{"openapi":"3.0.1","info":{"title":"Airlock IAM Loginapp REST API","version":"8.6.0","x-jerseyapp":"base","x-comp-prefix":"Basic"},"servers":[{"url":"/auth/rest"}],"tags":[{"name":"/public_Flow Control","description":"Flows are a fundamental concept that is used in various parts of Airlock IAM. See introduction on <a href=\"#flowControl\">Flow control and flow status</a> for details.","x-displayName":"Flow Control"},{"name":"/public_Maintenance Messages","description":"Maintenance messages are used to display information to end-users on the login screen or during the initiation of an authentication flow. These messages are presented before any connection to a back-end application is established.","x-displayName":"Maintenance Messages"},{"name":"/public_Password","description":"The Password endpoints handle password management tasks such as creation, updates, resets, and policy enforcement. They also support operations related to failed login tracking, account unlocking, and compliance with configured password policies.","x-displayName":"Password"},{"name":"/public_Signing Keys","description":"Endpoints for retrieving the JSON Web Key (JWK) Set document, which contains the public signing key(s) used to validate digital signatures on issued tokens, such as ID tokens or SSO tickets.","x-displayName":"Signing Keys"},{"name":"/public_other","x-displayName":"other"},{"name":"/public_UI","x-displayName":"UI"},{"name":"/public/authentication_Airlock 2FA","description":"Airlock 2FA is a secure and flexible two-factor authentication solution integrated into Airlock IAM. It includes a ready-to-use mobile app and offers various authentication methods such as push notifications, QR code scans (online/offline), and passcodes. Designed for easy integration, it provides a comprehensive set of REST APIs and interfaces, supports mobile-only scenarios, and allows optional use of the Futurae cloud service for simplified operation.","x-displayName":"Airlock 2FA"},{"name":"/public/authentication_Cronto","description":"Cronto is a secure authentication method that uses a color QR code (Cronto image) to transmit encrypted transaction details or login information to the user’s mobile app.","x-displayName":"Cronto"},{"name":"/public/authentication_Device Tokens","description":"With the Device Token feature, REST clients can securely authenticate using public-key cryptography, enabling automated, userless access to protected resources.","x-displayName":"Device Tokens"},{"name":"/public/authentication_Email OTP","description":"In email authentication, a one-time password (OTP), also known as a token code, is sent to the user's email address. The user completes the authentication or verification process by entering the received code into the designated input field.","x-displayName":"Email OTP"},{"name":"/public/authentication_FIDO","description":"The Fast Identity Online (FIDO) standard, developed by the FIDO™ Alliance since its launch in 2013, defines modern, secure authentication methods. It began as Universal 2nd Factor (U2F or FIDO1) and has evolved into FIDO2, which supports both multifactor and passwordless authentication.","x-displayName":"FIDO"},{"name":"/public/authentication_Flow Control","description":"Flows are a fundamental concept that is used in various parts of Airlock IAM. See introduction on <a href=\"#flowControl\">Flow control and flow status</a> for details.","x-displayName":"Flow Control"},{"name":"/public/authentication_Generic OTP","description":"Endpoints for handling one-time passwords (OTPs), also referred to as token codes. These endpoints support the validation and management of OTPs across various authentication methods and are typically used in the context of RADIUS authentication.","x-displayName":"Generic OTP"},{"name":"/public/authentication_Location","description":"Endpoints for accessing a target application or starting flows using a forward location URI.","x-displayName":"Location"},{"name":"/public/authentication_Matrix Cards","description":"Matrix cards, also known as grid cards, are used as a second authentication factor. The user possesses a printed card containing a matrix of codes, and during authentication, the system prompts the user to enter specific codes from defined positions on the card to verify their identity.","x-displayName":"Matrix Cards"},{"name":"/public/authentication_Message Acknowledgement","description":"Endpoints for acknowledging receipt of a message from a previous step.","x-displayName":"Message Acknowledgement"},{"name":"/public/authentication_Migration","description":"Endpoints for migrating a user's active authentication method, allowing the transition from one method (e.g., mTAN, email OTP) to another (e.g., Airlock 2FA) while preserving user continuity and security during the change.","x-displayName":"Migration"},{"name":"/public/authentication_OATH OTP","description":"Airlock IAM supports authentication using both software- and hardware-based OATH-compliant one-time passwords (OTP). When configured, these OTPs can serve as a second factor in multi-factor authentication scenarios.","x-displayName":"OATH OTP"},{"name":"/public/authentication_OAuth 2.0/OIDC","description":"OAuth 2.0 is an authorization framework that allows target applications (OAuth 2.0 clients) to securely access protected HTTP resources—such as user data—on behalf of a user. OpenID Connect 1.0 extends OAuth 2.0 with an identity layer, enabling clients to verify a user's identity and often reducing the number of required HTTP roundtrips.","x-displayName":"OAuth 2.0/OIDC"},{"name":"/public/authentication_Password","description":"The Password endpoints handle password management tasks such as creation, updates, resets, and policy enforcement. They also support operations related to failed login tracking, account unlocking, and compliance with configured password policies.","x-displayName":"Password"},{"name":"/public/authentication_SAML","description":"SAML (Security Assertion Markup Language) is an open, XML-based standard defined by OASIS for enabling cross-domain single sign-on (SSO), allowing users to authenticate once and access multiple systems across organizational boundaries.","x-displayName":"SAML"},{"name":"/public/authentication_SMS/mTAN","description":"In Airlock IAM, mTAN (mobile Transaction Authentication Number) is primarily used as a second authentication factor by sending a one-time password (OTP) via SMS, which the user enters to authenticate. Beyond this, mTAN also supports secure transaction approval by transmitting transaction details along with the OTP, ensuring user confirmation for sensitive actions.","x-displayName":"SMS/mTAN"},{"name":"/public/authentication_SSI","description":"The SSI (Self-Sovereign Identity) REST API in Airlock IAM enables user authentication and authorization based on verifiable credentials (VCs) from decentralized identity systems. It supports issuing VCs to user wallets and verifying presented credentials for authentication, enabling secure and user-controlled identity interactions. It currently supports the Swiss E-ID and the European EUDI Wallets.","x-displayName":"SSI"},{"name":"/public/authentication_Secret Questions","description":"Airlock IAM can be configured to prompt users with security questions to help verify their identity. This method is commonly used in self-service password reset scenarios, where correctly answering selected questions—typically known only to the legitimate user—provides additional assurance of the user's identity.","x-displayName":"Secret Questions"},{"name":"/public/authentication_Terms of Services","description":"Airlock IAM can serve as a central enforcement point for terms of service, requiring users to accept the ToC before gaining access to connected applications.","x-displayName":"Terms of Services"},{"name":"/public/authentication_User","description":"The User API determines a user's identity and returns the next required authentication step based on account status and flow configuration.","x-displayName":"User"},{"name":"/public/authentication_User Context Data","description":"Endpoints for managing user context data, including attributes such as first name, last name, and date of birth. The user context model in Airlock IAM is extensible, allowing customers to define and manage additional custom attributes to meet specific integration or business requirements.","x-displayName":"User Context Data"},{"name":"/public/authentication_Vasco OTP","description":"Airlock IAM supports strong authentication using Digipass OTP tokens from OneSpan (formerly Vasco). These hardware tokens generate time-based one-time passwords (TOTPs), typically displayed as a 6-digit code, and are used to securely verify a user’s identity during login.","x-displayName":"Vasco OTP"},{"name":"/public/authentication_other","x-displayName":"other"},{"name":"/public/authentication_UI","x-displayName":"UI"},{"name":"/public/self-service_Airlock 2FA","description":"Airlock 2FA is a secure and flexible two-factor authentication solution integrated into Airlock IAM. It includes a ready-to-use mobile app and offers various authentication methods such as push notifications, QR code scans (online/offline), and passcodes. Designed for easy integration, it provides a comprehensive set of REST APIs and interfaces, supports mobile-only scenarios, and allows optional use of the Futurae cloud service for simplified operation.","x-displayName":"Airlock 2FA"},{"name":"/public/self-service_Cronto","description":"Cronto is a secure authentication method that uses a color QR code (Cronto image) to transmit encrypted transaction details or login information to the user’s mobile app.","x-displayName":"Cronto"},{"name":"/public/self-service_Device Tokens","description":"With the Device Token feature, REST clients can securely authenticate using public-key cryptography, enabling automated, userless access to protected resources.","x-displayName":"Device Tokens"},{"name":"/public/self-service_Email OTP","description":"In email authentication, a one-time password (OTP), also known as a token code, is sent to the user's email address. The user completes the authentication or verification process by entering the received code into the designated input field.","x-displayName":"Email OTP"},{"name":"/public/self-service_FIDO","description":"The Fast Identity Online (FIDO) standard, developed by the FIDO™ Alliance since its launch in 2013, defines modern, secure authentication methods. It began as Universal 2nd Factor (U2F or FIDO1) and has evolved into FIDO2, which supports both multifactor and passwordless authentication.","x-displayName":"FIDO"},{"name":"/public/self-service_Flow Control","description":"Flows are a fundamental concept that is used in various parts of Airlock IAM. See introduction on <a href=\"#flowControl\">Flow control and flow status</a> for details.","x-displayName":"Flow Control"},{"name":"/public/self-service_Matrix Cards","description":"Matrix cards, also known as grid cards, are used as a second authentication factor. The user possesses a printed card containing a matrix of codes, and during authentication, the system prompts the user to enter specific codes from defined positions on the card to verify their identity.","x-displayName":"Matrix Cards"},{"name":"/public/self-service_Message Acknowledgement","description":"Endpoints for acknowledging receipt of a message from a previous step.","x-displayName":"Message Acknowledgement"},{"name":"/public/self-service_OATH OTP","description":"Airlock IAM supports authentication using both software- and hardware-based OATH-compliant one-time passwords (OTP). When configured, these OTPs can serve as a second factor in multi-factor authentication scenarios.","x-displayName":"OATH OTP"},{"name":"/public/self-service_Password","description":"The Password endpoints handle password management tasks such as creation, updates, resets, and policy enforcement. They also support operations related to failed login tracking, account unlocking, and compliance with configured password policies.","x-displayName":"Password"},{"name":"/public/self-service_SMS/mTAN","description":"In Airlock IAM, mTAN (mobile Transaction Authentication Number) is primarily used as a second authentication factor by sending a one-time password (OTP) via SMS, which the user enters to authenticate. Beyond this, mTAN also supports secure transaction approval by transmitting transaction details along with the OTP, ensuring user confirmation for sensitive actions.","x-displayName":"SMS/mTAN"},{"name":"/public/self-service_SSI","description":"The SSI (Self-Sovereign Identity) REST API in Airlock IAM enables user authentication and authorization based on verifiable credentials (VCs) from decentralized identity systems. It supports issuing VCs to user wallets and verifying presented credentials for authentication, enabling secure and user-controlled identity interactions. It currently supports the Swiss E-ID and the European EUDI Wallets.","x-displayName":"SSI"},{"name":"/public/self-service_Secret Questions","description":"Airlock IAM can be configured to prompt users with security questions to help verify their identity. This method is commonly used in self-service password reset scenarios, where correctly answering selected questions—typically known only to the legitimate user—provides additional assurance of the user's identity.","x-displayName":"Secret Questions"},{"name":"/public/self-service_User","description":"The User API determines a user's identity and returns the next required authentication step based on account status and flow configuration.","x-displayName":"User"},{"name":"/public/self-service_Vasco OTP","description":"Airlock IAM supports strong authentication using Digipass OTP tokens from OneSpan (formerly Vasco). These hardware tokens generate time-based one-time passwords (TOTPs), typically displayed as a 6-digit code, and are used to securely verify a user’s identity during login.","x-displayName":"Vasco OTP"},{"name":"/public/self-service_other","x-displayName":"other"},{"name":"/public/tech-client-registration_Flow Control","description":"Flows are a fundamental concept that is used in various parts of Airlock IAM. See introduction on <a href=\"#flowControl\">Flow control and flow status</a> for details.","x-displayName":"Flow Control"},{"name":"/public/tech-client-registration_OAuth 2.0/OIDC","description":"OAuth 2.0 is an authorization framework that allows target applications (OAuth 2.0 clients) to securely access protected HTTP resources—such as user data—on behalf of a user. OpenID Connect 1.0 extends OAuth 2.0 with an identity layer, enabling clients to verify a user's identity and often reducing the number of required HTTP roundtrips.","x-displayName":"OAuth 2.0/OIDC"},{"name":"/public/tech-client-registration_other","x-displayName":"other"},{"name":"/protected_Cronto","description":"Cronto is a secure authentication method that uses a color QR code (Cronto image) to transmit encrypted transaction details or login information to the user’s mobile app.","x-displayName":"Cronto"},{"name":"/protected_Device Tokens","description":"With the Device Token feature, REST clients can securely authenticate using public-key cryptography, enabling automated, userless access to protected resources.","x-displayName":"Device Tokens"},{"name":"/protected_Password","description":"The Password endpoints handle password management tasks such as creation, updates, resets, and policy enforcement. They also support operations related to failed login tracking, account unlocking, and compliance with configured password policies.","x-displayName":"Password"},{"name":"/protected_SMS/mTAN","description":"In Airlock IAM, mTAN (mobile Transaction Authentication Number) is primarily used as a second authentication factor by sending a one-time password (OTP) via SMS, which the user enters to authenticate. Beyond this, mTAN also supports secure transaction approval by transmitting transaction details along with the OTP, ensuring user confirmation for sensitive actions.","x-displayName":"SMS/mTAN"},{"name":"/protected_Secret Questions","description":"Airlock IAM can be configured to prompt users with security questions to help verify their identity. This method is commonly used in self-service password reset scenarios, where correctly answering selected questions—typically known only to the legitimate user—provides additional assurance of the user's identity.","x-displayName":"Secret Questions"},{"name":"/protected_User","description":"The User API determines a user's identity and returns the next required authentication step based on account status and flow configuration.","x-displayName":"User"},{"name":"/protected_other","x-displayName":"other"},{"name":"/protected/self-service_Airlock 2FA","description":"Airlock 2FA is a secure and flexible two-factor authentication solution integrated into Airlock IAM. It includes a ready-to-use mobile app and offers various authentication methods such as push notifications, QR code scans (online/offline), and passcodes. Designed for easy integration, it provides a comprehensive set of REST APIs and interfaces, supports mobile-only scenarios, and allows optional use of the Futurae cloud service for simplified operation.","x-displayName":"Airlock 2FA"},{"name":"/protected/self-service_Cronto","description":"Cronto is a secure authentication method that uses a color QR code (Cronto image) to transmit encrypted transaction details or login information to the user’s mobile app.","x-displayName":"Cronto"},{"name":"/protected/self-service_Device Tokens","description":"With the Device Token feature, REST clients can securely authenticate using public-key cryptography, enabling automated, userless access to protected resources.","x-displayName":"Device Tokens"},{"name":"/protected/self-service_Email OTP","description":"In email authentication, a one-time password (OTP), also known as a token code, is sent to the user's email address. The user completes the authentication or verification process by entering the received code into the designated input field.","x-displayName":"Email OTP"},{"name":"/protected/self-service_FIDO","description":"The Fast Identity Online (FIDO) standard, developed by the FIDO™ Alliance since its launch in 2013, defines modern, secure authentication methods. It began as Universal 2nd Factor (U2F or FIDO1) and has evolved into FIDO2, which supports both multifactor and passwordless authentication.","x-displayName":"FIDO"},{"name":"/protected/self-service_Flow Control","description":"Flows are a fundamental concept that is used in various parts of Airlock IAM. See introduction on <a href=\"#flowControl\">Flow control and flow status</a> for details.","x-displayName":"Flow Control"},{"name":"/protected/self-service_Matrix Cards","description":"Matrix cards, also known as grid cards, are used as a second authentication factor. The user possesses a printed card containing a matrix of codes, and during authentication, the system prompts the user to enter specific codes from defined positions on the card to verify their identity.","x-displayName":"Matrix Cards"},{"name":"/protected/self-service_Message Acknowledgement","description":"Endpoints for acknowledging receipt of a message from a previous step.","x-displayName":"Message Acknowledgement"},{"name":"/protected/self-service_OATH OTP","description":"Airlock IAM supports authentication using both software- and hardware-based OATH-compliant one-time passwords (OTP). When configured, these OTPs can serve as a second factor in multi-factor authentication scenarios.","x-displayName":"OATH OTP"},{"name":"/protected/self-service_OAuth 2.0/OIDC","description":"OAuth 2.0 is an authorization framework that allows target applications (OAuth 2.0 clients) to securely access protected HTTP resources—such as user data—on behalf of a user. OpenID Connect 1.0 extends OAuth 2.0 with an identity layer, enabling clients to verify a user's identity and often reducing the number of required HTTP roundtrips.","x-displayName":"OAuth 2.0/OIDC"},{"name":"/protected/self-service_Password","description":"The Password endpoints handle password management tasks such as creation, updates, resets, and policy enforcement. They also support operations related to failed login tracking, account unlocking, and compliance with configured password policies.","x-displayName":"Password"},{"name":"/protected/self-service_Remember-Me","description":"Endpoints for managing a user's Remember-Me cookies, including creation, listing, and deletion of persistent login sessions. Remember-Me cookies enable simplified login flows by recognizing returning users and allowing them to skip certain authentication steps. When configured, they can also be used to bypass the second authentication factor for trusted browsers or devices.","x-displayName":"Remember-Me"},{"name":"/protected/self-service_Representation","description":"Endpoints for managing user representation sessions.","x-displayName":"Representation"},{"name":"/protected/self-service_SMS/mTAN","description":"In Airlock IAM, mTAN (mobile Transaction Authentication Number) is primarily used as a second authentication factor by sending a one-time password (OTP) via SMS, which the user enters to authenticate. Beyond this, mTAN also supports secure transaction approval by transmitting transaction details along with the OTP, ensuring user confirmation for sensitive actions.","x-displayName":"SMS/mTAN"},{"name":"/protected/self-service_SSI","description":"The SSI (Self-Sovereign Identity) REST API in Airlock IAM enables user authentication and authorization based on verifiable credentials (VCs) from decentralized identity systems. It supports issuing VCs to user wallets and verifying presented credentials for authentication, enabling secure and user-controlled identity interactions. It currently supports the Swiss E-ID and the European EUDI Wallets.","x-displayName":"SSI"},{"name":"/protected/self-service_User Context Data","description":"Endpoints for managing user context data, including attributes such as first name, last name, and date of birth. The user context model in Airlock IAM is extensible, allowing customers to define and manage additional custom attributes to meet specific integration or business requirements.","x-displayName":"User Context Data"},{"name":"/protected/self-service_Vasco OTP","description":"Airlock IAM supports strong authentication using Digipass OTP tokens from OneSpan (formerly Vasco). These hardware tokens generate time-based one-time passwords (TOTPs), typically displayed as a 6-digit code, and are used to securely verify a user’s identity during login.","x-displayName":"Vasco OTP"},{"name":"/protected/self-service_other","x-displayName":"other"},{"name":"/protected/self-service_UI","x-displayName":"UI"},{"name":"/public/user-self-registration_Airlock 2FA","description":"Airlock 2FA is a secure and flexible two-factor authentication solution integrated into Airlock IAM. It includes a ready-to-use mobile app and offers various authentication methods such as push notifications, QR code scans (online/offline), and passcodes. Designed for easy integration, it provides a comprehensive set of REST APIs and interfaces, supports mobile-only scenarios, and allows optional use of the Futurae cloud service for simplified operation.","x-displayName":"Airlock 2FA"},{"name":"/public/user-self-registration_Data Registration","description":"Endpoints for registering and validating data items provided by a self-registering user, typically used during user onboarding workflows to ensure the correctness and completeness of submitted information.","x-displayName":"Data Registration"},{"name":"/public/user-self-registration_Email OTP","description":"In email authentication, a one-time password (OTP), also known as a token code, is sent to the user's email address. The user completes the authentication or verification process by entering the received code into the designated input field.","x-displayName":"Email OTP"},{"name":"/public/user-self-registration_Flow Control","description":"Flows are a fundamental concept that is used in various parts of Airlock IAM. See introduction on <a href=\"#flowControl\">Flow control and flow status</a> for details.","x-displayName":"Flow Control"},{"name":"/public/user-self-registration_Message Acknowledgement","description":"Endpoints for acknowledging receipt of a transaction approval message from a previous step.","x-displayName":"Message Acknowledgement"},{"name":"/public/user-self-registration_OATH OTP","description":"Airlock IAM supports authentication using both software- and hardware-based OATH-compliant one-time passwords (OTP). When configured, these OTPs can serve as a second factor in multi-factor authentication scenarios.","x-displayName":"OATH OTP"},{"name":"/public/user-self-registration_SMS/mTAN","description":"In Airlock IAM, mTAN (mobile Transaction Authentication Number) is primarily used as a second authentication factor by sending a one-time password (OTP) via SMS, which the user enters to authenticate. Beyond this, mTAN also supports secure transaction approval by transmitting transaction details along with the OTP, ensuring user confirmation for sensitive actions.","x-displayName":"SMS/mTAN"},{"name":"/public/user-self-registration_SSI","description":"The SSI (Self-Sovereign Identity) REST API in Airlock IAM enables user authentication and authorization based on verifiable credentials (VCs) from decentralized identity systems. It supports issuing VCs to user wallets and verifying presented credentials for authentication, enabling secure and user-controlled identity interactions. It currently supports the Swiss E-ID and the European EUDI Wallets.","x-displayName":"SSI"},{"name":"/public/user-self-registration_Terms of Services","description":"Airlock IAM can serve as a central enforcement point for terms of service, requiring users to accept the ToC before gaining access to connected applications.","x-displayName":"Terms of Services"},{"name":"/public/user-self-registration_other","x-displayName":"other"},{"name":"/public/user-self-registration_UI","x-displayName":"UI"},{"name":"/oauth2_OAuth 2.0/OIDC","description":"OAuth 2.0 is an authorization framework that allows target applications (OAuth 2.0 clients) to securely access protected HTTP resources—such as user data—on behalf of a user. OpenID Connect 1.0 extends OAuth 2.0 with an identity layer, enabling clients to verify a user's identity and often reducing the number of required HTTP roundtrips.","x-displayName":"OAuth 2.0/OIDC"},{"name":"/oauth2_Signing Keys","description":"Endpoints for retrieving the JSON Web Key (JWK) Set document, which contains the public signing key(s) used to validate digital signatures on issued tokens, such as ID tokens or SSO tickets.","x-displayName":"Signing Keys"},{"name":"/oauth2_other","x-displayName":"other"}],"paths":{"/public/flow":{"get":{"tags":["/public_Flow Control"],"summary":"Get flow info","description":"Retrieves flow information. If any Loginapp flow is currently active, information\nabout flow type, ID and next step is returned.\n<div class=\"iam-resource-return\">Flow type, ID and next action information about the current active flow.</div>","operationId":"/public/getCurrentFlowState","responses":{"200":{"description":"The current flow information has been successfully returned.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/FlowInformationDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/FlowInformationDataResourceDocument"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"404":{"description":"No flow active.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/public/getCurrentFlowStateCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public_other"]}},"/public/jwks":{"get":{"tags":["/public_Signing Keys"],"summary":"Get JWK Set","description":"Returns the JSON Web Key (JWK) Set document of IAM Loginapp.\n<div class=\"iam-resource-return\">A JWK Set containing all keys used by IAM Loginapp to sign JWTs.</div>","operationId":"/public/getJwks","responses":{"200":{"description":"The JWKS has been returned successfully.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/JwksResponseData"},"examples":{"A JWK Set":{"description":"A JWK Set","value":{"keys":[{"kty":"EC","use":"sig","crv":"P-521","kid":"489600a1536e946749ed99e59105018d84713a90","x":"AQvgoB_NfBuBOWZE_3ONQUxLRiE02uekRxLgQTfTXZuEvYAOGUWZX2OHAyR-n9jM0gKEyQjArl7OhZEB8aNMmpqo","y":"Aftx9XvorV7I7tvfP1doqjzJLnFacSPGYDwNXA1icvGhtObjA1zsUHOQfzP5zeIzC9hSKgqcpdjmrEWipFiN9JTA","alg":"ES512"},{"kty":"RSA","e":"AQAB","use":"sig","kid":"729649aacb86a3af49f7bcfeeb2b018d83c410e4","alg":"RS256","n":"6NWRqi5AuwbjN8-PdkXHmH9Irtr8xlYZmAQtvXVPOX4Q6I_wQA05v2Zwpu8glm_cqHMRPUDywjDMFxCszoeFf9kViQ-bXt-xi-pZyfAo5Nu0KPtu1zaz1vF4aSqXybUV-6xq2L5P2uL_RSScUaJ-cqj09wHya6SXHEtl9WUqqYqcoP2as351PeguktunXxmqjVxfYuXzk6w5KuKunNfT1pgk9Z8hCgmaArHVc9Ane6xlMr4Nkz7hrJoBaoxi7MXBdGitpeBzNQhx5JR1ISN9CIbcsNaY5mJS4j7T6QbUXkNDKQz7cfKQQ5JHYl0gHTxDNvBVXNAXokCZlz_wutHdXw"}]}}}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"JWKS is not configured."}}},"options":{"operationId":"/public/getJwksCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public_other"]}},"/public/maintenance-messages":{"get":{"tags":["/public_Maintenance Messages"],"summary":"List messages","description":"Retrieves the current maintenance message(s) (if any) for the specified location(s). The maintenance messages can be filtered by location. For each location at most one message is retrieved.\nIf no filter is present, the current maintenance message for every location is returned.\n<p>\nThe values of the 'text' and 'language' attributes are determined as follows:\n<ul>\n<li>\nIf the maintenance message is available in a translation as specified by the Accept-Language header:<br>\nthe text attribute contains the message in the desired language. The language attribute is set to the desired language.\n</li>\n<li>\nIf the maintenance message is not available in a translation as specified by the Accept-Language header and a translation to the default language is available:<br>\nthe text attribute contains the message in the default language. The language attribute is set to the default language.\n</li>\n<li>\nIf the maintenance message is not available in a translation as specified by the Accept-Language header and no translation to the default language is available:<br>\nthe response does not contain the text and language attributes.\n</li>\n<li>\nIf no Accept-Language header is set and a translation to the default language is available:<br>\nthe text attribute contains the message in the default language. The language attribute is set to the default language.\n</li>\n<li>\nIf no Accept-Language header is set and no translation to the default language is available:<br>\nthe response does not contain the text and language attributes.\n</li>\n</ul>\n</p>\n<p>\n<ul>\n<li>\n<b>filter</b>: Restricts the set of all messages to those matching the location specified by the filter condition.\nThe allowed filter parameter is <tt>location</tt>. It is a String parameter. OR filtering is supported.\nAND filtering is supported by specifying multiple filter clauses with location parameter.\n</li>\n</ul>\n</p>\n<p>If multiple maintenance messages are active for the same location, the message with the longest remaining validity\nperiod is returned (latest 'validTo' date).</p>\n<div class=\"iam-resource-return\">The current maintenance message(s).</div>","operationId":"/public/retrieveMaintenanceMessages","responses":{"200":{"description":"Returns the list of current maintenance messages. Can be empty.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/MaintenanceMessageDataCollectionDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/MaintenanceMessageDataCollectionDocument"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/public/retrieveMaintenanceMessagesCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public_other"]},"parameters":[{"name":"filter","in":"query","schema":{"type":"array","description":"Applies filtering operations on the resource data set.","items":{"type":"string","description":"Applies filtering operations on the resource data set."}}}]},"/public/ui/languages":{"get":{"tags":["/public_UI"],"summary":"Get UI config","description":"Returns the default UI configuration for authentication.\n<div class=\"iam-resource-return\">A resource document containing the language information of the UI.</div>","operationId":"/public/getDefaultUi","responses":{"200":{"description":"The response contains information about the languages of the UI.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/LocalePreferenceConfigurationDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/LocalePreferenceConfigurationDataResourceDocument"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-internal":"true"},"options":{"operationId":"/public/getDefaultUiCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public_other"]}},"/public/ui/static/configuration":{"get":{"tags":["/public_UI"],"summary":"Get UI attributes","description":"Returns the global UI attributes.\n<div class=\"iam-resource-return\">A resource document containing the global UI attributes.</div>","operationId":"/public/getUiSettings","responses":{"200":{"description":"The response containing the global UI attributes.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/StaticUiConfigurationDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/StaticUiConfigurationDataResourceDocument"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-internal":"true"},"options":{"operationId":"/public/getUiSettingsCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public_other"]}},"/public/password/policy/check":{"post":{"tags":["/public_Password"],"summary":"Validate password","description":"Validates the given password against the configured password policy.\nCould be used as a stand-alone step in a self-registration process.\n<div class=\"iam-resource-return\">nothing.</div>","operationId":"/public/checkPasswordPolicy","requestBody":{"description":"The password to be validated.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/PasswordPolicyCheckRequest"}}},"required":true},"responses":{"200":{"description":"The password was successfully validated against the policy."},"400":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>PASSWORD_POLICY_VIOLATED</td>\n<td>The password violates the password policy. See <a href=\"#passwordPolicyDetailCodes\">password policy violation detail codes</a>.</td>\n</tr>\n</table>\n</div>\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/public/checkPasswordPolicyCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public_other"]}},"/public/authentication/flow":{"delete":{"tags":["/public/authentication_Flow Control"],"summary":"Abort flow","description":"Aborts the current authentication flow.\nDoes not terminate an already authenticated user session.\n<div class=\"iam-resource-return\">the response</div>","operationId":"/public/authentication/abort","responses":{"204":{"description":"Authentication flow successfully terminated."},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/public/authentication/abortCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/authentication_other"]}},"/public/authentication/":{"get":{"tags":["/public/authentication_Flow Control"],"summary":"Get auth info","description":"Retrieves the user's authentication information.\n<div class=\"iam-resource-return\">The authentication information.</div>","operationId":"/public/authentication/retrieveAuthenticationData","responses":{"200":{"description":"Retrieved the user's authentication information.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/AuthenticationDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/AuthenticationDataResourceDocument"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"User is not identified by a previous step.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"delete":{"tags":["/public/authentication_Flow Control"],"summary":"Terminate session","description":"Terminates the authenticated user session. If IAM is behind an Airlock WAF,\nthe WAF session is terminated, even if no user session exists\nlocally in IAM.\n<p>\nOn logout, IAM may send a series of single logout URIs in separate headers to the client. A UI client (typically an SPA) is required\nto execute a redirect to each of the returned URIs before displaying any kind of 'after logout target'.\nThe headers are named <tt>X-SLO-REDIRECT-URI(i)</tt>, where i runs from 1 to the number of sent single logout URIs.\n<p>\nExample: <tt>X-SLO-REDIRECT-URI1</tt>, <tt>X-SLO-REDIRECT-URI2</tt>, <tt>X-SLO-REDIRECT-URI3</tt>...\n</p>\nThe logout URIs can either be absolute URIs (including protocol, host and optional port) or they can be relative to the current host. Relative URIs start with a '/'.\n</p>\n<div class=\"iam-resource-return\">the response</div>","operationId":"/public/authentication/logout","responses":{"204":{"description":"Authentication session successfully terminated."},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/public/authentication/retrieveAuthenticationDataCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/authentication_other"]}},"/public/authentication/ui/configuration/access":{"get":{"operationId":"/public/authentication/getAccessConfiguration","responses":{"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"default":{"description":"default response","content":{"application/vnd.api+json":{},"application/json;qs=0.9":{}}}},"x-internal":"true","tags":["/public/authentication_other"]},"options":{"operationId":"/public/authentication/getAccessConfigurationCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/authentication_other"]}},"/public/authentication/ui/default/application/id":{"get":{"tags":["/public/authentication_UI"],"summary":"Get app ID","description":"Returns the default application ID for authentication.\n<div class=\"iam-resource-return\">A JSON containing the default application ID</div>","operationId":"/public/authentication/getDefaultTargetApplicationId","responses":{"200":{"description":"The response contains the default application ID.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ApplicationIdData"}},"application/json":{"schema":{"$ref":"#/components/schemas/ApplicationIdData"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"404":{"description":"If no UI is available.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-internal":"true"},"options":{"operationId":"/public/authentication/getDefaultTargetApplicationIdCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/authentication_other"]}},"/public/authentication/ui/configuration/logout":{"get":{"operationId":"/public/authentication/getLogoutConfiguration","responses":{"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"default":{"description":"default response","content":{"application/vnd.api+json":{},"application/json;qs=0.9":{}}}},"x-internal":"true","tags":["/public/authentication_other"]},"options":{"operationId":"/public/authentication/getLogoutConfigurationCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/authentication_other"]},"parameters":[{"name":"params","in":"query","style":"form","explode":true,"schema":{"type":"object"}}]},"/public/authentication/ui/non-flow/configuration":{"get":{"operationId":"/public/authentication/getNonFlowUIConfiguration","responses":{"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"default":{"description":"default response","content":{"application/vnd.api+json":{},"application/json;qs=0.9":{}}}},"x-internal":"true","tags":["/public/authentication_other"]},"options":{"operationId":"/public/authentication/getNonFlowUIConfigurationCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/authentication_other"]}},"/public/authentication/ui/on-failure/{flowId}":{"get":{"operationId":"/public/authentication/getOnFailureInfo","responses":{"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"default":{"description":"default response","content":{"application/vnd.api+json":{},"application/json;qs=0.9":{}}}},"x-internal":"true","tags":["/public/authentication_other"]},"options":{"operationId":"/public/authentication/getOnFailureInfoCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/authentication_other"]},"parameters":[{"name":"flowId","in":"path","required":true,"schema":{"maxLength":30,"minLength":1,"type":"string"}}]},"/public/authentication/ui/configuration/oauth2/authorization-servers/{authorizationServerId}/session-management":{"get":{"tags":["/public/authentication_UI"],"summary":"Get configuration","description":"Returns the configuration for the OpenID Connect session management 1.0 UI.\n<div class=\"iam-resource-return\">A JSON containing the configuration for the authorization server</div>","operationId":"/public/authentication/getCheckSessionConfiguration","responses":{"200":{"description":"The response contains the default application ID.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/OpenIdConnectSessionManagementUiConfigDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/OpenIdConnectSessionManagementUiConfigDataResourceDocument"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"404":{"description":"If no UI is available.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-internal":"true"},"options":{"operationId":"/public/authentication/getCheckSessionConfigurationCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/authentication_other"]},"parameters":[{"name":"authorizationServerId","in":"path","description":"The authorization server ID.","required":true,"schema":{"type":"string"}}]},"/public/authentication/one-shot/applications/{applicationId}":{"get":{"operationId":"/public/authentication/access_6","responses":{"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"default":{"description":"default response","content":{"*/*":{}}}},"x-internal":"true","tags":["/public/authentication_other"]},"options":{"operationId":"/public/authentication/access_6CorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/authentication_other"]},"parameters":[{"name":"Location","in":"query","schema":{"type":"string"}},{"name":"applicationId","in":"path","required":true,"schema":{"maxLength":30,"minLength":1,"type":"string"}}]},"/public/authentication/airlock-2fa/activation/device-edit/data":{"post":{"tags":["/public/authentication_Airlock 2FA"],"summary":"Edit attributes","description":"Edit attributes of the activated Airlock 2FA device.\n<p>This endpoint updates only attributes sent with the request. Omitted attributes remain unchanged.</p>\n<div class=\"iam-resource-return\">Whether the changed device attributes were accepted. If a request contains both valid and invalid attributes, only the valid attributes will be processed.\n This endpoint returns a <tt>nextAuthStep</tt> with value <tt>AIRLOCK_2FA_DEVICE_EDIT_POSSIBLE</tt>.\n A follow-up call to the <tt>continue</tt> endpoint will advance the flow and apply the valid changes.\n <p>\n On error, this endpoint returns a detailed list of validation failures.\n </p></div>","operationId":"/public/authentication/editDevice","requestBody":{"description":"Contains the device attributes to be edited. Currently, only the device display name can be changed.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/AuthenticationAirlock2FADeviceEditRequest"}}},"required":true},"responses":{"200":{"description":"Device attributes successfully set. The <tt>nextAuthStep</tt> informs about the step's data validity.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/AuthenticationFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/AuthenticationFlowResultDataResourceDocument"}}}},"400":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>VALIDATION_FAILED</td>\n<td>The supplied attributes could not be validated successfully. See <a href=\"#validationFailures\">validation failures</a> for detail codes.</td>\n</tr>\n</table>\n</div>\n<br>Possible next step: <tt>AIRLOCK_2FA_DEVICE_EDIT_POSSIBLE</tt> (as documented <a href=\"#nextAuthStepCodes\">here</a>).\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"The current flow has been aborted.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/public/authentication/editDeviceCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/authentication_other"]}},"/public/authentication/airlock-2fa/activation/start":{"post":{"tags":["/public/authentication_Airlock 2FA"],"summary":"Start activation","description":"Starts a device activation with Trusted Session Binding.\n<div class=\"iam-resource-return\">The Trusted Session Binding token.</div>","operationId":"/public/authentication/getBindingToken","requestBody":{"description":"Contains the activation code for which the flow binding token is retrieved.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Airlock2FAFlowBindingTokenRequest"}}},"required":true},"responses":{"200":{"description":"Further steps required.\n<br>Next step: <tt>AIRLOCK_2FA_DEVICE_ACTIVATION_REQUIRED</tt>.\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/AuthenticationFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/AuthenticationFlowResultDataResourceDocument"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>AIRLOCK_2FA_DEVICE_ACTIVATION_FAILED</td>\n<td>The activation code corresponds to a valid activation of the user but it is expired or has already been used previously to activate a device.</td>\n</tr>\n<tr>\n<td>AIRLOCK_2FA_DEVICE_ACTIVATION_CODE_INVALID</td>\n<td>The provided activation code does not correspond to a valid activation of the user.</td>\n</tr>\n</table>\n</div>\n<br>The current authentication flow has been aborted.\n<br>Possible next step: none.\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/public/authentication/getBindingTokenCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/authentication_other"]}},"/public/authentication/airlock-2fa/activation/status/poll":{"post":{"tags":["/public/authentication_Airlock 2FA"],"summary":"Poll activation status","description":"Polls the Airlock 2FA activation status.\n<div class=\"iam-resource-return\">The status of the Airlock 2FA activation.\n If the attribute <tt>nextAuthStep</tt> is present in the response, further steps are required to successfully authenticate.\n If the attribute is missing, the user is successfully authenticated.\n </div>","operationId":"/public/authentication/pollActivationStatus","responses":{"200":{"description":"Step completed or further steps required, such as further polling.\n<br>Possible next step: <tt><s>AIRLOCK_2FA_DEVICE_ACTIVATION_POLLING_REQUIRED</s></tt> (will be removed with 9.0,\nclients should be prepared to expect <tt>AIRLOCK_2FA_DEVICE_ACTIVATION_REQUIRED</tt> instead,\nas documented <a href=\"#nextAuthStepCodes\">here</a>).\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/AuthenticationFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/AuthenticationFlowResultDataResourceDocument"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>AIRLOCK_2FA_DEVICE_ACTIVATION_FAILED</td>\n<td>The activation is expired.</td>\n</tr>\n</table>\n</div>\n<br>The current authentication flow has been aborted.\n<br>Possible next step: none.\n<br>Next step: <tt>AIRLOCK_2FA_DEVICE_ACTIVATION_REQUIRED</tt>.\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/public/authentication/pollActivationStatusCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/authentication_other"]},"parameters":[{"name":"queryOnly","in":"query","description":"Whether the final result should be returned (optional, default <tt>false</tt>). See <a href=\"#pollingEndpoints\">polling endpoints</a> for details.","schema":{"type":"boolean"}}]},"/public/authentication/airlock-2fa/activation/device-edit/continue":{"post":{"tags":["/public/authentication_Airlock 2FA"],"summary":"Validate and continue","description":"Validate all data on the current Airlock 2FA device edit step and continue to the next step if possible.\n<div class=\"iam-resource-return\">If the attribute <tt>nextAuthStep</tt> is present in the response, further steps are required\n to successfully authenticate. If the attribute is missing, the user has successfully completed the flow.\n <p>\n On error, this endpoint returns a detailed list of validation failures.\n </p></div>","operationId":"/public/authentication/validateAndContinue","responses":{"200":{"description":"All data successfully received and flow completed if no further steps required.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/AuthenticationFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/AuthenticationFlowResultDataResourceDocument"}}}},"400":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>VALIDATION_FAILED</td>\n<td>The supplied attributes could not be validated successfully. See <a href=\"#validationFailures\">validation failures</a> for detail codes.</td>\n</tr>\n</table>\n</div>\n<br>Possible next step: <tt>AIRLOCK_2FA_DEVICE_EDIT_POSSIBLE</tt> (as documented <a href=\"#nextAuthStepCodes\">here</a>).\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"The current flow has been aborted.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/public/authentication/validateAndContinueCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/authentication_other"]}},"/public/authentication/airlock-2fa/offline-qr-code/otp/check":{"post":{"tags":["/public/authentication_Airlock 2FA"],"summary":"Verify Offline QR Code OTP","description":"Verifies the submitted Airlock 2FA Offline QR Code OTP (challenge response).\nNote that Offline QR Code checks are only possible if the step is in offline mode (using <tt>POST /public/authentication/airlock-2fa/offline/</tt>).\n<div class=\"iam-resource-return\">Whether the check was successful. If the attribute <tt>nextAuthStep</tt> is present in the response,\n further steps are required to successfully authenticate. If the attribute is missing, the user is\n successfully authenticated.</div>","operationId":"/public/authentication/checkOfflineQrCodeOtp","requestBody":{"description":"Contains the Offline QR Code OTP.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Airlock2FAOfflineQrCodeCheckRequest"}}},"required":true},"responses":{"200":{"description":"Authentication successful or further steps required.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/AuthenticationFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/AuthenticationFlowResultDataResourceDocument"}}}},"400":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>AIRLOCK_2FA_QR_CODE_OTP_WRONG</td>\n<td>OTP could not be validated successfully. Retry with correct OTP.</td>\n</tr>\n</table>\n</div>\n<br>Possible next step: <tt>AIRLOCK_2FA_QR_CODE_OTP_REQUIRED</tt> (as documented <a href=\"#nextAuthStepCodes\">here</a>)\n<br>\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>AIRLOCK_2FA_QR_CODE_OTP_WRONG</td>\n<td>The OTP could not be validated successfully and no retries are allowed.</td>\n</tr>\n</table>\n</div>\n<br>The current authentication flow has been aborted.\n<br>Possible next step: none.\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/public/authentication/checkOfflineQrCodeOtpCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/authentication_other"]}},"/public/authentication/airlock-2fa/passcode/check":{"post":{"tags":["/public/authentication_Airlock 2FA"],"summary":"Verify passcode","description":"Verifies the submitted Airlock 2FA passcode. The previously selected device has no impact on the passcode verification.\nNote that passcode checks are only possible if the step is in offline mode (using <tt>POST /public/authentication/airlock-2fa/offline/</tt>).\n<div class=\"iam-resource-return\">Whether the check was successful. If the attribute <tt>nextAuthStep</tt> is present in the response,\n further steps are required to successfully authenticate. If the attribute is missing, the user is\n successfully authenticated.</div>","operationId":"/public/authentication/checkPasscode","requestBody":{"description":"Contains the passcode.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Airlock2FAPasscodeCheckRequest"}}},"required":true},"responses":{"200":{"description":"Authentication successful or further steps required.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/AuthenticationFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/AuthenticationFlowResultDataResourceDocument"}}}},"400":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>AIRLOCK_2FA_PASSCODE_WRONG</td>\n<td>Passcode could not be validated successfully. Retry with correct passcode.</td>\n</tr>\n</table>\n</div>\n<br>Possible next step: <tt>AIRLOCK_2FA_PASSCODE_REQUIRED</tt> (as documented <a href=\"#nextAuthStepCodes\">here</a>).\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>AIRLOCK_2FA_PASSCODE_WRONG</td>\n<td>The passcode could not be validated successfully and no retries are allowed.