Identity and Access Management — API Reference
Manage identities of your Users, set password policies, and configure other access controls
70 endpoints across 6 tags.
Settings
GET /business-profile-service/organizations/business-profiles — Get universal list of organization workspaces
Retrieve a list of worspaces in the organization in context of the current user.
API consumer: Synerise User
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
page | query | integer | optional | Page to retrieve |
limit | query | integer | optional | Limit of items per page |
businessProfileGroupId | query | string | optional | Workspace group to filter by. |
sortBy | query | enum<"NAME:ASC", "NAME:DESC", "CREATED:ASC", "CREATED:DESC"> | optional | |
search | query | string | optional |
Responses
| Status | Description |
|---|---|
200 application/json | OK |
Example request (cURL)
curl --request GET \
--url 'https://api.synerise.com/business-profile-service/organizations/business-profiles?page=SOME_INTEGER_VALUE&limit=SOME_INTEGER_VALUE&businessProfileGroupId=SOME_STRING_VALUE&sortBy=SOME_STRING_VALUE&search=SOME_STRING_VALUE'GET /sauth/settings/ban — Get ban settings
/api-reference/identity-and-access-management#tag/Settings/operation/getBanSettingsUsingGET
Retrieve the configuration of applying bans after a number of failed logins.
API consumer: Synerise User
User role permission required: settings_customers_iam_locking_policy: read
Responses
| Status | Description |
|---|---|
200 application/json | Current settings |
401 application/json | JWT missing, expired, or invalid |
403 application/json | Insufficient permissions or wrong JWT scope (for example, profile token where a workspace token was required) |
404 | Not Found |
Example request (cURL)
curl --request GET \
--url https://api.synerise.com/sauth/settings/ban \
--header 'Authorization: Bearer REPLACE_BEARER_TOKEN'POST /sauth/settings/ban — Update ban settings
/api-reference/identity-and-access-management#tag/Settings/operation/updateBanSettingsUsingPOST
Update the configuration of applying bans after a number of failed logins.
API consumer: Synerise User
User role permission required: settings_customers_iam_locking_policy: update
Request body (required)
application/json · sauth-BanSettingsPayload
| Field | Type | Required | Description |
|---|---|---|---|
blockingForClientEnabled | boolean | optional | When TRUE, first- and second-level bans are enabled. Permanent bans are always enabled. |
firstBanCollectingTime | integer | optional | Time in seconds. If a Profile fails to log in too many times during this time, the account is banned. The number of login attempts is defined in firstBanThreshold and the duration is defined in firstBanDuration.
Note: The timer starts at the first login attempt and is common for first-level, second-level, and permanent bans.
|
firstBanDuration | integer | optional | Duration of the first-level ban in seconds. The first-level ban is applied to a Profile's identifier and cancelled after a successful password reset. |
firstBanThreshold | integer | optional | The number of failed login attempts before the first-level ban is applied. |
secondBanCollectingTime | integer | optional | Time in seconds. If a Profile fails to log in too many times during this time, the account is banned. The number of login attempts is defined in secondBanThreshold and the duration is defined in secondBanDuration.
Note: The timer starts at the first login attempt and is common for first-level, second-level, and permanent bans.
|
secondBanDuration | integer | optional | Duration of the second-level ban in seconds. The second-level ban is applied to a Profile's identifier and cancelled after a successful password reset. |
secondBanThreshold | integer | optional | The number of failed login attempts before the second-level ban is applied. |
permanentBanCollectingTime | integer | optional | Time in seconds. If a Profile fails to log in too many times during this time, the account is banned. The number of login attempts is defined in permanentBanThreshold and the duration is defined in permanentBanDuration.
Note: The timer starts at the first login attempt and is common for first-level, second-level, and permanent bans.
|
permanentBanDuration | integer | optional | Duration of the permanent ban in seconds. The permanent ban is applied to an IP address and cancelled after a successful password reset. |
permanentBanThreshold | integer | optional | The number of failed login attempts before the permanent ban is applied. |
Responses
| Status | Description |
|---|---|
200 application/json | Current settings |
401 application/json | JWT missing, expired, or invalid |
403 application/json | Insufficient permissions or wrong JWT scope (for example, profile token where a workspace token was required) |
404 | Not Found |
Example request (cURL)
curl --request POST \
--url https://api.synerise.com/sauth/settings/ban \
--header 'Authorization: Bearer REPLACE_BEARER_TOKEN' \
--header 'content-type: application/json' \
--data '{"blockingForClientEnabled":true,"firstBanCollectingTime":0,"firstBanDuration":0,"firstBanThreshold":0,"secondBanCollectingTime":0,"secondBanDuration":0,"secondBanThreshold":0,"permanentBanCollectingTime":0,"permanentBanDuration":0,"permanentBanThreshold":0}'GET /sauth/settings/templates — Get email template settings
/api-reference/identity-and-access-management#tag/Settings/operation/getTemplateSettingsUsingGET
Get settings for email templates.
API consumer: Synerise User
User role permission required: settings_customers_iam_account_confirmation: read
Responses
| Status | Description |
|---|---|
200 application/json | Current settings |
401 | Unauthorized |
403 | Forbidden |
404 | Not Found |
Example request (cURL)
curl --request GET \
--url https://api.synerise.com/sauth/settings/templates \
--header 'Authorization: Bearer REPLACE_BEARER_TOKEN'POST /sauth/settings/templates — Update email template settings
/api-reference/identity-and-access-management#tag/Settings/operation/updateTemplateSettingsUsingPOST
Update email template settings. Omitted settings are reset to null!
API consumer: Synerise User
User role permission required: settings_customers_iam_account_confirmation: update
Request body (required)
application/json · sauth-TemplateSettingsData
| Field | Type | Required | Description |
|---|---|---|---|
clientEmailChangeRequestMailSubject | string | optional | Subject of the email change confirmation email. This is sent to the new address. |
clientEmailChangeRequestMailBody | string | optional | HTML body of the email change confirmation email. All " characters must be escaped and all the code must be a single line. This is sent to the new address.
|
clientEmailChangeRequestMailTemplateId | string | optional | ID of the email change confirmation email body template. This email is sent to the new address. If you use a template, it overrides the content sent in clientEmailChangeRequestMailBody.
|
clientEmailChangeNotificationMailSubject | string | optional | Subject of the email change notification email. This is sent to the current address. |
clientEmailChangeNotificationMailBody | string | optional | HTML body of the email change notification email. All " characters must be escaped and all the code must be a single line. This is sent to the current address.
|
clientEmailChangeNotificationMailTemplateId | string | optional | ID of the email change notification email template. This email is sent to the current address. If you use a template, it overrides the content sent in clientEmailChangeNotificationMailBody.
|
Responses
| Status | Description |
|---|---|
200 application/json | Current settings |
401 | Unauthorized |
403 | Forbidden |
404 | Not Found |
Example request (cURL)
curl --request POST \
--url https://api.synerise.com/sauth/settings/templates \
--header 'Authorization: Bearer REPLACE_BEARER_TOKEN' \
--header 'content-type: application/json' \
--data '{"clientEmailChangeRequestMailSubject":"string","clientEmailChangeRequestMailBody":"string","clientEmailChangeRequestMailTemplateId":"string","clientEmailChangeNotificationMailSubject":"string","clientEmailChangeNotificationMailBody":"string","clientEmailChangeNotificationMailTemplateId":"string"}'GET /sauth/settings/device-control — Get device authorization settings
Retrieve the settings related to authorization of logins from unknown devices.
API consumer: Synerise User
User role permission required: settings_customers_iam_locking_policy: read
Responses
| Status | Description |
|---|---|
200 application/json | Current settings |
401 application/json | JWT missing, expired, or invalid |
403 application/json | Insufficient permissions or wrong JWT scope (for example, profile token where a workspace token was required) |
404 | Not Found |
Example request (cURL)
curl --request GET \
--url https://api.synerise.com/sauth/settings/device-control \
--header 'Authorization: Bearer REPLACE_BEARER_TOKEN'POST /sauth/settings/device-control — Update device authorization settings
/api-reference/identity-and-access-management#tag/Settings/operation/updateDeviceSettingsUsingPOST
Update the settings related to authorization of logins from unknown devices.
