All REST Endpoints

Admin/Application
An Application is the Resource Server that hosts the protected resources. The REST endpoint is used to Create, Read, Update and Delete an Application.
Add a new Resource Server
Method: post
Path: /oam/services/rest/ssa/api/v1/oauthpolicyadmin/application
Delete a Resource Server by name or ID
Method: delete
Path: /oam/services/rest/ssa/api/v1/oauthpolicyadmin/application
Find OAuth Resource Server by name or ID
Method: get
Path: /oam/services/rest/ssa/api/v1/oauthpolicyadmin/application
Update an existing OAuth Resource Server either based on the name of the resource server or the ID of the resource server.
Method: put
Path: /oam/services/rest/ssa/api/v1/oauthpolicyadmin/application
Admin/Client
A Client is an application making protected resource requests on behalf of the resource owner and with the resource owner's authorization. The REST endpoint is used to Create, Read, Update and Delete a Client.
Add a new OAuth Client
Method: post
Path: /oam/services/rest/ssa/api/v1/oauthpolicyadmin/client
Delete a Client by name or Client Id
Method: delete
Path: /oam/services/rest/ssa/api/v1/oauthpolicyadmin/client
Find OAuth Client by name or ID
Method: get
Path: /oam/services/rest/ssa/api/v1/oauthpolicyadmin/client
Update an existing OAuth Client based on the name of the client.
Method: put
Path: /oam/services/rest/ssa/api/v1/oauthpolicyadmin/client
Admin/Client Artifact
The REST endpoint is used to import and delete a Client Certificate.
Add a client certificate under a Client
Method: post
Path: /oam/services/rest/ssa/api/v1/oauthpolicyadmin/clientartifacts
Delete the certificate under a Client
Method: delete
Path: /oam/services/rest/ssa/api/v1/oauthpolicyadmin/clientartifacts
Admin/Client Trust Certificates
The operations from the Admin/Client Trust Certificates category.
Add a new trust certificate for client authentication
Method: post
Path: /oam/services/rest/ssa/api/v1/security/trust/oauthClient/certificate
Delete an oauth client trust certificate
Method: delete
Path: /oam/services/rest/ssa/api/v1/security/trust/oauthClient/certificate
Retrieve an oauth client trust certificate
Method: get
Path: /oam/services/rest/ssa/api/v1/security/trust/oauthClient/certificate
Update a trust certificate for client authentication
Method: put
Path: /oam/services/rest/ssa/api/v1/security/trust/oauthClient/certificate
Admin/Consent Management
The REST Endpoint enables an Administrator to manage consents on User behalf. The Administrator can either view or delete user consents.
Delete User Consent's
Method: delete
Path: /oam/services/rest/consent
Find User Consent's
Method: get
Path: /oam/services/rest/consent
Admin/Identity Domain
An Identity Domain corresponds to the notion of a tenant. All clients and resource servers are created under an Identity Domain. The REST endpoint is used to Create, Read, Update and Delete and Identity Domain.
Add a new OAuth Identity Domain
Method: post
Path: /oam/services/rest/ssa/api/v1/oauthpolicyadmin/oauthidentitydomain
Delete an Identity Domain by name or ID
Method: delete
Path: /oam/services/rest/ssa/api/v1/oauthpolicyadmin/oauthidentitydomain
Find OAuth Identity Domain by name or ID
Method: get
Path: /oam/services/rest/ssa/api/v1/oauthpolicyadmin/oauthidentitydomain
Update an existing OAuth Identity Domain
Method: put
Path: /oam/services/rest/ssa/api/v1/oauthpolicyadmin/oauthidentitydomain
Admin/KeyPair Admin
The REST endpoint is used to create, read and delete a KeyPair Artifact that can be used to sign tokens.