</td>\n</tr>\n<tr>\n<td>AUTH_METHOD_INACTIVE</td>\n<td>The Airlock 2FA account is locked. No retries are allowed.</td>\n</tr>\n</table>\n</div>\n<br>The current authentication flow has been aborted.\n<br>Possible next step: none.\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/public/authentication/checkPasscodeCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/authentication_other"]}},"/public/authentication/airlock-2fa/status/poll":{"post":{"tags":["/public/authentication_Airlock 2FA"],"summary":"Poll status","description":"Polls the Airlock 2FA authentication status.\n<p>This endpoint is used for authentication using the Airlock 2FA factors One-Touch and Online QR Code,\nor for mobile-only authentication.</p>\n<div class=\"iam-resource-return\">The status of the Airlock 2FA authentication.\n If the attribute <tt>nextAuthStep</tt> is present in the response, further steps are required to successfully\n authenticate. If the attribute is missing, the user is successfully authenticated.</div>","operationId":"/public/authentication/pollAuthenticationStatus","responses":{"200":{"description":"Authentication successful or further steps required, such as further polling.\n<br>Possible next steps: <tt>AIRLOCK_2FA_POLLING_REQUIRED</tt>, <tt>AIRLOCK_2FA_POLLING_OR_OFFLINE_REQUIRED</tt>, <tt>AIRLOCK_2FA_USERNAMELESS_POLLING_REQUIRED</tt>\n(as documented <a href=\"#nextAuthStepCodes\">here</a>).\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/AuthenticationFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/AuthenticationFlowResultDataResourceDocument"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Authentication failed.\n<br>The current authentication flow has been aborted.\n<br>Possible next step: none.\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/public/authentication/pollAuthenticationStatusCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/authentication_other"]},"parameters":[{"name":"queryOnly","in":"query","description":"Whether the final result should be returned (optional, default <tt>false</tt>). See <a href=\"#pollingEndpoints\">polling endpoints</a> for details.","schema":{"type":"boolean"}}]},"/public/authentication/airlock-2fa/devices/{deviceId}/select":{"post":{"tags":["/public/authentication_Airlock 2FA"],"summary":"Select device","description":"Selects the Airlock 2FA device that will be used for authentication.\n<div class=\"iam-resource-return\">If the selection was successful.</div>","operationId":"/public/authentication/selectDevice","responses":{"200":{"description":"Device selection successful. Further steps required, such as polling.\n<br>Possible next steps: <tt>AIRLOCK_2FA_POLLING_REQUIRED</tt>, <tt>AIRLOCK_2FA_POLLING_OR_OFFLINE_REQUIRED</tt> (as documented <a href=\"#nextAuthStepCodes\">here</a>).\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/AuthenticationFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/AuthenticationFlowResultDataResourceDocument"}}}},"400":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>AIRLOCK_2FA_DEVICE_CHOICE_FAILED</td>\n<td>The device could not be selected.</td>\n</tr>\n</table>\n</div>\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Authentication failed.\n<br>The current authentication flow has been aborted.\n<br>Possible next step: none.\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/public/authentication/selectDeviceCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/authentication_other"]},"parameters":[{"name":"deviceId","in":"path","description":"The ID of the device to be selected.","required":true,"schema":{"type":"string"}}]},"/public/authentication/airlock-2fa/offline":{"post":{"tags":["/public/authentication_Airlock 2FA"],"summary":"Switch to offline","description":"Switches to the Airlock 2FA offline mode.\nIn this mode, only passcode and QR code checks can be performed.\n<div class=\"iam-resource-return\">If the attribute <tt>nextAuthStep</tt> is present in the response,\n further steps are required to successfully authenticate. If the attribute is missing, the user is\n successfully authenticated.</div>","operationId":"/public/authentication/switchToOffline","responses":{"200":{"description":"Authentication successful or further steps required.\n<br>Possible next steps: <tt>AIRLOCK_2FA_PASSCODE_REQUIRED</tt>, <tt>AIRLOCK_2FA_QR_CODE_OTP_REQUIRED</tt>, <tt>AIRLOCK_2FA_PASSCODE_OR_QR_CODE_OTP_REQUIRED</tt> (as documented <a\nhref=\"#nextAuthStepCodes\">here</a>)\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/AuthenticationFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/AuthenticationFlowResultDataResourceDocument"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"The current authentication flow has been aborted. May happen if an unprocessed result from the\nonline session is available upon calling this endpoint.\n<br>Possible next step: none.\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/public/authentication/switchToOfflineCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/authentication_other"]}},"/public/authentication/airlock-2fa/recovery/status/poll":{"post":{"tags":["/public/authentication_Airlock 2FA"],"summary":"Poll recovery","description":"Polls the Airlock 2FA recovery status.\n<div class=\"iam-resource-return\">The status of the Airlock 2FA recovery.\n If the attribute <tt>nextAuthStep</tt> is present in the response, further steps are required to successfully authenticate.\n If the attribute is missing, the user is successfully authenticated.</div>","operationId":"/public/authentication/pollRecoveryStatus","responses":{"200":{"description":"Step completed or further steps required, such as further polling.\n<br>Possible next step: <tt>AIRLOCK_2FA_RECOVERY_REQUIRED</tt> (as documented <a href=\"#nextAuthStepCodes\">here</a>).\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/AuthenticationFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/AuthenticationFlowResultDataResourceDocument"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/public/authentication/pollRecoveryStatusCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/authentication_other"]}},"/public/authentication/airlock-2fa/recovery/start":{"post":{"tags":["/public/authentication_Airlock 2FA"],"summary":"Start recovery","description":"Starts the recovery of one or multiple Airlock 2FA devices with Trusted Session Binding.\nOne installation of an Airlock 2FA App can be enrolled for different users.\nEach of these enrollments represents one (virtual) Airlock 2FA Device.\nAll the devices on one Airlock 2FA App installation have to be recovered at the same time.\nIf multiple of these devices require Trusted Session Binding, all of their identifiers have to\nbe provided to this endpoint.\n<div class=\"iam-resource-return\">The Trusted Session Binding token (as part of the additional attributes, as documented <a href=\"#additionalAuthAttributes\">here</a>).</div>","operationId":"/public/authentication/startRecovery","requestBody":{"description":"Contains the identifiers of the devices to be recovered.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Airlock2FARecoveryFlowBindingRequest"}}},"required":true},"responses":{"200":{"description":"Further steps required.\n<br>Next step: <tt>AIRLOCK_2FA_RECOVERY_REQUIRED</tt> (as documented <a href=\"#nextAuthStepCodes\">here</a>).\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/AuthenticationFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/AuthenticationFlowResultDataResourceDocument"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>AIRLOCK_2FA_RECOVERY_DEVICES_INVALID</td>\n<td>The provided devices are invalid. Exactly one of the provided identifiers has to correspond to a device of the current user.</td>\n</tr>\n</table>\n</div>\n<br>The current authentication flow has been aborted.\n<br>Possible next step: none.\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/public/authentication/startRecoveryCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/authentication_other"]}},"/public/authentication/applications/{applicationId}/access":{"post":{"tags":["/public/authentication_Flow Control"],"summary":"Access app by ID","description":"Access a target application by its application ID. If a flow for the\nsame target application is already in progress it will be resumed.\n<p>\nRetrieving information about ongoing flows can be done by calling\n<tt><span class=\"httpMethod small GET\">GET</span>/public/flow/</tt>.\n</p>\n<div class=\"iam-resource-return\">A success response without next step if the client is authorized to access the\n target application or an error response if further steps are required.</div>","operationId":"/public/authentication/access","requestBody":{"description":"Contains the optional forward URI.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/OptionalForwardLocationAccessRequest"}}}},"responses":{"200":{"description":"Authorization is complete, target application can be accessed.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/AuthenticationFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/AuthenticationFlowResultDataResourceDocument"}}}},"400":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>UNEXPECTED_CALL</td>\n<td>A flow for a different application is already in progress. To start a new flow, the running flow must first be terminated.</td>\n</tr>\n</table>\n</div>\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>NOT_AUTHORIZED</td>\n<td>Access not yet granted, more authentication/authorization steps are required.</td>\n</tr>\n</table>\n</div>\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to this target application cannot be granted.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"404":{"description":"No target application with the requested ID exists.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/public/authentication/accessCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/authentication_other"]},"parameters":[{"name":"applicationId","in":"path","description":"The ID of the target application to be accessed.","required":true,"schema":{"maxLength":30,"minLength":1,"type":"string"}}]},"/public/authentication/oauth2/authorization-servers/{authorizationServerId}/authorize":{"post":{"tags":["/public/authentication_OAuth 2.0/OIDC"],"summary":"Initiate OAuth flow","description":"Initiates an OAuth 2.0 Authorization Code Grant/OpenID Connect Authorization Code Flow given the original query string.\nIf successful, the corresponding authentication flow is started. If not, a redirect URI back to the client\nmay be returned with an error.\n<p>\nRetrieving information about ongoing flows can be done by calling\n<tt><span class=\"httpMethod small GET\">GET</span>/public/flow/</tt>.\n</p>\n<div class=\"iam-resource-return\">A success response without next step if the request was validated and the user is authorized to access the\n OAuth 2.0/OpenID Connect client or an error response if further steps are required.<br>\n For OpenID Connect authentication requests containing UI locales, the locales are matched against the configured\n locales. The first matching and therefore valid locale will be reflected in the attribute <tt>uiLocale</tt>\n in the response. The attribute <tt>uiLocale</tt> is missing if either no UI locales were requested or none of\n the requested locales are valid, hence the UI should keep its current locale.</div>","operationId":"/public/authentication/access_1","requestBody":{"description":"Contains the query string containing all authorization parameters","content":{"application/json":{"schema":{"$ref":"#/components/schemas/OAuth2AuthorizationRequest"}}},"required":true},"responses":{"200":{"description":"Authorization is complete. The response contains the <tt>X-Forward-URL</tt> header with the URI pointing\nback to the OAuth 2.0/OpenID Connect client with the authorization response.\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/AuthenticationFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/AuthenticationFlowResultDataResourceDocument"}}}},"400":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>UNEXPECTED_CALL</td>\n<td>A flow is already in progress. To start a new flow, the running flow must first be terminated.</td>\n</tr>\n</table>\n</div>\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>NOT_AUTHORIZED</td>\n<td>Access not yet granted, more authentication/authorization steps are required.</td>\n</tr>\n</table>\n</div>\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to this target application cannot be granted.<br>\n<div class=\"iam-error-code\"><table>\n\t<tr>\n\t\t<td>OAUTH2_AUTHORIZATION_SERVER_INVALID_AUTHORIZATION_REQUEST</td>\n\t\t<td>The OAuth 2.0/OpenID Connect authorization request could not be validated.<br>\n\t\tIn some cases, the response contains an additional attribute <tt>clientRedirectUri</tt>.\n\t\tIf present, the browser should be redirected to this URI pointing back to the OAuth 2.0/OpenID Connect client,\n\t\twhich also contains some information about the error.</td>\n\t</tr>\n\t<tr>\n\t\t<td>OAUTH2_AUTHORIZATION_SERVER_REAUTHENTICATION_REQUIRED</td>\n\t\t<td>The OpenID Connect authentication request requires the user to be re-authenticated. The current user\n\t\tsession has to be deauthenticated (using <span class=\"httpMethod small DELETE\">DELETE</span><tt>\n\t\t/public/authentication/</tt>) first, before calling this endpoint with this OpenID Connect authentication\n\t\trequest.</td>\n\t</tr>\n</table>\n</div>\n<br>Possible next step: none.\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"404":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>AUTHORIZATION_SERVER_NOT_FOUND</td>\n<td>The authorization server ID does not exist.</td>\n</tr>\n</table>\n</div>\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/public/authentication/access_1CorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/authentication_other"]},"parameters":[{"name":"authorizationServerId","in":"path","description":"The authorization server ID.","required":true,"schema":{"type":"string"}}]},"/public/authentication/location/access":{"post":{"tags":["/public/authentication_Location"],"summary":"Access application","description":"Access a target application by its forward location URI. If a flow for the same location URI\nis already in progress it will be resumed. If a flow for either an unspecified or different\nlocation URI is already in progress, an error will be returned.\n<p>\nRetrieving information about ongoing flows can be done by calling\n<tt><span class=\"httpMethod small GET\">GET</span>/public/flow/</tt>.\n</p>\n<div class=\"iam-resource-return\">A success response without next step if the client is authorized to access the\n target application or an error response if further steps are required.</div>","operationId":"/public/authentication/access_2","requestBody":{"description":"Contains the forward URI.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ForwardLocationAccessRequest"}}},"required":true},"responses":{"200":{"description":"Authorization is complete, target application can be accessed.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/AuthenticationFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/AuthenticationFlowResultDataResourceDocument"}}}},"400":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>UNEXPECTED_CALL</td>\n<td>A flow with either a missing or different location URI is already in progress. To start a new flow, the running flow must first be terminated.</td>\n</tr>\n</table>\n</div>\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>NOT_AUTHORIZED</td>\n<td>Access not yet granted, more authentication/authorization steps are required.</td>\n</tr>\n</table>\n</div>\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to this target application cannot be granted.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/public/authentication/access_2CorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/authentication_other"]}},"/public/authentication/default-application/access":{"post":{"tags":["/public/authentication_Flow Control"],"summary":"Access application","description":"Access the default target application. If a flow for the default target application is already\nin progress it will be resumed.\n<p>\nRetrieving information about ongoing flows can be done by calling\n<tt><span class=\"httpMethod small GET\">GET</span>/public/flow/</tt>.\n</p>\n<div class=\"iam-resource-return\">A success response without next step if the client is authorized to access the\n target application or an error response if further steps are required.</div>","operationId":"/public/authentication/access_3","requestBody":{"description":"Contains the optional forward URI.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/OptionalForwardLocationAccessRequest"}}}},"responses":{"200":{"description":"Authorization is complete, target application can be accessed.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/AuthenticationFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/AuthenticationFlowResultDataResourceDocument"}}}},"400":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>UNEXPECTED_CALL</td>\n<td>A flow for a different application is already in progress. To start a new flow, the running flow must first be terminated.</td>\n</tr>\n</table>\n</div>\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>NOT_AUTHORIZED</td>\n<td>Access not yet granted, more authentication/authorization steps are required.</td>\n</tr>\n</table>\n</div>\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to this target application cannot be granted.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/public/authentication/access_3CorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/authentication_other"]}},"/public/authentication/message/acknowledge":{"post":{"tags":["/public/authentication_Message Acknowledgement"],"summary":"Acknowledge message","description":"Acknowledges a previously received message.\nThe message can be a pre-configured message ID or server-generated message, depending on the step configuration.\nIt has been received as an additional in a previous step response (as documented <a href=\"#additionalAuthAttributes\">here</a>).\n<div class=\"iam-resource-return\">If the attribute <tt>nextAuthStep</tt> is present in the response,\n further steps are required to successfully authenticate. If the attribute is missing, the user is\n successfully authenticated.</div>","operationId":"/public/authentication/acknowledgeMessageId","responses":{"200":{"description":"Authentication successful or further steps required (as documented <a href=\"#nextAuthStepCodes\">here</a>).","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/AuthenticationFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/AuthenticationFlowResultDataResourceDocument"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/public/authentication/acknowledgeMessageIdCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/authentication_other"]}},"/public/authentication/dynamic-steps/{stepId}/activate":{"post":{"tags":["/public/authentication_Flow Control"],"summary":"Activate step","description":"Activates a flow step.\n<div class=\"iam-resource-return\">The required next step action or an error if the step ID is invalid or the step could not be activated.</div>","operationId":"/public/authentication/activate","responses":{"200":{"description":"Authentication successful or further steps required.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/AuthenticationFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/AuthenticationFlowResultDataResourceDocument"}}}},"400":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>INVALID_STEP_ID</td>\n<td>The selected step ID is not available.</td>\n</tr>\n<tr>\n<td>STEP_ACTIVATION_NOT_ALLOWED</td>\n<td>The selected step cannot be activated.</td>\n</tr>\n</table>\n</div>\n<br>Possible next step: always the same as before the activate call.\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/public/authentication/activateCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/authentication_other"]},"parameters":[{"name":"stepId","in":"path","description":"The ID of the step to be activated.","required":true,"schema":{"maxLength":30,"minLength":1,"type":"string"}}]},"/public/authentication/dynamic-steps/{stepId}/deactivate":{"post":{"tags":["/public/authentication_Flow Control"],"summary":"Deactivate step","description":"Deactivates a flow step.\n<div class=\"iam-resource-return\">The required next step action or an error if the step ID is invalid or the step could not be deactivated.</div>","operationId":"/public/authentication/deactivate","responses":{"200":{"description":"Authentication successful or further steps required.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/AuthenticationFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/AuthenticationFlowResultDataResourceDocument"}}}},"400":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>INVALID_STEP_ID</td>\n<td>The selected step ID is not available.</td>\n</tr>\n<tr>\n<td>STEP_DEACTIVATION_NOT_ALLOWED</td>\n<td>The selected step cannot be deactivated.</td>\n</tr>\n</table>\n</div>\n<br>Possible next step: always the same as before the deactivate call.\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/public/authentication/deactivateCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/authentication_other"]},"parameters":[{"name":"stepId","in":"path","description":"The ID of the step to be deactivated","required":true,"schema":{"maxLength":30,"minLength":1,"type":"string"}}]},"/public/authentication/dynamic-steps/retrieve":{"post":{"tags":["/public/authentication_Flow Control"],"summary":"List steps","description":"Retrieves list of all steps that can be dynamically activated or deactivated on the current step.\n<div class=\"iam-resource-return\">A list of dynamic steps with their activation information.</div>","operationId":"/public/authentication/retrieve","responses":{"200":{"description":"The information has been successfully returned.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/AuthenticationDynamicStepActivationDataCollectionDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/AuthenticationDynamicStepActivationDataCollectionDocument"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/public/authentication/retrieveCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/authentication_other"]}},"/public/authentication/goto-targets/{stepId}/goto":{"post":{"tags":["/public/authentication_Flow Control"],"summary":"Go to step","description":"Go to the selected flow step.\n<div class=\"iam-resource-return\">The required next step action or an error if the step ID is invalid.</div>","operationId":"/public/authentication/doGoto","responses":{"200":{"description":"Authentication successful or further steps required.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/AuthenticationFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/AuthenticationFlowResultDataResourceDocument"}}}},"400":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>GOTO_FAILED</td>\n<td>The selected step ID is not available.</td>\n</tr>\n</table>\n</div>\n<br>Possible next step: always the same as before the goto call.\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/public/authentication/doGotoCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/authentication_other"]},"parameters":[{"name":"stepId","in":"path","description":"The goto target's step ID.","required":true,"schema":{"maxLength":30,"minLength":1,"type":"string"}}]},"/public/authentication/goto-targets/retrieve":{"post":{"tags":["/public/authentication_Flow Control"],"summary":"List steps","description":"Retrieves possible target steps of an interactive goto.\n<div class=\"iam-resource-return\">A list of target steps.</div>","operationId":"/public/authentication/retrieve_1","responses":{"200":{"description":"The information has been successfully returned.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/AuthenticationGotoTargetAttributesDataCollectionDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/AuthenticationGotoTargetAttributesDataCollectionDocument"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/public/authentication/retrieve_1CorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/authentication_other"]}},"/public/authentication/selection/options/{id}/select":{"post":{"tags":["/public/authentication_Flow Control"],"summary":"Select option","description":"Selects the given option if available.\n<div class=\"iam-resource-return\">The selected next step or an error if the option is invalid.</div>","operationId":"/public/authentication/selectOption","responses":{"200":{"description":"Selected the chosen step and requires next step actions.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/AuthenticationFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/AuthenticationFlowResultDataResourceDocument"}}}},"400":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>SELECTION_FAILED</td>\n<td>The selected option is not available.</td>\n</tr>\n</table>\n</div>\n<br>Possible next step: <tt>SELECTION_REQUIRED</tt> (as documented <a href=\"#nextAuthStepCodes\">here</a>).\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/public/authentication/selectOptionCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/authentication_other"]},"parameters":[{"name":"id","in":"path","description":"option to select.","required":true,"schema":{"maxLength":1000,"minLength":1,"type":"string"}}]},"/public/authentication/terms-of-services/accept-retrieved":{"post":{"tags":["/public/authentication_Terms of Services"],"summary":"Accept terms","description":"Accepts all previously retrieved terms of services.\n<div class=\"iam-resource-return\">Whether the terms of services have been successfully marked as accepted. If the attribute <tt>nextAuthStep</tt>\n is present in the response, further steps are required to successfully authenticate. If the attribute is missing,\n the user is successfully authenticated.</div>","operationId":"/public/authentication/acceptRetrieved","responses":{"200":{"description":"All open terms of services that were previously retrieved have been successfully marked as accepted.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/AuthenticationFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/AuthenticationFlowResultDataResourceDocument"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Called accept-retrieved before retrieve. The current authentication flow has been aborted.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/public/authentication/acceptRetrievedCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/authentication_other"]}},"/public/authentication/terms-of-services/deny-retrieved":{"post":{"tags":["/public/authentication_Terms of Services"],"summary":"Deny terms","description":"Denies any of the previously retrieved terms of service.\nThis operation aborts the current flow.","operationId":"/public/authentication/deny","responses":{"204":{"description":"Denial of the terms of services has been registered and the current authentication flow has been successfully aborted."},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/public/authentication/denyCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/authentication_other"]}},"/public/authentication/terms-of-services/retrieve":{"post":{"tags":["/public/authentication_Terms of Services"],"summary":"Get terms","description":"Returns a list of terms of services that need to be accepted.\nThe language of the text is chosen by the specified Accept-Language request header. If a text is configured for the given language,\nthe text will contain the message in the desired language. Otherwise, the text will contain the message in the\nconfigured default language.\n<div class=\"iam-resource-return\">A list of terms of services</div>","operationId":"/public/authentication/retrieveOpenTermsOfService","responses":{"200":{"description":"A list of terms of services has been returned.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/TermsOfServiceAuthResultDataCollectionDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/TermsOfServiceAuthResultDataCollectionDocument"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/public/authentication/retrieveOpenTermsOfServiceCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/authentication_other"]}},"/public/authentication/cronto/activation/start":{"post":{"tags":["/public/authentication_Cronto"],"summary":"Verify OTP","description":"Verifies the first Cronto device activation OTP.\nIf the user has a Cronto activation letter, the request contains the OTP from scanning the\ncryptogram on the letter.\nIf the user is allowed to activate a Cronto device without a letter, the request contains the OTP\nfrom the first activation challenge, which was returned as <a href=\"#additionalAuthAttributes\">additional attribute</a>\nwith the <tt>CRONTO_ACTIVATION_START_WITHOUT_LETTER_REQUIRED</tt> next step code.\n<div class=\"iam-resource-return\">Whether the check was successful. In successful responses, the attribute <tt>nextAuthStep</tt> will be present\n which indicates that further steps are required to successfully activate the Cronto device.</div>","operationId":"/public/authentication/verifyFirstOtp","requestBody":{"description":"Contains the OTP from the first Cronto activation challenge.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/CrontoStartDeviceActivationFlowRequest"}}},"required":true},"responses":{"200":{"description":"OTP verified and new challenge created.\n<br>Next step: <tt>CRONTO_ACTIVATION_COMPLETE_REQUIRED</tt> (as documented <a href=\"#nextAuthStepCodes\">here</a>).\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/AuthenticationFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/AuthenticationFlowResultDataResourceDocument"}}}},"400":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>CRONTO_OTP_WRONG</td>\n<td>OTP could not be validated successfully. Retry with correct OTP.</td>\n</tr>\n</table>\n</div>\n<br>Possible next step: <tt>CRONTO_ACTIVATION_START_REQUIRED</tt> (as documented <a href=\"#nextAuthStepCodes\">here</a>).\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>CRONTO_OTP_WRONG</td>\n<td>The OTP could not be validated successfully and no retries are allowed.</td>\n</tr>\n<tr>\n<td>CRONTO_LETTER_INVALID</td>\n<td>The activation letter is not valid.</td>\n</tr>\n<tr>\n<td>ILLEGAL_CRONTO_PLATFORM</td>\n<td>The platform of the activation letter is not allowed.</td>\n</tr>\n<tr>\n<td>CRONTO_DEVICE_LIMIT_REACHED</td>\n<td>The maximum number of devices has been reached.</td>\n</tr>\n<tr>\n<td>CRONTO_LETTER_USAGE_LIMIT_REACHED</td>\n<td>The maximum number of activation letter uses has been reached.</td>\n</tr>\n</table>\n</div>\n<br>The current authentication flow has been aborted.\n<br>Possible next step: none.\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/public/authentication/verifyFirstOtpCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/authentication_other"]}},"/public/authentication/cronto/activation/complete":{"post":{"tags":["/public/authentication_Cronto"],"summary":"Complete activation","description":"Completes activating a new Cronto Device.\nActivates a new Cronto device by verifying the OTP the user has extracted from the cryptogram that was returned\nas <a href=\"#additionalAuthAttributes\">additional attribute</a> with the <tt>CRONTO_ACTIVATION_COMPLETE_REQUIRED</tt> next step code.\n<div class=\"iam-resource-return\">Whether the check was successful. If the attribute <tt>nextAuthStep</tt> is present in the response,\n further steps are required to successfully authenticate. If the attribute is missing, the user is\n successfully authenticated.</div>","operationId":"/public/authentication/verifySecondOtp","requestBody":{"description":"Contains the second OTP and the device label for the newly activated Cronto device.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/CrontoCompleteDeviceActivationFlowRequest"}}},"required":true},"responses":{"200":{"description":"Cronto device activation completed. Authentication successful or further steps required.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/AuthenticationFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/AuthenticationFlowResultDataResourceDocument"}}}},"400":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>CRONTO_OTP_WRONG</td>\n<td>OTP could not be validated successfully. Retry with correct OTP.</td>\n</tr>\n</table>\n</div>\n<br>Possible next step: <tt>CRONTO_ACTIVATION_COMPLETE_REQUIRED</tt> (as documented <a href=\"#nextAuthStepCodes\">here</a>).\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>CRONTO_OTP_WRONG</td>\n<td>The OTP could not be validated successfully and no retries are allowed.</td>\n</tr>\n<tr>\n<td>CRONTO_DEVICE_ALREADY_EXISTS</td>\n<td>Cronto device already activated.</td>\n</tr>\n</table>\n</div>\n<br>The current authentication flow has been aborted.\n<br>Possible next step: none.\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/public/authentication/verifySecondOtpCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/authentication_other"]}},"/public/authentication/cronto/otp/check":{"post":{"tags":["/public/authentication_Cronto"],"summary":"Verify Cronto OTP","description":"Verifies the submitted Cronto OTP.\nThe OTP was entered by the user (after scanning the cryptogram image) or returned by the Cronto app\n(when using the secure channel challenge in app-to-app communication).\n<p>Use this call for manual OTP validation for a <tt>CRONTO_OTP_REQUIRED</tt> next auth step\n(when \"onlineValidation\" was false, or offline fallback was selected by the user). Note that in any case\nmanually OTP checking <em>cancels online validation</em>. It is recommended to obtain the current\nchallenge again after each failed OTP check, as the \"onlineValidation\" flag could have changed.</p>\n<div class=\"iam-resource-return\">Whether the check was successful. If the attribute <tt>nextAuthStep</tt> is present in the response,\n further steps are required to successfully authenticate. If the attribute is missing, the user is\n successfully authenticated.</div>","operationId":"/public/authentication/checkCrontoOtp","requestBody":{"description":"Contains the Cronto OTP.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/GenericOtpCheckRequest"}}},"required":true},"responses":{"200":{"description":"Authentication successful or further steps required.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/AuthenticationFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/AuthenticationFlowResultDataResourceDocument"}}}},"400":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>CRONTO_OTP_WRONG</td>\n<td>OTP could not be validated successfully. Retry with correct OTP.</td>\n</tr>\n</table>\n</div>\n<br>Possible next step: <tt>CRONTO_OTP_REQUIRED</tt> (as documented <a href=\"#nextAuthStepCodes\">here</a>).\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>CRONTO_OTP_WRONG</td>\n<td>The OTP could not be validated successfully and no retries are allowed.</td>\n</tr>\n</table>\n</div>\n<br>The current authentication flow has been aborted.\n<br>Possible next step: none.\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/public/authentication/checkCrontoOtpCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/authentication_other"]}},"/public/authentication/cronto/otp/poll":{"post":{"tags":["/public/authentication_Cronto"],"summary":"Poll status","description":"Allows polling whether the Cronto challenge has been answered by the app (\"online validation\"). If there\nhas not been any response from the app, keep polling in regular intervals or check the OTP manually\n(<tt>POST /cronto/otp/check</tt>).\n<div class=\"iam-resource-return\">The status of the online validation (still waiting/success/cancelled/failed).\n If the attribute <tt>nextAuthStep</tt> is present in the response, further steps are required to\n successfully authenticate. If the attribute is missing, the user is successfully authenticated.</div>","operationId":"/public/authentication/pollOnlineValidation","responses":{"200":{"description":"Challenge not yet validated (retry later or check OTP manually), authentication successful or further steps required.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/AuthenticationFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/AuthenticationFlowResultDataResourceDocument"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>CRONTO_OTP_WRONG</td>\n<td>The OTP could not be validated successfully.</td>\n</tr>\n<tr>\n<td>CANCELLED_BY_USER</td>\n<td>The process has been cancelled by the user in the app.</td>\n</tr>\n</table>\n</div>\n<br>The current authentication flow has been aborted.\n<br>Possible next step: none.\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/public/authentication/pollOnlineValidationCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/authentication_other"]},"parameters":[{"name":"queryOnly","in":"query","description":"Whether the final result should be returned (optional, default <tt>false</tt>). See <a href=\"#pollingEndpoints\">polling endpoints</a> for details.","schema":{"type":"boolean"}}]},"/public/authentication/cronto/offline":{"post":{"tags":["/public/authentication_Cronto"],"summary":"Select offline auth","description":"Selects offline authentication. No push notification is sent to a device and no subsequent online validation\nof the response will be possible.\n<div class=\"iam-resource-return\">Whether the selection of offline authentication was successful. Gives information about the next authentication step required.</div>","operationId":"/public/authentication/selectOfflineAuthentication","responses":{"200":{"description":"Successfully selected an offline device.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/AuthenticationFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/AuthenticationFlowResultDataResourceDocument"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Offline selection failed. The current authentication flow has been aborted.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/public/authentication/selectOfflineAuthenticationCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/authentication_other"]}},"/public/authentication/cronto/push-devices/{id}/select":{"post":{"tags":["/public/authentication_Cronto"],"summary":"Select push device","description":"Selects one of the active push devices to which the push notification will be sent.\n<div class=\"iam-resource-return\">Whether the device selection was successful. Gives information about the next authentication step required.</div>","operationId":"/public/authentication/selectPushDevice","responses":{"200":{"description":"Push device successfully selected, notification sent.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/AuthenticationFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/AuthenticationFlowResultDataResourceDocument"}}}},"400":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>CRONTO_DEVICE_CHOICE_FAILED</td>\n<td>Invalid ID selected. Retry with valid ID.</td>\n</tr>\n</table>\n</div>\n<br>Possible next step: <tt>CRONTO_DEVICE_CHOICE_REQUIRED</tt> (as documented <a href=\"#nextAuthStepCodes\">here</a>).\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>CRONTO_DEVICE_CHOICE_FAILED</td>\n<td>Invalid ID selected.</td>\n</tr>\n</table>\n</div>\n<br>The current authentication flow has been aborted.\n<br>Possible next step: none.\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/public/authentication/selectPushDeviceCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/authentication_other"]},"parameters":[{"name":"id","in":"path","description":"The ID of the selected push device.","required":true,"schema":{"maxLength":50,"minLength":1,"type":"string"}}]},"/public/authentication/cronto/push-devices/activation/continue":{"post":{"tags":["/public/authentication_Cronto"],"summary":"Continue activation","description":"Continues after Cronto push activation.\nVerifies that push activation was successful. This endpoint has \"polling\" semantic, as long as push activation\nis still pending, <tt>CRONTO_PUSH_ACTIVATION_POSSIBLE</tt> is returned. Once push activation is complete, the\nflow is continued.\n<div class=\"iam-resource-return\">A success result if the device successfully activated push.</div>","operationId":"/public/authentication/checkCompleted","responses":{"200":{"description":"Push not yet activated (retry later), authentication successful or further steps required.\n<br>Possible next steps: <tt>CRONTO_PUSH_ACTIVATION_POSSIBLE</tt> (as documented <a href=\"#nextAuthStepCodes\">here</a>).\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/AuthenticationFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/AuthenticationFlowResultDataResourceDocument"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/public/authentication/checkCompletedCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/authentication_other"]},"parameters":[{"name":"queryOnly","in":"query","description":"Whether the final result should be returned (optional, default <tt>false</tt>). See <a href=\"#pollingEndpoints\">polling endpoints</a> for details.","schema":{"type":"boolean"}}]},"/public/authentication/cronto/push-devices/activation/never":{"post":{"tags":["/public/authentication_Cronto"],"summary":"Never activate push","description":"Never activate push on this device.\nThe flow continues without push activation. The device is marked as not being push-enabled and\nthe user will never be asked again to activate push on this device.\n<div class=\"iam-resource-return\">A success result (selecting \"never\" cannot fail).</div>","operationId":"/public/authentication/never","responses":{"200":{"description":"Push activation skipped and push disabled on device. If no further steps are required, the authentication flow has completed.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/AuthenticationFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/AuthenticationFlowResultDataResourceDocument"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/public/authentication/neverCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/authentication_other"]}},"/public/authentication/cronto/push-devices/activation/skip":{"post":{"tags":["/public/authentication_Cronto"],"summary":"Skip activation","description":"Skips the Cronto push activation.\nThe flow continues without push activation. After a configurable number of logins with this\ndevice, the push activation will be offered again.\n<div class=\"iam-resource-return\">A success result (skipping cannot fail).</div>","operationId":"/public/authentication/skip","responses":{"200":{"description":"Push activation skipped and authentication flow completed if no further steps required.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/AuthenticationFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/AuthenticationFlowResultDataResourceDocument"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/public/authentication/skipCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/authentication_other"]}},"/public/authentication/device-token/check":{"post":{"tags":["/public/authentication_Device Tokens"],"summary":"Verify JWT","description":"Verify device token JWT.\n<p>\nVerifies the submitted JWT. The JWT must contain at least the following claims:\n<ul>\n<li>\"challenge\": The challenge.</li>\n</ul>\nIt must be signed by the device token key using the same algorithm as in the device token creation process.\n</p>\n<div class=\"iam-resource-return\">Whether the check was successful.</div>","operationId":"/public/authentication/checkJwt","requestBody":{"description":"The JWT to be verified.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/DeviceTokenResponseCheckRequest"}}},"required":true},"responses":{"200":{"description":"Authentication successful or further steps required.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/AuthenticationFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/AuthenticationFlowResultDataResourceDocument"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>DEVICE_TOKEN_VERIFICATION_FAILED</td>\n<td>\nDevice token verification failed for one of the following reasons:\n\t\t\t<ul>\n \t\t\t\t<li>Signature on JWT is wrong</li>\n \t\t\t\t<li>Signed wrong challenge</li>\n \t\t\t\t<li>Challenge expired</li>\n \t\t\t\t<li>Device token expired</li>\n \t\t\t\t<li>Device token disabled</li>\n\t\t\t</ul>\n\t\t</td>\n\t</tr>\n</table>\n</div>\n<br>Possible next step: none.\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/public/authentication/checkJwtCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/authentication_other"]}},"/public/authentication/device-token/{deviceTokenId}/challenge/retrieve":{"post":{"tags":["/public/authentication_Device Tokens"],"summary":"Get challenge","description":"Get device token challenge.\n<p>\nReturns a challenge for the device token authentication step.\n</p>\n<p>\nThe challenge is a random alphanumeric string. It has to be included in a JWT and signed by the device token key.\n</p>\n<p>\nNote that, by default a challenge is <b>always</b> issued (status code 200) for users who are not authenticated, regardless of whether the device ID is known. This is done to prevent\nenumeration attacks. The retrieval for unauthenticated users can be configured to fail (status code 404) if the device ID is unknown.\n</p>\n<div class=\"iam-resource-return\">A challenge string.</div>","operationId":"/public/authentication/retrieveChallenge_1","responses":{"200":{"description":"A challenge has been returned.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/DeviceTokenChallengeDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/DeviceTokenChallengeDataResourceDocument"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"404":{"description":"No device token with the specified ID found (only if the user is authenticated or fail on challenge retrieval is enabled).","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/public/authentication/retrieveChallenge_1CorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/authentication_other"]},"parameters":[{"name":"deviceTokenId","in":"path","description":"The ID of the client device token.","required":true,"schema":{"maxLength":50,"minLength":1,"type":"string"}}]},"/public/authentication/device-token/registration/start":{"post":{"tags":["/public/authentication_Device Tokens"],"summary":"Start token registration","description":"Starts a device token registration during an authentication flow.\n<p>\nRegister a new device token by providing a JSON Web Key (JWK) public key and optionally a label and/or a serial ID of the device.\nThe device token is only persisted if a subsequent \"Apply Changes Step\"\nwith an \"Apply Device Token Registration\" handler is configured.\n</p>\n<p>\nThe public key is represented as specified in JWK (RFC7517). Currently elliptic curve signatures (keys of type \"EC\") are supported.<br/>\nThe following attributes are expected in the public key attribute (according to the JWK specification):\n<ul>\n<li>\"crv\" - the elliptic curve. Supported values are:\n<ul>\n<li>\"P-256\": for ES256 signatures</li>\n<li>\"P-256K\": for ES256K signatures</li>\n<li>\"P-384\": for ES384 signatures</li>\n<li>\"P-521\": for ES512 signatures</li>\n</ul>\nPlease note: During registration all four values are always allowed, but for the other use cases of device tokens (e.g. authentication)\nit is possible to restrict (in the IAM configuration) which curves are allowed.</li>\n<li>\"x\" - the x coordinate of the base point.</li>\n<li>\"y\" - the y coordinate of the base point.</li>\n<li>\"kty\" - the key type - must be \"EC\"</li>\n<li>\"kid\" - a key identifier (optional)</li>\n</ul>\n</p>\n<div class=\"iam-resource-return\">If the attribute <tt>nextAuthStep</tt> is present in the response, further steps are required.\n If the attribute is missing, the registration has been successfully completed.</div>","operationId":"/public/authentication/registerDeviceToken","requestBody":{"description":"A request to start a registration for a new device token (public key, optionally label and serial).","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/DeviceTokenRegistrationRequest"}},"application/json":{"schema":{"$ref":"#/components/schemas/DeviceTokenRegistrationRequest"}}},"required":true},"responses":{"200":{"description":"Device token registration successfully started.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/AuthenticationFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/AuthenticationFlowResultDataResourceDocument"}}}},"400":{"description":"The supplied attributes could not be validated (wrong key type, wrong key length, or missing attribute).","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/public/authentication/registerDeviceTokenCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/authentication_other"]}},"/public/authentication/email/otp/check":{"post":{"tags":["/public/authentication_Email OTP"],"summary":"Check email OTP","description":"Checks the submitted email OTP.\n<div class=\"iam-resource-return\">Whether the check was successful. If the attribute <tt>nextAuthStep</tt> is present in the response,\n further steps are required to successfully authenticate. If the attribute is missing, the user is\n successfully authenticated.</div>","operationId":"/public/authentication/checkOtp","requestBody":{"description":"Request containing the OTP.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/GenericOtpCheckRequest"}}},"required":true},"responses":{"200":{"description":"Authentication successful or further steps required.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/AuthenticationFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/AuthenticationFlowResultDataResourceDocument"}}}},"400":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>OTP_WRONG</td>\n<td>The OTP could not be validated successfully.</td>\n</tr>\n</table>\n</div>\n<br>Possible next step: <tt>EMAIL_OTP_CHECK_REQUIRED</tt> (as documented <a href=\"#nextAuthStepCodes\">here</a>).\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>OTP_WRONG</td>\n<td>The OTP could not be validated successfully. No retries are possible.</td>\n</tr>\n<tr>\n<td>OTP_EXPIRED</td>\n<td>The OTP has expired.</td>\n</tr>\n</table>\n</div>\n<br>The current authentication flow has been aborted.\n<br>Possible next step: none.\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/public/authentication/checkOtpCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/authentication_other"]}},"/public/authentication/email/otp/resend":{"post":{"tags":["/public/authentication_Email OTP"],"summary":"Resend email OTP","description":"Resends the email OTP.\n<div class=\"iam-resource-return\">Whether the resend was successful and informs about the <tt>nextAuthStep</tt>.\n Additionally, the response includes information about the possibility of an OTP resend.</div>","operationId":"/public/authentication/resendOtp","responses":{"200":{"description":"The OTP has been resent.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/AuthenticationFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/AuthenticationFlowResultDataResourceDocument"}}}},"400":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>EMAIL_OTP_RESEND_REFUSED</td>\n<td>The OTP could not be resent.</td>\n</tr>\n</table>\n</div>\n<br>Possible next step: <tt>EMAIL_OTP_CHECK_REQUIRED</tt> (as documented <a href=\"#nextAuthStepCodes\">here</a>).\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Resend failed. The current authentication flow has been aborted.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/public/authentication/resendOtpCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/authentication_other"]}},"/public/authentication/email/verification/otp/check":{"post":{"tags":["/public/authentication_Email OTP"],"summary":"Verify OTP","description":"Checks the OTP for the email channel verification.\n<div class=\"iam-resource-return\">Whether the OTP was accepted.</div>","operationId":"/public/authentication/verifyEmailOtp","requestBody":{"description":"Contains the OTP to be verified.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/GenericOtpCheckRequest"}}},"required":true},"responses":{"200":{"description":"OTP successfully verified and authentication completed if no further steps required.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/AuthenticationFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/AuthenticationFlowResultDataResourceDocument"}}}},"400":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>EMAIL_OTP_WRONG</td>\n<td>OTP could not be validated successfully. Retry with correct OTP.</td>\n</tr>\n</table>\n</div>\n<br>Possible next step: <tt>EMAIL_OTP_REQUIRED</tt> (as documented <a href=\"#nextAuthStepCodes\">here</a>).