Skip to content

Identity Server Documentation Rest APIs

5.11.0

Show all

Type to start searching

Get Started
Learn
Develop
Setup
Administer
Compliance
References



WSO2 Identity Server Documentation

Home
Get Started
Get Started
- Introduction
- Architecture
  Architecture
- About this Release
- Quick Start Guide
- Key Concepts
  Key Concepts
Learn
Learn
- Tutorials
  Tutorials
  - Tutorials
  - Basic Tutorials
    Basic Tutorials
    
    Users and Roles
    
    User Accounts
    User Accounts
    
    User Accounts
    
    User Registration
    User Registration
    
    User Registration
    
    Admin-Initiated
    Admin-Initiated
    
    With Password Entry
    
    With Email Verification
    
    Self-Registration
    
    Password Policies
    Password Policies
    
    Password Policies
    
    Password Patterns
    
    Password History
    
    Password Reset
    Password Reset
    
    Password Reset
    
    With Email
    
    With Challenge
    
    User Name Recovery
    
    Account Locking
    Account Locking
    
    Account Locking
    
    Admin-Initiated
    
    Failed Login Attempts
    
    Account Disabling
    
    Pending Account Status
    
    Single Sign-On
    Single Sign-On
    
    SAML 2.0
    
    OpenID Connect/OAuth 2.0
    
    WS-Federation (Passive STS)
    
    Access Delegation
    Access Delegation
    
    OAuth 2.0
    
    User Managed Access (UMA)
    
    Provisioning
    Provisioning
    
    Provisioning Overview
    
    Inbound Provisioning
    
    Outbound Provisioning
    Outbound Provisioning
    
    Configuring Outbound Provisioning
    
    Provisioining Users to Salesforce
    
    Provisioning users to Hubspot
    
    Account Syncing
    Account Syncing
    
    Exporting User Data From WSO2 Identity Server
    
    Sync Accounts to HubSpot
    
    Sync Accounts to MailChimp
    
    Sync Accounts to Pardot
    
    Sync Accounts to Pipedrive CRM
    
    Sync Accounts to Salesforce
    
    Sync Accounts to Sendgrid
    
    Sync Accounts to Zoho CRM
    
    Multifactor Authentication
    
    Access Control
    
    Multi-Tenancy
    
    Analytics
    Analytics
    
    Configuring Identity Analytics
    
    Web Analytics Solutions
  - Single Sign-On
    Single Sign-On
    
    Single Sign-On
    
    Configuring Single Sign-On
    Configuring Single Sign-On
    
    Configuring Single Sign-On
    
    Configuring reCaptcha for Single Sign On
    
    Single Sign-On for Native iOS Applications with WSO2 Identity Server
    
    SAML 2.0 Web SSO
    SAML 2.0 Web SSO
    
    SAML 2.0 Web SSO
    
    Configuring SAML2 Web Single-Sign-On
    
    Querying SAML Assertions
    
    Configuring SAML 2.0 Artifact Binding
    
    WS-Trust
    WS-Trust
    
    WS-Trust
    
    Configuring WS-Trust Security Token Service
    
    WS-Federation
    WS-Federation
    
    WS-Federation
    
    Configuring WS-Federation Single Sign-On
    
    Integrated Windows Authentication
    Integrated Windows Authentication
    
    Integrated Windows Authentication Overview
    
    Configuring IWA Single-Sign-On
    
    OAuth2-OpenID Connect
    OAuth2-OpenID Connect
    
    OAuth2-OpenID Connect Overview
    
    Configuring OAuth2-OpenID Connect Single-Sign-On
    
    Configuring OpenID Connect Single Logout
    
    Configuring OpenID Connect Back-Channel Logout
    
    Logging into WordPress using the Identity Server
    
    Logging into OpenCart using the Identity Server
    
    Logging into Drupal using the Identity Server
  - Authentication
    Authentication
    
