6 REST APIs and HTTP Response Codes
The following are the supported REST APIs and HTTP Response Codes:
Generate access token
CNC Console uses Generate access token REST API to generate
the access token.
Type: POST
URI:
POST /{realm}/protocol/openid-connect/token Table 6-1 Request Body Parameters
| Field Name | Data Type | Mandatory(M)/Optional(O)/Conditional(C) | Description |
|---|---|---|---|
| client_id | string | M | Id that has been given to the client |
| username | string | M | Login Username |
| password | string | M | Login Password |
| grant_type | string | M | Type of Authorization used |
Sample URI:
http://${cncc-iam-ingress-extrenal-ip}:${cncc-iam-ingress-service-port}/cncc/auth/realms/master/protocol/openid-connect/tokenExample curl command:
curl --location --request POST 'http://${cncc-iam-ingress-extrenal-ip}:${cncc-iam-ingress-service-port}/cncc/auth/realms/master/protocol/openid-connect/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'client_id=admin-cli' \
--data-urlencode 'username=admin' \
--data-urlencode 'password=xxxxxx' \
--data-urlencode 'grant_type=password'Example of the Request Body
The following is the example of the request body:
{
"client_id":"admin-cli",
"username": "admin",
"password": "xxxxxx",
"grant_type": "password",
} Example of the Response Body
{
"access_token": "eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lGMfag",
"expires_in": 60,
"refresh_expires_in": 1800,
"refresh_token": "eyJhbGciOiJIUzI1NiIsInR5cCIgOiAiSldUIiwia2lkICIxM"
"not-before-policy": 0,
"session_state": "52dd8d7c-f8d9-4009-9c34-0262bb7d3722",
"scope": "email profile"
}Table 6-2 Supported Response Codes
| Code | Description |
|---|---|
| 200 OK | Get users. Returns a list of users. |
| 401 Unauthorised | Missing Authentication |
| 404 Not Found | Realm not found |
Create a new user
CNC Console uses Create a new user REST API to create a new user.
The user name must be unique.
Type: POST
URI:
POST /{realm}/users
Table 6-3 Request Body Parameters
| Field Name | Data Type | Mandatory(M)/Optional(O)/Conditional(C) | Description |
|---|---|---|---|
| enabled | boolean | M | Set to true to enable the user , an disabled user can not login |
| username | string | M | Name of the new user |
Sample URI:
http://${cncc-iam-ingress-extrenal-ip}:${cncc-iam-ingress-service-port}/cncc/auth/realms/cncc/usersExample curl command:
{curl --location --request POST 'http://${cncc-iam-ingress-extrenal-ip}:${cncc-iam-ingress-service-port}/cncc/auth/admin/realms/cncc/users' \
--header 'Authorization: Bearer <token>' \
--header 'Content-Type: application/json' \
--data-raw '{ "enabled": true,
"username": "user6"}'Example of the Request Body
The following is the example of the request body:
{ "enabled": true,
"username": "user6"}Example of the Response Code
The following is the example of the response code:
201 CreatedTable 6-4 Supported Response Codes
| Code | Description |
|---|---|
| 201 Created | Create a new user.Username must beunique. {Requirespayload} |
| 401 Unauthorised | MissingAuthentication |
| 404 Not Found | Realm not found |
| 409 Conflict | User exists withsame username |
Get users
CNC Console uses Get users REST API to return a list of
users.
Type: GET
URI:
GET /{realm}/users
http://${cncc-iam-ingress-extrenal-ip}:${cncc-iam-ingress-service-port}/cncc/auth/realms/cncc/users
curl --location --request GET 'http://${cncc-iam-ingress-extrenal-ip}:${cncc-iam-ingress-service-port}/cncc/auth/admin/realms/cncc/users' \
--header 'Authorization: Bearer <token>' Example of the Response Body
The following is the example of the response body:
[
{
"id": "48cf183c-d3e4-4917-b3e5-5e01109f534c",
"createdTimestamp": 1659952887114,
"username": "user",
"enabled": true,
"emailVerified": false,
"access": {
"manageGroupMembership": true,
"view": true,
"mapRoles": true,
"impersonate": true,
"manage": true
}
}
,
.....
