メインコンテンツまでスキップ
API docs by Redocly

idp-server コントロールプレーン ユーザー管理 API (1.0.0)

Download OpenAPI specification:Download

ユーザーの管理API仕様書

organization-user

組織レベルユーザー管理

Create user within organization tenant

組織内の特定のテナントに新しいユーザーを作成します

path Parameters
organization-id
required
string <uuid>

組織の識別子

tenant-id
required
string

テナントの識別子

query Parameters
dry_run
boolean
Default: false

trueの場合、リクエストの検証のみで実行はされません

Request Body schema: application/json
required
sub
string <uuid>

Unique subject identifier (optional, auto-generated if not provided)

provider_id
required
string <= 255 characters

Identity provider identifier

external_user_id
string <= 255 characters

External user identifier from identity provider

username
string <= 255 characters

Username for authentication

name
required
string <= 255 characters

Full display name of the user

given_name
string <= 255 characters

Given name (first name) of the user

family_name
string <= 255 characters

Family name (last name) of the user

middle_name
string <= 255 characters

Middle name of the user

nickname
string <= 255 characters

Casual name of the user

preferred_username
string <= 255 characters

Preferred username for display

profile
string <uri> <= 255 characters

URL of the user's profile page

picture
string <uri> <= 255 characters

URL of the user's profile picture

website
string <uri> <= 255 characters

URL of the user's website

email
required
string <email> <= 255 characters

Email address of the user

email_verified
boolean

Whether the email address has been verified

gender
string

Gender identity of the user

birthdate
string <date>

Date of birth (YYYY-MM-DD format)

zoneinfo
string <= 255 characters

Time zone information

locale
string

Locale preference

phone_number
string^\+?[0-9\- ]{7,20}$

Phone number in E.164 format

phone_number_verified
boolean

Whether the phone number has been verified

object

Physical address of the user

raw_password
required
string [ 8 .. 255 ] characters

Plain text password (will be hashed on server)

object

Custom user properties

Array of objects

User roles

assigned_tenants
Array of strings <uuid> [ items <uuid > ]

List of tenant IDs the user is assigned to

current_tenant
string <uuid>

Current primary tenant ID

assigned_organizations
Array of strings <uuid> [ items <uuid > ]

List of organization IDs the user is assigned to

current_organization
string <uuid>

Current primary organization ID

Responses

Request samples

Content type
application/json
{
  • "sub": "753487e7-10bc-4e69-b3b2-4da33721ea3e",
  • "provider_id": "idp-server",
  • "external_user_id": "string",
  • "username": "string",
  • "name": "string",
  • "given_name": "string",
  • "family_name": "string",
  • "middle_name": "string",
  • "nickname": "string",
  • "preferred_username": "string",
  • "profile": "http://example.com",
  • "picture": "http://example.com",
  • "website": "http://example.com",
  • "email": "user@example.com",
  • "email_verified": true,
  • "gender": "string",
  • "birthdate": "2019-08-24",
  • "zoneinfo": "string",
  • "locale": "string",
  • "phone_number": "string",
  • "phone_number_verified": true,
  • "address": {
    },
  • "raw_password": "stringst",
  • "custom_properties": { },
  • "roles": [
    ],
  • "assigned_tenants": [
    ],
  • "current_tenant": "f074cfc2-75c1-4aae-a9d7-15ec980dafc4",
  • "assigned_organizations": [
    ],
  • "current_organization": "c57905cf-834e-4a0d-815b-7b39aa8070fb"
}

Response samples

Content type
application/json
{
  • "dry_run": true,
  • "result": {
    }
}

List users within organization tenant

組織内の特定のテナントのユーザー一覧を取得します

path Parameters
organization-id
required
string <uuid>

組織の識別子

tenant-id
required
string

テナントの識別子

query Parameters
limit
integer [ 1 .. 1000 ]
Default: 20

返すアイテムの最大数

offset
integer >= 0
Default: 0

アイテムを返す開始インデックス

user_id
string

特定のユーザーIDでフィルタリング

preferred_username
string

優先ユーザー名でフィルタリング

email
string

メールアドレスでフィルタリング

external_user_id
string

外部ユーザーIDでフィルタリング

status
string
Enum: "active" "inactive" "locked"

ユーザーステータスでフィルタリング

provider_id
string

プロバイダーIDでフィルタリング

phone_number
string

電話番号でフィルタリング

name
string

名前で部分一致検索(大文字小文字区別なし)

given_name
string

名で部分一致検索(大文字小文字区別なし)

family_name
string

姓で部分一致検索(大文字小文字区別なし)

middle_name
string

ミドルネームで部分一致検索(大文字小文字区別なし)

nickname
string

ニックネームで部分一致検索(大文字小文字区別なし)

role
string

ロール名で部分一致検索

permission
string

権限名で部分一致検索

from
string <date-time>

作成日時の開始(ISO 8601形式)

to
string <date-time>

作成日時の終了(ISO 8601形式)

