Skip Headers
Oracle® Fusion Middleware Developer's Guide for Oracle Access Management
11g Release 2 (11.1.2)

Part Number E27134-03
Go to Documentation Home
Home
Go to Table of Contents
Contents
Go to Feedback page
Contact Us

Go to previous page
Previous
Go to next page
Next
PDF · Mobi · ePub

12 Sending Mobile and Social REST Calls With cURL

This chapter uses cURL to demonstrate the REST calls that the Mobile and Social client sends to the Mobile and Social server. This chapter includes the following topics:

Notes About Using cURL

cURL is free software that you can download from the cURL website at http://curl.haxx.se/

Using cURL to send REST calls to the server can help you better understand how the Mobile and Social client interacts with the Mobile and Social server. It can also be a helpful troubleshooting tool.

Note:

cURL commands that contain single quotes ( ' ) will fail on Windows. When possible, use double quotes ( " ) in place of single quotes.

If a command requires both single quotes and double quotes, escape the double quotes with a backslash (for example: \" ) and replace the single quotes with double quotes.

Note:

In this guide, line breaks in cURL commands and server responses are for display purposes only.


Request and Response Header Attribute Name Reference

This section documents the request and response attribute names that are reserved for use with Mobile and Social REST Services. These attributes can be included in a query parameter, in an HTTP header, or in the JSON body portion of the header as noted.

Note:

All attribute names and values are case-sensitive.

The following attribute names are documented in this section:


X-IDAAS-REST-VERSION

Use this attribute to specify the specific version of the SDK that the client application is compatible with. If you do not specify an SDK version, the Mobile and Social server defaults to using the latest SDK version.

Where to use This Attribute

Attribute Type

Sample cURL Command

-H "X-IDAAS-REST-VERSION:v1"

Sample Request

curl -i 
-H "Content-Type: application/json http://host.us.example.com:14100/oic_rest
/rest/jwtauthentication/authenticate-d '{
"X-Idaas-Rest-Subject-Type":"USERCREDENTIAL",
"X-Idaas-Rest-Subject-Username":"profileid1","X-Idaas-Rest-Subject-Password":"secret12",
"X-Idaas-Rest-New-Token-Type-To-Create":"CLIENTTOKEN"}'-H "X-IDAAS-REST-VERSION:v1"

Sample Response

HTTP/1.1 200 OK Date: Tue, 05 Jun 2012 11:23:19 GMT Transfer-Encoding: chunked
Content-Type: application/json 
X-IDAAS-REST-VERSION: v1 
Set-Cookie: JSESSIONID=5Z4sPNsHVmrplgs8HNDbQGxddC7TJQS7s4QspYvMpcMJJLC2nGx5!1574
236250; 
path=/; 
HttpOnly 
X-ORACLE-DMS-ECID:a393487d2600b00c:-7abb0b83:137b52ee014:-8000-00000000000026aa 
X-Powered-By: Servlet/2.5 JSP/2.1

Comments

The attribute value must be a string representation of the protocol version, for example v1.


X-IDAAS-SERVICEDOMAIN

Use to specify a Service Domain value. If a Service Domain value is not provided, the system will use the "Default" Service Domain.

Where to use This Attribute

Attribute Type

Sample cURL Command

-H "X-IDAAS-SERVICEDOMAIN: Default"

Sample Request

curl -i 
-H "Content-Type: application/json"--request POST 
http://host.us.example.com:14100/oic_rest/rest/jwtauthentication/authenticate
-d '{
"X-Idaas-Rest-Subject-Type":"USERCREDENTIAL",
"X-Idaas-Rest-Subject-Username":"profileid1",
"X-Idaas-Rest-Subject-Password":"secret12",
"X-Idaas-Rest-New-Token-Type-To-Create":"CLIENTTOKEN"}'-H "X-IDAAS-REST-VERSION:v1" 
-H "X-IDAAS-SERVICEDOMAIN: Default"

Comments

The attribute value must be a string representation of the target Service Domain, for example MyMobileServiceDomain.


X-IDAAS-REST-AUTHORIZATION

Use to specify an application credential in the HTTP request header.

Use the following format:

-H "X-IDAAS-REST-AUTHORIZATION: <AuthenticationScheme-Name> <Credential Value>"

where AuthenticationScheme-Name is one of the following:

Where to use This Attribute

Attribute Type

Sample cURL Commands

-H "X-IDAAS-REST-AUTHORIZATION: Token eyJhbG56I4OTg5OTk3M...fW1VGmunfzqZ-bG4rM" 

-H "X-IDAAS-REST-AUTHORIZATION: Basic fn49xkOVXunF%2B5zMQUiGUlwTXPYiKw"

-H "X-IDAAS-REST-AUTHORIZATION: UIDPASSWORD cred=\"Tp8aUEeptClBz6h9cH8F%2Fwk976\"" 

Sample Request

curl -i -H "Content-Type: application/json" --request POST
http://host.us.example.com:14100/oic_rest/rest/jwtauthentication/authenticate
-d '{
"X-Idaas-Rest-Subject-Type":"USERCREDENTIAL",
"X-Idaas-Rest-Subject-Username":"sampleuser",
"X-Idaas-Rest-Subject-Password":"password123",
"X-Idaas-Rest-New-Token-Type-To-Create":"USERTOKEN"}'-H "X-IDAAS-REST-VERSION:v1" 
-H "X-IDAAS-SERVICEDOMAIN: Default"-H "X-IDAAS-REST-AUTHORIZATION: Token eyJhbGciOiJSUzUxMiIsInR5cSldUQXV0aGVudGljYXR
CI6IkpXVCIsImtpZCI6Im9yYWtleSJ9.eyJleHAiOjEzMzg4OTg5OTk3MzIsIzZXJ2ZXIxIiwiaXNzIjoi
joiY2I2MWU5YTQtZjJmYS00ZDQzLWFlOTYtZWQ5MjZlMGQ2NDZlIiwib3JhY2xlLm9pYy50b2tlbi50eXB
lIjoiQ0xJRU5UVE9LRU4iLCJpYXQiOjEzMzg4OTUzOTk3MzIsIm9yYWNsZS5vaWMudG9rZW4udXNlcl9kb
iI6InVpZD1wcm9maWxlaWQxLG91PXBlb3BsZSxvdT1teXJlYWxtLGRjPWJhc2VfZG9tYWsZSxvdT1teXJl
YWxtLGRjPWJhc2VfZG9tYWluIn0.kN17W0N3GEmdccm7GoUOT4iP23yWb6LloleOJ0grZkeiijXE-t8Kfy
N6Jq1m8EKzdYgiKFwdb-SO9MpOVMyPgxSRER9mn_3kkcKNagl7yIgu0EJUOS3Hudy2Suv0Th5b6fDgXLIY
LkBA0cC1WlP5RgW1VGmuBX7RnfzqZ-bG4rMiLCJwcm4iOiJwcm9maWxlaWQxIiwianRpI" 

Comments

The client application must send a security credential using the X-IDAAS-REST-AUTHORIZATION header if you select the Secured Application option for either User Profile Services or Authorization Services on the Service Domain Configuration "Service Protection" tab. The server accepts credentials sent using any of the three valid security schemes (HTTP Basic, UIDPassword, or Token).


AUTHORIZATION

Use to specify a user credential in the HTTP request header. Use the AUTHORIZATION header if a User Token is required and you are using either a JWTAuthentication or an OAMAuthentication token format. The User Token value has to be the User token issued by the authentication Service Provider.

Use the following format:

-H "AUTHORIZATION:<User Token Value>"

Where to use This Attribute

Attribute Type

Sample cURL Command

-H "AUTHORIZATION:eyJhbGciOiJSUzUxMiIsInR5cmtpZCI6Im9g5OTk3M...sW1VGmunfzqZ-bG4rM" 

Sample Request

curl -i --request GET 
"http://host.us.example.com:14100/oic_rest/rest/userprofile/people/weblogic/"
-H 
"AUTHORIZATION:eyJhbGciOiJSUzUxMiIsInR5cCI6IkpXVCIsImtpZCI6Im9yYWtleSJ9.eyJleHi
EzMzg4OTk3MTMxMzcsImF1ZCI6Im9hbV9zZXJ2ZXIxIiwiaXNzIjoiSldUQXV0aGVudGljYXRpb24iLCJw
cm4iOiJ3ZWJsb2dpYyIsImp0aSI6IjNlMjdiZjc4LTg3NDQtNDFkMS05MzlmLTlkZGY0N2VkNGFlNyIsIm
YWNsZS5vaWMudG9rZW4udHlwZSI6IlVTRVJUT0tFTiIsImlhdCI6MTMzODg5NjExMzEzNywib3JhY2xlLm
9pYy50b2tlbi51c2VyX2RuIjoidWlkPXdlYmxvZ2ljLG91PXBlb3BsZSxvdT1teXJlYWxtLGRjPWJhc2V6
ZG9tYWluIn0.hHmAa5Syw3AcqRPwIq_XLx6DcMzCBzvDXGFYvwAf9nqVgxgvLTJJfxZzofS5Ut272b0dFG
sv3qakeDm2NTgg6fR2YKH5BxAHnEmq0IAmhLuyWdux_rMZNB-wP8h5JD26UQf_nnBBWApvgULeM2mWQEzY
RVDMpN9K7pycNrsGKOj8U"

Comments

The client application must send a security credential using the AUTHORIZATION header if you select the Secured User option for either User Profile Services or Authorization Services on the Service Domain Configuration "Service Protection" tab. The server accepts tokens only.


X-Idaas-Rest-Subject-Type

The type of the subject (either USERCREDENTIAL, UID, UIDASSERTION, or TOKEN).

Where to use This Attribute

Attribute Type

Sample cURL Command

-d '{"X-Idaas-Rest-Subject-Type":"USERCREDENTIAL"}'

-d '{"X-Idaas-Rest-Subject-Type":"UID"}'

-d '{"X-Idaas-Rest-Subject-Type":"UIDASSERTION"}'

Sample Request 1

curl -H "Content-Type: application/json" --request GET
"http://host            .us.example.com:14100/oic_rest/rest/jwtauthentication/validate?
X-Idaas-Rest-Subject-Value=eyJhbGciOiJSUzU...I_A0PM&
X-Idaas-Rest-Subject-Type=TOKEN"

Sample Request 2

curl -i -H "Content-Type: application/json" --request POST
http://host             .us.example.com:14100/oic_rest/rest/jwtauthentication/authenticate
-d '{
"X-Idaas-Rest-Subject-Type":"USERCREDENTIAL",
"X-Idaas-Rest-Subject-Username":"profileid1",
"X-Idaas-Rest-Subject-Password":"secret12345",
"X-Idaas-Rest-New-Token-Type-To-Create":"CLIENTTOKEN"}' 

Comments

The attribute value must be one of the following:


X-Idaas-Rest-Subject-Value

The string value of the subject. Include this attribute when the value of X-Idaas-Rest-Subject-Type is either TOKEN, UID, or UIDASSERTION.

Where to use This Attribute

Attribute Type

Sample cURL Command

Sample Request 1

curl -H "Content-Type: application/json" --request GET
"http://host.example.com:14100/oic_rest/rest/jwtauthentication/validate? X-Idaas-Rest-Subject-Value~=eyJhbGciOiJSUzU...PM&
X-Idaas-Rest-Subject-Type~=TOKEN" 

Sample Request 2

curl -H "Content-Type: application/json" --request POST 
http://localhost:18001/oic_rest/rest/jwtauthentication/access
-d '{
"X-Idaas-Rest-Subject-Type":"TOKEN",
"X-Idaas-Rest-Subject-Value":"vTBI8jN...%3D",
"X-Idaas-Rest-Application-Context":"75sSbBZZKJiUOAWikZxsKA==",
"X-Idaas-Rest-Application-Resource":"http:/host.example.com:7779/index.html",
"X-Idaas-Rest-New-Token-Type-To-Create":"ACCESSTOKEN"}' 

X-Idaas-Rest-Subject

Use to supply both the subject type and string value in the header when the subject type is of type TOKEN.

Where to use This Attribute

Attribute Type

Sample cURL Command

Sample Request

curl -H "Content-Type: application/json" --request GET
http://host.example.com:14100/oic_rest/rest/jwtauthentication/validate
-H 
"X-Idaas-Rest-Subject: TOKEN eyJhbGciOiJSUzUxMiIsInR5cCI6IkpXVCIsImtpZCI6Im9yYWtl
eSJ9.eyJleHAiOjEzMzg5MDEzMzUyMjUsImF1ZCI6Im9hbV9zZXJ2ZXIxIiwiaXNzIjoiSldUQXV0aGVu
dGljYXRpb24iLCJwcm4iOiJ3ZWJsb2dpYyIsImp0aSI6ImUzNDZiYjJiLTQyZmYtNGRjMC1hOTZkLWYyY
2U5MjM0NTM0YSIsIm9yYWNsZS5vaWMudG9rZW4udHlwZSI6IlVTRVJUT0tFTiIsImlhdCI6MTMzODg5Nz
czNTIyNSwib3JhY2xlLm9pYy50b2tlbi51c2VyX2RuIjoidWlkPXdlYmxvZ2ljLG91PXBlb3BsZSxvdT1
teXJlYWxtLGRjPWJhc2VfZG9tYWluIn0.GZ3-X4NRGdQ99MB63B5MmPuyE5M2kFwqHMQ97AXwBjYElMep
ZdziTEgDeYLKJuVB83plSGwpfQEDdzlxR3Sy7tRXbfV3EdK1lpbUyUyEEIwAfuu4xtbNERKrPw3pJoPtU
q0TCd0BV2sRdyy1zuSBdU2J6zUjG8rW-PYDWI_A0PM"

X-Idaas-Rest-Subject-Username

Use to supply the user name as a string only if the X-Idaas-Rest-Subject-Type value is USERCREDENTIAL.

Where to use This Attribute

Attribute Type

Sample cURL Command

Sample Request

curl -i -H "Content-Type: application/json" --request POST
http://host.example.com:14100/oic_rest/rest/jwtauthentication/authenticate
-d '{
"X-Idaas-Rest-Subject-Type":"USERCREDENTIAL",
"X-Idaas-Rest-Subject-Username":"sampleuser",
"X-Idaas-Rest-Subject-Password":"password123",
"X-Idaas-Rest-New-Token-Type-To-Create":"USERTOKEN"}' 


X-Idaas-Rest-Subject-Password

Use to supply the password as a string only if the X-Idaas-Rest-Subject-Type value is USERCREDENTIAL.

Where to use This Attribute

Attribute Type

Sample cURL Command

Sample Request

curl -i -H "Content-Type: application/json" --request POST
http://host.example.com:14100/oic_rest/rest/jwtauthentication/authenticate
-d '{
"X-Idaas-Rest-Subject-Type":"USERCREDENTIAL",
"X-Idaas-Rest-Subject-Username":"sampleuser",
"X-Idaas-Rest-Subject-Password":"password123",
"X-Idaas-Rest-New-Token-Type-To-Create":"USERTOKEN"}' 

X-Idaas-Rest-New-Token-Type-To-Create

Use to provide the token types to be created. Multiple token types can be specified in a request.

