{
"openapi": "3.0.4",
"info": {
"title": "Signicat OIDC Config API",
"description": "\n- **Base URL**: `https://api.signicat.com/auth/open/config/`\n- **Documentation**: See the [OpenID Connect](/docs/eid-hub/oidc/) developer documentation.\n- **Support**: [Create a support ticket](https://dashboard.signicat.com/contact-us/tickets/) in the Signicat Dashboard.\n\n# Introduction\n\nThe Signicat OIDC Configuration API enables you to manage your OIDC (OpenID Connect) client configuration.\n\nAlternatively, you can manage your OIDC clients manually in the Signicat Dashboard at **Products** > **eID and Wallet Hub** > [**OIDC clients**](https://dashboard.signicat.com/oidc-clients/).\n\nThis API is part of our management APIs, which allow you to programmatically manage configurations that are typically handled in the Signicat Dashboard.\n\nThis REST API uses the OAuth 2.0 protocol for authorisation. All request and response bodies are formatted in JSON.\n",
"contact": "",
"version": "v1",
"license": "",
"termsOfService": ""
},
"servers": [
{
"url": "/auth/open/config"
}
],
"security": [
{
"Signicat-OIDC": []
}
],
"paths": {
"/clients": {
"get": {
"tags": [
"Clients"
],
"summary": "List clients",
"description": "Use this endpoints to view a list of all the clients you have configured",
"parameters": [
{
"name": "primaryGrantType",
"in": "query",
"schema": {
"type": "array",
"items": {
"enum": [
"ClientCredentials",
"AuthorizationCode",
"Hybrid",
"Ciba",
"DeviceFlow"
],
"type": "string"
}
}
},
{
"name": "id",
"in": "query",
"schema": {
"type": "string"
}
},
{
"name": "name",
"in": "query",
"schema": {
"type": "string"
}
},
{
"name": "account",
"in": "query",
"schema": {
"type": "string"
}
},
{
"name": "searchText",
"in": "query",
"schema": {
"type": "string"
}
}
],
"responses": {
"200": {
"description": "OK",
"content": {
"application/json": {
"schema": {
"type": "array",
"items": {
"$ref": "#/components/schemas/ClientDto"
}
}
},
"text/json": {
"schema": {
"type": "array",
"items": {
"$ref": "#/components/schemas/ClientDto"
}
}
}
}
},
"400": {
"description": "Bad Request"
},
"401": {
"description": "Unauthorized"
},
"403": {
"description": "Forbidden"
},
"404": {
"description": "Not Found"
}
}
},
"post": {
"tags": [
"Clients"
],
"summary": "Create configuration",
"description": "Use this endpoint to create a new client configuration",
"requestBody": {
"description": "The client specification.",
"content": {
"application/json-patch+json": {
"schema": {
"$ref": "#/components/schemas/ClientDto"
}
},
"application/json": {
"schema": {
"$ref": "#/components/schemas/ClientDto"
}
},
"text/json": {
"schema": {
"$ref": "#/components/schemas/ClientDto"
}
},
"application/*+json": {
"schema": {
"$ref": "#/components/schemas/ClientDto"
}
}
}
},
"responses": {
"201": {
"description": "Created",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ClientDto"
}
},
"text/json": {
"schema": {
"$ref": "#/components/schemas/ClientDto"
}
}
}
},
"400": {
"description": "Bad Request"
},
"401": {
"description": "Unauthorized"
},
"403": {
"description": "Forbidden"
},
"404": {
"description": "Not Found"
}
}
}
},
"/clients/{clientId}": {
"get": {
"tags": [
"Clients"
],
"summary": "Retrieve client configuration",
"description": "Use this endpoint to retrieve a specific client configuration",
"parameters": [
{
"name": "clientId",
"in": "path",
"description": "The ID of the client",
"required": true,
"schema": {
"type": "string"
}
}
],
"responses": {
"200": {
"description": "OK",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ClientDto"
}
},
"text/json": {
"schema": {
"$ref": "#/components/schemas/ClientDto"
}
}
}
},
"400": {
"description": "Bad Request"
},
"401": {
"description": "Unauthorized"
},
"403": {
"description": "Forbidden"
},
"404": {
"description": "Not Found"
}
}
},
"put": {
"tags": [
"Clients"
],
"summary": "Update configuration",
"description": "Use this endpoint to update an existing client's configuration",
"parameters": [
{
"name": "clientId",
"in": "path",
"description": "The client ID.",
"required": true,
"schema": {
"type": "string"
}
}
],
"requestBody": {
"description": "The updated client specification.",
"content": {
"application/json-patch+json": {
"schema": {
"$ref": "#/components/schemas/ClientDto"
}
},
"application/json": {
"schema": {
"$ref": "#/components/schemas/ClientDto"
}
},
"text/json": {
"schema": {
"$ref": "#/components/schemas/ClientDto"
}
},
"application/*+json": {
"schema": {
"$ref": "#/components/schemas/ClientDto"
}
}
}
},
"responses": {
"200": {
"description": "OK",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ClientDto"
}
},
"text/json": {
"schema": {
"$ref": "#/components/schemas/ClientDto"
}
}
}
},
"400": {
"description": "Bad Request"
},
"401": {
"description": "Unauthorized"
},
"403": {
"description": "Forbidden"
},
"404": {
"description": "Not Found"
}
}
},
"patch": {
"tags": [
"Clients"
],
"summary": "Patch configuration",
"description": "Use this endpoint to update an existing client's configuration",
"parameters": [
{
"name": "clientId",
"in": "path",
"description": "The client ID.",
"required": true,
"schema": {
"type": "string"
}
}
],
"requestBody": {
"description": "The partially updated client specification.",
"content": {
"application/json-patch+json": {
"schema": {
"$ref": "#/components/schemas/PatchClientDto"
}
},
"application/json": {
"schema": {
"$ref": "#/components/schemas/PatchClientDto"
}
},
"text/json": {
"schema": {
"$ref": "#/components/schemas/PatchClientDto"
}
},
"application/*+json": {
"schema": {
"$ref": "#/components/schemas/PatchClientDto"
}
}
}
},
"responses": {
"200": {
"description": "OK",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ClientDto"
}
},
"text/json": {
"schema": {
"$ref": "#/components/schemas/ClientDto"
}
}
}
},
"400": {
"description": "Bad Request"
},
"401": {
"description": "Unauthorized"
},
"403": {
"description": "Forbidden"
},
"404": {
"description": "Not Found"
}
}
},
"delete": {
"tags": [
"Clients"
],
"summary": "Delete configuration",
"description": "Use this endpoint to delete a client configuration",
"parameters": [
{
"name": "clientId",
"in": "path",
"description": "The client ID.",
"required": true,
"schema": {
"type": "string"
}
}
],
"responses": {
"204": {
"description": "No Content"
},
"400": {
"description": "Bad Request"
},
"401": {
"description": "Unauthorized"
},
"403": {
"description": "Forbidden"
},
"404": {
"description": "Not Found"
}
}
}
},
"/clients/{clientId}/lookup": {
"get": {
"tags": [
"Clients"
],
"summary": "Retrieve the org/account id for client configuration",
"description": "Use this endpoint to retrieve a specific client configuration",
"parameters": [
{
"name": "clientId",
"in": "path",
"description": "The ID of the client",
"required": true,
"schema": {
"type": "string"
}
}
],
"responses": {
"200": {
"description": "OK",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ClientIdLookupDto"
}
},
"text/json": {
"schema": {
"$ref": "#/components/schemas/ClientIdLookupDto"
}
}
}
},
"400": {
"description": "Bad Request"
},
"401": {
"description": "Unauthorized"
},
"403": {
"description": "Forbidden"
},
"404": {
"description": "Not Found"
}
}
}
},
"/clients/{clientId}/clone": {
"post": {
"tags": [
"Clients"
],
"summary": "Clone client configuration",
"description": "Use this endpoint to clone an existing client's configuration",
"parameters": [
{
"name": "clientId",
"in": "path",
"description": "The client ID.",
"required": true,
"schema": {
"type": "string"
}
}
],
"responses": {
"201": {
"description": "Created",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ClientDto"
}
},
"text/json": {
"schema": {
"$ref": "#/components/schemas/ClientDto"
}
}
}
},
"400": {
"description": "Bad Request"
},
"401": {
"description": "Unauthorized"
},
"403": {
