UM : API Details and Queries

Login, Logout, Change Password, Reset Password API

Application deploys with default 1 admin user with all permission over all data models of user management as well as applications. Admin user can login and create more users and define other roles with capabilities. Admin user can grant ReadWrite, ReadOnly and Hidden permission to the data models. Admin user can give ReadWrite access to the other roles also for creation of roles, capabilities and users. 

Default username/Password : Admin/Pass@123

userToken and appName : Requester can provide this values in headers or URL arguments.

TypeAPI URLRequestHeaderResponseRemark
Loginhttps://<server>:<port>/fid-Authentication/loginEmpty

Authorization: Basic
Username : Admin
Password : Pass@123

Response
<Auth>
  <Status>Success</Status>
  <Message>Login Successful</Message>
  <Token>uqhjrf7ba4qauv7i1551009679429</Token>
  <Expiry>1551020479429</Expiry>
  <RoleID>AdminRoleId</RoleID>
</Auth>

Logouthttps://<server>:<port>/fid-Authentication/logoutEmptyuserToken:{{userToken}}
Response
<Auth>
  <Status>Success</Status>
  <Message>User session ended successfully.</Message>
</Auth>

Change Passwordhttp://<server>:<port>/fid-UserManagement
Request
<ChangePassword>
	<userName>Admin</userName>
	<oldPassword>Pass@123</oldPassword>
	<password>Jack@123</password>
</ChangePassword>

Content-Type:application/xml
userToken:{{userToken}}
appName:UM
Response
<Auth>
    <Status>Success</Status>
    <Message>Password changed successfully.</Message>
</Auth>

userToken and appName could be given in headers or URL arguments.

Change validates old password and new password should follow password policy. Please check password policy under user management section.

Reset Passwordhttp://<server>:<port>/fid-UserManagement
Request
<ResetPassword>
	<userName>Admin</userName>
</ResetPassword>	
Content-Type:application/xml
userToken:{{superUser}}
appName:UM
Response
<Auth>
    <Status>Success</Status>
    <Message>Password reset successfully.</Message>
</Auth>
username is required to reset password. Password will set to Pass@123 and auto mail will triggered to the user mail id.

Create User, Role, Capability, Mappings, Permission

TypeAPI URLRequestHeaderResponseRemark
Userhttp://<server>:<port>/fid-UserManagement
Request
<CreateUser>
	<firstName>Tony</firstName>
	<lastName>Stark</lastName>
	<userName>Stark</userName>
	<emailId>Stark@gmail.com</emailId>
	<roleId>OperatorRoleId</roleId>
</CreateUser>
userToken:{{userToken}}
Content-Type:application/xml
appName:UM
Response
<Create>
    <Status>
		Success
	</Status>
    <Message>
		User 
		Created 
		Successfully
	</Message>
    <UserId>
		udbshj
	</UserId>
</Create>
username should be unique and role associated with Id should be created before creating user.

User
Details

http://<server>:<port>/fid-UserManagement
Request
<find  only="username,firstname, lastname, emailId, roleid">
	<User>
		<username>Admin</username>
	</User>
</find>
userToken:{{userToken}}
Content-Type:application/xml
appName:UM
Response
<Find Status="Success">
    <Result>
        <User>
            <emailId>kishorekislay007@gmail.com</emailId>
            <lastName>Admin</lastName>
            <roleId>AdminRoleId</roleId>
            <userName>Admin</userName>
            <firstName>Admin</firstName>
        </User>
    </Result>
</Find>
Password is encrypted and hidden.
Delete Userhttp://<server>:<port>/fid-UserManagement
Request
<DeleteUser>
	<username>Tony.Stark</username>
</DeleteUser>	
userToken:{{userToken}}
Content-Type:application/xml
appName:UM
Response
<Status>User Deleted Successfully</Status>
Username should be provided.
Update Userhttp://<server>:<port>/fid-UserManagement
Request
<Save mode="unsafe">
    <User>
        <username>Tony.Stark</username>
        <emailId>Stark@gmail.com</emailId>
        <roleId>OperatorRoleId</roleId>
        <firstName>Tony</firstName>
        <lastName>Stark</lastName>
    </User>
</Save>
userToken:{{userToken}}
Content-Type:application/xml
appName:UM
Update Response

Only admin user should use this query with roleId.

As there is ReadWrite access for every Role on User model. Any user can change roleId and make it as AdminRoleId and can access to the application models. So, this query should only be used by admin user. 

Rolehttp://<server>:<port>/fid-UserManagement
Request
<Create>
	<Role>
		<SysId>OperatorRoleId</SysId>
	    <roleName>Operator</roleName>
	    <description>Operator</description>
	    <createDate>[:$Now():]</createDate>
	</Role>
</Create>	
Content-Type:application/xml
userToken:{{userToken}}
appName:UM

Create Success Response Message

RoleName should be unique.

Role
Details

http://<server>:<port>/fid-UserManagement
Request
<find>
	<role>
		<sysid>AdminRoleId</sysid>
	</role>
</find>
Content-Type:application/xml
userToken:{{userToken}}
appName:UM
Response
<Find Status="Success">
    <Result>
        <Role>
            <sysId>AdminRoleId</sysId>
            <roleName>Admin</roleName>
            <description>Administrator</description>
            <createDate>1550934717348</createDate>
        </Role>
    </Result>
</Find>

Delete Rolehttp://<server>:<port>/fid-UserManagement
Request
<DeleteAll>
	<Role>
		<sysid eq="OperatorRoleId"/>
	</Role>
</DeleteAll>
Content-Type:application/xml
userToken:{{userToken}}
appName:UM
Delete Response Message

Ideally we shouldn't delete any role. As, there may be chances that some user with that role is already created. 

