{ "components": { "parameters": { "attributes": { "description": "A comma-separated list of attribute names to return in the response,\noverriding the default set of attributes. Attribute names must be in\nstandard attribute notation form.\n", "example": "userName,emails,name", "in": "query", "name": "attributes", "schema": { "type": "string" } }, "count": { "description": "The number of resources returned in a list response page", "in": "query", "name": "count", "schema": { "default": 100, "minimum": 1, "type": "integer" } }, "excludedAttributes": { "description": "A comma-separated list of attribute names to exclude from the default\nset of attributes to return. Attribute names must be in standard\nattribute notation form.\n", "example": "groups", "in": "query", "name": "excludedAttributes", "schema": { "type": "string" } }, "filter": { "description": "Filter expression for querying resources. Follows SCIM filter syntax as defined in\n[RFC 7644 Section 3.4.2.2](https://datatracker.ietf.org/doc/html/rfc7644#section-3.4.2.2).\n\nExample: `userName eq \"mitb@meowmeow.com\"`\n", "in": "query", "name": "filter", "schema": { "type": "string" } }, "groupId": { "description": "The unique identifier for the group", "in": "path", "name": "id", "required": true, "schema": { "type": "string" } }, "startIndex": { "description": "The 1-based index of the first result in the current set of list results", "in": "query", "name": "startIndex", "schema": { "default": 1, "minimum": 1, "type": "integer" } }, "userId": { "description": "The unique identifier for the user", "in": "path", "name": "id", "required": true, "schema": { "type": "string" } } }, "requestBodies": { "GroupBody": { "content": { "application/scim+json": { "schema": { "$ref": "#/components/schemas/Group" } } }, "description": "Group resource attributes", "required": true }, "PatchBody": { "content": { "application/scim+json": { "schema": { "$ref": "#/components/schemas/PatchRequest" } } }, "description": "SCIM PATCH operation as defined in RFC 7644 Section 3.5.2", "required": true }, "UserBody": { "content": { "application/scim+json": { "schema": { "$ref": "#/components/schemas/User" } } }, "description": "User resource attributes", "required": true } }, "responses": { "BadRequest": { "content": { "application/scim+json": { "schema": { "$ref": "#/components/schemas/ErrorResponse" } } }, "description": "Request is unparsable, syntactically incorrect, or violates schema" }, "Conflict": { "content": { "application/scim+json": { "schema": { "$ref": "#/components/schemas/ErrorResponse" } } }, "description": "The specified version number does not match the resource's latest version number,\nor a service provider refused to create a new, duplicate resource\n" }, "Forbidden": { "content": { "application/scim+json": { "schema": { "$ref": "#/components/schemas/ErrorResponse" } } }, "description": "Operation is not permitted based on the supplied authorization" }, "GroupCreated": { "content": { "application/scim+json": { "schema": { "$ref": "#/components/schemas/Group" } } }, "description": "Group created successfully", "headers": { "Location": { "description": "The URL of the newly created group", "required": true, "schema": { "type": "string" } } } }, "GroupList": { "content": { "application/scim+json": { "schema": { "properties": { "Resources": { "items": { "$ref": "#/components/schemas/Group" }, "type": "array" }, "itemsPerPage": { "$ref": "#/components/schemas/itemsPerPage" }, "schemas": { "$ref": "#/components/schemas/listResponseSchemas" }, "startIndex": { "$ref": "#/components/schemas/startIndex" }, "totalResults": { "$ref": "#/components/schemas/totalResults" } }, "type": "object" } } }, "description": "List of groups" }, "GroupRetrieved": { "content": { "application/scim+json": { "schema": { "$ref": "#/components/schemas/Group" } } }, "description": "Group retrieved successfully" }, "GroupUpdated": { "content": { "application/scim+json": { "schema": { "$ref": "#/components/schemas/Group" } } }, "description": "Group updated successfully" }, "InternalServerError": { "content": { "application/scim+json": { "schema": { "$ref": "#/components/schemas/ErrorResponse" } } }, "description": "Internal Server Error" }, "NotFound": { "content": { "application/scim+json": { "schema": { "$ref": "#/components/schemas/ErrorResponse" } } }, "description": "Resource not found" }, "Unauthorized": { "content": { "application/scim+json": { "schema": { "$ref": "#/components/schemas/ErrorResponse" } } }, "description": "Authorization failure. The authorization header is invalid or missing" }, "UserCreated": { "content": { "application/scim+json": { "schema": { "$ref": "#/components/schemas/User" } } }, "description": "User created successfully", "headers": { "Location": { "description": "The URL of the newly created user", "required": true, "schema": { "type": "string" } } } }, "UserList": { "content": { "application/scim+json": { "schema": { "properties": { "Resources": { "items": { "$ref": "#/components/schemas/User" }, "type": "array" }, "itemsPerPage": { "$ref": "#/components/schemas/itemsPerPage" }, "schemas": { "$ref": "#/components/schemas/listResponseSchemas" }, "startIndex": { "$ref": "#/components/schemas/startIndex" }, "totalResults": { "$ref": "#/components/schemas/totalResults" } }, "type": "object" } } }, "description": "List of users" }, "UserRetrieved": { "content": { "application/scim+json": { "schema": { "$ref": "#/components/schemas/User" } } }, "description": "User retrieved successfully" }, "UserUpdated": { "content": { "application/scim+json": { "schema": { "$ref": "#/components/schemas/User" } } }, "description": "User updated successfully" } }, "schemas": { "AccountAccessReply": { "properties": { "allowed": { "type": "boolean" }, "error": { "description": "The error message if the request was unsuccessful", "type": "string" }, "error_code": { "description": "The error code if the request was unsuccessful", "type": "string" }, "success": { "description": "Whether or not the request was successful or not", "type": "boolean" }, "unverified": { "type": "boolean" } }, "type": "object" }, "AccountAccessRequest": { "properties": { "object_id": { "description": "The ID of the object to check access for", "example": "01J4EXD5MM60CX4YNYN0DEE3Y1", "type": "string" }, "object_type": { "description": "The type of object to check access for, e.g. organization, program, procedure, etc", "example": "organization", "type": "string" }, "relation": { "description": "The relation to check access for, e.g. can_view, can_edit", "example": "can_view", "type": "string" }, "subject_type": { "description": "The type of subject to check access for, e.g. service, user", "example": "user", "type": "string" } }, "type": "object" }, "AccountFeaturesReply": { "properties": { "error": { "description": "The error message if the request was unsuccessful", "type": "string" }, "error_code": { "description": "The error code if the request was unsuccessful", "type": "string" }, "features": { "description": "The features the user has access to in the organization, e.g. policy-and-procedure-module, compliance-module", "items": { "description": "The features the user has access to in the organization, e.g. policy-and-procedure-module, compliance-module", "type": "string" }, "type": "array" }, "organization_id": { "description": "The ID of the organization the user has features in", "example": "01J4HMNDSZCCQBTY93BF9CBF5D", "type": "string" }, "success": { "description": "Whether or not the request was successful or not", "type": "boolean" }, "unverified": { "type": "boolean" } }, "type": "object" }, "AccountRolesOrganizationReply": { "properties": { "error": { "description": "The error message if the request was unsuccessful", "type": "string" }, "error_code": { "description": "The error code if the request was unsuccessful", "type": "string" }, "organization_id": { "description": "The ID of the organization the user has roles in", "example": "01J4HMNDSZCCQBTY93BF9CBF5D", "type": "string" }, "roles": { "description": "The roles the user has in the organization, e.g. can_view, can_edit", "items": { "description": "The roles the user has in the organization, e.g. can_view, can_edit", "type": "string" }, "type": "array" }, "success": { "description": "Whether or not the request was successful or not", "type": "boolean" }, "unverified": { "type": "boolean" } }, "type": "object" }, "AccountRolesReply": { "properties": { "error": { "description": "The error message if the request was unsuccessful", "type": "string" }, "error_code": { "description": "The error code if the request was unsuccessful", "type": "string" }, "object_roles": { "additionalProperties": { "description": "A map of object IDs to the roles the subject has for each object ID", "items": { "description": "A map of object IDs to the roles the subject has for each object ID", "type": "string" }, "type": "array" }, "description": "A map of object IDs to the roles the subject has for each object ID", "type": "object" }, "roles": { "description": " @deprecated use ObjectRoles instead. A list of roles the subject has for the specified object", "items": { "description": " @deprecated use ObjectRoles instead. A list of roles the subject has for the specified object", "type": "string" }, "type": "array" }, "success": { "description": "Whether or not the request was successful or not", "type": "boolean" }, "unverified": { "type": "boolean" } }, "type": "object" }, "AccountRolesRequest": { "properties": { "object_id": { "description": " @deprecated use ObjectIDs instead. The ID of the object to check roles for", "example": "01J4EXD5MM60CX4YNYN0DEE3Y1", "type": "string" }, "object_ids": { "description": "The IDs of the object to check roles for, can be used to check multiple ids in one request", "items": { "description": "The IDs of the object to check roles for, can be used to check multiple ids in one request", "type": "string" }, "type": "array" }, "object_type": { "description": "The type of object to check roles for, e.g. organization, program, procedure, etc", "example": "organization", "type": "string" }, "relations": { "description": "The relations to check roles for, e.g. can_view, can_edit", "items": { "description": "The relations to check roles for, e.g. can_view, can_edit", "type": "string" }, "type": "array" }, "subject_type": { "description": "The type of subject to check roles for, e.g. service, user", "example": "user", "type": "string" } }, "type": "object" }, "CreateTrustCenterAnonymousJWTResponse": { "properties": { "access_token": { "description": "The access token to be used for authentication", "type": "string" }, "refresh_token": { "description": "The refresh token to be used to refresh the access token after it expires", "type": "string" }, "session": { "description": "The short-lived session token required for authentication", "type": "string" }, "token_type": { "description": "The type of token being returned", "example": "bearer", "type": "string" } }, "type": "object" }, "EndImpersonationReply": { "properties": { "error": { "description": "The error message if the request was unsuccessful", "type": "string" }, "error_code": { "description": "The error code if the request was unsuccessful", "type": "string" }, "message": { "description": "Success message", "type": "string" }, "success": { "description": "Whether or not the request was successful or not", "type": "boolean" }, "unverified": { "type": "boolean" } }, "type": "object" }, "EndImpersonationRequest": { "properties": { "reason": { "description": "Optional reason for ending the session", "type": "string" }, "session_id": { "description": "The session ID to end", "type": "string" } }, "type": "object" }, "ErrorResponse": { "description": "Error response as defined in RFC 7644 Section 3.12", "properties": { "detail": { "description": "A detailed human-readable message", "type": "string" }, "schemas": { "items": { "enum": [ "urn:ietf:params:scim:api:messages:2.0:Error" ], "type": "string" }, "type": "array" }, "scimType": { "description": "A SCIM detail error type", "enum": [ "invalidFilter", "tooMany", "uniqueness", "mutability", "invalidSyntax", "invalidPath", "noTarget", "invalidValue", "invalidVers", "sensitive" ], "type": "string" }, "status": { "description": "The HTTP status code expressed as a JSON string", "enum": [ "400", "401", "403", "404", "409", "500", "501" ], "type": "string" } }, "required": [ "schemas", "status" ], "type": "object" }, "FileDownload": { "properties": { "ID": { "description": "the file ID", "example": "01J4HMNDSZCCQBTY93BF9CBF5D", "type": "string" }, "Token": { "description": "The token to be used to verify the email address, token is sent via email", "type": "string" } }, "type": "object" }, "ForgotPasswordReply": { "properties": { "error": { "description": "The error message if the request was unsuccessful", "type": "string" }, "error_code": { "description": "The error code if the request was unsuccessful", "type": "string" }, "message": { "type": "string" }, "success": { "description": "Whether or not the request was successful or not", "type": "boolean" }, "unverified": { "type": "boolean" } }, "type": "object" }, "ForgotPasswordRequest": { "properties": { "email": { "description": "The email address associated with the account to send the password reset email to", "example": "jsnow@example.com", "type": "string" } }, "type": "object" }, "GetQuestionnaireResponse": { "properties": { "jsonconfig": { "additionalProperties": {}, "type": "object" }, "saved_data": { "additionalProperties": {}, "type": "object" }, "uischema": { "additionalProperties": {}, "type": "object" } }, "type": "object" }, "Group": { "description": "SCIM Group resource as defined in RFC 7643 Section 4.2.\nRepresents a group of users.\n", "properties": { "displayName": { "description": "A human-readable name for the group. REQUIRED", "type": "string" }, "externalId": { "description": "Identifier for the group as defined by the provisioning client.\nAllows the client to maintain their own identifier.\n", "type": "string" }, "id": { "description": "Unique identifier for the group. Assigned by the service provider.\nMUST be unique across the entire set of resources. Immutable.