Cryptr API (2.0)
Download OpenAPI specification:Download
The Organizations allows you to manage your business-to-business (B2B) customers, and segments strictly that end-users access their applications. Each end-user are stored in a distinct directory for a dedicated customer (Organization), and the end-user experience is customized in your colors with a white label User interface. An (Organization) represents a business customer or partner in your Cryptr service.
- An (Organization) represents a business customer or partner in your Cryptr service.
Your Cryptr subscription plan you choose limit this feature. A free account is limited to 1 organization to manage.
The Organization type
Each new organization get a domain generated from its name. A domain is impossible to update, because it's the identifier of the organization.
country_name | enum The ISO3166-1 Alpha2 of the Organization. |
domain | slug Immutable identifier of the organization in a "slug format": domain is a STRING value in "lowercase" with "underline", generated from the name. |
id | uuid Immutable identifier in the Universal Unique Identifier (UUID) format. |
inserted_at | string <date-time> Date time of the insertion |
locality | string The Head Quarter locality of the organization |
name | string The name of your organization will be "sluggified" & store at the |
privacy_policy_url | url or null Url of the privacy policy url of your service. |
state | string The state of the locality (of the Organization). |
terms_of_service_url | url or null Url of the terms of service url of your service. |
updated_at | string <date-time> Update timestamp |
{- "__type__": "Organization",
- "country_name": "FR",
- "domain": "misapret",
- "id": "bbc39a5a-905c-4def-90e6-605ed7b27098",
- "inserted_at": "2021-10-18T10:02:31",
- "locality": "Lille",
- "name": "Misapret",
- "state": "Nord",
- "updated_at": "2021-10-18T10:02:31"
}
List all Organizations
Returns a list of your Organizations. The Organizations are returned sorted by creation date, with the most recent customers appearing first.
RETURNS
A dictionary with a data property that contains an array of up to limit Organizations. Each entry in the array is a separate Organization type. If no Organizations are available, the resulting array will be empty. This request should never return an error.
query Parameters
page | |
per_page | integer Example: per_page=8 Precise the size of the pages of the pagination of the list, see how to paginate the Cryptr API. |
Responses
Request samples
- cURL
curl https://${YOUR_CRYPTR_SERVICE_URL}/api/v2/organizations
Response samples
- 200
{- "__type__": "List",
- "data": [
- {
- "__access__": "limited_to:misapret",
- "__domain__": "misapret",
- "__managed_by__": "your_domain",
- "__type__": "Organization",
- "country_name": "FR",
- "domain": "misapret",
- "id": "bbc39a5a-905c-4def-90e6-605ed7b27098",
- "inserted_at": "2021-10-18T10:02:31",
- "locality": "Lille",
- "name": "Misapret",
- "state": "Nord",
- "updated_at": "2021-10-18T10:02:31"
}
], - "pagination": {
- "current_page": 1,
- "next_page": 1,
- "per_page": 8,
- "prev_page": 0,
- "total_pages": 1
}, - "total": 1
}
Create an Organization
Creates a new Organization type with a name & a locality (the city
of the organization).
RETURNS
Returns an Organization if the creation succeeded. Returns an error if create parameters are invalid (e.g. specifying an invalid code or an invalid source).
query Parameters
name required | string Example: name=Misapret The name of your organization will be "sluggified" & store into the domain field. "Awesome company" will become "awesome-company". |
autocomplete_address | string Example: autocomplete_address=Dublin Use this field to autocomplete address fields (state, locality , country_name) using our address engine. Examples:
|
Responses
Request samples
- cURL
/* With Address engine */ curl https://${YOUR_CRYPTR_SERVICE_URL}/api/v2/organizations/${ORGANIZATION_DOMAIN} -d autocomplete_address="San Francisco" -d privacy_policy_url="https://misapret.com/policy" /* OR Without Address engine */ curl https://${YOUR_CRYPTR_SERVICE_URL}/api/v2/organizations/${ORGANIZATION_DOMAIN} -d locality="Lille" -d state="Hauts-de-France" -d country_name="FR" -d privacy_policy_url="https://misapret.com/policy"
Response samples
- 200
{- "__access__": "limited_to:misapret",
- "__domain__": "misapret",
- "__managed_by__": "your_domain",
- "__type__": "Organization",
- "country_name": "FR",
- "domain": "misapret",
- "id": "4124141d-675e-4361-bc8b-6417b22bd4fc",
- "inserted_at": "2017-09-12T12:34:55Z",
- "locality": "Lille",
- "name": "Misapret",
- "state": "Nord",
- "updated_at": "2017-09-13T10:11:12Z"
}
Retrieve an Organization
Fetch an Organization by its given domain. The domain is generated from its name. It's a unique and immutable value in your Cryptr service.
RETURNS
Returns the Organization for a valid identifier. If it’s for a deleted Organization, a subset of the Organization’s information is returned, including a deleted property that’s set to true.
path Parameters
org_domain | string Example: misapret Domain is a STRING value in "lowercase" with "dash", generated from the organization name. |
Responses
Request samples
- cURL
curl https://${YOUR_CRYPTR_SERVICE_URL}/api/v2/organizations/${ORGANIZATION_DOMAIN}
Response samples
- 200
{- "__access__": "limited_to:misapret",
- "__domain__": "misapret",
- "__managed_by__": "your_domain",
- "__type__": "Organization",
- "country_name": "FR",
- "domain": "misapret",
- "id": "4124141d-675e-4361-bc8b-6417b22bd4fc",
- "inserted_at": "2017-09-12T12:34:55Z",
- "locality": "Lille",
- "name": "Misapret",
- "state": "Nord",
- "updated_at": "2017-09-13T10:11:12Z"
}
Update an Organization
You can't update the domain of an Organization. If you need to, you have to create a new one.
RETURNS
Returns the Organization if the update succeeded. Returns an error if create parameters are invalid (e.g. specifying an invalid code or an invalid source).
path Parameters
org_domain required | string Example: Misapret Domain is a STRING value in "lowercase" with "dash", generated from the organization name. |
query Parameters
name | string Example: name=Misapret The name of your organization (won't change domain because already set at creation) |
locality | string Example: locality=San Francisco You can describe, with an indication of the language as standard ISO 3166-2. |
state | string Example: state=Nord The state (region/state district) of the organization. |
country_name | |
privacy_policy_url | string <url> Example: privacy_policy_url=https://misapret.com/policy Url of the privacy policy url of your service. |
terms_of_service_url | string <url> Example: terms_of_service_url=https://misapret.com/terms Url of the terms of service url of your service. |
Responses
Request samples
- cURL
curl https://${YOUR_CRYPTR_SERVICE_URL}/api/v2/organizations/${ORGANIZATION_DOMAIN} -d locality="San Francisco" -d privacy_policy_url="https://misapret.com/policy"
Response samples
- 200
{- "__access__": "limited_to:misapret",
- "__domain__": "misapret",
- "__managed_by__": "your_domain",
- "__type__": "Organization",
- "country_name": "US",
- "domain": "misapret",
- "id": "4124141d-675e-4361-bc8b-6417b22bd4fc",
- "inserted_at": "2017-09-12T12:34:55Z",
- "locality": "San Francisco",
- "name": "Misapret",
- "state": "Californie",
- "updated_at": "2021-10-18T10:02:31"
}
Cryptr stores user profiles for your application in a dedicated hosted cloud database for a specific Organization. User profile information can come from your users directly. The sources are magic link signup, SSO (via SAML) logins, or Active Directory.
- A (User) represents an end user of your customer or partner in your Cryptr service.
Your Cryptr subscription plan could limit the number of users. See our pricing for more details.
The User's Organization domain
Each end-user is stored in a distinct directory for a dedicated customer (Organization). You can figure out the domain of the user's Organization from this user's atttribute domain.
The User type
Each new user get a unique id (identifier) generated and which is impossible to update.
avatar_hexa_color | string Each time a new user is created, a random color in hexadecimal format, like |
id | uuid The immutable identifier. |
metadata | Array of arrays User's MetaData. See Token Customization > Set meta data value of metakey |
object (Profile) The OpenID Connect profile specification defines a set of standard Claims. They can be requested to be returned either in the UserInfo Response or in the ID Token. |
{- "__access__": "limited_to:misapret",
- "__domain__": "misapret",
- "__environment__": "production",
- "__managed_by__": "your_domain",
- "__type__": "User",
- "id": "8724da20-c140-4d01-82d2-bc87079a6f6e",
- "metadata": [ ],
- "profile": {
- "__access__": "limited_to:misapret",
- "__domain__": "misapret",
- "__environment__": "production",
- "__managed_by__": "your-domain",
- "__type__": "Profile",
- "address": {
- "__access__": "limited_to:misapret",
- "__domain__": "misapret",
- "__environment__": "production",
- "__managed_by__": "your-domain",
- "__type__": "Address",
- "country": "FR",
- "formatted": "165 avenue de Bretagne\n59000 Lille, France",
- "locality": "Lille",
- "postal_code": "59000",
- "region": "Nord",
- "street_address": "165 avenue de Bretagne"
}, - "birthdate": "1943-01-19",
- "email": "janis.joplin@example.com",
- "family_name": "Joplin",
- "gender": "female",
- "given_name": "Janis",
- "locale": "fr",
- "name": "Janis Joplin",
- "nickname": "Jany",
- "phone_number": "+1-555-415-1337",
- "zoneinfo": "America/Los_Angeles"
}
}
The Profile type
object (Address) User's postal address. The value of the address member is a Address type defined here. | |
birthdate | string User's birthday represented as an ISO 8601:2004 [ISO8601-2004] YYYY-MM-DD format. |
string <email> | |
family_name | string The last name is an Open Id Connect Profile attribute. |
gender | enum It's an Open Id Connect Profile attribute. |
given_name | string The first name is an Open Id Connect Profile attribute. |
locale | enum It's an Open Id Connect Profile attribute. |
nickname | string It's an Open Id Connect Profile attribute. |
phone_number | string User telephone number as E.164 format. |
picture | url It's an Open Id Connect Profile attribute. |
profile | url It's an Open Id Connect Profile attribute. |
website | url It's an Open Id Connect Profile attribute. |
zoneinfo | enum It's an Open Id Connect Profile attribute. |
{- "__access__": "limited_to:misapret",
- "__domain__": "misapret",
- "__environment__": "production",
- "__managed_by__": "your-domain",
- "__type__": "profile",
- "address": {
- "__access__": "limited_to:misapret",
- "__domain__": "misapret",
- "__environment__": "production",
- "__managed_by__": "your-domain",
- "__type__": "Address",
- "country": "FR",
- "formatted": "165 avenue de Bretagne\n59000 Lille, France",
- "locality": "Lille",
- "postal_code": "59000",
- "region": "Nord",
- "street_address": "165 avenue de Bretagne"
}, - "birthdate": "1943-01-19",
- "email": "janis.joplin@example.com",
- "family_name": "Joplin",
- "gender": "female",
- "given_name": "Janis",
- "locale": "fr",
- "name": "Janis Joplin",
- "nickname": "Jany",
- "phone_number": "+1-555-415-1337",
- "zoneinfo": "America/Los_Angeles"
}
The Address type
country | string Country name component. |
formatted | string The Full mailing address is formatted to display or use on a mailing label. This field MAY contain multiple lines, separated by newlines. Newlines can be represented either as a carriage return/line feed pair (" ") or as a single line feed character (" "). |
locality | string City or locality component. |
postal_code | string Zip code or postal code component of the User. |
region | string State, province, prefecture, or region component of the User. |
street_address | string The complete address includes house number, street name, PO box, and extended street address information on multiple lines. This field may contain multiple lines, separated by newlines. Newlines can be represented either as a carriage return/line feed pair (" ") or as a single line feed character (" "). |
{- "__access__": "limited_to:misapret",
- "__domain__": "misapret",
- "__environment__": "production",
- "__managed_by__": "your-domain",
- "__type__": "Address",
- "country": "FR",
- "formatted": "165 avenue de Bretagne\n59000 Lille, France",
- "locality": "Lille",
- "postal_code": "59000",
- "region": "Nord",
- "street_address": "165 avenue de Bretagne"
}
Retrieve a User By Email
path Parameters
org_domain required | string Example: misapret Domain is a STRING value in "lowercase" with "dash", generated from the organization name. |
user_email required | string Example: janis.joplin@example.com Email is a required field as it is part of the security of the created end-user account. |
Responses
Request samples
- cURL
curl'https://${YOUR_CRYPTR_SERVICE_URL}/api/v2/org/:org_domain/user-by-email/:user_email'
Response samples
- 200
{- "__access__": "limited_to:misapret",
- "__domain__": "misapret",
- "__environment__": "production",
- "__managed_by__": "your_domain",
- "__type__": "User",
- "id": "8724da20-c140-4d01-82d2-bc87079a6f6e",
- "metadata": [ ],
- "profile": {
- "__access__": "limited_to:misapret",
- "__domain__": "misapret",
- "__environment__": "production",
- "__managed_by__": "your-domain",
- "__type__": "Profile",
- "address": {
- "__access__": "limited_to:misapret",
- "__domain__": "misapret",
- "__environment__": "production",
- "__managed_by__": "your-domain",
- "__type__": "Address",
- "country": "FR",
- "formatted": "165 avenue de Bretagne 59000 Lille, France",
- "locality": "Lille",
- "postal_code": "59000",
- "region": "Nord",
- "street_address": "165 avenue de Bretagne"
}, - "birthdate": "1943-01-19",
- "email": "janis.joplin@example.com",
- "family_name": "Joplin",
- "gender": "female",
- "given_name": "Janis",
- "locale": "fr",
- "name": "Janis Joplin",
- "nickname": "Jany",
- "phone_number": "+1-555-415-1337",
- "zoneinfo": "America/Los_Angeles"
}
}
List all Users
Returns a list of your Users. The Users are returned sorted by creation date, with the most recent users appearing first.
