SSO Registration API 1.0
Allows the stakeholders to update their client and API registrations to establish the trust between their application and the Genetec SSO.
{
"openapi": "3.0.1",
"info": {
"title": "SSO Registration API",
"description": "Allows the stakeholders to update their client and API registrations to establish the trust between their application and the Genetec SSO",
"termsOfService": "https://www.genetec.com/legal/cloudtos",
"license": {
"name": "Source Code License Agreement",
"url": "https://www.genetec.com/legal/eula"
},
"version": "1.0"
},
"paths": {
"/registration/apis": {
"post": {
"tags": [
"Apis"
],
"summary": "Registers a new API.",
"operationId": "PostApi",
"requestBody": {
"description": "API metadata.",
"content": {
"application/vnd.genetec.sso.createapiV1+json": {
"schema": {
"$ref": "#/components/schemas/CreateApiRequestModel"
},
"example": {"api_id":"myproduct.myapi","api_name":"My Api","claim_types":["email"],"scopes":[{"name":"myproduct.myapi"}]}
}
}
},
"responses": {
"401": {
"description": "Could not resolve identity from bearer token.",
"headers": {
"CorrelationId": {
"description": "The correlation ID response header",
"schema": {
"type": "String"
}
}
}
},
"403": {
"description": "You do not have the required permissions to perform this operation.",
"headers": {
"CorrelationId": {
"description": "The correlation ID response header",
"schema": {
"type": "String"
}
}
}
},
"502": {
"description": "Communication with the remote server failed.",
"headers": {
"CorrelationId": {
"description": "The correlation ID response header",
"schema": {
"type": "String"
}
}
}
},
"201": {
"description": "The registration was created successfully.",
"headers": {
"Location": {
"description": "The location of the newly created resource",
"schema": {
"type": "String"
}
},
"CorrelationId": {
"description": "The correlation ID response header",
"schema": {
"type": "String"
}
}
},
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ApiCreatedModel"
}
},
"text/json": {
"schema": {
"$ref": "#/components/schemas/ApiCreatedModel"
}
}
}
},
"400": {
"description": "The registration had invalid data.",
"headers": {
"CorrelationId": {
"description": "The correlation ID response header",
"schema": {
"type": "String"
}
}
},
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ValidationErrorModel"
}
},
"text/json": {
"schema": {
"$ref": "#/components/schemas/ValidationErrorModel"
}
}
}
},
"409": {
"description": "An api with the same api_id already exists.",
"headers": {
"CorrelationId": {
"description": "The correlation ID response header",
"schema": {
"type": "String"
}
}
},
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorModel"
}
},
"text/json": {
"schema": {
"$ref": "#/components/schemas/ErrorModel"
}
}
}
}
}
}
},
"/registration/apis/{apiId}": {
"get": {
"tags": [
"Apis"
],
"summary": "Get an API registration",
"operationId": "GetApiById",
"parameters": [
{
"name": "apiId",
"in": "path",
"description": "Api ID to get.",
"required": true,
"schema": {
"type": "string"
}
}
],
"responses": {
"401": {
"description": "Could not resolve identity from bearer token.",
"headers": {
"CorrelationId": {
"description": "The correlation ID response header",
"schema": {
"type": "String"
}
}
}
},
"403": {
"description": "You do not have the required permissions to perform this operation.",
"headers": {
"CorrelationId": {
"description": "The correlation ID response header",
"schema": {
"type": "String"
}
}
}
},
"502": {
"description": "Communication with the remote server failed.",
"headers": {
"CorrelationId": {
"description": "The correlation ID response header",
"schema": {
"type": "String"
}
}
}
},
"200": {
"description": "The API registration.",
"headers": {
"ETag": {
"description": "The ETag response header",
"schema": {
"type": "String"
}
},
"CorrelationId": {
"description": "The correlation ID response header",
"schema": {
"type": "String"
}
}
},
"content": {
"application/vnd.genetec.identity.apiregistrationV1+json": {
"schema": {
"$ref": "#/components/schemas/ApiModel"
}
}
}
},
"404": {
"description": "Cannot find an API registration for the given API Id.",
"headers": {
"CorrelationId": {
"description": "The correlation ID response header",
"schema": {
"type": "String"
}
}
}
}
}
},
"put": {
"tags": [
"Apis"
],
"summary": "Update an Api.",
"operationId": "PutApi",
"parameters": [
{
"name": "apiId",
"in": "path",
"description": "The unique identifier of the api.",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "If-Match",
"in": "header",
"description": "ETag of the resource to update. Get the ETag in the response headers of the GET endpoint (keep the quotes).",
"required": true,
"schema": {
"type": "string",
"default": ""
}
}
],
"requestBody": {
"description": "The model of the properties that will be replaced on the api resource.",
"content": {
"application/vnd.genetec.sso.updateapiV1+json": {
"schema": {
"$ref": "#/components/schemas/UpdateApiModel"
},
"example": {"api_name":"My rebranded Api","claim_types":["email"],"scopes":[{"name":"myproduct.myapi"}]}
}
}
},
"responses": {
"401": {
"description": "Could not resolve identity from bearer token.",
"headers": {
"CorrelationId": {
"description": "The correlation ID response header",
"schema": {
"type": "String"
}
}
}
},
"403": {
"description": "You do not have the required permissions to perform this operation.",
"headers": {
"CorrelationId": {
"description": "The correlation ID response header",
"schema": {
"type": "String"
}
}
}
},
"502": {
"description": "Communication with the remote server failed.",
"headers": {
"CorrelationId": {
"description": "The correlation ID response header",
"schema": {
"type": "String"
}
}
}
},
"204": {
"description": "The api was updated successfully.",
"headers": {
"Content-Location": {
"description": "The location of the updated resource",
"schema": {
"type": "String"
}
},
"CorrelationId": {
"description": "The correlation ID response header",
"schema": {
"type": "String"
}
}
}
},
"400": {
"description": "The update model had invalid data.",
"headers": {
"CorrelationId": {
"description": "The correlation ID response header",
"schema": {
"type": "String"
}
}
},
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ValidationErrorModel"
}
},
"text/json": {
"schema": {
"$ref": "#/components/schemas/ValidationErrorModel"
}
}
}
},
"404": {
"description": "Cannot find an API registration for the given API Id.",
"headers": {
"CorrelationId": {
"description": "The correlation ID response header",
"schema": {
"type": "String"
}
}
}
},
"412": {
"description": "The provided IfMatch etag did not correspond to the current resource. Refresh the resource and retry again.",
"headers": {
"CorrelationId": {
"description": "The correlation ID response header",
"schema": {
"type": "String"
}
}
}
},
"428": {
"description": "The endpoint requires to fill the IfMatch header with the resource's current ETag",
"headers": {
"CorrelationId": {
"description": "The correlation ID response header",
"schema": {
"type": "String"
}
}
}
}
}
},
"delete": {
"tags": [
"Apis"
],
"summary": "Deletes an API registration.",
"operationId": "DeleteApi",
"parameters": [
{
"name": "apiId",
"in": "path",
"description": "The unique identifier of the api.",
"required": true,
"schema": {
"type": "string"
}
}
],
"responses": {
"401": {
"description": "Could not resolve identity from bearer token.",
"headers": {
"CorrelationId": {
"description": "The correlation ID response header",
"schema": {
"type": "String"
}
}
}
},
"403": {
"description": "You do not have the required permissions to perform this operation.",
"headers": {
"CorrelationId": {
"description": "The correlation ID response header",
"schema": {
"type": "String"
}
}
}
},
"502": {
"description": "Communication with the remote server failed.",
"headers": {
"CorrelationId": {
"description": "The correlation ID response header",
"schema": {
"type": "String"
}
}
}
},
"204": {
"description": "The api registration was deleted successfully.",
"headers": {
"CorrelationId": {
"description": "The correlation ID response header",
"schema": {
"type": "String"
}
}
}
},
"404": {
"description": "Cannot find an API registration for the given API Id.",
"headers": {
"CorrelationId": {
"description": "The correlation ID response header",
"schema": {
"type": "String"
}
}
}
}
}
}
},
"/registration/clients": {
"post": {
"tags": [
"Clients"
],
"summary": "Register a new client.",
"operationId": "PostClient",
"requestBody": {
"description": "Client metadata.",
"content": {
"application/vnd.genetec.sso.createclientV1+json": {