]Table 6-5 Supported Response Codes
| Code | Description |
|---|---|
| 200 OK | Get users. Returns alist of users, filteredaccording to queryparameters. |
| 401 Unauthorised | MissingAuthentication |
| 404 Not Found | Realm not found |
Get single user
CNC Console uses Get single user REST API to get individual user
details.
Type: GET
URI:
GET /{realm}/users/{id}Table 6-6 Request Path Parameter
| Field Name | Data Type | Mandatory(M)/Optional(O)/Conditional(C) | Description |
|---|---|---|---|
| id | string | M | Id of the user |
Sample URI:
http://${cncc-iam-ingress-extrenal-ip}:${cncc-iam-ingress-service-port}/cncc/auth/admin/realms/cncc/users/2a3113c0-48de-46d9-a563-6ce95eabbae4curl --location --request GET 'http://10.75.241.198:30085/cncc/auth/admin/realms/cncc/users/754d6f6b-4ccb-44f1-abf1-00d717885dbe' \
--header 'Authorization: Bearer <token>'Example of the Response Body
The following is the example of the response body:
{
"id": "754d6f6b-4ccb-44f1-abf1-00d717885dbe",
"createdTimestamp": 1661232491550,
"username": "u1",
"enabled": true,
"totp": false,
"emailVerified": false,
"disableableCredentialTypes": [],
"requiredActions": [],
"notBefore": 0,
"access": {
"manageGroupMembership": true,
"view": true,
"mapRoles": true,
"impersonate": true,
"manage": true
}
}Table 6-7 Supported Response Codes
| Code | Description |
|---|---|
| 200 OK | Get users. Returns a list of users, filtered according to queryparameters. |
| 401 Unauthorised | Missing Authentication |
| 404 Not Found | Realm not found |
| 404 Not Found | User not found |
Delete the User
CNC Console uses Delete the User REST API to delete the user.
Type: DELETE
URI:
DELETE /{realm}/users/{id}
Table 6-8 Request Path Parameters
| Field Name | Data Type | Mandatory(M)/Optional(O)/Conditional(C) | Description |
|---|---|---|---|
| id | string | M | Id of the user |
Sample URI:
http://${cncc-iam-ingress-extrenal-ip}:${cncc-iam-ingress-service-port}/cncc/auth/admin/realms/cncc/users/2a3113c0-48de-46d9-a563-6ce95eabbae4
Example curl command:
curl --location --request DELETE 'http://${cncc-iam-ingress-extrenal-ip}:${cncc-iam-ingress-service-port}/cncc/auth/admin/realms/cncc/users/7a2d3608-95b2-4a88-8efb-dad48e7778e2' \--header 'Authorization: Bearer <token>'Example of the Response Code
The following is the example of the response code:
204 No ContentTable 6-9 Supported Response Codes
| Code | Description |
|---|---|
| 204 No Content | Delete the user. |
| 401 Unauthorised | Missing Authentication |
| 404 Not Found | Realm not found |
| 404 Not Found | User not found |
Set up a New Password for the User
CNC Console uses Setup a New Password for the User REST API to set
up a new password for the user.
