Skip to content

Subscriber Management REST APIs

Tip

Before you begin, follow the steps here to get the OAuth bearer token with the apim:subscribe scope so that you can consume the APIs listed on this page.

REST APIs that can be invoked with an admin access token

Following are the APIs that you can invoke with an access token generated with admin credentials.

Subscriber Authentication API

Request

HTTP Request method POST
URL https://gateway.api.cloud.wso2.com/api/am/user/subscriber/authenticate/
Headers

Content-Type: application/json
Authorization: Bearer <Bearer token received by following prerequisites>

Payload

Username is constructed using the email address(alex@ wso2.com ) and tenant domain(testcompany).

Response

Successful invocation

{
   "success": true,
   "authenticated": true,
   "message": "User is successfully authenticated."
   }
   {
   "success": true,
   "authenticated": false,
   "message": "Authentication data is invalid."
}

If the security token is invalid

<ns1:XMLFault xmlns:ns1="http://cxf.apache.org/bindings/xformat">
   <ns1:faultstring>org.apache.cxf.interceptor.security.AuthenticationException: Unauthenticated request</ns1:faultstring>
</ns1:XMLFault>

Note

The failure error given above will be converted into JSON format in a future releases of this API.

Subscriber Invitation API

Tip

Before you begin, be sure to enable self sign up to the API.

Request

HTTP Request method POST
URL https://gateway.api.cloud.wso2.com/api/am/user/subscriber/
Headers

Content-Type: application/json
Authorization: Bearer <Bearer token received by following prerequisites>

Payload

Username is constructed using the email address(‘alex.cse@ gmail.com ’) and tenant domain(testcompany).

Response

Successful invocation

{
   "success": true,
   "message": "User is invited successfully."    
}

If the security token is invalid

<ns1:XMLFault xmlns:ns1="http://cxf.apache.org/bindings/xformat">
   <ns1:faultstring>org.apache.cxf.interceptor.security.AuthenticationException: Unauthenticated request</ns1:faultstring>
</ns1:XMLFault>

Note

The failure error given above will be converted into JSON format in the future releases of this API.

Subscriber Invitation Verification API

Tip

Before you begin...

This API is required to invite a member or approve a self sign up request made by a user. You need to obtain the registration link of the user to invoke this API. This is an intermediate step to verify the confirmation key of members, before adding them to your organization

Request

HTTP Request method POST
URL https://gateway.api.cloud.wso2.com/api/am/user/subscriber /confirm-invitee/
Headers

Content-Type: application/json
Authorization: Bearer <Bearer token received by following prerequisites>

Payload

The confirmation key is retrieved from the invitation link received by the end user you need to add to the organization. A sample is given below.

https://wso2store.wso2.com/site/pages/confirm-verification.jag?confirmation=11508277-080d-45e4-b7ac-956f76c3f93f&isStoreInvitee=true&tenant=mycompany.

You need to extract the following information, required for the request query parameters.

Parameter Description
isStoreInvitee Obtained from the one-time link of a self-signed up user. If not found, pass this parameter with a null value.
IsInvitee Obtained from the one-time link of an invited user. If not found, pass this parameter with a null value.

Response

Successful invocation for new users to WSO2 Cloud

{
        "success":true,
        "message":"Successfully confirmed the the confirmation key for the user sam@wso2.com","data":"{\"confirmationKey\":\"a346c52d-f9b0-4415-c409-00300dbc23ba\",\"email\":\"sam@wso2.com\"}"
}

You can add the user after successful confirmation

Successful invocation for existing users to WSO2 Cloud

{
        "success":true,
        "message":"The user : sam@wso2.com has been successfully invited. Please use the same password to login"
}

Unsuccessful invocation (Invalid code)

 {
     "success":false,
     "message":"The link you are trying to click or the provided confirmation code has expired or is not valid"
}

Subscriber Registration API

Tip

The tenant admin is recommended to perform this task.

Request

HTTP Request method POST
URL https://gateway.api.cloud.wso2.com/api/am/user/subscriber / addUser
Headers

Content-Type: application/json
Authorization: Bearer <Bearer token received by following prerequisites>

Payload

The confirmation key is retrieved from the invitation link received by the end user. Note the guidelines below to for the formats of the input parameters

Parameter Description
Password

The password should have at least three of the criteria mentioned below.