\n", "readOnly": true, "type": "string" }, "members": { "description": "Members of the group (users or nested groups)", "items": { "properties": { "$ref": { "description": "The URI of the corresponding User or Group resource", "format": "uri", "type": "string" }, "display": { "description": "A human-readable name for the member", "type": "string" }, "type": { "description": "The type of member", "enum": [ "User", "Group" ], "type": "string" }, "value": { "description": "The identifier of the member (user or group ID)", "type": "string" } }, "type": "object" }, "type": "array" }, "meta": { "$ref": "#/components/schemas/ResourceMetadata" }, "schemas": { "description": "The schema URIs that define this resource", "items": { "enum": [ "urn:ietf:params:scim:schemas:core:2.0:Group" ], "type": "string" }, "type": "array" } }, "required": [ "schemas", "displayName" ], "type": "object" }, "InviteReply": { "properties": { "access_token": { "description": "The access token to be used for authentication", "type": "string" }, "email": { "description": "The email address of the user", "example": "jsnow@example.com", "type": "string" }, "error": { "description": "The error message if the request was unsuccessful", "type": "string" }, "error_code": { "description": "The error code if the request was unsuccessful", "type": "string" }, "joined_org_id": { "description": "The ID of the organization the user joined", "example": "01JJFVMGENQS9ZG3GVA50QVX5E", "type": "string" }, "message": { "type": "string" }, "needs_sso": { "type": "boolean" }, "refresh_token": { "description": "The refresh token to be used to refresh the access token after it expires", "type": "string" }, "role": { "description": "The role the user has in the organization", "example": "admin", "type": "string" }, "session": { "description": "The short-lived session token required for authentication", "type": "string" }, "success": { "description": "Whether or not the request was successful or not", "type": "boolean" }, "token_type": { "description": "The type of token being returned", "example": "bearer", "type": "string" }, "unverified": { "type": "boolean" }, "user_id": { "description": "The ID of the user that was created", "example": "01J4EXD5MM60CX4YNYN0DEE3Y1", "type": "string" } }, "type": "object" }, "JobRunnerRegistrationReply": { "properties": { "Reply": { "properties": { "error": { "description": "The error message if the request was unsuccessful", "type": "string" }, "error_code": { "description": "The error code if the request was unsuccessful", "type": "string" }, "success": { "description": "Whether or not the request was successful or not", "type": "boolean" }, "unverified": { "type": "boolean" } }, "type": "object" }, "message": { "type": "string" } }, "type": "object" }, "JobRunnerRegistrationRequest": { "properties": { "ip_address": { "description": "The IP address of the node being registered", "type": "string" }, "name": { "description": "the name of your job runner node", "type": "string" }, "tags": { "description": "The tags for your runner node", "items": { "description": "The tags for your runner node", "type": "string" }, "type": "array" }, "token": { "description": "Your agent registration token", "type": "string" } }, "type": "object" }, "LoginReply": { "properties": { "access_token": { "description": "The access token to be used for authentication", "type": "string" }, "error": { "description": "The error message if the request was unsuccessful", "type": "string" }, "error_code": { "description": "The error code if the request was unsuccessful", "type": "string" }, "message": { "type": "string" }, "refresh_token": { "description": "The refresh token to be used to refresh the access token after it expires", "type": "string" }, "session": { "description": "The short-lived session token required for authentication", "type": "string" }, "success": { "description": "Whether or not the request was successful or not", "type": "boolean" }, "tfa_enabled": { "type": "boolean" }, "tfa_required": { "type": "boolean" }, "token_type": { "description": "The type of token being returned", "example": "bearer", "type": "string" }, "unverified": { "type": "boolean" } }, "type": "object" }, "LoginRequest": { "properties": { "password": { "description": "The password associated with the account", "example": "Wint3rIsC0ming123!", "type": "string" }, "username": { "description": "The email address associated with the existing account", "example": "jsnow@example.com", "type": "string" } }, "type": "object" }, "OauthTokenRequest": { "properties": { "authProvider": { "description": "The provider used to authenticate the user, e.g. google, github, etc.", "example": "google", "type": "string" }, "clientToken": { "description": "The token provided by the external provider", "type": "string" }, "email": { "description": "The email address of the user", "example": "jsnow@example.com", "type": "string" }, "externalUserId": { "description": "The ID of the user from the external provider", "example": "1234567890", "type": "string" }, "externalUserName": { "description": "The username of the user from the external provider", "example": "jsnow", "type": "string" }, "image": { "description": "The image URL of the user from the external provider", "type": "string" }, "name": { "description": "The name of the user", "example": "Jon Snow", "type": "string" }, "org_id": { "description": "the organization id for the sso connection", "type": "string" } }, "type": "object" }, "PatchRequest": { "description": "SCIM PATCH operation as defined in RFC 7644 Section 3.5.2", "properties": { "Operations": { "description": "A list of patch operations to be performed", "items": { "properties": { "op": { "description": "The operation to perform", "enum": [ "add", "remove", "replace" ], "type": "string" }, "path": { "description": "The attribute path to operate on. Optional for add and replace\nwhen the value contains the full attribute. Required for remove.\n", "type": "string" }, "value": { "description": "The value to set or add. Required for add and replace operations.\nMay be a string, number, boolean, object, or array depending on the attribute.\n", "oneOf": [ { "type": "string" }, { "type": "number" }, { "type": "boolean" }, { "type": "object" }, { "items": {}, "type": "array" } ] } }, "required": [ "op" ], "type": "object" }, "minItems": 1, "type": "array" }, "schemas": { "description": "The schema URI for PATCH operations", "items": { "enum": [ "urn:ietf:params:scim:api:messages:2.0:PatchOp" ], "type": "string" }, "type": "array" } }, "required": [ "schemas", "Operations" ], "type": "object" }, "ProductCatalogReply": { "properties": { "addons": { "additionalProperties": { "properties": { "audience": { "type": "string" }, "billing": { "properties": { "prices": { "items": { "properties": { "interval": { "type": "string" }, "lookup_key": { "type": "string" }, "metadata": { "additionalProperties": { "type": "string" }, "type": "object" }, "nickname": { "type": "string" }, "price_id": { "type": "string" }, "unit_amount": { "format": "int64", "type": "integer" } }, "type": "object" }, "type": "array" } }, "type": "object" }, "description": { "type": "string" }, "display_name": { "type": "string" }, "include_with_trial": { "type": "boolean" }, "lookup_key": { "type": "string" }, "marketing_description": { "type": "string" }, "personal_org": { "type": "boolean" }, "product_id": { "type": "string" }, "usage": { "nullable": true, "properties": { "evidence_storage_gb": { "format": "int64", "type": "integer" }, "record_count": { "format": "int64", "type": "integer" } }, "type": "object" } }, "type": "object" }, "type": "object" }, "error": { "description": "The error message if the request was unsuccessful", "type": "string" }, "error_code": { "description": "The error code if the request was unsuccessful", "type": "string" }, "modules": { "additionalProperties": { "properties": { "audience": { "type": "string" }, "billing": { "properties": { "prices": { "items": { "properties": { "interval": { "type": "string" }, "lookup_key": { "type": "string" }, "metadata": { "additionalProperties": { "type": "string" }, "type": "object" }, "nickname": { "type": "string" }, "price_id": { "type": "string" }, "unit_amount": { "format": "int64", "type": "integer" } }, "type": "object" }, "type": "array" } }, "type": "object" }, "description": { "type": "string" }, "display_name": { "type": "string" }, "include_with_trial": { "type": "boolean" }, "lookup_key": { "type": "string" }, "marketing_description": { "type": "string" }, "personal_org": { "type": "boolean" }, "product_id": { "type": "string" }, "usage": { "nullable": true, "properties": { "evidence_storage_gb": { "format": "int64", "type": "integer" }, "record_count": { "format": "int64", "type": "integer" } }, "type": "object" } }, "type": "object" }, "type": "object" }, "sha": { "type": "string" }, "success": { "description": "Whether or not the request was successful or not", "type": "boolean" }, "unverified": { "type": "boolean" }, "version": { "type": "string" } }, "type": "object" }, "RefreshReply": { "properties": { "access_token": { "description": "The access token to be used for authentication", "type": "string" }, "error": { "description": "The error message if the request was unsuccessful", "type": "string" }, "error_code": { "description": "The error code if the request was unsuccessful", "type": "string" }, "message": { "type": "string" }, "refresh_token": { "description": "The refresh token to be used to refresh the access token after it expires", "type": "string" }, "session": { "description": "The short-lived session token required for authentication", "type": "string" }, "success": { "description": "Whether or not the request was successful or not", "type": "boolean" }, "token_type": { "description": "The type of token being returned", "example": "bearer", "type": "string" }, "unverified": { "type": "boolean" } }, "type": "object" }, "RefreshRequest": { "properties": { "refresh_token": { "description": "The token to be used to refresh the access token after expiration", "type": "string" } }, "type": "object" }, "RegisterReply": { "properties": { "email": { "description": "The email address of the user", "example": "jsnow@example.com", "type": "string" }, "error": { "description": "The error message if the request was unsuccessful", "type": "string" }, "error_code": { "description": "The error code if the request was unsuccessful", "type": "string" }, "message": { "type": "string" }, "success": { "description": "Whether or not the request was successful or not", "type": "boolean" }, "unverified": { "type": "boolean" }, "user_id": { "description": "The ID of the user that was created", "example": "01J4EXD5MM60CX4YNYN0DEE3Y1", "type": "string" } }, "type": "object" }, "RegisterRequest": { "properties": { "email": { "description": "The email address of the user", "example": "jsnow@example.com", "type": "string" }, "first_name": { "description": "The first name of the user", "example": "Jon", "type": "string" }, "last_name": { "description": "The last name of the user", "example": "Snow", "type": "string" }, "password": { "description": "The password to be used for authentication after registration", "example": "Wint3rIsC0ming123!", "type": "string" }, "token": { "description": "A newly invited user can use this to join a org as at the same time they are creating their account", "nullable": true, "type": "string" } }, "type": "object" }, "Reply": { "properties": { "error": { "description": "The error message if the request was unsuccessful", "type": "string" }, "error_code": { "description": "The error code if the request was unsuccessful", "type": "string" }, "success": { "description": "Whether or not the request was successful or not", "type": "boolean" }, "unverified": { "type": "boolean" } }, "type": "object" }, "ResendQuestionnaireRequest": { "properties": { "assessment_id": { "description": "The ID of the assessment", "type": "string" }, "email": { "description": "The email address associated with the assessment response", "type": "string" } }, "type": "object" }, "ResendReply": { "properties": { "error": { "description": "The error message if the request was unsuccessful", "type": "string" }, "error_code": { "description": "The error code if the request was unsuccessful", "type": "string" }, "message": { "type": "string" }, "success": { "description": "Whether or not the request was successful or not", "type": "boolean" }, "unverified": { "type": "boolean" } }, "type": "object" }, "ResendRequest": { "properties": { "email": { "description": "The email address to resend the verification email to, must match the email address on the existing account", "type": "string" } }, "type": "object" }, "ResetPasswordReply": { "properties": { "error": { "description": "The error message if the request was unsuccessful", "type": "string" }, "error_code": { "description": "The error code if the request was unsuccessful", "type": "string" }, "message": { "type": "string" }, "success": { "description": "Whether or not the request was successful or not", "type": "boolean" }, "unverified": { "type": "boolean" } }, "type": "object" }, "ResetPasswordRequest": { "properties": { "password": { "description": "The new password to be used for authentication", "type": "string" }, "token": { "description": "The token to be used to reset the password, token is sent via email", "type": "string" } }, "type": "object" }, "ResourceMetadata": { "description": "Resource metadata as defined in RFC 7643 Section 3.1", "properties": { "created": { "description": "The timestamp when the resource was created", "format": "date-time", "type": "string" }, "lastModified": { "description": "The timestamp when the resource was last modified", "format": "date-time", "type": "string" }, "location": { "description": "The URI of the resource", "format": "uri", "type": "string" }, "resourceType": { "description": "The name of the resource type (e.g., User, Group)", "type": "string" }, "version": { "description": "The version of the resource. Used for ETag-based versioning.