data protection on demand (dpod) apiversion: 1.15.0 uri scheme basepath: /v1 schemes: https consumes...

Data Protection on Demand (DPoD)APIThales

Version 1.18.0, 2021-02-12

Table of ContentsOverview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1

Version information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1

URI scheme . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1

Consumes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1

Produces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1

Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2

OAuth2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2

Paths . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3

Contracts API . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3

Get the account statuses of the subscriber tenants below the Service Provider(s) . . . . . . . . . . . . . 3

Get the account status related information for a tenant. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

Submit a service agreement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

Get the service agreement for a tenant . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12

Reject a service agreement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

Approve a service agreement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

Get current terms of service for a tenant . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23

Credentials Management Service API . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25

Create API-level client credentials . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25

List all the client credentials . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27

Get details of the specified client credentials . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29

Delete client credentials . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30

Update existing client credentials . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32

Reset client credentials’s secret . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34

Marketplace Categories API . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36

List all available categories for the service types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36

Service Instances API . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38

Provision a service instance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38

Show active service instances . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40

Get a summary of the currently active services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43

Get usage reports for billing purposes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44

Get usage details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45

Show service instance details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48

Unprovision an active service instance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50

Show all active client bindings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51

Generate a client binding to an existing service instance. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52

Show client binding details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54

Unbind a client of a service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55

Service API (Deprecated) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56

Create a service. Deprecated, see: POST /service_instances . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56

Show active services. Deprecated, see: GET /service_instances. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58

Show service details. Deprecated, see: GET /service_instances/{id} . . . . . . . . . . . . . . . . . . . . . . . . . 61

Remove an active service. Deprecated, see: DELETE /service_instances/{id} . . . . . . . . . . . . . . . . 63

Show all active clients. Deprecated, see: GET /service_instances/{id}/bindings/{clientId} . . . . . 64

Bind a client to a service. Deprecated, see: PUT /service_instances/{id}/bindings/{clientId} . . . 65

Show client details. Deprecated, see: GET /service_instances/{id}/bindings/{clientId} . . . . . . . . 67

Unbind a client of a service. Deprecated, see: DELETE

/service_instances/{id}/bindings/{clientId}

69

Subscriber Group API . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70

Create a new Subscriber Group. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70

List Subscriber Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72

get the details for a specified Subscriber Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73

Delete the Subscriber Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75

Update an existing Subscriber Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75

Tenant API . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78

Create a tenant. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78

List tenants . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82

Get a tree representation of the tenant’s hierarchy based on children with valid account

statuses (active and disabled) it may have.

85

Get logo image for the targeted host . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88

Collect the service summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89

Collect the service summary file . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91

Get tenant settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92

Update tenant settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94

Generate the usage report for all the tenants . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96

Generate the usage report file for all the tenants . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99

Get details for the specified tenant . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100

Delete the tenant . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102

Update an existing tenant . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103

Get details for the specified tenant’s admin user . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107

Reset the admin user’s password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108

Reset the admin user’s multi-factor token . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110

Get a list of tenant ids that are children of the given tenant . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111

Get hostname of the requested tenant id . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112

Get logo image for the targeted tenant . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114

Set logo image . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115

Get quota information for the requested tenant id . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116

Marketplace API . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118

List all the tiles available to a tenant . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118

Get details about a specific tile . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122

Updates the content of a tile. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126

Get plans for the specified tile. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131

User API . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134

Create a User . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135

List users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137

Change the current user old password for a new one, both being provided . . . . . . . . . . . . . . . . 139

Allows an anonymous user to request a forgotten password email. . . . . . . . . . . . . . . . . . . . . . . . 142

Get the details of the user specified in the JWT sent with this request . . . . . . . . . . . . . . . . . . . . . 144

Get details for the specified user. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145

Delete a User . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147

Edit User’s Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148

Change the current user password to the password provided, provided a forgot password

request was done first

151

Reset a User’s multi-factor token for yourself or for a user you can manage . . . . . . . . . . . . . . . 153

Reset another user password. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 155

Send the email to verify user’s email address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157

Verify the user’s email address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 158

OverviewThe DPoD API can manage HSM on Demand services.

Version informationVersion : 1.18.0

URI scheme

BasePath : /v1Schemes : HTTPS

Consumes

• application/json

Produces


1

Security

OAuth2Type : oauth2Flow : applicationToken URL : /oauth/token

Name Description

dpod.tenant.spadmin Service Provider Administrator

dpod.tenant.admin Tenant administrator

dpod.tenant.appowner Application owner

dpod.tenant.api_appowner Application owner credentials

dpod.tenant.api_service Service credentials

dpod.tenant.api_spadmin Service Provider Administrator API platform credentials

dpod.tenant.spadmin.unverified Unverified Service Provider Administrator

dpod.tenant.admin.unverified Unverified Tenant Administrator

dpod.tenant.appowner.unverified

Unverified Application Owner

2

Paths

Contracts API

Get the account statuses of the subscriber tenants below the ServiceProvider(s)

GET /backoffice/accountStatuses

Description

Gets the account statuses of all the subscriber tenants of the provided Service Provider IDs, If the"spIds" parameter is not provided or empty, the account statuses of the subscriber tenants of thecurrently authenticated Service Provider user are returned.

Parameters

Type Name Description Schema

QueryspIdsoptional

the parent IDs for which we need the accountstatuses (all sub-tenants)

< string (uuid) >array

Responses

HTTPCode

Description Schema

200 Successful response.< Response 200 >array

500 Internal Server Error. Response 500

Response 200

Name Description Schema

agreementApprovalStatusrequired

Calculated field based on agreement dates.Example : "Approved"

enum(NotRequested,Requested,Approved)

agreementEndDateoptional

The UTC date the subscriber account turns to a monthlycontract. For the new service agreements, this will be 12, 24or 36 months after the approval date or 1200 months after(100 years) in the case of an automated renewal. For legacytenants, the date can be any date.Example : "2021-02-10T00:00:00Z"

string (date-time)

3


agreementRequestDateoptional

The UTC when date the tenant admin submits the serviceagreement to the Service Provider for approval.Example : "2018-02-10T00:00:00Z"

string (date-time)

agreementStartDateoptional

The UTC date when the Service Provide admin approves theservice agreement and starts the "service agreementperiod".Example : "2018-02-10T00:00:00Z"

string (date-time)

cachedrequired

false, if the object comes from the backoffice system. true, ifthe object comes from the DPoD cache (last known version).Default : falseExample : true

boolean

evaluationEndDaterequired

The UTC date when the evaluation period will or hasexpired.Example : "2018-01-30T00:00:00Z"

string (date-time)

evaluationStartDaterequired

The UTC date the account was created.Example : "2018-01-01T00:00:00Z"

string (date-time)

evaluationStatusrequired

Calculated field based on evaluation and agreement dates.Example : "Evaluating"

enum (Evaluating,Expired,InAgreement,AgreementEnded)

tenantIdrequired

Tenant Id of the customer.Example : "457A2BD8-B8C8-4656-93BD-42416464FE98"

string (uuid)

Response 500

Name Schema

erroroptional

string

exceptionoptional

string

messageoptional

string

pathoptional

string

statusoptional

integer (int32)

timestampoptional

string

4

Produces


Tags

• Account Status

Security

Type Name Scopes

oauth2 OAuth2 dpod.tenant.spadmin, dpod.tenant.api_spadmin

Example HTTP response

Response 200

5

{ "TenantAccountStatuses" : [ { "tenantId" : "457A2BD8-B8C8-4656-93BD-42416464FE98", "evaluationStartDate" : "2018-01-01T00:00:00Z", "evaluationEndDate" : "2018-01-30T00:00:00Z", "evaluationStatus" : "Evaluating", "agreementApprovalStatus" : "NotRequested", "cached" : false }, { "tenantId" : "457A2BD8-B8C8-4656-93BD-42416464FE99", "evaluationStartDate" : "2017-01-01T00:00:00Z", "evaluationEndDate" : "2017-01-30T00:00:00Z", "evaluationStatus" : "Expired", "agreementApprovalStatus" : "NotRequested", "cached" : false }, { "tenantId" : "457A2BD8-B8C8-4656-93BD-42416464FE01", "evaluationStartDate" : "2018-01-01T00:00:00Z", "evaluationEndDate" : "2018-01-30T00:00:00Z", "agreementRequestDate" : "2018-01-24T00:00:00Z", "evaluationStatus" : "Evaluating", "agreementApprovalStatus" : "Requested", "cached" : false }, { "tenantId" : "657A2BD8-B8C8-4656-93BD-42416464FE03", "evaluationStartDate" : "2017-01-01T00:00:00Z", "evaluationEndDate" : "2017-01-30T00:00:00Z", "agreementRequestDate" : "2017-01-24T00:00:00Z", "evaluationStatus" : "Expired", "agreementApprovalStatus" : "Requested", "cached" : false }, { "tenantId" : "457A2BD8-B8C8-4656-93BD-42416464FE00", "evaluationStartDate" : "2018-01-01T00:00:00Z", "evaluationEndDate" : "2018-01-30T00:00:00Z", "agreementRequestDate" : "2018-01-24T00:00:00Z", "agreementStartDate" : "2018-01-25T00:00:00Z", "agreementEndDate" : "2021-01-25T00:00:00Z", "evaluationStatus" : "InAgreement", "agreementApprovalStatus" : "Approved", "cached" : false } ]}

Get the account status related information for a tenant.

GET /backoffice/accountStatuses/{id}

6

Description

Indicate the evaluation start/end dates and initial service agreement related dates.

Parameters


Pathidrequired

Tenant ID of the customer. string (uuid)

Responses

HTTPCode

Description Schema

200 Success response. Response 200

404The account status is not found (neither the backoffice returned itnor it is in the local cache). The local cache is checked when thebackoffice is unavailable or returns an error (any error).

Response 404


Response 200


agreementApprovalStatusrequired

Calculated field based on agreement dates.Example : "Approved"

enum(NotRequested,Requested,Approved)

agreementEndDateoptional

The UTC date the subscriber account turns to a monthlycontract. For the new service agreements, this will be 12, 24or 36 months after the approval date or 1200 months after(100 years) in the case of an automated renewal. For legacytenants, the date can be any date.Example : "2021-02-10T00:00:00Z"

string (date-time)

agreementRequestDateoptional

The UTC when date the tenant admin submits the serviceagreement to the Service Provider for approval.Example : "2018-02-10T00:00:00Z"

string (date-time)

agreementStartDateoptional

The UTC date when the Service Provide admin approves theservice agreement and starts the "service agreementperiod".Example : "2018-02-10T00:00:00Z"

string (date-time)

cachedrequired


boolean

7


evaluationEndDaterequired

The UTC date when the evaluation period will or hasexpired.Example : "2018-01-30T00:00:00Z"

string (date-time)

evaluationStartDaterequired

The UTC date the account was created.Example : "2018-01-01T00:00:00Z"

string (date-time)

evaluationStatusrequired

Calculated field based on evaluation and agreement dates.Example : "Evaluating"

enum (Evaluating,Expired,InAgreement,AgreementEnded)

tenantIdrequired

Tenant Id of the customer.Example : "457A2BD8-B8C8-4656-93BD-42416464FE98"

string (uuid)

Response 404

Name Schema

erroroptional

string

exceptionoptional

string

messageoptional

string

pathoptional

string

statusoptional

integer (int32)

timestampoptional

string

Response 500

Name Schema

erroroptional

string

exceptionoptional

string

messageoptional

string

pathoptional

string

8

Name Schema

statusoptional

integer (int32)

timestampoptional

string

Produces


Tags

• Account Status

Security

Type Name Scopes

oauth2 OAuth2dpod.tenant.spadmin, dpod.tenant.api_spadmin,dpod.tenant.admin, dpod.tenant.appowner


Response 200

{ "tenantId" : "457A2BD8-B8C8-4656-93BD-42416464FE98", "evaluationStartDate" : "2018-01-01T00:00:00Z", "evaluationEndDate" : "2018-01-30T00:00:00Z", "evaluationStatus" : "Evaluating", "agreementApprovalStatus" : "NotRequested", "cached" : false}

Submit a service agreement

POST /backoffice/serviceAgreements

Description

The Tenant Admin submits a service agreement for the account.

