Download OpenAPI specification:Download
Create application agent
Meeco-Organisation-Id required | string <uuid> |
object |
{- "application": {
- "description": "string",
- "name": "string",
- "security_rights": [
- "vk:org:delegation"
]
}
}
{- "application": {
- "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
- "description": "string",
- "name": "string",
- "security_rights": [
- "vk:org:delegation"
]
}
}
Load all application agents
Meeco-Organisation-Id required | string <uuid> |
{- "applications": [
- {
- "id": null,
- "name": null,
- "description": null,
- "type": null,
- "secret": null,
- "scopes": null,
- "redirects": [ ],
- "logout_redirects": [ ],
- "is_active": null,
- "created_at": null,
- "updated_at": null
}
]
}
Get application agent information
id required | string |
Meeco-Organisation-Id required | string <uuid> |
{- "application": {
- "id": null,
- "name": null,
- "description": null,
- "type": null,
- "secret": null,
- "scopes": null,
- "redirects": [ ],
- "logout_redirects": [ ],
- "is_active": null,
- "created_at": null,
- "updated_at": null
}
}
Update application agent
id required | string |
Meeco-Organisation-Id required | string <uuid> |
required | object |
{- "application": {
- "description": "string",
- "name": "string"
}
}
{- "application": {
- "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
- "description": "string",
- "name": "string",
- "security_rights": [
- "vk:org:delegation"
]
}
}
Delete an organisation.
In order to execute this action the current user must have security right atom:tenant:create_org
for the tenant of the organisation.
org_id required | string <uuid> ID of the organisation |
{- "error": "unauthorized",
- "extra_info": {
- "reason": "invalid_jwt"
}, - "http_code": 401,
- "message": null
}
Show an organisation.
In order to execute this action the current user must have
atom:global:view_all_orgs
oratom:tenant:view_tenant_orgs
for the tenantatom:org:view_org
for the org with the ID in parameter org_id
org_id required | string <uuid> ID of the organisation |
{- "org": {
- "archived": false,
- "color": "#C0C0C0",
- "id": "9de00c4f-e1d9-4a7e-8b9e-38b3f5648ee2",
- "name": "vela",
- "security_rights": [
- "atom:org:assign_org_sr_to_user",
- "atom:org:view_org",
- "atom:org:list_org_admins"
], - "tenant_id": "be2070e5-0510-45a4-8d5b-5817442cdc98",
- "tenant_name": "bhp"
}
}
Update an organisation.
In order to execute this action the current user must have security right atom:tenant:create_org
for the tenant with the ID in parameter tenant_id
.
org_id required | string <uuid> ID of the organisation |
Organisation attributes
authorised_officer_email | string Authorised officer email |
authorised_officer_first_name | string Authorised officer first name |
authorised_officer_last_name | string Authorised officer last name |
business_address | string Business address |
color | string The color associated with the organisation in the hex format. Used for the UI. |
company_number | string Company number |
company_url | string or null <uri> URL of the company |
legal_name | string Legal number |
lei_number | string Legal entity identification number |
logo_url | string <uri> URL to a logo image |
name required | string Name of the organisation to create |
status_in_tenant | string Status: signed legal agreement received or proof of concept |
trading_name | string Trading number |
{- "authorised_officer_email": "string",
- "authorised_officer_first_name": "string",
- "authorised_officer_last_name": "string",
- "business_address": "string",
- "color": "string",
- "company_number": "string",
- "legal_name": "string",
- "lei_number": "string",
- "name": "string",
- "status_in_tenant": "string",
- "trading_name": "string"
}
{- "org": {
- "archived": false,
- "color": "#C0C0C0",
- "id": "9de00c4f-e1d9-4a7e-8b9e-38b3f5648ee2",
- "name": "vela",
- "security_rights": [
- "atom:org:assign_org_sr_to_user",
- "atom:org:view_org",
- "atom:org:list_org_admins"
], - "tenant_id": "be2070e5-0510-45a4-8d5b-5817442cdc98",
- "tenant_name": "bhp"
}
}
List admins of an organisation.
It is also possible to request a list of archived admins of the organisation, that is, users who used to have organisation security rights for the given organisation, but do not have them now.
In order to execute this action the current user must have
atom:org:list_org_admins
for the organisation with the ID in parameter org_id
oratom:tenant:list_admins_of_all_orgs_of_tenant
for the parent tenant of the organisation org_id
ororg_id required | string <uuid> ID of the organisation |
status | string Enum: "active" "archived" admin status: |
string search admins by their email address. Currenty works only with status=archived | |
per_page | integer number of admins per page |
page | integer Number of the page to serve. This parameter activates classic page-based pagination
and cannot be used with parameter |
order | string Enum: "asc" "desc" order admins by given name in ascending or descending order |
next_page_after | string When cursor based pagination is used, each paginated response has value |
{- "admins": [
- {
- "archived": false,
- "email": "peter@peterson.com",
- "family_name": "Peterson",
- "given_name": "Peter",
- "id": "9de00c4f-e1d9-4a7e-8b9e-38b3f5648ee2"
}
], - "meta": { },
- "next_page_after": "string"
}
Remove all organisation security rights from user.
In order to execute this action the current user must one of the following security rights:
atom:global:assign_org_sr_to_user
atom:tenant:assign_org_sr_to_user
atom:org:assign_org_sr_to_user
org_id required | string <uuid> ID of the organisation |
org_admin_id required | string <uuid> ID of the admin |
{- "error": "unauthorized",
- "extra_info": {
- "reason": "invalid_jwt"
}, - "http_code": 401,
- "message": null
}
Show an admin of a given organisation.
In order to execute this action the current user must have
atom:org:list_org_admins
for the organisation with the ID in parameter org_id
oratom:tenant:list_admins_of_all_orgs_of_tenant
for the parent tenant of the organisation org_id
ororg_id required | string <uuid> ID of the organisation |
org_admin_id required | string <uuid> ID of the admin |
{- "admin": {
- "archived": false,
- "email": "peter@peterson.com",
- "family_name": "Peterson",
- "given_name": "Peter",
- "id": "9de00c4f-e1d9-4a7e-8b9e-38b3f5648ee2"
}
}
Remove a user from admins of the given organisation, and put the admin into the registry of former admins of that organisation.
In order to execute this action the current user must one of the following security rights:
atom:global:assign_org_sr_to_user
atom:tenant:assign_org_sr_to_user
atom:org:assign_org_sr_to_user
org_id required | string <uuid> ID of the organisation |
org_admin_id required | string <uuid> ID of the admin |
{- "error": "unauthorized",
- "extra_info": {
- "reason": "invalid_jwt"
}, - "http_code": 401,
- "message": null
}
Reinstate an archived user and make him/her a org admin again.
In order to execute this action the current user must one of the following security rights:
atom:org:assign_org_sr_to_user
atom:tenant:assign_org_sr_to_user
atom:global:assign_org_sr_to_user
org_id required | string <uuid> ID of the organisation |
org_admin_id required | string <uuid> ID of the admin |
{- "admin": {
- "archived": false,
- "email": "peter@peterson.com",
- "family_name": "Peterson",
- "given_name": "Peter",
- "id": "9de00c4f-e1d9-4a7e-8b9e-38b3f5648ee2"
}
}
List organisation security rights of a organisation admin.
In order to execute this action the current user must have security right atom:org:list_org_admin_sr
for the organisation with the ID in parameter org_id
or atom:tenant:list_org_admin_sr
for the tenant that the organisation belongs to, or global security right atom:global:list_admin_sr_of_any_admin
"
org_id required | string <uuid> ID of the organisation |
org_admin_id required | string <uuid> ID of an organisation admin |
{- "security_rights": [
- "atom:org:assign_org_sr_to_user",
- "atom:org:view_org",
- "atom:org:list_org_admins"
]
}
Assign organisation security rights to a user.
The endpoint can process security rights of 2 categories:
for_org = true
and for_tenant = false
for_org = true
and for_tenant = true
, in this case the security right will be assigned to the tenant which organisation belongs toIn order to execute this action the current user must have one of the following security rights:
atom:org:assign_org_sr_to_user
for the organisation with the ID in parameter org_id
atom:tenant:assign_org_sr_to_user
for the tenant that the organisation belongs toatom:global:assign_org_sr_to_user
"org_id required | string <uuid> ID of the organisation |
org_admin_id required | string <uuid> ID of an organisation admin |
list of security rights
security_rights required | Array of strings list of security rights |
{- "security_rights": [
- "atom:org:assign_org_sr_to_user"
]
}
{- "error": "unauthorized",
- "extra_info": {
- "reason": "invalid_jwt"
}, - "http_code": 401,
- "message": null
}
Archive an organisation.
In order to execute this action the current user must have security right atom:tenant:create_org
for the tenant of the organisation.
org_id required | string <uuid> ID of the organisation |
{- "org": {
- "archived": false,
- "color": "#C0C0C0",
- "id": "9de00c4f-e1d9-4a7e-8b9e-38b3f5648ee2",
- "name": "vela",
- "security_rights": [
- "atom:org:assign_org_sr_to_user",
- "atom:org:view_org",
- "atom:org:list_org_admins"
], - "tenant_id": "be2070e5-0510-45a4-8d5b-5817442cdc98",
- "tenant_name": "bhp"
}
}
Restore an organisation.
In order to execute this action the current user must have security right atom:tenant:create_org
for the tenant of the organisation.
org_id required | string <uuid> ID of the organisation |
{- "org": {
- "archived": false,
- "color": "#C0C0C0",
- "id": "9de00c4f-e1d9-4a7e-8b9e-38b3f5648ee2",
- "name": "vela",
- "security_rights": [
- "atom:org:assign_org_sr_to_user",
- "atom:org:view_org",
- "atom:org:list_org_admins"
], - "tenant_id": "be2070e5-0510-45a4-8d5b-5817442cdc98",
- "tenant_name": "bhp"
}
}
Add security rights to an organisation.
In order to execute this action the current user must have security right atom:tenant:assign_sr_to_org
for the tenant which the organisation belongs to.
org_id required | string <uuid> ID of the organisation |
list of security rights
security_rights required | Array of strings list of security rights |
{- "security_rights": [
- "atom:org:assign_org_sr_to_user"
]
}
{- "org": {
- "archived": false,
- "color": "#C0C0C0",
- "id": "9de00c4f-e1d9-4a7e-8b9e-38b3f5648ee2",
- "name": "vela",
- "security_rights": [
- "atom:org:assign_org_sr_to_user",
- "atom:org:view_org",
- "atom:org:list_org_admins"
], - "tenant_id": "be2070e5-0510-45a4-8d5b-5817442cdc98",
- "tenant_name": "bhp"
}
}
Remove security rights from an organisation.
In order to execute this action the current user must have security right atom:tenant:assign_sr_to_org
for the tenant which the organisation belongs to.
org_id required | string <uuid> ID of the organisation |
security_rights required | string Comma-separated security rights to remove |
{- "error": "unauthorized",
- "extra_info": {
- "reason": "invalid_jwt"
}, - "http_code": 401,
- "message": null
}
List organisations in a tenant.