    Overview
    
    Passwordless authentication using FIDO2
    
    Logging in to your application via Identity Server using Facebook Credentials
    
    Configuring Shibboleth IdP as a Trusted Identity Provider
    
    Logging in to SimpleSAMLphp using Identity Server
    
    Enabling SSO for Management Console using OpenSSO as the IDP
    
    Logging in to Salesforce using the Identity Server
    
    Logging in to Salesforce with Facebook
    
    Logging in to Salesforce with Integrated Windows Authentication
    
    Logging in to WSO2 Products via the Identity Server
    
    Logging in to Workday using the Identity Server
    
    Logging in to Microsoft Dynamics CRM with WS-Federation
    
    Logging in to Microsoft Sharepoint Web Applications using Identity Server
    
    Logging in to Office365 Using WSO2 Identity Server
    Logging in to Office365 Using WSO2 Identity Server
    
    Logging in to Office365 Using WSO2 Identity Server
    
    Configuring Office365 SAML2 with WSO2 Identity Server
    
    Configuring Office365 SAML2 with WSO2 Identity Server for Multiple Domains
    
    Configuring Office365 WS-Federation with WSO2 IS
    
    Configuring On Demand Provisioning with Azure AD
    
    Logging in to Office365 with WS Federation
    Logging in to Office365 with WS Federation
    
    Logging in to Office365 with WS Federation
    
    Configuring Azure Active Directory to Trust WSO2 Identity Server
    
    Configuring Office 365 WS-Federation with Identity Server
    
    Logging in to Office365 with WS-Trust
    
    Logging in to a .NET application using the Identity Server
    
    Using REST APIs via XACML to Manage Entitlement
    
    Logging in to Google using the Identity Server
    
    Logging in to an Application Using Google
    
    Testing OIDC Encrypted ID Token with IS
    
    Passing OIDC Authentication Request Parameters in a Request Object
    
    Enforcing Signature Validation for Request Objects
    
    Logging in to Magento using the WSO2 Identity Server
  - Multi-factor Authentication
    Multi-factor Authentication
    
    MFA in WSO2 Identity Server
    
    MFA using FIDO
    
    Configuring SMS OTP
    
    Configuring Email OTP
    
    Configuring TOTP
    
    MFA for Management Console
    
    Configuring X509Certificate Authenticator
  - Adaptive Authentication
    Adaptive Authentication
    
    Adaptive Authentication
    
    Configuring a Service Provider for Adaptive Authentication
    
    Scenarios
    Scenarios
    
    Scenarios
    
    Role-Based
    
    User-Age-Based
    
    Tenant-Based
    
    User Store-Based
    
    IP-Based
    
    New-Device-Based
    
    ACR-Based
    
    Risk-Based
    
    Login-Attempts-Based
    
    With Function Library
    
    Limiting Active User Sessions Based On Criteria
    
    Using WSO2 Stream Processor for Adaptive Authentication
    
    Using OPA Policies for Adaptive Authentication
    
    Working with ACR and AMR
  - Identity Federation
    Identity Federation
    
    Identity Federation
    
    Configuring Federated Authentication
    Configuring Federated Authentication
    
    Configuring Federated Authentication
    
    Configuring SAML 2.0 Web SSO
    
    Configuring OAuth2-OpenID Connect
    
    Configuring WS-Federation
    
    Configuring Facebook
    
    Configuring Yahoo
    
    Configuring Google
    
    Configuring Microsoft login
    
    Configuring IWA on Linux
    
    Configuring AD FS as a Federated Authenticator
    
    Configuring Twitter
    
    Configuring Apple
    
    Identity Federation with WS-Trust
    Identity Federation with WS-Trust
    
    Identity Federation with WS-Trust
    
    Configuring STS for Obtaining Tokens with Holder-Of-Key Subject Confirmation
    
    Accessing Claim Aware Services using STS Secured with Non-repudiation
    
    Requesting and Renewing Received SAML2 Bearer Type Tokens
    
    Configuring SAML2 Single-Sign-On Across Different WSO2 Products
    
    Client-side Support for SAML Artifact Binding
    
    eIDAS SAML Attribute Profile Support via WSO2 Identity Server
    
    Handling SAML Single Logout Requests from Federated identity Providers
  - Access Control
    Access Control
    
    Access Control Overview
    
    Working with Entitlement
    Working with Entitlement
    
    Configuring the Policy Administration Point
    Configuring the Policy Administration Point
    
