mirror of
https://github.com/foomo/hanko-go.git
synced 2025-10-16 12:35:35 +00:00
833 lines
24 KiB
YAML
833 lines
24 KiB
YAML
openapi: 3.0.0
|
|
info:
|
|
version: "0.11.0"
|
|
title: "Hanko Admin API"
|
|
description: |
|
|
## Introduction
|
|
|
|
This is the OpenAPI specification for the [Hanko Admin API](https://github.com/teamhanko/hanko/blob/main/backend/README.md#start-private-api).
|
|
|
|
## Authentication
|
|
|
|
The Admin API must be protected by an access management system.
|
|
|
|
---
|
|
|
|
contact:
|
|
email: developers@hanko.io
|
|
license:
|
|
name: AGPL-3.0-or-later
|
|
url: https://www.gnu.org/licenses/agpl-3.0.txt
|
|
externalDocs:
|
|
description: More about Hanko
|
|
url: https://github.com/teamhanko/hanko
|
|
servers:
|
|
- url: "http://localhost:8001"
|
|
paths:
|
|
/:
|
|
get:
|
|
summary: Status page
|
|
description: Return information about the API status. Returns a 500 if there are issues with database connectivity.
|
|
operationId: status
|
|
tags:
|
|
- Status
|
|
responses:
|
|
"200":
|
|
description: "API is running"
|
|
content:
|
|
text/html:
|
|
schema:
|
|
type: string
|
|
"500":
|
|
description: "API is not functioning properly"
|
|
content:
|
|
text/html:
|
|
schema:
|
|
type: string
|
|
/users:
|
|
get:
|
|
summary: "Get a list of users"
|
|
operationId: listUsers
|
|
tags:
|
|
- User Management
|
|
parameters:
|
|
- in: query
|
|
name: page
|
|
schema:
|
|
type: integer
|
|
default: 1
|
|
description: The page which should be returned
|
|
- in: query
|
|
name: per_page
|
|
schema:
|
|
type: integer
|
|
default: 20
|
|
description: The number of returned items
|
|
- in: query
|
|
name: user_id
|
|
schema:
|
|
allOf:
|
|
- $ref: "#/components/schemas/UUID4"
|
|
example: c339547d-e17d-4ba7-8a1d-b3d5a4d17c1c
|
|
description: Only users with the specified user_id are included
|
|
- in: query
|
|
name: email
|
|
schema:
|
|
type: string
|
|
format: email
|
|
example: example@example.com
|
|
description: Only users with the specified email are included
|
|
- in: query
|
|
name: sort_direction
|
|
schema:
|
|
type: string
|
|
enum:
|
|
- asc
|
|
- desc
|
|
description: The sort direction of the returned list (always sorted by created_at)
|
|
responses:
|
|
"200":
|
|
description: "Details about users"
|
|
content:
|
|
application/json:
|
|
schema:
|
|
type: array
|
|
items:
|
|
$ref: "#/components/schemas/User"
|
|
headers:
|
|
X-Total-Count:
|
|
$ref: "#/components/headers/X-Total-Count"
|
|
Link:
|
|
$ref: "#/components/headers/Link"
|
|
"500":
|
|
$ref: "#/components/responses/InternalServerError"
|
|
"400":
|
|
$ref: "#/components/responses/BadRequest"
|
|
post:
|
|
summary: Create a new user
|
|
operationId: createUser
|
|
tags:
|
|
- User Management
|
|
requestBody:
|
|
content:
|
|
application/json:
|
|
schema:
|
|
type: object
|
|
properties:
|
|
id:
|
|
description: The ID of the new user
|
|
allOf:
|
|
- $ref: "#/components/schemas/UUID4"
|
|
emails:
|
|
description: The email addresses of the new user
|
|
type: array
|
|
items:
|
|
type: object
|
|
properties:
|
|
address:
|
|
type: string
|
|
is_primary:
|
|
type: boolean
|
|
is_verified:
|
|
type: boolean
|
|
required:
|
|
- address
|
|
- is_primary
|
|
created_at:
|
|
description: Time of creation of the user
|
|
type: string
|
|
format: date-time
|
|
required:
|
|
- emails
|
|
responses:
|
|
"200":
|
|
