UM : API Details and Queries
Login, Logout, Change Password, Reset Password API
Application deploys with default 1 admin user with all permission over all data models of user management as well as applications. Admin user can login and create more users and define other roles with capabilities. Admin user can grant ReadWrite, ReadOnly and Hidden permission to the data models. Admin user can give ReadWrite access to the other roles also for creation of roles, capabilities and users.
Default username/Password : Admin/Pass@123
userToken and appName : Requester can provide this values in headers or URL arguments.
Type | API URL | Request | Header | Response | Remark |
---|---|---|---|---|---|
Login | https://<server>:<port>/fid-Authentication/login | Empty | Authorization: Basic | Response <Auth> <Status>Success</Status> <Message>Login Successful</Message> <Token>uqhjrf7ba4qauv7i1551009679429</Token> <Expiry>1551020479429</Expiry> <RoleID>AdminRoleId</RoleID> </Auth> | |
Logout | https://<server>:<port>/fid-Authentication/logout | Empty | userToken:{{userToken}} | Response <Auth> <Status>Success</Status> <Message>User session ended successfully.</Message> </Auth> | |
Change Password | http://<server>:<port>/fid-UserManagement | Request <ChangePassword> <userName>Admin</userName> <oldPassword>Pass@123</oldPassword> <password>Jack@123</password> </ChangePassword> | Content-Type:application/xml userToken:{{userToken}} appName:UM | Response <Auth> <Status>Success</Status> <Message>Password changed successfully.</Message> </Auth> | userToken and appName could be given in headers or URL arguments. Change validates old password and new password should follow password policy. Please check password policy under user management section. |
Reset Password | http://<server>:<port>/fid-UserManagement | Request <ResetPassword> <userName>Admin</userName> </ResetPassword> | Content-Type:application/xml userToken:{{superUser}} appName:UM | Response <Auth> <Status>Success</Status> <Message>Password reset successfully.</Message> </Auth> | username is required to reset password. Password will set to Pass@123 and auto mail will triggered to the user mail id. |
Create User, Role, Capability, Mappings, Permission
Type | API URL | Request | Header | Response | Remark |
---|---|---|---|---|---|
User | http://<server>:<port>/fid-UserManagement | Request <CreateUser> <firstName>Tony</firstName> <lastName>Stark</lastName> <userName>Stark</userName> <emailId>Stark@gmail.com</emailId> <roleId>OperatorRoleId</roleId> </CreateUser> | userToken:{{userToken}} Content-Type:application/xml appName:UM | Response <Create> <Status> Success </Status> <Message> User Created Successfully </Message> <UserId> udbshj </UserId> </Create> | username should be unique and role associated with Id should be created before creating user. |
User | http://<server>:<port>/fid-UserManagement | Request <find only="username,firstname, lastname, emailId, roleid"> <User> <username>Admin</username> </User> </find> | userToken:{{userToken}} Content-Type:application/xml appName:UM | Response <Find Status="Success"> <Result> <User> <emailId>kishorekislay007@gmail.com</emailId> <lastName>Admin</lastName> <roleId>AdminRoleId</roleId> <userName>Admin</userName> <firstName>Admin</firstName> </User> </Result> </Find> | Password is encrypted and hidden. |
Delete User | http://<server>:<port>/fid-UserManagement | Request <DeleteUser> <username>Tony.Stark</username> </DeleteUser> | userToken:{{userToken}} Content-Type:application/xml appName:UM | Response <Status>User Deleted Successfully</Status> | Username should be provided. |
Update User | http://<server>:<port>/fid-UserManagement | Request <Save mode="unsafe"> <User> <username>Tony.Stark</username> <emailId>Stark@gmail.com</emailId> <roleId>OperatorRoleId</roleId> <firstName>Tony</firstName> <lastName>Stark</lastName> </User> </Save> | userToken:{{userToken}} Content-Type:application/xml appName:UM | Update Response | Only admin user should use this query with roleId. As there is ReadWrite access for every Role on User model. Any user can change roleId and make it as AdminRoleId and can access to the application models. So, this query should only be used by admin user. |
Role | http://<server>:<port>/fid-UserManagement | Request <Create> <Role> <SysId>OperatorRoleId</SysId> <roleName>Operator</roleName> <description>Operator</description> <createDate>[:$Now():]</createDate> </Role> </Create> | Content-Type:application/xml userToken:{{userToken}} appName:UM | Create Success Response Message | RoleName should be unique. |
Role | http://<server>:<port>/fid-UserManagement | Request <find> <role> <sysid>AdminRoleId</sysid> </role> </find> | Content-Type:application/xml userToken:{{userToken}} appName:UM | Response <Find Status="Success"> <Result> <Role> <sysId>AdminRoleId</sysId> <roleName>Admin</roleName> <description>Administrator</description> <createDate>1550934717348</createDate> </Role> </Result> </Find> | |
