Skip to content
Identity Server Documentation Rest APIs
5.11.0
  • Show all
Type to start searching
    • Get Started
    • Learn
    • Develop
    • Setup
    • Administer
    • Compliance
    • References
    
    Report Issues
    wso2/docs-is
    • Home
      • Introduction
        • Architecture
        • Provisioning Architecture
        • User Management Architecture
      • About this Release
      • Quick Start Guide
        • Single Sign-On and Identity Federation
        • Identity Provisioning and its Standards
        • Access Control and Entitlement Management
        • Identity Anti-patterns and the Identity Bus
        • Cross Protocol Single Logout
        • Tutorials
          • Users and Roles
            • User Accounts
              • User Registration
                • With Password Entry
                • With Email Verification
              • Self-Registration
              • Password Policies
              • Password Patterns
              • Password History
              • Password Reset
              • With Email
              • With Challenge
            • User Name Recovery
              • Account Locking
              • Admin-Initiated
              • Failed Login Attempts
            • Account Disabling
            • Pending Account Status
            • SAML 2.0
            • OpenID Connect/OAuth 2.0
            • WS-Federation (Passive STS)
            • OAuth 2.0
            • User Managed Access (UMA)
            • Provisioning Overview
            • Inbound Provisioning
              • Configuring Outbound Provisioning
              • Provisioining Users to Salesforce
              • Provisioning users to Hubspot
              • Exporting User Data From WSO2 Identity Server
              • Sync Accounts to HubSpot
              • Sync Accounts to MailChimp
              • Sync Accounts to Pardot
              • Sync Accounts to Pipedrive CRM
              • Sync Accounts to Salesforce
              • Sync Accounts to Sendgrid
              • Sync Accounts to Zoho CRM
          • Multifactor Authentication
          • Access Control
          • Multi-Tenancy
            • Configuring Identity Analytics
            • Web Analytics Solutions
          • Single Sign-On
            • Configuring Single Sign-On
            • Configuring reCaptcha for Single Sign On
          • Single Sign-On for Native iOS Applications with WSO2 Identity Server
            • SAML 2.0 Web SSO
            • Configuring SAML2 Web Single-Sign-On
            • Querying SAML Assertions
            • Configuring SAML 2.0 Artifact Binding
            • WS-Trust
            • Configuring WS-Trust Security Token Service
            • WS-Federation
            • Configuring WS-Federation Single Sign-On
            • Integrated Windows Authentication Overview
            • Configuring IWA Single-Sign-On
            • OAuth2-OpenID Connect Overview
            • Configuring OAuth2-OpenID Connect Single-Sign-On
            • Configuring OpenID Connect Single Logout
            • Configuring OpenID Connect Back-Channel Logout
          • Logging into WordPress using the Identity Server
          • Logging into OpenCart using the Identity Server
          • Logging into Drupal using the Identity Server
          • Overview
          • Passwordless authentication using FIDO2
          • Logging in to your application via Identity Server using Facebook Credentials
          • Configuring Shibboleth IdP as a Trusted Identity Provider
          • Logging in to SimpleSAMLphp using Identity Server
          • Enabling SSO for Management Console using OpenSSO as the IDP
          • Logging in to Salesforce using the Identity Server
          • Logging in to Salesforce with Facebook
          • Logging in to Salesforce with Integrated Windows Authentication
          • Logging in to WSO2 Products via the Identity Server
          • Logging in to Workday using the Identity Server
          • Logging in to Microsoft Dynamics CRM with WS-Federation
          • Logging in to Microsoft Sharepoint Web Applications using Identity Server
            • Logging in to Office365 Using WSO2 Identity Server
            • Configuring Office365 SAML2 with WSO2 Identity Server
            • Configuring Office365 SAML2 with WSO2 Identity Server for Multiple Domains
            • Configuring Office365 WS-Federation with WSO2 IS
            • Configuring On Demand Provisioning with Azure AD
            • Logging in to Office365 with WS Federation
            • Configuring Azure Active Directory to Trust WSO2 Identity Server
            • Configuring Office 365 WS-Federation with Identity Server
          • Logging in to Office365 with WS-Trust
          • Logging in to a .NET application using the Identity Server
          • Using REST APIs via XACML to Manage Entitlement
          • Logging in to Google using the Identity Server
          • Logging in to an Application Using Google