API consumer: Synerise User
User role permission required: settings_customers_iam_locking_policy: update
Request body (required)
application/json · sauth-DeviceControlSettingsPayload
| Field | Type | Required | Description |
|---|---|---|---|
deviceControlMode | enum<"OFF", "SOFT", "HARD", "CONDITIONAL_BASED_ON_LOCATION"> | optional | Defines the type of device authorization. OFF: No device authorization. SOFT: The Profile is notified about logins from a new device, but the access is not blocked. HARD: Login attempts from the new device are blocked until the Profile authorizes the device with the link or token received by email. CONDITIONAL_BASED_ON_LOCATION: If a Profile logs in from a new device in Poland, they receive a notification (same as with SOFT setting). If the new device is outside of Poland, it must be authorized with a link or token received by email (same as with HARD setting). Other countries will be supported in the future. |
hardMailBody | string | optional | HTML body of the device authorization email for hard mode. All " characters must be escaped and all the code must be a single line.
|
hardMailTitle | string | optional | Subject of the device authorization email for hard mode. |
hardTemplateId | string | optional | ID of the device authorization email template for hard mode. If you use a template, it overrides the content sent in hardMailBody.
|
softMailBody | string | optional | HTML body of the device authorization email for soft mode. All " characters must be escaped and all the code must be a single line.
|
softMailTitle | string | optional | Subject of the device authorization email for soft mode. |
softTemplateId | string | optional | ID of the device authorization email template for soft mode. If you use a template, it overrides the content sent in softMailBody.
|
deviceUnlockSuccessRedirectUrl | string | optional | |
deviceUnlockAlreadyConfirmedRedirectUrl | string | optional |
Responses
| Status | Description |
|---|---|
200 application/json | Current settings |
401 application/json | JWT missing, expired, or invalid |
403 application/json | Insufficient permissions or wrong JWT scope (for example, profile token where a workspace token was required) |
404 | Not Found |
Example request (cURL)
curl --request POST \
--url https://api.synerise.com/sauth/settings/device-control \
--header 'Authorization: Bearer REPLACE_BEARER_TOKEN' \
--header 'content-type: application/json' \
--data '{"deviceControlMode":"OFF","hardMailBody":"string","hardMailTitle":"string","hardTemplateId":"string","softMailBody":"string","softMailTitle":"string","softTemplateId":"string","deviceUnlockSuccessRedirectUrl":"string","deviceUnlockAlreadyConfirmedRedirectUrl":"string"}'GET /sauth/settings/general — Get general settings
/api-reference/identity-and-access-management#tag/Settings/operation/getGeneralConfigUsingGET
Retrieve the general settings of the workspace.
API consumer: Synerise User
User role permission required: settings_customers_iam_account_confirmation: read
Responses
| Status | Description |
|---|---|
200 application/json | Current settings |
401 | Unauthorized |
403 | Forbidden |
404 | Not Found |
Example request (cURL)
curl --request GET \
--url https://api.synerise.com/sauth/settings/general \
--header 'Authorization: Bearer REPLACE_BEARER_TOKEN'POST /sauth/settings/general — Update general settings
/api-reference/identity-and-access-management#tag/Settings/operation/updateGeneralSettingsUsingPOST
Update general settings. Settings omitted in the request are reset to default!.
API consumer: Synerise User
User role permission required: settings_customers_iam_account_confirmation: update
Request body (required)
application/json · sauth-GeneralSettingsData
| Field | Type | Required | Description |
|---|---|---|---|
tokenLifetimeInSeconds | integer | required | The time in seconds before the authorization tokens expire. If set to 0 (default), the global Synerise setting is applied: 60 minutes.
|
voucherPoolUuid | string | optional | UUID of the voucher pool that stores customId values available for assignment to new Profiles, if applicable in your implementation.
|
allowOverwriteCustomIdentify | boolean | optional | When set to TRUE, customers' customId values may be modified. By default, the customId cannot be changed.
|
allowOverwriteExternalId | boolean | optional | When set to TRUE, a profile's externalId value may be modified.
This may be useful, for example, if someone deletes their account with an external authentication provider, and then registers a new account with the same email.
The external provider assigns a new ID and you need to allow overwriting the existing external ID in Synerise in order to link the existing profile in Synerise with the newly created account from the external provider.
|
allowEmailChangeFromWebForm | boolean | optional | When set to TRUE, email change can be requested/confirmed using a web form. |
allowToPassCustomIdentifyWithVoucherPool | boolean | optional | When set to TRUE, customId can be provided even if voucher pool is configured. In this case voucher will not be assigned.
|
Responses
| Status | Description |
|---|---|
200 application/json | New settings |
401 | Unauthorized |
403 | Forbidden |
404 | Not Found |
Example request (cURL)
curl --request POST \
--url https://api.synerise.com/sauth/settings/general \
--header 'Authorization: Bearer REPLACE_BEARER_TOKEN' \
--header 'content-type: application/json' \
--data '{"tokenLifetimeInSeconds":0,"voucherPoolUuid":null,"allowOverwriteCustomIdentify":false,"allowOverwriteExternalId":false,"allowEmailChangeFromWebForm":false,"allowToPassCustomIdentifyWithVoucherPool":false}'GET /sauth/settings/oauth — Get OAuth settings
/api-reference/identity-and-access-management#tag/Settings/operation/getOauthSettingsUsingGET
Retrieve OAuth authentication settings
API consumer: Synerise User
User role permission required: settings_customers_iam_oauth: read
Responses
| Status | Description |
|---|---|
200 application/json | Current settings |
401 application/json | JWT missing, expired, or invalid |
403 application/json | Insufficient permissions or wrong JWT scope (for example, profile token where a workspace token was required) |
404 | Not Found |
Example request (cURL)
curl --request GET \
--url https://api.synerise.com/sauth/settings/oauth \
--header 'Authorization: Bearer REPLACE_BEARER_TOKEN'POST /sauth/settings/oauth — Update OAuth settings
/api-reference/identity-and-access-management#tag/Settings/operation/updateOatuhSettingsUsingPOST
Update OAuth authentication settings
API consumer: Synerise User
User role permission required: settings_customers_iam_oauth: update
Request body (required)
application/json · sauth-OauthSettingsRequest
| Field | Type | Required | Description |
|---|---|---|---|
enabled | boolean | optional | |
mode | enum<"JWT_TOKEN", "SERVER"> | optional | The mode of authentication: SERVER: Your OAuth server returns a token to the client device; the client device passes it to the Synerise backend; Synerise backend verifies the token with your OAuth backend JWT_TOKEN: Your OAuth server returns a JWT to the client device; the client device passes it to the Synerise backend; the Synerise backends verifies it with the provided JWK. This mode requires fewer resources from your backend. |
name | string | optional | Name of the integration |
endpoint | string | optional | URL of the OAuth authorization endpoint when the SERVER mode is selected.If you want to pass the token from your backend in the URL, use the {{_snrs_access_token}} insert.
|
headers | object | optional | 'Headers for the authorization request when SERVER mode is selected. For example, "X-Custom-Header": "someValue"If you want to pass the token from your backend in a header, use the {{_snrs_access_token}} insert'
|
mapping | object | optional | A mapping of fields from the Synerise endpoint to your OAuth endpoint. For example, if your field is called token and its counterpart in Synerise is accessToken, the mapping is "accessToken": "token"
|
mappedExternal | boolean | optional | If set to FALSE, the authentication request must include the customer's customId in the body.
|
syncDataOnLogin | boolean | optional | When set to TRUE, profile data from an external authentication provider is uploaded into the Synerise database every time the profile logs in. When FALSE, the data is saved only the first time a profile logs in, so that the amount of data is reduced in later authentication requests. |
jwkEndpoint | string | optional | URL of the JWK when the JWT_TOKEN mode is selected.If you want to pass the token from your backend in the URL, use the {{_snrs_access_token}} insert.
