Download OpenAPI specification:Download
The management API for Kong Konnect Identity resources.
Returns authentication configuration, which determines how users can log in and how they are assigned to teams.
{- "oidc_auth_enabled": true,
- "saml_auth_enabled": false,
- "basic_auth_enabled": false,
- "idp_mapping_enabled": false,
- "konnect_mapping_enabled": true
}Updates authentication configuration.
The request schema to update an organization's authentication settings.
| basic_auth_enabled | boolean The organization has basic auth enabled. |
| oidc_auth_enabled | boolean The organization has OIDC disabled. |
| saml_auth_enabled | boolean The organization has SAML disabled. |
| idp_mapping_enabled | boolean Whether IdP groups determine the Konnect teams a user has. |
| konnect_mapping_enabled | boolean Whether a Konnect Identity Admin assigns teams to a user. |
{- "oidc_auth_enabled": false,
- "saml_auth_enabled": false,
- "basic_auth_enabled": true,
- "idp_mapping_enabled": false,
- "konnect_mapping_enabled": true
}{- "oidc_auth_enabled": true,
- "saml_auth_enabled": false,
- "basic_auth_enabled": false,
- "idp_mapping_enabled": false,
- "konnect_mapping_enabled": true
}Fetch the IdP configuration.
{- "login_path": "myapp",
- "client_id": "YOUR_CLIENT_ID",
- "scopes": [
- "email",
- "openid",
- "profile"
], - "claim_mappings": {
- "name": "name",
- "email": "email",
- "groups": "custom-groups-claim"
}
}Update the IdP configuration.
The request schema for the update IdP configuration request.
| issuer | string <uri> |
| login_path | string |
| client_id | string |
| client_secret | string |
| scopes | Array of strings Default: ["email","openid","profile"] |
object >= 3 properties |
{- "login_path": "myapp",
- "client_id": "YOUR_CLIENT_ID",
- "client_secret": "YOUR_CLIENT_SECRET",
- "scopes": [
- "email",
- "openid",
- "profile"
], - "claim_mappings": {
- "name": "name",
- "email": "email",
- "groups": "custom-group-claim"
}
}{- "login_path": "myapp",
- "client_id": "YOUR_CLIENT_ID",
- "scopes": [
- "email",
- "openid",
- "profile"
], - "claim_mappings": {
- "name": "name",
- "email": "email",
- "groups": "custom-groups-claim"
}
}Updates the IdP group to Konnect team mapping.
The request schema for updating IdP team mappings.
Array of objects The mappings object. |
{- "mappings": [
- {
- "group": "API Engineers",
- "team_ids": [
- "af91db4c-6e51-403e-a2bf-33d27ae50c0a"
]
}
]
}{- "mappings": [
- {
- "group": "Service Developers",
- "team_ids": [
- "6801e673-cc10-498a-94cd-4271de07a0d3"
]
}
]
}Fetch the IdP group to Konnect team mapping.
| page[size] | integer Example: page[size]=10 The maximum number of items to include per page. The last page of a collection may include fewer items. |
| page[number] | integer Example: page[number]=1 Determines which page of the entities to retrieve. |
{- "meta": {
- "page": {
- "number": 1,
- "size": 10,
- "total": 6
}
}, - "data": [
- {
- "group": "111(@&*$)(@*#_@(gfds re gdsf dfg",
- "team_ids": [
- "c0010105-e840-4824-b7ee-787f22267c36"
]
}, - {
- "group": "2222",
- "team_ids": [
- "af91db4c-6e51-403e-a2bf-33d27ae50c0a"
]
}
]
}Retrieves the mappings between Konnect Teams and Identity Provider Groups. Returns a 400 error if an Identity Provider has not yet been configured.
| page[size] | integer Example: page[size]=10 The maximum number of items to include per page. The last page of a collection may include fewer items. |
| page[number] | integer Example: page[number]=1 Determines which page of the entities to retrieve. |
{- "mappings": [
- {
- "group": "Service Developers",
- "team_ids": [
- "6801e673-cc10-498a-94cd-4271de07a0d3"
]
}
]
}Allows partial updates to the mappings between Konnect Teams and Identity Provider Groups. The request body must be keyed on team ID. For a given team ID, the given group list is a complete replacement. To remove all mappings for a given team, provide an empty group list.
Returns a 400 error if an Identity Provider has not yet been configured, or if a team ID in the request body is not found or is not a UUID.
The request schema for a partial update of mappings from Konnect Teams to IdP Groups.