    Configuring the Policy Administration Point
    
    Creating a XACML Policy
    
    Editing a XACML Policy
    
    Managing the Version of a XACML Policy
    
    Publishing a XACML Policy
    
    Viewing the Status of a XACML Policy
    
    Writing a XACML Policy using a Policy Template
    
    Configuring the Policy Decision Point
    Configuring the Policy Decision Point
    
    Configuring the Policy Decision Point
    
    Clearing a Cache
    
    Enabling and Disabling a XACML Policy
    
    Configuring Access Control Policy for a Service Provider
    
    Validating the Scope of OAuth Access Tokens using XACML Policies
    
    Validating OAuth Access Token Scope Using XACML Policies During Token Issuance
    
    Working with XACML
    Working with XACML
    
    Working with XACML
    
    Enabling REST Notifications For XACML Policy Updates
    
    Identity Server as an XACML Engine
    
    Working with XACML Multiple Decision Profile Requests
    Working with XACML Multiple Decision Profile Requests
    
    Working with XACML Multiple Decision Profile Requests Overview
    
    Working with MDP Requests by Repeating Attribute Categories
    
    Working with MDP Requests to Authorize Hierarchical Resources
    
    Working with MDP Requests in JSON Format
    
    Fine-grained Authorization using XACML Requests in JSON Format
    
    Improving XACML PDP Performance with Caching Techniques
    
    Writing XACML2 Policies in WSO2 Identity Server
    Writing XACML2 Policies in WSO2 Identity Server
    
    Writing XACML2 Policies in WSO2 Identity Server
    
    Introduction to XACML2 Policies
    
    XACML2 Sample Policy - 1
    
    XACML2 Sample Policy - 2
    
    XACML2 Sample Policy - 3
    
    XACML2 Sample Policy - 4
    
    XACML2 Sample Policy - 5
    
    XACML2 Sample Policy - 6
    
    Writing XACML3 Policies in WSO2 Identity Server
    Writing XACML3 Policies in WSO2 Identity Server
    
    Writing XACML3 Policies in WSO2 Identity Server
    
    Introduction to XACML3 Policies
    
    XACML3 Sample Policy - 1
    
    XACML3 Sample Policy - 2
    
    XACML3 Sample Policy - 3
    
    XACML3 Sample Policy - 4
    
    XACML3 Sample Policy - 5
    
    XACML3 Sample Policy - 6
    
    Sending Notifications to External PEP Endpoints
    
    Writing an XACML 3.0 Policy Using XPath
  - Deploying the Samples
- Integrations
  Integrations
  - Master Data Management
- My Account
- Using WSO2 Identity Server
  Using WSO2 Identity Server
  - Identity Administration and Provisioning
    Identity Administration and Provisioning
    
    Users, Roles and Permissions
    Users, Roles and Permissions
    
    Configuring Users, Roles and Perimissions
    
    Configuring Users
    
    Configuring Roles and Permissions
    
    Role-based Permissions
    
    Changing a Password
    
    Using Workflows with User Management
    
    Claim Management
    Claim Management
    
    Claim Management
    
    Configuring Claim Dialects
    Configuring Claim Dialects
    
    Configuring Claim Dialects
    
    Adding Claim Dialects
    
    Editing Claim Dialects
    
    Deleting Claim Dialects
    
    Configuring Claims
    Configuring Claims
    
    Configuring Claims
    
    Adding Claim Mapping
    
    Editing Claim Mapping
    
    Deleting Claim Mapping
    
    Identity Provisioning
    Identity Provisioning
    
    Identity Provisioning
    
    The Evolution of Provisioning Standards
    
    Inbound Provisioning
    Inbound Provisioning
    
    Inbound Provisioning
    
    Setting Up Service Provider for Inbound Provisioning
    
    Configuring User Stores for SCIM 1.1 based inbound provisioning
    Configuring User Stores for SCIM 1.1 based inbound provisioning
    
    Configuring User Stores for SCIM 1.1 based inbound provisioning
    
    Configuring Active Directory User Stores for SCIM 1.1 based inbound provisioning
    
    Configuring User Stores for SCIM 2.0 based inbound provisioning
    Configuring User Stores for SCIM 2.0 based inbound provisioning
    
