed number format." }, "deviceId": { "type": "string", "description":"Device Id of the user." } } , "required": [ "userId", "languageId", "isAuthedBrowser", "ipAddress", "loginTime" ] } - userAvailableModes: | { "id" : "http://api.covisint.com/schema/userAvailableModes", "$schema" : "http://json-schema.org/draft-04/schema", "type": "object", "properties": { "availableModes": { "type": "array", "description": "These are the available Modes for user.", "items": [ { "type": "string" } ] }, "email": { "type": "string", "description": "This is the email id of user. It is encoded in format a***b@xyz.com" }, "defaultPhone": { "type": "string", "description": "This is the default phone number of user. It is encoded in format ******1234" }, "mobileNumber": { "type": "string", "description":"This is the mobile number of user. It is encoded in format ******1234" } } } - userMode: | { "id" : "http://api.covisint.com/schema/userMode", "$schema" : "http://json-schema.org/draft-04/schema", "type": "object", "properties": { "mode": { "type": "string", "description": "This is the registered mode for user." } } } - userAuthPasscode: | { "id" : "http://api.covisint.com/schema/userMode", "$schema" : "http://json-schema.org/draft-04/schema", "type": "object", "properties": { "type": { "type": "string", "description": "The type of OTP mode i.e. phone/sms/email" }, "value" : { "type": "string", "description": "The value to which otp needs to be send" }, "trackingId" : { "type": "string", "description": "The otp tracking id" }, "lang" : { "type": "string", "description": "The language code for notification" } } } - token: | { "id" : "http://api.covisint.com/schema/token", "$schema" : "http://json-schema.org/draft-04/schema", "type": "object", "properties": { "idToken": { "type": "string", "description": "The jwt token." }, "xsrfToken": { "type": "string", "description": "The xsrf token." } } } - validation: | { "id" : "http://api.covisint.com/schema/validation", "$schema" : "http://json-schema.org/draft-04/schema", "type": "object", "properties": { "authType": { "type": "string", "description": "This is mfa authentication type." }, "trackingId": { "type": "string", "description": "This is tracking id of generated passcode." }, "enteredPasscode": { "type": "string", "description": "This is user entered passcode." }, "passcodeExpiry": { "type": "number", "description":"This is time when passcode will expire." } } , "required": [ "authType", "trackingId", "enteredPasscode", "passcodeExpiry" ] } - grid: | { "id" : "http://api.covisint.com/schema/grid", "$schema" : "http://json-schema.org/draft-04/schema", "type": "object", "properties": { "cuid": { "type": "string", "description": "This is the cuid of user." }, "inputValue": { "type": "string", "description": "This is user's input value of gridcard value." }, "position": { "type": "string", "description": "This is the gridcard value position." } } , "required": [ "cuid", "inputValue", "position" ] } - riskCriteria: | { "id" : "http://api.covisint.com/schema/riskCriteria", "$schema" : "http://json-schema.org/draft-04/schema", "type": "object", "extends" : { "$ref" : "http://api.covisint.com/idm/schema/realmScopedResource#" }, "properties": { "criteriaName": { "type": "string", "enum" : [ "REPETITIVE_ACCESS", "HIGH_FREQUENCY_OF_ACCESS", "TIME_OF_DAY", "FIRST_TIME_LOGIN", "TIME_LAPSE_SINCE_LAST_ACCESS", "REGISTERED_COMPUTER", "REGISTERED_NETWORK", "EXCLUDED_USERS", "GEO_USER_PROFILE_COUNTRY", "GEO_USER_LOCATION" ], "description" : "The risk criterion for MFA policy." }, "criteriaValue": { "type": "string", "description": "The risk criteria value." }, "riskScore": { "type": "number", "description": "The risk score for the criteria. The score is always 1 for user defined mfa policies." }, "isActive": { "type": "boolean", "description": "The flag which denotes whether the criteria is active." } } , "required": [ "criteriaName" ] } - userMfaPolicy: | { "id" : "http://api.covisint.com/schema/userMfaPolicy", "$schema" : "http://json-schema.org/draft-04/schema", "type": "object", "extends" : { "$ref" : "http://api.covisint.com/idm/schema/realmScopedResource#" }, "properties": { "name": { "type": "string", "description": "The name of the mfa policy." }, "userId": { "type": "string", "description": "The global covisint id of the user." }, "riskCriteria": { "type" : "array", "items" : { "$ref" : "http://api.covisint.com/schema/riskCriteria#" }, "description" : "The authn risk criteria for mfa policy", "minItems" : 1 }, "mfaScore": { "type": "string", "description": "The score of the mfa policy for risk evaluation. Alsways defaults to 1." } } , "required": [ "name", "riskCriteria" ] } - mfaUserResponse: | { "id" : "http://api.covisint.com/schema/mfaUserResponse", "$schema" : "http://json-schema.org/draft-04/schema", "type" : "object", "description" : "Schema representing mfa response resource.", "extends" : { "$ref" : "http://api.covisint.com/idm/schema/realmScopedResource#" }, "properties" : { "passCode": { "type" : "string", "description": "pass code generated by mfa modes or authType." }, "qrCode": { "type" : "string", "description": "qr code genarated if mode is GA." }, "userId": { "type" : "number", "description": "The unique user id of the user." }, "secret": { "type" : "string", "description": "The secret key for google account." }, "trackingId": { "type" : "string", "description": "The trackingId for the mfa mode." }, "authType": { "type" : "string", "description": "The authType or mode of the user." }, "status": { "type" : "string", "description": "The status of mfa mode and user association. " } } , "required": [ "passCode", "qrCode", "userId", "secret", "trackingId", "authType", "status" ] } - mfaValidateRequest: | { "id" : "http://api.covisint.com/schema/mfaValidateRequest", "$schema" : "http://json-schema.org/draft-04/schema", "type" : "object", "description" : "Schema representing an mfa passcode validate request resource.", "extends" : { "$ref" : "http://api.covisint.com/idm/schema/realmScopedResource#" }, "properties" : { "trackingId": { "type" : "string", "description": "The mfa id." }, "passCode": { "type" : "integer", "description": "The passcode generated. Either passCode or questions property is required." }, "questions": { "type" : "array", "description" : "The security questions answered. Either passCode or questions property is required.", "minItems" : 1, "items" : { "$ref" : "http://api.covisint.com/idm/schema/mfaSecurityQuestion#" } } }, "required": ["trackingId"] } - mfaSecurityQuestion: | { "id" : "http://api.covisint.com/schema/mfaSecurityQuestion", "$schema" : "http://json-schema.org/draft-04/schema", "type" : "object", "description" : "Schema representing an mfa security question.", "properties" : { "questionId": { "type" : "string", "description": "The mfa security question id. Format is ':'. For example: 'REALM-CODE-01:1'." }, "answer": { "type" : "string", "description": "The answer for security question to be verified." } }, "required": ["questionId", "answer"] } - sessionToken: | { "id" : "http://api.covisint.com/schema/risk", "$schema" : "http://json-schema.org/draft-04/schema", "type": "object", "properties":{ "idToken":{ "type": "string", "description": "The jwt token." } } } traits: - secured: displayName: secured - unsecured: displayName: unsecured - getResponse: displayName: getResponse - getSearchResponse: displayName: getSearchResponse - postResponse: displayName: postResponse - deleteResponse: displayName: deleteResponse - putResponse: displayName: putResponse - putResponseV2: displayName: putResponseV2 - putCreateResponse: displayName: putCreateResponse - taskResponse: displayName: taskResponse - pagableRequest: displayName: pagableRequest - taggable: displayName: taggable - sortable: displayName: sortable - searchable: displayName: searchable /risk/task/evaluate: is: [secured] post: description: "The risk evaluation bean to evaluate the risk.