- Getting Started
- The Swagger Definition
- Examples using the Orchestrator API
- Alerts Requests
- Assets Requests
- Calendars Requests
- Environments Requests
- Folders Requests
- Generic Tasks Requests
- Jobs Requests
- Libraries Requests
- License Requests
- Packages Requests
- Permissions Requests
- Personal Workspaces Requests
- Processes Requests
- Queue Items Requests
- Robots Requests
- Roles Requests
- Schedules Requests
- Settings Requests
- Tasks Requests
- Task Catalogs Requests
- Task Forms Requests
- Tenants Requests
- Transactions Requests
- Users Requests
- Webhooks Requests
- Platform Management APIs
- User Management
- License Management
User Management
Platform management APIs expose the following platform functionality:
Management scenarios |
Authentication methods |
---|---|
User management—create, update, or delete users or groups, and manage organization settings |
All Platform Management API calls are made using HTTP methods to the base URL.
https
protocol.
-
For Automation Cloud and Automation Suite deployments, all Identity Server URLs contain the
/identity_
segment. -
For standalone deployments, all Identity Server URLs contain the
/identity
segment.
Platform Management APIs give your application control over the following resources:
Audit
- GET
{BaseURL}/identity/api/AuditQuery/{organizationId}
- Retrieves the audit logs for the specified organization ID. - GET
{BaseURL}/identity/api/AuditQuery/{organizationId}/download
- Downloads the audit logs for the specified organization ID.
Group
- GET
{BaseURL}/identity/api/Group/{partitionGlobalId}
- Retrieves all local and built-in groups from the specified partition ID (either organization or tenant). - GET
{BaseURL}/identity/api/Group/{partitionGlobalId}/{groupId}
- Retrieves the specified local or built-in group in the specified partition ID. - POST
{BaseURL}/identity/api/Group
- Creates a new local group. - PUT
{BaseURL}/identity/api/Group/{groupId}
- Updates a local group information. - DELETE
{BaseURL}/identity/api/Group/{partitionGlobalId}
- Deletes all local groups from the specified partition ID (either organization or tenant). - DELETE
{BaseURL}/identity/api/Group/{partitionGlobalId}/{groupId}
- Deletes the specified local group.
MessageTemplate
- GET
{BaseURL}/identity/api/MessageTemplate
- Retrieves a message template using the provided filter. - GET
{BaseURL}/identity/api/MessageTemplate/{templateId}
- Retrieves the specified message template. - PUT
{BaseURL}/identity/api/MessageTemplate/{templateId}
- Updates the specified message template.
RobotAccount
- GET
{BaseURL}/identity/api/RobotAccount/{partitionGlobalId}
- Retrieves all robot accounts in the specified partition ID (either organization or tenant). - GET
{BaseURL}/identity/api/RobotAccount/{partitionGlobalId}/{robotAccountId}
- Retrieves the specified robot account in the specified partition ID. - POST
{BaseURL}/identity/api/RobotAccount
- Creates a new robot account. - PUT
{BaseURL}/identity/api/RobotAccount/{robotAccountId}
- Updates the specified robot account information. - DELETE
{BaseURL}/identity/api/RobotAccount/{partitionGlobalId}/{robotAccountId}
- Deletes the specified robot account. - DELETE
{BaseURL}/identity/api/RobotAccount/{partitionGlobalId}
- Deletes all robot accounts in the specified partition ID.
Setting
- GET
{BaseURL}/identity/api/Setting
- Retrieves an application settings based on a list of keys for a specific tenant. - PUT
{BaseURL}/identity/api/Setting
- Updates or creates new settings in a specific tenant.
User
- GET
{BaseURL}/identity/api/User/{userId}
- Retrieves information about the specified user. - POST
{BaseURL}/identity/api/User
- Creates a new user. This endpoint is idempotent: Trying to overwrite a user deletes the existing one. - POST
{BaseURL}/identity/api/User/BulkCreate
- Creates users in bulk. - POST
{BaseURL}/identity/api/User/{userId}
/changepassword - Updates the password for the specified user. - PUT
{BaseURL}/identity/api/User/{userId}
- Updates the specifid user information. - DELETE
{BaseURL}/identity/api/User
- Deletes all users. - DELETE
{BaseURL}/identity/api/User/{userId}
- Deletes the specified user.
UserLoginAttempt
- GET
{BaseURL}/identity/api/User/{userId}/loginAttempts
- Retrieves the login attempts of the specified user.
Scopes define your application level of access to the Platform Management resources.
For example, to generate an authentication token for your application, you pass in several scopes. When your application makes an API call to access a resource, the token is validated against the resource scopes. If the resource is included in the scopes you passed in at token request, the call is successful, and it further checks for user permissions per endpoint (Read permissions for GET requests, and Write permissions for POST, PUT, or DELETE requests). Otherwise, the server rejects the call.
Permissions grant your application users the access to a specific functionality inside a resource. Each permission is linked to a scope. After your application successfully accesses the resource, the server checks if the authenticated user has the right permission for the corresponding method of the endpoint.
For example, you may restrict some users from deleting or updating user groups, but still they can view them.
Generically, GET methods require Read permissions, while POST, PUT, and DELETE methods require Write permissions.
The table below summarizes the required scopes and permissions to perform a specific action:
Resource |
Scopes |
Permissions |
---|---|---|
AuditQuery |
PM.Audit |
PM.Audit.Read (for GET requests) |
Group |
PM.Group |
PM.Group.Read (for GET requests) PM.Group.Write (for POST, PUT, and DELETE requests) |
MessageTemplate |
PM.MessageTemplate |
PM.MessageTemplate.Read (for GET requests) PM.MessageTemplate.Write (for PUT requests) |
RobotAccount |
PM.RobotAccount |
PM.RobotAccount.Read (for GET requests) PM.RobotAccount.Write (for POST, PUT, and DELETE requests) |
Setting |
PM.Setting |
PM.Setting.Read (for GET requests) PM.Setting.Write (for PUT requests) |
User |
PM.User |
PM.User.Read (for GET requests) PM.User.Write (for POST, PUT, or DELETE requests) |
UserLoginAttempt |
PM.UserLoginAttempt |
PM.UserLoginAttempt.Read (for GET requests) |