"schema": {
"$ref": "#/components/schemas/CreateClientRequestModel"
},
"examples": {
"Authorization code": {
"value": {"client_name":"My App","grant_types":["authorization_code"],"redirect_uris":["https://my.domain.com/signin-oidc"],"post_logout_redirect_uris":["https://my.domain.com/signout-callback-oidc"],"scope":"openid profile source_iss","require_pkce":false,"allowed_cors_origins":[],"social_identity_providers_authentication":"allow_all","redirect_errors_to_client_application":false,"application_type":"web"}
},
"Client credentials": {
"value": {"client_name":"My App","grant_types":["client_credentials"],"scope":"myproduct.myapi"}
}
}
},
"application/json": {
"schema": {
"$ref": "#/components/schemas/CreateClientRequestModel"
},
"examples": {
"Authorization code": {
"value": {"client_name":"My App","grant_types":["authorization_code"],"redirect_uris":["https://my.domain.com/signin-oidc"],"post_logout_redirect_uris":["https://my.domain.com/signout-callback-oidc"],"scope":"openid profile source_iss","require_pkce":false,"allowed_cors_origins":[],"social_identity_providers_authentication":"allow_all","redirect_errors_to_client_application":false,"application_type":"web"}
},
"Client credentials": {
"value": {"client_name":"My App","grant_types":["client_credentials"],"scope":"myproduct.myapi"}
}
}
}
}
},
"responses": {
"401": {
"description": "Could not resolve identity from bearer token.",
"headers": {
"CorrelationId": {
"description": "The correlation ID response header",
"schema": {
"type": "String"
}
}
}
},
"403": {
"description": "You do not have the required permissions to perform this operation.",
"headers": {
"CorrelationId": {
"description": "The correlation ID response header",
"schema": {
"type": "String"
}
}
}
},
"502": {
"description": "Communication with the remote server failed.",
"headers": {
"CorrelationId": {
"description": "The correlation ID response header",
"schema": {
"type": "String"
}
}
}
},
"201": {
"description": "The registration was created successfully.",
"headers": {
"Location": {
"description": "The location of the newly created resource",
"schema": {
"type": "String"
}
},
"CorrelationId": {
"description": "The correlation ID response header",
"schema": {
"type": "String"
}
}
},
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ClientCreatedModel"
}
},
"text/json": {
"schema": {
"$ref": "#/components/schemas/ClientCreatedModel"
}
}
}
},
"400": {
"description": "The registration had invalid data.",
"headers": {
"CorrelationId": {
"description": "The correlation ID response header",
"schema": {
"type": "String"
}
}
},
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ValidationErrorModel"
}
},
"text/json": {
"schema": {
"$ref": "#/components/schemas/ValidationErrorModel"
}
}
}
},
"409": {
"description": "The registration already exists.",
"headers": {
"CorrelationId": {
"description": "The correlation ID response header",
"schema": {
"type": "String"
}
}
},
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorModel"
}
},
"text/json": {
"schema": {
"$ref": "#/components/schemas/ErrorModel"
}
}
}
}
}
}
},
"/registration/clients/{clientId}": {
"get": {
"tags": [
"Clients"
],
"summary": "Get a client registration.",
"operationId": "GetClient",
"parameters": [
{
"name": "clientId",
"in": "path",
"description": "The unique identifier of the client registration.",
"required": true,
"schema": {
"type": "string"
}
}
],
"responses": {
"401": {
"description": "Could not resolve identity from bearer token.",
"headers": {
"CorrelationId": {
"description": "The correlation ID response header",
"schema": {
"type": "String"
}
}
}
},
"403": {
"description": "You do not have the required permissions to perform this operation.",
"headers": {
"CorrelationId": {
"description": "The correlation ID response header",
"schema": {
"type": "String"
}
}
}
},
"502": {
"description": "Communication with the remote server failed.",
"headers": {
"CorrelationId": {
"description": "The correlation ID response header",
"schema": {
"type": "String"
}
}
}
},
"200": {
"description": "The client registration.",
"headers": {
"ETag": {
"description": "The ETag response header",
"schema": {
"type": "String"
}
},
"CorrelationId": {
"description": "The correlation ID response header",
"schema": {
"type": "String"
}
}
},
"content": {
"application/vnd.genetec.identity.clientregistrationV1+json": {
"schema": {
"$ref": "#/components/schemas/ClientModel"
}
}
}
},
"404": {
"description": "Cannot find a client registration for the given client Id.",
"headers": {
"CorrelationId": {
"description": "The correlation ID response header",
"schema": {
"type": "String"
}
}
}
}
}
},
"patch": {
"tags": [
"Clients"
],
"summary": "Update a subset of the properties of a client registration.",
"operationId": "PatchClient",
"parameters": [
{
"name": "clientId",
"in": "path",
"description": "The unique identifier of the client registration.",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "If-Match",
"in": "header",
"description": "ETag of the resource to update. Get the ETag in the response headers of the GET endpoint (keep the quotes).",
"schema": {
"type": "string",
"default": ""
}
}
],
"requestBody": {
"description": "The JSON Patch document describing the changes to make to the client registration.",
"content": {
"application/json-patch+json": {
"schema": {
"type": "array",
"items": {
"$ref": "#/components/schemas/Operation"
}
},
"example": [{"value":"https://add-new-redirect-uri-at-the-end","path":"/redirect_uris/-","op":"add"},{"value":"https://replace-redirect-uri-at-index-2","path":"/redirect_uris/2","op":"replace"},{"value":"https://add-new-post-logout-redirect-uri-at-the-end","path":"/post_logout_redirect_uris/-","op":"add"},{"value":"https://replace-post-logout-redirect-uri-at-index-2","path":"/post_logout_redirect_uris/2","op":"replace"},{"value":"updated scope value","path":"/scope","op":"replace"},{"value":"native","path":"/application_type","op":"replace"}]
}
}
},
"responses": {
"401": {
"description": "Could not resolve identity from bearer token.",
"headers": {
"CorrelationId": {
"description": "The correlation ID response header",
"schema": {
"type": "String"
}
}
}
},
"403": {
"description": "You do not have the required permissions to perform this operation.",
"headers": {
"CorrelationId": {
"description": "The correlation ID response header",
"schema": {
"type": "String"
}
}
}
},
"502": {
"description": "Communication with the remote server failed.",
"headers": {
"CorrelationId": {
"description": "The correlation ID response header",
"schema": {
"type": "String"
}
}
}
},
"204": {
"description": "The client registration was patched successfully.",
"headers": {
"Content-Location": {
"description": "The location of the updated resource",
"schema": {
"type": "String"
}
},
"CorrelationId": {
"description": "The correlation ID response header",
"schema": {
"type": "String"
}
}
}
},
"400": {
"description": "The patch request had invalid data.",
"headers": {
"CorrelationId": {
"description": "The correlation ID response header",
"schema": {
"type": "String"
}
}
},
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ValidationErrorModel"
}
},
"text/json": {
"schema": {
"$ref": "#/components/schemas/ValidationErrorModel"
}
}
}
},
"404": {
"description": "Cannot find a client registration for the given client Id.",
"headers": {
"CorrelationId": {
"description": "The correlation ID response header",
"schema": {
"type": "String"
}
}
}
},
"409": {
"description": "The resource is in the process of being created. Please try again later.",
"headers": {
"CorrelationId": {
"description": "The correlation ID response header",
"schema": {
"type": "String"
}
}
},
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ProblemDetails"
}
},
"text/json": {
"schema": {
"$ref": "#/components/schemas/ProblemDetails"
}
}
}
},
"412": {
"description": "The provided IfMatch etag did not correspond to the current resource. Refresh the resource and retry again.",
"headers": {
"CorrelationId": {
"description": "The correlation ID response header",
"schema": {
"type": "String"
}
}
}
}
}
},
"put": {
"tags": [
"Clients"
],
"summary": "Update a client registration.",
"operationId": "PutClient",
"parameters": [
{
"name": "clientId",
"in": "path",
"description": "The unique identifier of the client registration.",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "If-Match",
"in": "header",
"description": "ETag of the resource to update. Get the ETag in the response headers of the GET endpoint (keep the quotes).",