Responses

Response samples

Content type
application/json
{
  • "list": [
    ],
  • "total_count": 0,
  • "limit": 0,
  • "offset": 0
}

Get user within organization tenant

組織内のテナントの特定のユーザーを取得します

path Parameters
organization-id
required
string <uuid>

組織の識別子

tenant-id
required
string

テナントの識別子

user-id
required
string <uuid>

ユーザーの識別子

Responses

Response samples

Content type
application/json
{
  • "sub": "753487e7-10bc-4e69-b3b2-4da33721ea3e",
  • "provider_id": "string",
  • "external_user_id": "string",
  • "username": "string",
  • "name": "string",
  • "given_name": "string",
  • "family_name": "string",
  • "middle_name": "string",
  • "nickname": "string",
  • "preferred_username": "string",
  • "profile": "http://example.com",
  • "picture": "http://example.com",
  • "website": "http://example.com",
  • "email": "user@example.com",
  • "email_verified": true,
  • "gender": "string",
  • "birthdate": "2019-08-24",
  • "zoneinfo": "string",
  • "locale": "string",
  • "phone_number": "string",
  • "phone_number_verified": true,
  • "address": {
    },
  • "updated_at": "2019-08-24T14:15:22Z",
  • "status": "REGISTERED",
  • "hashed_password": "string",
  • "verified_claims": { },
  • "custom_properties": { },
  • "authentication_devices": [
    ],
  • "roles": [
    ],
  • "permissions": [
    ],
  • "assigned_tenants": [
    ],
  • "assigned_organizations": [
    ]
}

Update user within organization tenant

組織内のテナントの特定のユーザーを更新します

path Parameters
organization-id
required
string <uuid>

組織の識別子

tenant-id
required
string

テナントの識別子

user-id
required
string <uuid>

ユーザーの識別子

query Parameters
dry_run
boolean
Default: false

trueの場合、リクエストの検証のみで実行はされません

Request Body schema: application/json
required
provider_id
required
string <= 255 characters

Identity provider identifier

external_user_id
string <= 255 characters

External user identifier from identity provider

username
string <= 255 characters

Username for authentication

name
required
string <= 255 characters

Full display name of the user

given_name
string <= 255 characters

Given name (first name) of the user

family_name
string <= 255 characters

Family name (last name) of the user

middle_name
string <= 255 characters

Middle name of the user

nickname
string <= 255 characters

Casual name of the user

preferred_username
string <= 255 characters

Preferred username for display

profile
string <uri> <= 255 characters

URL of the user's profile page

picture
string <uri> <= 255 characters

URL of the user's profile picture

website
string <uri> <= 255 characters

URL of the user's website

email
required
string <email> <= 255 characters

Email address of the user

email_verified
boolean

Whether the email address has been verified

gender
string

Gender identity of the user

birthdate
string <date>

Date of birth (YYYY-MM-DD format)

zoneinfo
string <= 255 characters

Time zone information

locale
string

Locale preference

phone_number
string^\+?[0-9\- ]{7,20}$

Phone number in E.164 format

phone_number_verified
boolean

Whether the phone number has been verified

object

Physical address of the user

object

Custom user properties

Array of objects

User roles

assigned_tenants
Array of strings <uuid> [ items <uuid > ]

List of tenant IDs the user is assigned to

current_tenant
string <uuid>

Current primary tenant ID

assigned_organizations
Array of strings <uuid> [ items <uuid > ]

List of organization IDs the user is assigned to

current_organization
string <uuid>

Current primary organization ID

Responses

Request samples

Content type
application/json
{
  • "provider_id": "string",
  • "external_user_id": "string",
  • "username": "string",
  • "name": "string",
  • "given_name": "string",
  • "family_name": "string",
  • "middle_name": "string",
  • "nickname": "string",
  • "preferred_username": "string",
  • "profile": "http://example.com",
  • "picture": "http://example.com",
  • "website": "http://example.com",
  • "email": "user@example.com",
  • "email_verified": true,
  • "gender": "string",
  • "birthdate": "2019-08-24",
  • "zoneinfo": "string",
  • "locale": "string",
  • "phone_number": "string",
  • "phone_number_verified": true,
  • "address": {
    },
  • "custom_properties": { },
  • "roles": [
    ],
  • "assigned_tenants": [
    ],
  • "current_tenant": "f074cfc2-75c1-4aae-a9d7-15ec980dafc4",
  • "assigned_organizations": [
    ],
  • "current_organization": "c57905cf-834e-4a0d-815b-7b39aa8070fb"
}

