Download OpenAPI specification:Download
With Identity and Access Management (IAM) you can ensure that only users with the right identity credentials can access specified data, resources, or product areas.
Key Features
Key Benefits
Retrieves all access controls available for the tenant. The results can be filtered by using query parameters. You can expand the result by resolving the role and resource references.
iam.access_read
The request was successful. A list of access controls is returned.
Unsupported language provided.
Given request is unauthorized - the authorization token is invalid or has expired. It usually means that tenant from the token does not match tenant from path.
Scope validation failed, details will be provided in response message
[- {
- "id": "I981dc9e-a3f6-4573-bb01-a8ae21d2d4ae",
- "roleId": "Z843dc9e-a3f6-4573-bb01-a8ae21d2d4ae",
- "resourceId": "S843dc9e-a3f6-4573-bb01-a8ae21d2d4ae",
- "name": {
- "en": "Example name",
- "de": "Beispielname"
}, - "role": {
- "id": "Z843dc9e-a3f6-4573-bb01-a8ae21d2d4ae",
- "name": {
- "en": "Example name",
- "de": "Beispielname"
}, - "description": {
- "en": "Example role description",
- "de": "Beispiel Berechtigungsbeschreibung"
}, - "permissions": [
- {
- "id": "F243dc9e-a3f6-4573-bb01-a8ae21d2d4ae",
- "applicablePermissionResources": [
- "Q1233dc9e-a3f6-4573-bb01-a8ae21d2d43g"
]
}, - {
- "id": "F343dc9e-a3f6-4573-bb01-a8ae21d2d4ae"
}
], - "metadata": {
- "version": 1,
- "createdAt": "2022-01-04 10:44:51.871Z",
- "modifiedAt": "2022-01-05 12:44:51.456Z"
}
}, - "resource": {
- "id": "S843dc9e-a3f6-4573-bb01-a8ae21d2d4ae",
- "name": {
- "en": "Example name",
- "de": "Beispielname"
}, - "description": {
- "en": "Example resource description",
- "de": "Beispiel Domainbeschreibung 2"
}, - "code": "serviceName.resource",
- "metadata": {
- "version": 1,
- "createdAt": "2022-01-04 10:44:51.871Z",
- "modifiedAt": "2022-01-05 12:44:51.456Z"
}
}, - "metadata": {
- "version": 1,
- "createdAt": "2019-08-24T14:15:22Z",
- "modifiedAt": "2019-08-24T14:15:22Z"
}
}, - {
- "id": "PO43dc9e-a3f6-4573-bb01-a8ae21d2d4ae",
- "roleId": "Rvsf43dc9e-a3f6-4573-bb01-a8ae21d2d4ae",
- "resourceId": "L343dc9e-a3f6-4573-bb01-a8ae21d2d4ae",
- "name": {
- "en": "Example name 2",
- "de": "Beispielname 2"
}, - "role": {
- "id": "Rvsf43dc9e-a3f6-4573-bb01-a8ae21d2d4ae",
- "name": {
- "en": "Example name 2",
- "de": "Beispielname 2"
}, - "description": {
- "en": "Example role description 2",
- "de": "Beispiel Berechtigungsbeschreibung 2"
}, - "permissions": [
- {
- "id": "M243dc9e-a3f6-4573-bb01-a8ae21d2d4ae",
- "applicablePermissionResources": [
- "N943dc9e-a3f6-4573-bb01-a8ae21d2d43g"
]
}, - {
- "id": "Z243dc9e-a3f6-4573-bb01-a8ae21d2d4ae"
}
], - "metadata": {
- "version": 1,
- "createdAt": "2022-01-04 10:44:51.871Z",
- "modifiedAt": "2022-01-05 12:44:51.456Z"
}
}, - "resource": {
- "id": "L343dc9e-a3f6-4573-bb01-a8ae21d2d4ae",
- "name": {
- "en": "Example name 2",
- "de": "Beispielname 2"
}, - "description": {
- "en": "Example resource description 2",
- "de": "Beispiel Domainbeschreibung 2"
}, - "code": "serviceName.resource",
- "metadata": {
- "version": 1,
- "createdAt": "2022-01-04 10:44:51.871Z",
- "modifiedAt": "2022-01-05 12:44:51.456Z"
}
}, - "metadata": {
- "version": 1,
- "createdAt": "2019-08-24T14:15:22Z",
- "modifiedAt": "2019-08-24T14:15:22Z"
}
}
]
Retrieves details of a specified access control. You can expand the result by resolving the role and resource references.
iam.access_read
The request was successful. Access control details are returned.
Unsupported language provided.
Given request is unauthorized - the authorization token is invalid or has expired. It usually means that tenant from the token does not match tenant from path.
Scope validation failed, details will be provided in response message
Given resources cannot be found.
{- "id": "I981dc9e-a3f6-4573-bb01-a8ae21d2d4ae",
- "roleId": "Z843dc9e-a3f6-4573-bb01-a8ae21d2d4ae",
- "resourceId": "S843dc9e-a3f6-4573-bb01-a8ae21d2d4ae",
- "name": {
- "en": "Example name",
- "de": "Beispielname"
}, - "role": {
- "id": "Z843dc9e-a3f6-4573-bb01-a8ae21d2d4ae",
- "name": {
- "en": "Example name",
- "de": "Beispielname"
}, - "description": {
- "en": "Example role description",
- "de": "Beispiel Berechtigungsbeschreibung"
}, - "permissions": [
- {
- "id": "F243dc9e-a3f6-4573-bb01-a8ae21d2d4ae",
- "applicablePermissionResources": [
- "Q1233dc9e-a3f6-4573-bb01-a8ae21d2d43g"
]
}, - {
- "id": "F343dc9e-a3f6-4573-bb01-a8ae21d2d4ae"
}
], - "metadata": {
- "version": 1,
- "createdAt": "2022-01-04 10:44:51.871Z",
- "modifiedAt": "2022-01-05 12:44:51.456Z"
}
}, - "resource": {
- "id": "S843dc9e-a3f6-4573-bb01-a8ae21d2d4ae",
- "name": {
- "en": "Example name",
- "de": "Beispielname"
}, - "description": {
- "en": "Example resource description",
- "de": "Beispiel Domainbeschreibung 2"
}, - "code": "serviceName.resource",
- "metadata": {
- "version": 1,
- "createdAt": "2022-01-04 10:44:51.871Z",
- "modifiedAt": "2022-01-05 12:44:51.456Z"
}
}, - "scopes": [
- "resource.resource_permission"
], - "metadata": {
- "version": 1,
- "createdAt": "2019-08-24T14:15:22Z",
- "modifiedAt": "2019-08-24T14:15:22Z"
}
}
Assigns a user to a specified group. The user will gain all access controls (scopes) specified for this group.
iam.assignment_create_own
scope allows customer to assign a user to a specified group only if the user is assigned to the same company.
iam.assignment_manage
iam.assignment_create_own
The request was successful. The user has been added to the group.
