Niomon API reference (1.0)

Download OpenAPI specification:Download

Niomon API follows the REST principles. Our API uses JSON encoding for requests and responses, and uses standard HTTP verbs (methods), response codes, and authentication.

Design Principles

Pagination

Requests that return a list of objects may support pagination. Pagination is offset-based using the page and pageSize query parameters.

To fetch the first page of entries in a collection the API needs to be called either without the page parameter, or with the page set to 0. pageSize field is optional and the default is 50.

Error

Niomon uses HTTP response status codes to indicate the success or failure of your API requests. For failures, Niomon returns an error using the appropriate status code. There are three categories for status codes:

  • 2xx success status codes confirm that your request worked as expected.
  • 4xx error status codes indicate an error because of the information provided (e.g., a required parameter was omitted).
  • 5xx error status codes are rare and indicate an error with Niomon’s servers.

Users

Manages users in a tenant.

Create user

Add a user to Niomon. Email and phone number (if defined) must be unique. It returns the created user.

Authorizations:
apiKeyoauth2
Request Body schema: application/json
name
string

End-User's full name in displayable form including all name parts, possibly including titles and suffixes, ordered according to the End-User's locale and preferences.

givenName
string

Given name(s) or first name(s) of the End-User. Note that in some cultures, people can have multiple given names; all can be present, with the names being separated by space characters.

familyName
string

Surname(s) or last name(s) of the End-User. Note that in some cultures, people can have multiple family names or no family name; all can be present, with the names being separated by space characters.

middleName
string

Middle name(s) of the End-User. Note that in some cultures, people can have multiple middle names; all can be present, with the names being separated by space characters. Also note that in some cultures, middle names are not used.

nickname
string

Casual name of the End-User that may or may not be the same as the given_name. For instance, a nickname value of Mike might be returned alongside a given_name value of Michael.

preferredUsername
string

Shorthand name by which the End-User wishes to be referred to at the RP, such as janedoe or j.doe. This value MAY be any valid JSON string including special characters such as @, /, or whitespace.

profile
string

URL of the End-User's profile page. The contents of this Web page SHOULD be about the End-User.

picture
string

URL of the End-User's profile picture. This URL MUST refer to an image file (for example, a PNG, JPEG, or GIF image file), rather than to a Web page containing an image. Note that this URL SHOULD specifically reference a profile photo of the End-User suitable for displaying when describing the End-User, rather than an arbitrary photo taken by the End-User.

website
string

URL of the End-User's Web page or blog. This Web page SHOULD contain information published by the End-User or an organization that the End-User is affiliated with.

email
string

End-User's preferred e-mail address. Its value MUST conform to the RFC 5322 [RFC5322] addr-spec syntax.

emailVerified
boolean

True if the End-User's e-mail address has been verified; otherwise false. When this Claim Value is true, this means that the OP took affirmative steps to ensure that this e-mail address was controlled by the End-User at the time the verification was performed. The means by which an e-mail address is verified is context-specific, and dependent upon the trust framework or contractual agreements within which the parties are operating.

gender
string

End-User's gender. Values defined by this specification are female and male. Other values MAY be used when neither of the defined values are applicable.

birthdate
string

End-User's birthday, represented as an ISO 8601:2004 [ISO8601‑2004] YYYY-MM-DD format. The year MAY be 0000, indicating that it is omitted. To represent only the year, YYYY format is allowed. Note that depending on the underlying platform's date related function, providing just year can result in varying month and day, so the implementers need to take this factor into account to correctly process the dates.

zoneinfo
string

String from zoneinfo [zoneinfo] time zone database representing the End-User's time zone. For example, Europe/Paris or America/Los_Angeles.

locale
string

End-User's locale, represented as a BCP47 [RFC5646] language tag. This is typically an ISO 639-1 Alpha-2 [ISO639‑1] language code in lowercase and an ISO 3166-1 Alpha-2 [ISO3166‑1] country code in uppercase, separated by a dash. For example, en-US or fr-CA. As a compatibility note, some implementations have used an underscore as the separator rather than a dash, for example, en_US; Relying Parties MAY choose to accept this locale syntax as well.

phoneNumber
string

End-User's preferred telephone number. E.164 [E.164] is RECOMMENDED as the format of this Claim, for example, +1 (425) 555-1212 or +56 (2) 687 2400. If the phone number contains an extension, it is RECOMMENDED that the extension be represented using the RFC 3966 [RFC3966] extension syntax, for example, +1 (604) 555-1234;ext=5678.