    Configuring User Stores for SCIM 2.0 based inbound provisioning
    
    Configuring Active Directory User Stores for SCIM 2.0 based inbound provisioning
    
    Outbound Provisioning
    Outbound Provisioning
    
    Outbound Provisioning
    
    Outbound Provisioning with SCIM
    
    Outbound Provisioning with SPML
    
    Outbound Provisioning with Salesforce
    
    Outbound Provisioning with Google
    
    Role Based Provisioning
    
    Rule Based Provisioning
    
    Provisioning Patterns
    
    Account Management Policies
    Account Management Policies
    
    Account Recovery
    Account Recovery
    
    Username Recovery
    Username Recovery
    
    Username Recovery
    
    Configuring reCaptcha for Username Recovery
    
    Password Recovery
    Password Recovery
    
    Password Recovery
    
    Configuring Google reCaptcha for Security-Question Based Password Recovery
    
    Configuring reCaptcha for Password Recovery
    
    Managing Challenge Questions
    
    Self-Registration and Account Confirmation
    Self-Registration and Account Confirmation
    
    Self-Registration and Account Confirmation
    
    Configuring reCaptcha for Self Registration
    
    Lite User Registration
    
    Creating Users Using the Ask Password Option
    
    Emails with Special Characters
    
    Configuring Email Masking Pattern
    
    Forced Password Reset
    
    User Account Suspension
    
    Resending Account Recovery Confirmation Emails
    
    Password Policies
    Password Policies
    
    Password History Validation
    
    Password Patterns
    
    Password Expiry
    
    Login Policies
    Login Policies
    
    User Account Locking and Account Disabling
    User Account Locking and Account Disabling
    
    Overview
    
    Account Locking by Failed Login Attempts
    
    Locking a Specific User Account
    
    Account Disabling
    
    Setting Up ReCaptcha
    
    Multi Attribute Login
    
    Workflows
    Workflows
    
    Workflows
    
    Adding a workflow Engine
    Adding a workflow Engine
    
    Adding a workflow Engine
    
    Configuring the BPM Profile as a Workflow Engine
    
    Adding a New Workflow Definition
    
    Engaging a Workflow in an Operation
    
    Managing Human Tasks
    
    Monitoring Workflow Requests
    
    Customizing Automated Emails
    
    Enabling Notifications for User Operations
    
    Locking Functionality Per User
    
    Tenant Wise Email Sender Configuration
    
    Associating User Accounts
    
    Managing User Attributes
    
    Creating and Managing Tenants
    
    Using Email Address as the Username
    
    Managing Consent Purposes
    
    Configuring Uniqueness of Claims
  - Identity Bus
    Identity Bus
    
    Identity Bus
    
    Adding and Configuring a Service Provider
    Adding and Configuring a Service Provider
    
    Adding and Configuring a Service Provider
    
    Configuring Claims for a Service Provider
    Configuring Claims for a Service Provider
    
    Configuring Claims for a Service Provider
    
    Consent Management with Single-Sign-On
    
    Configuring Roles and Permissions for a Service Provider
    
    Configuring Inbound Authentication for a Service Provider
    
    Configuring Local and Outbound Authentication for a Service Provider
    Configuring Local and Outbound Authentication for a Service Provider
    
    Configuring Local and Outbound Authentication for a Service Provider
    
    Request Path Authentication
    Request Path Authentication
    
    Request Path Authentication
    
    Basic Auth Request Path Authentication
    
    OAuth Request Path Authenticator
    
    Identifier-first Flow Handler
    
    Configuring Multi-factor Authentication with Username and Password
    
    Configuring Inbound Provisioning for a Service Provider
    
    Configuring Outbound Provisioning for a Service Provider
    
    Importing or Exporting a Service Provider
    
    Adding and Configuring an Identity Provider
    Adding and Configuring an Identity Provider
    
    Adding and Configuring an Identity Provider
    
    Configuring Claims for an Identity Provider
    
    Configuring Roles for an Identity Provider
    
    Configuring Just-In-Time Provisioning for an Identity Provider
    Configuring Just-In-Time Provisioning for an Identity Provider
    
