Skip to content

Instantly share code, notes, and snippets.

@bsavage

bsavage/tierGroupsSwagger.json

Created May 2, 2016 20:14
Show Gist options
  • Save bsavage/93a5b63089dfa0b58b8ec3eef7d453c2 to your computer and use it in GitHub Desktop.
Save bsavage/93a5b63089dfa0b58b8ec3eef7d453c2 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
tierGroupsSwagger.json
{
"swagger": "2.0",
"schemes": [
"https"
],
"host": "tier.api.edu",
"basePath": "/tier/v2",
"info": {
"contact": {
"email": "tier-api@internet2.edu",
"name": "TIER API Working Group",
"url": "https://spaces.internet2.edu/display/DSAWG"
},
"description": "The TIER APIs help education and research organizations with Identity and Access Management (IAM) challenges.",
"termsOfService": "http://www.internet2.edu/policies/intellectual-property-framework/",
"title": "TIER Basic Group Operations",
"version": "1.0.0"
},
"externalDocs": {
"url": "https://spaces.internet2.edu/display/DSAWG/"
},
"consumes": [
"application/json"
],
"produces": [
"application/json"
],
"tags": [
{
"description": "Operations on users belonging to an organization",
"name": "Users"
},
{
"description": "Operations on groups belonging to an organization",
"name": "Groups"
},
{
"description": "Operations on schemas",
"name": "Schemas"
}
],
"paths": {
"/Groups/{userId}/Groups": {
"get": {
"summary": "Get groups for a user",
"description": "Retrieve groups a user belongs to.",
"parameters": [
{
"description": "Id of user",
"in": "userId",
"type": "string"
}
],
"responses": {
"200": {
"description": "The request has succeeded.",
"schema": {
"$ref": "#/definitions/GroupCollection"
}
},
"400": {
"description": "Invalid filter syntax"
},
"401": {
"description": "Client is not sufficiently authorized"
},
"403": {
"description": "Invalid token passed"
},
"502": {
"description": "Authentication or account gateway error occurred"
},
"504": {
"description": "Authentication or account gateway timeout occurred"
}
},
"tags": [
"Groups"
]
}
},
"/Groups/{groupId}/Members/{userId}": {
"get": {
"summary": "Query to determine if user specified is in group specified.",
"description": "Check group for presence of member.",
"parameters": [
{
"description": "Id of group",
"in": "groupId",
"type": "string"
},
{
"description": "Id of user",
"in": "userId",
"type": "string"
}
],
"responses": {
"200": {
"description": "The request has succeeded.",
"schema": {
"$ref": "#/definitions/Member"
}
},
"400": {
"description": "Invalid filter syntax"
},
"401": {
"description": "Client is not sufficiently authorized"
},
"403": {
"description": "Invalid token passed"
},
"502": {
"description": "Authentication or account gateway error occurred"
},
"504": {
"description": "Authentication or account gateway timeout occurred"
}
},
"tags": [
"Groups"
]
}
},
"/Users": {
"get": {
"description": "Queries multiple user identities in the organization domain. Filtering is available.",
"operationId": "getUsers",
"parameters": [
{
"description": "Access token prefixed with 'Bearer ', e.g. 'Bearer 123456abcdef'",
"in": "header",
"name": "Authorization",
"required": true,
"type": "string"
},
{
"description": " Without a filter, all users in a user domain are returned. The filter parameter must be a properly formed SCIM filter using either the operator eq (equals) or the operator sw (starts with). The filter works for userName, displayName, name.givenName, and name.familyName attributes. For example, /Users?filter=name.familyName%20eq%20%%22Smith%22",
"in": "query",
"name": "filter",
"type": "string"
}
],
"responses": {
"200": {
"description": "The request has succeeded.",
"schema": {
"$ref": "#/definitions/UserCollection"
}
},
"400": {
"description": "Invalid filter syntax"
},
"401": {
"description": "Client is not sufficiently authorized"
},
"403": {
"description": "Invalid token passed"
},
"502": {
"description": "Authentication or account gateway error occurred"
},
"504": {
"description": "Authentication or account gateway timeout occurred"
}
},
"summary": "Get Users",
"tags": [
"Users"
]
},
"post": {
"description": "Creates a new organization user and adds them to the user domain. The user email domain must match an existing organization email domain.",
"operationId": "createUsers",
"parameters": [
{
"description": "Access token prefixed with 'Bearer ', e.g. 'Bearer 123456abcdef'",
"in": "header",
"name": "Authorization",
"required": true,
"type": "string"
},
{
"description": "The details of the user to create",
"in": "body",
"name": "body",
"required": true,
"schema": {
"$ref": "#/definitions/UserDefinition"
}
}
],
"responses": {
"201": {
"description": "The user has been created.",
"schema": {
"$ref": "#/definitions/User"
}
},
"400": {
"description": "One of the following requirements is not met:<br />The userName field is required.<br />The userName field must be non-empty.<br />The userName field cannot exceed 128 characters.<br />The locale field must be composed of 1 or 2 parts.<br />The locale language sub-field must be ISO-639.<br />The locale country sub-field must be ISO-3166.<br />The timezone field must be a valid timezone.<br />The givenName field must not exceed 60 characters.<br />The familyName field must not exceed 60 characters."