In order to execute this action the current user must have global security atom:global:view_all_orgs
or security right atom:tenant:view_tenant_orgs
for the tenant with the ID in parameter tenant_id
.
tenant_id required | string <uuid> ID of the tenant |
status | string Enum: "active" "archived" "all" org status: |
per_page | integer number of organisations per page |
order | string Enum: "asc" "desc" order organisations by name in ascending or descending order |
page | integer Number of the page to serve. This parameter activates classic page-based pagination
and cannot be used with parameter |
next_page_after | string When cursor based pagination is used, each paginated response has value |
filter_by | string Search organisations whose names contains the given string. |
{- "meta": { },
- "next_page_after": "string",
- "orgs": [
- {
- "archived": false,
- "color": "#C0C0C0",
- "id": "9de00c4f-e1d9-4a7e-8b9e-38b3f5648ee2",
- "name": "vela",
- "security_rights": [
- "atom:org:assign_org_sr_to_user",
- "atom:org:view_org",
- "atom:org:list_org_admins"
], - "tenant_id": "be2070e5-0510-45a4-8d5b-5817442cdc98",
- "tenant_name": "bhp"
}
]
}
Create an organisation.
In order to execute this action the current user must have security right atom:tenant:create_org
for the tenant with the ID in parameter tenant_id
.
tenant_id required | string <uuid> ID of the tenant |
no_first_user | boolean If true, the current user will not become the first admin of the organisation, and the organisation will have not admins. By default the current user becomes the first admin of the organisation |
add_all_external_security_rights | boolean By default only all internal org-level security rights of the parent tenant are added to a new organisation If this parameter is true, also all external org-level security rights of the parent tenant are added to a new organisation. |
Organisation attributes
authorised_officer_email | string Authorised officer email |
authorised_officer_first_name | string Authorised officer first name |
authorised_officer_last_name | string Authorised officer last name |
business_address | string Business address |
color | string The color associated with the organisation in the hex format. Used for the UI. |
company_number | string Company number |
company_url | string or null <uri> URL of the company |
legal_name | string Legal number |
lei_number | string Legal entity identification number |
logo_url | string <uri> URL to a logo image |
name required | string Name of the organisation to create |
status_in_tenant | string Status: signed legal agreement received or proof of concept |
trading_name | string Trading number |
{- "authorised_officer_email": "string",
- "authorised_officer_first_name": "string",
- "authorised_officer_last_name": "string",
- "business_address": "string",
- "color": "string",
- "company_number": "string",
- "legal_name": "string",
- "lei_number": "string",
- "name": "string",
- "status_in_tenant": "string",
- "trading_name": "string"
}
{- "org": {
- "archived": false,
- "color": "#C0C0C0",
- "id": "9de00c4f-e1d9-4a7e-8b9e-38b3f5648ee2",
- "name": "vela",
- "security_rights": [
- "atom:org:assign_org_sr_to_user",
- "atom:org:view_org",
- "atom:org:list_org_admins"
], - "tenant_id": "be2070e5-0510-45a4-8d5b-5817442cdc98",
- "tenant_name": "bhp"
}
}
Show a list of organisations which the current user can see. These are the following organisations:
atom:global:view_all_tenants
, all organisations are shownatom:tenant:view_tenant_orgs
atom:org:view_org
Can take optional parameter tenant_id
which will restrict the list of organisations to one tenant only.
tenant_id | string <uuid> This parameter is the ID of a tenant and if present it restricts the list of organisations to one tenant only. |
{- "orgs": [
- {
- "archived": false,
- "color": "#C0C0C0",
- "id": "9de00c4f-e1d9-4a7e-8b9e-38b3f5648ee2",
- "name": "vela",
- "security_rights": [
- "atom:org:assign_org_sr_to_user",
- "atom:org:view_org",
- "atom:org:list_org_admins"
], - "tenant_id": "be2070e5-0510-45a4-8d5b-5817442cdc98",
- "tenant_name": "bhp"
}
]
}
Fetches classification nodes.
There are 2 types of classification nodes:
This endpoint serves both global and your own classication nodes. Field own
specifies which kind of classigication node this is
You can fetch classification nodes belonging to a certain classification scheme. You can also filter classification nodes by a LIKE expression on the name.
Parameter own
allows you to request only global or only user-defined classification nodes.
next_page_after | string cursor to get the next page |
per_page | integer override the number of records per page - default 200 |
scheme_name | string Filter classification nodes by the name of the classification scheme |
name | string this is a 'LIKE' search intended for use in searching for classification nodes, mostly tags. For example adding 'trav' might return a classification node with the name 'travel' |
own | string If the value is 'true', only user-defined classification nodes are returned, if the value is 'false', only global classification nodes are returned. |
Meeco-Delegation-Id | string
|
Meeco-Organisation-Id | string This header is required for ATOM-based delegation.
ATOM-based delegation enables administrators of an organisation to perform actions
on behalf of an organisation.
If this header is present, header |
{- "next_page_after": "string",
- "classification_nodes": [
- {
- "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
- "own": true,
- "name": "string",
- "label": "string",
- "description": "string",
- "ordinal": 0,
- "background_color": "string",
- "scheme": "string",
- "classifications_count": 0
}
], - "meta": {
- "order_by": "string",
- "order": "string",
- "order_from_params": true,
- "per_page": 0,
- "per_page_from_params": true,
- "current_cursor": "string",
- "records_count": 0,
- "page": 0,
- "page_count": 0
}
}
There are 2 types of classification schemes:
This endpoint allows a user to create a new classification node in a user-owned classification scheme.
Meeco-Delegation-Id | string
|
Meeco-Organisation-Id | string This header is required for ATOM-based delegation.
ATOM-based delegation enables administrators of an organisation to perform actions
on behalf of an organisation.
If this header is present, header |
object |
{- "classification_node": {
- "classification_scheme_name": "string",
- "name": "string",
- "label": "string",
- "user_id": "string",
- "description": "string",
- "image": "string"
}
}
{- "classification_node": {
- "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
- "own": true,
- "name": "string",
- "label": "string",
- "description": "string",
- "ordinal": 0,
- "background_color": "string",
- "scheme": "string",
- "classifications_count": 0
}
}
Retrieve a classification node
id required | string Classification Node id |
Meeco-Delegation-Id | string
|
Meeco-Organisation-Id | string This header is required for ATOM-based delegation.
ATOM-based delegation enables administrators of an organisation to perform actions
on behalf of an organisation.
If this header is present, header |
{- "classification_node": {
- "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
- "own": true,
- "name": "string",
- "label": "string",
- "description": "string",
- "ordinal": 0,
- "background_color": "string",
- "scheme": "string",
- "classifications_count": 0
}
}
next_page_after | string cursor to get the next page |
per_page | integer override the number of records per page - default 200 |
page | integer specify page number in page-based pagination. The default pagination mode is cursor-based pagination, in order to swtich to page-based pagination this parameter must ne used, even for the first page |
delegation | string Request connection where the current user has granted delegation to other users ( |
Meeco-Delegation-Id | string
|
Meeco-Organisation-Id | string This header is required for ATOM-based delegation.
ATOM-based delegation enables administrators of an organisation to perform actions
on behalf of an organisation.
If this header is present, header |
{- "connections": [
- {
- "own": {
- "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
- "encrypted_recipient_name": "string",
- "integration_data": { },
- "delegation_token": "string",
- "delegation_role": "admin",
- "organization_member_id": "3a8f5387-fc8c-4f9b-b780-ac9fb20be29e",
- "connection_type": "member",
- "user_id": "a169451c-8525-4352-b8ca-070dd449a1a5",
- "user_type": "human",
- "user_public_key": "string",
- "user_keypair_external_id": "string",
- "did": "string",
- "created_at": "2019-08-24T14:15:22Z"
}, - "the_other_user": {
- "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
- "integration_data": { },
- "delegation_token": "string",
- "delegation_role": "admin",
- "organization_member_id": "3a8f5387-fc8c-4f9b-b780-ac9fb20be29e",
- "connection_type": "member",
- "user_id": "a169451c-8525-4352-b8ca-070dd449a1a5",
- "user_type": "human",
- "user_public_key": "string",
- "user_keypair_external_id": "string",
- "did": "string"
}
}
], - "meta": {
- "order_by": "string",
- "order": "string",
- "order_from_params": true,
- "per_page": 0,
- "per_page_from_params": true,
- "current_cursor": "string",
- "records_count": 0,
- "page": 0,
- "page_count": 0
}, - "next_page_after": "string"
}
Accepts an invitation and creates 2 connection records: a connection from the current user to the user who invited the current user, and a connection from the user who invited the current user to the current user.
If there were share intents linked to this invitation, shares are created. The response contains a report on the created shares.
This endpoint is only available when global configuration variable multistep_invitation_workflow
is false
If there is already a connection between these two users, then
invitation
will be set to NULL
connection_existed_already
will be set to true
Meeco-Delegation-Id | string
|
Meeco-Organisation-Id | string This header is required for ATOM-based delegation.
ATOM-based delegation enables administrators of an organisation to perform actions
on behalf of an organisation.
If this header is present, header |
object (PostConnectionPublicKey) | |
object (PostConnection) |
{- "public_key": {
- "keypair_external_id": "string",
- "public_key": "string"
}, - "connection": {
- "encrypted_recipient_name": "string",
- "invitation_token": "string",
- "recipient_did": "string"
}
}
{- "connection_existed_already": true,
- "connection": {
- "own": {
- "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
- "encrypted_recipient_name": "string",
- "integration_data": { },
- "delegation_token": "string",
- "delegation_role": "admin",
- "organization_member_id": "3a8f5387-fc8c-4f9b-b780-ac9fb20be29e",
- "connection_type": "member",
- "user_id": "a169451c-8525-4352-b8ca-070dd449a1a5",
- "user_type": "human",
- "user_public_key": "string",
- "user_keypair_external_id": "string",
- "did": "string",
- "created_at": "2019-08-24T14:15:22Z"
}, - "the_other_user": {
- "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
- "integration_data": { },
- "delegation_token": "string",
- "delegation_role": "admin",
- "organization_member_id": "3a8f5387-fc8c-4f9b-b780-ac9fb20be29e",
- "connection_type": "member",
- "user_id": "a169451c-8525-4352-b8ca-070dd449a1a5",
- "user_type": "human",
- "user_public_key": "string",
- "user_keypair_external_id": "string",
- "did": "string"
}
}, - "created_shares_report": [
- {
- "item_to_be_shared": "5cb7e8f7-00d4-4409-9766-ffd287737635",
- "success": true,
- "share_id": "853fa54b-9753-4ffb-b7d0-6739f9ae0f8e",
- "reason": "string"
}
]
}
Deletes a connection.
A backend to backend call to the keystore will automatically delete the corresponding keystore delegation if applicable.
id required | string |
Meeco-Delegation-Id | string
|
Meeco-Organisation-Id | string This header is required for ATOM-based delegation.
ATOM-based delegation enables administrators of an organisation to perform actions
on behalf of an organisation.