Parameters

9


Bodytermsrequired

The service duration and service minimumbillable units.

terms

terms


durationrequired

Number of months for the agreement. The selectable valueis 12, 24 or 36 in the DPoD UI. 0 is used to represent anautomated renewal (monthly, yearly…).Example : 36

integer

mbusrequired

The array of minimum billable units submitted and/orapproved.

< mbus > array

mbus


quantityrequired

The minimum number of instances of 'service months' thetenant admin agrees to order.Minimum value : 1Maximum value : 255Example : 2

integer

serviceTyperequired

A service type available in DPoD.Example : { "id" : "457A2BD8-B8C8-4656-93BD-42416464FE99", "shortCode" : "pv key", "name" : "HSMon Demand" }

serviceType

serviceType


idrequired

Service type ID.Example : "457A2BD8-B8C8-4656-93BD-42416464FE99"

string (uuid)

namerequired

The name of the service type (often shown as a service tilename in the UI). The name is subject to change.Length : 1 - 50Example : "HSM on Demand"

string

shortCoderequired

A short text code that is a simple and unique service typeidentifier. This shortCode can then be used by an appowner to identify the service to deploy. Only the (modified)shortCode appears in the reports.Length : 1 - 255Example : "pv key"

string

Responses

10

HTTPCode

Description Schema

201 Submitted. No Content

400 Bad parameter. The reason will be detailed in the error. Response 400

409 Invalid state, e.g. tenant already submitted or approved. Response 409

500 InternalServerError Response 500

Response 400

Name Schema

erroroptional

string

exceptionoptional

string

messageoptional

string

pathoptional

string

statusoptional

integer (int32)

timestampoptional

string

Response 409

Name Schema

erroroptional

string

exceptionoptional

string

messageoptional

string

pathoptional

string

statusoptional

integer (int32)

timestampoptional

string

Response 500

11

Name Schema

erroroptional

string

exceptionoptional

string

messageoptional

string

pathoptional

string

statusoptional

integer (int32)

timestampoptional

string

Produces


Tags

• Service Agreement

Security

Type Name Scopes

oauth2 OAuth2 dpod.tenant.admin

Get the service agreement for a tenant

GET /backoffice/serviceAgreements/{tenantId}

Description

Gets the service agreement details for the account. If the tenant has an acceptedDate, it will beconsidered as a Subscriber. If the tenant has no acceptedDate, and the current date is passed theendOfEvaluationDate it will be considered as Expired. Otherwise the tenant is considered inEvaluation.

Parameters


PathtenantIdrequired

TenantID of the customer string (uuid)

12

Responses

HTTPCode

Description Schema

200 OK. Response 200

404 The service agreement is not found. Response 404


Response 200


acceptanceoptional

The service agreement Approval information.Example : { "agreementDate" : "2018-02-10T00:00:00.000Z", "endOfAgreementDate" : "2021-02-10T00:00:00.000Z", "parentAdministrator" : {"userId" : "457A2BD8-B8C8-4656-93BD-42416464FEFF","givenName" : "Peter", "familyName" : "Parker","email" : "[email protected]" } }

acceptance

cachedoptional


boolean

submissionoptional

The service agreement Submission information.Example : { "submittedDate" : "2018-02-10T00:00:00.000Z", "tenantID" : "457A2BD8-B8C8-4656-93BD-42416464FE98", "tenantName" : "Some company name","tenantAdministrator" : { "userId" : "457A2BD8-B8C8-4656-93BD-42416464FE99", "givenName" : "John","familyName" : "Jameson", "email" :"[email protected]" },"parentAdministrator" : { "userId" : "457A2BD8-B8C8-4656-93BD-42416464FEFF", "givenName" : "Peter","familyName" : "Parker", "email" :"[email protected]" } }

submission

termsoptional

The term and the minimum billable unitsExample : { "duration" : 36, "mbus" : [ {"serviceType" : { "id" : "457A2BD8-B8C8-4656-93BD-42416464FE99", "shortCode" : "pv key", "name": "HSM on Demand" }, "quantity" : 2 }, {"serviceType" : { "id" : "457A2BD8-B8C8-4656-93BD-42416464FEFF", "shortCode" : "sfkb", "name" :"Salesforce Keybroker" }, "quantity" : 3 } ] }

terms

acceptance


agreementDaterequired

The UTC date the Service Provide admin approves theservice agreement.Example : "2018-02-10T00:00:00.000Z"

string

13

mailto:[email protected]




endOfAgreementDaterequired

The UTC date the subscriber account turns to a monthlycontract. For the new service agreements, this will be 12, 24or 36 months after the approval date or 1200 months after(100 years) in the case of an automated renewal. For legacytenants, the date can be any date.Example : "2021-02-10T00:00:00.000Z"

string

parentAdministratorrequired

The Service Provider admin who signed the serviceagreement. This can be either the main admin or asecondary admin.Example : { "userId" : "457A2BD8-B8C8-4656-93BD-42416464FE99", "givenName" : "John", "familyName" :"Jameson", "email" : "[email protected]" }

parentAdministrator

parentAdministrator


emailoptional

The email of the person.Length : 10 - 255Example : "[email protected]"

string (email)

familyNameoptional

The family name of the person.Length : 1 - 255Example : "Jameson"

string

givenNameoptional

The given name of the person.Length : 1 - 255Example : "John"

string

userIdrequired

User ID.Example : "457A2BD8-B8C8-4656-93BD-42416464FE99"

string (uuid)

submission


parentAdministratorrequired

The main Service Provider admin who receives the serviceagreementExample : { "userId" : "457A2BD8-B8C8-4656-93BD-42416464FE99", "givenName" : "John", "familyName" :"Jameson", "email" : "[email protected]" }

parentAdministrator

submittedDaterequired

The UTC date the tenant admin submits the serviceagreement.Example : "2018-02-10T00:00:00.000Z"

string

tenantAdministratorrequired

The person proposing the service agreement.Example : { "userId" : "457A2BD8-B8C8-4656-93BD-42416464FE99", "givenName" : "John", "familyName" :"Jameson", "email" : "[email protected]" }

tenantAdministrator

tenantIDrequired

Tenant ID of the customer.Example : "457A2BD8-B8C8-4656-93BD-42416464FE98"

string (uuid)

14






tenantNameoptional

Tenant name.Length : 1 - 255Example : "Some company name"

string

parentAdministrator


emailoptional


string (email)

familyNameoptional


string

givenNameoptional


string

userIdrequired


string (uuid)

tenantAdministrator


emailoptional


string (email)

familyNameoptional


string

givenNameoptional


string

userIdrequired


string (uuid)

terms


durationrequired

Number of months for the agreement. The selectable valueis 12, 24 or 36 in the DPoD UI. 0 is used to represent anautomated renewal (monthly, yearly…).Example : 36

integer

mbusrequired

The array of minimum billable units submitted and/orapproved.

< mbus > array

15



mbus


quantityrequired

The minimum number of instances of 'service months' thetenant admin agrees to order.Minimum value : 1Maximum value : 255Example : 2

integer

serviceTyperequired

A service type available in DPoD.Example : { "id" : "457A2BD8-B8C8-4656-93BD-42416464FE99", "shortCode" : "pv key", "name" : "HSMon Demand" }

serviceType

serviceType


idrequired

Service type ID.Example : "457A2BD8-B8C8-4656-93BD-42416464FE99"

string (uuid)

namerequired

The name of the service type (often shown as a service tilename in the UI). The name is subject to change.Length : 1 - 50Example : "HSM on Demand"

string

shortCoderequired

A short text code that is a simple and unique service typeidentifier. This shortCode can then be used by an appowner to identify the service to deploy. Only the (modified)shortCode appears in the reports.Length : 1 - 255Example : "pv key"

string

Response 404

Name Schema

erroroptional

string

exceptionoptional

string

messageoptional

string

pathoptional

string

statusoptional

integer (int32)

timestampoptional

string

16

Response 500

Name Schema

erroroptional

string

exceptionoptional

string

messageoptional

string

pathoptional

string

statusoptional

integer (int32)

timestampoptional

string

Produces


Tags


Security

Type Name Scopes



Response 200

17

{ "terms" : { "duration" : 36, "mbus" : [ { "serviceType" : { "id" : "457A2BD8-B8C8-4656-93BD-42416464FE99", "shortCode" : "pv key", "name" : "HSM on Demand" }, "quantity" : 2 }, { "serviceType" : { "id" : "457A2BD8-B8C8-4656-93BD-42416464FEFF", "shortCode" : "sfkb", "name" : "Salesforce Keybroker" }, "quantity" : 3 } ] }, "submission" : { "submittedDate" : "2018-02-10T00:00:00.000Z", "tenantID" : "457A2BD8-B8C8-4656-93BD-42416464FE98", "tenantName" : "Some company name", "tenantAdministrator" : { "userId" : "457A2BD8-B8C8-4656-93BD-42416464FE99", "givenName" : "John", "familyName" : "Jameson", "email" : "[email protected]" }, "parentAdministrator" : { "userId" : "457A2BD8-B8C8-4656-93BD-42416464FEFF", "givenName" : "Peter", "familyName" : "Parker", "email" : "[email protected]" } }, "acceptance" : { "agreementDate" : "2018-02-10T00:00:00.000Z", "endOfAgreementDate" : "2021-02-10T00:00:00.000Z", "parentAdministrator" : { "userId" : "457A2BD8-B8C8-4656-93BD-42416464FEFF", "givenName" : "Peter", "familyName" : "Parker", "email" : "[email protected]" } }, "cached" : false}

18

Reject a service agreement

DELETE /backoffice/serviceAgreements/{tenantId}

Description

The Service Provider admin rejects a submitted service agreement for the account.

Parameters




Responses

HTTPCode

Description Schema

204 Deleted with no content. No Content

404 No service agreement found. Response 404

409 Invalid state, e.g. tenant already approved. Response 409


Response 404

Name Schema

erroroptional

string

exceptionoptional

string

messageoptional

string

pathoptional

string

statusoptional

integer (int32)

timestampoptional

string

Response 409

19

Name Schema

erroroptional

string

exceptionoptional

string

messageoptional

string

pathoptional

string

statusoptional

integer (int32)

timestampoptional

string

Response 500

Name Schema

erroroptional

string

exceptionoptional

string

messageoptional

string

pathoptional

string

statusoptional

integer (int32)

timestampoptional

string

Produces


Tags


Security

Type Name Scopes

oauth2 OAuth2 dpod.tenant.spadmin

20

Approve a service agreement

PATCH /backoffice/serviceAgreements/{tenantId}

Description

The Service Provider admin approves a submitted service agreement for the account.

Parameters




Responses

HTTPCode

Description Schema

200 Service agreement updated. No Content

400 Bad parameter. The reason will be detailed in the error. Response 400

404 No service agreement found. Response 404

409 Invalid state, e.g. tenant not submitted or already approved. Response 409


Response 400

Name Schema

erroroptional

string

exceptionoptional

string

messageoptional

string

pathoptional

string

statusoptional

integer (int32)

timestampoptional

string

Response 404

21

Name Schema

erroroptional

string

exceptionoptional

string

messageoptional

string

pathoptional

string

statusoptional

integer (int32)

timestampoptional

string

Response 409

Name Schema

erroroptional

string

exceptionoptional

string

messageoptional

string

pathoptional

string

statusoptional

integer (int32)

timestampoptional

string

Response 500

Name Schema

erroroptional

string

exceptionoptional

string

messageoptional

string

pathoptional

string

22

Name Schema

statusoptional

integer (int32)

timestampoptional

string

Produces


Tags


Security

Type Name Scopes

oauth2 OAuth2 dpod.tenant.spadmin

Get current terms of service for a tenant

GET /backoffice/tos/{tenantId}

Description

Gets the current terms of service as a PDF.

Parameters




Responses

HTTPCode

Description Schema

200 Success response. string (binary)

404 Terms of service not found. Response 404


Response 404

23

Name Schema

erroroptional

string

exceptionoptional

string

messageoptional

string

pathoptional

string

statusoptional

integer (int32)

timestampoptional

string

Response 500

Name Schema

erroroptional

string

exceptionoptional

string

messageoptional

string

pathoptional

string

statusoptional

integer (int32)

timestampoptional

string

Produces

• application/pdf


Tags

• Terms of Service

Security

Type Name Scopes


24

Credentials Management Service API

Create API-level client credentials

POST /credentials/clients

Description

Creates API-level client credentials.