Type: PUT
URI:
PUT /{realm}/users/{id}/reset-password
Table 6-10 Request Body Parameters
| Field Name | Data Type | Mandatory(M)/Optional(O)/Conditional(C) | Description |
|---|---|---|---|
| type | string | M | Type |
| value | Integer | M | Value of new password |
| temporary | Boolean | O | To validate temporary or not |
Table 6-11 Request Path Parameter
| Field Name | Data Type | Mandatory(M)/Optional(O)/Conditional(C) | Description |
|---|---|---|---|
| id | string | M | Id of the user |
Sample URI:
http://${cncc-iam-ingress-extrenal-ip}:${cncc-iam-ingress-service-port}/cncc/auth/admin/realms/cncc/users/2a3113c0-48de-46d9-a563-6ce95eabbae4/reset-password
Example curl command:
curl --location --request PUT 'http://${cncc-iam-ingress-extrenal-ip}:${cncc-iam-ingress-service-port}/cncc/auth/admin/realms/cncc/users/754d6f6b-4ccb-44f1-abf1-00d717885dbe/reset-password' \
--header 'Authorization: Bearer <token>' \
--header 'Content-Type: application/json' \
--data-raw '{ "type":"password","value":"Password1#","temporary":false}'
Example of the Request Body
The following is the example of the request body:
{
"type":"password",
"value":"Password1#",
"temporary":false
}Example of the Response Code
The following is the example of the response code:
204 No ContentTable 6-12 Supported Response Codes
| Code | Description |
|---|---|
| 204 No Content | Set up a newpassword for the CNCC user {Requires payload}. |
| 401 Unauthorised | Missing Authentication |
| 404 Not Found | Realm not found |
| 404 Not Found | User not found |
| 400 Bad Request | Invalid password |
Get Realm Level Roles
CNC Console uses Get Realm-level Roles REST API to get
realm-level roles.
Type: GET
URI:
GET /{realm}/roles
Sample URI:
http://${cncc-iam-ingress-extrenal-ip}:${cncc-iam-ingress-service-port}/cncc/auth/admin/realms/cncc/rolesExample curl command:
curl --location --request GET 'http://${cncc-iam-ingress-extrenal-ip}:${cncc-iam-ingress-service-port}/cncc/auth/admin/realms/cncc/roles' \
--header 'Authorization: Bearer <token>'Example of the Response Body
The following is the example of the response body:
[
{
"id": "fc5006e0-3927-4034-a01f-af70d779f1f8",
"name": "ADMIN",
"description": "Has access to all NF resources and can perform CRUD operations",
"composite": true,
"clientRole": false,
"containerId": "cncc"
},
{
"id": "1acd6c4a-115a-44ae-bf5f-139577f9df0a",
"name": "POLICY_WRITE",
"description": "Has access to only POLICY resources and can perform CRUD operation on Managed Objects of POLICY.",
"composite": true,
"clientRole": false,
"containerId": "cncc"
},
...]Table 6-13 Supported Response Codes
| Code | Description |
|---|---|
| 200 OK | Generate Get Realm Level Roles |
Get Realm-level Role Mappings
CNC Console uses Get Realm-level Role Mappings REST API to
get realm-level role mappings for a specific user id .
Type: GET
URI:
GET /{realm}/users/{id}/role-mappings/realmTable 6-14 Request Path Parameters
| Field Name | Data Type | Mandatory(M)/Optional(O)/Conditional(C) | Description |
|---|---|---|---|
| id | string | M | ID assigned to the user |
Sample URI:
http://${cncc-iam-ingress-extrenal-ip}:${cncc-iam-ingress-service-port}/cncc/auth/admin/realms/cncc/usersExample curl command:
curl --location --request GET 'http://${cncc-iam-ingress-extrenal-ip}:${cncc-iam-ingress-service-port}/cncc/auth/admin/realms/cncc/roles' \
--header 'Authorization: Bearer <token>'Example of the Response Body
The following example shows the contents of the response body in JSON format:
[
{
"id": "fc5006e0-3927-4034-a01f-af70d779f1f8",
"name": "ADMIN",
"description": "Has access to all NF resources and can perform CRUD operations",
"composite": true,
"clientRole": false,
"containerId": "cncc"
},
{
"id": "1acd6c4a-115a-44ae-bf5f-139577f9df0a",
"name": "POLICY_WRITE",
"description": "Has access to only POLICY resources and can perform CRUD operation on Managed Objects of POLICY.",
"composite": true,
"clientRole": false,
"containerId": "cncc"
},
...]Table 6-15 Supported Response Codes
| Code | Description |
|---|---|
| 200 OK | Get realm-level role mappings for a specific user id. |
| 401 Unauthorised | Missing Authentication |
| 404 Not Found | Realm not found |
| 404 Not Found | User not found |
Add Realm-level Role Mappings to the User
CNC Console uses Add Realm-level Role Mappings to the
User REST API to add realm-level role mappings to the
user.