\nWeak ETags are prefixed with W/\n", "type": "string" } }, "readOnly": true, "type": "object" }, "ResourceType": { "description": "Resource type definition as defined in RFC 7644 Section 6", "properties": { "description": { "description": "The resource type's human-readable description", "type": "string" }, "endpoint": { "description": "The resource type's HTTP-addressable endpoint relative to the base URL", "type": "string" }, "id": { "description": "The resource type's unique identifier", "type": "string" }, "meta": { "$ref": "#/components/schemas/ResourceMetadata" }, "name": { "description": "The resource type's name (e.g., User, Group)", "type": "string" }, "schema": { "description": "The resource type's primary/base schema URI", "type": "string" }, "schemaExtensions": { "description": "List of schema extensions for this resource type", "items": { "properties": { "required": { "description": "Indicates whether the schema extension is required", "type": "boolean" }, "schema": { "description": "The URI of the extended schema", "type": "string" } }, "required": [ "schema", "required" ], "type": "object" }, "type": "array" }, "schemas": { "items": { "enum": [ "urn:ietf:params:scim:schemas:core:2.0:ResourceType" ], "type": "string" }, "type": "array" } }, "required": [ "schemas", "id", "name", "endpoint", "schema" ], "type": "object" }, "SSOStatusReply": { "properties": { "discovery_url": { "type": "string" }, "enforced": { "type": "boolean" }, "error": { "description": "The error message if the request was unsuccessful", "type": "string" }, "error_code": { "description": "The error code if the request was unsuccessful", "type": "string" }, "is_org_owner": { "type": "boolean" }, "organization_id": { "type": "string" }, "provider": { "type": "string" }, "saml_signin_url": { "type": "string" }, "success": { "description": "Whether or not the request was successful or not", "type": "boolean" }, "tfa_enforced": { "type": "boolean" }, "unverified": { "type": "boolean" }, "user_tfa_enabled": { "type": "boolean" } }, "type": "object" }, "SSOTokenAuthorizeReply": { "properties": { "error": { "description": "The error message if the request was unsuccessful", "type": "string" }, "error_code": { "description": "The error code if the request was unsuccessful", "type": "string" }, "message": { "type": "string" }, "organization_id": { "type": "string" }, "success": { "description": "Whether or not the request was successful or not", "type": "boolean" }, "token_id": { "type": "string" }, "unverified": { "type": "boolean" } }, "type": "object" }, "SchemaAttribute": { "description": "Schema attribute definition as defined in RFC 7643 Section 7", "properties": { "canonicalValues": { "description": "Suggested canonical values for the attribute", "items": { "type": "string" }, "type": "array" }, "caseExact": { "description": "Indicates if the attribute is case-sensitive", "type": "boolean" }, "description": { "description": "The attribute's human-readable description", "type": "string" }, "multiValued": { "description": "Indicates if the attribute is multi-valued", "type": "boolean" }, "mutability": { "description": "Indicates when the attribute value can be modified", "enum": [ "readOnly", "readWrite", "immutable", "writeOnly" ], "type": "string" }, "name": { "description": "The attribute's name", "type": "string" }, "referenceTypes": { "description": "For reference attributes, the SCIM resource types that may be referenced", "items": { "type": "string" }, "type": "array" }, "required": { "description": "Indicates if the attribute is required", "type": "boolean" }, "returned": { "description": "Indicates when the attribute is returned", "enum": [ "always", "never", "default", "request" ], "type": "string" }, "subAttributes": { "description": "Sub-attributes for complex attributes", "items": { "$ref": "#/components/schemas/SchemaAttribute" }, "type": "array" }, "type": { "description": "The attribute's data type", "enum": [ "string", "boolean", "decimal", "integer", "dateTime", "reference", "complex" ], "type": "string" }, "uniqueness": { "description": "Indicates how uniqueness is enforced", "enum": [ "none", "server", "global" ], "type": "string" } }, "required": [ "name", "type", "multiValued", "required", "caseExact", "mutability", "returned", "uniqueness" ], "type": "object" }, "SchemaDefinition": { "description": "Schema definition as defined in RFC 7643 Section 7", "properties": { "attributes": { "description": "The schema's attribute definitions", "items": { "$ref": "#/components/schemas/SchemaAttribute" }, "type": "array" }, "description": { "description": "The schema's human-readable description", "type": "string" }, "id": { "description": "The unique URI of the schema", "type": "string" }, "meta": { "$ref": "#/components/schemas/ResourceMetadata" }, "name": { "description": "The schema's human-readable name", "type": "string" }, "schemas": { "items": { "enum": [ "urn:ietf:params:scim:schemas:core:2.0:Schema" ], "type": "string" }, "type": "array" } }, "required": [ "schemas", "id", "name", "attributes" ], "type": "object" }, "ServiceProviderConfig": { "description": "Service provider configuration as defined in RFC 7644 Section 5", "properties": { "authenticationSchemes": { "description": "Authentication schemes supported by the service provider", "items": { "properties": { "description": { "description": "A description of the authentication scheme", "type": "string" }, "documentationUri": { "description": "HTTP-addressable URL pointing to the documentation", "format": "uri", "type": "string" }, "name": { "description": "The common authentication scheme name", "type": "string" }, "primary": { "description": "Indicates if this is the primary authentication scheme", "type": "boolean" }, "specUri": { "description": "HTTP-addressable URL pointing to the specification", "format": "uri", "type": "string" }, "type": { "description": "The authentication scheme type", "type": "string" } }, "required": [ "type", "name", "description" ], "type": "object" }, "type": "array" }, "bulk": { "properties": { "maxOperations": { "description": "Maximum number of operations in a single bulk request", "type": "integer" }, "maxPayloadSize": { "description": "Maximum payload size in bytes for bulk requests", "type": "integer" }, "supported": { "description": "Indicates whether bulk operations are supported", "type": "boolean" } }, "required": [ "supported", "maxOperations", "maxPayloadSize" ], "type": "object" }, "changePassword": { "properties": { "supported": { "description": "Indicates whether password change operations are supported", "type": "boolean" } }, "required": [ "supported" ], "type": "object" }, "documentationUri": { "description": "HTTP-addressable URL pointing to the service provider's documentation", "format": "uri", "type": "string" }, "etag": { "properties": { "supported": { "description": "Indicates whether ETag-based versioning is supported", "type": "boolean" } }, "required": [ "supported" ], "type": "object" }, "filter": { "properties": { "maxResults": { "description": "Maximum number of results returned by a filter operation", "type": "integer" }, "supported": { "description": "Indicates whether filtering is supported", "type": "boolean" } }, "required": [ "supported", "maxResults" ], "type": "object" }, "meta": { "$ref": "#/components/schemas/ResourceMetadata" }, "patch": { "properties": { "supported": { "description": "Indicates whether PATCH operations are supported", "type": "boolean" } }, "required": [ "supported" ], "type": "object" }, "schemas": { "items": { "enum": [ "urn:ietf:params:scim:schemas:core:2.0:ServiceProviderConfig" ], "type": "string" }, "type": "array" }, "sort": { "properties": { "supported": { "description": "Indicates whether sorting is supported", "type": "boolean" } }, "required": [ "supported" ], "type": "object" } }, "required": [ "schemas", "patch", "bulk", "filter", "changePassword", "sort", "etag", "authenticationSchemes" ], "type": "object" }, "StartImpersonationReply": { "properties": { "error": { "description": "The error message if the request was unsuccessful", "type": "string" }, "error_code": { "description": "The error code if the request was unsuccessful", "type": "string" }, "expires_at": { "description": "When the impersonation token expires", "format": "date-time", "type": "string" }, "message": { "description": "Success message", "type": "string" }, "session_id": { "description": "The impersonation session ID", "type": "string" }, "success": { "description": "Whether or not the request was successful or not", "type": "boolean" }, "token": { "description": "The impersonation token", "type": "string" }, "unverified": { "type": "boolean" } }, "type": "object" }, "StartImpersonationRequest": { "properties": { "duration_hours": { "description": "Duration in hours (optional, defaults to 1 hour)", "nullable": true, "type": "integer" }, "organization_id": { "description": "Organization context for impersonation", "type": "string" }, "reason": { "description": "Reason for the impersonation", "type": "string" }, "scopes": { "description": "Specific scopes for the impersonation session", "items": { "description": "Specific scopes for the impersonation session", "type": "string" }, "type": "array" }, "target_user_id": { "description": "The ID of the user to impersonate", "type": "string" }, "type": { "description": "The type of impersonation (support, job, admin)", "type": "string" } }, "type": "object" }, "SubmitQuestionnaireResponse": { "properties": { "completed_at": { "type": "string" }, "document_data_id": { "type": "string" }, "status": { "type": "string" } }, "type": "object" }, "SwitchOrganizationReply": { "properties": { "access_token": { "description": "The access token to be used for authentication", "type": "string" }, "error": { "description": "The error message if the request was unsuccessful", "type": "string" }, "error_code": { "description": "The error code if the request was unsuccessful", "type": "string" }, "needs_sso": { "type": "boolean" }, "needs_tfa": { "type": "boolean" }, "redirect_uri": { "type": "string" }, "refresh_token": { "description": "The refresh token to be used to refresh the access token after it expires", "type": "string" }, "session": { "description": "The short-lived session token required for authentication", "type": "string" }, "success": { "description": "Whether or not the request was successful or not", "type": "boolean" }, "token_type": { "description": "The type of token being returned", "example": "bearer", "type": "string" }, "unverified": { "type": "boolean" } }, "type": "object" }, "SwitchOrganizationRequest": { "properties": { "target_organization_id": { "description": "The ID of the organization to switch to", "example": "01J4EXD5MM60CX4YNYN0DEE3Y1", "type": "string" } }, "type": "object" }, "TFAReply": { "properties": { "error": { "description": "The error message if the request was unsuccessful", "type": "string" }, "error_code": { "description": "The error code if the request was unsuccessful", "type": "string" }, "message": { "type": "string" }, "success": { "description": "Whether or not the request was successful or not", "type": "boolean" }, "unverified": { "type": "boolean" } }, "type": "object" }, "TFARequest": { "properties": { "recovery_code": { "description": "The recovery code to validate, only used if TOTP code is not provided", "example": "8VM7AL91", "type": "string" }, "totp_code": { "description": "The TOTP code to validate, always takes precedence over recovery code", "example": "113371", "type": "string" } }, "type": "object" }, "User": { "description": "SCIM User resource as defined in RFC 7643 Section 4.1.\nRepresents a user account in the system.\n", "properties": { "active": { "description": "Indicates the user's administrative status.\nTypically true means able to log in, false means account suspended\n", "type": "boolean" }, "addresses": { "description": "Physical mailing addresses for the user", "items": { "properties": { "country": { "description": "The country name in ISO 3166-1 alpha-2 format", "type": "string" }, "formatted": { "description": "The full mailing address, formatted for display", "type": "string" }, "locality": { "description": "The city or locality component", "type": "string" }, "postalCode": { "description": "The zip code or postal code component", "type": "string" }, "primary": { "description": "Indicates if this is the primary address", "type": "boolean" }, "region": { "description": "The state or region component", "type": "string" }, "streetAddress": { "description": "The full street address component", "type": "string" }, "type": { "description": "The type of address (work, home, other)", "type": "string" } }, "type": "object" }, "type": "array" }, "displayName": { "description": "The name of the user, suitable for display to end-users", "type": "string" }, "emails": { "description": "Email addresses for the user", "items": { "properties": { "display": { "description": "A human-readable name for the email address", "type": "string" }, "primary": { "description": "Indicates if this is the primary email address", "type": "boolean" }, "type": { "description": "The type of email address (work, home, other)", "type": "string" }, "value": { "description": "The email address value", "format": "email", "type": "string" } }, "type": "object" }, "type": "array" }, "externalId": { "description": "Identifier for the user as defined by the provisioning client.\nAllows the client to maintain their own identifier.\n", "type": "string" }, "groups": { "description": "Groups to which the user belongs", "items": { "properties": { "$ref": { "description": "The URI of the corresponding Group resource", "format": "uri", "type": "string" }, "display": { "description": "A human-readable name for the group", "type": "string" }, "type": { "description": "The type of group membership", "type": "string" }, "value": { "description": "The identifier of the group", "type": "string" } }, "type": "object" }, "readOnly": true, "type": "array" }, "id": { "description": "Unique identifier for the user. Assigned by the service provider.\nMUST be unique across the entire set of resources. Immutable.\n", "readOnly": true, "type": "string" }, "locale": { "description": "The user's default location for purposes of localizing items such as\ncurrency and date/time format. Valid value is a language tag as defined in RFC 5646\n", "type": "string" }, "meta": { "$ref": "#/components/schemas/ResourceMetadata" }, "name": { "description": "The components of the user's name", "properties": { "familyName": { "description": "The family name (last name) of the user", "type": "string" }, "formatted": { "description": "The full name, including all middle names, titles, and suffixes", "type": "string" }, "givenName": { "description": "The given name (first name) of the user", "type": "string" }, "honorificPrefix": { "description": "The honorific prefix(es) of the user (e.g., Ms., Dr.)", "type": "string" }, "honorificSuffix": { "description": "The honorific suffix(es) of the user (e.g., III, Jr.)", "type": "string" }, "middleName": { "description": "The middle name(s) of the user", "type": "string" } }, "type": "object" }, "nickName": { "description": "The casual way to address the user", "type": "string" }, "password": { "description": "The user's cleartext password. Used for setting or changing passwords.\nMUST NOT be returned by service provider. Write-only.