\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>EMAIL_OTP_WRONG</td>\n<td>OTP could not be validated successfully and no retries are allowed.</td>\n</tr>\n<tr>\n<td>EMAIL_OTP_EXPIRED</td>\n<td>OTP has expired.</td>\n</tr>\n</table>\n</div>\n<br>The current authentication flow has been aborted.\n<br>Possible next step: none.\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/public/authentication/verifyEmailOtpCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/authentication_other"]}},"/public/authentication/fido/credential/edit":{"post":{"tags":["/public/authentication_FIDO"],"summary":"Edit name","description":"Edit FIDO credential display name. Allows editing the display name of the FIDO credential that has been registered previously in the flow.\n<div class=\"iam-resource-return\">Whether the new display name has been accepted and set. This endpoint returns a <tt>nextStep</tt> with\n value <tt>FIDO_CREDENTIAL_EDIT_POSSIBLE</tt> if the display name is valid and a follow-up call to the <tt>continue</tt> endpoint\n will advance the flow.\n <p>\n On error, this endpoint returns a detailed list of validation failures.\n </p></div>","operationId":"/public/authentication/edit","requestBody":{"description":"the new display name to set","content":{"application/json":{"schema":{"$ref":"#/components/schemas/FidoCredentialDisplayNameChangeRequest"}}},"required":true},"responses":{"200":{"description":"Display name successfully set.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/AuthenticationFlowResultDataResourceDocument"}}}},"400":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>VALIDATION_FAILED</td>\n<td>The supplied display name could not be validated successfully. See <a href=\"#validationFailures\">validation failures</a> for detail codes.</td>\n</tr>\n</table>\n</div>\n<br>Possible next step: <tt>FIDO_CREDENTIAL_EDIT_POSSIBLE</tt> (as documented <a href=\"#nextAuthStepCodes\">here</a>).\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"The current authentication flow has been aborted.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/public/authentication/editCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/authentication_other"]}},"/public/authentication/fido/failure/report":{"post":{"tags":["/public/authentication_FIDO"],"summary":"Report FIDO failure","description":"Report a FIDO client failure.<p>Allows the client to report a FIDO failure, resulting in a step failure.</p>\n<div class=\"iam-resource-return\">The status of the flow. If the attribute <tt>nextAuthStep</tt> is present in the response,\n further steps are required to successfully authenticate. If the attribute is missing, the user is\n successfully authenticated.</div>","operationId":"/public/authentication/handleClientFailure","requestBody":{"description":"Contains information (name and message) describing the failure.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/FidoClientFailureRequest"}}},"required":true},"responses":{"200":{"description":"Authentication successful or further steps required. This is only possible if \"On Failure Gotos\" are configured on the step.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/AuthenticationFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/AuthenticationFlowResultDataResourceDocument"}}}},"400":{"description":"The request was invalid.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>FIDO_AUTHENTICATION_ABORTED</td>\n\t<td>The FIDO authentication has been aborted in the client. Returned if the <tt>reason</tt> in the request was \"ABORTED\".</td>\n</tr>\n<tr>\n\t<td>FIDO_AUTHENTICATION_NOT_ALLOWED</td>\n\t<td>FIDO authentication was not allowed in the client. Returned if the <tt>reason</tt> in the request was \"NOT_ALLOWED\".</td>\n</tr>\n<tr>\n\t<td>FIDO_AUTHENTICATION_FAILED</td>\n\t<td>Returned if any other error occurred in the client. Returned if the <tt>reason</tt> in the request was \"UNKNOWN\".</td>\n</tr>\n<tr>\n\t<td>FIDO_WEB_AUTHN_NOT_AVAILABLE</td>\n\t<td>The browser/client does not support WebAuthn/FIDO. Returned if the <tt>reason</tt> in the request was \"NO_WEB_AUTHN\".</td>\n</tr>\n</table>\n</div>\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/public/authentication/handleClientFailureCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/authentication_other"]}},"/public/authentication/fido/credential/edit/continue":{"post":{"tags":["/public/authentication_FIDO"],"summary":"Validate and continue","description":"Validate the current FIDO credential display name and continue to the next step if possible.\n<div class=\"iam-resource-return\">If the attribute <tt>nextStep</tt> is present in the response, further steps are required to\n successfully complete the flow. If the attribute is missing, the user has successfully completed the authentication flow.\n <p>\n On error, this endpoint returns a detailed list of validation failures.\n </p></div>","operationId":"/public/authentication/validateAndContinue_1","responses":{"200":{"description":"The display name is accepted and authentication flow completed if no further steps required.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/AuthenticationFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/AuthenticationFlowResultDataResourceDocument"}}}},"400":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>VALIDATION_FAILED</td>\n<td>The display name could not be validated successfully. See <a href=\"#validationFailures\">validation failures</a> for detail codes.</td>\n</tr>\n</table>\n</div>\n<br>Possible next step: <tt>FIDO_CREDENTIAL_EDIT_POSSIBLE</tt> (as documented <a href=\"#nextAuthStepCodes\">here</a>).\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"The current authentication flow has been aborted.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/public/authentication/validateAndContinue_1CorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/authentication_other"]}},"/public/authentication/fido/assertion-response/check":{"post":{"tags":["/public/authentication_FIDO"],"summary":"Verify response","description":"Verify the FIDO authenticator's response.\n<p>The FIDO authenticator's response to the challenge (obtained previously as <a href=\"#additionalAuthAttributes\">additional attribute</a>\nwith the <tt>FIDO_AUTHENTICATION_CHALLENGE_RETRIEVAL_REQUIRED</tt> next step code) contains information about the FIDO credential\nused for this authentication attempt as well as metadata that will be verified by IAM.</p>\n<div class=\"iam-resource-return\">Whether the check was successful. If the attribute <tt>nextAuthStep</tt> is present in the response,\n further steps are required to successfully authenticate. If the attribute is missing, the user is\n successfully authenticated.</div>","operationId":"/public/authentication/verify","requestBody":{"description":"Contains the FIDO authenticator's response to the previously obtained challenge.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/FidoAuthenticationPublicKeyCredentialRequest"}}},"required":true},"responses":{"200":{"description":"Authentication successful or further steps required.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/AuthenticationFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/AuthenticationFlowResultDataResourceDocument"}}}},"400":{"description":"The request was invalid.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>FIDO_AUTHENTICATION_FAILED</td>\n<td>The response of the FIDO authenticator to the previously obtained challenge could not be successfully verified.\nAs a result, the authentication has failed and the flow has been terminated. No retries are possible.</td>\n</tr>\n<tr>\n<td>FIDO_AUTHENTICATION_TIMEOUT</td>\n<td>The response of the FIDO authenticator has timed out.</td>\n</tr>\n</table>\n</div>\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/public/authentication/verifyCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/authentication_other"]}},"/public/authentication/fido/registration/challenge/retrieve":{"post":{"tags":["/public/authentication_FIDO"],"summary":"Get FIDO challenge","description":"Retrieve FIDO challenge.\n<p>This challenge contains information that need to be passed to the FIDO authenticator\nin order to create and register a new credential.</p>\n<div class=\"iam-resource-return\">Challenge to be passed to the FIDO authenticator</div>","operationId":"/public/authentication/createRegistrationChallenge","requestBody":{"description":"Contains the display name of the registered FIDO credential.\n<p>Note that rules specified for the Nickname Profile of the PRECIS FreeformClass (see <a href=\"https://tools.ietf.org/html/rfc8266#section-2.3\">RFC8266 - Section 2.3</a>) will be enforced.\nCertain characters may therefore be replaced (e.g., white-space will be trimmed) or the input may be deemed invalid.</p>","content":{"application/json":{"schema":{"$ref":"#/components/schemas/FidoRegistrationChallengeRequest"}}}},"responses":{"200":{"description":"Challenge successfully generated. Possible next steps: <tt>FIDO_REGISTRATION_ATTESTATION_RESPONSE_REQUIRED</tt> (as documented <a href=\"#nextAuthStepCodes\">here</a>).","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/FidoRegistrationAuthenticationChallengeDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/FidoRegistrationAuthenticationChallengeDataResourceDocument"}}}},"400":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>VALIDATION_FAILED</td>\n<td>The supplied display name is invalid. See <a href=\"#validationFailures\">validation failures</a> for detail codes.</td>\n</tr>\n</table>\n</div>\n<br>Possible next steps: <tt>FIDO_REGISTRATION_CHALLENGE_RETRIEVAL_REQUIRED</tt> (as documented <a href=\"#nextAuthStepCodes\">here</a>).\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"The current authentication flow has been aborted.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/public/authentication/createRegistrationChallengeCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/authentication_other"]}},"/public/authentication/fido/registration/failure/report":{"post":{"tags":["/public/authentication_FIDO"],"summary":"Report FIDO failure","description":"Report a FIDO client failure during registration .<p>Allows the client to report a FIDO failure, resulting in a step failure.</p>\n<div class=\"iam-resource-return\">The status of the flow. If the attribute <tt>nextAuthStep</tt> is present in the response,\n further steps are required to successfully authenticate. If the attribute is missing, the user is\n successfully authenticated.</div>","operationId":"/public/authentication/handleClientFailure_1","requestBody":{"description":"Contains information (reason and message) describing the failure.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/FidoRegistrationClientFailureRequest"}}},"required":true},"responses":{"200":{"description":"Authentication successful or further steps required. This is only possible if \"On Failure Gotos\" are configured on the step.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/AuthenticationFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/AuthenticationFlowResultDataResourceDocument"}}}},"400":{"description":"The request was invalid.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n\t<td>FIDO_REGISTRATION_ABORTED</td>\n\t<td>The FIDO credential registration has been aborted in the client. Returned if the <tt>reason</tt> in the request is \"ABORTED\".</td>\n</tr>\n<tr>\n\t<td>FIDO_REGISTRATION_NOT_ALLOWED</td>\n\t<td>FIDO credential registration was not allowed in the client. Returned if the <tt>reason</tt> in the request is \"NOT_ALLOWED\".</td>\n</tr>\n<tr>\n\t<td>FIDO_REGISTRATION_NOT_SUPPORTED</td>\n\t<td>The browser/client could not find a FIDO credential that fulfills the registration requirements. Returned if the <tt>reason</tt> in the request is \"NOT_SUPPORTED\".</td>\n</tr>\n<tr>\n\t<td>FIDO_WEB_AUTHN_NOT_AVAILABLE</td>\n\t<td>The browser/client does not support WebAuthn/FIDO. Returned if the <tt>reason</tt> in the request is \"NO_WEB_AUTHN\".</td>\n</tr>\n<tr>\n\t<td>FIDO_REGISTRATION_FAILED</td>\n\t<td>Returned if any other error occurred in the client. Returned if the <tt>reason</tt> in the request is \"UNKNOWN\".</td>\n</tr>\n</table>\n</div>\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/public/authentication/handleClientFailure_1CorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/authentication_other"]}},"/public/authentication/fido/registration/attestation-response/check":{"post":{"tags":["/public/authentication_FIDO"],"summary":"Verify Authenticator response","description":"Verify FIDO authenticator's response.\n<p>The FIDO authenticator's response to the previously obtained challenge (<tt>POST /fido/registration/challenge/retrieve</tt>)\ncontains information about the newly created FIDO credential as well as metadata that will be verified by IAM.</p>\n<div class=\"iam-resource-return\">Status of registration</div>","operationId":"/public/authentication/verify_1","requestBody":{"description":"Contains the FIDO authenticator's response to the previously obtained challenge","content":{"application/json":{"schema":{"$ref":"#/components/schemas/FidoRegistrationAuthenticatorResponseRequest"}}},"required":true},"responses":{"200":{"description":"Registration is successfully completed. Authentication successful or further steps required.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/AuthenticationFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/AuthenticationFlowResultDataResourceDocument"}}}},"400":{"description":"The request was invalid.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>FIDO_REGISTRATION_ATTESTATION_INVALID</td>\n<td>The attestation object supplied by the FIDO authenticator could not be successfully verified.\nThis can happen if the issuer CA is not present in the keystore or if the authenticator does not provide an assertion object.</td>\n</tr>\n<tr>\n<td>FIDO_REGISTRATION_FAILED</td>\n<td>The response of the FIDO authenticator to the previously obtained challenge could not be successfully verified.</td>\n</tr>\n<tr>\n<td>FIDO_REGISTRATION_TIMEOUT</td>\n<td>The response of the FIDO authenticator has timed out.</td>\n</tr>\n</table>\n</div>\n<br>As a result, the registration failed and the flow has been terminated. No retries are possible.\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/public/authentication/verify_1CorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/authentication_other"]}},"/public/authentication/otp/check":{"post":{"tags":["/public/authentication_Generic OTP"],"summary":"Verify OTP","description":"Checks the submitted OTP.\n<div class=\"iam-resource-return\">Whether the check was successful. If the attribute <tt>nextAuthStep</tt> is present in the response,\n further steps are required to successfully authenticate. If the attribute is missing, the user is\n successfully authenticated.</div>","operationId":"/public/authentication/checkOtp_1","requestBody":{"description":"Request containing the OTP.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/GenericOtpCheckRequest"}}},"required":true},"responses":{"200":{"description":"Authentication successful or further steps required.<br>Possible next step: <tt>NEXT_OTP_REQUIRED</tt> (as documented <a href=\"#nextAuthStepCodes\">here</a>).","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/AuthenticationFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/AuthenticationFlowResultDataResourceDocument"}}}},"400":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>OTP_WRONG</td>\n<td>The OTP could not be validated successfully.</td>\n</tr>\n</table>\n</div>\n<br>Possible next step: <tt>OTP_REQUIRED</tt> (as documented <a href=\"#nextAuthStepCodes\">here</a>).\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>OTP_WRONG</td>\n<td>The OTP could not be validated successfully.</td>\n</tr>\n<tr>\n<td>OTP_EXPIRED</td>\n<td>The OTP has expired.</td>\n</tr>\n</table>\n</div>\n<br>The current authentication flow has been aborted.\n<br>Possible next step: none.\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/public/authentication/checkOtp_1CorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/authentication_other"]}},"/public/authentication/kerberos/not-possible":{"post":{"tags":["/public/authentication_Flow Control"],"summary":"Kerberos not possible","description":"Notify the flow step that Kerberos is not possible on the client.\n<div class=\"iam-resource-return\">If the attribute <tt>nextAuthStep</tt> is present in the response,\n further steps are required to successfully authenticate.</div>","operationId":"/public/authentication/handleKerberosNotPossible","responses":{"200":{"description":"further steps required (as documented <a href=\"#nextAuthStepCodes\">here</a>).","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/AuthenticationFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/AuthenticationFlowResultDataResourceDocument"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>KERBEROS_AUTHENTICATION_NOT_POSSIBLE</td>\n<td>Flow has been aborted since no alternative to Kerberos is available.</td>\n</tr>\n</table></div>\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/public/authentication/handleKerberosNotPossibleCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/authentication_other"]}},"/public/authentication/location/interpret":{"post":{"tags":["/public/authentication_Location"],"summary":"Interpret URI","description":"Interprets a forward location URI prior to starting an authentication flow.\n<div class=\"iam-resource-return\">A map of key/values that have been extracted or derived from the given URI.</div>","operationId":"/public/authentication/interpret","requestBody":{"description":"Contains the forward location URI to be interpreted.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/LocationInterpretationRequest"}}},"required":true},"responses":{"200":{"description":"An interpretation for the given URI has been returned.\n<p>The set of interpretations is empty if no location interpreters are configured.</p>\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/LocationInterpretationDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/LocationInterpretationDataResourceDocument"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/public/authentication/interpretCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/authentication_other"]}},"/public/authentication/matrix/check":{"post":{"tags":["/public/authentication_Matrix Cards"],"summary":"Verify response","description":"Verifies the submitted challenge response.\n<div class=\"iam-resource-return\">Whether the check was successful. If the attribute <tt>nextAuthStep</tt> is present in the response,\n further steps are required to successfully authenticate. If the attribute is missing, the user is\n successfully authenticated.</div>","operationId":"/public/authentication/checkChallengeResponse","requestBody":{"description":"Contains the challenge response(s).","content":{"application/json":{"schema":{"$ref":"#/components/schemas/MatrixChallengeCheckRequest"}}},"required":true},"responses":{"200":{"description":"Authentication successful or further steps required.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/AuthenticationFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/AuthenticationFlowResultDataResourceDocument"}}}},"400":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>MATRIX_RESPONSE_WRONG</td>\n<td>One or more responses could not be validated successfully. Retry again.<br>\nSince challenge coordinates may change after failed attempts (depending on configuration),\nthe new ones might have to be requested again.</td>\n</tr>\n</table>\n</div>\n<br>Possible next step: <tt>MATRIX_RESPONSE_REQUIRED</tt> (as documented <a href=\"#nextAuthStepCodes\">here</a>).\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>MATRIX_RESPONSE_WRONG</td>\n<td>One or more responses could not be validated successfully.</td>\n</tr>\n<tr>\n<td>TOO_MANY_UNANSWERED_CHALLENGES</td>\n<td>Too many challenges were requested but not answered. Try again later.</td>\n</tr>\n</table>\n</div>\n<br>The current authentication flow has been aborted.\n<br>Possible next step: none.\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/public/authentication/checkChallengeResponseCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/authentication_other"]}},"/public/authentication/migration/options/reject":{"post":{"tags":["/public/authentication_Migration"],"summary":"Reject migration","description":"Permanently rejects the migration. The user stays on their current authentication method.\n<div class=\"iam-resource-return\">A success result if rejecting the migration was successful.</div>","operationId":"/public/authentication/rejectMigration","responses":{"200":{"description":"Rejected the migration.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/AuthenticationFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/AuthenticationFlowResultDataResourceDocument"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/public/authentication/rejectMigrationCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/authentication_other"]}},"/public/authentication/migration/options/{id}/select":{"post":{"tags":["/public/authentication_Migration"],"summary":"Select option","description":"Selects the given migration option if available.\n<div class=\"iam-resource-return\">The selected next step or an error if the option is invalid.</div>","operationId":"/public/authentication/selectOption_1","responses":{"200":{"description":"Selected the chosen step and requires next step actions.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/AuthenticationFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/AuthenticationFlowResultDataResourceDocument"}}}},"400":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>SELECTION_FAILED</td>\n<td>The selected option is not available.</td>\n</tr>\n</table>\n</div>\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/public/authentication/selectOption_1CorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/authentication_other"]},"parameters":[{"name":"id","in":"path","description":"migration option to select.","required":true,"schema":{"maxLength":1000,"minLength":1,"type":"string"}}]},"/public/authentication/migration/options/skip":{"post":{"tags":["/public/authentication_Migration"],"summary":"Skip migration","description":"Skips the migration for the moment. The user may migrate at a later time.\n<div class=\"iam-resource-return\">A success result if skipping the migration was successful.</div>","operationId":"/public/authentication/skipMigration","responses":{"200":{"description":"Skipped the migration.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/AuthenticationFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/AuthenticationFlowResultDataResourceDocument"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/public/authentication/skipMigrationCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/authentication_other"]}},"/public/authentication/mtan/otp/check":{"post":{"tags":["/public/authentication_SMS/mTAN"],"summary":"Check mTAN OTP","description":"Checks the submitted mTAN OTP.\n<div class=\"iam-resource-return\">Whether the check was successful. If the attribute <tt>nextAuthStep</tt> is present in the response,\n further steps are required to successfully authenticate. If the attribute is missing, the user is\n successfully authenticated.</div>","operationId":"/public/authentication/checkMtanOtp","requestBody":{"description":"Request containing the mTAN OTP.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/GenericOtpCheckRequest"}}},"required":true},"responses":{"200":{"description":"Authentication successful or further steps required.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/AuthenticationFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/AuthenticationFlowResultDataResourceDocument"}}}},"400":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>MTAN_OTP_WRONG</td>\n<td>OTP could not be validated successfully. Retry with correct OTP.</td>\n</tr>\n</table>\n</div>\n<br>Possible next step: <tt>MTAN_OTP_REQUIRED</tt> (as documented <a href=\"#nextAuthStepCodes\">here</a>).\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>MTAN_OTP_WRONG</td>\n<td>OTP could not be validated successfully and no retries are allowed.</td>\n</tr>\n<tr>\n<td>MTAN_OTP_EXPIRED</td>\n<td>The OTP has expired.</td>\n</tr>\n</table>\n</div>\n<br>The current authentication flow has been aborted.\n<br>Possible next step: none.\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/public/authentication/checkMtanOtpCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/authentication_other"]}},"/public/authentication/mtan/otp/resend":{"post":{"tags":["/public/authentication_SMS/mTAN"],"summary":"Resend authentication OTP","description":"Resends the mTAN OTP by SMS.\n<div class=\"iam-resource-return\">Whether the resend was successful and informs about the <tt>nextAuthStep</tt>.\n Additionally, the response includes information about the possibility of an OTP resend.\n <p><b>Deprecated:</b> The 'included' section containing resend information is deprecated and will be removed in a future version.\n The resend information is returned as <a href=\"#additionalAuthAttributes\">additional attribute</a>\n with the <tt>MTAN_OTP_REQUIRED</tt> next step code.</p></div>","operationId":"/public/authentication/resendMtanOtp","responses":{"200":{"description":"The OTP has been resent.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/AuthenticationFlowResultDataResourceDocument"},"examples":{"Flow result":{"description":"Flow result","value":{"meta":{"type":"jsonapi.metadata.document","timestamp":"2025-07-03T10:24:42.234+02:00"},"included":[{"type":"authentication.mtan.otp.resend.information","id":"3150159828","attributes":{"otpResendPossible":false}}],"data":{"type":"authentication.session","id":"803482101671883154","attributes":{"nextAuthStep":"MTAN_OTP_REQUIRED","phoneNumber":"+41761234567","resendPossible":false}}}}}},"application/json":{"schema":{"$ref":"#/components/schemas/AuthenticationFlowResultDataResourceDocument"},"examples":{"Flow result":{"description":"Flow result","value":{"meta":{"type":"jsonapi.metadata.document","timestamp":"2025-07-03T10:24:42.234+02:00"},"included":[{"type":"authentication.mtan.otp.resend.information","id":"3150159828","attributes":{"otpResendPossible":false}}],"data":{"type":"authentication.session","id":"803482101671883154","attributes":{"nextAuthStep":"MTAN_OTP_REQUIRED","phoneNumber":"+41761234567","resendPossible":false}}}}}}}},"400":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>MTAN_OTP_RESEND_REFUSED</td>\n<td>The OTP could not be resent.</td>\n</tr>\n</table>\n</div>\n<br>Possible next step: <tt>MTAN_OTP_REQUIRED</tt> (as documented <a href=\"#nextAuthStepCodes\">here</a>).\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Resend failed. The current authentication flow has been aborted.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/public/authentication/resendMtanOtpCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/authentication_other"]}},"/public/authentication/mtan/tokens/{id}/select":{"post":{"tags":["/public/authentication_SMS/mTAN"],"summary":"Select token","description":"Selects one of the active mTAN tokens (phone numbers) for sending the OTP to.\n<div class=\"iam-resource-return\">Whether the token selection and sending of the OTP was successful. Gives information about the next authentication step required.\n Additionally, the response includes information about the possibility of an OTP resend.\n <p><b>Deprecated:</b> The 'included' section containing resend information is deprecated and will be removed in a future version.\n The resend information is returned as <a href=\"#additionalAuthAttributes\">additional attribute</a>\n with the <tt>MTAN_OTP_REQUIRED</tt> next step code.</p></div>","operationId":"/public/authentication/selectMtanToken","responses":{"200":{"description":"mTAN token successfully selected, OTP sent.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/AuthenticationFlowResultDataResourceDocument"},"examples":{"Flow result":{"description":"Flow result","value":{"meta":{"type":"jsonapi.metadata.document","timestamp":"2025-07-03T10:24:42.234+02:00"},"included":[{"type":"authentication.mtan.otp.resend.information","id":"3150159828","attributes":{"otpResendPossible":false}}],"data":{"type":"authentication.session","id":"803482101671883154","attributes":{"nextAuthStep":"MTAN_OTP_REQUIRED","phoneNumber":"+41761234567","resendPossible":false}}}}}},"application/json":{"schema":{"$ref":"#/components/schemas/AuthenticationFlowResultDataResourceDocument"},"examples":{"Flow result":{"description":"Flow result","value":{"meta":{"type":"jsonapi.metadata.document","timestamp":"2025-07-03T10:24:42.234+02:00"},"included":[{"type":"authentication.mtan.otp.resend.information","id":"3150159828","attributes":{"otpResendPossible":false}}],"data":{"type":"authentication.session","id":"803482101671883154","attributes":{"nextAuthStep":"MTAN_OTP_REQUIRED","phoneNumber":"+41761234567","resendPossible":false}}}}}}}},"400":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>MTAN_TOKEN_CHOICE_FAILED</td>\n<td>Invalid mTAN token ID. Retry with valid ID.</td>\n</tr>\n</table>\n</div>\n<br>Possible next step: <tt>MTAN_TOKEN_CHOICE_REQUIRED</tt> (as documented <a href=\"#nextAuthStepCodes\">here</a>).\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Selection failed. The current authentication flow has been aborted.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/public/authentication/selectMtanTokenCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/authentication_other"]},"parameters":[{"name":"id","in":"path","description":"the ID of the selected mTAN token.","required":true,"schema":{"maxLength":50,"minLength":1,"type":"string"}}]},"/public/authentication/mtan/registration/iak/check":{"post":{"tags":["/public/authentication_SMS/mTAN"],"summary":"Verify IAK","description":"Verifies the submitted IAK.\nThe IAK is typically sent to the user by letter and can only be used once.\n<div class=\"iam-resource-return\">Whether the check was successful. If the attribute <tt>nextAuthStep</tt> is present in the response,\n further steps are required to successfully authenticate. If the attribute is missing, the user is\n successfully authenticated.</div>","operationId":"/public/authentication/checkIak","requestBody":{"description":"Request containing the IAK.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/AuthenticationCheckIakRequest"}}},"required":true},"responses":{"200":{"description":"Authentication successful or further steps required.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/AuthenticationFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/AuthenticationFlowResultDataResourceDocument"}}}},"400":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>IAK_WRONG</td>\n<td>IAK could not be validated successfully. Retry with correct IAK.</td>\n</tr>\n</table>\n</div>\n<br>Possible next step: <tt>MTAN_REGISTRATION_IAK_REQUIRED</tt> (as documented <a href=\"#nextAuthStepCodes\">here</a>).\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>IAK_WRONG</td>\n<td>IAK could not be validated successfully and no retries are allowed.</td>\n</tr>\n</table>\n</div>\n<br>The current authentication flow has been aborted.\n<br>Possible next step: none.\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/public/authentication/checkIakCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/authentication_other"]}},"/public/authentication/mtan/registration/otp/check":{"post":{"tags":["/public/authentication_SMS/mTAN"],"summary":"Verify mTAN OTP","description":"Verifies the submitted mTAN OTP.\n<div class=\"iam-resource-return\">Whether the check was successful. If the attribute <tt>nextAuthStep</tt> is present in the response,\n further steps are required to successfully authenticate. If the attribute is missing, the user is\n successfully authenticated.</div>","operationId":"/public/authentication/checkVerificationOtp","requestBody":{"description":"Request containing the mTAN OTP.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/GenericOtpCheckRequest"}}},"required":true},"responses":{"200":{"description":"Authentication successful or further steps required.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/AuthenticationFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/AuthenticationFlowResultDataResourceDocument"}}}},"400":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>MTAN_OTP_WRONG</td>\n<td>OTP could not be validated successfully. Retry with correct OTP.</td>\n</tr>\n</table>\n</div>\n<br>Possible next step: <tt>MTAN_REGISTRATION_OTP_REQUIRED</tt> (as documented <a href=\"#nextAuthStepCodes\">here</a>).\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>MTAN_OTP_WRONG</td>\n<td>OTP could not be validated successfully and no retries are allowed.</td>\n</tr>\n<tr>\n<td>MTAN_OTP_EXPIRED</td>\n<td>The OTP has expired.</td>\n</tr>\n</table>\n</div>\n<br>The current authentication flow has been aborted.\n<br>Possible next step: none.\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/public/authentication/checkVerificationOtpCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/authentication_other"]}},"/public/authentication/mtan/registration/otp/resend":{"post":{"tags":["/public/authentication_SMS/mTAN"],"summary":"Resend registration OTP","description":"Resends the mTAN OTP by SMS.\n<div class=\"iam-resource-return\">Whether the resend was successful and informs about the <tt>nextAuthStep</tt>.\n Additionally, the response includes information about the possibility of an OTP resend.</div>","operationId":"/public/authentication/resendMtanOtp_1","responses":{"200":{"description":"The OTP has been resent.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/AuthenticationFlowResultDataResourceDocument"},"examples":{"Flow result":{"description":"Flow result","value":{"meta":{"type":"jsonapi.metadata.document","timestamp":"2025-07-03T11:14:11.518+02:00"},"included":[{"type":"authentication.mtan.otp.resend.information","id":"1434690641","attributes":{"otpResendPossible":false}}],"data":{"type":"authentication.session","id":"263074448545407763","attributes":{"nextStep":"MTAN_REGISTRATION_OTP_REQUIRED","phoneNumber":"+41761234567","resendPossible":false}}}}}},"application/json":{"schema":{"$ref":"#/components/schemas/AuthenticationFlowResultDataResourceDocument"},"examples":{"Flow result":{"description":"Flow result","value":{"meta":{"type":"jsonapi.metadata.document","timestamp":"2025-07-03T11:14:11.518+02:00"},"included":[{"type":"authentication.mtan.otp.resend.information","id":"1434690641","attributes":{"otpResendPossible":false}}],"data":{"type":"authentication.session","id":"263074448545407763","attributes":{"nextStep":"MTAN_REGISTRATION_OTP_REQUIRED","phoneNumber":"+41761234567","resendPossible":false}}}}}}}},"400":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>MTAN_OTP_RESEND_REFUSED</td>\n<td>The OTP could not be resent.</td>\n</tr>\n</table>\n</div>\n<br>Possible next step: <tt>MTAN_REGISTRATION_OTP_REQUIRED</tt> (as documented <a href=\"#nextAuthStepCodes\">here</a>).\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Resend failed. The current authentication flow has been aborted.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/public/authentication/resendMtanOtp_1CorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/authentication_other"]}},"/public/authentication/mtan/registration/info/retrieve":{"post":{"tags":["/public/authentication_SMS/mTAN"],"summary":"Get token info","description":"Retrieves information about the mTAN token to be registered.\nThe information contains the current values and if the label is required.\n<div class=\"iam-resource-return\">Number and label of the mTAN token to be registered.</div>","operationId":"/public/authentication/retrieveInfo","responses":{"200":{"description":"The information has successfully been returned.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/AuthenticationMtanRegistrationTokenInformationDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/AuthenticationMtanRegistrationTokenInformationDataResourceDocument"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/public/authentication/retrieveInfoCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/authentication_other"]}},"/public/authentication/mtan/registration/otp/resend-info/retrieve":{"post":{"tags":["/public/authentication_SMS/mTAN"],"summary":"Verify OTP resend possible","description":"Returns whether a new OTP can be resent by SMS.\n<div class=\"iam-resource-return\">Whether an OTP resend is possible or not.</div>","operationId":"/public/authentication/retrieveResendInfo_1","responses":{"200":{"description":"Returns information about a possible OTP resend.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ResendMtanOtpPossibleDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/ResendMtanOtpPossibleDataResourceDocument"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/public/authentication/retrieveResendInfo_1CorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/authentication_other"]}},"/public/authentication/mtan/registration/start":{"post":{"tags":["/public/authentication_SMS/mTAN"],"summary":"Start token registration","description":"Starts mTAN token registration. Allows setting the number and/or label of an mTAN token.\n<div class=\"iam-resource-return\">Whether the fields have been accepted and set. This endpoint returns a <tt>nextAuthStep</tt> with\n value <tt>MTAN_REGISTRATION_START_REQUIRED</tt> if the token data is not yet valid.\n <p>\n On error, this endpoint returns a detailed list of validation failures.\n </p></div>","operationId":"/public/authentication/start","requestBody":{"description":"the mTAN token to register","content":{"application/json":{"schema":{"$ref":"#/components/schemas/MtanTokenRegistrationAuthRequest"}}},"required":true},"responses":{"200":{"description":"Token fields successfully set. Authentication successful or further steps required.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/AuthenticationFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/AuthenticationFlowResultDataResourceDocument"}}}},"400":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>VALIDATION_FAILED</td>\n<td>The supplied fields could not be validated successfully. See <a href=\"#validationFailures\">validation failures</a> for detail codes.</td>\n</tr>\n</table>\n</div>\n<br>Possible next steps: <tt>MTAN_REGISTRATION_START_REQUIRED</tt> (as documented <a href=\"#nextAuthStepCodes\">here</a>).\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"The current authentication flow has been aborted.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/public/authentication/startCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/authentication_other"]}},"/public/authentication/oauth2/client/authorization/uri/retrieve":{"post":{"tags":["/public/authentication_OAuth 2.0/OIDC"],"summary":"Get auth URI","description":"Returns a fresh authorization request URI to initiate the OAuth 2.0 / OpenID Connect handshake on the authorization\nserver. This is needed in situations where pushed authorization requests (see\n<a href=\"https://tools.ietf.org/html/rfc9126\" target=\"_blank\">RFC 9126</a>) or similar standards are used, which\ndo not allow the authorization request URI to be re-used.\n<div class=\"iam-resource-return\">A fresh request authorization URI.</div>","operationId":"/public/authentication/retrieveAuthorizationRequestUri","responses":{"200":{"description":"Authorization Request URI successfully retrieved.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/OAuth2AuthorizationUriDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/OAuth2AuthorizationUriDataResourceDocument"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/public/authentication/retrieveAuthorizationRequestUriCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/authentication_other"]}},"/public/authentication/oauth2/client/authorization/check":{"post":{"tags":["/public/authentication_OAuth 2.0/OIDC"],"summary":"Check auth response","description":"Checks the OAuth 2.0 authorization response to authenticate the user. The OAuth 2.0 authorization response\n(see <a href=\"https://tools.ietf.org/html/rfc6749#section-4.1.2\" target=\"_blank\">RFC 6749, Chapter 4.1.2</a>\nrespectively\n<a href=\"https://tools.ietf.org/html/rfc6749#section-4.1.2.1\" target=\"_blank\">RFC 6749, Chapter 4.1.2.1</a> for\nauthorization response errors) has to be submitted in the body as query string from the received OAuth 2.0\nauthorization response request.\n<div class=\"iam-resource-return\">Whether authentication was successful. If the attribute <tt>nextAuthStep</tt> is present in the response,\n further steps are required to successfully authenticate. If the attribute is missing, the user is successfully\n authenticated.</div>","operationId":"/public/authentication/verifyAuthorizationResponse","requestBody":{"description":"Containing the query string of the authorization response.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/AuthenticationOAuth2AuthorizationResponseQueryRequest"}}},"required":true},"responses":{"200":{"description":"User successfully identified.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/AuthenticationFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/AuthenticationFlowResultDataResourceDocument"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>OAUTH2_CLIENT_AUTHORIZATION_FAILED</td>\n<td>OAuth 2.0 authorization failed. No retries allowed.</td>\n</tr>\n</table>\n</div>\n<br>The current authentication flow has been aborted.\n<br>Possible next step: none.\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/public/authentication/verifyAuthorizationResponseCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/authentication_other"]}},"/public/authentication/oauth2/authorization-server/consent/remote/check":{"post":{"tags":["/public/authentication_OAuth 2.0/OIDC"],"summary":"Check token","description":"Checks if the given consent token is valid.\n<div class=\"iam-resource-return\">Whether the scopes were successfully granted. If the attribute <tt>nextAuthStep</tt> is present in the response,\n further steps are required to successfully authenticate. If the attribute is missing, the user is\n successfully authenticated.</div>","operationId":"/public/authentication/check","requestBody":{"description":"Request containing the consent token.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/OAuth2CheckConsentRequest"}}},"required":true},"responses":{"200":{"description":"Authentication successful or further steps required.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/AuthenticationFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/AuthenticationFlowResultDataResourceDocument"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>OAUTH2_AUTHORIZATION_SERVER_AUTHORIZATION_FAILED</td>\n<td>OAuth 2.0 authorization failed. The current authentication flow has been aborted.</td>\n</tr>\n</table>\n</div>\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/public/authentication/checkCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/authentication_other"]}},"/public/authentication/oauth2/authorization-server/consent/local/deny":{"post":{"tags":["/public/authentication_OAuth 2.0/OIDC"],"summary":"Deny consent","description":"Denies the OAuth 2.0 consent and therefore aborts the authentication flow to redirect back to the client with an OAuth 2.0 error code.\n<p>Notice that denying the consent will not store or update any granted/denied consents.</p>\n<div class=\"iam-resource-return\">The response containing the <tt>clientRedirectUri</tt> attribute.</div>","operationId":"/public/authentication/deny_1","responses":{"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>OAUTH2_AUTHORIZATION_SERVER_AUTHORIZATION_FAILED</td>\n<td>OAuth 2.0 authorization failed. The current authentication flow has been aborted.</td>\n</tr>\n</table>\n</div>\n<br>\nThe browser should be redirected to this URI pointing back to the OAuth 2.0/OpenID Connect client contained in\nthe additional attribute <tt>clientRedirectUri</tt>.\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/public/authentication/deny_1CorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/authentication_other"]}},"/public/authentication/oauth2/authorization-server/consent/local/grant":{"post":{"tags":["/public/authentication_OAuth 2.0/OIDC"],"summary":"Grant scopes","description":"Grants the submitted OAuth 2.0 scopes.\n<p>Notice that not all available scopes have to be granted by the user. Scopes not granted are automatically treated as denied.</p>\n<p>If consent storage is configured, the granted (and implicitly denied) scopes are stored in the database.</p>\n<div class=\"iam-resource-return\">Whether the scopes were successfully granted. If the attribute <tt>nextAuthStep</tt> is present in the response,\n further steps are required to successfully authenticate. If the attribute is missing, the user is\n successfully authenticated.</div>","operationId":"/public/authentication/grant","requestBody":{"description":"Request containing the scopes to grant. Denied scopes are not included.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/OAuth2LocalConsentGrantRequest"}}},"required":true},"responses":{"200":{"description":"Authentication successful or further steps required.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/AuthenticationFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/AuthenticationFlowResultDataResourceDocument"}}}},"400":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>VALIDATION_FAILED</td>\n<td>The supplied attributes could not be validated successfully. See <a href=\"#validationFailures\">validation failures</a> for detail codes.</td>\n</tr>\n</table>\n</div>\n<br>Possible next step: <tt>OAUTH2_AUTHORIZATION_SERVER_LOCAL_CONSENT_REQUIRED</tt> (as documented <a href=\"#nextAuthStepCodes\">here</a>).\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/public/authentication/grantCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/authentication_other"]}},"/public/authentication/oauth2/authorization-server/consent/local/retrieve":{"post":{"tags":["/public/authentication_OAuth 2.0/OIDC"],"summary":"Get local consent data","description":"Retrieves the OAuth 2.0 local consent data.\n<div class=\"iam-resource-return\">The consent data consisting of client information and grantable scopes.</div>","operationId":"/public/authentication/retrieve_2","responses":{"200":{"description":"Retrieved consent data.\n<br>Possible next steps: <tt>OAUTH2_AUTHORIZATION_SERVER_LOCAL_CONSENT_REQUIRED</tt> (as documented <a href=\"#nextAuthStepCodes\">here</a>).\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/OAuth2LocalConsentAttributeDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/OAuth2LocalConsentAttributeDataResourceDocument"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/public/authentication/retrieve_2CorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/authentication_other"]}},"/public/authentication/oath/activation/complete":{"post":{"tags":["/public/authentication_OATH OTP"],"summary":"Verify OTP","description":"Verify submitted OATH OTP.\n<br>\nThe corresponding shared secret has been communicated as an additional attribute after step initialization.\n<div class=\"iam-resource-return\">Whether the check was successful. If the attribute <tt>nextAuthStep</tt> is present in the response,\n further steps are required to successfully authenticate. If the attribute is missing, the user is\n successfully authenticated.</div>","operationId":"/public/authentication/checkOathOtp","requestBody":{"description":"Request containing the OATH OTP.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/GenericOtpCheckRequest"}}},"required":true},"responses":{"200":{"description":"Authentication successful or further steps required.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/AuthenticationFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/AuthenticationFlowResultDataResourceDocument"}}}},"400":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>OATH_OTP_WRONG</td>\n<td>The OTP could not be validated successfully. Retry with the correct OTP</td>\n</tr>\n</table>\n</div>\n<br>Possible next steps: <tt>OATH_OTP_ACTIVATION_REQUIRED</tt>.\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>OATH_OTP_ACTIVATION_FAILED</td>\n<td>OATH OTP activation is not possible.</td>\n</tr>\n</table>\n</div>\n<br>The current authentication flow has been aborted.\n<br>Possible next step: none.\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/public/authentication/checkOathOtpCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/authentication_other"]}},"/public/authentication/oath/otp/check":{"post":{"tags":["/public/authentication_OATH OTP"],"summary":"Check OATH OTP","description":"Checks the submitted OATH OTP.\n<div class=\"iam-resource-return\">Whether the check was successful. If the attribute <tt>nextAuthStep</tt> is present in the response,\n further steps are required to successfully authenticate. If the attribute is missing, the user is\n successfully authenticated.</div>","operationId":"/public/authentication/checkOathOtp_1","requestBody":{"description":"Request containing the OATH OTP.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/GenericOtpCheckRequest"}}},"required":true},"responses":{"200":{"description":"Authentication successful or further steps required.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/AuthenticationFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/AuthenticationFlowResultDataResourceDocument"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>OATH_OTP_WRONG</td>\n<td>The OTP could not be validated successfully.</td>\n</tr>\n</table>\n</div>\n<br>The current authentication flow has been aborted.\n<br>Possible next step: none.\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/public/authentication/checkOathOtp_1CorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/authentication_other"]}},"/public/authentication/password-only/check":{"post":{"tags":["/public/authentication_Password"],"summary":"Check password","description":"Checks a user's password.\n<div class=\"iam-resource-return\">Whether authentication was successful. If the attribute <tt>nextAuthStep</tt> is present in the response, further steps are required\n to successfully authenticate. If the attribute is missing, the user is successfully authenticated.</div>","operationId":"/public/authentication/checkPassword","requestBody":{"description":"Contains the user's password.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/PasswordCheckRequest"}}},"required":true},"responses":{"200":{"description":"Authentication successful or further steps required.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/AuthenticationFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/AuthenticationFlowResultDataResourceDocument"}}}},"400":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>PASSWORD_WRONG</td>\n<td>The provided password is wrong.</td>\n</tr>\n</table>\n</div>\n<br>Possible next step: <tt>PASSWORD_ONLY_REQUIRED</tt> (as documented <a href=\"#nextAuthStepCodes\">here</a>).\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"The current authentication flow has been aborted.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/public/authentication/checkPasswordCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/authentication_other"]}},"/public/authentication/saml2/idp/sso/init":{"post":{"tags":["/public/authentication_SAML"],"summary":"Access app by request ID","description":"Access a target application by SAML request ID for SP-initiated SSO. If a flow is already in progress,\nan error will be returned.\n<p>\nRetrieving information about ongoing flows can be done by calling\n<tt><span class=\"httpMethod small GET\">GET</span>/public/flow/</tt>.\n</p>\n<div class=\"iam-resource-return\">A success response without next step if the client is authorized to access the\n target application or an error response if further steps are required.</div>","operationId":"/public/authentication/access_4","requestBody":{"description":"Containing the request ID for SP-initiated SSO.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Saml2IdpAccessRequest"}}},"required":true},"responses":{"200":{"description":"Authorization is complete, target application can be accessed.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/AuthenticationFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/AuthenticationFlowResultDataResourceDocument"}}}},"400":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>UNEXPECTED_CALL</td>\n<td>A flow is already in progress. To start a new flow, the running flow must first be terminated.