Type:POST
URI:
POST/{realm}/users/{id}/rolemappings/realm
Table 6-16 Request Body Parameters
| Field Name | Data Type | Mandatory(M)/Optional(O)/Conditional(C) | Description |
|---|---|---|---|
| description | string | M | Description of the role |
| name | string | M | Name of the role |
| composite | boolean | M | To check if the role has another realm role mapped to it |
| clientRole | boolean | M | To check if the role has another client role mapped to it |
| containerId | string | M | ID of the container where the role is present |
| id | string | M | ID assigned to the role |
Table 6-17 Request Path Parameter
| Field Name | Data Type | Mandatory(M)/Optional(O)/Conditional(C) | Description |
|---|---|---|---|
| id | string | M | Id of the user |
Sample URI:
http://${cncc-iam-ingress-extrenal-ip}:${cncc-iam-ingress-service-port}/cncc/auth/admin/realms/cncc/users/754d6f6b-4ccb-44f1-abf1-00d717885dbe/role-mappings/realm
Example curl command:
curl --location --request POST 'http://${cncc-iam-ingress-extrenal-ip}:${cncc-iam-ingress-service-port}/cncc/auth/admin/realms/cncc/users/754d6f6b-4ccb-44f1-abf1-00d717885dbe/role-mappings/realm' \
--header 'Authorization: Bearer <token>' \
--header 'Content-Type: application/json' \
--data-raw '[
{
"id": "c47ba6c5-4cc8-4b59-96bd-2ef7e57121bd",
"name": "BSF_READ",
"description": "Has access to only BSF resources and can only perform READ Managed Objects of BSF.",
"composite": true,
"clientRole": false,
"containerId": "cncc"
}
]'Example of the Request Body
The following is the example of the request body:
[
{
"id": "c47ba6c5-4cc8-4b59-96bd-2ef7e57121bd",
"name": "BSF_READ",
"description": "Has access to only BSF resources and can only perform READ Managed Objects of BSF.",
"composite": true,
"clientRole": false,
"containerId": "cncc"
}
]Example of the Response Code
The following is the example of the response code:
204 No ContentTable 6-18 Supported Response Codes
| Code | Description |
|---|---|
| 204 No Content | Set up a newpassword for the CNCC user {Requires payload}. |
| 401 Unauthorised | Missing Authentication |
| 404 Not Found | Realm not found |
| 404 Not Found | User not found |
| 404 Not Found | Role not found |
Remove All User Sessions Associated with the User
CNC Console uses Remove All User Sessions Associated with
the User REST API to remove all user sessions associated
with the user.
Type:POST
URI:
POST /{realm}/users/{id}/logoutTable 6-19 Request Path Parameter
| Field Name | Data Type | Mandatory(M)/Optional(O)/Conditional(C) | Description |
|---|---|---|---|
| id | string | M | Id of the user |
Sample URI:
http://${cncc-iam-ingress-extrenal-ip}:${cncc-iam-ingress-service-port}/cncc/auth/admin/realms/cncc/users/48cf183c-d3e4-4917-b3e5-5e01109f534c/logoutcurl --location --request POST '${cncc-iam-ingress-extrenal-ip}:${cncc-iam-ingress-service-port}/cncc/auth/admin/realms/cncc/users/48cf183c-d3e4-4917-b3e5-5e01109f534c/logout' \
--header 'Authorization: Bearer <token>' Example of the Response Code
The following is the example of the response code:
204 No Content
Table 6-20 Supported Response Codes
| Code | Description |
|---|---|
| 204 No Content | Remove all user sessions associated with the user |
| 401 Unauthorised | Missing Authentication |
| 404 Not Found | Realm not found |
| 404 Not Found | User not found |
Get the Client details
CNC Console uses Get the Client detailsREST API to get
clients belonging to the realm.
