#%RAML 0.8 title: Multifactor Auth API version: v1 baseUri: "https://api.us1.covisint.com/multifactorauth/v1" protocols: [HTTPS] schemas: - resourceReference: | { "id" : "http://api.covisint.com/schema/resourceReference", "$schema" : "http://json-schema.org/draft-04/schema", "description" : "Schema representing links", "type" : "object", "properties" : { "id" : { "type" : "string", "description" : "The unique identifier for the resource." }, "type" : { "type" : "string", "description" : "The type of the resource." }, "realm" : { "type" : "string", "description" : "The realm of the resource." } } , "required":[ "id" ] } - namedResourceReference: | { "id" : "http://api.covisint.com/schema/namedScopedResource", "$schema" : "http://json-schema.org/draft-04/schema", "type" : "object", "description" : "Expands on the basic resource reference and adds internationalized name and description.", "extends" : { "$ref" : "http://api.covisint.com/schema/resourceReference#" }, "properties" : { "name" : { "description": "Internationalized resource name.", "$ref" : "http://api.covisint.com/idm/schema/internationalString#" }, "description" : { "description": "Internationalized resource description.", "$ref" : "http://api.covisint.com/idm/schema/internationalString#" } } } - resource: | { "id" : "http://api.covisint.com/schema/resource", "$schema" : "http://json-schema.org/draft-04/schema", "description" : "Core schema", "definitions" : { "resource" : { "id" : "resource", "type" : "object", "description" : "A basic resource.", "properties" : { "id" : { "type" : "string", "maxLength" : 64, "description" : "The unique identifier for this resource." }, "version": { "type" : "number", "minimum" : 0, "maximum" : 9223372036854775807, "description" : "The current version for this resource. Exists once the resource has been saved. This is mandatory for PUT requests, but should not be supplied for POST requests." }, "creator" : { "type" : "string", "maxLength" : 64, "description" : "The creator of this resource. This read-only field is ignored by the server, and is overlayed with the value supplied in the x-requestor header.", "readonly": true }, "creatorAppId" : { "type" : "string", "maxLength" : 64, "description" : "The id of the application used to create this resource. This read-only field is ignored by the server, and is overlayed with the value supplied in the x-requestor-app header.", "readonly": true }, "creation" : { "type" : "number", "minimum" : 0, "maximum" : 9223372036854775807, "description" : "This read only property is ignored by the server and the system will overlay with the time, in milliseconds since the epoch, when this resource was created.", "readonly": true } } , "required":[ "id", "creator", "creatorAppId", "creation" ] } } } - resourceV2: | { "id" : "http://api.covisint.com/schema/resourceV2", "$schema" : "http://json-schema.org/draft-04/schema", "description" : "Core schema", "definitions" : { "resource" : { "id" : "resourceV2", "type" : "object", "description" : "A basic resource (version V2).", "properties" : { "id" : { "type" : "string", "maxLength" : 64, "description" : "The unique identifier for this resource." }, "version": { "type" : "string", "description" : "The current version for this resource. Exists once the resource has been saved. This is mandatory for PUT requests, but should not be supplied for POST requests." }, "creator" : { "type" : "string", "maxLength" : 64, "description" : "The creator of this resource. This read-only field is ignored by the server, and is overlayed with the value supplied in the x-requestor header.", "readonly": true }, "creatorAppId" : { "type" : "string", "maxLength" : 64, "description" : "The id of the application used to create this resource. This read-only field is ignored by the server, and is overlayed with the value supplied in the x-requestor-app header.", "readonly": true }, "creation" : { "type" : "number", "minimum" : 0, "maximum" : 9223372036854775807, "description" : "This read only property is ignored by the server and the system will overlay with the time, in milliseconds since the epoch, when this resource was created.", "readonly": true } } , "required":[ "id", "creator", "creatorAppId", "creation" ] } } } - realmScopedResource: | { "id" : "http://api.covisint.com/schema/realmScopedResource", "$schema" : "http://json-schema.org/draft-04/schema", "type" : "object", "description" : "Expands on the base resource and adds a realm attribute.", "extends" : { "$ref" : "http://api.covisint.com/schema/resource#" }, "properties" : { "realm" : { "type" : "string", "maxLength" : 25, "pattern" : "^[A-Za-z0-9]{2,25}$", "description" : "The realm in which this resource is being created. This read-only field is ignored by the server, and is overlayed with the value supplied in the x-realm header.", "readonly": true } } , "required":[ "realm" ] } - realmScopedResourceV2: | { "id" : "http://api.covisint.com/schema/realmScopedResourceV2", "$schema" : "http://json-schema.org/draft-04/schema", "type" : "object", "description" : "A realm scoped resource (version V2). Expands on the base resource (version V2) and adds a realm attribute.", "extends" : { "$ref" : "http://api.covisint.com/schema/resourceV2#" }, "properties" : { "realm" : { "type" : "string", "maxLength" : 25, "pattern" : "^[A-Za-z0-9]{2,25}$", "description" : "The realm in which this resource is being created. This read-only field is ignored by the server, and is overlayed with the value supplied in the x-realm header.", "readonly": true } } , "required":[ "realm" ] } - errorResponseSchema: | { "id" : "http://api.covisint.com/schema/errorResponseSchema", "$schema" : "http://json-schema.org/draft-04/schema", "type" : "object", "description" : "Representation of an HTTP 4xx/5xx error response.", "properties" : { "status" : { "type" : "number", "minimum" : 400, "maximum" : 599, "description" : "The HTTP status code." }, "apiMessage" : { "type" : "string", "description" : "A helpful, human-readable description of the error, useful for basic diagnostics." }, "apiStatusCode" : { "type" : "string", "description" : "The API-specific status code." } } , "required":[ "status" ] } - serviceCode: | { "id" : "http://api.covisint.com/schema/serviceCodes", "$schema" : "http://json-schema.org/draft-04/schema", "type": "object", "description": "The site/service/location codes granted along with a service.", "properties": { "code": { "type": "string", "maxLength": 200, "description": "The code value." }, "codeKind": { "type": "string", "maxLength": 36, "description": "The associated business unit." } } , "required":[ "code", "codeKind" ] } - serviceCodes: | { "type" : "array", "description" : "The site/service/location codes granted along with the service, if any.", "items" : { "$ref" : "http://api.covisint.com/schema/serviceCode#"}, "required": false } - address: | { "id" : "http://api.covisint.com/idm/schema/address", "$schema" : "http://json-schema.org/draft-04/schema", "type" : "object", "description" : "A container for the subject's address elements.", "properties" : { "streets" : { "type" : "array", "description" : "An array of address streets (i.e. address line 1, 2, 3).", "minItems" : 0, "items" : { "type" : "string", "maxLength" : 255 } }, "city" : { "type" : "string", "maxLength" : 60, "description" : "The city name." }, "state" : { "type" : "string", "maxLength" : 60, "description" : "The state/province name or code." }, "postal" : { "type" : "string", "maxLength" : 10, "description" : "The postal or zip code." }, "country" : { "type" : "string", "minLength" : 2, "maxLength" : 3, "description" : "The ISO country code. http://en.wikipedia.org/wiki/ISO_3166-1_alpha-2"} } } - phone: | { "id" : "http://api.covisint.com/idm/schema/phone", "$schema" : "http://json-schema.org/draft-04/schema", "type" : "object", "description" : "A container for phone number details.", "properties" : { "number" : { "type" : "string","maxLength" : 100, "description" : "The phone number." }, "type" : { "enum" : [ "main", "mobile", "fax" ], "description" : "The phone number type." } }, "required" : [ "type" ] } - internationalString: | { "id": "http://api.covisint.com/idm/schema/internationalString", "$schema": "http://json-schema.org/draft-04/schema", "type": "array", "description" : "An