Adminapp REST API

Access Control

The Adminapp REST API is accessible only to authenticated admin users with the appropriate rights.

  • The configuration separates authentication of the REST client from functional authorization:
  • Authentication: see Adminapp >> REST API Configuration >> Request Authentication
  • See Authentication of REST requests for more information about request authentication.

  • Functional authorization: see Adminapp >> Access Control
63981839.png

Functional Access Control

Property Adminapp >> Access Control defines the authorization of an authenticated REST client in the Adminapp REST API.

The default access control plugin Role-based Access Control controls access to a large set of actions. Refer to the plugin documentation in the Config Editor for further details.

Service list

Supported services (see ADMIN-REST-API-REFERENCE for technical details) are:

Service

Description

Configuration Path in Config Editor

User Management

Comprehensive user management services (add, delete, modify, list, search, etc.).

Get login statistics, lock/unlock user accounts, set validity range, etc.

Adminapp >> Users

Password and Authentication Token Management

Management of users' authentication tokens: assign tokens to users, order new tokens, see token details, edit token details, order letters, etc.

Define active authentication token for users, edit token migration details, etc.

mainly in Adminapp >> Users >> Authentication Tokens (Credentials)

also various properties in Adminapp >> Users

Generic Token API

Custom REST services for custom authentication tokens or other user-related custom information can be added by configuring a "Generic Token Controller" plugin.

Adminapp >> Users > Authentication Tokens (Credentials): add a Generic Token Controller

Token Management

Management of tokens independently of users (e.g. manage hardware OTP tokens, view Cronto token licenses).

Adminapp >> Tokens

Technical Client Management

Manage technical clients (API clients).

Adminapp >> Technical Clients

Maintenance Messages

Manage maintenance messages (list, add, delete, modify).

Adminapp >> Maintenance Messages

SMS Service

Send an SMS message and get the delivery status.

Adminapp >> REST API Configuration >> SMS Service Settings

Tech Client Management

List, Lock/Unlock, and Delete technical clients (API clients).

Related to PSD2 features (see STET PSD2 with Airlock componentsNextGenPSD2 (Berlin Group) with Airlock Secure Access Hub)

Adminapp >> Technical Clients

Attribute level access control (input validation)

To access user attributes through the Adminapp REST API interface, every attribute must be configured as a User Profile Item. This ensures that both GUI and REST API enforce the same access restrictions. To configure User Profile Items see Admin roles and user groups in Adminapp.