1 of 8

OAuth Management

The OAuth Management API provides routes for:

managing the primary OAuth client
creating and managing secondary OAuth clients

About OAuth Clients

During initial onboarding for the Integration API, iownit creates your OAuth client for your primary integration with the iownit platform. If you have multiple back-office apps that need to integrate with the platform, you will need to create secondary OAuth clients. These clients are linked to the same organization and are managed by the primary OAuth client. Secondary clients usually perform a subset of tasks and, therefore, require a smaller access scope.

Determining the Required Scope

The OAuth scope required for each endpoint in the Integration API is included in the description for each endpoint.

To find the required scope for an endpoint in the json file:

Access the underlying json file in Swagger.
You can do this by clicking the link in the upper right corner of the Swagger display.

Download the JSON file.
Open the file in an editor that parses the JSON.
For example, you can use editor.swagger.io.

Locate the endpoint of interest.
Scroll to the security section of the endpoint spec. The scope is listed under oauth2.

Endpoints

Create OAuth Client

Update OAuth Client

Reset OAuth Client Password

Update Own Password

Remove OAuth Client

Getters

Get All OAuth Clients for Current Organization

Get Current OAuth Client

AM/FA/Inv - Create OAuth Client

Details

/external/v1/oauth/client

Synopsis

AM/FA/Inv - Update OAuth Client

Details

/external/v1/oauth/client

Synopsis

AM/FA/Inv - Reset OAuth Client Password

Details

Synopsis

AM/FA/Inv - Update Own Password

Details

/external/v1/oauth/password

Synopsis

AM/FA/Inv - Remove OAuth Client

Details

/external/v1/oauth/client/{clientId}

Synopsis

AM/FA/Inv - Get All OAuth Clients for Current Organization

Details

/external/v1/oauth/client/current

Synopsis

AM/FA/Inv - Get Current OAuth Client

Details

/external/v1/oauth/client/current

Synopsis

OAuth Management

The OAuth Management API provides routes for:

managing the primary OAuth client
creating and managing secondary OAuth clients

About OAuth Clients

Determining the Required Scope

The OAuth scope required for each endpoint in the Integration API is included in the description for each endpoint.

To find the required scope for an endpoint in the json file:

Access the underlying json file in Swagger.
You can do this by clicking the link in the upper right corner of the Swagger display.

Download the JSON file.
Open the file in an editor that parses the JSON.
For example, you can use editor.swagger.io.

Locate the endpoint of interest.
Scroll to the security section of the endpoint spec. The scope is listed under oauth2.

Endpoints

Create OAuth Client

Update OAuth Client

Reset OAuth Client Password

Update Own Password

Remove OAuth Client

Getters

Get All OAuth Clients for Current Organization

Get Current OAuth Client

Create OAuth Client

post

This route is used to create a new OAuth client. This new client will be linked to the same organization as the client that is making the current request.

This route will typically be used by the primary OAuth client of the organization to register other clients to be used by different back-office apps to execute a subset of actions.

This endpoint can be called by applications with access to scope "manageExternalClients".

Authorizations

Body

passwordstring · min: 8 · max: 72Required

The password of this OAuth client

Example: u7/JvJ+:X?Wc]6}.

applicationstringRequired

The name of application that this client is associated with.

Example: TEST1234 App

Responses

201

Successfully registered the OAuth client

application/json

400

The following error codes can be returned: - GN0002 Please refer to the error code dictionary for the details of each error code.

application/json

401

The following error codes can be returned: - AU0001 Please refer to the error code dictionary for the details of each error code.

application/json

403

The following error codes can be returned: - AU0002 - AU0008 Please refer to the error code dictionary for the details of each error code.

application/json

409

The following error codes can be returned: - AU0009 Please refer to the error code dictionary for the details of each error code.

application/json

post

POST /external/v1/oauth/client HTTP/1.1
Host: 
Authorization: Bearer YOUR_OAUTH2_TOKEN
Content-Type: application/json
Accept: */*
Content-Length: 181

{
  "extraData": {
    "externalId": "123456789",
    "some": "Custom Property"
  },
  "accessScopes": [
    "createSubscription",
    "readSubscription"
  ],
  "password": "u7/JvJ+:X?Wc]6}.",
  "application": "TEST1234 App"
}

{
  "extraData": {
    "externalId": "123456789",
    "some": "Custom Property"
  },
  "clientId": "TEST1234",
  "accessScopes": [
    "createSubscription",
    "readSubscription"
  ],
  "application": "TEST1234 App"
}

Update OAuth Client

put

This route is used to update an existing OAuth client.

This route would typically be used to grant or revoke access scopes to a specific client.

This endpoint can be called by applications with access to scope "manageExternalClients".

Authorizations

Body

clientIdstring · min: 5 · max: 50Required

The unique identifier of the OAuth client. Must be alphanumeric

Example: TEST1234Pattern: ^[a-zA-Z0-9-]*$

applicationstringRequired

The name of application that this API client is associated with.

Example: TEST1234 App

Responses

204

Successfully updated OAuth client

400

The following error codes can be returned: - GN0002 Please refer to the error code dictionary for the details of each error code.

application/json

401

The following error codes can be returned: - AU0001 Please refer to the error code dictionary for the details of each error code.

application/json

403

The following error codes can be returned: - AU0002 - AU0008 Please refer to the error code dictionary for the details of each error code.

application/json

404

The following error codes can be returned: - AU0005 - AU0006 Please refer to the error code dictionary for the details of each error code.

application/json

put

PUT /external/v1/oauth/client HTTP/1.1
Host: 
Authorization: Bearer YOUR_OAUTH2_TOKEN
Content-Type: application/json
Accept: */*
Content-Length: 173

{
  "extraData": {
    "externalId": "123456789",
    "some": "Custom Property"
  },
  "clientId": "TEST1234",
  "accessScopes": [
    "createSubscription",
    "readSubscription"
  ],
  "application": "TEST1234 App"
}

No content

Reset OAuth Client Password

put

This route is used by the primary OAuth client to set a new password for other clients.