Response samples

Content type
application/json
{
  • "dry_run": true,
  • "result": {
    }
}

Delete user within organization tenant

組織内のテナントの特定のユーザーを削除します

path Parameters
organization-id
required
string <uuid>

組織の識別子

tenant-id
required
string

テナントの識別子

user-id
required
string <uuid>

ユーザーの識別子

query Parameters
dry_run
boolean
Default: false

trueの場合、リクエストの検証のみで実行はされません

Responses

Response samples

Content type
application/json
{
  • "error": "string",
  • "error_description": "string",
  • "error_messages": [
    ],
  • "error_details": { }
}

Partially update user within organization tenant

組織内のテナントの特定のユーザーを部分更新します

path Parameters
organization-id
required
string <uuid>

組織の識別子

tenant-id
required
string

テナントの識別子

user-id
required
string <uuid>

ユーザーの識別子

query Parameters
dry_run
boolean
Default: false

trueの場合、リクエストの検証のみで実行はされません

Request Body schema: application/json
required
provider_id
required
string <= 255 characters

Identity provider identifier

external_user_id
string <= 255 characters

External user identifier from identity provider

username
string <= 255 characters

Username for authentication

name
required
string <= 255 characters

Full display name of the user

given_name
string <= 255 characters

Given name (first name) of the user

family_name
string <= 255 characters

Family name (last name) of the user

middle_name
string <= 255 characters

Middle name of the user

nickname
string <= 255 characters

Casual name of the user

preferred_username
string <= 255 characters

Preferred username for display

profile
string <uri> <= 255 characters

URL of the user's profile page

picture
string <uri> <= 255 characters

URL of the user's profile picture

website
string <uri> <= 255 characters

URL of the user's website

email
required
string <email> <= 255 characters

Email address of the user

email_verified
boolean

Whether the email address has been verified

gender
string

Gender identity of the user

birthdate
string <date>

Date of birth (YYYY-MM-DD format)

zoneinfo
string <= 255 characters

Time zone information

locale
string

Locale preference

phone_number
string^\+?[0-9\- ]{7,20}$

Phone number in E.164 format

phone_number_verified
boolean

Whether the phone number has been verified

object

Physical address of the user

object

Custom user properties

Array of objects

User roles

assigned_tenants
Array of strings <uuid> [ items <uuid > ]

List of tenant IDs the user is assigned to

current_tenant
string <uuid>

Current primary tenant ID

assigned_organizations
Array of strings <uuid> [ items <uuid > ]

List of organization IDs the user is assigned to

current_organization
string <uuid>

Current primary organization ID

Responses

Request samples

Content type
application/json
{
  • "provider_id": "string",
  • "external_user_id": "string",
  • "username": "string",
  • "name": "string",
  • "given_name": "string",
  • "family_name": "string",
  • "middle_name": "string",
  • "nickname": "string",
  • "preferred_username": "string",
  • "profile": "http://example.com",
  • "picture": "http://example.com",
  • "website": "http://example.com",
  • "email": "user@example.com",
  • "email_verified": true,
  • "gender": "string",
  • "birthdate": "2019-08-24",
  • "zoneinfo": "string",
  • "locale": "string",
  • "phone_number": "string",
  • "phone_number_verified": true,
  • "address": {
    },
  • "custom_properties": { },
  • "roles": [
    ],
  • "assigned_tenants": [
    ],
  • "current_tenant": "f074cfc2-75c1-4aae-a9d7-15ec980dafc4",
  • "assigned_organizations": [
    ],
  • "current_organization": "c57905cf-834e-4a0d-815b-7b39aa8070fb"
}

Response samples

Content type
application/json
{
  • "dry_run": true,
  • "result": {
    }
}

Update user password within organization tenant

Updates a specific user's password for a tenant within an organization

path Parameters
organization-id
required
string <uuid>

組織の識別子

tenant-id
required
string

テナントの識別子

user-id
required
string <uuid>

ユーザーの識別子

query Parameters
dry_run
boolean
Default: false

trueの場合、リクエストの検証のみで実行はされません

Request Body schema: application/json
required
raw_password
required
string >= 8 characters ^(?=.*[A-Za-z])(?=.*\d)[A-Za-z\d!@#$%^&*()_+=...