RETURNS
A dictionary with a data property that contains an array of up to limit users. Each entry in the array is a separate user type. If no users are available, the resulting array will be empty. This request should never return an error.
path Parameters
org_domain required | string Example: misapret Domain is a STRING value in "lowercase" with "dash", generated from the organization name. |
query Parameters
page | |
per_page | integer Example: per_page=8 Precise the size of the pages of the pagination of the list. See how to paginate the Cryptr API. |
Responses
Request samples
- cURL
curl https://${YOUR_CRYPTR_SERVICE_URL}/api/v2/org/:org_domain/users?environment=:environment
Response samples
- 200
{- "__access__": "limited_to:misapret",
- "__domain__": "misapret",
- "__environment__": "production",
- "__managed_by__": "your_domain",
- "__type__": "User",
- "id": "8724da20-c140-4d01-82d2-bc87079a6f6e",
- "metadata": [ ],
- "profile": {
- "__access__": "limited_to:misapret",
- "__domain__": "misapret",
- "__environment__": "production",
- "__managed_by__": "your-domain",
- "__type__": "Profile",
- "address": {
- "__access__": "limited_to:misapret",
- "__domain__": "misapret",
- "__environment__": "production",
- "__managed_by__": "your-domain",
- "__type__": "Address",
- "country": "FR",
- "formatted": "165 avenue de Bretagne 59000 Lille, France",
- "locality": "Lille",
- "postal_code": "59000",
- "region": "Nord",
- "street_address": "165 avenue de Bretagne"
}, - "birthdate": "1943-01-19",
- "email": "janis.joplin@example.com",
- "family_name": "Joplin",
- "gender": "female",
- "given_name": "Janis",
- "locale": "fr",
- "name": "Janis Joplin",
- "nickname": "Jany",
- "phone_number": "+1-555-415-1337",
- "zoneinfo": "America/Los_Angeles"
}
}
Create a User
Creates a new user in an Organization.
RETURNS
Returns a User attached to an Organization if the creation succeeded. Returns an error if create parameters are invalid (e.g. specifying an invalid code or an invalid source).
path Parameters
org_domain required | string Example: misapret Domain is a STRING value in "lowercase" with "dash", generated from the organization name. |
query Parameters
email required | string Example: email=janis.joplin@example.com Email is a required field as it is part of the security of the created end-user account. |
birthdate | string Example: birthdate=1943-01-19 User's birthday represented as an ISO 8601:2004 [ISO8601-2004] YYYY-MM-DD format. |
phone_number | |
given_name | |
family_name | |
nickname | |
profile | string <url> Example: profile=http://www.example.com/profile It's an Open Id Connect Profile attribute. |
picture | string <url> Example: picture=http://www.example.com/avatar.jpeg It's an Open Id Connect Profile attribute. |
website | |
gender | string Enum: "male" "female" null Example: gender=female It's an Open Id Connect Profile attribute, available options are |
zoneinfo | |
locale | |
Responses
Request samples
- cURL
curl --request POST 'https://${YOUR_CRYPTR_SERVICE_URL}/api/v2/org/:org_domain/users' \ --data-raw '{ "domain": "misapret", "environment": "production", "profile": { "address": { "__type__": "Address", "formatted": "165 avenue de Bretagne 59000 Lille, France", "street_address": "165 avenue de Bretagne", "city": "Lille", "region": "Nord", "postal_code": "59000", "country": "FR" }, "given_name": "Janis", "family_name": "Joplin", "name": "Janis Joplin", "nickname": "Jany", "profile": "http://www.example.com/profile", "phone_number": "+1-555-415-1337", "picture": "http://www.example.com/avatar.jpeg", "website": "http://www.example.com", "email": "josefa.farrell@yahoo.com", "gender": "female", "birthdate": "1943-01-19", "zoneinfo": "America/Los_Angeles", "locale": "fr" } }'
Response samples
- 201
{- "__access__": "limited_to:misapret",
- "__domain__": "misapret",
- "__environment__": "production",
- "__managed_by__": "your_domain",
- "__type__": "User",
- "id": "8724da20-c140-4d01-82d2-bc87079a6f6e",
- "metadata": [ ],
- "profile": {
- "__access__": "limited_to:misapret",
- "__domain__": "misapret",
- "__environment__": "production",
- "__managed_by__": "your-domain",
- "__type__": "Profile",
- "address": {
- "__access__": "limited_to:misapret",
- "__domain__": "misapret",
- "__environment__": "production",
- "__managed_by__": "your-domain",
- "__type__": "Address",
- "country": "FR",
- "formatted": "165 avenue de Bretagne 59000 Lille, France",
- "locality": "Lille",
- "postal_code": "59000",
- "region": "Nord",
- "street_address": "165 avenue de Bretagne"
}, - "birthdate": "1943-01-19",
- "email": "janis.joplin@example.com",
- "family_name": "Joplin",
- "gender": "female",
- "given_name": "Janis",
- "locale": "fr",
- "name": "Janis Joplin",
- "nickname": "Jany",
- "phone_number": "+1-555-415-1337",
- "zoneinfo": "America/Los_Angeles"
}
}
Retrieve a User By ID
path Parameters
org_domain required | string Example: misapret Domain is a STRING value in "lowercase" with "dash", generated from the organization name. |
user_id required | uuid Example: 8724da20-c140-4d01-82d2-bc87079a6f6e The immutable identifier. |
Responses
Request samples
- cURL
curl 'https://${YOUR_CRYPTR_SERVICE_URL}/api/v2/org/:org_domain/users/:user_id?environment=:environment'
Response samples
- 200
{- "__access__": "limited_to:misapret",
- "__domain__": "misapret",
- "__environment__": "production",
- "__managed_by__": "your_domain",
- "__type__": "User",
- "id": "8724da20-c140-4d01-82d2-bc87079a6f6e",
- "metadata": [ ],
- "profile": {
- "__access__": "limited_to:misapret",
- "__domain__": "misapret",
- "__environment__": "production",
- "__managed_by__": "your-domain",
- "__type__": "Profile",
- "address": {
- "__access__": "limited_to:misapret",
- "__domain__": "misapret",
- "__environment__": "production",
- "__managed_by__": "your-domain",
- "__type__": "Address",
- "country": "FR",
- "formatted": "165 avenue de Bretagne 59000 Lille, France",
- "locality": "Lille",
- "postal_code": "59000",
- "region": "Nord",
- "street_address": "165 avenue de Bretagne"
}, - "birthdate": "1943-01-19",
- "email": "janis.joplin@example.com",
- "family_name": "Joplin",
- "gender": "female",
- "given_name": "Janis",
- "locale": "fr",
- "name": "Janis Joplin",
- "nickname": "Jany",
- "phone_number": "+1-555-415-1337",
- "zoneinfo": "America/Los_Angeles"
}
}
Update a User
Update an existing user.
RETURNS
Returns an updated Users from an Organization if the update succeeded. Returns an error if create parameters are invalid (e.g. specifying an invalid code or an invalid source).
path Parameters
org_domain required | string Example: misapret Domain is a STRING value in "lowercase" with "dash", generated from the organization name. |
user_id required | uuid Example: 8724da20-c140-4d01-82d2-bc87079a6f6e The immutable identifier. |
query Parameters
Profile (object) The OpenID Connect profile specification defines a set of standard Claims. They can be requested to be returned either in the UserInfo Response or in the ID Token. |
Responses
Request samples
- cURL
curl https://${YOUR_CRYPTR_SERVICE_URL}/api/v2/org/:org_domain/users/${USER_ID} \ -H "Accept: application/json" \ -H "Content-Type: application/json" \ -d profile="https://franksinatra.com"
Response samples
- 204
{- "__access__": "limited_to:misapret",
- "__domain__": "misapret",
- "__environment__": "production",
- "__managed_by__": "your_domain",
- "__type__": "User",
- "id": "8724da20-c140-4d01-82d2-bc87079a6f6e",
- "metadata": [ ],
- "profile": {
- "__access__": "limited_to:misapret",
- "__domain__": "misapret",
- "__environment__": "production",
- "__managed_by__": "your-domain",
- "__type__": "Profile",
- "address": {
- "__access__": "limited_to:misapret",
- "__domain__": "misapret",
- "__environment__": "production",
- "__managed_by__": "your-domain",
- "__type__": "Address",
- "country": "FR",
- "formatted": "165 avenue de Bretagne 59000 Lille, France",
- "locality": "Lille",
- "postal_code": "59000",
- "region": "Nord",
- "street_address": "165 avenue de Bretagne"
}, - "birthdate": "1943-01-19",
- "email": "janis.joplin@example.com",
- "family_name": "Joplin",
- "gender": "female",
- "given_name": "Janis",
- "locale": "fr",
- "name": "Janis Joplin",
- "nickname": "Jany",
- "phone_number": "+1-555-415-1337",
- "zoneinfo": "America/Los_Angeles"
}
}
The term Application in Cryptr is for a single-page application that executes on a browser. It could be scoped globally to your own domain, or to a specific Organization.
When you create a new application, Cryptr generate for you a client_id. This is for security reasons, a unique identifier for your end users authentication via this specific authentification.
The Application type
Each new application is by default globally accessible from all you organization users directories. However you can scope the access to a specific organization with the organization_domain_scope
. To do that, you need to specify an Organization domain which is generated from its name during its creation. Each authentication of end users from this dedicated application will be limited to its specific organization.
allowed_logout_urls | Array of url The Allowed Logout URLs represents the addresses (URL) where Cryptr redirects the user after they logged out. |
allowed_origins_cors | Array of url CORS is the control of the origin by the user's browser where the application that seeks to authenticate with Cryptr is executed, the allowed origin represents the addresses (URL) of the application that we want to authorize to authenticate with Cryptr |
allowed_redirect_urls | Array of url The Allowed Redirect URLs represents the addresses (URL) where Cryptr sends the user once the app has been receive a successfully authorization code. |
allowed_web_origins | Array of url The Allowed Web Origins represents the addresses (URL) that are allowed to access the authentication process. |
application_type | enum The application technology (react, vue, angular) |
client_id | uuid Alias for the id. Usefull for authentication. |
default_origin_cors | string A default URL of the application that we want to authorize to authenticate with Cryptr |
default_redirect_uri_after_login | string A default URL where Cryptr redirects the user after they logged in |
default_redirect_uri_after_logout | string A default URL where Cryptr redirects the user after they logged out |
default_web_origin | string A Default Web Origin is a URL that is allowed to access the authentication process, this allows to manage for example the page refresh without being disconnected. |
description | string Your own custom information about the app. |
id | uuid Immutable identifier in the Universal Unique Identifier (UUID) format. |
inserted_at | string Insertion date time |
name | string The name of your application, a label to help you to understand which application is about. |
updated_at | string Updated date time |
{- "__access__": "all_organizations_of:misapret",
- "__database__": "sandbox",
- "__domain__": "misapret",
- "__managed_by__": "misapret",
- "__type__": "Application",
- "application_type": "react",
- "client_id": "misapret.misapret.sandbox:d6fce3c1-5d21-4643-ac1e-8bc991c08c49",
- "description": "Everything to deal with bank",
- "name": "App of Misapret"
}
List all Applications
Returns a list of your Applications. The Applications are returned sorted by creation date, with the most recent applications appearing first.
RETURNS
A dictionary with a data property that contains an array of up to limit Applications. Each entry in the array is a separate Application type. If no Applications are available, the resulting array will be empty. This request should never return an error.
path Parameters
org_domain required | string Example: misapret Domain is a STRING value in "lowercase" with "dash", generated from the organization name. |
query Parameters
page | |
per_page | integer Example: per_page=1 Precise the size of the pages of the pagination of the list. See how to paginate the Cryptr API. |
Responses
Request samples
- cURL
curl https://${YOUR_CRYPTR_SERVICE_URL}/api/v2/org/:domain/applications
Response samples
- 200
{- "__type__": "List",
- "data": [
- {
- "__access__": "limited_to:misapret",
- "__database__": "default",
- "__domain__": "misapret",
- "__managed_by__": "your_domain",
- "__type__": "Application",
- "application_type": "react",
- "client_id": "81a81b21-93b9-441b-a861-a33dc8c06fea",
- "description": "Everything to deal with bank",
- "name": "App of Misapret"
}
], - "pagination": {
- "current_page": 1,
- "next_page": 1,
- "per_page": 8,
- "prev_page": 0,
- "total_pages": 1
}, - "total_count": 1
}
Create an Application
Creates a new Application type with a name, then get locality.
