Skip to content

Using the Self Sign-Up REST APIs

Tip

For information on configuring self-sign up using REST APIs, see the swagger docs on Self Registration REST APIs.

Related Links

For information on self-registration via the UI instead, see Self-Registration and Account Confirmation.

Enhance default permissions for the resend-code endpoint.

The resend-code endpoint of the self sign-up rest APIs is used to resend the confirmation code to an authenticated user. While no scopes are required to invoke this API by default, we recommend limiting permissions to this endpoint using scopes, prior to production deployment.

To do so, add the following configurations to the deployment.toml file

[resource.access_control]
context = "(.*)/api/identity/user/v1.0/resend-code(.*)"
secure = "true"
http_method = "all"
permissions=["/permission/admin/manage/identity/identitymgt"]
scopes=["internal_identity_mgt_view","internal_identity_mgt_update","internal_identity_mgt_create","internal_identity_mgt_delete"]
Top