description: "Details of the newly created user"
|
|
content:
|
|
application/json:
|
|
schema:
|
|
$ref: "#/components/schemas/User"
|
|
"400":
|
|
$ref: "#/components/responses/BadRequest"
|
|
"409":
|
|
$ref: "#/components/responses/Conflict"
|
|
"500":
|
|
$ref: "#/components/responses/InternalServerError"
|
|
/users/{id}:
|
|
delete:
|
|
summary: "Delete a user by ID"
|
|
operationId: deleteUser
|
|
tags:
|
|
- User Management
|
|
parameters:
|
|
- name: id
|
|
in: path
|
|
description: ID of the user
|
|
required: true
|
|
schema:
|
|
$ref: "#/components/schemas/UUID4"
|
|
responses:
|
|
"204":
|
|
description: "Deleted"
|
|
"404":
|
|
$ref: "#/components/responses/NotFound"
|
|
"500":
|
|
$ref: "#/components/responses/InternalServerError"
|
|
get:
|
|
summary: "Get a user by ID"
|
|
operationId: getUser
|
|
tags:
|
|
- User Management
|
|
parameters:
|
|
- name: id
|
|
in: path
|
|
description: ID of the user
|
|
required: true
|
|
schema:
|
|
$ref: "#/components/schemas/UUID4"
|
|
responses:
|
|
"200":
|
|
description: "Details about the user"
|
|
content:
|
|
application/json:
|
|
schema:
|
|
$ref: "#/components/schemas/User"
|
|
"400":
|
|
$ref: "#/components/responses/BadRequest"
|
|
"404":
|
|
$ref: "#/components/responses/NotFound"
|
|
"500":
|
|
$ref: "#/components/responses/InternalServerError"
|
|
/audit_logs:
|
|
get:
|
|
summary: "Get a list of audit logs"
|
|
operationId: listAuditLogs
|
|
tags:
|
|
- Audit Logs
|
|
parameters:
|
|
- in: query
|
|
name: page
|
|
schema:
|
|
type: integer
|
|
default: 1
|
|
description: The page which should be returned
|
|
- in: query
|
|
name: per_page
|
|
schema:
|
|
type: integer
|
|
default: 20
|
|
description: The number of returned items
|
|
- in: query
|
|
name: start_time
|
|
schema:
|
|
type: string
|
|
example: 2022-09-12T12:48:48Z
|
|
description: Date and time from which the logs are included
|
|
- in: query
|
|
name: end_time
|
|
schema:
|
|
type: string
|
|
example: 2022-09-15T12:48:48Z
|
|
description: Date and time to which the logs are included
|
|
- in: query
|
|
name: actor_user_id
|
|
schema:
|
|
allOf:
|
|
- $ref: "#/components/schemas/UUID4"
|
|
example: c339547d-e17d-4ba7-8a1d-b3d5a4d17c1c
|
|
description: Only audit logs with the specified user_id are included
|
|
- in: query
|
|
name: actor_email
|
|
schema:
|
|
type: string
|
|
format: email
|
|
example: example@example.com
|
|
description: Only audit logs with the specified email are included
|
|
- in: query
|
|
name: q
|
|
schema:
|
|
type: string
|
|
example: example.com
|
|
description: Only audit logs are included when the search string matches values in meta_source_ip or actor_user_id or actor_email
|
|
- in: query
|
|
name: type
|
|
schema:
|
|
type: array
|
|
items:
|
|
allOf:
|
|
- $ref: "#/components/schemas/AuditLogTypes"
|
|
example: user_created
|
|
style: form
|
|
explode: true
|
|
description: Only audit logs with the specified type are included
|
|
responses:
|
|
"200":
|
|
description: "Details about audit logs"
|
|
content:
|
|
application/json:
|
|
schema:
|
|
type: array
|
|
items:
|
|
$ref: "#/components/schemas/AuditLog"
|
|
headers:
|
|
X-Total-Count:
|
|
$ref: "#/components/headers/X-Total-Count"
|
|
Link:
|
|
$ref: "#/components/headers/Link"
|
|
"500":
|
|
$ref: "#/components/responses/InternalServerError"
|
|
/metrics:
|
|
get:
|
|
summary: "Get Prometheus metrics."