[Since:1.0][Flow-name:risk-evaluate-post][Visibility:public]" headers: Accept: description: Media type for riskEvaluation. type: string required: true repeat: false example: application/vnd.com.covisint.platform.risk.evaluation.v1+json Authorization: description: Access token that is obtained from the /token endpoint of the OAuth API. type: string required: true repeat: false pattern: "^Bearer .*$" example: Bearer ZCtYUGpYRXpET0JvVE1rZzlWV3I1Yk body: application/vnd.com.covisint.platform.risk.evaluation.v1+json: schema: risk example: | { "userId": "BN7422F0", "languageId": 1, "isAuthedBrowser": false, "ipAddress": "192.0.0.1", "loginTime": 1234324323 } responses: "200": body: application/vnd.com.covisint.platform.risk.evaluation.v1+json: example: | { "creation": 1485199400852, "userId": "BN7422F0", "languageId": 1, "isAuthedBrowser": false, "ipAddress": "192.0.0.1", "loginTime": 1234324323, "riskScore": 40, "authType": "GRID", "isMFARequired": true } "400": body: application/vnd.com.covisint.platform.risk.evaluation.v1+json: example: | { "status": 400, "apiMessage": "Could not find user with cuid GZPN7TC", "apiStatusCode": "user.not.found" } "401": description: Unauthenticated request. This is returned if the access token is missing, invalid, or expired. Access tokens are obtained through the /token endpoint of the Oauth API. body: application/vnd.com.covisint.error.v1+json: schema: errorResponseSchema "403": description: Unauthorized request. The requestor is not authorized to perform the requested operation. body: application/vnd.com.covisint.error.v1+json: schema: errorResponseSchema /passcode/task/validate: is: [secured] post: description: "The risk evaluation bean to evaluate the risk.[Since:1.0][Flow-name:passcode-validate-post][Visibility:public]" headers: Accept: description: Media type for validation. type: string required: true repeat: false example: application/vnd.com.covisint.platform.risk.evaluation.v1+json Authorization: description: Access token that is obtained from the /token endpoint of the OAuth API. type: string required: true repeat: false pattern: "^Bearer .*$" example: Bearer ZCtYUGpYRXpET0JvVE1rZzlWV3I1Yk body: application/vnd.com.covisint.platform.multi.factor.authentication.v1+json: schema: validation example: | { "authType": "SMS", "trackingId": "1aLtPXDo+7yIPVLyXaNwWFx8NS8VqTZ4Wdi8RK/bJ53kHIUPElTP0Ohv6DQ2lf8G25YximN9q17RgIULDl62vA==", "enteredPasscode": "6728", "passcodeExpiry": 999999 } responses: "200": body: application/vnd.com.covisint.platform.multi.factor.authentication.v1+json: example: | { "creation": 1485199906534, "enteredPasscode": "6728", "trackingId": "1aLtPXDo+7yIPVLyXaNwWFx8NS8VqTZ4Wdi8RK/bJ53kHIUPElTP0Ohv6DQ2lf8G25YximN9q17RgIULDl62vA==", "authType": "SMS", "passcodeExpiry": 999999, "status": "PASS" } "401": description: Unauthenticated request. This is returned if the access token is missing, invalid, or expired. Access tokens are obtained through the /token endpoint of the Oauth API. body: application/vnd.com.covisint.error.v1+json: schema: errorResponseSchema "403": description: Unauthorized request. The requestor is not authorized to perform the requested operation. body: application/vnd.com.covisint.error.v1+json: schema: errorResponseSchema /gridCard/task/validate: is: [secured] post: description: "The gridcard authentication bean to validate if user input value is correct.[Since:1.0][Flow-name:gridcard-validate-post][Visibility:public]" headers: Accept: description: Media type for validation. type: string required: true repeat: false example: application/vnd.com.covisint.platform.grid.card.authentication.v1+json Authorization: description: Access token that is obtained from the /token endpoint of the OAuth API. type: string required: true repeat: false pattern: "^Bearer .*$" example: Bearer ZCtYUGpYRXpET0JvVE1rZzlWV3I1Yk body: application/vnd.com.covisint.platform.grid.card.authentication.v1+json: schema: grid example: | { "cuid": "WBMKZ5J9", "inputValue": "3529", "position": "D3" } responses: "200": body: application/vnd.com.covisint.platform.grid.card.authentication.v1+json: example: | { "creation": 1488205915095, "cuid": "WBMKZ5J9", "inputValue": "3529", "position": "D3", "valid": true } "401": description: Unauthenticated request. This is returned if the access token is missing, invalid, or expired. Access tokens are obtained through the /token endpoint of the Oauth API. body: application/vnd.com.covisint.error.v1+json: schema: errorResponseSchema "403": description: Unauthorized request. The requestor is not authorized to perform the requested operation. body: application/vnd.com.covisint.error.v1+json: schema: errorResponseSchema /mfa/persons/{personId}/policy: uriParameters: personId: description: The id of the person for whom this request is being made. type: string required: true repeat: false is: [secured] post: description: "Creates an mfa policy for a person [Flow-name:user-mfa-policy-create][Since:1.1][Visibility:public]" headers: Accept: description: Media type for mfa policy type: string required: true repeat: false example: application/vnd.com.covisint.platform.mfa.user.policy.v1+json Content-Type: description: Media type for mfa policy type: string required: true repeat: false example: application/vnd.com.covisint.platform.mfa.user.policy.v1+json Authorization: description: Access token that is obtained from the /token endpoint of the OAuth API. type: string required: true repeat: false pattern: "^Bearer .