If this header is present, header |
{- "errors": [
- {
- "error": "string",
- "http_code": 0,
- "message": "string",
- "requested_language": "string",
- "message_in_requested_language": true,
- "extra_info": { }
}
]
}
id required | string |
Meeco-Delegation-Id | string
|
Meeco-Organisation-Id | string This header is required for ATOM-based delegation.
ATOM-based delegation enables administrators of an organisation to perform actions
on behalf of an organisation.
If this header is present, header |
{- "connection": {
- "own": {
- "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
- "encrypted_recipient_name": "string",
- "integration_data": { },
- "delegation_token": "string",
- "delegation_role": "admin",
- "organization_member_id": "3a8f5387-fc8c-4f9b-b780-ac9fb20be29e",
- "connection_type": "member",
- "user_id": "a169451c-8525-4352-b8ca-070dd449a1a5",
- "user_type": "human",
- "user_public_key": "string",
- "user_keypair_external_id": "string",
- "did": "string",
- "created_at": "2019-08-24T14:15:22Z"
}, - "the_other_user": {
- "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
- "integration_data": { },
- "delegation_token": "string",
- "delegation_role": "admin",
- "organization_member_id": "3a8f5387-fc8c-4f9b-b780-ac9fb20be29e",
- "connection_type": "member",
- "user_id": "a169451c-8525-4352-b8ca-070dd449a1a5",
- "user_type": "human",
- "user_public_key": "string",
- "user_keypair_external_id": "string",
- "did": "string"
}
}
}
Retrieves invitations that the current user has created. Parameter state
fetches invitations with a certain state. Currenty there are 6 states:
new
connected
rejected
accepted
cancelled
expired
If parameter state
is not submitted, only invitations with states new
, accepted
and rejected
are fetched.
state | string only fetch invitations with a certain state. Currenty there are 5 states: |
next_page_after | string cursor to get the next page |
per_page | integer override the number of records per page - default 200 |
page | integer specify page number in page-based pagination. The default pagination mode is cursor-based pagination, in order to swtich to page-based pagination this parameter must ne used, even for the first page |
Meeco-Delegation-Id | string
|
Meeco-Organisation-Id | string This header is required for ATOM-based delegation.
ATOM-based delegation enables administrators of an organisation to perform actions
on behalf of an organisation.
If this header is present, header |
{- "next_page_after": "string",
- "invitations": [
- {
- "connection_type": "member",
- "message": "string",
- "created_at": "2019-08-24T14:15:22Z",
- "token": "string",
- "delegation_role": "admin",
- "delegation_token": "string",
- "organization_id": "7c60d51f-b44e-4682-87d6-449835ea4de6",
- "organization_member_role": "de424139-9d14-4753-9abe-7c04cad23892",
- "service_id": "641e839f-864e-4cce-98f9-40f6cbb3e9e0",
- "sender_did": "string",
- "recipient_did": "string",
- "expire_at": "2019-08-24T14:15:22Z",
- "shares_to_be_created": 0,
- "outgoing": true,
- "invited_user_id": "6e09f47e-7bbe-4452-8a43-86146fc6331b",
- "state": "string",
- "encrypted_recipient_name": "string",
- "encrypted_sender_name": "string",
- "recipient_to_sender_data": { },
- "sender_to_recipient_data": { },
- "sender_public_key": "string",
- "multistep_workflow": true,
- "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
- "keypair_external_id": "string",
- "user_public_key": "string",
- "integration_data": { },
- "user_name": "string"
}
], - "meta": {
- "order_by": "string",
- "order": "string",
- "order_from_params": true,
- "per_page": 0,
- "per_page_from_params": true,
- "current_cursor": "string",
- "records_count": 0,
- "page": 0,
- "page_count": 0
}
}
Invite another user to connect.
An invitation does not specify a recipient directly, instead the result of this operation is
an invitation token which can then be sent to a recipient by a client application or some other means, mand the recipient can create a connection using this token and endpoint POST /connections
Invitations and connections have 3 special use-cases:
Blindly accepting an invitation by submitting an invitation token to POST /connections
might have serious consequences, so client applications are advised to first read the invitation with GET /invitations/{token}
before creating a connection. The intent of an invitation is in JSON field integration_data
.
For the membership invitation parameter organization_member_role
is used to specify the role we are inviting the user with. There are currently 2 organization member roles:
owner
- can do everythingadmin
(default) - can only manage organization services
If param organization_member_role
is not provided then role admin
will be assigned to the invited member.For the delegation connection parameters delegate_role
and delegation_token
are mandatory. delegation_token
should be obtained by running POST /delegations
in the keystore.
If delegate_role
and delegation_token
are present, a recipient is invited to become a delegate user who has rights to perform actions on behalf of the user who has created the invitation.
Currently there are three delegate roles:
owner
admin
reader
The vault supports two invitations workflows:
Simple - a sender creates an invitation. A recipient then accepts the invitation, and a connection is created.
Multistep - a sender creates an invitation. A recipient then accepts the invitation, no connection is created yet. The recipient then confirms the invitation, and a connection is created.
An invitation is marked as belonging to one of these two workflows when created, boolean parameter multistep_workflow
can be used for this. Values '1' and 'true' are interpreted as true, as multistep invitation workflow.
Each vault instance is configured to have a default invitation workflow. In case multistep_workflow
is not submitted or is null
, the default workflow is used.
Meeco-Delegation-Id | string
|
Meeco-Organisation-Id | string This header is required for ATOM-based delegation.
ATOM-based delegation enables administrators of an organisation to perform actions
on behalf of an organisation.
If this header is present, header |
expires_in | integer or null number of days the invitation is valid. Cannot exceed the default value |
object (PostInvitationPublicKey) | |
object (PostInvitation) |
{- "expires_in": 0,
- "public_key": {
- "keypair_external_id": "string",
- "public_key": "string"
}, - "invitation": {
- "encrypted_recipient_name": "string",
- "encrypted_sender_name": "string",
- "organization_member_role": "string",
- "delegate_role": "string",
- "sender_did": "string",
- "delegation_token": "string",
- "multistep_workflow": "string",
- "sender_to_recipient_data": { }
}
}
{- "invitation": {
- "connection_type": "member",
- "message": "string",
- "created_at": "2019-08-24T14:15:22Z",
- "token": "string",
- "delegation_role": "admin",
- "delegation_token": "string",
- "organization_id": "7c60d51f-b44e-4682-87d6-449835ea4de6",
- "organization_member_role": "de424139-9d14-4753-9abe-7c04cad23892",
- "service_id": "641e839f-864e-4cce-98f9-40f6cbb3e9e0",
- "sender_did": "string",
- "recipient_did": "string",
- "expire_at": "2019-08-24T14:15:22Z",
- "shares_to_be_created": 0,
- "outgoing": true,
- "invited_user_id": "6e09f47e-7bbe-4452-8a43-86146fc6331b",
- "state": "string",
- "encrypted_recipient_name": "string",
- "encrypted_sender_name": "string",
- "recipient_to_sender_data": { },
- "sender_to_recipient_data": { },
- "sender_public_key": "string",
- "multistep_workflow": true,
- "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
- "keypair_external_id": "string",
- "user_public_key": "string",
- "integration_data": { },
- "user_name": "string"
}
}
Delete an invitation by its token or ID. Only the user who created the invitation may delete it.
invitation_id required | string invitation ID or token |
Meeco-Delegation-Id | string
|
Meeco-Organisation-Id | string This header is required for ATOM-based delegation.
ATOM-based delegation enables administrators of an organisation to perform actions
on behalf of an organisation.
If this header is present, header |
{- "errors": [
- {
- "error": "string",
- "http_code": 0,
- "message": "string",
- "requested_language": "string",
- "message_in_requested_language": true,
- "extra_info": { }
}
]
}
Read an invitation by its token or ID.
Can be used by both the invitation sender, and someone with an invitation token.Fields id
and keypair_external_id
are NULL if the current user is not the sender of the invitation
invitation_id required | string invitation ID or token |
Meeco-Delegation-Id | string
|
Meeco-Organisation-Id | string This header is required for ATOM-based delegation.
ATOM-based delegation enables administrators of an organisation to perform actions
on behalf of an organisation.
If this header is present, header |
{- "invitation": {
- "connection_type": "member",
- "message": "string",
- "created_at": "2019-08-24T14:15:22Z",
- "token": "string",
- "delegation_role": "admin",
- "delegation_token": "string",
- "organization_id": "7c60d51f-b44e-4682-87d6-449835ea4de6",
- "organization_member_role": "de424139-9d14-4753-9abe-7c04cad23892",
- "service_id": "641e839f-864e-4cce-98f9-40f6cbb3e9e0",
- "sender_did": "string",
- "recipient_did": "string",
- "expire_at": "2019-08-24T14:15:22Z",
- "shares_to_be_created": 0,
- "outgoing": true,
- "invited_user_id": "6e09f47e-7bbe-4452-8a43-86146fc6331b",
- "state": "string",
- "encrypted_recipient_name": "string",
- "encrypted_sender_name": "string",
- "recipient_to_sender_data": { },
- "sender_to_recipient_data": { },
- "sender_public_key": "string",
- "multistep_workflow": true,
- "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
- "keypair_external_id": "string",
- "user_public_key": "string",
- "integration_data": { },
- "user_name": "string"
}, - "share_intents": [
- {
- "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
- "item_id": "4d8cd62e-a579-4dae-af8c-3172f96f8f7c",
- "item_label": "string",
- "encrypted_dek": "string",
- "expires_at": "2019-08-24T14:15:22Z",
- "terms": "string",
- "acceptance_required": "acceptance_not_required"
}
], - "recipient_public_key": "string"
}
Accept an invitation.
This endpoint is only available if the multistep invitation flow is enabled. Accepting an endpoint does not create a connection. After an invitation is accepted, the sender of the invitation needs to confirm it.
If there is already a connection between these two users, then
invitation
will be set to NULL
connection_existed_already
will be set to true
invitation_id required | string invitation token |
Meeco-Delegation-Id | string
|
Meeco-Organisation-Id | string This header is required for ATOM-based delegation.
ATOM-based delegation enables administrators of an organisation to perform actions
on behalf of an organisation.