Where to use This Attribute

Attribute Type

Sample cURL Command

Sample Request

curl -i -H "Content-Type: application/json" --request POST
http://host.example.com:14100/oic_rest/rest/jwtauthentication/authenticate
-d '{
"X-Idaas-Rest-Subject-Type":"USERCREDENTIAL",
"X-Idaas-Rest-Subject-Username":"sampleuser",
"X-Idaas-Rest-Subject-Password":"password123",
"X-Idaas-Rest-New-Token-Type-To-Create":"USERTOKEN"}' 

Comments

The attribute value must be one of the following:


X-Idaas-Rest-Application-Context

Use to specify the application context for which an Access Token is needed. The supplied value must be string.

Where to use This Attribute

Attribute Type

Sample cURL Command

Sample Request 1

curl -H "Content-Type: application/json"
--request POST http://localhost:18001/oic_rest/rest/jwtauthentication/access
-d '{
"X-Idaas-Rest-Subject-Type":"TOKEN",
"X-Idaas-Rest-Subject-Value":"vTBI8jN8eYIsfAp%2BZqe...GkiaHv7TjAGZ5XFSQk5A%3D%3D",
"X-Idaas-Rest-Application-Context":"75sSbBZZKJiUOAWikZxsKA==",
"X-Idaas-Rest-Application-Resource":"http://somehost.example.com:7779/index.html",
"X-Idaas-Rest-New-Token-Type-To-Create":"ACCESSTOKEN"}' 

X-Idaas-Rest-Application-Resource

Use to specify the target resource for which an Access Token is needed. The supplied value must be string.

Where to use This Attribute

Attribute Type

Sample cURL Command

Sample Request 1

curl -H "Content-Type: application/json"
--request POST http://localhost:18001/oic_rest/rest/jwtauthentication/access-d '{
"X-Idaas-Rest-Subject-Type":"TOKEN",
"X-Idaas-Rest-Subject-Value":"vTBI8jN8eYIsfAp%2BZqe...GkiaHv7TjAGZ5XFSQk5A%3D%3D",
"X-Idaas-Rest-Application-Context":"75sSbBZZKJiUOAWikZxsKA==",
"X-Idaas-Rest-Application-Resource":"http://somehost.example.com:7779/index.html",
"X-Idaas-Rest-New-Token-Type-To-Create":"ACCESSTOKEN"}' 

X-Idaas-Rest-User-Principal

Used to return the principal User.

Where to use This Attribute

Attribute Type

Sample cURL Command

Sample Response

HTTP/1.1 200 OK Date: Tue, 05 Jun 2012 11:35:13 GMT 
Transfer-Encoding: Content-Type: application/json X-IDAAS-REST-VERSION: v1 
Set-Cookie: JSESSIONID=
TCjjPNnRvL6fvhJpMSjLhHYrFyMKqwcFxTNL1RQzyvkSJ7G2TLj4!1574236250;
path=/; HttpOnly X-ORACLE-DMS-ECID: a393487d2600b00c:-7abb0b83:137b52ee014:
-8000-00000000000026f5 X-Powered-By: Servlet/2.5 JSP/2.1
{
"X-Idaas-Rest-Token-Value":"eyJhbGciOiJSUzUxMiIsInR5cCI6IkpXVCIsImtpZCI6Im9yYWtle
SJ9.eyJleHAiOjEzMzg4OTk3MTMxMzcsImF1ZCI6Im9hbV9zZXJ2ZXIxIiwiaXNzIjoiSldUQXV0aGVud
GljYXRpb24iLCJwcm4iOiJ3ZWJsb2dpYyIsImp0aSI6IjNlMjdiZjc4LTg3NDQtNDFkMS05MzlmLTlkZG
d0N2VkNGFlNyIsIm9yYWNsZS5vaWMudG9rZW4udHlwZSI6IlVTRVJUT0tFTiIsImlhdCI6MTMzODg5NjE
xMzEzNywib3JhY2xlLm9pYy50b2tlbi51c2VyX2RuIjoidWlkPXdlYmxvZ2ljLG91PXBlb3BsZSxvdT1t
eXJlYWxtLGRjPWJhc2VfZG9tYWluIn0.hHmAa5Syw3AcqRPwIqXLx6DcMzCBzvDXGFYvwAf9nqVgxgvLT
JfxZzofS5Ut272b0dFGsv3qakeDm2NTgg6fR2YKH5BxAHnEmq0IAmhLuyWdux_rMZNB-wP8h5JD26UQf
nnBBWApvgULeM2mWQEzYRVDMpN9K7pycNrsGK8U",
"X-Idaas-Rest-User-Principal":"jdoe",
"X-Idaas-Rest-Provider-Type":"JWT",
"X-Idaas-Rest-Token-Type":"USERTOKEN"
} 

X-Idaas-Rest-Provider-Type

Used to return the token provider type. Valid values include OAM_10G, OAM_11G, and JWT.

Where to use This Attribute

Attribute Type

Sample cURL Command

Sample Response

HTTP/1.1 200 OK Date: Tue, 05 Jun 2012 11:35:13 GMT 
Transfer-Encoding: chunked Content-Type: application/json X-IDAAS-REST-VERSION: v1 
Set-Cookie:JSESSIONID=TCjjPNnRvL6fvhJpMSjLhHYrFyMKqwcFxTNL1RQzyvkSJ7G2TLj4!157423;
path=/; HttpOnly X-ORACLE-DMS-ECID:
a393487d2600b00c:-7abb0b83:137b52ee014:-8000-00000000000026f5
X-Powered-By: Servlet/2.5 JSP/2.1
{
"X-Idaas-Rest-Token-Value":"eyJhbGciOiJSUzUxMiIsInR
5cCI6IkpXVCIsImtpZCI6Im9yYWtleSJ9.eyJleHAiOjEzMzg4OTk3MTMxMzcsImF1ZCI6Im9hbV9
zZXJ2ZXIxIiwiaXNzIjoiSldUQXV0aGVudGljYXRpb24iLCJwcm4iOiJ3ZWJsb2dpYyIsImp0aSI6IjN
lMjdiZjc4LTg3NDQtNDFkMS05MzlmLTlkZGY0N2VkNGFlNyIsIm9yYWNsZS5vaWMudG9rZW4
udHlwZSI6IlVTRVJUT0tFTiIsImlhdCI6MTMzODg5NjExMzEzNywib3JhY2xlLm9pYy50b2tlbi51c2
VyX2RuIjoidWlkPXdlYmxvZ2ljLG91PXBlb3BsZSxvdT1teXJlYWxtLGRjPWJhc2VfZG9tYWluIn0.h
HmAa5Syw3AcqRPwIq_XLx6DcMzCBzvDXGFYvwAf9nqVgxgvLTJJfxZzofS5Ut272b0dFGsv3q
akeDm2NTgg6fR2YKH5BxAHnEmq0IAmhLuyWdux_rMZNB-wP8h5JD26UQf_nnBBWApvgULeM
2mWQEzYRVDMpN9K7pycNrsGK8U",
"X-Idaas-Rest-User-Principal":"weblogic",
"X-Idaas-Rest-Provider-Type":"JWT",
"X-Idaas-Rest-Token-Type":"USERTOKEN"
} 

Mobile and Social REST Security Filter Reference

The authorization schemes in this section are used to protect the Mobile and Social REST Services.

The following calls are demonstrated:


Authorize With UIDPASSWORD

Shows how to send the REST call required for UIDPASSWORD authentication.

cURL Command

curl --request GET 
"localhost:18001/idaas_rest/rest/authorizationservice3/authorization?
resource=http://is-x86-05.us.example.com:7779/index.html&
action=GET&X-Idaas-Rest-Subject-Value=
ZNsJcMMM3ow83Zr5D8KqCPnhBGmui4RnBvUXJ5dqC7OfwZIv6FDcYWwfPuHupxN%2B
fs5qN0I6AWIZBX%2F2KQNNQ5bPDN1XqeE8y7OPPoy4znteEfCaRHb7UA1ia1ox%2BW8
5LbknXCLaZ5q%2FN4I0IcXP%2B13FGX9r9LROQ3OZZVNMLhfx3KabZcIVmSHBkK%2F
ARGYEJQv6RO%2FPCMN2YYTJgWxGr20rWeG8NLbzgN%2FPyADxxlPLvkxH2YCVHHH
7bLBfOp3p83IbJ%2FC%2Bm9sCd4YjlSlhsMUXKtvZ1LnJME4UymuR5tXuw2B0Yr25OHxU
bMreIGgRYZXFonmjhAovKhXqIgzpIg%3D%3D&
X-Idaas-Rest-Subject-Type=TOKEN"  
-H "X-IDAAS-REST-AUTHORIZATION: UIDPASSWORD cred=\"
Tp8aUEeptClBz6A6h9cH8F%2FwcZJvLok976\""
-H "Authorization: gdX4z0leySgt0DiPeItsQfBweYZIfZ2dm7fVypNz%2Bf6pbrzF7P4
AvUzPXIzLf2lL0zHuvNI%2B77OsUESM99U6zQjytC%2FgrAD6O2QdSe2VUNGjjw8Di5ev1
gSI0m5a5VQO9rmGNlB1xndnPYoaX0nDpi3eGAyQNw3PUAbEGYglsDMR1js2jsiXKyexryn
8k1coc3EHGqk%2ByqfEXzfzGjwEB4ipnSGg2c4a9BX2BKjKLoOD0PdNVc2nf6f%2F7T2Ck
hA%2BSFowwE%2BEIzvQ7cVbeRYqco2eYCJhs8GS8Haq9T2dnhIAa4tux9MyxVLRNRtDd
q39HDr5hvUI7OpHQHNUMeRcPQ%3D%3D"

Expected Output

{
"Allowed":"true"
}

Comments


Authorize With HTTP Basic

Shows how to send the REST call required for HTTP Basic authorization.

cURL Command

curl --request GET 
"localhost:18001/idaas_rest/rest/authorizationservice3/authorization?
resource=http://is-x86-05.us.example.com:7779/index.html
&action=GET&
X-Idaas-Rest-Subject-Value=
ZNsJcMMM3ow83Zr5D8KqCPnhBGmui4RnBvUXJ5dqC7OfwZIv6FDcYWwfPuHupxN%2Bfs5
qN0I6AWIZBX%2F2KQNNQ5bPDN1XqeE8y7OPPoy4znteEfCaRHb7UA1ia1ox%2BW85Lbkn
XCLaZ5q%2FN4I0IcXP%2B13FGX9r9LROQ3OZZVNMLhfx3KabZcIVmSHBkK%2FARGYEJ
Qv6RO%2FPCMN2YYTJgWxGr20rWeG8NLbzgN%2FPyADxxlPLvkxH2YCVHHH7bLBfOp3p
83IbJ%2FC%2Bm9sCd4YjlSlhsMUXKtvZ1LnJME4UymuR5tXuw2B0Yr25OHxUbMreIGgRYZ
XFonmjhAovKhXqIgzpIg%3D%3D&
X-Idaas-Rest-Subject-Type=TOKEN"
-H "X-IDAAS-REST-AUTHORIZATION: Basic Tp8aUEeptClBz6A6h9cH8F%2FwcZJvLok976"
-H "Authorization: TOKEN gdX4z0leySgt0DiPeItsQfBweYZIfZ2dm7fVypNz%2Bf6pbrzF7P4A
vUzPXIzLf2lL0zHuvNI%2B77OsUESM99U6zQjytC%2FgrAD6O2QdSe2VUNGjjw8Di5ev1gS
I0m5a5VQO9rmGNlB1xndnPYoaX0nDpi3eGAyQNw3PUAbEGYglsDMR1js2jsiXKyexryn8k1
coc3EHGqk%2ByqfEXzfzGjwEB4ipnSGg2c4a9BX2BKjKLoOD0PdNVc2nf6f%2F7T2CkhA%2B
SFowwE%2BEIzvQ7cVbeRYqco2eYCJhs8GS8Haq9T2dnhIAa4tux9MyxVLRNRtDdq39HDr5hv
UI7OpHQHNUMeRcPQ%3D%3D"

Expected Output

{
"Allowed":"true"
}

Comments


Authorize With an Access Manager Token

Shows how to send the REST call required for Access Manager authorization.

cURL Command

curl --request GET 
"localhost:18001/idaas_rest/rest/authorizationservice3/authorization?
resource=http://is-x86-05.us.example.com:7779/index.html
&action=GET&
X-Idaas-Rest-Subject-Value=ZNsJcMMM3ow83Zr5D8KqCPnhBGmui4RnBvUXJ5dqC7OfwZIv6
FDcYWwfPuHupxN%2Bfs5qN0I6AWIZBX%2F2KQNNQ5bPDN1XqeE8y7OPPoy4znteEfCaRHb
7UA1ia1ox%2BW85LbknXCLaZ5q%2FN4I0IcXP%2B13FGX9r9LROQ3OZZVNMLhfx3KabZcIV
mSHBkK%2FARGYEJQv6RO%2FPCMN2YYTJgWxGr20rWeG8NLbzgN%2FPyADxxlPLvkxH2
YCVHHH7bLBfOp3p83IbJ%2FC%2Bm9sCd4YjlSlhsMUXKtvZ1LnJME4UymuR5tXuw2B0Yr25
OHxUbMreIGgRYZXFonmjhAovKhXqIgzpIg%3D%3D
&X-Idaas-Rest-Subject-Type=TOKEN"
-H "X-IDAAS-REST-AUTHORIZATION: TOKEN Tp8aUEeptClBz6A6h9cH8F%2FwcZJvLok976
c5q0SitrrgSCJ5FQk58KMtUg2FCPLbjZbP2%2B3P5zZPiSCeHwNua%2FBHdIDCOnUYOXNg
4uBKA7t7O4jGRfn49xkOVXunF%2B5zMQUiGUlwTXPYiKwooAknkeHs3HIq6s2if%2FHpuPH
curRa%2BdyfjWfYWTpqPeo%2FzyHHzDH1wF8hM6k6YwJ%2FpxD8avuXogP%2Bp5j2tCZ0
aAhonseNMcKvGTRBoV1shGnotK9gt01nDgc2LWA5oidJgxlcaWDw3%2FXZhvgudkLwl0jxEw
0K%2BzffyeZs0gfUkZJBnsm8qh2KP%2BiCPzT7HPVPF%2FyYCg%3D%3D"
-H "Authorization: TOKEN gdX4z0leySgt0DiPeItsQfBweYZIfZ2dm7fVypNz%2Bf6pbrzF7P4AvU
zPXIzLf2lL0zHuvNI%2B77OsUESM99U6zQjytC%2FgrAD6O2QdSe2VUNGjjw8Di5ev1gSI0m5
a5VQO9rmGNlB1xndnPYoaX0nDpi3eGAyQNw3PUAbEGYglsDMR1js2jsiXKyexryn8k1coc3EH
Gqk%2ByqfEXzfzGjwEB4ipnSGg2c4a9BX2BKjKLoOD0PdNVc2nf6f%2F7T2CkhA%2BSFowwE
%2BEIzvQ7cVbeRYqco2eYCJhs8GS8Haq9T2dnhIAa4tux9MyxVLRNRtDdq39HDr5hvUI7OpHQ
HNUMeRcPQ%3D%3D"

Expected Output

{
"Allowed":"true"
}

Comments


Mobile Services REST Reference: Authentication and Authorization

The cURL commands in this section show the REST calls used to request security tokens from the Mobile and Social server. Some REST calls use the POST method, whereas others use GET.