\n", "format": "password", "type": "string", "writeOnly": true }, "phoneNumbers": { "description": "Phone numbers for the user", "items": { "properties": { "display": { "description": "A human-readable name for the phone number", "type": "string" }, "primary": { "description": "Indicates if this is the primary phone number", "type": "boolean" }, "type": { "description": "The type of phone number (work, home, mobile, fax, pager, other)", "type": "string" }, "value": { "description": "The phone number in E.164 format (e.g., tel:+1-201-555-0123)", "type": "string" } }, "type": "object" }, "type": "array" }, "preferredLanguage": { "description": "The user's preferred written or spoken languages.\nFormat as defined in RFC 7231 Section 5.3.5\n", "type": "string" }, "profileUrl": { "description": "A URI pointing to the user's online profile", "format": "uri", "type": "string" }, "schemas": { "description": "The schema URIs that define this resource", "items": { "enum": [ "urn:ietf:params:scim:schemas:core:2.0:User" ], "type": "string" }, "type": "array" }, "timezone": { "description": "The user's time zone in IANA Time Zone database format", "type": "string" }, "title": { "description": "The user's title, such as Vice President", "type": "string" }, "userName": { "description": "Unique identifier for the user, typically used for authentication.\nOften the user's email address. REQUIRED. Case insensitive.\n", "type": "string" }, "userType": { "description": "Identifies the relationship between the organization and the user.\nTypical values: Contractor, Employee, Intern, Temp, External\n", "type": "string" } }, "required": [ "schemas", "userName" ], "type": "object" }, "VerifyReply": { "properties": { "access_token": { "description": "The access token to be used for authentication", "type": "string" }, "email": { "description": "The email address of the user", "example": "jsnow@example.com", "type": "string" }, "error": { "description": "The error message if the request was unsuccessful", "type": "string" }, "error_code": { "description": "The error code if the request was unsuccessful", "type": "string" }, "message": { "type": "string" }, "refresh_token": { "description": "The refresh token to be used to refresh the access token after it expires", "type": "string" }, "session": { "description": "The short-lived session token required for authentication", "type": "string" }, "success": { "description": "Whether or not the request was successful or not", "type": "boolean" }, "token_type": { "description": "The type of token being returned", "example": "bearer", "type": "string" }, "unverified": { "type": "boolean" }, "user_id": { "description": "The ID of the user that was created", "example": "01J4EXD5MM60CX4YNYN0DEE3Y1", "type": "string" } }, "type": "object" }, "VerifySubscribeReply": { "properties": { "error": { "description": "The error message if the request was unsuccessful", "type": "string" }, "error_code": { "description": "The error code if the request was unsuccessful", "type": "string" }, "message": { "type": "string" }, "success": { "description": "Whether or not the request was successful or not", "type": "boolean" }, "unverified": { "type": "boolean" } }, "type": "object" }, "WebauthnBeginLoginResponse": { "properties": { "Reply": { "properties": { "error": { "description": "The error message if the request was unsuccessful", "type": "string" }, "error_code": { "description": "The error code if the request was unsuccessful", "type": "string" }, "success": { "description": "Whether or not the request was successful or not", "type": "boolean" }, "unverified": { "type": "boolean" } }, "type": "object" }, "mediation": { "type": "string" }, "publicKey": { "properties": { "allowCredentials": { "items": { "properties": { "id": { "format": "byte", "type": "string" }, "transports": { "items": { "type": "string" }, "type": "array" }, "type": { "type": "string" } }, "type": "object" }, "type": "array" }, "challenge": { "format": "byte", "type": "string" }, "extensions": { "additionalProperties": {}, "type": "object" }, "hints": { "items": { "type": "string" }, "type": "array" }, "rpId": { "type": "string" }, "timeout": { "type": "integer" }, "userVerification": { "type": "string" } }, "type": "object" }, "session": { "type": "string" } }, "type": "object" }, "WebauthnBeginRegistrationResponse": { "properties": { "Reply": { "properties": { "error": { "description": "The error message if the request was unsuccessful", "type": "string" }, "error_code": { "description": "The error code if the request was unsuccessful", "type": "string" }, "success": { "description": "Whether or not the request was successful or not", "type": "boolean" }, "unverified": { "type": "boolean" } }, "type": "object" }, "mediation": { "type": "string" }, "publicKey": { "properties": { "attestation": { "type": "string" }, "attestationFormats": { "items": { "type": "string" }, "type": "array" }, "authenticatorSelection": { "properties": { "authenticatorAttachment": { "type": "string" }, "requireResidentKey": { "nullable": true, "type": "boolean" }, "residentKey": { "type": "string" }, "userVerification": { "type": "string" } }, "type": "object" }, "challenge": { "format": "byte", "type": "string" }, "excludeCredentials": { "items": { "properties": { "id": { "format": "byte", "type": "string" }, "transports": { "items": { "type": "string" }, "type": "array" }, "type": { "type": "string" } }, "type": "object" }, "type": "array" }, "extensions": { "additionalProperties": {}, "type": "object" }, "hints": { "items": { "type": "string" }, "type": "array" }, "pubKeyCredParams": { "items": { "properties": { "alg": { "type": "integer" }, "type": { "type": "string" } }, "type": "object" }, "type": "array" }, "rp": { "properties": { "id": { "type": "string" }, "name": { "type": "string" } }, "type": "object" }, "timeout": { "type": "integer" }, "user": { "properties": { "displayName": { "type": "string" }, "id": {}, "name": { "type": "string" } }, "type": "object" } }, "type": "object" }, "session": { "type": "string" } }, "type": "object" }, "WebauthnLoginFinishRequest": { "properties": { "authenticatorAttachment": { "description": "How the authenticator is attached", "type": "string" }, "clientExtensionResults": { "additionalProperties": { "description": "Extension results" }, "description": "Extension results", "type": "object" }, "id": { "description": "The credential ID", "type": "string" }, "rawId": { "description": "The raw credential ID", "type": "string" }, "response": { "description": "The authenticator response", "properties": { "authenticatorData": { "description": "The authenticator data", "type": "string" }, "clientDataJSON": { "description": "The client data JSON", "type": "string" }, "signature": { "description": "The assertion signature", "type": "string" }, "userHandle": { "description": "The user handle", "type": "string" } }, "type": "object" }, "type": { "description": "The credential type, should be 'public-key'", "type": "string" } }, "type": "object" }, "WebauthnLoginRequest": { "properties": { "email": { "description": "The email address associated with the account", "example": "jsnow@example.com", "type": "string" } }, "type": "object" }, "WebauthnLoginResponse": { "properties": { "access_token": { "description": "The access token to be used for authentication", "type": "string" }, "error": { "description": "The error message if the request was unsuccessful", "type": "string" }, "error_code": { "description": "The error code if the request was unsuccessful", "type": "string" }, "message": { "type": "string" }, "refresh_token": { "description": "The refresh token to be used to refresh the access token after it expires", "type": "string" }, "session": { "description": "The short-lived session token required for authentication", "type": "string" }, "success": { "description": "Whether or not the request was successful or not", "type": "boolean" }, "token_type": { "description": "The type of token being returned", "example": "bearer", "type": "string" }, "unverified": { "type": "boolean" } }, "type": "object" }, "WebauthnRegistrationFinishRequest": { "properties": { "authenticatorAttachment": { "description": "How the authenticator is attached", "type": "string" }, "clientExtensionResults": { "additionalProperties": { "description": "Extension results" }, "description": "Extension results", "type": "object" }, "id": { "description": "The credential ID", "type": "string" }, "rawId": { "description": "The raw credential ID", "type": "string" }, "response": { "description": "The authenticator response", "properties": { "attestationObject": { "description": "The attestation object", "type": "string" }, "authenticatorData": { "description": "The authenticator data", "type": "string" }, "clientDataJSON": { "description": "The client data JSON", "type": "string" }, "publicKey": { "description": "The public key", "type": "string" }, "publicKeyAlgorithm": { "description": "The public key algorithm", "type": "integer" }, "transports": { "description": "Available transports", "items": { "description": "Available transports", "type": "string" }, "type": "array" } }, "type": "object" }, "type": { "description": "The credential type, should be 'public-key'", "type": "string" } }, "type": "object" }, "WebauthnRegistrationRequest": { "properties": { "email": { "description": "The email address associated with the account", "example": "jsnow@example.com", "type": "string" }, "name": { "description": "The name of the user", "example": "Jon Snow", "type": "string" } }, "type": "object" }, "WebauthnRegistrationResponse": { "properties": { "access_token": { "description": "The access token to be used for authentication", "type": "string" }, "error": { "description": "The error message if the request was unsuccessful", "type": "string" }, "error_code": { "description": "The error code if the request was unsuccessful", "type": "string" }, "message": { "type": "string" }, "refresh_token": { "description": "The refresh token to be used to refresh the access token after it expires", "type": "string" }, "session": { "description": "The short-lived session token required for authentication", "type": "string" }, "success": { "description": "Whether or not the request was successful or not", "type": "boolean" }, "token_type": { "description": "The type of token being returned", "example": "bearer", "type": "string" }, "unverified": { "type": "boolean" } }, "type": "object" }, "itemsPerPage": { "description": "The number of resources returned in the current page", "minimum": 0, "type": "integer" }, "listResponseSchemas": { "items": { "enum": [ "urn:ietf:params:scim:api:messages:2.0:ListResponse" ], "type": "string" }, "type": "array" }, "startIndex": { "description": "The 1-based index of the first result in the current set of results", "minimum": 1, "type": "integer" }, "totalResults": { "description": "The total number of results matching the query", "minimum": 0, "type": "integer" } }, "securitySchemes": { "BearerAuth": { "description": "Bearer token authentication using API tokens.\nThe token identifies the organization and grants permissions to manage\nusers and groups within that organization's scope.\n", "scheme": "bearer", "type": "http" }, "apiKey": { "description": "API Key authentication, the key must be a valid API key", "in": "header", "name": "X-API-Key", "type": "apiKey" }, "basic": { "description": "Username and Password based authentication", "scheme": "basic", "type": "http" }, "bearer": { "bearerFormat": "JWT", "description": "Bearer authentication, the token must be a valid API token", "scheme": "bearer", "type": "http" }, "oauth2": { "description": "OAuth 2.0 authorization code flow for secure API access", "flows": { "authorizationCode": { "authorizationUrl": "https://api.theopenlane.io/oauth2/authorize", "refreshUrl": "https://api.theopenlane.io/oauth2/refresh", "scopes": { "read": "Read access", "write": "Write access" }, "tokenUrl": "https://api.theopenlane.io/oauth2/token" } }, "type": "oauth2" } } }, "externalDocs": { "description": "Documentation for Openlane's API services", "url": "https://docs.theopenlane.io" }, "info": { "contact": { "email": "support@theopenlane.io", "name": "Openlane", "url": "https://theopenlane.io" }, "description": "Openlane's API services are designed to provide a simple and easy to use interface for interacting with the Openlane platform. This API is designed to be used by both internal and external clients to interact with the Openlane platform.", "license": { "name": "Apache 2.0", "url": "https://www.apache.org/licenses/LICENSE-2.0" }, "title": "Openlane OpenAPI 3.1.1 Specifications", "version": "v1.0.0" }, "openapi": "3.1.1", "paths": { "/.well-known/acme-challenge/{path}": { "get": { "description": "ACME challenge solver for Let's Encrypt certificate validation", "operationId": "AcmeSolver", "parameters": [ { "description": "The path to the acme challenge", "example": "01J4HMNDSZCCQBTY93BF9CBF5D", "in": "path", "name": "path", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "content": { "text/plain": { "schema": { "type": "string" } } }, "description": "ACME challenge response" }, "default": { "description": "" } }, "security": [], "summary": "AcmeSolver", "tags": [ "acme", "certificates" ] } }, "/.well-known/jwks.json": { "get": { "description": "JSON Web Key Set for JWT token validation", "operationId": "JWKS", "responses": { "200": { "content": { "application/json": { "schema": { "type": "object" } } }, "description": "JSON Web Key Set" }, "default": { "description": "" } }, "security": [], "summary": "JWKS", "tags": [ "well-known", "authentication" ] } }, "/.well-known/security.txt": { "get": { "description": "Security contact information and vulnerability disclosure policy", "operationId": "SecurityTxt", "responses": { "200": { "content": { "application/octet-stream": { "schema": { "type": "string" } } }, "description": "Static file content" }, "default": { "description": "" } }, "security": [], "summary": "SecurityTxt", "tags": [ "well-known", "security" ] } }, "/.well-known/webauthn": { "get": { "description": "WebAuthn well-known configuration file", "operationId": "WebAuthnWellKnown", "responses": { "200": { "content": { "application/octet-stream": { "schema": { "type": "string" } } }, "description": "Static file content" }, "default": { "description": "" } }, "security": [], "summary": "WebAuthnWellKnown", "tags": [ "well-known", "webauthn" ] } }, "/.well-known/webfinger": { "get": { "description": "WebFinger endpoint for federated identity", "operationId": "Webfinger", "responses": { "200": { "content": { "application/json": { "examples": { "success": { "value": { "discovery_url": "https://accounts.example.com/.well-known/openid_configuration", "enforced": true, "organization_id": "01K9MJ3PD7XKJSCT9ZWYGW9CVE", "provider": "OKTA", "saml_signin_url": "https://accounts.example.com/saml/signin", "success": true, "tfa_enforced": true } } }, "schema": { "$ref": "#/components/schemas/SSOStatusReply" } } }, "description": "Success" }, "default": { "description": "" } }, "security": [], "summary": "Webfinger", "tags": [ "webfinger" ] } }, "/api-docs": { "get": { "description": "Get OpenAPI 3.1.1 specification for this API", "operationId": "APIDocs", "responses": { "200": { "content": { "application/json": { "schema": { "type": "object" } } }, "description": "OpenAPI specification" }, "default": { "description": "" } }, "security": [], "summary": "APIDocs", "tags": [ "documentation" ] } }, "/authentication/options": { "post": { "description": "Begin WebAuthn authentication process and return credential request options", "operationId": "WebauthnAuthentication", "requestBody": { "content": { "application/json": { "examples": { "success": { "value": {} } }, "schema": { "$ref": "#/components/schemas/WebauthnLoginRequest" } } }, "description": "Request body" }, "responses": { "200": { "content": { "application/json": { "examples": { "success": { "value": { "Reply": { "success": true }, "session": "session123" } } }, "schema": { "$ref": "#/components/schemas/WebauthnBeginLoginResponse" } } }, "description": "Success" }, "default": { "description": "" } }, "security": [], "summary": "WebauthnAuthentication", "tags": [ "webauthn", "authentication" ] } }, "/authentication/verification": { "post": { "description": "Complete WebAuthn authentication process by verifying the authentication response", "operationId": "WebauthnAuthenticationVerification", "requestBody": { "content": { "application/json": { "examples": { "success": { "value": { "authenticatorAttachment": "platform", "id": "JBqvfKoo_U-McTi9NxkpDTncmL2Lg6fczz6PD7WesCHQPg", "rawId": "JBqvfKoo_U-McTi9NxkpDTncmL2Lg6fczz6PD7WesCHQPg", "response": { "authenticatorData": "SZYN5YgOjGh0NBcPZHZgW4_krrmihjLHmVzzuoMdl2NdAAAAALraVWanqkAfvZZFYZpVEg0AIiQar3yqKP1PjHE4vTcZKQ053Ji9i4On3M8-jw-1nrAh0D6lAQIDJiABIVggldWfMY_HYjHCZuSgBcDj-Zqcnipy1SJVNlhvmZBxvpciWCDh1UJNz9Uyr6jqeQhApJ3krQCvDNoeXaH0ffa9KapYdw", "clientDataJSON": "eyJ0eXBlIjoid2ViYXV0aG4uZ2V0IiwiY2hhbGxlbmdlIjoiTWZlN1l6aS0zUU9rMDM4VHh3dVVvaTBaaURIZEdaOGlGNVhXc09UTTVnbyIsIm9yaWdpbiI6Imh0dHA6Ly9sb2NhbGhvc3Q6MzAwMSIsImNyb3NzT3JpZ2luIjpmYWxzZX0", "signature": "MEUCIQDKIueQAhZmGtPTmzp7QQRjZU_XLUqHdGj3QKRMOxRNbwIgF1hkJJ5y7cA3RGZe9x4n9vXq_L9x8eR1r9cE4w1uJ_A", "userHandle": "dXNlci1pZC0xMjM0NQ" }, "type": "public-key" } } }, "schema": { "$ref": "#/components/schemas/WebauthnLoginFinishRequest" } } }, "description": "Request body" }, "responses": { "200": { "content": { "application/json": { "examples": { "success": { "value": { "access_token": "access_token_here", "message": "Authentication successful", "refresh_token": "refresh_token_here", "success": true } } }, "schema": { "$ref": "#/components/schemas/WebauthnLoginResponse" } } }, "description": "Success" }, "default": { "description": "" } }, "security": [], "summary": "WebauthnAuthenticationVerification", "tags": [ "webauthn", "authentication" ] } }, "/csrf": { "get": { "description": "Get CSRF token for form submissions", "operationId": "CSRF", "responses": { "200": { "content": { "application/json": { "schema": { "type": "object" } } }, "description": "CSRF token" }, "default": { "description": "" } }, "security": [], "summary": "CSRF", "tags": [ "security" ] } }, "/example/csv": { "post": { "description": "Generate and return an example CSV file for data import templates", "operationId": "ExampleCSV", "responses": { "200": { "content": { "application/octet-stream": { "schema": { "type": "string" } } }, "description": "CSV file content" }, "default": { "description": "" } }, "security": [ { "bearer": [] } ], "summary": "ExampleCSV", "tags": [ "files", "examples" ] } }, "/favicon.ico": { "get": { "description": "Get favicon.ico for the website", "operationId": "Favicon", "responses": { "200": { "content": { "application/octet-stream": { "schema": { "type": "string" } } }, "description": "Static file content" }, "default": { "description": "" } }, "security": [], "summary": "Favicon", "tags": [ "static" ] } }, "/history/query": { "post": { "description": "Handles all GraphQL queries for historical data", "operationId": "GraphQLQueryHistory", "requestBody": { "content": { "application/json": { "schema": { "example": { "query": "query GetBooks {\n books {\n id\n title\n }\n}", "variables": {} }, "properties": { "operationName": { "description": "The name of the operation to execute (optional)", "type": "string" }, "query": { "description": "The GraphQL query string", "type": "string" }, "variables": { "description": "A JSON object containing variables for the query", "type": "object" } }, "type": "object" } } }, "description": "GraphQL query request", "required": true }, "responses": { "200": { "content": { "application/json": { "schema": { "properties": { "data": { "description": "The data returned by the GraphQL operation", "type": "object" }, "errors": { "items": { "description": "An array of error objects if the operation failed", "type": "object" }, "type": "array" } }, "type": "object" } } }, "description": "Successful GraphQL response" }, "default": { "description": "" } }, "summary": "GraphQL History Endpoint", "tags": [ "graphql", "history", "audit logs" ] } }, "/livez": { "get": { "description": "Health check endpoint to verify the service is alive", "operationId": "Livez", "responses": { "200": { "content": { "application/json": { "schema": { "type": "object" } } }, "description": "Health check status" }, "default": { "description": "" } }, "security": [], "summary": "Livez", "tags": [ "health" ] } }, "/oauth/register": { "post": { "description": "Register a user via OAuth provider authentication", "operationId": "OAuthRegister", "requestBody": { "content": { "application/json": { "examples": { "success": { "value": { "authProvider": "google", "clientToken": "example-client-token-12345", "email": "jsnow@example.com", "externalUserId": "1234567890", "externalUserName": "jsnow", "image": "https://example.com/avatar.jpg", "name": "Jon Snow" } } }, "schema": { "$ref": "#/components/schemas/OauthTokenRequest" } } }, "description": "Request body" }, "responses": { "200": { "content": { "application/json": { "examples": { "success": { "value": { "access_token": "access_token", "message": "Login successful", "refresh_token": "refresh_token", "session": "session", "success": true, "tfa_enabled": true, "token_type": "bearer" } } }, "schema": { "$ref": "#/components/schemas/LoginReply" } } }, "description": "Success" }, "400": { "content": { "application/json": { "examples": { "error": { "value": { "error": "googleapi: Error 401: Request is missing required authentication credential. Expected OAuth 2 access token, login cookie or other valid authentication credential. See https://developers.google.com/identity/sign-in/web/devconsole-project., unauthorized", "error_code": "INVALID_INPUT", "success": false } } }, "schema": { "$ref": "#/components/schemas/Reply" } } }, "description": "Invalid Input" }, "default": { "description": "" } }, "security": [], "summary": "OAuthRegister", "tags": [ "oauth", "authentication" ] } }, "/oauth/userinfo": { "get": { "description": "Get user information for OAuth authenticated user", "operationId": "UserInfo", "responses": { "200": { "content": { "application/json": { "schema": { "type": "object" } } }, "description": "User information" }, "default": { "description": "" } }, "security": [ { "bearer": [] } ], "summary": "UserInfo", "tags": [ "oauth", "user" ] } }, "/query": { "post": { "description": "Handles all GraphQL queries, mutations, and subscriptions", "operationId": "GraphQLQuery", "requestBody": { "content": { "application/json": { "schema": { "example": { "query": "query GetBooks {\n books {\n id\n title\n }\n}", "variables": {} }, "properties": { "operationName": { "description": "The name of the operation to execute (optional)", "type": "string" }, "query": { "description": "The GraphQL query string", "type": "string" }, "variables": { "description": "A JSON object containing variables for the query", "type": "object" } }, "type": "object" } } }, "description": "GraphQL query request", "required": true }, "responses": { "200": { "content": { "application/json": { "schema": { "properties": { "data": { "description": "The data returned by the GraphQL operation", "type": "object" }, "errors": { "items": { "description": "An array of error objects if the operation failed", "type": "object" }, "type": "array" } }, "type": "object" } } }, "description": "Successful GraphQL response" }, "default": { "description": "" } }, "summary": "GraphQL Endpoint", "tags": [ "graphql" ] } }, "/questionnaire": { "get": { "description": "Get questionnaire template configuration for authenticated anonymous users", "operationId": "GetQuestionnaire", "responses": { "200": { "content": { "application/json": { "examples": { "success": { "value": {} } }, "schema": { "$ref": "#/components/schemas/GetQuestionnaireResponse" } } }, "description": "Success" }, "default": { "description": "" } }, "security": [ { "bearer": [] }, { "oauth2": [] }, { "basic": [] }, { "apiKey": [] } ], "summary": "GetQuestionnaire", "tags": [ "questionnaire" ] }, "post": { "description": "Submit questionnaire response data for authenticated anonymous users", "operationId": "SubmitQuestionnaire", "responses": { "200": { "content": { "application/json": { "examples": { "success": { "value": { "document_data_id": "", "status": "" } } }, "schema": { "$ref": "#/components/schemas/SubmitQuestionnaireResponse" } } }, "description": "Success" }, "default": { "description": "" } }, "security": [ { "bearer": [] }, { "oauth2": [] }, { "basic": [] }, { "apiKey": [] } ], "summary": "SubmitQuestionnaire", "tags": [ "questionnaire" ] } }, "/questionnaire/resend": { "post": { "description": "Resend questionnaire authentication email with new JWT token", "operationId": "ResendQuestionnaireEmail", "requestBody": { "content": { "application/json": { "examples": { "success": { "value": { "assessment_id": "01JCQR8Z9X1A2B3C4D5E6F7G8H", "email": "vendor@example.com" } } }, "schema": { "$ref": "#/components/schemas/ResendQuestionnaireRequest" } } }, "description": "Request body" }, "responses": { "200": { "content": { "application/json": { "examples": { "success": { "value": { "message": "Verification email resent successfully", "success": true } } }, "schema": { "$ref": "#/components/schemas/ResendReply" } } }, "description": "Success" }, "default": { "description": "" } }, "security": [ { "basic": [] } ], "summary": "ResendQuestionnaireEmail", "tags": [ "questionnaire" ] } }, "/ready": { "get": { "description": "Readiness check endpoint to verify the service is ready to accept traffic", "operationId": "Ready", "responses": { "200": { "content": { "application/json": { "schema": { "type": "object" } } }, "description": "Health check status" }, "default": { "description": "" } }, "security": [], "summary": "Ready", "tags": [ "health" ] } }, "/registration/options": { "post": { "description": "Begin WebAuthn registration process and return credential creation options", "operationId": "WebauthnRegistration", "requestBody": { "content": { "application/json": { "examples": { "success": { "value": { "email": "sarahisthebest@sarahsthebest.com", "name": "Sarah Funk" } } }, "schema": { "$ref": "#/components/schemas/WebauthnRegistrationRequest" } } }, "description": "Request body" }, "responses": { "200": { "content": { "application/json": { "examples": { "success": { "value": { "Reply": { "success": true }, "session": "registration_session_example" } } }, "schema": { "$ref": "#/components/schemas/WebauthnBeginRegistrationResponse" } } }, "description": "Success" }, "default": { "description": "" } }, "security": [], "summary": "WebauthnRegistration", "tags": [ "webauthn", "authentication" ] } }, "/registration/verification": { "post": { "description": "Complete WebAuthn registration process by verifying the credential creation response", "operationId": "WebauthnRegistrationVerification", "requestBody": { "content": { "application/json": { "examples": { "success": { "value": { "authenticatorAttachment": "platform", "id": "JBqvfKoo_U-McTi9NxkpDTncmL2Lg6fczz6PD7WesCHQPg", "rawId": "JBqvfKoo_U-McTi9NxkpDTncmL2Lg6fczz6PD7WesCHQPg", "response": { "attestationObject": "o2NmbXRkbm9uZWdhdHRTdG10oGhhdXRoRGF0YVimSZYN5YgOjGh0NBcPZHZgW4_krrmihjLHmVzzuoMdl2NdAAAAALraVWanqkAfvZZFYZpVEg0AIiQar3yqKP1PjHE4vTcZKQ053Ji9i4On3M8-jw-1nrAh0D6lAQIDJiABIVggldWfMY_HYjHCZuSgBcDj-Zqcnipy1SJVNlhvmZBxvpciWCDh1UJNz9Uyr6jqeQhApJ3krQCvDNoeXaH0ffa9KapYdw", "authenticatorData": "SZYN5YgOjGh0NBcPZHZgW4_krrmihjLHmVzzuoMdl2NdAAAAALraVWanqkAfvZZFYZpVEg0AIiQar3yqKP1PjHE4vTcZKQ053Ji9i4On3M8-jw-1nrAh0D6lAQIDJiABIVggldWfMY_HYjHCZuSgBcDj-Zqcnipy1SJVNlhvmZBxvpciWCDh1UJNz9Uyr6jqeQhApJ3krQCvDNoeXaH0ffa9KapYdw", "clientDataJSON": "eyJ0eXBlIjoid2ViYXV0aG4uY3JlYXRlIiwiY2hhbGxlbmdlIjoiTWZlN1l6aS0zUU9rMDM4VHh3dVVvaTBaaURIZEdaOGlGNVhXc09UTTVnbyIsIm9yaWdpbiI6Imh0dHA6Ly9sb2NhbGhvc3Q6MzAwMSIsImNyb3NzT3JpZ2luIjpmYWxzZX0", "publicKey": "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEldWfMY_HYjHCZuSgBcDj-Zqcnipy1SJVNlhvmZBxvpfh1UJNz9Uyr6jqeQhApJ3krQCvDNoeXaH0ffa9KapYdw", "publicKeyAlgorithm": -7, "transports": [ "internal", "hybrid" ] }, "type": "public-key" } } }, "schema": { "$ref": "#/components/schemas/WebauthnRegistrationFinishRequest" } } }, "description": "Request body" }, "responses": { "200": { "content": { "application/json": { "examples": { "success": { "value": { "access_token": "access_token", "message": "WebAuthn registration successful", "refresh_token": "refresh_token", "session": "session", "success": true, "token_type": "bearer" } } }, "schema": { "$ref": "#/components/schemas/WebauthnRegistrationResponse" } } }, "description": "Success" }, "default": { "description": "" } }, "security": [], "summary": "WebauthnRegistrationVerification", "tags": [ "webauthn", "authentication" ] } }, "/resend/webhook": { "post": { "description": "Handle incoming webhook events from Resend for email delivery tracking", "operationId": "ResendWebhook", "responses": { "200": { "content": { "text/plain": { "schema": { "type": "string" } } }, "description": "Webhook acknowledgment" }, "default": { "description": "" } }, "security": [], "summary": "ResendWebhook", "tags": [ "webhooks", "email" ] } }, "/robots.txt": { "get": { "description": "Get robots.txt file for web crawlers", "operationId": "Robots", "responses": { "200": { "content": { "application/octet-stream": { "schema": { "type": "string" } } }, "description": "Static file