Request was syntactically incorrect.
Given request is unauthorized - the authorization token is invalid or has expired. It usually means that tenant from the token does not match tenant from path.
Scope validation failed, details will be provided in response message
Given resources cannot be found.
{- "userId": "f543dc9e-a3f6-4573-bb01-a8ae21d2d4ae",
- "userType": "CUSTOMER"
}
{- "id": "e243dc9e-a3f6-4573-bb01-a8ae21d2d4ae"
}
Removes all users from a specified group.
iam.assignment_manage
The request was successful. All users have been deleted from the group.
Given request is unauthorized - the authorization token is invalid or has expired. It usually means that tenant from the token does not match tenant from path.
Scope validation failed, details will be provided in response message
{- "fault": {
- "faultstring": "Invalid Access Token",
- "detail": {
- "errorcode": "keymanagement.service.invalid_access_token"
}
}
}
Creates user's assignment to a specified group. The user gains all access controls (scopes) specified for this group. In case the assignment already exists, nothing happens as the type of assignment cannot be changed.
iam.assignment_manage
The request was successful. The user has been added to the group.
The request was successful. The user assignment already exists and has not been changed.
Request was syntactically incorrect.
Given request is unauthorized - the authorization token is invalid or has expired. It usually means that tenant from the token does not match tenant from path.
Scope validation failed, details will be provided in response message
Given resources cannot be found.
{- "id": "e243dc9e-a3f6-4573-bb01-a8ae21d2d4ae"
}
Removes a specified user from a specified group.
iam.assignment_delete_own
scope allows customer to remove user from a specified group only if the user is assigned to the same company.
iam.assignment_manage
iam.assignment_delete_own
The request was successful. The user has been removed from the group.
Given request is unauthorized - the authorization token is invalid or has expired. It usually means that tenant from the token does not match tenant from path.
Scope validation failed, details will be provided in response message
{- "fault": {
- "faultstring": "Invalid Access Token",
- "detail": {
- "errorcode": "keymanagement.service.invalid_access_token"
}
}
}
Removes a specified user from all groups.
iam.assignment_manage
The request was successful. The user has been removed from all groups.
Given request is unauthorized - the authorization token is invalid or has expired. It usually means that tenant from the token does not match tenant from path.
Permission denied due to insufficient rights. This may happen when request does not contain sufficient scopes for given query values.
{- "fault": {
- "faultstring": "Invalid Access Token",
- "detail": {
- "errorcode": "keymanagement.service.invalid_access_token"
}
}
}
Retrieves all groups of the tenant. You can filter the results by using query parameters.
iam.group_read_own
scope allows customers to retrieve only groups of CUSTOMER
type.
iam.group_read
iam.group_read_own
The request was successful. A list of groups is returned.
Unsupported language provided.
Given request is unauthorized - the authorization token is invalid or has expired. It usually means that tenant from the token does not match tenant from path.
Scope validation failed, details will be provided in response message
[- {
- "id": "1gr5e52e-6e27-4ac5-9471-2467d3fb7500",
- "name": {
- "en": "Customers",
- "de": "Kunden"
}, - "description": {
- "en": "Storefront users group",
- "de": "Storefront-Benutzergruppe"
}, - "accessControls": [
- "2ac869fc-d548-4ec8-8e06-c01491314124",
- "2ac869fc-d548-4ec8-8e06-c01491314143",
- "2ac869fc-d548-4ec8-8e06-c01491314144"
], - "templates": [
- "2ac869fc-d548-4ec8-8e06-c01491314144"
], - "code": "CUSTOMER",
- "userType": "CUSTOMER",
- "b2b": {
- "legalEntityId": "0149b1314144a01491314z128"
}, - "metadata": {
- "version": 1,
- "createdAt": "2022-07-06T16:05:37.673Z",
- "modifiedAt": "2022-07-06T16:05:37.673Z"
}
}, - {
- "id": "1gr5e52e-6e27-4ac5-9471-2467d3fb7501",
- "name": {
- "en": "Backoffice users",
- "de": "Backoffice Nutzer"
}, - "description": {
- "en": "Backoffice users",
- "de": "Backoffice Nutzer"
}, - "accessControls": [
- "4ac869fc-d548-4ec8-8e06-c01491314102",
- "4ac869fc-d548-4ec8-8e06-c01491314119"
], - "templates": [
- "2ac869fc-d548-4ec8-8e06-c01491314144"
], - "code": "BO_USER",
- "userType": "EMPLOYEE",
- "b2b": {
- "legalEntityId": "0149b1314144a01491314z128"
}, - "metadata": {
- "version": 1,
- "createdAt": "2022-07-06T16:05:38.119Z",
- "modifiedAt": "2022-07-06T16:05:38.119Z"
}
}
]
Creates a new group. When a group is created, you can assign particular users to it. Based on the group's access controls list, you can grant members specific system access.
iam.group_manage
The request was successful. The group has been created.
Unsupported content language provided.
Given request is unauthorized - the authorization token is invalid or has expired. It usually means that tenant from the token does not match tenant from path.
Permission denied due to insufficient rights. This may happen when request does not contain sufficient scopes for given query values.
Resource with given id already exists
{- "name": {
- "en": "Example group name",
- "de": "Beispielname"
}, - "description": {
- "en": "Example group description",
- "de": "Beispiel Gruppenbeschreibung"
}, - "accessControls": [
- "f543dc9e-a3f6-4573-bb01-a8ae21d2d4ae",
- "r243dc9e-a3f6-4573-zz01-a8ae21d2d4ae"
], - "templates": [
- "2ac869fc-d548-4ec8-8e06-c01491314144"
], - "b2b": {
- "legalEntityId": "0149b1314144a01491314z128"
}, - "userType": "CUSTOMER"
}
{- "id": "e243dc9e-a3f6-4573-bb01-a8ae21d2d4ae"
}
Retrieves a specified group's details.
iam.group_read
The request was successful. Group details are returned.