},
"401": {
"description": "Client is not sufficiently authorized."
},
"403": {
"description": "Invalid token passed"
},
"409": {
"description": "Username is already in use."
},
"502": {
"description": "Authentication, account, or email verification gateway error occurred."
},
"504": {
"description": "Authentication, account, or email verification gateway timeout occurred."
}
},
"summary": "Create User",
"tags": [
"Users"
]
}
},
"/Users/me": {
"get": {
"description": "Queries the identity of the current authenticated user.",
"operationId": "getMe",
"parameters": [
{
"description": "Access token prefixed with 'Bearer ', e.g. 'Bearer 123456abcdef'",
"in": "header",
"name": "Authorization",
"required": true,
"type": "string"
}
],
"responses": {
"200": {
"description": "The request has succeeded.",
"schema": {
"$ref": "#/definitions/User"
}
},
"401": {
"description": "Client is not sufficiently authorized"
},
"403": {
"description": "Invalid token passed"
},
"404": {
"description": "User not found"
},
"502": {
"description": "Authentication or account gateway error occurred"
},
"504": {
"description": "Authentication or account gateway timeout occurred"
}
},
"summary": "Get Current User",
"tags": [
"Users"
]
},
"put": {
"description": "Changes the current authenticated user's displayName, locale, timezone, username and password. The request must include the full user definition (to modify one or more values without sending the full definition, see Update User). The replaced user email domain must be an existing organization email domain. ",
"operationId": "replaceMe",
"parameters": [
{
"description": "Access token prefixed with 'Bearer ', e.g. 'Bearer 123456abcdef'",
"in": "header",
"name": "Authorization",
"required": true,
"type": "string"
},
{
"description": "The new user data",
"in": "body",
"name": "body",
"required": true,
"schema": {
"$ref": "#/definitions/UserDefinition"
}
}
],
"responses": {
"200": {
"description": "The current user has been replaced.",
"schema": {
"$ref": "#/definitions/User"
}
},
"400": {
"description": "One of the following requirements is not met:<br />The userName field is required.<br />The userName field must be non-empty.<br />The userName field cannot exceed 128 characters.<br />The locale field must be composed of 1 or 2 parts.<br />The locale language sub-field must be ISO-639.<br />The locale country sub-field must be ISO-3166.<br />The timezone field must be a valid timezone.<br />The givenName field must not exceed 60 characters.<br />The familyName field must not exceed 60 characters."
},
"401": {
"description": "Client is not sufficiently authorized"
},
"403": {
"description": "Invalid token passed"
},
"404": {
"description": "User not found"
},
"409": {
"description": "Email address conflict"
},
"502": {
"description": "Authentication or account gateway error occurred"
},
"504": {
"description": "Authentication or account gateway timeout occurred"
}
},
"summary": "Replace Current User",
"tags": [
"Users"
]
}
},
"/Users/{userKey}": {
"delete": {
"description": "Deletes a user from the organization (but not from the account).",
"operationId": "deleteUser",
"parameters": [
{
"description": "Access token prefixed with 'Bearer ', e.g. 'Bearer 123456abcdef'",
"in": "header",
"name": "Authorization",
"required": true,
"type": "string"
},
{
"description": "The key of the user to delete. The user must be in the organization domain",
"format": "int64",
"in": "path",
"name": "userKey",
"required": true,
"type": "integer"
}
],
"responses": {
"200": {
"description": "The request has succeeded."