If this header is present, header |
object (AcceptInvitationPublicKey) | |
object (AcceptInvitationParams) |
{- "public_key": {
- "keypair_external_id": "string",
- "public_key": "string"
}, - "invitation": {
- "accept_shares": true,
- "encrypted_recipient_name": "string",
- "encrypted_sender_name": "string",
- "recipient_to_sender_data": { }
}
}
{- "connection_existed_already": true,
- "invitation": {
- "connection_type": "member",
- "message": "string",
- "created_at": "2019-08-24T14:15:22Z",
- "token": "string",
- "delegation_role": "admin",
- "delegation_token": "string",
- "organization_id": "7c60d51f-b44e-4682-87d6-449835ea4de6",
- "organization_member_role": "de424139-9d14-4753-9abe-7c04cad23892",
- "service_id": "641e839f-864e-4cce-98f9-40f6cbb3e9e0",
- "sender_did": "string",
- "recipient_did": "string",
- "expire_at": "2019-08-24T14:15:22Z",
- "shares_to_be_created": 0,
- "outgoing": true,
- "invited_user_id": "6e09f47e-7bbe-4452-8a43-86146fc6331b",
- "state": "string",
- "encrypted_recipient_name": "string",
- "encrypted_sender_name": "string",
- "recipient_to_sender_data": { },
- "sender_to_recipient_data": { },
- "sender_public_key": "string",
- "multistep_workflow": true,
- "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
- "keypair_external_id": "string",
- "user_public_key": "string",
- "integration_data": { },
- "user_name": "string"
}, - "connection": {
- "own": {
- "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
- "encrypted_recipient_name": "string",
- "integration_data": { },
- "delegation_token": "string",
- "delegation_role": "admin",
- "organization_member_id": "3a8f5387-fc8c-4f9b-b780-ac9fb20be29e",
- "connection_type": "member",
- "user_id": "a169451c-8525-4352-b8ca-070dd449a1a5",
- "user_type": "human",
- "user_public_key": "string",
- "user_keypair_external_id": "string",
- "did": "string",
- "created_at": "2019-08-24T14:15:22Z"
}, - "the_other_user": {
- "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
- "integration_data": { },
- "delegation_token": "string",
- "delegation_role": "admin",
- "organization_member_id": "3a8f5387-fc8c-4f9b-b780-ac9fb20be29e",
- "connection_type": "member",
- "user_id": "a169451c-8525-4352-b8ca-070dd449a1a5",
- "user_type": "human",
- "user_public_key": "string",
- "user_keypair_external_id": "string",
- "did": "string"
}
}
}
Reject an accepted invitation.
This endpoint is only available if the multistep invitation flow is enabled. First an invitation recipient accepts an an invitation is accepted, and then the sender of the invitation can reject it using this endpoint. Only the sender of the invitation can call this endpoint.
invitation_id required | string invitation ID |
Meeco-Delegation-Id | string
|
Meeco-Organisation-Id | string This header is required for ATOM-based delegation.
ATOM-based delegation enables administrators of an organisation to perform actions
on behalf of an organisation.
If this header is present, header |
{- "invitation": {
- "connection_type": "member",
- "message": "string",
- "created_at": "2019-08-24T14:15:22Z",
- "token": "string",
- "delegation_role": "admin",
- "delegation_token": "string",
- "organization_id": "7c60d51f-b44e-4682-87d6-449835ea4de6",
- "organization_member_role": "de424139-9d14-4753-9abe-7c04cad23892",
- "service_id": "641e839f-864e-4cce-98f9-40f6cbb3e9e0",
- "sender_did": "string",
- "recipient_did": "string",
- "expire_at": "2019-08-24T14:15:22Z",
- "shares_to_be_created": 0,
- "outgoing": true,
- "invited_user_id": "6e09f47e-7bbe-4452-8a43-86146fc6331b",
- "state": "string",
- "encrypted_recipient_name": "string",
- "encrypted_sender_name": "string",
- "recipient_to_sender_data": { },
- "sender_to_recipient_data": { },
- "sender_public_key": "string",
- "multistep_workflow": true,
- "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
- "keypair_external_id": "string",
- "user_public_key": "string",
- "integration_data": { },
- "user_name": "string"
}
}
Confirm an accepted invitation.
This endpoint is only available if the multistep invitation flow is enabled. First an invitation recipient accepts an an invitation is accepted, and then the sender of the invitation can confirm it using this endpoint. Only the sender of the invitation can call this endpoint.Parameter encrypted_dek
is used for share intents in the multistep invitation workflow. In the multistep invitation workflow when share intents are created, they are first encrypted with the private DEK on the invitation sender. At this confirmation step the sender of the invitation already has access to the public key of the recipient in the invitation, field recipient_public_key
, and the sender of the invitation is expected to re-encrypt the DEK in the share intents with the public key of the recipient. encrypted_dek
is mandatory if there are share intents.
If there is already a connection between these two users, then
invitation
will be set to NULL
connection_existed_already
will be set to true
invitation_id required | string invitation ID |
Meeco-Delegation-Id | string
|
Meeco-Organisation-Id | string This header is required for ATOM-based delegation.
ATOM-based delegation enables administrators of an organisation to perform actions
on behalf of an organisation.
If this header is present, header |
encrypted_recipient_name | string Name of the recipient of the invitation re-encrypted with the private DEK of the sender of the invitation |
encrypted_dek | string This parameter is used for share intents in the multistep invitation workflow. In the multistep invitation workflow when share intents are created, they are first encrypted with the private DEK on the invitation sender. At this confirmation step the sender of the invitation already has access to the public key of the recipient in the invitation, field |
{- "encrypted_recipient_name": "string",
- "encrypted_dek": "string"
}
{- "connection_existed_already": true,
- "invitation": {
- "connection_type": "member",
- "message": "string",
- "created_at": "2019-08-24T14:15:22Z",
- "token": "string",
- "delegation_role": "admin",
- "delegation_token": "string",
- "organization_id": "7c60d51f-b44e-4682-87d6-449835ea4de6",
- "organization_member_role": "de424139-9d14-4753-9abe-7c04cad23892",
- "service_id": "641e839f-864e-4cce-98f9-40f6cbb3e9e0",
- "sender_did": "string",
- "recipient_did": "string",
- "expire_at": "2019-08-24T14:15:22Z",
- "shares_to_be_created": 0,
- "outgoing": true,
- "invited_user_id": "6e09f47e-7bbe-4452-8a43-86146fc6331b",
- "state": "string",
- "encrypted_recipient_name": "string",
- "encrypted_sender_name": "string",
- "recipient_to_sender_data": { },
- "sender_to_recipient_data": { },
- "sender_public_key": "string",
- "multistep_workflow": true,
- "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
- "keypair_external_id": "string",
- "user_public_key": "string",
- "integration_data": { },
- "user_name": "string"
}, - "connection": {
- "own": {
- "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
- "encrypted_recipient_name": "string",
- "integration_data": { },
- "delegation_token": "string",
- "delegation_role": "admin",
- "organization_member_id": "3a8f5387-fc8c-4f9b-b780-ac9fb20be29e",
- "connection_type": "member",
- "user_id": "a169451c-8525-4352-b8ca-070dd449a1a5",
- "user_type": "human",
- "user_public_key": "string",
- "user_keypair_external_id": "string",
- "did": "string",
- "created_at": "2019-08-24T14:15:22Z"
}, - "the_other_user": {
- "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
- "integration_data": { },
- "delegation_token": "string",
- "delegation_role": "admin",
- "organization_member_id": "3a8f5387-fc8c-4f9b-b780-ac9fb20be29e",
- "connection_type": "member",
- "user_id": "a169451c-8525-4352-b8ca-070dd449a1a5",
- "user_type": "human",
- "user_public_key": "string",
- "user_keypair_external_id": "string",
- "did": "string"
}
}
}
Reject an invitation. This endpoint is only available if the multistep invitation flow is enabled.
invitation_id required | string invitation token |
Meeco-Delegation-Id | string
|
Meeco-Organisation-Id | string This header is required for ATOM-based delegation.
ATOM-based delegation enables administrators of an organisation to perform actions
on behalf of an organisation.
If this header is present, header |
{- "invitation": {
- "connection_type": "member",
- "message": "string",
- "created_at": "2019-08-24T14:15:22Z",
- "token": "string",
- "delegation_role": "admin",
- "delegation_token": "string",
- "organization_id": "7c60d51f-b44e-4682-87d6-449835ea4de6",
- "organization_member_role": "de424139-9d14-4753-9abe-7c04cad23892",
- "service_id": "641e839f-864e-4cce-98f9-40f6cbb3e9e0",
- "sender_did": "string",
- "recipient_did": "string",
- "expire_at": "2019-08-24T14:15:22Z",
- "shares_to_be_created": 0,
- "outgoing": true,
- "invited_user_id": "6e09f47e-7bbe-4452-8a43-86146fc6331b",
- "state": "string",
- "encrypted_recipient_name": "string",
- "encrypted_sender_name": "string",
- "recipient_to_sender_data": { },
- "sender_to_recipient_data": { },
- "sender_public_key": "string",
- "multistep_workflow": true,
- "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
- "keypair_external_id": "string",
- "user_public_key": "string",
- "integration_data": { },
- "user_name": "string"
}
}
In delegation we differentiate between a delegate user and an owner user:
owner
- a user who grants delegation permissions, the real owner of the accountdelegate
- a user who has been granted permission to perform actions on the behalf of the ownerOne way to set up a delegation relation is via invitations. Any user can invite another user to become a delegate. See POST /invitations
for details.
Another way is creating a child user. A child account is a new empty account over which the user who has created it has full control via a delegation connection with role owner
.
The user who has created a child account is considered a parent account. Managing keys of the child account the responsibility of the parent user.
The result of this call is a child account without a private DEK but with a login public key.
In order to create a child account the following data must be submitted:
Meeco-Delegation-Id | string
|
Meeco-Organisation-Id | string This header is required for ATOM-based delegation.
ATOM-based delegation enables administrators of an organisation to perform actions
on behalf of an organisation.
If this header is present, header |
Parameters to create a child account and a connection between the parent user and the child user
object (ParentPublicKeyForConnection) | |
object (ChildPublicKeyForConnection) |
{- "parent_public_key_for_connection": {
- "pem": "string",
- "external_id": "string"
}, - "child_public_key_for_connection": {
- "pem": "string",
- "external_id": "string"
}
}
{- "user": {
- "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
- "full_name": "string",
- "email": "string",
- "country": "string",
- "joined_at": "2019-08-24T14:15:22Z",
- "onboarded_at": "2019-08-24T14:15:22Z",
- "timezone": "string",
- "private_dek_external_id": "string",
- "did": "string",
- "queued_for_deletion_after": "2019-08-24T14:15:22Z",
- "accepted_terms": true,
- "broken_attachments_present": true,
- "user_type": "human"
}, - "connection_from_parent_to_child": {
- "own": {
- "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
- "encrypted_recipient_name": "string",
- "integration_data": { },
- "delegation_token": "string",
- "delegation_role": "admin",
- "organization_member_id": "3a8f5387-fc8c-4f9b-b780-ac9fb20be29e",
- "connection_type": "member",
- "user_id": "a169451c-8525-4352-b8ca-070dd449a1a5",
- "user_type": "human",
- "user_public_key": "string",
- "user_keypair_external_id": "string",
- "did": "string",
- "created_at": "2019-08-24T14:15:22Z"
}, - "the_other_user": {
- "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
- "integration_data": { },
- "delegation_token": "string",
- "delegation_role": "admin",
- "organization_member_id": "3a8f5387-fc8c-4f9b-b780-ac9fb20be29e",
- "connection_type": "member",
- "user_id": "a169451c-8525-4352-b8ca-070dd449a1a5",
- "user_type": "human",
- "user_public_key": "string",
- "user_keypair_external_id": "string",
- "did": "string"
}
}
}
Invite an existing connection to become a delegate of your account. They will have rights to perform actions on behalf of the user who has created the invitation.
