/config/{appId}/clients

Returns information about all the API clients associated with an application; in addition, the POST method enables you to create a new API client. API clients make authenticated requests against the Identity Cloud REST APIs, and clients with the login_client feature set help authenticate and register users.

This endpoint includes the following methods:

GET
POST

GET

Returns permission and metadata information for all your API clients, including:

_self. Configuration endpoint for the API client. For example, suppose your configuration domain is https://v1.api.us.janrain.com/and the _self value for a client is /config/htb8fuhxnf8e38jrzub3c7pfrr/clients/xj2dmg2mqsm6a8gx89cwn3fu929p4pd. Combining those two values gives you the configuration endpoint for managing that client (adding/modifying property values, deleting the client, etc.):

https://v1.api.us.janrain.com/config/htb8fuhxnf8e38jrzub3c7pfrr/clients/xj2dmg2mqsm6a8gx89cwn3fu929p4pdm
_id.The API client ID.
_secret. The API client secret (i.e., client password). Client secrets should never be publicly exposed.
_settings. Configuration endpoint for the API client's settings,
name. Name (and description) of the API client.
ipWhitelist. Collection of IP addresses allowed to interact with the client; for example, the address 192.168.1.0/24 allows access to IP addresses 192.168.10 through 192.168.1.255. The default value is 0.0.0.0/0, which allows access to all IP addresses.
features. Client features sets associated with this API client. Clients can be associated with more than one feature set.

Your API call must have the owner client permission in order to return all client data.

URI Parameters

Parameter Type Required Description

has_feature

string

Parameter	Type	Required	Description
has_feature	string		Enables you to return only those API clients who have the specified feature sets. Each filter set that you want to filter on is passed in a has_feature parameter; for example, this syntax returns only API clients that have the login_client feature set: `has_feature=login_client` This syntax returns all the API clients that have both the direct_access and the access_issuer feature sets: `has_feature=direct_access&has_feature=access_issuer`

Enables you to return only those API clients who have the specified feature sets. Each filter set that you want to filter on is passed in a has_feature parameter; for example, this syntax returns only API clients that have the login_client feature set:


has_feature=login_client

This syntax returns all the API clients that have both the direct_access and the access_issuer feature sets:


has_feature=direct_access&has_feature=access_issuer

Authentication

This endpoint supports Basic authentication. \

How to Create an Authentication String

Base URL

The base URL for this endpoint is your Configuration API domain followed by /config/ followed by your application ID. For example, if you are in the US region and your application ID is htb8fuhxnf8e38jrzub3c7pfrr, then your base URL would be:


https://v1.api.us.janrain.com/config/htb8fuhxnf8e38jrzub3c7pfrr

Allowed regions are:

Sample Request URL

In the following URL, replace htb8fuhxnf8e38jrzub3c7pfrrwith your application ID:


https://v1.api.us.janrain.com/config/htb8fuhxnf8e38jrzub3c7pfrr/clients

Sample Request (curl)

This command returns information about all the API clients associated with the application htb8fuhxnf8e38jrzub3c7pfrr.


curl -X GET \
  -H 'Authorization: Basic c2dueXZ1czZwYzRqbTdraHIybmVxNWdzODlnYnIyZXE6d3Q0YzN1bjl3a2tjZnZ5a25xeDQ0eW5jNDc2YWZzNjg' \
  https://v1.api.us.janrain.com/config/htb8fuhxnf8e38jrzub3c7pfrr/clients

Running this command in Postman

Responses

200 OK

If your call to this endpoint succeeds, you'll get back information for each of the API clients associated with the specified application:


