Download OpenAPI specification:Download
The management API for Kong Konnect Identity resources.
Returns authentication configuration, which determines how users can log in and how they are assigned to teams.
{- "oidc_auth_enabled": true,
- "saml_auth_enabled": false,
- "basic_auth_enabled": false,
- "idp_mapping_enabled": false,
- "konnect_mapping_enabled": true
}Updates authentication configuration.
The request schema to update an organization's authentication settings.
| basic_auth_enabled | boolean The organization has basic auth enabled. |
| oidc_auth_enabled | boolean The organization has OIDC disabled. |
| saml_auth_enabled | boolean The organization has SAML disabled. |
| idp_mapping_enabled | boolean Whether IdP groups determine the Konnect teams a user has. |
| konnect_mapping_enabled | boolean Whether a Konnect Identity Admin assigns teams to a user. |
{- "oidc_auth_enabled": false,
- "saml_auth_enabled": false,
- "basic_auth_enabled": true,
- "idp_mapping_enabled": false,
- "konnect_mapping_enabled": true
}{- "oidc_auth_enabled": true,
- "saml_auth_enabled": false,
- "basic_auth_enabled": false,
- "idp_mapping_enabled": false,
- "konnect_mapping_enabled": true
}Retrieves the identity providers available within the organization. This operation provides information about various identity providers for SAML or OIDC authentication integrations.
object Filter identity providers returned in the response. |
[- {
- "id": "a2c3156d-ebb1-432b-b2f1-edcc5f133c60",
- "type": "saml",
- "enabled": true,
- "login_path": "the-saml-konnect-org",
- "config": {
}, - "created_at": "2022-02-07T17:46:57.52Z",
- "updated_at": "2022-02-07T17:46:57.52Z"
}, - {
- "id": "66da2d42-469d-48cd-9ff3-0db135dd82d8",
- "type": "oidc",
- "enabled": false,
- "login_path": "the-oidc-konnect-org",
- "config": {
- "client_id": "0oaqhb43ckTZ02j1F357",
- "scopes": [
- "openid",
- "email",
- "profile"
], - "claim_mappings": {
- "email": "email",
- "name": "name",
- "groups": "groups"
}
}, - "created_at": "2022-02-07T17:46:57.52Z",
- "updated_at": "2022-02-07T17:46:57.52Z"
}
]Creates a new identity provider. This operation allows the creation of a new identity provider for authentication purposes.
An object representing the configuration for creating a new identity provider. This configuration may pertain to either an OIDC or a SAML identity provider.
| type | string (IdentityProviderType) Enum: "oidc" "saml" Specifies the type of identity provider. |
| login_path | string (Identity Provider Login Path Property) The path used for initiating login requests with the identity provider. |
OIDC Identity Provider Config (object) or SAML Identity Provider Config (object) |
{- "type": "oidc",
- "login_path": "the-oidc-konnect-org",
- "config": {
- "client_id": "0oaqhb43ckTZ02j1F357",
- "client_secret": "BbqwI8xP9E4evOK",
- "scopes": [
- "openid",
- "email",
- "profile"
], - "claim_mappings": {
- "email": "email",
- "name": "name",
- "groups": "groups"
}
}
}{- "id": "66da2d42-469d-48cd-9ff3-0db135dd82d8",
- "type": "oidc",
- "enabled": false,
- "login_path": "the-oidc-konnect-org",
- "config": {
- "client_id": "0oaqhb43ckTZ02j1F357",
- "scopes": [
- "openid",
- "email",
- "profile"
], - "claim_mappings": {
- "email": "email",
- "name": "name",
- "groups": "groups"
}
}, - "created_at": "2022-02-07T17:46:57.52Z",
- "updated_at": "2022-02-07T17:46:57.52Z"
}Retrieves the configuration of a single identity provider. This operation returns information about a specific identity provider's settings and authentication integration details.
| id required | string <uuid> Example: d32d905a-ed33-46a3-a093-d8f536af9a8a ID of the identity provider. |
{- "id": "66da2d42-469d-48cd-9ff3-0db135dd82d8",
- "type": "oidc",
- "enabled": false,
- "login_path": "the-oidc-konnect-org",
- "config": {
- "client_id": "0oaqhb43ckTZ02j1F357",
- "scopes": [
- "openid",
- "email",
- "profile"
], - "claim_mappings": {
- "email": "email",
- "name": "name",
- "groups": "groups"
}
}, - "created_at": "2022-02-07T17:46:57.52Z",
- "updated_at": "2022-02-07T17:46:57.52Z"
}Updates the configuration of an existing identity provider. This operation allows modifications to be made to an existing identity provider's configuration.
| id required | string <uuid> Example: d32d905a-ed33-46a3-a093-d8f536af9a8a ID of the identity provider. |
An object representing the configuration for updating an identity provider. This configuration may pertain to either an OIDC or a SAML identity provider.
| enabled | boolean (Identity Provider Enabled Property) Default: false Indicates whether the identity provider is enabled. Only one identity provider can be active at a time, such as SAML or OIDC. |
| login_path | string (Identity Provider Login Path Property) The path used for initiating login requests with the identity provider. |
OIDC Identity Provider Config (object) or SAML Identity Provider Config (object) |
{- "enabled": true,
- "login_path": "the-oidc-konnect-org",
- "config": {
- "client_id": "0oaqhb43ckTZ02j1F357",
- "client_secret": "BbqwI8xP9E4evOK",
- "scopes": [
- "openid",
- "email",
- "profile"
], - "claim_mappings": {
- "email": "email",
- "name": "name",
- "groups": "groups"
}
}
}{- "id": "66da2d42-469d-48cd-9ff3-0db135dd82d8",
- "type": "oidc",
- "enabled": false,
- "login_path": "the-oidc-konnect-org",
- "config": {
- "client_id": "0oaqhb43ckTZ02j1F357",
- "scopes": [
- "openid",
- "email",
- "profile"
], - "claim_mappings": {
- "email": "email",
- "name": "name",
- "groups": "groups"
}
}, - "created_at": "2022-02-07T17:46:57.52Z",
- "updated_at": "2022-02-07T17:46:57.52Z"
}Deletes an existing identity provider configuration. This operation removes a specific identity provider from the organization.
| id required | string <uuid> Example: d32d905a-ed33-46a3-a093-d8f536af9a8a ID of the identity provider. |
{- "status": 400,
- "title": "Bad Request",
- "instance": "konnect:trace:3674017986744198214",
- "invalid_parameters": [
- {
- "field": "body",
- "reason": "request format is invalid"
}
]
}Fetch the IdP configuration.