</td>\n</tr>\n</table>\n</div>\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>NOT_AUTHORIZED</td>\n<td>Access not yet granted, more authentication/authorization steps are required.</td>\n</tr>\n</table>\n</div>\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to this target application cannot be granted.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/public/authentication/access_4CorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/authentication_other"]}},"/public/authentication/saml2/sp/sso/init":{"post":{"tags":["/public/authentication_SAML"],"summary":"Access SP target app","description":"Access an SP target application for an SP or IdP-initiated SSO.\n<div class=\"iam-resource-return\">A success response without next step if the client is authorized to access the\n target application or an error response if further steps are required.</div>","operationId":"/public/authentication/access_5","requestBody":{"description":"Containing the SSO continuation ID specific to this SSO process.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Saml2SpAccessRequest"}}},"required":true},"responses":{"200":{"description":"Authorization is complete, target application can be accessed.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/AuthenticationFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/AuthenticationFlowResultDataResourceDocument"}}}},"400":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>UNEXPECTED_CALL</td>\n<td>The currently running flow was unable to process the request.\n<p>This situation is known to occur in the following situations:\n\t\t\t<ul>\n\t\t\t    <li>An SP-initiated SSO is in progress. The IDP responds with an IDP-initiated SSO request instead of a response to the SP-initiated SSO request.</li>\n\t\t\t    <li>The SP receives an IDP-initiated SSO request while another flow (potentially unrelated to SAML) is already in progress.</li>\n\t\t\t</ul>\n\t\t</p>\n In both situations, the client should terminate the currently running flow and issue this call again in order to continue with the IDP-initiated SSO.\n\t</td>\n\t</tr>\n</table>\n</div>\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>NOT_AUTHORIZED</td>\n<td>Access not yet granted, more authentication/authorization steps are required.</td>\n</tr>\n</table>\n</div>\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to this target application cannot be granted.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/public/authentication/access_5CorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/authentication_other"]}},"/public/authentication/secret-questions/provision":{"post":{"tags":["/public/authentication_Secret Questions"],"summary":"Provision answers","description":"Provisions answers to secret questions.\n<div class=\"iam-resource-return\">Whether the provisioning of secret questions was accepted and set.\n This endpoint returns a <tt>nextAuthStep</tt> with\n value <tt>SECRET_QUESTIONS_PROVISIONING_REQUIRED</tt> if the user must answer additional secret questions.\n <p>\n On error, this endpoints returns a detailed list of validation failures.\n </p></div>","operationId":"/public/authentication/provisionSecretQuestions","requestBody":{"description":"Contains the secret questions to be updated/answered.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/SecretQuestionsProvisionRequest"}}},"required":true},"responses":{"200":{"description":"Provisioning of all requested secret questions was successful.\n<br>Possible next steps: <tt>SECRET_QUESTIONS_PROVISIONING_REQUIRED</tt>.\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/AuthenticationFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/AuthenticationFlowResultDataResourceDocument"}}}},"400":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>VALIDATION_FAILED</td>\n<td>If one or more answers could not be accepted all answers will be discarded.\nEvery invalid answer comes with a detailed validation failure. In addition to the generic <a href=\"#validationFailures\">validation failures</a>, the following validation failures may also\noccur:\n\t<ul>\n\t    <li><tt>NOT_FOUND</tt>: if the provided secret question resource key does not exist;</li>\n\t    <li><tt>CONFLICT</tt>: if the provided answer duplicates an existing answer and the configuration of secret questions forbids duplicates.</li>\n\t</ul>\n\t</td>\n</tr>\n<tr>\n</table>\n</div>\n<br>Next step: <tt>SECRET_QUESTIONS_PROVISIONING_REQUIRED</tt>\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/public/authentication/provisionSecretQuestionsCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/authentication_other"]}},"/public/authentication/ssi/issuance/poll":{"post":{"tags":["/public/authentication_SSI"],"summary":"Poll credential offer","description":"> [!warning]\n> <strong>EXPERIMENTAL</strong>: This endpoint is under active development and subject to change. Avoid using it in production clients.\n<p>Allows polling whether the credential offer has been accepted.</p>\n<div class=\"iam-resource-return\">The status of the issuance.\n The attribute <tt>nextAuthStep</tt> defines the next flow step (can be the current step, if further polling is required).</div>","operationId":"/public/authentication/pollOfferAcceptance","responses":{"200":{"description":"Issuance not yet completed (retry later), authentication successful or further steps required.\n<br>Possible next step: <tt>SSI_CREDENTIAL_ACCEPTANCE_REQUIRED</tt>.\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/AuthenticationFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/AuthenticationFlowResultDataResourceDocument"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>SSI_ISSUANCE_FAILED</td>\n<td>Credential issuance has failed.</td>\n</tr>\n</table>\n</div>\n<br>The current authentication flow has been aborted.\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-scalar-stability":"experimental"},"options":{"operationId":"/public/authentication/pollOfferAcceptanceCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/authentication_other"]},"parameters":[{"name":"queryOnly","in":"query","description":"Whether the final result should be returned (optional, default <tt>false</tt>). See <a href=\"#pollingEndpoints\">polling endpoints</a> for details.","schema":{"type":"boolean"}}]},"/public/authentication/ssi/verification/poll":{"post":{"tags":["/public/authentication_SSI"],"summary":"Poll presentation","description":"> [!warning]\n> <strong>EXPERIMENTAL</strong>: This endpoint is under active development and subject to change. Avoid using it in production clients.\n<p>Allows polling whether the presentation has been received and verified.</p>\n<div class=\"iam-resource-return\">The status of the connection.\n The attribute <tt>nextAuthStep</tt> defines the next flow step (can be the current step, if further polling is required).</div>","operationId":"/public/authentication/pollProofVerification","responses":{"200":{"description":"Verification not yet completed (retry later), authentication successful or further steps required.\n<br>Possible next step: <tt>SSI_PROOF_VERIFICATION_REQUIRED</tt>.\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/AuthenticationFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/AuthenticationFlowResultDataResourceDocument"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>SSI_VERIFICATION_FAILED</td>\n<td>The SSI verification has failed.</td>\n</tr>\n</table>\n</div>\n<br>The current authentication flow has been aborted.\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-scalar-stability":"experimental"},"options":{"operationId":"/public/authentication/pollProofVerificationCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/authentication_other"]},"parameters":[{"name":"queryOnly","in":"query","description":"Whether the final result should be returned (optional, default <tt>false</tt>). See <a href=\"#pollingEndpoints\">polling endpoints</a> for details.","schema":{"type":"boolean"}}]},"/public/authentication/data/edit":{"post":{"tags":["/public/authentication_User Context Data"],"summary":"Edit items","description":"Edit context-data items for a user.\n<p>This endpoint updates only items sent with the request. Omitted items remain unchanged.\nContext-data items with a value of <tt>null</tt> are deleted. </p>\n<div class=\"iam-resource-return\">Whether the data items were accepted and set. If a request contains both valid and invalid items, the valid items will be processed.\n This endpoint returns a <tt>nextStep</tt> with\n value <tt>USER_DATA_EDIT_REQUIRED</tt> if the step's data is not yet valid. It returns a <tt>nextStep</tt> with\n value <tt>USER_DATA_EDIT_POSSIBLE</tt> if the step's data is valid and a follow-up call to the <tt>continue</tt> endpoint\n will advance the flow.\n <p>\n On error, this endpoint returns a detailed list of validation failures.\n </p></div>","operationId":"/public/authentication/editData","requestBody":{"description":"<div class=\"iam-docu\">\nContains the data items to be edited. The format of an individual data item's value depends on its configured type:\n<table>\n<tr><th>Item Type</th><th>Format</th></tr>\n<tr><td><i>Boolean</i></td><td>One of the literals <tt>true</tt> or <tt>false</tt></td></tr>\n<tr><td><i>String</i></td><td>A double-quoted string</td></tr>\n<tr><td><i>Date</i></td><td>The format <tt>full-date</tt> as defined in <a href=\"#dateAndTimeFormat\">Date and time format</a> (e.g. <tt>2018-02-06</tt>).</td></tr>\n<tr><td><i>Date And Time</i></td><td>The format <tt>date-time</tt> as defined in <a href=\"#dateAndTimeFormat\">Date and time format</a> (e.g. <tt>2018-02-06T15:58:53.661Z</tt>)</td></tr>\n</table>\n</div>","content":{"application/json":{"schema":{"$ref":"#/components/schemas/UserDataEditAuthRequestOverride"},"examples":{"Set username":{"description":"Set username","value":{"username":"alice"}},"Remove email":{"description":"Remove email","value":{"email":null}}}}}},"responses":{"200":{"description":"Data items successfully set. The <tt>nextStep</tt> informs about the step's data validity.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/AuthenticationFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/AuthenticationFlowResultDataResourceDocument"}}}},"400":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>VALIDATION_FAILED</td>\n<td>The supplied attributes could not be validated successfully. See <a href=\"#validationFailures\">validation failures</a> for detail codes.</td>\n</tr>\n</table>\n</div>\n<br>Possible next steps: <tt>USER_DATA_EDIT_REQUIRED</tt> or <tt>USER_DATA_EDIT_POSSIBLE</tt> (as documented\n<a href=\"#nextAuthStepCodes\">here</a>).\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"The current authentication flow has been aborted.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/public/authentication/editDataCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/authentication_other"]}},"/public/authentication/data/info/retrieve":{"post":{"tags":["/public/authentication_User Context Data"],"summary":"Get info","description":"Retrieves information about context data items to be edited.\n<div class=\"iam-resource-return\">A list containing information for each context-data item that can be edited in the current step.</div>","operationId":"/public/authentication/retrieveInfo_1","responses":{"200":{"description":"The information has successfully been returned.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/UserDataEditItemInfoAuthResponseAttributesDataCollectionDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/UserDataEditItemInfoAuthResponseAttributesDataCollectionDocument"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/public/authentication/retrieveInfo_1CorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/authentication_other"]}},"/public/authentication/data/validate":{"post":{"tags":["/public/authentication_User Context Data"],"summary":"Validate data","description":"Validate all data on the current context-data edit step.\n<div class=\"iam-resource-return\">Whether the data validated successfully. On success, this endpoint returns a <tt>nextStep</tt> with\n value <tt>USER_DATA_EDIT_POSSIBLE</tt>.\n <p>\n On error, this endpoint returns a detailed list of validation failures.\n </p></div>","operationId":"/public/authentication/validate","responses":{"200":{"description":"All data successfully set. A call to the <tt>continue</tt> endpoint will advance the flow.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/AuthenticationFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/AuthenticationFlowResultDataResourceDocument"}}}},"400":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>VALIDATION_FAILED</td>\n<td>The supplied attributes could not be validated successfully. See <a href=\"#validationFailures\">validation failures</a> for detail codes.</td>\n</tr>\n</table>\n</div>\n<br>Possible next steps: <tt>USER_DATA_EDIT_REQUIRED</tt> or <tt>USER_DATA_EDIT_POSSIBLE</tt> (as documented <a href=\"#nextAuthStepCodes\">here</a>).\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"The current authentication flow has been aborted.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/public/authentication/validateCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/authentication_other"]}},"/public/authentication/data/continue":{"post":{"tags":["/public/authentication_User Context Data"],"summary":"Validate and continue","description":"Validate all data on the current context-data edit step and continue to the next step if possible.\n<div class=\"iam-resource-return\">If the attribute <tt>nextStep</tt> is\n present in the response, further steps are required to successfully edit the context-data. If the attribute is missing, the\n user has successfully completed the authentication flow.\n <p>\n On error, this endpoint returns a detailed list of validation failures.\n </p></div>","operationId":"/public/authentication/validateAndContinue_2","responses":{"200":{"description":"All data successfully received and authentication flow completed if no further steps required.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/AuthenticationFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/AuthenticationFlowResultDataResourceDocument"}}}},"400":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>VALIDATION_FAILED</td>\n<td>The supplied attributes could not be validated successfully. See <a href=\"#validationFailures\">validation failures</a> for detail codes.</td>\n</tr>\n</table>\n</div>\n<br>Possible next steps: <tt>USER_DATA_EDIT_REQUIRED</tt> or <tt>USER_DATA_EDIT_POSSIBLE</tt> (as documented <a href=\"#nextAuthStepCodes\">here</a>).\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"The current authentication flow has been aborted.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/public/authentication/validateAndContinue_2CorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/authentication_other"]}},"/public/authentication/user/identify":{"post":{"tags":["/public/authentication_User"],"summary":"Identify user","description":"> [!important]\n> <strong>CAPTCHA</strong>: When protection is enabled, a challenge is included in the previous response.\n<p>Identifies the user based on their username or the provided user data items.</p>\n<div class=\"iam-resource-return\">Whether the user has been successfully identified. If the attribute <tt>nextStep</tt> is present in the response,\n further authentication steps are required. If the attribute is missing, authentication was successful.</div>","operationId":"/public/authentication/identifyUser","requestBody":{"description":"Contains the username.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/AuthenticationUserIdentificationRequest"}}},"required":true},"responses":{"200":{"description":"Authentication successful or further steps required.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/AuthenticationFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/AuthenticationFlowResultDataResourceDocument"}}}},"400":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>USER_NOT_FOUND</td>\n<td>The user does not exist.</td>\n</tr>\n</table>\n</div>\n<br>Possible next step: <tt>USERNAME_REQUIRED</tt>.\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"The current authentication flow has been aborted.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/public/authentication/identifyUserCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/authentication_other"]}},"/public/authentication/password/change":{"post":{"tags":["/public/authentication_Password"],"summary":"Change password","description":"Performs a password change during the authentication process.\n<div class=\"iam-resource-return\">Whether the password change and the authentication was successful.\n If the attribute <tt>nextAuthStep</tt> is present in the response, further steps are required\n to successfully authenticate. If the attribute is missing, the user is successfully authenticated.</div>","operationId":"/public/authentication/changePassword","requestBody":{"description":"Contains the user's current and new password.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/PasswordChangeRequest"}}},"required":true},"responses":{"200":{"description":"Password successfully changed and authentication successful if no further steps required.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/AuthenticationFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/AuthenticationFlowResultDataResourceDocument"}}}},"400":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>EXISTING_PASSWORD_WRONG</td>\n<td>The existing password is wrong.</td>\n</tr>\n<tr>\n<td>PASSWORD_POLICY_VIOLATED</td>\n<td>The new password violates the password policy. See <a href=\"#passwordPolicyDetailCodes\">password policy violation detail codes</a>.</td>\n</tr>\n</table>\n</div>\n<br>Possible next steps: <tt>MANDATORY_PASSWORD_CHANGE</tt>, <tt>PASSWORD_CHANGE_REQUIRED</tt> (as documented <a href=\"#nextAuthStepCodes\">here</a>).\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"The current authentication flow has been aborted.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/public/authentication/changePasswordCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/authentication_other"]}},"/public/authentication/password/check":{"post":{"tags":["/public/authentication_Password"],"summary":"Check credentials","description":"> [!important]\n> <strong>CAPTCHA</strong>: When protection is enabled, a challenge is included in the previous response.\n<p>Checks a user's username and password.</p>\n<div class=\"iam-resource-return\">Whether authentication was successful. If the attribute <tt>nextAuthStep</tt> is present in the response,\n further steps are required to successfully authenticate. If the attribute is missing, the user is successfully authenticated.</div>","operationId":"/public/authentication/checkPassword_1","requestBody":{"description":"Contains the user's authentication credentials.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/UsernamePasswordCheckRequest"}}},"required":true},"responses":{"200":{"description":"Authentication successful or further steps required.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/AuthenticationFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/AuthenticationFlowResultDataResourceDocument"}}}},"400":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>USERNAME_PASSWORD_WRONG</td>\n<td>Username and/or password wrong.</td>\n</tr>\n</table>\n</div>\n<br>Possible next step: <tt>PASSWORD_REQUIRED</tt> (as documented <a href=\"#nextAuthStepCodes\">here</a>).\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"The current authentication flow has been aborted.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/public/authentication/checkPassword_1CorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/authentication_other"]}},"/public/authentication/password/set":{"post":{"tags":["/public/authentication_Password"],"summary":"Set password","description":"Set password during the authentication process.\n<div class=\"iam-resource-return\">Whether the password was successfully set and the authentication was successful. If the attribute <tt>nextAuthStep</tt> is present in the response,\n further steps are required to successfully authenticate. If the attribute is missing, the user is successfully authenticated.</div>","operationId":"/public/authentication/setPassword","requestBody":{"description":"Contains the user's new password.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/AuthenticationSetPasswordRequest"}}},"required":true},"responses":{"200":{"description":"Password successfully set and authentication successful if no further steps required.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/AuthenticationFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/AuthenticationFlowResultDataResourceDocument"}}}},"400":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>PASSWORD_POLICY_VIOLATED</td>\n<td>The new password violates the password policy. See <a href=\"#passwordPolicyDetailCodes\">password policy violation detail codes</a>.</td>\n</tr>\n</table>\n</div>\n<br>Possible next step: <tt>NEW_PASSWORD_REQUIRED</tt> (as documented <a href=\"#nextAuthStepCodes\">here</a>).\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"The current authentication flow has been aborted.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/public/authentication/setPasswordCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/authentication_other"]}},"/public/authentication/vasco/otp/check":{"post":{"tags":["/public/authentication_Vasco OTP"],"summary":"Check Vasco OTP","description":"Checks the submitted Vasco OTP.\n<div class=\"iam-resource-return\">Whether the check was successful. If the attribute <tt>nextAuthStep</tt> is present in the response,\n further steps are required to successfully authenticate. If the attribute is missing, the user is\n successfully authenticated.</div>","operationId":"/public/authentication/checkOathOtp_2","requestBody":{"description":"Request containing the Vasco OTP.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/GenericOtpCheckRequest"}}},"required":true},"responses":{"200":{"description":"Authentication successful or further steps required.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/AuthenticationFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/AuthenticationFlowResultDataResourceDocument"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>VASCO_OTP_WRONG</td>\n<td>The OTP could not be validated successfully.</td>\n</tr>\n</table>\n</div>\n<br>The current authentication flow has been aborted.\n<br>Possible next step: none.\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/public/authentication/checkOathOtp_2CorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/authentication_other"]}},"/public/authentication/airlock-2fa/activation/challenge/retrieve":{"post":{"tags":["/public/authentication_Airlock 2FA"],"summary":"Get activation challenge","description":"> [!caution]\n> This endpoint is deprecated. The activation challenge is returned as <a href=\"#additionalAuthAttributes\">additional attribute</a> with the\n<tt>AIRLOCK_2FA_DEVICE_ACTIVATION_REQUIRED</tt> and <tt><s>AIRLOCK_2FA_DEVICE_ACTIVATION_POLLING_REQUIRED</s></tt> next step codes.\n<p>Retrieves the Airlock 2FA activation challenge.</p>\n<div class=\"iam-resource-return\">The activation challenge.</div>","operationId":"/public/authentication/retrieveActivationChallenge","responses":{"200":{"description":"Further steps required.\n<br>Next step: <tt>AIRLOCK_2FA_DEVICE_ACTIVATION_POLLING_REQUIRED</tt> (as documented <a href=\"#nextAuthStepCodes\">here</a>).\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/AuthenticationAirlock2FAActivationChallengeDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/AuthenticationAirlock2FAActivationChallengeDataResourceDocument"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"deprecated":true},"options":{"operationId":"/public/authentication/retrieveActivationChallengeCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/authentication_other"]}},"/public/authentication/airlock-2fa/activation/device-edit/data/retrieve":{"post":{"tags":["/public/authentication_Airlock 2FA"],"summary":"Get attributes","description":"> [!caution]\n> This endpoint is deprecated. The current display name is returned as <a href=\"#additionalAuthAttributes\">additional attribute</a> with the <tt>AIRLOCK_2FA_DEVICE_EDIT_POSSIBLE</tt> next step code.\n<p>Retrieves editable attributes of the activated Airlock 2FA device.</p>\n<div class=\"iam-resource-return\">information about the activated Airlock 2FA device.</div>","operationId":"/public/authentication/retrieveCurrentDisplayName","responses":{"200":{"description":"The information has successfully been returned.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/Airlock2FADeviceEditAuthResponseAttributesDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/Airlock2FADeviceEditAuthResponseAttributesDataResourceDocument"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"deprecated":true},"options":{"operationId":"/public/authentication/retrieveCurrentDisplayNameCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/authentication_other"]}},"/public/authentication/airlock-2fa/devices/retrieve":{"post":{"tags":["/public/authentication_Airlock 2FA"],"summary":"List devices","description":"> [!caution]\n> This endpoint is deprecated. The device choices are returned as <a href=\"#additionalAuthAttributes\">additional attribute</a>\nwith the <tt>AIRLOCK_2FA_DEVICE_CHOICE_REQUIRED</tt> next step code.\n<p>Retrieves Airlock 2FA devices that can be selected for authentication.</p>\n<div class=\"iam-resource-return\">The list of selectable Airlock 2FA devices.</div>","operationId":"/public/authentication/retrieveDeviceChoices","responses":{"200":{"description":"Device list retrieved, device selection required.\n<br>Possible next steps: <tt>AIRLOCK_2FA_DEVICE_CHOICE_REQUIRED</tt> (as documented <a href=\"#nextAuthStepCodes\">here</a>).\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/Airlock2FADeviceDataCollectionDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/Airlock2FADeviceDataCollectionDocument"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Authentication failed.\n<br>The current authentication flow has been aborted.\n<br>Possible next step: none.\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"deprecated":true},"options":{"operationId":"/public/authentication/retrieveDeviceChoicesCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/authentication_other"]}},"/public/authentication/airlock-2fa/mobile-only/challenge/retrieve":{"post":{"tags":["/public/authentication_Airlock 2FA"],"summary":"Get mobile challenge","description":"> [!caution]\n> This endpoint is deprecated. The mobile authentication URI is returned as <a href=\"#additionalAuthAttributes\">additional attribute</a> with the\n<tt><s>AIRLOCK_2FA_MOBILE_ONLY_CHALLENGE_RETRIEVAL_REQUIRED</s></tt> or <tt>AIRLOCK_2FA_POLLING_REQUIRED</tt> next step codes.\n<p>Retrieves the challenge for a mobile-only Airlock 2FA authentication.</p>\n<div class=\"iam-resource-return\">A challenge in the form of a URI.</div>","operationId":"/public/authentication/retrieveMobileOnlyChallenge","responses":{"200":{"description":"The challenge has been successfully issued.\n<br>Possible next step: <tt>AIRLOCK_2FA_POLLING_REQUIRED</tt> (as documented <a href=\"#nextAuthStepCodes\">here</a>)\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/Airlock2FAMobileOnlyChallengeDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/Airlock2FAMobileOnlyChallengeDataResourceDocument"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"<br>The current authentication flow has been aborted.\n<br>Possible next step: none.\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"deprecated":true},"options":{"operationId":"/public/authentication/retrieveMobileOnlyChallengeCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/authentication_other"]}},"/public/authentication/airlock-2fa/offline-qr-code/challenge/retrieve":{"post":{"tags":["/public/authentication_Airlock 2FA"],"summary":"Get challenge","description":"> [!caution]\n> This endpoint is deprecated. The challenge is returned as <a href=\"#additionalAuthAttributes\">additional attribute</a> with the <tt>AIRLOCK_2FA_QR_CODE_OTP_REQUIRED</tt>\nor <tt>AIRLOCK_2FA_PASSCODE_OR_QR_CODE_OTP_REQUIRED</tt> next step codes.\n<p>Retrieves the challenge for an Offline QR Code Airlock 2FA authentication.</p>\n<div class=\"iam-resource-return\">The Offline QR Code challenge.</div>","operationId":"/public/authentication/retrieveOfflineQrCodeChallenge","responses":{"200":{"description":"The QR code challenge has been issued.\n<br>Possible next step: <tt>AIRLOCK_2FA_QR_CODE_OTP_REQUIRED</tt> (as documented <a href=\"#nextAuthStepCodes\">here</a>)\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/Airlock2FAOfflineQrCodeChallengeDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/Airlock2FAOfflineQrCodeChallengeDataResourceDocument"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"The current authentication flow has been aborted.\n<br>Possible next step: none.\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"deprecated":true},"options":{"operationId":"/public/authentication/retrieveOfflineQrCodeChallengeCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/authentication_other"]}},"/public/authentication/airlock-2fa/zero-touch-info/retrieve":{"post":{"tags":["/public/authentication_Airlock 2FA"],"summary":"Get Login-ID","description":"> [!caution]\n> This endpoint is deprecated. The login ID is returned as <a href=\"#additionalAuthAttributes\">additional attribute</a> with the <tt>AIRLOCK_2FA_POLLING_REQUIRED</tt>\nor <tt>AIRLOCK_2FA_POLLING_OR_OFFLINE_REQUIRED</tt> next step codes.\n<p>Retrieves information (including the login ID), if One-Touch (or previously Zero-Touch) is enabled.\nNote that this endpoint returns an error and aborts the flow if One-Touch is not enabled or the\nselected device does not have the capabilities required for One-Touch.</p>\n<div class=\"iam-resource-return\">Whether One-Touch is enabled, including the login ID.</div>","operationId":"/public/authentication/retrieveZeroTouchInformation","responses":{"200":{"description":"Information whether One-Touch is enabled.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/Airlock2FAZeroTouchInformationDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/Airlock2FAZeroTouchInformationDataResourceDocument"}}}},"400":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>UNEXPECTED_CALL</td>\n<td>If One-Touch is not enabled.</td>\n</tr>\n</table>\n</div>\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"deprecated":true},"options":{"operationId":"/public/authentication/retrieveZeroTouchInformationCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/authentication_other"]}},"/public/authentication/selection/options/retrieve":{"post":{"tags":["/public/authentication_Flow Control"],"summary":"List options","description":"> [!caution]\n> This endpoint is deprecated. The selection options are returned as <a href=\"#additionalAuthAttributes\">additional attribute</a> with the <tt>SELECTION_REQUIRED</tt> next step code.\n<p>Retrieves the available options the user can choose from to proceed in the authentication process.</p>\n<div class=\"iam-resource-return\">The available options.</div>","operationId":"/public/authentication/retrieveOptions","responses":{"200":{"description":"Available selection options retrieved.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/SelectionOptionDataCollectionDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/SelectionOptionDataCollectionDocument"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"deprecated":true},"options":{"operationId":"/public/authentication/retrieveOptionsCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/authentication_other"]}},"/public/authentication/cronto/activation/start-challenge/retrieve":{"post":{"tags":["/public/authentication_Cronto"],"summary":"Get cryptogram","description":"> [!caution]\n> This endpoint is deprecated. The challenge information is returned as <a href=\"#additionalAuthAttributes\">additional attribute</a> with the\n<tt>CRONTO_ACTIVATION_START_WITHOUT_LETTER_REQUIRED</tt> next step code.\n<p>Retrieves the start Cronto activation cryptogram for an activation without letter.</p>\n<p>The retrieved Cronto activation challenge can be used to start the Cronto activation.\n<br>The following preconditions must be fulfilled to make this step available:\n<br>Config-related settings:</p>\n<ul>\n<li>The Cronto Activation step must have a \"Strong Authentication Tag\" configured (Advanced Settings).</li>\n<li>The Cronto Handler plugin must have \"Allow Activation Without Letter\" enabled (Activation Settings).</li>\n</ul>\nUser-related conditions:\n<ul>\n<li>The user must not have an activation letter (can be checked on the Adminapp user details page).</li>\n</ul>\n<div class=\"iam-resource-return\">The Cronto activation challenge to start the Cronto device activation process.</div>","operationId":"/public/authentication/retrieveFirstActivationChallenge","responses":{"200":{"description":"Cronto activation challenge created.\n<br>Next step: <tt>CRONTO_ACTIVATION_START_WITHOUT_LETTER_REQUIRED</tt> (as documented <a href=\"#nextAuthStepCodes\">here</a>).\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/CrontoActivationChallengeDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/CrontoActivationChallengeDataResourceDocument"}}}},"400":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>UNEXPECTED_CALL</td>\n<td>This is not a Cronto activation without letter use case.</td>\n</tr>\n</table>\n</div>\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"deprecated":true},"options":{"operationId":"/public/authentication/retrieveFirstActivationChallengeCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/authentication_other"]}},"/public/authentication/cronto/activation/challenge/retrieve":{"post":{"tags":["/public/authentication_Cronto"],"summary":"Get second cryptogram","description":"> [!caution]\n> This endpoint is deprecated. The challenge information is returned as <a href=\"#additionalAuthAttributes\">additional attribute</a> with the\n<tt>CRONTO_ACTIVATION_COMPLETE_REQUIRED</tt> next step code.\n<p>Provides the second Cronto activation cryptogram, which is used to complete the device activation\nprocess. This can be retrieved once the OTP from the first cryptogram has successfully been\nverified.</p>\n<div class=\"iam-resource-return\">The second Cronto cryptogram required to complete the Cronto device activation process.</div>","operationId":"/public/authentication/retrieveSecondActivationChallenge","responses":{"200":{"description":"Retrieved new Cronto challenge.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/CrontoActivationChallengeDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/CrontoActivationChallengeDataResourceDocument"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"deprecated":true},"options":{"operationId":"/public/authentication/retrieveSecondActivationChallengeCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/authentication_other"]}},"/public/authentication/cronto/challenge/retrieve":{"post":{"tags":["/public/authentication_Cronto"],"summary":"Get challenge","description":"> [!caution]\n> This endpoint is deprecated. The challenge information is returned as\n<a href=\"#additionalAuthAttributes\">additional attribute</a> with the <tt>CRONTO_OTP_REQUIRED</tt> next step code.\n<p>Returns a challenge for Cronto authentication.</p>\n<p>The challenge is delivered as a base64-encoded image ('cryptogram') and as a string representation for\napp-to-app authentication.</p>\n<p>\nThe two attributes \"onlineValidation\" and \"pushed\" have only informative character and indicate\nthe recommended behavior for clients:\n<ul>\n<li>If the \"onlineValidation\" attribute is true, the client application should not ask the user for the\nresponse OTP, as the app will send the response directly to the server (Scan&amp;Login or Push use-cases).\nInstead, the client application should regularly poll (<tt>POST /cronto/otp/poll</tt>) to check if a response\nhas been received. There should be an option for the user to fall back to entering the OTP manually. Sending the\nmanually entered OTP to (<tt>POST /cronto/otp/check</tt>) cancels the online validation</li>\n<li>If also the \"pushed\" attribute is true, the challenge has been pushed to a Cronto app. In this case also\nthe cryptogram should not be displayed. Instead, the user should be informed about this and asked to confirm\nthe transaction on their Cronto app. Again, a fallback for offline situations should be available.\nIf \"pushed\" is true, \"onlineValidation\" is always also true.</li>\n</ul>\n</p>\n<div class=\"iam-resource-return\">A Cronto challenge.</div>","operationId":"/public/authentication/retrieveChallenge","responses":{"200":{"description":"A challenge has been returned.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/CrontoChallengeDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/CrontoChallengeDataResourceDocument"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"deprecated":true},"options":{"operationId":"/public/authentication/retrieveChallengeCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/authentication_other"]}},"/public/authentication/cronto/push-devices/retrieve":{"post":{"tags":["/public/authentication_Cronto"],"summary":"List devices","description":"> [!caution]\n> This endpoint is deprecated. The device choices are returned as\n<a href=\"#additionalAuthAttributes\">additional attributes</a> with the <tt>CRONTO_DEVICE_CHOICE_REQUIRED</tt> next step code.\n<p>Retrieves the set of active Cronto push devices.</p>\n<div class=\"iam-resource-return\">The collection of active Cronto push devices</div>","operationId":"/public/authentication/retrievePushDeviceChoices","responses":{"200":{"description":"Available push devices retrieved.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/AuthenticationCrontoPushDeviceDataCollectionDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/AuthenticationCrontoPushDeviceDataCollectionDocument"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"deprecated":true},"options":{"operationId":"/public/authentication/retrievePushDeviceChoicesCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/authentication_other"]}},"/public/authentication/cronto/push-devices/activation/challenge/retrieve":{"post":{"tags":["/public/authentication_Cronto"],"summary":"Get cryptogram","description":"> [!caution]\n> This endpoint is deprecated. The challenge information is returned as\n<a href=\"#additionalAuthAttributes\">additional attribute</a> with the <tt>CRONTO_PUSH_ACTIVATION_POSSIBLE</tt> next step code.\n<p>Retrieves the Cronto push activation cryptogram.</p>\n<p>The retrieved Cronto activation challenge can be used to activate push notifications\nin the CrontoSign Swiss app.</p>\n<div class=\"iam-resource-return\">The Cronto push activation challenge.</div>","operationId":"/public/authentication/retrievePushActivationChallenge","responses":{"200":{"description":"Cronto push activation challenge created.\n<br>Next step: <tt>CRONTO_PUSH_ACTIVATION_POSSIBLE</tt> (as documented <a href=\"#nextAuthStepCodes\">here</a>).\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/CrontoPushActivationChallengeDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/CrontoPushActivationChallengeDataResourceDocument"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"deprecated":true},"options":{"operationId":"/public/authentication/retrievePushActivationChallengeCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/authentication_other"]}},"/public/authentication/fido/challenge/retrieve":{"post":{"tags":["/public/authentication_FIDO"],"summary":"Get challenge","description":"> [!caution]\n> This endpoint is deprecated. The challenge information is returned as\n<a href=\"#additionalAuthAttributes\">additional attribute</a> with the <tt>FIDO_AUTHENTICATION_CHALLENGE_RETRIEVAL_REQUIRED</tt> next step code.\n<p>Retrieve FIDO challenge to be passed to FIDO authenticator.</p>\n<div class=\"iam-resource-return\">the authentication challenge</div>","operationId":"/public/authentication/createAuthenticationChallenge","responses":{"200":{"description":"Further steps required.\n<br>Possible next step: <tt>FIDO_AUTHENTICATION_ASSERTION_RESPONSE_REQUIRED</tt> (as documented <a href=\"#nextAuthStepCodes\">here</a>).\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/FidoAuthenticationChallengeDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/FidoAuthenticationChallengeDataResourceDocument"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"deprecated":true},"options":{"operationId":"/public/authentication/createAuthenticationChallengeCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/authentication_other"]}},"/public/authentication/matrix/challenge/retrieve":{"post":{"tags":["/public/authentication_Matrix Cards"],"summary":"Get challenges","description":"> [!caution]\n> This endpoint is deprecated. The challenges are returned as\n<a href=\"#additionalAuthAttributes\">additional attribute</a> with the <tt>MATRIX_RESPONSE_REQUIRED</tt> next step code.\n<p>Returns one or more challenges for matrix/index list authentication.</p>\n<div class=\"iam-resource-return\">A list of one or more matrix coordinates or index list indexes.</div>","operationId":"/public/authentication/retrieveChallenge_2","responses":{"200":{"description":"The challenge has been returned.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/MatrixChallengeDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/MatrixChallengeDataResourceDocument"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"deprecated":true},"options":{"operationId":"/public/authentication/retrieveChallenge_2CorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/authentication_other"]}},"/public/authentication/migration/options/retrieve":{"post":{"tags":["/public/authentication_Migration"],"summary":"List options","description":"> [!caution]\n> This endpoint is deprecated. The migration options are returned as\n<a href=\"#additionalAuthAttributes\">additional attribute</a> with the <tt>MIGRATION_SELECTION_REQUIRED</tt> next step code.\n<p>Retrieves the available migration options the user can choose from to proceed in the migration process.\nThe metadata contains the migration information consisting of the migration date (if existing) and the\ninformation whether the user may skip (skipPossible) or reject (rejectPossible) the migration. See examples\nfor more details.</p>\n<div class=\"iam-resource-return\">The available migration options.</div>","operationId":"/public/authentication/retrieveOptions_1","responses":{"200":{"description":"Available migration selection options retrieved.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/MigrationSelectionOptionsDataCollectionDocument"},"examples":{"Migration options with meta data":{"description":"Migration options with meta data","value":{"meta":{"type":"jsonapi.metadata.document","timestamp":"2020-02-02T14:11:04.998+01:00","migrationInfo":{"notAfter":"2020-02-06T09:00:00.000+01:00","rejectPossible":false,"skipPossible":true}},"data":[{"type":"authentication.migration.option","id":"CRONTO","attributes":{}},{"type":"authentication.migration.option","id":"MTAN","attributes":{}}]}}}},"application/json":{"schema":{"$ref":"#/components/schemas/MigrationSelectionOptionsDataCollectionDocument"},"examples":{"Migration options with meta data":{"description":"Migration options with meta data","value":{"meta":{"type":"jsonapi.metadata.document","timestamp":"2020-02-02T14:11:04.998+01:00","migrationInfo":{"notAfter":"2020-02-06T09:00:00.000+01:00","rejectPossible":false,"skipPossible":true}},"data":[{"type":"authentication.migration.option","id":"CRONTO","attributes":{}},{"type":"authentication.migration.option","id":"MTAN","attributes":{}}]}}}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"deprecated":true},"options":{"operationId":"/public/authentication/retrieveOptions_1CorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/authentication_other"]}},"/public/authentication/mtan/tokens/retrieve":{"post":{"tags":["/public/authentication_SMS/mTAN"],"summary":"List tokens","description":"> [!caution]\n> This endpoint is deprecated. The number choices are returned as\n<a href=\"#additionalAuthAttributes\">additional attributes</a> with the <tt>MTAN_TOKEN_CHOICE_REQUIRED</tt> next step code.\n<p>Retrieves the set of active mTAN tokens.</p>\n<div class=\"iam-resource-return\">The collection of active mTAN tokens.</div>","operationId":"/public/authentication/retrieveMtanTokens","responses":{"200":{"description":"Available mTAN tokens retrieved.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/AuthMtanTokenDataCollectionDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/AuthMtanTokenDataCollectionDocument"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"deprecated":true},"options":{"operationId":"/public/authentication/retrieveMtanTokensCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/authentication_other"]}},"/public/authentication/mtan/otp/resend-info/retrieve":{"post":{"tags":["/public/authentication_SMS/mTAN"],"summary":"Verify OTP resend possible","description":"> [!caution]\n> This endpoint is deprecated. The resend information is returned as\n<a href=\"#additionalAuthAttributes\">additional attribute</a> with the <tt>MTAN_OTP_REQUIRED</tt> next step code.\n<p>Returns whether a new OTP can be resent by SMS.</p>\n<div class=\"iam-resource-return\">Whether an OTP resend is possible or not.</div>","operationId":"/public/authentication/retrieveResendInfo","responses":{"200":{"description":"Returns information about a possible OTP resend.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ResendMtanOtpPossibleDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/ResendMtanOtpPossibleDataResourceDocument"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"deprecated":true},"options":{"operationId":"/public/authentication/retrieveResendInfoCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/authentication_other"]}},"/public/authentication/secret-questions/status/retrieve":{"post":{"tags":["/public/authentication_Secret Questions"],"summary":"Get state","description":"> [!caution]\n> This endpoint is deprecated. The secret question provisioning status is returned as\n<a href=\"#additionalAuthAttributes\">additional attributes</a> with the <tt>SECRET_QUESTIONS_PROVISIONING_REQUIRED</tt> next step code.\n<p>Retrieves the provisioning state of secret questions for the current user.</p>\n<div class=\"iam-resource-return\">All secret questions that are currently configured.\nFor each question, it is stated whether the current user has already provisioned an answer.\nAdditionally, the response tells the client how many additional answers must be provisioned (at least) before this step can be finished successfully.\nSee examples for more details.\n</div>","operationId":"/public/authentication/retrieveSecretQuestions","responses":{"200":{"description":"Available questions with their provisioning state retrieved.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/SecretQuestionStatusDataCollectionDocument"},"examples":{"Secret questions":{"description":"Secret questions","value":{"meta":{"type":"jsonapi.metadata.document","timestamp":"2020-02-07T07:37:10.529+01:00","missingSecretQuestionAnswers":1},"data":[{"type":"authentication.secret-question.status","id":"secretquestion.pet","attributes":{"answerProvisioned":true}},{"type":"authentication.secret-question.status","id":"secretquestion.friend","attributes":{"answerProvisioned":false}},{"type":"authentication.secret-question.status","id":"secretquestion.mother","attributes":{"answerProvisioned":false}}]}}}},"application/json":{"schema":{"$ref":"#/components/schemas/SecretQuestionStatusDataCollectionDocument"},"examples":{"Secret questions":{"description":"Secret questions","value":{"meta":{"type":"jsonapi.metadata.document","timestamp":"2020-02-07T07:37:10.529+01:00","missingSecretQuestionAnswers":1},"data":[{"type":"authentication.secret-question.status","id":"secretquestion.pet","attributes":{"answerProvisioned":true}},{"type":"authentication.secret-question.status","id":"secretquestion.friend","attributes":{"answerProvisioned":false}},{"type":"authentication.secret-question.status","id":"secretquestion.mother","attributes":{"answerProvisioned":false}}]}}}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"deprecated":true},"options":{"operationId":"/public/authentication/retrieveSecretQuestionsCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/authentication_other"]}},"/public/authentication/username/identify":{"post":{"tags":["/public/authentication_User"],"summary":"Identify by username","description":"> [!caution]\n> This endpoint is deprecated. Use <tt>/public/authentication/user/identify/</tt> instead.\n\n> [!important]\n> <strong>CAPTCHA</strong>: When protection is enabled, a challenge is included in the previous response.\n<p>Identifies the user.</p>\n<div class=\"iam-resource-return\">Whether the user has been successfully identified. If the attribute <tt>nextStep</tt> is present in the response,\n further authentication steps are required. If the attribute is missing, authentication was successful.</div>","operationId":"/public/authentication/checkUsernameDeprecated","requestBody":{"description":"Contains the username.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/UsernameCheckRequest"}}},"required":true},"responses":{"200":{"description":"Authentication successful or further steps required.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/AuthenticationFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/AuthenticationFlowResultDataResourceDocument"}}}},"400":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>USER_NOT_FOUND</td>\n<td>The user does not exist.</td>\n</tr>\n</table>\n</div>\n<br>Possible next step: <tt>USERNAME_REQUIRED</tt>.\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"The current authentication flow has been aborted.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"deprecated":true},"options":{"operationId":"/public/authentication/checkUsernameDeprecatedCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/authentication_other"]}},"/public/self-service/flow":{"delete":{"tags":["/public/self-service_Flow Control"],"summary":"Abort flow","description":"Aborts the current public self-service flow.\n<div class=\"iam-resource-return\">response</div>","operationId":"/public/self-service/abort","responses":{"204":{"description":"Public self-service flow successfully terminated."},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/public/self-service/abortCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/self-service_other"]}},"/public/self-service/ui/on-completed/{flowId}":{"get":{"operationId":"/public/self-service/getOnCompletedInfo","responses":{"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"default":{"description":"default response","content":{"application/vnd.api+json":{},"application/json;qs=0.9":{}}}},"x-internal":"true","tags":["/public/self-service_other"]},"options":{"operationId":"/public/self-service/getOnCompletedInfoCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/self-service_other"]},"parameters":[{"name":"flowId","in":"path","required":true,"schema":{"maxLength":30,"minLength":1,"type":"string"}}]},"/public/self-service/ui/on-failure/{flowId}":{"get":{"operationId":"/public/self-service/getOnFailureInfo","responses":{"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"default":{"description":"default response","content":{"application/vnd.api+json":{},"application/json;qs=0.9":{}}}},"x-internal":"true","tags":["/public/self-service_other"]},"options":{"operationId":"/public/self-service/getOnFailureInfoCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/self-service_other"]},"parameters":[{"name":"flowId","in":"path","required":true,"schema":{"maxLength":30,"minLength":1,"type":"string"}}]},"/public/self-service/approval/matrix/check":{"post":{"tags":["/public/self-service_Matrix Cards"],"summary":"Verify response","description":"Verifies the submitted challenge response. Note that unlike identity verification, approval REST calls require an existing user\nand cannot prevent username enumeration.\n<div class=\"iam-resource-return\">Whether the check was successful. Gives information about the next step required.</div>","operationId":"/public/self-service/checkMtanOtp","requestBody":{"description":"Contains the challenge response(s).","content":{"application/json":{"schema":{"$ref":"#/components/schemas/MatrixChallengeCheckRequest"}}},"required":true},"responses":{"200":{"description":"Challenge successfully verified.