"description": "Forbidden"
},
"404": {
"description": "Not Found"
}
}
}
},
"/clients/{clientId}/history": {
"get": {
"tags": [
"Clients"
],
"summary": "List client revisions",
"description": "Use this endpoint to view a list of the client revisions, or changes, that have been made to a specific client configuration\n \nTo enumerate all revisions of the resource, start by setting `untilVersion` to the version of the\n resource. If `count` results are returned, repeat the request with `untilVersion` set to\n `data.Version` of the last revision returned. This allows you to page through all the revisions.",
"parameters": [
{
"name": "clientId",
"in": "path",
"description": "The ID of the client",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "untilVersion",
"in": "query",
"description": "The version of the revision before which history should be returned",
"schema": {
"type": "string"
}
},
{
"name": "count",
"in": "query",
"description": "The maximum number of revisions",
"schema": {
"maximum": 100,
"minimum": 1,
"type": "integer",
"format": "int32",
"default": 10
}
}
],
"responses": {
"200": {
"description": "OK",
"content": {
"application/json": {
"schema": {
"type": "array",
"items": {
"$ref": "#/components/schemas/ClientRevisionDto"
}
}
},
"text/json": {
"schema": {
"type": "array",
"items": {
"$ref": "#/components/schemas/ClientRevisionDto"
}
}
}
}
},
"400": {
"description": "Bad Request"
},
"401": {
"description": "Unauthorized"
},
"403": {
"description": "Forbidden"
},
"404": {
"description": "Not Found"
}
}
}
},
"/clients/{clientId}/history/{version}": {
"get": {
"tags": [
"Clients"
],
"summary": "Retrieve client revision configuration",
"description": "Use this endpoint to retrieve a specific client revision configuration",
"parameters": [
{
"name": "clientId",
"in": "path",
"description": "The ID of the client",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "version",
"in": "path",
"description": "The version of the revision",
"required": true,
"schema": {
"type": "string"
}
}
],
"responses": {
"200": {
"description": "OK",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ClientRevisionDto"
}
},
"text/json": {
"schema": {
"$ref": "#/components/schemas/ClientRevisionDto"
}
}
}
},
"400": {
"description": "Bad Request"
},
"401": {
"description": "Unauthorized"
},
"403": {
"description": "Forbidden"
},
"404": {
"description": "Not Found"
}
}
}
},
"/clients/{clientId}/health": {
"get": {
"tags": [
"Clients"
],
"summary": "Client Health Checks results",
"description": "Use this endpoint to get Resource Health Check results",
"parameters": [
{
"name": "clientId",
"in": "path",
"description": "The ID of the client",
"required": true,
"schema": {
"type": "string"
}
}
],
"responses": {
"200": {
"description": "OK",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ClientHealth"
}
},
"text/json": {
"schema": {
"$ref": "#/components/schemas/ClientHealth"
}
}
}
},
"400": {
"description": "Bad Request"
},
"401": {
"description": "Unauthorized"
},
"403": {
"description": "Forbidden"
}
}
}
},
"/clients/{clientId}/custom-claims": {
"get": {
"tags": [
"Custom claims"
],
"summary": "List client custom claims",
"description": "Use this endpoints to view a list of all the custom claims you have configured on a specific client",
"parameters": [
{
"name": "clientId",
"in": "path",
"description": "The ID of the client",
"required": true,
"schema": {
"type": "string"
}
}
],
"responses": {
"200": {
"description": "OK",
"content": {
"application/json": {
"schema": {
"type": "array",
"items": {
"$ref": "#/components/schemas/CustomClaimDto"
}
}
},
"text/json": {
"schema": {
"type": "array",
"items": {
"$ref": "#/components/schemas/CustomClaimDto"
}
}
}
}
},
"401": {
"description": "Unauthorized"
},
"403": {
"description": "Forbidden"
},
"404": {
"description": "Not Found"
}
}
},
"post": {
"tags": [
"Custom claims"
],
"summary": "Create custom claim configuration",
"description": "Create a new custom claim for a specific client",
"parameters": [
{
"name": "clientId",
"in": "path",
"description": "The ID of the client",
"required": true,
"schema": {
"type": "string"
}
}
],
"requestBody": {
"description": "The custom claim specification",
"content": {
"application/json-patch+json": {
"schema": {
"$ref": "#/components/schemas/CustomClaimDto"
}
},
"application/json": {
"schema": {
"$ref": "#/components/schemas/CustomClaimDto"
}
},
"text/json": {
"schema": {
"$ref": "#/components/schemas/CustomClaimDto"
}
},
"application/*+json": {
"schema": {
"$ref": "#/components/schemas/CustomClaimDto"
}
}
}
},
"responses": {
"201": {
"description": "Created",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/CustomClaimDto"
}
},
"text/json": {
"schema": {
"$ref": "#/components/schemas/CustomClaimDto"
}
}
}
},
"400": {
"description": "Bad Request"
},
"401": {
"description": "Unauthorized"
},
"403": {
"description": "Forbidden"
},
"404": {
"description": "Not Found"
}
}
}
},
"/clients/{clientId}/custom-claims/{customClaimId}": {
"get": {
"tags": [
"Custom claims"
],
"summary": "Retrieve client custom claim configuration",
"description": "Use this endpoint to retrieve a specific custom claim configuration on a specific client",
"parameters": [
{
"name": "clientId",
"in": "path",
"description": "The ID of the client",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "customClaimId",
"in": "path",
"description": "The ID of the client custom claim",
"required": true,
"schema": {
"type": "string"
}
}
],
"responses": {
"200": {
"description": "OK",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/CustomClaimDto"
}
},
"text/json": {
"schema": {
"$ref": "#/components/schemas/CustomClaimDto"
}
}
}
},
"401": {
"description": "Unauthorized"
},
"403": {
"description": "Forbidden"
},
"404": {
"description": "Not Found"
}
}
},
"put": {
"tags": [
"Custom claims"
],
"summary": "Update custom claim",
"description": "Update a custom claim on a specific client",
"parameters": [
{
"name": "clientId",
"in": "path",
"description": "The ID of the client",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "customClaimId",
"in": "path",
"description": "The ID of the custom claim to update.",
"required": true,
"schema": {
"type": "string"
}
}
],
"requestBody": {
"description": "The updated custom claim specification.",
"content": {
"application/json-patch+json": {
"schema": {
"$ref": "#/components/schemas/CustomClaimDto"
}
},
"application/json": {
"schema": {
"$ref": "#/components/schemas/CustomClaimDto"
}
},
"text/json": {
"schema": {
"$ref": "#/components/schemas/CustomClaimDto"
}
},
"application/*+json": {
"schema": {
"$ref": "#/components/schemas/CustomClaimDto"
}
}
}
},
"responses": {
"200": {
"description": "OK",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/CustomClaimDto"
}
},
"text/json": {
"schema": {
"$ref": "#/components/schemas/CustomClaimDto"
}
}
}
},
"400": {
"description": "Bad Request"
},
"401": {
"description": "Unauthorized"
},
"403": {
"description": "Forbidden"
},
"404": {
"description": "Not Found"
}
}
},
"delete": {
"tags": [
"Custom claims"
],
"summary": "Remove custom claim",
"description": "Remove a custom claim from a client",
"parameters": [
{
"name": "clientId",
"in": "path",
"description": "The ID of the client",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "customClaimId",
"in": "path",
"description": "The ID of the custom claim to remove.",
"required": true,
"schema": {
"type": "string"
}
}
],
"responses": {
"204": {
"description": "No Content"
},
"401": {
"description": "Unauthorized"
},
"403": {
"description": "Forbidden"
},
"404": {
"description": "Not Found"
}
}
}
},
"/clients/{clientId}/public-keys": {
"get": {
"tags": [
"Public keys"
],
"summary": "List client public keys",
"description": "Use this endpoints to view a list of all the public keys you have configured on a specific client",