Array of objects The IdP groups to map to the given team. |
{- "data": [
- {
- "team_id": "af91db4c-6e51-403e-a2bf-33d27ae50c0a",
- "groups": [
- "Team Leads",
- "API Engineers"
]
}
]
}{- "mappings": [
- {
- "group": "Service Developers",
- "team_ids": [
- "6801e673-cc10-498a-94cd-4271de07a0d3"
]
}
]
}Accepts the Konnect invitation. This endpoint allows you to manually accept the invitation to join a Konnect organization. Upon accepting the invitation, the user's name and password are set and the active state is set to true. This can be used as an alternative to the https://cloud.konghq.com/login link in the email which will finish the registration process in a web browser.
The request schema for the accept invite request.
| password required | string <password> Sets the password for the user. |
| full_name required | string Full name of the user. |
| preferred_name | string or null Preferred name of the user. |
| token required | string <uuid> The one time token in accept-invitation link. |
{- "password": "TestPassword123!!",
- "full_name": "James C. Woods",
- "preferred_name": "Tiger",
- "token": "7690d649-86fc-4d10-8771-c094d2efbd85"
}{- "status": 400,
- "title": "Bad Request",
- "instance": "konnect:trace:3674017986744198214",
- "invalid_parameters": [
- {
- "field": "body",
- "reason": "request format is invalid"
}
]
}Sends an invitation email to invite a user to the Konnect organization. The email contains a link with a one time token to accept the invitation. Upon accepting the invitation, the user is directed to https://cloud.konghq.com/login to complete registration.
The request schema for the invite user request.
If you pass an email that is not already an active user in the request, a fresh invitation email will be created and sent to the new user.
| email required | string <email> |
{- "email": "james.c.woods@example.com"
}{- "status": 400,
- "title": "Bad Request",
- "instance": "konnect:trace:3674017986744198214",
- "invalid_parameters": [
- {
- "field": "body",
- "reason": "request format is invalid"
}
]
}Retrieves the predefined, or system managed, roles.
{- "runtime_groups": {
- "name": "Runtime Groups",
- "roles": {
- "admin": {
- "name": "Admin",
- "description": "This role grants full write access to all entities within a runtime group."
}, - "certificate_admin": {
- "name": "Certificate Admin",
- "description": "This role grants full write access to administer certificates."
}, - "consumer_admin": {
- "name": "Consumer Admin",
- "description": "This role grants full write access to administer consumers."
}, - "creator": {
- "name": "Creator",
- "description": "Creates a new Runtime Group in an organization. The creator becomes the owner of the Runtime Group they create."
}, - "deployer": {
- "name": "Deployer",
- "description": "This role grants full write access to administer services, routes and plugins necessary to deploy services in Service Hub."
}, - "gateway_service_admin": {
- "name": "Gateway Service Admin",
- "description": "This role grants full write access to administer gateway services."
}, - "plugin_admin": {
- "name": "Plugin Admin",
- "description": "This role grants full write access to administer plugins."
}, - "route_admin": {
- "name": "Route Admin",
- "description": "This role grants full write access to administer routes."
}, - "sni_admin": {
- "name": "SNI Admin",
- "description": "This role grants full write access to administer SNIs."
}, - "upstream_admin": {
- "name": "Upstream Admin",
- "description": "This role grants full write access to administer upstreams."
}, - "viewer": {
- "name": "Viewer",
- "description": "This role grants read only access to all entities within a runtime group."
}
}
}, - "services": {
- "name": "Services",
- "roles": {
- "admin": {
- "name": "Admin",
- "description": "Admin of an existing Service. The admins have all write access permissions related to a Service, service version, service package etc."
}, - "application_registration": {
- "name": "Application Registration",
- "description": "This role grants permission to enable and disable application registration on a service."
}, - "creator": {
- "name": "Creator",
- "description": "This access is required to create a service. In addition the creators are granted Admin access to the service they create. This access is not for creating sub-entities such as service versions, implementations, API specs etc."
}, - "deployer": {
- "name": "Deployer",
- "description": "This role grants permission to deploy and remove a service from a runtime group."
}, - "maintainer": {
- "name": "Maintainer",
- "description": "This role grants all write permission to manage a service and to administer plugins."
}, - "plugins_admin": {
- "name": "Plugins Admin",
- "description": "This role grants full write permission to administer plugins."
}, - "publisher": {
- "name": "Publisher",
- "description": "This role grants permission to publish a service to one or more portals."
}, - "viewer": {
- "name": "Viewer",
- "description": "Viewer has read-only access to all the configurations of a service, attributes, versions, reports, vitals and plugins."
}
}
}, - "audit_logs": {
- "name": "Audit Logs",
- "roles": {
- "admin": {
- "name": "Admin",
- "description": "This role grants full write access to the Audit log configuration."
}
}
}, - "identity": {
- "name": "Identity",
- "roles": {
- "admin": {
- "name": "Admin",
- "description": "This role grants full write access to the Identity configuration."
}
}
}, - "mesh_control_planes": {
- "name": "Mesh Control Plane",
- "roles": {
- "admin": {
- "name": "Admin",
- "description": "This role grants full write access to the related to Mesh control planes."