Unsupported language provided.
Given request is unauthorized - the authorization token is invalid or has expired. It usually means that tenant from the token does not match tenant from path.
Scope validation failed, details will be provided in response message
Given resources cannot be found.
{- "id": "Z843dc9e-a3f6-4573-bb01-a8ae21d2d4ae",
- "name": {
- "en": "Example name",
- "de": "Beispielname"
}, - "description": {
- "en": "Example group description",
- "de": "Beispiel Berechtigungsbeschreibung"
}, - "accessControls": [
- "f543dc9e-a3f6-4573-bb01-a8ae21d2d4ae",
- "r243dc9e-a3f6-4573-zz01-a8ae21d2d4ae"
], - "b2b": {
- "legalEntityId": "0149b1314144a01491314z128"
}, - "mixins": { },
- "metadata": {
- "version": 1,
- "createdAt": "2022-01-04 10:44:51.871Z",
- "modifiedAt": "2022-01-05 12:44:51.456Z"
}
}
Deletes a specified group.
Important: If you want to delete a group that has users assigned to it, you need to set the forceDelete
query parameter to true
. In this case, all user group assignments will be deleted as well. The force flag requires the iam.assignment_manage
scope.
iam.group_manage
iam.assignment_manage
if forceDelete is used
Note: The iam.assignment_manage
scope is only required if you want to delete a group that has users assigned to it.The request was successful. The group has been deleted.
Bad Request
Given request is unauthorized - the authorization token is invalid or has expired. It usually means that tenant from the token does not match tenant from path.
Scope validation failed, details will be provided in response message
{- "resourceId": "12fa14fas-753vs-naoirfau3123",
- "code": 404,
- "status": "Bad Request",
- "message": "Constraint validation failed",
- "details": [
- "Could not delete a group with assigned users. Please use the 'forceDelete' query param with token containing the `iam.assignment_manage` scope to delete the group and group assignments or clean up the group assignments first."
]
}
Updates a user group, or creates a new one if a group with a specified if doesn't exist yet. If you provide the metadata.version
, the optimistic locking is enabled and version is validated.
iam.group_manage
The request was successful. The group has been created.
The request was successful. The group has been updated.
Unsupported language provided.
Given request is unauthorized - the authorization token is invalid or has expired. It usually means that tenant from the token does not match tenant from path.
Permission denied due to insufficient rights. This may happen when request does not contain sufficient scopes for given query values.
{- "name": {
- "en": "Example group name",
- "de": "Beispielname"
}, - "description": {
- "en": "Example group description",
- "de": "Beispiel Gruppenbeschreibung"
}, - "accessControls": [
- "f543dc9e-a3f6-4573-bb01-a8ae21d2d4ae",
- "r243dc9e-a3f6-4573-zz01-a8ae21d2d4ae"
], - "templates": [
- "2ac869fc-d548-4ec8-8e06-c01491314144"
], - "b2b": {
- "legalEntityId": "0149b1314144a01491314z128"
}, - "userType": "CUSTOMER",
- "metadata": {
- "version": 1
}
}
{- "id": "e243dc9e-a3f6-4573-bb01-a8ae21d2d4ae"
}
Retrieves all access controls assigned to a specified group. Based on that list all users assigned to this group will receive specific system access. You can expand the result by resolving the role and resource references.
iam.access_read
The request was successful. A list of group access controls is returned.
Unsupported language provided.
Given request is unauthorized - the authorization token is invalid or has expired. It usually means that tenant from the token does not match tenant from path.
Scope validation failed, details will be provided in response message
Given resources cannot be found.
[- {
- "id": "I981dc9e-a3f6-4573-bb01-a8ae21d2d4ae",
- "roleId": "Z843dc9e-a3f6-4573-bb01-a8ae21d2d4ae",
- "resourceId": "S843dc9e-a3f6-4573-bb01-a8ae21d2d4ae",
- "name": {
- "en": "Example name",
- "de": "Beispielname"
}, - "role": {
- "id": "Z843dc9e-a3f6-4573-bb01-a8ae21d2d4ae",
- "name": {
- "en": "Example name",
- "de": "Beispielname"
}, - "description": {
- "en": "Example role description",
- "de": "Beispiel Berechtigungsbeschreibung"
}, - "permissions": [
- {
- "id": "F243dc9e-a3f6-4573-bb01-a8ae21d2d4ae",
- "applicablePermissionResources": [
- "Q1233dc9e-a3f6-4573-bb01-a8ae21d2d43g"
]
}, - {
- "id": "F343dc9e-a3f6-4573-bb01-a8ae21d2d4ae"
}
], - "metadata": {
- "version": 1,
- "createdAt": "2022-01-04 10:44:51.871Z",
- "modifiedAt": "2022-01-05 12:44:51.456Z"
}
}, - "resource": {
- "id": "S843dc9e-a3f6-4573-bb01-a8ae21d2d4ae",
- "name": {
- "en": "Example name",
- "de": "Beispielname"
}, - "description": {
- "en": "Example resource description",
- "de": "Beispiel Domainbeschreibung 2"
}, - "code": "serviceName.resource",
- "metadata": {
- "version": 1,
- "createdAt": "2022-01-04 10:44:51.871Z",
- "modifiedAt": "2022-01-05 12:44:51.456Z"
}
}, - "metadata": {
- "version": 1,
- "createdAt": "2019-08-24T14:15:22Z",
- "modifiedAt": "2019-08-24T14:15:22Z"
}
}, - {
- "id": "PO43dc9e-a3f6-4573-bb01-a8ae21d2d4ae",
- "roleId": "Rvsf43dc9e-a3f6-4573-bb01-a8ae21d2d4ae",
- "resourceId": "L343dc9e-a3f6-4573-bb01-a8ae21d2d4ae",
- "name": {
- "en": "Example name 2",
- "de": "Beispielname 2"
}, - "role": {
- "id": "Rvsf43dc9e-a3f6-4573-bb01-a8ae21d2d4ae",
- "name": {
- "en": "Example name 2",
- "de": "Beispielname 2"
}, - "description": {
- "en": "Example role description 2",
- "de": "Beispiel Berechtigungsbeschreibung 2"
}, - "permissions": [
- {
- "id": "M243dc9e-a3f6-4573-bb01-a8ae21d2d4ae",
- "applicablePermissionResources": [
- "N943dc9e-a3f6-4573-bb01-a8ae21d2d43g"
]
}, - {
- "id": "Z243dc9e-a3f6-4573-bb01-a8ae21d2d4ae"
}
], - "metadata": {
- "version": 1,
- "createdAt": "2022-01-04 10:44:51.871Z",
- "modifiedAt": "2022-01-05 12:44:51.456Z"
}
}, - "resource": {
- "id": "L343dc9e-a3f6-4573-bb01-a8ae21d2d4ae",
- "name": {
- "en": "Example name 2",
- "de": "Beispielname 2"
}, - "description": {
- "en": "Example resource description 2",
- "de": "Beispiel Domainbeschreibung 2"
}, - "code": "serviceName.resource",
- "metadata": {
- "version": 1,
- "createdAt": "2022-01-04 10:44:51.871Z",
- "modifiedAt": "2022-01-05 12:44:51.456Z"
}
}, - "metadata": {
- "version": 1,
- "createdAt": "2019-08-24T14:15:22Z",
- "modifiedAt": "2019-08-24T14:15:22Z"
}
}
]
Retrieves users assignments for a specified group.
