Examples of New ACB v.1.3 User Management API requests
This is a new API for managing users in the Application Credentials Broker system.
User Management API JSON
JSON
{
"openapi": "3.0.1",
"info": {
"title": "Application Credentials Broker API",
"description": "API for managing users in the Application Credentials Broker system",
"version": "1.0.0",
"contact": {
"name": "API Support",
"email": "[email protected]"
}
},
"servers": [
{
"url": "https://api.example.com",
"description": "Production server"
},
{
"url": "https://staging-api.example.com",
"description": "Staging server"
}
],
"security": [
{
"AccessTokenAuth": []
}
],
"paths": {
"/api/user-management/users/internal": {
"post": {
"tags": [
"UserManagement"
],
"summary": "Create an internal user",
"description": "Create a new internal Syteca user",
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/CreateInternalUserRequestDto"
}
}
}
},
"responses": {
"201": {
"description": "User created successfully",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/CreateInternalUserResponseDto"
}
}
}
},
"400": {
"description": "Bad request",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorResponse"
}
}
}
},
"401": {
"description": "Unauthorized",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorResponse"
}
}
}
},
"403": {
"description": "Forbidden",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorResponse"
}
}
}
},
"409": {
"description": "Conflict",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorResponse"
}
}
}
},
"500": {
"description": "Internal server error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorResponse"
}
}
}
},
"503": {
"description": "Service unavailable",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorResponse"
}
}
}
}
}
}
},
"/api/user-management/users/domain": {
"post": {
"tags": [
"UserManagement"
],
"summary": "Add a domain user",
"description": "Add a new domain user (link AD account to Syteca user)",
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/CreateDomainUserRequestDto"
}
}
}
},
"responses": {
"201": {
"description": "Domain user added successfully",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/CreateDomainUserResponseDto"
}
}
}
},
"400": {
"description": "Bad request",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorResponse"
}
}
}
},
"401": {
"description": "Unauthorized",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorResponse"
}
}
}
},
"403": {
"description": "Forbidden",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorResponse"
}
}
}
},
"409": {
"description": "Conflict",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorResponse"
}
}
}
},
"422": {
"description": "Unprocessable Entity",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorResponse"
}
}
}
},
"500": {
"description": "Internal server error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorResponse"
}
}
}
},
"503": {
"description": "Service unavailable",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorResponse"
}
}
}
}
}
}
},
"/api/user-management/users/{userId}": {
"get": {
"tags": [
"UserManagement"
],
"summary": "Get user details by user ID",
"description": "Get user profile details",
"parameters": [
{
"name": "userId",
"in": "path",
"required": true,
"description": "Syteca user identifier (internal or domain)",
"schema": {
"type": "integer",
"format": "int32"
}
}
],
"responses": {
"200": {
"description": "User details retrieved successfully",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/GetUserDetailsResponse"
}
}
}
},
"400": {
"description": "Bad request",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorResponse"
}
}
}
},
"401": {
"description": "Unauthorized",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorResponse"
}
}
}
},
"403": {
"description": "Forbidden",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorResponse"
}
}
}
},
"500": {
"description": "Internal server error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorResponse"
}
}
}
},
"503": {
"description": "Service unavailable",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorResponse"
}
}
}
}
}
},
"delete": {
"tags": [
"UserManagement"
],
"summary": "Delete user (internal/domain)",
"description": "Delete an internal or domain user by ID",
"parameters": [
{
"name": "userId",
"in": "path",
"required": true,
"description": "ID of the user to delete (internal or domain)",