"required": true,
"schema": {
"type": "string",
"default": ""
}
}
],
"requestBody": {
"description": "The update model to replace the matching properties of the client registration.",
"content": {
"application/vnd.genetec.identity.updateclientregistrationV1+json": {
"schema": {
"$ref": "#/components/schemas/UpdateClientModel"
},
"example": {"tls_client_certificate_bound_access_tokens":false,"allowed_cors_origins":["https://myhost.com/"],"always_include_user_claims_in_id_token":false,"client_name":"My updated client name","default_idp":"genetec-account","post_logout_redirect_uris":[],"redirect_errors_to_client_application":true,"redirect_uris":["https://myhost.com/myapp/signin-oidc","https://myhost.com/myapp/anotherpath/signin-oidc"],"require_pkce":false,"scope":"scope1 scope2 scope3","social_identity_providers_authentication":"deny_all","social_identity_providers_whitelist":[],"application_type":"web","grant_types":["authorization_code"],"logout_behavior":null}
}
}
},
"responses": {
"401": {
"description": "Could not resolve identity from bearer token.",
"headers": {
"CorrelationId": {
"description": "The correlation ID response header",
"schema": {
"type": "String"
}
}
}
},
"403": {
"description": "You do not have the required permissions to perform this operation.",
"headers": {
"CorrelationId": {
"description": "The correlation ID response header",
"schema": {
"type": "String"
}
}
}
},
"502": {
"description": "Communication with the remote server failed.",
"headers": {
"CorrelationId": {
"description": "The correlation ID response header",
"schema": {
"type": "String"
}
}
}
},
"204": {
"description": "The client registration was updated successfully.",
"headers": {
"Content-Location": {
"description": "The location of the updated resource",
"schema": {
"type": "String"
}
},
"CorrelationId": {
"description": "The correlation ID response header",
"schema": {
"type": "String"
}
}
}
},
"400": {
"description": "The update request had invalid data.",
"headers": {
"CorrelationId": {
"description": "The correlation ID response header",
"schema": {
"type": "String"
}
}
},
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ValidationErrorModel"
}
},
"text/json": {
"schema": {
"$ref": "#/components/schemas/ValidationErrorModel"
}
}
}
},
"404": {
"description": "Cannot find a client registration for the given client Id.",
"headers": {
"CorrelationId": {
"description": "The correlation ID response header",
"schema": {
"type": "String"
}
}
}
},
"409": {
"description": "The resource is in the process of being created. Please try again later.",
"headers": {
"CorrelationId": {
"description": "The correlation ID response header",
"schema": {
"type": "String"
}
}
},
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ProblemDetails"
}
},
"text/json": {
"schema": {
"$ref": "#/components/schemas/ProblemDetails"
}
}
}
},
"412": {
"description": "The provided IfMatch etag did not correspond to the current resource. Refresh the resource and retry again.",
"headers": {
"CorrelationId": {
"description": "The correlation ID response header",
"schema": {
"type": "String"
}
}
}
}
}
},
"delete": {
"tags": [
"Clients"
],
"summary": "Delete a client registration.",
"operationId": "DeleteClient",
"parameters": [
{
"name": "clientId",
"in": "path",
"description": "The unique identifier of the client registration.",
"required": true,
"schema": {
"type": "string"
}
}
],
"responses": {
"401": {
"description": "Could not resolve identity from bearer token.",
"headers": {
"CorrelationId": {
"description": "The correlation ID response header",
"schema": {
"type": "String"
}
}
}
},
"403": {
"description": "You do not have the required permissions to perform this operation.",
"headers": {
"CorrelationId": {
"description": "The correlation ID response header",
"schema": {
"type": "String"
}
}
}
},
"502": {
"description": "Communication with the remote server failed.",
"headers": {
"CorrelationId": {
"description": "The correlation ID response header",
"schema": {
"type": "String"
}
}
}
},
"204": {
"description": "The client registration was deleted successfully.",
"headers": {
"CorrelationId": {
"description": "The correlation ID response header",
"schema": {
"type": "String"
}
}
}
},
"404": {
"description": "Cannot find a client registration for the given client Id.",
"headers": {
"CorrelationId": {
"description": "The correlation ID response header",
"schema": {
"type": "String"
}
}
}
}
}
}
},
"/registration/{resourceKind}/{resourceId}/owners": {
"post": {
"tags": [
"ResourceOwners"
],
"summary": "Add a new owner to an existing resource.",
"operationId": "PostOwner",
"parameters": [
{
"name": "resourceKind",
"in": "path",
"description": "The resource kind (either 'clients' or 'apis').",
"required": true,
"schema": {
"$ref": "#/components/schemas/InputResourceKind"
}
},
{
"name": "resourceId",
"in": "path",
"description": "The unique identifier of the resource.",
"required": true,
"schema": {
"type": "string"
}
}
],
"requestBody": {
"description": "The new owner data.",
"content": {
"application/vnd.genetec.sso.createownerV1+json": {
"schema": {
"$ref": "#/components/schemas/CreateOwnerModel"
},
"examples": {
"Owner by email": {
"value": {"claim_type":"email","claim_value":"someone@genetec.com","description":"A description explaining who this owner is"}
},
"Owner by sub": {
"value": {"claim_type":"sub","claim_value":"xyz-login.genetec.com sub","description":"A description explaining who this owner is"}
},
"Owner by Azure AD group": {
"value": {"claim_type":"groups","claim_value":"azuread://7ba8d2fb-4660-4a19-802e-4d015a17e167/{azureGroupObjectId}","description":"A description explaining who this owner is"}
},
"Owner by client_id": {
"value": {"claim_type":"client_id","claim_value":"login.genetec.com client_id","description":"A description explaining who this owner is"}
}
}
}
}
},
"responses": {
"401": {
"description": "Could not resolve identity from bearer token.",
"headers": {
"CorrelationId": {
"description": "The correlation ID response header",
"schema": {
"type": "String"
}
}
}
},
"403": {
"description": "You do not have the required permissions to perform this operation.",
"headers": {
"CorrelationId": {
"description": "The correlation ID response header",
"schema": {
"type": "String"
}
}
}
},
"201": {
"description": "The owner has been added successfully.",
"headers": {
"Location": {
"description": "The location of the newly created resource",
"schema": {
"type": "String"
}
},
"CorrelationId": {
"description": "The correlation ID response header",
"schema": {
"type": "String"
}
}
},
"content": {
"application/vnd.genetec.identity.ownerV1+json": {
"schema": {
"$ref": "#/components/schemas/OwnerModel"
}
}
}
},
"400": {
"description": "The create owner request had invalid data.",
"headers": {
"CorrelationId": {
"description": "The correlation ID response header",
"schema": {
"type": "String"
}
}
},
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ValidationErrorModel"
}
},
"text/json": {
"schema": {
"$ref": "#/components/schemas/ValidationErrorModel"
}
}
}
},
"404": {
"description": "Cannot find a registration for the given resource Id.",
"headers": {
"CorrelationId": {
"description": "The correlation ID response header",
"schema": {
"type": "String"
}
}
}
},
"409": {
"description": "The owner you are trying to add already exists.",
"headers": {
"CorrelationId": {
"description": "The correlation ID response header",
"schema": {
"type": "String"
}
}
}
}
}
},
"get": {
"tags": [
"ResourceOwners"
],
"summary": "List all owners of an existing resource.",
"operationId": "ListOwners",
"parameters": [
{
"name": "resourceKind",
"in": "path",
"description": "The resource kind (either 'clients' or 'apis').",
"required": true,
"schema": {
"$ref": "#/components/schemas/InputResourceKind"
}
},
{
"name": "resourceId",
"in": "path",
"description": "The unique identifier of the resource.",
"required": true,
"schema": {
"type": "string"
}
}
],
"responses": {
"401": {
"description": "Could not resolve identity from bearer token.",
"headers": {
"CorrelationId": {
"description": "The correlation ID response header",
"schema": {
"type": "String"
}
}
}
},
"403": {
"description": "You do not have the required permissions to perform this operation.",
"headers": {
"CorrelationId": {
"description": "The correlation ID response header",
"schema": {
"type": "String"
}
}
}
},
"200": {
"description": "The owners of the resource.",
"headers": {
"CorrelationId": {
"description": "The correlation ID response header",
"schema": {