{- "login_path": "myapp",
- "client_id": "YOUR_CLIENT_ID",
- "scopes": [
- "email",
- "openid",
- "profile"
], - "claim_mappings": {
- "name": "name",
- "email": "email",
- "groups": "custom-groups-claim"
}
}Update the IdP configuration.
The request schema for the update IdP configuration request.
| issuer | string <uri> |
| login_path | string |
| client_id | string |
| client_secret | string |
| scopes | Array of strings Default: ["email","openid","profile"] |
object >= 3 properties |
{- "login_path": "myapp",
- "client_id": "YOUR_CLIENT_ID",
- "client_secret": "YOUR_CLIENT_SECRET",
- "scopes": [
- "email",
- "openid",
- "profile"
], - "claim_mappings": {
- "name": "name",
- "email": "email",
- "groups": "custom-group-claim"
}
}{- "login_path": "myapp",
- "client_id": "YOUR_CLIENT_ID",
- "scopes": [
- "email",
- "openid",
- "profile"
], - "claim_mappings": {
- "name": "name",
- "email": "email",
- "groups": "custom-groups-claim"
}
}Updates the IdP group to Konnect team mapping.
The request schema for updating IdP team mappings.
Array of objects The mappings object. |
{- "mappings": [
- {
- "group": "API Engineers",
- "team_ids": [
- "af91db4c-6e51-403e-a2bf-33d27ae50c0a"
]
}
]
}{- "meta": {
- "page": {
- "number": 1,
- "size": 1,
- "total": 10
}
}, - "data": [
- {
- "group": "Service Developers",
- "team_ids": [
- "6801e673-cc10-498a-94cd-4271de07a0d3"
]
}
]
}Fetch the IdP group to Konnect team mapping.
| page[size] | integer Example: page[size]=10 The maximum number of items to include per page. The last page of a collection may include fewer items. |
| page[number] | integer Example: page[number]=1 Determines which page of the entities to retrieve. |
{- "meta": {
- "page": {
- "number": 1,
- "size": 10,
- "total": 6
}
}, - "data": [
- {
- "group": "111(@&*$)(@*#_@(gfds re gdsf dfg",
- "team_ids": [
- "c0010105-e840-4824-b7ee-787f22267c36"
]
}, - {
- "group": "2222",
- "team_ids": [
- "af91db4c-6e51-403e-a2bf-33d27ae50c0a"
]
}
]
}Retrieves the mappings between Konnect Teams and Identity Provider Groups. Returns a 400 error if an Identity Provider has not yet been configured.
| page[size] | integer Example: page[size]=10 The maximum number of items to include per page. The last page of a collection may include fewer items. |
| page[number] | integer Example: page[number]=1 Determines which page of the entities to retrieve. |
{- "meta": {
- "page": {
- "number": 1,
- "size": 1,
- "total": 10
}
}, - "data": [
- {
- "groups": [
- "Service Developers"
], - "team_id": "6801e673-cc10-498a-94cd-4271de07a0d3"
}
]
}Allows partial updates to the mappings between Konnect Teams and Identity Provider Groups. The request body must be keyed on team ID. For a given team ID, the given group list is a complete replacement. To remove all mappings for a given team, provide an empty group list.
Returns a 400 error if an Identity Provider has not yet been configured, or if a team ID in the request body is not found or is not a UUID.
The request schema for a partial update of mappings from Konnect Teams to IdP Groups.
Array of objects The IdP groups to map to the given team. |
{- "data": [
- {
- "team_id": "af91db4c-6e51-403e-a2bf-33d27ae50c0a",
- "groups": [
- "Team Leads",
- "API Engineers"
]
}
]
}{- "meta": {
- "page": {
- "number": 1,
- "size": 1,
- "total": 10
}
}, - "data": [
- {
- "groups": [
- "Service Developers"
], - "team_id": "6801e673-cc10-498a-94cd-4271de07a0d3"
}
]
}Sends an invitation email to invite a user to the Konnect organization. The email contains a link with a one time token to accept the invitation. Upon accepting the invitation, the user is directed to https://cloud.konghq.com/login to complete registration.
The request schema for the invite user request.
If you pass an email that is not already an active user in the request, a fresh invitation email will be created and sent to the new user.
| email required | string <email> |
{- "email": "james.c.woods@example.com"
}{- "status": 400,
- "title": "Bad Request",
- "instance": "konnect:trace:3674017986744198214",
- "invalid_parameters": [
- {
- "field": "body",
- "reason": "request format is invalid"
}
]
}Retrieves the predefined, or system managed, roles.
{- "control_planes": {
- "name": "Control Planes",
- "roles": {
- "admin": {
- "name": "Admin",
- "description": "This role grants full write access to all entities within a control plane."
}, - "certificate_admin": {
- "name": "Certificate Admin",
- "description": "This role grants full write access to administer certificates."
}, - "consumer_admin": {
- "name": "Consumer Admin",
- "description": "This role grants full write access to administer consumers."
}, - "creator": {
- "name": "Creator",
- "description": "Creates a new Control Plane in an organization. The creator becomes the owner of the Control Plane they create."
}, - "deployer": {
- "name": "Deployer",
- "description": "This role grants full write access to administer services, routes and plugins necessary to deploy services in Service Hub."
}, - "gateway_service_admin": {
- "name": "Gateway Service Admin",
- "description": "This role grants full write access to administer gateway services."
}, - "plugin_admin": {
- "name": "Plugin Admin",
- "description": "This role grants full write access to administer plugins."