internationalized string value, supporting one or more language translations.", "minItems": 1, "items": { "type": "object", "properties": { "lang": { "type": "string", "maxLength": 10, "description": "The language or locale in which the text is written." }, "text": { "type": "string", "maxLength": 2000, "description": "The internationalized text value." } } } } - tags: | { "id": "http://api.covisint.com/idm/schema/tag", "$schema": "http://json-schema.org/draft-04/schema", "type": "array", "description" : "The tags associated with a resource. This array is read-only, and may be modified on the resource endpoint with the appropriate tagging APIs.", "minItems": 1, "items": { "type": "object", "properties": { "tagName": { "type": "string", "description": "The tag associated with a resource." } } } } - baseDefinitionResource: | { "id" : "http://api.covisint.com/schema/baseDefinitionResource", "$schema" : "http://json-schema.org/draft-04/schema", "type" : "object", "description" : "A base rule definition(version V1). Expands on the base resource (version V2) and adds a realm attribute.", "extends": { "$ref" : "http://api.covisint.com/schema/realmScopedResourceV2#" }, "properties": { "name": { "description": "The application name (internationalized).", "$ref": "http://api.covisint.com/schema/internationalString#" }, "description": { "description": "The application description (internationalized).", "$ref" : "http://api.covisint.com/idm/schema/internationalString#" }, "properties":{ "type":"array", "description":"Properties used by the implementation.", "minItems":0, "items":[ { "anyOf": [ { "type": "string", "description": "The name of the property." }, { "type": "string", "description": "The value of the property." } ] } ] } , "required":[ "items" ] } , "required":[ "name" ] } - baseActionDefinitionResource: | { "id" : "http://api.covisint.com/schema/baseActionDefinitionResource", "$schema" : "http://json-schema.org/draft-04/schema", "type" : "object", "description" : "A base action action definition. Expands on the base definition resource ", "extends": { "$ref" : "http://api.covisint.com/schema/baseDefinitionResource#" }, "properties": { "type": { "description": "Type of action definition.", "enum": [ "SEND_APPLICATION_NOTIFICATION", "SEND_COMMAND", "SEND_NOTIFICATION" ], "required": true } } , "required":[ "type" ] } - baseTriggerDefinitionResource: | { "id" : "http://api.covisint.com/schema/baseTriggerDefinitionResource", "$schema" : "http://json-schema.org/draft-04/schema", "type" : "object", "description" : "A base action trigger definition. Expands on the base definition resource ", "extends": { "$ref" : "http://api.covisint.com/schema/baseDefinitionResource#" }, "properties": { "type": { "description": "Type of trigger definition.", "enum": [ "DEVICE_SEND_EVENT", "DEVICE_LIFECYCLE_STATE_CHANGE", "DEVICE_OPERATIONAL_STATE_CHANGE" ] } } , "required":[ "type" ] } - dataType: | { "id" : "http://api.covisint.com/schema/dataType", "$schema" : "http://json-schema.org/draft-04/schema", "description" : "Data type enum.", "enum":[ "string", "integer", "bool", "decimal" ] } - attribute: | { "id" : "http://api.covisint.com/schema/attribute", "$schema" : "http://json-schema.org/draft-04/schema", "type" : "object", "description" : "An attribute.", "properties" : { "oneOf" : [ { "attributeTypeId" : { "type" : "string", "description" : "The attribute type id." } }, { "attributeType" : { "description" : "The full attribute type definition.", "$ref" : "http://api.covisint.com/schema/attributeType#" } } ], "value" : { "type" : "any", "description" : "The attribute value." } } , "required":[ "attributeTypeId" ] } - attributes: | { "id" : "http://api.covisint.com/schema/attributes", "$schema" : "http://json-schema.org/draft-04/schema", "type" : "array", "description" : "Collection of attributes.", "items" : { "$ref" : "http://api.covisint.com/schema/attribute#" } } - expression: | { "id" : "http://api.covisint.com/schema/expression#", "$schema" : "http://json-schema.org/draft-04/schema", "description" : "The DSL for defining conditional expressions.", "oneOf" : [ { "type" : "object", "properties" : { "any" : { "type" : "array", "description" : "An aggregate expression representing an 'any' condition.", "items" : { "$ref" : "http://api.covisint.com/schema/expression#" } } } }, { "type" : "object", "properties" : { "all" : { "type" : "array", "description" : "An aggregate expression representing an 'all' condition.", "items" : { "$ref" : "http://api.covisint.com/schema/expression#" } } } }, { "type" : "object", "description" : "A simple leaf-node expression. The format of this expression is: '(f:, v:())'. The supported expressions are: equal, notEqual, startsWith, endsWith, matches, greaterThan, greaterThanOrEqual, lessThan, lessThanOrEqual. The field name can be a simple field name i.e. 'id' or hierarchical field name using dot-notation like 'resource.id' / 'resource.tag[0]' . The value corresponding to the field name provided should always be a simple data type and cannot be an array or an object.", "properties" : { "expr" : { "type" : "string" } } , "required":[ "expr" ] } ] } - mfaUserResponse: | { "id" : "http://api.covisint.com/schema/mfaUserResponse", "$schema" : "http://json-schema.org/draft-04/schema", "type" : "object", "description" : "Schema representing mfa response resource.", "extends" : { "$ref" : "http://api.covisint.com/idm/schema/realmScopedResource#" }, "properties" : { "passCode": { "type" : "string", "description": "pass code generated by mfa modes or authType." }, "userId": { "type" : "integer", "description": "The unique user id of the user." }, "trackingId": { "type" : "string", "description": "The trackingId for the mfa mode." }, "authType": { "type" : "string", "description": "MFA mode." }, "status": { "type" : "string", "description": "The status of mfa mode and user association. " } }, "required": ["passCode","userId","trackingId","authType","status"] } - mfaValidateRequest: | { "id" : "http://api.covisint.com/schema/mfaValidateRequest", "$schema" : "http://json-schema.org/draft-04/schema", "type" : "object", "description" : "Schema representing an mfa passcode validate request resource.", "extends" : { "$ref" : "http://api.covisint.com/idm/schema/realmScopedResource#" }, "properties" : { "trackingId": { "type" : "string", "description": "The mfa id." }, "passCode": { "type" : "integer", "description": "The passcode generated. Either passCode or questions property is required." }, "questions": { "type" : "array", "description" : "The security questions answered. Either passCode or questions property is required.", "minItems" : 1, "items" : { "$ref" : "http://api.covisint.com/idm/schema/mfaSecurityQuestion#" } }, "idToken": { "type" : "string", "description" : "JWT token, optional parameter for user level token and mandatory for app level token" } }, "required": ["trackingId"] } - mfaSecurityQuestion: | { "id" : "http://api.covisint.com/schema/mfaSecurityQuestion", "$schema" : "http://json-schema.org/draft-04/schema", "type" : "object", "description" : "Schema representing an mfa security question.", "properties" : { "questionId": { "type" : "string", "description": "The mfa security question id. Format is ':'. For example: 'REALM-CODE-01:1'." }, "answer": { "type" : "string", "description": "The answer for security question to be verified." } }, "required": ["questionId", "answer"] } - sessionToken: | { "id" : "http://api.covisint.com/schema/risk", "$schema" : "http://json-schema.org/draft-04/schema", "type": "object", "properties":{ "idToken":{ "type": "string", "description": "The jwt token." } } } - userAvailableModes: | { "id" : "http://api.covisint.com/schema/risk", "$schema" : "http://json-schema.org/draft-04/schema", "type": "object", "properties":{ "availableModes":{ "type": "array", "description": "These are the available Modes for user." }, "email": { "type": "string", "description": "This is the email id of user. It is encoded in format a***b@xyz.com" }, "defaultPhone": { "type": "string", "description": "This is the default phone number of user. It is encoded in format ******1234" }, "mobileNumber": { "type": "string", "description":"This is the mobile number of user. It is encoded in format ******1234" } }} traits: - secured: displayName: secured - unsecured: displayName: unsecured - getResponse: displayName: getResponse - getSearchResponse: displayName: getSearchResponse - postResponse: displayName: postResponse - deleteResponse: displayName: deleteResponse - putResponse: displayName: putResponse - putResponseV2: displayName: putResponseV2 - putCreateResponse: displayName: putCreateResponse - taskResponse: displayName: taskResponse - pagableRequest: displayName: pagableRequest - taggable: displayName: taggable - sortable: displayName: sortable - searchable: displayName: searchable /mfa: description: "Endpoints for users MFA configuration. [Since:1.0]" is: [secured] /validate: description: "End point for generating the xsrf and jwt. This endpoint validates the mfa id and passcode/security questions.[Since:1.5]" is: [secured] post: description: "Generates the the xsrf and jwt if passcode and mfa id are successfully validated .[Since:1.5][flow-name:token-validate-post]" headers: Accept: description: Media type. type: string required: true repeat: false example: application/vnd.com.covisint.platform.mfa.tokens.v1+json x-ignoremfa: description: Media type. type: boolean required: false repeat: false example: true Content-Type: description: Media type. type: string required: true repeat: false example: application/vnd.com.covisint.platform.mfa.tokens.v1+json Authorization: description: Access token that is obtained from the /token endpoint of the OAuth API. type: string required: true repeat: false pattern: "^Bearer .*$" example: Bearer ZCtYUGpYRXpET0JvVE1rZzlWV3I1Yk body: application/vnd.com.covisint.platform.mfa.tokens.v1+json: schema: mfaValidateRequest responses: "201": description: Successfully validated token and issued jwt and xsrf tokens. body: application/vnd.com.covisint.platform.mfa.tokens.v1+json: schema: sessionToken "400": description: | There was a problem with the client's request ___ Substatus codes are mentioned below: + framework:request:invalid:header:value - Invalid x-requestor header value. Valid values are [person, application] "412": description: | There was a problem with the client's request ___ Substatus codes are mentioned below: + ignoremfa.required - Missing value of ignoremfa header: {headerName} body: application/vnd.com.covisint.error.v1+json: schema: errorResponseSchema "401": description: Unauthenticated request. This is returned if the access token is missing, invalid, or expired. Access tokens are obtained through the /token endpoint of the Oauth API. body: application/vnd.com.covisint.error.v1+json: schema: errorResponseSchema "403": description: Unauthorized request. The requestor is not authorized to perform the requested operation. body: application/vnd.com.covisint.error.v1+json: schema: errorResponseSchema /register: description: "Validates the passcode and registers the MFA mode.[Since:1.0]" is: [secured] post: description: "Generates the the xsrf and jwt if passcode and mfa id are successfully validated .[Since:1.0][flow-name:token-register-post]" headers: Accept: description: Media type. type: string required: true repeat: false example: application/vnd.com.covisint.platform.mfa.tokens.v1+json Content-Type: description: Media type. type: string required: true repeat: false example: application/vnd.com.covisint.platform.mfa.tokens.v1+json x-ignoremfa: description: Media type. type: boolean required: false repeat: false example: true Authorization: description: Access token that is obtained from the /token endpoint of the OAuth API. type: string required: true repeat: false pattern: "^Bearer .