Parameters


BodyclientCreateParamsrequired

Details of the client to create. clientCreateParams

clientCreateParams


namerequired

The name to be assigned to the client.Length : 1 - 64

string

rolerequired

The role to be assigned to the client.enum (appowner,service, spadmin)

serviceIdsoptional

The service ID(s) which the client is allowed to access (onlyapplicable to service-scoped clients).


subscriberGroupsoptional

The subscriber groups to which the client would belong oran empty list to set it in all the subscriber groups of theuser.


Responses

HTTPCode

Description Schema

200 New API-level client credentials. Response 200

403 Unauthorized to access this endpoint Response 403

Response 200


clientIdoptional

The client ID used for DPoD authentication. string (uuid)

25


clientSecretoptional

The client secret used for DPoD authentication. This value isonly returned on creation, not after.

string

createdAtoptional

Date/time the resource was created. string

createdByoptional

Username of the user who created the client. string

nameoptional

The name assigned to the client. string

rolerequired

The type of client credentials.enum (appowner,service, spadmin)

serviceIdsoptional



Response 403

Name Schema

erroroptional

string

exceptionoptional

string

messageoptional

string

pathoptional

string

statusoptional

integer (int32)

timestampoptional

string

traceidoptional

string

Consumes


Produces


Tags

• Credentials

26

Security

Type Name Scopes

oauth2 OAuth2dpod.tenant.appowner, dpod.tenant.spadmin,dpod.tenant.api_spadmin


Response 200

name: testclientId: d618000d-2c9c-4ca6-b05e-2c2583fb1736clientSecret: HKDvZwRlLLqU2WypnLKhGYa9RNqFtokRJzzS0gMRL71f61Y12T38buVyUeMTxBeVrole: appownercreatedAt: 2020-09-23T15:48:11.856ZcreatedBy: [email protected]

List all the client credentials

GET /credentials/clients

Description

List all the client credentials based on the filters.

Parameters


Querypageoptional

Page number to retrieve, starting at 0. integer

Queryroleoptional


QueryserviceIdsoptional

The service ID(s) which the client is allowed toaccess (only applicable to service-scoped clients).


Querysizeoptional

Number of results per page. integer

Responses

HTTPCode

Description Schema

200 A list of client credentials. Response 200

default Unexpected error. Response default

27

Response 200


contentoptional

The array of clients created. < content > array

numberrequired

Current page number out of a total of 'totalPages'. integer

sizerequired

Number of elements in this response. integer

totalElementsrequired

Total number of elements. integer (int64)

totalPagesrequired

Total number of pages. integer

content


clientIdoptional




string

createdAtoptional


createdByoptional


nameoptional


rolerequired


serviceIdsoptional



Response default

Name Schema

erroroptional

string

exceptionoptional

string

messageoptional

string

28

Name Schema

pathoptional

string

statusoptional

integer (int32)

timestampoptional

string

traceidoptional

string

Produces


Tags

• Credentials

Security

Type Name Scopes

oauth2 OAuth2dpod.tenant.appowner, dpod.tenant.admin,dpod.tenant.spadmin, dpod.tenant.api_spadmin

Get details of the specified client credentials

GET /credentials/clients/{id}

Parameters


Pathidrequired

The resource ID. string (uuid)

Responses

HTTPCode

Description Schema

200Details of the client credentials associated with the provided clientID.

Response 200

404 Client does not exist. No Content

Response 200

29


clientIdoptional




string

createdAtoptional


createdByoptional


nameoptional


rolerequired


serviceIdsoptional



Tags

• Credentials

Security

Type Name Scopes

oauth2 OAuth2dpod.tenant.admin, dpod.tenant.appowner,dpod.tenant.spadmin, dpod.tenant.api_spadmin


Response 200


Delete client credentials

DELETE /credentials/clients/{id}

30

Parameters


Pathidrequired


Responses

HTTPCode

Description Schema

204 Client credentials deleted successfully. No Content


Response default

Name Schema

erroroptional

string

exceptionoptional

string

messageoptional

string

pathoptional

string

statusoptional

integer (int32)

timestampoptional

string

traceidoptional

string

Tags

• Credentials

Security

Type Name Scopes


31

Update existing client credentials

PATCH /credentials/clients/{id}

Parameters


Pathidrequired


BodyclientUpdateParamsoptional

Details of the client credentials to update. clientUpdateParams

clientUpdateParams


nameoptional

The name to be assigned to the client.Length : 1 - 64

string

Responses

HTTPCode

Description Schema

200 Client credentials details. Response 200

400 Bad request. Response 400

404 Client credentials do not exist. Response 404

Response 200


clientIdoptional




string

createdAtoptional


createdByoptional


nameoptional


32


rolerequired


serviceIdsoptional



Response 400

Name Schema

erroroptional

string

exceptionoptional

string

messageoptional

string

pathoptional

string

statusoptional

integer (int32)

timestampoptional

string

traceidoptional

string

Response 404

Name Schema

erroroptional

string

exceptionoptional

string

messageoptional

string

pathoptional

string

statusoptional

integer (int32)

timestampoptional

string

traceidoptional

string

33

Tags

• Credentials

Security

Type Name Scopes



Response 200


Reset client credentials’s secret

POST /credentials/clients/{id}/resetSecret

Description

Resets the password the client specified.

Parameters


Pathidrequired


Responses

HTTPCode

Description Schema

200 The new secret for the specified client. Response 200

400 Bad request. Response 400

404 Client does not exist. Response 404

Response 200

34



The new secret set for specified credentials. string

Response 400

Name Schema

erroroptional

string

exceptionoptional

string

messageoptional

string

pathoptional

string

statusoptional

integer (int32)

timestampoptional

string

traceidoptional

string

Response 404

Name Schema

erroroptional

string

exceptionoptional

string

messageoptional

string

pathoptional

string

statusoptional

integer (int32)

timestampoptional

string

traceidoptional

string

35

Tags

• Credentials

Security

Type Name Scopes


Marketplace Categories API

List all available categories for the service types

GET /service_categories

Description

Lists the categories available.

Parameters


Querypageoptional

Page number to retrieve. If the size is specifiedand the page number is not, the page number isset to 0.

integer

Querysizeoptional

Number of results per page. If the page numberis specified and the page size is not, the page sizeis set to 20.

integer

Responses

HTTPCode

Description Schema

200 An array of available tiles. Response 200

400the specified page number is less than zero, or the specified pagesize is less than 1.

No Content

403The current user does not have access to the specified tenant’s tilelist.

No Content


Response 200

36


contentoptional

The array of the Tenants. < content > array

numberrequired


sizerequired




totalPagesrequired


content


idoptionalread-only

An UUID associated with the service category. string (uuid)

namerequired

The name of the service category type it represents. string

orderNumrequired

Denotes the preferred order (asc) of the service categorywithin the list of categoriesMinimum value : 0Maximum value : 255

integer

Response default


detailoptional

A human readable explanation specific to this occurrenceof the problem.Example : "Connection to database timed out"

string

instanceoptional

An absolute URI that identifies the specific occurrence ofthe problem. It may or may not yield further information ifdereferenced.

string (uri)

statusoptional

The HTTP status code generated by the origin server for thisoccurrence of the problem.Minimum value : 100Maximum value (exclusive) : 600Example : 503

integer (int32)

titleoptional

A short, summary of the problem type. Written in Englishand readable for engineers (usually not suited for nontechnical stakeholders and not localized); example: ServiceUnavailable

string

37


typeoptional

An absolute URI that identifies the problem type. Whendereferenced, it SHOULD provide human-readabledocumentation for the problem type (e.g., using HTML).Default : "about:blank"Example : "https://zalando.github.io/problem/constraint-violation"

string (uri)

Tags

• service-categories

Security

Type Name Scopes



Response 200

{ 'categories': [{ 'id': '00001111-2222-3333-4444-555566667777', 'name': 'Luna Cloud HSM Services' }, { 'id': '88889999-AAAA-BBBB-CCCC-DDDDEEEEFFFF', 'name': 'CipherTrust Key Management Services' } ]}

Service Instances API

Provision a service instance

POST /service_instances

Description

Provision a DPoD platform service instance.

38

Parameters


BodyserviceRequestrequired

Contains the name of the service to create, andthe passwords to set on that service. If no CryptoUser password is provided, the Crypto User rolewill not be created.

serviceRequest

serviceRequest


createParamsrequired

Pass through parameters for service creations.< string, object >map

deviceTyperequired

Type of device to use when creating the service.(Deprecated): Please specify deviceType in createParams

enum (cryptovisor,cryptovisor_fips)

namerequired

Name of the service.Length : 4 - 45Example : "My HSMoD service"

string

servicePlanoptional

Maximal length : 255 string

serviceTypeoptional

Type of service to create. Ignored if tileId is provided;required if tileId is not provided. Example values: -key_vault - pki_private_key_protection - digital_signing -oracle_tde_database - salesforce_key_broker - hyperledger -protectvMaximal length : 255

string

serviceVersionoptional

The version of the service. (Deprecated): Please specifyserviceVersion in createParams.Default : "1.0.0"

string

tileIdoptional

If provided, a service of the type specified by the given tilewill be created. Takes precedence over serviceType, if thatfield is provided.

string (uuid)

Responses

HTTPCode

Description Schema

201 Service created. No Content


Response default

39

Name Schema

coderequired

integer (int32)

messagerequired

string

Tags

• service-instances

Security

Type Name Scopes

oauth2 OAuth2 dpod.tenant.appowner, dpod.tenant.api_appowner

Show active service instances

GET /service_instances

Description

Return information about the active services existing in your tenant space.

Parameters


Querypageoptional

Page number to retrieve integer

Querysizeoptional


Responses

HTTPCode

Description Schema

200 An array of active services. Response 200


Response 200


contentoptional

The array of the services. < content > array

40


numberrequired


sizerequired




totalPagesrequired


content


clientsoptional

Client names bound to the current service. < object > array

createdAtoptional

Timestamp indicating time of creation. string

created_byoptional

ID of the user who created the service. string (uuid)

created_by_usernameoptional

User name of the user who created the service. string

dashboard_urloptional

The dashboard URL of the service, if any. string (uri)

device_typeoptional

Type of device used for the service.enum (cryptovisor,cryptovisor_fips)

entitlementIdoptional

Only present for external marketplaces, empty otherwise.Represents the subscription to the service in the externalmarketplace reports or UI.

string

extAccountIdoptional

The external account (procurementId) this entitlement isfor.Minimum length : 1

string

marketplaceoptional

The external marketplace associated to the service.Example : ""

string

nameoptional

Name of the active service.Example : "My HSMoD service"

string

partition_serial_numberoptional

Serial number of the partition. string

serviceTypeoptional

Service type. string

41



The version of the service. Possible values are 1.0.0 and0.5.0.

string

service_idoptional

GUID representing a specific service. string

subscriberGroupoptional

Subscriber group that the service belongs to. string

Response default

Name Schema

coderequired

integer (int32)

messagerequired

string

Tags


Security

Type Name Scopes

oauth2 OAuth2dpod.tenant.appowner, dpod.tenant.api_appowner,dpod.tenant.admin


Response 200

{ "services": [ { "id": "00001111-2222-3333-4444-555566667777", "name": "Service A" }, { "id": "88889999-AAAA-BBBB-CCCC-DDDDEEEEFFFF", "name": "Service B" } ]}

42

Get a summary of the currently active services

GET /service_instances/summary

Description

Get a summary of all the currently active services. The list is a composition of all the active servicesbelonging to the tenant’s user (or subtenants' user) with one line per service type (plus FIPS / nonFIPS).

Responses

HTTPCode

Description Schema

200 Returns summary of the services.< Response 200 >array

500 Unexpected error. Response 500

Response 200


countrequired

Number of service instances in use. integer (int)

marketplaceAccountIdoptional

Only present for external marketplaces, empty otherwise.Represents the account in the external marketplace reportsor UI.

string

marketplaceNameoptional

Name of the marketplace that the service belongs to.Example : "DPoD or Google"

string

serviceTyperequired

Name of the service type.Example : "HSM on Demand_FIPS"

string

tenantIdrequired

The ID of the tenant. string (uuid)

Response 500

Name Schema

coderequired

integer (int32)

messagerequired

string

43

Tags

• reports

Security

Type Name Scopes


Get usage reports for billing purposes.