}, - "route_admin": {
- "name": "Route Admin",
- "description": "This role grants full write access to administer routes."
}, - "sni_admin": {
- "name": "SNI Admin",
- "description": "This role grants full write access to administer SNIs."
}, - "upstream_admin": {
- "name": "Upstream Admin",
- "description": "This role grants full write access to administer upstreams."
}, - "viewer": {
- "name": "Viewer",
- "description": "This role grants read only access to all entities within a control plane."
}
}
}, - "api_products": {
- "name": "API Products",
- "roles": {
- "admin": {
- "name": "Admin",
- "description": "This role grants full write access to an API product and its versions."
}, - "application_registration": {
- "name": "Application Registration",
- "description": "This role grants permission to enable and disable application registration on an API product."
}, - "creator": {
- "name": "Creator",
- "description": "This access is required to create API products. This access is not for creating sub-entities such as versions, API specs, etc."
}, - "deployer": {
- "name": "Deployer",
- "description": "This role grants permission to deploy and remove an API product from a control plane."
}, - "maintainer": {
- "name": "Maintainer",
- "description": "This role grants all write permission to manage an API product and to administer plugins."
}, - "plugins_admin": {
- "name": "Plugins Admin",
- "description": "This role grants full write permission to administer plugins."
}, - "publisher": {
- "name": "Publisher",
- "description": "This role grants permission to publish an API product to one or more portals."
}, - "viewer": {
- "name": "Viewer",
- "description": "Viewer has read-only access to an API product and its sub-entities."
}
}
}, - "audit_logs": {
- "name": "Audit Logs",
- "roles": {
- "admin": {
- "name": "Admin",
- "description": "This role grants full write access to the Audit log configuration."
}
}
}, - "identity": {
- "name": "Identity",
- "roles": {
- "admin": {
- "name": "Admin",
- "description": "This role grants full write access to the Identity configuration."
}
}
}, - "mesh_control_planes": {
- "name": "Mesh Control Plane",
- "roles": {
- "admin": {
- "name": "Admin",
- "description": "This role grants full write access to the related to Mesh control planes."
}, - "connector": {
- "name": "Connector",
- "description": "This role grants a mesh zone to connect to the mesh control plane in Konnect."
}, - "creator": {
- "name": "Creator",
- "description": "This role grants access to create new Mesh control planes."
}, - "viewer": {
- "name": "Viewer",
- "description": "This role grants access to read-only permissions to Mesh control planes."
}
}
}
}Lists the roles belonging to a team. Returns 400 if any filter parameters are invalid.
| teamId required | string <uuid> Example: e81bc3e5-e9db-4764-b7dd-e81e39072cbe The team ID |
object Filter roles returned in the response. |
{- "meta": {
- "page": {
- "number": 1,
- "size": 10,
- "total": 100
}
}, - "data": [
- {
- "id": "b02e23c5-8ee4-4e5a-99f4-43329923adcd",
- "role_name": "Viewer",
- "entity_id": "437c7192-fea0-4f35-8478-c8d57783f8c1",
- "entity_type_name": "Control Planes",
- "entity_region": "eu"
}, - {
- "id": "869d9402-f117-4f9a-840f-69acaf70a81a",
- "role_name": "Admin",
- "entity_id": "18ee2573-dec0-4b83-be99-fa7700bcdc61",
- "entity_type_name": "Services",
- "entity_region": "*"
}
]
}Assigns a role to a team. Returns 409 if role is already assigned.
| teamId required | string <uuid> Example: e81bc3e5-e9db-4764-b7dd-e81e39072cbe The team ID |
The request schema for assigning a role.
| role_name | string Enum: "Admin" "Appearance Maintainer" "Application Registration" "Certificate Admin" "Cloud Gateway Cluster Admin" "Cloud Gateway Cluster Viewer" "Consumer Admin" "Connector" "Creator" "Deployer" "Discovery Admin" "Discovery Viewer" "Gateway Service Admin" "Integration Admin" "Integration Viewer" "Key Admin" "Maintainer" "Network Admin" "Network Creator" "Network Viewer" "Plugin Admin" "Plugins Admin" "Product Publisher" "Publisher" "Route Admin" "SNI Admin" "Service Admin" "Service Creator" "Service Viewer" "Upstream Admin" "Vault Admin" "Viewer" The desired role. |
| entity_id | string <uuid> The ID of the entity. |
| entity_type_name | string Enum: "APIs" "API Products" "Application Auth Strategies" "Audit Logs" "Control Planes" "DCR Providers" "Identity" "Mesh Control Planes" "Networks" "Portals" "Service Hub" The type of entity. |
| entity_region | string Enum: "us" "eu" "au" "me" "in" "*" Region of the team. |
{- "role_name": "Viewer",
- "entity_id": "18ee2573-dec0-4b83-be99-fa7700bcdc61",
- "entity_type_name": "Control Planes",
- "entity_region": "us"
}{- "id": "eaf7adf1-32c8-4bbf-b960-d1f8456afe67",
- "role_name": "Viewer",
- "entity_id": "817d0422-45c9-4d88-8d64-45aef05c1ae7",
- "entity_type_name": "Control Planes",
- "entity_region": "eu"
}Removes an assigned role from a team. Returns 404 if the requested team or assigned role were not found.
| teamId required | string <uuid> Example: e81bc3e5-e9db-4764-b7dd-e81e39072cbe The team ID. |
| roleId required | string <uuid> Example: 8350205f-a305-4e39-abe9-bc082a80091a The role ID. |
{- "status": 400,
- "title": "Bad Request",
- "instance": "konnect:trace:3674017986744198214",
- "invalid_parameters": [
- {
- "field": "body",
- "reason": "request format is invalid"
}
]
}Lists the roles assigned to a user. Returns 400 if any filter parameters are invalid.