|
validation | object | optional | A validation mapping of fields from jwt token. |
Responses
| Status | Description |
|---|---|
200 application/json | Current settings |
401 application/json | JWT missing, expired, or invalid |
403 application/json | Insufficient permissions or wrong JWT scope (for example, profile token where a workspace token was required) |
404 | Not Found |
Example request (cURL)
curl --request POST \
--url https://api.synerise.com/sauth/settings/oauth \
--header 'Authorization: Bearer REPLACE_BEARER_TOKEN' \
--header 'content-type: application/json' \
--data '{"enabled":true,"mode":"JWT_TOKEN","name":"string","endpoint":"string","headers":{"Content-Type":"application/json","Authorization":"Bearer {{_snrs_access_token}}","Cache-control":"no-cache"},"mapping":{"property1":"string","property2":"string"},"mappedExternal":true,"syncDataOnLogin":false}'GET /sauth/settings/synerise-auth — getSyneriseAuthConfig
/api-reference/identity-and-access-management#tag/Settings/operation/getSyneriseAuthConfig
API consumer: Synerise User
User role permission required: settings_customers_iam: read
Responses
| Status | Description |
|---|---|
200 application/json | OK |
Example request (cURL)
curl --request GET \
--url https://api.synerise.com/sauth/settings/synerise-authPOST /sauth/settings/synerise-auth — updateSyneriseAuthSettings
/api-reference/identity-and-access-management#tag/Settings/operation/updateSyneriseAuthSettings
API consumer: Synerise User
User role permission required: settings_customers_iam: update
Request body (required)
application/json · sauth-SyneriseAuthSettingsData
| Field | Type | Required | Description |
|---|---|---|---|
enabled | boolean | required | |
registrationType | enum<"REQUIRE_ACTIVATION", "REQUIRE_EMAIL_CONFIRMATION", "REQUIRE_PIN_CONFIRMATION", "AUTOMATIC"> | required | Defines the Profile account activation type.
REQUIRE_ACTIVATION: the account is inactive until the link in the confirmation email is accessed.
REQUIRE_EMAIL_CONFIRMATION: the account is active and can be used immediately, but must be confirmed using the link from the confirmation email.
AUTOMATIC: no activation is required
REQUIRE_PIN_CONFIRMATION: PIN code confirmation is required. To send the PIN by email, the email template must include the {{pin_code}} jinjava tag.
|
pinConfirmationType | enum<"EVERYONE", "ON_CONFLICT_WITH_EXTERNAL_ACCOUNT"> | optional | Defines if PIN confirmation (if enabled) is required for all new accounts or only if there is a conflict with an existing account registered by using third-party Identity Providers. |
pinConfirmationLength | integer | optional | The number of characters in the PIN |
pinConfirmationValidInSeconds | integer | optional | TTL of the PIN code before it expires and cannot be used |
allowPinResendFromDifferentDeviceId | boolean | optional | When TRUE, a PIN email re-send can be requested from a different device than the last device that requested a PIN email. NOTE: Regardless of this setting, the activation request can only be sent from the last device that requested a PIN email. |
confirmationRedirectLink | string | optional | Redirect URL of the confirmation link |
confirmationMailSubject | string | optional | Subject of the account activation email |
confirmationMailBody | string | optional | HTML body of the account activation email. All " characters must be escaped and all the code must be a single line.
|
confirmationMailTemplateId | string | optional | ID of the account activation email body template. If you use a template, it overrides the content sent in confirmationMailBody.
|
passwordResetMailTemplateId | string | optional | ID of the password reset confirmation email body template |
passwordResetMailSubject | string | optional | Subject of the password reset confirmation email |
passwordResetMailBody | string | optional | HTML body of the password reset confirmation email. All " characters must be escaped and all the code must be a single line.
|
pinConfirmationMailSubject | string | optional | Subject of the email with the PIN needed to confirm an account. |
pinConfirmationMailBody | string | optional | HTML body of the email with the PIN needed to confirm an account. All " characters must be escaped and all the code must be a single line. The PIN code is inserted using the {{ pin_code }} Jinjava insert.
|
pinConfirmationMailTemplateId | string | optional | ID of the template for the email with the PIN needed to confirm an account. If you use a template, it overrides the content sent in pinConfirmationMailBody.
|
maxLength | integer | optional | Maximum length of the password |
minLength | integer | optional | Minimum length of the password |
requireAtLeastOneLowercaseLetter | boolean | optional | When TRUE, the password must include at least one lowercase letter. |
requireAtLeastOneNonAlphaNumericCharacter | boolean | optional | When TRUE, the password must include at least one non-alphanumeric character. |
requireAtLeastOneNumber | boolean | optional | When TRUE, the password must include at least one number. |
requireAtLeastOneUppercaseLetter | boolean | optional | When TRUE, the password must include at least one uppercase letter. |
Responses
| Status | Description |
|---|---|
200 application/json | OK |
Example request (cURL)
curl --request POST \
--url https://api.synerise.com/sauth/settings/synerise-auth \
--header 'content-type: application/json' \
--data '{"enabled":true,"registrationType":"REQUIRE_ACTIVATION","pinConfirmationType":"EVERYONE","pinConfirmationLength":6,"pinConfirmationValidInSeconds":300,"allowPinResendFromDifferentDeviceId":false,"confirmationRedirectLink":null,"confirmationMailSubject":"string","confirmationMailBody":"string","confirmationMailTemplateId":"string","passwordResetMailTemplateId":"string","passwordResetMailSubject":"string","passwordResetMailBody":"string","pinConfirmationMailSubject":"string","pinConfirmationMailBody":"string","pinConfirmationMailTemplateId":"string","maxLength":0,"minLength":0,"requireAtLeastOneLowercaseLetter":false,"requireAtLeastOneNonAlphaNumericCharacter":false,"requireAtLeastOneNumber":false,"requireAtLeastOneUppercaseLetter":false}'GET /sauth/settings/oauth/facebook — getFacebookOauthSettings
/api-reference/identity-and-access-management#tag/Settings/operation/getFacebookOauthSettings
API consumer: Synerise User
User role permission required: settings_customers_iam_oauth: read
Responses
| Status | Description |
|---|---|
200 application/json | OK |
Example request (cURL)
curl --request GET \
--url https://api.synerise.com/sauth/settings/oauth/facebookPOST /sauth/settings/oauth/facebook — updateFacebookOauthSettings
/api-reference/identity-and-access-management#tag/Settings/operation/updateFacebookOauthSettings
API consumer: Synerise User
User role permission required: settings_customers_iam_oauth: update
Request body (required)
application/json · sauth-FacebookOauthSettingsPayload
| Field | Type | Required | Description |
|---|---|---|---|
enabled | boolean | required |
Responses
| Status | Description |
|---|---|
200 */* | OK |
Example request (cURL)
curl --request POST \
--url https://api.synerise.com/sauth/settings/oauth/facebook \
--header 'content-type: application/json' \
--data '{"enabled":true}'GET /sauth/settings/oauth/google — getGoogleOauthSettings
/api-reference/identity-and-access-management#tag/Settings/operation/getGoogleOauthSettings
API consumer: Synerise User
User role permission required: settings_customers_iam_oauth: read
Responses
| Status | Description |
|---|---|
200 application/json | OK |
Example request (cURL)
curl --request GET \
--url https://api.synerise.com/sauth/settings/oauth/googlePOST /sauth/settings/oauth/google — updateGoogleOauthSettings
/api-reference/identity-and-access-management#tag/Settings/operation/updateGoogleOauthSettings
API consumer: Synerise User
User role permission required: settings_customers_iam_oauth: update
Request body (required)
application/json · sauth-GoogleOauthSettingsPayload
| Field | Type | Required | Description |
|---|---|---|---|
enabled | boolean | required |
Responses
| Status | Description |
|---|---|
200 */* | OK |
Example request (cURL)
curl --request POST \
--url https://api.synerise.com/sauth/settings/oauth/google \
--header 'content-type: application/json' \
--data '{"enabled":true}'GET /sauth/settings/oauth/apple — Get Sign in with Apple settings
/api-reference/identity-and-access-management#tag/Settings/operation/getAppleAuthSettingsUsingGET
Retrieve Sign in with Apple settings.
API consumer: Synerise User
User role permission required: settings_customers_iam_oauth: read
Responses
| Status | Description |
|---|---|
200 application/json | Current settings |
401 application/json | JWT missing, expired, or invalid |
403 application/json | Insufficient permissions or wrong JWT scope (for example, profile token where a workspace token was required) |
404 | Not Found |
Example request (cURL)
curl --request GET \
--url https://api.synerise.com/sauth/settings/oauth/apple \
--header 'Authorization: Bearer REPLACE_BEARER_TOKEN'POST /sauth/settings/oauth/apple — Update Sign in with Apple settings
Update Sign in with Apple settings.