Type: GET
URI:
GET/{realm}/clients
Sample URI:
http://${cncc-iam-ingress-extrenal-ip}:${cncc-iam-ingress-service-port}/cncc/auth/admin/realms/cncc/clientsExample curl command:
curl --location --request GET '${cncc-iam-ingress-extrenal-ip}:${cncc-iam-ingress-service-port}/cncc/auth/admin/realms/cncc/clients' \--header 'Authorization: Bearer <token>'Example of the Response Body
The following example shows the contents of the response body in JSON format:
[
{
"id": "b7fa17bd-135f-441b-a5f2-1ea4897e04fc",
"clientId": "account",
"name": "${client_account}",
"rootUrl": "${authBaseUrl}",
"baseUrl": "/realms/cncc/account/",
"surrogateAuthRequired": false,
"enabled": true,
"alwaysDisplayInConsole": false,
"clientAuthenticatorType": "client-secret",
"redirectUris": [
"/realms/cncc/account/*"
],
"webOrigins": [],
"notBefore": 0,
"bearerOnly": false,
"consentRequired": false,
"standardFlowEnabled": true,
"implicitFlowEnabled": false,
"directAccessGrantsEnabled": false,
"serviceAccountsEnabled": false,
"publicClient": false,
"frontchannelLogout": false,
"protocol": "openid-connect",
"attributes": {},
"authenticationFlowBindingOverrides": {},
"fullScopeAllowed": false,
"nodeReRegistrationTimeout": 0,
"defaultClientScopes": [
"web-origins",
"roles",
"profile",
"email"
],
"optionalClientScopes": [
"address",
"phone",
"offline_access",
"microprofile-jwt"
],
"access": {
"view": true,
"configure": true,
"manage": true
}
},Update the Client
CNC Console uses Update the Client REST API to update the
client. This API can be used to update the redirect URI.
Type:PUT
URI:
PUT/{realm}/clients/{id}Table 6-21 Request Body Parameters
| Field Name | Data Type | Mandatory(M)/Optional(O)/Conditional(C) | Description |
|---|---|---|---|
| clientId | string | M | ID given to the client which is referenced in URIs and tokens |
| rootUri | string | M | Url for redirection |
Table 6-22 Request Path Parameter
| Field Name | Data Type | Mandatory(M)/Optional(O)/Conditional(C) | Description |
|---|---|---|---|
| id | string | M | ID of the client |
Sample URI:
http://${cncc-iam-ingress-extrenal-ip}:${cncc-iam-ingress-service-port}/cncc/auth/admin/realms/cncc/users/clients/9faaa454-bbaf-4af0-91dd-2d01aa82776d
curl --location --request PUT 'http://${cncc-iam-ingress-extrenal-ip}:${cncc-iam-ingress-service-port}/cncc/auth/admin/realms/cncc/clients/9faaa454-bbaf-4af0-91dd-2d01aa82776d' \
--header 'Authorization: Bearer <token>' \
--header 'Content-Type: application/json' \
--data-raw '{
"clientId": "cncc","rootUrl": "http://10.75.241.74:8080/"
}'Example of the Request Body
The following is the example of the request body:
{
"clientId": "cncc",
"rootUrl": "http://10.75.241.74:8080/"
}Example of the Response Code
The following is the example of the response code:
204 No Content
Table 6-23 Supported Response Codes
| Code | Description |
|---|---|
| 204 No Content | Update the client.This API can beused to update Redirect URI {Requires payload}. |
| 401 Unauthorised | Missing Authentication |
| 404 Not Found | Realm not found |
| 404 Not Found | Could not find the client |