Subscriber Management REST APIs¶
Tip
Before you begin, follow the steps here to get the OAuth bearer token with the
apim:subscribe
scope so that you can consume the APIs listed on this page.
REST APIs that can be invoked with an admin access token¶
Following are the APIs that you can invoke with an access token generated with admin credentials.
Subscriber Authentication API¶
Request¶
HTTP Request method | POST |
URL | https://gateway.api.cloud.wso2.com/api/am/user/subscriber/authenticate/ |
Headers | Content-Type: application/json |
Payload | Username is constructed using the email address(alex@ wso2.com ) and tenant domain(testcompany). |
Response¶
Successful invocation
{
"success": true,
"authenticated": true,
"message": "User is successfully authenticated."
}
{
"success": true,
"authenticated": false,
"message": "Authentication data is invalid."
}
If the security token is invalid
<ns1:XMLFault xmlns:ns1="http://cxf.apache.org/bindings/xformat">
<ns1:faultstring>org.apache.cxf.interceptor.security.AuthenticationException: Unauthenticated request</ns1:faultstring>
</ns1:XMLFault>
Note
The failure error given above will be converted into JSON format in a future releases of this API.
Subscriber Invitation API¶
Tip
Before you begin, be sure to enable self sign up to the API.
Request¶
HTTP Request method | POST |
URL | https://gateway.api.cloud.wso2.com/api/am/user/subscriber/ |
Headers | Content-Type: application/json |
Payload | Username is constructed using the email address(‘alex.cse@ gmail.com ’) and tenant domain(testcompany). |
Response¶
Successful invocation
{
"success": true,
"message": "User is invited successfully."
}
If the security token is invalid
<ns1:XMLFault xmlns:ns1="http://cxf.apache.org/bindings/xformat">
<ns1:faultstring>org.apache.cxf.interceptor.security.AuthenticationException: Unauthenticated request</ns1:faultstring>
</ns1:XMLFault>
Note
The failure error given above will be converted into JSON format in the future releases of this API.
Subscriber Invitation Verification API¶
Tip
Before you begin...
This API is required to invite a member or approve a self sign up request made by a user. You need to obtain the registration link of the user to invoke this API. This is an intermediate step to verify the confirmation key of members, before adding them to your organization
Request¶
HTTP Request method | POST |
URL | https://gateway.api.cloud.wso2.com/api/am/user/subscriber /confirm-invitee/ |
Headers | Content-Type: application/json |
Payload |
The confirmation key is retrieved from the invitation link received by the end user you need to add to the organization. A sample is given below.
https://wso2store.wso2.com/site/pages/confirm-verification.jag?confirmation=11508277-080d-45e4-b7ac-956f76c3f93f&isStoreInvitee=true&tenant=mycompany.
You need to extract the following information, required for the request query parameters.
Parameter | Description |
---|---|
isStoreInvitee |
Obtained from the one-time link of a self-signed up user. If not found, pass this parameter with a null value. |
IsInvitee |
Obtained from the one-time link of an invited user. If not found, pass this parameter with a null value. |
Response¶
Successful invocation for new users to WSO2 Cloud
{
"success":true,
"message":"Successfully confirmed the the confirmation key for the user [email protected]","data":"{\"confirmationKey\":\"a346c52d-f9b0-4415-c409-00300dbc23ba\",\"email\":\"[email protected]\"}"
}
You can add the user after successful confirmation
Successful invocation for existing users to WSO2 Cloud
{
"success":true,
"message":"The user : [email protected] has been successfully invited. Please use the same password to login"
}
Unsuccessful invocation (Invalid code)
{
"success":false,
"message":"The link you are trying to click or the provided confirmation code has expired or is not valid"
}
Subscriber Registration API¶
Tip
The tenant admin is recommended to perform this task.
Request¶
HTTP Request method | POST |
URL | https://gateway.api.cloud.wso2.com/api/am/user/subscriber / addUser |
Headers | Content-Type: application/json |
Payload |
The confirmation key is retrieved from the invitation link received by the end user. Note the guidelines below to for the formats of the input parameters
Parameter | Description |
---|---|
Password |
The password should have at least three of the criteria mentioned below.
|
firstName |
The first name of the user (alphanumeric characters only) |
lastName |
The last name of the user (alphanumeric characters only) |
Response¶
Successful invocation
{
"success":true,
"message":"Successfully added the user to the tenant testrest"
}
Unsuccessful invocation
{
"success":false,"
message":"Unable to retrieve user information. Invalid confirmation key provided. Please check the confirmation key and try again"
}
Reset password APIs¶
Step 1 - Initiation of the password reset API¶
Reset password initiation API¶
Request¶
HTTP Request method | POST | ||||||||||||
URL | https://gateway.api.cloud.wso2.com/api/am/user/subscriber /reset-password/initiate | ||||||||||||
Headers | Content-Type: application/json |
||||||||||||
Payload |
|
Note
Follow Step 2 and 3 after you are re-directed.
Response¶
Successful invocation
{
"success":true,
"message":"Successfully added the user to the tenant testrest"
}
Unsuccessful invocation (Invalid security token)
{
"success":false,"
message":"Unable to retrieve user information. Invalid confirmation key provided. Please check the confirmation key and try again"
}
Step 2 - Verifying the input values for password reset¶
Reset password verification API¶
Request¶
HTTP Request method | POST | ||||||
URL | https://gateway.api.cloud.wso2.com/api/am/user/subscriber /reset-password/verify | ||||||
Headers | Content-Type: application/json |
||||||
Payload |
|
Response¶
Successful invocation
{
"success":true,
"message":"Provided verification code for the email [email protected] has been successfully verified",
"data":"{\"confirmationKey\":\"e0ed4sf-2a36s-40ae-80ea eeffc5c41e2c\",\"verified\":true,\"userName\":\"[email protected]\",\"email\":\"[email protected]\"}"
}
You have to extract the confirmationKey
from
data
for Step 3.
Step 3 - Confirming password reset with new password¶
Reset password confirmation API¶
Request¶
HTTP Request method | POST | ||||||||
URL | https://gateway.api.cloud.wso2.com/api/am/user/subscriber /reset-password/confirm | ||||||||
Headers | Content-Type: application/json |
||||||||
Payload |
|
Response¶
Successful invocation
{
"success":true,
"message":"Password has been successfully reset for the user [email protected]. Please login with your new password."
}
You have now successfully reset the password, after completing the steps listed above.
REST APIs that can be invoked with a subscriber access token¶
API Store statistics API¶
Request¶
HTTP Request method | POST | ||||||||
URL | https://gateway.api.cloud.wso2.com/api/am/user/subscriber/statistics | ||||||||
Headers | Content-Type: application/json |
||||||||
Payload |
|
Note that your response will differ according to the requested type of statistics. A successful invocation would be similar to the sample given below.
Response¶
Successful invocation
{
"success":true,
"message":"Successfully retrieved the statistics data for the statistics type getTopAppUsers for the user [email protected]@testcompany",
"data":"[{\"appName\":\"iot_ui_testcompany\",\"userCountArray\":[{\"count\":52,\"user\":\"[email protected]@testcompany\"}]}]"
}
Top