API consumer: Synerise User
User role permission required: settings_customers_iam_oauth: update
Request body (required)
application/json · sauth-AppleAuthSettingsPayload
| Field | Type | Required | Description |
|---|---|---|---|
enabled | boolean | optional | Defines if Sign in with Apple is enabled in this workspace. |
bundle | string | optional | Name of your application package |
Responses
| Status | Description |
|---|---|
200 application/json | Current settings |
401 application/json | JWT missing, expired, or invalid |
403 application/json | Insufficient permissions or wrong JWT scope (for example, profile token where a workspace token was required) |
404 | Not Found |
Example request (cURL)
curl --request POST \
--url https://api.synerise.com/sauth/settings/oauth/apple \
--header 'Authorization: Bearer REPLACE_BEARER_TOKEN' \
--header 'content-type: application/json' \
--data '{"enabled":true,"bundle":"com.synerise.sdk.sample-swift"}'POST /uauth/business-profile/mark-favorite — Add or remove business profile to favorites
/api-reference/identity-and-access-management#tag/Settings/operation/postBPFavorite
Business profile can be added or removed from favorites using this endpoint
API consumer: Synerise User
Request body
application/json · uauth-MarkUserFavoriteBusinessProfile
| Field | Type | Required | Description |
|---|---|---|---|
businessProfileGuid | string | optional | |
favorite | boolean | optional |
Responses
| Status | Description |
|---|---|
200 | OK |
400 | Bad Request |
401 | Unauthorized |
403 | Forbidden |
404 | Not Found |
Example request (cURL)
curl --request POST \
--url https://api.synerise.com/uauth/business-profile/mark-favorite \
--header 'Authorization: Bearer REPLACE_BEARER_TOKEN' \
--header 'content-type: application/json' \
--data '{"businessProfileGuid":"string","favorite":true}'Access control
POST /uauth/business-profile/mfa/requirements — Enable MFA requirement for workspace
This request enables multi-factor authentication requirement for the currently selected workspace. After enabling this setting, only users with MFA can access the workspace.
API consumer: Synerise User
Responses
| Status | Description |
|---|---|
200 | OK |
401 | Unauthorized |
403 | Forbidden |
404 | Not Found |
Example request (cURL)
curl --request POST \
--url https://api.synerise.com/uauth/business-profile/mfa/requirements \
--header 'Authorization: Bearer REPLACE_BEARER_TOKEN'DELETE /uauth/business-profile/mfa/requirements — Disable MFA requirement for workspace
This request disables multi-factor authentication requirement for the currently selected workspace. After disabling this setting, users without MFA can access the workspace.
API consumer: Synerise User
Responses
| Status | Description |
|---|---|
200 | OK |
401 | Unauthorized |
403 | Forbidden |
404 | Not Found |
Example request (cURL)
curl --request DELETE \
--url https://api.synerise.com/uauth/business-profile/mfa/requirements \
--header 'Authorization: Bearer REPLACE_BEARER_TOKEN'GET /uauth/users/my-account/strongest-password-settings — Get own strongest password policy
If a user has access to more than one workspace, you can use this endpoint to find the strictest password policy of all the policies in these workspaces. The user's password must meet the requirements of that strictest policy.
API consumer: Synerise User
Responses
| Status | Description |
|---|---|
200 */* | OK |
Example request (cURL)
curl --request GET \
--url https://api.synerise.com/uauth/users/my-account/strongest-password-settingsGET /uauth/settings/user-bp-ip-policy — Get IP allowlist policy
/api-reference/identity-and-access-management#tag/Access-control/operation/getUserBpIpPolicyUsingGET
Retrieve the details of IP allowlisting policy of the workspace.
API consumer: Synerise User
User role permission required: settings_users_am_ip_access_restriction: read
Responses
| Status | Description |
|---|---|
200 application/json | IP policy details |
401 | Unauthorized |
403 | Forbidden |
404 | Not Found |
Example request (cURL)
curl --request GET \
--url https://api.synerise.com/uauth/settings/user-bp-ip-policy \
--header 'Authorization: Bearer REPLACE_BEARER_TOKEN'POST /uauth/settings/user-bp-ip-policy — Update IP allowlist policy
Update the details of IP allowlisting policy of the workspace.
API consumer: Synerise User
User role permission required: settings_users_am_ip_access_restriction: update
Request body (required)
application/json · uauth-IpPolicySettings
| Field | Type | Required | Description |
|---|---|---|---|
enabled | boolean | optional | When TRUE, the policy is active and only the included addresses are allowed to connect. |
enableSupportSubnets | boolean | optional | When TRUE, the IP addresses used by Synerise for service work are added to the allowlist. These addresses depend on the configuration. |
ipPolicy | array<string> | optional | List of allowed IPv4 addresses |
Responses
| Status | Description |
|---|---|
200 application/json | Updated IP policy |
401 | Unauthorized |
403 | Forbidden |
404 | Not Found |
Example request (cURL)
curl --request POST \
--url https://api.synerise.com/uauth/settings/user-bp-ip-policy \
--header 'Authorization: Bearer REPLACE_BEARER_TOKEN' \
--header 'content-type: application/json' \
--data '{"enabled":true,"enableSupportSubnets":true,"ipPolicy":["string"]}'GET /uauth/strongest-password-settings-by-email/{email} — Get strongest password policy of a User
If a user has access to more than one workspace, you can use this endpoint to find the strictest password policy of all the policies in these workspaces. The user's password must meet the requirements of that strictest policy.
Authentication: Not required
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
email | path | string | required | User's email address |
Responses
| Status | Description |
|---|---|
200 application/json | OK |
401 | Unauthorized |
403 | Forbidden |
404 | Not Found |
Example request (cURL)
curl --request GET \
--url https://api.synerise.com/uauth/strongest-password-settings-by-email/%7Bemail%7D \
--header 'Authorization: Bearer REPLACE_BEARER_TOKEN'POST /uauth/users/mfa/initialization — Initiate multi-factor authentication for user
/api-reference/identity-and-access-management#tag/Access-control/operation/initiateUserMfaUsingPOST
Begins the process of enabling multi-factor authentication for a user by initiating it.
API consumer: Synerise User
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
mfaType | query | enum<"TOTP_AUTHENTICATOR", "EMAIL"> | required | Type of multi-factor authentication |
Responses
| Status | Description |
|---|---|
200 application/json | Secret and QR code URL |
401 | Unauthorized |
403 | Forbidden |
404 | Not Found |
Example request (cURL)
curl --request POST \
--url 'https://api.synerise.com/uauth/users/mfa/initialization?mfaType=SOME_STRING_VALUE' \
--header 'Authorization: Bearer REPLACE_BEARER_TOKEN'POST /uauth/users/mfa/confirmation — Confirm multi-factor authentication for user
/api-reference/identity-and-access-management#tag/Access-control/operation/confirmUserMfaUsingPOST
Continues the process of enabling multi-factor authentication for a user by confirming it.
API consumer: Synerise User
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
mfaType | query | enum<"TOTP_AUTHENTICATOR", "EMAIL"> | required | Type of multi-factor authentication |
Request body (required)
application/json · uauth-MultiFactorAuthConfirmRequest
| Field | Type | Required | Description |
|---|---|---|---|
verificationCode | string | required | Multi-factor verification code |
Responses
| Status | Description |
|---|---|
200 application/json | User's backup code |
401 | Unauthorized |
403 | Forbidden |
404 | Not Found |
Example request (cURL)
curl --request POST \
--url 'https://api.synerise.com/uauth/users/mfa/confirmation?mfaType=SOME_STRING_VALUE' \
--header 'Authorization: Bearer REPLACE_BEARER_TOKEN' \
--header 'content-type: application/json' \
--data '{"verificationCode":"string"}'DELETE /uauth/users/mfa — Remove multi-factor authentication for user
/api-reference/identity-and-access-management#tag/Access-control/operation/removesUserMfaUsingPOST
Removes user multi-factor authentication.