GET /service_instances/usageBillingReport

Description

Get the usage reports for billing purposes with one line per service instance.

Parameters


QueryendDaterequired

End year, month, and day of the report (UTC).The date must belong to the same month as thestart date and be the last day of the month. Thetime should be 11.59PM. The format is "YYYY-MM-DDT23:59:59.999Z" e.g. "2018-02-28T23:59:59.999Z"

string (string)

QueryshortCodeoptional

A short text code that is a simple and uniqueservice type identifier. If supplied, only servicetypes of the short code will be returned,otherwise all service types are returned.Example: key_vault

string

QuerystartDaterequired

Start year, month, and day of the report (UTC).The day does not need to be the first day of themonth. The time should be 12.00AM. The formatis "YYYY-MM-DDT00:00:00.000Z" e.g. "2018-02-19T00:00:00.000Z"

string (string)

QuerytenantIdoptional

Tenant ID of the customer. If supplied, only thecustomer’s and its sub-tenants' data will bereturned, otherwise all tenants' data will bereturned. Example: 1d2ca858-e696-4a3c-8f37-bba8be1dd8e4

string (uuid)

Responses

44

HTTPCode

Description Schema

200 Returns a CSV file. file

400 Bad request Response 400

404 Tenant or short code does not exist Response 404


Response 400

Name Schema

coderequired

integer (int32)

messagerequired

string

Response 404

Name Schema

coderequired

integer (int32)

messagerequired

string

Response 500

Name Schema

coderequired

integer (int32)

messagerequired

string

Tags

• reports

Security

Type Name Scopes


Get usage details

45

GET /service_instances/usageDetails

Description

Get usage details of all the services existing during the user provided period. The list is acomposition of all the services belonging to the tenant’s user (or subtenants' user) with one line perservice type (FIPS or non FIPS).

Parameters



End year, month, and day of the report (UTC).The date must belong to the same month as thestart date and be the last day of the month. Thetime should be 11.59PM. The format is "YYYY-MM-DDT23:59:59.999Z" e.g. "2018-02-28T23:59:59.999Z"

string (string)


Start year, month, and day of the report (UTC).The day does not need to be the first day of themonth. The time should be 12.00AM. The formatis "YYYY-MM-DDT00:00:00.000Z" e.g. "2018-02-19T00:00:00.000Z"

string (string)


Tenant ID. string (uuid)

Responses

HTTPCode

Description Schema

200 Returns information on services.< Response 200 >array


Response 200


created_byoptional

ID of the user who created the service. string



created_onoptional

Timestamp indication time of creation. string

46


deleted_onoptional

Timestamp indication time of deletion. string

entitlement_idoptional


string

marketplace_account_idoptional


string

marketplace_nameoptional


string

metricsoptional

A list of usage metrics associated with the service. Eachmetric is a key-value pair of the metric name and thenumber of units used.Example : { "Service Month" : 0.567, "Key Hours" :56 }

< string, number >map

parent_idoptional

GUID of the tenant’s parent. string (uuid)

parent_nameoptional

Name of the tenant’s parent.Example : "Thales SP"

string

serviceTypeoptional

Type of the service as a short code.Example : "key_vault"

string

service_idoptional


service_nameoptional

Name of the service.Example : "My HSMoD service"

string

subscriber_groupoptional

Name of the subscriber group this service belongs to.Example : "My subscriber group"

string

tenant_idoptional

GUID of the tenant that the service belongs to. string (uuid)

tenant_nameoptional

Name of the tenant that the service belongs to.Example : "Bombardier Aéronautique Inc." string

Response 500

Name Schema

coderequired

integer (int32)

messagerequired

string

47

Tags

• reports

Security

Type Name Scopes


Show service instance details

GET /service_instances/{id}

Description

Get details of the service instance matching the given service id.

Parameters


Pathidrequired


Responses

HTTPCode

Description Schema

200 Details about the requested service. Response 200


Response 200


clientsoptional


createdAtoptional


created_byoptional




48




device_typeoptional




string



string

marketplaceoptional


string

nameoptional


string



serviceTypeoptional




string

service_idoptional




Response default

Name Schema

coderequired

integer (int32)

messagerequired

string

Tags


49

Security

Type Name Scopes

oauth2 OAuth2dpod.tenant.appowner, dpod.tenant.admin,dpod.tenant.api_appowner, dpod.tenant.api_service


Response 200

{ "id": "00001111-2222-3333-4444-555566667777", "name": "Service A"}

Unprovision an active service instance

DELETE /service_instances/{id}

Description

Delete the service instance matching with the given service id. Any existing credentials will beinvalidated.

Parameters


Pathidrequired


Responses

HTTPCode

Description Schema

204 Service was deleted. No Content


Response default

Name Schema

coderequired

integer (int32)

50

Name Schema

messagerequired

string

Tags


Security

Type Name Scopes


Show all active client bindings

GET /service_instances/{id}/bindings

Description

Get the list of provisioned client bindings.

Parameters


Pathidrequired


Querypageoptional


Querysizeoptional


Responses

HTTPCode

Description Schema

200 Details about the requested client. Response 200


Response 200


contentoptional

The array of the clients. < object > array

51


numberrequired


sizerequired




totalPagesrequired


Response default

Name Schema

coderequired

integer (int32)

messagerequired

string

Tags


Security

Type Name Scopes

oauth2 OAuth2dpod.tenant.appowner, dpod.tenant.api_appowner,dpod.tenant.api_service

Generate a client binding to an existing service instance

PUT /service_instances/{id}/bindings

Description

Create a new client binding for the targeted service.

Parameters


Pathidrequired


52


BodyBindingRequestoptional

Parameters for creating a new client. BindingRequest

BindingRequest


bindingParamsrequired


namerequired

Client name must be unique for the targeted service.Length : 1 - 64

string

Responses

HTTPCode

Description Schema

201Returns a free-form hash of credentials that can be used by theapplication owner to access the service.

Response 201

409 Binding name is not unique. Response 409


Response 201

Name Schema

credentialsoptional

object

parametersoptional

object

Response 409

Name Schema

coderequired

integer (int32)

messagerequired

string

Response 500

53

Name Schema

coderequired

integer (int32)

messagerequired

string

Tags


Security

Type Name Scopes


Show client binding details

GET /service_instances/{id}/bindings/{clientId}

Description

Get the client binding details matching the given client id.

Parameters


PathclientIdrequired

Bound client ID. string (uuid)

Pathidrequired


Responses

HTTPCode

Description Schema



Response 200

54


createdAtoptional


created_byoptional

ID of the user who created the client. string (uuid)


User name of the user who created the client. string

idoptional

GUID representing the resource. string (uuid)

nameoptional

Client name. string

updatedAtoptional

Date/time the resource was updated. string

Response default

Name Schema

coderequired

integer (int32)

messagerequired

string

Tags


Security

Type Name Scopes


Unbind a client of a service

DELETE /service_instances/{id}/bindings/{clientId}

Description

Unbind the client matching the given client id.

55

Parameters




Pathidrequired


Responses

HTTPCode

Description Schema

204 Client unbound. No Content


Response default

Name Schema

coderequired

integer (int32)

messagerequired

string

Tags


Security

Type Name Scopes


Service API (Deprecated)

Create a service. Deprecated, see: POST /service_instances

POST /services

CAUTION This operation is deprecated.

56

Description

Provision a DPoD platform service. This API is deprecated and is only used by HSM on Demand andKey Management On Demand Services. Use the POST /service_instances instead.

Parameters


BodyserviceRequestrequired

Contains the name of the service to create, andthe passwords to set on that service. If no CryptoUser password is provided, the Crypto User rolewill not be created.

serviceRequest

serviceRequest


createParamsrequired


deviceTyperequired

Type of device to use when creating the service.(Deprecated): Please specify deviceType in createParams

enum (cryptovisor,cryptovisor_fips)

namerequired

Name of the service.Length : 4 - 45Example : "My HSMoD service"

string

servicePlanoptional

Maximal length : 255 string

serviceTypeoptional

Type of service to create. Ignored if tileId is provided;required if tileId is not provided. Example values: -key_vault - pki_private_key_protection - digital_signing -oracle_tde_database - salesforce_key_broker - hyperledger -protectvMaximal length : 255

string


The version of the service. (Deprecated): Please specifyserviceVersion in createParams.Default : "1.0.0"

string

tileIdoptional

If provided, a service of the type specified by the given tilewill be created. Takes precedence over serviceType, if thatfield is provided.

string (uuid)

Responses

HTTPCode

Description Schema

201 Service created. No Content


57

Response default

Name Schema

coderequired

integer (int32)

messagerequired

string

Tags

• services

Security

Type Name Scopes


Show active services. Deprecated, see: GET /service_instances

GET /services


Description

Return information about the active services existing in your tenant space. This API is deprecatedand is only used by HSM on Demand and Key Management On Demand Services. Use the GET/service_instances instead.

Parameters


Querypageoptional


Querysizeoptional


Responses

HTTPCode

Description Schema

200 An array of active services. Response 200


58

Response 200


contentoptional

The array of the services. < content > array

numberrequired


sizerequired




totalPagesrequired


content


clientsoptional


createdAtoptional


created_byoptional






device_typeoptional




string



string

marketplaceoptional


string

nameoptional


string

59




serviceTypeoptional




string

service_idoptional




Response default

Name Schema

coderequired

integer (int32)

messagerequired

string

Tags

• services

Security

Type Name Scopes

oauth2 OAuth2dpod.tenant.appowner, dpod.tenant.api_appowner,dpod.tenant.admin


Response 200

60

{ "services": [ { "id": "00001111-2222-3333-4444-555566667777", "name": "Service A" }, { "id": "88889999-AAAA-BBBB-CCCC-DDDDEEEEFFFF", "name": "Service B" } ]}

Show service details. Deprecated, see: GET /service_instances/{id}

GET /services/{id}


Description

Get details of the service with the given ID. This API is deprecated and is only used by HSM onDemand and Key Management On Demand Services. Use the GET /service_instances/{id} instead.

Parameters


Pathidrequired


Responses

HTTPCode

Description Schema

200 Details about the requested service. Response 200


Response 200


clientsoptional


createdAtoptional


61


created_byoptional






device_typeoptional




string



string

marketplaceoptional


string

nameoptional


string



serviceTypeoptional




string

service_idoptional




Response default

Name Schema

coderequired

integer (int32)

messagerequired

string

62

Tags

• services

Security

Type Name Scopes

oauth2 OAuth2dpod.tenant.appowner, dpod.tenant.admin,dpod.tenant.api_appowner, dpod.tenant.api_service


Response 200

{ "id": "00001111-2222-3333-4444-555566667777", "name": "Service A"}

Remove an active service. Deprecated, see: DELETE /service_instances/{id}

DELETE /services/{id}


Description

Delete the service with the given ID. Any existing credentials will be invalidated. This API isdeprecated and is only used by HSM on Demand and Key Management On Demand Services. Usethe DELETE /service_instances/{id} instead.

Parameters


Pathidrequired


Responses

HTTPCode

Description Schema

204 Service was deleted. No Content


63

Response default

Name Schema

coderequired

integer (int32)

messagerequired

string

Tags

• services

Security

Type Name Scopes


Show all active clients. Deprecated, see: GET/service_instances/{id}/bindings/{clientId}

GET /services/{id}/client


Description

Get the list of provisioned clients. This API is deprecated and is only used by HSM on Demand andKey Management On Demand Services. Use the GET /service_instances/{id}/bindings instead.

Parameters


Pathidrequired


Querypageoptional


Querysizeoptional


Responses

64

HTTPCode

Description Schema



Response 200


contentoptional

The array of the clients. < object > array

numberrequired


sizerequired




totalPagesrequired


Response default

Name Schema

coderequired

integer (int32)

messagerequired

string

Tags

• services

Security

Type Name Scopes


Bind a client to a service. Deprecated, see: PUT/service_instances/{id}/bindings/{clientId}

PUT /services/{id}/client

65


Description

Bind a new HSMoD client to the targeted service and download the client. This API is deprecatedand is only used by on Demand and Key Management On Demand Services. Use the PUT/service_instances/{id}/bindings instead. Returns a json response on error.