RETURNS
Returns an Application if the creation succeeded. Returns an error if create parameters are invalid (e.g. specifying an invalid code or an invalid source).
path Parameters
org_domain required | string Example: misapret Domain is a STRING value in "lowercase" with "dash", generated from the organization name. |
query Parameters
allowed_origins_cors required | Array of url Example: allowed_origins_cors=http://localhost:3000 CORS is the control of the origin by the user's browser where the application that seeks to authenticate with Cryptr is executed, the allowed origin represents the addresses (URL) of the application that we want to authorize to authenticate with Cryptr |
allowed_redirect_urls required | Array of url Example: allowed_redirect_urls=http://localhost:3000 The Allowed Redirect URLs represents the addresses (URL) where Cryptr sends the user once the app has been receive a successfully authorization code. |
allowed_web_origins required | Array of url Example: allowed_web_origins=http://localhost:3000 The Allowed Web Origins represents the addresses (URL) that are allowed to access the authentication process. |
allowed_logout_urls required | Array of url Example: allowed_logout_urls=http://localhost:3000 The Allowed Logout URLs represents the addresses (URL) where Cryptr redirects the user after they logged out. |
application_type required | string Enum: "react" "vue" "angular" Example: application_type=react Your own custom information about the app. |
name required | string Example: name=App of Misapret The name of your application, a label to help you to understand which application is about. |
description | string Example: description=Everything to deal with bank Your own custom information about the app. |
default_origin_cors | string Example: default_origin_cors=http://localhost:3000 A default URL of the application that we want to authorize to authenticate with Cryptr |
default_web_origin | string Example: default_web_origin=http://localhost:3000 A Default Web Origin is a URL that is allowed to access the authentication process, this allows to manage for example the page refresh without being disconnected. |
Responses
Request samples
- cURL
curl --request POST 'https://${YOUR_CRYPTR_SERVICE_URL}/api/v2/org/:domain/applications' \ --header 'Authorization: Bearer your_api_key_generated_token' \ --header 'Content-Type: application/json' \ --data-raw '{ "allowed_logout_urls": ["http://localhost:3000"], "allowed_origins_cors": ["http://localhost:3000"], "allowed_redirect_urls": ["http://localhost:3000"], "allowed_web_origins": ["http://localhost:3000"], "application_type": "react", "name": "App of Misapret" }'
Response samples
- 200
{- "__type__": "List",
- "data": [
- {
- "__access__": "limited_to:misapret",
- "__database__": "default",
- "__domain__": "misapret",
- "__managed_by__": "your_domain",
- "__type__": "Application",
- "application_type": "react",
- "client_id": "81a81b21-93b9-441b-a861-a33dc8c06fea",
- "description": "Everything to deal with bank",
- "name": "App of Misapret"
}
], - "pagination": {
- "current_page": 1,
- "next_page": 1,
- "per_page": 8,
- "prev_page": 0,
- "total_pages": 1
}, - "total_count": 1
}
Retrieve an Application
Fetch an Application by its given id.
Note: When you fetch an Application, the environment of your API key determine where is stored your application. For exemple your application in sandbox is fetched if and only if this resource is stored in sandbox. You can't fetch an Application from the Production environment with this API KEY, you need an API KEY dedicated to this environment.
RETURNS
Returns the Application for a valid identifier. If it’s for a deleted Application, a subset of the Application’s information is returned, including a deleted property that’s set to true.
path Parameters
org_domain required | string Example: misapret Domain is a STRING value in "lowercase" with "dash", generated from the organization name. |
client_id required | uuid Example: 81a81b21-93b9-441b-a861-a33dc8c06fea The immutable identifier. |
Responses
Request samples
- cURL
curl https://${YOUR_CRYPTR_SERVICE_URL}/api/v2/org/:domain/applications/:client_id
Response samples
- 200
{- "__type__": "List",
- "data": [
- {
- "__access__": "limited_to:misapret",
- "__database__": "default",
- "__domain__": "misapret",
- "__managed_by__": "your_domain",
- "__type__": "Application",
- "application_type": "react",
- "client_id": "81a81b21-93b9-441b-a861-a33dc8c06fea",
- "description": "Everything to deal with bank",
- "name": "App of Misapret"
}
], - "pagination": {
- "current_page": 1,
- "next_page": 1,
- "per_page": 8,
- "prev_page": 0,
- "total_pages": 1
}, - "total_count": 1
}
Update an Application
Fetch an Application by its given id.
Note: When you fetch an Application, the environment of your API key determine where is stored your application. For exemple your application in sandbox is fetched if and only if this resource is stored in sandbox. You can't fetch an Application from the Production environment with this API KEY, you need an API KEY dedicated to this environment.
RETURNS
Returns the Application updated for a valid identifier.
path Parameters
org_domain required | string Example: misapret Domain is a STRING value in "lowercase" with "dash", generated from the organization name. |
client_id required | uuid Example: 81a81b21-93b9-441b-a861-a33dc8c06fea Alias for the id. Usefull for authentication. |
query Parameters
allowed_origins_cors required | Array of url Example: allowed_origins_cors=http://localhost:3000 CORS is the control of the origin by the user's browser where the application that seeks to authenticate with Cryptr is executed, the allowed origin represents the addresses (URL) of the application that we want to authorize to authenticate with Cryptr |
allowed_redirect_urls required | Array of url Example: allowed_redirect_urls=http://localhost:3000 The Allowed Redirect URLs represents the addresses (URL) where Cryptr sends the user once the app has been receive a successfully authorization code. |
allowed_web_origins required | Array of url Example: allowed_web_origins=http://localhost:3000 The Allowed Web Origins represents the addresses (URL) that are allowed to access the authentication process. |
allowed_logout_urls required | Array of url Example: allowed_logout_urls=http://localhost:3000 The Allowed Logout URLs represents the addresses (URL) where Cryptr redirects the user after they logged out. |
application_type required | string Enum: "react" "vue" "angular" Example: application_type=react Your own custom information about the app. |
name required | string Example: name=App of Misapret The name of your application, a label to help you to understand which application is about. |
description | string Example: description=Everything to deal with bank Your own custom information about the app. |
default_origin_cors | string Example: default_origin_cors=http://localhost:3000 A default URL of the application that we want to authorize to authenticate with Cryptr |
default_web_origin | string Example: default_web_origin=http://localhost:3000 A Default Web Origin is a URL that is allowed to access the authentication process, this allows to manage for example the page refresh without being disconnected. |
Responses
Request samples
- cURL
curl 'https://${YOUR_CRYPTR_SERVICE_URL}/api/v2/org/:domain/applications/:client_id' \ --request PUT \ --data-raw '{ "application_type": "angular" }'
Response samples
- 200
{- "__access__": "limited_to:misapret",
- "__database__": "default",
- "__domain__": "misapret",
- "__managed_by__": "your_domain",
- "__type__": "Application",
- "application_type": "angular",
- "client_id": "81a81b21-93b9-441b-a861-a33dc8c06fea",
- "description": "Everything to deal with bank",
- "name": "App of Misapret"
}
You can create or update SSO connection preferences for an Organization (usualy your Enterprise customer). Everything to setup, attach, create a redirection a end-user login or interact with administrator of the SSO.
Cryptr supports the following SSO provider solutions :
- Azure Active Directory
- ADFS
- Okta
- Ping Federate (Ping Identity)
- Ping One (Ping Identity)
- Auth0
- One Login
- Custom SAML By default, user profile attributes provided by identity providers (the SSO solution of your customers) are not directly editable because they are updated from the identity provider each time the user logs in.
To be able to edit the name, nickname, given_name, family_name, or picture root attributes on the normalized user profile, you must configure your connection sync with Cryptr so that user attributes will be updated from the identity provider only on user profile creation.
You can add & edit root attributes individually or as a bulk import using the Management API. You'll find these attributes in the final JWT (Json Web Token) after the successfull SSO authentifcation.
- A (User) represents an end user ofr your customer or partner in your Cryptr service.
Your Cryptr subscription plan could limit the number of users. See our pricing for more details.
The SSO Connection type
Each new SSO connection get an unique idp_id (identity provider identifier) generated from its Organization name. This identifier is impossible to update, because it's the immutable identifier of the connection.
object (DefaultRedirection) This refers to DefaultRedirection type. This default redirection will redirect SSO users to your application with an OAuth process. | |
idp_id | uuid The immutable identifier. |
inserted_at | string Insertion date time |
metadata | string |
object (SsoAdminOnboarding) This refers to SsoAdminOnboarding type . At creation or when preloaded you'll have the nested structure, else only id reference will be given. | |
seats_limit | integer Change the limit of simultaneously possible sso sessions for the targetted Sso Connection ⚠️ Depending on |
sp_id | uuid |
updated_at | string Updated date time |
user_security_type | string Change the rule of end-user openning session for the targetted Sso Connection |
{- "__access__": "limited_to:misapret",
- "__domain__": "misapret",
- "__managed_by__": "your_domain",
- "__type__": "SsoConnection",
- "active": true,
- "default_redirection": "c652374d-0cd0-4040-9fd0-ea144885259a",
- "id": "misapret_EFBpWGQRVBCUSagNu2Tp9S",
- "inserted_at": "2022-03-04T17:55:12",
- "metadata": [ ],
- "onboarding": "c652374d-0cd0-4040-9fd0-ea144885259a",
- "provider_type": "azure_ad",
- "seats_limit": 0,
- "sp_id": "your_domain_Tr3YREKMiaahKHJosBp8Pb",
- "updated_at": "2022-03-04T17:55:12",
- "user_security_type": "none"
}
The SsoAdminOnboarding type
When you have the email contact of the SSO manager of the organization you want to work with, an onboarding can be created to help this admin to configure the SSO on his side. The onboarding reflects progression, provider type choice, and allow metadata XML file upload.
When created you can also choose to send (or not) directly a magic link email to this onboarding.
provider_type | string Chosen Provider type by the SSO administrator (Okta, Azure AD, ADFS, Google Workspace ...) |
sso_admin_email | string <email> Administrator's Email of the SSO |
state | enum One value of below:
|
{- "provider_type": "azure_ad",
- "sso_admin_email": "it_sso_person@sso.client.com",
- "state": "not_initialized"
}
The Default Redirection type
To ensure direct mapping between Your front application, the SSO connection configured by the SSO admin and Cryptr, a default redirection can be created. This default redirection will redirect SSO users to your application with an OAuth process.
app_id | uuid The Application unique identifier |
id | uuid The Default redirection unique identifier |
uri | url The target URI where SSO users will be redirected after successful SSO session. |
{- "app_id": "60d91698-e3b9-4779-a781-bea2b1a6cfea",
- "id": "119eb0b9-b99b-436e-ada9-5721603ab96e",
}
List all SSO Connections
List all your SSOConnection currently created, regardless of the progress of the configuration.
RETURNS
Returns list of SSO Connection with nested objects if preload_associations
set and paginated if related attributes
path Parameters
org_domain required | string Example: misapret Domain is a STRING value in "lowercase" with "dash", generated from the organization name. |
query Parameters
page | |
per_page | integer Example: per_page=1 Precise the size of the pages of the pagination of the list. See how to paginate the Cryptr API. |
preload_associations | Array of strings By default all nested resources are returned by their ids. If you would like the nested object returned in the body, you can set |
Responses
Request samples
- cURL
curl -X GET https://${YOUR_CRYPTR_SERVICE_URL}/api/v2/sso-connections
Response samples
- 200
{- "__type__": "List",
- "data": [
- {
- "__access__": "all_organizations_of:follow-the-market",
- "__domain__": "follow-the-market",
- "__managed_by__": "follow-the-market",
- "__type__": "SsoConnection",
- "active": true,
- "default_redirection": "a87a3099-0568-4050-9c56-5b96ccf65b18",
- "id": "follow_the_market_GAkKFm3HEd7nRACeQfD973",
- "inserted_at": "2022-03-04T15:00:02",
- "metadata": [ ],
- "onboarding": "d29572d3-9fd1-4c12-920a-b4dfd833875e",
- "provider_type": "azure_ad",
- "seats_limit": 0,
- "sp_id": "follow_the_market_G7gyUbjSsKHNoEcJrLN94T",
- "updated_at": "2022-03-04T15:00:02",
- "user_security_type": "none"
}
], - "paginate": {
- "current_page": 1,
- "next_page": 0,
- "per_page": 8,
- "prev_page": 0,
- "total_pages": 1
}, - "total_count": 1
}
Create a SSO Connection
Creates a new SSO Connection type. The response auto expand default_redirection
and onboarding
nested elements
RETURNS
Returns a SSO Connection if the creation succeed. Returns an error if create parameters are invalid (e.g specifying an invalid organization_id)
path Parameters
org_domain required | string Example: well-agency Domain is a STRING value in "lowercase" with "dash", generated from the organization name. |
query Parameters
organization_id required | uuid Example: organization_id=8d860a1d-997f-41a9-8c63-a8bcdf465ec4 The organization ID for which you want to create this connection. |
application_id required | uuid Example: application_id=34459d4f-e328-4256-9f0a-a04bd721d82d The application ID where you want to redirect end-user after SSO success. (default redirection will be used) If you do not provide an |
sso_admin_email | string <email> Example: sso_admin_email=it_sso_person@sso.client.com The email of the SSO admin of the organization if you already know it. |
send_email | boolean Example: send_email=it_sso_person@sso.client.com ⚠️ requires If set to |
Responses
Request samples
- cURL
curl --request POST 'https://${YOUR_CRYPTR_SERVICE_URL}/api/v2/sso-connections' --header 'Authorization: Bearer your_api_key_generated_token' --header 'Content-Type: application/json' --data-raw '{ "application_id": "front_app_client_id", "sso_admin_email": "it_sso_person@sso.client.com", "organization_id": "organization_id" }'
Response samples
- 200
{- "__type__": "List",
- "data": [
- {
- "__access__": "all_organizations_of:follow-the-market",
- "__domain__": "follow-the-market",
- "__managed_by__": "follow-the-market",
- "__type__": "SsoConnection",
- "active": true,
- "default_redirection": "a87a3099-0568-4050-9c56-5b96ccf65b18",
- "id": "follow_the_market_GAkKFm3HEd7nRACeQfD973",
- "inserted_at": "2022-03-04T15:00:02",
- "metadata": [ ],
- "onboarding": "d29572d3-9fd1-4c12-920a-b4dfd833875e",
- "provider_type": "azure_ad",
- "seats_limit": 0,
- "sp_id": "follow_the_market_G7gyUbjSsKHNoEcJrLN94T",
- "updated_at": "2022-03-04T15:00:02",
- "user_security_type": "none"
}
], - "paginate": {
- "current_page": 1,
- "next_page": 0,
- "per_page": 8,
- "prev_page": 0,
- "total_pages": 1
}, - "total_count": 1
}
List all SSO Connections
List all your SSOConnection currently created, regardless of the progress of the configuration.