Add a new KeyPair
Method: post
Path: /oam/services/rest/ssa/api/v1/keypairadmin/keypair
Delete a KeyPair based on the Alias Name
Method: delete
Path: /oam/services/rest/ssa/api/v1/keypairadmin/keypair
Get a KeyPair or list of KeyPairs
Method: get
Path: /oam/services/rest/ssa/api/v1/keypairadmin/keypair
Admin/Revoke Tokens
This Rest endpoint enables Administrators to revoke all OAuth Tokens for a particular User or all tokens for a User and Client+ResourceServer combination. Admin can also revoke all tokens issued before a specific timestamp.
Revoke tokens for a user
Method: post
Path: /oam/services/rest/consent/revoke
Admin/Template
Admin Template related REST API Support
Creates new template with given details for the entire system.
Method: post
Path: /oam/services/rest/ssa/api/v1/template/{name}
Deletes template with specified template name.
Method: delete
Path: /oam/services/rest/ssa/api/v1/template/{name}
Displays template with specified template name.
Method: get
Path: /oam/services/rest/ssa/api/v1/template/{name}
Update an existing Template based on the name of the template.
Method: put
Path: /oam/services/rest/ssa/api/v1/template/{name}
Admin/Trust Artifact
The REST endpoint is used to import and delete a certificate from the trust store under an Identity Domain.
Add a new trust artifact under an Identity Domain
Method: post
Path: /oam/services/rest/ssa/api/v1/oauthpolicyadmin/trustartifacts
Delete a Trust Artifact under an IdentityDomain based on the Artifact Identifier
Method: delete
Path: /oam/services/rest/ssa/api/v1/oauthpolicyadmin/trustartifacts
Admin/mTLS Endpoint Configuration
The operations from the Admin/mTLS Endpoint Configuration category.
Create mTLS end point alias
Method: post
Path: /oam/services/rest/ssa/api/v1/hostalias/mtls
delete mTLS end point alias
Method: delete
Path: /oam/services/rest/ssa/api/v1/hostalias/mtls
Read mTLS end point alias
Method: get
Path: /oam/services/rest/ssa/api/v1/hostalias/mtls
Update mTLS end point alias
Method: put
Path: /oam/services/rest/ssa/api/v1/hostalias/mtls
Runtime/Consent Management
The REST Endpoint enables an End User to manage OAuth consents. End User can either view or delete their consents. The REST Endpoint on Runtime Server are protected with OAM SSO. Thus once the user has successfully Signed In, then only the REST API will be accessible.
Delete User Consent's
Method: delete
Path: /oauth2/rest/consent
Find User Consent's
Method: get
Path: /oauth2/rest/consent
Runtime/Create Token
The REST end point is used to create an Access Token.The same end point is used for ClientCredentials Flow, Resource Owner Password Credential Flow, JWT Bearer Flow and Authorization Code Flow.
Create Access Token Flow
Method: post
Path: /oauth2/rest/token
Runtime/Dynamic Client Registration
REST endpoints for Dyanamic Client Registration/Management
Client can retrieve it's details using access token acquired through authorization flow
Method: get
Path: /oauth2/rest/dcr/client
Get the Initial access token which can be used for registration of OAuth client using DCR flow
Method: get
Path: /oauth2/rest/dcr/token
Register the client using registration token acquired for given domain
Method: post
Path: /oauth2/rest/dcr/client
Runtime/Introspect Token
The REST endpoint used introspect Oauth tokens.
Introspect OAuth tokens
Method: post
Path: /oauth2/rest/token/introspect
Runtime/Revoke Token
This REST end point can be used to revoke an access or a refresh token generated via three legged OAuth flow (Authorization Code Flow). It can also revoke the associated consent or grant by giving additional optional parameters.
Revokes given access/refresh token.
Method: post
Path: /oauth2/rest/token/revoke
Runtime/Security
The REST endpoint used to fetch public certificate of a given Identity domain.
Fetch the public certificate of a given Identity Domain
Method: get
Path: /oauth2/rest/security
Runtime/UserInfo
The REST end point to retrieve User Details for OIDC flows.
UserInfo details for OIDC flows
Method: get
Path: /oauth2/rest/userinfo
Runtime/Validate Token
The REST end point is used to validate an Access Token.
Validate Access Token Flow
Method: get
Path: /oauth2/rest/token/info