Your suggested change has been received. Thank you.

close

Suggest A Change

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

Thales Logo

All

  • All
back

API references

Identity Store API references

search

Please Note:

Identity Store API references

The OneWelcome Identity Platform provides the Identity Store (IDS) service. The Identity Store is a multi-tenant identity repository that stores and manages user identities and their attributes. It supports a flexible, schema-driven data model with attribute projection, filtering, and sorting, as well as per-attribute metadata through the Attribute Value Metadata (AVM) mechanism.

Identity Store APIs

The Identity Store service includes the following APIs:

  • Identity Management API: Provides endpoints for the following tasks:

    • List identities: Retrieve a paginated list of identities with optional filtering, sorting, and attribute projection.

    • Find by identifier: Look up a single identity by an exact match on an identifier attribute.

    • Get identity: Retrieve a single identity by its unique ID.

    • Create identity: Create a new identity that conforms to the tenant identity schema.

    • Replace identity: Fully replace an existing identity (PUT).

    • Update identity: Partially update one or more attribute values using JSON Patch operations (PATCH).

    • Soft delete: Mark an identity as deleted without permanently removing it.

    • Hard delete: Permanently remove an identity record.

  • Data Model API: Provides endpoints for the following tasks:

    • Get data model: Retrieve the full attribute schema (Attribute Schema Metadata) for all resource types or a specific resource type.

    • Update data model: Create or update custom attribute definitions for a resource type (bulk upsert).

    • Delete attributes: Permanently remove custom attribute definitions from the data model.

  • Attribute Value Metadata (AVM) API: Provides endpoints for the following tasks:

    • Get AVM entries: Retrieve all attribute value metadata entries for a given identity.

    • Upsert AVM entries: Create or update metadata entries for specific attributes of an identity.

    • Replace AVM entries: Replace all AVM entries for an identity.

    • Delete AVM entries: Remove AVM entries for specific attributes.

Authentication

All Identity Store API endpoints require OAuth2 Bearer tokens. The following scopes and roles control access:

Scope / Role Description
ids_api_read Read-only access to identities.
ids_api_write Write access to create and update identities.
ids_api_user User-level access to read and write identities and AVM entries.
ids_api_admin Full administrative access to all Identity Store APIs.
ids_api_config Access to read and manage the data model configuration.
ids_api_delete Permission to permanently delete identities (hard delete).
identity_store_read (role) Admin user role for read-only access.
identity_store_write (role) Admin user role for read and write access.

On this page