RETURNS
Returns list of SSO Connection with nested objects if preload_associations
set and paginated if related attributes
path Parameters
org_domain required | string Example: misapret Domain is a STRING value in "lowercase" with "dash", generated from the organization name. |
query Parameters
page | |
per_page | integer Example: per_page=1 Precise the size of the pages of the pagination of the list. See how to paginate the Cryptr API. |
preload_associations | Array of strings By default all nested resources are returned by their ids. If you would like the nested object returned in the body, you can set |
Responses
Request samples
- cURL
curl -X GET https://${YOUR_CRYPTR_SERVICE_URL}/api/v2/sso-connections
Response samples
- 200
{- "__type__": "List",
- "data": [
- {
- "__access__": "all_organizations_of:follow-the-market",
- "__domain__": "follow-the-market",
- "__managed_by__": "follow-the-market",
- "__type__": "SsoConnection",
- "active": true,
- "default_redirection": "a87a3099-0568-4050-9c56-5b96ccf65b18",
- "id": "follow_the_market_GAkKFm3HEd7nRACeQfD973",
- "inserted_at": "2022-03-04T15:00:02",
- "metadata": [ ],
- "onboarding": "d29572d3-9fd1-4c12-920a-b4dfd833875e",
- "provider_type": "azure_ad",
- "seats_limit": 0,
- "sp_id": "follow_the_market_G7gyUbjSsKHNoEcJrLN94T",
- "updated_at": "2022-03-04T15:00:02",
- "user_security_type": "none"
}
], - "paginate": {
- "current_page": 1,
- "next_page": 0,
- "per_page": 8,
- "prev_page": 0,
- "total_pages": 1
}, - "total_count": 1
}
Create a SSO Connection
Creates a new SSO Connection type. The response auto expand default_redirection
and onboarding
nested elements
RETURNS
Returns a SSO Connection if the creation succeed. Returns an error if create parameters are invalid (e.g specifying an invalid organization_id)
path Parameters
org_domain required | string Example: well-agency Domain is a STRING value in "lowercase" with "dash", generated from the organization name. |
query Parameters
organization_id required | uuid Example: organization_id=8d860a1d-997f-41a9-8c63-a8bcdf465ec4 The organization ID for which you want to create this connection. |
application_id required | uuid Example: application_id=34459d4f-e328-4256-9f0a-a04bd721d82d The application ID where you want to redirect end-user after SSO success. (default redirection will be used) If you do not provide an |
sso_admin_email | string <email> Example: sso_admin_email=it_sso_person@sso.client.com The email of the SSO admin of the organization if you already know it. |
send_email | boolean Example: send_email=it_sso_person@sso.client.com ⚠️ requires If set to |
Responses
Request samples
- cURL
curl --request POST 'https://${YOUR_CRYPTR_SERVICE_URL}/api/v2/sso-connections' --header 'Authorization: Bearer your_api_key_generated_token' --header 'Content-Type: application/json' --data-raw '{ "application_id": "front_app_client_id", "sso_admin_email": "it_sso_person@sso.client.com", "organization_id": "organization_id" }'
Response samples
- 200
{- "__type__": "List",
- "data": [
- {
- "__access__": "all_organizations_of:follow-the-market",
- "__domain__": "follow-the-market",
- "__managed_by__": "follow-the-market",
- "__type__": "SsoConnection",
- "active": true,
- "default_redirection": "a87a3099-0568-4050-9c56-5b96ccf65b18",
- "id": "follow_the_market_GAkKFm3HEd7nRACeQfD973",
- "inserted_at": "2022-03-04T15:00:02",
- "metadata": [ ],
- "onboarding": "d29572d3-9fd1-4c12-920a-b4dfd833875e",
- "provider_type": "azure_ad",
- "seats_limit": 0,
- "sp_id": "follow_the_market_G7gyUbjSsKHNoEcJrLN94T",
- "updated_at": "2022-03-04T15:00:02",
- "user_security_type": "none"
}
], - "paginate": {
- "current_page": 1,
- "next_page": 0,
- "per_page": 8,
- "prev_page": 0,
- "total_pages": 1
}, - "total_count": 1
}
Retrieve a SSO Connection
Fetch an SSO Connection, usefull to known its configuration and also fetch nested object as default_redirection
and onboarding
.
RETURNS
Returns the SSO Connection
path Parameters
idp_id | uuid Example: misapret_EFBpWGQRVBCUSagNu2Tp9S The reference of the SSO Connection |
query Parameters
preload_associations | Array of strings Example: preload_associations=http://localhost:3000 By default all nested resources are returned by their ids. If you would like the nested object returned in the body, you can set |
Responses
Request samples
- cURL
curl --request GET 'https://${YOUR_CRYPTR_SERVICE_URL}/api/v2/sso-connections/:idp_id'
Response samples
- 200
{- "__access__": "limited_to:misapret",
- "__domain__": "misapret",
- "__managed_by__": "your_domain",
- "__type__": "SsoConnection",
- "active": true,
- "default_redirection": "c652374d-0cd0-4040-9fd0-ea144885259a",
- "id": "misapret_EFBpWGQRVBCUSagNu2Tp9S",
- "inserted_at": "2022-03-04T17:55:12",
- "metadata": [ ],
- "onboarding": "c652374d-0cd0-4040-9fd0-ea144885259a",
- "provider_type": "azure_ad",
- "seats_limit": 0,
- "sp_id": "your_domain_Tr3YREKMiaahKHJosBp8Pb",
- "updated_at": "2022-03-04T17:55:12",
- "user_security_type": "none"
}
Update a SSO Connection
Fetch an SSO Connection, usefull to known its configuration and also fetch nested object as default_redirection
and onboarding
.
RETURNS
Returns the updated SSO Connection
path Parameters
idp_id required | uuid Example: misapret_EFBpWGQRVBCUSagNu2Tp9Sa The reference of the SSO Connection |
query Parameters
active | boolean Example: active=true Change the state of the SSO Connection see Turn on/off requests |
default_redirection_id | uuid Example: default_redirection_id=3d5245f2-194a-498c-ad28-736ca9fffb3b Change the Default redirection for Sso Connection |
metadata | string Example: metadata=3d5245f2-194a-498c-ad28-736ca9fffb3b This should be the XML Metadata String content. If you want to change the XML for the targetted Sso Connection. For example if the SSO Administrator send you a new XML Metadata for the connection you can change it here. |
provider_type | string Example: provider_type=azure_ad Change the provider type (Okta, Google Workspace, ADFS ...) of targetted Sso Connection |
seats_limit | integer Change the limit of simultaneously possible sso sessions for the targetted Sso Connection ⚠️ Depending on |
user_security_type | string Example: user_security_type=user_registered Change the rule of end-user openning session for the targetted Sso Connection |
preload_associations | Array of strings By default all nested resources are returned by their ids. If you would like the nested object returned in the body, you can set |
Responses
Request samples
- cURL
curl -X PUT 'https://${YOUR_CRYPTR_SERVICE_URL}/api/v2/sso-connections/:idp_id' \ --header 'Authorization: Bearer your_api_key_generated_token' \ --header 'Content-Type: application/json' \ --data-raw '{ "seats_limit": 99 }'
Response samples
- 200
{- "__access__": "limited_to:misapret",
- "__domain__": "misapret",
- "__managed_by__": "your_domain",
- "__type__": "SsoConnection",
- "active": true,
- "default_redirection": "3d5245f2-194a-498c-ad28-736ca9fffb3b",
- "id": "misapret_EFBpWGQRVBCUSagNu2Tp9S",
- "inserted_at": "2022-03-04T17:55:12",
- "metadata": [ ],
- "onboarding": "6ab338de-a92b-4b1f-9590-0694d151f971",
- "provider_type": "azure_ad",
- "seats_limit": 99,
- "sp_id": "cryptr_Tr3YREKMiaahKHJosBp8Pb",
- "updated_at": "2022-03-14T10:58:36",
- "user_security_type": "user_registered"
}
Activate the Connection
If you would like to activate the SSO Connection
⚠️ These requests are in Early access and has for now no impact on Sso Connection availability
path Parameters
idp_id required | uuid Example: misapret_EFBpWGQRVBCUSagNu2Tp9Sa The reference of the SSO Connection |
Responses
Request samples
- cURL
curl -X PATCH 'https://${YOUR_CRYPTR_SERVICE_URL}/api/v2/sso-connections/:idp_id/activate' --header 'Authorization: Bearer your_api_key_generated_token'
Response samples
- 200
{- "__access__": "limited_to:misapret",
- "__domain__": "misapret",
- "__managed_by__": "your_domain",
- "__type__": "SsoConnection",
- "active": true,
- "default_redirection": "c652374d-0cd0-4040-9fd0-ea144885259a",
- "id": "misapret_EFBpWGQRVBCUSagNu2Tp9S",
- "inserted_at": "2022-03-04T17:55:12",
- "metadata": [ ],
- "onboarding": "c652374d-0cd0-4040-9fd0-ea144885259a",
- "provider_type": "azure_ad",
- "seats_limit": 0,
- "sp_id": "your_domain_Tr3YREKMiaahKHJosBp8Pb",
- "updated_at": "2022-03-04T17:55:12",
- "user_security_type": "none"
}
Create the Admin Onboarding
path Parameters
idp_id required | uuid Example: misapret_EFBpWGQRVBCUSagNu2Tp9Sa The reference of the SSO Connection |
query Parameters
sso_admin_email* | string <email> Example: sso_admin_email*=81a81b21-93b9-441b-a861-a33dc8c06fea The email of the SSO admin of your client that has access to the SSO tool. |
provider_type | string or null Default: "null" Example: provider_type=81a81b21-93b9-441b-a861-a33dc8c06fea If you already know the Provider type (Okta, Azure AD, ADFS, Google Workspace ...) of your client you can preset that and SSO administrator won't have to choose . The SSO Administrator can still change this as soon as he wishes. |
Responses
Request samples
- cURL
curl -X POST 'https://${YOUR_CRYPTR_SERVICE_URL}/api/v2/sso-connections/:idp_id/admin-onboarding' \ --header 'Authorization: Bearer your_api_key_generated_token' \ --header 'Content-Type: application/json' \ --data-raw '{ "sso_admin_email": "Mathew_Murazik92@yahoo.com" }'
Response samples
- 201
{- "__access__": "all_organizations_of:your_domain",
- "__domain__": "your_domain",
- "__managed_by__": "your_domain",
- "__type__": "EnterpriseConnectionOnboarding",
- "id": "6ab338de-a92b-4b1f-9590-0694d151f971",
- "inserted_at": "2022-03-14T09:15:28",
- "provider_type": "azure_ad",
- "sso_admin_email": "Mathew_Murazik92@yahoo.com",
- "state": "not_initialized",
- "tutorial_step": 0,
- "updated_at": "2022-03-14T09:15:28"
}
Update the Admin Onboarding
This request will helps you update the Onboarding associated to the SSO Connection, for example if the SSO Administrator changed and it's a new email.