This route will typically be used an OAuth client loses their password.

This endpoint can be called by applications with access to scope "manageExternalClients".

Authorizations

Body

passwordstring · min: 8 · max: 72Required

The password of this OAuth client

Example: u7/JvJ+:X?Wc]6}.

clientIdstring · min: 5 · max: 50Required

The unique identifier of the OAuth client. Must be alphanumeric

Example: TEST1234Pattern: ^[a-zA-Z0-9-]*$

Responses

204

Successfully updated OAuth client's password

400

The following error codes can be returned: - GN0002 Please refer to the error code dictionary for the details of each error code.

application/json

401

The following error codes can be returned: - AU0001 Please refer to the error code dictionary for the details of each error code.

application/json

403

The following error codes can be returned: - AU0002 - AU0007 - AU0008 Please refer to the error code dictionary for the details of each error code.

application/json

404

The following error codes can be returned: - AU0005 - AU0006 Please refer to the error code dictionary for the details of each error code.

application/json

put

PUT /external/v1/oauth/client/password-reset HTTP/1.1
Host: 
Authorization: Bearer YOUR_OAUTH2_TOKEN
Content-Type: application/json
Accept: */*
Content-Length: 53

{
  "password": "u7/JvJ+:X?Wc]6}.",
  "clientId": "TEST1234"
}

No content

Get Current OAuth client

get

This route is to be used by an OAuth client to get its own information. The client should be authenticated and a valid access token provided.

Authorizations

Responses

200

Successfully obtained the data

application/json

401

The following error codes can be returned: - AU0001 Please refer to the error code dictionary for the details of each error code.

application/json

404

The following error codes can be returned: - AU0006 Please refer to the error code dictionary for the details of each error code.

application/json

get

GET /external/v1/oauth/client/current HTTP/1.1
Host: 
Authorization: Bearer YOUR_OAUTH2_TOKEN
Accept: */*

{
  "extraData": {
    "externalId": "123456789",
    "some": "Custom Property"
  },
  "clientId": "TEST1234",
  "accessScopes": [
    "createSubscription",
    "readSubscription"
  ],
  "application": "TEST1234 App"
}

Update Own Password

put

This route is to be used by an OAuth client to update its own password. The client should be authenticated and a valid access token provided.

Authorizations

Body

passwordstring · min: 8 · max: 72Required

The password of this OAuth client

Example: u7/JvJ+:X?Wc]6}.

Responses

204

Successfully updated the password of the OAuth client identified by the provided access token

400

The following error codes can be returned: - GN0002 Please refer to the error code dictionary for the details of each error code.

application/json

401

The following error codes can be returned: - AU0001 Please refer to the error code dictionary for the details of each error code.

application/json

404

The following error codes can be returned: - AU0006 Please refer to the error code dictionary for the details of each error code.

application/json

put

PUT /external/v1/oauth/password HTTP/1.1
Host: 
Authorization: Bearer YOUR_OAUTH2_TOKEN
Content-Type: application/json
Accept: */*
Content-Length: 31

{
  "password": "u7/JvJ+:X?Wc]6}."
}

No content

Get All OAuth clients for the current organization

get

This route is to be used by an OAuth client to get all the OAuth clients that are linked to the same organization as the current client. The client should be authenticated and a valid access token provided.

This endpoint can be called by applications with access to scope "manageExternalClients".

Authorizations

Responses

200

Successfully obtained the data

application/json

401

The following error codes can be returned: - AU0001 Please refer to the error code dictionary for the details of each error code.

application/json

404

The following error codes can be returned: - AU0006 Please refer to the error code dictionary for the details of each error code.

application/json

get

GET /external/v1/oauth/client HTTP/1.1
Host: 
Authorization: Bearer YOUR_OAUTH2_TOKEN
Accept: */*

[
  {
    "extraData": {
      "externalId": "123456789",
      "some": "Custom Property"
    },
    "clientId": "TEST1234",
    "accessScopes": [
      "createSubscription",
      "readSubscription"
    ],
    "application": "TEST1234 App",
    "primary": true
  }
]

Remove OAuth Client

delete

This route is used by the primary OAuth client to remove an existing OAuth client.

This route would typically be used to remove a client because the underlying app has been compromised or has been decommissioned and the client has no further usages.

This endpoint can be called by applications with access to scope "manageExternalClients".

Authorizations

Path parameters

clientIdstringRequired

The unique identifier of the OAuth client being removed

Example: USS3JKS01I00

Responses

204

Successfully removed OAuth client

401

The following error codes can be returned: - AU0001 Please refer to the error code dictionary for the details of each error code.

application/json

403

The following error codes can be returned: - AU0002 - AU0007 - AU0008 Please refer to the error code dictionary for the details of each error code.

application/json

409

The following error codes can be returned: - AU0010 Please refer to the error code dictionary for the details of each error code.

application/json

delete

DELETE /external/v1/oauth/client/{clientId} HTTP/1.1
Host: 
Authorization: Bearer YOUR_OAUTH2_TOKEN
Accept: */*

No content