"schema": {
"type": "integer",
"format": "int32"
}
}
],
"responses": {
"200": {
"description": "User was successfully deleted"
},
"400": {
"description": "Bad request",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorResponse"
}
}
}
},
"401": {
"description": "Unauthorized",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorResponse"
}
}
}
},
"403": {
"description": "Forbidden",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorResponse"
}
}
}
},
"409": {
"description": "Conflict",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorResponse"
}
}
}
},
"500": {
"description": "Internal server error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorResponse"
}
}
}
},
"503": {
"description": "Service unavailable",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorResponse"
}
}
}
}
}
}
},
"/api/user-management/users/{userId}/admin-permissions": {
"put": {
"tags": [
"UserManagement"
],
"summary": "Update user Administrative permissions (internal/domain)",
"description": "Update Administrative permissions for a user",
"parameters": [
{
"name": "userId",
"in": "path",
"required": true,
"description": "ID of the user to update Administrative permissions",
"schema": {
"type": "integer",
"format": "int32"
}
}
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/UpdateUserAdminPermissionsRequestDto"
}
}
}
},
"responses": {
"204": {
"description": "Administrative permissions for a user updated successfully"
},
"400": {
"description": "Bad request",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorResponse"
}
}
}
},
"401": {
"description": "Unauthorized",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorResponse"
}
}
}
},
"403": {
"description": "Forbidden",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorResponse"
}
}
}
},
"500": {
"description": "Internal server error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorResponse"
}
}
}
},
"503": {
"description": "Service unavailable",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorResponse"
}
}
}
}
}
}
},
"/api/user-management/users/{userId}/client-access": {
"put": {
"tags": [
"UserManagement"
],
"summary": "Update user Client Access permissions (internal/domain)",
"description": "Update Client Access permissions for a user",
"parameters": [
{
"name": "userId",
"in": "path",
"required": true,
"description": "ID of the user to update Client Access permissions",
"schema": {
"type": "integer",
"format": "int32"
}
}
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/UpdateUserClientAccessPermissionsRequestDto"
}
}
}
},
"responses": {
"204": {
"description": "User Access permissions for a user updated successfully"
},
"400": {
"description": "Bad request",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorResponse"
}
}
}
},
"401": {
"description": "Unauthorized",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorResponse"
}
}
}
},
"403": {
"description": "Forbidden",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorResponse"
}
}
}
},
"500": {
"description": "Internal server error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorResponse"
}
}
}
},
"503": {
"description": "Service unavailable",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorResponse"
}
}
}
}
}
}
},
"/api/user-management/users/{userId}/user-access": {
"put": {
"tags": [
"UserManagement"
],
"summary": "Update User Access permissions (internal/domain)",
"description": "Update User Access mappings (domain/computer + account) for a user",
"parameters": [
{
"name": "userId",
"in": "path",
"required": true,
"description": "ID of the user to update User Access permissions",
"schema": {
"type": "integer",
"format": "int32"
}
}
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/UpdateUserAccessPermissionsRequestDto"
}
}
}
},
"responses": {
"204": {
"description": "User Access permissions for a user updated successfully"
},
"400": {
"description": "Bad request",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorResponse"
}
}
}
},
"401": {
"description": "Unauthorized",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorResponse"
}
}
}
},
"403": {
"description": "Forbidden",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorResponse"
}
}
}
},
"500": {
"description": "Internal server error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorResponse"
}
}
}
},
"503": {