RETURNS
The updated SsoAdminOnboarding with new values.
path Parameters
idp_id required | uuid Example: misapret_EFBpWGQRVBCUSagNu2Tp9Sa The reference of the SSO Connection |
query Parameters
sso_admin_email | string <email> Example: sso_admin_email=new_it_guy@sample.co New desired email for the SsoAdminOnboarding. |
provider_type | string Example: provider_type=okta New desired provider type (Okta, Google, Azure AD, ADFS ...) for the SsoAdminOnboarding. |
Responses
Request samples
- cURL
curl -X PUT 'https://${YOUR_CRYPTR_SERVICE_URL}/api/v2/sso-connections/:idp_id/admin-onboarding' --header 'Authorization: Bearer your_api_key_generated_token' --header 'Content-Type: application/json' --data-raw '{ "sso_admin_email": "new_it_guy@sample.co", "provider_type": "okta" }'
Response samples
- 200
{- "__access__": "all_organizations_of:your_domain",
- "__domain__": "your_domain",
- "__managed_by__": "your_domain",
- "__type__": "EnterpriseConnectionOnboarding",
- "id": "6ab338de-a92b-4b1f-9590-0694d151f971",
- "inserted_at": "2022-03-14T09:15:28",
- "provider_type": "okta",
- "sso_admin_email": "new_it_guy@sample.co",
- "state": "not_initialized",
- "tutorial_step": 0,
- "updated_at": "2022-03-14T09:15:28"
}
Retrieve a Default Redirection
RETURNS
Returns the current Default Redirection for the SSO Connection ID provided (idp_idp
)
path Parameters
idp_id required | uuid Example: misapret_EFBpWGQRVBCUSagNu2Tp9Sa The reference of the SSO Connection |
Responses
Request samples
- cURL
curl -X GET 'http://{{YOUR_CRYPTR_SERVICE_URL}}/api/v2/sso-connections/:idp_id/default-redirection'
Response samples
- 200
{- "__access__": "all_organizations_of:your_domain",
- "__domain__": "your_domain",
- "__managed_by__": "your_domain",
- "__type__": "Redirection",
- "app_id": "81a81b21-93b9-441b-a861-a33dc8c06fea",
- "id": "2ff74d35-5eba-4ab0-9231-4ae2b9efcadd",
- "idp_id": "misapret_EFBpWGQRVBCUSagNu2Tp9S",
- "sp_id": "your_domain_Tr3YREKMiaahKHJosBp8Pb",
}
Precise the Default Redirection
If you want to create the Default Redirection for a specific SSO Connection.
If one already exists, this request will create a new one set as default. You will be able to manage these multiples redirection through SSO Connection update request.
RETURNS
Returns the created Default Redirection associated to the SSO Connection
path Parameters
idp_id required | uuid Example: misapret_EFBpWGQRVBCUSagNu2Tp9Sa The reference of the SSO Connection |
query Parameters
application_id | uuid Example: application_id=81a81b21-93b9-441b-a861-a33dc8c06fea The reference of application where you want your end-user redirected to. |
organization_id | uuid Example: organization_id=1cad5a97-457c-4a7b-940c-07f5aa22b7f3 The reference of organization that owns the application and where your end-user will be stored in |
uri | url Example: uri=http://localhost:3000 The target URI where SSO users will be redirected after successful SSO session. If you do not provide a value either application's |
Responses
Request samples
- cURL
curl -X POST 'http://${YOUR_CRYPTR_SERVICE_URL}/api/v2/sso-connections/:idp_id/default-redirection' \ --header 'Authorization: Bearer your_api_key_token' \ --header 'Content-Type: application/json' \ --data-raw '{ "application_id": "81a81b21-93b9-441b-a861-a33dc8c06fea", "organization_id": "1cad5a97-457c-4a7b-940c-07f5aa22b7f3", "uri": "http://localhost:3000" }'
Response samples
- 201
{- "__access__": "all_organizations_of:your_domain",
- "__domain__": "your_domain",
- "__managed_by__": "your_domain",
- "__type__": "Redirection",
- "app_id": "81a81b21-93b9-441b-a861-a33dc8c06fea",
- "id": "2ff74d35-5eba-4ab0-9231-4ae2b9efcadd",
- "idp_id": "misapret_EFBpWGQRVBCUSagNu2Tp9S",
- "sp_id": "your_domain_Tr3YREKMiaahKHJosBp8Pb",
}
Disable the Connection
If you would like to disable the SSO Connection
⚠️ These requests are in Early access and has for now no impact on Sso Connection availability
path Parameters
idp_id required | uuid Example: misapret_EFBpWGQRVBCUSagNu2Tp9Sa The reference of the SSO Connection |
Responses
Request samples
- cURL
curl -X PATCH 'https://${YOUR_CRYPTR_SERVICE_URL}/api/v2/sso-connections/:idp_id/disable' --header 'Authorization: Bearer your_api_key_generated_token'
Response samples
- 200
{- "__access__": "limited_to:misapret",
- "__domain__": "misapret",
- "__managed_by__": "your_domain",
- "__type__": "SsoConnection",
- "active": false,
- "default_redirection": "c652374d-0cd0-4040-9fd0-ea144885259a",
- "id": "misapret_EFBpWGQRVBCUSagNu2Tp9S",
- "inserted_at": "2022-03-04T17:55:12",
- "metadata": [ ],
- "onboarding": "c652374d-0cd0-4040-9fd0-ea144885259a",
- "provider_type": "azure_ad",
- "seats_limit": 0,
- "sp_id": "your_domain_Tr3YREKMiaahKHJosBp8Pb",
- "updated_at": "2022-03-04T17:55:12",
- "user_security_type": "none"
}
Send invitation
As soon as you created an SSOAdminOnboarding for a SSO Connection, you can use the following request to send immediately an email to the defined SSO Administrator. It could be useful if you want to do it live with him during a meeting.
It is also helpful when the SSO Administrator lost the configuration link and needs to do it.
⚠️ If no SSOAdminOnboarding nor sso_admin_email
the request will fail.
RETURNS
An Email is sent to sso_admin_email
while the current SSOConnection is rendered
path Parameters
idp_id required | uuid Example: misapret_EFBpWGQRVBCUSagNu2Tp9Sa The reference of the SSO Connection |
Responses
Request samples
- cURL
curl -X POST 'https://${YOUR_CRYPTR_SERVICE_URL}/api/v2/sso-connections/:idp_id/invite-admin' --header 'Authorization: Bearer your_api_key_generated_token'
Response samples
- 201
{- "__access__": "all_organizations_of:your_domain",
- "__domain__": "your_domain",
- "__managed_by__": "your_domain",
- "__type__": "EnterpriseConnectionOnboarding",
- "id": "6ab338de-a92b-4b1f-9590-0694d151f971",
- "inserted_at": "2022-03-14T09:15:28",
- "provider_type": "azure_ad",
- "sso_admin_email": "Mathew_Murazik92@yahoo.com",
- "state": "not_initialized",
- "tutorial_step": 0,
- "updated_at": "2022-03-14T09:15:28"
}
Reset the Admin Onboarding
In some cases the best way to help the SSO Administrator with the configuration is to start from beginning.
This request will reset provider_type
, reset tutorial to initial step but sso_admin_email
won't be unset
RETURNS
The SSOConnection with reseted SsoAdminOnboarding
path Parameters
idp_id required | uuid Example: misapret_EFBpWGQRVBCUSagNu2Tp9Sa The reference of the SSO Connection |
Responses
Request samples
- cURL
curl -X PATCH 'https://${YOUR_CRYPTR_SERVICE_URL}/api/v2/sso-connections/:idp_id/reset-onboarding' --header 'Authorization: Bearer your_api_key_generated_token'
Response samples
- 200
{- "__access__": "all_organizations_of:your_domain",
- "__domain__": "your_domain",
- "__managed_by__": "your_domain",
- "__type__": "EnterpriseConnectionOnboarding",
- "id": "6ab338de-a92b-4b1f-9590-0694d151f971",
- "inserted_at": "2022-03-14T09:15:28",
- "provider_type": "azure_ad",
- "sso_admin_email": "Mathew_Murazik92@yahoo.com",
- "state": "not_initialized",
- "tutorial_step": 0,
- "updated_at": "2022-03-14T09:15:28"
}
User Policy Configuration
You can change the User policy Configuration with the below request. The User policy is the rule for user coming from the SSO Connection. Posibilities are multiple, if everyone can open a ssession, only ones you registered or only a limited number of seats.
RETURNS
The updated SSO Connection with updated user_security_type
value
path Parameters
idp_id required | uuid Example: misapret_EFBpWGQRVBCUSagNu2Tp9Sa The reference of the SSO Connection |
query Parameters
user_security_type* | string Example: user_security_type*=user_registered The value of User policy you want for this SSO Connection. Values are |
Responses
Request samples
- cURL
curl -X PUT 'https://${YOUR_CRYPTR_SERVICE_URL}/api/v2/sso-connections/:idp_id/sso-user-policy' \ --header 'Authorization: Bearer your_api_key_generated_token' \ --header 'Content-Type: application/json' \ --data-raw '{ "user_security_type": "user_registered" }'
Response samples
- 200
{- "__access__": "limited_to:misapret",
- "__domain__": "misapret",
- "__managed_by__": "your_domain",
- "__type__": "SsoConnection",
- "active": true,
- "default_redirection": "c652374d-0cd0-4040-9fd0-ea144885259a",
- "id": "misapret_EFBpWGQRVBCUSagNu2Tp9S",
- "inserted_at": "2022-03-04T17:55:12",
- "metadata": [ ],
- "onboarding": "c652374d-0cd0-4040-9fd0-ea144885259a",
- "provider_type": "azure_ad",
- "seats_limit": 0,
- "sp_id": "your_domain_Tr3YREKMiaahKHJosBp8Pb",
- "updated_at": "2022-03-04T17:55:12",
- "user_security_type": "none"
}
The MetaKey type
name | string The domain is the User's Organization domain. |
required | boolean If set to |
type | enum The basic type (string, integer, date ...) that value should be compatible to. |
{- "__domain__": "misapret",
- "__type__": "MetaKey",
- "name": "department",
- "required": true,
- "type": "STRING"
}
The JwtSample type
When an Oauth session is created (after a successful Magic link or SSO Connection process), JWT are generated to authenticate and identify user.
These tokens are dependant of MetaKey
and Metadata
associated to resources (user and application for example).
The JwtSample
type is there to inform about current structure of JWT that will be generated for your end-user sessions.