}, - "connector": {
- "name": "Connector",
- "description": "This role grants a mesh zone to connect to the mesh control plane in Konnect."
}, - "creator": {
- "name": "Creator",
- "description": "This role grants access to create new Mesh control planes."
}, - "viewer": {
- "name": "Viewer",
- "description": "This role grants access to read-only permissions to Mesh control planes."
}
}
}
}Lists the roles belonging to a team.
| teamId required | string <uuid> Example: e81bc3e5-e9db-4764-b7dd-e81e39072cbe The team ID |
object Filter roles returned in the response. Returns 400 if any filter parameters are invalid. |
{- "meta": {
- "page": {
- "number": 1,
- "size": 10,
- "total": 100
}
}, - "data": [
- {
- "id": "b02e23c5-8ee4-4e5a-99f4-43329923adcd",
- "role_name": "Viewer",
- "entity_id": "437c7192-fea0-4f35-8478-c8d57783f8c1",
- "entity_type_name": "Runtime Groups",
- "entity_region": "eu"
}, - {
- "id": "869d9402-f117-4f9a-840f-69acaf70a81a",
- "role_name": "Admin",
- "entity_id": "18ee2573-dec0-4b83-be99-fa7700bcdc61",
- "entity_type_name": "Services",
- "entity_region": "*"
}
]
}Assigns a role to a team. Returns 409 if role is already assigned.
| teamId required | string <uuid> Example: e81bc3e5-e9db-4764-b7dd-e81e39072cbe The team ID |
The request schema for assigning a role.
| role_name | string The desired role. |
| entity_id | string <uuid> The ID of the entity. |
| entity_type_name | string The type of entity. |
| entity_region | string Enum: "us" "eu" "au" "me" "in" "*" The region of the team. |
{- "role_name": "Viewer",
- "entity_id": "18ee2573-dec0-4b83-be99-fa7700bcdc61",
- "entity_type_name": "Runtime Groups",
- "entity_region": "us"
}{- "id": "eaf7adf1-32c8-4bbf-b960-d1f8456afe67",
- "role_name": "Viewer",
- "entity_id": "817d0422-45c9-4d88-8d64-45aef05c1ae7",
- "entity_type_name": "Runtime Groups",
- "entity_region": "eu"
}Removes an assigned role from a team. Returns 404 if the requested team or assigned role were not found.
| teamId required | string <uuid> Example: e81bc3e5-e9db-4764-b7dd-e81e39072cbe The team ID. |
| roleId required | string <uuid> Example: 8350205f-a305-4e39-abe9-bc082a80091a The role ID. |
{- "status": 400,
- "title": "Bad Request",
- "instance": "konnect:trace:3674017986744198214",
- "invalid_parameters": [
- {
- "field": "body",
- "reason": "request format is invalid"
}
]
}Lists the roles assigned to a user. Returns 400 if any filter parameters are invalid.
| userId required | string <uuid> Example: e81bc3e5-e9db-4764-b7dd-e81e39072cbe The user ID |
object Filter roles returned in the response. |
{- "meta": {
- "page": {
- "number": 1,
- "size": 10,
- "total": 100
}
}, - "data": [
- {
- "id": "b02e23c5-8ee4-4e5a-99f4-43329923adcd",
- "role_name": "Viewer",
- "entity_id": "437c7192-fea0-4f35-8478-c8d57783f8c1",
- "entity_type_name": "Runtime Groups",
- "entity_region": "eu"
}, - {
- "id": "869d9402-f117-4f9a-840f-69acaf70a81a",
- "role_name": "Admin",
- "entity_id": "18ee2573-dec0-4b83-be99-fa7700bcdc61",
- "entity_type_name": "Services",
- "entity_region": "*"
}
]
}Assigns a role to a user. Returns 409 if role is already assigned.
| userId required | string <uuid> Example: e81bc3e5-e9db-4764-b7dd-e81e39072cbe The user ID |
The request schema for assigning a role.
| role_name | string The desired role. |
| entity_id | string <uuid> The ID of the entity. |
| entity_type_name | string The type of entity. |
| entity_region | string Enum: "us" "eu" "au" "me" "in" "*" The region of the team. |
{- "role_name": "Viewer",
- "entity_id": "18ee2573-dec0-4b83-be99-fa7700bcdc61",
- "entity_type_name": "Runtime Groups",
- "entity_region": "us"
}{- "id": "eaf7adf1-32c8-4bbf-b960-d1f8456afe67",
- "role_name": "Viewer",
- "entity_id": "817d0422-45c9-4d88-8d64-45aef05c1ae7",
- "entity_type_name": "Runtime Groups",
- "entity_region": "eu"
}Removes an assigned role from a user. Returns 404 if the requested user or assigned role were not found.