*$" example: Bearer ZCtYUGpYRXpET0JvVE1rZzlWV3I1Yk body: application/vnd.com.covisint.platform.mfa.user.policy.v1+json: schema: userMfaPolicy example: | { "name": "MFA policy Test", "riskCriteria": [{"criteriaName":"GEO_USER_PROFILE_COUNTRY"}] } responses: "200": body: application/vnd.com.covisint.platform.mfa.user.policy.v1+json: example: | { "id":"1451856384", "creation": 1485199400852, "name": "MFA policy Test", "riskCriteria": [{"id":"123456", "criteriaName":"GEO_USER_PROFILE_COUNTRY"}] } "400": description: | There was a problem with the client's request ___ Substatus codes and error messages are mentioned below: + framework:request + framework:request:io + framework:request:io:read - Invalid input. There was an error while parsing. + framework:request:io:read:parsing + framework:request:io:write + framework:request:header:missing - Missing request header: {headerName} + framework:request:data:missing - The following information was missing from the resource: {resourceFieldName(s)} + user.mfa.policy.risk.criteria.invalid - Invalid risk criteria : {riskCriteriaNames} + user.not.found - User {user} not found + user.mfa.policy.found - Mfa policy already found for {user} + framework:request:invalid:header:value - Invalid x-requestor header value. Valid values are [person, application] body: application/vnd.com.covisint.error.v1+json: schema: errorResponseSchema "401": description: Unauthenticated request. This is returned if the access token is missing, invalid, or expired. Access tokens are obtained through the /token endpoint of the Oauth API. body: application/vnd.com.covisint.error.v1+json: schema: errorResponseSchema "403": description: Unauthorized request. The requestor is not authorized to perform the requested operation. body: application/vnd.com.covisint.error.v1+json: schema: errorResponseSchema get: description: "Get the mfa policy assigned to the person. [Flow-name:user-mfa-policy-get][Since:1.1][Visibility:public]" headers: Accept: description: Media type. type: string required: true repeat: false example: application/vnd.com.covisint.platform.mfa.user.policy.v1+json Authorization: description: Access token that is obtained from the /token endpoint of the OAuth API. type: string required: true repeat: false pattern: "^Bearer .*$" example: Bearer ZCtYUGpYRXpET0JvVE1rZzlWV3I1Yk responses: "200": description: Get the mfa policy assigned to the person. body: application/vnd.com.covisint.platform.mfa.user.policy.v1+json: schema: userMfaPolicy "400": description: | There was a problem with the client's request ___ Substatus codes are mentioned below: + framework:request:invalid:header:value - Invalid x-requestor header value. Valid values are [person, application] + user.mfa.policy.missing - User mfa policy is not found for the user {userId} body: application/vnd.com.covisint.error.v1+json: schema: errorResponseSchema "404": description: | The URI requested is invalid or the resource requested does not exist. ___ Substatus codes and error messages are mentioned below: + (If a resource id is a URI parameter) framework:resource:missing - A resource with the following ID was not found: {resourceId} + No message for an invalid URI body: application/vnd.com.covisint.error.v1+json: schema: errorResponseSchema "406": description: | Unable to produce content of specified 'Accept' media type ___ Substatus codes and error messages are mentioned below: + framework:request:unsupported:mediatype - The server is unable to produce content of type {acceptMediaType} body: application/vnd.com.covisint.error.v1+json: schema: errorResponseSchema "500": description: | An unknown server error occurred ___ Substatus codes and error messages are mentioned below: + framework:unknown body: application/vnd.com.covisint.error.v1+json: schema: errorResponseSchema "401": description: Unauthenticated request. This is returned if the access token is missing, invalid, or expired. Access tokens are obtained through the /token endpoint of the Oauth API. body: application/vnd.com.covisint.error.v1+json: schema: errorResponseSchema "403": description: Unauthorized request. The requestor is not authorized to perform the requested operation. body: application/vnd.com.covisint.error.v1+json: schema: errorResponseSchema is: [getResponse] delete: description: "Removes mfa policy assigned to the user. [Flow-name:user-mfa-policy-delete][Since:1.1][Visibility:public]" headers: Authorization: description: Access token that is obtained from the /token endpoint of the OAuth API. type: string required: true repeat: false pattern: "^Bearer .*$" example: Bearer ZCtYUGpYRXpET0JvVE1rZzlWV3I1Yk responses: "204": description: The user's mfa policy was successfully deleted. "400": description: | There was a problem with the client's request ___ Substatus codes are mentioned below: + framework:request:invalid:header:value - Invalid x-requestor header value. Valid values are [person, application] + user.mfa.policy.missing - User mfa policy is not found for the user {userId} body: application/vnd.com.covisint.error.v1+json: schema: errorResponseSchema "500": description: | An unknown server error occurred ___ Substatus codes and error messages are mentioned below: + framework:unknown body: application/vnd.com.covisint.error.v1+json: schema: errorResponseSchema "401": description: Unauthenticated request. This is returned if the access token is missing, invalid, or expired. Access tokens are obtained through the /token endpoint of the Oauth API. body: application/vnd.com.covisint.error.v1+json: schema: errorResponseSchema "403": description: Unauthorized request. The requestor is not authorized to perform the requested operation. body: application/vnd.com.covisint.error.v1+json: schema: errorResponseSchema is: [deleteResponse] /{policyId}: uriParameters: policyId: description: Unique identifier of the mfa policy for the user. type: string required: true repeat: false is: [secured] put: description: "Update the mfa policy for a person [Flow-name:user-mfa-policy-update][Since:1.1][Visibility:public]" headers: Content-Type: description: Media type for mfa policy type: string required: true repeat: false example: application/vnd.com.covisint.platform.mfa.user.policy.v1+json Accept: description: Media type. type: string required: true repeat: false example: application/vnd.com.covisint.platform.mfa.user.policy.v1+json Authorization: description: Access token that is obtained from the /token endpoint of the OAuth API. type: string required: true repeat: false pattern: "^Bearer .*$" example: Bearer ZCtYUGpYRXpET0JvVE1rZzlWV3I1Yk body: application/vnd.com.covisint.platform.mfa.user.policy.v1+json: schema: userMfaPolicy responses: "200": description: The mfa policy for a person is successfully updated. body: application/vnd.com.covisint.platform.mfa.user.policy.v1+json: schema: userMfaPolicy "400": description: | There was a problem with the client's request ___ Substatus codes are mentioned below: + framework:request:data:missing - The following information was missing from the resource: {resourceFieldName(s)} + framework:request:invalid:header:value - Invalid x-requestor header value. Valid values are [person, application] + user.mfa.policy.risk.criteria.invalid - Invalid risk criteria : {riskCriteriaNames} + user.mfa.policy.missing - User mfa policy not found for the user id {userid} and policy id {policyId} body: application/vnd.com.covisint.error.v1+json: schema: errorResponseSchema "404": description: | Resource not found. ___ Substatus codes and error messages are mentioned below: + framework:resource:missing - A resource with the following ID was not found: {resourceId} body: application/vnd.com.covisint.error.v1+json: schema: errorResponseSchema "406": description: | Unable to produce content of specified 'Accept' media type ___ Substatus codes and error messages are mentioned below: + framework:request:unsupported:mediatype - The server is unable to produce content of type {acceptMediaType} body: application/vnd.com.covisint.error.v1+json: schema: errorResponseSchema "409": description: | There is a conflict in identifying the resource being acted on. There are two categories. (1) The unique identifier in the URL and in the body are different. (2) The current version