"parameters": [
{
"name": "clientId",
"in": "path",
"description": "The ID of the client",
"required": true,
"schema": {
"type": "string"
}
}
],
"responses": {
"200": {
"description": "OK",
"content": {
"application/json": {
"schema": {
"type": "array",
"items": {
"$ref": "#/components/schemas/PublicKeyDto"
}
}
},
"text/json": {
"schema": {
"type": "array",
"items": {
"$ref": "#/components/schemas/PublicKeyDto"
}
}
}
}
},
"400": {
"description": "Bad Request"
},
"401": {
"description": "Unauthorized"
},
"403": {
"description": "Forbidden"
},
"404": {
"description": "Not Found"
}
}
},
"post": {
"tags": [
"Public keys"
],
"summary": "Upload new public key",
"description": "Upload a new public key for a specific client",
"parameters": [
{
"name": "clientId",
"in": "path",
"description": "The client ID.",
"required": true,
"schema": {
"type": "string"
}
}
],
"requestBody": {
"description": "The key specification.",
"content": {
"application/json-patch+json": {
"schema": {
"$ref": "#/components/schemas/PublicKeyDto"
}
},
"application/json": {
"schema": {
"$ref": "#/components/schemas/PublicKeyDto"
}
},
"text/json": {
"schema": {
"$ref": "#/components/schemas/PublicKeyDto"
}
},
"application/*+json": {
"schema": {
"$ref": "#/components/schemas/PublicKeyDto"
}
}
}
},
"responses": {
"201": {
"description": "Created",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/PublicKeyDto"
}
},
"text/json": {
"schema": {
"$ref": "#/components/schemas/PublicKeyDto"
}
}
}
},
"400": {
"description": "Bad Request"
},
"401": {
"description": "Unauthorized"
},
"403": {
"description": "Forbidden"
},
"404": {
"description": "Not Found"
},
"409": {
"description": "Conflict"
}
}
}
},
"/clients/{clientId}/public-keys/{keyId}": {
"put": {
"tags": [
"Public keys"
],
"summary": "Update public key",
"description": "Use this endpoint to update an existing public key",
"parameters": [
{
"name": "clientId",
"in": "path",
"description": "The client ID whose key you want to update.",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "keyId",
"in": "path",
"description": "The ID of the key you want to update.",
"required": true,
"schema": {
"type": "string"
}
}
],
"requestBody": {
"description": "The updated key specification.",
"content": {
"application/json-patch+json": {
"schema": {
"$ref": "#/components/schemas/PublicKeyDto"
}
},
"application/json": {
"schema": {
"$ref": "#/components/schemas/PublicKeyDto"
}
},
"text/json": {
"schema": {
"$ref": "#/components/schemas/PublicKeyDto"
}
},
"application/*+json": {
"schema": {
"$ref": "#/components/schemas/PublicKeyDto"
}
}
}
},
"responses": {
"200": {
"description": "OK",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/PublicKeyDto"
}
},
"text/json": {
"schema": {
"$ref": "#/components/schemas/PublicKeyDto"
}
}
}
},
"400": {
"description": "Bad Request"
},
"401": {
"description": "Unauthorized"
},
"403": {
"description": "Forbidden"
},
"404": {
"description": "Not Found"
}
}
},
"get": {
"tags": [
"Public keys"
],
"summary": "Retrieve client public key configuration",
"description": "Use this endpoint to retrieve a specific client public key configuration on a specific client",
"parameters": [
{
"name": "clientId",
"in": "path",
"description": "The ID of the client",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "keyId",
"in": "path",
"description": "The ID of the client public key",
"required": true,
"schema": {
"type": "string"
}
}
],
"responses": {
"200": {
"description": "OK",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/PublicKeyDto"
}
},
"text/json": {
"schema": {
"$ref": "#/components/schemas/PublicKeyDto"
}
}
}
},
"400": {
"description": "Bad Request"
},
"401": {
"description": "Unauthorized"
},
"403": {
"description": "Forbidden"
},
"404": {
"description": "Not Found"
}
}
},
"delete": {
"tags": [
"Public keys"
],
"summary": "Revoke public key",
"description": "Use this endpoint to revoke a specific client public key configuration on a specific client",
"parameters": [
{
"name": "clientId",
"in": "path",
"description": "The ID of the client",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "keyId",
"in": "path",
"description": "The ID of the client public key",
"required": true,
"schema": {
"type": "string"
}
}
],
"responses": {
"204": {
"description": "No Content"
},
"400": {
"description": "Bad Request"
},
"401": {
"description": "Unauthorized"
},
"403": {
"description": "Forbidden"
},
"404": {
"description": "Not Found"
}
}
}
},
"/clients/{clientId}/secrets": {
"get": {
"tags": [
"Secrets"
],
"summary": "List client secrets",
"description": "Use this endpoints to view a list of all the secrets you have configured on a specific client",
"parameters": [
{
"name": "clientId",
"in": "path",
"description": "The ID of the client",
"required": true,
"schema": {
"type": "string"
}
}
],
"responses": {
"200": {
"description": "OK",
"content": {
"application/json": {
"schema": {
"type": "array",
"items": {
"$ref": "#/components/schemas/SecretDto"
}
}
},
"text/json": {
"schema": {
"type": "array",
"items": {
"$ref": "#/components/schemas/SecretDto"
}
}
}
}
},
"400": {
"description": "Bad Request"
},
"401": {
"description": "Unauthorized"
},
"403": {
"description": "Forbidden"
},
"404": {
"description": "Not Found"
}
}
},
"post": {
"tags": [
"Secrets"
],
"summary": "Generate a client secret",
"description": "Use this endpoint to generate a new client secret",
"parameters": [
{
"name": "clientId",
"in": "path",
"description": "The ID of the client",
"required": true,
"schema": {
"type": "string"
}
}
],
"requestBody": {
"description": "The client secret",
"content": {
"application/json-patch+json": {
"schema": {
"$ref": "#/components/schemas/GenerateSecretDto"
}
},
"application/json": {
"schema": {
"$ref": "#/components/schemas/GenerateSecretDto"
}
},
"text/json": {
"schema": {
"$ref": "#/components/schemas/GenerateSecretDto"
}
},
"application/*+json": {
"schema": {
"$ref": "#/components/schemas/GenerateSecretDto"
}
}
}
},
"responses": {
"201": {
"description": "Created",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/GeneratedSecretDto"
}
},
"text/json": {
"schema": {
"$ref": "#/components/schemas/GeneratedSecretDto"
}
}
}
},
"400": {
"description": "Bad Request"
},
"401": {
"description": "Unauthorized"
},
"403": {
"description": "Forbidden"
},
"404": {
"description": "Not Found"
}
}
}
},
"/clients/{clientId}/secrets/{secretId}": {
"get": {
"tags": [
"Secrets"
],
"summary": "Retrieve client secret configuration",
"description": "Use this endpoint to retrieve a specific secret configuration on a specific client",
"parameters": [
{
"name": "clientId",
"in": "path",
"description": "The ID of the client",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "secretId",
"in": "path",
"description": "The ID of the client secret",
"required": true,
"schema": {
"type": "string"
}
}
],
"responses": {
"200": {
"description": "OK",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/SecretDto"
}
},
"text/json": {
"schema": {
"$ref": "#/components/schemas/SecretDto"
}
}
}
},
"400": {
"description": "Bad Request"
},
"401": {
"description": "Unauthorized"
},
"403": {
"description": "Forbidden"
},
"404": {
"description": "Not Found"
}
}
},
"delete": {
"tags": [
"Secrets"
],
"summary": "Revoke client secret",
"description": "Use this endpoint to revoke a specific secret configuration on a specific client",
"parameters": [
{
"name": "clientId",
"in": "path",
"description": "The ID of the client",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "secretId",
"in": "path",
"description": "The ID of the client secret",
"required": true,
"schema": {
"type": "string"
}
}
],
"responses": {
"204": {
"description": "No Content"
},
"400": {
"description": "Bad Request"
},