access_token_jwt | jwt A JWT access token sample base on a sample user with all |
object (AccessToken) The "treeview" of keys present in the JWT access token. This will contains at root all default keys and all keys of | |
id_token_jwt | object A JWT ID token sample base on a sample user with all |
id_token_keys | object The "treeview" of keys present in the JWT ID token. This will contains at root all default keys and all keys of |
{- "__domain__": "shark-academy",
- "__type__": "__JwtSamples__",
- "access_token_jwt": "eyJhbGciOiJSUzI1NiIsImlzcyI6Imh0dHA6Ly9sb2NhbGhvc3Q6NDAwMC90L3NoYXJrLWFjYWRlbXkiLCJraWQiOiI5ZjhlNTE1MC1lNWIxLTQ4MWEtOTAyNS1mYzc2YmQ1Y2JlYmUiLCJ0eXAiOiJKV1QifQ.eyJhcHBsaWNhdGlvbl9tZXRhZGF0YSI6e30sImF1ZCI6bnVsbCwiY2lkIjpudWxsLCJkYnMiOiJkZWZhdWx0IiwiZW1haWwiOm51bGwsImV4cCI6MTY0NzMwMTg2NiwiaWF0IjoxNjQ3MjY1ODY2LCJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjQwMDAvdC9zaGFyay1hY2FkZW15IiwianRpIjoiZWQ3N2Y3ZDAtYTJkOS00NGI0LTgwMzItYWYxMTZjYTgxZDg0IiwianR0IjoiYWNjZXNzIiwic2NwIjpudWxsLCJzdWIiOm51bGwsInRudCI6InNoYXJrLWFjYWRlbXkiLCJ2ZXIiOjF9.OFjV1A7eKL1r9YrHNUN0cydffB4R8C2nOgbDvzyedy1-ySLYA3akponMAqwqELzMlpoCINBJrgKUTn-k346h3O8E7rx-Dav6LUF2nf_R24-ctwEY5IgpBIg72meaTqUEbrpSR8YiyR9QamnpiBcP9LEl05iQJwt49d7bwWmf6-NHcr6FWgMNcLkiJRzhUDPmhtt74gwOkXB2x8BU6I3ePxVlmAMCgUxuueaJr-OTH2_kE0StrT0VvFHBYNaCfPPpv_ssEaOjdHQecZ-b5Lv1yQSGue8j_mhfuonqJSq869XPGQpwNWI-YCyo0Ua5ST0vksUyvNJELLZLeQlXXcAYNrA4UJaAOGDUVr8TLK1d9yT7RsXTDkfYSbOIFXucjgEqZEbXmX_oLJjx8rDhxCVQNu44GYZYEKjWg0cZcLa7VaFCfZ85TlYlEMHnNfVck-eky44K-LpIYVTYDtD0njvsEI269HEJnBeNFALNfMjPdSP3q9uP7p-qv-LDTaZYFiu6CnaFoCyuUjt9Hq8U7NdWCvhekhdhITCAXLYE9Es0wh_N0AhD4nuNTBJtOk0PQT0AEWw1CqeDOZo3M4clmE-Sb0UqkUVGyFvZygxQY60QrmlLxYhnx_dxud54WyPCjM_doJPrWwMaLko8UryOj8xGST4fqlhC2tTlSLW8WqbcAdI",
- "access_token_keys": [
- [
- "application_metadata",
- null,
- "aud"
], - "cid",
- "dbs",
- "email",
- "exp",
- "iat",
- "iss",
- "jti",
- "jtt",
- "scp",
- "sub",
- "tnt",
- "ver"
], - "id_token_jwt": "eyJhbGciOiJSUzI1NiIsImlzcyI6Imh0dHA6Ly9sb2NhbGhvc3Q6NDAwMC90L3NoYXJrLWFjYWRlbXkiLCJraWQiOiI5ZjhlNTE1MC1lNWIxLTQ4MWEtOTAyNS1mYzc2YmQ1Y2JlYmUiLCJ0eXAiOiJKV1QifQ.eyJhcHBsaWNhdGlvbl9tZXRhZGF0YSI6e30sImF0X2hhc2giOiIwb3R0aENZMFdldXMzZXVNM05adV9BIiwiY19oYXNoIjoiVnBUUWlpNVRfOHJnd3hBLVd0YjJCdyIsImRicyI6ImRlZmF1bHQiLCJleHAiOjE2NDczMDE4NjYsImlhdCI6MTY0NzI2NTg2NiwiaXNzIjoiaHR0cDovL2xvY2FsaG9zdDo0MDAwL3Qvc2hhcmstYWNhZGVteSIsImp0aSI6IjNlMDRhZTM3LTc5ZTctNDAwYy1hMGRiLWVjZDIxZjUwNWU5ZCIsImp0dCI6Im9wZW5pZCIsIm5vbmNlIjoiKiIsInJlc291cmNlX293bmVyX21ldGFkYXRhIjp7ImF1dGhubWV0aG9kc3JlZmVyZW5jZXMiOnsiaWQiOiIxNTM0NjgzNi0xMjJhLTRhMTAtYjNlYy04ODc4YjVjMTBkNzgiLCJuYW1lIjoiYXV0aG5tZXRob2RzcmVmZXJlbmNlcyIsInJlcXVpcmVkIjpmYWxzZSwidHlwZSI6InN0cmluZyJ9LCJkaXNwbGF5bmFtZSI6eyJpZCI6IjI4ODFkYWZkLTliZjEtNDQwOS1hOTEyLWRlZTZhMDM5ZDZiYiIsIm5hbWUiOiJkaXNwbGF5bmFtZSIsInJlcXVpcmVkIjpmYWxzZSwidHlwZSI6InN0cmluZyJ9LCJlbWFpbCI6eyJpZCI6IjRjNzhlNTQyLWRlOTEtNDFmOC1hMzVmLTI0NGM0MmVhZmQ5OCIsIm5hbWUiOiJlbWFpbCIsInJlcXVpcmVkIjpmYWxzZSwidHlwZSI6InN0cmluZyJ9LCJlbWFpbGFkZHJlc3MiOnsiaWQiOiI4ZWY0ZDBlMS02OTA1LTRlMDktOWZmOC1kNWFlNTI4OTFhODUiLCJuYW1lIjoiZW1haWxhZGRyZXNzIiwicmVxdWlyZWQiOmZhbHNlLCJ0eXBlIjoic3RyaW5nIn0sImZpcnN0X25hbWUiOnsiaWQiOiIzZTNmZjZiOC1iMDgwLTQ1MDQtYjhlMC02OTQ0ODJlMzI2OTEiLCJuYW1lIjoiZmlyc3RfbmFtZSIsInJlcXVpcmVkIjpmYWxzZSwidHlwZSI6InN0cmluZyJ9LCJnaXZlbm5hbWUiOnsiaWQiOiI2MzgyN2JhMy04Zjc3LTQzNmMtODM5Ny04ZDZlMGEyODYwMDYiLCJuYW1lIjoiZ2l2ZW5uYW1lIiwicmVxdWlyZWQiOmZhbHNlLCJ0eXBlIjoic3RyaW5nIn0sImlkZW50aXR5cHJvdmlkZXIiOnsiaWQiOiJhMDYyMWMzMi0zZGQwLTQ0OTQtYThjNC1mNDQwOWM1NDk1ZTIiLCJuYW1lIjoiaWRlbnRpdHlwcm92aWRlciIsInJlcXVpcmVkIjpmYWxzZSwidHlwZSI6InN0cmluZyJ9LCJsYXN0X25hbWUiOnsiaWQiOiIzN2NhNTM3MS02MzM0LTQ3NzEtOTEyOS0zMzEwMDBjOTFmMTQiLCJuYW1lIjoibGFzdF9uYW1lIiwicmVxdWlyZWQiOmZhbHNlLCJ0eXBlIjoic3RyaW5nIn0sIm5hbWUiOnsiaWQiOiI1YTI3NzAwNC0wN2E2LTQxMGYtOTE2NC03Y2JhYmQzNDdmNGQiLCJuYW1lIjoibmFtZSIsInJlcXVpcmVkIjpmYWxzZSwidHlwZSI6InN0cmluZyJ9LCJvYmplY3RHdWlkIjp7ImlkIjoiMzQ2ZDI4ZTAtODllMi00ZjIyLTljMDYtZTA5OGViNGRiY2YwIiwibmFtZSI6Im9iamVjdEd1aWQiLCJyZXF1aXJlZCI6ZmFsc2UsInR5cGUiOiJzdHJpbmcifSwib2JqZWN0aWRlbnRpZmllciI6eyJpZCI6ImI1OWU2OTViLTNhMDctNDNmYi04MTkzLTkxYTM5ZjFkNjI1OCIsIm5hbWUiOiJvYmplY3RpZGVudGlmaWVyIiwicmVxdWlyZWQiOmZhbHNlLCJ0eXBlIjoic3RyaW5nIn0sInBob25lIjp7ImlkIjoiYjJlZWNlZTYtYWYzYS00YWY0LTg4ZjYtNjU4YzQ1MDc0MzQ1IiwibmFtZSI6InBob25lIiwicmVxdWlyZWQiOmZhbHNlLCJ0eXBlIjoic3RyaW5nIn0sInNhbWxfbmFtZWlkIjp7ImlkIjoiOTViODA2ZDgtMzRlYS00ZjYxLWJiOWEtYzlhNmUzZTVkZmM4IiwibmFtZSI6InNhbWxfbmFtZWlkIiwicmVxdWlyZWQiOmZhbHNlLCJ0eXBlIjoic3RyaW5nIn0sInNhbWxfc3ViamVjdCI6eyJpZCI6IjQ0NjkzZDhjLTVhOWQtNDQ3Ni1hNTYzLTFkMTQxYWE5MzIyNSIsIm5hbWUiOiJzYW1sX3N1YmplY3QiLCJyZXF1aXJlZCI6ZmFsc2UsInR5cGUiOiJzdHJpbmcifSwic3VybmFtZSI6eyJpZCI6IjQ2MDdjZjY4LWY3NDItNDBhNS04MTgzLWQyNDRkODU1NmZhOSIsIm5hbWUiOiJzdXJuYW1lIiwicmVxdWlyZWQiOmZhbHNlLCJ0eXBlIjoic3RyaW5nIn0sInRlbmFudGlkIjp7ImlkIjoiMDIxMDViMjEtNDI1Yy00ZGU2LTkyODQtZTFlNTQ1Mzg1NmRmIiwibmFtZSI6InRlbmFudGlkIiwicmVxdWlyZWQiOmZhbHNlLCJ0eXBlIjoic3RyaW5nIn0sInVpZCI6eyJpZCI6IjBmZGE3NTFmLWZmNTctNDYwNC04ZjU1LTFmN2MxYjcxYjkxYyIsIm5hbWUiOiJ1aWQiLCJyZXF1aXJlZCI6ZmFsc2UsInR5cGUiOiJzdHJpbmcifSwidW5pdF9wYXRoIjp7ImlkIjoiZjkwZTc2MjUtMjEwNi00ODRmLTgwNzEtYTliMTQ2Mzg3Mzc2IiwibmFtZSI6InVuaXRfcGF0aCIsInJlcXVpcmVkIjpmYWxzZSwidHlwZSI6InN0cmluZyJ9fSwic19oYXNoIjoiUzZhWE5jcFRkbDdXcHdudHRXeHVvZyIsInRudCI6InNoYXJrLWFjYWRlbXkiLCJ2ZXIiOjF9.klcxIBu2gggfXY-ac5EvF92RYYT0mAVSIZuWr-SqVBR2iWFhEQLRQ7IMGVCKYnOqbmKD-gRgwGAsZNj486WwkYiWjDsrdtl47dTBpKKL_UxO28zl4AnywdODXqxZEQUul40Z0mn-B9dq7SJtZmCYOK1z-9AlIr1KEY7P0FyTX-Q4TMzSFeJIqyWtPd5-x1hfGqAduuiADv0API6Lr12sylspOuweH8Hyx3xBn82tOTcdPDmjl0cIY4EBsCytXAJyzlVxjYhr8gTDJPJn5dLRnEDQsahzpwBaITI4YkoI19COfqDdf3pF-R2-s35NsVWDIt9_PeNzmFagDR4QuInwzM6-euOlhH1LU1QlISkhwu-9huWvAAR1PtRtC8T31GUTmTbIDUjjxp1z_3JRya3oRmXXIClaiVCdLWFRWzYbAkfSrFo_GFsQ90zrbwAgVPNG-BPlOKryU6bnKCTCqWPBqB1xflk3VkvJMLITpQjZ-SCuYGnKH1K_b60WoyFax2GU_Pk4E1Q8n_nSgiy2qWaxKYSRfLHfeWPGJieJz3aiM3CbI5cfdshh8UbBUUDaHEIwHyzXpq7wW_tjnCjpQdVDfXmZInJFG-5kHKhdXsqH87j2h-SLQunasF3dPc1mmXVGkZ9GcNGW6wHDXV_EzZz-ctvXvvLiv1fF87vWSgGUK2c",
- "id_token_keys": [
- [
- "application_metadata",
- null,
- "at_hash"
], - "c_hash",
- "dbs",
- "exp",
- "iat",
- "iss",
- "jti",
- "jtt",
- "nonce",
- [
- "resource_owner_metadata",
- [
- "authnmethodsreferences",
- "displayname",
- "email",
- "emailaddress",
- "first_name",
- "givenname",
- "identityprovider",
- "last_name",
- "name",
- "objectGuid",
- "objectidentifier",
- "phone",
- "saml_nameid",
- "saml_subject",
- "surname",
- "tenantid",
- "uid",
- "unit_path"
]
], - "s_hash",
- "tnt",
- "ver"
]
}
The Access Token type
aud|AUDIENCE | string The audience of the service that access token gives access to |
cid|CLIENT ID | uuid The reference of JWT consumer (generally application's id) |
dbs|DATABASE | string The environment of the resource |
exp|EXPIRATION | string <date-time> The expiration date of the token |
iat|ISSUED AT | string <date-time> The issue date of the token |
iss|ISSUER | stringhttps://{{YOUR_CRYPTR_SERVER_URL}}/t/{{organi... The issuer of the access token. |
jti|JWT ID | uuid The unique identifier of the token |
jtt|JWT TYPE | string The type of the JWT, in this case |
nbf|NOT BEFORE | string <date-time> The datetime before which the access token cannot be used |
scp|SCOPE | Array of arrays The scope of the token (mainly used for magic link product) |
sub|SUBJECT | uuid Reference of the resource (generally user's uuid) See |
uid|USER ID | uuid |
{- "access_token_keys": [
- [
- "application_metadata",
- null,
- "aud"
], - "cid",
- "dbs",
