{"version":"v1","description":"This document describes the IServ IDM API.\n\n## IDs and IRIs\nAll IDs are UUIDs encoded using base 58 (e.g. `d7dcc25b-0303-43b2-b350-e400338ea223` === `Tf2SqStTdCxSvcojmbemmL`).\nMost endpoints accept both formats.\n\nIRIs are used to describe other resources. These are formed using the path to fetch that resource (e.g. `\/iserv\/idm\/api\/v1\/users\/Tf2SqStTdCxSvcojmbemmL`).\n\n## Attributes\nThe API can respond with nested data. The query parameter `_attributes` controls the behaviour.\nTo fetch all users and their firstname, lastname and all owners of every group the user is in perform the following query:\n`\/iserv\/idm\/api\/v1\/users?_attributes=firstname,lastname,groups.owner`\n\n## Authentication\n### localhost\nRead-only access is granted when accessing via localhost on port 987.\n\n### Client certificate\nAuthentication via IServ client certificate grant either writable or readonly access depending on the relation to this server.\nWhen the client certificate belongs to a parent server, it grants access according to the configuration for that parent. \nWhen the client certificate belongs to a child server, the synchronisation endpoint can be used. \n\n### API Key\nAPI keys grant write access. API keys can be found in the database table `idm_api_key`.\nYou can use an api key in this document to perform request against the api by using the Authorize button.\nThe header `X-IServ-Authentication` should contain the API key.\n\n### Access-Token\nOAuth access tokens can be used to authenticate against the API. \nTokens with the scope `iserv:web-ui` can access the API.\nTokens that also have the scope `iserv:admin` have write access to the API.\nThe header `Authorization` should contain the access token, prefixed with `Bearer ` (e.g. `Authorization: Bearer ::token::`). \n","title":"IDM API","resourceNameCollection":["ApiPlatform\\State\\ApiResource\\Error","ApiPlatform\\Symfony\\Validator\\Exception\\ValidationException","IServ\\Idm\\ApiModel\\EmailAddress","IServ\\Idm\\ApiModel\\ExternalIdentifier","IServ\\Idm\\ApiModel\\Group","IServ\\Idm\\ApiModel\\GroupFlag","IServ\\Idm\\ApiModel\\LoginIdentifier","IServ\\Idm\\ApiModel\\Privilege","IServ\\Idm\\ApiModel\\RegistrationCode","IServ\\Idm\\ApiModel\\Relation","IServ\\Idm\\ApiModel\\Role","IServ\\Idm\\ApiModel\\Tenant","IServ\\Idm\\ApiModel\\TwoFactorClient","IServ\\Idm\\ApiModel\\User"]}