},
"401": {
"description": "Client is not sufficiently authorized"
},
"403": {
"description": "Invalid token passed"
},
"404": {
"description": "User not found"
},
"502": {
"description": "Authentication or account gateway error occurred"
},
"504": {
"description": "Authentication or account gateway timeout occurred"
}
},
"summary": "Delete User",
"tags": [
"Users"
]
},
"get": {
"description": "Queries user identity in the organization domain.",
"operationId": "getUser",
"parameters": [
{
"description": "Access token prefixed with 'Bearer ', e.g. 'Bearer 123456abcdef'",
"in": "header",
"name": "Authorization",
"required": true,
"type": "string"
},
{
"description": "The key of the user to query. The user must be in the organization domain",
"format": "int64",
"in": "path",
"name": "userKey",
"required": true,
"type": "integer"
}
],
"responses": {
"200": {
"description": "The request has succeeded.",
"schema": {
"$ref": "#/definitions/User"
}
},
"401": {
"description": "Client is not sufficiently authorized"
},
"403": {
"description": "Invalid token passed"
},
"404": {
"description": "User not found"
},
"502": {
"description": "Authentication or account gateway error occurred"
},
"504": {
"description": "Authentication or account gateway timeout occurred"
}
},
"summary": "Get User",
"tags": [
"Users"
]
},
"put": {
"description": "Changes an existing user's displayName, locale, timezone, username and password. The request must include the full user definition (to modify one or more values without sending the full definition, see Update User). The replaced user email domain must be an existing organization email domain.",
"operationId": "replaceUser",
"parameters": [
{
"description": "Access token prefixed with 'Bearer ', e.g. 'Bearer 123456abcdef'",
"in": "header",
"name": "Authorization",
"required": true,
"type": "string"
},
{
"description": "The key of the user to query. The user must be in the organization domain",
"format": "int64",
"in": "path",
"name": "userKey",
"required": true,
"type": "integer"
},
{
"description": "The new user data",
"in": "body",
"name": "body",
"required": true,
"schema": {
"$ref": "#/definitions/UserDefinition"
}
}
],
"responses": {
"200": {
"description": "The user has been replaced.",
"schema": {
"$ref": "#/definitions/User"
}
},
"400": {
"description": "One of the following requirements is not met:<br />The userName field is required.<br />The userName field must be non-empty.<br />The userName field cannot exceed 128 characters.<br />The locale field must be composed of 1 or 2 parts.<br />The locale language sub-field must be ISO-639.<br />The locale country sub-field must be ISO-3166.<br />The timezone field must be a valid timezone.<br />The givenName field must not exceed 60 characters.<br />The familyName field must not exceed 60 characters."
},
"401": {
"description": "Client is not sufficiently authorized"
},
"403": {
"description": "Invalid token passed"
},
"404": {
"description": "User not found"
},
"409": {
"description": "Email address conflict"
},
"502": {
"description": "Authentication or account gateway error occurred"
},
"504": {
"description": "Authentication or account gateway timeout occurred"
}
},
"summary": "Replace User",
"tags": [
"Users"
]
}
}
},
"definitions": {
"Group": {
"description": "Describes a group",
"properties": {
"id": {
"description": "The group's id",
"type": "string"
},
"displayName": {
"description": "The group's display name",
"type": "string"
},
"meta": {
"$ref": "#/definitions/GroupMetadata",
"description": "Group metadata"
}
},
"required": [
"meta",
"id",
"displayName"
]
},
"GroupMetadata": {
"description": "Group metadata",
"properties": {
"created": {
"description": "The date and time the group was created",
"format": "date-time",
"type": "string"
},
"lastModified": {
"description": "The date and time the group was last modified",
"format": "date-time",
"type": "string"
},
"version": {
"description": "The group version",
"type": "string"
},
"location": {
"description": "The URL where the group can be accessed",
"type": "string"
}
}
},
"GroupCollection": {
"description": "Class describing a collection of groups",
"properties": {
"resources": {
"description": "The list of groups",
"items": {
"$ref": "#/definitions/Group"
},
"type": "array"
}
}
},
"GroupDefinition": {
"description": "Describes a gropu",
"properties": {
"displayName": {
"description": "The group's display name",
"type": "string"
},
"members": {
"description": "An array of members",
"items": {
"$ref": "#/definitions/Member"
},
"type": "array"