Parameters


Pathidrequired


BodyBindRequestoptional

Parameters for creating a new client. BindRequest

BindRequest


namerequired

Client name must be unique for the targeted service.Length : 1 - 64

string

osoptional

Type of OS for which the client should be created.Default : "linux"

enum (linux,windows)

Responses

HTTPCode

Description Schema

200 Returns a ZIP file. file

409 Service client name is not unique. Response 409


Response 409

Name Schema

coderequired

integer (int32)

messagerequired

string

Response 500

66

Name Schema

coderequired

integer (int32)

messagerequired

string

Produces

• application/zip

• application/octet-stream


Tags

• services

Security

Type Name Scopes


Show client details. Deprecated, see: GET/service_instances/{id}/bindings/{clientId}

GET /services/{id}/client/{clientId}


Description

Get the client binding details matching the given client id. This API is deprecated and is only usedby HSM on Demand and Key Management On Demand Services. Use the GET/service_instances/{id}/bindings/{clientId} instead.

Parameters




Pathidrequired


67

Responses

HTTPCode

Description Schema



Response 200


createdAtoptional


created_byoptional

ID of the user who created the client. string (uuid)


User name of the user who created the client. string

idoptional


nameoptional

Client name. string

updatedAtoptional

Date/time the resource was updated. string

Response default

Name Schema

coderequired

integer (int32)

messagerequired

string

Tags

• services

Security

Type Name Scopes


68

Unbind a client of a service. Deprecated, see: DELETE/service_instances/{id}/bindings/{clientId}

DELETE /services/{id}/client/{clientId}


Description

Unbind the client matching the given client id. This API is deprecated and is only used by HSM onDemand and Key Management On Demand Services. Use the DELETE/service_instances/{id}/bindings/{clientId} instead.

Parameters




Pathidrequired


Responses

HTTPCode

Description Schema

204 Client unbound. No Content


Response default

Name Schema

coderequired

integer (int32)

messagerequired

string

Tags

• services

Security

69

Type Name Scopes


Subscriber Group API

Create a new Subscriber Group

POST /subscriber_groups

Description

Creates a new Subscriber Group within my tenant. They are used to group application owners andservices into logical separations.

Parameters


Body

subscriberGroupCreateParamsrequired

Details of the Subscriber Group to createsubscriberGroupCreateParams

subscriberGroupCreateParams


descriptionoptional

Description of the Subscriber Group.Maximal length : 512

string

namerequired

Name of the Subscriber Group.Length : 1 - 64

string

Responses

HTTPCode

Description Schema

201 New Subscriber Group Response 201

default Unexpected error Response default

Response 201


createdAtoptional


70


descriptionoptional

Description of the Subscriber Group. string

idoptional


nameoptional

Name of the Subscriber Group. string

totalClientsoptional

Total number of platform credentials. integer (int64)

totalServicesoptional

Total number of services. integer (int64)

totalUsersoptional

Total number of users. integer (int64)

updatedAtoptional

Date/time the resource was updated string

Response default

Name Schema

erroroptional

string

exceptionoptional

string

messageoptional

string

pathoptional

string

statusoptional

integer (int32)

timestampoptional

string

traceidoptional

string

Consumes


Tags

• SubscriberGroups

71

Security

Type Name Scopes


List Subscriber Groups

GET /subscriber_groups

Description

Lists the Subscriber Groups that the current user can see.

Parameters


Querypageoptional


Querysizeoptional


Responses

HTTPCode

Description Schema

200 A collection of Subscriber Groups Response 200


Response 200


contentoptional

The array of the Subscriber Groups. < object > array

numberrequired


sizerequired




totalPagesrequired


Response default

72

Name Schema

erroroptional

string

exceptionoptional

string

messageoptional

string

pathoptional

string

statusoptional

integer (int32)

timestampoptional

string

traceidoptional

string

Produces


Tags


Security

Type Name Scopes


get the details for a specified Subscriber Group

GET /subscriber_groups/{id}

Parameters


Pathidrequired


Responses

73

HTTPCode

Description Schema

200 Subscriber Group details Response 200

404 Subscriber Group does not exist No Content

Response 200


createdAtoptional


descriptionoptional


idoptional


nameoptional






totalUsersoptional


updatedAtoptional


Produces


Tags


Security

Type Name Scopes

oauth2 OAuth2dpod.tenant.admin, dpod.tenant.appowner,dpod.tenant.api_appowner


Response 200

74

id: 78e98c32-3ed3-46ce-8cf1-e31cc61c2e8c,name: subscriberGroup,description: Top Level Subscriber Group

Delete the Subscriber Group

DELETE /subscriber_groups/{id}

Parameters


Pathidrequired


Responses

HTTPCode

Description Schema

204 Subscriber Group was deleted No Content

Tags


Security

Type Name Scopes


Update an existing Subscriber Group

PATCH /subscriber_groups/{id}

Parameters


Pathidrequired


Body

subscriberGroupUpdateParamsrequired

Updated Subscriber Group detailssubscriberGroupUpdateParams

75

subscriberGroupUpdateParams


descriptionoptional

Description of the Subscriber Group.Maximal length : 512

string

nameoptional

Name of the Subscriber Group.Length : 1 - 64

string

Responses

HTTPCode

Description Schema

200 Subscriber Group details Response 200

400 Bad Request Response 400

404 Subscriber Group does not exist Response 404

Response 200


createdAtoptional


descriptionoptional


idoptional


nameoptional






totalUsersoptional


updatedAtoptional


Response 400

Name Schema

erroroptional

string

76

Name Schema

exceptionoptional

string

messageoptional

string

pathoptional

string

statusoptional

integer (int32)

timestampoptional

string

traceidoptional

string

Response 404

Name Schema

erroroptional

string

exceptionoptional

string

messageoptional

string

pathoptional

string

statusoptional

integer (int32)

timestampoptional

string

traceidoptional

string

Tags


Security

Type Name Scopes


77

Tenant API

Create a tenant

POST /tenants

Description

Create a new tenant.

Parameters


BodytenantCreateParamsrequired

Details of the tenant to create. The tenantadministrator must be verified using the linkprovided in the email.

tenantCreateParams

tenantCreateParams


accountTypeoptional

Type of account. Valid values are "service provider" and"subscriber". The default is "subscriber".Default : "subscriber"Example : "subscriber"

string

adminEmailrequired

Email address of the tenant admin to be created.Length : 10 - 255Example : "[email protected]"

string (email)

adminFamilyNamerequired

Last name of the tenant admin to be created.Length : 1 - 255Example : "D’Arcy"

string

adminGivenNamerequired

First name of the tenant admin to be created.Length : 1 - 255Example : "Paul-Émile"

string

adminPasswordrequired

Initial password for the tenant admin.Length : 10 - 255Example : "rosebud123"

string (password)

adminPhoneNumberrequired

Phone number of the tenant admin to be created.Maximal length : 32Example : "+1 4511234567 x8901"

string

billingAddressoptional

billingAddress

78



companyNamerequired

Legal company name that will be screened.Length : 3 - 255Example : "Bombardier Aéronautique Inc."

string

departmentNameoptional

An optional department of a company.Maximal length : 32Example : "Hardware division"

string

hostnameoptional

Hostname to be used in the URL of the microservices to bedeployed in the tenant. The name must be unique in theService Provider domain.Length : 1 - 24Example : "bombardier-dpod-1"

string

nameoptional

Name of the tenant. The name must be globally unique.Must not contain commas.Length : 1 - 64Example : "Bombardier Aéronautique Inc."

string

serviceQuotaoptional

The number of services which can be created. At this time,the integer maximum value 2147483647 is used torepresent an unlimited value.Minimum value : 0Maximum value : 2147483647Example : 2

integer

billingAddress


cityoptional

City.Maximal length : 32Example : "Montréal"

string

countryrequired

Country in full text from the ISO 3166-2 list with the properupper and lower case characters.Maximal length : 64Example : "Canada"

string

stateoptional

State, Province, or Region in full text from the ISO 3166-2list.Maximal length : 64Example : "Quebec"

string

streetAddressoptional

Street Address.Maximal length : 255Example : "20-200 Boulevard de la Côte-Vertu"

string

zipoptional

ZIP or Postal Code.Maximal length : 12Example : "J2E 7M6"

string

79

Responses

HTTPCode

Description Schema

201 New tenant Response 201

400 Bad Request. Response 400

403 Forbidden. The screening rejected the tenant. Response 403

500 Unexpected error in DPoD. Response 500

Response 201


accountStatusoptional

Status of account. Valid values are (currently) "active", and"disabled"

string

accountTypeoptional

Type of account. Valid values are "service provider" and"subscriber"

string


billingAddress

companyNameoptional

Registered company name that will be screened.Length : 3 - 255Example : "Bombardier Aéronautique Inc."

string

createdAtoptional




string

hostnameoptional

Hostname to be used in the url of the microservices to bedeployed in the tenant.

string

idoptional


loginUrloptional

UAA login URL for this tenant string

nameoptional

Name of the tenant. string

parentoptional

Id of the Service Provider administrator creating thetenant.

string (UUIDv4)


The maximum number of services which can be created forthe tenant. At this time, the integer maximum value2147483647 is used to represent an unlimited value.

integer

spaceStatusoptional

Status of the tenant space. Valid values are "pending", and"active"

string

80


updatedAtoptional


billingAddress


cityoptional


string

countryrequired


string

stateoptional


string



string

zipoptional


string

Response 400

Name Schema

erroroptional

string

exceptionoptional

string

messageoptional

string

pathoptional

string

statusoptional

integer (int32)

timestampoptional

string

Response 403

81

Name Schema

erroroptional

string

exceptionoptional

string

messageoptional

string

pathoptional

string

statusoptional

integer (int32)

timestampoptional

string

Response 500

Name Schema

erroroptional

string

exceptionoptional

string

messageoptional

string

pathoptional

string

statusoptional

integer (int32)

timestampoptional

string

Tags

• Tenant

Security

Type Name Scopes


List tenants

82

GET /tenants

Description

Lists the currently registered tenants.

Parameters


Querypageoptional


Querysizeoptional

Number of results per page integer

Responses

HTTPCode

Description Schema

200 An collection of tenants Response 200


Response 200


contentoptional


numberrequired


sizerequired




totalPagesrequired


content




string

accountTypeoptional


string

83



billingAddress

companyNameoptional


string

createdAtoptional




string

hostnameoptional


string

idoptional


loginUrloptional


nameoptional


parentoptional


string (UUIDv4)



integer

spaceStatusoptional


string

updatedAtoptional


billingAddress


cityoptional


string

countryrequired


string

84


stateoptional


string



string

zipoptional


string

Response default

Name Schema

erroroptional

string

exceptionoptional

string

messageoptional

string

pathoptional

string

statusoptional

integer (int32)

timestampoptional

string

Tags

• Tenant

Security

Type Name Scopes


Get a tree representation of the tenant’s hierarchy based on children withvalid account statuses (active and disabled) it may have.

GET /tenants/hierarchy

85

Description

Returns a tree representation of the current user’s tenants, with only tenants that have a validaccount status (active or disabled) are listed. The user’s tenant is the root node, Service Providersubtenants are represented as branch nodes, and subscriber tenants are leaf nodes.

Parameters



TenantID of the Service Provider for whichhierarchy is requested.

string (uuid)

Responses

HTTPCode

Description Schema

200 The tenant hierarchy representation. Response 200


Response 200


childrenrequired

The array of tenants node belonging to this tenant. < object > array

idrequired

GUID representing the tenant id. string (uuid)

parentoptional

GUID of the parent of this tenant, null or absent for the toplevel node.

string (uuid)

valuerequired

The tenant represented in this node value

value




string

accountTypeoptional


string


billingAddress

companyNameoptional


string

86


createdAtoptional




string

hostnameoptional


string

idoptional


loginUrloptional


nameoptional


parentoptional


string (UUIDv4)



integer

spaceStatusoptional


string

updatedAtoptional


billingAddress


cityoptional


string

countryrequired


string

stateoptional


string



string

87


zipoptional


string

Response default

Name Schema

erroroptional

string

exceptionoptional

string

messageoptional

string

pathoptional

string

statusoptional

integer (int32)

timestampoptional

string

Tags

• Tenant

Security

Type Name Scopes


Get logo image for the targeted host

GET /tenants/logo

Description

Get the logo image linked to the targeted host. If none exist or the current tenant is not a ServiceProvider, the tenant’s parent logo is returned. When no logo can be found from the parent or thecurrent tenant, a default logo is returned.