phoneNumberVerified
boolean

User at the time the verification was performed. The means by which a phone number is verified is context-specific, and dependent upon the trust framework or contractual agreements within which the parties are operating. When true, the phone_number Claim MUST be in E.164 format and any extensions MUST be represented in RFC 3966 format.

locked
boolean

Whether the End-User was locked. A locked user cannot login.

object (Address)
userMetadata
object
appMetadata
object

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "givenName": "string",
  • "familyName": "string",
  • "middleName": "string",
  • "nickname": "string",
  • "preferredUsername": "string",
  • "profile": "string",
  • "picture": "string",
  • "website": "string",
  • "email": "string",
  • "emailVerified": true,
  • "gender": "string",
  • "birthdate": "string",
  • "zoneinfo": "string",
  • "locale": "string",
  • "phoneNumber": "string",
  • "phoneNumberVerified": true,
  • "locked": true,
  • "address": {
    },
  • "userMetadata": { },
  • "appMetadata": { }
}

Response samples

Content type
application/json
{
  • "id": "string",
  • "name": "string",
  • "givenName": "string",
  • "familyName": "string",
  • "middleName": "string",
  • "nickname": "string",
  • "preferredUsername": "string",
  • "profile": "string",
  • "picture": "string",
  • "website": "string",
  • "email": "string",
  • "emailVerified": true,
  • "gender": "string",
  • "birthdate": "string",
  • "zoneinfo": "string",
  • "locale": "string",
  • "phoneNumber": "string",
  • "phoneNumberVerified": true,
  • "lockedAt": "2019-08-24T14:15:22Z",
  • "locked": true,
  • "address": {
    },
  • "userMetadata": { },
  • "appMetadata": { },
  • "lastSeenAt": "2019-08-24T14:15:22Z",
  • "updatedAt": "2019-08-24T14:15:22Z",
  • "createdAt": "2019-08-24T14:15:22Z"
}

List users

Lists your users in Niomon.

Authorizations:
apiKeyoauth2
query Parameters
page
integer >= 0
Default: 0

The current page number. Zero-indexed.

pageSize
integer [ 1 .. 1000 ]
Default: 50

Maximum number of results to be returned. Default 50, maximum 1000.

Responses

Response samples

Content type
application/json
{
  • "page": 0,
  • "pageSize": 0,
  • "totalSize": 0,
  • "users": [
    ]
}

Get user

Gets user attributes by user ID.

Authorizations:
apiKeyoauth2
path Parameters
userId
required
string

ID of the User.

Responses

Response samples

Content type
application/json
{
  • "id": "string",
  • "name": "string",
  • "givenName": "string",
  • "familyName": "string",
  • "middleName": "string",
  • "nickname": "string",
  • "preferredUsername": "string",
  • "profile": "string",
  • "picture": "string",
  • "website": "string",
  • "email": "string",
  • "emailVerified": true,
  • "gender": "string",
  • "birthdate": "string",
  • "zoneinfo": "string",
  • "locale": "string",
  • "phoneNumber": "string",
  • "phoneNumberVerified": true,
  • "lockedAt": "2019-08-24T14:15:22Z",
  • "locked": true,
  • "address": {
    },
  • "userMetadata": { },
  • "appMetadata": { },
  • "lastSeenAt": "2019-08-24T14:15:22Z",
  • "updatedAt": "2019-08-24T14:15:22Z",
  • "createdAt": "2019-08-24T14:15:22Z"
}

Update user

Updates a user's attributes. For example, you can change the user's email or name. Omitted fields are not changed. Set fields to empty string to unset it.

Authorizations:
apiKeyoauth2
path Parameters
userId
required
string

ID of the User.

Request Body schema: application/json
name
string

End-User's full name in displayable form including all name parts, possibly including titles and suffixes, ordered according to the End-User's locale and preferences.

givenName
string

Given name(s) or first name(s) of the End-User. Note that in some cultures, people can have multiple given names; all can be present, with the names being separated by space characters.

familyName
string

Surname(s) or last name(s) of the End-User. Note that in some cultures, people can have multiple family names or no family name; all can be present, with the names being separated by space characters.

middleName
string

Middle name(s) of the End-User. Note that in some cultures, people can have multiple middle names; all can be present, with the names being separated by space characters. Also note that in some cultures, middle names are not used.

nickname
string

Casual name of the End-User that may or may not be the same as the given_name. For instance, a nickname value of Mike might be returned alongside a given_name value of Michael.