"type": "String"
}
}
},
"content": {
"application/vnd.genetec.identity.ownerV1+json": {
"schema": {
"type": "array",
"items": {
"$ref": "#/components/schemas/OwnerModel"
}
}
}
}
},
"404": {
"description": "Cannot find a registration for the given resource Id.",
"headers": {
"CorrelationId": {
"description": "The correlation ID response header",
"schema": {
"type": "String"
}
}
}
}
}
}
},
"/registration/{resourceKind}/{resourceId}/owners/{ownerId}": {
"get": {
"tags": [
"ResourceOwners"
],
"summary": "Get an owner from an existing resource.",
"operationId": "GetOwner",
"parameters": [
{
"name": "resourceKind",
"in": "path",
"description": "The resource kind (either 'clients' or 'apis').",
"required": true,
"schema": {
"$ref": "#/components/schemas/InputResourceKind"
}
},
{
"name": "resourceId",
"in": "path",
"description": "The unique identifier of the resource.",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "ownerId",
"in": "path",
"description": "The unique identifier of the owner.",
"required": true,
"schema": {
"type": "string"
}
}
],
"responses": {
"401": {
"description": "Could not resolve identity from bearer token.",
"headers": {
"CorrelationId": {
"description": "The correlation ID response header",
"schema": {
"type": "String"
}
}
}
},
"403": {
"description": "You do not have the required permissions to perform this operation.",
"headers": {
"CorrelationId": {
"description": "The correlation ID response header",
"schema": {
"type": "String"
}
}
}
},
"200": {
"description": "The owner has been retrieved successfully.",
"headers": {
"CorrelationId": {
"description": "The correlation ID response header",
"schema": {
"type": "String"
}
}
},
"content": {
"application/vnd.genetec.identity.ownerV1+json": {
"schema": {
"$ref": "#/components/schemas/OwnerModel"
}
}
}
},
"404": {
"description": "Cannot find a registration for the given resource Id or an owner for the given owner Id.",
"headers": {
"CorrelationId": {
"description": "The correlation ID response header",
"schema": {
"type": "String"
}
}
}
}
}
},
"delete": {
"tags": [
"ResourceOwners"
],
"summary": "Delete an owner from an existing resource.",
"operationId": "DeleteOwner",
"parameters": [
{
"name": "resourceKind",
"in": "path",
"description": "The resource kind (either 'clients' or 'apis').",
"required": true,
"schema": {
"$ref": "#/components/schemas/InputResourceKind"
}
},
{
"name": "resourceId",
"in": "path",
"description": "The unique identifier of the resource.",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "ownerId",
"in": "path",
"description": "The unique identifier of the owner to delete.",
"required": true,
"schema": {
"type": "string"
}
}
],
"responses": {
"401": {
"description": "Could not resolve identity from bearer token.",
"headers": {
"CorrelationId": {
"description": "The correlation ID response header",
"schema": {
"type": "String"
}
}
}
},
"403": {
"description": "You do not have the required permissions to perform this operation.",
"headers": {
"CorrelationId": {
"description": "The correlation ID response header",
"schema": {
"type": "String"
}
}
}
},
"204": {
"description": "The owner has been deleted successfully.",
"headers": {
"CorrelationId": {
"description": "The correlation ID response header",
"schema": {
"type": "String"
}
}
}
},
"400": {
"description": "An error happened deleting the owner.",
"headers": {
"CorrelationId": {
"description": "The correlation ID response header",
"schema": {
"type": "String"
}
}
},
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorModel"
}
},
"text/json": {
"schema": {
"$ref": "#/components/schemas/ErrorModel"
}
}
}
},
"404": {
"description": "Cannot find a registration for the given resource Id or an owner for the given owner Id.",
"headers": {
"CorrelationId": {
"description": "The correlation ID response header",
"schema": {
"type": "String"
}
}
}
}
}
}
},
"/registration/clients/{clientId}/secrets": {
"get": {
"tags": [
"Secrets"
],
"summary": "List all secrets of an existing client.",
"operationId": "ListSecrets",
"parameters": [
{
"name": "clientId",
"in": "path",
"description": "The client to get the secrets for.",
"required": true,
"schema": {
"type": "string"
}
}
],
"responses": {
"401": {
"description": "Could not resolve identity from bearer token.",
"headers": {
"CorrelationId": {
"description": "The correlation ID response header",
"schema": {
"type": "String"
}
}
}
},
"403": {
"description": "You do not have the required permissions to perform this operation.",
"headers": {
"CorrelationId": {
"description": "The correlation ID response header",
"schema": {
"type": "String"
}
}
}
},
"502": {
"description": "Communication with the remote server failed.",
"headers": {
"CorrelationId": {
"description": "The correlation ID response header",
"schema": {
"type": "String"
}
}
}
},
"200": {
"description": "The client secrets.",
"headers": {
"CorrelationId": {
"description": "The correlation ID response header",
"schema": {
"type": "String"
}
}
},
"content": {
"application/vnd.sso.registration.secretlistV1+json": {
"schema": {
"$ref": "#/components/schemas/SecretListModel"
}
}
}
},
"404": {
"description": "Cannot find a registration for the given resource Id.",
"headers": {
"CorrelationId": {
"description": "The correlation ID response header",
"schema": {
"type": "String"
}
}
}
}
}
},
"post": {
"tags": [
"Secrets"
],
"summary": "Add a secret to an existing client.",
"operationId": "PostSecret",
"parameters": [
{
"name": "clientId",
"in": "path",
"description": "The client to create the secret for.",
"required": true,
"schema": {
"type": "string"
}
}
],
"requestBody": {
"description": "The model of the secret to create",
"content": {
"application/vnd.sso.registration.createJwksSecretV1+json": {
"schema": {
"$ref": "#/components/schemas/CreateJwksSecretModel"
},
"example": {"description":"Shared secret among developers","expires_at":"2023-05-03T18:41:27.4462698Z","value":{"keys":[{"alg":"A128KW","k":"GawgguFyGrWKav7AX4VKUg","kid":"aaDBIAdbiaD8Adb6aDB6g4n34gn8og7n9GNN8F3n893","kty":"oct"},{"k":"AyM1SysPpbyDfgZld3umj1qzKObwVMkoqQ-EstJQLr_T-1qS0gZH75aKtMN3Yj0iPS4hcgUuTwjAzZr1Z9CAow","kid":"MKBCTNIcKUSDii11ySs3526iDZ8AiTo7Tu6KPAqv7D4","kty":"oct"}]}}
},
"application/vnd.sso.registration.createSharedSecretV1+json": {
"schema": {
"$ref": "#/components/schemas/CreateSharedSecretModel"
},
"example": {"description":"Secret generated on 2023-04-03","client_secret_expires_at":0}
}
}
},
"responses": {
"401": {
"description": "Could not resolve identity from bearer token.",
"headers": {
"CorrelationId": {
"description": "The correlation ID response header",
"schema": {
"type": "String"
}
}
}
},
"403": {
"description": "You do not have the required permissions to perform this operation.",
"headers": {
"CorrelationId": {
"description": "The correlation ID response header",
"schema": {
"type": "String"
}
}
}
},
"502": {
"description": "Communication with the remote server failed.",
"headers": {
"CorrelationId": {
"description": "The correlation ID response header",
"schema": {
"type": "String"
}
}
}
},
"201": {
"description": "The shared secret was created successfully.",
"headers": {
"Location": {
"description": "The location of the newly created resource",
"schema": {
"type": "String"
}
},
"CorrelationId": {
"description": "The correlation ID response header",
"schema": {
"type": "String"
}
}
},
"content": {
"application/vnd.sso.registration.sharedsecretcreatedV1+json": {
"schema": {
"$ref": "#/components/schemas/SharedSecretCreatedModel"
}
}
}
},
"400": {
"description": "The secret had invalid data.",
"headers": {
"CorrelationId": {
"description": "The correlation ID response header",
"schema": {
"type": "String"
}
}
},
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ValidationErrorModel"
}
},
"text/json": {
"schema": {
"$ref": "#/components/schemas/ValidationErrorModel"
}
}
}
},
"404": {
"description": "Cannot find a client registration for the given client Id.",
"headers": {
"CorrelationId": {
"description": "The correlation ID response header",
"schema": {
"type": "String"
}
}
}
},
"415": {
"description": "The request media type is not supported",
"headers": {
"CorrelationId": {
"description": "The correlation ID response header",
"schema": {
"type": "String"
}
}
}
}
}
}
},
"/registration/clients/{clientId}/secrets/{secretId}": {
"get": {
"tags": [
"Secrets"
],
"summary": "Get a secret of an existing client.",
"operationId": "GetSecret",
"parameters": [
{
"name": "clientId",
"in": "path",