The following calls are demonstrated:


Authentication for a Client Token

Shows how to send the REST call to request a client token.

cURL Command

curl -H "Content-Type: application/json" --request POST 
http://localhost:18001/idaas_rest/rest/tokenservice1/tokens
-d '{
"X-Idaas-Rest-Subject-Type":"USERCREDENTIAL",
"X-Idaas-Rest-Subject-Username":"client1",
"X-Idaas-Rest-Subject-Password":"secret12",
"X-Idaas-Rest-New-Token-Type-To-Create":"CLIENTTOKEN"}'

Expected Output

{"X-Idaas-Rest-Token-Value":"kubExOtDjCtL5Q0R1QhAgL5zNVmDFYKG1Y0AUe+P9HKvnz4gIDVx
YIMNxxyfJJpmkT5XtYKkDgW295juWEcK7c7LmPBkxE6MytcfvKh4HzWIUGEgS2uKej3PQJG49RpZ6UxAP
ZbGYWj7fpjZoqBhtPiCtyacI0C22bl2/DbbRCVx4341z68j5YiTgOklGC6lIucSorlM7pBI54bxygFZsr
F1DVKxL+RNhrobYsN6I7fFLR4fL+iO/BZcbwM/4SNDuCIC82eOxPI/mTcRraz0cLw9tcLbw7c11MjC2eu
EBSGUjGcNmxpbhiJIt7SIBzJczzNsaBnH+2fKx/VTeVVvGQgGAf19e5b1Drj5QyNhj2I=",
"X-Idaas-Rest-Token-Type":"CLIENTTOKEN",
"X-Idaas-Rest-User-Principal":"client-1",
"X-Idaas-Rest-Provider-Type":"OAM_11G"}

Comments


Authentication for a User Token

Shows how to send a REST call requesting a User token.

cURL Command

curl -H "Content-Type: application/json"
--request POST http://localhost:18001/idaas_rest/rest/tokenservice1/tokens
-d '{
"X-Idaas-Rest-Subject-Type":"USERCREDENTIAL",
"X-Idaas-Rest-Subject-Username":"tester1",
"X-Idaas-Rest-Subject-Password":"secret12",
"X-Idaas-Rest-New-Token-Type-To-Create":"USERTOKEN"}'

Expected Output

{"X-Idaas-Rest-Token-Value":"adc3bfbExOtDjCtL5Q0R1QhAgL5zNVmDFYKG1Y0AUe+P9HKvnz4g
IDVxYIMNxxyfJJpmkT5XtYKkDgW295juWEcK7c7LmPBkxE6MytcfvKh4HzWIUGEgS2uKej3PQJG49RpZ6
UxAPZbGYWj7fpjZoqBhtPiCtyacI0C22bl2/DbbRCVx4341z68j5YiTgOklGC6lIucSorlM7pBI54bxyg
FZsrF1DVKxL+RNhrobYsN6I7fFLR4fL+iO/BZcbwM/4SNDuCIC82eOxPI/mTcRraz0cLw9tcLbw7c11Mj
C2euEBSGUjGcNmxpbhiJIt7SIBzJczzNsaBnH+2fKx/VTeVVvGQgGAf19e5b1Drj5QyNhj2I=",
"X-Idaas-Rest-Token-Type":"USERTOKEN",
"X-Idaas-Rest-User-Principal":"user-1",
"X-Idaas-Rest-Provider-Type":"OAM_11G"}

Comments


Authentication for an Access Token

Shows how to send a REST call requesting an access token.

cURL Command

curl -H "Content-Type: application/json"
--request POST http://localhost:18001/idaas_rest/rest/tokenservice1/tokens
-d '{
"X-Idaas-Rest-Subject-Type":"TOKEN",
"X-Idaas-Rest-Subject-Value":
"vTBI8jN8eYsmHCUzC4kITJ8xnv0WCcGaETq5OEco9lErOzn13EZIUpyKk4
xucZ9lfbe1b367GuCwPUceldPs8v8W4JtSWJO0IKhBc0o4EaBh4jZlRDcd9y
mNEbh%2BrdaG2rJ0%2BGFGglqe%2BNg0JUBVoKemdoe%2BylkQLj9RT4
yV%2FxOtI7eeXdIOtKD%2BURIIAp%2BZqeDmYHX%2BeTJqOi9dvhUv8b5
AniFPTX3xaO5%2Fovs8250aojYyz465Td0ZmchMyTn%2BSwSPoD81GEiV
MddlapJnred%2BVdStBv%2FHsawIgErLLsCNjlidd90z%2FDVGy31XSOuz3
GkwmE0BoM%2BSiAGZ5XFSQA%3D%3D",
"X-Idaas-Rest-Application-Context":"75sSbBZZKJiUOAWikZxsKA==",
"X-Idaas-Rest-Application-Resource":"http:/wengate123.us.example.com:7779/index.html",
"X-Idaas-Rest-New-Token-Type-To-Create":"ACCESSTOKEN"}'

Expected Output

{"X-Idaas-Rest-Token-Value":"R1QhAgL5zNVmDFYKG1Y0AUe+P9HKvnz4gIDVxYIMNxxyfJJpmkT5
XtYKkDgW295juWEcK7c7LmPBkxE6MytcfvKh4HzWIUGEgS2uKej3PQJG49RpZ6UxAPZbGYWj7fpjZoqBh
tPiCtyacI0C22bl2/DbbRCVx4341z68j5YiTgOklGC6lIucSorlM7pBI54bxygFZsrF1DVKxL+RNhrobY
sN6I7fFLR4fL+iO/BZcbwM/4SNDuCIC82eOxPI/mTcRraz0cLw9tcLbw7c11MjC2euEBSGUjGcNmxpbhi
JIt7SIBzJczzNsaBnH+2fKx/VTeVVvGQgGAf19e5b1Drj5QyNhj2I=",
"X-Idaas-Rest-Token-Type":"ACCESSTOKEN",
"X-Idaas-Rest-User-Principal":"user-1",
"X-Idaas-Rest-Provider-Type":"OAM_11G"}

Comments


Get or Validate a (Client) Token

Shows how to send the REST call required to request (get) a client token.

cURL Command

curl --request GET http://localhost:18001/idaas_rest/
rest/mobilesecret1/tokens/info -H "X-Idaas-Rest-Subject: TOKEN someTokenValue"

Expected Output

{"X-Idaas-Rest-Token-Value":"QA8wjxWGSf3VMggfxFFYW4Yrre0DuG7hOagET4yfF3PX
bbUUsgh7uJUOEX5aZAQPsrV90J20gtALfhiUI32gbxooeqppGnQSLnk0ehpN4%2B6%2BCgR2nOMrYzoLi
U7%2FvrnoG7894eUfxHwmvZESQw4w4ez6L%2BOcaHF2tc05F4zkqi6%2BveSL4uFdiaMh9pJ2k%2BXF%2
FWn2Q8IfOWBdk2IzWeFhwi35CzMLJrNiAST%2BdMWhteIKcNEFbvS1WFaYR8Fjzx%2FpuU3%2FdTaG2gX
xDJxE%2BpI2bpanks4fdZwaFmkLCraUfJFdtiGgOk2SIVIwi4UYCBAbM9XZJ5nyjtmxpqEESKJSGQ%3D%
3D",
"X-Idaas-Rest-Token-Type":"USERTOKEN",
"X-Idaas-Rest-User-Principal":"testuser",
"X-Idaas-Rest-Provider-Type":"JWT"
}

Comments


Authorization

Shows how to send the REST call required to request a client token.

cURL Command

curl --request GET "localhost:18001/idaas_rest/
rest/authorizationservice1/authorization?
resource=http://webgate123.us.example.com:7779/index.html&
action=GET&X-Idaas-Rest-Subject-Value=
ZNsJcMMM3ow83Zr5D8KqCPnhBGmui4RnBvUXJ5dqC7OfwZIv6FDcYWwf
PuHupxN%2Bfs5qN0I6AWIZBX%2F2KQNNQ5bPDN1XqeE8y7OPPoy4znte
EfCaRHb7UA1ia1ox%2BW85LbknXCLaZ5q%2FN4I0IcXP%2B13FGX9r9LR
OQ3OZZVNMLhfx3KabZcIVmSHBkK%2FARGYEJQv6RO%2FPCMN2YYTJ
gWxGr20rWeG8NLbzgN%2FPyADxxlPLvkxH2YCVHHH7bLBfOp3p83IbJ%2
FC%2Bm9sCd4YjlSlhsMUXKtvZ1LnJME4UymuR5tXuw2B0Yr25OHxUbMreI
GgRYZXFonmjhAovKhXqIgzpIg%3D%3D&
X-Idaas-Rest-Subject-Type=TOKEN"

Expected Output

{
"Allowed":"true"
} 

Comments


Mobile Services REST Reference: Commands for Mobile Single Sign-on Tokens

The cURL commands in this section show the REST calls that the mobile single sign-on agent sends to the Mobile and Social server to request client, user, and access tokens, and to create client registration handles.

The following calls are demonstrated:


Create a Client Registration Handle for a Mobile Single Sign-on Agent App

Shows how to create a client registration handle for a mobile single sign-on (SSO) agent app based on a user name and password. In this example, the mobile single sign-on agent app is named MobileAgent1.

cURL Command

curl -H "Content-Type: application/json" --request POST
http://localhost:18001/idaas_rest/rest/mobilejwtauthentication/register -d
'{
"X-Idaas-Rest-Subject-Type":"USERCREDENTIAL", "X-Idaas-Rest-Subject-Username":"theUserName",
"X-Idaas-Rest-Subject-Password":"thePassword",
"X-Idaas-Rest-New-Token-Type-To-Create":"CLIENTREGHANDLE", 
"deviceProfile" : { ... }, 
"clientId": "MobileAgent1" }' 

Expected Output

{"X-Idaas-Rest-Token-Value":"eyJ0b2tl...",
"X-Idaas-Rest-Token-Type":"CLIENTREGHANDLE", 
handles : { 
"oaam.session" : { ... } , 
"oaam.device" : { ... } 
} 
}

Comments


Create a Client Registration Handle for a Mobile Single Sign-on Client App (User Name Scenario)

This example shows how the mobile single sign-on agent creates a client registration handle for a mobile business app (the client app) utilizing a user name and password. In this example, the request originated with the mobile business app, which is named MobileExpenseReport1.

cURL Command

curl -H "Content-Type: application/json" --request POST
http://localhost:18001/idaas_rest/rest/mobilejwtauthentication/register -H
"X-IDAAS-REST-AUTHORIZATION: UIDPASSWORD ..." -d 
'{
"X-Idaas-Rest-Subject-Type":"USERCREDENTIAL",
"X-Idaas-Rest-Subject-Username":"theUserName",
"X-Idaas-Rest-Subject-Password":"thePassword",
"X-Idaas-Rest-New-Token-Type-To-Create":"CLIENTREGHANDLE", 
"deviceProfile" : { ... }, 
handles : { 
"oaam.session" : "...", 
"oaam.device" : "..." }, 
"clientId": "MobileExpenseReport1" } '

Expected Output

{"X-Idaas-Rest-Token-Value":"ey...",
"X-Idaas-Rest-Token-Type":"CLIENTREGHANDLE", 
handles : { 
"oaam.session" : { ... } , 
"oaam.device" : { ... } 
} 
}

Comments


Create a Client Registration Handle for a Mobile Single Sign-on Client App (User Token Scenario)

This example is similar to the previous example. Instead of a user name and password, however, a user token is submitted. The user token is a security credential that signifies that an authenticated user authorized the device. As with the previous example, the request originated with the mobile business app, which is named MobileExpenseReport1.

cURL Command

curl -H "Content-Type: application/json" --request POST
http://localhost:18001/idaas_rest/rest/mobilejwtauthentication/register -H
"X-IDAAS-REST-AUTHORIZATION: UIDPASSWORD ..." -d
'{
"X-Idaas-Rest-Subject-Type":"TOKEN", 
"X-Idaas-Rest-Subject-Value":"ey...",
"X-Idaas-Rest-New-Token-Type-To-Create":"CLIENTREGHANDLE", 
"deviceProfile" : { ... }, 
handles : { 
"oaam.session" : "...", 
"oaam.device" : "..." }, 
"clientId": "MobileExpenseReport1" } '

Expected Output

{"X-Idaas-Rest-Token-Value":"ey...",
"X-Idaas-Rest-Token-Type":"CLIENTREGHANDLE", 
handles : { 
"oaam.session" : { ... } , 
"oaam.device" : { ... } 
} 
}

Comments


Create a Request for a User Token

This example shows the REST call that the mobile single sign-on agent sends to the Mobile and Social server to request that a user token be created.

cURL Command

curl -H "Content-Type: application/json" --request POST
http://localhost:18001/idaas_rest/rest/mobilejwtauthentication/authenticate -H
'X-IDAAS-REST-AUTHORIZATION: UIDPASSWORD cred="..." ' -d
'{
"X-Idaas-Rest-Subject-Type":"USERCREDENTIAL",
"X-Idaas-Rest-Subject-Username":"theUserName",
"X-Idaas-Rest-Subject-Password":"thePassword",
"X-Idaas-Rest-New-Token-Type-To-Create":"USERTOKEN", 
"handles" : { ... }, 
"deviceProfile" : { ... } }'

Expected Output

{"X-Idaas-Rest-Token-Value":"ey...",
"X-Idaas-Rest-Token-Type":"USERTOKEN", 
handles : { 
"oaam.session" : { ... } , 
"oaam.device" : { ... } 
} 
}

Comments


Create a Request for an Access Token

This example shows a mobile SSO agent request for an access token on behalf of a mobile business app. The mobile SSO agent is named MobileAgent1, and the business app is named MobileExpenseReport1.

cURL Command

Mobile OAMAuthentication Example

curl -H "Content-Type: application/json" -H
'X-IDAAS-REST-AUTHORIZATION: UIDPASSWORD cred="..." ' -H
'X-IDAAS-REST-AGENT-AUTHORIZATION: UIDPASSWORD cred="..." ' 
--request POST 
http://localhost:18001/idaas_rest/rest/mobileoamauthentication/access -d
'{
"X-Idaas-Rest-Subject-Type":"TOKEN",
"X-Idaas-Rest-Subject-Value":"... USER TOKEN VALUE...",
"X-Idaas-Rest-Application-Context":"75sSbBZZKJiUOAWikZxsKA==",
"X-Idaas-Rest-Application-Resource":
"http:/wengate123.us.example.com:7779/index.html",
"X-Idaas-Rest-New-Token-Type-To-Create":"ACCESSTOKEN",
"handles" : { ... }, 
"deviceProfile" : { ... } 
}'

Mobile JWTAuthentication Example

curl -H "Content-Type: application/json" -H 
'X-IDAAS-REST-AUTHORIZATION: UIDPASSWORD cred="..." ' -H
'X-IDAAS-REST-AGENT-AUTHORIZATION: UIDPASSWORD cred="..." '
--request POST 
http://localhost:18001/idaas_rest/rest/mobilejwtauthentication/access -d
'{
"X-Idaas-Rest-Subject-Type":"TOKEN",
"X-Idaas-Rest-Subject-Value":"... USER TOKEN VALUE ...",
"X-Idaas-Rest-Application-Resource":"...",
"X-Idaas-Rest-New-Token-Type-To-Create":"ACCESSTOKEN", 
"handles" : { ... }, 
"deviceProfile" : { ... } 
}'