There are three delegation roles:
owner
admin
reader
delegation_token
should be obtained by running POST /delegations
in the keystore.
Meeco-Delegation-Id | string
|
Meeco-Organisation-Id | string This header is required for ATOM-based delegation.
ATOM-based delegation enables administrators of an organisation to perform actions
on behalf of an organisation.
If this header is present, header |
connection_id | string <uuid> |
delegation_token | string |
delegation_role | string |
{- "connection_id": "d3547de1-d1f2-4344-b4c2-17169b7526f9",
- "delegation_token": "string",
- "delegation_role": "string"
}
{- "delegation_invitation": {
- "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
- "inviting_user_id": "8e4fe6ee-f24e-41a6-91ba-ced00d04afe7",
- "inviting_user_connection_id": "10bc5d68-754f-45ea-a08f-59738e87c742",
- "invited_user_id": "6e09f47e-7bbe-4452-8a43-86146fc6331b",
- "invited_user_connection_id": "04f2eda0-4a12-4bb3-85c7-2b77f3f8710f",
- "delegation_token": "string",
- "delegation_role": "string",
- "state": "new"
}
}
Retrieves invitations that the current user has created.
next_page_after | string cursor to get the next page |
per_page | integer override the number of records per page - default 200 |
Meeco-Delegation-Id | string
|
Meeco-Organisation-Id | string This header is required for ATOM-based delegation.
ATOM-based delegation enables administrators of an organisation to perform actions
on behalf of an organisation.
If this header is present, header |
{- "next_page_after": "string",
- "delegation_invitations": [
- {
- "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
- "inviting_user_id": "8e4fe6ee-f24e-41a6-91ba-ced00d04afe7",
- "inviting_user_connection_id": "10bc5d68-754f-45ea-a08f-59738e87c742",
- "invited_user_id": "6e09f47e-7bbe-4452-8a43-86146fc6331b",
- "invited_user_connection_id": "04f2eda0-4a12-4bb3-85c7-2b77f3f8710f",
- "delegation_token": "string",
- "delegation_role": "string",
- "state": "new"
}
], - "meta": {
- "order_by": "string",
- "order": "string",
- "order_from_params": true,
- "per_page": 0,
- "per_page_from_params": true,
- "current_cursor": "string",
- "records_count": 0,
- "page": 0,
- "page_count": 0
}
}
Retrieves invitations that have been sent to the current user.
next_page_after | string cursor to get the next page |
per_page | integer override the number of records per page - default 200 |
Meeco-Delegation-Id | string
|
Meeco-Organisation-Id | string This header is required for ATOM-based delegation.
ATOM-based delegation enables administrators of an organisation to perform actions
on behalf of an organisation.
If this header is present, header |
{- "next_page_after": "string",
- "delegation_invitations": [
- {
- "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
- "inviting_user_id": "8e4fe6ee-f24e-41a6-91ba-ced00d04afe7",
- "inviting_user_connection_id": "10bc5d68-754f-45ea-a08f-59738e87c742",
- "invited_user_id": "6e09f47e-7bbe-4452-8a43-86146fc6331b",
- "invited_user_connection_id": "04f2eda0-4a12-4bb3-85c7-2b77f3f8710f",
- "delegation_token": "string",
- "delegation_role": "string",
- "state": "new"
}
], - "meta": {
- "order_by": "string",
- "order": "string",
- "order_from_params": true,
- "per_page": 0,
- "per_page_from_params": true,
- "current_cursor": "string",
- "records_count": 0,
- "page": 0,
- "page_count": 0
}
}
Delete a delegation invitation by its ID. Users may only delete delegation invitations in the new state that they have created.
id required | string |
Meeco-Delegation-Id | string
|
Meeco-Organisation-Id | string This header is required for ATOM-based delegation.
ATOM-based delegation enables administrators of an organisation to perform actions
on behalf of an organisation.
If this header is present, header |
{- "errors": [
- {
- "error": "string",
- "http_code": 0,
- "message": "string",
- "requested_language": "string",
- "message_in_requested_language": true,
- "extra_info": { }
}
]
}
Read a delegation invitation by its ID. Both creator and recipient can read the invitation
id required | string |
Meeco-Delegation-Id | string
|
Meeco-Organisation-Id | string This header is required for ATOM-based delegation.
ATOM-based delegation enables administrators of an organisation to perform actions
on behalf of an organisation.
If this header is present, header |
{- "delegation_invitation": {
- "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
- "inviting_user_id": "8e4fe6ee-f24e-41a6-91ba-ced00d04afe7",
- "inviting_user_connection_id": "10bc5d68-754f-45ea-a08f-59738e87c742",
- "invited_user_id": "6e09f47e-7bbe-4452-8a43-86146fc6331b",
- "invited_user_connection_id": "04f2eda0-4a12-4bb3-85c7-2b77f3f8710f",
- "delegation_token": "string",
- "delegation_role": "string",
- "state": "new"
}
}
Accept a delegation invitation by its ID and update the connection between the two users. Users may only accept delegation invitations in the new state that have been sent to them.
id required | string |
Meeco-Delegation-Id | string
|
Meeco-Organisation-Id | string This header is required for ATOM-based delegation.
ATOM-based delegation enables administrators of an organisation to perform actions
on behalf of an organisation.
If this header is present, header |
{- "connection": {
- "own": {
- "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
- "encrypted_recipient_name": "string",
- "integration_data": { },
- "delegation_token": "string",
- "delegation_role": "admin",
- "organization_member_id": "3a8f5387-fc8c-4f9b-b780-ac9fb20be29e",
- "connection_type": "member",
- "user_id": "a169451c-8525-4352-b8ca-070dd449a1a5",
- "user_type": "human",
- "user_public_key": "string",
- "user_keypair_external_id": "string",
- "did": "string",
- "created_at": "2019-08-24T14:15:22Z"
}, - "the_other_user": {
- "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
- "integration_data": { },
- "delegation_token": "string",
- "delegation_role": "admin",
- "organization_member_id": "3a8f5387-fc8c-4f9b-b780-ac9fb20be29e",
- "connection_type": "member",
- "user_id": "a169451c-8525-4352-b8ca-070dd449a1a5",
- "user_type": "human",
- "user_public_key": "string",
- "user_keypair_external_id": "string",
- "did": "string"
}
}
}
Reject a delegation invitation by its ID. Users may only reject delegation invitations in the new state that have been sent to them.
id required | string |
Meeco-Delegation-Id | string
|
Meeco-Organisation-Id | string This header is required for ATOM-based delegation.
ATOM-based delegation enables administrators of an organisation to perform actions
on behalf of an organisation.
If this header is present, header |
{- "errors": [
- {
- "error": "string",
- "http_code": 0,
- "message": "string",
- "requested_language": "string",
- "message_in_requested_language": true,
- "extra_info": { }
}
]
}
Remove delegation from a connection
A backend to backend call to the keystore will automatically delete the corresponding keystore delegation.
connection_id required | string |
Meeco-Delegation-Id | string
|
Meeco-Organisation-Id | string This header is required for ATOM-based delegation.
ATOM-based delegation enables administrators of an organisation to perform actions
on behalf of an organisation.
If this header is present, header |
{- "errors": [
- {
- "error": "string",
- "http_code": 0,
- "message": "string",
- "requested_language": "string",
- "message_in_requested_language": true,
- "extra_info": { }
}
]
}
Update a delegation by its connection ID
connection_id required | string |
Meeco-Delegation-Id | string
|
Meeco-Organisation-Id | string This header is required for ATOM-based delegation.
ATOM-based delegation enables administrators of an organisation to perform actions
on behalf of an organisation.
If this header is present, header |
delegation_role | string |
{- "delegation_role": "string"
}
{- "connection": {
- "own": {
- "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
- "encrypted_recipient_name": "string",
- "integration_data": { },
- "delegation_token": "string",
- "delegation_role": "admin",
- "organization_member_id": "3a8f5387-fc8c-4f9b-b780-ac9fb20be29e",
- "connection_type": "member",
- "user_id": "a169451c-8525-4352-b8ca-070dd449a1a5",
- "user_type": "human",
- "user_public_key": "string",
- "user_keypair_external_id": "string",
- "did": "string",
- "created_at": "2019-08-24T14:15:22Z"
}, - "the_other_user": {
- "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
- "integration_data": { },
- "delegation_token": "string",
- "delegation_role": "admin",
- "organization_member_id": "3a8f5387-fc8c-4f9b-b780-ac9fb20be29e",
- "connection_type": "member",
- "user_id": "a169451c-8525-4352-b8ca-070dd449a1a5",
- "user_type": "human",
- "user_public_key": "string",
- "user_keypair_external_id": "string",
- "did": "string"
}
}
}
This endpoint gets registered DID's own by organisation/user.
limit | any Example: limit=10 Number of records per page |
page | any Example: page=1 Page number (starting from 1) |
Meeco-Organisation-ID | string Get list of organisation own DIDs by providing Organisation Id |
{- "data": [
- {
- "id": "string",
- "ownerId": "string",
- "did": "string",
- "lastOperation": "create",
- "createdById": "string",
- "lastUpdatedById": "string",
- "createdAt": "2019-08-24T14:15:22Z",
- "lastUpdatedAt": "2019-08-24T14:15:22Z"
}
], - "meta": {
- "itemsPerPage": 0,
- "totalItems": 0,
- "currentPage": 0,
- "totalPages": 0,
- "sortBy": [
- { }
], - "searchBy": [
- { }
], - "search": "string",
- "filter": { }
}, - "links": {
- "first": "string",
- "previous": "string",
- "current": "string",
- "next": "string",
- "last": "string"
}
}
This endpoint creates a DID. As input it takes the DID, a DID document, plus optional DID registration options and secrets needed to create a DID. The output is a state object that represents the current state of the DID creation process.