API consumer: Synerise User
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
mfaType | query | enum<"TOTP_AUTHENTICATOR", "EMAIL"> | required | Type of multi-factor authentication |
backupCode | query | string | required | User's backup code |
Responses
| Status | Description |
|---|---|
204 | No Content |
401 | Unauthorized |
403 | Forbidden |
404 | Not Found |
Example request (cURL)
curl --request DELETE \
--url 'https://api.synerise.com/uauth/users/mfa?mfaType=SOME_STRING_VALUE&backupCode=SOME_STRING_VALUE' \
--header 'Authorization: Bearer REPLACE_BEARER_TOKEN'GET /uauth/settings/password-policy — Get user password policy
Retrieve the user password policy of the workspace.
API consumer: Synerise User
User role permission required: settings_users_am_password_policy: read
Responses
| Status | Description |
|---|---|
200 application/json | OK |
401 | Unauthorized |
403 | Forbidden |
404 | Not Found |
Example request (cURL)
curl --request GET \
--url https://api.synerise.com/uauth/settings/password-policy \
--header 'Authorization: Bearer REPLACE_BEARER_TOKEN'POST /uauth/settings/password-policy — Update user password policy
/api-reference/identity-and-access-management#tag/Access-control/operation/updateSettingsUsingPOST
Update the user password policy. Entering 0 as the value disables a requirement.
API consumer: Synerise User
User role permission required: settings_users_am_password_policy: update
Request body
application/json · uauth-PasswordSettingsData
| Field | Type | Required | Description |
|---|---|---|---|
attempts | integer | optional | The number of failed sign-in attempts after which an account is blocked |
block | integer | optional | The number of days after which an account is blocked after the password expires. |
different | integer | optional | Defines how many previous passwords are compared. For example, if set to 3, the new password must be different than the 3 last passwords. |
digits | integer | optional | The minimum number of digits in a password |
expiration | integer | optional | The number of days after which the passwords expire |
lowerLetters | integer | optional | The minimum number of lower-case letters in a password |
maxIdleTime | integer | optional | Time (in seconds) after which an idle user is signed out |
maxLength | integer | optional | The maximum number of characters in a password |
minLength | integer | optional | The minimum number of characters in a password |
nextChange | integer | optional | Currently not used |
specialChars | integer | optional | The minimum number of special characters in a password |
upperLetters | integer | optional | The minimum number of upper-case letters in a password |
Responses
| Status | Description |
|---|---|
200 application/json | New password policy |
401 | Unauthorized |
403 | Forbidden |
404 | Not Found |
Example request (cURL)
curl --request POST \
--url https://api.synerise.com/uauth/settings/password-policy \
--header 'Authorization: Bearer REPLACE_BEARER_TOKEN' \
--header 'content-type: application/json' \
--data '{"attempts":0,"block":0,"different":0,"digits":0,"expiration":0,"lowerLetters":0,"maxIdleTime":0,"maxLength":0,"minLength":0,"nextChange":0,"specialChars":0,"upperLetters":0}'User management
GET /uauth/user/register/invitation/{invitationToken} — Find user by invitation token
/api-reference/identity-and-access-management#tag/User-management/operation/findByInvitationTokenGET
You can retrieve the details of an account by providing the invitation token generated for that account.
Authentication: Not required
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
invitationToken | path | string | required | Invitation token |
Responses
| Status | Description |
|---|---|
200 application/json | OK |
201 | Created |
401 | Unauthorized |
403 | Forbidden |
404 | Not Found |
Example request (cURL)
curl --request GET \
--url https://api.synerise.com/uauth/user/register/invitation/%7BinvitationToken%7DPOST /uauth/users/invitations/invite — Invite user
/api-reference/identity-and-access-management#tag/User-management/operation/inviteUserUsingPOST
Invite a user to join a workspace. The user receives an email with an invitation token.
API consumer: Synerise User
User role permission required: settings_users: create
Request body (required)
application/json · uauth-BusinessProfileInvitationRequest
All the data sent in this request applies to the user being invited.
| Field | Type | Required | Description |
|---|---|---|---|
email | string | optional | User's email address |
firstName | string | optional | First name of the user |
lastName | string | optional | Last name of the user |
roles | array<integer> | optional | An array of roles (IDs) assigned to the user in the currently selected workspace |
Responses
| Status | Description |
|---|---|
200 application/json | OK |
401 | Unauthorized |
403 | Forbidden |
404 | Not Found |
Example request (cURL)
curl --request POST \
--url https://api.synerise.com/uauth/users/invitations/invite \
--header 'Authorization: Bearer REPLACE_BEARER_TOKEN' \
--header 'content-type: application/json' \
--data '{"email":"string","firstName":"string","lastName":"string","roles":[0]}'POST /uauth/users/invitations/invite-bulk — Invite many users
/api-reference/identity-and-access-management#tag/User-management/operation/bulkInviteUsersUsingPOST
Invite a number of users to the workspace at once. The users receive emails with invitation tokens.
API consumer: Synerise User
User role permission required: settings_users: create
Request body (required)
application/json · uauth-BusinessProfileBulkInvitationRequest
All the data sent in this request refers to the users being invited.
| Field | Type | Required | Description |
|---|---|---|---|
invitations | array<uauth-BusinessProfileInvitationRequest> | optional | An array of users to invite |
Responses
| Status | Description |
|---|---|
200 application/json | OK |
401 | Unauthorized |
403 | Forbidden |
404 | Not Found |
Example request (cURL)
curl --request POST \
--url https://api.synerise.com/uauth/users/invitations/invite-bulk \
--header 'Authorization: Bearer REPLACE_BEARER_TOKEN' \
--header 'content-type: application/json' \
--data '{"invitations":[{"email":"string","firstName":"string","lastName":"string","roles":[0]}]}'DELETE /uauth/users/invitations/{invitationIds} — Delete invitations
Delete invitations that were not yet accepted.
API consumer: Synerise User
User role permission required: settings_users: delete
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
invitationIds | path | string | required | Comma-separated list of invitation IDs. To obtain the invitation ID, check the list of users with PENDING status. The invitation ID for a user is the same as the ID of that user. |
Responses
| Status | Description |
|---|---|
200 | OK |
401 | Unauthorized |
403 | Forbidden |
Example request (cURL)
curl --request DELETE \
--url https://api.synerise.com/uauth/users/invitations/%7BinvitationIds%7D \
--header 'Authorization: Bearer REPLACE_BEARER_TOKEN'POST /uauth/users/invitations/{invitationId} — Update invitation
Update the details of an invitation.
API consumer: Synerise User
User role permission required: settings_users: update
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
invitationId | path | integer | required | To obtain the invitation ID, check the list of users with PENDING status. The invitation ID for a user is the same as the ID of that user. |
Request body (required)
application/json · uauth-InvitationUpdateRequest
All the data sent in this request refers to the user being invited.
| Field | Type | Required | Description |
|---|---|---|---|
firstName | string | optional | First name of the user |
lastName | string | optional | Last name of the user |
roles | array<integer> | optional | An array of roles (IDs) assigned to the user in the currently selected workspace |
Responses
| Status | Description |
|---|---|
200 | OK |
401 | Unauthorized |
403 | Forbidden |
404 | Not Found |
Example request (cURL)
curl --request POST \
--url https://api.synerise.com/uauth/users/invitations/%7BinvitationId%7D \
--header 'Authorization: Bearer REPLACE_BEARER_TOKEN' \
--header 'content-type: application/json' \
--data '{"firstName":"string","lastName":"string","roles":[0]}'GET /uauth/users/listing — List users
/api-reference/identity-and-access-management#tag/User-management/operation/listUsersUsingGET
List users from the current workspace
API consumer: Synerise User
User role permission required: settings_users: read
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
page | query | integer | required | The page of results to retrieve. The first page has the index 0.
|
size | query | integer | required | The number of entries on a page |
status | query | enum<"ALL", "ACTIVE", "PENDING", "EXPIRED", …> | required | Filters the results by status of the users |
search | query | string | required | String to search for in the first names, surnames, and email addresses |
Responses
| Status | Description |
|---|---|
200 application/json | OK |
401 | Unauthorized |
403 | Forbidden |
404 | Not Found |
Example request (cURL)
curl --request GET \
--url 'https://api.synerise.com/uauth/users/listing?page=SOME_INTEGER_VALUE&size=SOME_INTEGER_VALUE&status=SOME_STRING_VALUE&search=SOME_STRING_VALUE' \
--header 'Authorization: Bearer REPLACE_BEARER_TOKEN'GET /uauth/users/listing/autocomplete — Autocomplete user search result
/api-reference/identity-and-access-management#tag/User-management/operation/getListingAutocomplete
You can use this endpoint to obtain data for search autocomplete.