Expected Output

{"X-Idaas-Rest-Token-Value":"...",
"X-Idaas-Rest-Token-Type":"ACCESSTOKEN", 
handles : {
"oaam.session" : { ... } , 
"oaam.device" : { ... } 
} 
}

Comments


The Single Sign-on Agent Request to Create an Access Token for its own use

This example shows a mobile SSO agent request for an access token for its own use. The mobile SSO agent requires an access token before it can request tokens on behalf of client apps.

cURL Command

Mobile OAMAuthentication Example

curl -H "Content-Type: application/json" -H 
'X-IDAAS-REST-AUTHORIZATION: UIDPASSWORD cred="..." '
--request POST http://localhost:18001/idaas_
rest/rest/mobileoamauthentication/access -d
'{
"X-Idaas-Rest-Subject-Type":"TOKEN",
"X-Idaas-Rest-Subject-Value":"... USER TOKEN VALUE...",
"X-Idaas-Rest-Application-Context":"75sSbBZZKJiUOAWikZxsKA==",
"X-Idaas-Rest-Application-Resource":"http:/wengate123.us.example.com:7779/index.html",
"X-Idaas-Rest-New-Token-Type-To-Create":"ACCESSTOKEN", 
"handles" : { ... }, 
"deviceProfile" : { ... } 
}'

Mobile JWTAuthentication Example

curl -H "Content-Type: application/json" -H
'X-IDAAS-REST-AUTHORIZATION: UIDPASSWORD cred="..." '
--request POST http://localhost:18001/idaas_
rest/rest/mobilejwtauthentication/access -d
'{
"X-Idaas-Rest-Subject-Type":"TOKEN",
"X-Idaas-Rest-Subject-Value":"... USER TOKEN VALUE ...",
"X-Idaas-Rest-Application-Resource":"...",
"X-Idaas-Rest-New-Token-Type-To-Create":"ACCESSTOKEN", 
"handles" : { ... }, 
"deviceProfile" : { ... } 
}'

Expected Output

{
"X-Idaas-Rest-Token-Value":"...",
"X-Idaas-Rest-Token-Type":"ACCESSTOKEN", 
handles : { 
"oaam.session" : { ... } , 
"oaam.device" : { ... } 
} 
}

Comments


Verify a Client Reg Handle

This example shows a client reg handle verification request. The Mobile and Social server has token and handle verification logic, so the mobile client does not need to make this verification call.

When the request is sent to the Mobile and Social server to create a User Token or an Access Token, the service verifies the one or two HTTP headers that contain the client reg handles: X-IDAAS-REST-AUTHORIZATION and X-IDAAS-REST-AGENT-AUTHORIZATION.

cURL Command

curl --request 
GET http://localhost:18001/idaas_rest/rest/mobileservice1/tokens/info -H "X-Idaas-Rest-Subject: TOKEN ey..." -H 
"X-IDAAS-REST-AUTHORIZATION: TOKEN ey..."

Expected Output

{
"X-Idaas-Rest-Token-Value":"eyJl...",
"X-Idaas-Rest-Token-Type":"CLIENTREGHANDLE"
}

Comments


Mobile Services REST Reference: Commands for User Profile Services

The cURL commands in this section show the REST calls that are sent from a client application to the Mobile and Social server to perform User Profile Services transactions with a connected Directory server.

User Profile cURL commands are grouped into the following sections:


Basic User Operations

Basic user operations commands include the following:

Create a User

Shows how to create a user profile in a remote directory.

cURL Command
curl -H "Content-Type: application/json" --request POST
http://localhost:14100/idaas_rest/rest/userprofile/people/ -d
'{"uid":"John","description":"test user","lastname":"Anderson",
"commonname":"John Anderson","firstname":"John"}'

Expected Output
{"uid":"John","guid":"FE1D7BD0590111E1BFDCF77FB8E715D5"," 
description":"test user","name":"John","lastname":"Anderson", 
"commonname":"John Anderson","loginid":"John","firstname":"John", 
"uniquename":"FE1D7BD0590111E1BFDCF7FB8E715D5", 
"uri":"\/idaas_rest\/rest\/userprofile\/people\/John"}

Read a User

Shows how to retrieve a user profile in a remote directory.

cURL Command
curl -i --request GET http://localhost:14100/idaas_rest/ 
rest/userprofile/people/John/

Expected Output
{"uid":"John","guid":"FE1D7BD0590111E1BFDCF77FB8E715D5","description":"test user", 
"name":"John","lastname":"Anderson","commonname":"John Anderson","loginid":"John", 
"firstname":"John","uniquename":"FE1D7BD0590111E1BFDCF77FB8E715D5", 
"uri":"\/idaas_rest\/rest\/userprofile\/people\/John"}

Update a User

Shows how to update a user profile record in a remote directory.

cURL Command
curl -H "Content-Type: application/json" --request PUT
http://localhost:14100/idaas_rest/rest/userprofile/people/John/ -d
'{"description":"test user1"}'

Expected Output
{"uid":"John","guid":"FE1D7BD0590111E1BFDCF77FB8E715D5", 
"description":"test user1","name":"John","lastname":"Anderson", 
"commonname":"John Anderson","loginid":"John","firstname":"John", 
"uniquename":"FE1D7BD0590111E1BFDCF77FB8E715D5", 
"uri":"\/idaas_rest\/rest\/userprofile\/people\/John"}

Delete a User

Shows how to remove a user profile record in a remote directory.

cURL Command
curl -i --request DELETE http://localhost:14100/ 
idaas_rest/rest/userprofile/people/John/

Expected Output

No response.



Basic Group Operations

Basic group operations commands include the following:

Create a Group

Shows how to create a group profile in a remote directory.

cURL Command
curl -H "Content-Type: application/json" --request POST
http://localhost:14100/idaas_rest/rest/userprofile/groups/ -d
'{"description":"group1 testuing","commonname":"group1"}'

Expected Output
{"guid":"2259C6C0592011E1BFDCF77FB8E715D5","description":"group1 testing", 
"name":"group1","commonname":"group1", 
"uniquename":"2259C6C0592011E1BFDCF77FB8E715D5", 
"uri":"\/idaas_rest\/rest\/userprofile\/groups\/group1"}

Read a Group

Shows how to retrieve a group profile in a remote directory.

cURL Command
curl -i --request GET "http://localhost:14100/idaas_rest/ 
rest/userprofile/groups/group1/"

Expected Output
{"guid":"2259C6C0592011E1BFDCF77FB8E715D5","description":"group1 testing", 
"name":"group1","commonname":"group1", 
"uniquename":"2259C6C0592011E1BFDCF77FB8E715D5", 
"uri":"\/idaas_rest\/rest\/userprofile\/groups\/group1"}

Update a Group

Shows how to update a group profile in a remote directory.

cURL Command
curl -H "Content-Type: application/json" --request PUT
http://localhost:14100/idaas_rest/rest/userprofile/groups/group1/ -d 
'{"description":"group11 testing"}'

Expected Output
{"guid":"2259C6C0592011E1BFDCF77FB8E715D5","description":"group11 testing", 
"name":"group1","commonname":"group1", 
"uniquename":"2259C6C0592011E1BFDCF77FB8E715D5", 
"uri":"\/idaas_rest\/rest\/userprofile\/groups\/group1"}

Delete a Group

Shows how to delete a group profile in a remote directory.

cURL Command
curl -H "Content-Type: application/json" --request PUT
http://localhost:14100/idaas_rest/rest/userprofile/groups/group1/ -d
'{"description":"group11 testing"}'

Expected Output
{"guid":"2259C6C0592011E1BFDCF77FB8E715D5","description":"group11 testing", 
"name":"group1","commonname":"group1", 
"uniquename":"2259C6C0592011E1BFDCF77FB8E715D5", 
"uri":"\/idaas_rest\/rest\/userprofile\/groups\/group1"}


"memberOf" Relationship Operations

The "members" and "memberOf" logical entity relationships both point to the same "member" attribute in the LDAP "group" entity. Both logical entity relationships can be used to add, delete, read, and search a user with respect to a group.

This section includes the following operations:

Create a "memberOf" Relationship

Shows how to make a user a member of a group.

cURL Command

Create User "John"

curl -H "Content-Type: application/json" --request POST
http://localhost:14100/idaas_rest/rest/userprofile/people/ -d
'{"uid":"John"Anderson","commonname":"John Anderson","firstname":"John"}'

Create Group "Group1"

curl -H "Content-Type: application/json" --request POST
http://localhost:14100/idaas_rest/rest/userprofile/groups/ -d
'{"description":"group1 testing","commonname":"group1"}'

Create a MemberOf Relationship

curl -H "Content-Type: application/json" --request POST
http://localhost:14100/idaas_rest/rest/userprofile/people/John/memberOf/ -d
'{"group-uri":"\/idaas_rest\/rest\/userprofile\/group\/group1",
"person-uri":"\/idaas_rest\/rest\/userprofile\/people\/John"}'                          

Expected Output
{"group-uri":"\/idaas_rest\/rest\/userprofile\/groups\/group1", 
"person-uri":"\/idaas_rest\/rest\/userprofile\/people\/John", 
"uri":"\/idaas_rest\/rest\/userprofile\/people\/John\/memberOf\/group1"}

Read a "memberOf" Relationship

Shows how to retrieve a "memberOf" relationship profile for the specified user.

cURL Command
curl -i --request GET "http://localhost:14100/idaas_rest 
/rest/userprofile/people/John/memberOf/group1/"

Expected Output

Either of the following:


Delete a "memberOf" Relationship

Shows how to delete a "memberOf" relationship.

cURL Command

Delete the MemberOf Relationship

curl -i --request DELETE "http://localhost:14100/idaas_rest/ 
rest/userprofile/people/John/memberOf/group1/" 

Delete User "John"

curl -i --request DELETE http://localhost:14100/idaas_rest/ 
rest/userprofile/people/John/ 

Delete the Group "group1"

curl -i --request DELETE "http://localhost:14100/idaas_rest/ 
rest/userprofile/groups/group1"

Expected Output

Either of the following:



"members" Relationship Operations

The "members" and "memberOf" logical entity relationships both point to the same "member" attribute in the LDAP "group" entity. Both logical entity relationships can be used to add, delete, read, and search a user with respect to a group.

This section includes the following operations:

Create a "members" Relationship

Shows how to assign a user to a group.

cURL Command

Create User "John"

curl -H "Content-Type: application/json" --request POST
http://localhost:14100/idaas_rest/rest/userprofile/people/ -d
'{"uid":"John"Anderson","commonname":"John Anderson","firstname":"John"}'

Create Group "Group1"

curl -H "Content-Type: application/json" --request POST
http://localhost:14100/idaas_rest/rest/userprofile/groups/ -d 
'{"description":"group1 testuing","commonname":"group1"}'

Create a Members Relationship

curl -H "Content-Type: application/json" --request POST 
http://localhost:14100/idaas_rest/rest/userprofile/groups/group1/members -d 
'{"group-uri":"\/idaas_rest\/rest\/userprofile\/group\/group1", 
"person-uri":"\/idaas_rest\/rest\/userprofile\/people\/John"}'

Expected Output
{"group-uri":"\/idaas_rest\/rest\/userprofile\/groups\/group1", 
"person-uri":"\/idaas_rest\/rest\/userprofile\/people\/John", 
"uri":"\/idaas_rest\/rest\/userprofile\/people\/group1\/members\/John"}

Read a "members" Relationship

Shows how to read a "members" relationship.

cURL Command
curl -i --request GET "http://localhost:14100/idaas_rest/ 
rest/userprofile/people/group1/members/John"

Expected Output
{"group-uri":"\/idaas_rest\/rest\/userprofile\/groups\/group1", 
"person-uri":"\/idaas_rest\/rest\/userprofile\/people\/John", 
"uri":"\/idaas_rest\/rest\/userprofile\/people\/group1\/members\/John"}

Delete a "members" Relationship

Shows how to delete a "members" relationship profile.

cURL Command

Delete the Members Relationship

curl -i --request DELETE "http://localhost:14100/idaas_rest/ 
rest/userprofile/people/group1/members/John/"

Delete User "John"

curl -i --request DELETE http://localhost:14100/idaas_rest/ 
rest/userprofile/people/John/ 

Delete Group "Group1"

curl -i --request DELETE "http://localhost:14100/idaas_rest/ 
rest/userprofile/groups/group1/"

Expected Output

HTTP Status 200 (The request has succeeded.)



"manager" Relationship Operations

This section includes the following operations:

Create a "manager" Relationship

Shows how to assign a manager to a user.

cURL Command

Create User "John"

curl -H "Content-Type: application/json" --request POST
http://localhost:14100/idaas_rest/rest/userprofile/people/ -d 
'{"uid":"John"Anderson","commonname":"John Anderson","firstname":"John"}'

Create User "Alan"

curl -H "Content-Type: application/json" --request POST 
http://localhost:14100/idaas_rest/rest/userprofile/people/ -d 
'{"uid":"Alan","description":"Manager User","lastname":"Doe", 
"commonname":"Alan Doe","firstname":"Alan"}'

Create a Manager Relationship

curl -H "Content-Type: application/json" --request POST 
http://localhost:14100/idaas_rest/rest/userprofile/people/John/manager/ -d 
'{"report-uri":"\/idaas_rest\/rest\/userprofile\/people\/John", 
"manager-uri":"\/idaas_rest\/rest\/userprofile\/people\/Alan"}'

Expected Output
{"report-uri":"\/idaas_rest\/rest\/userprofile\/people\/John",
"uri":"\/idaas_rest\/rest\/userprofile\/people\/John\/manager\/Alan", 
"manager-uri":"\/idaas_rest\/rest\/userprofile\/people\/Alan"}

Read a "manager" Relationship

Shows how to read a manager relationship profile.

cURL Command
curl -i --request GET "http://localhost:14100/idaas_rest/ 
rest/userprofile/people/John/manager/Alan"

Expected Output
{"report-uri":"\/idaas_rest\/rest\/userprofile\/people\/John", 
"uri":"\/idaas_rest\/rest\/userprofile\/people\/John\/manager\/Alan", 
"manager-uri":"\/idaas_rest\/rest\/userprofile\/people\/Alan"}

Delete a "manager" Relationship

Shows how to delete the manager relationship.

cURL Command

Delete the Manager Relationship

curl -i --request DELETE "http://localhost:14100/ 
idaas_rest/rest/userprofile/people/John/manager/Alan"

Delete User "John"

curl -i --request DELETE http://localhost:14100/ 
idaas_rest/rest/userprofile/people/John/ 

Delete User "Alan"

curl -i --request DELETE "http://localhost:14100/ 
idaas_rest/rest/userprofile/people/Alan/"

Expected Output

No response.