"description": "Service unavailable",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorResponse"
}
}
}
}
}
}
},
"/api/user-management/user-groups/{groupId}/users": {
"post": {
"tags": [
"UserManagement"
],
"summary": "Add user to group",
"description": "Add a user (internal or domain) to a user group",
"parameters": [
{
"name": "groupId",
"in": "path",
"required": true,
"description": "ID of the target user group (internal Syteca user group)",
"schema": {
"type": "integer",
"format": "int32"
}
}
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/AddUserToGroupRequestDto"
}
}
}
},
"responses": {
"204": {
"description": "User added to group successfully"
},
"400": {
"description": "Bad request",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorResponse"
}
}
}
},
"401": {
"description": "Unauthorized",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorResponse"
}
}
}
},
"403": {
"description": "Forbidden",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorResponse"
}
}
}
},
"500": {
"description": "Internal server error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorResponse"
}
}
}
},
"503": {
"description": "Service unavailable",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorResponse"
}
}
}
}
}
}
},
"/api/user-management/user-groups/{groupId}/users/{userId}": {
"delete": {
"tags": [
"UserManagement"
],
"summary": "Remove user from group",
"description": "Remove a user (internal or domain) from a user group",
"parameters": [
{
"name": "groupId",
"in": "path",
"required": true,
"description": "ID of the user group",
"schema": {
"type": "integer",
"format": "int32"
}
},
{
"name": "userId",
"in": "path",
"required": true,
"description": "ID of the user (internal or domain)",
"schema": {
"type": "integer",
"format": "int32"
}
}
],
"responses": {
"204": {
"description": "User removed from group successfully"
},
"400": {
"description": "Bad request",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorResponse"
}
}
}
},
"401": {
"description": "Unauthorized",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorResponse"
}
}
}
},
"403": {
"description": "Forbidden",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorResponse"
}
}
}
},
"500": {
"description": "Internal server error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorResponse"
}
}
}
},
"503": {
"description": "Service unavailable",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorResponse"
}
}
}
}
}
}
}
},
"components": {
"securitySchemes": {
"AccessTokenAuth": {
"type": "apiKey",
"in": "header",
"name": "Authorization",
"description": "Access token for authentication"
}
},
"schemas": {
"ErrorResponse": {
"type": "object",
"required": [
"status",
"message"
],
"properties": {
"status": {
"type": "integer",
"description": "HTTP status code"
},
"message": {
"type": "string",
"description": "Error message"
}
}
},
"AddUserToGroupRequestDto": {
"type": "object",
"additionalProperties": false,
"properties": {
"user_id": {
"type": "integer",
"format": "int32",
"description": "ID of an internal or domain user that should become a member of the group"
}
}
},
"AdminPermissionsDto": {
"type": "object",
"additionalProperties": false,
"properties": {
"direct_permission_keys": {
"type": "array",
"nullable": true,
"description": "Array of permission identifiers that match the UI list on the Administrative Permissions tab",
"items": {
"type": "string",
"description": "Administrative permission identifier"
}
}
}
},
"ClientAccessRuleDto": {
"type": "object",
"additionalProperties": false,
"properties": {
"client_group_id": {
"type": "integer",
"format": "int32",
"nullable": true,
"description": "ID of a Client group the rule applies to"
},
"client_id": {
"type": "integer",
"format": "int32",
"nullable": true,
"description": "ID of a specific Client endpoint the rule applies to"
},
"permission_keys": {
"type": "array",
"nullable": true,
"description": "Set of Client permissions to grant directly for this user on the selected group/client",
"items": {
"type": "string",
"description": "Client permission identifier"
}
}
}
},
"CreateDomainUserRequestDto": {
"type": "object",
"additionalProperties": false,
"properties": {
"account_name": {
"type": "string",
"nullable": true,
"description": "AD user name"
},
"auth_token_lifetime_sec": {
"type": "integer",
"format": "int32",
"nullable": true,
"description": "The lifetime of an access token in seconds for this user"