| userId required | string <uuid> Example: e81bc3e5-e9db-4764-b7dd-e81e39072cbe ID of the user. |
| roleId required | string <uuid> Example: 8350205f-a305-4e39-abe9-bc082a80091a ID of the role. |
{- "status": 400,
- "title": "Bad Request",
- "instance": "konnect:trace:3674017986744198214",
- "invalid_parameters": [
- {
- "field": "body",
- "reason": "request format is invalid"
}
]
}Returns a paginated list of users that belong to the team specified in the path parameter.
| teamId required | string <uuid> Example: d32d905a-ed33-46a3-a093-d8f536af9a8a ID of the team. |
| page[size] | integer Example: page[size]=10 The maximum number of items to include per page. The last page of a collection may include fewer items. |
| page[number] | integer Example: page[number]=1 Determines which page of the entities to retrieve. |
object Filter users returned in the response. |
{- "meta": {
- "page": {
- "number": 1,
- "size": 10,
- "total": 10
}
}, - "data": [
- {
- "id": "7f9fd312-a987-4628-b4c5-bb4f4fddd5f7",
- "email": "james.woods@email.com",
- "full_name": "James Woods",
- "preferred_name": "Jimmy",
- "active": true,
- "created_at": "2022-08-17T17:46:57.52Z",
- "updated_at": "2022-10-03T17:00:00.00Z"
}
]
}Adds a user to a team.
| teamId required | string <uuid> Example: d32d905a-ed33-46a3-a093-d8f536af9a8a ID of the team. |
The request schema for adding a user to a team.
| id required | string <uuid> The user ID for the user being added to a team. |
{- "id": "df120cb4-f60b-47bc-a2f8-6a28e6a3c63b"
}{- "status": 400,
- "title": "Bad Request",
- "instance": "konnect:trace:3674017986744198214",
- "invalid_parameters": [
- {
- "field": "body",
- "reason": "request format is invalid"
}
]
}Removes a user from a team. If the user was removed, returns a 204 empty response. Returns 404 if the user or team were not found.
| userId required | string <uuid> Example: d32d905a-ed33-46a3-a093-d8f536af9a8a User ID |
| teamId required | string <uuid> Example: d32d905a-ed33-46a3-a093-d8f536af9a8a Team ID. |
{- "status": 400,
- "title": "Bad Request",
- "instance": "konnect:trace:3674017986744198214",
- "invalid_parameters": [
- {
- "field": "body",
- "reason": "request format is invalid"
}
]
}Returns a paginated list of a teams that the user belongs to.
| userId required | string <uuid> Example: d32d905a-ed33-46a3-a093-d8f536af9a8a The user ID. |
| page[size] | integer Example: page[size]=10 The maximum number of items to include per page. The last page of a collection may include fewer items. |
| page[number] | integer Example: page[number]=1 Determines which page of the entities to retrieve. |
object Filter teams returned in the response. |
{- "meta": {
- "page": {
- "number": 1,
- "size": 1,
- "total": 10
}
}, - "data": [
- {
- "id": "7f9fd312-a987-4628-b4c5-bb4f4fddd5f7",
- "name": "IDM - Developers",
- "description": "The developers for the IDM API.",
- "system_team": false,
- "created_at": "2022-02-07T17:46:57.52Z",
- "updated_at": "2022-09-25T13:00:00.00Z"
}
]
}Returns an array of team objects containing information about the Konnect Teams.
| page[size] | integer Example: page[size]=10 The maximum number of items to include per page. The last page of a collection may include fewer items. |
| page[number] | integer Example: page[number]=1 Determines which page of the entities to retrieve. |
object Filter teams returned in the response. |
{- "meta": {
- "page": {
- "number": 1,
- "size": 1,
- "total": 10
}
}, - "data": [
- {
- "id": "7f9fd312-a987-4628-b4c5-bb4f4fddd5f7",
- "name": "IDM - Developers",
- "description": "The developers for the IDM API.",
- "system_team": false,
- "created_at": "2022-02-07T17:46:57.52Z",
- "updated_at": "2022-09-25T13:00:00.00Z"
}
]
}Creates a team in the Konnect Organization.
The request schema for the create team request.
If you pass the same name and description of an existing team in the request, a team with the same name and description will be created. The two teams will have different team_id values to differentiate them.
| name required | string^[\w \W]+$ A name for the team being created. |
| description | string <= 250 characters The description of the new team. |
{- "name": "IDM - Developers",
- "description": "The Identity Management (IDM) team."