[
    {
       "_id": "ay6e3qmucvdyr29hmpvxjdjupe8bcsky",
       "_secret": "9956y4tv342e76nj9zub511ufbned98j",
       "_self": "/config/73jzx34tnr5ruhsze494ssgz2b/clients/ay6e3qmucvdyr29hmpvxjdjupe8bcsky",
       "_settings": "/config/73jzx34tnr5ruhsze494ssgz2b/clients/ay6e3qmucvdyr29hmpvxjdjupe8bcsky/settings",
       "features": [
           "owner"
       ],
       "ipWhitelist": [
           "0.0.0.0/0"
       ],
       "name": "this is a test client"
    },
    {
       "_id": "ed7absqep5rffbmqx89c9mwexqvbnfnk",
       "_secret": "hdyebsdtvj5ujjkijk7tfrf968q63ysk9",
       "_self": "/config/73jzx34tnr5ruhsze494ssgz2b/clients/ed7absqep5rffbmqx89c9mwexqvbnfnk",
       "_settings": "/config/73jzx34tnr5ruhsze494ssgz2b/clients/ed7absqep5rffbmqx89c9mwexqvbnfnk/settings",
       "features": [
           "login_client"
       ],
       "ipWhitelist": [
           "0.0.0.0/0"
       ],
       "name": "Default Login Client"
    },
    {
       "_id": "nhjsdtjwvaytevc2w5sx42skggvjn7bu",
       "_secret": "99ijf7ree8vcgrdq3qpppo3cddykjhs",
       "_self": "/config/73jzx34tnr5ruhsze494ssgz2b/clients/nhjsdtjwvaytevc2w5sx42skggvjn7bu",
       "_settings": "/config/73jzx34tnr5ruhsze494ssgz2b/clients/nhjsdtjwvaytevc2w5sx42skggvjn7bu/settings",
       "features": [
           "login_client"
       ],
       "ipWhitelist": [
           "0.0.0.0/0"
        ],
       "name": "This is a client description"
    }
]

Error Codes

The following table includes information about some of the error codes that you could encounter when calling this endpoint.

Error Code	Description
401/403	Error Message: Authentication required. You either failed to provide credentials or provided invalid credentials. This endpoint requires Basic authentication.
404	Error Message: Client ID not found. You did not provide a valid client ID.

Error Code

Description

401/403

Error Message: Authentication required.

You either failed to provide credentials or provided invalid credentials. This endpoint requires Basic authentication.

404

Error Message: Client ID not found.

You did not provide a valid client ID.

If you encounter an error when calling this endpoint, that error message will look similar to this:


{
    "errors": "client_id 2mr44db437h9vqddb6ubje7zqwv88n26 not found."
}

POST

Description

Creates a new API client.

To create a new API client, you must specify the client properties in the request body of your API call. Those client properties include:

name. The name is the only required property, and the name you give the new client must be unique across the application. If you already have a client named Test Client, your API call will fail if you try to create another client with the name Test Client.
ipWhitelist. JSON array of Classless Inter-Domain Routing IP addresses; only the addresses included on the whitelist will be able to interact with the new client. If you do not include the ipWhitelist property then the value will automatically be set to 0.0.0.0/0, which allows any IP address to interact with the client.
features. Specifies the client feature (or features) associated with the new API client. Available features include:
- access_issuer. Issues access tokens scoped for use with all API clients.
- direct_access. Has read/write access to all user records.
- direct_read_access. Has read-only access to all user records.
- login_client. Has read/write access to the user record for the current user. This client is typically used for login and registration. API clients that have the login_client feature cannot be associated with any other feature (i.e., a client cannot have the login_client feature and, say, the direct_access feature).
- metadata. API calls made with this feature do not modify the lastUpdated attribute when making changes to a user profile; for example, your API call might update the user's displayName or familyName but will not change the lastUpdated attribute. This feature can only be assigned by Akamai: if you try assigning the metadata feature in your API call, that call will fail.
- owner. Has full administrative access to the application.

You do not have to assign a feature set when you create a new client. However, that client will not have permission to do anything until it has been assigned a feature set.

Both the ipWhitelist and features properties must be passed as JSON arrays. In a JSON array, individual values are enclosed in double quote marks and separated by using commas. In addition, the entire set of values is surrounded by square brackets:


["access_issuer", "direct_access"]

Your API call must have the owner permission in order to create a new client.

Authentication

This endpoint supports Basic authentication.