},
"domain": {
"type": "string",
"nullable": true,
"description": "AD domain name"
},
"external_app_enabled": {
"type": "boolean",
"description": "Allow this user account to be used by external applications"
},
"ip_restrictions": {
"type": "array",
"nullable": true,
"description": "Allowed IP address for this user's API access",
"items": {
"type": "string",
"description": "IP address"
}
},
"two_factor_required": {
"type": "boolean",
"description": "Enable two-factor authentication on login"
},
"user_group_ids": {
"type": "array",
"nullable": true,
"description": "IDs of Syteca user groups, the domain user should be added",
"items": {
"type": "integer",
"format": "int32",
"description": "Syteca user group ID"
}
}
}
},
"CreateDomainUserResponseDto": {
"type": "object",
"additionalProperties": false,
"properties": {
"id": {
"type": "integer",
"format": "int32",
"description": "Unique Syteca user ID"
},
"user_type": {
"type": "string",
"nullable": true,
"description": "User type"
},
"account_name": {
"type": "string",
"nullable": true,
"description": "Domain account name"
},
"domain": {
"type": "string",
"nullable": true,
"description": "AD domain name"
},
"two_factor_required": {
"type": "boolean",
"description": "Two-factor authentication on login"
},
"external_app_enabled": {
"type": "boolean",
"description": "Allow this user account to be used by external applications"
},
"auth_token_lifetime_sec": {
"type": "integer",
"format": "int32",
"nullable": true,
"description": "The lifetime of an access token in seconds for this user"
},
"ip_restrictions": {
"type": "array",
"nullable": true,
"description": "Allowed IP address for this user's API access",
"items": {
"type": "string",
"description": "IP address"
}
},
"user_group_ids": {
"type": "array",
"nullable": true,
"description": "List of Syteca user group IDs this user belongs to",
"items": {
"type": "integer",
"format": "int32",
"description": "Syteca user group ID"
}
},
"has_user_groups": {
"type": "boolean",
"description": "The user is a member of any user groups"
}
}
},
"CreateInternalUserRequestDto": {
"type": "object",
"additionalProperties": false,
"properties": {
"admin_permissions": {
"$ref": "#/components/schemas/AdminPermissionsDto",
"description": "List of administrative permissions to assign directly to the user"
},
"auth_token_lifetime_sec": {
"type": "integer",
"format": "int32",
"nullable": true,
"description": "The lifetime of an access token in seconds for this user"
},
"client_access_rules": {
"type": "array",
"nullable": true,
"description": "List of direct Client Access rules for this user",
"items": {
"$ref": "#/components/schemas/ClientAccessRuleDto"
}
},
"description": {
"type": "string",
"nullable": true,
"description": "Free-form comment/description for the user"
},
"email": {
"type": "string",
"nullable": true,
"description": "User's email address"
},
"external_app_enabled": {
"type": "boolean",
"description": "Allow this user account to be used by external applications"
},
"first_name": {
"type": "string",
"nullable": true,
"description": "User's first name (display only)"
},
"ip_restrictions": {
"type": "array",
"nullable": true,
"description": "Allowed IP address for this user's API access",
"items": {
"type": "string",
"description": "IP address"
}
},
"last_name": {
"type": "string",
"nullable": true,
"description": "User's last name (display only)"
},
"password": {
"type": "string",
"nullable": true,
"description": "User password that satisfies the current password policy"
},
"two_factor_required": {
"type": "boolean",
"description": "Enable two-factor authentication on login"
},
"user_access_rules": {
"type": "array",
"nullable": true,
"description": "Direct User Access rules for the user",
"items": {
"$ref": "#/components/schemas/UserAccessRuleDto"
}
},
"user_group_ids": {
"type": "array",
"nullable": true,
"description": "IDs of Syteca user groups, the internal user should be added",
"items": {
"type": "integer",
"format": "int32",
"description": "Syteca user group ID"
}
},
"username": {
"type": "string",
"nullable": true,
"description": "Login name of the internal user"
}
}
},
"CreateInternalUserResponseDto": {
"type": "object",
"additionalProperties": false,
"properties": {
"id": {
"type": "integer",
"format": "int32",
"description": "Unique Syteca user ID"
},
"user_type": {
"type": "string",