    Configuring Just-In-Time Provisioning for an Identity Provider
    
    Configuring Just-In-Time Provisioning Consent Purposes
    
    Customizing Just-In-Time Provisioning User Interfaces
    
    Configuring Outbound Provisioning Connectors for an Identity Provider
    
    Authentication Session Persistence
    
    Configuring Session Timeout
    
    Configuring a SP and IdP Using Service Calls
  - Delegated Access Control
    Delegated Access Control
    
    Delegated Access Control
    
    OAuth Concepts
    
    Working with OAuth
    Working with OAuth
    
    Working with OAuth
    
    OAuth 2.0 Clients
    
    OAuth 2.0 Grant Types
    OAuth 2.0 Grant Types
    
    OAuth 2.0 Grant Types
    
    Authorization Code Grant
    
    Implicit Grant
    
    Resource Owner Password Credentials Grant
    
    Client Credentials Grant
    
    Refresh Token Grant
    
    Kerberos Grant
    
    JWT Bearer Grant
    
    SAML2 Bearer Assertion Profile for OAuth 2.0
    
    Setting Up OAuth Token Hashing
    
    JWT Token Generation
    
    OAuth2 Token Validation and Introspection
    OAuth2 Token Validation and Introspection
    
    OAuth2 Token Validation and Introspection
    
    Invoke the OAuth Introspection Endpoint
    
    OAuth Token Validation Using SOAP Service
    
    OAuth Transaction Logs
    
    OAuth2 Token Revocation
    
    Self-contained Access Tokens
    Self-contained Access Tokens
    
    Self-contained Access Tokens
    
    Handling Custom Claims with the JWT Bearer Grant Type
    
    Writing A New OAuth Client Authenticator
    
    Private Key JWT Client Authentication for OIDC
    
    Mutual TLS for OAuth Clients
    
    Mutual TLS Client Authentication and Certificate-Bound Access Tokens
    
    Microprofile JWT 1.0 support for IS
    Microprofile JWT 1.0 support for IS
    
    Microprofile JWT 1.0 support for IS
    
    Running the MP-JWT Sample
    
    Validating JWT based on JWKS
    
    Issuing New Tokens Per Request
    
    OpenID Connect
    OpenID Connect
    
    OpenID Connect
    
    OpenID Connect Discovery
    
    OpenID Connect Authentication
    OpenID Connect Authentication
    
    OpenID Connect Authentication
    
    OpenID Connect Basic Client Profile
    
    OpenID Connect Implicit Client Profile
    
    OpenID Connect Hybrid Flow
    
    OpenID Connect Dynamic Client Registration
    
    Request Object Support
    
    Configuring OpenID Connect Authorization Server
    
    IDToken Signature Verification
    
    JSON Web Key Set Endpoint
    
    OpenID Connect Logout URL Redirection
    
    OpenID Connect Scopes and Claims
    
    OpenID Connect Single Logout
    
    Extension Points for OAuth
    
    User Managed Access
    User Managed Access
    
    User Managed Access
    
    User Managed Access Endpoints
    
    User Managed Access with WSO2 Identity Server
  - Consent Management
  - Analytics
    Analytics
    
    Analytics
    
    Prerequisites to Publish Statistics
    Prerequisites to Publish Statistics
    
    Prerequisites to Publish Statistics
    
    Enabling Geolocation Based Statistics
    
    Creating Geo Location Data Set
    
    Analyzing the Authentication Operations
    Analyzing the Authentication Operations
    
    Analyzing the Authentication Operations
    
    Accessing the Analytics Dashboard
    
    Analyzing Overall Login Attempts
    
    Analyzing the Local Login Attempts
    
    Analyzing the Federated Login Attempts
    
    Analyzing Session Statistics
    
    Purging Analytics Data
    
    Monitoring the Authentication Operations with Alerts
    Monitoring the Authentication Operations with Alerts
    
    Monitoring the Authentication Operations with Alerts
    
    Alert Types
    
    Configuring Alerts
    
    Viewing Alerts
    
    Integrating with Fraud Detection, Risk Based Authentication, Identity Verification and Business Intelligence Systems
  - Samples
    Samples
    