Parameters

88


HeaderX-Forwarded-Hostrequired

The original request host. string

Responses

HTTPCode

Description Schema

200 Logo image (PNG). string (binary)

404 Tenant has no logo No Content

Produces

• image/png

Tags

• Tenant

Collect the service summary

GET /tenants/servicesSummary

Description

Get a summary of all the currently active services. The list is a composition of all the active servicesbelonging to the subtenants.

Parameters


QueryserviceTypeoptional

The service type required for filtering e.g. "HSMon Demand_FIPS"

string

Responses

HTTPCode

Description Schema

200 Returns service summary in json format< Response 200 >array

500 Unexpected error Response 500

Response 200

89


countrequired

The number of services in use. integer (int)



string



string

serviceTyperequired

name of service string

tenantIdoptional

The ID for the tenant. string (uuid)

tenantNameoptional

Name of the tenant string

Response 500

Name Schema

erroroptional

string

exceptionoptional

string

messageoptional

string

pathoptional

string

statusoptional

integer (int32)

timestampoptional

string

Tags

• Tenant

Security

Type Name Scopes


90

Collect the service summary file

GET /tenants/servicesSummaryFile

Description

Get a summary of all the currently active services. The list is a composition of all the active servicesbelonging to the subtenants.

Parameters


QueryserviceTypeoptional

The service type required for filtering e.g. "HSMon Demand_FIPS"

string

Responses

HTTPCode

Description Schema

200 Returns a service summary as a CSV file. file


Response 500

Name Schema

erroroptional

string

exceptionoptional

string

messageoptional

string

pathoptional

string

statusoptional

integer (int32)

timestampoptional

string

Tags

• Tenant

91

Security

Type Name Scopes


Get tenant settings

GET /tenants/settings

Description

Get the tenant settings.

Responses

HTTPCode

Description Schema

200 Tenant settings. Response 200


404This API is disabled as the automatic tenant onboarding is globallydisabled.

Response 404


Response 200


automaticTenantOnboardingoptional

Can either be true or false. "true" to enable automatictenant onboarding, "false" to disable.

boolean

Response 400

Name Schema

erroroptional

string

exceptionoptional

string

messageoptional

string

pathoptional

string

92

Name Schema

statusoptional

integer (int32)

timestampoptional

string

Response 404

Name Schema

erroroptional

string

exceptionoptional

string

messageoptional

string

pathoptional

string

statusoptional

integer (int32)

timestampoptional

string

Response 500

Name Schema

erroroptional

string

exceptionoptional

string

messageoptional

string

pathoptional

string

statusoptional

integer (int32)

timestampoptional

string

Tags

• Tenant

93

Security

Type Name Scopes


Update tenant settings

PATCH /tenants/settings

Description

Update the tenant settings.

Parameters


BodytenantSettingsrequired

Settings to be updated. tenantSettings

tenantSettings




boolean

Responses

HTTPCode

Description Schema

200 Tenant settings were updated successfully. Response 200


404This API is disabled as the automatic tenant onboarding is globallydisabled.

Response 404


Response 200

94




boolean

Response 400

Name Schema

erroroptional

string

exceptionoptional

string

messageoptional

string

pathoptional

string

statusoptional

integer (int32)

timestampoptional

string

Response 404

Name Schema

erroroptional

string

exceptionoptional

string

messageoptional

string

pathoptional

string

statusoptional

integer (int32)

timestampoptional

string

Response 500

95

Name Schema

erroroptional

string

exceptionoptional

string

messageoptional

string

pathoptional

string

statusoptional

integer (int32)

timestampoptional

string

Tags

• Tenant

Security

Type Name Scopes


Generate the usage report for all the tenants

GET /tenants/usageDetails

Description

Get the usage grouped for each provisionable service type for each tenant or subtenant in thehierarchy with as well a grouping by Service provider.

Parameters



End year, month, and day of the report (UTC).The date must belong to the same month as thestart date and be the last day of the month. Thetime should be 11.59 PM. The format is "YYYY-MM-DDT23:59:59.999Z" e.g. "2018-01-31T23:59:59.999Z"

string (string)

96



Start year, month, and day of the report (UTC).The day needs to be the first day of the month.The time should be 12.00 AM. The format is"YYYY-MM-DDT00:00:00.000Z" e.g. "2018-01-01T00:00:00.000Z"

string (string)

Responses

HTTPCode

Description Schema

200 Returns the Usage Details< Response 200 >array


Response 200


conversionToSubscriberDateoptional

Conversion to subscriber date. string

evaluationEndDateoptional

End of evaluation date for the subscriber. string

evaluationStartDateoptional

Evaluation start date for the subscriber. string

externalIdoptional

Tenant External Id. string

initialSelectionsoptional

Initial selections for minimum business units during theagreement period. For SP tenants, this is the aggregate of allof their sub-tenants initial selections quantities for theparticular service type

number



string



string

97


metricsoptional

A list of metrics (key value pairs). Possible values (notexclusive to this list) : - "Service Months": Usage of thetenant or its sub-tenants in service months. For subscribertenants, it is the usage for a particular service type. For SPtenants, it is the aggregate of the usages of all their sub-tenants for a particular service type where 1.000 representsa full month of useExample : { "Service Months" : 0.567, "Key Hours" :56 }

< string, number >map

parentTenantIdoptional

GUID of the tenant’s parent. string (uuid)

parentTenantNameoptional

Parent tenant’s Name.Example : "Thales SP"

string

serviceTypeoptional

Type of the service as a short code.Example : "key_vault"

string

submittedDateoptional

Subscriber submitted agreement date. string

tenantIdoptional

GUID of the tenant. string (uuid)

tenantNameoptional

Tenant Name.Example : "Bombardier Aéronautique Inc." string

tenantStatusoptional

Tenant Status. string

tenantTypeoptional

Tenant Type such as service provider or subscriber. string

termEndDateoptional

Term end of the initial service elections. string

Response 500

Name Schema

erroroptional

string

exceptionoptional

string

messageoptional

string

pathoptional

string

98

Name Schema

statusoptional

integer (int32)

timestampoptional

string

Tags

• Tenant

Security

Type Name Scopes


Generate the usage report file for all the tenants

GET /tenants/usageReport

Description

Get the usage grouped for each provisionable service type for each tenant or subtenant in thehierarchy with as well a grouping by Service provider.

Parameters



End year, month, and day of the report (UTC).The date must belong to the same month as thestart date and be the last day of the month. Thetime should be 11.59 PM. The format is "YYYY-MM-DDT23:59:59.999Z" e.g. "2018-01-31T23:59:59.999Z"

string (string)


Start year, month, and day of the report (UTC).The day needs to be the first day of the month.The time should be 12.00 AM. The format is"YYYY-MM-DDT00:00:00.000Z" e.g. "2018-01-01T00:00:00.000Z"

string (string)

Responses

HTTPCode

Description Schema

200 Returns the Usage Report as a CSV file. file

99

HTTPCode

Description Schema


Response 500

Name Schema

erroroptional

string

exceptionoptional

string

messageoptional

string

pathoptional

string

statusoptional

integer (int32)

timestampoptional

string

Tags

• Tenant

Security

Type Name Scopes


Get details for the specified tenant

GET /tenants/{id}

Parameters


Pathidrequired

The resource id string (uuid)

Responses

100

HTTPCode

Description Schema

200 Tenant details Response 200

404 Tenant does not exist No Content

Response 200




string

accountTypeoptional


string


billingAddress

companyNameoptional


string

createdAtoptional




string

hostnameoptional


string

idoptional


loginUrloptional


nameoptional


parentoptional


string (UUIDv4)



integer

spaceStatusoptional


string

updatedAtoptional


billingAddress

101


cityoptional


string

countryrequired


string

stateoptional


string



string

zipoptional


string

Tags

• Tenant

Security

Type Name Scopes



Response 200

{ "id" : "a8e98c32-3ed3-46ce-8cf1-e31cc61cb18d", "name" : "fred", "accountType" : "subscriber", "accountStatus" : "active", "spaceStatus" : "active"}

Delete the tenant

DELETE /tenants/{id}

102

Parameters


Pathidrequired


Responses

HTTPCode

Description Schema

204 Tenant was deleted No Content

Tags

• Tenant

Security

Type Name Scopes


Update an existing tenant

PATCH /tenants/{id}

Parameters


Pathidrequired


BodytenantUpdateParamsoptional

New tenant details tenantUpdateParams

tenantUpdateParams


accountTypeoptional

Type of account. Valid values are "service provider" and"subscriber". The default is "subscriber".Default : "subscriber"Example : "subscriber"

string


billingAddress

103


companyNameoptional

Legal company name that will be screened.Length : 3 - 255Example : "Bombardier Aéronautique Inc."

string



string

nameoptional

Name of the tenant. The name must be globally unique.Must not contain commas.Length : 1 - 64Example : "Bombardier Aéronautique Inc."

string

parentoptional

Id of the Service Provider administrator creating thetenant.Example : "058d6c47-0a08-4bf6-84a1-f1194fba240a"

string (UUIDv4)


The number of services which can be created. At this time,the integer maximum value 2147483647 is used torepresent an unlimited value.Minimum value : 0Maximum value : 2147483647Example : 2

integer

billingAddress


cityoptional


string

countryrequired


string

stateoptional


string



string

zipoptional


string

Responses

104

HTTPCode

Description Schema

200 Tenant details Response 200


404 Tenant does not exist Response 404

Response 200




string

accountTypeoptional


string


billingAddress

companyNameoptional


string

createdAtoptional




string

hostnameoptional


string

idoptional


loginUrloptional


nameoptional


parentoptional


string (UUIDv4)



integer

spaceStatusoptional


string

updatedAtoptional


105

billingAddress


cityoptional


string

countryrequired


string

stateoptional


string



string

zipoptional


string

Response 400

Name Schema

erroroptional

string

exceptionoptional

string

messageoptional

string

pathoptional

string

statusoptional

integer (int32)

timestampoptional

string

Response 404

Name Schema

erroroptional

string

106

Name Schema

exceptionoptional

string

messageoptional

string

pathoptional

string

statusoptional

integer (int32)

timestampoptional

string

Tags

• Tenant

Security

Type Name Scopes


Get details for the specified tenant’s admin user

GET /tenants/{id}/admin

Parameters


Pathidrequired


Responses

HTTPCode

Description Schema

200 Admin user details Response 200



Response 200

107


emailoptional

Email address of the tenant admin. string

familyNameoptional

Last name of the tenant admin. string

givenNameoptional

First name of the tenant admin. string

phoneNumberoptional

Phone number of the tenant admin. string

Response 500

Name Schema

erroroptional

string

exceptionoptional

string

messageoptional

string

pathoptional

string

statusoptional

integer (int32)

timestampoptional

string

Tags

• Tenant

Security

Type Name Scopes


Reset the admin user’s password

PATCH /tenants/{id}/admin/reset

Parameters

108


Pathidrequired


Responses

HTTPCode

Description Schema

200 Admin user temporary password Response 200



Response 200


temporaryPasswordoptional

The temporary password set for tenant user specified string (password)

Response 500

Name Schema

erroroptional

string

exceptionoptional

string

messageoptional

string

pathoptional

string

statusoptional

integer (int32)

timestampoptional

string

Tags

• Tenant

Security

109

Type Name Scopes


Reset the admin user’s multi-factor token

POST /tenants/{id}/admin/resetMfaToken

Description

Reset the admin user’s multi-factor token for a given tenant id

Parameters


Pathidrequired


Responses

HTTPCode

Description Schema

200 The multi-factor token was successfully reset for the admin user No Content



Response 500

Name Schema

erroroptional

string

exceptionoptional

string

messageoptional

string

pathoptional

string

statusoptional

integer (int32)

timestampoptional

string

110

Tags

• Tenant

Security

Type Name Scopes


Get a list of tenant ids that are children of the given tenant

GET /tenants/{id}/children

Description

Returns a list of UUIDs that correspond to the direct children of the specified tenant.