API consumer: Synerise User
User role permission required (at least one): settings_users: read, analytics: read
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
email | query | string | required | User's email address |
Responses
| Status | Description |
|---|---|
200 application/json | OK |
401 | Unauthorized |
403 | Forbidden |
404 | Not Found |
Example request (cURL)
curl --request GET \
--url 'https://api.synerise.com/uauth/users/listing/autocomplete?email=SOME_STRING_VALUE' \
--header 'Authorization: Bearer REPLACE_BEARER_TOKEN'DELETE /uauth/users/profile-association/{ids} — Remove users from workspace
/api-reference/identity-and-access-management#tag/User-management/operation/deleteUsersUsingDELETE
Delete user associations from a workspace. This does not delete the user accounts.
API consumer: Synerise User
User role permission required: settings_users: delete
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
ids | path | string | required | Comma-separated user IDs |
Responses
| Status | Description |
|---|---|
200 | OK |
401 | Unauthorized |
403 | Forbidden |
Example request (cURL)
curl --request DELETE \
--url 'https://api.synerise.com/uauth/users/profile-association/11405,11406,11407' \
--header 'Authorization: Bearer REPLACE_BEARER_TOKEN'GET /uauth/users/{userId} — Get user data
/api-reference/identity-and-access-management#tag/User-management/operation/getUserDataUsingGET
API consumer: Synerise User
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
userId | path | integer | required | User ID |
Responses
| Status | Description |
|---|---|
200 application/json | OK |
401 | Unauthorized |
403 | Forbidden |
404 | Not Found |
Example request (cURL)
curl --request GET \
--url https://api.synerise.com/uauth/users/%7BuserId%7D \
--header 'Authorization: Bearer REPLACE_BEARER_TOKEN'POST /uauth/users/{userId} — Update user data
/api-reference/identity-and-access-management#tag/User-management/operation/updateUserDataUsingPOST
API consumer: Synerise User
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
userId | path | integer | required | User ID |
Request body (required)
application/json · uauth-ReactOtherUserEditRequest
| Field | Type | Required | Description |
|---|---|---|---|
firstName | string | optional | First name of the user |
lastName | string | optional | Last name of the user |
avatar | string | optional | URL of the user's avatar |
phone | string | optional | User's phone number |
language | enum<"pl", "es", "pt", "en-GB", …> | optional | User's interface language |
organizationRole | string | optional | User's role in the organization |
introduction | string | optional | User's introduction |
confirmed | boolean | optional | Informs if the account is confirmed |
mailAccountId | integer | optional | Unused field |
description | string | optional | User's description |
dateFormatNotation | enum<"US", "EU"> | optional | |
timeFormatNotation | enum<"US", "EU"> | optional | |
numberFormatNotation | enum<"US", "EU"> | optional | |
roles | array<integer> | required | An array of roles (IDs) assigned to the user in the currently selected workspace |
Responses
| Status | Description |
|---|---|
200 application/json | OK |
201 | Created |
401 | Unauthorized |
403 | Forbidden |
404 | Not Found |
Example request (cURL)
curl --request POST \
--url https://api.synerise.com/uauth/users/%7BuserId%7D \
--header 'Authorization: Bearer REPLACE_BEARER_TOKEN' \
--header 'content-type: application/json' \
--data '{"firstName":"string","lastName":"string","avatar":"string","phone":"string","language":"pl","organizationRole":"string","introduction":"string","confirmed":true,"mailAccountId":0,"description":"string","dateFormatNotation":"US","timeFormatNotation":"US","numberFormatNotation":"US","roles":[0]}'POST /uauth/users/activate — Activate users
/api-reference/identity-and-access-management#tag/User-management/operation/activateUsersUsingPOST
Activate access to the workspace for a number of users
API consumer: Synerise User
User role permission required: settings_users: delete
Request body
application/json · uauth-ActivationRequest
| Field | Type | Required | Description |
|---|---|---|---|
ids | array<uauth-UserIdInteger> | optional | An array of user IDs |
Responses
| Status | Description |
|---|---|
200 | OK |
Example request (cURL)
curl --request POST \
--url https://api.synerise.com/uauth/users/activate \
--header 'Authorization: Bearer REPLACE_BEARER_TOKEN' \
--header 'content-type: application/json' \
--data '{"ids":[0]}'POST /uauth/users/deactivate — De-activate users
/api-reference/identity-and-access-management#tag/User-management/operation/deactivateUsersUsingPOST
De-activate access to the workspace for a number of users
API consumer: Synerise User
User role permission required: settings_users: update
Request body
application/json · uauth-ActivationRequest
| Field | Type | Required | Description |
|---|---|---|---|
ids | array<uauth-UserIdInteger> | optional | An array of user IDs |
Responses
| Status | Description |
|---|---|
200 | OK |
Example request (cURL)
curl --request POST \
--url https://api.synerise.com/uauth/users/deactivate \
--header 'Authorization: Bearer REPLACE_BEARER_TOKEN' \
--header 'content-type: application/json' \
--data '{"ids":[0]}'PUT /uauth/users/{userId}/access-time — Change access expiration time
Change the date when a user's access to the workspace is cancelled.
API consumer: Synerise User
User role permission required: settings_users: update
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
userId | path | integer | required | User ID |
Request body (required)
application/json · uauth-ReactUserProlongAccessRequest
| Field | Type | Required | Description |
|---|---|---|---|
expirationDate | string | optional | New access expiration time (ISO 8601, UTC time unless timezone is specified) |
Responses
| Status | Description |
|---|---|
200 | OK |
401 | Unauthorized |
403 | Forbidden |
404 | Not Found |
Example request (cURL)
curl --request PUT \
--url https://api.synerise.com/uauth/users/%7BuserId%7D/access-time \
--header 'Authorization: Bearer REPLACE_BEARER_TOKEN' \
--header 'content-type: application/json' \
--data '{"expirationDate":"2019-08-24T14:15:22Z"}'POST /uauth/users/{userId}/password-reset — Reset another user's password
/api-reference/identity-and-access-management#tag/User-management/operation/resetPasswordUsingPOST
Request a password reset for another user. That user receives an email with a password reset token. Their account is locked until the new password is set.
API consumer: Synerise User
User role permission required: settings_users: update
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
userId | path | integer | required | User ID |
Responses
| Status | Description |
|---|---|
200 | OK |
Example request (cURL)
curl --request POST \
--url https://api.synerise.com/uauth/users/%7BuserId%7D/password-resetPUT /uauth/users/{userId}/mfa-reset — Reset another user's multi-factor authentication
/api-reference/identity-and-access-management#tag/User-management/operation/resetMFAUsingPUT
You can reset the settings of another user's multi-factor authentication. This can be used, for example, if the user has lost both their device with the MFA application and the recovery code. The user will need to re-enable MFA in the same way as when setting it up for the first time.
API consumer: Synerise User
User role permission required: settings_users: update
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
userId | path | integer | required | User ID |
Responses
| Status | Description |
|---|---|
200 | OK |
Example request (cURL)
curl --request PUT \
--url https://api.synerise.com/uauth/users/%7BuserId%7D/mfa-resetDELETE /uauth/users/{ids} — Delete user account
Permanently deletes a user account.
API consumer: Synerise User
User role permission required: settings_users: delete
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
ids | path | string | required | Comma-separated user IDs |
Responses
| Status | Description |
|---|---|
200 | OK |
Example request (cURL)
curl --request DELETE \
--url 'https://api.synerise.com/uauth/users/11405,11406,11407' \
--header 'Authorization: Bearer REPLACE_BEARER_TOKEN'Access groups
GET /uauth/permissions/group/role/{roleId} — List grouped permissions
List all permissions for a role, including information about permission grouping.