"reports" Relationship Operations

This section includes the following operations:

Create a "reports" Relationship

Shows how to create a reports-to relationship.

cURL Command

Create User "John"

curl -H "Content-Type: application/json" --request POST
http://localhost:14100/idaas_rest/rest/userprofile/people/ -d 
'{"uid":"John"Anderson","commonname":"John Anderson","firstname":"John"}'

Create User "Alan"

curl -H "Content-Type: application/json" --request POST 
http://localhost:14100/idaas_rest/rest/userprofile/people/ -d 
'{"uid":"Alan","description":"Manager User","lastname":"Doe", 
"commonname":"Alan Doe","firstname":"Alan"}'

Create a Reports Relationship

curl -H "Content-Type: application/json" --request POST 
http://localhost:14100/idaas_rest/rest/userprofile/people/Alan/reports/ -d 
'{"report-uri":"\/idaas_rest\/rest\/userprofile\/people\/John", 
"manager-uri":"\/idaas_rest\/rest\/userprofile\/people\/Alan"}'

Expected Output
{"report-uri":"\/idaas_rest\/rest\/userprofile\/people\/John", 
"uri":"\/idaas_rest\/rest\/userprofile\/people\/Alan\/reports\/John", 
"manager-uri":"\/idaas_rest\/rest\/userprofile\/people\/Alan"}

Read a "reports" Relationship

Shows how to read a reports-to relationship.

cURL Command
curl -i --request GET "http://localhost:14100/idaas_rest/ 
rest/userprofile/people/Alan/reports/John"

Expected Output
{"report-uri":"\/idaas_rest\/rest\/userprofile\/people\/John", 
"uri":"\/idaas_rest\/rest\/userprofile\/people\/Alan\/reports\/John", 
"manager-uri":"\/idaas_rest\/rest\/userprofile\/people\/Alan"}

Delete a "reports" Relationship

Shows how to delete a reports-to relationship.

cURL Command

Delete the Reports Relationship

curl -i --request DELETE "http://localhost:14100/idaas_rest/
rest/userprofile/people/Alan/reports/John" 

Delete User "John"

curl -i --request DELETE http://localhost:14100/idaas_rest/ 
rest/userprofile/people/John/ 

Delete User "Alan"

curl -i --request DELETE "http://localhost:14100/idaas_rest/ 
rest/userprofile/people/Alan/"

Expected Output

No response.



"ownerOf" Relationship Operations

This section includes the following operations:

Create an "OwnerOf" Relationship

Shows how to create an ownerOf relationship.

cURL Command

Create User "John"

curl -H "Content-Type: application/json" --request POST
http://localhost:14100/idaas_rest/rest/userprofile/people/ -d 
'{"uid":"John"Anderson","commonname":"John Anderson","firstname":"John"}'

Create Group "group1"

curl -H "Content-Type: application/json" --request POST 
http://localhost:14100/idaas_rest/rest/userprofile/groups/ -d 
'{"description":"group1 testuing","commonname":"group1"}'

Create an "ownerOf" Relationship

curl -H "Content-Type: application/json" --request POST 
http://localhost:14100/idaas_rest/rest/userprofile/people/John/ownerOf/ -d 
'{"group-uri":"\/idaas_rest\/rest\/userprofile\/group\/group1", 
"owner-uri":"\/idaas_rest\/rest\/userprofile\/people\/John"}'

Expected Output
{"report-uri":"\/idaas_rest\/rest\/userprofile\/people\/John", 
"uri":"\/idaas_rest\/rest\/userprofile\/people\/Alan\/reports\/John", 
"manager-uri":"\/idaas_rest\/rest\/userprofile\/people\/Alan"}

Read an "OwnerOf" Relationship

Shows how to read an ownerOf relationship.

cURL Command
curl -i --request GET "http://localhost:14100/idaas_rest/
rest/userprofile/people/John/ownerOf/group1"

Expected Output
{"group-uri":"\/idaas_rest\/rest\/userprofile\/groups\/group1", 
"owner-uri":"\/idaas_rest\/rest\/userprofile\/people\/John", 
"uri":"\/idaas_rest\/rest\/userprofile\/people\/John\/ownerOf\/group1"}

Delete an "OwnerOf" Relationship

Shows how to delete an ownerOf relationship.

cURL Command

Delete the "ownerOf" Relationship

curl -i --request DELETE "http://localhost:14100/idaas_rest/ 
rest/userprofile/people/John/ownerOf/group1" 

Delete User "John"

curl -i --request DELETE http://localhost:14100/idaas_rest/ 
rest/userprofile/people/John/

Delete Group "group1"

curl -i --request DELETE "http://localhost:14100/idaas_rest/ 
rest/userprofile/groups/group1"

Expected Output

No response.



"personOwner" Relationship Operations

This section includes the following operations:

Create a "personOwner" Relationship

Shows how to create a personOwner relationship.

cURL Command

Create User "John"

curl -H "Content-Type: application/json" --request POST 
http://localhost:14100/idaas_rest/rest/userprofile/people/ -d 
'{"uid":"John"Anderson","commonname":"John Anderson","firstname":"John"}'

Create Group "group1"

curl -H "Content-Type: application/json" --request POST 
http://localhost:14100/idaas_rest/rest/userprofile/groups/ -d 
'{"description":"group1 testing","commonname":"group1"}'

Create a "personOwner" Relationship

curl -H "Content-Type: application/json" --request POST 
http://localhost:14100/idaas_rest/rest/userprofile/groups/group1/personOwner -d 
'{"group-uri":"\/idaas_rest\/rest\/userprofile\/group\/group1", 
"owner-uri":"\/idaas_rest\/rest\/userprofile\/people\/John"}' 

Expected Output
{"report-uri":"\/idaas_rest\/rest\/userprofile\/people\/John", 
"uri":"\/idaas_rest\/rest\/userprofile\/people\/Alan\/reports\/John",
"manager-uri":"\/idaas_rest\/rest\/userprofile\/people\/Alan"}

Read a "personOwner" Relationship

Shows how to read a personOwner relationship.

cURL Command
curl -i --request GET "http://localhost:18001/idaas_rest/
rest/userprofile/groups/group1/personOwner/John"

Expected Output
{"owner-uri":"\/idaas_rest\/rest\/userprofile\/people\/John",
"group-uri":"\/idaas_rest\/rest\/userprofile\/groups\/group1",
"uri":"\/idaas_rest\/rest\/userprofile\/groups\/group1\/personOwner\/John"

Delete a "personOwner" Relationship

Shows how to delete a personOwner relationship.

cURL Command

Delete the "personOwner" Relationship

curl -i --request DELETE "http://localhost:18001/idaas_rest/
rest/userprofile/groups/group1/personOwner/John"

Delete User "John"

curl -i --request DELETE http://localhost:14100/idaas_rest/
rest/userprofile/people/John/

Delete Group "group1"

curl -i --request DELETE "http://localhost:14100/idaas_rest/
rest/userprofile/groups/group1/"

Expected Output

No response.



"groupOwner" Relationship Operations

This section includes the following operations:

Create a "groupOwner" Relationship

Shows how to create a groupOwner relationship.

cURL Command

Create Group "XYZ"

curl -H "Content-Type: application/json" --request POST
http://localhost:14100/idaas_rest/rest/userprofile/groups/ -d 
'{"description":"XYZ Group","commonname":"XYZ"}'

Create Group "ABC"

curl -H "Content-Type: application/json" --request POST
http://localhost:14100/idaas_rest/rest/userprofile/groups/ -d 
'{"description":"ABC Group","commonname":"ABC"}'

Create a "groupOwner" Relationship

curl -H "Content-Type: application/json" --request POST
http://localhost:14100/idaas_rest/rest/userprofile/groups/XYZ/groupOwner -d
'{"group-uri":"\/idaas_rest\/rest\/userprofile\/group\/XYZ",
"owner-uri":"\/idaas_rest\/rest\/userprofile\/group\/ABC"}'

Expected Output
{"owner-uri":"\/idaas_rest\/rest\/userprofile\/groups\/ABC",
"group-uri":"\/idaas_rest\/rest\/userprofile\/groups\/XYZ",
"uri":"\/idaas_rest\/rest\/userprofile\/groups\/XYZ\/groupOwner\/ABC"}

Read a "groupOwner" Relationship

Shows how to read a groupOwner relationship.

cURL Command
curl -i --request GET "http://localhost:14100/
idaas_rest/rest/userprofile/groups/XYZ/groupOwner/ABC"

Expected Output
{"owner-uri":"\/idaas_rest\/rest\/userprofile\/people\/John",
"group-uri":"\/idaas_rest\/rest\/userprofile\/groups\/group1",
"uri":"\/idaas_rest\/rest\/userprofile\/groups\/group1\/personOwner\/John"

Delete a "groupOwner" Relationship

Shows how to delete a groupOwner relationship.

cURL Command

Delete the "groupOwner" Relationship

curl -i --request DELETE "http://localhost:14100/
idaas_rest/rest/userprofile/groups/XYZ/groupOwner/ABC"

Delete Group "XYZ"

curl -i --request DELETE http://localhost:14100/
idaas_rest/rest/userprofile/groups/XYZ/

Delete Group "ABC"

curl -i --request DELETE "http://localhost:14100/
idaas_rest/rest/userprofile/groups/ABC/"

Expected Output

No response.



"groupOwnerOf" Relationship Operations

This section includes the following operations:

Create a "groupOwnerOf" Relationship

Shows how to create a groupOwnerOf relationship.

cURL Command

Create Group "XYZ"

curl -H "Content-Type: application/json" --request POST
http://localhost:14100/idaas_rest/rest/userprofile/groups/ -d 
'{"description":"XYZ Group","commonname":"XYZ"}'

Create Group "ABC"

curl -H "Content-Type: application/json" --request POST
http://localhost:14100/idaas_rest/rest/userprofile/groups/ -d 
'{"description":"ABC Group","commonname":"ABC"}'

Create a "groupOwnerOf" Relationship

curl -H "Content-Type: application/json" --request POST
http://localhost:14100/idaas_rest/rest/userprofile/groups/ABC/groupOwnerOf -d
'{"group-uri":"\/idaas_rest\/rest\/userprofile\/group\/XYZ",
"owner-uri":"\/idaas_rest\/rest\/userprofile\/group\/ABC"}'

Expected Output
{"group-uri":"\/idaas_rest\/rest\/userprofile\/groups\/XYZ",
"owner-uri":"\/idaas_rest\/rest\/userprofile\/groups\/ABC",
"uri":"\/idaas_rest\/rest\/userprofile\/groups\/ABC\/groupOwnerOf\/XYZ"}

Read a "groupOwnerOf" Relationship

Shows how to read a groupOwnerOf relationship.

cURL Command
curl -i --request GET "http://localhost:14100/
idaas_rest/rest/userprofile/groups/ABC/groupOwnerOf/XYZ"

Expected Output
{"group-uri":"\/idaas_rest\/rest\/userprofile\/groups\/XYZ",
"owner-uri":"\/idaas_rest\/rest\/userprofile\/groups\/ABC",
"uri":"\/idaas_rest\/rest\/userprofile\/groups\/ABC\/groupOwnerOf\/XYZ"

Delete a "groupOwnerOf" Relationship

Shows how to delete a groupOwnerOf relationship.

cURL Command

Delete the "groupOwnerOf" Relationship

curl -i --request DELETE "http://localhost:14100/
idaas_rest/rest/userprofile/groups/ABC/groupOwnerOf/XYZ"

Delete Group "XYZ"

curl -i --request DELETE http://localhost:14100/
idaas_rest/rest/userprofile/groups/XYZ/

Delete Group "ABC"

curl -i --request DELETE "http://localhost:14100/
idaas_rest/rest/userprofile/groups/ABC/"

Expected Output

No response.



"groupMemberOf" Relationship Operations

This section includes the following operations:

Create a "groupMemberOf" Relationship

Shows how to create a groupMemberOf relationship.

cURL Command

Create Group "XYZ"

curl -H "Content-Type: application/json" --request POST
http://localhost:14100/idaas_rest/rest/userprofile/groups/ -d 
'{"description":"XYZ Group","commonname":"XYZ"}'

Create Group "iCloud"

curl -H "Content-Type: application/json" --request POST
http://localhost:14100/idaas_rest/rest/userprofile/groups/ -d 
'{"description":"iCloud Group","commonname":"iCLOUD"}'

Create a "groupMemberOf" Relationship

curl -H "Content-Type: application/json" --request POST
http://localhost:14100/idaas_rest/rest/userprofile/groups/XYZ/groupMemberOf -d
'{"group-uri":"\/idaas_rest\/rest\/userprofile\/groups\/iCLOUD",
"member-uri":"\/idaas_rest\/rest\/userprofile\/groups\/XYZ"}'

Expected Output
{"group-uri":"\/idaas_rest\/rest\/userprofile\/groups\/iCLOUD",
"member-uri":"\/idaas_rest\/rest\/userprofile\/groups\/XYZ",
"uri":"\/idaas_rest\/rest\/userprofile\/groups\/XYZ\/groupMemberOf\/iCLOUD"}

Read a "groupMemberOf" Relationship

Shows how to read a groupMemberOf relationship.

cURL Command
curl -i --request GET "http://localhost:14100/
idaas_rest/rest/userprofile/groups/XYZ/groupMemberOf/iCLOUD"

Expected Output
{"group-uri":"\/idaas_rest\/rest\/userprofile\/groups\/iCLOUD",
"member-uri":"\/idaas_rest\/rest\/userprofile\/groups\/XYZ",
"uri":"\/idaas_rest\/rest\/userprofile\/groups\/XYZ\/groupMemberOf\/iCLOUD"

Delete a "groupMemberOf" Relationship

Shows how to delete a groupMemberOf relationship.

cURL Command

Delete the "groupMemberOf" Relationship

curl -i --request DELETE "http://localhost:14100/
idaas_rest/rest/userprofile/groups/XYZ/groupMemberOf/iCLOUD"

Delete Group "XYZ"

curl -i --request DELETE http://localhost:14100/
idaas_rest/rest/userprofile/groups/XYZ/

Delete Group "iCLOUD"

curl -i --request DELETE "http://localhost:14100/
idaas_rest/rest/userprofile/groups/iCLOUD/"

Expected Output

No response.



"groupMembers" Relationship Operations

This section includes the following operations:

Create a "groupMembers" Relationship

Shows how to create a groupMembers relationship.

cURL Command

Create Group "XYZ"

curl -H "Content-Type: application/json" --request POST
http://localhost:14100/idaas_rest/rest/userprofile/groups/ -d 
'{"description":"XYZ Group","commonname":"XYZ"}'

Create Group "iCloud"

curl -H "Content-Type: application/json" --request POST
http://localhost:14100/idaas_rest/rest/userprofile/groups/ -d 
'{"description":"iCloud Group","commonname":"iCLOUD"}'

Create a "groupMembers" Relationship

curl -H "Content-Type: application/json" --request POST
http://localhost:14100/idaas_rest/rest/userprofile/groups/iCLOUD/groupMembers -d
'{"group-uri":"\/idaas_rest\/rest\/userprofile\/groups\/iCLOUD",
"member-uri":"\/idaas_rest\/rest\/userprofile\/groups\/XYZ"}'

Expected Output
{"group-uri":"\/idaas_rest\/rest\/userprofile\/groups\/iCLOUD",
"member-uri":"\/idaas_rest\/rest\/userprofile\/groups\/XYZ",
"uri":"\/idaas_rest\/rest\/userprofile\/groups\/iCLOUD\/groupMembers\/XYZ"}

Read a "groupMembers" Relationship

Shows how to read a groupMembers relationship.

cURL Command
curl -i --request GET "http://localhost:14100/
idaas_rest/rest/userprofile/groups/iCLOUD/groupMembers"

Expected Output
{"group-uri":"\/idaas_rest\/rest\/userprofile\/groups\/iCLOUD",
"member-uri":"\/idaas_rest\/rest\/userprofile\/groups\/XYZ",
"uri":"\/idaas_rest\/rest\/userprofile\/groups\/iCLOUD\/groupMemberOf\/XYZ"

Delete a "groupMembers" Relationship

Shows how to delete a groupMembers relationship.

cURL Command

Delete the "groupMembers" Relationship

curl -i --request DELETE "http://localhost:14100/idaas_rest/rest/
userprofile/groups/iCLOUD/groupMembers"

Delete Group "XYZ"

curl -i --request DELETE http://localhost:14100/
idaas_rest/rest/userprofile/groups/XYZ/

Delete Group "iCLOUD"

curl -i --request DELETE "http://localhost:14100/
idaas_rest/rest/userprofile/groups/iCLOUD/"

Expected Output

No response.