"401": {
"description": "Unauthorized"
},
"403": {
"description": "Forbidden"
},
"404": {
"description": "Not Found"
}
}
}
},
"/errors": {
"get": {
"tags": [
"Errors"
],
"summary": "List error codes",
"description": "Use this endpoints to view a list of all the error codes available",
"responses": {
"200": {
"description": "OK",
"content": {
"text/x-confluence-markup": {
"schema": {
"type": "array",
"items": {
"$ref": "#/components/schemas/SignicatErrorTemplateDto"
}
}
},
"application/json": {
"schema": {
"type": "array",
"items": {
"$ref": "#/components/schemas/SignicatErrorTemplateDto"
}
}
},
"text/json": {
"schema": {
"type": "array",
"items": {
"$ref": "#/components/schemas/SignicatErrorTemplateDto"
}
}
}
}
}
}
}
},
"/errors/{errorCode}": {
"get": {
"tags": [
"Errors"
],
"summary": "Retrieve error configuration",
"description": "Use this endpoint to retrieve a specific error configuration",
"parameters": [
{
"name": "errorCode",
"in": "path",
"description": "The error code",
"required": true,
"schema": {
"type": "string"
}
}
],
"responses": {
"200": {
"description": "OK",
"content": {
"text/html": {
"schema": {
"$ref": "#/components/schemas/SignicatErrorTemplateDto"
}
},
"application/json": {
"schema": {
"$ref": "#/components/schemas/SignicatErrorTemplateDto"
}
},
"text/json": {
"schema": {
"$ref": "#/components/schemas/SignicatErrorTemplateDto"
}
}
}
},
"404": {
"description": "Not Found"
}
}
}
}
},
"components": {
"schemas": {
"Acr": {
"type": "object",
"properties": {
"values": {
"maxLength": 255,
"type": "string",
"description": "Gets or Sets the ACR values (space separated).",
"nullable": true,
"example": "idp:dummy"
},
"forced": {
"type": "boolean",
"description": "Gets or sets a value indicating whether gets or Sets if the ACR value should be always used.",
"example": true
}
},
"additionalProperties": false
},
"ClientDto": {
"required": [
"account",
"allowedScopes",
"name",
"primaryGrantType"
],
"type": "object",
"properties": {
"id": {
"maxLength": 100,
"minLength": 8,
"type": "string",
"description": "Client identifier (Globally unique).\n\nIf not provided a new ID will be generated.",
"nullable": true,
"example": "chimney-sweep-monkey"
},
"name": {
"maxLength": 255,
"minLength": 8,
"type": "string",
"description": "Client name.",
"example": "Stupefied animals portal"
},
"account": {
"maxLength": 100,
"minLength": 1,
"type": "string",
"description": "Client account id.",
"example": "a-pdge-kl2234afhrq34422j"
},
"acr": {
"$ref": "#/components/schemas/Acr"
},
"pairWiseSubjectSalt": {
"maxLength": 255,
"type": "string",
"description": "Salt value used in pair-wise subjectId generation for users of this client.",
"nullable": true,
"example": "qfwhqw7832gqhw"
},
"uri": {
"type": "string",
"description": "URI to further information about client (used on consent screen).",
"format": "uri",
"nullable": true,
"example": "https://lost-monkey-client/info"
},
"logoUri": {
"type": "string",
"description": "URI to client logo (used on consent screen).\n\nMust be an absolute URI and Https.",
"format": "uri",
"nullable": true,
"example": "https://lost-monkey-client/photo1.jpg"
},
"encryptIdTokens": {
"type": "boolean",
"description": "Enable/Disable IDTokens encryption.\n\nIf enabled requires public keys allowed to encrypt.",
"default": false,
"example": false
},
"requireSecret": {
"type": "boolean",
"description": "Specifies whether this client needs a secret to request tokens from the token endpoint.\n\nAt least one of these attributes must be 'true' (RequireSecret or RequirePkce).\nWhen 'PrimaryGrantType' is set to 'ClientCredentials' or 'DeviceFlow' it must be 'true'.",
"default": true,
"example": false
},
"requirePkce": {
"type": "boolean",
"description": "Specifies whether clients using an authorization code based grant type must send a proof key.\n\nAt least one of these attributes must be 'true' (RequireSecret or RequirePkce).",
"default": false,
"example": true
},
"requireRequestObject": {
"type": "boolean",
"description": "Specifies whether this client needs to wrap the authorize request parameters in a JWT.\n\nWhen 'PrimaryGrantType' is set to 'ClientCredentials' or 'DeviceFlow' it must be 'false'.",
"default": false,
"example": false
},
"useReferenceAccessTokens": {
"type": "boolean",
"description": "Specifies whether should use reference tokens or not.",
"default": false,
"example": false
},
"redirectUris": {
"maxItems": 200,
"type": "array",
"items": {
"type": "string",
"format": "uri"
},
"description": "Specifies the allowed URIs to return tokens or authorization codes to.\n\nMust have at least one redirect URI in case of PrimaryGrantType attribute is DeviceFlow.\nMust be an absolute URI and Https.\nHttp URIs are only allowed if pointing at localhost.",
"nullable": true,
"example": [
"https://lovelly-monkey-stuff/redirect.html",
"https://final-zoo/"
]
},
"allowedScopes": {
"maxItems": 200,
"type": "array",
"items": {
"type": "string"
},
"description": "Specifies the allowed resources that client as access.",
"example": [
"internal-stuff",
"healthy-food"
]
},
"allowOfflineAccess": {
"type": "boolean",
"description": "Specifies whether this client can request refresh tokens.",
"default": true,
"example": true
},
"allowAccessTokensViaBrowser": {
"type": "boolean",
"description": "Specifies whether this client is allowed to receive access tokens via the browser. This is useful to harden flows that allow multiple response types (e.g. by disallowing a hybrid flow client that is supposed to use code id_token to add the token response type and thus leaking the token to the browser).",
"default": false,
"example": true
},
"postLogoutRedirectUris": {
"maxItems": 200,
"type": "array",
"items": {
"type": "string",
"format": "uri"
},
"description": "Specifies allowed URIs to redirect to after logout. See the OIDC Connect Session Management spec (https://openid.net/specs/openid-connect-session-1_0.html) for more details.",
"nullable": true,
"example": [
"https://lovelly-monkey-stuff/logout.html",
"https://final-zoo/bye"
]
},
"frontChannelLogoutUri": {
"type": "string",
"description": "Specifies logout URI at client for HTTP based front-channel logout. See the OIDC Front-Channel spec (https://openid.net/specs/openid-connect-frontchannel-1_0.html) for more details.\n\nThe URIs must be an absolute URI and Https.\nHttp uris are only allowed if pointing at localhost.",
"format": "uri",
"nullable": true,
"example": "https://lovelly-monkey-stuff/redirect-uri.html"
},
"frontChannelLogoutSessionRequired": {
"type": "boolean",
"description": "Specifies if the user’s session id should be sent to the FrontChannelLogoutUri.",
"default": false,
"example": true
},
"identityProviderRestrictions": {
"maxItems": 200,
"type": "array",
"items": {
"type": "string"
},
"description": "Specifies which external IdPs can be used with this client (if list is empty all IdPs are allowed).\n\nDefaults to empty.",
"nullable": true,
"example": [
"some-idp",
"another-one"
]
},
"userSsoLifetime": {
"maximum": 10800,
"minimum": 1,
"type": "integer",
"description": "The maximum duration (in seconds) since the last time the user authenticated.\n\nYou can adjust the lifetime of a session token to control when and how often a user is required to reenter credentials instead of being silently authenticated, when using a web application.\nThe default value is 3600 seconds.",
"format": "int32",
"default": 3600,
"example": 1200
},
"identityTokenLifetime": {
"maximum": 3600,
"minimum": 1,
"type": "integer",
"description": "Lifetime to identity token in seconds.\n\nThe default value is 600 seconds.",
"format": "int32",
"default": 600,
"example": 500
},
"accessTokenLifetime": {
"maximum": 3600,
"minimum": 1,
"type": "integer",
"description": "Lifetime of access token in seconds.\n\nThe default value is 600 seconds.",
