RBAC API
Use the RBAC API to manage users, user groups, roles, permissions, tokens, password, and LDAP or SAML connections.
Endpoint | Use |
---|---|
users |
Manage local users as well as those from a directory service, get lists of users, and create new local users. This endpoint has a v1 and v2. The v2 GET /users endpoint has more filtering options. |
groups |
Get lists of groups and add a new remote user group. This endpoint has a v1 and v2. The v2 POST /groups endpoint has the option to validate the group against LDAP before creating it. |
roles |
Get lists of user roles and create new roles. |
permissions |
Get information about available objects and the permissions that can be constructed for those objects. |
ds (directory service) |
Get information about the directory service, test your directory service connection, and replace directory service connection settings. This endpoint has a v1 and v2. Use the v2 GET /ds endpoint to get information about your directory service. |
saml |
Configure SAML, get SAML configuration details, and get the public certificate and URLs for configuration. |
password |
Generate password reset tokens and update user passwords. |
tokens |
Generate authentication tokens to access PE. Use the v1 token endpoints to create tokens, and use the v2 token endpoints to revoke and validate tokens. |
rbac-service |
Use the Status API to check the status of the RBAC service. |
-
Forming RBAC API requests
The role-based access control (RBAC) API accepts well-formed HTTPS requests. Token-based authentication is required for most endpoints. You can use either user authentication tokens or allowed certificates to authenticate requests. -
RBAC service errors
RBAC API error responses can be formatted as ctext/html
or JSON objects. -
RBAC API v1
Use the role-based access control (RBAC) API v1 endpoints to manage users, directory service groups, roles, permissions, tokens, passwords, and LDAP and SAML connection settings. -
RBAC API v2
The role-based access control (RBAC) API v2 service enables you to fetch information about users, create groups, revoke tokens, validate tokens, and get information about your LDAP directory service.
Related information