of the resource being updated and the version sent in the body of the request. This may be an indication that the resource has changed since the client loaded it. The conflict should be resolved and the update resubmitted with the current version of the resource. + framework:resource:conflict + framework:resource:conflict:id - The ID of the resource in the request, {requestedId}, does not match the ID of the given resource, {resourceId} + framework:resource:conflict:version - The version of the provided resource, {requestVersion}, does not match the current version of the resource, {latestVersion} body: application/vnd.com.covisint.error.v1+json: schema: errorResponseSchema "415": description: | Unable to consume content of specified 'Content-Type' media type ___ Substatus codes and error messages are mentioned below: + framework:request:unsupported:mediatype - The server is unable to consume content of type {contentMediaType} body: application/vnd.com.covisint.error.v1+json: schema: errorResponseSchema "500": description: | An unknown server error occurred ___ Substatus codes and error messages are mentioned below: + framework:unknown body: application/vnd.com.covisint.error.v1+json: schema: errorResponseSchema "401": description: Unauthenticated request. This is returned if the access token is missing, invalid, or expired. Access tokens are obtained through the /token endpoint of the Oauth API. body: application/vnd.com.covisint.error.v1+json: schema: errorResponseSchema "403": description: Unauthorized request. The requestor is not authorized to perform the requested operation. body: application/vnd.com.covisint.error.v1+json: schema: errorResponseSchema is: [putResponse] /activate: post: description: "Activates the mfa policy for a person [Flow-name:user-mfa-policy-activate][Since:1.1][Visibility:public]" responses: "204": description: The mfa policy for a person is successfully activated. "400": description: | There was a problem with the client's request ___ Substatus codes are mentioned below: + framework:request:data:missing - The following information was missing from the resource: {resourceFieldName(s)} + framework:request:invalid:header:value - Invalid x-requestor header value. Valid values are [person, application] + user.mfa.policy.missing - User mfa policy not found for the user id {userId} and policy id {policyId} + user.mfa.policy.already.activated - User mfa policy already activated for the user id {userId} and policy id {policyId} body: application/vnd.com.covisint.error.v1+json: schema: errorResponseSchema "406": description: | Unable to produce content of specified 'Accept' media type ___ Substatus codes and error messages are mentioned below: + framework:request:unsupported:mediatype - The server is unable to produce content of type {acceptMediaType} body: application/vnd.com.covisint.error.v1+json: schema: errorResponseSchema "415": description: | Unable to consume content of specified 'Content-Type' media type ___ Substatus codes and error messages are mentioned below: + framework:request:unsupported:mediatype - The server is unable to consume content of type {contentMediaType} body: application/vnd.com.covisint.error.v1+json: schema: errorResponseSchema "500": description: | An unknown server error occurred ___ Substatus codes and error messages are mentioned below: + framework:unknown body: application/vnd.com.covisint.error.v1+json: schema: errorResponseSchema is: [postResponse] /deactivate: post: description: "De activates the mfa policy for a person [Flow-name:user-mfa-policy-deactivate][Since:1.1][Visibility:public]" responses: "204": description: The mfa policy for a person is successfully deactivated. "400": description: | There was a problem with the client's request ___ Substatus codes are mentioned below: + framework:request:data:missing - The following information was missing from the resource: {resourceFieldName(s)} + framework:request:invalid:header:value - Invalid x-requestor header value. Valid values are [person, application] + user.mfa.policy.missing - User mfa policy not found for the user id {userId} and policy id {policyId} + user.mfa.policy.already.unactivated - User mfa policy already unactivated for the user id {userId} and policy id {policyId} body: application/vnd.com.covisint.error.v1+json: schema: errorResponseSchema "406": description: | Unable to produce content of specified 'Accept' media type ___ Substatus codes and error messages are mentioned below: + framework:request:unsupported:mediatype - The server is unable to produce content of type {acceptMediaType} body: application/vnd.com.covisint.error.v1+json: schema: errorResponseSchema "415": description: | Unable to consume content of specified 'Content-Type' media type ___ Substatus codes and error messages are mentioned below: + framework:request:unsupported:mediatype - The server is unable to consume content of type {contentMediaType} body: application/vnd.com.covisint.error.v1+json: schema: errorResponseSchema "500": description: | An unknown server error occurred ___ Substatus codes and error messages are mentioned below: + framework:unknown body: application/vnd.com.covisint.error.v1+json: schema: errorResponseSchema is: [postResponse] /mfa/persons: description: Endpoints for users MFA configuration. is: [secured] /{personId}/token: description: End point for generating the token based on the mode supplied. uriParameters: personId: description: The id of the person for whom this request is being made. type: string required: true repeat: false is: [secured] post: description: "Generates the token based on the mode supplied .[Since:1.0][Flow-name:mfa-token-create][Visibility:public]" headers: Accept: description: Media type. type: string required: true repeat: false example: application/vnd.com.covisint.platform.mfa.user.v1+json Content-Type: description: Media type. type: string required: true repeat: false example: application/vnd.com.covisint.platform.mfa.user.v1+json Authorization: description: Access token that is obtained from the /token endpoint of the OAuth API. type: string required: true repeat: false pattern: "^Bearer .*$" example: Bearer ZCtYUGpYRXpET0JvVE1rZzlWV3I1Yk queryParameters: mode: description: mfa mode ex.[SMS, PHONE, GRIDCARD, EMAIL, GA, SECQ]. type: string required: false repeat: false phoneType: description: phone type in users profile.[PHONE, MOBILE]. type: string required: false repeat: false action: description: action type for grid and ga .