"description": "The client to get the secret for.",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "secretId",
"in": "path",
"description": "The secret id.",
"required": true,
"schema": {
"type": "string"
}
}
],
"responses": {
"401": {
"description": "Could not resolve identity from bearer token.",
"headers": {
"CorrelationId": {
"description": "The correlation ID response header",
"schema": {
"type": "String"
}
}
}
},
"403": {
"description": "You do not have the required permissions to perform this operation.",
"headers": {
"CorrelationId": {
"description": "The correlation ID response header",
"schema": {
"type": "String"
}
}
}
},
"502": {
"description": "Communication with the remote server failed.",
"headers": {
"CorrelationId": {
"description": "The correlation ID response header",
"schema": {
"type": "String"
}
}
}
},
"200": {
"description": "The client specific secret.",
"headers": {
"CorrelationId": {
"description": "The correlation ID response header",
"schema": {
"type": "String"
}
}
},
"content": {
"application/vnd.sso.registration.secretV1+json": {
"schema": {
"$ref": "#/components/schemas/SecretModel"
}
}
}
},
"404": {
"description": "Cannot find a registration for the given resource Id.",
"headers": {
"CorrelationId": {
"description": "The correlation ID response header",
"schema": {
"type": "String"
}
}
}
}
}
},
"delete": {
"tags": [
"Secrets"
],
"summary": "Delete a secret of an existing client.",
"operationId": "DeleteSecret",
"parameters": [
{
"name": "clientId",
"in": "path",
"description": "The client to get the secret for.",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "secretId",
"in": "path",
"description": "The secret id.",
"required": true,
"schema": {
"type": "string"
}
}
],
"responses": {
"401": {
"description": "Could not resolve identity from bearer token.",
"headers": {
"CorrelationId": {
"description": "The correlation ID response header",
"schema": {
"type": "String"
}
}
}
},
"403": {
"description": "You do not have the required permissions to perform this operation.",
"headers": {
"CorrelationId": {
"description": "The correlation ID response header",
"schema": {
"type": "String"
}
}
}
},
"502": {
"description": "Communication with the remote server failed.",
"headers": {
"CorrelationId": {
"description": "The correlation ID response header",
"schema": {
"type": "String"
}
}
}
},
"204": {
"description": "The client secret was deleted successfully.",
"headers": {
"CorrelationId": {
"description": "The correlation ID response header",
"schema": {
"type": "String"
}
}
}
},
"404": {
"description": "Cannot find a registration for the given resource Id.",
"headers": {
"CorrelationId": {
"description": "The correlation ID response header",
"schema": {
"type": "String"
}
}
}
}
}
}
},
"/registration/clients/{clientId}/secrets/resetsharedsecrets": {
"post": {
"tags": [
"Secrets"
],
"summary": "Reset the shared secrets of a client and creates a new one. This wlll instantly make the previous shared secrets\r\ncompletely unusable.",
"operationId": "ResetSharedSecrets",
"parameters": [
{
"name": "clientId",
"in": "path",
"description": "The client to reset the shared secrets for.",
"required": true,
"schema": {
"type": "string"
}
}
],
"requestBody": {
"description": "model for options on new secret.",
"content": {
"application/vnd.sso.registration.resetsharedsecretV1+json": {
"schema": {
"$ref": "#/components/schemas/ResetSharedSecretsModel"
}
}
}
},
"responses": {
"401": {
"description": "Could not resolve identity from bearer token.",
"headers": {
"CorrelationId": {
"description": "The correlation ID response header",
"schema": {
"type": "String"
}
}
}
},
"403": {
"description": "You do not have the required permissions to perform this operation.",
"headers": {
"CorrelationId": {
"description": "The correlation ID response header",
"schema": {
"type": "String"
}
}
}
},
"502": {
"description": "Communication with the remote server failed.",
"headers": {
"CorrelationId": {
"description": "The correlation ID response header",
"schema": {
"type": "String"
}
}
}
},
"201": {
"description": "The shared secret was created successfully.",
"headers": {
"Location": {
"description": "The location of the newly created resource",
"schema": {
"type": "String"
}
},
"CorrelationId": {
"description": "The correlation ID response header",
"schema": {
"type": "String"
}
}
},
"content": {
"application/vnd.sso.registration.sharedsecretcreatedV1+json": {
"schema": {
"$ref": "#/components/schemas/SharedSecretCreatedModel"
}
}
}
},
"404": {
"description": "Cannot find a client registration for the given client Id.",
"headers": {
"CorrelationId": {
"description": "The correlation ID response header",
"schema": {
"type": "String"
}
}
}
}
}
}
}
},
"components": {
"schemas": {
"ApiCreatedModel": {
"type": "object",
"properties": {
"api_id": {
"type": "string",
"description": "The unique identifier representing the API.",
"nullable": true
},
"_links": {
"$ref": "#/components/schemas/ApiResourceLinks"
}
},
"additionalProperties": false,
"description": "Create API response."
},
"ApiModel": {
"type": "object",
"properties": {
"api_id": {
"type": "string",
"description": "Unique ID of the API",
"nullable": true
},
"api_name": {
"type": "string",
"description": "Name of the API registration",
"nullable": true
},
"claim_types": {
"type": "array",
"items": {
"type": "string"
},
"description": "The list of claims the API wants to receive. Their presence will depend on whether the Genetec STS can provide these\r\nclaims or not.",
"nullable": true
},
"scopes": {
"type": "array",
"items": {
"$ref": "#/components/schemas/ScopeModel"
},
"description": "List of scopes associated to an API",
"nullable": true
},
"_links": {
"$ref": "#/components/schemas/ApiResourceLinks"
}
},
"additionalProperties": false,
"description": "The API registration data representation."
},
"ApiResourceLinks": {
"type": "object",
"properties": {
"owners": {
"type": "string",
"format": "uri",
"nullable": true
},
"self": {
"type": "string",
"format": "uri",
"nullable": true
}
},
"additionalProperties": false
},
"ClientCreatedModel": {
"type": "object",
"properties": {
"client_id": {
"type": "string",
"description": "The unique identifier representing the client.",
"nullable": true
},
"client_secret": {
"type": "string",
"description": "The client secret in clear. Save this value because it cannot be obtained afterwards.",
"nullable": true
},
"client_secret_expires_at": {
"type": "integer",
"description": "The epoch time at which the client secret will expire. If 0, it means it never expires.",
"format": "int64",
"nullable": true
},
"_links": {
"$ref": "#/components/schemas/ClientResourceLinks"
}
},
"additionalProperties": false,
"description": "Create client response."
},
"ClientModel": {
"type": "object",
"properties": {
"allowed_cors_origins": {
"type": "array",
"items": {
"type": "string"
},
"description": "Specifies the allowed CORS origins for JavaScript clients.",
"nullable": true
},
"always_include_user_claims_in_id_token": {
"type": "boolean",
"description": "Specifies whether the user claims are included in the id_token or not. The client is not required to use the userinfo\r\nendpoint when this is enabled. Defaults to false."
},
"client_id": {
"type": "string",
"description": "The unique identifier representing the client.",
"nullable": true
},
"client_name": {
"type": "string",
"description": "Display name of the client.",
"nullable": true
},
"default_idp": {
"type": "string",
"description": "When no identity provider can be resolved, STS fallbacks to Genetec Portal.\r\nHowever, it is possible to specify other identity providers, mainly to keep compatibility with existing\r\nuser bases before migrating/converging to a single one.",
"nullable": true
},
"grant_types": {
"type": "array",
"items": {
"type": "string"
},
"description": "The grant types the client can use to authenticate.",
"nullable": true
},
"post_logout_redirect_uris": {
"type": "array",
"items": {
"type": "string"
},
"description": "List of allowed URIs to redirect to after logout.",
"nullable": true
},
"redirect_errors_to_client_application": {
"type": "boolean",
"description": "Determines whether errors should be returned to the client application or not."
},
"redirect_uris": {
"type": "array",
"items": {
"type": "string"
},
"description": "List of allowed redirect URIs when registering a client with authorization_code.",
"nullable": true
},
"require_pkce": {
"type": "boolean",
"description": "Specifies whether a proof key is required for authorization code based token requests. Default is false."