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/PublicSelfServiceFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/PublicSelfServiceFlowResultDataResourceDocument"}}}},"400":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>MATRIX_RESPONSE_WRONG</td>\n<td>One or more responses could not be validated successfully. Retry again.<br>\nSince challenge coordinates may change after failed attempts (depending on configuration),\nthe new ones might have to be requested again.</td>\n</tr>\n</table>\n</div>\n<br>Possible next step: <tt>MATRIX_RESPONSE_REQUIRED</tt> (as documented <a href=\"#nextPublicSelfServiceStepCodes\">here</a>).\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>MATRIX_RESPONSE_WRONG</td>\n<td>One or more responses could not be validated successfully.</td>\n</tr>\n<tr>\n<td>TOO_MANY_UNANSWERED_CHALLENGES</td>\n<td>Too many challenges were requested but not answered. Try again later.</td>\n</tr>\n</table>\n</div>\n<br>The current public self-service flow has been aborted.\n<br>Possible next step: none.\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/public/self-service/checkMtanOtpCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/self-service_other"]}},"/public/self-service/message/acknowledge":{"post":{"tags":["/public/self-service_Message Acknowledgement"],"summary":"Acknowledge message","description":"Acknowledges a previously received message.\nThe message can be a pre-configured message ID or server-generated message, depending on the step configuration.\nIt has been received as an additional in a previous step response (as documented <a href=\"#additionalPublicSelfServiceAttributes\">here</a>).\n<div class=\"iam-resource-return\">If the attribute <tt>nextStep</tt> is present in the response,\n further steps are required to successfully continue with the flow. If the attribute is missing, the self-service flow\n is successfully terminated.</div>","operationId":"/public/self-service/acknowledgeMessageId","responses":{"200":{"description":"Message successfully acknowledged or further steps required (as documented <a href=\"#nextPublicSelfServiceStepCodes\">here</a>).","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/PublicSelfServiceFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/PublicSelfServiceFlowResultDataResourceDocument"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/public/self-service/acknowledgeMessageIdCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/self-service_other"]}},"/public/self-service/approval/airlock-2fa/passcode/check":{"post":{"tags":["/public/self-service_Airlock 2FA"],"summary":"Verify passcode","description":"Verifies the submitted Airlock 2FA passcode. The previously selected device has no impact on the passcode verification.\nNote that passcode checks are only possible if the step is in offline mode (using <tt>POST /protected/self-service/airlock-2fa/offline/</tt>).\n<div class=\"iam-resource-return\">Whether the check was successful. If the attribute <tt>nextAuthStep</tt> is present in the response,\n further steps are required to successfully approve. If the attribute is missing, the message is\n successfully approved.</div>","operationId":"/public/self-service/checkPasscode","requestBody":{"description":"Contains the passcode.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Airlock2FAPasscodeCheckRequest"}}},"required":true},"responses":{"200":{"description":"Approval successful or further steps required.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/PublicSelfServiceFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/PublicSelfServiceFlowResultDataResourceDocument"}}}},"400":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>AIRLOCK_2FA_PASSCODE_WRONG</td>\n<td>Passcode could not be validated successfully. Retry with correct passcode.</td>\n</tr>\n</table>\n</div>\n<br>Possible next step: <tt>AIRLOCK_2FA_PASSCODE_REQUIRED</tt> (as documented <a href=\"#nextAuthStepCodes\">here</a>).\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>AIRLOCK_2FA_PASSCODE_WRONG</td>\n<td>The passcode could not be validated successfully and no retries are allowed.</td>\n</tr>\n<tr>\n<td>AUTH_METHOD_INACTIVE</td>\n<td>The Airlock 2FA account is locked. No retries are allowed.</td>\n</tr>\n</table>\n</div>\n<br>The current public self-service flow has been aborted.\n<br>Possible next step: none.\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/public/self-service/checkPasscodeCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/self-service_other"]}},"/public/self-service/approval/airlock-2fa/status/poll":{"post":{"tags":["/public/self-service_Airlock 2FA"],"summary":"Poll status","description":"<p>Polls Airlock 2FA approval status.</p>\n<p>Allows polling whether the message was approved by the app (\"online validation\"). If there\nhas not been any response from the app, keep polling in regular intervals or switch to\noffline mode (<tt>POST /airlock-2fa/offline</tt>), if allowed by the configuration, and check the OTP manually\n(<tt>POST /airlock-2fa/otp/check</tt>).</p>\n<p>This endpoint is used for authentication using the Airlock 2FA factors One-Touch and Online QR Code, or for mobile-only authentication.</p>\n<div class=\"iam-resource-return\">The status of the online validation. If the attribute <tt>nextStep</tt> is present in the response,\n further steps are required to successfully approve the message. If the attribute is missing,\n the approval was successful.</div>","operationId":"/public/self-service/pollOnlineValidation","responses":{"200":{"description":"Airlock 2FA approval successful (if attribute <tt>nextStep</tt> is missing),\nmessage not yet approved (if <tt>nextStep</tt> has value <tt>AIRLOCK_2FA_POLLING_REQUIRED</tt> or <tt>AIRLOCK_2FA_POLLING_OR_OFFLINE_REQUIRED</tt>),\nfurther steps required in all other cases.\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/PublicSelfServiceFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/PublicSelfServiceFlowResultDataResourceDocument"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>APPROVAL_FAILED</td>\n<td>The message was not approved. This could be due to the user actively cancelling on the app or a timeout.</td>\n</tr>\n</table>\n</div>\n<br>The current public self-service flow has been aborted.\n<br>Possible next step: none.\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/public/self-service/pollOnlineValidationCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/self-service_other"]},"parameters":[{"name":"queryOnly","in":"query","description":"Whether the final result should be returned (optional, default <tt>false</tt>). See <a href=\"#pollingEndpoints\">polling endpoints</a> for details.","schema":{"type":"boolean"}}]},"/public/self-service/approval/airlock-2fa/devices/{id}/select":{"post":{"tags":["/public/self-service_Airlock 2FA"],"summary":"Select device","description":"Selects one of the available Airlock 2FA devices to use for the approval.\n<div class=\"iam-resource-return\">Whether the device selection was successful. Gives information about the next public self-service step required.</div>","operationId":"/public/self-service/selectDevice","responses":{"200":{"description":"Airlock 2FA device successfully selected. Further steps required, such as polling.\n<br>Possible next steps: <tt>AIRLOCK_2FA_POLLING_REQUIRED</tt>, <tt>AIRLOCK_2FA_POLLING_OR_OFFLINE_REQUIRED</tt> (as documented <a href=\"#nextPublicSelfServiceStepCodes\">here</a>).\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/PublicSelfServiceFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/PublicSelfServiceFlowResultDataResourceDocument"}}}},"400":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>AIRLOCK_2FA_DEVICE_CHOICE_FAILED</td>\n<td>Invalid ID selected. Retry with valid ID.</td>\n</tr>\n</table>\n</div>\n<br>Possible next step: <tt>AIRLOCK_2FA_DEVICE_CHOICE_REQUIRED</tt> (as documented <a href=\"#nextPublicSelfServiceStepCodes\">here</a>).\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/public/self-service/selectDeviceCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/self-service_other"]},"parameters":[{"name":"id","in":"path","description":"The ID of the selected Airlock 2FA device.","required":true,"schema":{"maxLength":50,"minLength":1,"type":"string"}}]},"/public/self-service/approval/airlock-2fa/offline":{"post":{"tags":["/public/self-service_Airlock 2FA"],"summary":"Switch to offline","description":"Switch to Airlock 2FA offline approval.\nThis will terminate any occurring online validation. As a consequence, any push notification sent can no longer be used to approve the message\nand subsequent online validation of the message is no longer possible.\nIf no validation was currently taking place when the call was made (because a device selection was required),\na new message approval process with Offline QR Code (only) will be transparently started.\n<p>This call is <em>required</em> to verify an OTP to validate an Offline QR Code challenge (<tt>POST /airlock-2fa/otp/check</tt>).\n</p>\n<div class=\"iam-resource-return\">Whether the switch to offline message approval was successful. Gives information about the next public self-service step required.</div>","operationId":"/public/self-service/switchToOffline","responses":{"200":{"description":"Successfully switched to offline message approval.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/PublicSelfServiceFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/PublicSelfServiceFlowResultDataResourceDocument"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Offline selection failed. The current public self-service flow has been aborted.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/public/self-service/switchToOfflineCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/self-service_other"]}},"/public/self-service/approval/airlock-2fa/offline-qr-code/otp/check":{"post":{"tags":["/public/self-service_Airlock 2FA"],"summary":"Verify OTP","description":"Verifies the provided OTP to validate an Airlock 2FA Offline QR Code challenge.\nThe OTP is provided by the user (after scanning the Offline QR Code challenge).\n<p>Use this call for manual OTP validation for a <tt>AIRLOCK_2FA_QR_CODE_OTP_REQUIRED</tt> next approval step.</p>\nNote that unlike identity verification, approval REST calls require an existing user and cannot prevent username enumeration.\n<div class=\"iam-resource-return\">Whether the check was successful. If the attribute <tt>nextStep</tt> is present in the response,\n further steps are required to successfully approve the message. If the attribute is missing,\n the approval was successful.</div>","operationId":"/public/self-service/validateOfflineQrCode","requestBody":{"description":"Contains the Airlock 2FA OTP.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/GenericOtpCheckRequest"}}},"required":true},"responses":{"200":{"description":"Airlock 2FA approval successful.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/PublicSelfServiceFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/PublicSelfServiceFlowResultDataResourceDocument"}}}},"400":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>AIRLOCK_2FA_QR_CODE_OTP_WRONG</td>\n<td>OTP could not be validated successfully. Retry with correct OTP.</td>\n</tr>\n</table>\n</div>\n<br>Possible next step: <tt>AIRLOCK_2FA_QR_CODE_OTP_REQUIRED</tt> (as documented <a href=\"#nextPublicSelfServiceStepCodes\">here</a>).\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>AIRLOCK_2FA_QR_CODE_OTP_WRONG</td>\n<td>The OTP could not be validated successfully and no retries are allowed.</td>\n</tr>\n</table>\n</div>\n<br>The current public self-service flow has been aborted.\n<br>Possible next step: none.\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/public/self-service/validateOfflineQrCodeCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/self-service_other"]}},"/public/self-service/approval/cronto/otp/check":{"post":{"tags":["/public/self-service_Cronto"],"summary":"Verify Cronto OTP","description":"Verifies the submitted Cronto OTP.\nThe OTP was entered by the user (after scanning the cryptogram image) or returned by the Cronto app\n(when using the secure channel challenge in app-to-app communication).\n<p>Use this call for manual OTP validation for a <tt>CRONTO_OTP_REQUIRED</tt> next step\n(when \"onlineValidation\" was false, or offline fallback was selected by the user). Note that in any case\nmanually OTP checking <em>cancels online validation</em>. It is recommended to obtain the current\nchallenge again after each failed OTP check, as the \"onlineValidation\" flag could have changed.</p>\nNote that unlike identity verification, approval REST calls require an existing user and cannot prevent username enumeration.\n<div class=\"iam-resource-return\">Whether the check was successful.</div>","operationId":"/public/self-service/checkCrontoOtp","requestBody":{"description":"Contains the Cronto OTP.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/GenericOtpCheckRequest"}}},"required":true},"responses":{"200":{"description":"OTP successfully verified.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/PublicSelfServiceFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/PublicSelfServiceFlowResultDataResourceDocument"}}}},"400":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>CRONTO_OTP_WRONG</td>\n<td>OTP could not be validated successfully. Retry with correct OTP.</td>\n</tr>\n</table>\n</div>\n<br>Possible next step: <tt>CRONTO_OTP_REQUIRED</tt> (as documented <a href=\"#nextPublicSelfServiceStepCodes\">here</a>).\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>CRONTO_OTP_WRONG</td>\n<td>The OTP could not be validated successfully and no retries are allowed.</td>\n</tr>\n</table>\n</div>\n<br>The current public self-service flow has been aborted.\n<br>Possible next step: none.\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/public/self-service/checkCrontoOtpCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/self-service_other"]}},"/public/self-service/approval/cronto/otp/poll":{"post":{"tags":["/public/self-service_Cronto"],"summary":"Poll status","description":"Allows polling whether the Cronto challenge has been answered by the app (\"online validation\"). If there\nhas not been any response from the app, keep polling in regular intervals or check the OTP manually\n(<tt>POST /cronto/otp/check</tt>).\n<div class=\"iam-resource-return\">The status of the online validation (still waiting/success/cancelled/failed).\n If the attribute <tt>nextStep</tt> is present in the response, further steps are required.</div>","operationId":"/public/self-service/pollOnlineValidation_1","responses":{"200":{"description":"OTP successfully verified.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/PublicSelfServiceFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/PublicSelfServiceFlowResultDataResourceDocument"}}}},"400":{"description":"Challenge not yet validated. Retry later or check OTP manually.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>CRONTO_OTP_WRONG</td>\n<td>The OTP could not be validated successfully.</td>\n</tr>\n<tr>\n<td>CANCELLED_BY_USER</td>\n<td>The process has been cancelled by the user in the app.</td>\n</tr>\n</table>\n</div>\n<br>The current public self-service flow has been aborted.\n<br>Possible next step: none.\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/public/self-service/pollOnlineValidation_1CorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/self-service_other"]},"parameters":[{"name":"queryOnly","in":"query","description":"Whether the final result should be returned (optional, default <tt>false</tt>). See <a href=\"#pollingEndpoints\">polling endpoints</a> for details.","schema":{"type":"boolean"}}]},"/public/self-service/approval/cronto/offline":{"post":{"tags":["/public/self-service_Cronto"],"summary":"Select offline mode","description":"Selects offline mode instead of a push device. No push notification is sent to a device and no subsequent online validation\nof the response will be possible.\n<div class=\"iam-resource-return\">Whether the selection of offline mode was successful. Gives information about the next step required.</div>","operationId":"/public/self-service/selectOfflineAuthentication","responses":{"200":{"description":"Successfully selected an offline device.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/PublicSelfServiceFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/PublicSelfServiceFlowResultDataResourceDocument"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Offline selection failed. The current public self-service flow has been aborted.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/public/self-service/selectOfflineAuthenticationCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/self-service_other"]}},"/public/self-service/approval/cronto/push-devices/{id}/select":{"post":{"tags":["/public/self-service_Cronto"],"summary":"Select push device","description":"Selects one of the active push devices to which the push notification will be sent.\n<div class=\"iam-resource-return\">Whether the device selection was successful. Gives information about the next step required.</div>","operationId":"/public/self-service/selectPushDevice","responses":{"200":{"description":"Push device successfully selected, notification sent.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/PublicSelfServiceFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/PublicSelfServiceFlowResultDataResourceDocument"}}}},"400":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>CRONTO_DEVICE_CHOICE_FAILED</td>\n<td>Invalid ID selected. Retry with valid ID.</td>\n</tr>\n</table>\n</div>\n<br>Possible next step: <tt>CRONTO_DEVICE_CHOICE_REQUIRED</tt> (as documented <a href=\"#nextPublicSelfServiceStepCodes\">here</a>).\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>CRONTO_DEVICE_CHOICE_FAILED</td>\n<td>Invalid ID selected.</td>\n</tr>\n</table>\n</div>\n<br>The current public self-service flow has been aborted.\n<br>Possible next step: none.\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/public/self-service/selectPushDeviceCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/self-service_other"]},"parameters":[{"name":"id","in":"path","description":"The ID of the selected push device.","required":true,"schema":{"maxLength":50,"minLength":1,"type":"string"}}]},"/public/self-service/device-token/check":{"post":{"tags":["/public/self-service_Device Tokens"],"summary":"Verify JWT","description":"Verify device token JWT.\n<p>\nVerifies the submitted JWT. The JWT must contain at least the following claims:\n<ul>\n<li>\"challenge\": The challenge.</li>\n</ul>\nIt must be signed by the device token key using the same algorithm as in the device token creation process.\n</p>\n<div class=\"iam-resource-return\">Whether the check was successful.</div>","operationId":"/public/self-service/checkJwt","requestBody":{"description":"The JWT to be verified.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/DeviceTokenResponseCheckRequest"}}},"required":true},"responses":{"200":{"description":"Device Token successfully verified.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/PublicSelfServiceFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/PublicSelfServiceFlowResultDataResourceDocument"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>DEVICE_TOKEN_VERIFICATION_FAILED</td>\n<td>\nDevice token verification failed for one of the following reasons:\n\t\t\t<ul>\n \t\t\t\t<li>Signature on JWT is wrong</li>\n \t\t\t\t<li>Signed wrong challenge</li>\n \t\t\t\t<li>Challenge expired</li>\n \t\t\t\t<li>Device token expired</li>\n \t\t\t\t<li>Device token disabled</li>\n\t\t\t</ul>\n\t\t</td>\n\t</tr>\n</table>\n</div>\n<br>Possible next step: none.\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/public/self-service/checkJwtCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/self-service_other"]}},"/public/self-service/device-token/{deviceTokenId}/challenge/retrieve":{"post":{"tags":["/public/self-service_Device Tokens"],"summary":"Get challenge","description":"Get device token challenge.\n<p>\nReturns a challenge for the device token verification step. The challenge is always returned, even if there is\nno device token for the provided ID, in order to prevent user enumeration.\n</p>\n<p>\nThe challenge is a random alphanumeric string. It has to be included in a JWT and signed by the device token key.\n</p>\n<div class=\"iam-resource-return\">A challenge string.</div>","operationId":"/public/self-service/retrieveChallenge_2","responses":{"200":{"description":"A challenge has been returned.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/PublicSelfServiceDeviceTokenChallengeDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/PublicSelfServiceDeviceTokenChallengeDataResourceDocument"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/public/self-service/retrieveChallenge_2CorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/self-service_other"]},"parameters":[{"name":"deviceTokenId","in":"path","description":"The ID of the client device token.","required":true,"schema":{"maxLength":50,"minLength":1,"type":"string"}}]},"/public/self-service/dynamic-steps/{stepId}/activate":{"post":{"tags":["/public/self-service_Flow Control"],"summary":"Activate step","description":"Activates a flow step.\n<div class=\"iam-resource-return\">The required next step action or an error if the step ID is invalid or the step could not be activated.</div>","operationId":"/public/self-service/activate","responses":{"200":{"description":"Public self-service flow successful or further steps required.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/PublicSelfServiceFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/PublicSelfServiceFlowResultDataResourceDocument"}}}},"400":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>INVALID_STEP_ID</td>\n<td>The selected step ID is not available.</td>\n</tr>\n<tr>\n<td>STEP_ACTIVATION_NOT_ALLOWED</td>\n<td>The selected step cannot be activated.</td>\n</tr>\n</table>\n</div>\n<br>Possible next step: always the same as before the activate call.\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/public/self-service/activateCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/self-service_other"]},"parameters":[{"name":"stepId","in":"path","description":"The ID of the step to be activated.","required":true,"schema":{"maxLength":30,"minLength":1,"type":"string"}}]},"/public/self-service/dynamic-steps/{stepId}/deactivate":{"post":{"tags":["/public/self-service_Flow Control"],"summary":"Deactivate step","description":"Deactivates a flow step.\n<div class=\"iam-resource-return\">The required next step action or an error if the step ID is invalid or the step could not be deactivated.</div>","operationId":"/public/self-service/deactivate","responses":{"200":{"description":"Public self-service flow successful or further steps required.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/PublicSelfServiceFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/PublicSelfServiceFlowResultDataResourceDocument"}}}},"400":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>INVALID_STEP_ID</td>\n<td>The selected step ID is not available.</td>\n</tr>\n<tr>\n<td>STEP_DEACTIVATION_NOT_ALLOWED</td>\n<td>The selected step cannot be deactivated.</td>\n</tr>\n</table>\n</div>\n<br>Possible next step: always the same as before the deactivate call.\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/public/self-service/deactivateCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/self-service_other"]},"parameters":[{"name":"stepId","in":"path","description":"The ID of the step to be deactivated","required":true,"schema":{"maxLength":30,"minLength":1,"type":"string"}}]},"/public/self-service/dynamic-steps/retrieve":{"post":{"tags":["/public/self-service_Flow Control"],"summary":"List dynamic steps","description":"Retrieves list of all steps that can be dynamically activated or deactivated on the current step.\n<div class=\"iam-resource-return\">A list of dynamic steps with their activation information.</div>","operationId":"/public/self-service/retrieve","responses":{"200":{"description":"The information has been successfully returned.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/PublicSelfServiceDynamicStepActivationDataCollectionDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/PublicSelfServiceDynamicStepActivationDataCollectionDocument"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/public/self-service/retrieveCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/self-service_other"]}},"/public/self-service/verification/email/otp/check":{"post":{"tags":["/public/self-service_Email OTP"],"summary":"Verify OTP","description":"Checks an email OTP. Note that unlike approval REST calls, identity verification does not require an existing user\nand supports stealth mode.\n<div class=\"iam-resource-return\">Whether the OTP was accepted.</div>","operationId":"/public/self-service/verifyEmailOtp","requestBody":{"description":"Contains the OTP to be verified.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/GenericOtpCheckRequest"}}},"required":true},"responses":{"200":{"description":"OTP successfully verified.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/PublicSelfServiceFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/PublicSelfServiceFlowResultDataResourceDocument"}}}},"400":{"description":"<div class=\"iam-error-code\"><table>\n\t *\n<tr>\n<td>EMAIL_OTP_WRONG</td>\n<td>OTP could not be validated successfully. Retry with correct OTP.</td>\n</tr>\n</table>\n</div>\n<br>Possible next step: <tt>EMAIL_OTP_REQUIRED</tt> (as documented <a href=\"#nextPublicSelfServiceStepCodes\">here</a>).\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>EMAIL_OTP_WRONG</td>\n<td>OTP could not be validated successfully and no retries are allowed.</td>\n</tr>\n<tr>\n<td>EMAIL_OTP_EXPIRED</td>\n<td>OTP has expired.</td>\n</tr>\n</table>\n</div>\n<br>The current public self-service flow has been aborted.\n<br>Possible next step: none.\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/public/self-service/verifyEmailOtpCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/self-service_other"]}},"/public/self-service/approval/fido/failure/report":{"post":{"tags":["/public/self-service_FIDO"],"summary":"Report FIDO failure","description":"Report a FIDO client failure.<p>Allows the client to report a FIDO failure, resulting in a step failure.</p>\n<div class=\"iam-resource-return\">The status of the flow. If the attribute <tt>nextStep</tt> is present in the response,\n further steps are required to successfully complete the flow.</div>","operationId":"/public/self-service/handleClientFailure","requestBody":{"description":"Contains information (name and message) describing the failure.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/FidoClientFailureRequest"}}},"required":true},"responses":{"200":{"description":"Approval successful or further steps required. This is only possible if \"On Failure Gotos\" are configured on the step.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/PublicSelfServiceFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/PublicSelfServiceFlowResultDataResourceDocument"}}}},"400":{"description":"The request was invalid.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>FIDO_APPROVAL_ABORTED</td>\n\t<td>The FIDO approval has been aborted in the client. Returned if the <tt>reason</tt> in the request was \"ABORTED\".</td>\n</tr>\n<tr>\n\t<td>FIDO_APPROVAL_NOT_ALLOWED</td>\n\t<td>FIDO approval was not allowed in the client. Returned if the <tt>reason</tt> in the request was \"NOT_ALLOWED\".</td>\n</tr>\n<tr>\n\t<td>FIDO_WEB_AUTHN_NOT_AVAILABLE</td>\n\t<td>The browser/client does not support WebAuthn/FIDO. Returned if the <tt>reason</tt> in the request was \"NO_WEB_AUTHN\".</td>\n</tr>\n<tr>\n\t<td>FIDO_APPROVAL_FAILED</td>\n\t<td>Returned if any other error occurred in the client. Returned if the <tt>reason</tt> in the request was \"UNKNOWN\".</td>\n</tr>\n</table>\n</div>\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/public/self-service/handleClientFailureCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/self-service_other"]}},"/public/self-service/approval/fido/assertion-response/check":{"post":{"tags":["/public/self-service_FIDO"],"summary":"Verify response","description":"Verify the FIDO authenticator's response.\n<p>The FIDO authenticator's response to the challenge (obtained previously as <a href=\"#additionalPublicSelfServiceAttributes\">additional attribute</a>\nwith the <tt>FIDO_APPROVAL_CHALLENGE_RETRIEVAL_REQUIRED</tt> next step code) contains information about the FIDO credential\nused for this approval attempt as well as metadata that will be verified by IAM.</p>\n<div class=\"iam-resource-return\">Whether the check was successful. If the attribute <tt>nextStep</tt> is present in the response,\n further steps are required.</div>","operationId":"/public/self-service/verify","requestBody":{"description":"Contains the FIDO authenticator's response to the previously obtained challenge.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/FidoAuthenticationPublicKeyCredentialRequest"}}},"required":true},"responses":{"200":{"description":"Approval successful or further steps required.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/PublicSelfServiceFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/PublicSelfServiceFlowResultDataResourceDocument"}}}},"400":{"description":"The request was invalid.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>FIDO_APPROVAL_FAILED</td>\n<td>The response of the FIDO authenticator to the previously obtained challenge could not be successfully verified.\nAs a result, the approval has failed and the flow has been terminated. No retries are possible.</td>\n</tr>\n<tr>\n<td>FIDO_APPROVAL_TIMEOUT</td>\n<td>The response of the FIDO authenticator has timed out.</td>\n</tr>\n</table>\n</div>\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/public/self-service/verifyCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/self-service_other"]}},"/public/self-service/flows/{flowId}/select":{"post":{"tags":["/public/self-service_Flow Control"],"summary":"Select flow","description":"Selects a public self-service flow.\n<p>This endpoint can additionally be called with a flow continuation token attached as <tt>X-Flow-Continuation-Token</tt>\nheader to the request. This token is interpreted by a \"Flow Continuation Step\" that is typically the first step of a public\nself-service flow. Such flows are initialized with the same data, e.g. user identity, as the flow that issued\nthe continuation token.</p>\n<div class=\"iam-resource-return\">A success response with a next step indicating the required next action.</div>","operationId":"/public/self-service/selectFlow","responses":{"200":{"description":"Public self-service flow selection successful.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/PublicSelfServiceFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/PublicSelfServiceFlowResultDataResourceDocument"}}}},"400":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>UNEXPECTED_CALL</td>\n<td>A flow for another public self-service is already in progress.</td>\n</tr>\n</table>\n</div>\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>FLOW_CONTINUATION_NOT_ALLOWED</td>\n<td>Not allowed to continue the flow with the provided token.</td>\n</tr>\n<tr>\n<td>FLOW_CONTINUATION_TOKEN_EXPIRED</td>\n<td>The token has expired and the flow cannot be continued.</td>\n</tr>\n<tr>\n<td>USER_NOT_FOUND</td>\n<td>The user associated with the flow was not found.</td>\n</tr>\n</table>\n</div>\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"404":{"description":"No flow with the requested ID exists.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/public/self-service/selectFlowCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/self-service_other"]},"parameters":[{"name":"flowId","in":"path","description":"the ID of the selected flow as configured.","required":true,"schema":{"maxLength":30,"minLength":1,"type":"string"}}]},"/public/self-service/goto-targets/{stepId}/goto":{"post":{"tags":["/public/self-service_Flow Control"],"summary":"Go to step","description":"Go to the selected flow step.\n<div class=\"iam-resource-return\">The required next step action or an error if the step ID is invalid.</div>","operationId":"/public/self-service/doGoto","responses":{"200":{"description":"Public self-service flow successful or further steps required.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/PublicSelfServiceFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/PublicSelfServiceFlowResultDataResourceDocument"}}}},"400":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>GOTO_FAILED</td>\n<td>The selected step ID is not available.</td>\n</tr>\n</table>\n</div>\n<br>Possible next step: always the same as before the goto call.\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/public/self-service/doGotoCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/self-service_other"]},"parameters":[{"name":"stepId","in":"path","description":"The goto target's step ID.","required":true,"schema":{"maxLength":30,"minLength":1,"type":"string"}}]},"/public/self-service/goto-targets/retrieve":{"post":{"tags":["/public/self-service_Flow Control"],"summary":"List goto steps","description":"Retrieves possible target steps of an interactive goto.\n<div class=\"iam-resource-return\">A list of target steps.</div>","operationId":"/public/self-service/retrieve_1","responses":{"200":{"description":"The information has been successfully returned.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/PublicSelfServiceGotoTargetAttributesDataCollectionDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/PublicSelfServiceGotoTargetAttributesDataCollectionDocument"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/public/self-service/retrieve_1CorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/self-service_other"]}},"/public/self-service/selection/options/{id}/select":{"post":{"tags":["/public/self-service_Flow Control"],"summary":"Select option","description":"Selects the given option if available.\n<div class=\"iam-resource-return\">The selected next step or an error if the option is invalid.</div>","operationId":"/public/self-service/selectOption","responses":{"200":{"description":"Selected the chosen step and requires next step actions.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/PublicSelfServiceFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/PublicSelfServiceFlowResultDataResourceDocument"}}}},"400":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>SELECTION_FAILED</td>\n<td>The selected option is not available.</td>\n</tr>\n</table>\n</div>\n<br>Possible next step: <tt>SELECTION_REQUIRED</tt> (as documented <a href=\"#nextPublicSelfServiceStepCodes\">here</a>).\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/public/self-service/selectOptionCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/self-service_other"]},"parameters":[{"name":"id","in":"path","description":"option to select.","required":true,"schema":{"maxLength":1000,"minLength":1,"type":"string"}}]},"/public/self-service/approval/mtan/otp/check":{"post":{"tags":["/public/self-service_SMS/mTAN"],"summary":"Check mTAN OTP","description":"Checks the submitted mTAN OTP. Note that unlike identity verification, approval REST calls require an existing user\nand cannot prevent username enumeration.\n<div class=\"iam-resource-return\">Whether the check was successful. Gives information about the next step required.</div>","operationId":"/public/self-service/checkMtanOtp_1","requestBody":{"description":"Request containing the mTAN OTP.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/GenericOtpCheckRequest"}}},"required":true},"responses":{"200":{"description":"OTP successfully verified.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/PublicSelfServiceFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/PublicSelfServiceFlowResultDataResourceDocument"}}}},"400":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>MTAN_OTP_WRONG</td>\n<td>OTP could not be validated successfully. Retry with correct OTP.</td>\n</tr>\n</table>\n</div>\n<br>Possible next step: <tt>MTAN_OTP_REQUIRED</tt> (as documented <a href=\"#nextPublicSelfServiceStepCodes\">here</a>).\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>MTAN_OTP_WRONG</td>\n<td>OTP could not be validated successfully and no retries are allowed.</td>\n</tr>\n<tr>\n<td>MTAN_OTP_EXPIRED</td>\n<td>The OTP has expired.</td>\n</tr>\n</table>\n</div>\n<br>The current public self-service flow has been aborted.\n<br>Possible next step: none.\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/public/self-service/checkMtanOtp_1CorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/self-service_other"]}},"/public/self-service/approval/mtan/otp/resend":{"post":{"tags":["/public/self-service_SMS/mTAN"],"summary":"Resend OTP","description":"Resends the mTAN OTP by SMS.\n<div class=\"iam-resource-return\">Whether the resend was successful and informs about the <tt>nextStep</tt>.\n Additionally, the response includes information about the possibility of an OTP resend.\n <p><b>Deprecated:</b> The 'included' section containing resend information is deprecated and will be removed in a future version.\n The resend information is returned as <a href=\"#additionalPublicSelfServiceAttributes\">additional attribute</a>\n with the <tt>MTAN_OTP_REQUIRED</tt> next step code.</p></div>","operationId":"/public/self-service/resendMtanOtp","responses":{"200":{"description":"The OTP has been resent.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/PublicSelfServiceFlowResultDataResourceDocument"},"examples":{"Flow result":{"description":"Flow result","value":{"meta":{"type":"jsonapi.metadata.document","timestamp":"2025-07-03T11:11:42.240+02:00"},"included":[{"type":"public-self-service.approval.mtan.otp.resend.information","id":"797271294","attributes":{"otpResendPossible":false}}],"data":{"type":"public-self-service.session","id":"516534791446228062","attributes":{"nextAuthStep":"MTAN_OTP_REQUIRED","phoneNumber":"+41799876543","resendPossible":false}}}}}},"application/json":{"schema":{"$ref":"#/components/schemas/PublicSelfServiceFlowResultDataResourceDocument"},"examples":{"Flow result":{"description":"Flow result","value":{"meta":{"type":"jsonapi.metadata.document","timestamp":"2025-07-03T11:11:42.240+02:00"},"included":[{"type":"public-self-service.approval.mtan.otp.resend.information","id":"797271294","attributes":{"otpResendPossible":false}}],"data":{"type":"public-self-service.session","id":"516534791446228062","attributes":{"nextAuthStep":"MTAN_OTP_REQUIRED","phoneNumber":"+41799876543","resendPossible":false}}}}}}}},"400":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>MTAN_OTP_RESEND_REFUSED</td>\n<td>The OTP could not be resent.</td>\n</tr>\n</table>\n</div>\n<br>Possible next step: <tt>MTAN_OTP_REQUIRED</tt> (as documented <a href=\"#nextPublicSelfServiceStepCodes\">here</a>).\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Resend failed. The current public self-service flow has been aborted.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/public/self-service/resendMtanOtpCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/self-service_other"]}},"/public/self-service/approval/mtan/tokens/{id}/select":{"post":{"tags":["/public/self-service_SMS/mTAN"],"summary":"Select token","description":"Selects one of the active mTAN tokens (phone numbers) for sending the OTP to.\n<div class=\"iam-resource-return\">Whether the token selection and sending of the OTP was successful. Gives information about the next step required.\n Additionally, the response includes information about the possibility of an OTP resend.\n <p><b>Deprecated:</b> The 'included' section containing resend information is deprecated and will be removed in a future version.\n The resend information is returned as <a href=\"#additionalPublicSelfServiceAttributes\">additional attribute</a>\n with the <tt>MTAN_OTP_REQUIRED</tt> next step code.</p></div>","operationId":"/public/self-service/selectMtanToken","responses":{"200":{"description":"mTAN token successfully selected, OTP sent.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/PublicSelfServiceFlowResultDataResourceDocument"},"examples":{"Flow result":{"description":"Flow result","value":{"meta":{"type":"jsonapi.metadata.document","timestamp":"2025-07-03T11:11:42.240+02:00"},"included":[{"type":"public-self-service.approval.mtan.otp.resend.information","id":"797271294","attributes":{"otpResendPossible":false}}],"data":{"type":"public-self-service.session","id":"516534791446228062","attributes":{"nextAuthStep":"MTAN_OTP_REQUIRED","phoneNumber":"+41799876543","resendPossible":false}}}}}},"application/json":{"schema":{"$ref":"#/components/schemas/PublicSelfServiceFlowResultDataResourceDocument"},"examples":{"Flow result":{"description":"Flow result","value":{"meta":{"type":"jsonapi.metadata.document","timestamp":"2025-07-03T11:11:42.240+02:00"},"included":[{"type":"public-self-service.approval.mtan.otp.resend.information","id":"797271294","attributes":{"otpResendPossible":false}}],"data":{"type":"public-self-service.session","id":"516534791446228062","attributes":{"nextAuthStep":"MTAN_OTP_REQUIRED","phoneNumber":"+41799876543","resendPossible":false}}}}}}}},"400":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>MTAN_TOKEN_CHOICE_FAILED</td>\n<td>Invalid mTAN token ID. Retry with valid ID.</td>\n</tr>\n</table>\n</div>\n<br>Possible next step: <tt>MTAN_TOKEN_CHOICE_REQUIRED</tt> (as documented <a href=\"#nextStepCodes\">here</a>).\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Selection failed. The current public self-service flow has been aborted.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/public/self-service/selectMtanTokenCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/self-service_other"]},"parameters":[{"name":"id","in":"path","description":"the ID of the selected mTAN token.","required":true,"schema":{"maxLength":50,"minLength":1,"type":"string"}}]},"/public/self-service/verification/mtan/otp/check":{"post":{"tags":["/public/self-service_SMS/mTAN"],"summary":"Verify OTP","description":"Checks an mTAN OTP. Note that unlike approval REST calls, identity verification does not require an existing user\nand supports stealth mode.\n<div class=\"iam-resource-return\">Whether the OTP was accepted.</div>","operationId":"/public/self-service/verifyMtanOtp","requestBody":{"description":"Contains the OTP to be verified.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/GenericOtpCheckRequest"}}},"required":true},"responses":{"200":{"description":"OTP successfully verified.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/PublicSelfServiceFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/PublicSelfServiceFlowResultDataResourceDocument"}}}},"400":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>MTAN_OTP_WRONG</td>\n<td>OTP could not be validated successfully. Retry with correct OTP.</td>\n</tr>\n</table>\n</div>\n<br>Possible next step: <tt>MTAN_OTP_REQUIRED</tt> (as documented <a href=\"#nextPublicSelfServiceStepCodes\">here</a>).\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>MTAN_OTP_WRONG</td>\n<td>OTP could not be validated successfully and no retries are allowed.</td>\n</tr>\n<tr>\n<td>MTAN_OTP_EXPIRED</td>\n<td>OTP has expired.</td>\n</tr>\n</table>\n</div>\n<br>The current public self-service flow has been aborted.\n<br>Possible next step: none.\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/public/self-service/verifyMtanOtpCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/self-service_other"]}},"/public/self-service/approval/oath/otp/check":{"post":{"tags":["/public/self-service_OATH OTP"],"summary":"Check OATH OTP","description":"Checks the submitted OATH OTP. Note that unlike identity verification, approval REST calls require an existing user\nand cannot prevent username enumeration\n<div class=\"iam-resource-return\">Whether the check was successful. If the attribute <tt>nextAuthStep</tt> is present in the response,\n further steps are required to successfully authenticate.</div>","operationId":"/public/self-service/checkOathOtp","requestBody":{"description":"Request containing the OATH OTP.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/GenericOtpCheckRequest"},"examples":{"Check OATH OTP":{"description":"Check OATH OTP","value":{"otp":"654321"}}}}}},"responses":{"200":{"description":"OTP successfully verified.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/PublicSelfServiceFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/PublicSelfServiceFlowResultDataResourceDocument"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>OATH_OTP_WRONG</td>\n<td>The OTP could not be validated successfully.</td>\n</tr>\n</table>\n</div>\n<br>The current public self-service flow has been aborted.\n<br>Possible next step: none.\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/public/self-service/checkOathOtpCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/self-service_other"]}},"/public/self-service/verification/secret-questions/answer":{"post":{"tags":["/public/self-service_Secret Questions"],"summary":"Check answers","description":"Checks the answers to secret questions. Note that unlike approval REST calls, identity verification does not require an existing user\nand supports stealth mode.\n<div class=\"iam-resource-return\">Whether the answers were accepted.</div>","operationId":"/public/self-service/verifySecretQuestions","requestBody":{"description":"Contains the answers to be verified.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/SecretQuestionsVerificationRequest"}}},"required":true},"responses":{"200":{"description":"Answers successfully verified.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/PublicSelfServiceFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/PublicSelfServiceFlowResultDataResourceDocument"}}}},"400":{"description":"<div class=\"iam-error-code\"><table>\n\t *\n<tr>\n<td>ANSWER_WRONG</td>\n<td>Answers could not be validated successfully. Retry with correct answers.</td>\n</tr>\n</table>\n</div>\n<br>Possible next step: <tt>SECRET_QUESTIONS_ANSWER_REQUIRED</tt> (as documented <a href=\"#nextPublicSelfServiceStepCodes\">here</a>).\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>ANSWER_WRONG</td>\n<td>Answers could not be validated successfully and no retries are allowed.</td>\n</tr>\n</table>\n</div>\n<br>The current public self-service flow has been aborted.\n<br>Possible next step: none.\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/public/self-service/verifySecretQuestionsCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/self-service_other"]}},"/public/self-service/password/set":{"post":{"tags":["/public/self-service_Password"],"summary":"Set password","description":"Sets the new password.\n<div class=\"iam-resource-return\">Whether the new password has been successfully set. The attribute <tt>nextStep</tt> in the response\n indicates the next step required for the public self-service.</div>","operationId":"/public/self-service/setPassword","requestBody":{"description":"Contains the new password.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/SetPasswordRequest"}}},"required":true},"responses":{"200":{"description":"Password has been successfully set.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/PublicSelfServiceFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/PublicSelfServiceFlowResultDataResourceDocument"}}}},"400":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>PASSWORD_POLICY_VIOLATED</td>\n<td>The new password violates the password policy. See <a href=\"#passwordPolicyDetailCodes\">password policy violation detail codes</a>.</td>\n</tr>\n</table>\n</div>\n<br>Possible next step: <tt>NEW_PASSWORD_REQUIRED</tt> (as documented <a href=\"#nextPublicSelfServiceStepCodes\">here</a>).\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>NOT_ALLOWED</td>\n<td>The user is not allowed to reset the password.</td>\n</tr>\n</table>\n</div>\n<br>The current public self-service flow has been aborted.\n<br>Possible next step: none.\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/public/self-service/setPasswordCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/self-service_other"]}},"/public/self-service/ssi/verification/poll":{"post":{"tags":["/public/self-service_SSI"],"summary":"Poll presentation","description":"> [!warning]\n> <strong>EXPERIMENTAL</strong>: This endpoint is under active development and subject to change. Avoid using it in production clients.\n<p>Allows polling whether the presentation has been received and verified.</p>\n<div class=\"iam-resource-return\">The proof verification status.\n The attribute <tt>nextStep</tt> defines the next flow step (can be the current step, if further polling is required).</div>","operationId":"/public/self-service/pollProofVerification","responses":{"200":{"description":"Verification not yet completed (retry later), public self-service successful or further steps required.\n<br>Possible next step: <tt>SSI_PROOF_VERIFICATION_REQUIRED</tt> (as documented <a href=\"#nextPublicSelfServiceStepCodes\">here</a>).\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/PublicSelfServiceFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/PublicSelfServiceFlowResultDataResourceDocument"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>SSI_VERIFICATION_FAILED</td>\n<td>The SSI verification has failed.</td>\n</tr>\n</table>\n</div>\n<br>The current public self-service flow has been aborted.\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-scalar-stability":"experimental"},"options":{"operationId":"/public/self-service/pollProofVerificationCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/self-service_other"]},"parameters":[{"name":"queryOnly","in":"query","description":"Whether the final result should be returned (optional, default <tt>false</tt>). See <a href=\"#pollingEndpoints\">polling endpoints</a> for details.","schema":{"type":"boolean"}}]},"/public/self-service/user/identify":{"post":{"tags":["/public/self-service_User"],"summary":"Identify user","description":"> [!important]\n> <strong>CAPTCHA</strong>: When protection is enabled, a challenge is included in the previous response.\n<p>Identifies the user based on their username or the provided user data items.</p>\n<div class=\"iam-resource-return\">Whether the user has been successfully identified. The attribute <tt>nextStep</tt>\n in the response indicates the next step required for the public self-service.</div>","operationId":"/public/self-service/identifyUser","requestBody":{"description":"Contains the username.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/UserIdentificationRequest"}}},"required":true},"responses":{"200":{"description":"A user that is eligible for a public self-service has been successfully identified. Further steps\nrequired. Note that this may also be returned when a public self-service restriction is violated if feedback for said\nrestriction is disabled.\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/PublicSelfServiceFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/PublicSelfServiceFlowResultDataResourceDocument"}}}},"400":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>VALIDATION_FAILED</td>\n<td>The provided username is invalid or the user data could not be validated successfully by at least one of the context data item validators.\nSee <a href=\"#validationFailures\">validation failures</a> for detail codes.</td>\n</tr>\n</table>\n</div>\n<br>Possible next step: USERNAME_REQUIRED or USER_DATA_REQUIRED.\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>USER_NOT_FOUND</td>\n<td>The specified user could not be found.</td>\n</tr>\n<tr>\n<td>USER_INVALID</td>\n<td>The specified user is invalid.</td>\n</tr>\n<tr>\n<td>USER_LOCKED</td>\n<td>The specified user is locked.</td>\n</tr>\n<tr>\n<td>CAPTCHA_CHECK_FAILED</td>\n<td>The CAPTCHA could not be validated successfully. Retry with a correctly solved CAPTCHA.</td>\n</tr>\n</table>\n</div>\n<br>The current public self-service flow has been aborted.\n<br>Possible next step: none.\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/public/self-service/identifyUserCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/self-service_other"]}},"/public/self-service/approval/vasco/otp/check":{"post":{"tags":["/public/self-service_Vasco OTP"],"summary":"Check Vasco OTP","description":"Checks the submitted Vasco OTP. Note that unlike identity verification, approval REST calls require an existing user\nand cannot prevent username enumeration\n<div class=\"iam-resource-return\">Whether the check was successful. Gives information about the next step required.