          • Testing OIDC Encrypted ID Token with IS
          • Passing OIDC Authentication Request Parameters in a Request Object
          • Enforcing Signature Validation for Request Objects
          • Logging in to Magento using the WSO2 Identity Server
          • MFA in WSO2 Identity Server
          • MFA using FIDO
          • Configuring SMS OTP
          • Configuring Email OTP
          • Configuring TOTP
          • MFA for Management Console
          • Configuring X509Certificate Authenticator
          • Adaptive Authentication
          • Configuring a Service Provider for Adaptive Authentication
            • Scenarios
            • Role-Based
            • User-Age-Based
            • Tenant-Based
            • User Store-Based
            • IP-Based
            • New-Device-Based
            • ACR-Based
            • Risk-Based
            • Login-Attempts-Based
            • With Function Library
            • Limiting Active User Sessions Based On Criteria
          • Using WSO2 Stream Processor for Adaptive Authentication
          • Using OPA Policies for Adaptive Authentication
          • Working with ACR and AMR
          • Identity Federation
            • Configuring Federated Authentication
            • Configuring SAML 2.0 Web SSO
            • Configuring OAuth2-OpenID Connect
            • Configuring WS-Federation
            • Configuring Facebook
            • Configuring Yahoo
            • Configuring Google
            • Configuring Microsoft Windows Live
            • Configuring IWA on Linux
            • Configuring AD FS as a Federated Authenticator
            • Configuring Twitter
            • Configuring Apple
            • Identity Federation with WS-Trust
            • Configuring STS for Obtaining Tokens with Holder-Of-Key Subject Confirmation
            • Accessing Claim Aware Services using STS Secured with Non-repudiation
            • Requesting and Renewing Received SAML2 Bearer Type Tokens
            • Configuring SAML2 Single-Sign-On Across Different WSO2 Products
            • Client-side Support for SAML Artifact Binding
            • eIDAS SAML Attribute Profile Support via WSO2 Identity Server
            • Handling SAML Single Logout Requests from Federated identity Providers
          • Access Control Overview
              • Configuring the Policy Administration Point
              • Creating a XACML Policy
              • Editing a XACML Policy
              • Managing the Version of a XACML Policy
              • Publishing a XACML Policy
              • Viewing the Status of a XACML Policy
              • Writing a XACML Policy using a Policy Template
              • Configuring the Policy Decision Point
              • Clearing a Cache
              • Enabling and Disabling a XACML Policy
            • Configuring Access Control Policy for a Service Provider
            • Validating the Scope of OAuth Access Tokens using XACML Policies
            • Validating OAuth Access Token Scope Using XACML Policies During Token Issuance
            • Working with XACML
            • Enabling REST Notifications For XACML Policy Updates
            • Identity Server as an XACML Engine
              • Working with XACML Multiple Decision Profile Requests Overview
              • Working with MDP Requests by Repeating Attribute Categories
              • Working with MDP Requests to Authorize Hierarchical Resources
              • Working with MDP Requests in JSON Format
            • Fine-grained Authorization using XACML Requests in JSON Format
            • Improving XACML PDP Performance with Caching Techniques
              • Writing XACML2 Policies in WSO2 Identity Server
              • Introduction to XACML2 Policies
              • XACML2 Sample Policy - 1
              • XACML2 Sample Policy - 2
              • XACML2 Sample Policy - 3
              • XACML2 Sample Policy - 4
              • XACML2 Sample Policy - 5
              • XACML2 Sample Policy - 6
              • Writing XACML3 Policies in WSO2 Identity Server
              • Introduction to XACML3 Policies
              • XACML3 Sample Policy - 1
              • XACML3 Sample Policy - 2
              • XACML3 Sample Policy - 3
              • XACML3 Sample Policy - 4
              • XACML3 Sample Policy - 5
              • XACML3 Sample Policy - 6
            • Sending Notifications to External PEP Endpoints
            • Writing an XACML 3.0 Policy Using XPath
        • Deploying the Samples
        • Master Data Management
      • My Account
            • Configuring Users, Roles and Perimissions
            • Configuring Users
            • Configuring Roles and Permissions
            • Role-based Permissions
            • Changing a Password
            • Using Workflows with User Management
            • Claim Management
              • Configuring Claim Dialects
              • Adding Claim Dialects
              • Editing Claim Dialects