preferredUsername
string

Shorthand name by which the End-User wishes to be referred to at the RP, such as janedoe or j.doe. This value MAY be any valid JSON string including special characters such as @, /, or whitespace.

profile
string

URL of the End-User's profile page. The contents of this Web page SHOULD be about the End-User.

picture
string

URL of the End-User's profile picture. This URL MUST refer to an image file (for example, a PNG, JPEG, or GIF image file), rather than to a Web page containing an image. Note that this URL SHOULD specifically reference a profile photo of the End-User suitable for displaying when describing the End-User, rather than an arbitrary photo taken by the End-User.

website
string

URL of the End-User's Web page or blog. This Web page SHOULD contain information published by the End-User or an organization that the End-User is affiliated with.

email
string

End-User's preferred e-mail address. Its value MUST conform to the RFC 5322 [RFC5322] addr-spec syntax.

emailVerified
boolean

True if the End-User's e-mail address has been verified; otherwise false. When this Claim Value is true, this means that the OP took affirmative steps to ensure that this e-mail address was controlled by the End-User at the time the verification was performed. The means by which an e-mail address is verified is context-specific, and dependent upon the trust framework or contractual agreements within which the parties are operating.

gender
string

End-User's gender. Values defined by this specification are female and male. Other values MAY be used when neither of the defined values are applicable.

birthdate
string

End-User's birthday, represented as an ISO 8601:2004 [ISO8601‑2004] YYYY-MM-DD format. The year MAY be 0000, indicating that it is omitted. To represent only the year, YYYY format is allowed. Note that depending on the underlying platform's date related function, providing just year can result in varying month and day, so the implementers need to take this factor into account to correctly process the dates.

zoneinfo
string

String from zoneinfo [zoneinfo] time zone database representing the End-User's time zone. For example, Europe/Paris or America/Los_Angeles.

locale
string

End-User's locale, represented as a BCP47 [RFC5646] language tag. This is typically an ISO 639-1 Alpha-2 [ISO639‑1] language code in lowercase and an ISO 3166-1 Alpha-2 [ISO3166‑1] country code in uppercase, separated by a dash. For example, en-US or fr-CA. As a compatibility note, some implementations have used an underscore as the separator rather than a dash, for example, en_US; Relying Parties MAY choose to accept this locale syntax as well.

phoneNumber
string

End-User's preferred telephone number. E.164 [E.164] is RECOMMENDED as the format of this Claim, for example, +1 (425) 555-1212 or +56 (2) 687 2400. If the phone number contains an extension, it is RECOMMENDED that the extension be represented using the RFC 3966 [RFC3966] extension syntax, for example, +1 (604) 555-1234;ext=5678.

phoneNumberVerified
boolean

User at the time the verification was performed. The means by which a phone number is verified is context-specific, and dependent upon the trust framework or contractual agreements within which the parties are operating. When true, the phone_number Claim MUST be in E.164 format and any extensions MUST be represented in RFC 3966 format.

locked
boolean

Whether the End-User was locked. A locked user cannot login.

object (Address)
userMetadata
object
appMetadata
object

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "givenName": "string",
  • "familyName": "string",
  • "middleName": "string",
  • "nickname": "string",
  • "preferredUsername": "string",
  • "profile": "string",
  • "picture": "string",
  • "website": "string",
  • "email": "string",
  • "emailVerified": true,
  • "gender": "string",
  • "birthdate": "string",
  • "zoneinfo": "string",
  • "locale": "string",
  • "phoneNumber": "string",
  • "phoneNumberVerified": true,
  • "locked": true,
  • "address": {
    },
  • "userMetadata": { },
  • "appMetadata": { }
}

Response samples

Content type
application/json
{
  • "id": "string",
  • "name": "string",
  • "givenName": "string",
  • "familyName": "string",
  • "middleName": "string",
  • "nickname": "string",
  • "preferredUsername": "string",
  • "profile": "string",
  • "picture": "string",
  • "website": "string",
  • "email": "string",
  • "emailVerified": true,
  • "gender": "string",
  • "birthdate": "string",
  • "zoneinfo": "string",
  • "locale": "string",
  • "phoneNumber": "string",
  • "phoneNumberVerified": true,
  • "lockedAt": "2019-08-24T14:15:22Z",
  • "locked": true,
  • "address": {
    },
  • "userMetadata": { },
  • "appMetadata": { },
  • "lastSeenAt": "2019-08-24T14:15:22Z",
  • "updatedAt": "2019-08-24T14:15:22Z",
  • "createdAt": "2019-08-24T14:15:22Z"
}

Delete user

Remove a user permanently. This action cannot be undone. Please use the block user function to temporarily disable users.