- "email",
- "exp",
- "iat",
- "iss",
- "jti",
- "jtt",
- "scp",
- "sub",
- "tnt",
- "ver"
]
}
Get a JWT Sample
path Parameters
org_domain required | id Example: misapret The domain of the organization |
query Parameters
user_id | uuid Example: user_id=534dcbe0-c88d-441d-84cd-1daa8dbc8393 Existing user to use for token |
authorization_id | uuid Example: authorization_id=f407cafd-b58a-472f-b857-475a863b69b6 Existing auth to use |
expired | boolean Example: expired=true ⚠️ This parameter is not present if the To generate an expired token |
expiration_in_seconds | integer Example: expiration_in_seconds=31536000 ⚠️ This parameter is not present if the Duration validity of generated token |
application_id | uuid Example: application_id=f407cafd-b58a-472f-b857-475a863b69b6 Existing application to use for generation (requires id in db to be set as cid in jwt claims) |
Responses
Request samples
- cURL
curl --location --request GET 'http://localhost:4000/api/v2/org/:domain/token-customization/sample?expiration_in_seconds=31536000&user_id=:user_id&application_id=:application_id&authorization_id=:authorization_id' \ --header 'Authorization: Bearer your_api_key_generated_token'
Response samples
- 200
{- "__domain__": "misapret",
- "__type__": "__JwtSamples__",
- "access_token_jwt": "eyJhbGciOiJSUzI1NiIsImlzcyI6Imh0dHA6Ly9sb2NhbGhvc3Q6NDAwMC90L3NoYXJrLWFjYWRlbXkiLCJraWQiOiI5ZjhlNTE1MC1lNWIxLTQ4MWEtOTAyNS1mYzc2YmQ1Y2JlYmUiLCJ0eXAiOiJKV1QifQ.eyJhcHBsaWNhdGlvbl9tZXRhZGF0YSI6e30sImF1ZCI6bnVsbCwiY2lkIjpudWxsLCJkYnMiOiJkZWZhdWx0IiwiZW1haWwiOm51bGwsImV4cCI6MTY0NzMwMTg2NiwiaWF0IjoxNjQ3MjY1ODY2LCJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjQwMDAvdC9zaGFyay1hY2FkZW15IiwianRpIjoiZWQ3N2Y3ZDAtYTJkOS00NGI0LTgwMzItYWYxMTZjYTgxZDg0IiwianR0IjoiYWNjZXNzIiwic2NwIjpudWxsLCJzdWIiOm51bGwsInRudCI6InNoYXJrLWFjYWRlbXkiLCJ2ZXIiOjF9.OFjV1A7eKL1r9YrHNUN0cydffB4R8C2nOgbDvzyedy1-ySLYA3akponMAqwqELzMlpoCINBJrgKUTn-k346h3O8E7rx-Dav6LUF2nf_R24-ctwEY5IgpBIg72meaTqUEbrpSR8YiyR9QamnpiBcP9LEl05iQJwt49d7bwWmf6-NHcr6FWgMNcLkiJRzhUDPmhtt74gwOkXB2x8BU6I3ePxVlmAMCgUxuueaJr-OTH2_kE0StrT0VvFHBYNaCfPPpv_ssEaOjdHQecZ-b5Lv1yQSGue8j_mhfuonqJSq869XPGQpwNWI-YCyo0Ua5ST0vksUyvNJELLZLeQlXXcAYNrA4UJaAOGDUVr8TLK1d9yT7RsXTDkfYSbOIFXucjgEqZEbXmX_oLJjx8rDhxCVQNu44GYZYEKjWg0cZcLa7VaFCfZ85TlYlEMHnNfVck-eky44K-LpIYVTYDtD0njvsEI269HEJnBeNFALNfMjPdSP3q9uP7p-qv-LDTaZYFiu6CnaFoCyuUjt9Hq8U7NdWCvhekhdhITCAXLYE9Es0wh_N0AhD4nuNTBJtOk0PQT0AEWw1CqeDOZo3M4clmE-Sb0UqkUVGyFvZygxQY60QrmlLxYhnx_dxud54WyPCjM_doJPrWwMaLko8UryOj8xGST4fqlhC2tTlSLW8WqbcAdI",
- "access_token_keys": [
- [
- "application_metadata",
- null,
- "aud"
], - "cid",
- "dbs",
- "email",
- "exp",
- "iat",
- "iss",
- "jti",
- "jtt",
- "scp",
- "sub",
- "tnt",
- "ver"
], - "id_token_jwt": "eyJhbGciOiJSUzI1NiIsImlzcyI6Imh0dHA6Ly9sb2NhbGhvc3Q6NDAwMC90L3NoYXJrLWFjYWRlbXkiLCJraWQiOiI5ZjhlNTE1MC1lNWIxLTQ4MWEtOTAyNS1mYzc2YmQ1Y2JlYmUiLCJ0eXAiOiJKV1QifQ.eyJhcHBsaWNhdGlvbl9tZXRhZGF0YSI6e30sImF0X2hhc2giOiIwb3R0aENZMFdldXMzZXVNM05adV9BIiwiY19oYXNoIjoiVnBUUWlpNVRfOHJnd3hBLVd0YjJCdyIsImRicyI6ImRlZmF1bHQiLCJleHAiOjE2NDczMDE4NjYsImlhdCI6MTY0NzI2NTg2NiwiaXNzIjoiaHR0cDovL2xvY2FsaG9zdDo0MDAwL3Qvc2hhcmstYWNhZGVteSIsImp0aSI6IjNlMDRhZTM3LTc5ZTctNDAwYy1hMGRiLWVjZDIxZjUwNWU5ZCIsImp0dCI6Im9wZW5pZCIsIm5vbmNlIjoiKiIsInJlc291cmNlX293bmVyX21ldGFkYXRhIjp7ImF1dGhubWV0aG9kc3JlZmVyZW5jZXMiOnsiaWQiOiIxNTM0NjgzNi0xMjJhLTRhMTAtYjNlYy04ODc4YjVjMTBkNzgiLCJuYW1lIjoiYXV0aG5tZXRob2RzcmVmZXJlbmNlcyIsInJlcXVpcmVkIjpmYWxzZSwidHlwZSI6InN0cmluZyJ9LCJkaXNwbGF5bmFtZSI6eyJpZCI6IjI4ODFkYWZkLTliZjEtNDQwOS1hOTEyLWRlZTZhMDM5ZDZiYiIsIm5hbWUiOiJkaXNwbGF5bmFtZSIsInJlcXVpcmVkIjpmYWxzZSwidHlwZSI6InN0cmluZyJ9LCJlbWFpbCI6eyJpZCI6IjRjNzhlNTQyLWRlOTEtNDFmOC1hMzVmLTI0NGM0MmVhZmQ5OCIsIm5hbWUiOiJlbWFpbCIsInJlcXVpcmVkIjpmYWxzZSwidHlwZSI6InN0cmluZyJ9LCJlbWFpbGFkZHJlc3MiOnsiaWQiOiI4ZWY0ZDBlMS02OTA1LTRlMDktOWZmOC1kNWFlNTI4OTFhODUiLCJuYW1lIjoiZW1haWxhZGRyZXNzIiwicmVxdWlyZWQiOmZhbHNlLCJ0eXBlIjoic3RyaW5nIn0sImZpcnN0X25hbWUiOnsiaWQiOiIzZTNmZjZiOC1iMDgwLTQ1MDQtYjhlMC02OTQ0ODJlMzI2OTEiLCJuYW1lIjoiZmlyc3RfbmFtZSIsInJlcXVpcmVkIjpmYWxzZSwidHlwZSI6InN0cmluZyJ9LCJnaXZlbm5hbWUiOnsiaWQiOiI2MzgyN2JhMy04Zjc3LTQzNmMtODM5Ny04ZDZlMGEyODYwMDYiLCJuYW1lIjoiZ2l2ZW5uYW1lIiwicmVxdWlyZWQiOmZhbHNlLCJ0eXBlIjoic3RyaW5nIn0sImlkZW50aXR5cHJvdmlkZXIiOnsiaWQiOiJhMDYyMWMzMi0zZGQwLTQ0OTQtYThjNC1mNDQwOWM1NDk1ZTIiLCJuYW1lIjoiaWRlbnRpdHlwcm92aWRlciIsInJlcXVpcmVkIjpmYWxzZSwidHlwZSI6InN0cmluZyJ9LCJsYXN0X25hbWUiOnsiaWQiOiIzN2NhNTM3MS02MzM0LTQ3NzEtOTEyOS0zMzEwMDBjOTFmMTQiLCJuYW1lIjoibGFzdF9uYW1lIiwicmVxdWlyZWQiOmZhbHNlLCJ0eXBlIjoic3RyaW5nIn0sIm5hbWUiOnsiaWQiOiI1YTI3NzAwNC0wN2E2LTQxMGYtOTE2NC03Y2JhYmQzNDdmNGQiLCJuYW1lIjoibmFtZSIsInJlcXVpcmVkIjpmYWxzZSwidHlwZSI6InN0cmluZyJ9LCJvYmplY3RHdWlkIjp7ImlkIjoiMzQ2ZDI4ZTAtODllMi00ZjIyLTljMDYtZTA5OGViNGRiY2YwIiwibmFtZSI6Im9iamVjdEd1aWQiLCJyZXF1aXJlZCI6ZmFsc2UsInR5cGUiOiJzdHJpbmcifSwib2JqZWN0aWRlbnRpZmllciI6eyJpZCI6ImI1OWU2OTViLTNhMDctNDNmYi04MTkzLTkxYTM5ZjFkNjI1OCIsIm5hbWUiOiJvYmplY3RpZGVudGlmaWVyIiwicmVxdWlyZWQiOmZhbHNlLCJ0eXBlIjoic3RyaW5nIn0sInBob25lIjp7ImlkIjoiYjJlZWNlZTYtYWYzYS00YWY0LTg4ZjYtNjU4YzQ1MDc0MzQ1IiwibmFtZSI6InBob25lIiwicmVxdWlyZWQiOmZhbHNlLCJ0eXBlIjoic3RyaW5nIn0sInNhbWxfbmFtZWlkIjp7ImlkIjoiOTViODA2ZDgtMzRlYS00ZjYxLWJiOWEtYzlhNmUzZTVkZmM4IiwibmFtZSI6InNhbWxfbmFtZWlkIiwicmVxdWlyZWQiOmZhbHNlLCJ0eXBlIjoic3RyaW5nIn0sInNhbWxfc3ViamVjdCI6eyJpZCI6IjQ0NjkzZDhjLTVhOWQtNDQ3Ni1hNTYzLTFkMTQxYWE5MzIyNSIsIm5hbWUiOiJzYW1sX3N1YmplY3QiLCJyZXF1aXJlZCI6ZmFsc2UsInR5cGUiOiJzdHJpbmcifSwic3VybmFtZSI6eyJpZCI6IjQ2MDdjZjY4LWY3NDItNDBhNS04MTgzLWQyNDRkODU1NmZhOSIsIm5hbWUiOiJzdXJuYW1lIiwicmVxdWlyZWQiOmZhbHNlLCJ0eXBlIjoic3RyaW5nIn0sInRlbmFudGlkIjp7ImlkIjoiMDIxMDViMjEtNDI1Yy00ZGU2LTkyODQtZTFlNTQ1Mzg1NmRmIiwibmFtZSI6InRlbmFudGlkIiwicmVxdWlyZWQiOmZhbHNlLCJ0eXBlIjoic3RyaW5nIn0sInVpZCI6eyJpZCI6IjBmZGE3NTFmLWZmNTctNDYwNC04ZjU1LTFmN2MxYjcxYjkxYyIsIm5hbWUiOiJ1aWQiLCJyZXF1aXJlZCI6ZmFsc2UsInR5cGUiOiJzdHJpbmcifSwidW5pdF9wYXRoIjp7ImlkIjoiZjkwZTc2MjUtMjEwNi00ODRmLTgwNzEtYTliMTQ2Mzg3Mzc2IiwibmFtZSI6InVuaXRfcGF0aCIsInJlcXVpcmVkIjpmYWxzZSwidHlwZSI6InN0cmluZyJ9fSwic19oYXNoIjoiUzZhWE5jcFRkbDdXcHdudHRXeHVvZyIsInRudCI6InNoYXJrLWFjYWRlbXkiLCJ2ZXIiOjF9.klcxIBu2gggfXY-ac5EvF92RYYT0mAVSIZuWr-SqVBR2iWFhEQLRQ7IMGVCKYnOqbmKD-gRgwGAsZNj486WwkYiWjDsrdtl47dTBpKKL_UxO28zl4AnywdODXqxZEQUul40Z0mn-B9dq7SJtZmCYOK1z-9AlIr1KEY7P0FyTX-Q4TMzSFeJIqyWtPd5-x1hfGqAduuiADv0API6Lr12sylspOuweH8Hyx3xBn82tOTcdPDmjl0cIY4EBsCytXAJyzlVxjYhr8gTDJPJn5dLRnEDQsahzpwBaITI4YkoI19COfqDdf3pF-R2-s35NsVWDIt9_PeNzmFagDR4QuInwzM6-euOlhH1LU1QlISkhwu-9huWvAAR1PtRtC8T31GUTmTbIDUjjxp1z_3JRya3oRmXXIClaiVCdLWFRWzYbAkfSrFo_GFsQ90zrbwAgVPNG-BPlOKryU6bnKCTCqWPBqB1xflk3VkvJMLITpQjZ-SCuYGnKH1K_b60WoyFax2GU_Pk4E1Q8n_nSgiy2qWaxKYSRfLHfeWPGJieJz3aiM3CbI5cfdshh8UbBUUDaHEIwHyzXpq7wW_tjnCjpQdVDfXmZInJFG-5kHKhdXsqH87j2h-SLQunasF3dPc1mmXVGkZ9GcNGW6wHDXV_EzZz-ctvXvvLiv1fF87vWSgGUK2c",
- "id_token_keys": [
- [
- "application_metadata",
- null,
- "at_hash"
], - "c_hash",
- "dbs",
- "exp",
- "iat",
- "iss",
- "jti",
- "jtt",
- "nonce",
- [
- "resource_owner_metadata",
- [
- "authnmethodsreferences",
- "displayname",
- "email",
- "emailaddress",
- "first_name",
- "givenname",
- "identityprovider",
- "last_name",
- "name",
- "objectGuid",
- "objectidentifier",
- "phone",
- "saml_nameid",
- "saml_subject",
- "surname",
- "tenantid",
- "uid",
- "unit_path"
]
], - "s_hash",
- "tnt",
- "ver"
]
}
Set User MetaData
After creating a MetaKey
assignable to any user, it's possible to assign a specific value for a specific user for this MetaKey
and that is a MetaData
that will be present in future user's JWT.
