Flowable IDM API
REST API for Identity Management in Flowable covering users, groups, privileges, and tokens for authentication and authorization within the platform.
OpenAPI Specification
openapi: 3.0.0
info:
description: Flowable Platform
version: v1
title: Flowable IDM REST API
contact:
name: Flowable
url: http://www.flowable.com/
tags:
- name: Access Tokens
- name: Accounts
- name: Contact Filters
- name: Current User
- name: Engine
- name: Groups
- name: Privileges
- name: Query
- name: Tenants
- name: User Admin
- name: User Definitions
- name: Users
paths:
/access-tokens:
get:
tags:
- Access Tokens
summary: Query access tokens
description: ''
operationId: queryAccessTokens
parameters:
- name: createdAfter
in: query
description: Only return tokens created after the given ISO 8601 date.
required: false
schema:
type: string
format: date-time
- name: createdBefore
in: query
description: Only return tokens created before the given ISO 8601 date.
required: false
schema:
type: string
format: date-time
- name: expiresAfter
in: query
description: Only return tokens expiring after the given date.
required: false
schema:
type: string
format: date-time
- name: expiresBefore
in: query
description: Only return tokens expiring before the given date.
required: false
schema:
type: string
format: date-time
- name: name
in: query
description: Only return tokens matching the given name.
required: false
schema:
type: string
- name: order
in: query
description: From the paginate request. The sort order, either 'asc' or 'desc'.
Defaults to 'asc'.
required: false
schema:
type: string
- name: searchText
in: query
description: Only return tokens matching the given searching text.
required: false
schema:
type: string
- name: size
in: query
description: From the paginate request. Number of rows to fetch, starting
from start. Defaults to 10.
required: false
schema:
type: integer
format: int32
- name: sort
in: query
description: Property to sort the results on
required: false
schema:
type: string
- name: start
in: query
description: From the paginate request. Index of the first row to fetch. Defaults
to 0.
required: false
schema:
type: integer
format: int32
- name: tenantId
in: query
description: Only return tokens for the given tenant. Only super admin users
are allowed to use this
required: false
schema:
type: string
- name: userId
in: query
description: Only return tokens for the given user.
required: false
schema:
type: string
- name: withoutExpiration
in: query
description: Only return tokens that do not have an expiration date.
required: false
schema:
type: boolean
responses:
'200':
description: Indicates the requested access tokens were returned.
content:
application/json:
schema:
$ref: '#/components/schemas/DataResponseAccessTokenResponse'
'400':
description: Indicates the request is invalid
'403':
description: Indicates the user does not have rights to query for access
tokens
security:
- basicAuth: []
/access-tokens/{tokenId}:
get:
tags:
- Access Tokens
summary: Get access token
description: ''
operationId: getAccessToken
parameters:
- name: tokenId
in: path
required: true
schema:
type: string
responses:
'200':
description: Indicates the requested access token was returned.
content:
application/json:
schema:
$ref: '#/components/schemas/AccessTokenResponse'
'400':
description: Indicates the request is invalid
'403':
description: Indicates the user does not have rights to view the access
token
security:
- basicAuth: []
delete:
tags:
- Access Tokens
summary: Revoke access token
description: ''
operationId: revokeAccessToken
parameters:
- name: tokenId
in: path
required: true
schema:
type: string
responses:
'204':
description: Indicates the requested access token was revoked.
'400':
description: Indicates the request is invalid
'403':
description: Indicates the user does not have rights to revoke the access
token
security:
- basicAuth: []
/contact-filters:
get:
tags:
- Contact Filters
summary: List contact filters
description: ''
operationId: listContactFilter
responses:
'200':
description: successful operation
content:
'*/*':
schema:
type: array
items:
$ref: '#/components/schemas/ContactFilterResponse'
security:
- basicAuth: []
/contact-filters/{contactFilterId}:
get:
tags:
- Contact Filters
summary: Returns a paged list of users (contacts)
description: ''
operationId: getContact
parameters:
- name: contactFilterId
in: path
description: Unique identifier of contact filter
required: true
schema:
type: string
- name: searchText
in: query
description: Text to search for
required: false
schema:
type: string
- name: size
in: query
description: '"The optional size of results to be returned, defaults to a
configurable value (usually 100)'
required: false
schema:
type: integer
format: int32
- name: start
in: query
description: The optional start (0 based) to return results from, defaults
to 0.