Authorizations:
apiKeyoauth2
path Parameters
userId
required
string

ID of the User.

Responses

Response samples

Content type
application/json
{
  • "message": "string",
  • "requestId": "string",
  • "fields": [
    ]
}

Get user by email

Gets user attributes by email address.

Authorizations:
apiKeyoauth2
path Parameters
email
required
string

Email of the User.

Responses

Response samples

Content type
application/json
{
  • "id": "string",
  • "name": "string",
  • "givenName": "string",
  • "familyName": "string",
  • "middleName": "string",
  • "nickname": "string",
  • "preferredUsername": "string",
  • "profile": "string",
  • "picture": "string",
  • "website": "string",
  • "email": "string",
  • "emailVerified": true,
  • "gender": "string",
  • "birthdate": "string",
  • "zoneinfo": "string",
  • "locale": "string",
  • "phoneNumber": "string",
  • "phoneNumberVerified": true,
  • "lockedAt": "2019-08-24T14:15:22Z",
  • "locked": true,
  • "address": {
    },
  • "userMetadata": { },
  • "appMetadata": { },
  • "lastSeenAt": "2019-08-24T14:15:22Z",
  • "updatedAt": "2019-08-24T14:15:22Z",
  • "createdAt": "2019-08-24T14:15:22Z"
}

Get user by phone number

Gets user attributes by phone number.

Authorizations:
apiKeyoauth2
path Parameters
phoneNumber
required
string

Phone number of the User.

Responses

Response samples

Content type
application/json
{
  • "id": "string",
  • "name": "string",
  • "givenName": "string",
  • "familyName": "string",
  • "middleName": "string",
  • "nickname": "string",
  • "preferredUsername": "string",
  • "profile": "string",
  • "picture": "string",
  • "website": "string",
  • "email": "string",
  • "emailVerified": true,
  • "gender": "string",
  • "birthdate": "string",
  • "zoneinfo": "string",
  • "locale": "string",
  • "phoneNumber": "string",
  • "phoneNumberVerified": true,
  • "lockedAt": "2019-08-24T14:15:22Z",
  • "locked": true,
  • "address": {
    },
  • "userMetadata": { },
  • "appMetadata": { },
  • "lastSeenAt": "2019-08-24T14:15:22Z",
  • "updatedAt": "2019-08-24T14:15:22Z",
  • "createdAt": "2019-08-24T14:15:22Z"
}

Sessions

Manages user sessions in a tenant.

List sessions

Lists all active sessions of a user.

Authorizations:
apiKeyoauth2
path Parameters
userId
required
string

The user ID to get active sessions for.

query Parameters
page
integer >= 0
Default: 0

The current page number. Zero-indexed.

pageSize
integer [ 1 .. 1000 ]
Default: 50

Maximum number of results to be returned. Default 50, maximum 1000.

Responses

Response samples

Content type
application/json
{
  • "page": 0,
  • "pageSize": 0,
  • "totalSize": 0,
  • "sessions": [
    ]
}

Authenticate session

Authenticate a session token.

Authorizations:
apiKey
Request Body schema: application/json
sessionToken
required
string
clientId
string

ID of the client that created the session. It is required when authenticated with a OIDC-initiated session.

sessionExpirationMinutes
integer [ 0 .. 129600 ]

Set the session expiry to the number of minutes from now. The value must be a minimum of 0 and a maximum of 129600 (90 days). Session will not be refreshed if this value is omitted or 0. This value is ignored if the session is not refreshable.

rotateSessionToken
boolean

Whether to rotate the token. If it is set to true, a new session token is returned in the response. Otherwise, no sessionToken will be returned in the resopnse.

object (Metadata)

Request metadata that help with fraud detection.

Responses

Request samples

Content type
application/json
{
  • "sessionToken": "string",
  • "clientId": "string",
  • "sessionExpirationMinutes": 129600,
  • "rotateSessionToken": true,
  • "metadata": {
    }
}

Response samples

Content type
application/json
{
  • "session": {
    },
  • "sessionToken": "string",
  • "user": {
    }
}

Get session

Gets active session by session ID.

Authorizations:
apiKeyoauth2
path Parameters
sessionId
required
string

ID of the Session.