See the DID Create Guide for detail usage of this endpoint.
method required | string Examples:
The DID Method to create. |
Meeco-Organisation-ID | string Create DID for organisation by providing Organisation Id |
jobId | string Default: null |
object This input field contains an object with various options for the DID create operation, such as the network where the DID should be created. See https://identity.foundation/did-registration/#options | |
secret | object This input field contains an object with DID controller keys and other secrets needed for performing the DID create operation. See https://identity.foundation/did-registration/#secret |
object This input field contains either a complete DID document, or an incremental change (diff) to a DID document. See https://identity.foundation/did-registration/#diddocument |
{- "jobId": null,
- "options": {
- "clientSecretMode": true,
- "network": "danube",
- "keyType": "ed25519"
}, - "secret": { },
- "didDocument": {
- "id": "string",
- "@context": { },
- "alsoKnownAs": [
- "string"
], - "controller": { },
- "verificationMethod": [
- { }
], - "service": [
- { }
], - "publicKey": [
- { }
], - "authentication": [
- { }
], - "assertionMethod": [
- { }
], - "keyAgreement": [
- { }
], - "capabilityInvocation": [
- { }
], - "capabilityDelegation": [
- { }
]
}
}
{- "jobId": "string",
- "didState": {
- "action": "string",
- "state": "string",
- "did": "string",
- "signingRequest": {
- "signingRequestAttrib": {
- "kid": "string",
- "alg": "string",
- "purpose": "string",
- "payload": {
- "identifier": "string",
- "operation": {
- "dest": "string",
- "raw": "string",
- "type": "string"
}, - "protocolVersion": 0,
- "reqId": 0
}, - "serializedPayload": "string"
}, - "signingRequestNym": {
- "kid": "string",
- "alg": "string",
- "purpose": "string",
- "payload": {
- "identifier": "string",
- "operation": {
- "dest": "string",
- "raw": "string",
- "type": "string"
}, - "protocolVersion": 0,
- "reqId": 0
}, - "serializedPayload": "string"
}
}, - "verificationMethodTemplate": [
- {
- "id": "string",
- "type": "string",
- "publicKeyJwk": {
- "kty": "string",
- "crv": "string"
}, - "purpose": [
- "string"
]
}
], - "secret": {
- "verificationMethod": [
- { }
]
}, - "didDocument": {
- "id": "string",
- "@context": { },
- "alsoKnownAs": [
- "string"
], - "controller": { },
- "verificationMethod": [
- { }
], - "service": [
- { }
], - "publicKey": [
- { }
], - "authentication": [
- { }
], - "assertionMethod": [
- { }
], - "keyAgreement": [
- { }
], - "capabilityInvocation": [
- { }
], - "capabilityDelegation": [
- { }
]
}
}, - "didRegistrationMetadata": {
- "duration": 0,
- "method": "string"
}, - "didDocumentMetadata": {
- "network": "string",
- "poolVersion": 0,
- "submitterDid": "string",
- "ledgerResult": {
- "op": "string",
- "result": {
- "txnMetadata": {
- "seqNo": 0,
- "txnTime": 0,
- "txnId": "string"
}, - "ver": "string",
- "auditPath": [
- "string"
], - "txn": {
- "metadata": {
- "from": "string",
- "payloadDigest": "string",
- "digest": "string",
- "reqId": 0
}, - "type": "string",
- "protocolVersion": 0,
- "data": {
- "dest": "string",
- "verkey": "string",
- "raw": "string"
}
}, - "rootHash": "string",
- "reqSignature": {
- "values": [
- {
- "from": "string",
- "value": "string"
}
], - "type": "string"
}
}
}
}
}
This endpoint deactivates a DID. As input it takes the existing DID, plus optional DID registration options and secrets needed to deactivate a DID. The output is a state object that represents the current state of the DID deactivation process.
See the DID Deactivate Guide for detail usage of this endpoint.
method required | string Examples:
The DID Method to create. |
Meeco-Organisation-ID | string Deactivate organisation DID by providing Organisation Id |
jobId | string Default: null |
did required | string |
object This input field contains an object with various options for the DID create operation, such as the network where the DID should be created. See https://identity.foundation/did-registration/#options | |
secret | object This input field contains an object with DID controller keys and other secrets needed for performing the DID create operation. See https://identity.foundation/did-registration/#secret |
object This input field contains either a complete DID document, or an incremental change (diff) to a DID document. See https://identity.foundation/did-registration/#diddocument |
{- "jobId": null,
- "did": "string",
- "options": {
- "clientSecretMode": true,
- "network": "danube",
- "keyType": "ed25519"
}, - "secret": { },
- "didDocument": {
- "id": "string",
- "@context": { },
- "alsoKnownAs": [
- "string"
], - "controller": { },
- "verificationMethod": [
- { }
], - "service": [
- { }
], - "publicKey": [
- { }
], - "authentication": [
- { }
], - "assertionMethod": [
- { }
], - "keyAgreement": [
- { }
], - "capabilityInvocation": [
- { }
], - "capabilityDelegation": [
- { }
]
}
}
{- "jobId": "string",
- "didState": {
- "action": "string",
- "state": "string",
- "did": "string",
- "signingRequest": {
- "signingRequestAttrib": {
- "kid": "string",
- "alg": "string",
- "purpose": "string",
- "payload": {
- "identifier": "string",
- "operation": {
- "dest": "string",
- "raw": "string",
- "type": "string"
}, - "protocolVersion": 0,
- "reqId": 0
}, - "serializedPayload": "string"
}, - "signingRequestNym": {
- "kid": "string",
- "alg": "string",
- "purpose": "string",
- "payload": {
- "identifier": "string",
- "operation": {
- "dest": "string",
- "raw": "string",
- "type": "string"
}, - "protocolVersion": 0,
- "reqId": 0
}, - "serializedPayload": "string"
}
}, - "verificationMethodTemplate": [
- {
- "id": "string",
- "type": "string",
- "publicKeyJwk": {
- "kty": "string",
- "crv": "string"
}, - "purpose": [
- "string"
]
}
], - "secret": {
- "verificationMethod": [
- { }
]
}, - "didDocument": {
- "id": "string",
- "@context": { },
- "alsoKnownAs": [
- "string"
], - "controller": { },
- "verificationMethod": [
- { }
], - "service": [
- { }
], - "publicKey": [
- { }
], - "authentication": [
- { }
], - "assertionMethod": [
- { }
], - "keyAgreement": [
- { }
], - "capabilityInvocation": [
- { }
], - "capabilityDelegation": [
- { }
]
}
}, - "didRegistrationMetadata": {
- "duration": 0,
- "method": "string"
}, - "didDocumentMetadata": {
- "network": "string",
- "poolVersion": 0,
- "submitterDid": "string",
- "ledgerResult": {
- "op": "string",
- "result": {
- "txnMetadata": {
- "seqNo": 0,
- "txnTime": 0,
- "txnId": "string"
}, - "ver": "string",
- "auditPath": [
- "string"
], - "txn": {
- "metadata": {
- "from": "string",
- "payloadDigest": "string",
- "digest": "string",
- "reqId": 0
}, - "type": "string",
- "protocolVersion": 0,
- "data": {
- "dest": "string",
- "verkey": "string",
- "raw": "string"
}
}, - "rootHash": "string",
- "reqSignature": {
- "values": [
- {
- "from": "string",
- "value": "string"
}
], - "type": "string"
}
}
}
}
}
This endpoint updates a DID. As input it takes the existing DID, a DID document, plus optional DID registration options and secrets needed to update a DID. The output is a state object that represents the current state of the DID update process.
See the DID Update Guide for detail usage of this endpoint.
method required | string Examples:
The DID Method to create. |
Meeco-Organisation-ID | string Update organisation DID by providing Organisation Id |
jobId | string Default: null |
did required | string |
didDocumentOperation required | Array of strings |
object This input field contains an object with various options for the DID create operation, such as the network where the DID should be created. See https://identity.foundation/did-registration/#options | |
secret | object This input field contains an object with DID controller keys and other secrets needed for performing the DID create operation. See https://identity.foundation/did-registration/#secret |
object This input field contains either a complete DID document, or an incremental change (diff) to a DID document. See https://identity.foundation/did-registration/#diddocument |
{- "jobId": null,
- "did": "string",
- "didDocumentOperation": [
- "string"
], - "options": {
- "clientSecretMode": true,
- "network": "danube",
- "keyType": "ed25519"
}, - "secret": { },
- "didDocument": {
- "id": "string",
- "@context": { },
- "alsoKnownAs": [
- "string"
], - "controller": { },
- "verificationMethod": [
- { }
], - "service": [
- { }
], - "publicKey": [
- { }
], - "authentication": [
- { }
], - "assertionMethod": [
- { }
], - "keyAgreement": [
- { }
], - "capabilityInvocation": [
- { }
], - "capabilityDelegation": [
- { }
]
}
}
{- "jobId": "string",
- "didState": {
- "action": "string",
- "state": "string",
- "did": "string",
- "signingRequest": {
- "signingRequestAttrib": {
- "kid": "string",
- "alg": "string",
- "purpose": "string",
- "payload": {
- "identifier": "string",
- "operation": {
- "dest": "string",
- "raw": "string",
- "type": "string"
}, - "protocolVersion": 0,
- "reqId": 0
}, - "serializedPayload": "string"
}, - "signingRequestNym": {
- "kid": "string",
- "alg": "string",
- "purpose": "string",
- "payload": {
- "identifier": "string",
- "operation": {
- "dest": "string",
- "raw": "string",
- "type": "string"
}, - "protocolVersion": 0,
- "reqId": 0
}, - "serializedPayload": "string"
}
}, - "verificationMethodTemplate": [
- {
- "id": "string",
- "type": "string",
- "publicKeyJwk": {
- "kty": "string",
- "crv": "string"
}, - "purpose": [
- "string"
]
}
], - "secret": {
- "verificationMethod": [
- { }
]
}, - "didDocument": {
- "id": "string",
- "@context": { },
- "alsoKnownAs": [
- "string"
], - "controller": { },
- "verificationMethod": [
- { }
], - "service": [
- { }
], - "publicKey": [
- { }
], - "authentication": [
- { }
], - "assertionMethod": [
- { }
], - "keyAgreement": [
- { }
], - "capabilityInvocation": [
- { }
], - "capabilityDelegation": [
- { }
]
}
}, - "didRegistrationMetadata": {
- "duration": 0,
- "method": "string"
}, - "didDocumentMetadata": {
- "network": "string",
- "poolVersion": 0,
- "submitterDid": "string",
- "ledgerResult": {
- "op": "string",
- "result": {
- "txnMetadata": {
- "seqNo": 0,
- "txnTime": 0,
- "txnId": "string"
}, - "ver": "string",
- "auditPath": [
- "string"
], - "txn": {
- "metadata": {
- "from": "string",
- "payloadDigest": "string",
- "digest": "string",
- "reqId": 0
}, - "type": "string",
- "protocolVersion": 0,
- "data": {
- "dest": "string",
- "verkey": "string",
- "raw": "string"
}
}, - "rootHash": "string",
- "reqSignature": {
- "values": [
- {
- "from": "string",
- "value": "string"
}
], - "type": "string"
}
}
}
}
}
This endpoint resolves a DID. As input it takes the DID, plus DID resolution options. The output is a DID document in one of the supported representations, plus metadata. The same endpoint can also be used to dereference a DID URL. In this case, the output is a DID document, or part of a DID document, or some other resource identified by the DID URL.