required: false
schema:
type: integer
format: int32
responses:
'200':
description: successful operation
content:
'*/*':
schema:
$ref: '#/components/schemas/PagePlatformUserResponse'
security:
- basicAuth: []
/current-user:
get:
tags:
- Current User
summary: Get current user
description: Get the current user information
operationId: getCurrentUser
responses:
'200':
description: successful operation
content:
'*/*':
schema:
$ref: '#/components/schemas/CurrentUserResponse'
'404':
description: Indicates the current user was not found.
security:
- basicAuth: []
/current-user/access-tokens:
get:
tags:
- Current User
summary: Query the available tokens for the current user
description: ''
operationId: queryAccessTokens
parameters:
- name: createdAfter
in: query
description: Only return tokens created after the given ISO 8601 date.
required: false
schema:
type: string
format: date-time
- name: createdBefore
in: query
description: Only return tokens created before the given ISO 8601 date.
required: false
schema:
type: string
format: date-time
- name: expiresAfter
in: query
description: Only return tokens expiring after the given date.
required: false
schema:
type: string
format: date-time
- name: expiresBefore
in: query
description: Only return tokens expiring before the given date.
required: false
schema:
type: string
format: date-time
- name: name
in: query
description: Only return tokens matching the given name.
required: false
schema:
type: string
- name: order
in: query
description: From the paginate request. The sort order, either 'asc' or 'desc'.
Defaults to 'asc'.
required: false
schema:
type: string
- name: searchText
in: query
description: Only return tokens matching the given searching text.
required: false
schema:
type: string
- name: size
in: query
description: From the paginate request. Number of rows to fetch, starting
from start. Defaults to 10.
required: false
schema:
type: integer
format: int32
- name: sort
in: query
description: Property to sort the results on
required: false
schema:
type: string
- name: start
in: query
description: From the paginate request. Index of the first row to fetch. Defaults
to 0.
required: false
schema:
type: integer
format: int32
- name: withoutExpiration
in: query
description: Only return tokens that do not have an expiration date.
required: false
schema:
type: boolean
responses:
'200':
description: successful operation
content:
'*/*':
schema:
$ref: '#/components/schemas/DataResponseAccessTokenResponse'
security:
- basicAuth: []
post:
tags:
- Current User
summary: Create an access token for the current user
description: ''
operationId: createAccessToken
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/CreateAccessTokenRequest'
responses:
'201':
description: ''
security:
- basicAuth: []
/current-user/access-tokens/{tokenId}:
delete:
tags:
- Current User
summary: Delete the token for the current user
description: ''
operationId: deleteAccessToken
parameters:
- name: tokenId
in: path
required: true
schema:
type: string
responses:
'204':
description: ''
security:
- basicAuth: []
/current-user/presence:
put:
tags:
- Current User
summary: Update presence
description: Set the presence for the current user
operationId: updateCurrentUserPresence
requestBody:
$ref: '#/components/requestBodies/UpdateUserPresenceRequest'
responses:
'204':
description: Indicates the current user presence was updated.
'400':
description: Indicates the presenceRequest body is incomplete or contains
illegal values.
security:
- basicAuth: []
/current-user/snooze:
post:
tags:
- Current User
summary: Snooze
description: Snooze for the current user
operationId: snoozeCurrentUser
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/SnoozeUserRequest'
required: true
responses:
'204':
description: Indicates the current user was snoozed.
'400':
description: Indicates the presenceRequest body is incomplete or contains
illegal values.
security:
- basicAuth: []
/groups:
get:
tags:
- Groups
summary: List groups
description: ''
operationId: listGroups
parameters:
- name: id
in: query
description: Only return group with the given id
required: false
schema:
type: string
- name: name
in: query
description: Only return groups with the given name
required: false
schema:
type: string
- name: type
in: query
description: Only return groups with the given type
required: false
schema:
type: string
- name: nameLike
in: query
description: Only return groups with a name like the given value.
required: false
schema:
type: string
- name: nameLikeIgnoreCase
in: query
description: Only return groups with a name like the given value ignoring
case.