iam.user_read_own
scope allows customer to retrieve only users assignments from a specified group but only from the same company assignment
iam.user_read
iam.user_read_own
The request was successful. A list of user IDs is returned.
Unsupported language provided.
Given request is unauthorized - the authorization token is invalid or has expired. It usually means that tenant from the token does not match tenant from path.
Scope validation failed, details will be provided in response message
Given resources cannot be found.
[- {
- "id": "665776bc-d548-4ec8-8e06-c01491311176",
- "groupId": "1gr5e52e-6e27-4ac5-9471-2467d3fb7504",
- "userId": "00u194ip48TiObqQW417",
- "userType": "CUSTOMER"
}, - {
- "id": "665776bc-d548-4ec8-8e06-c01491311177",
- "groupId": "1gr5e52e-6e27-4ac5-9471-2467d3fb7502",
- "userId": "00u194ip48TiObqQW411",
- "userType": "CUSTOMER"
}
]
Retrieves all permissions available for the tenant. You can filter the results by using query parameters.
iam.permission_read
The request was successful. A list of permissions is returned.
Unsupported language provided.
Given request is unauthorized - the authorization token is invalid or has expired. It usually means that tenant from the token does not match tenant from path.
Scope validation failed, details will be provided in response message
[- {
- "id": "Z843dc9e-a3f6-4573-bb01-a8ae21d2d4ae",
- "name": {
- "en": "Example name",
- "de": "Beispielname"
}, - "description": {
- "en": "Example permission description",
- "de": "Beispiel Berechtigungsbeschreibung"
}, - "applicableResources": [
- "SQ43dc9e-a3f6-4573-bb01-a8ae21d2d4ca",
- "RE43dc9e-a3f6-4573-bb01-a8ae21d2d4g1"
], - "code": "read",
- "metadata": {
- "version": 1,
- "createdAt": "2022-01-04 10:44:51.871Z",
- "modifiedAt": "2022-01-05 12:44:51.456Z"
}
}
]
Retrieves details of a specified permission.
iam.permission_read
The request was successful. Permission details are returned.
Unsupported language provided.
Given request is unauthorized - the authorization token is invalid or has expired. It usually means that tenant from the token does not match tenant from path.
Scope validation failed, details will be provided in response message
Given resources cannot be found.
{- "id": "Z843dc9e-a3f6-4573-bb01-a8ae21d2d4ae",
- "name": {
- "en": "Example name",
- "de": "Beispielname"
}, - "description": {
- "en": "Example permission description",
- "de": "Beispiel Berechtigungsbeschreibung"
}, - "applicableResources": [
- "SQ43dc9e-a3f6-4573-bb01-a8ae21d2d4ca",
- "RE43dc9e-a3f6-4573-bb01-a8ae21d2d4g1"
], - "code": "read",
- "metadata": {
- "version": 1,
- "createdAt": "2022-01-04 10:44:51.871Z",
- "modifiedAt": "2022-01-05 12:44:51.456Z"
}
}
Retrieves all resources of a given tenant. You can filter the results by using query parameters.
iam.resource_read
The request was successful. A list of resources is returned.
Request was syntactically incorrect. Details will be provided in the response payload
Given request is unauthorized - the authorization token is invalid or has expired. It usually means that tenant from the token does not match tenant from path.
Scope validation failed, details will be provided in response message
[- {
- "id": "Z843dc9e-a3f6-4573-bb01-a8ae21d2d4af",
- "name": {
- "en": "Example name",
- "de": "Beispielname"
}, - "description": {
- "en": "Example resource description",
- "de": "Beispiel Berechtigungsbeschreibung"
}, - "code": "serviceName.resource",
- "metadata": {
- "version": 1,
- "createdAt": "2022-01-04 10:44:51.871Z",
- "modifiedAt": "2022-01-05 12:44:51.456Z"
}
}
]
Retrieves details of a specified resource.
iam.resource_read
The request was successful. Resource details are returned.
Unsupported language provided.
Given request is unauthorized - the authorization token is invalid or has expired. It usually means that tenant from the token does not match tenant from path.
Scope validation failed, details will be provided in response message
Given resources cannot be found.
{- "id": "Z843dc9e-a3f6-4573-bb01-a8ae21d2d4af",
- "name": {
- "en": "Example name",
- "de": "Beispielname"
}, - "description": {
- "en": "Example resource description",
- "de": "Beispiel Berechtigungsbeschreibung"
}, - "code": "serviceName.resource",
- "metadata": {
- "version": 1,
- "createdAt": "2022-01-04 10:44:51.871Z",
- "modifiedAt": "2022-01-05 12:44:51.456Z"
}
}
Retrieves all roles available for a specific tenant. You can filter the results by using query parameters.
Each role contains a permissions
list, and each permission is combined with the applicablePermissionResources
field. This field allows you to whitelist resources that the permission is applicable to. The field can only contain resources specified in the permission document under applicableResources
.
iam.role_read
The request was successful. A list of roles is returned.
Unsupported language provided.
Given request is unauthorized - the authorization token is invalid or has expired. It usually means that tenant from the token does not match tenant from path.