Responses

Response samples

Content type
application/json
{
  • "id": "string",
  • "userId": "string",
  • "clientId": "string",
  • "lastSeenAt": "2019-08-24T14:15:22Z",
  • "lastSeenIp": "string",
  • "lastSeenLocation": "string",
  • "userAgent": "string",
  • "expiresAt": "2019-08-24T14:15:22Z",
  • "updatedAt": "2019-08-24T14:15:22Z",
  • "createdAt": "2019-08-24T14:15:22Z"
}

Delete session

Invalidates an active session.

Authorizations:
apiKeyoauth2
path Parameters
sessionId
required
string

ID of the Session.

Responses

Response samples

Content type
application/json
{
  • "message": "string",
  • "requestId": "string",
  • "fields": [
    ]
}

Credentials

Manages credentials in a tenant.

Create credential enrollment token

Create a credential enrollment token for the user to enroll a credential.

Authorizations:
apiKeyoauth2
path Parameters
userId
required
string

ID of the User to enroll a credential.

Request Body schema: application/json
type
string
Default: "public-key"

Credential type, must be public-key

send
boolean
Default: true

Deliver enrollment link via email or SMS. If it is set to false, application is responsible to deliver the enrollment token to initiate the enrollment flow.

Responses

Request samples

Content type
application/json
{
  • "type": "public-key",
  • "send": true
}

Response samples

Content type
application/json
{
  • "token": "string",
  • "uri": "string",
  • "deepLink": "string"
}

List credentials

Lists all credentials of a user.

Authorizations:
apiKeyoauth2
path Parameters
userId
required
string

ID for the User.

query Parameters
page
integer >= 0
Default: 0

The current page number. Zero-indexed.

pageSize
integer [ 1 .. 1000 ]
Default: 50

Maximum number of results to be returned. Default 50, maximum 1000.

Responses

Response samples

Content type
application/json
{
  • "page": 0,
  • "pageSize": 0,
  • "totalSize": 0,
  • "credentials": [
    ]
}

Get credential

Gets credential attributes by ID.

Authorizations:
apiKeyoauth2
path Parameters
credentialId
required
string

ID of the Credential.

Responses

Response samples

Content type
application/json
{
  • "id": "string",
  • "type": "string",
  • "publicKey": "string",
  • "lastUsedAt": "2019-08-24T14:15:22Z",
  • "createdAt": "2019-08-24T14:15:22Z",
  • "device": {
    }
}

Delete credential

Revoke a previously enrolled Credential.

Authorizations:
apiKeyoauth2
path Parameters
credentialId
required
string

ID of the Credential.

Responses

Response samples

Content type
application/json
{
  • "message": "string",
  • "requestId": "string",
  • "fields": [
    ]
}

One-time Passcodes

Generates and authenticates one-time passcodes.

Send Email passcode

Send an Email one-time passcode.

Authorizations:
apiKeyoauth2
Request Body schema: application/json
to
required
string

The email address of the user to send the one-time passcode to.

createUser
boolean

Whether or not to create a new user when a matching user cannot be found.

object (Metadata)

Request metadata that help with fraud detection.

Responses

Request samples

Content type
application/json
{
  • "to": "string",
  • "createUser": true,
  • "metadata": {
    }
}

Response samples

Content type
application/json
{
  • "to": "string",
  • "userId": "string",
  • "userCreated": true
}

Send SMS passcode

Send a SMS one-time passcode.

Authorizations:
apiKeyoauth2
Request Body schema: application/json
to
required
string

The phone number of the user to send the one-time passcode to.

createUser
boolean

Whether or not to create a new user when a matching user cannot be found.

object (Metadata)

Request metadata that help with fraud detection.

Responses

Request samples

Content type
application/json
{
  • "to": "string",
  • "createUser": true,
  • "metadata": {
    }
}

Response samples

Content type
application/json
{
  • "to": "string",
  • "userId": "string",
  • "userCreated": true
}

Authenticate passcode

Authenticate an email or SMS passcode.

Authorizations:
apiKeyoauth2
Request Body schema: application/json
to
required
string

Email or phone number to authenticate.

code
required
string

The code to authenticate.

sessionExpirationMinutes
integer [ 0 .. 129600 ]

Set the session expiry to the number of minutes from now. The value must be a minimum of 0 and a maximum of 129600 (90 days). Session will not be created if this value is omitted or 0.

object (Metadata)

Request metadata that help with fraud detection.