| userId required | string <uuid> Example: e81bc3e5-e9db-4764-b7dd-e81e39072cbe The user ID |
object Filter roles returned in the response. |
{- "meta": {
- "page": {
- "number": 1,
- "size": 10,
- "total": 100
}
}, - "data": [
- {
- "id": "b02e23c5-8ee4-4e5a-99f4-43329923adcd",
- "role_name": "Viewer",
- "entity_id": "437c7192-fea0-4f35-8478-c8d57783f8c1",
- "entity_type_name": "Control Planes",
- "entity_region": "eu"
}, - {
- "id": "869d9402-f117-4f9a-840f-69acaf70a81a",
- "role_name": "Admin",
- "entity_id": "18ee2573-dec0-4b83-be99-fa7700bcdc61",
- "entity_type_name": "Services",
- "entity_region": "*"
}
]
}Assigns a role to a user. Returns 409 if role is already assigned.
| userId required | string <uuid> Example: e81bc3e5-e9db-4764-b7dd-e81e39072cbe The user ID |
The request schema for assigning a role.
| role_name | string Enum: "Admin" "Appearance Maintainer" "Application Registration" "Certificate Admin" "Cloud Gateway Cluster Admin" "Cloud Gateway Cluster Viewer" "Consumer Admin" "Connector" "Creator" "Deployer" "Discovery Admin" "Discovery Viewer" "Gateway Service Admin" "Integration Admin" "Integration Viewer" "Key Admin" "Maintainer" "Network Admin" "Network Creator" "Network Viewer" "Plugin Admin" "Plugins Admin" "Product Publisher" "Publisher" "Route Admin" "SNI Admin" "Service Admin" "Service Creator" "Service Viewer" "Upstream Admin" "Vault Admin" "Viewer" The desired role. |
| entity_id | string <uuid> The ID of the entity. |
| entity_type_name | string Enum: "APIs" "API Products" "Application Auth Strategies" "Audit Logs" "Control Planes" "DCR Providers" "Identity" "Mesh Control Planes" "Networks" "Portals" "Service Hub" The type of entity. |
| entity_region | string Enum: "us" "eu" "au" "me" "in" "*" Region of the team. |
{- "role_name": "Viewer",
- "entity_id": "18ee2573-dec0-4b83-be99-fa7700bcdc61",
- "entity_type_name": "Control Planes",
- "entity_region": "us"
}{- "id": "eaf7adf1-32c8-4bbf-b960-d1f8456afe67",
- "role_name": "Viewer",
- "entity_id": "817d0422-45c9-4d88-8d64-45aef05c1ae7",
- "entity_type_name": "Control Planes",
- "entity_region": "eu"
}Removes an assigned role from a user. Returns 404 if the requested user or assigned role were not found.
| userId required | string <uuid> Example: e81bc3e5-e9db-4764-b7dd-e81e39072cbe ID of the user. |
| roleId required | string <uuid> Example: 8350205f-a305-4e39-abe9-bc082a80091a ID of the role. |
{- "status": 400,
- "title": "Bad Request",
- "instance": "konnect:trace:3674017986744198214",
- "invalid_parameters": [
- {
- "field": "body",
- "reason": "request format is invalid"
}
]
}Returns a paginated list of users that belong to the team specified in the path parameter.
| teamId required | string <uuid> Example: d32d905a-ed33-46a3-a093-d8f536af9a8a ID of the team. |
| page[size] | integer Example: page[size]=10 The maximum number of items to include per page. The last page of a collection may include fewer items. |
| page[number] | integer Example: page[number]=1 Determines which page of the entities to retrieve. |
object Filter users returned in the response. |
{- "meta": {
- "page": {
- "number": 1,
- "size": 10,
- "total": 10
}
}, - "data": [
- {
- "id": "7f9fd312-a987-4628-b4c5-bb4f4fddd5f7",
- "email": "james.woods@email.com",
- "full_name": "James Woods",
- "preferred_name": "Jimmy",
- "active": true,
- "created_at": "2022-08-17T17:46:57.52Z",
- "updated_at": "2022-10-03T17:00:00.00Z"
}
]
}Adds a user to a team.
| teamId required | string <uuid> Example: d32d905a-ed33-46a3-a093-d8f536af9a8a ID of the team. |
The request schema for adding a user to a team.
| id required | string <uuid> The user ID for the user being added to a team. |
{- "id": "df120cb4-f60b-47bc-a2f8-6a28e6a3c63b"
}{- "status": 400,
- "title": "Bad Request",
- "instance": "konnect:trace:3674017986744198214",
- "invalid_parameters": [
- {
- "field": "body",
- "reason": "request format is invalid"
}
]
}Removes a user from a team. If the user was removed, returns a 204 empty response. Returns 404 if the user or team were not found.
| userId required | string <uuid> Example: d32d905a-ed33-46a3-a093-d8f536af9a8a User ID |
| teamId required | string <uuid> Example: d32d905a-ed33-46a3-a093-d8f536af9a8a Team ID. |
{- "status": 400,
- "title": "Bad Request",
- "instance": "konnect:trace:3674017986744198214",
- "invalid_parameters": [
- {
- "field": "body",
- "reason": "request format is invalid"
}
]
}Returns a paginated list of a teams that the user belongs to.
| userId required | string <uuid> Example: d32d905a-ed33-46a3-a093-d8f536af9a8a The user ID. |
| page[size] | integer Example: page[size]=10 The maximum number of items to include per page. The last page of a collection may include fewer items. |
| page[number] | integer Example: page[number]=1 Determines which page of the entities to retrieve. |
object Filter teams returned in the response. |
{- "meta": {
- "page": {
- "number": 1,
- "size": 1,
- "total": 10
}
}, - "data": [
- {
- "id": "7f9fd312-a987-4628-b4c5-bb4f4fddd5f7",
- "name": "IDM - Developers",
- "description": "The developers for the IDM API.",
- "system_team": false,
- "labels": {
- "env": "test"
}, - "created_at": "2022-02-07T17:46:57.52Z",
- "updated_at": "2022-09-25T13:00:00.00Z"
}
]
}Returns an array of team objects containing information about the Konnect Teams.
| page[size] | integer Example: page[size]=10 The maximum number of items to include per page. The last page of a collection may include fewer items. |
| page[number] | integer Example: page[number]=1 Determines which page of the entities to retrieve. |
object Filter teams returned in the response. |
{- "meta": {
- "page": {
- "number": 1,
- "size": 1,
- "total": 10
}
}, - "data": [
- {
- "id": "7f9fd312-a987-4628-b4c5-bb4f4fddd5f7",
- "name": "IDM - Developers",
- "description": "The developers for the IDM API.",
- "system_team": false,
- "labels": {
- "env": "test"
}, - "created_at": "2022-02-07T17:46:57.52Z",
- "updated_at": "2022-09-25T13:00:00.00Z"
}
]
}Creates a team in the Konnect Organization.