|
|
operationId: getMetrics
|
|
tags:
|
|
- Metrics
|
|
responses:
|
|
"200":
|
|
description: "Prometheus Metrics for details about the format see: https://prometheus.io/docs/instrumenting/exposition_formats/#text-format-details"
|
|
content:
|
|
text/plain:
|
|
schema:
|
|
type: string
|
|
example: 'go_gc_duration_seconds{quantile="0"} 2.5875e-05'
|
|
/webhooks:
|
|
get:
|
|
summary: Get a list of webhooks
|
|
description: 'Returns a list of all configured webhooks. '
|
|
operationId: list-webhooks
|
|
responses:
|
|
'200':
|
|
description: OK
|
|
content:
|
|
application/json:
|
|
schema:
|
|
type: object
|
|
properties:
|
|
database:
|
|
type: array
|
|
items:
|
|
$ref: '#/components/schemas/DatabaseWebhook'
|
|
config:
|
|
type: array
|
|
items:
|
|
$ref: '#/components/schemas/Webhook'
|
|
'500':
|
|
$ref: '#/components/responses/InternalServerError'
|
|
post:
|
|
summary: Create a new database webhook
|
|
description: ''
|
|
operationId: create-db-webhooks
|
|
requestBody:
|
|
content:
|
|
application/json:
|
|
schema:
|
|
$ref: '#/components/schemas/Webhook'
|
|
responses:
|
|
'201':
|
|
description: Created
|
|
content:
|
|
application/json:
|
|
schema:
|
|
$ref: '#/components/schemas/DatabaseWebhook'
|
|
'400':
|
|
$ref: '#/components/responses/BadRequest'
|
|
'500':
|
|
$ref: '#/components/responses/InternalServerError'
|
|
'/webhooks/{id}':
|
|
get:
|
|
summary: Get a webhook by ID
|
|
operationId: get-webhooks-id
|
|
parameters:
|
|
- $ref: '#/components/parameters/Id'
|
|
responses:
|
|
'200':
|
|
description: OK
|
|
content:
|
|
application/json:
|
|
schema:
|
|
$ref: '#/components/schemas/DatabaseWebhook'
|
|
'400':
|
|
$ref: '#/components/responses/BadRequest'
|
|
'404':
|
|
$ref: '#/components/responses/NotFound'
|
|
'500':
|
|
$ref: '#/components/responses/InternalServerError'
|
|
delete:
|
|
summary: Delete a webhook by ID
|
|
operationId: delete-webhooks-id
|
|
parameters:
|
|
- $ref: '#/components/parameters/Id'
|
|
responses:
|
|
'204':
|
|
description: No Content
|
|
'400':
|
|
$ref: '#/components/responses/BadRequest'
|
|
'404':
|
|
$ref: '#/components/responses/NotFound'
|
|
'500':
|
|
description: Internal Server Error
|
|
put:
|
|
summary: Update a webhook by ID
|
|
operationId: put-webhooks-id
|
|
parameters:
|
|
- $ref: '#/components/parameters/Id'
|
|
requestBody:
|
|
content:
|
|
application/json:
|
|
schema:
|
|
allOf:
|
|
- $ref: '#/components/schemas/Webhook'
|
|
- type: object
|
|
properties:
|
|
enabled:
|
|
type: boolean
|
|
required:
|
|
- enabled
|
|
responses:
|
|
'200':
|
|
description: OK
|
|
content:
|
|
application/json:
|
|
schema:
|
|
$ref: '#/components/schemas/DatabaseWebhook'
|
|
'400':
|
|
$ref: '#/components/responses/BadRequest'
|
|
'404':
|
|
$ref: '#/components/responses/NotFound'
|
|
'500':
|
|
$ref: '#/components/responses/InternalServerError'
|
|
'/users/{id}/emails':
|
|
get:
|
|
summary: Get a list of emails for a user
|
|
operationId: get-users-id-emails
|
|
parameters:
|
|
- $ref: '#/components/parameters/Id'