Search User Operations

This section includes the following operations:

Search Users

Shows how to get a list of all users.

cURL Command
curl -i --request GET http://localhost:14100/idaas_rest/rest/userprofile/people

Expected Output
{"next":"\/idaas_rest\/rest\/userprofile\/people?pageSize=10&pagePos=1",
"elements":[{"uid":"OracleSystemUser","guid":"E9A3B390581611E19F08FB1E3902A71C",
"description":"Oracle]]]] application software system user.",
"name":"OracleSystemUser","lastname":"OracleSystemUser",
"commonname":"OracleSystemUser","loginid":"OracleSystemUser",
"uniquename":"E9A3B390581611E19F08FB1E3902A71C",
"uri":"\/idaas_rest\/rest\/userprofile\/people\/OracleSystemUser"},
{"uid":"weblogic","guid":"E9A4C500581611E19F08FB1E3902A71C",
"description":"This user is the default administrator.","name":"weblogic",
"lastname":"weblogic","commonname":"weblogic","loginid":"weblogic",
"uniquename":"E9A4C500581611E19F08FB1E3902A71C",
"uri":"\/idaas_rest\/rest\/userprofile\/people\/weblogic"},
{"uid":"alice","guid":"D8D1907158F511E1BFDCF77FB8E715D5",
"description":"This test user is alice.","name":"alice","lastname":"alice",
"commonname":"alice","loginid":"alice",
"uniquename":"D8D1907158F511E1BFDCF77FB8E715D5",
"uri":"\/idaas_rest\/rest\/userprofile\/people\/alice"},
{"uid":"sean","guid":"D8D5AF2058F511E1BFDCF77FB8E715D5",
"description":"This test user is sean.","name":"sean","lastname":"sean",
"commonname":"sean","loginid":"sean",
"uniquename":"D8D5AF2058F511E1BFDCF77FB8E715D5",
"uri":"\/idaas_rest\/rest\/userprofile\/people\/sean"},
{"uid":"wei","guid":"D8D6245058F511E1BFDCF77FB8E715D5",
"description":"This test user is wei.","name":"wei","lastname":"wei",
"commonname":"wei","loginid":"wei",
"uniquename":"D8D6245058F511E1BFDCF77FB8E715D5",
"uri":"\/idaas_rest\/rest\/userprofile\/people\/wei"},
{"uid":"malla","guid":"D8D64B6058F511E1BFDCF77FB8E715D5",
"description":"This test user is malla.","name":"malla","lastname":"malla",
"commonname":"malla","loginid":"malla",
"uniquename":"D8D64B6058F511E1BFDCF77FB8E715D5",
"uri":"\/idaas_rest\/rest\/userprofile\/people\/malla"},
{"uid":"alan","guid":"D8D6998058F511E1BFDCF77FB8E715D5",
"description":"This test user is alan.","name":"alan","lastname":"alan",
"commonname":"alan","loginid":"alan",
"uniquename":"D8D6998058F511E1BFDCF77FB8E715D5",
"uri":"\/idaas_rest\/rest\/userprofile\/people\/alan"},
"uri":"\/idaas_rest\/rest\/userprofile\/people?pageSize=10&pagePos=0"}

Search Users With PageSize and PagePos

Shows how to get a list of users while specifying a page size and the page position.

cURL Command
curl -i --request GET "http://localhost:14100/
idaas_rest/rest/userprofile/people?pagePos=0&pageSize=1"

Expected Output
{"next":"\/idaas_rest\/rest\/userprofile\/people?pageSize=1&pagePos=1",
"elements":[{"uid":"OracleSystemUser","guid":"E9A3B390581611E19F08FB1E3902A71C",
"description":"Oracle]] application software system user.",
"name":"OracleSystemUser","lastname":"OracleSystemUser",
"commonname":"OracleSystemUser","loginid":"OracleSystemUser",
"uniquename":"E9A3B390581611E19F08FB1E3902A71C",
"uri":"\/idaas_rest\/rest\/userprofile\/people\/OracleSystemUser"}],
"uri":"\/idaas_rest\/rest\/userprofile\/people?pageSize=1&pagePos=0"}

Search Users With a Search Parameter and Without a Search Filter

Shows how to get a list of users while specifying a search parameter but not a search filter.

cURL Command
curl -i --request GET "http:/localhost:14100/idaas_rest/rest/userprofile/people/
?pagePos=0&pageSize=10&searchparam.name=John*"

Expected Output
{"elements":[{"uid":"John","guid":"E932E4F0590911E1BFDCF77FB8E715D5",
"description":"test user","name":"John","lastname":"Anderson",
"commonname":"John Anderson","loginid":"John","firstname":"John",
"uniquename":"E932E4F0590911E1BFDCF77FB8E715D5",
"uri":"\/idaas_rest\/rest\/userprofile\/people\/John"}],
"uri":"\/idaas_rest\/rest\/userprofile\/people?pageSize=10
&searchparam.name=John+Anderson&pagePos=0"}

Search Users With a Search Filter

Shows how to get a list of users while specifying the default "out-of-the-box" simple AND search filter.

cURL Command
curl -i --request GET "http:/localhost:14100/idaas_rest/rest/userprofile/
people?searchFilter=SimpleOR&searchparam.uid=John&searchparam.lastname=TEST"

Expected Output
{"elements":[{
"uid":"John",
"guid":"E932E4F0590911E1BFDCF77FB8E715D5",
"description":"test user",
"name":"John",
"lastname":"Anderson",
"commonname":"John Anderson",
"loginid":"John",
"firstname":"John",
"uniquename":"E932E4F0590911E1BFDCF77FB8E715D5",
"uri":"\/idaas_rest\/rest\/userprofile\/people\/John"}],
"uri":"\/idaas_rest\/rest\/userprofile\/people?pageSize=10
&searchFilter=SimpleOR&searchparam.lastname=TEST&searchparam.uid=John&pagePos=0"}

Search Groups

Shows how to get Group information.

cURL Command
curl -i --request GET "http:/localhost:14100/idaas_rest/rest/userprofile/
groups/?pagePos=0&pageSize=2"

Expected Output
{"next":"\/idaas_rest\/rest\/userprofile\/groups?pageSize=2&pagePos=1",
"elements":[{
"guid":"7CF7EC60724811E1BFB5AB6A1E4E415B",
"description":"AdminChannelUsers]] can access the admin channel.",
"name":"AdminChannelUsers",
"commonname":"AdminChannelUsers",
"uniquename":"7CF7EC60724811E1BFB5AB6A1E4E415B",
"uri":"\/idaas_rest\/rest\/userprofile\/groups\/AdminChannelUsers"},
{"guid":"7CF7EC61724811E1BFB5AB6A1E4E415B",
"description":"Administrators can view and modify all resource attributes and start and stop servers.", 
"name":"Administrators",
"commonname":"Administrators",
"uniquename":"7CF7EC61724811E1BFB5AB6A1E4E415B",
"uri":"\/idaas_rest\/rest\/userprofile\/groups\/Administrators"}],
"uri":"\/idaas_rest\/rest\/userprofile\/groups?pageSize=2&pagePos=0"}

Search Relationships

Given the name of a person in an organization, allows you to search for the person's manager.

cURL Command
curl -i --request GET "http:/localhost:14100/idaas_rest/rest/userprofile/
people/JohnD/manager/?pagePos=0&pageSize=2"

Expected Output
{"elements":[{
"report-uri":"\/idaas_rest\/rest\/userprofile\/people\/JohnD",
"uri":"\/idaas_rest\/rest\/userprofile\/people\/JohnD\/manager\/SusanS",
"manager-uri":{
           "uid":"SusanS",
   "manager":"\/idaas_rest\/rest\/userprofile\/people\/SusanS\/manager",
   "state":"CA",
   "lastname":"Smith",
   "firstname":"Susan",
   "loginid":"SusanS",
   "uniquename":"5B543C30790511E1AF41BD17BAB1A1C1",
   "uri":"\/idaas_rest\/rest\/userprofile\/people\/SusanS",
   "country":"USA",
   "guid":"5B543C30790511E1AF41BD17BAB1A1C1",
   "title":"Sr]]. Director, Development ",
   "name":"SusanS",
   "commonname":"Susan Smith"}
}],
"uri":"\/idaas_rest\/rest\/userprofile\/people\/JohnD\/manager?pageSize=2
&pagePos=0"} 


The "attrsToFetch" Query Parameter Feature

Use the attrsToFetch query parameter to retrieve a specific set of attributes instead of the full set of attributes that the system returns otherwise. To specify multiple attributes use a comma-separated list of attribute names.

For example:

.../people/alice?attrsToFetch=uid,email

The attrsToFetch query parameter can be used with any Search, Read, User, Group, or Relationship operation.

This section includes the following examples:

Read a User With attrsToFetch

This example shows how to retrieve the User's common name only. Without the attrsToFetch parameter, the system would retrieve the full set of User attributes.

cURL Command
curl -i --request GET 
"http://host:10/idaas_rest/rest/userprofile/people/Alice/?attrsToFetch=commonname"

Expected Output With attrsToFetch
{
"commonname":"Alice Mac",
"uri":"\/idaas_rest\/rest\/userprofile\/people\/Alice"}

Expected Output Without attrsToFetch
{
"uid":"Alice",
"guid":"C04020C078FE11E1AF41BD17BAB1A1C1",
"description":"Alice User",
"name":"Alice",
"lastname":"Mac",
"commonname":"Alice Mac",
"loginid":"Alice",
"firstname":"Alice",
"uniquename":"C04020C078FE11E1AF41BD17BAB1A1C1",
"uri":"\/idaas_rest\/rest\/userprofile\/people\/Alice"}

Search Groups With attrsToFetch

This example shows how to search Groups and retrieve only the name of each Group. Without the attrsToFetch parameter, the system would retrieve every attribute of each Group.

cURL Command
curl -i --request GET 
"http:/host:10/idaas_rest/rest/userprofile/groups?pagePos=0&pageSize=2
&attrsToFetch=name"

Expected Output With attrsToFetch
{"next":
"\/idaas_rest\/rest\/userprofile\/groups?pageSize=2&attrsToFetch=name&pagePos=1",
"elements":[{
"name":"AdminChannelUsers",
"uri":"\/idaas_rest\/rest\/userprofile\/groups\/AdminChannelUsers"},
{
"name":"Administrators",
"uri":"\/idaas_rest\/rest\/userprofile\/groups\/Administrators"
}],
"uri":"\/idaas_rest\/rest\/userprofile\/groups?pageSize=2&attrsToFetch=name
&pagePos=0"}

Expected Output Without attrsToFetch
{"next":
"\/idaas_rest\/rest\/userprofile\/groups?pageSize=2&pagePos=1",
"elements":[{
"guid":"7CF7EC60724811E1BFB5AB6A1E4E415B",
"description":"AdminChannelUsers can access the admin channel.",
"name":"AdminChannelUsers",
"commonname":"AdminChannelUsers",
"uniquename":"7CF7EC60724811E1BFB5AB6A1E4E415B",
"uri":"\/idaas_rest\/rest\/userprofile\/groups\/AdminChannelUsers"},
{
"guid":"7CF7EC61724811E1BFB5AB6A1E4E415B",
"description":"Administrators can view and modify all resource attributes and
start and stop servers.",
"name":"Administrators",
"commonname":"Administrators",
"uniquename":"7CF7EC61724811E1BFB5AB6A1E4E415B",
"uri":"\/idaas_rest\/rest\/userprofile\/groups\/Administrators"
}],
"uri":"\/idaas_rest\/rest\/userprofile\/groups?pageSize=2&pagePos=0"}

Search a Relationship With attrsToFetch

This example shows how to retrieve the name of the Groups that a User is a member of. Without the attrsToFetch parameter, the system would retrieve the full set of Group attributes for each Group.

cURL Command
curl -i --request GET 
"http://host:10/idaas_rest/rest/userprofile/people/weblogic/memberOf?
pagePos=0&pageSize=2&attrsToFetch=name"

Expected Output With attrsToFetch
{"next":
"\/idaas_rest\/rest\/userprofile\/people\/weblogic\/memberOf?
pageSize=2&attrsToFetch=name&pagePos=1",
"elements":[
   {
   "group-uri":
     {
      "name":"Administrators",
      "uri":"\/idaas_rest\/rest\/userprofile\/groups\/Administrators"
     },
   "person-uri":"\/idaas_rest\/rest\/userprofile\/people\/weblogic",
   "uri":"\/idaas_rest\/rest\/userprofile\/people\/weblogic\/memberOf\/
          Administrators"
   },
   {
   "group-uri":
     {
      "name":"OAAMEnvAdminGroup",
      "uri":"\/idaas_rest\/rest\/userprofile\/groups\/OAAMEnvAdminGroup"
     },
   "person-uri":"\/idaas_rest\/rest\/userprofile\/people\/weblogic",
   "uri":"\/idaas_ rest\/rest\/userprofile\/people\/weblogic\/memberOf\/
  OAAMEnvAdminGroup"
}],
"uri":"\/idaas_rest\/rest\/userprofile\/people\/weblogic\/memberOf?
pageSize=2&attrsToFetch=name&pagePos=0"}

Expected Output Without attrsToFetch
{"next":
"\/idaas_rest\/rest\/userprofile\/people\/weblogic\/memberOf?
pageSize=2&pagePos=1",
"elements":[ 
   {
   "group-uri":
     {
      "guid":"7CF7EC61724811E1BFB5AB6A1E4E415B",
      "description":"Administrators can view and modify all resource attributes
                     and start and stop servers.",
      "name":"Administrators",
     "commonname":"Administrators",
     "uniquename":"7CF7EC61724811E1BFB5AB6A1E4E415B",
     "uri":"\/idaas_rest\/rest\/userprofile\/groups\/Administrators"
     },
   "person-uri":"\/idaas_rest\/rest\/userprofile\/people\/weblogic",
   "uri":"\/idaas_rest\/rest\/userprofile\/people\/weblogic\/memberOf\/
          Administrators"
   },
   {
   "group-uri":
    {
     "guid":"7CF83A81724811E1BFB5AB6A1E4E415B",
     "description":"EnvAdminGroup",
     "name":"OAAMEnvAdminGroup",
     "commonname":"OAAMEnvAdminGroup",
     "uniquename":"7CF83A81724811E1BFB5AB6A1E4E415B",
     "uri":"\/idaas_rest\/rest\/userprofile\/groups\/OAAMEnvAdminGroup"
     }, 
   "person-uri":"\/idaas_rest\/rest\/userprofile\/people\/weblogic",
   "uri":"\/idaas_rest\/rest\/userprofile\/people\/weblogic\/memberOf\/
          OAAMEnvAdminGroup"
   }],
"uri":"\/idaas_rest\/rest\/userprofile\/people\/weblogic\/memberOf?
pageSize=2&pagePos=0"}
 


The "prefetch" Query Parameter Feature

Use the prefetch query parameter to expand a query to retrieve a collection of attributes linked to the User or Group or Relationship that is the subject of the query. To specify multiple attributes use a comma-separated list of attribute names.