If we are deleting Role then all those users should also be deleted. 

Also, all mappings related with that role should be deleted from everywhere.

Update Role



There is nothing in role update except for description and there is no use for that anywhere. We shouldn't update Rolename , RoleId etc as these are used in mapping and will effect while creating cache modifiers.
Capabilityhttp://<server>:<port>/fid-UserManagement
Request
<Create>
    <Capability>
        <SysId>
			OperatorMonitoringCapability
		</SysId>
      	<capabilityName>
			OperatorMonitoringCapability
		</capabilityName>
        <description>
			ReadWrite Capabilities for all roles
	    </description>
        <createDate>[:$Now():]</createDate>
    </Capability>
</Create>
Content-Type:text/xml
userToken:{{userToken}}
appName:UM


Create Success Response Message

capabilityName should be unique.
Mappingshttp://<server>:<port>/fid-UserManagement
Request
<Create>
    <RoleCapabilityMapping>
        <SysId>OperatorControlMapping</SysId>
        <roleId>OperatorRoleId</roleId>
        <capabilityId>OperatorMonitoringCapability</capabilityId>
        <permission>ReadWrite</permission>
    </RoleCapabilityMapping>
	<CapabilityModelAssociation>
        <capabilityId>OperatorMonitoringCapability</capabilityId>
        <associationData>Atomiton.UserManagement.User</associationData>
        <resolveIndex>1</resolveIndex>
        <appModel>false</appModel>
    </CapabilityModelAssociation>   
</Create>
	<RoleBasedModelModifiersHTTP>
	    <roleKey>OperatorRoleId</roleKey>
	</RoleBasedModelModifiersHTTP>
	<AppModelModifiersHTTP>
		<roleKey>OperatorRoleId</roleKey>
		<appName>HelloTQL</appName>
	</AppModelModifiersHTTP>
Content-Type:application/xml
userToken:{{userToken}}
appName:UM
Create Success Response Message

RoleBasedModelModifiersHTTP and AppModelModifiersHTTP should be called at end as these macros will create cache modifiers at user management and application.

In RoleCapabilityMapping we map role with capability and provide access for that.

In CapabilityModelAssociation we map Capability with model. Here we need association data that is fully qualified name for data model. There is 1 macro ListAllModels that lists all models with QName and that is required while mapping. ResolveIndex should default set to 1. AppModel should be set to true only if the datamodel belongs to application else false. If AppModel is true then we need to provide appName for that.


Create
RoleTab
Mapping

http://<server>:<port>/fid-UserManagement
Request
<Create>
	<RoleMenuTabMapping>
		<roleID>AdminRoleId</roleID>
		<menuTabName>UMFunctionality</menuTabName>
	</RoleMenuTabMapping>
</Create>
Content-Type:application/xml
userToken:{{userToken}}
appName:UM
Create Success Response MessageThis model is used for group of tabs that should be visible for the role. This will be used at UI side for displaying tabs after logging in.

Find
RoleTab
Mapping

http://<server>:<port>/fid-UserManagement
Reuqest
<find>
	<RoleMenuTabMapping>
		<roleID>AdminRoleId</roleID>
	</RoleMenuTabMapping>
</find>	
Content-Type:application/xml
userToken:{{userToken}}
appName:UM
Response
<Find Status="Success">
    <Result>
        <RoleMenuTabMapping>
            <sysId>NEXSBB23AAAKYHY5WTS6LWLD</sysId>
            <menuTabName>UMFunctionality</menuTabName>
            <roleID>AdminRoleId</roleID>
        </RoleMenuTabMapping>
    </Result>
</Find>
While logging in do find query over RoleMenuTabMapping to get the list of tabs that should be visible for that role.
List All modelshttp://<server>:<port>/fid-UserManagement
Request
<ListAllModels/>
Content-Type:application/xml
userToken:{{userToken}}
appName:UM

Response with list of all models(Applications + user management)

Response
<modelsList>
    <UM>
        <Data>
            <Name>UserPasswords</Name>
            <QName>Atomiton.UserManagement.UserPasswords</QName>
        </Data>
    </UM>
<HelloTQL>
        <Data>
            <Name>HiddenModel</Name>
            <QName>Atomiton.Sensors.HiddenModel</QName>
        </Data>
    </HelloTQL>
</modelsList>

Here, UM is user management tag and HelloTQL is application tag, HelloTQL is application name and inside that there is Name i.e model name and Qname is fully qualified name i.e used as associationData in mapping.

This will be used for the mapping purpose.

Other Requests

TypeAPI URLRequestHeaderResponse

Application
Requests

http://<server>:<port>/fid-UserManagement
Request
<find>
    <RGBModel>
        <rgbId ne=""/>
    </RGBModel>
</find>
<find>
    <VendorInfo>
        <vendorId ne=""/>
    </VendorInfo>
</find>
<find>
    <HiddenModel>
        <Id ne=""/>
    </HiddenModel>
</find>
Content-Type:text/xml
userToken:{{userToken}}
appName:{{appName}}
Application Request response
UM
Requests
http://<server>:<port>/fid-UserManagement
Request
<find>
	<UserPasswords>
		<sysid ne=""/>
	</UserPasswords>
</find>		
Content-Type:application/xml
userToken:{{userToken}}
appName:UM
User Management Request response