See the DID Resolution specification for additional details.
identifier required | string Examples:
The DID to be resolved, or the DID URL to be dereferenced. |
accept | string The requested media type of the DID document representation or DID resolution result. See https://www.w3.org/TR/did-core/#representations and https://w3c-ccg.github.io/did-resolution/#did-resolution-result.
|
{- "@context": { },
- "didResolutionMetadata": {
- "pattern": "string",
- "driverUrl": "string",
- "duration": 0,
- "did": {
- "didString": "string",
- "methodSpecificId": "string",
- "method": "string"
}, - "contentType": "string",
- "error": "string",
- "didUrl": {
- "path": "string",
- "fragment": "string",
- "query": "string",
- "didUrlString": "string",
- "parameters": "string",
- "did": {
- "didString": "string",
- "methodSpecificId": "string",
- "method": "string"
}
}
}, - "didDocument": {
- "id": "string",
- "@context": { },
- "alsoKnownAs": [
- "string"
], - "controller": { },
- "verificationMethod": [
- { }
], - "service": [
- { }
], - "publicKey": [
- { }
], - "authentication": [
- { }
], - "assertionMethod": [
- { }
], - "keyAgreement": [
- { }
], - "capabilityInvocation": [
- { }
], - "capabilityDelegation": [
- { }
]
}, - "didDocumentMetadata": {
- "created": "string",
- "updated": "string",
- "deactivated": true,
- "versionId": "string",
- "nextUpdate": "string",
- "nextVersionId": "string",
- "equivalentId": "string",
- "canonicalId": "string"
}
}
Retrieves activities for the current user. The results are sorted in reverse chronological order (ie most recent first) and paginated, with both items per page and the page to display being parameterized (passed in query string).
next_page_after | string cursor to get the next page |
per_page | integer override the number of records per page - default 200 |
Meeco-Delegation-Id | string
|
Meeco-Organisation-Id | string This header is required for ATOM-based delegation.
ATOM-based delegation enables administrators of an organisation to perform actions
on behalf of an organisation.
If this header is present, header |
{- "next_page_after": "string",
- "activities": [
- {
- "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
- "timestamp": "2019-08-24T14:15:22Z",
- "event_type": "string",
- "item_id": "4d8cd62e-a579-4dae-af8c-3172f96f8f7c",
- "item_label": "string",
- "slot_id": "d523579d-6c79-4c6c-b245-75caa273f86e",
- "slot_label": "bb26a346-ccda-4273-99b3-0f076c379d64",
- "share_id": "853fa54b-9753-4ffb-b7d0-6739f9ae0f8e",
- "connection_id": "d3547de1-d1f2-4344-b4c2-17169b7526f9",
- "invitation_id": "a6e6785a-3ea9-406c-b873-17eaf2ed5fc9",
- "user_id": "a169451c-8525-4352-b8ca-070dd449a1a5",
- "encrypted_user_name": "string",
- "attachment_id": "4c76e620-6daa-46e6-9da1-9ac96abab601",
- "attachment_label": "string"
}
], - "meta": {
- "order_by": "string",
- "order": "string",
- "order_from_params": true,
- "per_page": 0,
- "per_page_from_params": true,
- "current_cursor": "string",
- "records_count": 0,
- "page": 0,
- "page_count": 0
}
}
Retrieves events for the current user. The results are sorted in reverse chronological order (ie most recent first) and paginated, with both items per page and the page to display being parameterized (passed in query string).
next_page_after | string cursor to get the next page |
per_page | integer override the number of records per page - default 200 |
Meeco-Delegation-Id | string
|
Meeco-Organisation-Id | string This header is required for ATOM-based delegation.
ATOM-based delegation enables administrators of an organisation to perform actions
on behalf of an organisation.
If this header is present, header |
{- "next_page_after": "string",
- "events": [
- { }
], - "meta": {
- "order_by": "string",
- "order": "string",
- "order_from_params": true,
- "per_page": 0,
- "per_page_from_params": true,
- "current_cursor": "string",
- "records_count": 0,
- "page": 0,
- "page_count": 0
}
}
Create a signed upload URL for one of the supported file storages. This endpoint is the first step in creating a file.
Just like most ATOM endpoints, this endpoint requires a valid user (that is, an IDP JWT) and some security rights. The security rights are those which might require to attach files to entities like organisations, tenants, and so on. Any of the following security rights grants a permission to create an upload URL
atom:global:create_tenant
atom:global:create_org
atom:global:create_tenant_agent
atom:tenant:create_org
atom:tenant:create_agent
atom:org:create_agent
atom:tenant:create_tenant_agent
vc:tenant:manage
vc:org:manage
ATOM generates a random key under which a file will be registered, and creates a record in the database where the key is stored along with the filename and the content type. A client is then expected to use a signed URL present in response field upload_url
to upload a file to a cloud file storage. This URL is only valid for a short period of time specified in response field upload_url_expires_in_seconds
.
Uploading is done via HTTP method PUT
. The response of this endpoint contains a list of headers which much be included in
the PUT
request.
The following is an example curl command to upload a file:
curl --location --request PUT \
'https://meecodevstorage0.blob.core.windows.net/dev/66c35456-eb64-42fb-a31a-806530786fe2?se=2023-01-23T08%3A49%3A29Z&sig=mzuonk01F8L%2F0q7avsMvvenk2NwLFVXYsyWJeu5Jdgc%3D&sp=rw&sr=b&sv=2018-11-09' \
--header 'x-ms-blob-type: BlockBlob' \
--data-binary '@/home/john/file.jpg'
After the file is uploaded to Azure Blob Storage, the client is supposed to confirm this upload calling PUT /blobs/{key}
.
The response to POST /blobs
also contains a URL to retrieve the file, but that functionality is only available after the upload has been confirmed, otherwise it will result in 404 NotFound
.
All expired and not confirmed records created with this endpoint will be removed after a while.
storage_name required | string Name of the file storage. This parameter so optional, if no name is specified, the default file storage is used |
File name and content type
content_type | string content type of the file to be uploaded |
filename required | string name of the file to be uploaded |
{- "content_type": "image/jpeg",
- "filename": "logo.jpg"
}
{- "blob": {
- "content_type": "string",
- "filename": "string",
- "key": "string",
- "storage_backend_name": "string",
- "storage_backend_type": "string",
- "upload_headers": { },
- "upload_url_expires_in_seconds": 0,
- "uploaded": true
}
}
Redirect to a file in a cloud file storage.
This endpoint is public and it only requires the file key in the URL.
The Content Disposition
header in the response is hardcoded to be inline
for now, but it can be made a parameter to this endpoint in future if needed. The filename and the content type included in Content Disposition
are taken from the database record created in POST /blobs
."
id required | string Blob key |
{- "error": "unauthorized",
- "extra_info": {
- "reason": "invalid_jwt"
}, - "http_code": 401,
- "message": null
}
Confirm a blob upload.
After a client retrieves an uploads URL via POST /blobs
and uploads a file to that URL, a client is expected to inform ATOM that the upload is successful. The file is not accessible unless the upload is confirmed.
This call may only be performed by the same user who retrieved the upload URL.
The response to the endpoint contains one more upload URL. A client can use it to upload a newer version of the file under the same key. No confirmation is required in this case.
See documentation for POST /blobs
for more information.
id required | string Blob key |
{- "blob": {
- "content_type": "string",
- "filename": "string",
- "key": "string",
- "storage_backend_name": "string",
- "storage_backend_type": "string",
- "upload_headers": { },
- "upload_url_expires_in_seconds": 0,
- "uploaded": true
}
}
View information about the file.
This call may only be performed by the same user who retrieved the upload URL and uploaded the file.
Along with a URL to read the file the response to the endpoint contains one more upload URL. A client can use it to upload a newer version of the file under the same key. No confirmation is required in this case.
See documentation for POST /blobs
for more information.
id required | string Blob key |
{- "blob": {
- "content_type": "string",
- "filename": "string",
- "key": "string",
- "storage_backend_name": "string",
- "storage_backend_type": "string",
- "upload_headers": { },
- "upload_url_expires_in_seconds": 0,
- "uploaded": true
}
}
View public information about the file.
See documentation for POST /blobs
for more information.
id required | string Blob key |
{- "blob": {
- "content_type": "string",
- "filename": "string",
- "key": "string",
- "storage_backend_name": "string",
- "storage_backend_type": "string",
- "uploaded": true
}
}
Redirect to the logo of a tenant.
This endpoint is public and it only requires the tenant ID in the URL.
tenant_id required | string <uuid> Tenant ID |
{- "error": "unauthorized",
- "extra_info": {
- "reason": "invalid_jwt"
}, - "http_code": 401,
- "message": null
}
Read attachment folders of the user
Meeco-Delegation-Id | string
|
Meeco-Organisation-Id | string This header is required for ATOM-based delegation.
ATOM-based delegation enables administrators of an organisation to perform actions
on behalf of an organisation.
If this header is present, header |
{- "next_page_after": "string",
- "attachments_folders": [
- {
- "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
- "name": "9ffa9185-7453-4fb2-aa6a-3105a6ae83a8",
- "slots_count": 0,
- "token": "string",
- "storage": "string",
- "resource_name": "string",
- "resource_type": "string",
- "resource_urls": [
- "string"
]
}
], - "meta": {
- "order_by": "string",
- "order": "string",
- "order_from_params": true,
- "per_page": 0,
- "per_page_from_params": true,
- "current_cursor": "string",
- "records_count": 0,
- "page": 0,
- "page_count": 0
}
}
Creates an attachment folder, which represents a folder in a remote cloud file storage. An attachments folder can then be attached to a slot with type attachments_folder
Meeco-Delegation-Id | string
|
Meeco-Organisation-Id | string This header is required for ATOM-based delegation.
ATOM-based delegation enables administrators of an organisation to perform actions
on behalf of an organisation.
If this header is present, header |
{- "attachments_folder": {
- "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
- "name": "9ffa9185-7453-4fb2-aa6a-3105a6ae83a8",
- "slots_count": 0,
- "token": "string",
- "storage": "string",
- "resource_name": "string",
- "resource_type": "string",
- "resource_urls": [
- "string"
]
}
}
Delete an attachment folder if it is not attached to any slot
id required | string Attachments Folder ID |
Meeco-Delegation-Id | string
|
Meeco-Organisation-Id | string This header is required for ATOM-based delegation.
ATOM-based delegation enables administrators of an organisation to perform actions
on behalf of an organisation.
If this header is present, header |
Read an attachment folder
id required | string Attachments Folder ID |
Meeco-Delegation-Id | string
|
Meeco-Organisation-Id | string This header is required for ATOM-based delegation.
ATOM-based delegation enables administrators of an organisation to perform actions
on behalf of an organisation.
If this header is present, header |
{- "attachments_folder": {
- "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
- "name": "9ffa9185-7453-4fb2-aa6a-3105a6ae83a8",
- "slots_count": 0,
- "token": "string",
- "storage": "string",
- "resource_name": "string",
- "resource_type": "string",
- "resource_urls": [
- "string"
]
}
}
Generates a signed URL for an attachment on an external blob storage and redirects to it.
This endpoint is a single place for redirecting to external files of the following entities:
This endpoint is requires a session and verifies if the current user may access the attachment.
The URL in the redirect header is a signed URL valid for 5 minutes.
id required | string Blob ID |
d required | string A digest for the blob identified by the ID |
Meeco-Delegation-Id | string
|
Meeco-Organisation-Id | string This header is required for ATOM-based delegation.
ATOM-based delegation enables administrators of an organisation to perform actions
on behalf of an organisation.
If this header is present, header |
Generates a signed URL for a image or a thumbnail on an external blob storage and redirects to it.
This endpoint is not secured with a session token.