[SEND_GRID, SEND_GA]. type: string required: false repeat: false responses: "201": description: Succefully generated token for mfa modes. body: application/vnd.com.covisint.platform.mfa.user.v1+json: schema: mfaUserResponse "400": description: | There was a problem with the client's request ___ Substatus codes are mentioned below: + framework:request:param:missing - Missing request parameter: {mode,phoneType,action}; + invalid.mode - Valid modes (SMS, PHONE, GRIDCARD, EMAIL,GA, SECQ).; + mode.not.found - User doesn't have any mfa mode + framework:request:param:missing - Missing request parameter: phoneType + framework:resource:missing - A resource with the following ID was not found: {cuidId} + framework:resource:data:illegal - The 'To' number {phoneNumber} is not a valid phone number. + framework:request:invalid:header:value - Invalid x-requestor header value. Valid values are [person, application] body: application/vnd.com.covisint.error.v1+json: schema: errorResponseSchema "401": description: Unauthenticated request. This is returned if the access token is missing, invalid, or expired. Access tokens are obtained through the /token endpoint of the Oauth API. body: application/vnd.com.covisint.error.v1+json: schema: errorResponseSchema "403": description: Unauthorized request. The requestor is not authorized to perform the requested operation. body: application/vnd.com.covisint.error.v1+json: schema: errorResponseSchema /{personId}/verify: description: End point for verifying mfa passcode based on suppilied mfaId. uriParameters: personId: description: The id of the person for whom this request is being made. type: string required: true repeat: false is: [secured] post: description: "Verifies or validates mfa passcode validity based on suppilied mfa mode.[Since:1.5][Flow-name:mfa-token-verify][Visibility:public]" headers: Accept: description: Media type. type: string required: true repeat: false example: application/json Content-Type: description: Media type. type: string required: true repeat: false example: application/vnd.com.covisint.platform.mfa.passcode.v1+json Authorization: description: Access token that is obtained from the /token endpoint of the OAuth API. type: string required: true repeat: false pattern: "^Bearer .*$" example: Bearer ZCtYUGpYRXpET0JvVE1rZzlWV3I1Yk body: application/vnd.com.covisint.platform.mfa.passcode.v1+json: schema: mfaValidateRequest responses: "200": description: OK. Will give json having property 'result' with value 'valid'. body: application/json: example: | { "result" : "valid" } "400": description: | There was a problem with the client's request ___ Substatus codes are mentioned below: + framework:request:header:missing - Missing request header: {headerName} + framework:request:invalid:header:value - Invalid x-requestor header value. Valid values are [person, application] body: application/vnd.com.covisint.error.v1+json: schema: errorResponseSchema "401": description: Unauthenticated request. This is returned if the access token is missing, invalid, or expired. Access tokens are obtained through the /token endpoint of the Oauth API. body: application/vnd.com.covisint.error.v1+json: schema: errorResponseSchema "403": description: Unauthorized request. The requestor is not authorized to perform the requested operation. body: application/vnd.com.covisint.error.v1+json: schema: errorResponseSchema /{personId}/register: description: End point for registering or associating mfa mode for user. uriParameters: personId: description: The id of the person for whom this request is being made. type: string required: true repeat: false is: [secured] post: description: "Attaches or associates mfa selected mode with user.[Since:1.0][Flow-name:mfa-register-mode][Visibility:public]" headers: Accept: description: Media type. type: string required: true repeat: false example: application/vnd.com.covisint.platform.mfa.passcode.v1+json Content-Type: description: Media type. type: string required: true repeat: false example: application/vnd.com.covisint.platform.mfa.passcode.v1+json Authorization: description: Access token that is obtained from the /token endpoint of the OAuth API. type: string required: true repeat: false pattern: "^Bearer .*$" example: Bearer ZCtYUGpYRXpET0JvVE1rZzlWV3I1Yk body: application/vnd.com.covisint.platform.mfa.passcode.v1+json: schema: mfaValidateRequest responses: "200": description: Ok. "400": description: | There was a problem with the client's request ___ Substatus codes are mentioned below: + framework:request:header:missing - Missing request header: {headerName} + framework:request:invalid:header:value - Invalid x-requestor header value. Valid values are [person, application] body: application/vnd.com.covisint.error.v1+json: schema: errorResponseSchema "401": description: Unauthenticated request. This is returned if the access token is missing, invalid, or expired. Access tokens are obtained through the /token endpoint of the Oauth API. body: application/vnd.com.covisint.error.v1+json: schema: errorResponseSchema "403": description: Unauthorized request. The requestor is not authorized to perform the requested operation. body: application/vnd.com.covisint.error.v1+json: schema: errorResponseSchema /{id}/mode: description: End point for getting selected mfa mode for user. uriParameters: id: displayName: id type: string required: true repeat: false is: [secured] get: description: "Attaches or associates mfa selected mode with user.[Since:1.0][Flow-name:mfa-mode-get][Visibility:public]" headers: Accept: description: Media type. type: string required: true repeat: false example: application/vnd.com.covisint.platform.mfa.user.mode.v1+json Authorization: description: Access token that is obtained from the /token endpoint of the OAuth API. type: string required: true repeat: false pattern: "^Bearer .*$" example: Bearer ZCtYUGpYRXpET0JvVE1rZzlWV3I1Yk responses: "200": body: application/vnd.com.covisint.platform.mfa.user.mode.v1+json: schema: userMode "400": description: | There was a problem with the client's request ___ Substatus codes are mentioned below: + framework:request:header:missing - Missing request header: {headerName} + framework:request:invalid:header:value - Invalid x-requestor header value. Valid values are [person, application] body: application/vnd.com.covisint.error.v1+json: schema: errorResponseSchema "401": description: Unauthenticated request. This is returned if the access token is missing, invalid, or expired. Access tokens are obtained through the /token endpoint of the Oauth API. body: application/vnd.com.covisint.error.v1+json: schema: errorResponseSchema "403": description: Unauthorized request. The requestor is not authorized to perform the requested operation. body: application/vnd.com.covisint.error.v1+json: schema: errorResponseSchema /{id}/modes: description: End point for getting available mfa mode for user. uriParameters: id: displayName: id type: string required: true repeat: false is: [secured] get: description: "Gives avaiable modes for user.[Since:1.0][Flow-name:mfa-modes-get][Visibility:public]" headers: Accept: description: Media type. type: string required: true repeat: false example: application/vnd.com.covisint.platform.mfa.user.modes.v1+json Authorization: description: Access token that is obtained from the /token endpoint of the OAuth API. type: string required: true repeat: false pattern: "^Bearer .