The request schema for the create team request.
If you pass the same name and description of an existing team in the request, a team with the same name and description will be created. The two teams will have different team_id values to differentiate them.
| name required | string^[\w \W]+$ A name for the team being created. |
| description | string <= 250 characters The description of the new team. |
object (Labels) <= 50 properties Labels store metadata of an entity that can be used for filtering an entity list or for searching across entity types. Keys must be of length 1-63 characters, and cannot start with "kong", "konnect", "mesh", "kic", or "_". |
{- "name": "IDM - Developers",
- "description": "The Identity Management (IDM) team.",
- "labels": {
- "env": "test",
- "service": "test"
}
}{- "id": "7f9fd312-a987-4628-b4c5-bb4f4fddd5f7",
- "name": "IDM - Developers",
- "description": "The developers for the IDM API.",
- "system_team": false,
- "labels": {
- "env": "test",
- "service": "test"
}, - "created_at": "2022-02-07T17:46:57.52Z",
- "updated_at": "2022-09-25T13:00:00.00Z"
}Returns information about a team from a given team ID.
| teamId required | string <uuid> Example: d32d905a-ed33-46a3-a093-d8f536af9a8a The team ID |
{- "id": "7f9fd312-a987-4628-b4c5-bb4f4fddd5f7",
- "name": "IDM - Developers",
- "description": "The developers for the IDM API.",
- "system_team": false,
- "labels": {
- "env": "test",
- "service": "test"
}, - "created_at": "2022-02-07T17:46:57.52Z",
- "updated_at": "2022-09-25T13:00:00.00Z"
}Updates an individual team.
| teamId required | string <uuid> Example: d32d905a-ed33-46a3-a093-d8f536af9a8a The team ID |
The request schema for the update team request.
| name | string^[\w \W]+$ The name of the team. |
| description | string <= 250 characters The description of the team. |
object or null (LabelsUpdate) <= 50 properties Labels store metadata of an entity that can be used for filtering an entity list or for searching across entity types. Labels are intended to store INTERNAL metadata. Keys must be of length 1-63 characters, and cannot start with "kong", "konnect", "mesh", "kic", or "_". |
{- "name": "IDM - Developers",
- "description": "The Identity Management (IDM) API team.",
- "labels": {
- "env": "prod"
}
}{- "id": "7f9fd312-a987-4628-b4c5-bb4f4fddd5f7",
- "name": "IDM - Developers",
- "description": "The developers for the IDM API.",
- "system_team": false,
- "labels": {
- "env": "test",
- "service": "test"
}, - "created_at": "2022-02-07T17:46:57.52Z",
- "updated_at": "2022-09-25T13:00:00.00Z"
}Deletes an individual team. Returns 404 if the team is not found.
| teamId required | string <uuid> Example: d32d905a-ed33-46a3-a093-d8f536af9a8a The team ID |
{- "status": 400,
- "title": "Bad Request",
- "instance": "konnect:trace:3674017986744198214",
- "invalid_parameters": [
- {
- "field": "body",
- "reason": "request format is invalid"
}
]
}The response contains user ids and (non-deleted, non-deleting) organization ids for users associated with provided auth0 user subject.
| aid | string Auth0 User ID |
{- "meta": {
- "page": {
- "number": 1,
- "size": 1,
- "total": 10
}
}
}Returns a paginated list of user objects.
| page[size] | integer Example: page[size]=10 The maximum number of items to include per page. The last page of a collection may include fewer items. |
| page[number] | integer Example: page[number]=1 Determines which page of the entities to retrieve. |
object Filter users returned in the response. |
{- "meta": {
- "page": {
- "number": 1,
- "size": 10,
- "total": 10
}
}, - "data": [
- {
- "id": "7f9fd312-a987-4628-b4c5-bb4f4fddd5f7",
- "email": "james.woods@email.com",
- "full_name": "James Woods",
- "preferred_name": "Jimmy",
- "active": true,
- "created_at": "2022-08-17T17:46:57.52Z",
- "updated_at": "2022-10-03T17:00:00.00Z"
}
]
}Returns the user object for the user ID specified as a path parameter.
| userId required | string <uuid> Example: d32d905a-ed33-46a3-a093-d8f536af9a8a The ID of the user being deleted. |
{- "id": "7f9fd312-a987-4628-b4c5-bb4f4fddd5f7",
- "email": "james.woods@email.com",
- "full_name": "James Woods",
- "preferred_name": "Jimmy",
- "active": true,
- "created_at": "1992-02-07T17:46:57.52Z",
- "updated_at": "2022-02-07T17:00:00.52Z"
}Update an individual user.
| userId required | string <uuid> Example: d32d905a-ed33-46a3-a093-d8f536af9a8a The ID of the user being deleted. |
The request schema for the update user request.
| full_name | string^[\w \W]+$ The user's full name. |
| preferred_name | string <= 250 characters The user's desired name. |
{- "full_name": "James C Woods",
- "preferred_name": "Jimmy"
}{- "id": "7f9fd312-a987-4628-b4c5-bb4f4fddd5f7",
- "email": "james.woods@email.com",
- "full_name": "James Woods",
- "preferred_name": "Jimmy",
- "active": true,
- "created_at": "1992-02-07T17:46:57.52Z",
- "updated_at": "2022-02-07T17:00:00.52Z"
}Deletes an individual user. Returns 404 if the requested user was not found.
| userId required | string <uuid> Example: d32d905a-ed33-46a3-a093-d8f536af9a8a The ID of the user being deleted. |
{- "status": 404,
- "title": "Not Found",
- "instance": "konnect:trace:2287285207635123011",
- "detail": "The requested team was not found"
}Returns an array of system accounts (SA) in the organization. Returns 400 if any filter parameters are invalid.
| page[size] | integer Example: page[size]=10 The maximum number of items to include per page. The last page of a collection may include fewer items. |
| page[number] | integer Example: page[number]=1 Determines which page of the entities to retrieve. |
object Filter system accounts returned in the response. |
{- "meta": {
- "page": {
- "number": 1,
- "size": 10,
- "total": 100
}
}, - "data": [
- {
- "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
- "name": "Sample System Account",
- "created_at": "2019-08-24T14:15:22Z",
- "updated_at": "2019-08-24T14:15:22Z",
- "konnect_managed": false
}
]
}Creates a system account. Returns a 409 if a system account with the same name already exists.
The request schema to create a system account.
| name required | string Name of the system account. |
| description required | string Description of the system account. Useful when the system account name is not sufficient to differentiate one system account from another. |
| konnect_managed | boolean The system account is managed by Konnect (true/false). |
{- "name": "Sample System Account",
- "description": "This is a sample system account description.",
- "konnect_managed": false
}{- "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
- "name": "Sample System Account",
- "description": "This is a sample system account description.",
- "created_at": "2019-08-24T14:15:22Z",
- "updated_at": "2019-08-24T14:15:22Z",
- "konnect_managed": false
}Returns the system account (SA) for the SA ID specified as a path parameter.
| accountId required | string ID of the system account. |
{- "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
- "name": "Sample System Account",
- "description": "This is a sample system account description.",
- "created_at": "2019-08-24T14:15:22Z",
- "updated_at": "2019-08-24T14:15:22Z",
- "konnect_managed": false
}Updates the specified system account. Returns a 409 if the updated name is the same as another system account in the organization.
| accountId required | string ID of the system account. |
The request schema for the update system account request.
| name | string Name of the system account. |
| description | string Description of the system account. |
{- "name": "string",
- "description": "string"
}{- "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
- "name": "Sample System Account",
- "description": "This is a sample system account description.",
- "created_at": "2019-08-24T14:15:22Z",
- "updated_at": "2019-08-24T14:15:22Z",
- "konnect_managed": false
}Deletes the specified system account. Returns 404 if the requested account was not found.
| accountId required | string ID of the system account. |
{- "status": 401,
- "title": "Unauthenticated",
- "instance": "konnect:trace:952172606039454040",
- "detail": "A valid token is required"
}Returns the access tokens for the specified system account. Returns 400 if any filter parameters are invalid.
| accountId required | string ID of the system account. |
| page[size] | integer Example: page[size]=10 The maximum number of items to include per page. The last page of a collection may include fewer items. |
| page[number] | integer Example: page[number]=1 Determines which page of the entities to retrieve. |
object Filter access tokens returned in the response. |
{- "meta": {
- "page": {
- "number": 1,
- "size": 10,
- "total": 100
}
}, - "data": [
- {
- "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
- "name": "Sample Access Token",
- "created_at": "2019-08-24T14:15:22Z",
- "updated_at": "2019-08-24T14:15:22Z",
- "expires_at": "2019-08-24T14:15:22Z",
- "last_used_at": "2019-08-24T14:15:22Z"
}
]
}Creates an access token for the specified system account (SA). The access token can be used for authenticating API and CLI requests. The token will only be displayed once on creation. Returns a 409 if the system account already has a token with the same name.
| accountId required | string ID of the system account. |
The request body to create a system account access token.
| name | string |
| expires_at | string <date-time> |
{- "name": "Sample Access Token",
- "expires_at": "2019-08-24T14:15:22Z"
}{- "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
- "name": "Sample Access Token",
- "created_at": "2019-08-24T14:15:22Z",
- "updated_at": "2019-08-24T14:15:22Z",
- "expires_at": "2019-08-24T14:15:22Z",
- "last_used_at": "2019-08-24T14:15:22Z",
- "token": "npat_12345678901234567890123456789012345678901234567890"
}Returns the system account (SA) access token for the SA Access Token ID specified as a path parameter.
| accountId required | string ID of the system account. |
| tokenId required | string ID of the system account access token. |
{- "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
- "name": "Sample Access Token",
- "created_at": "2019-08-24T14:15:22Z",
- "updated_at": "2019-08-24T14:15:22Z",
- "expires_at": "2019-08-24T14:15:22Z",
- "last_used_at": "2019-08-24T14:15:22Z"
}Updates the specified access token. Returns a 409 if the updated name is the same as another token belonging to the specified system user.
| accountId required | string ID of the system account. |
| tokenId required | string ID of the system account access token. |
| name | string Name of the system account access token. |
{- "name": "string"
}{- "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
- "name": "Sample Access Token",
- "created_at": "2019-08-24T14:15:22Z",
- "updated_at": "2019-08-24T14:15:22Z",
- "expires_at": "2019-08-24T14:15:22Z",
- "last_used_at": "2019-08-24T14:15:22Z"
}Deletes the specified token. Returns 404 if the token was not found.
| accountId required | string ID of the system account. |
| tokenId required | string ID of the system account access token. |
{- "status": 401,
- "title": "Unauthenticated",
- "instance": "konnect:trace:952172606039454040",
- "detail": "A valid token is required"
}Lists the roles belonging to a system account. Returns 400 if any filter parameters are invalid.
| accountId required | string ID of the system account. |
object Filter roles returned in the response. |
{- "meta": {
- "page": {
- "number": 1,
- "size": 10,
- "total": 100
}
}, - "data": [
- {
- "id": "b02e23c5-8ee4-4e5a-99f4-43329923adcd",
- "role_name": "Viewer",
- "entity_id": "437c7192-fea0-4f35-8478-c8d57783f8c1",
- "entity_type_name": "Control Planes",
- "entity_region": "eu"
}, - {
- "id": "869d9402-f117-4f9a-840f-69acaf70a81a",
- "role_name": "Admin",
- "entity_id": "18ee2573-dec0-4b83-be99-fa7700bcdc61",
- "entity_type_name": "Services",
- "entity_region": "*"
}
]
}Assigns a role to a system account. Returns 409 if role is already assigned.
| accountId required | string ID of the system account. |
The request schema for assigning a role.
| role_name | string Enum: "Admin" "Appearance Maintainer" "Application Registration" "Certificate Admin" "Cloud Gateway Cluster Admin" "Cloud Gateway Cluster Viewer" "Consumer Admin" "Connector" "Creator" "Deployer" "Discovery Admin" "Discovery Viewer" "Gateway Service Admin" "Integration Admin" "Integration Viewer" "Key Admin" "Maintainer" "Network Admin" "Network Creator" "Network Viewer" "Plugin Admin" "Plugins Admin" "Product Publisher" "Publisher" "Route Admin" "SNI Admin" "Service Admin" "Service Creator" "Service Viewer" "Upstream Admin" "Vault Admin" "Viewer" The desired role. |
| entity_id | string <uuid> The ID of the entity. |
| entity_type_name | string Enum: "APIs" "API Products" "Application Auth Strategies" "Audit Logs" "Control Planes" "DCR Providers" "Identity" "Mesh Control Planes" "Networks" "Portals" "Service Hub" The type of entity. |
| entity_region | string Enum: "us" "eu" "au" "me" "in" "*" Region of the team. |
{- "role_name": "Viewer",
- "entity_id": "18ee2573-dec0-4b83-be99-fa7700bcdc61",
- "entity_type_name": "Control Planes",
- "entity_region": "us"
}{- "id": "eaf7adf1-32c8-4bbf-b960-d1f8456afe67",
- "role_name": "Viewer",
- "entity_id": "817d0422-45c9-4d88-8d64-45aef05c1ae7",
- "entity_type_name": "Control Planes",
- "entity_region": "eu"
}Removes an assigned role from a system account. Returns 404 if the system account or assigned role were not found.
| accountId required | string ID of the system account. |
| roleId required | string ID of the role. |
{- "status": 401,
- "title": "Unauthenticated",
- "instance": "konnect:trace:952172606039454040",
- "detail": "A valid token is required"
}Returns a paginated list of system accounts that belong to the team specified in the path parameter.
| teamId required | string ID of the team. |
| page[size] | integer Example: page[size]=10 The maximum number of items to include per page. The last page of a collection may include fewer items. |
| page[number] | integer Example: page[number]=1 Determines which page of the entities to retrieve. |
object Filter system accounts returned in the response. |
{- "meta": {
- "page": {
- "number": 1,
- "size": 10,
- "total": 100
}
}, - "data": [
- {
- "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
- "name": "Sample System Account",
- "created_at": "2019-08-24T14:15:22Z",
- "updated_at": "2019-08-24T14:15:22Z",
- "konnect_managed": false
}
]
}Adds a system account to a team. Returns a 409 if the system account is already a member of the team.
| teamId required | string ID of the team. |
The request schema for adding a system account to a team.
| id | string <uuid> ID of the system account. |
{- "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08"
}{- "status": 401,
- "title": "Unauthenticated",
- "instance": "konnect:trace:952172606039454040",
- "detail": "A valid token is required"
}Removes a system account from a team. Returns 404 if the team or system account were not found.
| teamId required | string ID of the team. |
| accountId required | string ID of the system account. |
{- "status": 401,
- "title": "Unauthenticated",
- "instance": "konnect:trace:952172606039454040",
- "detail": "A valid token is required"
}Returns a paginated list of a teams that the system account belongs to.
| accountId required | string ID of the system account. |
| page[size] | integer Example: page[size]=10 The maximum number of items to include per page. The last page of a collection may include fewer items. |
| page[number] | integer Example: page[number]=1 Determines which page of the entities to retrieve. |
object Filter teams returned in the response. |
{- "meta": {
- "page": {
- "number": 1,
- "size": 1,
- "total": 10
}
}, - "data": [
- {
- "id": "7f9fd312-a987-4628-b4c5-bb4f4fddd5f7",
- "name": "IDM - Developers",
- "description": "The developers for the IDM API.",
- "system_team": false,
- "labels": {
- "env": "test"
}, - "created_at": "2022-02-07T17:46:57.52Z",
- "updated_at": "2022-09-25T13:00:00.00Z"
}
]
}Returns the user account for the user identified in the token of the request.
{- "id": "7f9fd312-a987-4628-b4c5-bb4f4fddd5f7",
- "email": "james.woods@email.com",
- "full_name": "James Woods",
- "preferred_name": "Jimmy",
- "active": true,
- "created_at": "1992-02-07T17:46:57.52Z",
- "updated_at": "2022-02-07T17:00:00.52Z"
}Deletes the user account for the user identified in the token of the request.
{- "status": 401,
- "title": "Unauthenticated",
- "instance": "konnect:trace:952172606039454040",
- "detail": "A valid token is required"
}Updates the user account for the user identified in the token of the request.
The request schema for the update user request.
| full_name | string^[\w \W]+$ The user's full name. |
| preferred_name | string <= 250 characters The user's desired name. |
{- "full_name": "James C Woods",
- "preferred_name": "Jimmy"
}{- "id": "7f9fd312-a987-4628-b4c5-bb4f4fddd5f7",
- "email": "james.woods@email.com",
- "full_name": "James Woods",
- "preferred_name": "Jimmy",
- "active": true,
- "created_at": "1992-02-07T17:46:57.52Z",
- "updated_at": "2022-02-07T17:00:00.52Z"
}Returns the permissions for the current user
object Filter permissions returned in the response. |
{- "data": [
- {
- "resource": "krn:accounts:reg/*:org/aa878768-05cb-4811-90d2-b82ef61caf44",
- "actions": [
- "#root"
]
}
]
}Returns the organization of the user identified in the token of the request.
{- "created_at": "2023-01-18T11:35:45.130Z",
- "id": "023bfa42-3513-4cbf-b059-a9ddb4ea995d",
- "name": "Acme Co.",
- "owner_id": "e02c829c-0e2d-44b5-9057-07714ea613a3",
- "login_path": "acme",
- "updated_at": "2023-01-23T17:22:52.150Z",
- "state": "active",
- "retention_period_days": 90
}Updates the current user's organization. When updating the owner, the new owner must be an organization admin.
The request schema to update an organization.
| owner_id | string <uuid> The user id of the new owner of the organization. Must be a member of the Organization Admins team. |
| name | string The new name of the organization. |
{- "owner_id": "df120cb4-f60b-47bc-a2f8-6a28e6a3c63b",
- "name": "Kong Inc"
}{- "created_at": "2023-01-18T11:35:45.130Z",
- "id": "023bfa42-3513-4cbf-b059-a9ddb4ea995d",
- "name": "Acme Co.",
- "owner_id": "e02c829c-0e2d-44b5-9057-07714ea613a3",
- "login_path": "acme",
- "updated_at": "2023-01-23T17:22:52.150Z",
- "state": "active",
- "retention_period_days": 90
}Lists the roles belonging to a managed system account. Returns 400 if any filter parameters are invalid.
| accountId required | string ID of the system account. |
object Filter roles returned in the response. |
{- "meta": {
- "page": {
- "number": 1,
- "size": 10,
- "total": 100
}
}, - "data": [
- {
- "id": "b02e23c5-8ee4-4e5a-99f4-43329923adcd",
- "role_name": "Connector",
- "entity_id": "437c7192-fea0-4f35-8478-c8d57783f8c1",
- "entity_type_name": "Mesh Control Planes",
- "entity_region": "us",
- "parameters": {
- "zoneName": "zone2"
}
}, - {
- "id": "869d9402-f117-4f9a-840f-69acaf70a81a",
- "role_name": "Connector",
- "entity_id": "18ee2573-dec0-4b83-be99-fa7700bcdc61",
- "entity_type_name": "Mesh Control Planes",
- "entity_region": "eu",
- "parameters": {
- "zoneName": "zone3"
}
}
]
}Assigns a role to a managed system account. Returns 409 if role is already assigned.
| accountId required | string ID of the system account. |
The request schema for assigning a role.
| role_name | string The desired role. |
| entity_id | string <uuid> The ID of the entity. |
| entity_type_name | string The type of entity. |
| entity_region | string Enum: "us" "eu" "au" "me" "in" "*" The region to scope the role assignment to. |
| parameters | object |
{- "id": "eaf7adf1-32c8-4bbf-b960-d1f8456afe67",
- "role_name": "Connector",
- "entity_id": "18ee2573-dec0-4b83-be99-fa7700bcdc61",
- "entity_type_name": "Mesh Control Planes",
- "entity_region": "eu",
- "parameters": {
- "zoneName": "zone4"
}
}{- "id": "eaf7adf1-32c8-4bbf-b960-d1f8456afe67",
- "role_name": "Connector",
- "entity_id": "18ee2573-dec0-4b83-be99-fa7700bcdc61",
- "entity_type_name": "Mesh Control Planes",
- "entity_region": "eu",
- "parameters": {
- "zoneName": "zone4"
}
}Issues new tokens. Returns 401 if a) the user is no longer active, b) the token has exceeded its lifetime limit, or c) the token has been revoked.
{- "status": 401,
- "title": "Unauthenticated",
- "instance": "konnect:trace:952172606039454040",
- "detail": "A valid token is required"
}Callback for authenticating via an organization's IdP
| organizationLoginPath required | string The login path for the organization. |
| return_to | string Return destination for the callback. |
{- "status": 400,
- "title": "Bad Request",
- "instance": "konnect:trace:3674017986744198214",
- "invalid_parameters": [
- {
- "field": "body",
- "reason": "request format is invalid"
}
]
}This call the aws marketplace resolve customer api.
AWS Marketplace Metering Resolve Customer request.
| token required | string Token is the aws customer token from the aws marketplace. |
{- "token": "A1B2C3D4E5F6G7H8I9J0K+LMNOPQRSTUVWXYZabcd+efghijklmnopqrstuv+wxyz0123456789+"
}{- "organization_id": "7c60d51f-b44e-4682-87d6-449835ea4de6"
}This endpoint provides the machine client a means of being notified when a request for authorization is granted or rejected. It is expected for the client to try the access token request repeatedly in a polling fashion based on the error code in the response. See https://www.rfc-editor.org/rfc/rfc8628#section-3.4 for details.
The request schema for the device access token request.
| grant_type required | string Value MUST be set to "urn:ietf:params:oauth:grant-type:device_code". |
| device_code required | string The device verification code, "device_code" from the device authorization response. |
| client_id required | string The client identifier. |
{- "access_token": "2YotnFZFEjr1zCsicMWpAA",
- "token_type": "Bearer",
- "expires_in": 3600,
- "refresh_token": "tGzv3JOkF0XG5Qx2TlKWIA",
- "scope": "read write"
}Confirms the authorization request by marking the device code as confirmed.
The request schema for the device confirmation request.
| user_code required | string The end-user device verification code. |
{- "user_code": "string"
}{- "status": 400,
- "title": "Bad Request",
- "instance": "konnect:trace:3674017986744198214",
- "invalid_parameters": [
- {
- "field": "body",
- "reason": "request format is invalid"
}
]
}Create a new organization with Auth0 authentication. The Auth0 user will be the organization owner.
| organization_name required | string |
| default_region required | string |
{- "organization_name": "string",
- "default_region": "string"
}{- "organization_id": "string",
- "login_path": "string"
}Retrieves the list of organizations available to the given user.
{- "meta": {
- "page": {
- "number": 1,
- "size": 1,
- "total": 10
}
}, - "data": [
- {
- "name": "IDM - Developers",
- "login_path": "/v2/authenticate/federated?org_id=7f9fd312-a987-4628-b4c5-bb4f4fddd5f7"
}
]
}Updates Impersonation Settings.
The request schema for adding a system account to a team.
| enabled | boolean Indicates if user impersonation is allowed for the organization. |
{- "enabled": false
}{- "enabled": false
}