This endpoint is a single place for redirecting to external files of the following entities:
A client application cannot programmatically build this HTTP request, because the logic of calculating the digest parameter is internal to the vault. Instead the vault generates URLs targeting this endpoint and adds them to JSON responses of the above objects.
The URL in the redirect header is a signed URL valid for 5 minutes.
id required | string Blob ID |
d required | string A digest for the blob identified by the ID |
Meeco-Delegation-Id | string
|
Meeco-Organisation-Id | string This header is required for ATOM-based delegation.
ATOM-based delegation enables administrators of an organisation to perform actions
on behalf of an organisation.
If this header is present, header |
A ClientTask represents a task the client is supposed to perform.
Field work_type
represents a type of work, target_id
points to the input argument of the task and its semantics depends on work_type
.
Available work types are:
update_item_shares
- In an update_item_shares
task target_id
points to an item. update_item_shares
task is created when the item is updated. Clients are expected to re-encrypt encrypted values of the the shared items for all existing shares and update them.setup_key_delegation
- In an setup_key_delegation
task target_id
points to a delegation connection. setup_key_delegation
task is created when a delegation connection is created. Clients are expected to share the users key encryption key with the delegate user. This task must be manually marked as done
either via API or using convenience methods in the SDKreencrypt_account_owner_kek
- In an reencrypt_account_owner_kek
task target_id
points to a delegation connection. reencrypt_account_owner_kek
task is created when a setup_key_delegation
task is marked as complete after a key encryption key is sharedincoming_delegation_invitation
- In an incoming_delegation_invitation
task target_id
points to a delegation invitation. incoming_delegation_invitation
task is created when a new delegation invitation is createdEach ClientTask may have the following states:
todo
in_progress
done
failed
This endpoint serves client tasks ordered by created_at
in descending order. It is possible to request tasks with a different state by providing an array of states to the parameter state
.
All returned tasks with state todo
may optionally be transitioned to state in_progress
through by setting change_state=true
.
All tasks with state in_progress
are transitioned back to todo
after a timeout of 10 minutes unless the state is changed to done
or failed
.
next_page_after | string cursor to get the next page |
per_page | integer Default: 200 override the number of records per page - default 200 |
change_state | boolean transition tasks in the response to |
target_id | string search client tasks by |
state | Array of strings Items Enum: "todo" "in_progress" "done" "failed" States of tasks to return, provided as a comma separated list |
work_type | string Enum: "update_item_shares" "setup_key_delegation" Return only client tasks of a certain type. |
Meeco-Delegation-Id | string
|
Meeco-Organisation-Id | string This header is required for ATOM-based delegation.
ATOM-based delegation enables administrators of an organisation to perform actions
on behalf of an organisation.
If this header is present, header |
{- "next_page_after": "string",
- "client_tasks": [
- {
- "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
- "state": "todo",
- "work_type": "update_item_shares",
- "target_id": "string",
- "additional_options": { },
- "last_state_transition_at": "2019-08-24T14:15:22Z",
- "report": { },
- "created_at": "2019-08-24T14:15:22Z"
}
], - "meta": {
- "order_by": "string",
- "order": "string",
- "order_from_params": true,
- "per_page": 0,
- "per_page_from_params": true,
- "current_cursor": "string",
- "records_count": 0,
- "page": 0,
- "page_count": 0
}
}
Change the state of client tasks. Normally used to set tasks to done
or failed
.
Along with the states the client can pass task execution reports. A report is a JSON object. A report can be useful for failed tasks.Responds with a non-paginated list of with the same tasks.
Meeco-Delegation-Id | string
|
Meeco-Organisation-Id | string This header is required for ATOM-based delegation.
ATOM-based delegation enables administrators of an organisation to perform actions
on behalf of an organisation.
If this header is present, header |
required | Array of objects (PutSharesRequestShare) |
{- "client_tasks": [
- {
- "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
- "state": "string",
- "report": { }
}
]
}
{- "client_tasks": [
- {
- "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
- "state": "todo",
- "work_type": "update_item_shares",
- "target_id": "string",
- "additional_options": { },
- "last_state_transition_at": "2019-08-24T14:15:22Z",
- "report": { },
- "created_at": "2019-08-24T14:15:22Z"
}
]
}
Create attachment record after uploading file the and its encrypted artifacts
Meeco-Delegation-Id | string
|
Meeco-Organisation-Id | string This header is required for ATOM-based delegation.
ATOM-based delegation enables administrators of an organisation to perform actions
on behalf of an organisation.
If this header is present, header |
object (PostCreateAttachmentBlobRequest) |
{- "blob": {
- "blob_id": 0,
- "blob_key": "string",
- "encrypted_artifact_blob_id": 0,
- "encrypted_artifact_blob_key": "string"
}
}
{- "attachment": {
- "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
- "bytesize": "string",
- "bytesize_checked_at": "string",
- "created_at": "2019-08-24T14:15:22Z",
- "main": {
- "filename": "string",
- "content_type": "string",
- "bytesize": 0,
- "url": "string"
}, - "encryption_artifact": {
- "filename": "string",
- "content_type": "string",
- "bytesize": 0,
- "url": "string"
}
}
}
Retrieve a signed URL which allows a file upload from a client directly to the cloud storage
Meeco-Delegation-Id | string
|
Meeco-Organisation-Id | string This header is required for ATOM-based delegation.
ATOM-based delegation enables administrators of an organisation to perform actions
on behalf of an organisation.
If this header is present, header |
object (PostAttachmentDirectUploadUrlBlobRequest) |
{- "blob": {
- "filename": "string",
- "content_type": "string",
- "byte_size": 0
}
}
{- "attachment_direct_upload_url": {
- "blob_id": 0,
- "blob_key": "string",
- "url": "string"
}
}
Delete attachment record by id
id required | string Attachment ID |
Meeco-Delegation-Id | string
|
Meeco-Organisation-Id | string This header is required for ATOM-based delegation.
ATOM-based delegation enables administrators of an organisation to perform actions
on behalf of an organisation.
If this header is present, header |
{- "errors": [
- {
- "error": "string",
- "http_code": 0,
- "message": "string",
- "requested_language": "string",
- "message_in_requested_language": true,
- "extra_info": { }
}
]
}
Retrieve a file attachment information and the two download URLs. One file attachment record contains 2 files:
The response contain 2 URLs to download these 2 files.
This endpoint may be used by
id required | string Attachment ID |
Meeco-Delegation-Id | string
|
Meeco-Organisation-Id | string This header is required for ATOM-based delegation.
ATOM-based delegation enables administrators of an organisation to perform actions
on behalf of an organisation.
If this header is present, header |
{- "attachment": {
- "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
- "bytesize": "string",
- "bytesize_checked_at": "string",
- "created_at": "2019-08-24T14:15:22Z",
- "main": {
- "filename": "string",
- "content_type": "string",
- "bytesize": 0,
- "url": "string"
}, - "encryption_artifact": {
- "filename": "string",
- "content_type": "string",
- "bytesize": 0,
- "url": "string"
}
}
}
id required | string Image ID |
Meeco-Delegation-Id | string
|
Meeco-Organisation-Id | string This header is required for ATOM-based delegation.
ATOM-based delegation enables administrators of an organisation to perform actions
on behalf of an organisation.
If this header is present, header |
Fetch public and current_user item templates
by_classification[scheme] | string |
by_classification[name] | string |
like | string search by item_template label term |
next_page_after | string cursor to get the next page |
per_page | integer override the number of records per page - default 200 |
Meeco-Delegation-Id | string
|
Meeco-Organisation-Id | string This header is required for ATOM-based delegation.
ATOM-based delegation enables administrators of an organisation to perform actions
on behalf of an organisation.
If this header is present, header |
{- "next_page_after": "string",
- "attachments": [
- {
- "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
- "content_type": "string",
- "filename": "string",
- "user_id": "a169451c-8525-4352-b8ca-070dd449a1a5",
- "created_at": "2019-08-24T14:15:22Z",
- "has_error": true,
- "file_digest": "string",
- "is_direct_upload": true
}
], - "thumbnails": [
- {
- "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
- "attachment_id": "4c76e620-6daa-46e6-9da1-9ac96abab601",
- "binary_id": "6c9bd5e9-dbd3-4b3b-a5d0-469b2f5404b8",
- "size_type": "string",
- "created_at": "2019-08-24T14:15:22Z",
}
], - "classification_nodes": [
- {
- "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
- "own": true,
- "name": "string",
- "label": "string",
- "description": "string",
- "ordinal": 0,
- "background_color": "string",
- "scheme": "string",
- "classifications_count": 0
}
], - "slots": [
- {
- "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
- "own": true,
- "share_id": "853fa54b-9753-4ffb-b7d0-6739f9ae0f8e",
- "name": "string",
- "description": "string",
- "ordinal": 0,
- "visible": true,
- "classification_node_ids": [
- "497f6eca-6276-4993-bfeb-53cbbbba6f08"
], - "attachment_id": "4c76e620-6daa-46e6-9da1-9ac96abab601",
- "attachments_folder_id": "15079412-d3ca-4b00-9221-77d7e2f014db",
- "item_id": "4d8cd62e-a579-4dae-af8c-3172f96f8f7c",
- "required": true,
- "updated_at": "2019-08-24T14:15:22Z",
- "created_at": "2019-08-24T14:15:22Z",
- "slot_type_name": "key_value",
- "creator": "string",
- "encrypted_value": "string",
- "encrypted_value_verification_key": "string",
- "value_verification_hash": "string",
- "label": "string",
- "original_id": "07763432-970b-469a-8331-502f7974f8e9",
- "owner_id": "8826ee2e-7933-4665-aef2-2393f84a0d05"
}
], - "item_templates": [
- {
- "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
- "name": "string",
- "description": "string",
- "ordinal": 0,
- "visible": true,
- "user_id": "a169451c-8525-4352-b8ca-070dd449a1a5",
- "updated_at": "2019-08-24T14:15:22Z",
- "classification_node_ids": [
- "497f6eca-6276-4993-bfeb-53cbbbba6f08"
], - "slot_ids": [
- "497f6eca-6276-4993-bfeb-53cbbbba6f08"
], - "label": "string",
- "background_color": "string",
- "items_count": 0
}
], - "meta": {
- "order_by": "string",
- "order": "string",
- "order_from_params": true,
- "per_page": 0,
- "per_page_from_params": true,
- "current_cursor": "string",
- "records_count": 0,
- "page": 0,
- "page_count": 0
}
}
Meeco-Delegation-Id | string
|
Meeco-Organisation-Id | string This header is required for ATOM-based delegation.
ATOM-based delegation enables administrators of an organisation to perform actions
on behalf of an organisation.
If this header is present, header |
name | string |
label | string |
description | string |
image_id | string |
classification_scheme_name | string |
classification_node_name | string |
Array of objects (PostItemTemplateRequestSlotAttributes) |
{- "name": "string",
- "label": "string",
- "description": "string",
- "image_id": "string",
- "classification_scheme_name": "string",
- "classification_node_name": "string",
- "slots_attributes": [