              • Deleting Claim Dialects
              • Configuring Claims
              • Adding Claim Mapping
              • Editing Claim Mapping
              • Deleting Claim Mapping
            • Identity Provisioning
            • The Evolution of Provisioning Standards
              • Inbound Provisioning
              • Setting Up Service Provider for Inbound Provisioning
                • Configuring User Stores for SCIM 1.1 based inbound provisioning
                • Configuring Active Directory User Stores for SCIM 1.1 based inbound provisioning
                • Configuring User Stores for SCIM 2.0 based inbound provisioning
                • Configuring Active Directory User Stores for SCIM 2.0 based inbound provisioning
              • Outbound Provisioning
              • Outbound Provisioning with SCIM
              • Outbound Provisioning with SPML
              • Outbound Provisioning with Salesforce
              • Outbound Provisioning with Google
            • Role Based Provisioning
            • Rule Based Provisioning
            • Provisioning Patterns
                • Username Recovery
                • Configuring reCaptcha for Username Recovery
                • Password Recovery
                • Configuring Google reCaptcha for Security-Question Based Password Recovery
                • Configuring reCaptcha for Password Recovery
              • Managing Challenge Questions
              • Self-Registration and Account Confirmation
              • Configuring reCaptcha for Self Registration
              • Lite User Registration
            • Creating Users Using the Ask Password Option
            • Emails with Special Characters
            • Configuring Email Masking Pattern
            • Forced Password Reset
            • User Account Suspension
            • Resending Account Recovery Confirmation Emails
            • Password History Validation
            • Password Patterns
            • Password Expiry
              • Overview
              • Account Locking by Failed Login Attempts
              • Locking a Specific User Account
              • Account Disabling
            • Setting Up ReCaptcha
            • Multi Attribute Login
            • Workflows
              • Adding a workflow Engine
              • Configuring the BPM Profile as a Workflow Engine
            • Adding a New Workflow Definition
            • Engaging a Workflow in an Operation
            • Managing Human Tasks
            • Monitoring Workflow Requests
          • Customizing Automated Emails
          • Enabling Notifications for User Operations
          • Locking Functionality Per User
          • Tenant Wise Email Sender Configuration
          • Associating User Accounts
          • Managing User Attributes
          • Creating and Managing Tenants
          • Using Email Address as the Username
          • Managing Consent Purposes
          • Configuring Uniqueness of Claims
          • Identity Bus
            • Adding and Configuring a Service Provider
              • Configuring Claims for a Service Provider
              • Consent Management with Single-Sign-On
            • Configuring Roles and Permissions for a Service Provider
            • Configuring Inbound Authentication for a Service Provider
              • Configuring Local and Outbound Authentication for a Service Provider
                • Request Path Authentication
                • Basic Auth Request Path Authentication
                • OAuth Request Path Authenticator
              • Identifier-first Flow Handler
              • Configuring Multi-factor Authentication with Username and Password
            • Configuring Inbound Provisioning for a Service Provider
            • Configuring Outbound Provisioning for a Service Provider
            • Importing or Exporting a Service Provider
            • Adding and Configuring an Identity Provider
            • Configuring Claims for an Identity Provider
            • Configuring Roles for an Identity Provider
              • Configuring Just-In-Time Provisioning for an Identity Provider
              • Configuring Just-In-Time Provisioning Consent Purposes
              • Customizing Just-In-Time Provisioning User Interfaces
            • Configuring Outbound Provisioning Connectors for an Identity Provider
          • Authentication Session Persistence
          • Configuring Session Timeout
          • Configuring a SP and IdP Using Service Calls
          • Delegated Access Control
          • OAuth Concepts
            • Working with OAuth
            • OAuth 2.0 Clients
              • OAuth 2.0 Grant Types
              • Authorization Code Grant
              • Implicit Grant
              • Resource Owner Password Credentials Grant
              • Client Credentials Grant
              • Refresh Token Grant
              • Kerberos Grant
              • JWT Bearer Grant
            • SAML2 Bearer Assertion Profile for OAuth 2.0