required: false
schema:
type: string
- name: member
in: query
description: Only return groups which have a member with the given username.
required: false
schema:
type: string
- name: key
in: query
description: Only return groups with the given key.
required: false
schema:
type: string
- name: tenantId
in: query
description: Only return groups with the given tenant ID.
required: false
schema:
type: string
- name: includeIdentityInfo
in: query
description: Include the group identity info in the response.
required: false
schema:
type: boolean
- name: sort
in: query
description: Property to sort on, to be used together with the order.
required: false
schema:
type: string
enum:
- id
- name
- type
responses:
'200':
description: Indicates the requested groups were returned.
content:
application/json:
schema:
$ref: '#/components/schemas/DataResponseGroupResponse'
security:
- basicAuth: []
post:
tags:
- Groups
summary: Create a group
description: ''
operationId: createGroup
requestBody:
$ref: '#/components/requestBodies/GroupRequest'
responses:
'201':
description: Indicates the group was created.
content:
application/json:
schema:
$ref: '#/components/schemas/GroupResponse'
'400':
description: Indicates the id of the group was missing.
security:
- basicAuth: []
/groups/{groupId}:
get:
tags:
- Groups
summary: Get a single group
description: ''
operationId: getGroup
parameters:
- name: groupId
in: path
required: true
schema:
type: string
- name: includeUserInfo
in: query
required: false
schema:
type: boolean
- name: includePrivilegeInfo
in: query
required: false
schema:
type: boolean
- name: includeIdentityInfo
in: query
required: false
schema:
type: boolean
responses:
'200':
description: Indicates the group exists and is returned.
content:
application/json:
schema:
$ref: '#/components/schemas/GroupResponse'
'404':
description: Indicates the requested group does not exist.
security:
- basicAuth: []
put:
tags:
- Groups
summary: Update a group
description: All request values are optional. For example, you can only include
the name attribute in the request body JSON-object, only updating the name
of the group, leaving all other fields unaffected. When an attribute is explicitly
included and is set to null, the group-value will be updated to null.
operationId: updateGroup
parameters:
- name: groupId
in: path
required: true
schema:
type: string
requestBody:
$ref: '#/components/requestBodies/GroupRequest'
responses:
'200':
description: Indicates the group was updated.
content:
application/json:
schema:
$ref: '#/components/schemas/GroupResponse'
'404':
description: Indicates the requested group was not found.
'409':
description: Indicates the requested group was updated simultaneously.
security:
- basicAuth: []
delete:
tags:
- Groups
summary: Delete a group
description: ''
operationId: deleteGroup
parameters:
- name: groupId
in: path
required: true
schema:
type: string
responses:
'204':
description: Indicates the group was found and has been deleted. Response-body
is intentionally empty.
'404':
description: Indicates the requested group does not exist.
security:
- basicAuth: []
/groups/{groupId}/members:
post:
tags:
- Groups
summary: Add a member to a group
description: ''
operationId: createMembership
parameters:
- name: groupId
in: path
required: true
schema:
type: string
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/MembershipRequest'
responses:
'201':
description: Indicates the group was found and the member has been added.
content:
application/json:
schema:
$ref: '#/components/schemas/MembershipResponse'
'400':
description: Indicates the userId was not included in the request body.
'404':
description: Indicates the requested group was not found.
'409':
description: Indicates the requested user is already a member of the group.
security:
- basicAuth: []
/groups/{groupId}/members/{userId}:
delete:
tags:
- Groups
summary: Delete a member from a group
description: ''
operationId: deleteMembership
parameters:
- name: groupId
in: path
required: true
schema:
type: string
- name: userId
in: path
required: true
schema:
type: string
responses:
'204':
description: Indicates the group was found and the member has been deleted.
The response body is left empty intentionally.
'404':
description: Indicates the requested group was not found or that the user
is not a member of the group. The status description contains additional
information about the error.
security:
- basicAuth: []
/idm-management/engine:
get:
tags:
- Engine
summary: Get IDM engine info
description: Returns a read-only view of the engine that is used in this REST-service.
operationId: getEngineInfo
responses:
'200':
description: Indicates the engine info is returned.
content:
application/json:
schema:
$ref: '#/components/schemas/EngineInfoResponse'
security:
- basicAuth: []
/privileges:
get:
tags:
- Privileges
summary: List privileges
description: ''
operationId: listPrivileges
parameters:
- name: groupId
in: query
description: Only return privileges for the given group.
required: false
schema:
type: string
- name: id
in: query
description: Only return privileges with the given id.
required: false
schema:
type: string
- name: name
in: query
description: Only return privileges with the given name.
required: false
schema:
type: string
- name: order
in: query
description: From the paginate request. The sort order, either 'asc' or 'desc'.
Defaults to 'asc'.
required: false
schema:
type: string
- name: size
in: query
description: From the paginate request. Number of rows to fetch, starting
from start. Defaults to 10.
required: false
schema:
type: integer
format: int32
- name: sort
in: query
description: Property to sort the results on
required: false
schema:
type: string
- name: start
in: query
description: From the paginate request. Index of the first row to fetch. Defaults
to 0.
required: false
schema:
type: integer
format: int32
- name: userId
in: query
description: Only return privileges for the given user.
required: false
schema:
type: string
- name: id
in: query
description: Only return privileges with the given id
required: false
schema:
type: string
- name: name
in: query
description: Only return privileges with the given name
required: false
schema:
type: string
- name: userId
in: query
description: Only return privileges with the given userId
required: false
schema:
type: string
- name: groupId
in: query
description: Only return privileges with the given groupId
required: false
schema:
type: string
responses:
'200':
description: Indicates the requested privileges were returned.
content:
'*/*':
schema:
$ref: '#/components/schemas/DataResponsePrivilegeResponse'
security:
- basicAuth: []
/privileges/{privilegeId}:
get:
tags:
- Privileges
summary: Get a single privilege
description: ''
operationId: getPrivilege
parameters:
- name: privilegeId
in: path
required: true
schema:
type: string
responses:
'200':
description: Indicates the privilege exists and is returned.
content:
application/json:
schema:
$ref: '#/components/schemas/PrivilegeResponse'
'404':
description: Indicates the requested privilege does not exist.
security:
- basicAuth: []
/privileges/{privilegeId}/group/{groupId}:
delete:
tags:
- Privileges
summary: Deletes a privilege for a group
description: ''
operationId: deleteGroupPrivilege
parameters:
- name: privilegeId
in: path
description: unique identifier of a privilege
required: true
schema:
type: string
- name: groupId
in: path
description: unique identifier of a group
required: true
schema:
type: string
responses:
'204':
description: Indicates the group privilege has been deleted
security:
- basicAuth: []
/privileges/{privilegeId}/groups:
get:
tags:
- Privileges
summary: List all groups for a given privilege
description: ''
operationId: listPrivilegeGroups
parameters:
- name: privilegeId
in: path
description: unique identifier of a privilege
required: true
schema:
type: string
responses:
'200':
description: Indicates the privilege exists and its groups are returned.
content:
'*/*':
schema:
type: array
items:
$ref: '#/components/schemas/GroupResponse'
security:
- basicAuth: []
post:
tags:
- Privileges
summary: Adds a privilege for a group
description: ''
operationId: addGroupPrivilege
parameters:
- name: privilegeId
in: path
description: unique identifier of a privilege
required: true
schema:
type: string
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/AddGroupPrivilegeRequest'
description: group privileges payload
responses:
'200':
description: Indicates the group privilege has been added
security:
- basicAuth: []
/privileges/{privilegeId}/users:
get:
tags:
- Privileges
summary: List all users for a given privilege
description: ''
operationId: listPrivilegeUsers
parameters:
- name: privilegeId
in: path
description: unique identifier of a privilege
required: true
schema:
type: string
responses:
'200':
description: Indicates the privilege exists and its users are returned.