How to Create an Authentication String

Base URL


https://v1.api.us.janrain.com/config/htb8fuhxnf8e38jrzub3c7pfrr

Allowed regions are:

Sample Request URL

In the following URL, replace htb8fuhxnf8e38jrzub3c7pfrr with your application ID:


https://v1.api.us.janrain.com/config/htb8fuhxnf8e38jrzub3c7pfrr/clients

Sample Request (curl)

This command creates a new API client named Documentation Client. The client can be accessed from any IP address (by setting the ipWhitelist to 0.0.0.0/0), and is assigned the login_client feature.


curl -X POST \
  https://v1.api.us.janrain.com/config/htb8fuhxnf8e38jrzub3c7pfrr/clients \
  -H 'Authorization: Basic c2dueXZ1czZwYzRqbTdraHIybmVxNWdzODlnYnIyZXE6d3Q0YzN1bjl3a2tjZnZ5a25xeDQ0eW5jNDc2YWZzNjg' \
  -H 'Content-Type: application/json' \
  -d '{    
    "name": "Documentation Client", 
   "ipWhitelist": ["0.0.0.0/0"], 
   "features": ["login_client"] 
  }'

Running this command in Postman

Responses

201 Created

If your API call succeeds, you'll see the response code 201 Created as well as property values for the new API client:


{
    "_self": "/config/73jzx34tnr5ruhsze494ssgz2b/clients/3bchk5hsx6v58dkn288nbybmxfyk32u7",
    "name": "Documentation Client",
    "_settings": "/config/73jzx34tnr5ruhsze494ssgz2b/clients/3bchk5hsx6v58dkn288nbybmxfyk32u7/settings",
   "ipWhitelist": [
        "0.0.0.0/0"
    ],
    "_secret": "55324vxdz3n35hjui77hh2qpoe6dbgs",
    "_id": "3bchk5hsx6v58dkn288nbybmxfyk32u7",
    "features": [
       "login_client"
    ]
}

Error Codes

The following table includes information about some of the error codes that you could encounter when calling this endpoint.

Error Code	Description
400	Error Message: The metadata feature can only be applied to a client by Akamai. Remove "metadata" from the list of client features and try the API call again.
400	Error Message: Clients with the login_client feature cannot have any other features. Remove all the features except login_client from the API call and try again.
400	Error Message: Missing data for required field. Typically, this means that you forgot to specify the client name.
400	Error Message: Not a valid string. Typically, this means that you did not provide a properly-formatted name. For example, you might have included a special character within the name.
409	Error Message: API client <name supplied> already exists. Client names must be unique within an application.
400	Error Message: Not a valid CIDR address. One or more of the IP addresses on the IP whitelist has been incorrectly formatted.
400	Error Message: Not a valid feature name.
401/403	Error Message: Authentication required. You either failed to provide credentials or you provided invalid credentials. This endpoint requires Basic authentication.
404	Error Message: Application ID not found. You did not provide a valid client application ID.

If you encounter an error when calling this endpoint that error message will look similar to this:


{
   "errors": "Authentication required."
}

How to Create an Authentication String

To create an authentication string, combine your API client ID, a colon (:), and your client secret into a single value. For example, if your client ID is abcdefg and your client secret is hijklmnop, that value would look like this:

abcdefg:hijklmnop

Next, take the string and base64 encode it. For example, on a Mac, you can base encode the string using this command:

echo -n "abcdefg:hijklmnop" | base64

If you’re running Microsoft Windows, you can encode the string by using a Windows PowerShell command similar to this:

[Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes("abcdefg:hijklmn"))

The resulting value (e.g., YWJjZGVmZzpoaWprbG1ub3A=) should be used in your authentication header.

If you are making API calls using Postman, select Basic Auth as your identification type, then use the client ID as the username and the client secret as the password.

Before you actually try your authentication string, make sure that your API client has the all the permissions (for example, the right to read user profile information) needed to complete the API call.

GET

POST

Running this Command in Postman

How to Create an Authentication String