Scope validation failed, details will be provided in response message
[- {
- "id": "Z843dc9e-a3f6-4573-bb01-a8ae21d2d4ae",
- "name": {
- "en": "Example name",
- "de": "Beispielname"
}, - "description": {
- "en": "Example role description",
- "de": "Beispiel Berechtigungsbeschreibung"
}, - "permissions": [
- {
- "id": "R143dc9e-a3f6-4573-bb01-a8ae21d2d4ae",
- "applicablePermissionResources": [
- "Z243dc9e-a3f6-4573-bb01-a8ae21d2d43g"
]
}, - {
- "id": "Z243dc9e-a3f6-4573-bb01-a8ae21d2d4ae"
}
], - "metadata": {
- "version": 1,
- "createdAt": "2022-01-04 10:44:51.871Z",
- "modifiedAt": "2022-01-05 12:44:51.456Z"
}
}
]
Retrieves details of a specified role.
iam.role_read
The request was successful. Role details are returned.
Unsupported language provided.
Given request is unauthorized - the authorization token is invalid or has expired. It usually means that tenant from the token does not match tenant from path.
Scope validation failed, details will be provided in response message
Given resources cannot be found.
{- "id": "Z843dc9e-a3f6-4573-bb01-a8ae21d2d4ae",
- "name": {
- "en": "Example name",
- "de": "Beispielname"
}, - "description": {
- "en": "Example role description",
- "de": "Beispiel Berechtigungsbeschreibung"
}, - "permissions": [
- {
- "id": "R143dc9e-a3f6-4573-bb01-a8ae21d2d4ae",
- "applicablePermissionResources": [
- "Z243dc9e-a3f6-4573-bb01-a8ae21d2d43g"
]
}, - {
- "id": "Z243dc9e-a3f6-4573-bb01-a8ae21d2d4ae"
}
], - "metadata": {
- "version": 1,
- "createdAt": "2022-01-04 10:44:51.871Z",
- "modifiedAt": "2022-01-05 12:44:51.456Z"
}
}
Retrieves all access controls templates available for the tenant. A template contains a list of the most popular access controls combined together in order to provide convenient access to the system.
iam.template_read
The request was successful. A list of role templates is returned.
Unsupported language provided.
Given request is unauthorized - the authorization token is invalid or has expired. It usually means that tenant from the token does not match tenant from path.
Scope validation failed, details will be provided in response message
[- {
- "id": "Z843dc9e-a3f6-4573-bb01-a8ae21d2d4ae",
- "name": {
- "en": "Example name",
- "de": "Beispielname"
}, - "description": {
- "en": "Example role template description",
- "de": "Beispiel Accessnbeschreibung"
}, - "accessControls": [
- "f543dc9e-a3f6-4573-bb01-a8ae21d2d4ae",
- "Z843dc9e-a3f6-4573-bb01-a8ae21d2d4ae"
]
}
]
Retrieves all access controls assigned to a specified user. You can expand the result by resolving the role and resource references.
iam.access_read
The request was successful. A list of user access controls is returned.
Unsupported language provided.
Given request is unauthorized - the authorization token is invalid or has expired. It usually means that tenant from the token does not match tenant from path.
Scope validation failed, details will be provided in response message
Given resources cannot be found.
[- {
- "id": "I981dc9e-a3f6-4573-bb01-a8ae21d2d4ae",
- "roleId": "Z843dc9e-a3f6-4573-bb01-a8ae21d2d4ae",
- "resourceId": "S843dc9e-a3f6-4573-bb01-a8ae21d2d4ae",
- "name": {
- "en": "Example name",
- "de": "Beispielname"
}, - "role": {
- "id": "Z843dc9e-a3f6-4573-bb01-a8ae21d2d4ae",
- "name": {
- "en": "Example name",
- "de": "Beispielname"
}, - "description": {
- "en": "Example role description",
- "de": "Beispiel Berechtigungsbeschreibung"
}, - "permissions": [
- {
- "id": "F243dc9e-a3f6-4573-bb01-a8ae21d2d4ae",
- "applicablePermissionResources": [
- "Q1233dc9e-a3f6-4573-bb01-a8ae21d2d43g"
]
}, - {
- "id": "F343dc9e-a3f6-4573-bb01-a8ae21d2d4ae"
}
], - "metadata": {
- "version": 1,
- "createdAt": "2022-01-04 10:44:51.871Z",
- "modifiedAt": "2022-01-05 12:44:51.456Z"
}
}, - "resource": {
- "id": "S843dc9e-a3f6-4573-bb01-a8ae21d2d4ae",
- "name": {
- "en": "Example name",
- "de": "Beispielname"
}, - "description": {
- "en": "Example resource description",
- "de": "Beispiel Domainbeschreibung 2"
}, - "code": "serviceName.resource",
- "metadata": {
- "version": 1,
- "createdAt": "2022-01-04 10:44:51.871Z",
- "modifiedAt": "2022-01-05 12:44:51.456Z"
}
}, - "metadata": {
- "version": 1,
- "createdAt": "2019-08-24T14:15:22Z",
- "modifiedAt": "2019-08-24T14:15:22Z"
}
}, - {
- "id": "PO43dc9e-a3f6-4573-bb01-a8ae21d2d4ae",
- "roleId": "Rvsf43dc9e-a3f6-4573-bb01-a8ae21d2d4ae",
- "resourceId": "L343dc9e-a3f6-4573-bb01-a8ae21d2d4ae",
- "name": {
- "en": "Example name 2",
- "de": "Beispielname 2"
}, - "role": {
- "id": "Rvsf43dc9e-a3f6-4573-bb01-a8ae21d2d4ae",
- "name": {
- "en": "Example name 2",
- "de": "Beispielname 2"
}, - "description": {
- "en": "Example role description 2",
- "de": "Beispiel Berechtigungsbeschreibung 2"
}, - "permissions": [
- {
- "id": "M243dc9e-a3f6-4573-bb01-a8ae21d2d4ae",
- "applicablePermissionResources": [
- "N943dc9e-a3f6-4573-bb01-a8ae21d2d43g"
]
}, - {
- "id": "Z243dc9e-a3f6-4573-bb01-a8ae21d2d4ae"
}
], - "metadata": {
- "version": 1,
- "createdAt": "2022-01-04 10:44:51.871Z",
- "modifiedAt": "2022-01-05 12:44:51.456Z"
}
}, - "resource": {
- "id": "L343dc9e-a3f6-4573-bb01-a8ae21d2d4ae",
- "name": {
- "en": "Example name 2",
- "de": "Beispielname 2"
}, - "description": {
- "en": "Example resource description 2",
- "de": "Beispiel Domainbeschreibung 2"
}, - "code": "serviceName.resource",
- "metadata": {
- "version": 1,
- "createdAt": "2022-01-04 10:44:51.871Z",
- "modifiedAt": "2022-01-05 12:44:51.456Z"
}
}, - "metadata": {
- "version": 1,
- "createdAt": "2019-08-24T14:15:22Z",
- "modifiedAt": "2019-08-24T14:15:22Z"
}
}
]
Retrieves a specified user's access controls for a specified resource.
iam.access_read
The request was successful. A list of user access controls for the resource is returned.