  • Uppercase letters
  • Lowercase letters
  • Numbers
  • Special characters
firstName The first name of the user (alphanumeric characters only)
lastName The last name of the user (alphanumeric characters only)

Response

Successful invocation

{
    "success":true,
    "message":"Successfully added the user to the tenant testrest"
}

Unsuccessful invocation

{
    "success":false,"
    message":"Unable to retrieve user information. Invalid confirmation key provided. Please check the confirmation key and try again"
}

Reset password APIs

Step 1 - Initiation of the password reset API

Reset password initiation API

Request

HTTP Request method POST
URL https://gateway.api.cloud.wso2.com/api/am/user/subscriber /reset-password/initiate
Headers

Content-Type: application/json
Authorization: Bearer <Bearer token received by following prerequisites>

Payload
Parameter Description
email The registration email of the user you need to reset the password of.
callbackURL

The URL the user is redirected to once they receive the email to reset the password. Two parameters will be appended with the callback URL which are needed to make the next request. You do not need to append this as it will auto get appended to the URL provided above. You need to extract those two parameters and send it in the request 2.

If a callback URL is not specified then the redirection would be the default redirection to the wso2 cloud reset password page.

An example of such a custom callback URL returned to the user is shown below
http://myapp.com/reset-password?id=sam@wso2.com&confirmation=14f6b1dc-75b7-472c-8a1f-11455f669dbd

Parameter Description
id The email of the user
confirmationCode The confirmation code which is returned for the password reset to be passed to the request 2

Note

Follow Step 2 and 3 after you are re-directed.

Response

Successful invocation

{
    "success":true,
    "message":"Successfully added the user to the tenant testrest"
}

Unsuccessful invocation (Invalid security token)

{
    "success":false,"
    message":"Unable to retrieve user information. Invalid confirmation key provided. Please check the confirmation key and try again"
}

Step 2 - Verifying the input values for password reset

Reset password verification API

Request

HTTP Request method POST
URL https://gateway.api.cloud.wso2.com/api/am/user/subscriber /reset-password/verify
Headers

Content-Type: application/json
Authorization: Bearer <Bearer token received by following prerequisites>

Payload
Parameter Description
email The ID returned from the request in Step 1.
confirmationKey

The confirmation parameter appended to the callback URL in Step 1

Response

Successful invocation

{  
   "success":true,
   "message":"Provided verification code for the email sam@wso2.com has been successfully verified",
  "data":"{\"confirmationKey\":\"e0ed4sf-2a36s-40ae-80ea                          eeffc5c41e2c\",\"verified\":true,\"userName\":\"sam@wso2.com\",\"email\":\"sam@wso2.com\"}"
}

You have to extract the confirmationKey from data for Step 3.

Step 3 - Confirming password reset with new password

Reset password confirmation API

Request

HTTP Request method POST
URL https://gateway.api.cloud.wso2.com/api/am/user/subscriber /reset-password/confirm
Headers

Content-Type: application/json
Authorization: Bearer <Bearer token received by following prerequisites>

Payload
Parameter Description
email The email returned from the data element in Step 2.
confirmationKey The key returned from the data element in Step 2.
newPassword Your new password, after the reset.

Response

Successful invocation

{  
   "success":true,
   "message":"Password has been successfully reset for the user sam@wso2.com. Please login with your new password."
}

You have now successfully reset the password, after completing the steps listed above.

REST APIs that can be invoked with a subscriber access token

API Store statistics API

Request
HTTP Request method POST
URL https://gateway.api.cloud.wso2.com/api/am/user/subscriber/statistics
Headers

Content-Type: application/json
Authorization: Bearer <Bearer token received by following prerequisites>

Payload
Parameter Description
statisticsType

The type of statistics you need to retrieve for a particular time period.

  • getTopAppUsers - Top Users For Applications

  • getAppApiCallType - API Usage from Resource Path

  • getPerAppAPIFaultCount - Faulty Invocations per Application

  • getProviderAPIUsage - API Usage per Application

toDate
The end date of the required period.
fromDate
The start date of the required period.



Note that your response will differ according to the requested type of statistics. A successful invocation would be similar to the sample given below.

Response

Successful invocation

{  
   "success":true,
   "message":"Successfully retrieved the statistics data for the statistics type getTopAppUsers for the user sam@wso2.com@testcompany",
"data":"[{\"appName\":\"iot_ui_testcompany\",\"userCountArray\":[{\"count\":52,\"user\":\"sam@wso2.com@testcompany\"}]}]"
}
Top