}{- "id": "7f9fd312-a987-4628-b4c5-bb4f4fddd5f7",
- "name": "IDM - Developers",
- "description": "The developers for the IDM API.",
- "system_team": false,
- "created_at": "2022-02-07T17:46:57.52Z",
- "updated_at": "2022-09-25T13:00:00.00Z"
}Returns information about a team from a given team ID.
| teamId required | string <uuid> Example: d32d905a-ed33-46a3-a093-d8f536af9a8a The team ID |
{- "id": "7f9fd312-a987-4628-b4c5-bb4f4fddd5f7",
- "name": "IDM - Developers",
- "description": "The developers for the IDM API.",
- "system_team": false,
- "created_at": "2022-02-07T17:46:57.52Z",
- "updated_at": "2022-09-25T13:00:00.00Z"
}Updates an individual team.
| teamId required | string <uuid> Example: d32d905a-ed33-46a3-a093-d8f536af9a8a The team ID |
The request schema for the update team request.
| name | string^[\w \W]+$ The name of the team. |
| description | string <= 250 characters The description of the team. |
{- "name": "IDM - Developers",
- "description": "The Identity Management (IDM) API team."
}{- "id": "7f9fd312-a987-4628-b4c5-bb4f4fddd5f7",
- "name": "IDM - Developers",
- "description": "The developers for the IDM API.",
- "system_team": false,
- "created_at": "2022-02-07T17:46:57.52Z",
- "updated_at": "2022-09-25T13:00:00.00Z"
}Deletes an individual team. Returns 404 if the team is not found.
| teamId required | string <uuid> Example: d32d905a-ed33-46a3-a093-d8f536af9a8a The team ID |
{- "status": 400,
- "title": "Bad Request",
- "instance": "konnect:trace:3674017986744198214",
- "invalid_parameters": [
- {
- "field": "body",
- "reason": "request format is invalid"
}
]
}Returns a paginated list of user objects.
| page[size] | integer Example: page[size]=10 The maximum number of items to include per page. The last page of a collection may include fewer items. |
| page[number] | integer Example: page[number]=1 Determines which page of the entities to retrieve. |
object Filter users returned in the response. |
{- "meta": {
- "page": {
- "number": 1,
- "size": 10,
- "total": 10
}
}, - "data": [
- {
- "id": "7f9fd312-a987-4628-b4c5-bb4f4fddd5f7",
- "email": "james.woods@email.com",
- "full_name": "James Woods",
- "preferred_name": "Jimmy",
- "active": true,
- "created_at": "2022-08-17T17:46:57.52Z",
- "updated_at": "2022-10-03T17:00:00.00Z"
}
]
}Returns the user object for the user ID specified as a path parameter.
| userId required | string <uuid> Example: d32d905a-ed33-46a3-a093-d8f536af9a8a The ID of the user being deleted. |
{- "id": "7f9fd312-a987-4628-b4c5-bb4f4fddd5f7",
- "email": "james.woods@email.com",
- "full_name": "James Woods",
- "preferred_name": "Jimmy",
- "active": true,
- "created_at": "1992-02-07T17:46:57.52Z",
- "updated_at": "2022-02-07T17:00:00.52Z"
}Update an individual user.
| userId required | string <uuid> Example: d32d905a-ed33-46a3-a093-d8f536af9a8a The ID of the user being deleted. |
The request schema for the update user request.
| full_name | string^[\w \W]+$ The user's full name. |
| preferred_name | string <= 250 characters The user's desired name. |
{- "full_name": "James C Woods",
- "preferred_name": "Jimmy"
}{- "id": "7f9fd312-a987-4628-b4c5-bb4f4fddd5f7",
- "email": "james.woods@email.com",
- "full_name": "James Woods",
- "preferred_name": "Jimmy",
- "active": true,
- "created_at": "1992-02-07T17:46:57.52Z",
- "updated_at": "2022-02-07T17:00:00.52Z"
}Deletes an individual user. Returns 404 if the requested user was not found.
| userId required | string <uuid> Example: d32d905a-ed33-46a3-a093-d8f536af9a8a The ID of the user being deleted. |
{- "status": 404,
- "title": "Not Found",
- "instance": "konnect:trace:2287285207635123011",
- "detail": "The requested team was not found"
}Returns an array of system accounts (SA) in the organization. Returns 400 if any filter parameters are invalid.
| page[size] | integer Example: page[size]=10 The maximum number of items to include per page. The last page of a collection may include fewer items. |
| page[number] | integer Example: page[number]=1 Determines which page of the entities to retrieve. |
object Filter system accounts returned in the response. |
{- "meta": {
- "page": {
- "number": 1,
- "size": 10,
- "total": 100
}
}, - "data": [
- {
- "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
- "name": "Sample System Account",
- "created_at": "2019-08-24T14:15:22Z",
- "updated_at": "2019-08-24T14:15:22Z",
- "konnect_managed": false
}
]
}Creates a system account. Returns a 409 if a system account with the same name already exists.