content:
'*/*':
schema:
type: array
items:
$ref: '#/components/schemas/UserResponse'
security:
- basicAuth: []
post:
tags:
- Privileges
summary: Adds a privilege for a user
description: ''
operationId: addUserPrivilege
parameters:
- name: privilegeId
in: path
description: unique identifier of a privilege
required: true
schema:
type: string
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/AddUserPrivilegeRequest'
description: add user privilege payload
responses:
'200':
description: Indicates the user privilege has been added
security:
- basicAuth: []
/privileges/{privilegeId}/users/{userId}:
delete:
tags:
- Privileges
summary: Deletes a privilege for a user
description: ''
operationId: deleteUserPrivilege
parameters:
- name: privilegeId
in: path
description: unique identifier of a privilege
required: true
schema:
type: string
- name: userId
in: path
description: unique identifier of a user
required: true
schema:
type: string
responses:
'204':
description: Indicates the user privilege has been deleted
security:
- basicAuth: []
/query/groups:
post:
tags:
- Groups
- Query
summary: Query groups
description: ''
operationId: queryGroups
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/GroupQueryRequest'
description: Group request
responses:
'200':
description: Indicates the requested groups were returned.
content:
application/json:
schema:
$ref: '#/components/schemas/DataResponseGroupResponse'
security:
- basicAuth: []
/query/users:
post:
tags:
- Users
- Query
summary: Query users
description: ''
operationId: queryUsers
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/UserBodyQueryRequest'
description: User request
responses:
'200':
description: Indicates the request was successful.
content:
application/json:
schema:
$ref: '#/components/schemas/DataResponsePlatformUserResponse'
'400':
description: Indicates the request body is incomplete or contains illegal
values.
'403':
description: Indicates the user does not have the rights to view the users.
security:
- basicAuth: []
/search/query-users:
get:
tags:
- Users
summary: Search a user
description: ''
operationId: Search a user index
parameters:
- name: displayName
in: query
description: displayName filter to return results for.
required: false
schema:
type: string
- name: email
in: query
description: email filter to return results for.
required: false
schema:
type: string
- name: firstName
in: query
description: firstName filter to return results for.
required: false
schema:
type: string
- name: id
in: query
description: id filter to return results for.
required: false
schema:
type: string
- name: lastName
in: query
description: lastName filter to return results for.
required: false
schema:
type: string
- name: order
in: query
description: From the paginate request. The sort order, either 'asc' or 'desc'.
Defaults to 'asc'.
required: false
schema:
type: string
- name: size
in: query
description: From the paginate request. Number of rows to fetch, starting
from start. Defaults to 10.
required: false
schema:
type: integer
format: int32
- name: sort
in: query
description: Property to sort the results on
required: false
schema:
type: string
- name: start
in: query
description: From the paginate request. Index of the first row to fetch. Defaults
to 0.
required: false
schema:
type: integer
format: int32
- name: state
in: query
description: state filter to return results for.
required: false
schema:
type: string
- name: tenantId
in: query
description: tenantId filter to return results for.
required: false
schema:
type: string
- name: type
in: query
description: type filter to return results for.
required: false
schema:
type: string
- name: userDefinitionKey
in: query
description: userDefinitionKey filter to return results for.
required: false
schema:
type: string
- name: userDefinitionName
in: query
description: userDefinitionName filter to return results for.
required: false
schema:
type: string
responses:
'200':
description: Indicates the request was successful.
'201':
description: successful operation
content:
application/json:
schema:
$ref: '#/components/schemas/DataResponsePlatformUserResponse'
'400':
description: Indicates the request body is incomplete or contains illegal
values.
'403':
description: Indicates the user does not have the rights to view the users.
security:
- basicAuth: []
/tenants:
get:
tags:
- Tenants
summary: Get a list of tenants
description: ''
operationId: getTenants
responses:
'200':
description: Indicates the tenants are returned.
content:
application/json:
schema:
$ref: '#/components/schemas/DataResponseTenantResponse'
security:
- basicAuth: []
/user-definitions:
get:
tags:
- User Definitions
summary: List user definitions
description: ''
operationId: listUserDefinitions
parameters:
- name: id
in: query
description: Only return user definitions with the given id.
required: false
schema:
type: string
- name: key
in: query
description: Only return user definitions with the given key.
required: false
schema:
type: string
- name: name
in: query
description: Only return user definitions with the given name.
required: false
schema:
type: string
- name: nameLike
in: query
description: Only return user definitions with a name like the given value.
required: false
schema:
type: string
- name: nameLikeIgnoreCase
# --- truncated at 32 KB (92 KB total) ---
# Full source: https://raw.githubusercontent.com/api-evangelist/flowable/refs/heads/main/openapi/flowable-idm-openapi.yml