"format": "int32",
"default": 600,
"example": 600
},
"authorizationCodeLifetime": {
"maximum": 60,
"minimum": 1,
"type": "integer",
"description": "Lifetime of authorization code in seconds.\n\nThe default value is 15 seconds.",
"format": "int32",
"default": 15,
"example": 15
},
"absoluteRefreshTokenLifetime": {
"maximum": 2592000,
"minimum": 1,
"type": "integer",
"description": "Maximum lifetime of a refresh token in seconds.\n\nThe default value is 86400 seconds.\nMust be greater then 1 when attribute SlidingRefreshTokenExpiry is off and AllowOfflineAccess is on.",
"format": "int32",
"default": 86400,
"example": 50000
},
"slidingRefreshTokenLifetime": {
"maximum": 1296000,
"minimum": 1,
"type": "integer",
"description": "Sliding lifetime of a refresh token in seconds.\n\nThe default value is 86400 seconds.\nMust be greater then 1 when attribute SlidingRefreshTokenExpiry and AllowOfflineAccess is on.",
"format": "int32",
"default": 86400,
"example": 60000
},
"allowRefreshTokenReuse": {
"type": "boolean",
"description": "Allow reuse refresh token. The refresh token handle will stay the same when refreshing tokens.\n\nIf set to false (default value) then the refresh token handle will be updated when refreshing tokens.",
"default": false,
"example": true
},
"slidingRefreshTokenExpiry": {
"type": "boolean",
"description": "Specifies whether refresh token should expire or not.\n\nCurrently don´t have any default value and fail if not set.\nWhen set to 'true' and AllowOfflineAccess is on then SlidingRefreshTokenLifetime attribute must be greater then 0.\nWhen set to 'false' and AllowOfflineAccess is on then AbsoluteRefreshTokenLifetime attribute must be greater then 0.",
"default": false,
"example": false
},
"deviceCodeLifetime": {
"maximum": 600,
"minimum": 1,
"type": "integer",
"description": "Lifetime to device code in seconds.\n\nThe default value is 300 seconds.\nMust be greater then 0 when PrimaryGrantType attribute is DeviceFlow grant type.",
"format": "int32",
"default": 300,
"example": 100
},
"allowedCorsOrigins": {
"maxItems": 200,
"type": "array",
"items": {
"type": "string"
},
"description": "Specifies the allowed CORS origins that will be used by the default CORS policy service implementations (In-Memory and EF) to build a CORS policy for JavaScript clients.",
"nullable": true,
"example": [
"https://funny-animal.org",
"https://zoo-world.org"
]
},
"primaryGrantType": {
"enum": [
"ClientCredentials",
"AuthorizationCode",
"Hybrid",
"Ciba",
"DeviceFlow"
],
"type": "string",
"description": "Specifies the primary grant type the client is allowed to use.",
"example": "ClientCredentials"
},
"contentEncryptionAlgorithm": {
"enum": [
"A128CBC-HS256",
"A192CBC-HS384",
"A256CBC-HS512"
],
"type": "string",
"description": "Content encryption algorithm for ID tokens and the UserInfo response.\n\nDefaults to A256CBC-HS512.",
"nullable": true,
"example": "A128CBC-HS256"
},
"idTokenUserData": {
"enum": [
"Minimal",
"StandardScopes",
"All"
],
"type": "string",
"description": "Defines the IdToken user data level.",
"example": "StandardScopes"
},
"userInfoResponseType": {
"enum": [
"Json",
"Signed",
"Encrypted",
"SignedAndEncrypted"
],
"type": "string",
"description": "User info response type.\n\nDefaults to 'Json'.",
"nullable": true,
"example": "SignedAndEncrypted"
},
"version": {
"maxLength": 255,
"type": "string",
"description": "Internal version of the client (Read only).",
"nullable": true,
"example": "00000000_2a43947f32e7820a2b567c3351a37046"
},
"requireConsent": {
"type": "boolean",
"description": "Specifies whether a consent screen is required.",
"default": false,
"example": false
},
"createdDate": {
"type": "string",
"description": "Defines when the client was created (Read only).",
"format": "date-time",
"nullable": true,
"example": "\"2022-05-17T16:13:47.3524211+00:00"
},
"lastUpdatedDate": {
"type": "string",
"description": "Defines the last change on the client (Read only).",
"format": "date-time",
"nullable": true,
"example": "2022-05-17T16:13:47.3524453+00:00"
},
"automaticRedirectAfterSignOut": {
"type": "boolean",
"description": "Indicates if after a logout, the client should be redirected automatically.\n\nDepends on the existence of at least one Uri in the PostLogoutRedirectUris property to operate as designed.",
"default": false,
"example": false
},
"usageExternalReference": {
"maxLength": 100,
"type": "string",
"description": "External reference for transaction provided by the customer.\n\nUsed to group transactions together for the customer.orderid:121232",
"nullable": true
},
"subjectLookupsEnabled": {
"type": "boolean",
"description": "Enables the Enterprise Subject Lookup migration feature.\n\nNote: You need admin permissions to enable this feature.",
"default": false,
"nullable": true,
"example": false
},
"useCookieless": {
"type": "boolean",
"description": "Enables the Client to not use cookies.\n\nNote: You need admin permissions to enable this feature.",
"default": false,
"nullable": true,
"example": false
},
"requirePushedAuthorization": {
"type": "boolean",
"description": "Enables the Client to require pushed authorization requests.",
"default": false,
"example": false
},
"isInternalWorkloadClient": {
"type": "boolean",
"description": "Specifies whether the client is a workload client."
},
"forceLogin": {
"type": "boolean",
"description": "Disables SSO for the client."
},
"embeddedParentDomains": {
"maxItems": 200,
"type": "array",
"items": {
"type": "string"
},
"description": "Specify the parent domains that will embed the authentication. This will be used for content security frame ancestor header if set, as an extra security mechanism to protect against clickjacking.",
"nullable": true,
"example": [
"signicat.com",
"example.com"
]
}
},
"additionalProperties": false
},
"ClientHealth": {
"type": "object",
"properties": {
"checks": {
"type": "array",
"items": {
"$ref": "#/components/schemas/ClientHealthDetails"
},
"nullable": true
},
"status": {
"enum": [
"Unhealthy",
"Healthy",
"Warning",
"Skip"
],
"type": "string"
}
},
"additionalProperties": false
},
"ClientHealthDetails": {
"type": "object",
"properties": {
"status": {
"enum": [
"Unhealthy",
"Healthy",
"Warning",
"Skip"
],
"type": "string"
},
"name": {
"type": "string",
"nullable": true
},
"description": {
"type": "string",
"nullable": true
},
"remediation": {
"type": "string",
"nullable": true
},
"data": {
"type": "object",
"additionalProperties": {},
"nullable": true
}
},
"additionalProperties": false
},
"ClientIdLookupDto": {
"type": "object",
"properties": {
"account": {
"type": "string",
"nullable": true
}
},
"additionalProperties": false
},
"ClientRevisionDto": {
"type": "object",
"properties": {
"replacedBy": {
"type": "string",
"description": "Version of Api resource that has been replaced by the current version",
"nullable": true,
"example": "00000001_1de79344221ef5014703401fe2526aa1"
},
"data": {
"$ref": "#/components/schemas/FullClientDto"
}
},
"additionalProperties": false
},
"CustomClaimDto": {
"required": [
"alias",
"claim"
],
"type": "object",
"properties": {
"id": {
"maxLength": 100,
"type": "string",
"description": "The custom claim identifier",
"nullable": true,
"example": "7a482587238ec54198c34e8a0fbdbfbf"
},
"claim": {
"maxLength": 100,
"minLength": 1,
"type": "string",
"description": "The claim to set an alias to",
"example": "personal.name"
},
"alias": {
"maxLength": 100,
"minLength": 1,
"type": "string",
"description": "The alias to the claim",
"example": "name"
},
"version": {
"maxLength": 255,
"type": "string",
"description": "Internal version of the custom claim (Read only).",
"nullable": true,
"example": "00000000_34f4634dd4a3680002a345ef4d89b33"
}
},
"additionalProperties": false,
"description": "Represents a custom claim."