    OAuth2
    OAuth2
    
    Writing a Custom OAuth 2.0 Grant Type
    Writing a Custom OAuth 2.0 Grant Type
    
    Writing a Custom OAuth 2.0 Grant Type
    
    Sending Custom Error Codes
    
    OAuth 2.0 with WSO2 Playground
    OAuth 2.0 with WSO2 Playground
    
    OAuth 2.0 with WSO2 Playground
    
    Try Authorization Code Grant
    
    Try Client Credentials Grant
    
    Try Implicit Grant
    
    Try Password Grant
    
    Try Request Path Authentication
    
    Setting up a SAML2 Bearer Assertion Profile for OAuth 2.0
    
    OpenIDConnect
    OpenIDConnect
    
    Basic Client Profile with Playground
    
    Implicit Client Profile with Playground
    
    Session Management with Playground
    
    Verifying OpenID Connect ID Token Signatures
    
    Decrypting OpenID Connect Encrypted ID Tokens
    
    Writing a Web Service Client for Authentication and User Admin Services
    
    Consuming SCIM Rest Endpoints from a JAVA Client Application
    
    Running an STS Client
    
    XACML Sample for an Online Trading Application
    
    Log in to the Identity Server using another Identity Server - SAML2
    
    Login to Identity Server using another Identity Server - OAuth2
  - CORS
    CORS
    
    CORS
  - A/B Testing
Develop
Develop
- Developer Guide
  Developer Guide
  - Developer guide
  - Working with the Source Code
  - Using SDKs
    Using SDKs
    
    Overview
    
    Enable Authentication for Spring Boot App
  - Extending the Identity Server
    Extending the Identity Server
    
    Overview
    
    User Management for Developers
    User Management for Developers
    
    Writing a Custom Password Validator
    
    Writing a Custom Global Scope Validator
    
    Writing a Custom Claim Handler
    
    Writing a Custom Event Handler
    
    User Store Listeners
    
    Writing a Post-Authentication Handler
    
    Using the User Management Errors Event Listener
    
    Carbon Remote User Store Manager
    
    Working with Errors
    Working with Errors
    
    Customizing Authentication Error Messages
    
    Customizing Error Pages
    
    Error Codes and Descriptions
    
    Enable Email Account Verification for an Updated Email Address
    
    Enable Mobile Number Verification for an Updated Mobile Number
    
    Provisioning for Developers
    Provisioning for Developers
    
    Extending SCIM 2.0 User Schemas
    
    Writing an Outbound Provisioning Connector
    
    Extensible SCIM User Schemas With WSO2 Identity Server
    
    Identity Federation for Developers
    Identity Federation for Developers
    
    Writing a Custom Federated Authenticator
    
    Writing a Custom Local Authenticator
    
    Access Control for Developers
    Access Control for Developers
    
    Writing a Custom Policy Info Point
    
    Workflow Management for Developers
    Workflow Management for Developers
    
    Extending the Workflow Event Handler
    
    Writing a Custom Workflow Template
    
    Adaptive Authentication for Developers
    Adaptive Authentication for Developers
    
    Writing Custom Functions for Adaptive Authentication
  - Using APIs
    Using APIs
    
