All REST Endpoints
Admin/Application
An Application is the Resource Server that hosts the protected resources. The REST endpoint is used to Create, Read, Update and Delete an Application.
- Add a new Resource Server
- Method: postPath:
/oam/services/rest/ssa/api/v1/oauthpolicyadmin/application
- Delete a Resource Server by name or ID
- Method: deletePath:
/oam/services/rest/ssa/api/v1/oauthpolicyadmin/application
- Find OAuth Resource Server by name or ID
- Method: getPath:
/oam/services/rest/ssa/api/v1/oauthpolicyadmin/application
- Update an existing OAuth Resource Server either based on the name of the resource server or the ID of the resource server.
- Method: putPath:
/oam/services/rest/ssa/api/v1/oauthpolicyadmin/application
Admin/Client
A Client is an application making protected resource requests on behalf of the resource owner and with the resource owner's authorization. The REST endpoint is used to Create, Read, Update and Delete a Client.
- Add a new OAuth Client
- Method: postPath:
/oam/services/rest/ssa/api/v1/oauthpolicyadmin/client
- Delete a Client by name or Client Id
- Method: deletePath:
/oam/services/rest/ssa/api/v1/oauthpolicyadmin/client
- Find OAuth Client by name or ID
- Method: getPath:
/oam/services/rest/ssa/api/v1/oauthpolicyadmin/client
- Update an existing OAuth Client based on the name of the client.
- Method: putPath:
/oam/services/rest/ssa/api/v1/oauthpolicyadmin/client
Admin/Client Artifact
The REST endpoint is used to import and delete a Client Certificate.
- Add a client certificate under a Client
- Method: postPath:
/oam/services/rest/ssa/api/v1/oauthpolicyadmin/clientartifacts
- Delete the certificate under a Client
- Method: deletePath:
/oam/services/rest/ssa/api/v1/oauthpolicyadmin/clientartifacts
Admin/Client Trust Certificates
The operations from the Admin/Client Trust Certificates category.
- Add a new trust certificate for client authentication
- Method: postPath:
/oam/services/rest/ssa/api/v1/security/trust/oauthClient/certificate
- Delete an oauth client trust certificate
- Method: deletePath:
/oam/services/rest/ssa/api/v1/security/trust/oauthClient/certificate
- Retrieve an oauth client trust certificate
- Method: getPath:
/oam/services/rest/ssa/api/v1/security/trust/oauthClient/certificate
- Update a trust certificate for client authentication
- Method: putPath:
/oam/services/rest/ssa/api/v1/security/trust/oauthClient/certificate
Admin/Consent Management
The REST Endpoint enables an Administrator to manage consents on User behalf. The Administrator can either view or delete user consents.
- Delete User Consent's
- Method: deletePath:
/oam/services/rest/consent
- Find User Consent's
- Method: getPath:
/oam/services/rest/consent
Admin/Identity Domain
An Identity Domain corresponds to the notion of a tenant. All clients and resource servers are created under an Identity Domain. The REST endpoint is used to Create, Read, Update and Delete and Identity Domain.
- Add a new OAuth Identity Domain
- Method: postPath:
/oam/services/rest/ssa/api/v1/oauthpolicyadmin/oauthidentitydomain
- Delete an Identity Domain by name or ID
- Method: deletePath:
/oam/services/rest/ssa/api/v1/oauthpolicyadmin/oauthidentitydomain
- Find OAuth Identity Domain by name or ID
- Method: getPath:
/oam/services/rest/ssa/api/v1/oauthpolicyadmin/oauthidentitydomain
- Update an existing OAuth Identity Domain
- Method: putPath:
/oam/services/rest/ssa/api/v1/oauthpolicyadmin/oauthidentitydomain
Admin/KeyPair Admin
The REST endpoint is used to create, read and delete a KeyPair Artifact that can be used to sign tokens.
