Modify API Client Features

Last Modified on 08/16/2021 7:27 am PDT

Endpoint URL: {registrationDomain} /clients/set_features



Description

Overwrites the existing set of features assigned to an API client (features help determine the API permissionsavailable to API clients). This endpoint can only be called by the by an owner client. However, an owner client cannot remove the owner feature from itself. 

Note. You may assign more that one owner client.


Respects the API Client Allow List: Yes


API Client Permissions

The following table indicates the API clients that can (and the API clients that can't) be used to call this endpoint:

owner
access_issuer
direct_access
direct_read_access
login_client
Yes
No
No
No
No


Authentication

This endpoint supports Basic authentication. 

How to Create an Authentication String


Base URL

The base URL for this endpoint is your Identity Cloud Capture domain; for example:

https://educationcenter.us-dev.janraincapture.com

Your Capture domains (also known as Registration domains) can be found in the Console on the Manage Application page:

Examples

Example Request

This command assigns the API client 67890fghij67890fghij the direct_access feature. This feature gives the client read/write access to user records.


curl -X POST \
  -H "Authorization: Basic c2dueXZ1czZwYzRqbTdraHIybmVxNWdzODlnYnIyZXE6d3Q0YzN1bjl3a2tjZnZ5a25xeDQ0eW5jNDc2YWZzNjg="\
  --data-urlencode for_client_id=67890fghij67890fghij \
  --data-urlencode features='["direct_access"]'\
  https://my-app.janraincapture.com/clients/set_features

      Running this command in Postman


Query Parameters

ParameterTypeRequiredDescription
for_client_idstring
Client ID for the client being modified. If this parameter is not present, feature sets are updated on the owner client.
 
featuresstringYesJSON array of features being assigned to the client. Allowed values are:
  • owner. Complete admin access.
  • access_issuer. Can issue access tokens for other clients.
  • direct_read_access. Has read access to all records.
  • direct_access. Has read and write access to all records.
  • login_client. Creates a read-only client for logging users into your website or application. This prevents malicious users from gaining access to your owner client ID. See API Clients and Permissions for more details.
Note. Clients with the direct_read_access and direct_access features are still subject to the access schemas. For example, if a client has a write access schema defined, the client can write to the "newsletterSubscription" attribute only if it exists in the access schema and the client has the direct_access feature. The direct_access feature implies the direct_read_access feature. Note, however, that access schemas only apply to API-based implementations of the Identity Cloud. If you are using a JavaScript SDK-based implementation then access to forms ands fields is managed by the flow.


Responses

200 OK

Example Error Response


{
  "argument_name": "features",
  "request_id": "at86pruhzayqxapr",
  "code": 200,
  "error_description": "features was not valid for the following reason:
    ninja_superuser is not a valid feature name",
  "error": "invalid_argument",
  "stat": "error"
}

Response Example (application/json)


{
  "stat": "ok"
}

Rate this Article

How would you rate this article?
Thank you for your feedback!
Copyright © 2015 – 2016 Your Company, LLC. All rights reserved.