Adminapp REST API
Access Control
The Adminapp REST API is accessible only to authenticated admin users with the appropriate rights.
The configuration separates authentication of the REST client from functional authorization:
- Authentication: see Adminapp >> REST API Configuration >> Request Authentication
- Functional authorization: see Adminapp >> Access Control
Functional Access Control
Property Adminapp >> Access Control defines the authorization of an authenticated REST client in the Adminapp REST API.
The default access control plugin Role-based Access Control controls access to a large set of actions. Refer to the plugin documentation in the Config Editor for further details.
Service list
Supported services (see ADMIN-REST-API-REFERENCE for technical details) are:
Service | Description | Configuration Path in Config Editor |
|---|---|---|
User Management | Comprehensive user management services (add, delete, modify, list, search, etc.). Get login statistics, lock/unlock user accounts, set validity range, etc. | Adminapp >> Users |
Password and Authentication Token Management | Management of users' authentication tokens: assign tokens to users, order new tokens, see token details, edit token details, order letters, etc. Define active authentication token for users, edit token migration details, etc. | mainly in Adminapp >> Users >> Authentication Tokens (Credentials) also various properties in Adminapp >> Users |
Generic Token API | Custom REST services for custom authentication tokens or other user-related custom information can be added by configuring a “Generic Token Controller” plugin. | Adminapp >> Users > Authentication Tokens (Credentials): add a Generic Token Controller |
Token Management | Management of tokens independently of users (e.g. manage hardware OTP tokens, view Cronto token licenses). | Adminapp >> Tokens |
Technical Client Management | Manage technical clients (API clients). | Adminapp >> Technical Clients |
Maintenance Messages | Manage maintenance messages (list, add, delete, modify). | Adminapp >> Maintenance Messages |
SMS Service | Send an SMS message and get the delivery status. | Adminapp >> REST API Configuration >> SMS Service Settings |
Tech Client Management | List, Lock/Unlock, and Delete technical clients (API clients). Related to PSD2 features (see STET PSD2 with Airlock components, NextGenPSD2 (Berlin Group) with Airlock Secure Access Hub) | Adminapp >> Technical Clients |
Attribute level access control (input validation)
To access user attributes through the Adminapp REST API interface, every attribute must be configured as a User Profile Item. This ensures that both GUI and REST API enforce the same access restrictions. To configure User Profile Items see Admin roles and user groups in Adminapp.