- Add a new KeyPair
- Method: postPath:
/oam/services/rest/ssa/api/v1/keypairadmin/keypair
- Delete a KeyPair based on the Alias Name
- Method: deletePath:
/oam/services/rest/ssa/api/v1/keypairadmin/keypair
- Get a KeyPair or list of KeyPairs
- Method: getPath:
/oam/services/rest/ssa/api/v1/keypairadmin/keypair
Admin/Revoke Tokens
This Rest endpoint enables Administrators to revoke all OAuth Tokens for a particular User or all tokens for a User and Client+ResourceServer combination. Admin can also revoke all tokens issued before a specific timestamp.
- Revoke tokens for a user
- Method: postPath:
/oam/services/rest/consent/revoke
Admin/Template
Admin Template related REST API Support
- Creates new template with given details for the entire system.
- Method: postPath:
/oam/services/rest/ssa/api/v1/template/{name}
- Deletes template with specified template name.
- Method: deletePath:
/oam/services/rest/ssa/api/v1/template/{name}
- Displays template with specified template name.
- Method: getPath:
/oam/services/rest/ssa/api/v1/template/{name}
- Update an existing Template based on the name of the template.
- Method: putPath:
/oam/services/rest/ssa/api/v1/template/{name}
Admin/Trust Artifact
The REST endpoint is used to import and delete a certificate from the trust store under an Identity Domain.
- Add a new trust artifact under an Identity Domain
- Method: postPath:
/oam/services/rest/ssa/api/v1/oauthpolicyadmin/trustartifacts
- Delete a Trust Artifact under an IdentityDomain based on the Artifact Identifier
- Method: deletePath:
/oam/services/rest/ssa/api/v1/oauthpolicyadmin/trustartifacts
Admin/mTLS Endpoint Configuration
The operations from the Admin/mTLS Endpoint Configuration category.
- Create mTLS end point alias
- Method: postPath:
/oam/services/rest/ssa/api/v1/hostalias/mtls
- delete mTLS end point alias
- Method: deletePath:
/oam/services/rest/ssa/api/v1/hostalias/mtls
- Read mTLS end point alias
- Method: getPath:
/oam/services/rest/ssa/api/v1/hostalias/mtls
- Update mTLS end point alias
- Method: putPath:
/oam/services/rest/ssa/api/v1/hostalias/mtls
Runtime/Consent Management
The REST Endpoint enables an End User to manage OAuth consents. End User can either view or delete their consents. The REST Endpoint on Runtime Server are protected with OAM SSO. Thus once the user has successfully Signed In, then only the REST API will be accessible.
- Delete User Consent's
- Method: deletePath:
/oauth2/rest/consent
- Find User Consent's
- Method: getPath:
/oauth2/rest/consent
Runtime/Create Token
The REST end point is used to create an Access Token.The same end point is used for ClientCredentials Flow, Resource Owner Password Credential Flow, JWT Bearer Flow and Authorization Code Flow.
- Create Access Token Flow
- Method: postPath:
/oauth2/rest/token
Runtime/Dynamic Client Registration
REST endpoints for Dyanamic Client Registration/Management
- Client can retrieve it's details using access token acquired through authorization flow
- Method: getPath:
/oauth2/rest/dcr/client
- Get the Initial access token which can be used for registration of OAuth client using DCR flow
- Method: getPath:
/oauth2/rest/dcr/token
- Register the client using registration token acquired for given domain
- Method: postPath:
/oauth2/rest/dcr/client
Runtime/Introspect Token
The REST endpoint used introspect Oauth tokens.
- Introspect OAuth tokens
- Method: postPath:
/oauth2/rest/token/introspect
Runtime/Revoke Token
This REST end point can be used to revoke an access or a refresh token generated via three legged OAuth flow (Authorization Code Flow). It can also revoke the associated consent or grant by giving additional optional parameters.
- Revokes given access/refresh token.
- Method: postPath:
/oauth2/rest/token/revoke
Runtime/Security
The REST endpoint used to fetch public certificate of a given Identity domain.
- Fetch the public certificate of a given Identity Domain
- Method: getPath:
/oauth2/rest/security
Runtime/UserInfo
The REST end point to retrieve User Details for OIDC flows.
- UserInfo details for OIDC flows
- Method: getPath:
/oauth2/rest/userinfo
Runtime/Validate Token
The REST end point is used to validate an Access Token.
- Validate Access Token Flow
- Method: getPath:
/oauth2/rest/token/info