For example:

.../people/alice?prefetch=attr1,attr2(b1,b2),attr3(b1,b2,b3)

If you do not specify the prefetch query parameter, the system returns the requested URI only.

You can use the prefetch query parameter with any User, Group, or Relationship profile operation, but not a Search operation.

So for example, you can use prefetch with instance resources such as the following:

But you cannot use prefetch with collection resources, such as the following:

This section includes one example:

Read a User With prefetch

This example shows how to retrieve the collection of "manager" attributes for the specified user in addition to the full set of User attributes that is returned by default.

cURL Command
curl -i --request GET 
"http://localhost:16191/idaas_rest/rest/userprofile/people/JohnD/
?prefetch=manager"

Expected Output With prefetch
{
"uid":"JohnD",
"manager":
   {"elements":
    [{
     "report-uri":"\/idaas_rest\/rest\/userprofile\/people\/JohnD",
     "uri":"\/idaas_rest\/rest\/userprofile\/people\/JohnD\/manager\/SusanS",
     "manager-uri":
      {
       "uid":"SusanS", 
       "manager":"\/idaas_rest\/rest\/userprofile\/people\/SusanS\/manager",
       "state":"CA",
       "lastname":"Smith",
       "firstname":"Susan",
       "loginid":"SusanS",
       "uniquename":"5B543C30790511E1AF41BD17BAB1A1C1",
       "uri":"\/idaas_rest\/rest\/userprofile\/people\/SusanS",
       "country":"USA",
       "guid":"5B543C30790511E1AF41BD17BAB1A1C1",
       "title":"Sr]]. Director, Development ",
       "name":"SusanS",
       "commonname":"Susan Smith"
      }
    }],
    "uri":"\/idaas_rest\/rest\/userprofile\/people\/JohnD\/manager
           ?pageSize=0&pagePos=-1"
   },
"state":"CA",
"lastname":"Doe",
"firstname":"John",
"loginid":"JohnD",
"uniquename":"2F23AC90790511E1AF41BD17BAB1A1C1",
"uri":"\/idaas_rest\/rest\/userprofile\/people\/JohnD",
"country":"USA",
"guid":"2F23AC90790511E1AF41BD17BAB1A1C1",
"title":"Director, Development ",
"name":"JohnD",
"commonname":"John Doe"}

Expected Output Without prefetch
{
"uid":"JohnD",
"manager":"\/idaas_rest\/rest\/userprofile\/people\/JohnD\/manager",
"state":"CA",
"lastname":"Doe",
"firstname":"John",
"loginid":"JohnD",
"uniquename":"2F23AC90790511E1AF41BD17BAB1A1C1",
"uri":"\/idaas_rest\/rest\/userprofile\/people\/JohnD",
"country":"USA",
"guid":"2F23AC90790511E1AF41BD17BAB1A1C1",
"title":"Director, Development ",
"name":"JohnD",
"commonname":"John Doe"}


The "scope" Query Parameter Feature

Use the scope query parameter to retrieve a nested level of attributes in a relationship search.

For example:

.../people/JohnD/manager?scope=toTop

Use scope if a search is between two entities that have a direct hierarchical relationship, for example a manager relationship between one user and another user, or a memberOf relationship between a user and a group.

The scope query parameter can be used with the following User Profile Services standard entities: manager, reports, groupMemberOf, groupMembers, groupOwner, and groupOwnerOf.

Note:

Configure the toTop scope attribute value by editing the User Profile Service Provider in the Oracle Access Management system administration console. In the Relationship Configuration section of the page, edit the values in the Scope for Requesting Recursion column. See "Editing or Creating a User Profile Service Provider" in the Administrator's Guide for Oracle Access Management for more information.

This section includes one example:

Search a Relationship With scope

This example shows how to do a Manager relationship Search with scope set toTop.

cURL Commands

Create User "JohnD"

curl -H "Content-Type: application/json" --request POST
http://localhost:14100/idaas_rest/rest/userprofile/people/ -d  
'{
  "uid":"JohnD",
  "title":"Director, Development ",
  "state":"CA",
  "lastname":"Doe",
  "commonname":"John Doe ", 
  "firstname":"John",
  "password":"secret12345",
  "country":"USA"}'

Create User "SusanS"

curl -H "Content-Type: application/json" --request POST
http://localhost:14100/idaas_rest/rest/userprofile/people/ -d
'{
  "uid":"SusanS",
  "title":"Sr. Director, Development ",
  "state":"CA",
  "lastname":"Smith",
  "commonname":"Susan Smith",
  "firstname":"Susan",
  "password":"12345secret",
  "country":"USA"}'

Create User "AlanC"

curl -H "Content-Type: application/json" --request POST
http://localhost:14100/idaas_rest/rest/userprofile/people/ -d
'{
  "uid":"AlanC",
  "title":"VP, Identity Management Development ",
  "state":"CA",
  "lastname":"Cooper",
  "commonname":"Alan Cooper",    
  "firstname":"Alan",
  "password":"welcome321",
  "country":"USA"}'

Create a "manger" relationship between JohnD and SusanS

curl -H "Content-Type: application/json" --request POST
http://localhost:14100/idaas_rest/rest/userprofile/people/JohnD/manager -d
'{
  "report-uri":"\/idaas_rest\/rest\/userprofile\/people\/JohnD",
  "manager-uri":"\/idaas_rest\/rest\/userprofile\/people\/SusanS"}'

Create a "manager" relationship between SusanS and AlanC

curl -H "Content-Type: application/json" --request POST
http://localhost:14100/idaas_rest/rest/userprofile/people/SusanS/manager -d
'{
  "report-uri":"\/idaas_rest\/rest\/userprofile\/people\/SusanS",
  "manager-uri":"\/idaas_rest\/rest\/userprofile\/people\/AlanC"}'

Perform a "manager" relationship Search with scope = toTop

curl -i --request GET "http://localhost:14100/idaas_rest/rest/userprofile/people/
JohnD/manager/?scope=toTop&pagePos=0&pageSize=2"

Expected Output With scope = toTop
{"next":
"\/idaas_rest\/rest\/userprofile\/people\/JohnD\/manager
?pageSize=2&scope=toTop&pagePos=1",
"elements":
[{
  "report-uri":"\/idaas_rest\/rest\/userprofile\/people\/JohnD",
  "uri":"\/idaas_rest\/rest\/userprofile\/people\/JohnD\/manager\/SusanS",
  "manager-uri":
    {
     "uid":"SusanS",
     "manager":"\/idaas_rest\/rest\/userprofile\/people\/SusanS\/manager", 
     "state":"CA",
     "lastname":"Smith",
     "firstname":"Susan",
     "loginid":"SusanS",
     "uniquename":"5B543C30790511E1AF41BD17BAB1A1C1",
     "uri":"\/idaas_rest\/rest\/userprofile\/people\/SusanS",
     "country":"USA",
     "guid":"5B543C30790511E1AF41BD17BAB1A1C1",
     "title":"Sr. Director, Development ",
     "name":"SusanS",
     "commonname":"Susan Smith"
    }
 },
 {
  "report-uri":"\/idaas_rest\/rest\/userprofile\/people\/SusanS",
  "uri":"\/idaas_rest\/rest\/userprofile\/people\/SusanS\/manager\/AlanC",
  "manager-uri":
    {
     "uid":"AlanC",
     "guid":"31486BE0790611E1AF41BD17BAB1A1C1",
     "title":"VP, Identity Management Development ",
     "name":"AlanC",
     "state":"CA",
     "lastname":"Cooper",
     "commonname":"Alan Cooper",
     "loginid":"AlanC",
     "firstname":"Alan",
     "uniquename":"31486BE0790611E1AF41BD17BAB1A1C1",
     "uri":"\/idaas_rest\/rest\/userprofile\/people\/AlanC",
     "country":"USA"
    }
}],
"uri":"\/idaas_rest\/rest\/userprofile\/people\/JohnD\/manager
?pageSize=2&scope=toTop&pagePos=0"}

Expected Output Without scope = toTop
{"elements":
 [{
  "report-uri":"\/idaas_rest\/rest\/userprofile\/people\/JohnD",
  "uri":"\/idaas_rest\/rest\/userprofile\/people\/JohnD\/manager\/SusanS",
  "manager-uri":
    {
     "uid":"SusanS",
     "manager":"\/idaas_rest\/rest\/userprofile\/people\/SusanS\/manager", 
     "state":"CA",
     "lastname":"Smith",
     "firstname":"Susan",
     "loginid":"SusanS",
     "uniquename":"5B543C30790511E1AF41BD17BAB1A1C1",
     "uri":"\/idaas_rest\/rest\/userprofile\/people\/SusanS",
     "country":"USA",
     "guid":"5B543C30790511E1AF41BD17BAB1A1C1",
     "title":"Sr. Director, Development ",
     "name":"SusanS",
     "commonname":"Susan Smith"
    }
 }],
"uri":"\/idaas_rest\/rest\/userprofile\/people\/JohnD\/manager
?pageSize=2&pagePos=0"}


Practical Examples

The examples in this section present a progression of REST calls. First a device registration handle is acquired and then used in subsequent calls to the Mobile and Social server in order to authenticate a user, obtain access to a protected resource, and interact with User Profile Services. The basic sequence is (1) obtain a device registration handle, (2) obtain a user token, and (3) obtain an access token.

Note:

The REST examples presented in this section include line breaks and indented code blocks to help make them easy to read.


Mobile SSO Agent Requests Client Registration Handle (Client Token)

This example shows the client registration request call that the mobile SSO agent app on an iOS device sends to the Mobile and Social Server.

The Request

curl -H "Content-Type: application/json" --request POST
http://hostname.example.com:18001/idaas_rest/rest/mobilejwtauthentication/register 
-H 'X-IDAAS-SERVICEDOMAIN:MobileServiceDomain'
-d
'{
  "X-Idaas-Rest-Subject-Type":"USERCREDENTIAL",
  "X-Idaas-Rest-Subject-Username":"jdoe",
  "X-Idaas-Rest-Subject-Password":"password123",
  "X-Idaas-Rest-New-Token-Type-To-Create":"CLIENTREGHANDLE",
  "deviceProfile":

    {
     "oracle:idm:claims:client:sdkversion":"11.1.2.0.0",
     "hardwareIds":
       {
        "oracle:idm:claims:client:udid":"0e83ff56a12a9cf0c7",
        "oracle:idm:claims:client:phonenumber":"1-650-555-1234",
        "oracle:idm:claims:client:macaddress":"00-16-41-34-2C-A6",
        "oracle:idm:claims:client:imei":"010113006310121"
       },
     "oracle:idm:claims:client:jailbroken":false,
     "oracle:idm:claims:client:geolocation":"+40.689060,-74.044636",
     "oracle:idm:claims:client:networktype":"PHONE_CARRIER",
     "oracle:idm:claims:client:vpnenabled":false,
     "oracle:idm:claims:client:ostype":"iPhone OS",
     "oracle:idm:claims:client:phonecarriername":"AT&T",
     "oracle:idm:claims:client:locale":"EN-US",
     "oracle:idm:claims:client:osversion":"4.0"
    }
  "clientId":"OICSecurityApp"
}'

The Response

{"X-Idaas-Rest-Token-Value":"eyJ0b2tlblR...l9M=",
 "X-Idaas-Rest-Token-Type":"CLIENTREGHANDLE",
 "handles":
    {"oaam.device":   
      {
       "expirationTSInSec":1334423076,
       "value":"20_7fe4bde3d448598c4cb8211d214b5eaded0620428c06061b1261644603717cd3"
      },
     "oaam.session":
      {
       "expirationTSInSec":1332955447,
       "value":"18_2743f64c111cb6691ea18689317958192d748b191a4955851e43f40910079e9a"
      }
    }
}

Mobile SSO Agent Requests Client Registration Handle on Behalf of Business App

The Request

curl -H "Content-Type: application/json" --request POST
http://hostname.example.com:18001/idaas_rest/rest/mobilejwtauthentication/register
-H 'X-IDAAS-SERVICEDOMAIN:MobileServiceDomain'
-H 'X-IDAAS-REST-AUTHORIZATION: UIDPASSWORD cred="T0lDU2VjdXJ...Gw5TT0="'
-d
'{
  "X-Idaas-Rest-Subject-Type":"USERCREDENTIAL",
  "X-Idaas-Rest-Subject-Username":"jdoe",
  "X-Idaas-Rest-Subject-Password":"password123",
  "X-Idaas-Rest-New-Token-Type-To-Create":"CLIENTREGHANDLE",
  "deviceProfile":

    {
     "oracle:idm:claims:client:sdkversion":"11.1.2.0.0",
     "hardwareIds":
       {
        "oracle:idm:claims:client:udid":"0e83ff56a12a9cf0c7",
        "oracle:idm:claims:client:phonenumber":"1-650-555-1234",
        "oracle:idm:claims:client:macaddress":"00-16-41-34-2C-A6",
        "oracle:idm:claims:client:imei":"010113006310121"
       },
     "oracle:idm:claims:client:jailbroken":false,
     "oracle:idm:claims:client:geolocation":"+40.689060,-74.044636",
     "oracle:idm:claims:client:networktype":"PHONE_CARRIER",
     "oracle:idm:claims:client:vpnenabled":false,
     "oracle:idm:claims:client:ostype":"iPhone OS",
     "oracle:idm:claims:client:phonecarriername":"AT&T",
     "oracle:idm:claims:client:locale":"EN-US",
     "oracle:idm:claims:client:osversion":"4.0"
    }
  "handles":  
     {"oaam.session":"18_2743f64c111cb6691ea18689317958192d748b191a4955851e43f40910079e9a",
      "oaam.device":"20_7fe4bde3d448598c4cb8211d214b5eaded0620428c06061b1261644603717cd3"
     },
  "clientId":"WhitePageApp"
}'

The Response

{"X-Idaas-Rest-Token-Value":"eyJ0b2tlblR...Lyhko=",
 "X-Idaas-Rest-Token-Type":"CLIENTREGHANDLE",
 "handles":
    {"oaam.device": 
      {
       "expirationTSInSec":1334423298,
       "value":"20_7fe4bde3d448598c4cb8211d214b5eaded0620428c06061b1261644603717cd3"
      },
     "oaam.session":
      {
       "expirationTSInSec":1332955669,
       "value":"18_2743f64c111cb6691ea18689317958192d748b191a4955851e43f40910079e9a"
      }
    }
}

A User Token Request

The Request

curl -H "Content-Type: application/json" --request POST
http://hostname.example.com:18001/idaas_rest/rest/mobilejwtauthentication/authenticate
-H 'X-IDAAS-SERVICEDOMAIN:MobileServiceDomain'
-H 'X-IDAAS-REST-AUTHORIZATION: UIDPASSWORD cred="T0lDU2VjdXJpdHlBc...Fa00vOD0="'
-d
'{
  "X-Idaas-Rest-Subject-Type":"USERCREDENTIAL",
  "X-Idaas-Rest-Subject-Username":"jdoe",
  "X-Idaas-Rest-Subject-Password":"password123",
  "X-Idaas-Rest-New-Token-Type-To-Create":"USERTOKEN",
  "deviceProfile":