},
"scope": {
"type": "string",
"description": "Space-separated list of scope values the client can use when requesting tokens.",
"nullable": true
},
"tls_client_certificate_bound_access_tokens": {
"type": "boolean",
"description": "Indicates the client's intention to use mutual-TLS client certificate-bound access tokens.\r\nsee: https://tools.ietf.org/html/rfc8705"
},
"social_identity_providers_authentication": {
"type": "string",
"description": "Social authentication mode. One of \"allow_all\", \"allow_whitelist\" or \"deny_all\". Default is \"allow_all\"",
"nullable": true
},
"social_identity_providers_whitelist": {
"type": "array",
"items": {
"type": "string"
},
"description": "Social identity providers whitelist. Accepted values are \"google\", \"microsoft-personal-account\" and \"yahoo\"",
"nullable": true
},
"application_type": {
"type": "string",
"description": "Kind of the application. The default, if omitted, is web. The defined values are native or web.",
"nullable": true
},
"logout_behavior": {
"type": "string",
"description": "Logout behavior of the application. The default, if omitted, is the default defined by the Identity Provider.",
"nullable": true
},
"_links": {
"$ref": "#/components/schemas/ClientResourceLinks"
}
},
"additionalProperties": false,
"description": "The client registration data representation."
},
"ClientResourceLinks": {
"type": "object",
"properties": {
"owners": {
"type": "string",
"format": "uri",
"nullable": true
},
"secrets": {
"type": "string",
"format": "uri",
"nullable": true
},
"resetsharedsecrets": {
"type": "string",
"format": "uri",
"nullable": true
},
"self": {
"type": "string",
"format": "uri",
"nullable": true
}
},
"additionalProperties": false
},
"CreateApiRequestModel": {
"type": "object",
"properties": {
"api_id": {
"type": "string",
"description": "Unique ID of the API",
"nullable": true
},
"api_name": {
"type": "string",
"description": "Display name of the API being registered.",
"nullable": true
},
"claim_types": {
"type": "array",
"items": {
"type": "string"
},
"description": "The list of claims the API wants to receive. Their presence will depend on whether the Genetec STS can provide these\r\nclaims or not.",
"nullable": true
},
"scopes": {
"type": "array",
"items": {
"$ref": "#/components/schemas/ScopeModel"
},
"description": "List of scopes associated to an API",
"nullable": true
}
},
"additionalProperties": false,
"description": "Used to create a dynamic API registration"
},
"CreateClientRequestModel": {
"type": "object",
"properties": {
"tls_client_certificate_bound_access_tokens": {
"type": "boolean",
"description": "Indicates the client's intention to use mutual-TLS client certificate-bound access tokens.\r\nsee: https://tools.ietf.org/html/rfc8705"
},
"allowed_cors_origins": {
"type": "array",
"items": {
"type": "string"
},
"description": "Specifies the allowed CORS origins for JavaScript clients.",
"nullable": true
},
"always_include_user_claims_in_id_token": {
"type": "boolean",
"description": "Specifies whether the user claims are included in the id_token or not. The client is not required to use the userinfo\r\nendpoint when this is enabled. Defaults to false."
},
"client_name": {
"type": "string",
"description": "Display name of the client being registered.",
"nullable": true
},
"grant_types": {
"type": "array",
"items": {
"type": "string"
},
"description": "The grant types the client can use to authenticate. Defaults to \"authorization_code\", which is used to\r\nauthenticate users. When authenticating an application (e.g. an API that talks to another API), you may want to use\r\n\"client_credentials\".",
"nullable": true
},
"redirect_errors_to_client_application": {
"type": "boolean",
"description": "Determines whether errors should be returned to the client application or not."
},
"redirect_uris": {
"type": "array",
"items": {
"type": "string"
},
"description": "List of allowed redirect URIs when registering a client with authorization_code.\r\nThe Uri format must be an absolute URL without any wildcards or query string and start with https\r\nnote: the path /signin-oidc can be whatever you like, it is the default value that the authentication middleware will\r\nregister in your application.",
"nullable": true
},
"require_pkce": {
"type": "boolean",
"description": "Specifies whether a proof key is required for authorization code based token requests. Default is false."
},
"scope": {
"type": "string",
"description": "Space-separated list of scope values the client can use when requesting tokens.",
"nullable": true
},
"post_logout_redirect_uris": {
"type": "array",
"items": {
"type": "string"
},
"description": "List of allowed URIs to redirect to after logout.\r\nThe Uri format must be an absolute URL without any wildcards or query string and start with https.",
"nullable": true
},
"default_idp": {
"type": "string",
"description": "This field is deprecated. It should only be used in very specific scenarios for Genetec Portal.\r\nThe default is to use Genetec Account.",
"nullable": true
},
"social_identity_providers_authentication": {
"type": "string",
"description": "Social authentication mode. One of \"allow_all\", \"allow_whitelist\" or \"deny_all\". Default is \"allow_all\"",
"nullable": true
},
"social_identity_providers_whitelist": {
"type": "array",
"items": {
"type": "string"
},
"description": "Social identity providers whitelist. Accepted values are \"google\", \"microsoft-personal-account\" and \"yahoo\"",
"nullable": true
},
"application_type": {
"type": "string",
"description": "OPTIONAL. Kind of the application. The default, if omitted, is web. The defined values are native or web.",
"nullable": true
},
"logout_behavior": {
"type": "string",
"description": "OPTIONAL. Logout behavior of the application. The default, if omitted, is the default defined by the Identity Provider.\r\n<br>Possible behaviors include : forward, dont_forward, prompt and idp_default.",
"nullable": true
}
},
"additionalProperties": false,
"description": "Used to create a dynamic client registration. Possible values for most of the fields can be found on the\r\n<a href=\"https://login.genetec.com/.well-known/openid-configuration\" target=\"_blank\">Genetec STS's discovery document</a>"
},
"CreateConnectionModel": {
"type": "object",
"properties": {
"client_whitelist": {
"type": "array",
"items": {
"type": "string"
},
"description": "List of allowed clients for the identity provider. Useful when the identity provider integration is being tested before\r\ngoing live.",
"nullable": true
},
"description": {
"type": "string",
"nullable": true
},
"domain_names": {
"type": "array",
"items": {
"type": "string"
},
"description": "The domains to associate to the identity provider",
"nullable": true
}
},
"additionalProperties": false,
"description": "Create a new connection to an already existing identity provider. In this beta version, this model\r\nonly supports adding domains to Azure AD."
},
"CreateJwksSecretModel": {
"type": "object",
"properties": {
"description": {
"type": "string",
"description": "Optional. A short description that describes the context in which this secret was created or needed for.",
"nullable": true
},
"expires_at": {
"type": "string",
"description": "Optional. The UTC time at which the secret expires",
"format": "date-time",
"nullable": true
},
"value": {
"$ref": "#/components/schemas/JsonWebKeySet"
}
},
"additionalProperties": false,
"description": "Allows to create a secret for a client"
},
"CreateOwnerModel": {
"type": "object",
"properties": {
"claim_type": {
"type": "string",
"description": "The claim type to use to validate the ownership. The valid values are \"sub\", \"email\", \"groups\" and \"client_id\".",
"nullable": true
},
"claim_value": {
"type": "string",
"description": "The claim value to use to validate the ownership.",
"nullable": true
},
"description": {
"type": "string",
"description": "Description of the owner",
"nullable": true
}
},
"additionalProperties": false,
"description": "Create owner request model."
},
"CreateSharedSecretModel": {
"type": "object",
"properties": {
"description": {
"type": "string",
"description": "Optional. A short description that describes the context in which this secret was created or needed for.",
"nullable": true
},
"client_secret_expires_at": {
"type": "integer",
"description": "The epoch time at which the client secret will expire. If 0, it means it never expires.",
"nullable": true
}
},
"additionalProperties": false
},
"CryptoProviderCache": {
"type": "object",
"additionalProperties": false
},
"CryptoProviderFactory": {
"type": "object",
"properties": {
"crypto_provider_cache": {
"$ref": "#/components/schemas/CryptoProviderCache"
},
"custom_crypto_provider": {
"$ref": "#/components/schemas/ICryptoProvider"
},
"cache_signature_providers": {
"type": "boolean",
"default": true
},
"signature_provider_object_pool_cache_size": {
"type": "integer",
"format": "int32"
}
},
"additionalProperties": false
},
"ErrorModel": {
"type": "object",
"properties": {
"code": {
"type": "string",
"description": "Error code to group classes of error.",
"nullable": true
},
"details": {
"type": "string",
"description": "Optional details of the failure.",
"nullable": true
},
"conflicting_resource_location": {
"type": "string",
"description": "When the Code is \"duplicate_element\", then this the url to the conflicting resource when available.",
"format": "uri",
"nullable": true
}
},
"additionalProperties": false,
"description": "General model for any type of error except a validation error."