}
},
"required": [
"displayName"
]
},
"ResourceSchema": {
"description": "Describes the attributes and metadata constituting a resource such as a user.",
"properties": {
"attributes": {
"description": "The resource's attributes",
"items": {
"$ref": "#/definitions/SchemaAttribute"
},
"type": "array"
},
"description": {
"description": "The resource's description",
"type": "string"
},
"endpoint": {
"description": "The resource's HTTP addressable endpoint relative to the base URL, e.g. /Users.",
"type": "string"
},
"id": {
"description": "The resource's id, e.g. urn:scim:schemas:core:1.0:User",
"type": "string"
},
"name": {
"description": "The resource's name, e.g. \"User\"",
"type": "string"
},
"schema": {
"description": "The resource's associated schema, e.g. urn:scim:schemas:core:1.0",
"type": "string"
}
},
"required": [
"id",
"name",
"description",
"schema",
"endpoint",
"attributes"
]
},
"SchemaAttribute": {
"description": "Describes a resource attribute",
"properties": {
"caseExact": {
"description": "Indicates whether the attribute is case sensitive",
"type": "boolean"
},
"description": {
"description": "The attribute's description",
"type": "string"
},
"multiValued": {
"description": "Indicates whether the attribute can have multiple values",
"type": "boolean"
},
"name": {
"description": "The attribute's name",
"type": "string"
},
"readOnly": {
"description": "Indicates whether the attribute is mutable",
"type": "boolean"
},
"required": {
"description": "Indicates whether the attribute is required",
"type": "boolean"
},
"schema": {
"description": "The attribute's associated scheme, e.g. urn:scim:schemas:core:1.0",
"type": "string"
},
"subAttributes": {
"description": "The attribute's potential sub-attributes",
"items": {
"$ref": "#/definitions/SchemaSubAttribute"
},
"type": "array"
},
"type": {
"description": "The attribute's data type, e.g. String",
"type": "string"
}
},
"required": [
"name",
"type",
"multiValued",
"description",
"schema",
"readOnly",
"required",
"caseExact"
]
},
"SchemaSubAttribute": {
"description": "Describes the sub-attribute of a resource attribute",
"properties": {
"caseExact": {
"description": "Indicates whether the attribute is case sensitive",
"type": "boolean"
},
"description": {
"description": "The attribute's description",
"type": "string"
},
"name": {
"description": "The attribute's name",
"type": "string"
},
"readOnly": {
"description": "Indicates whether the attribute is mutable",
"type": "boolean"
},
"required": {
"description": "Indicates whether the attribute is required",
"type": "boolean"
},
"type": {
"description": "The attribute's data type, e.g. String",
"type": "string"
}
},
"required": [
"name",
"type",
"description",
"readOnly",
"required",
"caseExact"
]
},
"Member": {
"description": "Describes a group member (based on https://spaces.internet2.edu/display/DSAWG/TIER+API+SCIM+user)",
"properties": {
"value": {
"description": "The user's unique id",
"type": "string"
},
"edu:internet2:tier:User:netId": {
"description": "The user's netId",
"type": "string"
},
"userName": {
"description": "The user's username",
"type": "string"
},
"displayName": {
"description": "The user's display name",
"type": "string"
},
"ref": "description \"The uri associated with the user\""
}
},
"UserCollection": {
"description": "Class describing a collection of users",
"properties": {
"resources": {
"description": "The list of users",
"items": {
"$ref": "#/definitions/User"
},
"type": "array"
},
"totalResults": {
"description": "The number of users in the collection",
"format": "int64",
"type": "integer"
}
},
"required": [
"resources",
"totalResults"
]
},
"UserDefinition": {
"description": "Describes a new user",
"properties": {
"displayName": {
"description": "The user's display name",
"type": "string"
},
"locale": {
"description": "The user's language settings",
"type": "string"
},
"name": {
"description": "The user's full name",
"type": "string"
},
"password": {
"description": "The user's password",
"type": "string"
},
"timezone": {
"description": "The user's time zone",
"type": "string"
},
"userName": {
"description": "The user's username, usually their email address",
"type": "string"
}
}
},
"UserMetadata": {
"description": "User metadata",
"properties": {
"created": {
"description": "The date and time the user was created",
"format": "date-time",
"type": "string"
},
"location": {
"description": "The URL where the user can be accessed",
"type": "string"
}
},
"required": [
"created",
"location"
]
}
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment