API docs by Redocly

Konnect Identity (3.0.0)

Download OpenAPI specification:Download

URL: https://konghq.com

The management API for Kong Konnect Identity resources.

Users

Retrieves users matching a provided auth0 subject and email.

The response contains user ids and (non-deleted, non-deleting) organization ids for users associated with provided auth0 user subject.

Authorizations:
personalAccessTokensystemAccountAccessTokenkonnectAccessTokenclientToken
query Parameters
aid
string

Auth0 User ID

Responses

Response samples

Content type
application/json
{
  • "meta": {
    }
}

Me

Delete My User Account

Deletes the user account for the user identified in the token of the request.

Authorizations:
konnectAccessToken

Responses

Response samples

Content type
application/problem+json
{
  • "status": 401,
  • "title": "Unauthenticated",
  • "instance": "konnect:trace:952172606039454040",
  • "detail": "A valid token is required"
}

Update My User Account

Updates the user account for the user identified in the token of the request.

Authorizations:
konnectAccessToken
Request Body schema: application/json

The request schema for the update user request.

full_name
string^[\w \W]+$

The user's full name.

preferred_name
string <= 250 characters

The user's desired name.

Responses

Request samples

Content type
application/json
{
  • "full_name": "James C Woods",
  • "preferred_name": "Jimmy"
}

Response samples

Content type
application/json
{
  • "id": "7f9fd312-a987-4628-b4c5-bb4f4fddd5f7",
  • "email": "james.woods@email.com",
  • "full_name": "James Woods",
  • "preferred_name": "Jimmy",
  • "active": true,
  • "created_at": "1992-02-07T17:46:57.52Z",
  • "updated_at": "2022-02-07T17:00:00.52Z"
}

Get My Permissions

Returns the permissions for the current user

Authorizations:
konnectAccessToken
query Parameters
object

Filter permissions returned in the response.

Responses

Response samples

Content type
application/json
{
  • "data": [
    ]
}

Update My Organization

Updates the current user's organization. When updating the owner, the new owner must be an organization admin.

Authorizations:
personalAccessTokensystemAccountAccessTokenkonnectAccessTokenclientToken
Request Body schema: application/json

The request schema to update an organization.

owner_id
string <uuid>

The user id of the new owner of the organization. Must be a member of the Organization Admins team.

name
string

The new name of the organization.

Responses

Request samples

Content type
application/json
{
  • "owner_id": "df120cb4-f60b-47bc-a2f8-6a28e6a3c63b",
  • "name": "Kong Inc"
}

Response samples

Content type
application/json
{
  • "created_at": "2023-01-18T11:35:45.130Z",
  • "id": "023bfa42-3513-4cbf-b059-a9ddb4ea995d",
  • "name": "Acme Co.",
  • "owner_id": "e02c829c-0e2d-44b5-9057-07714ea613a3",
  • "login_path": "acme",
  • "updated_at": "2023-01-23T17:22:52.150Z",
  • "state": "active",
  • "retention_period_days": 90
}

Managed System Accounts - Roles

Fetch assigned roles for a managed system account.

Lists the roles belonging to a managed system account. Returns 400 if any filter parameters are invalid.

Authorizations:
clientToken
path Parameters
accountId
required
string

ID of the system account.

query Parameters
object

Filter roles returned in the response.

Responses

Response samples

Content type
application/json
{
  • "meta": {
    },
  • "data": [
    ]
}

Assign a role to a managed System Account.

Assigns a role to a managed system account. Returns 409 if role is already assigned.

Authorizations:
clientToken
path Parameters
accountId
required
string

ID of the system account.

Request Body schema: application/json

The request schema for assigning a role.

role_name
string

The desired role.

entity_id
string <uuid>

The ID of the entity.

entity_type_name
string

The type of entity.

entity_region
string
Enum: "us" "eu" "au" "me" "in" "*"

The region to scope the role assignment to.

parameters
object

Responses

Request samples

Content type
application/json
{
  • "id": "eaf7adf1-32c8-4bbf-b960-d1f8456afe67",
  • "role_name": "Connector",
  • "entity_id": "18ee2573-dec0-4b83-be99-fa7700bcdc61",
  • "entity_type_name": "Mesh Control Planes",
  • "entity_region": "eu",
  • "parameters": {
    }
}

Response samples

Content type
application/json
{
  • "id": "eaf7adf1-32c8-4bbf-b960-d1f8456afe67",
  • "role_name": "Connector",
  • "entity_id": "18ee2573-dec0-4b83-be99-fa7700bcdc61",
  • "entity_type_name": "Mesh Control Planes",
  • "entity_region": "eu",
  • "parameters": {
    }
}

Authentication

Refresh Token

Issues new tokens. Returns 401 if a) the user is no longer active, b) the token has exceeded its lifetime limit, or c) the token has been revoked.

Authorizations:
personalAccessTokensystemAccountAccessTokenkonnectAccessTokenclientToken

Responses

Response samples

Content type
application/problem+json
{
  • "status": 401,
  • "title": "Unauthenticated",
  • "instance": "konnect:trace:952172606039454040",
  • "detail": "A valid token is required"
}

Log Out

Clears the auth cookies.

Authorizations:
personalAccessTokensystemAccountAccessTokenkonnectAccessTokenclientToken

Responses

Response samples

Content type
application/json
{
  • "login_path": "string"
}

AWS

Resolves an AWS Customer.

This call the aws marketplace resolve customer api.

Authorizations:
personalAccessTokensystemAccountAccessTokenkonnectAccessTokenclientToken
Request Body schema: application/json

AWS Marketplace Metering Resolve Customer request.

token
required
string

Token is the aws customer token from the aws marketplace.

Responses

Request samples

Content type
application/json
{
  • "token": "A1B2C3D4E5F6G7H8I9J0K+LMNOPQRSTUVWXYZabcd+efghijklmnopqrstuv+wxyz0123456789+"
}

Response samples

Content type
application/json
{
  • "organization_id": "7c60d51f-b44e-4682-87d6-449835ea4de6"
}

Device Authorization Grant

Device authorization request

Initiates a device authorization workflow, generating and returning a unique device verification code. See https://www.rfc-editor.org/rfc/rfc8628#section-3.1 for details.

Authorizations:
None
Request Body schema: application/x-www-form-urlencoded

The request schema for the device authorization request.

client_id
required
string

The client identifier.

scope
string

The scope of the access request.

Responses

Response samples

Content type
application/json
{}

Device access token request

This endpoint provides the machine client a means of being notified when a request for authorization is granted or rejected. It is expected for the client to try the access token request repeatedly in a polling fashion based on the error code in the response. See https://www.rfc-editor.org/rfc/rfc8628#section-3.4 for details.

Authorizations:
None
Request Body schema: application/x-www-form-urlencoded

The request schema for the device access token request.

grant_type
required
string

Value MUST be set to "urn:ietf:params:oauth:grant-type:device_code".

device_code
required
string

The device verification code, "device_code" from the device authorization response.

client_id
required
string

The client identifier.

Responses

Response samples

Content type
application/json
{
  • "access_token": "2YotnFZFEjr1zCsicMWpAA",
  • "token_type": "Bearer",
  • "expires_in": 3600,
  • "refresh_token": "tGzv3JOkF0XG5Qx2TlKWIA",
  • "scope": "read write"
}

User device authorization request

Marks the device code as authorized and is a means to provide the interactive UI flow with the necessary request metadata for the user to confirm the request.

Authorizations:
konnectAccessToken
Request Body schema: application/json

The request schema for the user device authorization request.

user_code
required
string

The end-user device verification code.

Responses

Request samples

Content type
application/json
{
  • "user_code": "string"
}

Response samples

Content type
application/json
{
  • "organization_name": "string",
  • "user": {
    },
  • "metadata": {
    }
}

Device confirmation request

Confirms the authorization request by marking the device code as confirmed.

Authorizations:
konnectAccessToken
Request Body schema: application/json

The request schema for the device confirmation request.

user_code
required
string

The end-user device verification code.

Responses

Request samples

Content type
application/json
{
  • "user_code": "string"
}

Response samples

Content type
application/problem+json
Example
{
  • "status": 400,
  • "title": "Bad Request",
  • "instance": "konnect:trace:3674017986744198214",
  • "invalid_parameters": [
    ]
}

SSO Auth0

Register a new organization with an Auth0 authenticated user.

Create a new organization with Auth0 authentication. The Auth0 user will be the organization owner.

Authorizations:
personalAccessTokensystemAccountAccessTokenkonnectAccessTokenclientToken
Request Body schema: application/json
organization_name
required
string
default_region
required
string

Responses

Request samples

Content type
application/json
{
  • "organization_name": "string",
  • "default_region": "string"
}

Response samples

Content type
application/json
{
  • "organization_id": "string",
  • "login_path": "string"
}

Retrieves the list of organizations available to the given user.

Retrieves the list of organizations available to the given user.

Authorizations:
personalAccessTokensystemAccountAccessTokenkonnectAccessTokenclientToken

Responses

Response samples

Content type
application/json
{
  • "meta": {
    },
  • "data": [
    ]
}