"nullable": true,
"description": "User type"
},
"username": {
"type": "string",
"nullable": true,
"description": "Login name"
},
"first_name": {
"type": "string",
"nullable": true,
"description": "First name"
},
"last_name": {
"type": "string",
"nullable": true,
"description": "Last name"
},
"email": {
"type": "string",
"nullable": true,
"description": "Email address"
},
"description": {
"type": "string",
"nullable": true,
"description": "Optional description/comment"
},
"two_factor_required": {
"type": "boolean",
"description": "Two-factor authentication on login"
},
"external_app_enabled": {
"type": "boolean",
"description": "Allow this user account to be used by external applications"
},
"auth_token_lifetime_sec": {
"type": "integer",
"format": "int32",
"nullable": true,
"description": "The lifetime of an access token in seconds for this user"
},
"ip_restrictions": {
"type": "array",
"nullable": true,
"description": "Allowed IP address for this user's API access",
"items": {
"type": "string",
"description": "IP address"
}
},
"user_group_ids": {
"type": "array",
"nullable": true,
"description": "List of Syteca user group IDs this user belongs to",
"items": {
"type": "integer",
"format": "int32",
"description": "Syteca user group ID"
}
},
"has_user_groups": {
"type": "boolean",
"description": "The user is a member of any user groups"
}
}
},
"GetUserDetailsResponse": {
"type": "object",
"additionalProperties": false,
"properties": {
"id": {
"type": "integer",
"format": "int32",
"description": "Unique Syteca user ID"
},
"user_type": {
"type": "string",
"nullable": true,
"description": "User type"
},
"two_factor_required": {
"type": "boolean",
"description": "Two-factor authentication on login"
},
"external_app_enabled": {
"type": "boolean",
"description": "Allow this user account to be used by external applications"
},
"auth_token_lifetime_sec": {
"type": "integer",
"format": "int32",
"nullable": true,
"description": "The lifetime of an access token in seconds for this user"
},
"ip_restrictions": {
"type": "array",
"nullable": true,
"description": "Allowed IP address for this user's API access",
"items": {
"type": "string",
"description": "IP address"
}
},
"user_group_ids": {
"type": "array",
"nullable": true,
"description": "List of Syteca user group IDs this user belongs to",
"items": {
"type": "integer",
"format": "int32",
"description": "Syteca user group ID"
}
},
"has_user_groups": {
"type": "boolean",
"description": "The user is a member of any user groups"
},
"username": {
"type": "string",
"nullable": true,
"description": "Login name"
},
"first_name": {
"type": "string",
"nullable": true,
"description": "First name"
},
"last_name": {
"type": "string",
"nullable": true,
"description": "Last name"
},
"email": {
"type": "string",
"nullable": true,
"description": "Email address"
},
"description": {
"type": "string",
"nullable": true,
"description": "Optional description/comment"
},
"domain": {
"type": "string",
"nullable": true,
"description": "AD domain name"
},
"account_name": {
"type": "string",
"nullable": true,
"description": "Domain account name"
}
}
},
"UpdateUserAccessPermissionsRequestDto": {
"type": "object",
"additionalProperties": false,
"properties": {
"user_access_rules": {
"type": "array",
"nullable": true,
"description": "Direct User Access rules for the user",
"items": {
"$ref": "#/components/schemas/UserAccessRuleDto"
}
}
}
},
"UpdateUserAdminPermissionsRequestDto": {
"type": "object",
"additionalProperties": false,
"properties": {
"admin_permission_keys": {
"type": "array",
"nullable": true,
"description": "List of administrative permission identifiers to assign directly to the user",
"items": {
"type": "string",
"description": "Administrative permission identifier"
}
}
}
},
"UpdateUserClientAccessPermissionsRequestDto": {
"type": "object",
"additionalProperties": false,
"properties": {
"client_access_rules": {
"type": "array",
"nullable": true,
"description": "List of direct Client Access rules",
"items": {
"$ref": "#/components/schemas/ClientAccessRuleDto"
}
}
}
},
"UserAccessRuleDto": {
"type": "object",
"additionalProperties": false,
"properties": {
"account_name": {
"type": "string",
"nullable": true,
"description": "AD or local account name"
},
"domain_or_computer": {
"type": "string",
"nullable": true,
"description": "AD domain name or computer hostname"
}
}
}
}
}
}