|
|
responses:
|
|
'200':
|
|
description: OK
|
|
content:
|
|
application/json:
|
|
schema:
|
|
type: array
|
|
items:
|
|
$ref: '#/components/schemas/Email'
|
|
'400':
|
|
$ref: '#/components/responses/BadRequest'
|
|
'500':
|
|
$ref: '#/components/responses/InternalServerError'
|
|
post:
|
|
summary: Create an email for a user
|
|
operationId: post-users-id-emails
|
|
parameters:
|
|
- $ref: '#/components/parameters/Id'
|
|
requestBody:
|
|
$ref: '#/components/requestBodies/CreateEmail'
|
|
responses:
|
|
'201':
|
|
description: Created
|
|
content:
|
|
application/json:
|
|
schema:
|
|
$ref: '#/components/schemas/Email'
|
|
'400':
|
|
$ref: '#/components/responses/BadRequest'
|
|
'404':
|
|
$ref: '#/components/responses/NotFound'
|
|
'409':
|
|
$ref: '#/components/responses/Conflict'
|
|
'500':
|
|
$ref: '#/components/responses/InternalServerError'
|
|
'/users/{id}/emails/{email_id}':
|
|
get:
|
|
summary: Get an email of a user
|
|
operationId: get-users-id-emails-email_id
|
|
parameters:
|
|
- $ref: '#/components/parameters/Id'
|
|
- name: email_id
|
|
in: path
|
|
description: UUID of the requested email
|
|
required: true
|
|
schema:
|
|
type: string
|
|
responses:
|
|
'200':
|
|
description: OK
|
|
content:
|
|
application/json:
|
|
schema:
|
|
$ref: '#/components/schemas/Email'
|
|
'400':
|
|
$ref: '#/components/responses/BadRequest'
|
|
'404':
|
|
$ref: '#/components/responses/NotFound'
|
|
'500':
|
|
$ref: '#/components/responses/InternalServerError'
|
|
delete:
|
|
summary: Remove an email from a user
|
|
operationId: delete-users-emails-email_id
|
|
parameters:
|
|
- $ref: '#/components/parameters/Id'
|
|
- name: email_id
|
|
in: path
|
|
description: UUID of the requested email
|
|
required: true
|
|
schema:
|
|
type: string
|
|
responses:
|
|
'204':
|
|
description: No Content
|
|
'400':
|
|
$ref: '#/components/responses/BadRequest'
|
|
'404':
|
|
$ref: '#/components/responses/NotFound'
|
|
'409':
|
|
$ref: '#/components/responses/Conflict'
|
|
'500':
|
|
$ref: '#/components/responses/InternalServerError'
|
|
'/users/{id}/emails/{email_id}/set_primary':
|
|
post:
|
|
summary: Set email as primary
|
|
operationId: post-users-emails-email_id-set_primary
|
|
parameters:
|
|
- $ref: '#/components/parameters/Id'
|
|
- name: email_id
|
|
in: path
|
|
required: true
|
|
schema:
|
|
type: string
|
|
responses:
|
|
'204':
|
|
description: No Content
|
|
'400':
|
|
$ref: '#/components/responses/BadRequest'
|
|
'404':
|
|
$ref: '#/components/responses/NotFound'
|
|
'500':
|
|
$ref: '#/components/responses/InternalServerError'
|
|
components:
|
|
parameters:
|
|
Id:
|
|
name: id
|
|
in: path
|
|
description: UUID of the requested object
|
|
required: true
|
|
schema:
|
|
type: string
|
|
format: uuid
|
|
requestBodies:
|
|
CreateEmail:
|
|
description: Request Body for creating an email for a user
|
|
content:
|
|
application/json:
|
|
schema:
|
|
type: object
|
|
properties:
|
|
address:
|
|
type: string
|
|
format: email
|
|