Parameters


Pathidrequired


Responses

HTTPCode

Description Schema

200 UUIDs of the tenant’s child tenants< string (uuid) >array


Response default

Name Schema

erroroptional

string

exceptionoptional

string

messageoptional

string

pathoptional

string

111

Name Schema

statusoptional

integer (int32)

timestampoptional

string

Tags

• Tenant

Security

Type Name Scopes


Get hostname of the requested tenant id

GET /tenants/{id}/hostname

Description

Returns hostname of the specified tenant id.

Parameters


Pathidrequired


Responses

HTTPCode

Description Schema

200 Hostname of the tenant. string

404 Tenant does not exist. Response 404


Response 404

Name Schema

erroroptional

string

112

Name Schema

exceptionoptional

string

messageoptional

string

pathoptional

string

statusoptional

integer (int32)

timestampoptional

string

Response default

Name Schema

erroroptional

string

exceptionoptional

string

messageoptional

string

pathoptional

string

statusoptional

integer (int32)

timestampoptional

string

Tags

• Tenant

Security

Type Name Scopes

oauth2 OAuth2

dpod.tenant.spadmin, dpod.tenant.api_spadmin,dpod.tenant.admin, dpod.tenant.appowner,dpod.tenant.admin.unverified,dpod.tenant.spadmin.unverified,dpod.tenant.appowner.unverified

113

Get logo image for the targeted tenant

GET /tenants/{id}/logo

Description

Get the logo image linked to the targeted tenant identifier. If none exist or the current tenant is nota service Provider, the tenant’s parent logo is returned. When no logo can be found from the parentor the current tenant, a default logo is returned.

Parameters


Pathidrequired


Responses

HTTPCode

Description Schema

200 Logo image (PNG). string (binary)

403 Forbidden Response 403

404 Tenant has no logo No Content


Response 403

Name Schema

erroroptional

string

exceptionoptional

string

messageoptional

string

pathoptional

string

statusoptional

integer (int32)

timestampoptional

string

Response 500

114

Name Schema

erroroptional

string

exceptionoptional

string

messageoptional

string

pathoptional

string

statusoptional

integer (int32)

timestampoptional

string

Produces

• image/png


Tags

• Tenant

Security

Type Name Scopes


Set logo image

PUT /tenants/{id}/logo

Description

As an SP admin, set the tenant’s logo image.

Parameters


Pathidrequired


115


Bodyimagerequired

The PNG logo image. The image must be 512 KBmaximum and must be exactly 240x96 pixels insize.

string (binary)

Responses

HTTPCode

Description Schema

200 No content. No Content

400 Logo image was invalid. Response 400

Response 400

Name Schema

erroroptional

string

exceptionoptional

string

messageoptional

string

pathoptional

string

statusoptional

integer (int32)

timestampoptional

string

Consumes

• image/png

Tags

• Tenant

Security

Type Name Scopes


Get quota information for the requested tenant id

116

GET /tenants/{id}/quotas

Description

Returns the quota information of the specified tenant id.

Parameters


Pathidrequired


Responses

HTTPCode

Description Schema

200 Quota information of the tenant. Response 200

404 Tenant does not exist. Response 404


Response 200


contentoptional

The array of tenant quotas. < content > array

content


quotaoptional

The number of services which can be created. At this time,the integer maximum value 2147483647 is used torepresent an unlimited value.Minimum value : 0Maximum value : 2147483647

integer (int)

servicePlanoptional

Name of the service plan.Length : 1 - 255Example : "single_hsm"

string

Response 404

Name Schema

erroroptional

string

117

Name Schema

exceptionoptional

string

messageoptional

string

pathoptional

string

statusoptional

integer (int32)

timestampoptional

string

Response default

Name Schema

erroroptional

string

exceptionoptional

string

messageoptional

string

pathoptional

string

statusoptional

integer (int32)

timestampoptional

string

Tags

• Tenant

Security

Type Name Scopes


Marketplace API

List all the tiles available to a tenant

118

GET /tiles

Description

Lists the tiles available to the current user, or to the tenant specified in the query parameter.

Parameters

Type Name Description Schema Default

Querypageoptional

Page number to retrieve. If the size isspecified and the page number is not, thepage number is set to 0.

integer

Queryprovisionableoptional

When set to true, the api returns a list ofthe provisionable tiles only (tiles without aredirection url to 3rd party partner sites).The value is set to false by default resultingin the api returning all the tiles available tothe specified tenant id.

boolean "false"

Querysizeoptional

Number of results per page. If the pagenumber is specified and the page size isnot, the page size is set to 20.

integer


ID of the tenant to query for tileavailability. Service provideradministrators can use this parameter toquery the tiles of their child tenants. Otherusers should not use this parameter; if theydo, they must set it to their own tenant’s ID.

string (uuid)

Responses

HTTPCode

Description Schema

200 An array of available tiles. Response 200

400The current user is not allowed to search by tenant, the specifiedpage number is less than zero, or the specified page size is less than1.

No Content

403The current user does not have access to the specified tenant’s tilelist.

No Content


Response 200

119


contentoptional


numberrequired


sizerequired




totalPagesrequired


content


categoryNamerequired

The tile category.Length : 1 - 255

string

descriptionrequired

A text description of the type of service that can be createdwith this tile.

string

enabledrequired

If a tile is enabled, a user can create a service with it, or atenant administrator can enable/disable the tile for theirsubtenants.Default : false

boolean

helpUrloptional

The URL of the online help documentation.Length : 1 - 1024

string (uri)

idrequiredread-only

A unique UUID associated with this tile. string (uuid)

imageUrloptional

The URL of the tile logo.Length : 1 - 1024

string (uri)

namerequired

The UI displayed name of this tile. Typically this will be thename of the service type it represents.

string

redirectionUrloptional

The base URL of the 3rd party partner tile.Length : 1 - 1024

string (uri)

serviceBrokerAuthSchemeoptional

object

120


serviceBrokerServiceNameoptional

A CLI-friendly name of the targeted service inside theservice broker’s catalog. MUST only contain alphanumericcharacters, periods, and hyphens (no spaces). MUST beunique. This value is present only for tiles linked to aservice broker. This field is required when theserviceBrokerUrl is defined.Length : 1 - 255

string

serviceBrokerUrloptional

The URL of the service broker managing the targetedservice defined in 'serviceBrokerServiceName'. Empty if thetile does not use a service broker and use pre existing DPODservices. This field is required when theserviceBrokerServiceName is defined.Length : 1 - 1024

string

shortCoderequiredread-only

A tile can be identified by its ID or by this user friendlyshort text. This short code can be used while calling theDPoD platform to perform operations on the tile such asservice provisioning. Note if the tile’s id is provided, it willhave priority on the shortcode. Example of values for thepre-existing services: * key_vault - Key Vault *pki_private_key_protection - PKI Private Key Protection *digital_signing - Digital Signing * oracle_tde_database -Oracle TDE Database * salesforce_key_broker - SalesforceKey Broker * hyperledger - Hyperledger A short code is notlimited to this list, any new tiles created later on can haveanother simple and unique tile identifier.

string

Response default


detailoptional


string

instanceoptional


string (uri)

statusoptional


integer (int32)

titleoptional


string

121


typeoptional


string (uri)

Tags

• tiles

Security

Type Name Scopes

oauth2 OAuth2dpod.tenant.spadmin, dpod.tenant.api_spadmin,dpod.tenant.admin, dpod.tenant.appowner,dpod.tenant.api_appowner

Get details about a specific tile

GET /tiles/{id}

Description

Returns detailed information about a specific tile. The tile must be assigned to the tenant that thecaller belongs to.

Parameters

Type Name Description Schema Default

Pathidrequired

The ID of the tile to retrieve. string (uuid)

Queryprovisionableoptional

When set to true, the api returns a list ofthe provisionable tiles only (tiles without aredirection url to 3rd party partner sites).The value is set to false by default resultingin the api returning all the tiles available tothe specified tenant id.

boolean "false"

Responses

HTTPCode

Description Schema

200 Information about a valid tile. Response 200

122

HTTPCode

Description Schema

403 The specified tile cannot be accessed by this user. Response 403

404 The specified tile does not exist. Response 404


Response 200




string

descriptionrequired


string

enabledrequired


boolean

helpUrloptional


string (uri)

idrequiredread-only


imageUrloptional


string (uri)

namerequired


string



string (uri)


object



string

123




string



string

Response 403


detailoptional


string

instanceoptional


string (uri)

statusoptional


integer (int32)

titleoptional


string

typeoptional


string (uri)

Response 404

124


detailoptional


string

instanceoptional


string (uri)

statusoptional


integer (int32)

titleoptional


string

typeoptional


string (uri)

Response default


detailoptional


string

instanceoptional


string (uri)

statusoptional


integer (int32)

titleoptional


string

125


typeoptional


string (uri)

Tags

• tiles

Security

Type Name Scopes


Updates the content of a tile

PATCH /tiles/{id}

Description

Used to enable or disable a tile. Supports the JSON Patch format (RFC6902), but currently limitedonly to setting the "enabled" field. Tenant Administrators can set or unset the "enabled" field,Service Provider Administrators can only set it. Any attempt to change fields other than "enabled"will result in an error.

Parameters


Pathidrequired

The ID of the tile to retrieve. string (uuid)

BodypatchRequestoptional

An RFC6902-formatted JSON patch request.Example: { "op": "replace", "path": "/enabled","value": true }.

< patchRequest >array

patchRequest


fromoptional

A string containing a JSON Pointer value. string

oprequired

The operation to be performedenum (add, remove,replace, move, copy,test)

126


pathrequired

A JSON-Pointer string

valueoptional

The value to be used within the operations. object

Responses

HTTPCode

Description Schema

200 The new version of the tile as stored on the server. Response 200

400The PATCH request is badly formatted or targetting fields that arenot allowed to be modified. This includes requests that conform toRFC6902 but cannot be handled by the server.

Response 400

403 The specified tile cannot be modified by this user. Response 403



Response 200




string

descriptionrequired


string

enabledrequired


boolean

helpUrloptional


string (uri)

idrequiredread-only


imageUrloptional


string (uri)

namerequired


string



string (uri)

127



object



string



string



string

Response 400


detailoptional


string

instanceoptional


string (uri)

statusoptional


integer (int32)

128


titleoptional


string

typeoptional


string (uri)

Response 403


detailoptional


string

instanceoptional


string (uri)

statusoptional


integer (int32)

titleoptional


string

typeoptional


string (uri)

Response 404


detailoptional


string

instanceoptional


string (uri)

129


statusoptional


integer (int32)

titleoptional


string

typeoptional


string (uri)

Response default


detailoptional


string

instanceoptional


string (uri)

statusoptional


integer (int32)

titleoptional


string

typeoptional


string (uri)

Consumes

• application/json-patch+json

130

Tags

• tiles

Security

Type Name Scopes

oauth2 OAuth2dpod.tenant.spadmin, dpod.tenant.api_spadmin,dpod.tenant.admin

Get plans for the specified tile.

GET /tiles/{id}/plans

Description

Returns plans for the specified tile.

Parameters


Pathidrequired

The ID of the tile whose plans should beretrieved.

string (uuid)

Responses

HTTPCode

Description Schema

200 Plans of the specified service.< Response 200 >array

403 The specified tile cannot be accessed by this user. Response 403



Response 200

Name Schema

descriptionrequired

string

idrequired

string

namerequired

string

131

Name Schema

schemasoptional

schemas

schemas

Name Schema

service_bindingoptional

service_binding

service_instanceoptional

service_instance

service_binding

Name Schema

createoptional

create

create

Name Schema

parametersoptional

object

service_instance

Name Schema

createoptional

create

updateoptional

update

create

Name Schema

parametersoptional

object

update

Name Schema

parametersoptional

object

132

Response 403


detailoptional


string

instanceoptional


string (uri)

statusoptional


integer (int32)

titleoptional


string

typeoptional


string (uri)

Response 404


detailoptional


string

instanceoptional


string (uri)

statusoptional


integer (int32)

titleoptional


string

133


typeoptional


string (uri)

Response default


detailoptional


string

instanceoptional


string (uri)

statusoptional


integer (int32)

titleoptional


string

typeoptional


string (uri)

Tags

• tiles

Security

Type Name Scopes


User API

134

Create a User

POST /users

Description

Creates a user in the specified tenant space. The user must be verified using the link provided in theemail.

