IDA API Help Page


Status

The Status end-point provides general information about the Identity Authority.

APIDescription
GET v2/api/status

Returns the Identity Authority status information.

PseudonymousKey

The PseudonymousKey end-point provides a means to generate pseudonymous keys. It is only accessible to users whose API Credentials have the Generator role.

APIDescription
POST v2/api/pseudonymouskey

Generate a new signed Pseudonymous Key for an actor. The mechanism used to sign the response is periodically changed, so the response should be passed to the Data Engine shortly after generation or validation may return false.

PseudonymousKeyBatch

The PseudonymousKeyBatch end-point which provides the means to generate a batch of Pseudonymous Keys in one response packet for users whose API Credentials have the Generator role.

APIDescription
POST v2/api/pseudonymouskeybatch

Generate a new signed batch of Pseudonymous Keys. The mechanism used to sign the response is periodically changed, so the response should be passed to the Data Engine shortly after generation or validation may return false.

Validation

The Validation end-point provides the means to validate a signed PseudonymousKey or a signed batch of PseudonymousKeys for users whose API Credentials have the Validator role.

APIDescription
POST v2/api/validation

Validates a single signed Pseudonymous Key or a signed batch of Pseudonymous Keys to ensure that they were generated by IDA. The mechanism used for signing is periodically changed. If validation returns HTTP Status 410 (Gone), the caller must request that the Operator requests a new Pseudonymous Key.



ApiCredential

The ApiCredential end-points are for the management of API Credentials by Interactive Users.

APIDescription
GET v2/api/users/{id}/api-credentials

Returns the list of API credentials associated with the specified user. Only the Administrator who created the specified user or the user themselves can call this method, otherwise 403:Forbidden is returned.

DELETE v2/api/users/{id}/api-credentials

Delete all API Credentials from a specified Interactive User's list. Only the Administrator who created the specified user or the user themselves can call this method, otherwise 403:Forbidden is returned. If the target user is disabled a 400:BadRequest is returned. If the specified user is not known a 404:NotFound is returned.

DELETE v2/api/api-credentials/{id}

Deletes the specified API Credential. Only either the Interactive User who owns the specified API Credential or their associated Administrator can call this method, otherwise 403:Forbidden is returned. If the Interactive User is disabled a 400:BadRequest is returned. If the specified API Credential is not known a 404:NotFound is returned.

POST v2/api/api-credentials/{id}/enabled

(Re)enable/disable the specified API credential. Only either the Interactive User who owns the specified API Credential or their associated Administrator can call this method, otherwise 403:Forbidden is returned.

POST v2/api/users/{id}/api-credentials

Creates a new API credential for the specified user.

Operator

The Operator end-point allows a B2BGenerator to add a new API Credential for an operator with a newly generated Pseudonymous Key.

APIDescription
POST v2/api/users/{id}/operator

Creates a new API Credential for an operator with a newly signed Pseudonymous Key. This API call can only be made by a user with the role B2BGenerator.



User

The User end-points are for administration of Interactive Users.

APIDescription
GET v2/api/users

Returns a list of Interactive Users which the caller has created. This API call can only be made by a user with the role Administrator.

GET v2/api/users/{id}

Returns a specified user with a list of their API Credentials. This API call can be made by either the Administrator who created the target user or the target user themselves, otherwise a 403:Forbidden is returned.

POST v2/api/users

Creates a new Interactive User. This API call can only be made by a user with the role Administrator.

DELETE v2/api/users/{id}

Deletes the specified Interactive User, including any associated API Credentials. This API call can only be made by the Administrator who created the target user, otherwise a 403:Forbidden is returned. If the user is not known a 404:BadRequest is returned.

POST v2/api/users/{id}/name

Updates the name of the specified Interactive User to another valid name. This API call can be made by either the Administrator who created the target user or the target user themselves, otherwise a 403:Forbidden is returned.

POST v2/api/users/{id}/username

Updates the username of the specified Interactive User. This API call can be made by either the Administrator who created the target user or the target user themselves.

POST v2/api/users/{id}/password

Updates the password of the specified Interactive User to another valid password. This API call can be made by either the Administrator who created the target user or the target user themselves.

POST v2/api/users/{id}/enabled

Sets the activity of the specified Interactive User. Disabling a user also deactivates all associated API Credentials. Re-enabling a user sets them back to their exact previous active state - i.e. password and API Credentials are exactly as they were. This API call can only be made by the Administrator who created the target user.

Metrics

The Metric end-point provides the means to measure the activity of the of all end-points, for each user for the last twelve weeks.

APIDescription
GET v2/api/api-counts

Returns the last 12 week's counts (by user) of the number of calls made to each endpoint. This API call can only be made by a user with the role Administrator.