is_primary:
|
|
type: boolean
|
|
is_verified:
|
|
type: boolean
|
|
required:
|
|
- address
|
|
responses:
|
|
BadRequest:
|
|
description: Bad Request
|
|
content:
|
|
application/json:
|
|
schema:
|
|
$ref: "#/components/schemas/Error"
|
|
example:
|
|
code: 400
|
|
message: Bad Request
|
|
Conflict:
|
|
description: Conflict
|
|
content:
|
|
application/json:
|
|
schema:
|
|
$ref: "#/components/schemas/Error"
|
|
example:
|
|
code: 409
|
|
message: Conflict
|
|
InternalServerError:
|
|
description: Internal server error
|
|
content:
|
|
application/json:
|
|
schema:
|
|
$ref: "#/components/schemas/Error"
|
|
example:
|
|
code: 500
|
|
message: Internal Server Error
|
|
NotFound:
|
|
description: Not Found
|
|
content:
|
|
application/json:
|
|
schema:
|
|
$ref: "#/components/schemas/Error"
|
|
example:
|
|
code: 404
|
|
message: Not found
|
|
schemas:
|
|
UUID4:
|
|
type: string
|
|
format: uuid4
|
|
example: c339547d-e17d-4ba7-8a1d-b3d5a4d17c1c
|
|
User:
|
|
type: object
|
|
required:
|
|
- id
|
|
- created_at
|
|
- updated_at
|
|
properties:
|
|
id:
|
|
description: The ID of the user
|
|
allOf:
|
|
- $ref: "#/components/schemas/UUID4"
|
|
created_at:
|
|
description: Time of creation of the user
|
|
type: string
|
|
format: date-time
|
|
updated_at:
|
|
description: Time of last update of the user
|
|
type: string
|
|
format: date-time
|
|
webauthn_credentials:
|
|
description: List of registered Webauthn credentials
|
|
type: array
|
|
items:
|
|
$ref: "#/components/schemas/WebAuthnCredential"
|
|
emails:
|
|
description: List of emails associated to the user
|
|
type: array
|
|
items:
|
|
$ref: '#/components/schemas/Email'
|
|
WebAuthnCredential:
|
|
type: object
|
|
required:
|
|
- id
|
|
- public_key
|
|
- attestation_type
|
|
- aaguid
|
|
- created_at
|
|
properties:
|
|
id:
|
|
description: The ID of the credential
|
|
allOf:
|
|
- $ref: "#/components/schemas/UUID4"
|
|
name:
|
|
description: A name that the user choose
|
|
type: string
|
|
public_key:
|
|
description: The public key of the credential
|
|
type: string
|
|
attestation_type:
|
|
description: The attestation type the credential was registered with
|
|
type: string
|
|
aaguid:
|
|
description: The AAGUID of the authenticator the credentials was created on
|
|
type: string
|
|
transports:
|
|
description: The ways the authenticator is connected
|
|
type: array
|
|
items:
|
|
type: string
|
|
created_at:
|
|
description: Time of creation of the credential
|
|
type: string
|
|
format: date-time
|
|
Email:
|
|
type: object
|
|
required:
|
|
- id
|
|
- address
|
|
- is_verified
|
|
- is_primary
|
|
- created_at
|
|
- updated_at
|
|
properties:
|
|
id:
|
|
description: The ID of the email
|
|
allOf:
|
|
- $ref: "#/components/schemas/UUID4"
|
|
address:
|
|
description: The email address
|
|
type: string
|
|
format: email
|
|
is_verified:
|
|
description: Indicated the email has been verified.
|
|
type: boolean
|
|
is_primary:
|
|
description: Indicates it's the primary email address.