Responses

Request samples

Content type
application/json
{
  • "to": "string",
  • "code": "string",
  • "sessionExpirationMinutes": 129600,
  • "metadata": {
    }
}

Response samples

Content type
application/json
{
  • "session": {
    },
  • "sessionToken": "string",
  • "user": {
    }
}

Identity Providers

Manages and authenticates with external identity providers like Google, Facebook, Apple, and Microsoft.

List Identity Provider Users

Lists all Idp associated with a User.

Authorizations:
apiKeyoauth2
path Parameters
userId
required
string

The user ID to get IdP User for.

query Parameters
page
integer >= 0
Default: 0

The current page number. Zero-indexed.

pageSize
integer [ 1 .. 1000 ]
Default: 50

Maximum number of results to be returned. Default 50, maximum 1000.

Responses

Response samples

Content type
application/json
{
  • "page": 0,
  • "pageSize": 0,
  • "totalSize": 0,
  • "idpUsers": [
    ]
}

Create Identity Provider User

Adds an new Identity Provider User.

Authorizations:
apiKeyoauth2
path Parameters
userId
required
string

The user ID to get IdP User for.

idpId
required
string

The IdP ID to get IdP User for.

Request Body schema: application/json
externalId
required
string

IdP-specific identifier for a User

metadata
object

Responses

Request samples

Content type
application/json
{
  • "externalId": "string",
  • "metadata": { }
}

Response samples

Content type
application/json
{
  • "idpId": "string",
  • "userId": "string",
  • "externalId": "string",
  • "metadata": { },
  • "lastLoginAt": "2019-08-24T14:15:22Z",
  • "updatedAt": "2019-08-24T14:15:22Z",
  • "createdAt": "2019-08-24T14:15:22Z"
}

Get Identity Provider User

Get an Identity Provider User.

Authorizations:
apiKeyoauth2
path Parameters
userId
required
string

The user ID to get IdP User for.

idpId
required
string

The IdP ID to get IdP User for.

Responses

Response samples

Content type
application/json
{
  • "idpId": "string",
  • "userId": "string",
  • "externalId": "string",
  • "metadata": { },
  • "lastLoginAt": "2019-08-24T14:15:22Z",
  • "updatedAt": "2019-08-24T14:15:22Z",
  • "createdAt": "2019-08-24T14:15:22Z"
}

Update Identity Provider User

Link a User from Identity Provider.

Authorizations:
apiKeyoauth2
path Parameters
userId
required
string

The user ID to get IdP User for.

idpId
required
string

The IdP ID to get IdP User for.

Responses

Response samples

Content type
application/json
{
  • "idpId": "string",
  • "userId": "string",
  • "externalId": "string",
  • "metadata": { },
  • "lastLoginAt": "2019-08-24T14:15:22Z",
  • "updatedAt": "2019-08-24T14:15:22Z",
  • "createdAt": "2019-08-24T14:15:22Z"
}

Delete Identity Provider User

Unlink an Identity Provider User.

Authorizations:
apiKeyoauth2
path Parameters
userId
required
string

The user ID to get IdP User for.

idpId
required
string

The IdP ID to get IdP User for.

Responses

Response samples

Content type
application/json
{
  • "message": "string",
  • "requestId": "string",
  • "fields": [
    ]
}

Create identity provider

Adds a new identity provider to Niomon.

Authorizations:
apiKeyoauth2
Request Body schema: application/json
id
required
string

A unique ID for the identity provider

type
required
string
Enum: "apple" "facebook" "google" "microsoft" "oauth2" "oidc" "twitter"

Type of the identity provider

name
required
string

Name for the identity provider

clientId
string

OAuth 2.0 Client ID

clientSecret
string

OAuth 2.0 Client Secret

scopes
string

OAuth 2.0/OIDC Scopes

issuer
string

OIDC Issuer

authorizationEndpoint
string

OAuth 2.0/OIDC Authorization Endpoint

tokenEndpoint
string

OAuth 2.0/OIDC Token Endpoint

userInfoEndpoint
string

OIDC User Info Endpoint

jwksUri
string

OIDC JWKS URI

idTokenSigningAlg
string

ID Token signing algorithm

idTokenSigningKey
string

ID Token signing key in PEM X.509 format

appleTeamId
string

(Apple IdP) The Team ID associated with your Apple developer account

appleKid
string

(Apple IdP) The Key ID that you obtained from Apple

Responses

Request samples

Content type
application/json
{
  • "id": "string",
  • "type": "apple",
  • "name": "string",
  • "clientId": "string",
  • "clientSecret": "string",
  • "scopes": "string",
  • "issuer": "string",
  • "authorizationEndpoint": "string",
  • "tokenEndpoint": "string",
  • "userInfoEndpoint": "string",
  • "jwksUri": "string",
  • "idTokenSigningAlg": "string",
  • "idTokenSigningKey": "string",
  • "appleTeamId": "string",
  • "appleKid": "string"
}