API consumer: Synerise User
User role permission required: settings_users: read
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
roleId | path | integer | required | Role ID |
Responses
| Status | Description |
|---|---|
200 application/json | This schema is recursive: the children array can include more groups, which include more groups, etc.
|
401 | Unauthorized |
403 | Forbidden |
404 | Not Found |
Example request (cURL)
curl --request GET \
--url https://api.synerise.com/uauth/permissions/group/role/%7BroleId%7DGET /uauth/roles/listing — Get role groups
/api-reference/identity-and-access-management#tag/Access-groups/operation/getRoleGroupsUsingGET
Retrieve a list of user role groups.
API consumer: Synerise User
User role permission required: settings_users: read
Responses
| Status | Description |
|---|---|
200 application/json | OK |
401 | Unauthorized |
403 | Forbidden |
404 | Not Found |
Example request (cURL)
curl --request GET \
--url https://api.synerise.com/uauth/roles/listing \
--header 'Authorization: Bearer REPLACE_BEARER_TOKEN'POST /uauth/roles/role-group — Create role group
/api-reference/identity-and-access-management#tag/Access-groups/operation/createRoleGroupUsingPOST
Create a new role group. A new group does not include any roles. To add a role to a group, update the role.
API consumer: Synerise User
User role permission required: settings_users: create
Request body (required)
application/json · uauth-RoleGroupDataRequest
| Field | Type | Required | Description |
|---|---|---|---|
name | string | optional | Name of the role group |
description | string | optional | Description of the role group |
Responses
| Status | Description |
|---|---|
200 application/json | New group created; response includes all existing groups |
401 | Unauthorized |
403 | Forbidden |
404 | Not Found |
Example request (cURL)
curl --request POST \
--url https://api.synerise.com/uauth/roles/role-group \
--header 'Authorization: Bearer REPLACE_BEARER_TOKEN' \
--header 'content-type: application/json' \
--data '{"name":"string","description":"string"}'POST /uauth/roles/role-group/{groupId} — Update role group
/api-reference/identity-and-access-management#tag/Access-groups/operation/updateRoleGroupUsingPOST
Update a group. To add a role to a group, update the role.
API consumer: Synerise User
User role permission required: settings_users: update
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
groupId | path | integer | required | Role group ID |
Request body (required)
application/json · uauth-RoleGroupDataRequest
| Field | Type | Required | Description |
|---|---|---|---|
name | string | optional | Name of the role group |
description | string | optional | Description of the role group |
Responses
| Status | Description |
|---|---|
200 application/json | Group updated; response includes all existing groups |
401 | Unauthorized |
403 | Forbidden |
404 | Not Found |
Example request (cURL)
curl --request POST \
--url https://api.synerise.com/uauth/roles/role-group/%7BgroupId%7D \
--header 'Authorization: Bearer REPLACE_BEARER_TOKEN' \
--header 'content-type: application/json' \
--data '{"name":"string","description":"string"}'DELETE /uauth/roles/role-group/{groupId} — Delete role group
/api-reference/identity-and-access-management#tag/Access-groups/operation/deleteRoleGroupUsingDELETE
Delete a role group permanently.
API consumer: Synerise User
User role permission required: settings_users: delete
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
groupId | path | integer | required | Role group ID |
Responses
| Status | Description |
|---|---|
200 application/json | Group deleted; response includes all existing groups |
401 | Unauthorized |
403 | Forbidden |
Example request (cURL)
curl --request DELETE \
--url https://api.synerise.com/uauth/roles/role-group/%7BgroupId%7D \
--header 'Authorization: Bearer REPLACE_BEARER_TOKEN'POST /uauth/roles/role — Create role
/api-reference/identity-and-access-management#tag/Access-groups/operation/createRoleUsingPOST
Create a new user role.
API consumer: Synerise User
User role permission required: settings_users: update
Request body (required)
application/json · uauth-RoleDataRequest
| Field | Type | Required | Description |
|---|---|---|---|
group | integer | required | ID of the group that includes this role |
name | string | required | The name of the role |
description | string | optional | Description of the role |
Responses
| Status | Description |
|---|---|
200 application/json | Role created |
401 | Unauthorized |
403 | Forbidden |
404 | Not Found |
Example request (cURL)
curl --request POST \
--url https://api.synerise.com/uauth/roles/role \
--header 'Authorization: Bearer REPLACE_BEARER_TOKEN' \
--header 'content-type: application/json' \
--data '{"group":0,"name":"string","description":"string"}'GET /uauth/roles/{roleId} — Get role
/api-reference/identity-and-access-management#tag/Access-groups/operation/getRoleUsingGET
Retrieve the details of a user role
API consumer: Synerise User
User role permission required: settings_users: read
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
roleId | path | integer | required | Role ID |
Responses
| Status | Description |
|---|---|
200 application/json | OK |
401 | Unauthorized |
403 | Forbidden |
404 | Not Found |
Example request (cURL)
curl --request GET \
--url https://api.synerise.com/uauth/roles/%7BroleId%7D \
--header 'Authorization: Bearer REPLACE_BEARER_TOKEN'POST /uauth/roles/role/{roleId} — Update role
/api-reference/identity-and-access-management#tag/Access-groups/operation/updateRoleUsingPOST
Update a user role.
API consumer: Synerise User
User role permission required: settings_users: update
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
roleId | path | integer | required | Role ID |
Request body (required)
application/json · uauth-RoleDataRequest
| Field | Type | Required | Description |
|---|---|---|---|
group | integer | required | ID of the group that includes this role |
name | string | required | The name of the role |
description | string | optional | Description of the role |
Responses
| Status | Description |
|---|---|
200 application/json | Role updated |
401 | Unauthorized |
403 | Forbidden |
404 | Not Found |
Example request (cURL)
curl --request POST \
--url https://api.synerise.com/uauth/roles/role/%7BroleId%7D \
--header 'Authorization: Bearer REPLACE_BEARER_TOKEN' \
--header 'content-type: application/json' \
--data '{"group":0,"name":"string","description":"string"}'DELETE /uauth/roles/role/{roleId} — Delete role
/api-reference/identity-and-access-management#tag/Access-groups/operation/deleteRoleUsingDELETE_1
Delete a user role permanently.
API consumer: Synerise User
User role permission required: settings_users: delete
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
roleId | path | integer | required | Role ID |
Responses
| Status | Description |
|---|---|
200 application/json | Role deleted, response includes all existing groups |
401 | Unauthorized |
403 | Forbidden |
Example request (cURL)
curl --request DELETE \
--url https://api.synerise.com/uauth/roles/role/%7BroleId%7D \
--header 'Authorization: Bearer REPLACE_BEARER_TOKEN'GET /uauth/users/available-roles — Get available roles
/api-reference/identity-and-access-management#tag/Access-groups/operation/getAvailableRolesUsingGET
Retrieve a list of user roles available in the business profile.
API consumer: Synerise User
Authentication: Not required
Responses
| Status | Description |
|---|---|
200 application/json | OK |
401 | Unauthorized |
403 | Forbidden |
404 | Not Found |
Example request (cURL)
curl --request GET \
--url https://api.synerise.com/uauth/users/available-rolesUser account management
POST /uauth/change-password — Change user password
Change a user's password.
API consumer: Synerise User
Request body
application/json · uauth-ChangePasswordRequest
| Field | Type | Required | Description |
|---|---|---|---|
currentPassword | string | optional | The current password |
newPassword | string | optional | The new password |
Responses
| Status | Description |
|---|---|
200 application/json | OK |
201 | Created |
401 | Unauthorized |
403 | Forbidden |
404 | Not Found |
Example request (cURL)
curl --request POST \
--url https://api.synerise.com/uauth/change-password \
--header 'Authorization: Bearer REPLACE_BEARER_TOKEN' \
--header 'content-type: application/json' \
--data '{"currentPassword":"string","newPassword":"string"}'POST /uauth/password-reset/request — Request user password reset
The user can request a password reset token sent by email.
Authentication: Not required
Request body
application/json · uauth-PasswordResetRequest
| Field | Type | Required | Description |
|---|---|---|---|
email | string | required | User's email address |
Responses
| Status | Description |
|---|---|
200 | OK |
401 | Unauthorized |
403 | Forbidden |
404 | Not Found |
Example request (cURL)
curl --request POST \
--url https://api.synerise.com/uauth/password-reset/request \
--header 'content-type: application/json' \
--data '{"email":"string"}'POST /uauth/password-reset/confirmation — Confirm user password reset
Confirm user password reset using the token received by email.