Unsupported language provided.
Given request is unauthorized - the authorization token is invalid or has expired. It usually means that tenant from the token does not match tenant from path.
Scope validation failed, details will be provided in response message
Given resources cannot be found.
[- {
- "id": "I981dc9e-a3f6-4573-bb01-a8ae21d2d4ae",
- "roleId": "Z843dc9e-a3f6-4573-bb01-a8ae21d2d4ae",
- "resourceId": "S843dc9e-a3f6-4573-bb01-a8ae21d2d4ae",
- "name": {
- "en": "Example name",
- "de": "Beispielname"
}, - "role": {
- "id": "Z843dc9e-a3f6-4573-bb01-a8ae21d2d4ae",
- "name": {
- "en": "Example name",
- "de": "Beispielname"
}, - "description": {
- "en": "Example role description",
- "de": "Beispiel Berechtigungsbeschreibung"
}, - "permissions": [
- {
- "id": "F243dc9e-a3f6-4573-bb01-a8ae21d2d4ae",
- "applicablePermissionResources": [
- "Q1233dc9e-a3f6-4573-bb01-a8ae21d2d43g"
]
}, - {
- "id": "F343dc9e-a3f6-4573-bb01-a8ae21d2d4ae"
}
], - "metadata": {
- "version": 1,
- "createdAt": "2022-01-04 10:44:51.871Z",
- "modifiedAt": "2022-01-05 12:44:51.456Z"
}
}, - "resource": {
- "id": "S843dc9e-a3f6-4573-bb01-a8ae21d2d4ab",
- "name": {
- "en": "Example name",
- "de": "Beispielname"
}, - "description": {
- "en": "Example resource description",
- "de": "Beispiel Domainbeschreibung 2"
}, - "code": "serviceName.resource",
- "metadata": {
- "version": 1,
- "createdAt": "2022-01-04 10:44:51.871Z",
- "modifiedAt": "2022-01-05 12:44:51.456Z"
}
}, - "metadata": {
- "version": 1,
- "createdAt": "2019-08-24T14:15:22Z",
- "modifiedAt": "2019-08-24T14:15:22Z"
}
}, - {
- "id": "PO43dc9e-a3f6-4573-bb01-a8ae21d2d4ae",
- "roleId": "Rvsf43dc9e-a3f6-4573-bb01-a8ae21d2d4ae",
- "resourceId": "S843dc9e-a3f6-4573-bb01-a8ae21d2d4ae",
- "name": {
- "en": "Example name 2",
- "de": "Beispielname 2"
}, - "role": {
- "id": "Rvsf43dc9e-a3f6-4573-bb01-a8ae21d2d4ae",
- "name": {
- "en": "Example name 2",
- "de": "Beispielname 2"
}, - "description": {
- "en": "Example role description 2",
- "de": "Beispiel Berechtigungsbeschreibung 2"
}, - "permissions": [
- {
- "id": "M243dc9e-a3f6-4573-bb01-a8ae21d2d4ae",
- "applicablePermissionResources": [
- "N943dc9e-a3f6-4573-bb01-a8ae21d2d43g"
]
}, - {
- "id": "Z243dc9e-a3f6-4573-bb01-a8ae21d2d4ae"
}
], - "metadata": {
- "version": 1,
- "createdAt": "2022-01-04 10:44:51.871Z",
- "modifiedAt": "2022-01-05 12:44:51.456Z"
}
}, - "resource": {
- "id": "S843dc9e-a3f6-4573-bb01-a8ae21d2d4ae",
- "name": {
- "en": "Example name 2",
- "de": "Beispielname 2"
}, - "description": {
- "en": "Example resource description 2",
- "de": "Beispiel Domainbeschreibung 2"
}, - "code": "serviceName.resource",
- "metadata": {
- "version": 1,
- "createdAt": "2022-01-04 10:44:51.871Z",
- "modifiedAt": "2022-01-05 12:44:51.456Z"
}
}, - "metadata": {
- "version": 1,
- "createdAt": "2019-08-24T14:15:22Z",
- "modifiedAt": "2019-08-24T14:15:22Z"
}
}
]
Retrieves all groups to which a specified user is assigned.
iam.group_read
The request was successful. A list of groups is returned.
Unsupported language provided.
Given request is unauthorized - the authorization token is invalid or has expired. It usually means that tenant from the token does not match tenant from path.
Scope validation failed, details will be provided in response message
[- {
- "id": "Z843dc9e-a3f6-4573-bb01-a8ae21d2d4ae",
- "name": {
- "en": "Example name",
- "de": "Beispielname"
}, - "description": {
- "en": "Example group description",
- "de": "Beispiel Berechtigungsbeschreibung"
}, - "accessControls": [
- "f543dc9e-a3f6-4573-bb01-a8ae21d2d4ae",
- "r243dc9e-a3f6-4573-zz01-a8ae21d2d4ae"
], - "userType": "CUSTOMER",
- "metadata": {
- "version": 1,
- "createdAt": "2022-01-04 10:44:51.871Z",
- "modifiedAt": "2022-01-05 12:44:51.456Z"
}
}
]
Retrieves user specific group.
iam.group_read
The request was successful. The group is returned.
Unsupported language provided.
Given request is unauthorized - the authorization token is invalid or has expired. It usually means that tenant from the token does not match tenant from path.
Scope validation failed, details will be provided in response message
Given resources cannot be found.
{- "id": "Z843dc9e-a3f6-4573-bb01-a8ae21d2d4ae",
- "name": {
- "en": "Example name",
- "de": "Beispielname"
}, - "description": {
- "en": "Example group description",
- "de": "Beispiel Berechtigungsbeschreibung"
}, - "accessControls": [
- "f543dc9e-a3f6-4573-bb01-a8ae21d2d4ae",
- "r243dc9e-a3f6-4573-zz01-a8ae21d2d4ae"
], - "userType": "CUSTOMER",
- "metadata": {
- "version": 1,
- "createdAt": "2022-01-04 10:44:51.871Z",
- "modifiedAt": "2022-01-05 12:44:51.456Z"
}
}
Retrieves a specified user's permissions for a specific resource. The permissions are calculated based on the user's group assignments and the access control lists of those groups.
iam.permission_read
The request was successful. A list of user permissions for the resource is returned.