*$" example: Bearer ZCtYUGpYRXpET0JvVE1rZzlWV3I1Yk responses: "200": body: application/vnd.com.covisint.platform.mfa.user.modes.v1+json: schema: userAvailableModes "400": description: | There was a problem with the client's request ___ Substatus codes are mentioned below: + framework:request:header:missing - Missing request header: {headerName} + framework:request:invalid:header:value - Invalid x-requestor header value. Valid values are [person, application] body: application/vnd.com.covisint.error.v1+json: schema: errorResponseSchema "401": description: Unauthenticated request. This is returned if the access token is missing, invalid, or expired. Access tokens are obtained through the /token endpoint of the Oauth API. body: application/vnd.com.covisint.error.v1+json: schema: errorResponseSchema "403": description: Unauthorized request. The requestor is not authorized to perform the requested operation. body: application/vnd.com.covisint.error.v1+json: schema: errorResponseSchema /fido: description: Endpoints for fido service. is: [secured] /register/start: description: End point for start registration process. is: [secured] post: description: "Start registration process, generate challenge and send to browser.[Since:1.11][Flow-name:fido-start-register][Visibility:public]" headers: Accept: description: Media type. type: string required: true repeat: false example: application/json Content-Type: description: Media type. type: string required: true repeat: false example: application/json Authorization: description: Access token that is obtained from the /token endpoint of the OAuth API. type: string required: true repeat: false pattern: "^Bearer .*$" example: Bearer ZCtYUGpYRXpET0JvVE1rZzlWV3I1Yk queryParameters: cuid: description: User gbl covs user id. type: string required: true repeat: false displayName: description: Device name which display on the page. type: string required: true repeat: false url: description: The origin app's url. type: string required: true repeat: false responses: "200": description: Succefully start registration process. "400": description: | There was a problem with the client's request ___ Substatus codes are mentioned below: + framework:request:param:missing - Missing request parameter: {mode,phoneType,action}; + invalid.mode - Valid modes (SMS, PHONE, GRIDCARD, EMAIL,GA).; + mode.not.found - User doesn't have any mfa mode + framework:request:param:missing - Missing request parameter: phoneType + framework:resource:missing - A resource with the following ID was not found:{cuidId} + framework:resource:data:illegal - The 'To' number {phoneNumber} is not a valid phone number. + framework:request:invalid:header:value - Invalid x-requestor header value. Valid values are [person, application] body: application/vnd.com.covisint.error.v1+json: schema: errorResponseSchema "401": description: Unauthenticated request. This is returned if the access token is missing, invalid, or expired. Access tokens are obtained through the /token endpoint of the Oauth API. body: application/vnd.com.covisint.error.v1+json: schema: errorResponseSchema "403": description: Unauthorized request. The requestor is not authorized to perform the requested operation. body: application/vnd.com.covisint.error.v1+json: schema: errorResponseSchema /register/{personId}/finish: description: End point for complete registration process. uriParameters: personId: description: The id of the person for whom this request is being made. type: string required: true repeat: false is: [secured] post: description: "Completes registration process, verify the response from browser.[Since:1.11][Flow-name:fido-finish-register][Visibility:public]" headers: Accept: description: Media type. type: string required: true repeat: false example: application/json Content-Type: description: Media type. type: string required: true repeat: false example: application/json Authorization: description: Access token that is obtained from the /token endpoint of the OAuth API. type: string required: true repeat: false pattern: "^Bearer .*$" example: Bearer ZCtYUGpYRXpET0JvVE1rZzlWV3I1Yk queryParameters: responseJson: description: The json string from browser after verify authenticator. type: string required: true repeat: false responses: "200": description: Succefully finish registration process. "400": description: | There was a problem with the client's request ___ Substatus codes are mentioned below: + framework:request:header:missing - Missing request header: {headerName} + framework:request:invalid:header:value - Invalid x-requestor header value. Valid values are [person, application] body: application/vnd.com.covisint.error.v1+json: schema: errorResponseSchema "401": description: Unauthenticated request. This is returned if the access token is missing, invalid, or expired. Access tokens are obtained through the /token endpoint of the Oauth API. body: application/vnd.com.covisint.error.v1+json: schema: errorResponseSchema "403": description: Unauthorized request. The requestor is not authorized to perform the requested operation. body: application/vnd.com.covisint.error.v1+json: schema: errorResponseSchema /authentication/start: description: End point for start registration process. is: [secured] post: description: "Start registration process, generate challenge and send to browser.[Since:1.11][Flow-name:fido-start-authentication][Visibility:public]" headers: Accept: description: Media type. type: string required: true repeat: false example: application/json Content-Type: description: Media type. type: string required: true repeat: false example: application/json Authorization: description: Access token that is obtained from the /token endpoint of the OAuth API. type: string required: true repeat: false pattern: "^Bearer .*$" example: Bearer ZCtYUGpYRXpET0JvVE1rZzlWV3I1Yk queryParameters: cuid: description: User gbl covs user id. type: string required: true repeat: false url: description: The origin app's url. type: string required: true repeat: false responses: "200": description: Succefully start authentication process. "400": description: | There was a problem with the client's request ___ Substatus codes are mentioned below: + framework:request:param:missing - Missing request parameter: {mode,phoneType,action}; + invalid.mode - Valid modes (SMS, PHONE, GRIDCARD, EMAIL,GA).; + mode.not.found - User doesn't have any mfa mode + framework:request:param:missing - Missing request parameter: phoneType + framework:resource:missing - A resource with the following ID was not found:{cuidId} + framework:resource:data:illegal - The 'To' number {phoneNumber} is not a valid phone number. + framework:request:invalid:header:value - Invalid x-requestor header value. Valid values are [person, application] body: application/vnd.com.covisint.error.v1+json: schema: errorResponseSchema "401": description: Unauthenticated request. This is returned if the access token is missing, invalid, or expired. Access tokens are obtained through the /token endpoint of the Oauth API. body: application/vnd.com.covisint.error.v1+json: schema: errorResponseSchema "403": description: Unauthorized request. The requestor is not authorized to perform the requested operation. body: application/vnd.com.covisint.error.v1+json: schema: errorResponseSchema /authentication/finish: description: End point for complete authentication process. is: [secured] post: description: "Completes authentication process, verify the assertion response from browser.[Since:1.11][Flow-name:fido-finish-authentication][Visibility:public]" headers: Accept: description: Media type. type: string required: true repeat: false example: application/json Content-Type: description: Media type. type: string required: true repeat: false example: application/json Authorization: description: Access token that is obtained from the /token endpoint of the OAuth API. type: string required: true repeat: false pattern: "^Bearer .