Response samples

Content type
application/json
{
  • "id": "string",
  • "type": "apple",
  • "name": "string",
  • "clientId": "string",
  • "clientSecret": "string",
  • "scopes": "string",
  • "issuer": "string",
  • "authorizationEndpoint": "string",
  • "tokenEndpoint": "string",
  • "userInfoEndpoint": "string",
  • "jwksUri": "string",
  • "idTokenSigningAlg": "string",
  • "idTokenSigningKey": "string",
  • "appleTeamId": "string",
  • "appleKid": "string",
  • "updatedAt": "2019-08-24T14:15:22Z",
  • "createdAt": "2019-08-24T14:15:22Z"
}

List identity providers

Lists identity providers in Niomon.

Authorizations:
apiKeyoauth2
query Parameters
page
integer >= 0
Default: 0

The current page number. Zero-indexed.

pageSize
integer [ 1 .. 1000 ]
Default: 50

Maximum number of results to be returned. Default 50, maximum 1000.

Responses

Response samples

Content type
application/json
{
  • "page": 0,
  • "pageSize": 0,
  • "totalSize": 0,
  • "idps": [
    ]
}

Clients

Manages clients (aka. applications) in a tenant.

Create client

Add a new client.

Authorizations:
apiKeyoauth2
Request Body schema: application/json
name
required
string

The name of the client.

description
string

Free text description of the purpose of the Client.

appType
required
string
Enum: "single-page" "web" "native" "machine"

Type of this client application.

themeColor
string

Theme color for this client application.

logoUrl
string

The URL of the client logo (recommended size: 150x150)

callbacks
Array of strings

A set of URLs that are valid to call back from Niomon when authenticating users.

allowedOrigins
Array of strings

A set of URLs that represents valid origins for CORS.

webOrigins
Array of strings

A set of URLs that represents valid web origins for use with web message response mode

allowedLogoutUrls
Array of strings

A set of URLs that are valid to redirect to after logout from Niomon.

initiateLoginUrl
string

In some scenarios, Niomon will need to redirect to your application’s login page. This URI needs to point to a route in your application that should redirect to your tenant’s /authorize endpoint.

tokenExpiryTime
number

The amount of time (in seconds) that the OIDC token will be valid after being issued.

requireConsent
boolean

Flag to indicate consent is required from user for the external client

type
required
string
Enum: "login" "payment"

The type of the application, can be only 'login' or 'payment'.

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "description": "string",
  • "appType": "single-page",
  • "themeColor": "string",
  • "logoUrl": "string",
  • "callbacks": [
    ],
  • "allowedOrigins": [
    ],
  • "webOrigins": [
    ],
  • "allowedLogoutUrls": [
    ],
  • "initiateLoginUrl": "string",
  • "tokenExpiryTime": 0,
  • "requireConsent": true,
  • "type": "login"
}

Response samples

Content type
application/json
{
  • "id": "string",
  • "name": "string",
  • "description": "string",
  • "appType": "single-page",
  • "themeColor": "string",
  • "logoUrl": "string",
  • "callbacks": [
    ],
  • "allowedOrigins": [
    ],
  • "webOrigins": [
    ],
  • "allowedLogoutUrls": [
    ],
  • "initiateLoginUrl": "string",
  • "tokenExpiryTime": 0,
  • "requireConsent": true,
  • "secret": "string",
  • "type": "login",
  • "updatedAt": "2019-08-24T14:15:22Z",
  • "createdAt": "2019-08-24T14:15:22Z"
}

List clients

Lists all your clients.

Authorizations:
apiKeyoauth2
query Parameters
page
integer >= 0
Default: 0

The current page number. Zero-indexed.

pageSize
integer [ 1 .. 1000 ]
Default: 50

Maximum number of results to be returned. Default 50, maximum 1000.

Responses

Response samples

Content type
application/json
{
  • "page": 0,
  • "pageSize": 0,
  • "totalSize": 0,
  • "clients": [
    ]
}

Get client

Gets client attributes.

Authorizations:
apiKeyoauth2
path Parameters
clientId
required
string

ID of the Client.