Unsupported language provided.
Given request is unauthorized - the authorization token is invalid or has expired. It usually means that tenant from the token does not match tenant from path.
Scope validation failed, details will be provided in response message
[- {
- "id": "Z843dc9e-a3f6-4573-bb01-a8ae21d2d4ae",
- "name": {
- "en": "Example name",
- "de": "Beispielname"
}, - "description": {
- "en": "Example permission description",
- "de": "Beispiel Berechtigungsbeschreibung"
}, - "applicableResources": [
- "SQ43dc9e-a3f6-4573-bb01-a8ae21d2d4ca",
- "RE43dc9e-a3f6-4573-bb01-a8ae21d2d4g1"
], - "code": "read",
- "metadata": {
- "version": 1,
- "createdAt": "2022-01-04 10:44:51.871Z",
- "modifiedAt": "2022-01-05 12:44:51.456Z"
}
}
]
Retrieves all scopes granted to a user specified by id. Those are calculated based on user group assignments. For each particular group all access controls are resolved to scopes based on defined role(s) and resource(s).
iam.scope_read
The request was successful. A list of scopes is returned.
Given request is unauthorized - the authorization token is invalid or has expired. It usually means that tenant from the token does not match tenant from path.
Scope validation failed, details will be provided in response message
{- "userId": "Z843dc9e-a3f6-4573-bb01-a8ae21d2d4ae",
- "scopes": "iam.group_read iam.roles_read tenant=yourtenant"
}
Retrieves all access controls assigned to a requested user. You can expand the result by resolving the role and resource references.
The request was successful. A list of user access controls is returned.
Unsupported language provided.
Given request is unauthorized - the authorization token is invalid or has expired. It usually means that tenant from the token does not match tenant from path.
Scope validation failed, details will be provided in response message
Given resources cannot be found.
[- {
- "id": "I981dc9e-a3f6-4573-bb01-a8ae21d2d4ae",
- "roleId": "Z843dc9e-a3f6-4573-bb01-a8ae21d2d4ae",
- "resourceId": "S843dc9e-a3f6-4573-bb01-a8ae21d2d4ae",
- "name": {
- "en": "Example name",
- "de": "Beispielname"
}, - "role": {
- "id": "Z843dc9e-a3f6-4573-bb01-a8ae21d2d4ae",
- "name": {
- "en": "Example name",
- "de": "Beispielname"
}, - "description": {
- "en": "Example role description",
- "de": "Beispiel Berechtigungsbeschreibung"
}, - "permissions": [
- {
- "id": "F243dc9e-a3f6-4573-bb01-a8ae21d2d4ae",
- "applicablePermissionResources": [
- "Q1233dc9e-a3f6-4573-bb01-a8ae21d2d43g"
]
}, - {
- "id": "F343dc9e-a3f6-4573-bb01-a8ae21d2d4ae"
}
], - "metadata": {
- "version": 1,
- "createdAt": "2022-01-04 10:44:51.871Z",
- "modifiedAt": "2022-01-05 12:44:51.456Z"
}
}, - "resource": {
- "id": "S843dc9e-a3f6-4573-bb01-a8ae21d2d4ae",
- "name": {
- "en": "Example name",
- "de": "Beispielname"
}, - "description": {
- "en": "Example resource description",
- "de": "Beispiel Domainbeschreibung 2"
}, - "code": "serviceName.resource",
- "metadata": {
- "version": 1,
- "createdAt": "2022-01-04 10:44:51.871Z",
- "modifiedAt": "2022-01-05 12:44:51.456Z"
}
}, - "metadata": {
- "version": 1,
- "createdAt": "2019-08-24T14:15:22Z",
- "modifiedAt": "2019-08-24T14:15:22Z"
}
}, - {
- "id": "PO43dc9e-a3f6-4573-bb01-a8ae21d2d4ae",
- "roleId": "Rvsf43dc9e-a3f6-4573-bb01-a8ae21d2d4ae",
- "resourceId": "L343dc9e-a3f6-4573-bb01-a8ae21d2d4ae",
- "name": {
- "en": "Example name 2",
- "de": "Beispielname 2"
}, - "role": {
- "id": "Rvsf43dc9e-a3f6-4573-bb01-a8ae21d2d4ae",
- "name": {
- "en": "Example name 2",
- "de": "Beispielname 2"
}, - "description": {
- "en": "Example role description 2",
- "de": "Beispiel Berechtigungsbeschreibung 2"
}, - "permissions": [
- {
- "id": "M243dc9e-a3f6-4573-bb01-a8ae21d2d4ae",
- "applicablePermissionResources": [
- "N943dc9e-a3f6-4573-bb01-a8ae21d2d43g"
]
}, - {
- "id": "Z243dc9e-a3f6-4573-bb01-a8ae21d2d4ae"
}
], - "metadata": {
- "version": 1,
- "createdAt": "2022-01-04 10:44:51.871Z",
- "modifiedAt": "2022-01-05 12:44:51.456Z"
}
}, - "resource": {
- "id": "L343dc9e-a3f6-4573-bb01-a8ae21d2d4ae",
- "name": {
- "en": "Example name 2",
- "de": "Beispielname 2"
}, - "description": {
- "en": "Example resource description 2",
- "de": "Beispiel Domainbeschreibung 2"
}, - "code": "serviceName.resource",
- "metadata": {
- "version": 1,
- "createdAt": "2022-01-04 10:44:51.871Z",
- "modifiedAt": "2022-01-05 12:44:51.456Z"
}
}, - "metadata": {
- "version": 1,
- "createdAt": "2019-08-24T14:15:22Z",
- "modifiedAt": "2019-08-24T14:15:22Z"
}
}
]
Retrieves all own scopes granted to the user sending the request. Those are calculated based on user group assignments. For each particular group all access controls are resolved to scopes based on defined role(s) and resource(s).
The request was successful. A list of scopes is returned.
Given request is unauthorized - the authorization token is invalid or has expired. It usually means that tenant from the token does not match tenant from path.