*$" example: Bearer ZCtYUGpYRXpET0JvVE1rZzlWV3I1Yk queryParameters: responseJson: description: The json string from browser after verify authenticator. type: string required: true repeat: false responses: "200": description: Succefully finish authentication process. "400": description: | There was a problem with the client's request ___ Substatus codes are mentioned below: + framework:request:header:missing - Missing request header: {headerName} + framework:request:invalid:header:value - Invalid x-requestor header value. Valid values are [person, application] body: application/vnd.com.covisint.error.v1+json: schema: errorResponseSchema "401": description: Unauthenticated request. This is returned if the access token is missing, invalid, or expired. Access tokens are obtained through the /token endpoint of the Oauth API. body: application/vnd.com.covisint.error.v1+json: schema: errorResponseSchema "403": description: Unauthorized request. The requestor is not authorized to perform the requested operation. body: application/vnd.com.covisint.error.v1+json: schema: errorResponseSchema /device/search: description: End point for search devices. is: [secured] get: description: "Search devices.[Since:1.11][Flow-name:fido-search-devices][Visibility:public]" headers: Accept: description: Media type. type: string required: true repeat: false example: application/json Content-Type: description: Media type. type: string required: true repeat: false example: application/json Authorization: description: Access token that is obtained from the /token endpoint of the OAuth API. type: string required: true repeat: false pattern: "^Bearer .*$" example: Bearer ZCtYUGpYRXpET0JvVE1rZzlWV3I1Yk queryParameters: cuid: description: Retrieve devices for a supplied person identifier type: string required: true repeat: false responses: "200": description: Succefully search devices. "400": description: | There was a problem with the client's request ___ Substatus codes are mentioned below: + framework:request:header:missing - Missing request header: {headerName} + framework:request:invalid:header:value - Invalid x-requestor header value. Valid values are [person, application] body: application/vnd.com.covisint.error.v1+json: schema: errorResponseSchema "401": description: Unauthenticated request. This is returned if the access token is missing, invalid, or expired. Access tokens are obtained through the /token endpoint of the Oauth API. body: application/vnd.com.covisint.error.v1+json: schema: errorResponseSchema "403": description: Unauthorized request. The requestor is not authorized to perform the requested operation. body: application/vnd.com.covisint.error.v1+json: schema: errorResponseSchema /device/{cuid}/{displayName}/delete: description: End point for delete device. uriParameters: cuid: description: The id of the person who register the device. type: string required: true repeat: false displayName: description: The name of the device type: string required: true repeat: false is: [secured] delete: description: "delete device.[Since:1.11][Flow-name:fido-delete-device][Visibility:public]" headers: Accept: description: Media type. type: string required: true repeat: false example: application/json Content-Type: description: Media type. type: string required: false repeat: false example: application/json Authorization: description: Access token that is obtained from the /token endpoint of the OAuth API. type: string required: true repeat: false pattern: "^Bearer .*$" example: Bearer ZCtYUGpYRXpET0JvVE1rZzlWV3I1Yk responses: "200": description: Succefully delete device. "400": description: | There was a problem with the client's request ___ Substatus codes are mentioned below: + framework:request:header:missing - Missing request header: {headerName} + framework:request:invalid:header:value - Invalid x-requestor header value. Valid values are [person, application] body: application/vnd.com.covisint.error.v1+json: schema: errorResponseSchema "401": description: Unauthenticated request. This is returned if the access token is missing, invalid, or expired. Access tokens are obtained through the /token endpoint of the Oauth API. body: application/vnd.com.covisint.error.v1+json: schema: errorResponseSchema "403": description: Unauthorized request. The requestor is not authorized to perform the requested operation. body: application/vnd.com.covisint.error.v1+json: schema: errorResponseSchema /otp: /generate: is: [secured] post: description: "The api to generate OTP and send based on mode type.[Since:1.12][Flow-name:generate-otp][Visibility:public]" headers: Accept: description: Media type for validation. type: string required: true repeat: false example: application/json Content-Type: description: Media type for validation. type: string required: true repeat: false example: application/vnd.com.covisint.platform.otp.authentication.v1+json Authorization: description: Access token that is obtained from the /token endpoint of the OAuth API. type: string required: true repeat: false pattern: "^Bearer .*$" example: Bearer ZCtYUGpYRXpET0JvVE1rZzlWV3I1Yk body: application/vnd.com.covisint.platform.authentication.passcode.v1+json: schema: userAuthPasscode example: | { "mode": "EMAIL", "value": "test@gmail.com", "lang" : "en" } responses: "200": body: application/json: example: | { "trackingId": 1488205915095 } "400": description: | There was a problem with the client's request ___ Substatus codes are mentioned below: + framework:request:param:missing - The following information was missing from the resource- {Type and Value}; + err.invalid.mode - Valid modes (SMS, PHONE, EMAIL).; + err.invalid.emailIdFormat - Invalid email id format {value}.; + err.invalid.phonenumber - Invalid phone number {value}.; + err.notification.fail - Error occured while sending notification.; + framework:request:invalid:header:value - Invalid x-requestor header value. Valid values are [person, application] body: application/vnd.com.covisint.error.v1+json: schema: errorResponseSchema "401": description: Unauthenticated request. This is returned if the access token is missing, invalid, or expired. Access tokens are obtained through the /token endpoint of the Oauth API. body: application/vnd.com.covisint.error.v1+json: schema: errorResponseSchema "403": description: Unauthorized request. The requestor is not authorized to perform the requested operation. body: application/vnd.com.covisint.error.v1+json: schema: errorResponseSchema /verify: is: [secured] post: description: "The api to verify OTP.[Since:1.12][Flow-name:verify-otp][Visibility:public]" headers: Content-Type: description: Media type for validation. type: string required: true repeat: false example: application/vnd.com.covisint.platform.otp.authentication.v1+json Authorization: description: Access token that is obtained from the /token endpoint of the OAuth API. type: string required: true repeat: false pattern: "^Bearer .