content" }, "default": { "description": "" } }, "security": [], "summary": "Robots", "tags": [ "static" ] } }, "/scim/v2/Groups": { "get": { "description": "Returns a list of groups with optional filtering and pagination", "operationId": "listGroups", "parameters": [ { "$ref": "#/components/parameters/filter" }, { "$ref": "#/components/parameters/startIndex" }, { "$ref": "#/components/parameters/count" }, { "$ref": "#/components/parameters/attributes" }, { "$ref": "#/components/parameters/excludedAttributes" } ], "responses": { "200": { "$ref": "#/components/responses/GroupList" }, "400": { "$ref": "#/components/responses/BadRequest" }, "401": { "$ref": "#/components/responses/Unauthorized" }, "403": { "$ref": "#/components/responses/Forbidden" }, "500": { "$ref": "#/components/responses/InternalServerError" } }, "security": [ { "BearerAuth": [] } ], "summary": "List groups", "tags": [ "Groups" ] }, "post": { "description": "Creates a new group with the provided attributes", "operationId": "createGroup", "requestBody": { "$ref": "#/components/requestBodies/GroupBody" }, "responses": { "201": { "$ref": "#/components/responses/GroupCreated" }, "400": { "$ref": "#/components/responses/BadRequest" }, "401": { "$ref": "#/components/responses/Unauthorized" }, "403": { "$ref": "#/components/responses/Forbidden" }, "409": { "$ref": "#/components/responses/Conflict" }, "500": { "$ref": "#/components/responses/InternalServerError" } }, "security": [ { "BearerAuth": [] } ], "summary": "Create a new group", "tags": [ "Groups" ] } }, "/scim/v2/Groups/{id}": { "delete": { "description": "Removes a group from the system", "operationId": "deleteGroup", "parameters": [ { "$ref": "#/components/parameters/groupId" } ], "responses": { "204": { "description": "Group deleted successfully" }, "401": { "$ref": "#/components/responses/Unauthorized" }, "403": { "$ref": "#/components/responses/Forbidden" }, "404": { "$ref": "#/components/responses/NotFound" }, "500": { "$ref": "#/components/responses/InternalServerError" } }, "security": [ { "BearerAuth": [] } ], "summary": "Delete group", "tags": [ "Groups" ] }, "get": { "description": "Retrieves details of a specific group by ID", "operationId": "getGroupById", "parameters": [ { "$ref": "#/components/parameters/groupId" }, { "$ref": "#/components/parameters/attributes" }, { "$ref": "#/components/parameters/excludedAttributes" } ], "responses": { "200": { "$ref": "#/components/responses/GroupRetrieved" }, "401": { "$ref": "#/components/responses/Unauthorized" }, "403": { "$ref": "#/components/responses/Forbidden" }, "404": { "$ref": "#/components/responses/NotFound" }, "500": { "$ref": "#/components/responses/InternalServerError" } }, "security": [ { "BearerAuth": [] } ], "summary": "Get group by ID", "tags": [ "Groups" ] }, "patch": { "description": "Applies partial modifications to a group using SCIM PATCH operations", "operationId": "patchGroup", "parameters": [ { "$ref": "#/components/parameters/groupId" } ], "requestBody": { "$ref": "#/components/requestBodies/PatchBody" }, "responses": { "200": { "$ref": "#/components/responses/GroupUpdated" }, "400": { "$ref": "#/components/responses/BadRequest" }, "401": { "$ref": "#/components/responses/Unauthorized" }, "403": { "$ref": "#/components/responses/Forbidden" }, "404": { "$ref": "#/components/responses/NotFound" }, "500": { "$ref": "#/components/responses/InternalServerError" } }, "security": [ { "BearerAuth": [] } ], "summary": "Update group", "tags": [ "Groups" ] }, "put": { "description": "Replaces all attributes of an existing group", "operationId": "replaceGroup", "parameters": [ { "$ref": "#/components/parameters/groupId" } ], "requestBody": { "$ref": "#/components/requestBodies/GroupBody" }, "responses": { "200": { "$ref": "#/components/responses/GroupUpdated" }, "400": { "$ref": "#/components/responses/BadRequest" }, "401": { "$ref": "#/components/responses/Unauthorized" }, "403": { "$ref": "#/components/responses/Forbidden" }, "404": { "$ref": "#/components/responses/NotFound" }, "500": { "$ref": "#/components/responses/InternalServerError" } }, "security": [ { "BearerAuth": [] } ], "summary": "Replace group", "tags": [ "Groups" ] } }, "/scim/v2/ResourceTypes": { "get": { "description": "Returns available SCIM resource types supported by this service provider", "operationId": "getResourceTypes", "responses": { "200": { "content": { "application/scim+json": { "schema": { "properties": { "Resources": { "items": { "$ref": "#/components/schemas/ResourceType" }, "type": "array" }, "itemsPerPage": { "$ref": "#/components/schemas/itemsPerPage" }, "schemas": { "$ref": "#/components/schemas/listResponseSchemas" }, "startIndex": { "$ref": "#/components/schemas/startIndex" }, "totalResults": { "$ref": "#/components/schemas/totalResults" } }, "type": "object" } } }, "description": "Resource types retrieved successfully" }, "401": { "$ref": "#/components/responses/Unauthorized" }, "500": { "$ref": "#/components/responses/InternalServerError" } }, "security": [ { "BearerAuth": [] } ], "summary": "Get resource types", "tags": [ "Discovery" ] } }, "/scim/v2/ResourceTypes/{name}": { "get": { "description": "Returns detailed information about a specific resource type", "operationId": "getResourceTypeByName", "parameters": [ { "description": "Name of the resource type (e.g., User, Group)", "in": "path", "name": "name", "required": true, "schema": { "enum": [ "User", "Group" ], "type": "string" } } ], "responses": { "200": { "content": { "application/scim+json": { "schema": { "$ref": "#/components/schemas/ResourceType" } } }, "description": "Resource type retrieved successfully" }, "401": { "$ref": "#/components/responses/Unauthorized" }, "404": { "$ref": "#/components/responses/NotFound" }, "500": { "$ref": "#/components/responses/InternalServerError" } }, "security": [ { "BearerAuth": [] } ], "summary": "Get resource type by name", "tags": [ "Discovery" ] } }, "/scim/v2/Schemas": { "get": { "description": "Returns SCIM schemas supported by this service provider", "operationId": "getSchemas", "responses": { "200": { "content": { "application/scim+json": { "schema": { "properties": { "Resources": { "items": { "$ref": "#/components/schemas/SchemaDefinition" }, "type": "array" }, "itemsPerPage": { "$ref": "#/components/schemas/itemsPerPage" }, "schemas": { "$ref": "#/components/schemas/listResponseSchemas" }, "startIndex": { "$ref": "#/components/schemas/startIndex" }, "totalResults": { "$ref": "#/components/schemas/totalResults" } }, "type": "object" } } }, "description": "Schemas retrieved successfully" }, "401": { "$ref": "#/components/responses/Unauthorized" }, "500": { "$ref": "#/components/responses/InternalServerError" } }, "security": [ { "BearerAuth": [] } ], "summary": "Get schemas", "tags": [ "Discovery" ] } }, "/scim/v2/Schemas/{uri}": { "get": { "description": "Returns detailed schema definition for a specific schema URI", "operationId": "getSchemaByUri", "parameters": [ { "description": "Schema URI (e.g., urn:ietf:params:scim:schemas:core:2.0:User)", "in": "path", "name": "uri", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/scim+json": { "schema": { "$ref": "#/components/schemas/SchemaDefinition" } } }, "description": "Schema retrieved successfully" }, "401": { "$ref": "#/components/responses/Unauthorized" }, "404": { "$ref": "#/components/responses/NotFound" }, "500": { "$ref": "#/components/responses/InternalServerError" } }, "security": [ { "BearerAuth": [] } ], "summary": "Get schema by URI", "tags": [ "Discovery" ] } }, "/scim/v2/ServiceProviderConfig": { "get": { "description": "Returns the service provider's configuration, including supported features and authentication schemes", "operationId": "getServiceProviderConfig", "responses": { "200": { "content": { "application/scim+json": { "schema": { "$ref": "#/components/schemas/ServiceProviderConfig" } } }, "description": "Service provider configuration retrieved successfully" }, "401": { "$ref": "#/components/responses/Unauthorized" }, "500": { "$ref": "#/components/responses/InternalServerError" } }, "security": [ { "BearerAuth": [] } ], "summary": "Get service provider configuration", "tags": [ "Discovery" ] } }, "/scim/v2/Users": { "get": { "description": "Returns a list of users with optional filtering and pagination", "operationId": "listUsers", "parameters": [ { "$ref": "#/components/parameters/filter" }, { "$ref": "#/components/parameters/startIndex" }, { "$ref": "#/components/parameters/count" }, { "$ref": "#/components/parameters/attributes" }, { "$ref": "#/components/parameters/excludedAttributes" } ], "responses": { "200": { "$ref": "#/components/responses/UserList" }, "400": { "$ref": "#/components/responses/BadRequest" }, "401": { "$ref": "#/components/responses/Unauthorized" }, "403": { "$ref": "#/components/responses/Forbidden" }, "500": { "$ref": "#/components/responses/InternalServerError" } }, "security": [ { "BearerAuth": [] } ], "summary": "List users", "tags": [ "Users" ] }, "post": { "description": "Creates a new user with the provided attributes", "operationId": "createUser", "requestBody": { "$ref": "#/components/requestBodies/UserBody" }, "responses": { "201": { "$ref": "#/components/responses/UserCreated" }, "400": { "$ref": "#/components/responses/BadRequest" }, "401": { "$ref": "#/components/responses/Unauthorized" }, "403": { "$ref": "#/components/responses/Forbidden" }, "409": { "$ref": "#/components/responses/Conflict" }, "500": { "$ref": "#/components/responses/InternalServerError" } }, "security": [ { "BearerAuth": [] } ], "summary": "Create a new user", "tags": [ "Users" ] } }, "/scim/v2/Users/{id}": { "delete": { "description": "Removes a user from the system", "operationId": "deleteUser", "parameters": [ { "$ref": "#/components/parameters/userId" } ], "responses": { "204": { "description": "User deleted successfully" }, "401": { "$ref": "#/components/responses/Unauthorized" }, "403": { "$ref": "#/components/responses/Forbidden" }, "404": { "$ref": "#/components/responses/NotFound" }, "500": { "$ref": "#/components/responses/InternalServerError" } }, "security": [ { "BearerAuth": [] } ], "summary": "Delete user", "tags": [ "Users" ] }, "get": { "description": "Retrieves details of a specific user by ID", "operationId": "getUserById", "parameters": [ { "$ref": "#/components/parameters/userId" }, { "$ref": "#/components/parameters/attributes" }, { "$ref": "#/components/parameters/excludedAttributes" } ], "responses": { "200": { "$ref": "#/components/responses/UserRetrieved" }, "401": { "$ref": "#/components/responses/Unauthorized" }, "403": { "$ref": "#/components/responses/Forbidden" }, "404": { "$ref": "#/components/responses/NotFound" }, "500": { "$ref": "#/components/responses/InternalServerError" } }, "security": [ { "BearerAuth": [] } ], "summary": "Get user by ID", "tags": [ "Users" ] }, "patch": { "description": "Applies partial modifications to a user using SCIM PATCH operations", "operationId": "patchUser", "parameters": [ { "$ref": "#/components/parameters/userId" } ], "requestBody": { "$ref": "#/components/requestBodies/PatchBody" }, "responses": { "200": { "$ref": "#/components/responses/UserUpdated" }, "400": { "$ref": "#/components/responses/BadRequest" }, "401": { "$ref": "#/components/responses/Unauthorized" }, "403": { "$ref": "#/components/responses/Forbidden" }, "404": { "$ref": "#/components/responses/NotFound" }, "500": { "$ref": "#/components/responses/InternalServerError" } }, "security": [ { "BearerAuth": [] } ], "summary": "Update user", "tags": [ "Users" ] }, "put": { "description": "Replaces all attributes of an existing user", "operationId": "replaceUser", "parameters": [ { "$ref": "#/components/parameters/userId" } ], "requestBody": { "$ref": "#/components/requestBodies/UserBody" }, "responses": { "200": { "$ref": "#/components/responses/UserUpdated" }, "400": { "$ref": "#/components/responses/BadRequest" }, "401": { "$ref": "#/components/responses/Unauthorized" }, "403": { "$ref": "#/components/responses/Forbidden" }, "404": { "$ref": "#/components/responses/NotFound" }, "500": { "$ref": "#/components/responses/InternalServerError" } }, "security": [ { "BearerAuth": [] } ], "summary": "Replace user", "tags": [ "Users" ] } }, "/trustcenter/auth/anonymous": { "post": { "description": "Create anonymous JWT token for trust center access", "operationId": "TrustCenterAnonymousJWT", "responses": { "200": { "content": { "application/json": { "examples": { "success": { "value": { "access_token": "" } } }, "schema": { "$ref": "#/components/schemas/CreateTrustCenterAnonymousJWTResponse" } } }, "description": "Success" }, "default": { "description": "" } }, "security": [ { "basic": [] } ], "summary": "TrustCenterAnonymousJWT", "tags": [ "trustcenter", "authentication" ] } }, "/v1/2fa/validate": { "post": { "description": "Validate a user's TOTP code", "operationId": "TFAValidation", "requestBody": { "content": { "application/json": { "examples": { "success": { "value": { "totp_code": "113371" } } }, "schema": { "$ref": "#/components/schemas/TFARequest" } } }, "description": "Request body" }, "responses": { "200": { "content": { "application/json": { "examples": { "success": { "value": { "message": "Two-factor authentication validated successfully", "success": true } } }, "schema": { "$ref": "#/components/schemas/TFAReply" } } }, "description": "Success" }, "400": { "description": "Bad Request" }, "401": { "description": "Unauthorized" }, "500": { "description": "Internal Server Error" }, "default": { "description": "" } }, "security": [ { "bearer": [] }, { "oauth2": [] }, { "basic": [] }, { "apiKey": [] } ], "summary": "TFAValidation", "tags": [ "tfa" ] } }, "/v1/account/access": { "post": { "description": "Check Subject Access to Object", "operationId": "AccountAccess", "requestBody": { "content": { "application/json": { "examples": { "success": { "value": { "object_id": "01J4EXD5MM60CX4YNYN0DEE3Y1", "object_type": "organization", "relation": "can_view" } } }, "schema": { "$ref": "#/components/schemas/AccountAccessRequest" } } }, "description": "Request body" }, "responses": { "200": { "content": { "application/json": { "examples": { "success": { "value": { "allowed": true, "success": true } } }, "schema": { "$ref": "#/components/schemas/AccountAccessReply" } } }, "description": "Success" }, "400": { "description": "Bad Request" }, "401": { "description": "Unauthorized" }, "500": { "description": "Internal Server Error" }, "default": { "description": "" } }, "security": [ { "bearer": [] } ], "summary": "AccountAccess", "tags": [ "account" ] } }, "/v1/account/features": { "get": { "description": "List features a subject has in relation to the authenticated