The request schema to create a system account.
| name required | string Name of the system account. |
| description required | string Description of the system account. Useful when the system account name is not sufficient to differentiate one system account from another. |
| konnect_managed | boolean The system account is managed by Konnect (true/false). |
{- "name": "Sample System Account",
- "description": "This is a sample system account description.",
- "konnect_managed": false
}{- "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
- "name": "Sample System Account",
- "description": "This is a sample system account description.",
- "created_at": "2019-08-24T14:15:22Z",
- "updated_at": "2019-08-24T14:15:22Z",
- "konnect_managed": false
}Returns the system account (SA) for the SA ID specified as a path parameter.
| accountId required | string ID of the system account. |
{- "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
- "name": "Sample System Account",
- "description": "This is a sample system account description.",
- "created_at": "2019-08-24T14:15:22Z",
- "updated_at": "2019-08-24T14:15:22Z",
- "konnect_managed": false
}Updates the specified system account. Returns a 409 if the updated name is the same as another system account in the organization.
| accountId required | string ID of the system account. |
The request schema for the update system account request.
| name | string Name of the system account. |
| description | string Description of the system account. |
{- "name": "string",
- "description": "string"
}{- "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
- "name": "Sample System Account",
- "description": "This is a sample system account description.",
- "created_at": "2019-08-24T14:15:22Z",
- "updated_at": "2019-08-24T14:15:22Z",
- "konnect_managed": false
}Deletes the specified system account. Returns 404 if the requested account was not found.
| accountId required | string ID of the system account. |
{- "status": 401,
- "title": "Unauthenticated",
- "instance": "konnect:trace:952172606039454040",
- "detail": "A valid token is required"
}Returns the access tokens for the specified system account. Returns 400 if any filter parameters are invalid.
| accountId required | string ID of the system account. |
| page[size] | integer Example: page[size]=10 The maximum number of items to include per page. The last page of a collection may include fewer items. |
| page[number] | integer Example: page[number]=1 Determines which page of the entities to retrieve. |
object Filter access tokens returned in the response. |
{- "meta": {
- "page": {
- "number": 1,
- "size": 10,
- "total": 100
}
}, - "data": [
- {
- "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
- "name": "Sample Access Token",
- "created_at": "2019-08-24T14:15:22Z",
- "updated_at": "2019-08-24T14:15:22Z",
- "expires_at": "2019-08-24T14:15:22Z",
- "last_used_at": "2019-08-24T14:15:22Z"
}
]
}Creates an access token for the specified system account (SA). The access token can be used for authenticating API and CLI requests. The token will only be displayed once on creation. Returns a 409 if the system account already has a token with the same name.
| accountId required | string ID of the system account. |
The request body to create a system account access token.
| name | string |
| expires_at | string <date-time> |
{- "name": "Sample Access Token",
- "expires_at": "2019-08-24T14:15:22Z"
}{- "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
- "name": "Sample Access Token",
- "created_at": "2019-08-24T14:15:22Z",
- "updated_at": "2019-08-24T14:15:22Z",
- "expires_at": "2019-08-24T14:15:22Z",
- "last_used_at": "2019-08-24T14:15:22Z",
- "token": "npat_12345678901234567890123456789012345678901234567890"
}Returns the system account (SA) access token for the SA Access Token ID specified as a path parameter.
| accountId required | string ID of the system account. |
| tokenId required | string ID of the system account access token. |
{- "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
- "name": "Sample Access Token",
- "created_at": "2019-08-24T14:15:22Z",
- "updated_at": "2019-08-24T14:15:22Z",
- "expires_at": "2019-08-24T14:15:22Z",
- "last_used_at": "2019-08-24T14:15:22Z"
}Updates the specified access token. Returns a 409 if the updated name is the same as another token belonging to the specified system user.
| accountId required | string ID of the system account. |
| tokenId required | string ID of the system account access token. |
| name | string Name of the system account access token. |
{- "name": "string"
}{- "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
- "name": "Sample Access Token",
- "created_at": "2019-08-24T14:15:22Z",
- "updated_at": "2019-08-24T14:15:22Z",
- "expires_at": "2019-08-24T14:15:22Z",
- "last_used_at": "2019-08-24T14:15:22Z"
}Deletes the specified token. Returns 404 if the token was not found.
| accountId required | string ID of the system account. |
| tokenId required | string ID of the system account access token. |
{- "status": 401,
- "title": "Unauthenticated",
- "instance": "konnect:trace:952172606039454040",
- "detail": "A valid token is required"
}Lists the roles belonging to a system account. Returns 400 if any filter parameters are invalid.