},
"FullClientDto": {
"required": [
"account",
"allowedScopes",
"name",
"primaryGrantType"
],
"type": "object",
"properties": {
"secrets": {
"type": "array",
"items": {
"$ref": "#/components/schemas/SecretDto"
},
"nullable": true
},
"publicKeys": {
"type": "array",
"items": {
"$ref": "#/components/schemas/PublicKeyDto"
},
"nullable": true
},
"customClaims": {
"type": "array",
"items": {
"$ref": "#/components/schemas/CustomClaimDto"
},
"nullable": true
},
"id": {
"maxLength": 100,
"minLength": 8,
"type": "string",
"description": "Client identifier (Globally unique).\n\nIf not provided a new ID will be generated.",
"nullable": true,
"example": "chimney-sweep-monkey"
},
"name": {
"maxLength": 255,
"minLength": 8,
"type": "string",
"description": "Client name.",
"example": "Stupefied animals portal"
},
"account": {
"maxLength": 100,
"minLength": 1,
"type": "string",
"description": "Client account id.",
"example": "a-pdge-kl2234afhrq34422j"
},
"acr": {
"$ref": "#/components/schemas/Acr"
},
"pairWiseSubjectSalt": {
"maxLength": 255,
"type": "string",
"description": "Salt value used in pair-wise subjectId generation for users of this client.",
"nullable": true,
"example": "qfwhqw7832gqhw"
},
"uri": {
"type": "string",
"description": "URI to further information about client (used on consent screen).",
"format": "uri",
"nullable": true,
"example": "https://lost-monkey-client/info"
},
"logoUri": {
"type": "string",
"description": "URI to client logo (used on consent screen).\n\nMust be an absolute URI and Https.",
"format": "uri",
"nullable": true,
"example": "https://lost-monkey-client/photo1.jpg"
},
"encryptIdTokens": {
"type": "boolean",
"description": "Enable/Disable IDTokens encryption.\n\nIf enabled requires public keys allowed to encrypt.",
"default": false,
"example": false
},
"requireSecret": {
"type": "boolean",
"description": "Specifies whether this client needs a secret to request tokens from the token endpoint.\n\nAt least one of these attributes must be 'true' (RequireSecret or RequirePkce).\nWhen 'PrimaryGrantType' is set to 'ClientCredentials' or 'DeviceFlow' it must be 'true'.",
"default": true,
"example": false
},
"requirePkce": {
"type": "boolean",
"description": "Specifies whether clients using an authorization code based grant type must send a proof key.\n\nAt least one of these attributes must be 'true' (RequireSecret or RequirePkce).",
"default": false,
"example": true
},
"requireRequestObject": {
"type": "boolean",
"description": "Specifies whether this client needs to wrap the authorize request parameters in a JWT.\n\nWhen 'PrimaryGrantType' is set to 'ClientCredentials' or 'DeviceFlow' it must be 'false'.",
"default": false,
"example": false
},
"useReferenceAccessTokens": {
"type": "boolean",
"description": "Specifies whether should use reference tokens or not.",
"default": false,
"example": false
},
"redirectUris": {
"maxItems": 200,
"type": "array",
"items": {
"type": "string",
"format": "uri"
},
"description": "Specifies the allowed URIs to return tokens or authorization codes to.\n\nMust have at least one redirect URI in case of PrimaryGrantType attribute is DeviceFlow.\nMust be an absolute URI and Https.\nHttp URIs are only allowed if pointing at localhost.",
"nullable": true,
"example": [
"https://lovelly-monkey-stuff/redirect.html",
"https://final-zoo/"
]
},
"allowedScopes": {
"maxItems": 200,
"type": "array",
"items": {
"type": "string"
},
"description": "Specifies the allowed resources that client as access.",
"example": [
"internal-stuff",
"healthy-food"
]
},
"allowOfflineAccess": {
"type": "boolean",
"description": "Specifies whether this client can request refresh tokens.",
"default": true,
"example": true
},
"allowAccessTokensViaBrowser": {
"type": "boolean",
"description": "Specifies whether this client is allowed to receive access tokens via the browser. This is useful to harden flows that allow multiple response types (e.g. by disallowing a hybrid flow client that is supposed to use code id_token to add the token response type and thus leaking the token to the browser).",
"default": false,
"example": true
},
"postLogoutRedirectUris": {
"maxItems": 200,
"type": "array",
"items": {
"type": "string",
"format": "uri"
},
"description": "Specifies allowed URIs to redirect to after logout. See the OIDC Connect Session Management spec (https://openid.net/specs/openid-connect-session-1_0.html) for more details.",
"nullable": true,
"example": [
"https://lovelly-monkey-stuff/logout.html",
"https://final-zoo/bye"
]
},
"frontChannelLogoutUri": {
"type": "string",
"description": "Specifies logout URI at client for HTTP based front-channel logout. See the OIDC Front-Channel spec (https://openid.net/specs/openid-connect-frontchannel-1_0.html) for more details.\n\nThe URIs must be an absolute URI and Https.\nHttp uris are only allowed if pointing at localhost.",
"format": "uri",
"nullable": true,
"example": "https://lovelly-monkey-stuff/redirect-uri.html"
},
"frontChannelLogoutSessionRequired": {
"type": "boolean",
"description": "Specifies if the user’s session id should be sent to the FrontChannelLogoutUri.",
"default": false,
"example": true
},
"identityProviderRestrictions": {
"maxItems": 200,
"type": "array",
"items": {
"type": "string"
},
"description": "Specifies which external IdPs can be used with this client (if list is empty all IdPs are allowed).\n\nDefaults to empty.",
"nullable": true,
"example": [
"some-idp",
"another-one"
]
},
"userSsoLifetime": {
"maximum": 10800,
"minimum": 1,
"type": "integer",
"description": "The maximum duration (in seconds) since the last time the user authenticated.\n\nYou can adjust the lifetime of a session token to control when and how often a user is required to reenter credentials instead of being silently authenticated, when using a web application.\nThe default value is 3600 seconds.",
"format": "int32",
"default": 3600,
"example": 1200
},
"identityTokenLifetime": {
"maximum": 3600,
"minimum": 1,
"type": "integer",
"description": "Lifetime to identity token in seconds.\n\nThe default value is 600 seconds.",
"format": "int32",
"default": 600,
"example": 500
},
"accessTokenLifetime": {
"maximum": 3600,
"minimum": 1,
"type": "integer",
"description": "Lifetime of access token in seconds.\n\nThe default value is 600 seconds.",
"format": "int32",
"default": 600,
"example": 600
},
"authorizationCodeLifetime": {
"maximum": 60,
"minimum": 1,
"type": "integer",
"description": "Lifetime of authorization code in seconds.\n\nThe default value is 15 seconds.",
"format": "int32",
"default": 15,
"example": 15
},
"absoluteRefreshTokenLifetime": {
"maximum": 2592000,
"minimum": 1,
"type": "integer",
"description": "Maximum lifetime of a refresh token in seconds.\n\nThe default value is 86400 seconds.\nMust be greater then 1 when attribute SlidingRefreshTokenExpiry is off and AllowOfflineAccess is on.",
"format": "int32",
"default": 86400,
"example": 50000
},
"slidingRefreshTokenLifetime": {
"maximum": 1296000,
"minimum": 1,
"type": "integer",
"description": "Sliding lifetime of a refresh token in seconds.\n\nThe default value is 86400 seconds.\nMust be greater then 1 when attribute SlidingRefreshTokenExpiry and AllowOfflineAccess is on.",
"format": "int32",
"default": 86400,
"example": 60000
},
"allowRefreshTokenReuse": {
"type": "boolean",
"description": "Allow reuse refresh token. The refresh token handle will stay the same when refreshing tokens.\n\nIf set to false (default value) then the refresh token handle will be updated when refreshing tokens.",
"default": false,
"example": true
},
"slidingRefreshTokenExpiry": {
"type": "boolean",
"description": "Specifies whether refresh token should expire or not.\n\nCurrently don´t have any default value and fail if not set.\nWhen set to 'true' and AllowOfflineAccess is on then SlidingRefreshTokenLifetime attribute must be greater then 0.\nWhen set to 'false' and AllowOfflineAccess is on then AbsoluteRefreshTokenLifetime attribute must be greater then 0.",
"default": false,
"example": false
},
"deviceCodeLifetime": {
"maximum": 600,
"minimum": 1,
"type": "integer",
"description": "Lifetime to device code in seconds.\n\nThe default value is 300 seconds.\nMust be greater then 0 when PrimaryGrantType attribute is DeviceFlow grant type.",
"format": "int32",
"default": 300,
"example": 100
},
"allowedCorsOrigins": {
"maxItems": 200,
"type": "array",
"items": {
"type": "string"
},
"description": "Specifies the allowed CORS origins that will be used by the default CORS policy service implementations (In-Memory and EF) to build a CORS policy for JavaScript clients.",
"nullable": true,
"example": [
"https://funny-animal.org",
"https://zoo-world.org"
]
},
"primaryGrantType": {
"enum": [
"ClientCredentials",
"AuthorizationCode",
"Hybrid",
"Ciba",
"DeviceFlow"
],
"type": "string",
"description": "Specifies the primary grant type the client is allowed to use.",
"example": "ClientCredentials"
},
"contentEncryptionAlgorithm": {
"enum": [
"A128CBC-HS256",
"A192CBC-HS384",
"A256CBC-HS512"
],
"type": "string",
"description": "Content encryption algorithm for ID tokens and the UserInfo response.\n\nDefaults to A256CBC-HS512.",
"nullable": true,
"example": "A128CBC-HS256"
},
"idTokenUserData": {
"enum": [
"Minimal",
"StandardScopes",
"All"
],
"type": "string",
"description": "Defines the IdToken user data level.",
"example": "StandardScopes"
},
"userInfoResponseType": {
"enum": [
"Json",
"Signed",
"Encrypted",
"SignedAndEncrypted"
],
"type": "string",
"description": "User info response type.\n\nDefaults to 'Json'.",
"nullable": true,
"example": "SignedAndEncrypted"
},
"version": {
"maxLength": 255,
"type": "string",
"description": "Internal version of the client (Read only).",
"nullable": true,
"example": "00000000_2a43947f32e7820a2b567c3351a37046"
},
"requireConsent": {
"type": "boolean",
"description": "Specifies whether a consent screen is required.",
"default": false,
"example": false
},
"createdDate": {
"type": "string",
"description": "Defines when the client was created (Read only).",
"format": "date-time",
"nullable": true,
"example": "\"2022-05-17T16:13:47.3524211+00:00"
},
"lastUpdatedDate": {
"type": "string",
"description": "Defines the last change on the client (Read only).",
"format": "date-time",
"nullable": true,
"example": "2022-05-17T16:13:47.3524453+00:00"
},
"automaticRedirectAfterSignOut": {
"type": "boolean",
"description": "Indicates if after a logout, the client should be redirected automatically.\n\nDepends on the existence of at least one Uri in the PostLogoutRedirectUris property to operate as designed.",
"default": false,
"example": false
},
"usageExternalReference": {
"maxLength": 100,
"type": "string",
"description": "External reference for transaction provided by the customer.\n\nUsed to group transactions together for the customer.orderid:121232",
"nullable": true
},
"subjectLookupsEnabled": {
"type": "boolean",
"description": "Enables the Enterprise Subject Lookup migration feature.\n\nNote: You need admin permissions to enable this feature.",
"default": false,
"nullable": true,
"example": false
},
"useCookieless": {
"type": "boolean",
"description": "Enables the Client to not use cookies.\n\nNote: You need admin permissions to enable this feature.",
"default": false,
"nullable": true,
"example": false
},
"requirePushedAuthorization": {
"type": "boolean",
"description": "Enables the Client to require pushed authorization requests.",
"default": false,
"example": false
},
"isInternalWorkloadClient": {
"type": "boolean",
"description": "Specifies whether the client is a workload client."