Delete Role | http://<server>:<port>/fid-UserManagement | Request <DeleteAll> <Role> <sysid eq="OperatorRoleId"/> </Role> </DeleteAll> | Content-Type:application/xml userToken:{{userToken}} appName:UM | Delete Response Message | Ideally we shouldn't delete any role. As, there may be chances that some user with that role is already created. If we are deleting Role then all those users should also be deleted. Also, all mappings related with that role should be deleted from everywhere. |
Update Role | There is nothing in role update except for description and there is no use for that anywhere. We shouldn't update Rolename , RoleId etc as these are used in mapping and will effect while creating cache modifiers. | ||||
Capability | http://<server>:<port>/fid-UserManagement | Request <Create> <Capability> <SysId> OperatorMonitoringCapability </SysId> <capabilityName> OperatorMonitoringCapability </capabilityName> <description> ReadWrite Capabilities for all roles </description> <createDate>[:$Now():]</createDate> </Capability> </Create> | Content-Type:text/xml userToken:{{userToken}} appName:UM | Create Success Response Message | capabilityName should be unique. |
Mappings | http://<server>:<port>/fid-UserManagement | Request <Create> <RoleCapabilityMapping> <SysId>OperatorControlMapping</SysId> <roleId>OperatorRoleId</roleId> <capabilityId>OperatorMonitoringCapability</capabilityId> <permission>ReadWrite</permission> </RoleCapabilityMapping> <CapabilityModelAssociation> <capabilityId>OperatorMonitoringCapability</capabilityId> <associationData>Atomiton.UserManagement.User</associationData> <resolveIndex>1</resolveIndex> <appModel>false</appModel> </CapabilityModelAssociation> </Create> <RoleBasedModelModifiersHTTP> <roleKey>OperatorRoleId</roleKey> </RoleBasedModelModifiersHTTP> <AppModelModifiersHTTP> <roleKey>OperatorRoleId</roleKey> <appName>HelloTQL</appName> </AppModelModifiersHTTP> | Content-Type:application/xml userToken:{{userToken}} appName:UM | Create Success Response Message | RoleBasedModelModifiersHTTP and AppModelModifiersHTTP should be called at end as these macros will create cache modifiers at user management and application. In RoleCapabilityMapping we map role with capability and provide access for that. In CapabilityModelAssociation we map Capability with model. Here we need association data that is fully qualified name for data model. There is 1 macro ListAllModels that lists all models with QName and that is required while mapping. ResolveIndex should default set to 1. AppModel should be set to true only if the datamodel belongs to application else false. If AppModel is true then we need to provide appName for that. |
Create | http://<server>:<port>/fid-UserManagement | Request <Create> <RoleMenuTabMapping> <roleID>AdminRoleId</roleID> <menuTabName>UMFunctionality</menuTabName> </RoleMenuTabMapping> </Create> | Content-Type:application/xml userToken:{{userToken}} appName:UM | Create Success Response Message | This model is used for group of tabs that should be visible for the role. This will be used at UI side for displaying tabs after logging in. |
Find | http://<server>:<port>/fid-UserManagement | Reuqest <find> <RoleMenuTabMapping> <roleID>AdminRoleId</roleID> </RoleMenuTabMapping> </find> | Content-Type:application/xml userToken:{{userToken}} appName:UM | Response <Find Status="Success"> <Result> <RoleMenuTabMapping> <sysId>NEXSBB23AAAKYHY5WTS6LWLD</sysId> <menuTabName>UMFunctionality</menuTabName> <roleID>AdminRoleId</roleID> </RoleMenuTabMapping> </Result> </Find> | While logging in do find query over RoleMenuTabMapping to get the list of tabs that should be visible for that role. |
List All models | http://<server>:<port>/fid-UserManagement | Request <ListAllModels/> | Content-Type:application/xml userToken:{{userToken}} appName:UM | Response with list of all models(Applications + user management) Response <modelsList> <UM> <Data> <Name>UserPasswords</Name> <QName>Atomiton.UserManagement.UserPasswords</QName> </Data> </UM> <HelloTQL> <Data> <Name>HiddenModel</Name> <QName>Atomiton.Sensors.HiddenModel</QName> </Data> </HelloTQL> </modelsList> Here, UM is user management tag and HelloTQL is application tag, HelloTQL is application name and inside that there is Name i.e model name and Qname is fully qualified name i.e used as associationData in mapping. | This will be used for the mapping purpose. |
Other Requests
Type | API URL | Request | Header | Response |
---|---|---|---|---|
Application | http://<server>:<port>/fid-UserManagement | Request <find> <RGBModel> <rgbId ne=""/> </RGBModel> </find> <find> <VendorInfo> <vendorId ne=""/> </VendorInfo> </find> <find> <HiddenModel> <Id ne=""/> </HiddenModel> </find> | Content-Type:text/xml userToken:{{userToken}} appName:{{appName}} | Application Request response |
UM Requests | http://<server>:<port>/fid-UserManagement | Request <find> <UserPasswords> <sysid ne=""/> </UserPasswords> </find> | Content-Type:application/xml userToken:{{userToken}} appName:UM | User Management Request response |