    Using APIs
    
    Calling Admin Services
    Calling Admin Services
    
    Calling Admin Services
    
    Admin Services for One Way Operations
    
    REST APIs
    REST APIs
    
    Rest APIs
    
    Authenticating and Authorizing
    
    Account Recovery
    
    Application Management
    
    Approvals
    
    Associations
    
    Authentication Data
    
    Authentication
    
    Authorized Apps
    Authorized Apps
    
    Authorized Apps V1
    
    Authorized Apps V2
    
    Challenge Question
    
    Claim Management
    
    Configuration Management
    Configuration Management
    
    Configuration Management
    
    Retrieving Tenant Resources Based on Search Parameters
    
    CORS
    
    Consent Management
    
    Email Templates
    
    Entitlement
    
    Fido
    
    Identity Governance
    
    Identity Providers
    
    Keystore Management
    
    Server Configurations
    
    OAuth2 Scope Management
    
    OpenID Connect Scope Management
    
    OIDC Dynamic Client Registration
    
    Permission Management
    
    Personal Information Export
    
    SCIM 1.1
    
    SCIM 2.0
    SCIM 2.0
    
    SCIM 2.0 API Definition
    
    SCIM 2.0 Patch Operations
    
    SCIM 2.0 Batch Operations
    
    Script Libraries
    
    Secondary User Store
    
    Self Sign-Up
    
    Session Management
    
    Tenant Management
    
    TOTP
    
    User Discoverable Application Management
    
    User Functionality Management REST APIs
    
    Workflow Engine Management REST APIs
    
    SOAP APIs
    SOAP APIs
    
    SOAP APIs
    
    User Management
    User Management
    
    User Management
    
    Managing Users and Roles
    
    Managing Claims
    
    Managing Permissions
    
    Counting Users and User Roles
    
    Managing User Stores
    
    User Information Recovery
    
    Identity Application Management
    Identity Application Management
    
    Identity Application Management
    
    Using the Service Provider
    
    Service Provider Configurations used with APIs
    
    Identity Provider Management
    Identity Provider Management
    
    Identity Provider Management
    
    Using the Identity Provider
    
    Identity Provider Configurations used with APIs
    
    Managing Tenants with APIs
    
    Entitlement with APIs
    Entitlement with APIs
    
    Entitlement with APIs
    
    IdP Session Extending API
  - Re-branding User Interfaces
    Re-branding User Interfaces
    
    Re-branding WSO2 Identity Server UIs
    
    Re-branding the Default Login Page for Your Application
    
    Re-branding the SSO Redirection Page
  - Changing the Authentication Endpoint
  - Localization Support in Identity Server
  - Hosting Authentication Endpoint on a Different Server
  - My Account
    My Account
    
    Customizing the UI
    
    Configuring the Application
Setup
Setup
- Install
  Install
  - Installing the Product
    Installing the Product
    
    Installing the Product
    
    Installation Prerequisites
    
    Installing on Linux or OS X
    
    Installing on Solaris
    
    Installing on Windows
    
    Installing as a Linux Service
    
    Installing as a Windows Service
    
    Uninstalling the Product
  - Running the Product
  - Getting Started with the Management Console
    Getting Started with the Management Console
    
    Overview
    
    Customizing the Management Console
- Deploy
  Deploy
  - Overview
  - Deployment Guide
    Deployment Guide
    
    Deploying the Identity Server
    
    Fronting with the Nginx load balancer
    
    Setting Up Separate Databases for Clustering
  - Changing the hostname
  - Data Stores
    Data Stores
    
    Working with Databases
    Working with Databases
    
    Overview
    
    Changing the Carbon Database
    Changing the Carbon Database
    
    Changing to IBM DB2
    
    Changing to MariaDB
    
    Changing to MSSQL
    
    Changing to MySQL
    
    Changing to Oracle
    
    Changing to Oracle RAC
    
    Changing to PostgreSQL
    
    Changing to Remote H2
    
    Changing default datasource of BPS
    
    Changing the Default Datasource for Consent Management
    
    Browsing the H2 Database
    
    Working with Users, Roles and Permissions
    Working with Users, Roles and Permissions
    
    Working with Users, Roles and Permissions
    
    Introduction to User Management
    
    Configuring the User Realm
    Configuring the User Realm
    
    Configuring the User Realm
    
    Configuring the Authorization Manager
    
    Configuring the System Administrator
    
    Configuring User Stores
    Configuring User Stores
    
    Configuring User Stores
    
    Configuring the Primary User Store
    Configuring the Primary User Store
    
    Configuring the Primary User Store
    
    Configuring a JDBC User Store
    
    Configuring a Read-Only LDAP User Store
    
    Configuring a Read-Write Active Directory User Store
    
    Configuring a Read-Write LDAP User Store
    
    Adding High Availability for LDAP
    
    Configuring Secondary User Stores
    
    Working with Properties of User Stores
    
    Writing a Custom User Store Manager
    
    Working with Tokens
    Working with Tokens
    
    Adding Logs for Tokens
    
    Token Persistence
    
    Removing Unused Tokens from the Database
    
    Enable Assertions In Access Tokens
    
    Data Purging
    
    Removing References to Deleted User Identities
  - Configuring rsync for Deployment Synchronization
  - Configuring an SP and IdP Using Configuration Files
  - Configuring the Identity Server to Send Emails
- Monitor
  Monitor
  - Monitoring
    Monitoring
    