},
"ICryptoProvider": {
"type": "object",
"additionalProperties": false
},
"IdpConnectionModel": {
"type": "object",
"properties": {
"client_whitelist": {
"type": "array",
"items": {
"type": "string"
},
"description": "List of allowed clients for the identity provider",
"nullable": true
},
"description": {
"type": "string",
"description": "Description of the connection",
"nullable": true
},
"domain_names": {
"type": "array",
"items": {
"type": "string"
},
"description": "The domain names that are associated to the identity provider.",
"nullable": true
},
"identity_provider_uri": {
"type": "string",
"description": "Unique identifier of the identity provider.",
"format": "uri",
"nullable": true
},
"issuers": {
"type": "array",
"items": {
"type": "string",
"format": "uri"
},
"description": "The issuers url that are the authority when token are emitted for the given domains.",
"nullable": true
}
},
"additionalProperties": false,
"description": "Describes a connection to an identity provider for a specifc domains"
},
"InputResourceKind": {
"enum": [
"clients",
"apis"
],
"type": "string"
},
"JsonWebKey": {
"type": "object",
"properties": {
"additional_data": {
"type": "object",
"additionalProperties": { },
"nullable": true,
"readOnly": true
},
"alg": {
"type": "string",
"nullable": true
},
"crv": {
"type": "string",
"nullable": true
},
"d": {
"type": "string",
"nullable": true
},
"dp": {
"type": "string",
"nullable": true
},
"dq": {
"type": "string",
"nullable": true
},
"e": {
"type": "string",
"nullable": true
},
"k": {
"type": "string",
"nullable": true
},
"key_id": {
"type": "string",
"nullable": true
},
"key_ops": {
"type": "array",
"items": {
"type": "string"
},
"nullable": true,
"readOnly": true
},
"kid": {
"type": "string",
"nullable": true
},
"kty": {
"type": "string",
"nullable": true
},
"n": {
"type": "string",
"nullable": true
},
"oth": {
"type": "array",
"items": {
"type": "string"
},
"nullable": true
},
"p": {
"type": "string",
"nullable": true
},
"q": {
"type": "string",
"nullable": true
},
"qi": {
"type": "string",
"nullable": true
},
"use": {
"type": "string",
"nullable": true
},
"x": {
"type": "string",
"nullable": true
},
"x5c": {
"type": "array",
"items": {
"type": "string"
},
"nullable": true,
"readOnly": true
},
"x5t": {
"type": "string",
"nullable": true
},
"x5t_s256": {
"type": "string",
"nullable": true
},
"x5u": {
"type": "string",
"nullable": true
},
"y": {
"type": "string",
"nullable": true
},
"key_size": {
"type": "integer",
"format": "int32",
"readOnly": true
},
"has_private_key": {
"type": "boolean",
"readOnly": true
},
"crypto_provider_factory": {
"$ref": "#/components/schemas/CryptoProviderFactory"
}
},
"additionalProperties": false
},
"JsonWebKeyModel": {
"type": "object",
"properties": {
"alg": {
"type": "string",
"description": "Gets or sets the 'alg' (KeyType)..",
"nullable": true
},
"crv": {
"type": "string",
"description": "Gets or sets the 'crv' (ECC - Curve)..",
"nullable": true
},
"d": {
"type": "string",
"description": "Gets or sets the 'd' (ECC - Private Key OR RSA - Private Exponent)..",
"nullable": true
},
"dp": {
"type": "string",
"description": "Gets or sets the 'dp' (RSA - First Factor CRT Exponent)..",
"nullable": true
},
"dq": {
"type": "string",
"description": "Gets or sets the 'dq' (RSA - Second Factor CRT Exponent)..",
"nullable": true
},
"e": {
"type": "string",
"description": "Gets or sets the 'e' (RSA - Exponent)..",
"nullable": true
},
"k": {
"type": "string",
"description": "Gets or sets the 'k' (Symmetric - Key Value)..",
"nullable": true
},
"key_ops": {
"type": "array",
"items": {
"type": "string"
},
"description": "Gets or sets the 'key_ops' (Key Operations)..",
"nullable": true
},
"kid": {
"type": "string",
"description": "Gets or sets the 'kid' (Key ID)..",
"nullable": true
},
"kty": {
"type": "string",
"description": "Gets or sets the 'kty' (Key Type)..",
"nullable": true
},
"n": {
"type": "string",
"description": "Gets or sets the 'n' (RSA - Modulus)..",
"nullable": true
},
"oth": {
"type": "array",
"items": {
"type": "string"
},
"description": "Gets or sets the 'oth' (RSA - Other Primes Info)..",
"nullable": true
},
"p": {
"type": "string",
"description": "Gets or sets the 'p' (RSA - First Prime Factor)..",
"nullable": true
},
"q": {
"type": "string",
"description": "Gets or sets the 'q' (RSA - Second Prime Factor)..",
"nullable": true
},
"qi": {
"type": "string",
"description": "Gets or sets the 'qi' (RSA - First CRT Coefficient)..",
"nullable": true
},
"use": {
"type": "string",
"description": "Gets or sets the 'use' (Public Key Use)..",
"nullable": true
},
"x": {
"type": "string",
"description": "Gets or sets the 'x' (ECC - X Coordinate)..",
"nullable": true
},
"x5c": {
"type": "array",
"items": {
"type": "string"
},
"description": "Gets the 'x5c' collection (X.509 Certificate Chain)..",
"nullable": true
},
"x5t": {
"type": "string",
"description": "Gets or sets the 'x5t' (X.509 Certificate SHA-1 thumbprint)..",
"nullable": true
},
"x5t_s256": {
"type": "string",
"description": "Gets or sets the 'x5t#S256' (X.509 Certificate SHA-1 thumbprint)..",
"nullable": true
},
"x5u": {
"type": "string",
"description": "Gets or sets the 'x5u' (X.509 URL)..",
"nullable": true
},
"y": {
"type": "string",
"description": "Gets or sets the 'y' (ECC - Y Coordinate)..",
"nullable": true
}
},
"additionalProperties": false,
"description": "Copied from identity server's JsonWebKey so it is serialized properly"
},
"JsonWebKeySet": {
"type": "object",
"properties": {
"additional_data": {
"type": "object",
"additionalProperties": { },
"nullable": true,
"readOnly": true
},
"keys": {
"type": "array",
"items": {
"$ref": "#/components/schemas/JsonWebKey"
},
"nullable": true,
"readOnly": true
},
"skip_unresolved_json_web_keys": {
"type": "boolean",
"default": true
}
},
"additionalProperties": false
},
"JsonWebKeySetModel": {
"type": "object",
"properties": {
"keys": {
"type": "array",
"items": {
"$ref": "#/components/schemas/JsonWebKeyModel"
},
"description": "A list of JSON web keys",
"nullable": true
}
},
"additionalProperties": false,
"description": "Copied from identity server's JsonWebKeySetModel so it is serialized properly"
},
"Operation": {
"type": "object",
"properties": {
"value": {
"nullable": true
},
"path": {
"type": "string",
"nullable": true
},
"op": {
"type": "string",
"nullable": true
},
"from": {
"type": "string",
"nullable": true
}
},
"additionalProperties": false
},
"OwnerModel": {
"type": "object",
"properties": {
"claim_type": {
"type": "string",
"description": "The claim type to use to validate the ownership.",
"nullable": true
},
"claim_value": {
"type": "string",
"description": "The claim value to use to validate the ownership.",
"nullable": true
},
"description": {
"type": "string",
"description": "Description of the owner",
"nullable": true
},
"owner_url": {
"type": "string",
"description": "Url to the owner resource.",
"nullable": true
}
},
"additionalProperties": false,
"description": "The owner data representation."