            • Setting Up OAuth Token Hashing
            • JWT Token Generation
              • OAuth2 Token Validation and Introspection
              • Invoke the OAuth Introspection Endpoint
              • OAuth Token Validation Using SOAP Service
              • OAuth Transaction Logs
            • OAuth2 Token Revocation
              • Self-contained Access Tokens
              • Handling Custom Claims with the JWT Bearer Grant Type
            • Writing A New OAuth Client Authenticator
            • Private Key JWT Client Authentication for OIDC
            • Mutual TLS for OAuth Clients
            • Mutual TLS Client Authentication and Certificate-Bound Access Tokens
              • Microprofile JWT 1.0 support for IS
              • Running the MP-JWT Sample
            • Validating JWT based on JWKS
            • Issuing New Tokens Per Request
            • OpenID Connect
            • OpenID Connect Discovery
              • OpenID Connect Authentication
              • OpenID Connect Basic Client Profile
              • OpenID Connect Implicit Client Profile
              • OpenID Connect Hybrid Flow
            • OpenID Connect Dynamic Client Registration
            • Request Object Support
            • Configuring OpenID Connect Authorization Server
            • IDToken Signature Verification
            • JSON Web Key Set Endpoint
            • OpenID Connect Logout URL Redirection
            • OpenID Connect Scopes and Claims
            • OpenID Connect Single Logout
          • Extension Points for OAuth
            • User Managed Access
            • User Managed Access Endpoints
            • User Managed Access with WSO2 Identity Server
        • Consent Management
          • Analytics
            • Prerequisites to Publish Statistics
            • Enabling Geolocation Based Statistics
            • Creating Geo Location Data Set
            • Analyzing the Authentication Operations
            • Accessing the Analytics Dashboard
            • Analyzing Overall Login Attempts
            • Analyzing the Local Login Attempts
            • Analyzing the Federated Login Attempts
            • Analyzing Session Statistics
            • Purging Analytics Data
            • Monitoring the Authentication Operations with Alerts
            • Alert Types
            • Configuring Alerts
            • Viewing Alerts
          • Integrating with Fraud Detection, Risk Based Authentication, Identity Verification and Business Intelligence Systems
              • Writing a Custom OAuth 2.0 Grant Type
              • Sending Custom Error Codes
              • OAuth 2.0 with WSO2 Playground
              • Try Authorization Code Grant
              • Try Client Credentials Grant
              • Try Implicit Grant
              • Try Password Grant
              • Try Request Path Authentication
            • Setting up a SAML2 Bearer Assertion Profile for OAuth 2.0
            • Basic Client Profile with Playground
            • Implicit Client Profile with Playground
            • Session Management with Playground
            • Verifying OpenID Connect ID Token Signatures
            • Decrypting OpenID Connect Encrypted ID Tokens
          • Writing a Web Service Client for Authentication and User Admin Services
          • Consuming SCIM Rest Endpoints from a JAVA Client Application
          • Running an STS Client
          • XACML Sample for an Online Trading Application
          • Log in to the Identity Server using another Identity Server - SAML2
          • Login to Identity Server using another Identity Server - OAuth2
          • CORS
        • A/B Testing
        • Developer guide
        • Working with the Source Code
          • Overview
          • Enable Authentication for Spring Boot App
          • Overview
            • Writing a Custom Password Validator
            • Writing a Custom Global Scope Validator
            • Writing a Custom Claim Handler
            • Writing a Custom Event Handler
            • User Store Listeners
            • Writing a Post-Authentication Handler
            • Using the User Management Errors Event Listener
            • Carbon Remote User Store Manager
              • Customizing Authentication Error Messages
              • Customizing Error Pages
              • Error Codes and Descriptions
            • Enable Email Account Verification for an Updated Email Address
            • Enable Mobile Number Verification for an Updated Mobile Number
            • Extending SCIM 2.0 User Schemas
            • Writing an Outbound Provisioning Connector
            • Extensible SCIM User Schemas With WSO2 Identity Server
            • Writing a Custom Federated Authenticator
            • Writing a Custom Local Authenticator
            • Writing a Custom Policy Info Point
            • Extending the Workflow Event Handler
            • Writing a Custom Workflow Template