| accountId required | string ID of the system account. |
object Filter roles returned in the response. |
{- "meta": {
- "page": {
- "number": 1,
- "size": 10,
- "total": 100
}
}, - "data": [
- {
- "id": "b02e23c5-8ee4-4e5a-99f4-43329923adcd",
- "role_name": "Viewer",
- "entity_id": "437c7192-fea0-4f35-8478-c8d57783f8c1",
- "entity_type_name": "Runtime Groups",
- "entity_region": "eu"
}, - {
- "id": "869d9402-f117-4f9a-840f-69acaf70a81a",
- "role_name": "Admin",
- "entity_id": "18ee2573-dec0-4b83-be99-fa7700bcdc61",
- "entity_type_name": "Services",
- "entity_region": "*"
}
]
}Assigns a role to a system account. Returns 409 if role is already assigned.
| accountId required | string ID of the system account. |
The request schema for assigning a role.
| role_name | string The desired role. |
| entity_id | string <uuid> The ID of the entity. |
| entity_type_name | string The type of entity. |
| entity_region | string Enum: "us" "eu" "au" "me" "in" "*" The region of the team. |
{- "role_name": "Viewer",
- "entity_id": "18ee2573-dec0-4b83-be99-fa7700bcdc61",
- "entity_type_name": "Runtime Groups",
- "entity_region": "us"
}{- "id": "eaf7adf1-32c8-4bbf-b960-d1f8456afe67",
- "role_name": "Viewer",
- "entity_id": "817d0422-45c9-4d88-8d64-45aef05c1ae7",
- "entity_type_name": "Runtime Groups",
- "entity_region": "eu"
}Removes an assigned role from a system account. Returns 404 if the system account or assigned role were not found.
| accountId required | string ID of the system account. |
| roleId required | string ID of the role. |
{- "status": 401,
- "title": "Unauthenticated",
- "instance": "konnect:trace:952172606039454040",
- "detail": "A valid token is required"
}Returns a paginated list of system accounts that belong to the team specified in the path parameter.
| teamId required | string ID of the team. |
| page[size] | integer Example: page[size]=10 The maximum number of items to include per page. The last page of a collection may include fewer items. |
| page[number] | integer Example: page[number]=1 Determines which page of the entities to retrieve. |
object Filter system accounts returned in the response. |
{- "meta": {
- "page": {
- "number": 1,
- "size": 10,
- "total": 100
}
}, - "data": [
- {
- "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
- "name": "Sample System Account",
- "created_at": "2019-08-24T14:15:22Z",
- "updated_at": "2019-08-24T14:15:22Z",
- "konnect_managed": false
}
]
}Adds a system account to a team. Returns a 409 if the system account is already a member of the team.
| teamId required | string ID of the team. |
The request schema for adding a system account to a team.
| id | string <uuid> ID of the system account. |
{- "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08"
}{- "status": 401,
- "title": "Unauthenticated",
- "instance": "konnect:trace:952172606039454040",
- "detail": "A valid token is required"
}Removes a system account from a team. Returns 404 if the team or system account were not found.
| teamId required | string ID of the team. |
| accountId required | string ID of the system account. |
{- "status": 401,
- "title": "Unauthenticated",
- "instance": "konnect:trace:952172606039454040",
- "detail": "A valid token is required"
}Returns a paginated list of a teams that the system account belongs to.
| accountId required | string ID of the system account. |
| page[size] | integer Example: page[size]=10 The maximum number of items to include per page. The last page of a collection may include fewer items. |
| page[number] | integer Example: page[number]=1 Determines which page of the entities to retrieve. |
object Filter teams returned in the response. |
{- "meta": {
- "page": {
- "number": 1,
- "size": 1,
- "total": 10
}
}, - "data": [
- {
- "id": "7f9fd312-a987-4628-b4c5-bb4f4fddd5f7",
- "name": "IDM - Developers",
- "description": "The developers for the IDM API.",
- "system_team": false,
- "created_at": "2022-02-07T17:46:57.52Z",
- "updated_at": "2022-09-25T13:00:00.00Z"
}
]
}Returns the user account for the user identified in the token of the request.
{- "id": "7f9fd312-a987-4628-b4c5-bb4f4fddd5f7",
- "email": "james.woods@email.com",
- "full_name": "James Woods",
- "preferred_name": "Jimmy",
- "active": true,
- "created_at": "1992-02-07T17:46:57.52Z",
- "updated_at": "2022-02-07T17:00:00.52Z"
}Deletes the user account for the user identified in the token of the request.
{- "status": 401,
- "title": "Unauthenticated",
- "instance": "konnect:trace:952172606039454040",
- "detail": "A valid token is required"
}Updates the user account for the user identified in the token of the request.