</div>","operationId":"/public/self-service/checkVascoOtp","requestBody":{"description":"Request containing the Vasco OTP.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/GenericOtpCheckRequest"}}},"required":true},"responses":{"200":{"description":"OTP successfully verified.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/PublicSelfServiceFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/PublicSelfServiceFlowResultDataResourceDocument"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>VASCO_OTP_WRONG</td>\n<td>The OTP could not be validated successfully.</td>\n</tr>\n</table>\n</div>\n<br>The current public self-service flow has been aborted.\n<br>Possible next step: none.\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/public/self-service/checkVascoOtpCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/self-service_other"]}},"/public/self-service/approval/matrix/challenge/retrieve":{"post":{"tags":["/public/self-service_Matrix Cards"],"summary":"Get challenges","description":"> [!caution]\n> This endpoint is deprecated. The challenges are returned as\n<a href=\"#additionalPublicSelfServiceAttributes\">additional attribute</a> with the <tt>MATRIX_RESPONSE_REQUIRED</tt> next step code.\n<p>Returns one or more challenges for matrix/index list approval.</p>\n<div class=\"iam-resource-return\">A list of one or more matrix coordinates or index list indexes.</div>","operationId":"/public/self-service/retrieveChallenge","responses":{"200":{"description":"The challenge has been returned.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/PublicSelfServiceMatrixChallengeDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/PublicSelfServiceMatrixChallengeDataResourceDocument"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"deprecated":true},"options":{"operationId":"/public/self-service/retrieveChallengeCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/self-service_other"]}},"/public/self-service/approval/airlock-2fa/devices/retrieve":{"post":{"tags":["/public/self-service_Airlock 2FA"],"summary":"List devices","description":"> [!caution]\n> This endpoint is deprecated. The device choices are returned as <a href=\"#additionalPublicSelfServiceAttributes\">additional attribute</a>\nwith the <tt>AIRLOCK_2FA_DEVICE_CHOICE_REQUIRED</tt> next step code.\n<p>Retrieves all applicable Airlock 2FA devices.</p>\n<div class=\"iam-resource-return\">The collection of applicable Airlock 2FA devices</div>","operationId":"/public/self-service/retrieveDeviceChoices","responses":{"200":{"description":"Available devices retrieved.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/PublicSelfServiceAirlock2FADeviceDataCollectionDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/PublicSelfServiceAirlock2FADeviceDataCollectionDocument"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"deprecated":true},"options":{"operationId":"/public/self-service/retrieveDeviceChoicesCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/self-service_other"]}},"/public/self-service/approval/airlock-2fa/mobile-only/challenge/retrieve":{"post":{"tags":["/public/self-service_Airlock 2FA"],"summary":"Get mobile-only challenge","description":"> [!caution]\n> This endpoint is deprecated. The mobile authentication URI is returned as <a href=\"#additionalPublicSelfServiceAttributes\">additional attribute</a>\nwith the <tt><s>AIRLOCK_2FA_MOBILE_ONLY_CHALLENGE_RETRIEVAL_REQUIRED</s></tt> or <tt>AIRLOCK_2FA_POLLING_REQUIRED</tt> next step codes.\n<p>Retrieves the challenge for message approval in case of mobile-only.</p>\n<div class=\"iam-resource-return\">a challenge in the form of a URI.</div>","operationId":"/public/self-service/retrieveMobileOnlyChallenge","responses":{"200":{"description":"A challenge has been returned.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/PublicSelfServiceAirlock2FAMobileOnlyChallengeDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/PublicSelfServiceAirlock2FAMobileOnlyChallengeDataResourceDocument"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"deprecated":true},"options":{"operationId":"/public/self-service/retrieveMobileOnlyChallengeCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/self-service_other"]}},"/public/self-service/approval/airlock-2fa/offline-qr-code/challenge/retrieve":{"post":{"tags":["/public/self-service_Airlock 2FA"],"summary":"Get QR challenge","description":"> [!caution]\n> This endpoint is deprecated. The challenge is returned as <a href=\"#additionalPublicSelfServiceAttributes\">additional attribute</a>\nwith the <tt>AIRLOCK_2FA_QR_CODE_OTP_REQUIRED</tt> next step code.\n<p>Returns the Offline QR Code challenge for Airlock 2FA.</p>\n<p>The challenge is delivered as a base64-encoded image.\nThe OTP returned by the user after scanning the image needs to be checked manually (<tt>POST /airlock-2fa/otp/check</tt>).</p>\n<div class=\"iam-resource-return\">A challenge for Airlock 2FA.</div>","operationId":"/public/self-service/retrieveOfflineQrCodeChallenge","responses":{"200":{"description":"A challenge has been returned.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/PublicSelfServiceAirlock2FAOfflineChallengeDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/PublicSelfServiceAirlock2FAOfflineChallengeDataResourceDocument"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"deprecated":true},"options":{"operationId":"/public/self-service/retrieveOfflineQrCodeChallengeCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/self-service_other"]}},"/public/self-service/approval/cronto/challenge/retrieve":{"post":{"tags":["/public/self-service_Cronto"],"summary":"Get challenge","description":"> [!caution]\n> This endpoint is deprecated. The challenge information is returned as <a href=\"#additionalPublicSelfServiceAttributes\">additional attribute</a>\nwith the <tt>CRONTO_OTP_REQUIRED</tt> next step code.\n<p>Returns a challenge for Cronto public self-service.</p>\n<p>The challenge is delivered as a base64-encoded image ('cryptogram') and as a string representation for\napp-to-app authentication.</p>\n<p>\nThe two attributes \"onlineValidation\" and \"pushed\" have only informative character and indicate\nthe recommended behavior for clients:\n<ul>\n<li>If the \"onlineValidation\" attribute is true, the client application should not ask the user for the\nresponse OTP, as the app will send the response directly to the server (Scan&amp;Login or Push use-cases).\nInstead, the client application should regularly poll (<tt>POST /cronto/otp/poll</tt>) to check if a response\nhas been received. There should be an option for the user to fall back to entering the OTP manually. Sending the\nmanually entered OTP to (<tt>POST /cronto/otp/check</tt>) cancels the online validation</li>\n<li>If also the \"pushed\" attribute is true, the challenge has been pushed to a Cronto app. In this case also\nthe cryptogram should not be displayed. Instead, the user should be informed about this and asked to confirm\nthe transaction on their Cronto app. Again, a fallback for offline situations should be available.\nIf \"pushed\" is true, \"onlineValidation\" is always also true.</li>\n</ul>\n</p>\n<div class=\"iam-resource-return\">A Cronto challenge.</div>","operationId":"/public/self-service/retrieveChallenge_1","responses":{"200":{"description":"A challenge has been returned.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/PublicSelfServiceCrontoChallengeDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/PublicSelfServiceCrontoChallengeDataResourceDocument"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"deprecated":true},"options":{"operationId":"/public/self-service/retrieveChallenge_1CorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/self-service_other"]}},"/public/self-service/approval/cronto/push-devices/retrieve":{"post":{"tags":["/public/self-service_Cronto"],"summary":"List devices","description":"> [!caution]\n> This endpoint is deprecated. The device choices are returned as <a href=\"#additionalPublicSelfServiceAttributes\">additional attributes</a>\nwith the <tt>CRONTO_DEVICE_CHOICE_REQUIRED</tt> next step code.\n<p>Retrieves the set of active Cronto push devices.</p>\n<div class=\"iam-resource-return\">The collection of active Cronto push devices</div>","operationId":"/public/self-service/retrievePushDeviceChoices","responses":{"200":{"description":"Available push devices retrieved.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/PublicSelfServiceCrontoPushDeviceDataCollectionDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/PublicSelfServiceCrontoPushDeviceDataCollectionDocument"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"deprecated":true},"options":{"operationId":"/public/self-service/retrievePushDeviceChoicesCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/self-service_other"]}},"/public/self-service/approval/fido/challenge/retrieve":{"post":{"tags":["/public/self-service_FIDO"],"summary":"Get challenge","description":"> [!caution]\n> This endpoint is deprecated. The challenge information is returned as <a href=\"#additionalPublicSelfServiceAttributes\">additional attribute</a>\nwith the <tt>FIDO_APPROVAL_CHALLENGE_RETRIEVAL_REQUIRED</tt> next step code.\n<p>Retrieve FIDO challenge to be passed to FIDO authenticator.</p>\n<div class=\"iam-resource-return\">the Approval challenge</div>","operationId":"/public/self-service/retrieveAuthenticationChallenge","responses":{"200":{"description":"Further steps required.\n<br>Possible next step: <tt>FIDO_APPROVAL_ASSERTION_RESPONSE_REQUIRED</tt> (as documented <a href=\"#nextPublicSelfServiceStepCodes\">here</a>).\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/PublicSelfServiceFidoApprovalChallengeDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/PublicSelfServiceFidoApprovalChallengeDataResourceDocument"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"deprecated":true},"options":{"operationId":"/public/self-service/retrieveAuthenticationChallengeCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/self-service_other"]}},"/public/self-service/selection/options/retrieve":{"post":{"tags":["/public/self-service_Flow Control"],"summary":"List options","description":"> [!caution]\n> This endpoint is deprecated. The selection options are returned as\n<a href=\"#additionalPublicSelfServiceAttributes\">additional attribute</a> with the <tt>SELECTION_REQUIRED</tt> next step code.\n<p>Retrieves the available options the user can choose from to proceed in the public self-service process.</p>\n<div class=\"iam-resource-return\">The available options.</div>","operationId":"/public/self-service/retrieveOptions","responses":{"200":{"description":"Available selection options retrieved.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/PublicSelfServiceSelectionOptionDataCollectionDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/PublicSelfServiceSelectionOptionDataCollectionDocument"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"deprecated":true},"options":{"operationId":"/public/self-service/retrieveOptionsCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/self-service_other"]}},"/public/self-service/approval/mtan/tokens/retrieve":{"post":{"tags":["/public/self-service_SMS/mTAN"],"summary":"List tokens","description":"> [!caution]\n> This endpoint is deprecated. The number choices are returned as\n<a href=\"#additionalPublicSelfServiceAttributes\">additional attributes</a> with the <tt>MTAN_TOKEN_CHOICE_REQUIRED</tt> next step code.\n<p>Retrieves the set of active mTAN tokens.</p>\n<div class=\"iam-resource-return\">The collection of active mTAN tokens.</div>","operationId":"/public/self-service/retrieveMtanTokens","responses":{"200":{"description":"Available mTAN tokens retrieved.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/PublicSelfServiceMtanTokenDataCollectionDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/PublicSelfServiceMtanTokenDataCollectionDocument"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"deprecated":true},"options":{"operationId":"/public/self-service/retrieveMtanTokensCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/self-service_other"]}},"/public/self-service/approval/mtan/otp/resend-info/retrieve":{"post":{"tags":["/public/self-service_SMS/mTAN"],"summary":"Verify OTP resend possible","description":"> [!caution]\n> This endpoint is deprecated. The resend information is returned as\n<a href=\"#additionalPublicSelfServiceAttributes\">additional attribute</a> with the <tt>MTAN_OTP_REQUIRED</tt> next step code.\n<p>Returns whether a new OTP can be resent by SMS.</p>\n<div class=\"iam-resource-return\">Whether an OTP resend is possible or not.</div>","operationId":"/public/self-service/retrieveResendInfo","responses":{"200":{"description":"Returns information about a possible OTP resend.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/PublicSelfServiceResendMtanOtpPossibleDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/PublicSelfServiceResendMtanOtpPossibleDataResourceDocument"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"deprecated":true},"options":{"operationId":"/public/self-service/retrieveResendInfoCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/self-service_other"]}},"/public/self-service/verification/secret-questions/retrieve":{"post":{"tags":["/public/self-service_Secret Questions"],"summary":"List questions","description":"> [!caution]\n> This endpoint is deprecated. The list of available questions are returned as\n<a href=\"#additionalPublicSelfServiceAttributes\">additional attributes</a> with the <tt>SECRET_QUESTIONS_ANSWER_REQUIRED</tt> next step code.\n<p>Retrieves secret questions which have to be answered.</p>\n<div class=\"iam-resource-return\">A list of secret question resource keys.</div>","operationId":"/public/self-service/retrieveQuestions","responses":{"200":{"description":"The questions have been successfully returned.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/PublicSelfServiceSecretQuestionsChallengeDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/PublicSelfServiceSecretQuestionsChallengeDataResourceDocument"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"deprecated":true},"options":{"operationId":"/public/self-service/retrieveQuestionsCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/self-service_other"]}},"/public/self-service/username/identify":{"post":{"tags":["/public/self-service_User"],"summary":"Identify by username","description":"> [!caution]\n> This endpoint is deprecated. Use <tt>/public/self-service/user/identify/</tt> instead.\n\n> [!important]\n> <strong>CAPTCHA</strong>: When protection is enabled, a challenge is included in the previous response.\n<p>Identifies the user.</p>\n<div class=\"iam-resource-return\">Whether the user has been successfully identified. The attribute <tt>nextStep</tt>\n in the response indicates the next step required for the public self-service.</div>","operationId":"/public/self-service/identifyUserDeprecated","requestBody":{"description":"Contains the username.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/IdentifyUserRequest"}}},"required":true},"responses":{"200":{"description":"A user that is eligible for a public self-service has been successfully identified. Further steps\nrequired. Note that this may also be returned when a public self-service restriction is violated if feedback for said\nrestriction is disabled.\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/PublicSelfServiceFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/PublicSelfServiceFlowResultDataResourceDocument"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>USER_NOT_FOUND</td>\n<td>The specified user could not be found.</td>\n</tr>\n<tr>\n<td>USER_INVALID</td>\n<td>The specified user is invalid.</td>\n</tr>\n<tr>\n<td>USER_LOCKED</td>\n<td>The specified user is locked.</td>\n</tr>\n<tr>\n<td>CAPTCHA_CHECK_FAILED</td>\n<td>The CAPTCHA could not be validated successfully. Retry with a correctly solved CAPTCHA.</td>\n</tr>\n</table>\n</div>\n<br>The current public self-service flow has been aborted.\n<br>Possible next step: none.\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"deprecated":true},"options":{"operationId":"/public/self-service/identifyUserDeprecatedCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/self-service_other"]}},"/public/tech-client-registration/oauth2/{authorizationServerId}/register":{"post":{"tags":["/public/tech-client-registration_OAuth 2.0/OIDC"],"summary":"Register client","description":"Registers an OAuth 2.0 technical client.\n<p>This endpoint is implemented in accordance with <a href=\"https://tools.ietf.org/html/rfc7591\">RFC 7591 - OAuth 2.0 Dynamic Client Registration Protocol</a>.</p>\n<p>To be RFC-compliant, this endpoint does not require the CSRF protection header <tt>X-Same-Domain</tt>.\nRequests to this endpoint are guaranteed to be non-simple, because of the enforced non-simple content type\n<tt>application/json</tt>.</p>\n<div class=\"iam-resource-return\">Whether the registration was successful and if so, includes what metadata were registered.\n<p>\nIf an error occurs that is covered by RFC 7591, the error format described in section 3.2.2 is returned:\n<pre><code class=\"language-typescript\">{\n\terror: string // mandatory, possible values: invalid_redirect_uri, invalid_client_metadata, invalid_software_statement or unapproved_software_statement\n\terror_description: string // optional, textual description. No API.\n}</code></pre>\n</p>\n<p>\nOther errors (such as infrastructure failures or syntactically invalid requests) that are not covered by the RFC are handled\nin the default error response format as described in <a href=\"#errorResponseFormat\">Error Responses</a>.\n</p>\nThis endpoint is implemented as a flow which allows non-interactive steps to be placed before or after the registration step. Interactive steps\nwould violate the RFC. Please take note of the following differences to other flow endpoints:\n<ul>\n<li>Responses with status code 400 also terminate the flow. There's no concept of a retry.</li>\n<li>The format of a successful response is specified by the RFC and does not inform about a next step.</li>\n</ul></div>","operationId":"/public/tech-client-registration/register","requestBody":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/OAuth2ClientRegistrationRequestContainer"},"examples":{"Client registration":{"description":"Client registration","value":{"scope":"defend_winterfell defend_castle_black attack_winterfell","contacts":["admin@winterfell.test","john@winterfell.test"],"redirect_uris":["https://winterfell.test/oauth"],"token_endpoint_auth_method":"client_secret_basic","client_name":"throne_client","client_uri":"https://winterfell.test/client","logo_uri":"https://winterfell.test/logo","tos_uri":"https://winterfell.test/terms-of-service","policy_uri":"https://winterfell.test/privacy-policy","software_id":"OAuth2DynamicClientRegistrationRfcTest","software_version":"1.0","requested_client_id":"myClient","client_name#de":"Kundenname","client_name#zh-CN":"glurz","client_name#ja-Jpan-JP":"RFC Example","client_uri#de":"https://client_uri.de","policy_uri#zh-CN":"https://policy_uri.cn","tos_uri#de":"https://tos_uri.de","logo_uri#zh-CN":"https://logo_uri.cn"}}}}}},"responses":{"201":{"description":"Client successfully registered.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/OAuth2ClientRegistrationDataOverride"}}}},"400":{"description":"<p>The request was invalid.</p>\n<p>Formatted according to RFC 7591 section 3.2.2 if the error situation is covered by the RFC.</p>\n<p>General JSON Api error in case of a general request validation error which is not covered by the RFC.</p>","content":{"application/json":{"schema":{"$ref":"#/components/schemas/OAuth2ClientRegistrationErrorResponseData"}},"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"404":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>AUTHORIZATION_SERVER_NOT_FOUND</td>\n<td>The authorization server ID does not exist.</td>\n</tr>\n</table>\n</div>\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The specified authorization server does not support dynamic client registration.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/public/tech-client-registration/registerCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/tech-client-registration_other"]},"parameters":[{"name":"authorizationServerId","in":"path","description":"The identifier of the authorization server to register with.","required":true,"schema":{"type":"string"}}]},"/public/tech-client-registration/dynamic-steps/{stepId}/activate":{"post":{"tags":["/public/tech-client-registration_Flow Control"],"summary":"Activate step","description":"Activates a flow step.\n<div class=\"iam-resource-return\">The required next step action or an error if the step ID is invalid or the step could not be activated.</div>","operationId":"/public/tech-client-registration/activate","responses":{"200":{"description":"Technical client registration successful or further steps required.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/TechClientRegFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/TechClientRegFlowResultDataResourceDocument"}}}},"400":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>INVALID_STEP_ID</td>\n<td>The selected step ID is not available.</td>\n</tr>\n<tr>\n<td>STEP_ACTIVATION_NOT_ALLOWED</td>\n<td>The selected step cannot be activated.</td>\n</tr>\n</table>\n</div>\n<br>Possible next step: always the same as before the activate call.\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/public/tech-client-registration/activateCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/tech-client-registration_other"]},"parameters":[{"name":"stepId","in":"path","description":"The ID of the step to be activated.","required":true,"schema":{"maxLength":30,"minLength":1,"type":"string"}}]},"/public/tech-client-registration/dynamic-steps/{stepId}/deactivate":{"post":{"tags":["/public/tech-client-registration_Flow Control"],"summary":"Deactivate step","description":"Deactivates a flow step.\n<div class=\"iam-resource-return\">The required next step action or an error if the step ID is invalid or the step could not be deactivated.</div>","operationId":"/public/tech-client-registration/deactivate","responses":{"200":{"description":"Technical client registration successful or further steps required.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/TechClientRegFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/TechClientRegFlowResultDataResourceDocument"}}}},"400":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>INVALID_STEP_ID</td>\n<td>The selected step ID is not available.</td>\n</tr>\n<tr>\n<td>STEP_DEACTIVATION_NOT_ALLOWED</td>\n<td>The selected step cannot be deactivated.</td>\n</tr>\n</table>\n</div>\n<br>Possible next step: always the same as before the deactivate call.\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/public/tech-client-registration/deactivateCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/tech-client-registration_other"]},"parameters":[{"name":"stepId","in":"path","description":"The ID of the step to be deactivated","required":true,"schema":{"maxLength":30,"minLength":1,"type":"string"}}]},"/public/tech-client-registration/dynamic-steps/retrieve":{"post":{"tags":["/public/tech-client-registration_Flow Control"],"summary":"List dynamic steps","description":"Retrieves list of all steps that can be dynamically activated or deactivated on the current step.\n<div class=\"iam-resource-return\">A list of dynamic steps with their activation information.</div>","operationId":"/public/tech-client-registration/retrieve","responses":{"200":{"description":"The information has been successfully returned.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/TechClientRegDynamicStepActivationDataCollectionDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/TechClientRegDynamicStepActivationDataCollectionDocument"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/public/tech-client-registration/retrieveCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/tech-client-registration_other"]}},"/public/tech-client-registration/goto-targets/{stepId}/goto":{"post":{"tags":["/public/tech-client-registration_Flow Control"],"summary":"Go to step","description":"Go to the selected flow step.\n<div class=\"iam-resource-return\">The required next step action or an error if the step ID is invalid.</div>","operationId":"/public/tech-client-registration/doGoto","responses":{"200":{"description":"Technical client registration successful or further steps required.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/TechClientRegFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/TechClientRegFlowResultDataResourceDocument"}}}},"400":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>GOTO_FAILED</td>\n<td>The selected step ID is not available.</td>\n</tr>\n</table>\n</div>\n<br>Possible next step: always the same as before the goto call.\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/public/tech-client-registration/doGotoCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/tech-client-registration_other"]},"parameters":[{"name":"stepId","in":"path","description":"The goto target's step ID.","required":true,"schema":{"maxLength":30,"minLength":1,"type":"string"}}]},"/public/tech-client-registration/goto-targets/retrieve":{"post":{"tags":["/public/tech-client-registration_Flow Control"],"summary":"List goto steps","description":"Retrieves possible target steps of an interactive goto.\n<div class=\"iam-resource-return\">A list of target steps.</div>","operationId":"/public/tech-client-registration/retrieve_1","responses":{"200":{"description":"The information has been successfully returned.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/TechClientRegGotoTargetAttributesDataCollectionDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/TechClientRegGotoTargetAttributesDataCollectionDocument"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/public/tech-client-registration/retrieve_1CorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/tech-client-registration_other"]}},"/protected/my/tokens/device-tokens/{deviceTokenId}":{"delete":{"tags":["/protected_Device Tokens"],"summary":"Remove token","description":"Remove device token.\n<p>\nRemoves an existing device token given its id.\n</p>\n<div class=\"iam-resource-return\">Device token information (ID, expiry date):</div>","operationId":"/protected/deleteDeviceToken","responses":{"204":{"description":"Device token successfully deleted."},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"404":{"description":"The specified device token does not exist.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/protected/deleteDeviceTokenCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/protected_other"]},"parameters":[{"name":"deviceTokenId","in":"path","description":"The ID of the device token to be deleted.","required":true,"schema":{"type":"string"}}]},"/protected/secret-questions":{"get":{"tags":["/protected_Secret Questions"],"summary":"List questions","description":"Retrieves all available questions.\n<div class=\"iam-resource-return\">A collection document with all available question IDs.</div>","operationId":"/protected/retrieveConfiguredSecretQuestions","responses":{"200":{"description":"Available questions retrieved.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/SecretQuestionDataCollectionDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/SecretQuestionDataCollectionDocument"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/protected/retrieveConfiguredSecretQuestionsCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/protected_other"]}},"/protected/my/tokens/device-tokens":{"get":{"tags":["/protected_Device Tokens"],"summary":"List tokens","description":"Retrieves the set of enabled and valid device tokens.\n<div class=\"iam-resource-return\">The (possibly empty) collection of enabled and valid device tokens.</div>","operationId":"/protected/getEnabledAndValidDeviceTokens","responses":{"200":{"description":"Available device tokens retrieved.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/MyDeviceTokenDataCollectionDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/MyDeviceTokenDataCollectionDocument"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"post":{"tags":["/protected_Device Tokens"],"summary":"Register token","description":"Register device token.\n<p>\nRegister a new device token by providing a JSON Web Key (JWK) public key and optionally a label and/or a serial ID of the device.\n</p>\n<p>\nThe public key is represented as specified in JWK (RFC7517). Currently elliptic curve signatures (keys of type \"EC\") are supported.<br/>\nThe following attributes are expected in the public key attribute (according to the JWK specification):\n<ul>\n<li>\"crv\" - the elliptic curve. Supported values are:\n<ul>\n<li>\"P-256\": for ES256 signatures</li>\n<li>\"P-256K\": for ES256K signatures</li>\n<li>\"P-384\": for ES384 signatures</li>\n<li>\"P-521\": for ES512 signatures</li>\n</ul>\nPlease note: During registration all four values are always allowed, but for the other use cases of device tokens (e.g. authentication)\nit is possible to restrict (in the IAM configuration) which curves are allowed.</li>\n<li>\"x\" - the x coordinate of the base point.</li>\n<li>\"y\" - the y coordinate of the base point.</li>\n<li>\"kty\" - the key type - must be \"EC\"</li>\n<li>\"kid\" - a key identifier (optional)</li>\n</ul>\n</p>\n<div class=\"iam-resource-return\">A device token to be used during authentication.</div>","operationId":"/protected/registerDeviceToken","requestBody":{"description":"A request to register a new device token (public key, optionally label and serial).","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/RequestDocumentDeviceRegistrationRequest"}},"application/json":{"schema":{"$ref":"#/components/schemas/RequestDocumentDeviceRegistrationRequest"}}},"required":true},"responses":{"200":{"description":"Device token successfully registered.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/MyDeviceTokenDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/MyDeviceTokenDataResourceDocument"}}}},"400":{"description":"The supplied attributes could not be validated (wrong key type, wrong key length, or missing attribute).","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/protected/getEnabledAndValidDeviceTokensCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/protected_other"]}},"/protected/my/self":{"get":{"tags":["/protected_User"],"summary":"Get user","description":"Retrieves the authenticated user.\n<div class=\"iam-resource-return\">The available information about the authenticated user.</div>","operationId":"/protected/retrieveSelf","responses":{"200":{"description":"Retrieved the authenticated user.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/UserDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/UserDataResourceDocument"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/protected/retrieveSelfCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/protected_other"]}},"/protected/my/secret-questions/{questionId}/answer":{"post":{"tags":["/protected_Secret Questions"],"summary":"Set answer","description":"Allows the user to set the answer for a single Secret Question.\n<div class=\"iam-resource-return\">a Response containing a status code.</div>","operationId":"/protected/answerQuestion","requestBody":{"description":"Contains the question's answer.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/AcceptSecretQuestionAnswerRequest"}}},"required":true},"responses":{"204":{"description":"The question has been answered."},"400":{"description":"If another question already has the same answer but this is forbidden in the configuration.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"404":{"description":"The question ID or the user do not exist or cannot be retrieved with the current configuration.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/protected/answerQuestionCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/protected_other"]},"parameters":[{"name":"questionId","in":"path","description":"The question ID of the Secret Question whose answer should be set.","required":true,"schema":{"type":"string"}}]},"/protected/my/tokens/cronto/devices/{id}":{"get":{"tags":["/protected_Cronto"],"summary":"Get device","description":"> [!caution]\n> This endpoint is deprecated and replaced by the protected self-service flow functionality. See\n<tt>/protected/self-service/cronto/device/info/retrieve</tt>.\n<p>Retrieves a Cronto device.</p>\n<div class=\"iam-resource-return\">The attributes of the retrieved Cronto device.</div>","operationId":"/protected/retrieveDevice","responses":{"200":{"description":"Retrieved Cronto device.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/MyCrontoDeviceDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/MyCrontoDeviceDataResourceDocument"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"404":{"description":"The user does not exist or there is no device with this ID.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"deprecated":true},"delete":{"tags":["/protected_Cronto"],"summary":"Delete Cronto device","description":"> [!caution]\n> This endpoint is deprecated and replaced by the protected self-service flow functionality. See\n<tt>/protected/self-service/cronto/devices/{id}/remove</tt>.\n<p>Deletes a user's Cronto device.</p>\n<div class=\"iam-resource-return\">an empty response.</div>","operationId":"/protected/deleteDevice","responses":{"200":{"description":"The device has been deleted and a challenge was retuned.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/MyCrontoDeviceDeletionChallengeDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/MyCrontoDeviceDeletionChallengeDataResourceDocument"}}}},"204":{"description":"The device has been deleted and no challenge was returned."},"400":{"description":"The user's only device can't be deleted.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"404":{"description":"There is no device with this ID.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"deprecated":true},"options":{"operationId":"/protected/retrieveDeviceCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/protected_other"]},"patch":{"tags":["/protected_Cronto"],"summary":"Update device data","description":"> [!caution]\n> This endpoint is deprecated and replaced by the protected self-service flow functionality. See\n<tt>/protected/self-service/cronto/device/edit</tt>.\n<p>Updates Cronto device metadata.</p>\n<div class=\"iam-resource-return\">an empty response</div>","operationId":"/protected/updateLabel","requestBody":{"description":"The new label of the Cronto device.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/RequestDocumentCrontoDeviceDataUpdateRequest"}},"application/json":{"schema":{"$ref":"#/components/schemas/RequestDocumentCrontoDeviceDataUpdateRequest"}}},"required":true},"responses":{"204":{"description":"The label has been updated."},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"404":{"description":"There is no device with this ID.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"deprecated":true},"parameters":[{"name":"id","in":"path","description":"The ID of the Cronto device.","required":true,"schema":{"type":"string"}}]},"/protected/my/tokens/cronto/devices":{"get":{"tags":["/protected_Cronto"],"summary":"List devices","description":"> [!caution]\n> This endpoint is deprecated and replaced by the protected self-service flow functionality. See\n<tt>/protected/self-service/cronto/devices</tt>.\n<p>Fetching all Cronto devices that the user has.</p>\n<div class=\"iam-resource-return\">All Cronto devices belonging to the user.</div>","operationId":"/protected/listCrontoDevices","responses":{"200":{"description":"Retrieved available Cronto devices.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/MyCrontoDeviceDataCollectionDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/MyCrontoDeviceDataCollectionDocument"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"404":{"description":"The user has no Cronto account.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"deprecated":true},"options":{"operationId":"/protected/listCrontoDevicesCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/protected_other"]}},"/protected/my/tokens/mtan":{"get":{"tags":["/protected_SMS/mTAN"],"summary":"List tokens","description":"> [!caution]\n> This endpoint is deprecated and replaced by the protected self-service flow functionality. See\n<tt>/protected/self-service/mtan/tokens</tt>.\n<p>Fetching all mTAN tokens that the user has.</p>\n<div class=\"iam-resource-return\">All mTAN tokens belonging to the user.</div>","operationId":"/protected/listMtanTokens","responses":{"200":{"description":"Retrieved available mTAN tokens.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/MyMtanTokenDataCollectionDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/MyMtanTokenDataCollectionDocument"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"deprecated":true},"options":{"operationId":"/protected/listMtanTokensCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/protected_other"]}},"/protected/my/tokens/mtan/{mtanId}":{"options":{"operationId":"/protected/updateMtanTokenCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/protected_other"]},"patch":{"tags":["/protected_SMS/mTAN"],"summary":"Update token data","description":"> [!caution]\n> This endpoint is deprecated and replaced by the protected self-service flow functionality. See\n<tt>/protected/self-service/mtan/token/edit</tt>.\n<p>Updates mTAN token meta data. To change the phone number, use POST on '/start-number-change'.</p>\n<div class=\"iam-resource-return\">The updated mTAN token.</div>","operationId":"/protected/updateMtanToken","requestBody":{"description":"The payload of the update.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/RequestDocumentMtanTokenDataUpdateRequest"}},"application/json":{"schema":{"$ref":"#/components/schemas/RequestDocumentMtanTokenDataUpdateRequest"}}},"required":true},"responses":{"200":{"description":"If the update was successful.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/MyMtanTokenDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/MyMtanTokenDataResourceDocument"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"deprecated":true},"parameters":[{"name":"mtanId","in":"path","description":"The ID of the mTAN token.","required":true,"schema":{"type":"string"}}]},"/protected/my/tokens/cronto/activation-letters/order":{"post":{"tags":["/protected_Cronto"],"summary":"Re-order letter","description":"> [!caution]\n> This endpoint is deprecated. Use the dedicated protected self-service flow step instead.\n<p>Re-orders a Cronto activation letter.</p>\n<p>\nAny existing letter is deleted and replaced with the new letter.\nDuring this time until the customer receives the new letter,\nthe customer cannot activate another Cronto app or device.\n</p>\n<p>\nRe-ordering a Cronto activation letter is not always possible,\ne.g. if this feature is not configured or when the user doesn't have an existing\nCronto letter or a letter has been ordered too recently.\n</p>\n<div class=\"iam-resource-return\">empty document</div>","operationId":"/protected/orderLetter","responses":{"204":{"description":"The letter has been ordered."},"400":{"description":"The letter could not be ordered.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"404":{"description":"The user has no Cronto account.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"deprecated":true},"options":{"operationId":"/protected/orderLetterCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/protected_other"]}},"/protected/my/tokens/cronto/devices/{id}/push/allow":{"post":{"tags":["/protected_Cronto"],"summary":"Allow push","description":"> [!caution]\n> This endpoint is deprecated and replaced by the protected self-service flow functionality. See\n<tt>/protected/self-service/cronto/devices/{id}/push/enable</tt>.\n<p>Allows use of the push notification feature with a Cronto device. To actually send push notifications to this device,\nit must first register a notification identifier. This typically happens upon the next login.</p>\n<div class=\"iam-resource-return\">an empty response</div>","operationId":"/protected/allowPushNotifications","responses":{"204":{"description":"Push notifications have been allowed."},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"404":{"description":"There is no device with this ID.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"deprecated":true},"delete":{"tags":["/protected_Cronto"],"summary":"Disallow push","description":"> [!caution]\n> This endpoint is deprecated and replaced by the protected self-service flow functionality. See\n<tt>/protected/self-service/cronto/devices/{id}/push/disable</tt>.\n<p>Disallows push notification for a Cronto device.</p>\n<div class=\"iam-resource-return\">an empty response</div>","operationId":"/protected/disallowPushNotifications","responses":{"204":{"description":"Push notifications have been disallowed."},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"404":{"description":"There is no device with this ID.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"deprecated":true},"options":{"operationId":"/protected/allowPushNotificationsCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/protected_other"]},"parameters":[{"name":"id","in":"path","description":"The ID of the Cronto device.","required":true,"schema":{"type":"string"}}]},"/protected/my/tokens/cronto/devices/activation/complete":{"post":{"tags":["/protected_Cronto"],"summary":"Complete adding device","description":"> [!caution]\n> This endpoint is deprecated and replaced by the protected self-service flow functionality. See\n<tt>/protected/self-service/cronto/activation/complete</tt>.\n<p>Completes adding a new Cronto Device.</p>\n<p>Adds a new Cronto device by verifying the OTP the user has extracted from the cryptogram he has received\nfrom the prior POST to <tt>cronto/devices/activation/start</tt>.</p>\n<div class=\"iam-resource-return\">The attributes of the added Cronto device.</div>","operationId":"/protected/completeDeviceActivation","requestBody":{"description":"Contains the information needed to successfully complete adding the new device.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/CrontoCompleteDeviceActivationRequest"}}},"required":true},"responses":{"200":{"description":"OTP verified and new Cronto device stored.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/MyCrontoDeviceActivationCompletedDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/MyCrontoDeviceActivationCompletedDataResourceDocument"}}}},"400":{"description":"Invalid context or specific error.<div class=\"iam-error-code\"><table>\n<tr>\n<td>VALIDATION_FAILED</td>\n<td>The supplied attributes could not be validated successfully. See <a href=\"#validationFailures\">validation failures</a> for detail codes.</td>\n</tr>\n<tr>\n<td>CRONTO_OTP_WRONG</td>\n<td>The provided OTP was wrong.</td>\n</tr>\n<tr>\n<td>CRONTO_DEVICE_ALREADY_EXISTS</td>\n<td>The same device cannot be added twice.</td>\n</tr>\n</table>\n</div>\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"deprecated":true},"options":{"operationId":"/protected/completeDeviceActivationCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/protected_other"]}},"/protected/my/tokens/cronto/devices/{id}/enable":{"post":{"tags":["/protected_Cronto"],"summary":"Enable Cronto device","description":"> [!caution]\n> This endpoint is deprecated and replaced by the protected self-service flow functionality. See\n<tt>/protected/self-service/cronto/devices/{id}/enable</tt>.\n<p>Enables a Cronto device.</p>\n<div class=\"iam-resource-return\">an empty response</div>","operationId":"/protected/enableDevice","responses":{"204":{"description":"The device has been enabled."},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"404":{"description":"There is no device with this ID.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"deprecated":true},"delete":{"tags":["/protected_Cronto"],"summary":"Disable Cronto device","description":"> [!caution]\n> This endpoint is deprecated and replaced by the protected self-service flow functionality. See\n<tt>/protected/self-service/cronto/devices/{id}/disable</tt>.\n<p>Disables a Cronto device.</p>\n<div class=\"iam-resource-return\">an empty response</div>","operationId":"/protected/disableDevice","responses":{"204":{"description":"The device has been disabled."},"400":{"description":"The user's last device can't be disabled.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"404":{"description":"There is no device with this ID.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"deprecated":true},"options":{"operationId":"/protected/enableDeviceCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/protected_other"]},"parameters":[{"name":"id","in":"path","description":"The ID of the Cronto device.","required":true,"schema":{"type":"string"}}]},"/protected/my/tokens/cronto/devices/activation/start":{"post":{"tags":["/protected_Cronto"],"summary":"Start adding device","description":"> [!caution]\n> This endpoint is deprecated and replaced by the protected self-service flow functionality. See\n<tt>/protected/self-service/cronto/activation/start</tt>.\n<p>Starts adding a new Cronto device.</p>\n<p>Starts adding a new Cronto device by sending the OTP from the Cronto activation letter.\nReturns a session object and a new challenge cryptogram to be responded by a POST to <tt>cronto/devices/activation/complete</tt>.</p>\n<div class=\"iam-resource-return\">A session object and a new challenge cryptogram.</div>","operationId":"/protected/startDeviceActivation","requestBody":{"description":"Contains the OTP from the Cronto activation letter.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/CrontoStartDeviceActivationRequest"}}},"required":true},"responses":{"200":{"description":"OTP verified and new challenge created.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/MyCrontoDeviceActivationChallengeDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/MyCrontoDeviceActivationChallengeDataResourceDocument"}}}},"400":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>VALIDATION_FAILED</td>\n<td>The supplied attributes could not be validated successfully. See <a href=\"#validationFailures\">validation failures</a> for detail codes.</td>\n</tr>\n<tr>\n<td>CRONTO_OTP_WRONG</td>\n<td>The provided OTP was wrong.</td>\n</tr>\n<tr>\n<td>CRONTO_LETTER_INVALID</td>\n<td>The activation letter is not valid.</td>\n</tr>\n<tr>\n<td>ILLEGAL_CRONTO_PLATFORM</td>\n<td>The platform of the activation letter is not allowed.</td>\n</tr>\n<tr>\n<td>CRONTO_DEVICE_LIMIT_REACHED</td>\n<td>The maximum number of devices has been reached.</td>\n</tr>\n<tr>\n<td>CRONTO_LETTER_USAGE_LIMIT_REACHED</td>\n<td>The maximum number of activation letter uses has been reached.</td>\n</tr>\n</table>\n</div>\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"deprecated":true},"options":{"operationId":"/protected/startDeviceActivationCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/protected_other"]}},"/protected/my/tokens/mtan/{mtanId}/start-number-change":{"post":{"tags":["/protected_SMS/mTAN"],"summary":"Initiate number change","description":"> [!caution]\n> This endpoint is deprecated and replaced by the protected self-service flow functionality. See\n<tt>/protected/self-service/mtan/token/edit</tt>.\n<p>Initiates a phone number change for an mTAN token.</p>\n<p>If the server responds with 200 OK, an OTP is sent to the user's existing number.\nThe OTP together with the context that is returned within the response must be\nsent when calling '/verify-number-change' in order for the change to become effective.</p>\n<div class=\"iam-resource-return\">The response of the change.</div>","operationId":"/protected/startMtanNumberChange","requestBody":{"description":"The payload of the phone number change.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/MtanNumberChangeRequest"}}},"required":true},"responses":{"200":{"description":"If the change was initiated and an OTP was sent to verify the change.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/MyMtanTokenNumberChangeDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/MyMtanTokenNumberChangeDataResourceDocument"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"404":{"description":"If the mTAN token with the given ID does not exist.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"409":{"description":"The phone number conflicts with an existing number.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"deprecated":true},"options":{"operationId":"/protected/startMtanNumberChangeCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/protected_other"]},"parameters":[{"name":"mtanId","in":"path","description":"The ID of the mTAN token that is about to change the phone number.","required":true,"schema":{"type":"string"}}]},"/protected/my/tokens/mtan/{mtanId}/verify-number-change":{"post":{"tags":["/protected_SMS/mTAN"],"summary":"Verify number change","description":"> [!caution]\n> This endpoint is deprecated and replaced by the protected self-service flow functionality. See\n<tt>/protected/self-service/approval/mtan/otp/check</tt>.\n<p>Verifies the mTAN number change.</p>\n<p>Verification is based on the OTP and the context received from '/start-number-change'.\nThe phone number only gets changed if the verification of the context and the OTP was successful.</p>\n<div class=\"iam-resource-return\">information whether the change was successful.</div>","operationId":"/protected/verifyMtanNumberChange","requestBody":{"description":"Contains additional request parameters.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/MtanNumberChangeVerificationRequest"}}},"required":true},"responses":{"200":{"description":"The verification was successful and the phone number was changed."},"400":{"description":"The verification failed and the phone number was not changed.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"deprecated":true},"options":{"operationId":"/protected/verifyMtanNumberChangeCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/protected_other"]},"parameters":[{"name":"mtanId","in":"path","description":"The ID of the mTAN token for which to verify the phone number change.","required":true,"schema":{"type":"string"}}]},"/protected/my/password/change":{"post":{"tags":["/protected_Password"],"summary":"Change password","description":"> [!caution]\n> This endpoint is deprecated and replaced by the protected self-service flow functionality. See\n<tt>/protected/self-service/password/change</tt>.\n<p>Changes the user's password.</p>\n<p>Requires at least the previous password and a new password.</p>\n<div class=\"iam-resource-return\">Information about the password change.</div>","operationId":"/protected/changePassword","requestBody":{"description":"Contains the specification of the password change.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/VoluntaryPasswordChangeRequest"}}},"required":true},"responses":{"204":{"description":"The password change request was successfully processed."},"400":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>EXISTING_PASSWORD_WRONG</td>\n<td>The existing password is wrong.</td>\n</tr>\n<tr>\n<td>PASSWORD_POLICY_VIOLATED</td>\n<td>The new password violates the password policy. See <a href=\"#passwordPolicyDetailCodes\">password policy violation detail codes</a>.</td>\n</tr>\n</table>\n</div>\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"deprecated":true},"options":{"operationId":"/protected/changePasswordCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/protected_other"]}},"/protected/self-service/flow":{"delete":{"tags":["/protected/self-service_Flow Control"],"summary":"Abort flow","description":"Aborts the current self-service flow.\n<div class=\"iam-resource-return\">response</div>","operationId":"/protected/self-service/abort","responses":{"204":{"description":"Self-service flow successfully terminated."},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/protected/self-service/abortCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/protected/self-service_other"]}},"/protected/self-service/account-link/providers":{"get":{"tags":["/protected/self-service_OAuth 2.0/OIDC"],"summary":"List providers","description":"Fetch all providers with account linking self-service enabled.