    {
     "oracle:idm:claims:client:sdkversion":"11.1.2.0.0",
     "hardwareIds":
       {
        "oracle:idm:claims:client:udid":"0e83ff56a12a9cf0c7",
        "oracle:idm:claims:client:phonenumber":"1-650-555-1234",
        "oracle:idm:claims:client:macaddress":"00-16-41-34-2C-A6",
        "oracle:idm:claims:client:imei":"010113006310121"
       },
     "oracle:idm:claims:client:jailbroken":false,
     "oracle:idm:claims:client:geolocation":"+40.689060,-74.044636",
     "oracle:idm:claims:client:networktype":"PHONE_CARRIER",
     "oracle:idm:claims:client:vpnenabled":false,
     "oracle:idm:claims:client:ostype":"iPhone OS",
     "oracle:idm:claims:client:phonecarriername":"AT&T",
     "oracle:idm:claims:client:locale":"EN-US",
     "oracle:idm:claims:client:osversion":"4.0"
    }
  "handles":      
    {"oaam.session":"21_9e2e728b3180a7a3c9b80cef542c58339c2c7ed0e1a3ba66db4807ef1cf1523d",
     "oaam.device":"23_3a958d144b04f91c53b4236ed9f880357122df946f14ba21d957be5b49ef529b"
    }
}'

The Response

{"X-Idaas-Rest-Token-Value":"eyJhbGciOiJSUzUx...1OC6qw",
 "X-Idaas-Rest-Token-Type":"USERTOKEN",
 "handles":
    {"oaam.device": 
      {
       "expirationTSInSec":1334424634,
       "value":"23_3a958d144b04f91c53b4236ed9f880357122df946f14ba21d957be5b49ef529b"
      },
     "oaam.session":
      {
       "expirationTSInSec":1332957005,
       "value":"21_9e2e728b3180a7a3c9b80cef542c58339c2c7ed0e1a3ba66db4807ef1cf1523d"
      }
    }
}

An Access Token Request

The Request

curl -H "Content-Type: application/json" --request POST
http://hostname.example.com:18001/idaas_rest/rest/mobilejwtauthentication/access
-H 'X-IDAAS-SERVICEDOMAIN:MobileServiceDomain'
-H 'X-IDAAS-REST-AUTHORIZATION: UIDPASSWORD cred="T0lDU2VjdXJpdHlBc...TFPQzZxdw=="'
-d
'{
  "X-Idaas-Rest-Subject-Type":"TOKEN",
  "X-Idaas-Rest-Subject-Value":"eyJhbGciOiJSUzUxM...411OC6qw",
  "X-Idaas-Rest-Application-Context":"<webgate context>",
  "X-Idaas-Rest-Application-Resource":"http:\/\/am-v40z-04.us.example.com:7777\/index.html",
  "X-Idaas-Rest-New-Token-Type-To-Create":"ACCESSTOKEN",
  "deviceProfile":

    {
     "oracle:idm:claims:client:sdkversion":"11.1.2.0.0",
     "hardwareIds":
       {
        "oracle:idm:claims:client:udid":"0e83ff56a12a9cf0c7",
        "oracle:idm:claims:client:phonenumber":"1-650-555-1234",
        "oracle:idm:claims:client:macaddress":"00-16-41-34-2C-A6",
        "oracle:idm:claims:client:imei":"010113006310121"
       },
     "oracle:idm:claims:client:jailbroken":false,
     "oracle:idm:claims:client:geolocation":"+40.689060,-74.044636",
     "oracle:idm:claims:client:networktype":"PHONE_CARRIER",
     "oracle:idm:claims:client:vpnenabled":false,
     "oracle:idm:claims:client:ostype":"iPhone OS",
     "oracle:idm:claims:client:phonecarriername":"AT&T",
     "oracle:idm:claims:client:locale":"EN-US",
     "oracle:idm:claims:client:osversion":"4.0"
    }
  "handles":  
   {"oaam.session":"21_9e2e728b3180a7a3c9b80cef542c58339c2c7ed0e1a3ba66db4807ef1cf1523d",
    "oaam.device":"23_3a958d144b04f91c53b4236ed9f880357122df946f14ba21d957be5b49ef529b"
   }
}'

Access Manager Master Token Authentication

The Request

curl -H "Content-Type: application/json" --request POST
http://hostname.example.com:18001/idaas_rest/rest/mobilejwtauthentication/authenticate
-H 'X-IDAAS-SERVICEDOMAIN:MobileServiceDomain'
-H 'X-IDAAS-REST-AUTHORIZATION: UIDPASSWORD cred="T0lDU2VjdXJpdHlBc...TFPQzZxdw=="'
-d
'{
  "X-Idaas-Rest-Subject-Type":"USERCREDENTIAL"
  "X-Idaas-Rest-Subject-Username":"jdoe",
  "X-Idaas-Rest-Subject-Password":"password123",
  "X-Idaas-Rest-New-Token-Type-To-Create":"USERTOKEN",
  "OAM-Token-Type-To-Create":"USERTOKEN::OAMMT",
  "deviceProfile":

    {
     "oracle:idm:claims:client:sdkversion":"11.1.2.0.0",
     "hardwareIds":
       {
        "oracle:idm:claims:client:udid":"0e83ff56a12a9cf0c7",
        "oracle:idm:claims:client:phonenumber":"1-650-555-1234",
        "oracle:idm:claims:client:macaddress":"00-16-41-34-2C-A6",
        "oracle:idm:claims:client:imei":"010113006310121"
       },
     "oracle:idm:claims:client:jailbroken":false,
     "oracle:idm:claims:client:geolocation":"+40.689060,-74.044636",
     "oracle:idm:claims:client:networktype":"PHONE_CARRIER",
     "oracle:idm:claims:client:vpnenabled":false,
     "oracle:idm:claims:client:ostype":"iPhone OS",
     "oracle:idm:claims:client:phonecarriername":"AT&T",
     "oracle:idm:claims:client:locale":"EN-US",
     "oracle:idm:claims:client:osversion":"4.0"
    }
  "handles":  
   {"oaam.session":"21_9e2e728b3180a7a3c9b80cef542c58339c2c7ed0e1a3ba66db4807ef1cf1523d",
    "oaam.device":"23_3a958d144b04f91c53b4236ed9f880357122df946f14ba21d957be5b49ef529b"
   }
}'
     

Device Registration Request with KBA Response

Knowledge-based authentication (KBA) is an authentication scheme in which the user is asked to answer at least one question.

The Request to Register a Device

curl -H "Content-Type: application/json" --request POST 
http://server1.domain.com:14100/
oic_rest/rest/mobileoamauthentication/register  -H 
'X-IDAAS-SERVICEDOMAIN:MobileServiceDomain' -d 
'{"X-Idaas-Rest-New-Token-Type-To-Create":"CLIENTREGHANDLE",
"X-Idaas-Rest-Subject-Password":"welcome1",
"deviceProfile":{"oracle:idm:claims:client:sdkversion":"11.1.2.0.0","hardwareIds":
{"oracle:idm:claims:client:udid":"0e83ff56a12a9cf0c7",
"oracle:idm:claims:client:phonenumber":"1-650-555-1234",
"oracle:idm:claims:client:macaddress":"00-16-41-34-2C-A6",
"oracle:idm:claims:client:imei":"010113006310121"},
"oracle:idm:claims:client:jailbroken":false,
"oracle:idm:claims:client:geolocation":"+40.689060,-74.044636",
"oracle:idm:claims:client:networktype":"PHONE_CARRIER",
"oracle:idm:claims:client:vpnenabled":false,
"oracle:idm:claims:client:ostype":"iPhone OS",
"oracle:idm:claims:client:phonecarriername":"AT&T",
"oracle:idm:claims:client:locale":"EN-US",
"oracle:idm:claims:client:osversion":"4.0"},
"X-Idaas-Rest-Subject-Username":"JohnS","clientId":"OICSSOApp",
"X-Idaas-Rest-Subject-Type":"USERCREDENTIAL"}'

The Response Containing the KBA Question

{"handles":{"oaam.device":{"expirationTSInSec":1352076952,"value":"563_
23552f26e974030dc16018cc6b76237432c363d47a019cec8c73aa318caf2f97"},
"oaam.session":{"expirationTSInSec":1350609323,"value":"561_
419dc5ee6b325535dd026c882ac67cabc271dd7e0297ab73c74573a49dec233a"},
"oic.multiStepAuthnSessionHandle":{"expirationTSInSec":1350606623,"value":
"eyJvcmlnU2VjdXJpdHlFdmVudHMiOlsiUkVHX1NFQ1VSSVRZX0NMSUVOVF9BUFAiXSwib3JpZ1JlcU1hc
CI6eyJjbGllbnRJUEFkZHJlc3MiOiIxMC4xMzMuMTM5LjE0MyIsIlgtSWRhYXMtUmVzdC1TdWJqZWN0LVB
hc3N3b3JkIjoid2VsY29tZTEiLCJYLUlkYWFzLVJlc3QtTmV3LVRva2VuLVR5cGUtVG8tQ3JlYXRlIjoiQ
0xJRU5UUkVHSEFORExFIiwiWC1JZGFhcy1SZXN0LVN1YmplY3QtVXNlcm5hbWUiOiJKb2huUyIsImNsaWV
udElkIjoiT0lDU1NPQXBwIiwiWC1JZGFhcy1SZXN0LVN1YmplY3QtVHlwZSI6IlVTRVJDUkVERU5USUFMI
n0sImNvbnRyYWN0TmFtZSI6Ik1vYmlsZVNlcnZpY2VEb21haW4iLCJzZXJ2aWNlSWRFUCI6IlwvbW9iaWx
lb2FtYXV0aGVudGljYXRpb24ifQ=="}},"message":
"The Challenge Action is triggered", 
"multi-step-challenge-question":{"challengeType":"KBA","locale":"en",
"questionRefId":"112","questionStr":
"What was the year of your favorite sports moment?"},
"oicErrorCode":"IDAAS-61010","status":"REQUIRE_MULTI_STEP_AUTHN"}

The Request to Register the Device Containing the KBA Answer

curl -H "Content-Type: application/json" --request POST 
http://server1.domain.com:14100/oic_rest/rest/mobileoamauthentication/register  
-H 'X-IDAAS-SERVICEDOMAIN:MobileServiceDomain' -d 
'{"X-Idaas-Rest-New-Token-Type-To-Create":"CLIENTREGHANDLE",
"X-Idaas-Rest-Subject-Password":"welcome1","deviceProfile":
{"oracle:idm:claims:client:sdkversion":"11.1.2.0.0","hardwareIds":
{"oracle:idm:claims:client:udid":"0e83ff56a12a9cf0c7",
"oracle:idm:claims:client:phonenumber":"1-650-555-1234",
"oracle:idm:claims:client:macaddress":"00-16-41-34-2C-A6",
"oracle:idm:claims:client:imei":"010113006310121"},
"oracle:idm:claims:client:jailbroken":false,
"oracle:idm:claims:client:geolocation":"+40.689060,-74.044636",
"oracle:idm:claims:client:networktype":"PHONE_CARRIER",
"oracle:idm:claims:client:vpnenabled":false,
"oracle:idm:claims:client:ostype":"iPhone OS",
"oracle:idm:claims:client:phonecarriername":"AT&T",
"oracle:idm:claims:client:locale":"EN-US",
"oracle:idm:claims:client:osversion":"4.0"},
"X-Idaas-Rest-Subject-Username":"JohnS","multi-step-challenge-answer":
{"challengeType":"KBA","locale":"EN-US","answerStr":
"moment","questionRefId":"112"},
"handles":{"oaam.session":"561_419dc5ee6b325535dd026c882ac67cabc271dd7e0297ab73c74573a49dec233a",
"oaam.device":"563_23552f26e974030dc16018cc6b76237432c363d47a019cec8c73aa318caf2f97",
"oic.multiStepAuthnSessionHandle":
"eyJvcmlnU2VjdXJpdHlFdmVudHMiOlsiUkVHX1NFQ1VSSVRZX0NMSUVOVF9BUFAiXSwib3JpZ1JlcU1hc
CI6eyJjbGllbnRJUEFkZHJlc3MiOiIxMC4xMzMuMTM5LjE0MyIsIlgtSWRhYXMtUmVzdC1TdWJqZWN0LVB
hc3N3b3JkIjoid2VsY29tZTEiLCJYLUlkYWFzLVJlc3QtTmV3LVRva2VuLVR5cGUtVG8tQ3JlYXRlIjoiQ
0xJRU5UUkVHSEFORExFIiwiWC1JZGFhcy1SZXN0LVN1YmplY3QtVXNlcm5hbWUiOiJKb2huUyIsImNsaWV
udElkIjoiT0lDU1NPQXBwIiwiWC1JZGFhcy1SZXN0LVN1YmplY3QtVHlwZSI6IlVTRVJDUkVERU5USUFMI
n0sImNvbnRyYWN0TmFtZSI6Ik1vYmlsZVNlcnZpY2VEb21haW4iLCJzZXJ2aWNlSWRFUCI6IlwvbW9iaWx
lb2FtYXV0aGVudGljYXRpb24ifQ=="},"X-Idaas-Rest-Subject-Type":"USERCREDENTIAL"}'

The Response with a Client Registration Handle

{"X-Idaas-Rest-Token-Value":"eyJvcmFjbGU6aWRtOmNsYWltczpjbGllbnQ6c2RrdmVyc2lvbiI6I
jExLjEuMi4wLjAiLCJ0b2tlblR5cGUiOiJDTElFTlRSRUdIQU5ETEUiLCJvcmFjbGU6aWRtOmNsYWltczp
jbGllbnQ6bWFjYWRkcmVzcyI6IjAwLTE2LTQxLTM0LTJDLUE2IiwicmVnVXNlciI6IkpvaG5TIiwiaXNzI
joiTW9iaWxlT0FNQXV0aGVudGljYXRpb24iLCJvcmFjbGU6aWRtOmNsYWltczpjbGllbnQ6b3N0eXBlIjo
iaVBob25lIE9TIiwib3JhY2xlOmlkbTpjbGFpbXM6Y2xpZW50OmltZWkiOiIwMTAxMTMwMDYzMTAxMjEiL
CJyZWdUUyI6MTM1MDYwNTc4MCwianRpIjoiYTNlMWM1MjYtYjBjMS00ZDg0LThjYzAtZjYyMDNmYjM4NWV
lIiwib3JhY2xlOmlkbTpjbGFpbXM6Y2xpZW50Om9zdmVyc2lvbiI6IjQuMCIsImNsaWVudElkIjoiT0lDU
1NPQXBwIn0=.qA6Ez+gXNdLbk/hD5LRVDaBRK3t6b6IOOk7Z8iwW03s=",
"X-Idaas-Rest-Token-Type":"CLIENTREGHANDLE",
"handles":{"oaam.device":{"expirationTSInSec":1352077009,"value":"563_
23552f26e974030dc16018cc6b76237432c363d47a019cec8c73aa318caf2f97"},
"oaam.session":{"expirationTSInSec":1350609380,"value":"561_
419dc5ee6b325535dd026c882ac67cabc271dd7e0297ab73c74573a49dec233a"}}}