    Overview
    
    Monitoring Logs
    Monitoring Logs
    
    Monitoring Logs
    
    HTTP Access Logging
    
    Masking Sensitive Information in Logs
    
    Logging Claims in Audit Logs
    
    System Statistics
    
    Monitoring TCP-Based Messages
    Monitoring TCP-Based Messages
    
    Monitoring TCP-Based Messages
    
    Message Monitoring with TCPMon
    
    Other Usages of TCPMon
    
    Monitoring Server Health
    
    JMX-Based Monitoring
  - Working with Product Observability
  - Troubleshooting in Production Environments
- Performance
  Performance
  - Performance Tuning
  - Configuring Cache Layers
- Security
  Security
  - Maintaining Logins and Passwords
  - Recover Super Admin Account
  - Securing Passwords in Configuration Files
    Securing Passwords in Configuration Files
    
    Encrypting Passwords with Cipher Tool
    
    Resolving Encrypted Passwords
    
    Customizing Secure Vault
    
    Set Passwords using Environment Variables/System Properties
  - Enabling HSTS Headers
  - Preventing browser caching
  - Configuring Transport Level Security
  - Java Security Manager
- Upgrade WSO2 Identity Server
- Environment Compatibilty
Administer
Administer
- Administer
- Product Administration
  Product Administration
  - Configuring the Identity Server
    Configuring the Identity Server
    
    Configuring the Identity Server
  - Using Tools
    Using Tools
    
    Using Tools
    
    Using the XACML TryIt Tool
    Using the XACML TryIt Tool
    
    Using the XACML TryIt Tool
    
    Evaluating a XACML Policy
    
    Identity Anonymization tool
    Identity Anonymization tool
    
    Removing References to Deleted User Identities using the standalone tool
    
    Extending the Identity Anonymization Tool
  - Working with Multiple Tenants
    Working with Multiple Tenants
    
    Working with Multiple Tenants
    
    Introduction to Multitenancy
    
    Configuring the Tenant Loading Policy
    
    Adding New Tenants
  - LDAP vs JDBC
  - Working with the Registry
    Working with the Registry
    
    Working with the Registry
    
    Browsing the Registry
  - Enabling Mutual SSL
    Enabling Mutual SSL
    
    Enabling Mutual SSL
    
    Mutual TLS with client id and secret using OIDC
  - Invoking an Endpoint from a Different Domain
- Deployment and Clustering
  Deployment and Clustering
  - Key Concepts
    Key Concepts
    
    Clustering Overview
    
    Configuring Hazelcast
    
    Load Balancing
    
    Sticky Sessions with Manager Nodes
    
    Deployment Checklist
    
    Backup and Recovery Recommendations
  - Security Guidelines
    Security Guidelines
    
    Security Guidelines
    
    Product-Level
    
    OS-Level
    
    Network-level
  - Encryption
    Encryption
    
    Asymmetric Encryption
    Asymmetric Encryption
    
    Asymmetric Encryption
    
    Creating New Keystores
    
    Configuring Keystores
    
    Renewing a CA-Signed Certificate
    
    Managing Keystores via UI
    
    Adding Multiple Keys to the Primary Keystore
    
    Configure Custom Keystores for Authentication Protocols
    
    Symmetric Encryption
    Symmetric Encryption
    
    Overview
    
    Related Configurations
  - Mitigating Cross Site Request Forgery Attacks
  - Mitigating Authorization Code Interception Attacks
  - Mitigating Brute Force Attacks
  - Samesite Attribute Support
  - Timestamp in WS-Security to Mitigate Replay Attacks
  - Enabling HostName Verification
  - Configuring TLS Termination
- Getting WSO2 Updates
Compliance
Compliance
- GDPR
- eIDAS
- CCPA
References
References



REST APIs¶

This section provides information on REST APIs in WSO2 Identity Server including the sample requests and responses.

Top

Previous Admin Services for One Way Operations

Next Authenticating and Authorizing

WSO2 Identity Server - Documentation

Copyright © 2020-2025 WSO2 LLC.

Content licensed under CC By 4.0. | Sample code licensed under Apache 2.0.