iWelcome APIs Overview

Operation
Description
Logical Endpoint Name [1] Method Endpoint Path
Domain/ API: Client Registration
Used to register OAuth and OIDC client applications.
Create an OAuth/OIDC client registration_endpoint POST /auth/oauth2.0/v1/connect/register
Obtain details for an OAuth/OIDC client registration_endpoint GET /auth/oauth2.0/v1/connect/register
Unregister an OAuth/OIDC client registration_endpoint DELETE /auth/oauth2.0/v1/connect/register/{client_id}
Proprietary administration endpoint to unregister an OAuth/OIDC client clients_endpoint DELETE /auth/oauth2.0/v1/connect/clients/{client_id}
Domain/ API: Consent
Manages consents given by user on documents & processing purposes.
Retrieve documents documents_endpoint GET /consent/v1/documents
View document consent per user document_consents_endpoint GET /consent/v1/document-consents
Give document consent per user document_consents_endpoint POST /consent/v1/document-consents
Revoke document consent per user document_consents_endpoint DELETE /consent/v1/document-consents
Retrieve processing purposes processing_purposes_endpoint GET /consent/v1/processing-purposes
View attribute consent per user attribute_consents_endpoint GET /consent/v1/attribute-consents
Give attribute consent per user attribute_consents_endpoint POST /consent/v1/attribute-consents
Revoke attribute consent per user attribute_consents_endpoint DELETE /consent/v1/attribute-consents
Domain/ API: Session Management
Controls session servers for an account (but for session creation done via authentication API, SSO).
Terminate session (logout) terminate_session_endpoint GET /login/terminate_session
Domain/ API: OAuth/OIDC
Allows applications to delegate authentication & authorisation towards iWelcome and get SSO (as per OAuth/OIDC specs).
Obtain OAuth authorization/OIDC authentication authorize_endpoint GET /auth/oauth2.0/v1/authorize
Obtain OAuth access token token_endpoint POST /auth/oauth2.0/v1/token
Device authorization request device_authorization_endpoint POST /auth/oauth2.0/v1/device/code
Device authorization decision endpoint device_authorization_decision_endpoint POST /auth/oauth2.0/v1/device/user
Endpoint to determine the active state and meta-information of an OAuth token introspection_endpoint POST /auth/oauth2.0/v1/introspect
Endpoint to obtain claims about the authenticated end-user userinfo_endpoint GET /auth/oauth2.0/v1/userinfo
Deprecated endpoint to obtain information about and OAuth token and the authenticated End-User token_info_endpoint GET /auth/oauth2.0/v1/token-info
Domain/ API: Event
Used to access events generated by iWelcome.
Obtain events events_endpoint GET /event-api/v2/events
Submit events events_endpoint POST /event-api/v2/events
Domain/ API: Notification
Notifies external systems of changes in users' consents
Subscribe to notifications for a single resource type notification_subscription_endpoint POST /notification/v1/subscriptions
Get the details of a subscription notification_subscription_endpoint GET /notification/v1/subscriptions/{id}
Unsubscribe from notifications notification_subscription_endpoint DELETE /notification/v1/subscriptions/{id}
Retrieve a set of notifications of a subscription with a subscription_id notification_endpoint GET /notification/v1/subscriptions/{id}/notifications
Domain/ API: Credential
Manages user's credentials (e.g. password, email, phone number).
Request to make an email address the user's primary email primary_email_request_endpoint POST /credential/v1/primary-email-request
Endpoint to confirm a user's email address primary_email_confirmation_endpoint POST /credential/v1/primary-email-confirmation
Unprotected endpoint to confirm a user's email address without authenticating the end user public_primary_email_confirmation_endpoint POST /credential/v1/public/primary-email-confirmation
Request to make a phone number primary primary_phone_number_request_endpoint POST ​/credential​/v1​/primary-phone-number-request
Change & confirm a user's phone number primary_phone_number_confirmation_endpoint POST /credential/v1/primary-phone-number-confirmation
Obtain information about the user's password metadata_endpoint GET ​/credential​/v1​/users​/{user_id}​/password​/metadata
Change password for provided userID password_endpoint PUT /credential/v1/users/{user_id}/password
Domain/ API: SAML
Allows applications to delegate authentication to iWelcome and get SSO.
Web SSO redirect sso_httpredirect_endpoint GET /auth/saml2.0/v1/SSORedirect/metaAlias/<Brand>
Web SSO post sso_httppost_endpoint POST /auth/saml2.0/v1/SSOPOST/metaAlias/<Brand>
Web IDP SLO redirect slo_httpredirect_endpoint GET /auth/saml2.0/v1/IDPSloRedirect/metaAlias/<Brand>
Web IDP SLO post slo_httppost_endpoint POST /auth/saml2.0/v1/IDPSloPOST/metaAlias/<Brand>
Domain/ API: SCIM
Provisions users to iWelcome from a source user repository (users can be created as active or inactive).
Create a user SCIM_users_endpoint POST /scim/Users
/scim/v1/Users
Full update of a user SCIM_users_endpoint PUT /scim/Users/{userId}
/scim/v1/Users/{userId}
Partial update of a user SCIM_users_endpoint PATCH /scim/Users/{userId}
/scim/v1/Users/{userId}
Retrieve a known user SCIM_users_endpoint GET /scim/Users/{userId}
/scim/v1/Users/{userId}
Query users SCIM_users_endpoint GET /scim/Users
/scim/v1/Users
Delete a user SCIM_users_endpoint DELETE /scim/Users/{userId}
/scim/v1/Users/{userId}
Create a user in employee segment SCIM_employees_endpoint POST /employees/scim/v1/Users
Full update of a user in employee segment SCIM_employees_endpoint PUT /employees/scim/v1/Users/{userId}
Partial update of a user in employee segment SCIM_employees_endpoint PATCH /employees/scim/v1/Users/{userId}
Retrieve a known user in employee segment SCIM_employees_endpoint GET /employees/scim/v1/Users/{userId}
Query users in employee segment SCIM_employees_endpoint GET /employees/scim/v1/Users
Delete a user in employee segment SCIM_employees_endpoint DELETE /employees/scim/v1/Users/{userId}
Domain/ API: Reverse Look-Up
Used to look-up user(s) at an external look-up service (the URL for this endpoint is configurable in iWelcome).
iWelcome request to user look-up service user_look_up_endpoint POST endpoint not hosted by iWelcome

[1] Logical endpoint name as defined for endpoint discovery.
Convention: "xxx_endpoint" indicates it's a web-api