},
"ProblemDetails": {
"type": "object",
"properties": {
"type": {
"type": "string",
"nullable": true
},
"title": {
"type": "string",
"nullable": true
},
"status": {
"type": "integer",
"format": "int32",
"nullable": true
},
"detail": {
"type": "string",
"nullable": true
},
"instance": {
"type": "string",
"nullable": true
}
},
"additionalProperties": { }
},
"RemoveDomainsModel": {
"type": "object",
"properties": {
"domain_names": {
"type": "array",
"items": {
"type": "string"
},
"nullable": true
}
},
"additionalProperties": false
},
"ResetSharedSecretsModel": {
"type": "object",
"properties": {
"client_secret_expires_at": {
"type": "integer",
"description": "The epoch time at which the client secret will expire. If 0, it means it never expires.",
"format": "int64",
"nullable": true
}
},
"additionalProperties": false
},
"ResourceLinks": {
"type": "object",
"properties": {
"self": {
"type": "string",
"format": "uri",
"nullable": true
}
},
"additionalProperties": false
},
"ScopeModel": {
"type": "object",
"properties": {
"name": {
"type": "string",
"nullable": true
}
},
"additionalProperties": false
},
"SecretListItemModel": {
"type": "object",
"properties": {
"description": {
"type": "string",
"description": "A short description that describes the context in which this secret was created or needed for",
"nullable": true
},
"expires_at": {
"type": "string",
"description": "The UTC time at which the secret expires",
"format": "date-time",
"nullable": true
},
"created_on": {
"type": "string",
"description": "The UTC time at which the secret was created",
"format": "date-time",
"nullable": true
},
"type": {
"type": "string",
"description": "The type of the secret, can be either 'jwks' or 'SharedSecret'.",
"nullable": true
},
"_links": {
"$ref": "#/components/schemas/ResourceLinks"
}
},
"additionalProperties": false,
"description": "Provides information on a client secret"
},
"SecretListModel": {
"type": "object",
"properties": {
"secrets": {
"type": "array",
"items": {
"$ref": "#/components/schemas/SecretListItemModel"
},
"description": "The secrets of a client",
"nullable": true
},
"_links": {
"$ref": "#/components/schemas/SecretResourceLinks"
}
},
"additionalProperties": false,
"description": "Provides information on client secrets."
},
"SecretModel": {
"type": "object",
"properties": {
"created_on": {
"type": "string",
"description": "The UTC time at which the secret was created",
"format": "date-time",
"nullable": true
},
"description": {
"type": "string",
"description": "A short description that describes the context in which this secret was created or needed for",
"nullable": true
},
"expires_at": {
"type": "string",
"description": "The UTC time at which the secret expires",
"format": "date-time",
"nullable": true
},
"_links": {
"$ref": "#/components/schemas/ResourceLinks"
},
"type": {
"type": "string",
"description": "The type of the secret, can be either 'jwks' or 'SharedSecret'.",
"nullable": true
},
"value": {
"$ref": "#/components/schemas/JsonWebKeySetModel"
}
},
"additionalProperties": false
},
"SecretResourceLinks": {
"type": "object",
"properties": {
"resetsharedsecrets": {
"type": "string",
"format": "uri",
"nullable": true
},
"self": {
"type": "string",
"format": "uri",
"nullable": true
}
},
"additionalProperties": false
},
"SharedSecretCreatedModel": {
"type": "object",
"properties": {
"client_secret": {
"type": "string",
"description": "The client secret in clear. Save this value because it cannot be obtained afterwards.",
"nullable": true
},
"client_secret_expires_at": {
"type": "integer",
"description": "The epoch time at which the client secret will expire. If 0, it means it never expires.",
"format": "int64",
"nullable": true
}
},
"additionalProperties": false,
"description": "Response when a shared secret was created"
},
"UpdateApiModel": {
"type": "object",
"properties": {
"api_name": {
"type": "string",
"description": "The new resource display name.",
"nullable": true
},
"claim_types": {
"type": "array",
"items": {
"type": "string"
},
"description": "The list of claims that will be added to the token when the Api is requested as a scope, or when\r\na scope this Api participates in is requested.",
"nullable": true
},
"scopes": {
"type": "array",
"items": {
"$ref": "#/components/schemas/ScopeModel"
},
"description": "List of scopes this Api participates in",
"nullable": true
}
},
"additionalProperties": false,
"description": "Used to update an API registration"
},
"UpdateClientModel": {
"type": "object",
"properties": {
"tls_client_certificate_bound_access_tokens": {
"type": "boolean",
"description": "Indicates the client's intention to use mutual-TLS client certificate-bound access tokens.\r\nsee: https://tools.ietf.org/html/rfc8705"
},
"allowed_cors_origins": {
"type": "array",
"items": {
"type": "string"
},
"description": "Specifies the allowed CORS origins for JavaScript clients.",
"nullable": true
},
"always_include_user_claims_in_id_token": {
"type": "boolean",
"description": "Specifies whether the user claims are included in the id_token or not. The client is not required to use the userinfo\r\nendpoint when this is enabled. Defaults to false."
},
"client_name": {
"type": "string",
"description": "Display name of the client.",
"nullable": true
},
"default_idp": {
"type": "string",
"description": "When no identity provider can be resolved, STS fallbacks to Genetec Portal.\r\nHowever, it is possible to specify other identity providers, mainly to keep compatibility with existing\r\nuser bases before migrating/converging to a single one.",
"nullable": true
},
"post_logout_redirect_uris": {
"type": "array",
"items": {
"type": "string"
},
"description": "List of allowed URIs to redirect to after logout.",
"nullable": true
},
"redirect_errors_to_client_application": {
"type": "boolean",
"description": "Determines whether errors should be returned to the client application or not."
},
"redirect_uris": {
"type": "array",
"items": {
"type": "string"
},
"description": "List of allowed redirect URIs when registering a client with authorization_code.",
"nullable": true
},
"require_pkce": {
"type": "boolean",
"description": "Specifies whether a proof key is required for authorization code based token requests. Default is false."
},
"scope": {
"type": "string",
"description": "Space-separated list of scope values the client can use when requesting tokens.",
"nullable": true
},
"social_identity_providers_authentication": {
"type": "string",
"description": "Social authentication mode. One of \"allow_all\", \"allow_whitelist\" or \"deny_all\". Default is \"allow_all\"",
"nullable": true
},
"social_identity_providers_whitelist": {
"type": "array",
"items": {
"type": "string"
},
"description": "Social identity providers whitelist. Accepted values are \"google\", \"microsoft-personal-account\" and \"yahoo\"",
"nullable": true
},
"application_type": {
"type": "string",
"description": "Kind of the application. The default, if omitted, is web. The defined values are native or web.",
"nullable": true
},
"grant_types": {
"type": "array",
"items": {
"type": "string"
},
"description": "The grant types the client can use to authenticate. Defaults to \"authorization_code\", which is used to\r\nauthenticate users. When authenticating an application (e.g. an API that talks to another API), you may want to use\r\n\"client_credentials\".",
"nullable": true
},
"logout_behavior": {
"type": "string",
"description": "Logout behavior of the application. The default, if omitted, is the default defined by the Identity Provider.\r\nPossible behaviors include : forward, dont_forward, prompt and idp_default.",
"nullable": true
}
},
"additionalProperties": false,
"description": "The update client registration data representation."
},
"ValidationErrorField": {
"type": "object",
"properties": {
"field_name": {
"type": "string",
"description": "The name of the field in error.",
"nullable": true
},
"errors": {
"type": "array",
"items": {
"$ref": "#/components/schemas/ValidationErrorItem"
},
"description": "The list of errors for this field.",
"nullable": true
}
},
"additionalProperties": false,
"description": "Represents the validation error on a specific field."
},
"ValidationErrorItem": {
"type": "object",
"properties": {
"code": {
"type": "string",
"description": "The error code of the validation",
"nullable": true
},
"message": {
"type": "string",
"description": "The error message of the validation",
"nullable": true
}
},
"additionalProperties": false,
"description": "Represents the description of a validation error on a field"
},
"ValidationErrorModel": {
"type": "object",
"properties": {
"errors": {
"type": "array",
"items": {
"$ref": "#/components/schemas/ValidationErrorField"
},
"description": "Validation error data.",
"nullable": true
}
},
"additionalProperties": false,
"description": "Represents the validation error information."
}
},
"securitySchemes": {
"GenetecLogin": {
"type": "oauth2",
"flows": {
"authorizationCode": {
"authorizationUrl": "https://login.genetec.com/connect/authorize",
"tokenUrl": "https://login.genetec.com/connect/token",
"scopes": {
"groups": "Used to authorize specific Azure AD groups",
"identity.registration": "Genetec Identity Registration API",
"openid": "Used to obtain the user's unique identifier"
}
}
}
}
}
},
"security": [
{
"GenetecLogin": [
"groups",
"identity.registration",
"openid"
]
}
]
}