},
"forceLogin": {
"type": "boolean",
"description": "Disables SSO for the client."
},
"embeddedParentDomains": {
"maxItems": 200,
"type": "array",
"items": {
"type": "string"
},
"description": "Specify the parent domains that will embed the authentication. This will be used for content security frame ancestor header if set, as an extra security mechanism to protect against clickjacking.",
"nullable": true,
"example": [
"signicat.com",
"example.com"
]
}
},
"additionalProperties": false
},
"GenerateSecretDto": {
"required": [
"name"
],
"type": "object",
"properties": {
"name": {
"maxLength": 255,
"minLength": 1,
"type": "string",
"description": "Secret name",
"example": "The most rare beauty secret"
}
},
"additionalProperties": false
},
"GeneratedSecretDto": {
"required": [
"name",
"plainText"
],
"type": "object",
"properties": {
"id": {
"type": "string",
"description": "Secret identifier",
"nullable": true,
"example": "rare-beauty-secret"
},
"name": {
"minLength": 1,
"type": "string",
"description": "Secret name",
"example": "The most rare beauty secret"
},
"plainText": {
"minLength": 1,
"type": "string",
"description": "Secret data in plain text",
"example": "T29vb3BwcHNzcyAuLi4geW91IGZvdW5kIG1lISEgVGhpcyBpcyB0aGUgbW9zdCBiZWF1dHkgYW5kIHJhcmUgc2VjcmV0IGZha2UgZGF0YSEhISA6LSk="
}
},
"additionalProperties": false
},
"PatchClientDto": {
"type": "object",
"properties": {
"name": {
"maxLength": 255,
"type": "string",
"description": "Client name.",
"nullable": true,
"example": "Stupefied animals portal."
},
"acr": {
"$ref": "#/components/schemas/Acr"
},
"pairWiseSubjectSalt": {
"maxLength": 255,
"type": "string",
"description": "Salt value used in pair-wise subjectId generation for users of this client.",
"nullable": true,
"example": "qfwhqw7832gqhw."
},
"uri": {
"type": "string",
"description": "URI to further information about client (used on consent screen).",
"format": "uri",
"nullable": true,
"example": "https://lost-monkey-client/info."
},
"logoUri": {
"type": "string",
"description": "URI to client logo (used on consent screen).\n\nMust be an absolute URI and Https.",
"format": "uri",
"nullable": true,
"example": "https://lost-monkey-client/photo1.jpg."
},
"encryptIdTokens": {
"type": "boolean",
"description": "Enable/Disable IDTokens encryption.\n\nIf enabled requires public keys allowed to encrypt.",
"nullable": true
},
"requireSecret": {
"type": "boolean",
"description": "Specifies whether this client needs a secret to request tokens from the token endpoint.\n\nAt least one of these attributes must be 'true' (RequireSecret or RequirePkce).\nWhen 'PrimaryGrantType' is set to 'ClientCredentials' or 'DeviceFlow' it must be 'true'.",
"nullable": true
},
"requirePkce": {
"type": "boolean",
"description": "Specifies whether clients using an authorization code based grant type must send a proof key.\n\nAt least one of these attributes must be 'true' (RequireSecret or RequirePkce).",
"nullable": true
},
"requireRequestObject": {
"type": "boolean",
"description": "Specifies whether this client needs to wrap the authorize request parameters in a JWT.\n\nWhen 'PrimaryGrantType' is set to 'ClientCredentials' or 'DeviceFlow' it must be 'false'.",
"nullable": true
},
"useReferenceAccessTokens": {
"type": "boolean",
"description": "Specifies whether should use reference tokens or not.",
"nullable": true
},
"redirectUris": {
"maxItems": 200,
"type": "array",
"items": {
"type": "string",
"format": "uri"
},
"description": "Specifies the allowed URIs to return tokens or authorization codes to.\n\nMust have at least one redirect URI in case of PrimaryGrantType attribute is DeviceFlow.\nMust be an absolute URI and Https.\nHttp URIs are only allowed if pointing at localhost.",
"nullable": true
},
"allowedScopes": {
"maxItems": 200,
"type": "array",
"items": {
"type": "string"
},
"description": "Specifies the allowed resources that client as access.",
"nullable": true
},
"allowOfflineAccess": {
"type": "boolean",
"description": "Specifies whether this client can request refresh tokens.",
"nullable": true
},
"allowAccessTokensViaBrowser": {
"type": "boolean",
"description": "Specifies whether this client is allowed to receive access tokens via the browser. This is useful to harden flows that allow multiple response types (e.g. by disallowing a hybrid flow client that is supposed to use code id_token to add the token response type and thus leaking the token to the browser).",
"nullable": true
},
"postLogoutRedirectUris": {
"maxItems": 200,
"type": "array",
"items": {
"type": "string",
"format": "uri"
},
"description": "Specifies allowed URIs to redirect to after logout. See the OIDC Connect Session Management spec (https://openid.net/specs/openid-connect-session-1_0.html) for more details.",
"nullable": true
},
"frontChannelLogoutUri": {
"type": "string",
"description": "Specifies logout URI at client for HTTP based front-channel logout. See the OIDC Front-Channel spec (https://openid.net/specs/openid-connect-frontchannel-1_0.html) for more details.\n\nThe URIs must be an absolute URI and Https.\nHttp uris are only allowed if pointing at localhost.",
"format": "uri",
"nullable": true,
"example": "https://lovelly-monkey-stuff/redirect-uri.html."