\n<ul>\n<li><b>filter</b>: Restricts the set of providers to those matching the filter criteria. See <a href=\"#filtering\">Filtering</a>.\n<p>\nSupported filter parameters are:\n<ul>\n<li><tt>linkable (boolean)</tt>: controls if only linkable providers should be returned.</li>\n</ul>\n</p>\n</li>\n</ul>\n<div class=\"iam-resource-return\">All available providers with account linking self-service enabled.</div>","operationId":"/protected/self-service/listProviders","responses":{"200":{"description":"Retrieved all providers with account linking self-service enabled.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/SelfServiceProviderDataCollectionDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/SelfServiceProviderDataCollectionDocument"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>PRECONDITION_NOT_FULFILLED</td>\n<td>The access condition for this service is not fulfilled.</td>\n</tr>\n<tr>\n<td>NOT_AUTHORIZED</td>\n<td>The authorization condition for this service is not fulfilled, further authentication is required.</td>\n</tr>\n</table>\n</div>\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/protected/self-service/listProvidersCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/protected/self-service_other"]},"parameters":[{"name":"filter","in":"query","schema":{"type":"array","description":"Applies filtering operations on the resource data set.","items":{"type":"string","description":"Applies filtering operations on the resource data set."}}}]},"/protected/self-service/account-links":{"get":{"tags":["/protected/self-service_OAuth 2.0/OIDC"],"summary":"List user's account links","description":"Fetch user's account links.\n<div class=\"iam-resource-return\">All of the users account links.</div>","operationId":"/protected/self-service/listAccountLinks","responses":{"200":{"description":"Retrieved available account links.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/SelfServiceAccountLinkDataCollectionDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/SelfServiceAccountLinkDataCollectionDocument"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>PRECONDITION_NOT_FULFILLED</td>\n<td>The access condition for this service is not fulfilled.</td>\n</tr>\n<tr>\n<td>NOT_AUTHORIZED</td>\n<td>The authorization condition for this service is not fulfilled, further authentication is required.</td>\n</tr>\n</table>\n</div>\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/protected/self-service/listAccountLinksCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/protected/self-service_other"]}},"/protected/self-service/airlock-2fa/app-devices":{"get":{"tags":["/protected/self-service_Airlock 2FA"],"summary":"List app devices","description":"Fetch user's Airlock 2FA app devices.\n<div class=\"iam-resource-return\">All Airlock 2FA app devices belonging to the user.</div>","operationId":"/protected/self-service/appDevices","responses":{"200":{"description":"Retrieved available Airlock 2FA app devices.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/Airlock2FAAppDeviceDataCollectionDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/Airlock2FAAppDeviceDataCollectionDocument"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>PRECONDITION_NOT_FULFILLED</td>\n<td>The access condition for this service is not fulfilled.</td>\n</tr>\n<tr>\n<td>NOT_AUTHORIZED</td>\n<td>The authorization condition for this service is not fulfilled, further authentication is required.</td>\n</tr>\n</table>\n</div>\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"404":{"description":"The user has no Airlock 2FA account.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/protected/self-service/appDevicesCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/protected/self-service_other"]}},"/protected/self-service/airlock-2fa/hardware-devices":{"get":{"tags":["/protected/self-service_Airlock 2FA"],"summary":"List hardware devices","description":"Fetch user's Airlock 2FA hardware devices.\n<div class=\"iam-resource-return\">All Airlock 2FA hardware devices belonging to the user.</div>","operationId":"/protected/self-service/hardwareDevices","responses":{"200":{"description":"Retrieved available Airlock 2FA hardware devices.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/Airlock2FAHardwareDeviceDataCollectionDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/Airlock2FAHardwareDeviceDataCollectionDocument"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>PRECONDITION_NOT_FULFILLED</td>\n<td>The access condition for this service is not fulfilled.</td>\n</tr>\n<tr>\n<td>NOT_AUTHORIZED</td>\n<td>The authorization condition for this service is not fulfilled, further authentication is required.</td>\n</tr>\n</table>\n</div>\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"404":{"description":"The user has no Airlock 2FA account.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/protected/self-service/hardwareDevicesCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/protected/self-service_other"]}},"/protected/self-service/cronto/devices":{"get":{"tags":["/protected/self-service_Cronto"],"summary":"List devices","description":"Retrieves the list of Cronto devices for the current user. An authenticated session obtained from\ncompleting an authentication flow is required, and both the \"Access Condition\" and \"Authorization Condition\"\nmust be fulfilled.\n<div class=\"iam-resource-return\">All Cronto devices belonging to the user.</div>","operationId":"/protected/self-service/listCrontoDevices","responses":{"200":{"description":"Retrieved available Cronto devices.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/CrontoSelfServiceDeviceDataCollectionDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/CrontoSelfServiceDeviceDataCollectionDocument"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>PRECONDITION_NOT_FULFILLED</td>\n<td>The access condition for this service is not fulfilled.</td>\n</tr>\n<tr>\n<td>NOT_AUTHORIZED</td>\n<td>The authorization condition for this service is not fulfilled, further authentication is required.</td>\n</tr>\n</table>\n</div>\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"404":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>ACCOUNT_NOT_FOUND</td>\n<td>The user has no Cronto account.</td>\n</tr>\n</table>\n</div>\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/protected/self-service/listCrontoDevicesCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/protected/self-service_other"]}},"/protected/self-service/device-token/tokens":{"get":{"tags":["/protected/self-service_Device Tokens"],"summary":"List tokens","description":"Retrieves the list of valid and enabled device tokens of the current user.\nAn authenticated session obtained from completing an authentication flow is required, and both the \"Access Condition\" and \"Authorization Condition\" must be fulfilled.\n<div class=\"iam-resource-return\">All device tokens belonging to the user.</div>","operationId":"/protected/self-service/listDeviceTokens","responses":{"200":{"description":"Retrieved available device tokens.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/DeviceTokenDataCollectionDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/DeviceTokenDataCollectionDocument"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>PRECONDITION_NOT_FULFILLED</td>\n<td>The access condition for this service is not fulfilled.</td>\n</tr>\n<tr>\n<td>NOT_AUTHORIZED</td>\n<td>The authorization condition for this service is not fulfilled, further authentication is required.</td>\n</tr>\n</table>\n</div>\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/protected/self-service/listDeviceTokensCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/protected/self-service_other"]}},"/protected/self-service/fido/credentials":{"get":{"tags":["/protected/self-service_FIDO"],"summary":"List credentials","description":"Retrieves the list of FIDO credentials for the current user. An authenticated session obtained from\ncompleting an authentication flow is required, and both the \"Access Condition\" and \"Authorization Condition\"\nmust be fulfilled.\n<div class=\"iam-resource-return\">All FIDO credentials belonging to the user.</div>","operationId":"/protected/self-service/listFidoCredentials","responses":{"200":{"description":"Retrieved available FIDO credentials.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/FidoSelfServiceCredentialDataCollectionDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/FidoSelfServiceCredentialDataCollectionDocument"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>PRECONDITION_NOT_FULFILLED</td>\n<td>The access condition for this service is not fulfilled.</td>\n</tr>\n<tr>\n<td>NOT_AUTHORIZED</td>\n<td>The authorization condition for this service is not fulfilled, further authentication is required.</td>\n</tr>\n</table>\n</div>\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/protected/self-service/listFidoCredentialsCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/protected/self-service_other"]}},"/protected/self-service/mtan/tokens":{"get":{"tags":["/protected/self-service_SMS/mTAN"],"summary":"List numbers","description":"Fetch user's mTAN numbers.\n<div class=\"iam-resource-return\">All mTAN numbers belonging to the user.</div>","operationId":"/protected/self-service/listNumbers","responses":{"200":{"description":"Retrieved available mTAN numbers.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/SelfServiceMtanNumberDataCollectionDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/SelfServiceMtanNumberDataCollectionDocument"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>PRECONDITION_NOT_FULFILLED</td>\n<td>The access condition for this service is not fulfilled.</td>\n</tr>\n<tr>\n<td>NOT_AUTHORIZED</td>\n<td>The authorization condition for this service is not fulfilled, further authentication is required.</td>\n</tr>\n</table>\n</div>\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/protected/self-service/listNumbersCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/protected/self-service_other"]}},"/protected/self-service/oauth2/consents":{"get":{"tags":["/protected/self-service_OAuth 2.0/OIDC"],"summary":"List consents","description":"Retrieves all stored consents for the authenticated user.\n<div class=\"iam-resource-return\">All consents for the authenticated user or an empty list if the user does not have any stored consents.</div>","operationId":"/protected/self-service/getConsents","responses":{"200":{"description":"Retrieved stored consents.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ConsentDataCollectionDocument"},"examples":{"Consents":{"description":"Consents","value":{"meta":{"type":"jsonapi.metadata.document","timestamp":"2025-09-22T10:52:38.025+02:00"},"data":[{"type":"oauth2.consent","id":"80fc559e-4d69-4691-80ff-81f6c22c7771","attributes":{"scope":"admin","translatedScope":"Administrator","authorizationServerId":"oauth2-as-as1","clientId":"client1","status":"denied","updatedAt":"2025-09-22T10:52:01.400+02:00"}},{"type":"oauth2.consent","id":"9c7a9837-f677-4621-9b5a-b48dcc0babce","attributes":{"scope":"employee","translatedScope":"Angestellter","authorizationServerId":"oauth2-as-as1","clientId":"client1","status":"granted","updatedAt":"2025-09-22T10:52:01.400+02:00"}},{"type":"oauth2.consent","id":"e9b02cda-a285-4bb8-b9d6-c56f8e422d7e","attributes":{"scope":"openid","authorizationServerId":"oauth2-as-as1","clientId":"client1","status":"denied","updatedAt":"2025-09-22T10:52:01.400+02:00"}}]}}}},"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ConsentDataCollectionDocument"},"examples":{"Consents":{"description":"Consents","value":{"meta":{"type":"jsonapi.metadata.document","timestamp":"2025-09-22T10:52:38.025+02:00"},"data":[{"type":"oauth2.consent","id":"80fc559e-4d69-4691-80ff-81f6c22c7771","attributes":{"scope":"admin","translatedScope":"Administrator","authorizationServerId":"oauth2-as-as1","clientId":"client1","status":"denied","updatedAt":"2025-09-22T10:52:01.400+02:00"}},{"type":"oauth2.consent","id":"9c7a9837-f677-4621-9b5a-b48dcc0babce","attributes":{"scope":"employee","translatedScope":"Angestellter","authorizationServerId":"oauth2-as-as1","clientId":"client1","status":"granted","updatedAt":"2025-09-22T10:52:01.400+02:00"}},{"type":"oauth2.consent","id":"e9b02cda-a285-4bb8-b9d6-c56f8e422d7e","attributes":{"scope":"openid","authorizationServerId":"oauth2-as-as1","clientId":"client1","status":"denied","updatedAt":"2025-09-22T10:52:01.400+02:00"}}]}}}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>PRECONDITION_NOT_FULFILLED</td>\n<td>The access condition for this service is not fulfilled.</td>\n</tr>\n<tr>\n<td>NOT_AUTHORIZED</td>\n<td>The authorization condition for this service is not fulfilled, further authentication is required.</td>\n</tr>\n</table>\n</div>\n","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/protected/self-service/getConsentsCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/protected/self-service_other"]}},"/protected/self-service/oauth2/sessions":{"get":{"tags":["/protected/self-service_OAuth 2.0/OIDC"],"summary":"List sessions","description":"Retrieves the user's valid OAuth 2.0 sessions.\n<div class=\"iam-resource-return\">All active OAuth 2.0 sessions of the user.</div>","operationId":"/protected/self-service/retrieveAllSessions","responses":{"200":{"description":"Retrieved available OAuth 2.0 sessions.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/SelfServiceOAuth2SessionDataCollectionDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/SelfServiceOAuth2SessionDataCollectionDocument"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>PRECONDITION_NOT_FULFILLED</td>\n<td>The access condition for this service is not fulfilled.</td>\n</tr>\n<tr>\n<td>NOT_AUTHORIZED</td>\n<td>The authorization condition for this service is not fulfilled, further authentication is required.</td>\n</tr>\n</table>\n</div>\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/protected/self-service/retrieveAllSessionsCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/protected/self-service_other"]}},"/protected/self-service/remember-me/devices":{"get":{"tags":["/protected/self-service_Remember-Me"],"summary":"List devices","description":"Retrieves Remember-Me devices for the current user. An authenticated session obtained from\ncompleting an authentication flow is required, and both the \"Access Condition\" and \"Authorization Condition\"\nmust be fulfilled.\n<div class=\"iam-resource-return\">All Remember-Me devices belonging to the user.</div>","operationId":"/protected/self-service/listRememberMeDevices","responses":{"200":{"description":"Retrieved available Remember-Me devices.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/SelfServiceRememberMeDeviceDataCollectionDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/SelfServiceRememberMeDeviceDataCollectionDocument"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>PRECONDITION_NOT_FULFILLED</td>\n<td>The access condition for this service is not fulfilled.</td>\n</tr>\n<tr>\n<td>NOT_AUTHORIZED</td>\n<td>The authorization condition for this service is not fulfilled, further authentication is required.</td>\n</tr>\n</table>\n</div>\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/protected/self-service/listRememberMeDevicesCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/protected/self-service_other"]}},"/protected/self-service/flows":{"get":{"tags":["/protected/self-service_Flow Control"],"summary":"Get info","description":"Retrieve information about self-service flows.\n<div class=\"iam-resource-return\">Information about the self-service flows.</div>","operationId":"/protected/self-service/retrieveFlowAvailability","responses":{"200":{"description":"Successfully retrieved information.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/SelfServiceFlowInformationDataCollectionDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/SelfServiceFlowInformationDataCollectionDocument"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/protected/self-service/retrieveFlowAvailabilityCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/protected/self-service_other"]}},"/protected/self-service/ui/on-completed/{flowId}":{"get":{"operationId":"/protected/self-service/getOnCompletedInfo","responses":{"200":{"description":"The response contains the requested UI configuration.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/OnCompletedSelfServiceDataResourceDocument"}},"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/OnCompletedSelfServiceDataResourceDocument"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-internal":"true","tags":["/protected/self-service_other"]},"options":{"operationId":"/protected/self-service/getOnCompletedInfoCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/protected/self-service_other"]},"parameters":[{"name":"flowId","in":"path","required":true,"schema":{"type":"string"}}]},"/protected/self-service/ui/on-failure/{flowId}":{"get":{"operationId":"/protected/self-service/getOnFailureInfo","responses":{"200":{"description":"The response contains the requested UI configuration.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/OnFailureSelfServiceDataResourceDocument"}},"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/OnFailureSelfServiceDataResourceDocument"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-internal":"true","tags":["/protected/self-service_other"]},"options":{"operationId":"/protected/self-service/getOnFailureInfoCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/protected/self-service_other"]},"parameters":[{"name":"flowId","in":"path","required":true,"schema":{"type":"string"}}]},"/protected/self-service/ui/configuration/account-links":{"get":{"tags":["/protected/self-service_UI"],"summary":"Get account link management","description":"Returns the UI configuration for account link management.\n<div class=\"iam-resource-return\">Data containing the UI configuration.</div>","operationId":"/protected/self-service/getUiForAccountLinkManagement","responses":{"200":{"description":"The response contains the requested UI configuration.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/AccountlinkManagementUiConfigData"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-internal":"true"},"options":{"operationId":"/protected/self-service/getUiForAccountLinkManagementCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/protected/self-service_other"]}},"/protected/self-service/ui/configuration/tokens/airlock-2fa":{"get":{"tags":["/protected/self-service_UI"],"summary":"Get Airlock 2FA self-management","description":"Returns the UI configuration for Airlock 2FA self-management.\n<div class=\"iam-resource-return\">Data containing the UI configuration.</div>","operationId":"/protected/self-service/getUiForAirlock2FAManagement","responses":{"200":{"description":"The response contains the requested UI configuration.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Airlock2FADeviceManagementUiConfigData"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-internal":"true"},"options":{"operationId":"/protected/self-service/getUiForAirlock2FAManagementCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/protected/self-service_other"]}},"/protected/self-service/ui/configuration/portal":{"get":{"tags":["/protected/self-service_UI"],"summary":"Get application portal","description":"Returns the UI configuration for the application portal.\n<div class=\"iam-resource-return\">Data containing the UI configuration.</div>","operationId":"/protected/self-service/getUiForApplicationPortal","responses":{"200":{"description":"The response contains the requested UI configuration.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ApplicationPortalUiData"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-internal":"true"},"options":{"operationId":"/protected/self-service/getUiForApplicationPortalCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/protected/self-service_other"]}},"/protected/self-service/ui/configuration/tokens/cronto":{"get":{"tags":["/protected/self-service_UI"],"summary":"Get Cronto device-management","description":"Returns the UI configuration for Cronto device-management.\n<div class=\"iam-resource-return\">Data containing the UI configuration.</div>","operationId":"/protected/self-service/getUiForCrontoManagement","responses":{"200":{"description":"The response contains the requested UI configuration.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/CrontoDeviceManagementUiConfigData"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-internal":"true"},"options":{"operationId":"/protected/self-service/getUiForCrontoManagementCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/protected/self-service_other"]}},"/protected/self-service/ui/configuration/tokens/device-token":{"get":{"tags":["/protected/self-service_UI"],"summary":"Get device token management","description":"Returns the UI configuration for device token management.\n<div class=\"iam-resource-return\">Data containing the UI configuration.</div>","operationId":"/protected/self-service/getUiForDeviceTokenManagement","responses":{"200":{"description":"The response contains the requested UI configuration.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/DeviceTokenManagementUiConfigData"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-internal":"true"},"options":{"operationId":"/protected/self-service/getUiForDeviceTokenManagementCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/protected/self-service_other"]}},"/protected/self-service/ui/configuration/tokens/fido":{"get":{"tags":["/protected/self-service_UI"],"summary":"Get FIDO credential-management","description":"Returns the UI configuration for FIDO credential-management.\n<div class=\"iam-resource-return\">Data containing the UI configuration.</div>","operationId":"/protected/self-service/getUiForFidoManagement","responses":{"200":{"description":"The response contains the requested UI configuration.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/FidoCredentialManagementUiConfigData"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-internal":"true"},"options":{"operationId":"/protected/self-service/getUiForFidoManagementCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/protected/self-service_other"]}},"/protected/self-service/ui/configuration/tokens/mtan":{"get":{"tags":["/protected/self-service_UI"],"summary":"Get mTAN number-management","description":"Returns the UI configuration for mTAN number-management.\n<div class=\"iam-resource-return\">Data containing the UI configuration.</div>","operationId":"/protected/self-service/getUiForMtanManagement","responses":{"200":{"description":"The response contains the requested UI configuration.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/MtanNumberManagementUiConfigData"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-internal":"true"},"options":{"operationId":"/protected/self-service/getUiForMtanManagementCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/protected/self-service_other"]}},"/protected/self-service/ui/configuration/oauth2/consents":{"get":{"operationId":"/protected/self-service/getUiForOAuth2ConsentManagement","responses":{"200":{"description":"The response contains the requested UI configuration.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/OAuth2ConsentManagementUiConfigData"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-internal":"true","tags":["/protected/self-service_other"]},"options":{"operationId":"/protected/self-service/getUiForOAuth2ConsentManagementCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/protected/self-service_other"]}},"/protected/self-service/ui/configuration/oauth2/sessions":{"get":{"operationId":"/protected/self-service/getUiForOAuth2SessionManagement","responses":{"200":{"description":"The response contains the requested UI configuration.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/OAuth2SessionManagementUiConfigData"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-internal":"true","tags":["/protected/self-service_other"]},"options":{"operationId":"/protected/self-service/getUiForOAuth2SessionManagementCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/protected/self-service_other"]}},"/protected/self-service/ui/configuration/remember-me/devices":{"get":{"operationId":"/protected/self-service/getUiForRememberMeDeviceManagement","responses":{"200":{"description":"The response contains the requested UI configuration.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/RememberMeDeviceManagementUiConfigData"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-internal":"true","tags":["/protected/self-service_other"]},"options":{"operationId":"/protected/self-service/getUiForRememberMeDeviceManagementCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/protected/self-service_other"]}},"/protected/self-service/ui/configuration/representation":{"get":{"tags":["/protected/self-service_UI"],"summary":"Get user representation","description":"Returns the UI configuration for user representation.\n<div class=\"iam-resource-return\">Data containing the UI configuration.</div>","operationId":"/protected/self-service/getUiForRepresentation","responses":{"200":{"description":"The response contains the requested UI configuration.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/UserRepresentationUiConfigData"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-internal":"true"},"options":{"operationId":"/protected/self-service/getUiForRepresentationCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/protected/self-service_other"]}},"/protected/self-service/account-link/providers/{id}/link":{"post":{"tags":["/protected/self-service_OAuth 2.0/OIDC"],"summary":"Initiate account linking","description":"Initiates the linking of an account on the given provider.\n<div class=\"iam-resource-return\">Whether the flow can be continued.</div>","operationId":"/protected/self-service/selectForLinking","responses":{"200":{"description":"Further steps required.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/SelfServiceFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/SelfServiceFlowResultDataResourceDocument"}}}},"400":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>PROVIDER_INVALID</td>\n<td>The provider does not exist or does not support account links.</td>\n</tr>\n<tr>\n<td>PROVIDER_ALREADY_LINKED</td>\n<td>The provider is already linked.</td>\n</tr>\n</table>\n</div>\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>ACCOUNT_ALREADY_LINKED</td>\n<td>The desired account is already linked.</td>\n</tr>\n</table>\n</div>\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/protected/self-service/selectForLinkingCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/protected/self-service_other"]},"parameters":[{"name":"id","in":"path","description":"The provider ID to initiate the linking for.","required":true,"schema":{"type":"string"}}]},"/protected/self-service/account-links/{id}/remove":{"post":{"tags":["/protected/self-service_OAuth 2.0/OIDC"],"summary":"Marks the account link identified by the given ID to be removed.","description":"Marks the account link identified by the given ID to be removed.\n<div class=\"iam-resource-return\">Whether the operation was successful.</div>","operationId":"/protected/self-service/selectForRemoval","responses":{"200":{"description":"The account link was marked for removal.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/SelfServiceFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/SelfServiceFlowResultDataResourceDocument"}}}},"400":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>ACCOUNT_LINK_NOT_FOUND</td>\n<td>No account link with the requested ID was found.</td>\n</tr>\n</table>\n</div>\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/protected/self-service/selectForRemovalCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/protected/self-service_other"]},"parameters":[{"name":"id","in":"path","description":"The account link ID to be removed.","required":true,"schema":{"type":"string"}}]},"/protected/self-service/airlock-2fa/activation/start":{"post":{"tags":["/protected/self-service_Airlock 2FA"],"summary":"Start activation","description":"Starts a device activation with Trusted Session Binding.\n<div class=\"iam-resource-return\">The flow binding token.</div>","operationId":"/protected/self-service/getBindingToken","requestBody":{"description":"Contains the activation code for which the flow binding token is retrieved.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Airlock2FAFlowBindingTokenRequest"}}},"required":true},"responses":{"200":{"description":"Further steps required.\n<br>Next step: <tt>AIRLOCK_2FA_DEVICE_ACTIVATION_REQUIRED</tt>.\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/SelfServiceFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/SelfServiceFlowResultDataResourceDocument"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>AIRLOCK_2FA_DEVICE_ACTIVATION_FAILED</td>\n<td>The activation code corresponds to a valid activation of the user but it is expired or has already been used previously to activate a device.</td>\n</tr>\n<tr>\n<td>AIRLOCK_2FA_DEVICE_ACTIVATION_CODE_INVALID</td>\n<td>The provided activation code does not correspond to a valid activation of the user.</td>\n</tr>\n</table>\n</div>\n<br>The current flow has been aborted.\n<br>Possible next step: none.\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/protected/self-service/getBindingTokenCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/protected/self-service_other"]}},"/protected/self-service/airlock-2fa/activation/status/poll":{"post":{"tags":["/protected/self-service_Airlock 2FA"],"summary":"Poll activation","description":"Polls the Airlock 2FA activation status.\n<div class=\"iam-resource-return\">The status of the Airlock 2FA activation.\nThe attribute <tt>nextStep</tt> defines the next flow step (can be the current step, if further polling is required).\nIf the attribute is missing, the activation is successfully completed.</div>","operationId":"/protected/self-service/pollActivationStatus","responses":{"200":{"description":"Step completed or further steps required, such as further polling.\n<br>Possible next step: <tt><s>AIRLOCK_2FA_DEVICE_ACTIVATION_POLLING_REQUIRED</s></tt> (will be removed with 9.0,\nclients should be prepared to expect <tt>AIRLOCK_2FA_DEVICE_ACTIVATION_REQUIRED</tt> instead,\nas documented <a href=\"#nextSelfServiceStepCodes\">here</a>).\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/SelfServiceFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/SelfServiceFlowResultDataResourceDocument"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>AIRLOCK_2FA_DEVICE_ACTIVATION_FAILED</td>\n<td>The activation is expired.</td>\n</tr>\n</table>\n</div>\n<br>The current flow has been aborted.\n<br>Possible next step: none.\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/protected/self-service/pollActivationStatusCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/protected/self-service_other"]},"parameters":[{"name":"queryOnly","in":"query","description":"Whether the final result should be returned (optional, default <tt>false</tt>). See <a href=\"#pollingEndpoints\">polling endpoints</a> for details.","schema":{"type":"boolean"}}]},"/protected/self-service/airlock-2fa/device-edit/data":{"post":{"tags":["/protected/self-service_Airlock 2FA"],"summary":"Edit attributes","description":"Edit attributes of an Airlock 2FA device.\n<p>This endpoint updates only attributes sent with the request. Omitted attributes remain unchanged.</p>\n<div class=\"iam-resource-return\">Whether the changed device attributes were accepted. If a request contains both valid and invalid attributes, only the valid attributes will be processed.\n This endpoint returns a <tt>nextStep</tt> with value <tt>AIRLOCK_2FA_DEVICE_EDIT_POSSIBLE</tt>.\n A follow-up call to the <tt>continue</tt> endpoint will advance the flow and apply the valid changes.\n <p>\n On error, this endpoint returns a detailed list of validation failures.\n </p></div>","operationId":"/protected/self-service/editDevice","requestBody":{"description":"Contains the device attributes to be edited. Currently, only the device display name can be changed.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Airlock2FADeviceEditRequest"}}},"required":true},"responses":{"200":{"description":"Device attributes successfully set. Possible next steps: <tt>AIRLOCK_2FA_DEVICE_EDIT_POSSIBLE</tt> (as documented <a href=\"#nextSelfServiceStepCodes\">here</a>).","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/SelfServiceFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/SelfServiceFlowResultDataResourceDocument"}}}},"400":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>VALIDATION_FAILED</td>\n<td>The supplied attributes could not be validated successfully. See <a href=\"#validationFailures\">validation failures</a> for detail codes.</td>\n</tr>\n</table>\n</div>\n<br>Possible next steps: <tt>AIRLOCK_2FA_DEVICE_EDIT_POSSIBLE</tt> (as documented <a href=\"#nextSelfServiceStepCodes\">here</a>).\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"The current self-service flow has been aborted.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/protected/self-service/editDeviceCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/protected/self-service_other"]}},"/protected/self-service/airlock-2fa/device-edit/continue":{"post":{"tags":["/protected/self-service_Airlock 2FA"],"summary":"Validate and continue","description":"Validate all data on the current Airlock 2FA device edit step and continue.\n<div class=\"iam-resource-return\">If the attribute <tt>nextStep</tt> is\n present in the response, further steps are required to successfully edit the device data. If the attribute is missing, the\n user has successfully completed the self-service flow.\n <p>\n On error, this endpoint returns a detailed list of validation failures.\n </p></div>","operationId":"/protected/self-service/validateAndContinue","responses":{"200":{"description":"All changes successfully validated and registered. Self-service flow completed if no further steps required.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/SelfServiceFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/SelfServiceFlowResultDataResourceDocument"}}}},"400":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>VALIDATION_FAILED</td>\n<td>The supplied attributes could not be validated successfully. See <a href=\"#validationFailures\">validation failures</a> for detail codes.</td>\n</tr>\n</table>\n</div>\n<br>Possible next steps: <tt>AIRLOCK_2FA_DEVICE_EDIT_POSSIBLE</tt> (as documented <a href=\"#nextSelfServiceStepCodes\">here</a>).\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"The current self-service flow has been aborted.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/protected/self-service/validateAndContinueCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/protected/self-service_other"]}},"/protected/self-service/airlock-2fa/devices/{deviceId}/remove":{"post":{"tags":["/protected/self-service_Airlock 2FA"],"summary":"Mark for removal","description":"Marks the device identified by the given ID for removal.\n<div class=\"iam-resource-return\">Whether the operation was successful.</div>","operationId":"/protected/self-service/select","responses":{"200":{"description":"The Airlock 2FA device was marked for removal.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/SelfServiceFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/SelfServiceFlowResultDataResourceDocument"}}}},"400":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>AIRLOCK_2FA_DEVICE_NOT_FOUND</td>\n<td>The device was not found.</td>\n</tr>\n<tr>\n<td>AIRLOCK_2FA_DEVICE_NOT_APPLICABLE</td>\n<td>The device is not applicable for this step.</td>\n</tr>\n</table>\n</div>\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/protected/self-service/selectCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/protected/self-service_other"]},"parameters":[{"name":"deviceId","in":"path","description":"The device id to be removed.","required":true,"schema":{"type":"string"}}]},"/protected/self-service/airlock-2fa/devices/{deviceId}/select":{"post":{"tags":["/protected/self-service_Airlock 2FA"],"summary":"Select device","description":"Selects an Airlock 2FA device.\n<div class=\"iam-resource-return\">Whether the selection was successful.</div>","operationId":"/protected/self-service/select_1","responses":{"200":{"description":"The Airlock 2FA device was selected.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/SelfServiceFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/SelfServiceFlowResultDataResourceDocument"}}}},"400":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>AIRLOCK_2FA_DEVICE_CHOICE_FAILED</td>\n<td>The device could not be selected.</td>\n</tr>\n<tr>\n<td>AIRLOCK_2FA_DEVICE_NOT_APPLICABLE</td>\n<td>The device is not applicable for this step.</td>\n</tr>\n</table>\n</div>\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/protected/self-service/select_1CorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/protected/self-service_other"]},"parameters":[{"name":"deviceId","in":"path","description":"The device id to select.","required":true,"schema":{"type":"string"}}]},"/protected/self-service/airlock-2fa/recovery/status/poll":{"post":{"tags":["/protected/self-service_Airlock 2FA"],"summary":"Poll status","description":"Polls the Airlock 2FA devices recovery status.\n<div class=\"iam-resource-return\">The status of the Airlock 2FA devices recovery.\n The attribute <tt>nextStep</tt> defines the next flow step (can be the current step, if further polling is required).\n If the attribute is missing, the recovery is successfully completed.</div>","operationId":"/protected/self-service/pollRecoveryStatus","responses":{"200":{"description":"Step completed or further steps required, such as further polling.\n<br>Possible next step: <tt>AIRLOCK_2FA_RECOVERY_REQUIRED</tt> (as documented <a href=\"#nextSelfServiceStepCodes\">here</a>).\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/SelfServiceFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/SelfServiceFlowResultDataResourceDocument"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/protected/self-service/pollRecoveryStatusCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/protected/self-service_other"]}},"/protected/self-service/airlock-2fa/recovery/start":{"post":{"tags":["/protected/self-service_Airlock 2FA"],"summary":"Start recovery","description":"Starts the recovery of one or multiple Airlock 2FA devices with Trusted Session Binding.\nOne installation of an Airlock 2FA App can be enrolled for different users.\nEach of these enrollments represents one (virtual) Airlock 2FA Device.\nAll the devices on one Airlock 2FA App installation have to be recovered at the same time.\nIf multiple of these devices require Trusted Session Binding, all of their identifiers have to\nbe provided to this endpoint.\n<div class=\"iam-resource-return\">The Trusted Session Binding token (as part of the additional attributes, as documented <a href=\"#additionalSelfServiceAttributes\">here</a>).</div>","operationId":"/protected/self-service/startRecovery","requestBody":{"description":"Contains the identifiers of the devices to be recovered.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Airlock2FARecoveryFlowBindingRequest"}}},"required":true},"responses":{"200":{"description":"Further steps required.\n<br>Next step: <tt>AIRLOCK_2FA_RECOVERY_REQUIRED</tt> (as documented <a href=\"#nextSelfServiceStepCodes\">here</a>).\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/SelfServiceFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/SelfServiceFlowResultDataResourceDocument"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>AIRLOCK_2FA_RECOVERY_DEVICES_INVALID</td>\n<td>The provided devices are invalid. Exactly one of the provided identifiers has to correspond to a device of the current user.</td>\n</tr>\n</table>\n</div>\n<br>The current flow has been aborted.\n<br>Possible next step: none.\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/protected/self-service/startRecoveryCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/protected/self-service_other"]}},"/protected/self-service/approval/airlock-2fa/passcode/check":{"post":{"tags":["/protected/self-service_Airlock 2FA"],"summary":"Verify passcode","description":"Verifies the submitted Airlock 2FA passcode. The previously selected device has no impact on the passcode verification.\nNote that passcode checks are only possible if the step is in offline mode (using <tt>POST /protected/self-service/airlock-2fa/offline/</tt>).\n<div class=\"iam-resource-return\">Whether the check was successful. If the attribute <tt>nextAuthStep</tt> is present in the response,\n further steps are required to successfully approve. If the attribute is missing, the message is\n successfully approved.</div>","operationId":"/protected/self-service/checkPasscode","requestBody":{"description":"Contains the passcode.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Airlock2FAPasscodeCheckRequest"}}},"required":true},"responses":{"200":{"description":"Approval successful or further steps required.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/SelfServiceFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/SelfServiceFlowResultDataResourceDocument"}}}},"400":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>AIRLOCK_2FA_PASSCODE_WRONG</td>\n<td>Passcode could not be validated successfully. Retry with correct passcode.</td>\n</tr>\n</table>\n</div>\n<br>Possible next step: <tt>AIRLOCK_2FA_PASSCODE_REQUIRED</tt> (as documented <a href=\"#nextAuthStepCodes\">here</a>).\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>AIRLOCK_2FA_PASSCODE_WRONG</td>\n<td>The passcode could not be validated successfully and no retries are allowed.</td>\n</tr>\n<tr>\n<td>AUTH_METHOD_INACTIVE</td>\n<td>The Airlock 2FA account is locked. No retries are allowed.</td>\n</tr>\n</table>\n</div>\n<br>The current self-service flow has been aborted.\n<br>Possible next step: none.\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/protected/self-service/checkPasscodeCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/protected/self-service_other"]}},"/protected/self-service/approval/airlock-2fa/status/poll":{"post":{"tags":["/protected/self-service_Airlock 2FA"],"summary":"Poll status","description":"<p>Polls Airlock 2FA self-service approval status.</p>\n<p>Allows polling whether the message was approved by the app (\"online validation\"). If there\nhas not been any response from the app, keep polling in regular intervals or switch to\noffline mode (<tt>POST /airlock-2fa/offline</tt>), if allowed by the configuration, and check the OTP manually\n(<tt>POST /airlock-2fa/otp/check</tt>).</p>\n<p>This endpoint is used for approval using the Airlock 2FA factors One-Touch and Online QR Code, or for mobile-only authentication.</p>\n<div class=\"iam-resource-return\">The status of the online validation. If the attribute <tt>nextStep</tt> is present in the response,\n further steps are required to successfully approve the message. If the attribute is missing,\n the approval was successful.</div>","operationId":"/protected/self-service/pollOnlineValidation","responses":{"200":{"description":"Airlock 2FA approval successful (if attribute <tt>nextStep</tt> is missing),\nAirlock 2FA not yet approved (if <tt>nextStep</tt> has value <tt>AIRLOCK_2FA_POLLING_REQUIRED</tt> or <tt>AIRLOCK_2FA_POLLING_OR_OFFLINE_REQUIRED</tt>),\nfurther steps required in all other cases.\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/SelfServiceFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/SelfServiceFlowResultDataResourceDocument"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>APPROVAL_FAILED</td>\n<td>The message was not approved. This could be due to the user actively cancelling on the app or a timeout.</td>\n</tr>\n</table>\n</div>\n<br>The current self-service flow has been aborted.\n<br>Possible next step: none.\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/protected/self-service/pollOnlineValidationCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/protected/self-service_other"]},"parameters":[{"name":"queryOnly","in":"query","description":"Whether the final result should be returned (optional, default <tt>false</tt>). See <a href=\"#pollingEndpoints\">polling endpoints</a> for details.","schema":{"type":"boolean"}}]},"/protected/self-service/approval/airlock-2fa/devices/{id}/select":{"post":{"tags":["/protected/self-service_Airlock 2FA"],"summary":"Select device","description":"Selects one of the available Airlock 2FA devices to use for the approval.\n<div class=\"iam-resource-return\">Whether the device selection was successful. Gives information about the next self-service step required.</div>","operationId":"/protected/self-service/selectDevice","responses":{"200":{"description":"Airlock 2FA device successfully selected. Further steps required, such as polling.\n<br>Possible next steps: <tt>AIRLOCK_2FA_POLLING_REQUIRED</tt>, <tt>AIRLOCK_2FA_POLLING_OR_OFFLINE_REQUIRED</tt> (as documented <a href=\"#nextSelfServiceStepCodes\">here</a>).\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/SelfServiceFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/SelfServiceFlowResultDataResourceDocument"}}}},"400":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>AIRLOCK_2FA_DEVICE_CHOICE_FAILED</td>\n<td>Invalid ID selected. Retry with valid ID.</td>\n</tr>\n</table>\n</div>\n<br>Possible next step: <tt>AIRLOCK_2FA_DEVICE_CHOICE_REQUIRED</tt> (as documented <a href=\"#nextSelfServiceStepCodes\">here</a>).\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/protected/self-service/selectDeviceCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/protected/self-service_other"]},"parameters":[{"name":"id","in":"path","description":"The ID of the selected Airlock 2FA device.","required":true,"schema":{"type":"string"}}]},"/protected/self-service/approval/airlock-2fa/offline":{"post":{"tags":["/protected/self-service_Airlock 2FA"],"summary":"Switch to offline","description":"Switch to Airlock 2FA offline approval.\nThis will terminate any occurring online validation. As a consequence, any push notification sent can no longer be used to approve the message\nand subsequent online validation of the message is no longer possible.\nIf no validation was currently taking place when the call was made (because a device selection was required),\na new approval process with Offline QR Code (only) will be transparently started.\n<p>This call is <em>required</em> to verify an OTP to validate an Offline QR Code challenge (<tt>POST /airlock-2fa/otp/check</tt>).\n</p>\n<div class=\"iam-resource-return\">Whether the switch to offline approval was successful. Gives information about the next self-service step required.</div>","operationId":"/protected/self-service/switchToOffline","responses":{"200":{"description":"Successfully switched to offline approval.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/SelfServiceFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/SelfServiceFlowResultDataResourceDocument"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Offline selection failed. The current self-service flow has been aborted.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/protected/self-service/switchToOfflineCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/protected/self-service_other"]}},"/protected/self-service/approval/airlock-2fa/offline-qr-code/otp/check":{"post":{"tags":["/protected/self-service_Airlock 2FA"],"summary":"Verify OTP","description":"Verifies the provided OTP to validate an Airlock 2FA Offline QR Code challenge.\nThe OTP is provided by the user (after scanning the Offline QR Code challenge).\n<p>Use this call for manual OTP validation for a <tt>AIRLOCK_2FA_QR_CODE_OTP_REQUIRED</tt> next approval step.\n</p>\n<div class=\"iam-resource-return\">Whether the check was successful. If the attribute <tt>nextStep</tt> is present in the response,\n further steps are required to successfully approve the message. If the attribute is missing,\n the approval was successful.</div>","operationId":"/protected/self-service/validateOfflineQrCode","requestBody":{"description":"Contains the Airlock 2FA OTP.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/GenericOtpCheckRequest"}}},"required":true},"responses":{"200":{"description":"Airlock 2FA approval successful.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/SelfServiceFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/SelfServiceFlowResultDataResourceDocument"}}}},"400":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>AIRLOCK_2FA_QR_CODE_OTP_WRONG</td>\n<td>OTP could not be validated successfully. Retry with correct OTP.</td>\n</tr>\n</table>\n</div>\n<br>Possible next step: <tt>AIRLOCK_2FA_QR_CODE_OTP_REQUIRED</tt> (as documented <a href=\"#nextSelfServiceStepCodes\">here</a>).\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>AIRLOCK_2FA_QR_CODE_OTP_WRONG</td>\n<td>The OTP could not be validated successfully and no retries are allowed.</td>\n</tr>\n</table>\n</div>\n<br>The current self-service flow has been aborted.\n<br>Possible next step: none.\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/protected/self-service/validateOfflineQrCodeCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/protected/self-service_other"]}},"/protected/self-service/cronto/activation/start":{"post":{"tags":["/protected/self-service_Cronto"],"summary":"Verify OTP","description":"Verifies the first Cronto device activation OTP.\nIf the user has a Cronto activation letter, the request contains the OTP from scanning the\ncryptogram on the letter.\nIf the user is allowed to activate a Cronto device without a letter, the request contains the OTP\nfrom the first activation challenge, which was returned as <a href=\"#additionalSelfServiceAttributes\">additional attribute</a>\nwith the <tt>CRONTO_ACTIVATION_START_WITHOUT_LETTER_REQUIRED</tt> next step code.\n<div class=\"iam-resource-return\">Whether the check was successful. In successful responses, the attribute <tt>nextStep</tt> will be present\n which indicates that further steps are required to successfully activate the Cronto device.</div>","operationId":"/protected/self-service/verifyFirstOtp","requestBody":{"description":"Contains the OTP from the first Cronto activation challenge.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/CrontoDeviceActivationFirstOtpSelfServiceRequest"}}},"required":true},"responses":{"200":{"description":"OTP verified and new challenge created.\n<br>Next step: <tt>CRONTO_ACTIVATION_COMPLETE_REQUIRED</tt> (as documented <a href=\"#nextSelfServiceStepCodes\">here</a>).\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/SelfServiceFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/SelfServiceFlowResultDataResourceDocument"}}}},"400":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>CRONTO_OTP_WRONG</td>\n<td>OTP could not be validated successfully. Retry with correct OTP.</td>\n</tr>\n</table>\n</div>\n<br>Possible next step: <tt>CRONTO_ACTIVATION_START_REQUIRED</tt> (as documented <a href=\"#nextSelfServiceStepCodes\">here</a>).\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>CRONTO_OTP_WRONG</td>\n<td>The OTP could not be validated successfully and no retries are allowed.</td>\n</tr>\n<tr>\n<td>CRONTO_LETTER_INVALID</td>\n<td>The activation letter is not valid.</td>\n</tr>\n<tr>\n<td>ILLEGAL_CRONTO_PLATFORM</td>\n<td>The platform of the activation letter is not allowed.</td>\n</tr>\n<tr>\n<td>CRONTO_DEVICE_LIMIT_REACHED</td>\n<td>The maximum number of devices has been reached.</td>\n</tr>\n<tr>\n<td>CRONTO_LETTER_USAGE_LIMIT_REACHED</td>\n<td>The maximum number of activation letter uses has been reached.</td>\n</tr>\n</table>\n</div>\n<br>The current self-service flow has been aborted.\n<br>Possible next step: none.\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/protected/self-service/verifyFirstOtpCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/protected/self-service_other"]}},"/protected/self-service/cronto/activation/complete":{"post":{"tags":["/protected/self-service_Cronto"],"summary":"Complete activation","description":"Completes activating a new Cronto Device.\nActivates a new Cronto device by verifying the OTP the user has extracted from the cryptogram that was returned\nas <a href=\"#additionalSelfServiceAttributes\">additional attribute</a> with the <tt>CRONTO_ACTIVATION_COMPLETE_REQUIRED</tt> next step code.\n<div class=\"iam-resource-return\">Whether the check was successful. If the attribute <tt>nextStep</tt> is present in the response,\n further steps are required to successfully complete the self-service flow. If the attribute is missing, the self\n service-flow has successfully been completed.