ForgeRock

ForgeRock Identity Gateway API

API for reverse proxy functionality, policy enforcement, and request transformation. Integrates web applications, APIs, and microservices with the ForgeRock Identity Platform.

GitHub OpenAPI

Documentation

📖
Documentation
https://backstage.forgerock.com/docs/ig/7.3/
📖
GettingStarted
https://backstage.forgerock.com/docs/ig/7/gateway-guide/

Specifications

OpenAPI
https://raw.githubusercontent.com/api-evangelist/forgerock/refs/heads/main/openapi/forgerock-identity-gateway-openapi.yml

Other Resources

🔗
Reference
https://backstage.forgerock.com/docs/ig/7.3/reference/
🔗
NaftikoCapability
https://raw.githubusercontent.com/api-evangelist/forgerock/refs/heads/main/capabilities/identity-gateway-monitoring.yaml
🔗
NaftikoCapability
https://raw.githubusercontent.com/api-evangelist/forgerock/refs/heads/main/capabilities/identity-gateway-objects.yaml
🔗
NaftikoCapability
https://raw.githubusercontent.com/api-evangelist/forgerock/refs/heads/main/capabilities/identity-gateway-routes.yaml
🔗
NaftikoCapability
https://raw.githubusercontent.com/api-evangelist/forgerock/refs/heads/main/capabilities/identity-gateway-studio.yaml

OpenAPI Specification

forgerock-identity-gateway-openapi.yml Raw ↑ 
openapi: 3.1.0
info:
  title: ForgeRock Identity Gateway API
  description: >-
    REST API for ForgeRock Identity Gateway (IG) providing route management,
    monitoring, and administration. IG acts as a reverse proxy that enforces
    security and access control for web applications, APIs, and microservices,
    integrating them with the ForgeRock Identity Platform.
  version: 7.3.0
  contact:
    name: ForgeRock
    url: https://www.forgerock.com
  license:
    name: Proprietary
    url: https://www.forgerock.com/terms
  x-provider: forgerock
  x-api: identity-gateway

servers:
  - url: https://{deployment}/ig
    description: ForgeRock Identity Gateway server
    variables:
      deployment:
        default: ig.example.com
        description: The IG deployment hostname

security:
  - bearerAuth: []

tags:
  - name: Monitoring
    description: Health check and monitoring endpoints
  - name: Objects
    description: Inspect live IG configuration objects

  - name: Routes
    description: Manage IG route configurations
  - name: Studio
    description: IG Studio route design endpoints
paths:
  /openig/api/system/objects:
    get:
      operationId: listObjects
      summary: ForgeRock List configuration objects
      description: >-
        List all live configuration objects in the IG runtime, including
        routes, handlers, filters, and decorators currently loaded.
      tags:
        - Objects
      parameters:
        - name: _queryFilter
          in: query
          description: CREST query filter
          schema:
            type: string
      responses:
        '200':
          description: List of configuration objects
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ObjectList'
        '403':
          description: Forbidden - administrative access required
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorResponse'

  /openig/api/system/objects/{objectType}/{objectId}:
    get:
      operationId: getObject
      summary: ForgeRock Get a configuration object
      description: >-
        Retrieve details of a specific live configuration object from the
        IG runtime.
      tags:
        - Objects
      parameters:
        - name: objectType
          in: path
          required: true
          description: Type of the configuration object
          schema:
            type: string
            enum:
              - Router
              - Route
              - Handler
              - Filter
              - Chain
        - name: objectId
          in: path
          required: true
          description: Identifier of the configuration object
          schema:
            type: string
      responses:
        '200':
          description: Configuration object details
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ConfigObject'
        '404':
          description: Object not found
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorResponse'

  /openig/api/system/objects/router-handler/routes:
    get:
      operationId: listRoutes
      summary: ForgeRock List routes
      description: >-
        List all routes currently loaded in the IG router, including their
        names, conditions, and status.
      tags:
        - Routes
      parameters:
        - name: _queryFilter
          in: query
          description: CREST query filter for routes
          schema:
            type: string
      responses:
        '200':
          description: List of routes
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/RouteList'
    post:
      operationId: createRoute
      summary: ForgeRock Create a route
      description: >-
        Deploy a new route configuration to the IG router. The route is
        immediately active upon creation.
      tags:
        - Routes
      requestBody:
        required: true
        description: The route configuration
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/Route'
      responses:
        '201':
          description: Route created and deployed
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Route'
        '400':
          description: Invalid route configuration
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorResponse'

  /openig/api/system/objects/router-handler/routes/{routeId}:
    get:
      operationId: getRoute
      summary: ForgeRock Get a route
      description: Retrieve a specific route configuration by its identifier.
      tags:
        - Routes
      parameters:
        - name: routeId
          in: path
          required: true
          description: The route identifier
          schema:
            type: string
      responses:
        '200':
          description: The route configuration
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Route'
        '404':
          description: Route not found
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorResponse'
    put:
      operationId: updateRoute
      summary: ForgeRock Update a route
      description: Replace a route configuration. The updated route is immediately active.
      tags:
        - Routes
      parameters:
        - name: routeId
          in: path
          required: true
          description: The route identifier
          schema:
            type: string
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/Route'
      responses:
        '200':
          description: Route updated
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Route'
        '404':
          description: Route not found
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorResponse'
    delete:
      operationId: deleteRoute
      summary: ForgeRock Delete a route
      description: Remove a route from the IG router. The route is immediately deactivated.
      tags:
        - Routes
      parameters:
        - name: routeId
          in: path
          required: true
          description: The route identifier
          schema:
            type: string
      responses:
        '200':
          description: Route deleted
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Route'
        '404':
          description: Route not found
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorResponse'