Plain text password (will be hashed on server)

Responses

Request samples

Content type
application/json
{
  • "raw_password": "stringst"
}

Response samples

Content type
application/json
{
  • "dry_run": true,
  • "result": {
    }
}

Update user roles within organization tenant

Updates a specific user's roles for a tenant within an organization

path Parameters
organization-id
required
string <uuid>

組織の識別子

tenant-id
required
string

テナントの識別子

user-id
required
string <uuid>

ユーザーの識別子

query Parameters
dry_run
boolean
Default: false

trueの場合、リクエストの検証のみで実行はされません

Request Body schema: application/json
required
Array of objects <= 50 items

User roles

permissions
Array of strings <= 100 items [ items <= 255 characters ]

Direct permissions assigned to user

Responses

Request samples

Content type
application/json
{
  • "roles": [
    ],
  • "permissions": [
    ]
}

Response samples

Content type
application/json
{
  • "dry_run": true,
  • "result": {
    }
}

Update user tenant assignments within organization

Updates a specific user's tenant assignments within an organization

path Parameters
organization-id
required
string <uuid>

組織の識別子

tenant-id
required
string

テナントの識別子

user-id
required
string <uuid>

ユーザーの識別子

query Parameters
dry_run
boolean
Default: false

trueの場合、リクエストの検証のみで実行はされません

Request Body schema: application/json
required
current_tenant_id
string <uuid>

Current primary tenant ID

assigned_tenants
required
Array of strings <uuid> <= 20 items [ items <uuid > ]

List of tenant IDs the user is assigned to

Responses

Request samples

Content type
application/json
{
  • "current_tenant_id": "191a59f0-183b-4bba-bc57-e6aba2266419",
  • "assigned_tenants": [
    ]
}

Response samples

Content type
application/json
{
  • "dry_run": true,
  • "result": {
    }
}

Update user organization assignments

Updates a specific user's organization assignments

path Parameters
organization-id
required
string <uuid>

組織の識別子

tenant-id
required
string

テナントの識別子

user-id
required
string <uuid>

ユーザーの識別子

query Parameters
dry_run
boolean
Default: false

trueの場合、リクエストの検証のみで実行はされません

Request Body schema: application/json
required
current_organization_id
string <uuid>

Current primary organization ID

assigned_organizations
required
Array of strings <uuid> <= 20 items [ items <uuid > ]

List of organization IDs the user is assigned to

Responses

Request samples

Content type
application/json
{
  • "current_organization_id": "472f992a-d0a6-488f-94bb-a1f0763b707a",
  • "assigned_organizations": [
    ]
}

Response samples

Content type
application/json
{
  • "dry_run": true,
  • "result": {
    }
}

List user sessions

指定されたユーザーのアクティブなセッション一覧を取得します。

このエンドポイントは、ユーザーが現在持っているOPセッション(OpenID Provider Session)の情報を返します。 セッション情報には、セッションID、認証時刻、有効期限、最終アクセス時刻などが含まれます。

ユースケース:

  • ユーザーのログイン状況の確認
  • 不正アクセスの検出(予期しないセッションの発見)
  • セッション管理画面の構築
path Parameters
organization-id
required
string <uuid>

組織の識別子

tenant-id
required
string

テナントの識別子

user-id
required
string <uuid>

ユーザーの識別子

Responses

Response samples

Content type
application/json
{
  • "list": [
    ]
}

Delete all user sessions

指定されたユーザーのすべてのセッションを一括削除(ログアウト)します。

このエンドポイントは、ユーザーが持つすべてのOPセッションを無効化します。 パスワード変更後の全デバイスからのログアウトや、アカウント侵害時の緊急対応に使用します。

ユースケース:

  • パスワード変更後の全セッション無効化
  • アカウント侵害時の緊急対応
  • ユーザー退職時のセッションクリア
path Parameters
organization-id
required
string <uuid>

組織の識別子

tenant-id
required
string

テナントの識別子

user-id
required
string <uuid>

ユーザーの識別子

query Parameters
dry_run
boolean
Default: false

trueの場合、リクエストの検証のみで実行はされません

Responses

Response samples

Content type
application/json
{
  • "error": "string",
  • "error_description": "string",
  • "error_messages": [
    ],
  • "error_details": { }
}

Delete user session

指定されたユーザーの特定のセッションを削除(ログアウト)します。

このエンドポイントは、ユーザーの特定のOPセッションを無効化します。 セッション削除により、そのセッションに関連するすべてのトークンも無効化されます。

ユースケース:

  • 不正アクセスが疑われるセッションの強制終了
  • ユーザーからの要請によるリモートログアウト
  • セキュリティインシデント対応
path Parameters
organization-id
required
string <uuid>

組織の識別子

tenant-id
required
string

テナントの識別子

user-id
required
string <uuid>

ユーザーの識別子

session-id
required
string <uuid>

セッションの識別子

query Parameters
dry_run
boolean
Default: false

trueの場合、リクエストの検証のみで実行はされません

Responses

Response samples

Content type
application/json
{
  • "error": "string",
  • "error_description": "string",
  • "error_messages": [
    ],
  • "error_details": { }
}