Prerequisites
API Contract
HTTP Method | Endpoint | Request | Return | Authorization |
---|---|---|---|---|
Swagger Url : IAM Controller | ||||
PATCH | /iam/user/{userUuid} |
Request Header: x-api-key : {api-key} { "applicationUuid":"string", "locked": Boolean, "requestorToken":"string", "requestorUsername":"string" } |
Response Body { |
Protected by IAM Introspect API
|
Swagger API Docs: https://api.haventec.com/authenticate/v1-2/api-docs.html#/iam-controller
Authenticate API: https://api.haventec.com/authenticate/v1-2 /iam/user/{userUuid}
- userUuid: We can lock or unlock the user by providing the user's uuid. e.g. 9ea02090-0627-42c2-8273-26b7029b62e6
Request Body
- applicationUuid: It is the ' Application UUID ' on the Haventec Console application details page as shown in the image below.
- requestorToken: It is the ' access_token ' in the response received after running the curl command in step 3. The user sends a HTTP request to the IAM to log in and get a JWT in Configure Haventec IAM with the client and users.
- requestorUsername: It is the ' username ' passed in the HTTP request in step 3. ' The user sends a HTTP request to the IAM to log in and get a JWT ' in Configure Haventec IAM with the client and users.
The HTTP header that needs to be passed with the API mentioned above is:
- x-api-key: It is the ' API key ' on the Haventec Console application details page as shown in the image below.
Authenticate API Error Codes
Error Code |
Message Thrown |
Scenarios |
Recommended Action |
AN-USER-1000
|
Invalid UserUuid |
Passed the wrong userUuid in the request. |
Pass the correct userUuid in the request. |
AN-APLI-1005 |
Invalid ApplicationUuid |
Passed the wrong applicationUuid in the request body. |
Pass the correct applicationUuid as mentioned above. |
AN-VALI-1003
|
Invalid username format |
Passed the wrong requestorUsername in the request body |
Pass the correct requestorUsername as mentioned above. |
AN-JWTT-1001
|
Invalid JWT Token |
Passed the wrong requestorToken in the request. |
Pass the correct requestorToken as mentioned above. |
AN-VALI-1001 |
Application UUID was not found |
Passed application-uuid does not exist in Authenticate. |
Pass the correct application-uuid as mentioned above. |
AN-OIAM-1001 |
The application does not have IAM properties enabled |
The application is not configured with proper IAM properties. |
Please follow this link Configure Haventec Connect Application to enable Introspect IAM API to configure IAM Intropsect properties correctly. |
AN-OIAM-1002 |
IAM client_id not configured |
The client_id is not configured properly. |
Please follow this link Configure Haventec Connect Application to enable Introspect IAM API to configure client_id correctly. |
AN-OIAM-1003 |
IAM client_secret not configured |
The client_secret is not configured properly. |
Please follow this link Configure Haventec Connect Application to enable Introspect IAM API to configure client_secret correctly. |
AN-OIAM-1004 |
IAM Introspect url not configured |
The Introspect url is not configured properly. |
Please follow this link Configure Haventec Connect Application to enable Introspect IAM API to configure IAM Introspect url correctly. |
AN-OIAM-1006 |
IAM role path not configured |
The Role JSON path is not configured properly. |
Please follow this link Configure Haventec Connect Application to enable Introspect IAM API to configure Role JSON path correctly. |
AN-OIAM-1005 |
IAM role not configured |
The Allowed role is not configured properly. |
Please follow this link Configure Haventec Connect Application to enable Introspect IAM API to configure the Allowed role correctly. |
AN-OIAM-1007 |
Role path format |
The Introspect url is not configured properly. |
Please follow this link Configure Haventec Connect Application to enable Introspect IAM API to configure IAM Introspect url correctly. |
AN-OIAM-1008 |
IAM user denied access |
The externally authenticated user e.g. CRM user is not active. |
Please follow this link Configure Haventec IAM with the client and users step 3. The user sends a HTTP request to the IAM to log in and get a JWT to check if the access_token generated is active or not. If not. Generate a new access_token and use it as requestorToken in the request body. |
AN-AUTH-1017 |
User not found in the application |
The userUuid passed is wrong and there is no user in Authenticate with the given userUuid. |
Pass the correct userUuid as explained in the above steps. |
AN-USER-1008 |
Request to update user denied |
The userUuid passed does belong to Organisation Admin. |
Pass the correct userUuid of the user who is not an Organisation Admin. |
Comments
0 comments
Please sign in to leave a comment.