            • Writing Custom Functions for Adaptive Authentication
          • Using APIs
            • Calling Admin Services
            • Admin Services for One Way Operations
            • Rest APIs
            • Authenticating and Authorizing
            • Account Recovery
            • Application Management
            • Approvals
            • Associations
            • Authentication Data
            • Authentication
              • Authorized Apps V1
              • Authorized Apps V2
            • Challenge Question
            • Claim Management
              • Configuration Management
              • Retrieving Tenant Resources Based on Search Parameters
            • CORS
            • Consent Management
            • Email Templates
            • Entitlement
            • Fido
            • Identity Governance
            • Identity Providers
            • Keystore Management
            • Server Configurations
            • OAuth2 Scope Management
            • OpenID Connect Scope Management
            • OIDC Dynamic Client Registration
            • Permission Management
            • Personal Information Export
            • SCIM 1.1
              • SCIM 2.0 API Definition
              • SCIM 2.0 Patch Operations
              • SCIM 2.0 Batch Operations
            • Script Libraries
            • Secondary User Store
            • Self Sign-Up
            • Session Management
            • Tenant Management
            • TOTP
            • User Discoverable Application Management
            • User Functionality Management REST APIs
            • Workflow Engine Management REST APIs
            • SOAP APIs
              • User Management
              • Managing Users and Roles
              • Managing Claims
              • Managing Permissions
              • Counting Users and User Roles
              • Managing User Stores
            • User Information Recovery
              • Identity Application Management
              • Using the Service Provider
              • Service Provider Configurations used with APIs
              • Identity Provider Management
              • Using the Identity Provider
              • Identity Provider Configurations used with APIs
          • Managing Tenants with APIs
            • Entitlement with APIs
          • Re-branding WSO2 Identity Server UIs
          • Re-branding the Default Login Page for Your Application
          • Re-branding the SSO Redirection Page
        • Changing the Authentication Endpoint
        • Localization Support in Identity Server
        • Hosting Authentication Endpoint on a Different Server
          • Customizing the UI
          • Configuring the Application
          • Installing the Product
          • Installation Prerequisites
          • Installing on Linux or OS X
          • Installing on Solaris
          • Installing on Windows
          • Installing as a Linux Service
          • Installing as a Windows Service
          • Uninstalling the Product
        • Running the Product
          • Overview
          • Customizing the Management Console
        • Overview
          • Deploying the Identity Server
          • Fronting with the Nginx load balancer
          • Setting Up Separate Databases for Clustering
        • Changing the hostname
            • Overview
              • Changing to IBM DB2
              • Changing to MariaDB
              • Changing to MSSQL
              • Changing to MySQL
              • Changing to Oracle
              • Changing to Oracle RAC
              • Changing to PostgreSQL
              • Changing to Remote H2
              • Changing default datasource of BPS
              • Changing the Default Datasource for Consent Management
            • Browsing the H2 Database
            • Working with Users, Roles and Permissions
            • Introduction to User Management
              • Configuring the User Realm
              • Configuring the Authorization Manager
              • Configuring the System Administrator
                • Configuring User Stores
                  • Configuring the Primary User Store
                  • Configuring a JDBC User Store
                  • Configuring a Read-Only LDAP User Store
                  • Configuring a Read-Write Active Directory User Store
                  • Configuring a Read-Write LDAP User Store
                • Adding High Availability for LDAP
                • Configuring Secondary User Stores
                • Working with Properties of User Stores
                • Writing a Custom User Store Manager
            • Adding Logs for Tokens
            • Token Persistence
            • Removing Unused Tokens from the Database
            • Enable Assertions In Access Tokens
          • Data Purging
          • Removing References to Deleted User Identities
        • Configuring rsync for Deployment Synchronization
        • Configuring an SP and IdP Using Configuration Files