*$" example: Bearer ZCtYUGpYRXpET0JvVE1rZzlWV3I1Yk body: application/vnd.com.covisint.platform.mfa.tokens.v1+json: schema: mfaValidateRequest responses: "201": description: Successfully registered MFA mode. body: application/vnd.com.covisint.platform.mfa.tokens.v1+json: schema: sessionToken "400": description: | There was a problem with the client's request ___ Substatus codes are mentioned below: + framework:request:invalid:header:value - Invalid x-requestor header value. Valid values are [person, application] "412": description: | There was a problem with the client's request ___ Substatus codes are mentioned below: + ignoremfa.required - Missing value of ignoremfa header: {headerName} body: application/vnd.com.covisint.error.v1+json: schema: errorResponseSchema "401": description: Unauthenticated request. This is returned if the access token is missing, invalid, or expired. Access tokens are obtained through the /token endpoint of the Oauth API. body: application/vnd.com.covisint.error.v1+json: schema: errorResponseSchema "403": description: Unauthorized request. The requestor is not authorized to perform the requested operation. body: application/vnd.com.covisint.error.v1+json: schema: errorResponseSchema /token: description: "End point for generating pass code for second factor authentication. [Since:1.0]" is: [secured] post: description: "Generates the pass code and sends it to the user based on the mode supplied .[Since:1.0][flow-name:token-post]" headers: Accept: description: Media type. type: string required: true repeat: false example: application/vnd.com.covisint.platform.mfa.user.v1+json Content-Type: description: Media type. type: string required: true repeat: false example: application/vnd.com.covisint.platform.mfa.user.v1+json x-ignoremfa: description: Media type. type: boolean required: false repeat: false example: true Authorization: description: Access token that is obtained from the /token endpoint of the OAuth API. type: string required: true repeat: false pattern: "^Bearer .*$" example: Bearer ZCtYUGpYRXpET0JvVE1rZzlWV3I1Yk responses: "201": description: Successfully generated the pass code. body: application/vnd.com.covisint.platform.mfa.user.v1+json: schema: mfaUserResponse "400": description: | There was a problem with the client's request ___ Substatus codes are mentioned below: + framework:request:invalid:header:value - Invalid x-requestor header value. Valid values are [person, application] body: application/vnd.com.covisint.error.v1+json: schema: errorResponseSchema "401": description: Unauthenticated request. This is returned if the access token is missing, invalid, or expired. Access tokens are obtained through the /token endpoint of the Oauth API. body: application/vnd.com.covisint.error.v1+json: schema: errorResponseSchema "403": description: Unauthorized request. The requestor is not authorized to perform the requested operation. body: application/vnd.com.covisint.error.v1+json: schema: errorResponseSchema /mfa/persons: description: Endpoints for users MFA configuration. is: [secured] /{personId}/modes: description: End point for getting available mfa mode for user. uriParameters: personId: displayName: personId type: string required: true repeat: false is: [secured] get: description: "Gives avaiable modes for user.[Since:1.0][flow-name:mfa-modes-get]" headers: Accept: description: Media type. type: string required: true repeat: false example: application/vnd.com.covisint.platform.mfa.user.modes.v1+json x-ignoremfa: description: Media type. type: boolean required: false repeat: false example: true Authorization: description: Access token that is obtained from the /token endpoint of the OAuth API. type: string required: true repeat: false pattern: "^Bearer .*$" example: Bearer ZCtYUGpYRXpET0JvVE1rZzlWV3I1Yk responses: "200": body: application/vnd.com.covisint.platform.mfa.user.modes.v1+json: schema: userAvailableModes "400": description: | There was a problem with the client's request ___ Substatus codes are mentioned below: + framework:request:header:missing - Missing request header: {headerName} + framework:request:invalid:header:value - Invalid x-requestor header value. Valid values are [person, application] body: application/vnd.com.covisint.error.v1+json: schema: errorResponseSchema "401": description: Unauthenticated request. This is returned if the access token is missing, invalid, or expired. Access tokens are obtained through the /token endpoint of the Oauth API. body: application/vnd.com.covisint.error.v1+json: schema: errorResponseSchema "403": description: Unauthorized request. The requestor is not authorized to perform the requested operation. body: application/vnd.com.covisint.error.v1+json: schema: errorResponseSchema