},
"frontChannelLogoutSessionRequired": {
"type": "boolean",
"description": "Specifies if the user’s session id should be sent to the FrontChannelLogoutUri.",
"nullable": true
},
"identityProviderRestrictions": {
"maxItems": 200,
"type": "array",
"items": {
"type": "string"
},
"description": "Specifies which external IdPs can be used with this client (if list is empty all IdPs are allowed).\n\nDefaults to empty.",
"nullable": true
},
"userSsoLifetime": {
"maximum": 10800,
"minimum": 1,
"type": "integer",
"description": "The maximum duration (in seconds) since the last time the user authenticated.\n\nYou can adjust the lifetime of a session token to control when and how often a user is required to reenter credentials instead of being silently authenticated, when using a web application.\nThe default value is 3600 seconds.",
"format": "int32",
"nullable": true
},
"identityTokenLifetime": {
"maximum": 3600,
"minimum": 1,
"type": "integer",
"description": "Lifetime to identity token in seconds.\n\nThe default value is 600 seconds.",
"format": "int32",
"nullable": true
},
"accessTokenLifetime": {
"maximum": 3600,
"minimum": 1,
"type": "integer",
"description": "Lifetime of access token in seconds.\n\nThe default value is 600 seconds.",
"format": "int32",
"nullable": true
},
"authorizationCodeLifetime": {
"maximum": 60,
"minimum": 1,
"type": "integer",
"description": "Lifetime of authorization code in seconds.\n\nThe default value is 15 seconds.",
"format": "int32",
"nullable": true
},
"absoluteRefreshTokenLifetime": {
"maximum": 2592000,
"minimum": 1,
"type": "integer",
"description": "Maximum lifetime of a refresh token in seconds.\n\nThe default value is 86400 seconds.\nMust be greater then 1 when attribute SlidingRefreshTokenExpiry is off and AllowOfflineAccess is on.",
"format": "int32",
"nullable": true
},
"slidingRefreshTokenLifetime": {
"maximum": 1296000,
"minimum": 1,
"type": "integer",
"description": "Sliding lifetime of a refresh token in seconds.\n\nThe default value is 86400 seconds.\nMust be greater then 1 when attribute SlidingRefreshTokenExpiry and AllowOfflineAccess is on.",
"format": "int32",
"nullable": true
},
"allowRefreshTokenReuse": {
"type": "boolean",
"description": "Allow reuse refresh token. The refresh token handle will stay the same when refreshing tokens.\n\nIf set to false (default value) then the refresh token handle will be updated when refreshing tokens.",
"nullable": true
},
"slidingRefreshTokenExpiry": {
"type": "boolean",
"description": "Specifies whether refresh token should expire or not.\n\nCurrently don´t have any default value and fail if not set.\nWhen set to 'true' and AllowOfflineAccess is on then SlidingRefreshTokenLifetime attribute must be greater then 0.\nWhen set to 'false' and AllowOfflineAccess is on then AbsoluteRefreshTokenLifetime attribute must be greater then 0.",
"nullable": true
},
"deviceCodeLifetime": {
"maximum": 600,
"minimum": 1,
"type": "integer",
"description": "Lifetime to device code in seconds.\n\nThe default value is 300 seconds.\nMust be greater then 0 when PrimaryGrantType attribute is DeviceFlow grant type.",
"format": "int32",
"nullable": true
},
"allowedCorsOrigins": {
"maxItems": 200,
"type": "array",
"items": {
"type": "string"
},
"description": "Specifies the allowed CORS origins that will be used by the default CORS policy service implementations (In-Memory and EF) to build a CORS policy for JavaScript clients.",
"nullable": true
},
"primaryGrantType": {
"enum": [
"ClientCredentials",
"AuthorizationCode",
"Hybrid",
"Ciba",
"DeviceFlow"
],
"type": "string",
"description": "Specifies the primary grant type the client is allowed to use.",
"nullable": true,
"example": "ClientCredentials."
},
"contentEncryptionAlgorithm": {
"enum": [
"A128CBC-HS256",
"A192CBC-HS384",
"A256CBC-HS512"
],
"type": "string",
"description": "Content encryption algorithm for ID tokens and the UserInfo response.\n\nDefaults to A256CBC-HS512.",
"nullable": true,
"example": "A128CBC-HS256."
},
"idTokenUserData": {
"enum": [
"Minimal",
"StandardScopes",
"All"
],
"type": "string",
"description": "Defines the IdToken user data level.",
"nullable": true,
"example": "StandardScopes."
},
"userInfoResponseType": {
"enum": [
"Json",
"Signed",
"Encrypted",
"SignedAndEncrypted"
],
"type": "string",
"description": "User info response type.\n\nDefaults to 'Json'.",
"nullable": true,
"example": "SignedAndEncrypted."
},
"version": {
"maxLength": 255,
"type": "string",
"description": "Internal version of the client (Read only).",
"nullable": true,
"example": "00000000_2a43947f32e7820a2b567c3351a37046."
},
"requireConsent": {
"type": "boolean",
"description": "Specifies whether a consent screen is required.",
"nullable": true
},
"lastUpdatedDate": {
"type": "string",
"description": "Defines the last change on the client (Read only).",
"format": "date-time",
"example": "2022-05-17T16:13:47.3524453+00:00."
},
"automaticRedirectAfterSignOut": {
"type": "boolean",
"description": "Indicates if after a logout, the client should be redirected automatically.\n\nDepends on the existence of at least one Uri in the PostLogoutRedirectUris property to operate as designed.",
"nullable": true
},
"usageExternalReference": {
"maxLength": 100,
"type": "string",
"description": "External reference for transaction provided by the customer.\n\nUsed to group transactions together for the customer.orderid:121232",
"nullable": true
},
"subjectLookupsEnabled": {
"type": "boolean",
"description": "Enables the Enterprise Subject Lookup migration feature.\n\nNote: You need admin permissions to enable this feature.",
"nullable": true
},
"useCookieless": {
"type": "boolean",
"description": "Enables the Client to not use cookies.\n\nNote: You need admin permissions to enable this feature.",
"nullable": true
},
"requirePushedAuthorization": {
"type": "boolean",
"description": "Enables the Client to require pushed authorization requests.",
"nullable": true
},
"embeddedParentDomains": {
"maxItems": 200,
"type": "array",
"items": {
"type": "string"
},
"description": "Specify the parent domains that will embed the authentication. This will be used for content security frame ancestor header if set, as an extra security mechanism to protect against clickjacking.",
"nullable": true
}
},
"additionalProperties": false
},
"PublicKeyDto": {
"type": "object",
"properties": {
"id": {
"maxLength": 100,
"minLength": 8,
"type": "string",
"description": "Public key identifier",
"nullable": true,
"example": "smart-lemon-tree"
},
"type": {
"enum": [
"X509Certificate",
"JWK"
],
"type": "string",
"description": "Public key type",
"nullable": true,
"example": "X509Certificate"
},
"usage": {
"enum": [
"Signing",
"Encryption"
],
"type": "string",
"description": "The valid cryptographic uses of the certificate's public key",
"nullable": true,
"example": "Signing"
},
"data": {
"maxLength": 2048,
"type": "string",
"description": "Public key data",
"nullable": true,
"example": "T29vb3BwcHNzcyAuLi4geW91IGZvdW5kIG15IGxlbW9ucyEhIEknbSB0aGUgc21hcnRlc3QgdHJlZSBpbiB0aGUgd29ybGQhISEgQUhBSEEgOi0p"
},
"name": {
"maxLength": 255,
"type": "string",
"description": "Public key name",
"nullable": true,
"example": "The Smart Lemon Tree"
},
"notBefore": {
"type": "string",
"description": "The earliest time and date on which the certificate is valid",
"format": "date-time",
"nullable": true,
"example": "\"2026-05-17T16:13:47.3524211+00:00"
},
"notAfter": {
"type": "string",
"description": "The time and date past which the certificate is no longer valid",
"format": "date-time",
"nullable": true,
"example": "\"2022-05-17T16:13:47.3524211+00:00"
},
"version": {
"maxLength": 255,
"type": "string",
"description": "Version of Public key",
"nullable": true,
"example": "00000005_1de79344221ef5014703401fe2526aa1"
}
},
"additionalProperties": false
},
"SecretDto": {
"required": [
"name"
],
"type": "object",
"properties": {
"id": {
"minLength": 8,
"type": "string",
"description": "Secret identifier",
"nullable": true,
"example": "rare-beauty-secret"
},
"name": {
"minLength": 8,
"type": "string",
"description": "Secret name",
"example": "The most rare beauty secret"
},
"version": {
"type": "string",
"description": "Secret version",
"nullable": true,
"example": "00000003_2a43947f32e7820a2b567c3351a37046"
},
"createdDate": {
"type": "string",
"description": "Defines when the client was created (Read only).",
"format": "date-time",
"nullable": true,
"example": "\"2022-05-17T16:13:47.3524211+00:00"
},
"userCreator": {
"type": "string",
"description": "User that created the secret identified by the idp id",
"nullable": true,
"example": "1234"
}
},
"additionalProperties": false
},
"SignicatErrorTemplateDto": {
"type": "object",
"properties": {
"errorCode": {
"type": "string",
"description": "The Signicat Error Code of the error type",
"nullable": true,
"example": "AUS-1100"
},
"title": {
"type": "string",
"description": "Short summary of the error type",
"nullable": true,
"example": "Client not found."
},
"httpStatus": {
"type": "integer",
"description": "The HTTP status code associated with the error type",
"format": "int32",
"nullable": true,
"example": 404
},
"detailsTemplate": {
"type": "string",
"description": "Template of the details provided in the error message",
"nullable": true,
"example": "Client with ID {clientId} does not exist."
},
"description": {
"type": "string",
"description": "Extensive markdown description of the error",
"nullable": true,
"example": "Ensure your ID is correct. The client may have been deleted"
}
},
"additionalProperties": false
}
},
"securitySchemes": {
"Signicat-OIDC": {
"type": "oauth2",
"flows": {
"clientCredentials": {
"tokenUrl": "http://api.signicat.com/auth/open/connect/token",
"scopes": {}
},
"authorizationCode": {
"authorizationUrl": "http://api.signicat.com/auth/open/connect/authorize",
"tokenUrl": "http://api.signicat.com/auth/open/connect/token",
"scopes": {
"openid": "OpenID User id",
"signicat-api": "Signicat API"
}
}
}
}
}
}
}