organization", "operationId": "AccountFeatures", "responses": { "200": { "content": { "application/json": { "examples": { "success": { "value": { "features": [ "policy-and-procedure-module", "compliance-module" ], "organization_id": "01K9MJ3PD7XKJSCT9ZWYGW9CVE", "success": true } } }, "schema": { "$ref": "#/components/schemas/AccountFeaturesReply" } } }, "description": "Success" }, "400": { "description": "Bad Request" }, "401": { "description": "Unauthorized" }, "500": { "description": "Internal Server Error" }, "default": { "description": "" } }, "security": [ { "bearer": [] }, { "oauth2": [] }, { "basic": [] }, { "apiKey": [] } ], "summary": "AccountFeatures", "tags": [ "account" ] } }, "/v1/account/features/{id}": { "get": { "description": "List the features a subject has in relation to the organization ID provided", "operationId": "AccountFeaturesByID", "parameters": [ { "description": "Path parameter: id", "in": "path", "name": "id", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "examples": { "success": { "value": { "features": [ "policy-and-procedure-module", "compliance-module" ], "organization_id": "01K9MJ3PD7XKJSCT9ZWYGW9CVE", "success": true } } }, "schema": { "$ref": "#/components/schemas/AccountFeaturesReply" } } }, "description": "Success" }, "400": { "description": "Bad Request" }, "401": { "description": "Unauthorized" }, "500": { "description": "Internal Server Error" }, "default": { "description": "" } }, "security": [ { "bearer": [] }, { "oauth2": [] }, { "basic": [] }, { "apiKey": [] } ], "summary": "AccountFeaturesByID", "tags": [ "account" ] } }, "/v1/account/roles": { "post": { "description": "Retrieve a list of roles of the subject in the organization", "operationId": "AccountRoles", "requestBody": { "content": { "application/json": { "examples": { "success": { "value": { "object_id": "01J4EXD5MM60CX4YNYN0DEE3Y1", "object_type": "organization" } } }, "schema": { "$ref": "#/components/schemas/AccountRolesRequest" } } }, "description": "Request body" }, "responses": { "200": { "content": { "application/json": { "examples": { "success": { "value": { "roles": [ "admin", "member" ], "success": true } } }, "schema": { "$ref": "#/components/schemas/AccountRolesReply" } } }, "description": "Success" }, "400": { "description": "Bad Request" }, "401": { "description": "Unauthorized" }, "500": { "description": "Internal Server Error" }, "default": { "description": "" } }, "security": [ { "bearer": [] } ], "summary": "AccountRoles", "tags": [ "account" ] } }, "/v1/account/roles/organization": { "get": { "description": "Retrieve a list of roles of the subject in the organization", "operationId": "AccountRolesOrganization", "responses": { "200": { "content": { "application/json": { "examples": { "success": { "value": { "organization_id": "01K9MJ3PD7XKJSCT9ZWYGW9CVE", "roles": [ "can_view", "can_edit" ], "success": true } } }, "schema": { "$ref": "#/components/schemas/AccountRolesOrganizationReply" } } }, "description": "Success" }, "400": { "description": "Bad Request" }, "401": { "description": "Unauthorized" }, "500": { "description": "Internal Server Error" }, "default": { "description": "" } }, "security": [ { "bearer": [] }, { "oauth2": [] }, { "basic": [] }, { "apiKey": [] } ], "summary": "AccountRolesOrganization", "tags": [ "account" ] } }, "/v1/account/roles/organization/{id}": { "get": { "description": "Retrieve a list of roles of the subject in the organization ID provided", "operationId": "AccountRolesOrganizationByID", "parameters": [ { "description": "Path parameter: id", "in": "path", "name": "id", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "examples": { "success": { "value": { "organization_id": "01K9MJ3PD7XKJSCT9ZWYGW9CVE", "roles": [ "can_view", "can_edit" ], "success": true } } }, "schema": { "$ref": "#/components/schemas/AccountRolesOrganizationReply" } } }, "description": "Success" }, "400": { "description": "Bad Request" }, "401": { "description": "Unauthorized" }, "500": { "description": "Internal Server Error" }, "default": { "description": "" } }, "security": [ { "bearer": [] }, { "oauth2": [] }, { "basic": [] }, { "apiKey": [] } ], "summary": "AccountRolesOrganizationByID", "tags": [ "account" ] } }, "/v1/files/{id}/download": { "get": { "description": "Download files via proxy-signed URLs. Requires authentication.", "operationId": "FileDownload", "parameters": [ { "description": "the file ID", "example": "01J4HMNDSZCCQBTY93BF9CBF5D", "in": "path", "name": "id", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "examples": { "success": { "value": { "ID": "", "Token": "token" } } }, "schema": { "$ref": "#/components/schemas/FileDownload" } } }, "description": "Success" }, "400": { "description": "Bad Request" }, "401": { "description": "Unauthorized" }, "500": { "description": "Internal Server Error" }, "default": { "description": "" } }, "security": [ { "bearer": [] } ], "summary": "File Download", "tags": [ "files" ] } }, "/v1/forgot-password": { "post": { "description": "ForgotPassword is a service for users to request a password reset email. The email address must be provided in the POST request and the user must exist in the database. This endpoint always returns 200 regardless of whether the user exists or not to avoid leaking information about users in the database", "operationId": "ForgotPassword", "requestBody": { "content": { "application/json": { "examples": { "success": { "value": { "email": "example@theopenlane.io" } } }, "schema": { "$ref": "#/components/schemas/ForgotPasswordRequest" } } }, "description": "Request body" }, "responses": { "200": { "content": { "application/json": { "examples": { "success": { "value": { "message": "Password reset email sent successfully", "success": true } } }, "schema": { "$ref": "#/components/schemas/ForgotPasswordReply" } } }, "description": "Success" }, "400": { "description": "Bad Request" }, "401": { "description": "Unauthorized" }, "500": { "description": "Internal Server Error" }, "default": { "description": "" } }, "security": [], "summary": "ForgotPassword", "tags": [ "forgotpassword" ] } }, "/v1/github/callback": { "get": { "description": "Handle GitHub OAuth callback", "operationId": "GitHubCallback", "responses": { "302": { "description": "OAuth redirect" }, "400": { "description": "Bad Request" }, "401": { "description": "Unauthorized" }, "500": { "description": "Internal Server Error" }, "default": { "description": "" } }, "security": [], "summary": "GitHubCallback", "tags": [ "oauth", "github" ] } }, "/v1/github/login": { "get": { "description": "Initiate GitHub OAuth login flow", "operationId": "GitHubLogin", "responses": { "302": { "description": "OAuth redirect" }, "400": { "description": "Bad Request" }, "401": { "description": "Unauthorized" }, "500": { "description": "Internal Server Error" }, "default": { "description": "" } }, "security": [], "summary": "GitHubLogin", "tags": [ "oauth", "github" ] } }, "/v1/google/callback": { "get": { "description": "Handle Google OAuth callback", "operationId": "GoogleCallback", "responses": { "302": { "description": "OAuth redirect" }, "400": { "description": "Bad Request" }, "401": { "description": "Unauthorized" }, "500": { "description": "Internal Server Error" }, "default": { "description": "" } }, "security": [], "summary": "GoogleCallback", "tags": [ "oauth", "google" ] } }, "/v1/google/login": { "get": { "description": "Initiate Google OAuth login flow", "operationId": "GoogleLogin", "responses": { "302": { "description": "OAuth redirect" }, "400": { "description": "Bad Request" }, "401": { "description": "Unauthorized" }, "500": { "description": "Internal Server Error" }, "default": { "description": "" } }, "security": [], "summary": "GoogleLogin", "tags": [ "oauth", "google" ] } }, "/v1/impersonation/end": { "post": { "description": "End an active impersonation session and return to normal user context. Logs the end of impersonation for audit purposes.", "operationId": "EndImpersonation", "requestBody": { "content": { "application/json": { "examples": { "success": { "value": { "reason": "Support task completed", "session_id": "01K9MJ23ND309PAN0Z6GN2BH90" } } }, "schema": { "$ref": "#/components/schemas/EndImpersonationRequest" } } }, "description": "Request body" }, "responses": { "200": { "content": { "application/json": { "examples": { "success": { "value": { "message": "", "success": false } } }, "schema": { "$ref": "#/components/schemas/EndImpersonationReply" } } }, "description": "Success" }, "400": { "description": "Bad Request" }, "401": { "description": "Unauthorized" }, "500": { "description": "Internal Server Error" }, "default": { "description": "" } }, "security": [ { "bearer": [] } ], "summary": "EndImpersonation", "tags": [ "impersonation" ] } }, "/v1/impersonation/start": { "post": { "description": "Start an impersonation session to act as another user for support, administrative, or testing purposes. Requires appropriate permissions and logs all impersonation activity for audit purposes.", "operationId": "StartImpersonation", "requestBody": { "content": { "application/json": { "examples": { "success": { "value": { "reason": "Customer support assistance for account recovery", "target_user_id": "01K9MJ23ND309PAN0ZQFK6N2R3", "type": "support" } } }, "schema": { "$ref": "#/components/schemas/StartImpersonationRequest" } } }, "description": "Request body" }, "responses": { "200": { "content": { "application/json": { "examples": { "success": { "value": { "expires_at": "0001-01-01T00:00:00Z", "message": "", "session_id": "", "success": false, "token": "" } } }, "schema": { "$ref": "#/components/schemas/StartImpersonationReply" } } }, "description": "Success" }, "400": { "description": "Bad Request" }, "401": { "description": "Unauthorized" }, "500": { "description": "Internal Server Error" }, "default": { "description": "" } }, "security": [ { "bearer": [] } ], "summary": "StartImpersonation", "tags": [ "impersonation" ] } }, "/v1/invite": { "get": { "description": "Accept an organization invitation", "operationId": "OrganizationInviteAccept", "responses": { "200": { "content": { "application/json": { "examples": { "success": { "value": { "access_token": "access_token", "email": "jsnow@example.com", "joined_org_id": "01K9MJ23ND309PAN0ZWTN4C0PJ", "message": "Invitation accepted successfully", "refresh_token": "refresh_token", "role": "admin", "session": "session", "success": true, "token_type": "bearer", "user_id": "01K9MJ23ND309PAN0ZV1ECFYT7" } } }, "schema": { "$ref": "#/components/schemas/InviteReply" } } }, "description": "Success" }, "400": { "description": "Bad Request" }, "401": { "description": "Unauthorized" }, "500": { "description": "Internal Server Error" }, "default": { "description": "" } }, "security": [ { "bearer": [] }, { "oauth2": [] }, { "basic": [] }, { "apiKey": [] } ], "summary": "OrganizationInviteAccept", "tags": [ "organization" ] } }, "/v1/login": { "post": { "description": "Login is oriented towards human users who use their email and password for authentication. Login verifies the password submitted for the user is correct by looking up the user by email and using the argon2 derived key verification process to confirm the password matches. Upon authentication an access token and a refresh token with the authorized claims of the user are returned. The user can use the access token to authenticate to our systems. The access token has an expiration and the refresh token can be used with the refresh endpoint to get a new access token without the user having to log in again. The refresh token overlaps with the access token to provide a seamless authentication experience and the user can refresh their access token so long as the refresh token is valid", "operationId": "LoginHandler", "requestBody": { "content": { "application/json": { "examples": { "success": { "value": { "password": "mitb!", "username": "sfunky@theopenlane.io" } } }, "schema": { "$ref": "#/components/schemas/LoginRequest" } } }, "description": "Request body" }, "responses": { "200": { "content": { "application/json": { "examples": { "success": { "value": { "access_token": "access_token", "message": "Login successful", "refresh_token": "refresh_token", "session": "session", "success": true, "tfa_enabled": true, "token_type": "bearer" } } }, "schema": { "$ref": "#/components/schemas/LoginReply" } } }, "description": "Success" }, "400": { "description": "Bad Request" }, "401": { "description": "Unauthorized" }, "500": { "description": "Internal Server Error" }, "default": { "description": "" } }, "security": [ { "basic": [] } ], "summary": "Login", "tags": [ "authentication" ] } }, "/v1/password-reset": { "post": { "description": "ResetPassword allows the user (after requesting a password reset) to set a new password - the password reset token needs to be set in the request and not expired. If the request is successful, a confirmation of the reset is sent to the user and a 200 StatusOK is returned", "operationId": "ResetPassword", "requestBody": { "content": { "application/json": { "examples": { "success": { "value": { "password": "mitb!", "token": "token" } } }, "schema": { "$ref": "#/components/schemas/ResetPasswordRequest" } } }, "description": "Request body" }, "responses": { "200": { "content": { "application/json": { "examples": { "success": { "value": { "message": "Password reset successfully", "success": true } } }, "schema": { "$ref": "#/components/schemas/ResetPasswordReply" } } }, "description": "Success" }, "400": { "description": "Bad Request" }, "401": { "description": "Unauthorized" }, "500": { "description": "Internal Server Error" }, "default": { "description": "" } }, "security": [], "summary": "ResetPassword", "tags": [ "password-reset" ] } }, "/v1/products": { "get": { "description": "List products available in the product catalog", "operationId": "ProductCatalog", "parameters": [ { "description": "Whether to include beta products in the catalog", "example": "false", "in": "query", "name": "include_beta", "schema": { "type": "string" } }, { "description": "Whether to include private products in the catalog", "example": "false", "in": "query", "name": "include_private", "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "examples": { "success": { "value": { "addons": {}, "modules": { "compliance_module": { "audience": "public", "billing": { "prices": [ { "interval": "month", "lookup_key": "price_compliance_monthly", "nickname": "price_compliance_monthly", "price_id": "price_1S3qX6JIzM4Pa2ZcRtuinRdG", "unit_amount": 45000 }, { "interval": "year", "lookup_key": "price_compliance_annually", "nickname": "price_compliance_annually", "price_id": "price_1S3qX7JIzM4Pa2ZchMVxiS1l", "unit_amount": 500000 } ] }, "description": "Core Compliance Automation and Standards Library", "display_name": "Core Compliance Module", "include_with_trial": true, "lookup_key": "compliance_module", "marketing_description": "Automate evidence collection and task tracking to simplify SOC 2, ISO 27001, and other certification workflows", "product_id": "prod_SzqDyAvxP2D7fA", "usage": { "evidence_storage_gb": 25000 } } }, "sha": "12a4a1212888e9316a16826ba074b37230b4b7ba903cd8d7e627e4a8d03a6211", "success": true, "version": "v0.0.1" } } }, "schema": { "$ref": "#/components/schemas/ProductCatalogReply" } } }, "description": "Success" }, "400": { "description": "Bad Request" }, "401": { "description": "Unauthorized" }, "500": { "description": "Internal Server Error" }, "default": { "description": "" } }, "security": [], "summary": "ProductCatalog", "tags": [ "catalog" ] } }, "/v1/refresh": { "post": { "description": "The Refresh endpoint re-authenticates users and API keys using a refresh token rather than requiring a username and password or API key credentials a second time and returns a new access and refresh token pair with the current credentials of the user. This endpoint is intended to facilitate long-running connections to the systems that last longer than the duration of an access token; e.g. long sessions on the UI or (especially) long running publishers and subscribers (machine users) that need to stay authenticated semi-permanently.", "operationId": "RefreshHandler", "requestBody": { "content": { "application/json": { "examples": { "success": { "value": { "refresh_token": "token" } } }, "schema": { "$ref": "#/components/schemas/RefreshRequest" } } }, "description": "Request body" }, "responses": { "200": { "content": { "application/json": { "examples": { "success": { "value": { "access_token": "new_access_token", "message": "Token refreshed successfully", "refresh_token": "new_refresh_token", "session": "session", "success": true, "token_type": "bearer" } } }, "schema": { "$ref": "#/components/schemas/RefreshReply" } } }, "description": "Success" }, "400": { "description": "Bad Request" }, "401": { "description": "Unauthorized" }, "500": { "description": "Internal Server Error" }, "default": { "description": "" } }, "security": [ { "bearer": [] }, { "oauth2": [] }, { "basic": [] }, { "apiKey": [] } ], "summary": "Refresh", "tags": [ "refresh" ] } }, "/v1/register": { "post": { "description": "Register creates a new user in the database with the specified password, allowing the user to login to Openlane. This endpoint requires a 'strong' password and a valid register request, otherwise a 400 reply is returned. The password is stored in the database as an argon2 derived key so it is impossible for a hacker to get access to raw passwords. A personal organization is created for the user registering based on the organization data in the register request and the user is assigned the Owner role", "operationId": "Register", "requestBody": { "content": { "application/json": { "examples": { "success": { "value": { "email": "sfunky@theopenlane.io", "first_name": "Sarah", "last_name": "Funk", "password": "mitb!", "token": "invite_token_example" } } }, "schema": { "$ref": "#/components/schemas/RegisterRequest" } } }, "description": "Request body" }, "responses": { "200": { "content": { "application/json": { "examples": { "success": { "value": { "email": "jsnow@example.com", "message": "User registered successfully", "success": true, "user_id": "01K9MJ23ND309PAN0ZV1ECFYT7" } } }, "schema": { "$ref": "#/components/schemas/RegisterReply" } } }, "description": "Success" }, "400": { "description": "Bad Request" }, "401": { "description": "Unauthorized" }, "500": { "description": "Internal Server Error" }, "default": { "description": "" } }, "security": [], "summary": "Register", "tags": [ "accountRegistration" ] } }, "/v1/resend": { "post": { "description": "Resends an email verification email to the user (only valid if the email is not already verified)", "operationId": "ResendEmail", "requestBody": { "content": { "application/json": { "examples": { "success": { "value": { "email": "cercei.lannister@theopenlane.io" } } }, "schema": { "$ref": "#/components/schemas/ResendRequest" } } }, "description": "Request body" }, "responses": { "200": { "content": { "application/json": { "examples": { "success": { "value": { "message": "Verification email resent successfully", "success": true } } }, "schema": { "$ref": "#/components/schemas/ResendReply" } } }, "description": "Success" }, "400": { "description": "Bad Request" }, "401": { "description": "Unauthorized" }, "500": { "description": "Internal Server Error" }, "default": { "description": "" } }, "security": [], "summary": "ResendEmail", "tags": [ "resend" ] } }, "/v1/runners": { "post": { "description": "Register a job runner node", "operationId": "AgentNodeRegistration", "requestBody": { "content": { "application/json": { "examples": { "success": { "value": { "ip_address": "192.168.0.1", "name": "ubuntu-eu-west-2", "tags": [ "self-hosted", "eu-west-2", "gcp", "kubernetes" ], "token": "registration_tokenhere" } } }, "schema": { "$ref": "#/components/schemas/JobRunnerRegistrationRequest" } } }, "description": "Request body" }, "responses": { "200": { "content": { "application/json": { "examples": { "success": { "value": { "Reply": { "success": true }, "message": "Job runner registered successfully" } } }, "schema": { "$ref": "#/components/schemas/JobRunnerRegistrationReply" } } }, "description": "Success" }, "400": { "description": "Bad Request" }, "401": { "description": "Unauthorized" }, "500": { "description": "Internal Server Error" }, "default": { "description": "" } }, "security": [], "summary": "AgentNodeRegistration", "tags": [ "runners" ] } }, "/v1/sso/callback": { "post": { "description": "Complete SSO login flow callback", "operationId": "SSOCallback", "parameters": [ { "description": "authorization code", "example": "abc", "in": "query", "name": "code", "schema": { "type": "string" } }, { "description": "state value", "example": "state123", "in": "query", "name": "state", "schema": { "type": "string" } }, { "description": "organization id", "example": "01J4EXD5MM60CX4YNYN0DEE3Y1", "in": "query", "name": "organization_id", "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "examples": { "success": { "value": { "access_token": "access_token", "message": "Login successful", "refresh_token": "refresh_token", "session": "session", "success": true, "tfa_enabled": true, "token_type": "bearer" } } }, "schema": { "$ref": "#/components/schemas/LoginReply" } } }, "description": "Success" }, "400": { "description": "Bad Request" }, "401": { "description": "Unauthorized" }, "500": { "description": "Internal Server Error" }, "default": { "description": "" } }, "security": [], "summary": "SSOCallback", "tags": [ "sso" ] } }, "/v1/sso/login": { "post": { "description": "Initiate SSO login flow", "operationId": "SSOLogin", "parameters": [ { "description": "organization id", "example": "01J4EXD5MM60CX4YNYN0DEE3Y1", "in": "query", "name": "organization_id", "schema": { "type": "string" } }, { "description": "return url after authentication", "example": "https://app.mitb.com", "in": "query", "name": "return", "schema": { "type": "string" } }, { "description": "Used when testing the sso was successfully connected", "in": "query", "name": "is_test", "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "examples": { "success": { "value": { "success": false } } }, "schema": { "$ref": "#/components/schemas/Reply" } } }, "description": "Success" }, "400": { "description": "Bad Request" }, "401": { "description": "Unauthorized" }, "500": { "description": "Internal Server Error" }, "default": { "description": "" } }, "security": [], "summary": "SSOLogin", "tags": [ "sso" ] } }, "/v1/sso/token/authorize": { "post": { "description": "Authorize SSO token request", "operationId": "SSOTokenAuthorize", "parameters": [ { "description": "organization id", "example": "01J4EXD5MM60CX4YNYN0DEE3Y1", "in": "query", "name": "organization_id", "schema": { "type": "string" } }, { "description": "token id to authorize", "example": "01JJFVMGENQS9ZG3GVA50QVX5E", "in": "query", "name": "token_id", "schema": { "type": "string" } }, { "description": "token type: api or personal", "example": "api", "in": "query", "name": "token_type", "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "examples": { "success": { "value": { "message": "Token authorized successfully", "organization_id": "01K9MJ3PD7XKJSCT9ZWYGW9CVE", "success": true, "token_id": "01K9MJ23ND309PAN0ZA9XQ3MFH" } } }, "schema": { "$ref": "#/components/schemas/SSOTokenAuthorizeReply" } } }, "description": "Success" }, "400": { "description": "Bad Request" }, "401": { "description": "Unauthorized" }, "500": { "description": "Internal Server Error" }, "default": { "description": "" } }, "security": [ { "bearer": [] }, { "oauth2": [] }, { "basic": [] }, { "apiKey": [] } ], "summary": "SSOTokenAuthorize", "tags": [ "sso" ] } }, "/v1/sso/token/callback": { "get": { "description": "Handle SSO token callback", "operationId": "SSOTokenCallback", "parameters": [ { "description": "authorization code", "example": "abc", "in": "query", "name": "code", "schema": { "type": "string" } }, { "description": "state value", "example": "state123", "in": "query", "name": "state", "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "examples": { "success": { "value": { "message": "Token authorized successfully", "organization_id": "01K9MJ3PD7XKJSCT9ZWYGW9CVE", "success": true, "token_id": "01K9MJ23ND309PAN0ZA9XQ3MFH" } } }, "schema": { "$ref": "#/components/schemas/SSOTokenAuthorizeReply" } } }, "description": "Success" }, "400": { "description": "Bad Request" }, "401": { "description": "Unauthorized" }, "500": { "description": "Internal Server Error" }, "default": { "description": "" } }, "security": [], "summary": "SSOTokenCallback", "tags": [ "sso" ] } }, "/v1/subscribe/verify": { "get": { "description": "Verify a subscription", "operationId": "VerifySubscription", "responses": { "200": { "content": { "application/json": { "examples": { "success": { "value": { "message": "Subscription confirmed, looking forward to sending you updates!", "success": true } } }, "schema": { "$ref": "#/components/schemas/VerifySubscribeReply" } } }, "description": "Success" }, "400": { "description": "Bad Request" }, "401": { "description": "Unauthorized" }, "500": { "description": "Internal Server Error" }, "default": { "description": "" } }, "security": [], "summary": "VerifySubscription", "tags": [ "subscription" ] } }, "/v1/switch": { "post": { "description": "Switch the user's organization context", "operationId": "Switch", "requestBody": { "content": { "application/json": { "examples": { "success": { "value": { "target_organization_id": "01K9MJ3PD7XKJSCT9ZWYGW9CVE" } } }, "schema": { "$ref": "#/components/schemas/SwitchOrganizationRequest" } } }, "description": "Request body" }, "responses": { "200": { "content": { "application/json": { "examples": { "success": { "value": { "access_token": "", "success": false } } }, "schema": { "$ref": "#/components/schemas/SwitchOrganizationReply" } } }, "description": "Success" }, "400": { "description": "Bad Request" }, "401": { "description": "Unauthorized" }, "500": { "description": "Internal Server Error" }, "default": { "description": "" } }, "security": [ { "bearer": [] }, { "oauth2": [] }, { "basic": [] }, { "apiKey": [] } ], "summary": "Switch", "tags": [ "organization" ] } }, "/v1/verify": { "get": { "description": "Used to verify a user's email address - once clicked they will be redirected to the UI with a success or failure message", "operationId": "VerifyEmail", "responses": { "200": { "content": { "application/json": { "examples": { "success": { "value": { "access_token": "access_token", "email": "jsnow@example.com", "message": "Email verified successfully", "refresh_token": "refresh_token", "session": "session", "success": true, "token_type": "bearer", "user_id": "01K9MJ23ND309PAN0ZV1ECFYT7" } } }, "schema": { "$ref": "#/components/schemas/VerifyReply" } } }, "description": "Success" }, "400": { "description": "Bad Request" }, "401": { "description": "Unauthorized" }, "500": { "description": "Internal Server Error" }, "default": { "description": "" } }, "security": [], "summary": "VerifyEmail", "tags": [ "email" ] } } }, "servers": [ { "description": "Openlane API Server", "url": "https://api.theopenlane.io" } ], "tags": [ { "description": "Get resource type by name", "name": "Discovery" }, { "description": "Create a new group", "name": "Groups" }, { "description": "Create a new user", "name": "Users" }, { "description": "AccountAccess", "name": "account" }, { "description": "Register", "name": "accountRegistration" }, { "description": "AcmeSolver", "name": "acme" }, { "description": "GraphQL History Endpoint", "name": "audit logs" }, { "description": "JWKS", "name": "authentication" }, { "description": "ProductCatalog", "name": "catalog" }, { "description": "AcmeSolver", "name": "certificates" }, { "description": "APIDocs", "name": "documentation" }, { "description": "ResendWebhook", "name": "email" }, { "description": "ExampleCSV", "name": "examples" }, { "description": "ExampleCSV", "name": "files" }, { "description": "ForgotPassword", "name": "forgotpassword" }, { "description": "GitHubCallback", "name": "github" }, { "description": "GoogleCallback", "name": "google" }, { "description": "GraphQL Endpoint", "name": "graphql" }, { "description": "Livez", "name": "health" }, { "description": "GraphQL History Endpoint", "name": "history" }, { "description": "EndImpersonation", "name": "impersonation" }, { "description": "GitHubCallback", "name": "oauth" }, { "description": "OrganizationInviteAccept", "name": "organization" }, { "description": "ResetPassword", "name": "password-reset" }, { "description": "GetQuestionnaire", "name": "questionnaire" }, { "description": "Refresh", "name": "refresh" }, { "description": "ResendEmail", "name": "resend" }, { "description": "AgentNodeRegistration", "name": "runners" }, { "description": "CSRF", "name": "security" }, { "description": "SSOCallback", "name": "sso" }, { "description": "Favicon", "name": "static" }, { "description": "VerifySubscription", "name": "subscription" }, { "description": "TFAValidation", "name": "tfa" }, { "description": "TrustCenterAnonymousJWT", "name": "trustcenter" }, { "description": "UserInfo", "name": "user" }, { "description": "WebAuthnWellKnown", "name": "webauthn" }, { "description": "Webfinger", "name": "webfinger" }, { "description": "ResendWebhook", "name": "webhooks" }, { "description": "JWKS", "name": "well-known" } ] }