Responses

Response samples

Content type
application/json
{
  • "id": "string",
  • "name": "string",
  • "description": "string",
  • "appType": "single-page",
  • "themeColor": "string",
  • "logoUrl": "string",
  • "callbacks": [
    ],
  • "allowedOrigins": [
    ],
  • "webOrigins": [
    ],
  • "allowedLogoutUrls": [
    ],
  • "initiateLoginUrl": "string",
  • "tokenExpiryTime": 0,
  • "requireConsent": true,
  • "secret": "string",
  • "type": "login",
  • "updatedAt": "2019-08-24T14:15:22Z",
  • "createdAt": "2019-08-24T14:15:22Z"
}

Update client

Updates a client's attributes. For example, you can change the client's name or description. Omitted fields are not changed. Set fields to empty string to unset it.

Authorizations:
apiKeyoauth2
path Parameters
clientId
required
string

ID of the Client.

Request Body schema: application/json
name
string

The name of the client.

description
string

Free text description of the purpose of the Client.

appType
string
Enum: "single-page" "web" "native" "machine"

Type of this client application.

themeColor
string

Theme color for this client application.

logoUrl
string

The URL of the client logo (recommended size: 150x150)

callbacks
Array of strings

A set of URLs that are valid to call back from Niomon when authenticating users.

allowedOrigins
Array of strings

A set of URLs that represents valid origins for CORS.

webOrigins
Array of strings

A set of URLs that represents valid web origins for use with web message response mode

allowedLogoutUrls
Array of strings

A set of URLs that are valid to redirect to after logout from Niomon.

initiateLoginUrl
string

In some scenarios, Niomon will need to redirect to your application’s login page. This URI needs to point to a route in your application that should redirect to your tenant’s /authorize endpoint.

tokenExpiryTime
number

The amount of time (in seconds) that the OIDC token will be valid after being issued.

requireConsent
boolean

Flag to indicate consent is required from user for the external client

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "description": "string",
  • "appType": "single-page",
  • "themeColor": "string",
  • "logoUrl": "string",
  • "callbacks": [
    ],
  • "allowedOrigins": [
    ],
  • "webOrigins": [
    ],
  • "allowedLogoutUrls": [
    ],
  • "initiateLoginUrl": "string",
  • "tokenExpiryTime": 0,
  • "requireConsent": true
}

Response samples

Content type
application/json
{
  • "id": "string",
  • "name": "string",
  • "description": "string",
  • "appType": "single-page",
  • "themeColor": "string",
  • "logoUrl": "string",
  • "callbacks": [
    ],
  • "allowedOrigins": [
    ],
  • "webOrigins": [
    ],
  • "allowedLogoutUrls": [
    ],
  • "initiateLoginUrl": "string",
  • "tokenExpiryTime": 0,
  • "requireConsent": true,
  • "secret": "string",
  • "type": "login",
  • "updatedAt": "2019-08-24T14:15:22Z",
  • "createdAt": "2019-08-24T14:15:22Z"
}

Delete client

Remove a client permanently. This action cannot be undone.

Authorizations:
apiKeyoauth2
path Parameters
clientId
required
string

ID of the Client.

Responses

Response samples

Content type
application/json
{
  • "message": "string",
  • "requestId": "string",
  • "fields": [
    ]
}

Settings

Manages settings of a tenant.

Get settings

Get tenant's settings. This include all settings that a tenant can edit.

Authorizations:
apiKeyoauth2

Responses

Response samples

Content type
application/json
{
  • "friendlyName": "string",
  • "logoUrl": "string",
  • "defaultAudience": "string",
  • "loginUrl": "string",
  • "supportUrl": "string"
}

Update settings

Updates tenant's settings.

Authorizations:
apiKeyoauth2
Request Body schema: application/json
friendlyName
string

Friendly name for this tenant.

logoUrl
string

URL of logo to be shown for this tenant.

defaultAudience
string

Default Audience for API authorization.

loginUrl
string

Login URL for this tenant.

supportUrl
string

Support URL for this tenant.

Responses

Request samples

Content type
application/json
{
  • "friendlyName": "string",
  • "logoUrl": "string",
  • "defaultAudience": "string",
  • "loginUrl": "string",
  • "supportUrl": "string"
}

Response samples

Content type
application/json
{
  • "friendlyName": "string",
  • "logoUrl": "string",
  • "defaultAudience": "string",
  • "loginUrl": "string",
  • "supportUrl": "string"
}