Scope validation failed, details will be provided in response message
{- "userId": "Z843dc9e-a3f6-4573-bb01-a8ae21d2d4ae",
- "scopes": "iam.group_read iam.roles_read tenant=yourtenant"
}
Retrieves all users for the given tenant with the assigned groups. The user type can be specified as EMPLOYEE
or CUSTOMER
. Currently, only the EMPLOYEE
user type is supported.
iam.user_read
The request was successful a list of users is returned.
Bad Request
Given request is unauthorized - the authorization token is invalid or has expired. It usually means that tenant from the token does not match tenant from path.
Scope validation failed, details will be provided in response message
[- {
- "id": "00u4ukrqkmEP1opFf417",
- "firstName": "John 2",
- "lastName": "Doe",
- "backofficeUserNumber": "00u4ukrqkmEP1opFf417",
- "preferredSite": "main",
- "preferredCurrency": "PLN",
- "preferredLanguage": "en",
- "department": "departmentName",
- "validFrom": "2022-08-19T10:41:28Z",
- "isAccountLocked": true,
- "contactEmail": "user2@gmail.com",
- "status": "ACTIVE",
- "groupIds": [
- "1gr5e52e-6e27-4ac5-9471-2467d3fb7503"
], - "groups": [
- {
- "id": "1gr5e52e-6e27-4ac5-9471-2467d3fb7503",
- "name": {
- "de": "Backoffice Manager",
- "en": "Backoffice managers"
}, - "description": {
- "de": "Backoffice Manager",
- "en": "Backoffice managers"
}, - "code": "BO_MANAGER",
- "userType": "EMPLOYEE"
}
]
}, - {
- "id": "00u4ukqvzlEP31sCk417",
- "firstName": "John",
- "lastName": "Doe",
- "backofficeUserNumber": "00u4ukqvzlEP31sCk417",
- "preferredSite": "main",
- "preferredCurrency": "PLN",
- "preferredLanguage": "en",
- "department": "departmentName",
- "validFrom": "2022-08-19T10:41:10Z",
- "isAccountLocked": true,
- "contactEmail": "user1@gmail.com",
- "status": "PROVISIONED",
- "groupIds": [
- "1gr5e52e-6e27-4ac5-9471-2467d3fb7503"
], - "groups": [
- {
- "id": "1gr5e52e-6e27-4ac5-9471-2467d3fb7503",
- "name": {
- "de": "Backoffice Manager",
- "en": "Backoffice managers"
}, - "description": {
- "de": "Backoffice Manager",
- "en": "Backoffice managers"
}, - "code": "BO_MANAGER",
- "userType": "EMPLOYEE"
}
]
}
]
Creates a new Management Dashboard user for a given tenant. The user will be able to log in to the Management Dashboard right after they confirm their email and set up a password. If a user with a given email already exists in the system, the assignment will be created and no further steps are needed.
iam.user_create
User creation sample
The request was successful. The user has been created.
Unsupported language provided.
Given request is unauthorized - the authorization token is invalid or has expired. It usually means that tenant from the token does not match tenant from path.
Scope validation failed, details will be provided in response message
Given resource cannot be found.
{- "lastName": "Doe",
- "firstName": "John",
- "preferredSite": "main",
- "contactEmail": "example@emporix.com",
- "preferredCurrency": "PLN",
- "preferredLanguage": "en",
- "department": "departmentName",
- "groupIds": [
- "1gr5e52e-6e27-4ac5-9471-2467d3fb7503",
- "1gr5e52e-6e27-4ac5-9471-2467d3fb7504"
]
}
{- "id": "e243dc9e-a3f6-4573-bb01-a8ae21d2d4at"
}
For a specific tenant, retrieves user by ID along with the groups this user belongs to. The user type can be specified as EMPLOYEE
or CUSTOMER
. Currently, only the EMPLOYEE
user type is supported.
iam.user_read
The request was successful and user is returned.
Unsupported language provided.
Given request is unauthorized - the authorization token is invalid or has expired. It usually means that tenant from the token does not match tenant from path.
Scope validation failed, details will be provided in response message
Given resource cannot be found.
{- "id": "00u4ukqvzlEP31sCk417",
- "firstName": "John",
- "lastName": "Doe",
- "backofficeUserNumber": "00u4ukqvzlEP31sCk417",
- "preferredSite": "main",
- "preferredCurrency": "PLN",
- "preferredLanguage": "en",
- "department": "departmentName",
- "validFrom": "2022-08-19T10:41:10Z",
- "isAccountLocked": true,
- "contactEmail": "user1@gmail.com",
- "status": "ACTIVE",
- "groupIds": [
- "1gr5e52e-6e27-4ac5-9471-2467d3fb7503"
], - "groups": [
- {
- "id": "1gr5e52e-6e27-4ac5-9471-2467d3fb7503",
- "name": {
- "de": "Backoffice Manager",
- "en": "Backoffice managers"
}, - "description": {
- "de": "Backoffice Manager",
- "en": "Backoffice managers"
}, - "code": "BO_MANAGER",
- "userType": "EMPLOYEE"
}
]
}
Updating a user of the EMPLOYEE
type. The user will be deleted from all groups and assigned to a given group list based on the groupIds
field.
iam.user_update
User creation sample
The request was successful. The user has been updated.
Unsupported language provided.
Given request is unauthorized - the authorization token is invalid or has expired. It usually means that tenant from the token does not match tenant from path.
Scope validation failed, details will be provided in response message
Given resource cannot be found.
{- "lastName": "Doe",
- "firstName": "John",
- "preferredSite": "main",
- "preferredCurrency": "PLN",
- "preferredLanguage": "en",
- "backofficeUserNumber": "00u4ujmuyhhfJodyS417",
- "department": "departmentName",
- "groupIds": [
- "1gr5e52e-6e27-4ac5-9471-2467d3fb7503",
- "1gr5e52e-6e27-4ac5-9471-2467d3fb7504"
]
}
{- "code": 400,
- "status": "Bad Request",
- "message": "Language header validation failed",
- "details": [
- "Following languages are not supported: 'ru'"
]
}
Removes a specified user from all groups. This operation blocks user access to Management Dashboard, but the Developer Portal account access remains the same.
iam.user_delete
User has been deleted successfully.
Given request is unauthorized - the authorization token is invalid or has expired. It usually means that tenant from the token does not match tenant from path.
Scope validation failed, details will be provided in response message
{- "fault": {
- "faultstring": "Invalid Access Token",
- "detail": {
- "errorcode": "keymanagement.service.invalid_access_token"
}
}
}