  /openig/api/system/monitoring:
    get:
      operationId: getMonitoringSummary
      summary: ForgeRock Get monitoring summary
      description: >-
        Retrieve a monitoring summary of the IG instance, including request
        counts, response times, and status code distributions.
      tags:
        - Monitoring
      responses:
        '200':
          description: Monitoring summary
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/MonitoringSummary'

  /openig/api/system/monitoring/{endpointId}:
    get:
      operationId: getEndpointMonitoring
      summary: ForgeRock Get endpoint monitoring
      description: >-
        Retrieve monitoring data for a specific endpoint or route, including
        request counts and response time percentiles.
      tags:
        - Monitoring
      parameters:
        - name: endpointId
          in: path
          required: true
          description: The endpoint or route identifier to monitor
          schema:
            type: string
      responses:
        '200':
          description: Endpoint monitoring data
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/EndpointMonitoring'
        '404':
          description: Endpoint not found
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorResponse'

  /openig/api/system/health:
    get:
      operationId: getHealthStatus
      summary: ForgeRock Check IG health
      description: >-
        Returns the health status of the IG instance. Used for load balancer
        health checks and monitoring.
      tags:
        - Monitoring
      responses:
        '200':
          description: IG is healthy
          content:
            application/json:
              schema:
                type: object
                properties:
                  status:
                    type: string
                    enum:
                      - ACTIVE
                  version:
                    type: string
                    description: IG version
        '503':
          description: IG is not healthy
          content:
            application/json:
              schema:
                type: object
                properties:
                  status:
                    type: string
                    enum:
                      - MAINTENANCE
                      - FAILED

  /openig/api/studio/routes:
    get:
      operationId: listStudioRoutes
      summary: ForgeRock List studio routes
      description: >-
        List routes available in the IG Studio interface for visual editing
        and management.
      tags:
        - Studio
      responses:
        '200':
          description: List of routes in Studio
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/RouteList'
    post:
      operationId: createStudioRoute
      summary: ForgeRock Create a route via Studio
      description: >-
        Create a new route through the IG Studio API with a simplified
        configuration format.
      tags:
        - Studio
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/Route'
      responses:
        '201':
          description: Route created
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Route'

components:
  securitySchemes:
    bearerAuth:
      type: http
      scheme: bearer
      description: Access token for administrative operations

  schemas:
    Route:
      type: object
      description: An IG route configuration
      properties:
        _id:
          type: string
          description: Route identifier (derived from route name)
        name:
          type: string
          description: Human-readable route name
        condition:
          type: string
          description: >-
            Expression that determines when this route handles a request
            (e.g., "${find(request.uri.path, '/myapp')}")
        handler:
          description: The handler that processes requests matching this route
          oneOf:
            - type: string
              description: Reference to a named handler
            - type: object
              description: Inline handler configuration
              properties:
                type:
                  type: string
                  description: Handler type name
                config:
                  type: object
                  description: Handler configuration
        baseURI:
          type: string
          format: uri
          description: Base URI for the protected application
        heap:
          type: array
          description: Heap objects declared for this route
          items:
            type: object
            properties:
              name:
                type: string
              type:
                type: string
              config:
                type: object
        auditService:
          type: object
          description: Audit service configuration for this route

    RouteList:
      type: object
      properties:
        result:
          type: array
          items:
            $ref: '#/components/schemas/Route'
        resultCount:
          type: integer

    ConfigObject:
      type: object
      description: A live configuration object in the IG runtime
      properties:
        _id:
          type: string
        type:
          type: string
          description: Object type (Router, Handler, Filter, etc.)
        name:
          type: string
        config:
          type: object
          description: Object configuration

    ObjectList:
      type: object
      properties:
        result:
          type: array
          items:
            $ref: '#/components/schemas/ConfigObject'
        resultCount:
          type: integer

    MonitoringSummary:
      type: object
      description: IG monitoring summary
      properties:
        totalRequestCount:
          type: integer
          description: Total number of requests processed
        totalResponseCount:
          type: integer
          description: Total number of responses sent
        averageResponseTime:
          type: number
          format: double
          description: Average response time in milliseconds
        statusCodeCounts:
          type: object
          description: Response counts by HTTP status code
          additionalProperties:
            type: integer

    EndpointMonitoring:
      type: object
      description: Monitoring data for a specific endpoint
      properties:
        requestCount:
          type: integer
        responseCount:
          type: integer
        averageResponseTime:
          type: number
          format: double
        percentiles:
          type: object
          properties:
            p50:
              type: number
              format: double
            p95:
              type: number
              format: double
            p99:
              type: number
              format: double
        statusCodeCounts:
          type: object
          additionalProperties:
            type: integer

    ErrorResponse:
      type: object
      description: Standard error response
      properties:
        code:
          type: integer
        reason:
          type: string
        message:
          type: string