        • Configuring the Identity Server to Send Emails
          • Overview
            • Monitoring Logs
            • HTTP Access Logging
            • Masking Sensitive Information in Logs
            • Logging Claims in Audit Logs
          • System Statistics
            • Monitoring TCP-Based Messages
            • Message Monitoring with TCPMon
            • Other Usages of TCPMon
          • Monitoring Server Health
          • JMX-Based Monitoring
        • Working with Product Observability
        • Troubleshooting in Production Environments
        • Performance Tuning
        • Configuring Cache Layers
        • Maintaining Logins and Passwords
          • Encrypting Passwords with Cipher Tool
          • Resolving Encrypted Passwords
          • Customizing Secure Vault
          • Set Passwords using Environment Variables/System Properties
        • Enabling HSTS Headers
        • Preventing browser caching
        • Configuring Transport Level Security
        • Java Security Manager
      • Upgrade WSO2 Identity Server
      • Environment Compatibilty
      • Administer
          • Configuring the Identity Server
            • Data Dictionary
            • Registry Related Tables
            • User Management Related Tables
            • Identity Related Tables
            • Service Provider Related Tables
            • Identity Provider Related Tables
          • Using Tools
            • Using the XACML TryIt Tool
            • Evaluating a XACML Policy
            • Removing References to Deleted User Identities using the standalone tool
            • Extending the Identity Anonymization Tool
          • Working with Multiple Tenants
          • Introduction to Multitenancy
          • Configuring the Tenant Loading Policy
          • Adding New Tenants
        • LDAP vs JDBC
          • Working with the Registry
          • Browsing the Registry
          • Enabling Mutual SSL
          • Mutual TLS with client id and secret using OIDC
        • Invoking an Endpoint from a Different Domain
          • Clustering Overview
          • Configuring Hazelcast
          • Load Balancing
          • Sticky Sessions with Manager Nodes
          • Deployment Checklist
          • Backup and Recovery Recommendations
          • Security Guidelines
          • Product-Level
          • OS-Level
          • Network-level
            • Asymmetric Encryption
            • Creating New Keystores
            • Configuring Keystores
            • Renewing a CA-Signed Certificate
            • Managing Keystores via UI
            • Adding Multiple Keys to the Primary Keystore
            • Overview
            • Related Configurations
        • Mitigating Cross Site Request Forgery Attacks
        • Mitigating Authorization Code Interception Attacks
        • Mitigating Brute Force Attacks
        • Samesite Attribute Support
        • Timestamp in WS-Security to Mitigate Replay Attacks
        • Enabling HostName Verification
        • Configuring TLS Termination
      • Getting WSO2 Updates
      • GDPR
      • eIDAS
      • CCPA
      • Overview
      • Default Ports of WSO2 Products
      • Feature Deprecation
      • Permissions Required to Invoke Admin Services
      • API Permissions
      • New Configuration Model
      • Error Catalog
      • Product Startup Options
      • Supported Cipher Suites
      • Directory Structure of WSO2 Products
      • WSO2 Patch Application Process
      • Evolution of Identity Federation Standards
      • Adaptive Authentication JS API Reference
      • Scopes Corresponding to Permissions Required to Invoke API Calls
      • Usernames in WSO2 Identity Server
    

    REST APIs¶

    This section provides information on REST APIs in WSO2 Identity Server including the sample requests and responses.

    • Authenticating and Authorizing
    • Account Recovery
    • Application Management
    • Approvals
    • Associations
    • Authentication Data
    • Authentication
    • Authorized Apps
    • Challenge Question
    • Claim Management
    • Configuration Management
    • CORS
    • Retrieving Tenant Resources Based on Search Parameters
    • Consent Management
    • Email Templates
    • Entitlement
    • Fido
    • Identity Governance
    • Identity Providers
    • Keystore Management
    • OAuth2 Scope Management
    • OpenID Connect Scope Management
    • OIDC Dynamic Client Registration
    • Permission Management
    • Personal Information Export
    • SCIM 1.1
    • SCIM 2.0
    • Script Libraries
    • Secondary User Store
    • Self Sign-Up
    • Server Configuration
    • Session Management
    • TOTP
    • User Discoverable Application Management
    Top
    Previous Admin Services for One Way Operations
    Next Authenticating and Authorizing
    WSO2 Identity Server - Documentation
    Copyright © WSO2 LLC (2020-2023)
    Content licensed under CC By 4.0. | Sample code licensed under Apache 2.0.