|
|
type: boolean
|
|
created_at:
|
|
description: Time of creation of the email
|
|
type: string
|
|
format: date-time
|
|
updated_at:
|
|
description: Time of last update of the email
|
|
type: string
|
|
format: date-time
|
|
AuditLog:
|
|
type: object
|
|
required:
|
|
- id
|
|
- type
|
|
- meta_http_request_id
|
|
- meta_source_ip
|
|
- meta_user_agent
|
|
- created_at
|
|
- updated_at
|
|
properties:
|
|
id:
|
|
description: The ID of the audit log
|
|
allOf:
|
|
- $ref: "#/components/schemas/UUID4"
|
|
type:
|
|
allOf:
|
|
- $ref: "#/components/schemas/AuditLogTypes"
|
|
error:
|
|
description: A more detailed message why something failed
|
|
type: string
|
|
meta_http_request_id:
|
|
description: The ID of the corresponding http request
|
|
type: string
|
|
example: 0a2xsrhlhiQv49FIpq8KV8uQVq6ky9Bw
|
|
meta_source_ip:
|
|
description: The IP from where the http request came from
|
|
type: string
|
|
format: ip-address
|
|
example: 172.27.0.1
|
|
meta_user_agent:
|
|
description: The user agent from where the http request came from
|
|
type: string
|
|
actor_user_id:
|
|
description: The userID from the actor
|
|
allOf:
|
|
- $ref: "#/components/schemas/UUID4"
|
|
actor_email:
|
|
description: The email from the actor
|
|
type: string
|
|
format: email
|
|
created_at:
|
|
description: Time of creation of the audit log
|
|
type: string
|
|
format: date-time
|
|
example: "2022-09-14T12:15:09.788784Z"
|
|
DatabaseWebhookEvent:
|
|
type: object
|
|
title: DatabaseWebhookEvent
|
|
properties:
|
|
id:
|
|
type: string
|
|
format: uuid
|
|
event:
|
|
type: string
|
|
enum:
|
|
- user
|
|
- user.create
|
|
- user.delete
|
|
- user.update
|
|
- user.update.email
|
|
- user.update.email.create
|
|
- user.update.email.delete
|
|
- user.update.email.primary
|
|
DatabaseWebhook:
|
|
type: object
|
|
title: DatabaseWebhook
|
|
properties:
|
|
id:
|
|
type: string
|
|
format: uuid
|
|
callback:
|
|
type: string
|
|
format: uri
|
|
enabled:
|
|
type: boolean
|
|
failures:
|
|
type: integer
|
|
minimum: 0
|
|
expires_at:
|
|
type: string
|
|
format: date-time
|
|
events:
|
|
type: array
|
|
items:
|
|
$ref: '#/components/schemas/DatabaseWebhookEvent'
|
|
created_at:
|
|
type: string
|
|
format: date-time
|
|
updated_at:
|
|
description: Time of last update of the audit log
|
|
type: string
|
|
format: date-time
|
|
example: "2022-09-14T12:15:09.788784Z"
|
|
Webhook:
|
|
type: object
|
|
title: Webhook
|
|
properties:
|
|
callback:
|
|
type: string
|
|
format: uri
|
|
events:
|
|
type: array
|
|
minItems: 1
|
|
items:
|
|
type: string
|
|
enum:
|
|
- user
|
|
- user.create
|
|
- user.delete
|
|
- user.update
|
|
- user.update.email
|
|
- user.update.email.create
|
|
- user.update.email.delete
|
|
- user.update.email.primary
|
|
required:
|
|
- callback
|
|
- events
|
|
Error:
|
|
type: object
|
|
required:
|
|
- code
|
|
- message
|
|
properties:
|
|
code:
|
|
type: integer
|
|
format: int32
|
|
message:
|
|
type: string
|
|
AuditLogTypes:
|
|
description: The type of the audit log
|
|
type: string
|
|
enum:
|
|
- user_created
|
|
- password_set_succeeded
|
|
- password_set_failed
|
|
- password_login_succeeded
|
|
- password_login_failed
|
|
- passcode_login_init_succeeded
|
|
- passcode_login_init_failed
|
|
- passcode_login_final_succeeded
|
|
- passcode_login_final_failed
|
|
- webauthn_registration_init_succeeded
|
|
- webauthn_registration_init_failed
|
|
- webauthn_registration_final_succeeded
|
|
- webauthn_registration_final_failed
|
|
- webauthn_authentication_init_succeeded
|
|
- webauthn_authentication_init_failed
|
|
- webauthn_authentication_final_succeeded
|
|
- webauthn_authentication_final_failed
|
|
- thirdparty_signup_succeeded
|
|
- thirdparty_signin_succeeded
|
|
headers:
|
|
X-Total-Count:
|
|
schema:
|
|
type: string
|
|
description: The total count of the requested resource considering query parameter
|
|
example: 1234
|
|
Link:
|
|
schema:
|
|
type: string
|
|
description: Web Linking as described in RFC5988
|
|
example: <http://localhost:8001/resource?page=1&per_page=10>; rel="first",<http://localhost:8001/resource?page=16&per_page=10>; rel="last",<http://localhost:8001/resource?page=6&per_page=10>; rel="next",<http://localhost:8001/resource?page=4&per_page=10>; rel="prev"
|