*$" example: Bearer ZCtYUGpYRXpET0JvVE1rZzlWV3I1Yk body: application/vnd.com.covisint.platform.authentication.passcode.v1+json: schema: userAuthPasscode example: | { "trackingId": "36901d55-10f7-43ad-acb6-e4fbbfc397db1", "passCode": "1234" } responses: "200": description: The otp is validated successfully. "400": description: | There was a problem with the client's request ___ Substatus codes are mentioned below: + framework:request:param:missing - The following information was missing from the resource- {trackingId and passCode}; + err.invalid.trackingId - Invalid trackingId {trackingId}.; + err.verify.otp.invalid - Invalid OTP; + err.verify.otp.expired - OTP expired; + framework:request:invalid:header:value - Invalid x-requestor header value. Valid values are [person, application] body: application/vnd.com.covisint.error.v1+json: schema: errorResponseSchema "401": description: Unauthenticated request. This is returned if the access token is missing, invalid, or expired. Access tokens are obtained through the /token endpoint of the Oauth API. body: application/vnd.com.covisint.error.v1+json: schema: errorResponseSchema "403": description: Unauthorized request. The requestor is not authorized to perform the requested operation. body: application/vnd.com.covisint.error.v1+json: schema: errorResponseSchema /mfa: description: "Endpoints for users MFA configuration. [Since:1.12]" is: [secured] /validate: description: "End point for generating the xsrf and jwt. This endpoint validates the mfa id and passcode/security questions.[Since:1.12]" is: [secured] post: description: "Generates the the xsrf and jwt if passcode and mfa id are successfully validated .[Since:1.12][flow-name:token-validate-post]" headers: Accept: description: Media type. type: string required: true repeat: false example: application/vnd.com.covisint.platform.mfa.tokens.v1+json x-ignoremfa: description: Media type. type: boolean required: false repeat: false example: true Content-Type: description: Media type. type: string required: true repeat: false example: application/vnd.com.covisint.platform.mfa.tokens.v1+json Authorization: description: Access token that is obtained from the /token endpoint of the OAuth API. type: string required: true repeat: false pattern: "^Bearer .*$" example: Bearer ZCtYUGpYRXpET0JvVE1rZzlWV3I1Yk body: application/vnd.com.covisint.platform.mfa.tokens.v1+json: schema: mfaValidateRequest responses: "201": description: Successfully validated token and issued jwt and xsrf tokens. body: application/vnd.com.covisint.platform.mfa.tokens.v1+json: schema: sessionToken "400": description: | There was a problem with the client's request ___ Substatus codes are mentioned below: + framework:request:invalid:header:value - Invalid x-requestor header value. Valid values are [person, application] "412": description: | There was a problem with the client's request ___ Substatus codes are mentioned below: + ignoremfa.required - Missing value of ignoremfa header: {headerName} body: application/vnd.com.covisint.error.v1+json: schema: errorResponseSchema "401": description: Unauthenticated request. This is returned if the access token is missing, invalid, or expired. Access tokens are obtained through the /token endpoint of the Oauth API. body: application/vnd.com.covisint.error.v1+json: schema: errorResponseSchema "403": description: Unauthorized request. The requestor is not authorized to perform the requested operation. body: application/vnd.com.covisint.error.v1+json: schema: errorResponseSchema /register: description: "Validates the passcode and registers the MFA mode.[Since:1.12]" is: [secured] post: description: "Generates the the xsrf and jwt if passcode and mfa id are successfully validated .[Since:1.12][flow-name:token-register-post]" headers: Accept: description: Media type. type: string required: true repeat: false example: application/vnd.com.covisint.platform.mfa.tokens.v1+json Content-Type: description: Media type. type: string required: true repeat: false example: application/vnd.com.covisint.platform.mfa.tokens.v1+json x-ignoremfa: description: Media type. type: boolean required: false repeat: false example: true Authorization: description: Access token that is obtained from the /token endpoint of the OAuth API. type: string required: true repeat: false pattern: "^Bearer .*$" example: Bearer ZCtYUGpYRXpET0JvVE1rZzlWV3I1Yk body: application/vnd.com.covisint.platform.mfa.tokens.v1+json: schema: mfaValidateRequest responses: "201": description: Successfully registered MFA mode. body: application/vnd.com.covisint.platform.mfa.tokens.v1+json: schema: sessionToken "400": description: | There was a problem with the client's request ___ Substatus codes are mentioned below: + framework:request:invalid:header:value - Invalid x-requestor header value. Valid values are [person, application] "412": description: | There was a problem with the client's request ___ Substatus codes are mentioned below: + ignoremfa.required - Missing value of ignoremfa header: {headerName} body: application/vnd.com.covisint.error.v1+json: schema: errorResponseSchema "401": description: Unauthenticated request. This is returned if the access token is missing, invalid, or expired. Access tokens are obtained through the /token endpoint of the Oauth API. body: application/vnd.com.covisint.error.v1+json: schema: errorResponseSchema "403": description: Unauthorized request. The requestor is not authorized to perform the requested operation. body: application/vnd.com.covisint.error.v1+json: schema: errorResponseSchema /persons/{personId}/googleAccount: uriParameters: personId: description: The id of the person for whom this request is being made. type: string required: true repeat: false is: [secured] delete: description: "Removes google account assigned to the user. [Flow-name:user-google-account-delete][Since:1.12][Visibility:public]" headers: Authorization: description: Access token that is obtained from the /token endpoint of the OAuth API. type: string required: true repeat: false pattern: "^Bearer .*$" example: Bearer ZCtYUGpYRXpET0JvVE1rZzlWV3I1Yk responses: "204": description: The user's Google account was successfully deleted. "400": description: | There was a problem with the client's request ___ Substatus codes are mentioned below: + framework:request:invalid:header:value - Invalid x-requestor header value. Valid values are [person, application] + framework:request:header:missing - Missing request header: {headerName} + no.google.account.person - No Google account found for the person body: application/vnd.com.covisint.error.v1+json: schema: errorResponseSchema "500": description: | An unknown server error occurred ___ Substatus codes and error messages are mentioned below: + framework:unknown body: application/vnd.com.covisint.error.v1+json: schema: errorResponseSchema "401": description: Unauthenticated request. This is returned if the access token is missing, invalid, or expired. Access tokens are obtained through the /token endpoint of the Oauth API. body: application/vnd.com.covisint.error.v1+json: schema: errorResponseSchema "403": description: Unauthorized request. The requestor is not authorized to perform the requested operation. body: application/vnd.com.covisint.error.v1+json: schema: errorResponseSchema is: [deleteResponse]