Authentication: Not required
Request body
application/json · uauth-PasswordResetConfirmation
| Field | Type | Required | Description |
|---|---|---|---|
token | string | optional | Password reset token received by email |
password | string | optional | The new password |
Responses
| Status | Description |
|---|---|
200 | OK |
401 | Unauthorized |
403 | Forbidden |
404 | Not Found |
Example request (cURL)
curl --request POST \
--url https://api.synerise.com/uauth/password-reset/confirmation \
--header 'content-type: application/json' \
--data '{"token":"string","password":"string"}'GET /uauth/user/confirmation/{confirmationToken} — Confirm user registration
Confirm user registration. The token is sent by email.
Authentication: Not required
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
confirmationToken | path | string | required | Confirmation token |
Responses
| Status | Description |
|---|---|
200 | OK |
401 | Unauthorized |
403 | Forbidden |
404 | Not Found |
Example request (cURL)
curl --request GET \
--url https://api.synerise.com/uauth/user/confirmation/%7BconfirmationToken%7DPOST /uauth/user/register — Register user
Register a new user. Before the new account can be used, it must be confirmed.
Authentication: Not required
Request body (required)
application/json · uauth-UserRegistrationRequest
| Field | Type | Required | Description |
|---|---|---|---|
email | string | required | User's email address |
password | string | required | Account password |
invitationToken | string | optional | Invitation token, received from another user |
externalProviderToken | string | optional | |
externalProviderType | enum<"GOOGLE"> | optional |
Responses
| Status | Description |
|---|---|
200 | OK |
401 | Unauthorized |
403 | Forbidden |
404 | Not Found |
409 | User already registered |
Example request (cURL)
curl --request POST \
--url https://api.synerise.com/uauth/user/register \
--header 'content-type: application/json' \
--data '{"email":"string","password":"string","invitationToken":"string","externalProviderToken":"string","externalProviderType":"GOOGLE"}'POST /uauth/user/register/resend-confirmation — Re-send user confirmation token
If the confirmation token does not reach the user's inbox, you can send a new one.
Authentication: Not required
Request body
application/json · uauth-ResendConfirmationPayload
| Field | Type | Required | Description |
|---|---|---|---|
email | string | optional | User's email address |
Responses
| Status | Description |
|---|---|
200 | OK |
201 | Created |
401 | Unauthorized |
403 | Forbidden |
404 | Not Found |
Example request (cURL)
curl --request POST \
--url https://api.synerise.com/uauth/user/register/resend-confirmation \
--header 'content-type: application/json' \
--data '{"email":"string"}'GET /uauth/users/my-account — Get user's own data
A user can retrieve their account data.
API consumer: Synerise User
Responses
| Status | Description |
|---|---|
200 application/json | OK |
401 | Unauthorized |
403 | Forbidden |
404 | Not Found |
Example request (cURL)
curl --request GET \
--url https://api.synerise.com/uauth/users/my-account \
--header 'Authorization: Bearer REPLACE_BEARER_TOKEN'POST /uauth/users/my-account — Update user's own data
A user can update their own details.
API consumer: Synerise User
Request body
application/json · uauth-ReactUserEditRequest
| Field | Type | Required | Description |
|---|---|---|---|
firstName | string | optional | First name of the user |
lastName | string | optional | Last name of the user |
avatar | string | optional | URL of the user's avatar |
phone | string | optional | User's phone number |
language | enum<"pl", "es", "pt", "en-GB", …> | optional | User's interface language |
organizationRole | string | optional | User's role in the organization |
introduction | string | optional | User's introduction |
confirmed | boolean | optional | Informs if the account is confirmed |
mailAccountId | integer | optional | Unused field |
description | string | optional | User's description |
dateFormatNotation | enum<"US", "EU"> | optional | |
timeFormatNotation | enum<"US", "EU"> | optional | |
numberFormatNotation | enum<"US", "EU"> | optional |
Responses
| Status | Description |
|---|---|
200 application/json | OK |
201 | Created |
401 | Unauthorized |
403 | Forbidden |
404 | Not Found |
Example request (cURL)
curl --request POST \
--url https://api.synerise.com/uauth/users/my-account \
--header 'Authorization: Bearer REPLACE_BEARER_TOKEN' \
--header 'content-type: application/json' \
--data '{"firstName":"string","lastName":"string","avatar":"string","phone":"string","language":"pl","organizationRole":"string","introduction":"string","confirmed":true,"mailAccountId":0,"description":"string","dateFormatNotation":"US","timeFormatNotation":"US","numberFormatNotation":"US"}'DELETE /uauth/users/my-account — Delete user's own account
A user can delete their own account.
API consumer: Synerise User
Responses
| Status | Description |
|---|---|
200 | OK |
401 | Unauthorized |
403 | Forbidden |
Example request (cURL)
curl --request DELETE \
--url https://api.synerise.com/uauth/users/my-account \
--header 'Authorization: Bearer REPLACE_BEARER_TOKEN'Directory
GET /uauth/managed-domains — List managed domains
/api-reference/identity-and-access-management#tag/Directory/operation/getManagedDomainListUsingGET
Retrieve a list of all domains managed by the workspace.
API consumer: Synerise User
User role permission required: managed_domains: read
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
page | query | integer | optional | Page number (first page is 1) |
size | query | integer | optional | The number of entries on a page |
Responses
| Status | Description |
|---|---|
200 application/json | OK |
201 | Created |
401 | Unauthorized |
403 | Forbidden |
404 | Not Found |
Example request (cURL)
curl --request GET \
--url 'https://api.synerise.com/uauth/managed-domains?page=SOME_INTEGER_VALUE&size=SOME_INTEGER_VALUE'DELETE /uauth/managed-domains — Delete managed domain
/api-reference/identity-and-access-management#tag/Directory/operation/deleteManagedDomainUsingDELETE
Remove management settings for a domain.
API consumer: Synerise User
User role permission required: managed_domains: delete
Request body
application/json · uauth-ManagedDomainRequest
| Field | Type | Required | Description |
|---|---|---|---|
domain | string | required | Domain name |
Responses
| Status | Description |
|---|---|
201 | Created |
204 | No Content |
401 | Unauthorized |
403 | Forbidden |
404 | Not Found |
Example request (cURL)
curl --request DELETE \
--url https://api.synerise.com/uauth/managed-domains \
--header 'content-type: application/json' \
--data '{"domain":"synerise.com"}'GET /uauth/managed-domains/initialize-code — Initialize managed domain
Generate a verification string for a domain. This string is then used in this endpoint. The verification string for a particular workspace is always the same.
API consumer: Synerise User
User role permission required: managed_domains: create
Responses
| Status | Description |
|---|---|
200 application/json | OK |
401 | Unauthorized |
403 | Forbidden |
404 | Not Found |
Example request (cURL)
curl --request GET \
--url https://api.synerise.com/uauth/managed-domains/initialize-codePOST /uauth/managed-domains/verification — Verify managed domain
/api-reference/identity-and-access-management#tag/Directory/operation/verifyManagedDomainUsingPOST
Verify a managed domain to assign it to a workspace. All users who belong to the domain are managed by that workspace.
API consumer: Synerise User
User role permission required: managed_domains: create
Request body (required)
application/json · uauth-ManagedDomainVerificationRequest
| Field | Type | Required | Description |
|---|---|---|---|
domain | string | required | Domain name |
verificationMethod | enum<"TXT_RECORD", "FILE_CHECK", "INTERNAL", "NONE"> | required | Verification method. The verification string can be retrieved by using this method. TXT_RECORD: the verification string needs to be added to your DNS as a TXT record. FILE_CHECK: the site must include an HTML file whose name is the verification string. The file does not need any content. INTERNAL; NONE - currently not used |
Responses
| Status | Description |
|---|---|
200 application/json | OK |
201 | Created |
401 | Unauthorized |
403 | Forbidden |
404 | Not Found |
Example request (cURL)
curl --request POST \
--url https://api.synerise.com/uauth/managed-domains/verification \
--header 'content-type: application/json' \
--data '{"domain":"synerise.com","verificationMethod":"TXT_RECORD"}'