The request schema for the update user request.
| full_name | string^[\w \W]+$ The user's full name. |
| preferred_name | string <= 250 characters The user's desired name. |
{- "full_name": "James C Woods",
- "preferred_name": "Jimmy"
}{- "id": "7f9fd312-a987-4628-b4c5-bb4f4fddd5f7",
- "email": "james.woods@email.com",
- "full_name": "James Woods",
- "preferred_name": "Jimmy",
- "active": true,
- "created_at": "1992-02-07T17:46:57.52Z",
- "updated_at": "2022-02-07T17:00:00.52Z"
}Update the password of the user identified in the token of the request.
| old_password required | string Old password. |
| new_password required | string New Password. |
{- "old_password": "string",
- "new_password": "string"
}{- "status": 400,
- "title": "Bad Request",
- "instance": "konnect:trace:3674017986744198214",
- "invalid_parameters": [
- {
- "field": "body",
- "reason": "request format is invalid"
}
]
}Returns the permissions for the current user
object Filter permissions returned in the response. |
{- "data": [
- {
- "resource": "krn:accounts:reg/*:org/aa878768-05cb-4811-90d2-b82ef61caf44",
- "actions": [
- "#root"
]
}
]
}Returns the organization of the user identified in the token of the request.
{- "created_at": "2023-01-18T11:35:45.130Z",
- "id": "023bfa42-3513-4cbf-b059-a9ddb4ea995d",
- "name": "Acme Co.",
- "owner_id": "e02c829c-0e2d-44b5-9057-07714ea613a3",
- "login_path": "acme",
- "updated_at": "2023-01-23T17:22:52.150Z",
- "state": "active",
- "retention_period_days": 90
}This operation allows you to change the organization's owner. The new user must be part of the organization's admin team.
The request schema to update an organization.
| owner_id | string The user id of the new owner of the organization. Must be a member of the organization's admin team. |
| name | string The new name of the organization. |
{- "owner_id": "df120cb4-f60b-47bc-a2f8-6a28e6a3c63b",
- "name": "Kong Inc"
}{- "created_at": "2023-01-18T11:35:45.130Z",
- "id": "023bfa42-3513-4cbf-b059-a9ddb4ea995d",
- "name": "Acme Co.",
- "owner_id": "e02c829c-0e2d-44b5-9057-07714ea613a3",
- "login_path": "acme",
- "updated_at": "2023-01-23T17:22:52.150Z",
- "state": "active",
- "retention_period_days": 90
}Lists the roles belonging to a managed system account.
| accountId required | string ID of the system account. |
object Filter roles returned in the response. |
{- "meta": {
- "page": {
- "number": 1,
- "size": 10,
- "total": 100
}
}, - "data": [
- {
- "id": "b02e23c5-8ee4-4e5a-99f4-43329923adcd",
- "role_name": "Connector",
- "entity_id": "437c7192-fea0-4f35-8478-c8d57783f8c1",
- "entity_type_name": "Mesh Control Planes",
- "entity_region": "us",
- "parameters": {
- "zoneName": "zone2"
}
}, - {
- "id": "869d9402-f117-4f9a-840f-69acaf70a81a",
- "role_name": "Connector",
- "entity_id": "18ee2573-dec0-4b83-be99-fa7700bcdc61",
- "entity_type_name": "Mesh Control Planes",
- "entity_region": "eu",
- "parameters": {
- "zoneName": "zone3"
}
}
]
}Assigns a role to a managed system account. Returns 409 if role is already assigned.
| accountId required | string ID of the system account. |
The request schema for assigning a role.
| role_name | string The desired role. |
| entity_id | string <uuid> The ID of the entity. |
| entity_type_name | string The type of entity. |
| entity_region | string Enum: "us" "eu" "au" "me" "in" "*" The region to scope the role assignment to. |
| parameters | object |
{- "id": "eaf7adf1-32c8-4bbf-b960-d1f8456afe67",
- "role_name": "Connector",
- "entity_id": "18ee2573-dec0-4b83-be99-fa7700bcdc61",
- "entity_type_name": "Mesh Control Planes",
- "entity_region": "eu",
- "parameters": {
- "zoneName": "zone4"
}
}{- "id": "eaf7adf1-32c8-4bbf-b960-d1f8456afe67",
- "role_name": "Connector",
- "entity_id": "18ee2573-dec0-4b83-be99-fa7700bcdc61",
- "entity_type_name": "Mesh Control Planes",
- "entity_region": "eu",
- "parameters": {
- "zoneName": "zone4"
}
}Create a new organization with Auth0 authentication. The Auth0 user will be the organization owner.
| organization_name required | string |
| default_region required | string |
{- "organization_name": "string",
- "default_region": "string"
}{- "organization_id": "string",
- "login_path": "string"
}Retrieves the list of organizations available to the given user.
{- "meta": {
- "page": {
- "number": 1,
- "size": 1,
- "total": 10
}
}, - "data": [
- {
- "name": "IDM - Developers",
- "login_path": "/v2/authenticate/federated?org_id=7f9fd312-a987-4628-b4c5-bb4f4fddd5f7"
}
]
}