Parameters


BodyuserCreateParamsrequired

Details of the user to create userCreateParams

userCreateParams


accountRolerequired

Type of user’s account.enum (spadmin,admin, user)

emailHintsrequired

Indicates the metadata to be used for the email sent to theend user.

< string, string > map

familyNamerequired

Last name of the tenant user.Length : 1 - 255

string

givenNamerequired

First name of the tenant user.Length : 1 - 255

string

passwordrequired

Tenant user’s password.Length : 10 - 255

string

phoneNumberoptional

List of phone numbers corresponding to the tenant user. < string > array

rootAdminoptional

Specifies whether user is root admin. Only one root adminexists per Tenant or Service Provider.Default : false

boolean


The subscriber groups to which the tenant user belongs.< string (uuid) >array

tenantIdoptional

The ID of the tenant for this user. Default to caller’s tenantif not provided.

string (uuid)

usernamerequired

Tenant user’s username as an email.Length : 1 - 254

string (email)

135

Responses

HTTPCode

Description Schema

201 New User Response 201

Response 201


accountRoleoptional


createdAtoptional


createdByoptional

user id of the admin who created the user string (uuid)

createdByUsernameoptional

username of the admin who created the user string

emailVerificationSentoptional

True if the email verification has been sent to the userDefault : false

boolean

familyNameoptional

Last name of the tenant user. string

givenNameoptional

First name of the tenant user. string

idoptional


phoneNumberoptional


rootAdminoptional


boolean


The subscriber groups to which the tenant user belongs. < string > array

updatedAtoptional


usernameoptional

Tenant user’s username. string

verifiedoptional

True if the user’s email address has been verifiedDefault : true

boolean

136

Consumes


Produces


Tags

• Users

Security

Type Name Scopes



Response 201

id: c9b4c3b3-6d55-4941-8208-debe05f7a728,createdAt: 2017-05-22T01:08:40.000Z,updatedAt: 2017-06-06 10:34:10.578Z,givenName: john,familyName: dursley,phoneNumber: ["+18881234444"],username: [email protected],rootAdmin: false,accountRole: user,subscriberGroups: [ 0e35a9d4-c99c-4daa-9aaa-ada560150088 ],createdByUsername: [email protected],createdBy: 640bf631-42e2-400b-8669-527105dac765,emailVerificationSent: true,verified: true

List users

GET /users

Description

Lists the users in the current Tenant or Service Provider.

Parameters

137


Querypageoptional


Querysizeoptional


Responses

HTTPCode

Description Schema

200 A list of users Response 200


Response 200


contentoptional

The array of tenant users and admins. < object > array

numberrequired


sizerequired




totalPagesrequired


Response default

Name Schema

erroroptional

string

exceptionoptional

string

messageoptional

string

pathoptional

string

statusoptional

integer (int32)

138

Name Schema

timestampoptional

string

traceidoptional

string

Produces


Tags

• Users

Security

Type Name Scopes


Change the current user old password for a new one, both being provided

PATCH /users/changePassword

Description

Change the password of the user with the specified id

Parameters


BodychangePasswordParamsrequired

Change Password DetailschangePasswordParams

changePasswordParams


newPasswordrequired

New User PasswordLength : 10 - 255

string

oldPasswordrequired

Old User PasswordLength : 10 - 255

string

139

Responses

HTTPCode

Description Schema

200 UserDetails Response 200


404 User does not exist Response 404

Response 200


accountRoleoptional


createdAtoptional


createdByoptional






boolean

familyNameoptional


givenNameoptional


idoptional


phoneNumberoptional


rootAdminoptional


boolean



updatedAtoptional


usernameoptional


140


verifiedoptional


boolean

Response 400

Name Schema

erroroptional

string

exceptionoptional

string

messageoptional

string

pathoptional

string

statusoptional

integer (int32)

timestampoptional

string

traceidoptional

string

Response 404

Name Schema

erroroptional

string

exceptionoptional

string

messageoptional

string

pathoptional

string

statusoptional

integer (int32)

timestampoptional

string

traceidoptional

string

141

Tags

• Users

Security

Type Name Scopes

oauth2 OAuth2

dpod.tenant.appowner, dpod.tenant.spadmin,dpod.tenant.admin, dpod.tenant.admin.unverified,dpod.tenant.spadmin.unverified,dpod.tenant.appowner.unverified


Response 200


Allows an anonymous user to request a forgotten password email.

POST /users/forgotPassword

Description

Given the provided email exists, the backend will send an email to the end user allowing him toreset his password.

Parameters


BodyforgotPasswordRequestrequired

Body request of the forgot password APIcontaining the email to be used for resetting thepassword.

forgotPasswordRequest

142

forgotPasswordRequest


emailrequired

Contact email for the user.Minimum length : 1

string (email)

Responses

HTTPCode

Description Schema

204The request has been accepted for processing, if this email exists inour system, you will receive an email.

No Content


Response 400

Name Schema

erroroptional

string

exceptionoptional

string

messageoptional

string

pathoptional

string

statusoptional

integer (int32)

timestampoptional

string

traceidoptional

string

Tags

• Users

Security

Type Name

oauth2 OAuth2

143

Get the details of the user specified in the JWT sent with this request

GET /users/profile

Responses

HTTPCode

Description Schema

200 User Details Response 200

404 User does not exist No Content

Response 200


accountRoleoptional


createdAtoptional


createdByoptional






boolean

familyNameoptional


givenNameoptional


idoptional


phoneNumberoptional


rootAdminoptional


boolean



144


updatedAtoptional


usernameoptional


verifiedoptional


boolean

Tags

• Users

Security

Type Name Scopes

oauth2 OAuth2dpod.tenant.admin, dpod.tenant.appowner,dpod.tenant.spadmin


Response 200


Get details for the specified user

GET /users/{id}

Parameters

145


Pathidrequired


Responses

HTTPCode

Description Schema

200 User details Response 200

404 User does not exist No Content

Response 200


accountRoleoptional


createdAtoptional


createdByoptional






boolean

familyNameoptional


givenNameoptional


idoptional


phoneNumberoptional


rootAdminoptional


boolean



146


updatedAtoptional


usernameoptional


verifiedoptional


boolean

Tags

• Users

Security

Type Name Scopes



Response 200


Delete a User

DELETE /users/{id}

Description

Delete a user in the specified tenant space

147

Parameters


Pathidrequired


Responses

HTTPCode

Description Schema

204 Deleted the user No Content

Tags

• Users

Security

Type Name Scopes


Edit User’s Details

PATCH /users/{id}

Description

Edit the details of the user with the specified id

Parameters


Pathidrequired


BodyeditUserParamsrequired

Edit User Details editUserParams

editUserParams


familyNameoptional

Last name of the tenant user.Length : 1 - 255

string

148


givenNameoptional

First name of the tenant user.Length : 1 - 255

string

phoneNumberoptional


Responses

HTTPCode

Description Schema

200 UserDetails Response 200



Response 200


accountRoleoptional


createdAtoptional


createdByoptional






boolean

familyNameoptional


givenNameoptional


idoptional


phoneNumberoptional


rootAdminoptional


boolean

149




updatedAtoptional


usernameoptional


verifiedoptional


boolean

Response 400

Name Schema

erroroptional

string

exceptionoptional

string

messageoptional

string

pathoptional

string

statusoptional

integer (int32)

timestampoptional

string

traceidoptional

string

Response 404

Name Schema

erroroptional

string

exceptionoptional

string

messageoptional

string

pathoptional

string

150

Name Schema

statusoptional

integer (int32)

timestampoptional

string

traceidoptional

string

Tags

• Users

Security

Type Name Scopes



Response 200


Change the current user password to the password provided, provided aforgot password request was done first

POST /users/{id}/password

Description

Change the password of the user to the password provided in the request.

151

Parameters


Pathidrequired


BodyresetPasswordParamsrequired

Reset Password DetailsresetPasswordParams

resetPasswordParams


coderequired

Verification code received in the emailLength : 1 - 64

string

passwordrequired

New User PasswordLength : 10 - 255

string

Responses

HTTPCode

Description Schema

201 Reset the user password successfully No Content



Response 400

Name Schema

erroroptional

string

exceptionoptional

string

messageoptional

string

pathoptional

string

statusoptional

integer (int32)

timestampoptional

string

traceidoptional

string

152

Response 404

Name Schema

erroroptional

string

exceptionoptional

string

messageoptional

string

pathoptional

string

statusoptional

integer (int32)

timestampoptional

string

traceidoptional

string

Tags

• Users

Security

Type Name

oauth2 OAuth2

Reset a User’s multi-factor token for yourself or for a user you can manage

POST /users/{id}/resetMfaToken

Description

Reset the multi-factor token for the user with the specified id.

Parameters


Pathidrequired



The tenant id string (uuid)

153

Responses

HTTPCode

Description Schema

200The multi-factor token was successfully reset for the tenant userspecified

No Content



Response 400

Name Schema

erroroptional

string

exceptionoptional

string

messageoptional

string

pathoptional

string

statusoptional

integer (int32)

timestampoptional

string

traceidoptional

string

Response 404

Name Schema

erroroptional

string

exceptionoptional

string

messageoptional

string

pathoptional

string

statusoptional

integer (int32)

154

Name Schema

timestampoptional

string

traceidoptional

string

Tags

• Users

Security

Type Name Scopes

oauth2 OAuth2

dpod.tenant.spadmin, dpod.tenant.api_spadmin,dpod.tenant.admin, dpod.tenant.appowner,dpod.tenant.admin.unverified,dpod.tenant.spadmin.unverified,dpod.tenant.appowner.unverified

Reset another user password

PATCH /users/{id}/resetPassword

Description

Reset the password of the user with the specified id, getting a temporary one.

Parameters


Pathidrequired



The tenant id string (uuid)

Responses

HTTPCode

Description Schema

200 The temporary password set for tenant user specified Response 200



155

Response 200


temporaryPasswordoptional

The temporary password set for tenant user specified string

Response 400

Name Schema

erroroptional

string

exceptionoptional

string

messageoptional

string

pathoptional

string

statusoptional

integer (int32)

timestampoptional

string

traceidoptional

string

Response 404

Name Schema

erroroptional

string

exceptionoptional

string

messageoptional

string

pathoptional

string

statusoptional

integer (int32)

timestampoptional

string

traceidoptional

string

156

Tags

• Users

Security

Type Name Scopes


Send the email to verify user’s email address

POST /users/{id}/sendVerification

Description

Allow to resend the verification code by email.

Parameters


Pathidrequired


Responses

HTTPCode

Description Schema

204 Email sent No Content

404 The given user does not exist. Response 404

409 User is already verified. Response 409

Response 404

Name Schema

erroroptional

string

exceptionoptional

string

messageoptional

string

pathoptional

string

157

Name Schema

statusoptional

integer (int32)

timestampoptional

string

traceidoptional

string

Response 409

Name Schema

erroroptional

string

exceptionoptional

string

messageoptional

string

pathoptional

string

statusoptional

integer (int32)

timestampoptional

string

traceidoptional

string

Tags

• Users

Security

Type Name Scopes

oauth2 OAuth2dpod.tenant.admin.unverified,dpod.tenant.spadmin.unverified,dpod.tenant.appowner.unverified

Verify the user’s email address

GET /users/{id}/verify

158

Description

Verify the user’s email address by giving the code received in the user’s email account.

Parameters


Pathidrequired


Querycoderequired

The one time password to validate a user’s emailaddress.

string

Responses

HTTPCode

Description Schema

204 User is verified No Content

400 The given code does not exist or is expired Response 400

404 The given user does not exist. Response 404

409 User is already verified Response 409

Response 400

Name Schema

erroroptional

string

exceptionoptional

string

messageoptional

string

pathoptional

string

statusoptional

integer (int32)

timestampoptional

string

traceidoptional

string

Response 404

159

Name Schema

erroroptional

string

exceptionoptional

string

messageoptional

string

pathoptional

string

statusoptional

integer (int32)

timestampoptional

string

traceidoptional

string

Response 409

Name Schema

erroroptional

string

exceptionoptional

string

messageoptional

string

pathoptional

string

statusoptional

integer (int32)

timestampoptional

string

traceidoptional

string

Tags

• Users

160

data protection on demand (dpod) apiversion: 1.15.0 uri scheme basepath: /v1 schemes: https consumes...

Documents