⚠️ If a value is already set for the selected MetaKey for the User, the value will be updated with the new value.
RETURNS
The updated user
path Parameters
org_domain required | id Example: misapret Domain is a STRING value in "lowercase" with "dash", generated from the organization name. |
query Parameters
user_id required | string Example: user_id=1fec57ed-b014-47f7-8322-955c8aad58ed The user to update the metadata key/value |
key_name required | string Example: key_name=displayname The key of the value to set |
key_value required | string Example: key_value=awesome-astronaut The value of the key |
Responses
Request samples
- cURL
curl -X PATCH 'https://{{YOUR_CRYPTR_SERVICE_URL}}/api/v2/org/:domain/token-customization/set-user-metadata' \ --header 'Authorization: Bearer YOUR_API_TOKEN' \ --header 'Content-Type: application/json' \ --data-raw '{ "user_id": "1fec57ed-b014-47f7-8322-955c8aad58ed", "key_name": "displayname", "key_value": "awesome-astronaut" }'
Response samples
- 200
{- "__access__": "limited_to:misapret",
- "__domain__": "misapret",
- "__managed_by__": "your_domain",
- "__type__": "User",
- "id": "1fec57ed-b014-47f7-8322-955c8aad58ed",
- "inserted_at": "2022-03-10T08:15:16",
- "metadata": [
- {
- "__access__": "limited_to:misapret",
- "__domain__": "misapret",
- "__managed_by__": "your_domain",
- "__type__": "MetaData",
- "id": "377af4fa-3562-4193-aa9c-0122efc8bd74",
- "key": {
- "__access__": "limited_to:misapret",
- "__domain__": "misapret",
- "__managed_by__": "your_domain",
- "__type__": "MetaKey",
- "id": "9c57ba6f-6089-4624-8a09-cc7eba146e6a",
- "name": "displayname",
- "required": false,
- "type": "string"
}, - "value": "awesome-astronaut"
}
], - "profile": {
- "__access__": "limited_to:misapret",
- "__domain__": "misapret",
- "__managed_by__": "your_domain",
- "__type__": "profile",
- "address": {
- "__access__": "limited_to:misapret",
- "__domain__": "misapret",
- "__environment__": "production",
- "__managed_by__": "your-domain",
- "__type__": "Address",
- "city": "Lille",
- "country": "FR",
- "formatted": "165 avenue de Bretagne\n59000 Lille, France",
- "postal_code": "59000",
- "region": "Nord",
- "street_address": "165 avenue de Bretagne"
}, - "birthdate": "1943-01-19",
- "email": "email@your_domain.co",
- "family_name": "Joplin",
- "gender": "female",
- "given_name": "Janis",
- "locale": "fr",
- "name": "Janis Joplin",
- "phone_number": "+1-555-415-1337",
- "zoneinfo": "America/Los_Angeles"
}, - "updated_at": "2022-03-11T10:34:44"
}
Remove a MetaKey
Use the below request when a MetaKey
is no more useful
RETURNS
The deleted key-value metadata with a confirmation it is deleted.
path Parameters
org_domain required | id Example: misapret Domain is a STRING value in "lowercase" with "dash", generated from the organization name. |
query Parameters
key_name required | string Example: key_name=my user metakey The name of the MetaKey |
Responses
Request samples
- cURL
curl -X DELETE 'https://${YOUR_CRYPTR_SERVICE_URL}/api/v2/org/:domain/token-customization/user-metakey' \ --header 'Authorization: Bearer your_api_key_generated_token' \ --header 'Content-Type: application/json' \ --data-raw '{ "key_name": "my user metakey" }'
Response samples
- 200
{- "deleted": true,
- "resource": {
- "__access__": "limited_to:shark-academy",
- "__domain__": "shark-academy",
- "__managed_by__": "cryptr",
- "__type__": "MetaKey",
- "id": "751d5966-bc6e-4c7d-9855-1072058ed376",
- "name": "my user metakey",
- "required": false,
- "type": "string"
}, - "type": "__Deleted__"
}
List all User MetaKey
List all stored user MetaKey
of the organization.
RETURNS
The list of all user MetaKey
stored on Organization
path Parameters
org_domain required | id Example: misapret Domain is a STRING value in "lowercase" with "dash", generated from the organization name. |
Responses
Request samples
- cURL
curl -v -X GET 'https://${YOUR_CRYPTR_SERVICE_URL}/api/v2/org/:domain/token-customization/user-metakey' \ -H "Accept: application/json" \ -H "Content-Type: application/json" \ -H "Domain: ${YOUR_OWN_DOMAIN}" \ -d '{ { "name": "department", "type": "STRING", "required": "true" } }'
Response samples
- 200
{- "__access__": "limited_to:misapret",
- "__domain__": "misapret",
- "__managed_by__": "your_domain",
- "__type__": "User",
- "id": "1fec57ed-b014-47f7-8322-955c8aad58ed",
- "inserted_at": "2022-03-10T08:15:16",
- "metadata": [
- {
- "__access__": "limited_to:misapret",
- "__domain__": "misapret",
- "__managed_by__": "your_domain",
- "__type__": "MetaData",
- "id": "377af4fa-3562-4193-aa9c-0122efc8bd74",
- "key": {
- "__access__": "limited_to:misapret",
- "__domain__": "misapret",
- "__managed_by__": "your_domain",
- "__type__": "MetaKey",
- "id": "9c57ba6f-6089-4624-8a09-cc7eba146e6a",
- "name": "displayname",
- "required": false,
- "type": "string"
}, - "value": "awesome-astronaut"
}
], - "profile": {
- "__access__": "limited_to:misapret",
- "__domain__": "misapret",
- "__managed_by__": "your_domain",
- "__type__": "profile",
- "address": {
- "__access__": "limited_to:misapret",
- "__domain__": "misapret",
- "__environment__": "production",
- "__managed_by__": "your-domain",
- "__type__": "Address",
- "city": "Lille",
- "country": "FR",
- "formatted": "165 avenue de Bretagne\n59000 Lille, France",
- "postal_code": "59000",
- "region": "Nord",
- "street_address": "165 avenue de Bretagne"
}, - "birthdate": "1943-01-19",
- "email": "email@your_domain.co",
- "family_name": "Joplin",
- "gender": "female",
- "given_name": "Janis",
- "locale": "fr",
- "name": "Janis Joplin",
- "phone_number": "+1-555-415-1337",
- "zoneinfo": "America/Los_Angeles"
}, - "updated_at": "2022-03-11T10:34:44"
}
Create new key values in your JWT
RETURNS
The created MetaKey
path Parameters
org_domain required | id Example: misapret The domain of the organization |
query Parameters
name required | string Example: name=my user metakey The desired name for this new MetaKey, use something understandable for your use case |
type required | string Example: type=string Type of the MetaData that will be associated to the created |
required required | boolean If set to |
Responses
Request samples
- cURL
curl --location -g --request POST 'https://${YOUR_CRYPTR_SERVICE_URL}/api/v2/org/organization-domain/token-customization/user-metakey' \ --header 'Authorization: Bearer your_api_key_generated_token' \ --header 'Content-Type: application/json' \ --data-raw '{ "user_metakey": { "name": "my user metakey", "required": false, "type": "string" } }'
Response samples
- 201
{- "__access__": "limited_to:misapret",
- "__domain__": "misapret",
- "__managed_by__": "your_domain",
- "__type__": "User",
- "id": "1fec57ed-b014-47f7-8322-955c8aad58ed",
- "inserted_at": "2022-03-10T08:15:16",
- "metadata": [
- {
- "__access__": "limited_to:misapret",
- "__domain__": "misapret",
- "__managed_by__": "your_domain",
- "__type__": "MetaData",
- "id": "377af4fa-3562-4193-aa9c-0122efc8bd74",
- "key": {
- "__access__": "limited_to:misapret",
- "__domain__": "misapret",
- "__managed_by__": "your_domain",
- "__type__": "MetaKey",
- "id": "9c57ba6f-6089-4624-8a09-cc7eba146e6a",
- "name": "displayname",
- "required": false,
- "type": "string"
}, - "value": "awesome-astronaut"
}
], - "profile": {
- "__access__": "limited_to:misapret",
- "__domain__": "misapret",
- "__managed_by__": "your_domain",
- "__type__": "profile",
- "address": {
- "__access__": "limited_to:misapret",
- "__domain__": "misapret",
- "__environment__": "production",
- "__managed_by__": "your-domain",
- "__type__": "Address",
- "city": "Lille",
- "country": "FR",
- "formatted": "165 avenue de Bretagne\n59000 Lille, France",
- "postal_code": "59000",
- "region": "Nord",
- "street_address": "165 avenue de Bretagne"
}, - "birthdate": "1943-01-19",
- "email": "email@your_domain.co",
- "family_name": "Joplin",
- "gender": "female",
- "given_name": "Janis",
- "locale": "fr",
- "name": "Janis Joplin",
- "phone_number": "+1-555-415-1337",
- "zoneinfo": "America/Los_Angeles"
}, - "updated_at": "2022-03-11T10:34:44"
}
The Log Event type
client_id | uuid or null If the event is related to an application, the |
database | enum or null Event environment, see page dedicated to the management of your Development/Pre-production VS Production environment |
string or null Email of the user associated to the event | |
event_code | enum Type of event, see full list of events |
id | integer Event identifier |
inserted_at | string Timestamp of the event declaration |
resource_owner_id | uuid or null User resource ID reference associated to the event |
saml_identity_provider_id | id If the event is related to an SSO, the ID will be the identifier of the SSO identity provider, otherwise its value will be empty. |
tenant_domain | string Identifier of the organization in lowercase with a dash, generated from the name. |
{- "__access__": "limited_to:shark-academy",
- "__domain__": "shark-academy",
- "__managed_by__": "cryptr",
- "__type__": "Event",
- "client_id": "81a81b21-93b9-441b-a861-a33dc8c06fea",
- "database": "sandbox",
- "email": "janis.joplin@example.com",
- "event_code": "SSO_END_USER_SAML_STARTED",
- "id": 6,
- "inserted_at": "2022-09-29T15:24:45",
- "resource_owner_id": "75da33e9-2260-4e9e-89cc-528544b4a9a3",
- "saml_identity_provider_id": "shark_academy_GvApidtT9SDEcRoLebjKr9",
- "tenant_domain": "shark-academy"
}
List all Log Events
path Parameters
domain required | string Example: misapret Domain is a STRING value in "lowercase" with "dash", generated from the organization name. |
query Parameters
code | enum Example: code=SSO_END_USER_SAML_STARTED Filter log event by this code |
per_page | integer Example: per_page=8 Precise the size of the pages of the pagination of the list, see how to paginate the Cryptr API. |
page | integer Example: page=12 Page number to return |
saml_identity_provider_id | id Example: saml_identity_provider_id=shark_academy_GvApidtT9SDEcRoLebjKr9 Events related to SSO may be filtered using |
client_id | uuid Example: client_id=81a81b21-93b9-441b-a861-a33dc8c06fea If event related to front process it could be filtered with |
Responses
Request samples
- cURL
curl --location --request GET 'http://localhost:4000/api/v2/org/shark-academy/log-events?code=:code&client_id=:client_id&per_page=:per_page&s=code%2Bdesc&page=:page --header 'Authorization: Bearer your_api_key_generated_token'
Response samples
- 200
{- "__type__": "List",
- "data": [
- {
- "__access__": "limited_to:shark-academy",
- "__domain__": "shark-academy",
- "__environment__": "sandbox",
- "__managed_by__": "cryptr",
- "__type__": "Event",
- "client_id": "fd4006f2-1d80-445e-9b38-b11de549cc4f",
- "database": "sandbox",
- "email": "thomas.dion@example.com",
- "event_code": "SSO_END_USER_SAML_SUCCESS",
- "id": 17,
- "inserted_at": "2022-09-30T09:03:20",
- "resource_owner_id": "75da33e9-2260-4e9e-89cc-528544b4a9a3",
- "saml_identity_provider_id": "shark_academy_GvApidtT9SDEcRoLebjKr9",
- "tenant_domain": "shark-academy"
}, - {
- "__access__": "limited_to:shark-academy",
- "__domain__": "shark-academy",
- "__environment__": "sandbox",
- "__managed_by__": "cryptr",
- "__type__": "Event",
- "client_id": "fd4006f2-1d80-445e-9b38-b11de549cc4f",
- "database": "sandbox",
- "email": "janis.joplin@example.com",
- "event_code": "SSO_END_USER_SAML_SUCCESS",
- "id": 15,
- "inserted_at": "2022-09-30T09:02:07",
- "resource_owner_id": "75da33e9-2260-4e9e-89cc-528544b4a9a3",
- "saml_identity_provider_id": "shark_academy_A4a6A760434B49fEbc4fEc",
- "tenant_domain": "shark-academy"
}
], - "paginate": {
- "current_page": 1,
- "next_page": 0,
- "per_page": 12,
- "prev_page": 0,
- "total_pages": 1
}, - "total_count": 2
}