</div>","operationId":"/protected/self-service/verifySecondOtp","requestBody":{"description":"Contains the second OTP and the device label for the newly activated Cronto device.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/CrontoDeviceActivationSecondOtpSelfServiceRequest"}}},"required":true},"responses":{"200":{"description":"Cronto device activation completed. Self-service successful or further steps required.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/SelfServiceFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/SelfServiceFlowResultDataResourceDocument"}}}},"400":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>CRONTO_OTP_WRONG</td>\n<td>OTP could not be validated successfully. Retry with correct OTP.</td>\n</tr>\n</table>\n</div>\n<br>Possible next step: <tt>CRONTO_ACTIVATION_COMPLETE_REQUIRED</tt> (as documented <a href=\"#nextSelfServiceStepCodes\">here</a>).\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>CRONTO_OTP_WRONG</td>\n<td>The OTP could not be validated successfully and no retries are allowed.</td>\n</tr>\n<tr>\n<td>CRONTO_DEVICE_ALREADY_EXISTS</td>\n<td>Cronto device already activated.</td>\n</tr>\n</table>\n</div>\n<br>The current self-service flow has been aborted.\n<br>Possible next step: none.\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/protected/self-service/verifySecondOtpCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/protected/self-service_other"]}},"/protected/self-service/cronto/push-devices/activation/continue":{"post":{"tags":["/protected/self-service_Cronto"],"summary":"Continue activation","description":"Continues after Cronto push activation.\nVerifies that push activation was successful. This endpoint has \"polling\" semantic, as long as push activation\nis still pending, <tt>CRONTO_PUSH_ACTIVATION_POSSIBLE</tt> is returned. Once push activation is complete, the\nflow is continued.\n<div class=\"iam-resource-return\">A success result if the device successfully activated push.</div>","operationId":"/protected/self-service/checkCompleted","responses":{"200":{"description":"Push not yet activated (retry later), self-service flow completed or further steps required.\n<br>Possible next steps: <tt>CRONTO_PUSH_ACTIVATION_POSSIBLE</tt> (as documented <a href=\"#nextSelfServiceStepCodes\">here</a>).\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/SelfServiceFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/SelfServiceFlowResultDataResourceDocument"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/protected/self-service/checkCompletedCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/protected/self-service_other"]},"parameters":[{"name":"queryOnly","in":"query","description":"Whether the final result should be returned (optional, default <tt>false</tt>). See <a href=\"#pollingEndpoints\">polling endpoints</a> for details.","schema":{"type":"boolean"}}]},"/protected/self-service/approval/cronto/otp/check":{"post":{"tags":["/protected/self-service_Cronto"],"summary":"Verify Cronto OTP","description":"Verifies the submitted Cronto OTP.\nThe OTP was entered by the user (after scanning the cryptogram image) or returned by the Cronto app\n(when using the secure channel challenge in app-to-app communication).\n<p>Use this call for manual OTP validation for a <tt>CRONTO_OTP_REQUIRED</tt> next step action\n(when \"onlineValidation\" was false, or offline fallback was selected by the user). Note that in any case\nmanually OTP checking <em>cancels online validation</em>. It is recommended to obtain the current\nchallenge again after each failed OTP check, as the \"onlineValidation\" flag could have changed.</p>\n<div class=\"iam-resource-return\">Whether the check was successful. If the attribute <tt>nextStep</tt> is present in the response,\n further steps are required to successfully approve the operation. If the attribute is missing, the self-service\n flow completed successfully.</div>","operationId":"/protected/self-service/checkCrontoOtp","requestBody":{"description":"Contains the Cronto OTP.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/GenericOtpCheckRequest"}}},"required":true},"responses":{"200":{"description":"Self-service flow successful or further steps required.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/SelfServiceFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/SelfServiceFlowResultDataResourceDocument"}}}},"400":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>CRONTO_OTP_WRONG</td>\n<td>OTP could not be validated successfully. Retry with correct OTP.</td>\n</tr>\n</table>\n</div>\n<br>Possible next step: <tt>CRONTO_OTP_REQUIRED</tt> (as documented <a href=\"#nextSelfServiceStepCodes\">here</a>).\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>CRONTO_OTP_WRONG</td>\n<td>The OTP could not be validated successfully and no retries are allowed.</td>\n</tr>\n</table>\n</div>\n<br>The current self-service flow has been aborted.\n<br>Possible next step: none.\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/protected/self-service/checkCrontoOtpCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/protected/self-service_other"]}},"/protected/self-service/approval/cronto/otp/poll":{"post":{"tags":["/protected/self-service_Cronto"],"summary":"Poll challenge","description":"Cronto Challenge Polling.\nAllows polling whether the Cronto challenge has been answered by the app (\"online validation\"). If there\nhas not been any response from the app, keep polling in regular intervals or check the OTP manually\n(<tt>POST /cronto/otp/check</tt>).\n<div class=\"iam-resource-return\">The status of the online validation (still waiting/success/cancelled/failed).\n If the attribute <tt>nextStep</tt> is present in the response, further steps are required\n to successfully approve the operation. If the attribute is missing, the self-service\n flow completed successfully.</div>","operationId":"/protected/self-service/pollOnlineValidation_1","responses":{"200":{"description":"Challenge not yet validated (retry later or check OTP manually), self-service flow successful or further steps required.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/SelfServiceFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/SelfServiceFlowResultDataResourceDocument"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>CRONTO_OTP_WRONG</td>\n<td>The OTP could not be validated successfully.</td>\n</tr>\n<tr>\n<td>CANCELLED_BY_USER</td>\n<td>The process has been cancelled by the user in the app.</td>\n</tr>\n</table>\n</div>\n<br>The current self-service flow has been aborted.\n<br>Possible next step: none.\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/protected/self-service/pollOnlineValidation_1CorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/protected/self-service_other"]},"parameters":[{"name":"queryOnly","in":"query","description":"Whether the final result should be returned (optional, default <tt>false</tt>). See <a href=\"#pollingEndpoints\">polling endpoints</a> for details.","schema":{"type":"boolean"}}]},"/protected/self-service/approval/cronto/offline":{"post":{"tags":["/protected/self-service_Cronto"],"summary":"Select offline mode","description":"Selects offline mode instead of a push device. No push notification is sent to a device and no subsequent online validation\nof the response will be possible.\n<div class=\"iam-resource-return\">Whether the selection of offline mode was successful. Gives information about the next self-service step required.</div>","operationId":"/protected/self-service/selectOfflineAuthentication","responses":{"200":{"description":"Successfully selected an offline device.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/SelfServiceFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/SelfServiceFlowResultDataResourceDocument"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Offline selection failed. The current self-service flow has been aborted.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/protected/self-service/selectOfflineAuthenticationCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/protected/self-service_other"]}},"/protected/self-service/approval/cronto/push-devices/{id}/select":{"post":{"tags":["/protected/self-service_Cronto"],"summary":"Select push device","description":"Selects one of the active push devices to which the push notification will be sent.\n<div class=\"iam-resource-return\">Whether the device selection was successful. Gives information about the next self-service step required.</div>","operationId":"/protected/self-service/selectPushDevice","responses":{"200":{"description":"Push device successfully selected, notification sent.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/SelfServiceFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/SelfServiceFlowResultDataResourceDocument"}}}},"400":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>CRONTO_DEVICE_CHOICE_FAILED</td>\n<td>Invalid ID selected. Retry with valid ID.</td>\n</tr>\n</table>\n</div>\n<br>Possible next step: <tt>CRONTO_DEVICE_CHOICE_REQUIRED</tt> (as documented <a href=\"#nextSelfServiceStepCodes\">here</a>).\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>CRONTO_DEVICE_CHOICE_FAILED</td>\n<td>Invalid ID selected.</td>\n</tr>\n</table>\n</div>\n<br>The current self-service flow has been aborted.\n<br>Possible next step: none.\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/protected/self-service/selectPushDeviceCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/protected/self-service_other"]},"parameters":[{"name":"id","in":"path","description":"The ID of the selected push device.","required":true,"schema":{"type":"string"}}]},"/protected/self-service/cronto/device/edit":{"post":{"tags":["/protected/self-service_Cronto"],"summary":"Edit name","description":"Edit Cronto device name. Allows editing the name of a previously selected Cronto device.\n<div class=\"iam-resource-return\">Whether the new name has been accepted and set. This endpoint returns a <tt>nextStep</tt> with\n value <tt>CRONTO_DEVICE_RENAMING_REQUIRED</tt> if the name is not yet valid. It returns a <tt>nextStep</tt> with\n value <tt>CRONTO_DEVICE_RENAMING_POSSIBLE</tt> if the name is valid and a follow-up call to the <tt>continue</tt> endpoint\n will advance the flow.\n <p>\n On error, this endpoint returns a detailed list of validation failures.\n </p></div>","operationId":"/protected/self-service/editName","requestBody":{"description":"the new name to set","content":{"application/json":{"schema":{"$ref":"#/components/schemas/CrontoDeviceRenameRequest"}}},"required":true},"responses":{"200":{"description":"Name successfully set.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/SelfServiceFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/SelfServiceFlowResultDataResourceDocument"}}}},"400":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>VALIDATION_FAILED</td>\n<td>The supplied name could not be validated successfully. See <a href=\"#validationFailures\">validation failures</a> for detail codes.</td>\n</tr>\n</table>\n</div>\n<br>Possible next step: <tt>CRONTO_DEVICE_RENAMING_REQUIRED</tt> (as documented <a href=\"#nextSelfServiceStepCodes\">here</a>).\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"The current self-service flow has been aborted.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/protected/self-service/editNameCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/protected/self-service_other"]}},"/protected/self-service/cronto/devices/{id}/select":{"post":{"tags":["/protected/self-service_Cronto"],"summary":"Select device","description":"Selects the Cronto device.\nThe Cronto device identified by the given ID is selected for\nfurther operations defined by the following flow steps.\n<div class=\"iam-resource-return\">Whether the operation was successful.</div>","operationId":"/protected/self-service/selectDevice_1","responses":{"200":{"description":"The device was successfully selected.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/SelfServiceFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/SelfServiceFlowResultDataResourceDocument"}}}},"400":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>CRONTO_DEVICE_NOT_FOUND</td>\n<td>No device with the requested ID was found.</td>\n</tr>\n</table>\n</div>\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/protected/self-service/selectDevice_1CorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/protected/self-service_other"]},"parameters":[{"name":"id","in":"path","description":"The ID of the device to be selected.","required":true,"schema":{"type":"string"}}]},"/protected/self-service/cronto/devices/{id}/disable":{"post":{"tags":["/protected/self-service_Cronto"],"summary":"Mark for disabling","description":"Marks the Cronto device identified by the given ID for disabling.\n<div class=\"iam-resource-return\">Whether the operation was successful.</div>","operationId":"/protected/self-service/selectForDisabling","responses":{"200":{"description":"The device was marked for disabling.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/SelfServiceFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/SelfServiceFlowResultDataResourceDocument"}}}},"400":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>CRONTO_DEVICE_NOT_FOUND</td>\n<td>No device with the requested ID was found.</td>\n</tr>\n</table>\n</div>\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/protected/self-service/selectForDisablingCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/protected/self-service_other"]},"parameters":[{"name":"id","in":"path","description":"The ID of the device to be disabled.","required":true,"schema":{"type":"string"}}]},"/protected/self-service/cronto/devices/{id}/enable":{"post":{"tags":["/protected/self-service_Cronto"],"summary":"Mark for enabling","description":"Marks the Cronto device identified by the given ID for enabling.\n<div class=\"iam-resource-return\">Whether the operation was successful.</div>","operationId":"/protected/self-service/selectForEnabling","responses":{"200":{"description":"The device was marked for enabling.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/SelfServiceFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/SelfServiceFlowResultDataResourceDocument"}}}},"400":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>CRONTO_DEVICE_NOT_FOUND</td>\n<td>No device with the requested ID was found.</td>\n</tr>\n</table>\n</div>\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/protected/self-service/selectForEnablingCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/protected/self-service_other"]},"parameters":[{"name":"id","in":"path","description":"The ID of the device to be enabled.","required":true,"schema":{"type":"string"}}]},"/protected/self-service/cronto/devices/{id}/push/disable":{"post":{"tags":["/protected/self-service_Cronto"],"summary":"Mark for push disabling","description":"Marks the Cronto device identified by the given ID for push disabling.\n<div class=\"iam-resource-return\">Whether the operation was successful.</div>","operationId":"/protected/self-service/selectForPushDisabling","responses":{"200":{"description":"The device was marked for disabling push notifications.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/SelfServiceFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/SelfServiceFlowResultDataResourceDocument"}}}},"400":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>CRONTO_DEVICE_NOT_FOUND</td>\n<td>No device with the requested ID was found.</td>\n</tr>\n<tr>\n<td>CRONTO_DEVICE_NOT_APPLICABLE</td>\n<td>The selected Cronto device is not push-capable.</td>\n</tr>\n</table>\n</div>\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/protected/self-service/selectForPushDisablingCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/protected/self-service_other"]},"parameters":[{"name":"id","in":"path","description":"The ID of the device to disable push.","required":true,"schema":{"type":"string"}}]},"/protected/self-service/cronto/devices/{id}/push/enable":{"post":{"tags":["/protected/self-service_Cronto"],"summary":"Mark for push enabling","description":"Marks the Cronto device identified by the given ID for push enabling.\n<div class=\"iam-resource-return\">Whether the operation was successful.</div>","operationId":"/protected/self-service/selectForPushEnabling","responses":{"200":{"description":"The device was marked for enabling push notifications.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/SelfServiceFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/SelfServiceFlowResultDataResourceDocument"}}}},"400":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>CRONTO_DEVICE_NOT_FOUND</td>\n<td>No device with the requested ID was found.</td>\n</tr>\n<tr>\n<td>CRONTO_DEVICE_NOT_APPLICABLE</td>\n<td>The selected Cronto device is not push-capable.</td>\n</tr>\n</table>\n</div>\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/protected/self-service/selectForPushEnablingCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/protected/self-service_other"]},"parameters":[{"name":"id","in":"path","description":"The ID of the device to enable push.","required":true,"schema":{"type":"string"}}]},"/protected/self-service/cronto/devices/{id}/remove":{"post":{"tags":["/protected/self-service_Cronto"],"summary":"Mark for deletion","description":"Marks the Cronto device identified by the given ID for deletion.\nThe response following the application of the deletion change will\ncontain an additional attribute \"crontoDeactivationChallenge\" containing\na deactivation cryptogram and optionally a deactivation secure channel challenge.\n<div class=\"iam-resource-return\">Whether the operation was successful.</div>","operationId":"/protected/self-service/selectForRemoval_1","responses":{"200":{"description":"The device was marked for deletion.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/SelfServiceFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/SelfServiceFlowResultDataResourceDocument"}}}},"400":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>CRONTO_DEVICE_NOT_FOUND</td>\n<td>No device with the requested ID was found.</td>\n</tr>\n</table>\n</div>\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/protected/self-service/selectForRemoval_1CorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/protected/self-service_other"]},"parameters":[{"name":"id","in":"path","description":"The ID of the device to be deleted.","required":true,"schema":{"type":"string"}}]},"/protected/self-service/cronto/device/edit/continue":{"post":{"tags":["/protected/self-service_Cronto"],"summary":"Validate and continue","description":"Validate the current Cronto device name and continue to the next step if possible.\n<div class=\"iam-resource-return\">If the attribute <tt>nextStep</tt> is present in the response, further steps are required to\n successfully complete the flow. If the attribute is missing, the user has successfully completed the self-service flow.\n <p>\n On error, this endpoint returns a detailed list of validation failures.\n </p></div>","operationId":"/protected/self-service/validateAndContinue_1","responses":{"200":{"description":"The name is accepted and self-service flow completed if no further steps required.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/SelfServiceFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/SelfServiceFlowResultDataResourceDocument"}}}},"400":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>VALIDATION_FAILED</td>\n<td>The name could not be validated successfully. See <a href=\"#validationFailures\">validation failures</a> for detail codes.</td>\n</tr>\n</table>\n</div>\n<br>Possible next step: <tt>CRONTO_DEVICE_RENAMING_REQUIRED</tt> (as documented <a href=\"#nextSelfServiceStepCodes\">here</a>).\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"The current self-service flow has been aborted.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/protected/self-service/validateAndContinue_1CorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/protected/self-service_other"]}},"/protected/self-service/device-token/registration/start":{"post":{"tags":["/protected/self-service_Device Tokens"],"summary":"Start registration","description":"Starts a device token registration during a protected self-service flow.\n<p>\nRegister a new device token by providing a JSON Web Key (JWK) public key and optionally a label and/or a serial ID of the device.\nThe device token is only persisted if a subsequent \"Apply Changes Step\"\nwith an \"Apply Device Token Registration\" handler is configured.\n</p>\n<p>\nThe public key is represented as specified in JWK (RFC7517). Currently elliptic curve signatures (keys of type \"EC\") are supported.<br/>\nThe following attributes are expected in the public key attribute (according to the JWK specification):\n<ul>\n<li>\"crv\" - the elliptic curve. Supported values are:\n<ul>\n<li>\"P-256\": for ES256 signatures</li>\n<li>\"P-256K\": for ES256K signatures</li>\n<li>\"P-384\": for ES384 signatures</li>\n<li>\"P-521\": for ES512 signatures</li>\n</ul>\nPlease note: During registration all four values are always allowed, but for the other use cases of device tokens (e.g. authentication)\nit is possible to restrict (in the IAM configuration) which curves are allowed.</li>\n<li>\"x\" - the x coordinate of the base point.</li>\n<li>\"y\" - the y coordinate of the base point.</li>\n<li>\"kty\" - the key type - must be \"EC\"</li>\n<li>\"kid\" - a key identifier (optional)</li>\n</ul>\n</p>\n<div class=\"iam-resource-return\">If the attribute <tt>nextAuthStep</tt> is present in the response, further steps are required.\n If the attribute is missing, the registration has been successfully completed.</div>","operationId":"/protected/self-service/registerDeviceToken","requestBody":{"description":"A request to start a registration for a new device token (public key, optionally label and serial).","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/DeviceTokenRegistrationRequest"}},"application/json":{"schema":{"$ref":"#/components/schemas/DeviceTokenRegistrationRequest"}}},"required":true},"responses":{"200":{"description":"Device token registration successfully started.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/SelfServiceFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/SelfServiceFlowResultDataResourceDocument"}}}},"400":{"description":"The supplied attributes could not be validated (wrong key type, wrong key length, or missing attribute).","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/protected/self-service/registerDeviceTokenCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/protected/self-service_other"]}},"/protected/self-service/email/verification/otp/check":{"post":{"tags":["/protected/self-service_Email OTP"],"summary":"Verify OTP","description":"Checks the OTP for the email channel verification.\n<div class=\"iam-resource-return\">Whether the OTP was accepted.</div>","operationId":"/protected/self-service/verifyEmailOtp","requestBody":{"description":"Contains the OTP to be verified.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/GenericOtpCheckRequest"}}},"required":true},"responses":{"200":{"description":"OTP successfully verified and self-service flow completed if no further steps required.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/SelfServiceFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/SelfServiceFlowResultDataResourceDocument"}}}},"400":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>EMAIL_OTP_WRONG</td>\n<td>OTP could not be validated successfully. Retry with correct OTP.</td>\n</tr>\n</table>\n</div>\n<br>Possible next step: <tt>EMAIL_OTP_REQUIRED</tt> (as documented <a href=\"#nextSelfServiceStepCodes\">here</a>).\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>EMAIL_OTP_WRONG</td>\n<td>OTP could not be validated successfully and no retries are allowed.</td>\n</tr>\n<tr>\n<td>EMAIL_OTP_EXPIRED</td>\n<td>OTP has expired.</td>\n</tr>\n</table>\n</div>\n<br>The current self-service flow has been aborted.\n<br>Possible next step: none.\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/protected/self-service/verifyEmailOtpCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/protected/self-service_other"]}},"/protected/self-service/fido/registration/challenge/retrieve":{"post":{"tags":["/protected/self-service_FIDO"],"summary":"Get challenge","description":"Retrieve FIDO challenge.\n<p>This challenge contains information that need to be passed to the FIDO authenticator\nin order to create and register a new credential.</p>\n<div class=\"iam-resource-return\">Challenge to be passed to the FIDO authenticator</div>","operationId":"/protected/self-service/createRegistrationChallenge","requestBody":{"description":"Contains the display name of the registered FIDO credential.\n<p>Note that rules specified for the Nickname Profile of the PRECIS FreeformClass (see <a href=\"https://tools.ietf.org/html/rfc8266#section-2.3\">RFC8266 - Section 2.3</a>) will be enforced.\nCertain characters may therefore be replaced (e.g., white-space will be trimmed) or the input may be deemed invalid.</p>","content":{"application/json":{"schema":{"$ref":"#/components/schemas/FidoRegistrationChallengeRequest"}}}},"responses":{"200":{"description":"Challenge successfully generated. Possible next steps: <tt>FIDO_REGISTRATION_ATTESTATION_RESPONSE_REQUIRED</tt> (as documented <a href=\"#nextSelfServiceStepCodes\">here</a>).","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/FidoRegistrationSelfServiceChallengeDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/FidoRegistrationSelfServiceChallengeDataResourceDocument"}}}},"400":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>VALIDATION_FAILED</td>\n<td>The supplied display name is invalid. See <a href=\"#validationFailures\">validation failures</a> for detail codes.</td>\n</tr>\n</table>\n</div>\n<br>Possible next steps: <tt>FIDO_REGISTRATION_CHALLENGE_RETRIEVAL_REQUIRED</tt> (as documented <a href=\"#nextSelfServiceStepCodes\">here</a>).\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"The current self-service flow has been aborted.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/protected/self-service/createRegistrationChallengeCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/protected/self-service_other"]}},"/protected/self-service/fido/registration/failure/report":{"post":{"tags":["/protected/self-service_FIDO"],"summary":"Report FIDO failure","description":"Report a FIDO client failure during registration .<p>Allows the client to report a FIDO failure, resulting in a step failure.</p>\n<div class=\"iam-resource-return\">The status of the flow. If the attribute <tt>nextStep</tt> is present in the response,\n further steps are required to successfully complete the flow.</div>","operationId":"/protected/self-service/handleClientFailure","requestBody":{"description":"Contains information (reason and message) describing the failure.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/FidoRegistrationClientFailureRequest"}}},"required":true},"responses":{"200":{"description":"Authentication successful or further steps required. This is only possible if \"On Failure Gotos\" are configured on the step.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/SelfServiceFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/SelfServiceFlowResultDataResourceDocument"}}}},"400":{"description":"The request was invalid.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n\t<td>FIDO_REGISTRATION_ABORTED</td>\n\t<td>The FIDO credential registration has been aborted in the client. Returned if the <tt>reason</tt> in the request is \"ABORTED\".</td>\n</tr>\n<tr>\n\t<td>FIDO_REGISTRATION_NOT_ALLOWED</td>\n\t<td>FIDO credential registration was not allowed in the client. Returned if the <tt>reason</tt> in the request is \"NOT_ALLOWED\".</td>\n</tr>\n<tr>\n\t<td>FIDO_REGISTRATION_NOT_SUPPORTED</td>\n\t<td>The browser/client could not find a FIDO credential that fulfills the registration requirements. Returned if the <tt>reason</tt> in the request is \"NOT_SUPPORTED\".</td>\n</tr>\n<tr>\n\t<td>FIDO_WEB_AUTHN_NOT_AVAILABLE</td>\n\t<td>The browser/client does not support WebAuthn/FIDO. Returned if the <tt>reason</tt> in the request is \"NO_WEB_AUTHN\".</td>\n</tr>\n<tr>\n\t<td>FIDO_REGISTRATION_FAILED</td>\n\t<td>Returned if any other error occurred in the client. Returned if the <tt>reason</tt> in the request is \"UNKNOWN\".</td>\n</tr>\n</table>\n</div>\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/protected/self-service/handleClientFailureCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/protected/self-service_other"]}},"/protected/self-service/fido/registration/attestation-response/check":{"post":{"tags":["/protected/self-service_FIDO"],"summary":"Verify Authenticator response","description":"Verify FIDO authenticator's response.\n<p>The FIDO authenticator's response to the previously obtained challenge (<tt>POST /fido/registration/challenge/retrieve</tt>)\ncontains information about the newly created FIDO credential as well as metadata that will be verified by IAM.</p>\n<div class=\"iam-resource-return\">Status of registration</div>","operationId":"/protected/self-service/verify","requestBody":{"description":"Contains the FIDO authenticator's response to the previously obtained challenge","content":{"application/json":{"schema":{"$ref":"#/components/schemas/FidoRegistrationAuthenticatorResponseRequest"}}},"required":true},"responses":{"200":{"description":"Registration is successfully completed.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/SelfServiceFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/SelfServiceFlowResultDataResourceDocument"}}}},"400":{"description":"The request was invalid.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>FIDO_REGISTRATION_ATTESTATION_INVALID</td>\n<td>The attestation object supplied by the FIDO authenticator could not be successfully verified.\nThis can happen if the issuer CA is not present in the keystore or if the authenticator does not provide an assertion object.</td>\n</tr>\n<tr>\n<td>FIDO_REGISTRATION_FAILED</td>\n<td>The response of the FIDO authenticator to the previously obtained challenge could not be successfully verified.</td>\n</tr>\n<tr>\n<td>FIDO_REGISTRATION_TIMEOUT</td>\n<td>The response of the FIDO authenticator has timed out.</td>\n</tr>\n</table>\n</div>\n<br>As a result, the registration failed and the flow has been terminated. No retries are possible.\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/protected/self-service/verifyCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/protected/self-service_other"]}},"/protected/self-service/fido/credential/edit":{"post":{"tags":["/protected/self-service_FIDO"],"summary":"Edit name","description":"Edit FIDO credential display name. Allows editing the display name of a previously selected FIDO credential.\n<div class=\"iam-resource-return\">Whether the new display name has been accepted and set. This endpoint returns a <tt>nextStep</tt> with\n value <tt>FIDO_CREDENTIAL_EDIT_POSSIBLE</tt> if the display name is valid and a follow-up call to the <tt>continue</tt> endpoint\n will advance the flow.\n <p>\n On error, this endpoint returns a detailed list of validation failures.\n </p></div>","operationId":"/protected/self-service/edit","requestBody":{"description":"the new display name to set","content":{"application/json":{"schema":{"$ref":"#/components/schemas/FidoCredentialDisplayNameChangeRequest"}}},"required":true},"responses":{"200":{"description":"Display name successfully set.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/SelfServiceFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/SelfServiceFlowResultDataResourceDocument"}}}},"400":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>VALIDATION_FAILED</td>\n<td>The supplied display name could not be validated successfully. See <a href=\"#validationFailures\">validation failures</a> for detail codes.</td>\n</tr>\n</table>\n</div>\n<br>Possible next step: <tt>FIDO_CREDENTIAL_EDIT_POSSIBLE</tt> (as documented <a href=\"#nextSelfServiceStepCodes\">here</a>).\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"The current self-service flow has been aborted.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/protected/self-service/editCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/protected/self-service_other"]}},"/protected/self-service/fido/credentials/{credentialId}/select":{"post":{"tags":["/protected/self-service_FIDO"],"summary":"Select credential","description":"Selects the FIDO credential.\nThe FIDO credential identified by the given ID is selected for\nfurther operations defined by the following flow steps.\n<div class=\"iam-resource-return\">Whether the operation was successful.</div>","operationId":"/protected/self-service/selectCredential","responses":{"200":{"description":"The credential was successfully selected.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/SelfServiceFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/SelfServiceFlowResultDataResourceDocument"}}}},"400":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>FIDO_CREDENTIAL_NOT_FOUND</td>\n<td>No credential with the requested ID was found.</td>\n</tr>\n</table>\n</div>\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/protected/self-service/selectCredentialCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/protected/self-service_other"]},"parameters":[{"name":"credentialId","in":"path","description":"The ID of the credential to be selected.","required":true,"schema":{"type":"string"}}]},"/protected/self-service/fido/credentials/{credentialId}/disable":{"post":{"tags":["/protected/self-service_FIDO"],"summary":"Mark for disabling","description":"Marks the FIDO credential identified by the given ID for disabling.\n<div class=\"iam-resource-return\">Whether the operation was successful.</div>","operationId":"/protected/self-service/selectForDisabling_1","responses":{"200":{"description":"The credential was marked for disabling.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/SelfServiceFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/SelfServiceFlowResultDataResourceDocument"}}}},"400":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>FIDO_CREDENTIAL_NOT_FOUND</td>\n<td>No credential with the requested ID was found.</td>\n</tr>\n</table>\n</div>\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/protected/self-service/selectForDisabling_1CorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/protected/self-service_other"]},"parameters":[{"name":"credentialId","in":"path","description":"The ID of the credential to be disabled.","required":true,"schema":{"type":"string"}}]},"/protected/self-service/fido/credentials/{credentialId}/enable":{"post":{"tags":["/protected/self-service_FIDO"],"summary":"Mark for enabling","description":"Marks the FIDO credential identified by the given ID for enabling.\n<div class=\"iam-resource-return\">Whether the operation was successful.</div>","operationId":"/protected/self-service/selectForEnabling_1","responses":{"200":{"description":"The credential was marked for enabling.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/SelfServiceFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/SelfServiceFlowResultDataResourceDocument"}}}},"400":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>FIDO_CREDENTIAL_NOT_FOUND</td>\n<td>No credential with the requested ID was found.</td>\n</tr>\n</table>\n</div>\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/protected/self-service/selectForEnabling_1CorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/protected/self-service_other"]},"parameters":[{"name":"credentialId","in":"path","description":"The ID of the credential to be enabled.","required":true,"schema":{"type":"string"}}]},"/protected/self-service/fido/credentials/{credentialId}/remove":{"post":{"tags":["/protected/self-service_FIDO"],"summary":"Mark for deletion","description":"Marks the FIDO credential identified by the given ID for deletion.\n<div class=\"iam-resource-return\">Whether the operation was successful.</div>","operationId":"/protected/self-service/selectForRemoval_2","responses":{"200":{"description":"The credential was marked for deletion.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/SelfServiceFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/SelfServiceFlowResultDataResourceDocument"}}}},"400":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>FIDO_CREDENTIAL_NOT_FOUND</td>\n<td>No credential with the requested ID was found.</td>\n</tr>\n</table>\n</div>\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/protected/self-service/selectForRemoval_2CorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/protected/self-service_other"]},"parameters":[{"name":"credentialId","in":"path","description":"The ID of the credential to be deleted.","required":true,"schema":{"type":"string"}}]},"/protected/self-service/fido/credential/edit/continue":{"post":{"tags":["/protected/self-service_FIDO"],"summary":"Validate and continue","description":"Validate the current FIDO credential display name and continue to the next step if possible.\n<div class=\"iam-resource-return\">If the attribute <tt>nextStep</tt> is present in the response, further steps are required to\n successfully complete the flow. If the attribute is missing, the user has successfully completed the self-service flow.\n <p>\n On error, this endpoint returns a detailed list of validation failures.\n </p></div>","operationId":"/protected/self-service/validateAndContinue_2","responses":{"200":{"description":"The display name is accepted and self-service flow completed if no further steps required.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/SelfServiceFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/SelfServiceFlowResultDataResourceDocument"}}}},"400":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>VALIDATION_FAILED</td>\n<td>The display name could not be validated successfully. See <a href=\"#validationFailures\">validation failures</a> for detail codes.</td>\n</tr>\n</table>\n</div>\n<br>Possible next step: <tt>FIDO_CREDENTIAL_EDIT_POSSIBLE</tt> (as documented <a href=\"#nextSelfServiceStepCodes\">here</a>).\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"The current self-service flow has been aborted.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/protected/self-service/validateAndContinue_2CorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/protected/self-service_other"]}},"/protected/self-service/approval/mtan/otp/check":{"post":{"tags":["/protected/self-service_SMS/mTAN"],"summary":"Check mTAN OTP","description":"Checks the submitted mTAN OTP.\n<div class=\"iam-resource-return\">Whether the check was successful. If the attribute <tt>nextStep</tt> is present in the response,\n further steps are required to successfully approve the operation. If the attribute is missing, the self-service\n flow completed successfully.</div>","operationId":"/protected/self-service/checkMtanOtp","requestBody":{"description":"Request containing the mTAN OTP.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/GenericOtpCheckRequest"}}},"required":true},"responses":{"200":{"description":"Self-service flow successful or further steps required.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/SelfServiceFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/SelfServiceFlowResultDataResourceDocument"}}}},"400":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>MTAN_OTP_WRONG</td>\n<td>OTP could not be validated successfully. Retry with correct OTP.</td>\n</tr>\n</table>\n</div>\n<br>Possible next step: <tt>MTAN_OTP_REQUIRED</tt> (as documented <a href=\"#nextSelfServiceStepCodes\">here</a>).\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>MTAN_OTP_WRONG</td>\n<td>OTP could not be validated successfully and no retries are allowed.</td>\n</tr>\n<tr>\n<td>MTAN_OTP_EXPIRED</td>\n<td>The OTP has expired.</td>\n</tr>\n</table>\n</div>\n<br>The current self-service flow has been aborted.\n<br>Possible next step: none.\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/protected/self-service/checkMtanOtpCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/protected/self-service_other"]}},"/protected/self-service/approval/mtan/otp/resend":{"post":{"tags":["/protected/self-service_SMS/mTAN"],"summary":"Resend OTP","description":"Resends the mTAN OTP by SMS.\n<div class=\"iam-resource-return\">Whether the resend was successful and informs about the <tt>nextStep</tt>.\n Additionally, the response includes information about the possibility of an OTP resend.\n <p><b>Deprecated:</b> The 'included' section containing resend information is deprecated and will be removed in a future version.\n The resend information is returned as <a href=\"#additionalSelfServiceAttributes\">additional attribute</a>\n with the <tt>MTAN_OTP_REQUIRED</tt> next step code.</p></div>","operationId":"/protected/self-service/resendMtanOtp","responses":{"200":{"description":"The OTP has been resent.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/SelfServiceFlowResultDataResourceDocument"},"examples":{"Flow result":{"description":"Flow result","value":{"meta":{"type":"jsonapi.metadata.document","timestamp":"2025-07-03T11:14:37.085+02:00"},"included":[{"type":"self-service.mtan.otp.resend.information","id":"1434690619","attributes":{"otpResendPossible":true}}],"data":{"type":"self-service.session","id":"633418980328204347","attributes":{"nextStep":"MTAN_OTP_REQUIRED","phoneNumber":"+41761234567","resendPossible":true}}}}}},"application/json":{"schema":{"$ref":"#/components/schemas/SelfServiceFlowResultDataResourceDocument"},"examples":{"Flow result":{"description":"Flow result","value":{"meta":{"type":"jsonapi.metadata.document","timestamp":"2025-07-03T11:14:37.085+02:00"},"included":[{"type":"self-service.mtan.otp.resend.information","id":"1434690619","attributes":{"otpResendPossible":true}}],"data":{"type":"self-service.session","id":"633418980328204347","attributes":{"nextStep":"MTAN_OTP_REQUIRED","phoneNumber":"+41761234567","resendPossible":true}}}}}}}},"400":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>MTAN_OTP_RESEND_REFUSED</td>\n<td>The OTP could not be resent.</td>\n</tr>\n</table>\n</div>\n<br>Possible next step: <tt>MTAN_OTP_REQUIRED</tt> (as documented <a href=\"#nextSelfServiceStepCodes\">here</a>).\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Resend failed. The current self-service flow has been aborted.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/protected/self-service/resendMtanOtpCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/protected/self-service_other"]}},"/protected/self-service/approval/mtan/tokens/{id}/select":{"post":{"tags":["/protected/self-service_SMS/mTAN"],"summary":"Select token","description":"Selects one of the active mTAN tokens (phone numbers) for sending the OTP to.\n<div class=\"iam-resource-return\">Whether the token selection and sending of the OTP was successful. Gives information about the next self-service step required.\n Additionally, the response includes information about the possibility of an OTP resend.\n <p><b>Deprecated:</b> The 'included' section containing resend information is deprecated and will be removed in a future version.\n The resend information is returned as <a href=\"#additionalSelfServiceAttributes\">additional attribute</a>\n with the <tt>MTAN_OTP_REQUIRED</tt> next step code.</p></div>","operationId":"/protected/self-service/selectMtanToken","responses":{"200":{"description":"mTAN token successfully selected, OTP sent.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/SelfServiceFlowResultDataResourceDocument"},"examples":{"Flow result":{"description":"Flow result","value":{"meta":{"type":"jsonapi.metadata.document","timestamp":"2025-07-03T11:14:37.085+02:00"},"included":[{"type":"self-service.mtan.otp.resend.information","id":"1434690619","attributes":{"otpResendPossible":true}}],"data":{"type":"self-service.session","id":"633418980328204347","attributes":{"nextStep":"MTAN_OTP_REQUIRED","phoneNumber":"+41761234567","resendPossible":true}}}}}},"application/json":{"schema":{"$ref":"#/components/schemas/SelfServiceFlowResultDataResourceDocument"},"examples":{"Flow result":{"description":"Flow result","value":{"meta":{"type":"jsonapi.metadata.document","timestamp":"2025-07-03T11:14:37.085+02:00"},"included":[{"type":"self-service.mtan.otp.resend.information","id":"1434690619","attributes":{"otpResendPossible":true}}],"data":{"type":"self-service.session","id":"633418980328204347","attributes":{"nextStep":"MTAN_OTP_REQUIRED","phoneNumber":"+41761234567","resendPossible":true}}}}}}}},"400":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>MTAN_TOKEN_CHOICE_FAILED</td>\n<td>Invalid mTAN token ID. Retry with valid ID.</td>\n</tr>\n</table>\n</div>\n<br>Possible next step: <tt>MTAN_TOKEN_CHOICE_REQUIRED</tt> (as documented <a href=\"#nextSelfServiceStepCodes\">here</a>).\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Selection failed. The current self-service flow has been aborted.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/protected/self-service/selectMtanTokenCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/protected/self-service_other"]},"parameters":[{"name":"id","in":"path","description":"the ID of the selected mTAN token.","required":true,"schema":{"type":"string"}}]},"/protected/self-service/mtan/token/edit":{"post":{"tags":["/protected/self-service_SMS/mTAN"],"summary":"Edit token","description":"Edit an mTAN token. Allows editing the number and/or label of an mTAN token.\n<div class=\"iam-resource-return\">Whether the new fields have been accepted and set. This endpoint returns a <tt>nextStep</tt> with\n value <tt>MTAN_TOKEN_EDIT_REQUIRED</tt> if the token data is not yet valid. It returns a <tt>nextStep</tt> with\n value <tt>MTAN_TOKEN_EDIT_POSSIBLE</tt> if the token data is valid and a follow-up call to the <tt>continue</tt> endpoint\n will advance the flow.\n <p>\n On error, this endpoint returns a detailed list of validation failures.\n </p></div>","operationId":"/protected/self-service/editToken","requestBody":{"description":"the edited mTAN token","content":{"application/json":{"schema":{"$ref":"#/components/schemas/MtanTokenEditRequest"}}},"required":true},"responses":{"200":{"description":"Token fields successfully set. The <tt>nextStep</tt> informs about the token data validity.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/SelfServiceFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/SelfServiceFlowResultDataResourceDocument"}}}},"400":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>VALIDATION_FAILED</td>\n<td>The supplied fields could not be validated successfully. See <a href=\"#validationFailures\">validation failures</a> for detail codes.</td>\n</tr>\n</table>\n</div>\n<br>Possible next steps: <tt>MTAN_TOKEN_EDIT_REQUIRED</tt> or <tt>MTAN_TOKEN_EDIT_POSSIBLE</tt> (as documented\n<a href=\"#nextSelfServiceStepCodes\">here</a>).\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"The current self-service flow has been aborted.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/protected/self-service/editTokenCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/protected/self-service_other"]}},"/protected/self-service/mtan/token/info/retrieve":{"post":{"tags":["/protected/self-service_SMS/mTAN"],"summary":"Get token","description":"Retrieves the currently selected mTAN token.\n<div class=\"iam-resource-return\">Number and label of the current mTAN token.</div>","operationId":"/protected/self-service/retrieveInfo","responses":{"200":{"description":"The information has successfully been returned.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/SelfServiceMtanTokenInformationDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/SelfServiceMtanTokenInformationDataResourceDocument"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/protected/self-service/retrieveInfoCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/protected/self-service_other"]}},"/protected/self-service/mtan/token/edit/continue":{"post":{"tags":["/protected/self-service_SMS/mTAN"],"summary":"Validate and continue","description":"Validate all data on the current mTAN token and continue to the next step if possible.\n<div class=\"iam-resource-return\">If the attribute <tt>nextStep</tt> is present in the response, further steps are required to\n successfully edit the token. If the attribute is missing, the user has successfully completed the self-service flow.\n <p>\n On error, this endpoint returns a detailed list of validation failures.\n </p></div>","operationId":"/protected/self-service/validateAndContinue_3","responses":{"200":{"description":"All data successfully received and self-service flow completed if no further steps required.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/SelfServiceFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/SelfServiceFlowResultDataResourceDocument"}}}},"400":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>VALIDATION_FAILED</td>\n<td>The supplied attributes could not be validated successfully. See <a href=\"#validationFailures\">validation failures</a> for detail codes.</td>\n</tr>\n</table>\n</div>\n<br>Possible next steps: <tt>MTAN_TOKEN_EDIT_REQUIRED</tt> or <tt>MTAN_TOKEN_EDIT_POSSIBLE</tt> (as documented <a href=\"#nextSelfServiceStepCodes\">here</a>).\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"The current self-service flow has been aborted.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/protected/self-service/validateAndContinue_3CorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/protected/self-service_other"]}},"/protected/self-service/mtan/tokens/{tokenId}/select":{"post":{"tags":["/protected/self-service_SMS/mTAN"],"summary":"Select token","description":"Selects the token identified by the given ID for\nfurther processing like editing, for example.\n<div class=\"iam-resource-return\">Whether the operation was successful.</div>","operationId":"/protected/self-service/select_2","responses":{"200":{"description":"The token was selected.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/SelfServiceFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/SelfServiceFlowResultDataResourceDocument"}}}},"400":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>MTAN_TOKEN_NOT_FOUND</td>\n<td>No token with the selected ID was found.</td>\n</tr>\n</table>\n</div>\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/protected/self-service/select_2CorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/protected/self-service_other"]},"parameters":[{"name":"tokenId","in":"path","description":"The token ID to be selected.","required":true,"schema":{"type":"string"}}]},"/protected/self-service/mtan/tokens/{tokenId}/remove":{"post":{"tags":["/protected/self-service_SMS/mTAN"],"summary":"Mark for deletion","description":"Marks the number identified by the given ID for deletion.\n<div class=\"iam-resource-return\">Whether the operation was successful.</div>","operationId":"/protected/self-service/selectForDeletion","responses":{"200":{"description":"The number was marked for deletion.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/SelfServiceFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/SelfServiceFlowResultDataResourceDocument"}}}},"400":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>MTAN_TOKEN_NOT_FOUND</td>\n<td>No token with the selected ID was found.</td>\n</tr>\n</table>\n</div>\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/protected/self-service/selectForDeletionCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/protected/self-service_other"]},"parameters":[{"name":"tokenId","in":"path","description":"The token ID to be deleted.","required":true,"schema":{"type":"string"}}]},"/protected/self-service/oauth2/authorization-servers/{authorizationServerId}/clients/{clientId}/consents/remove":{"post":{"tags":["/protected/self-service_OAuth 2.0/OIDC"],"summary":"Mark for removal","description":"Marks all OAuth 2.0 consents of a specific client for removal from storage.\n<div class=\"iam-resource-return\">An empty response</div>","operationId":"/protected/self-service/removeConsents","responses":{"200":{"description":"The consents have been marked for removal.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/SelfServiceFlowResultDataResourceDocument"}},"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/SelfServiceFlowResultDataResourceDocument"}}}},"400":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>OAUTH2_CLIENT_ID_NOT_FOUND</td>\n<td>No OAuth 2.0 client was found for the specified ID.</td>\n</tr>\n<tr>\n<td>OAUTH2_AUTHORIZATION_SERVER_ID_NOT_FOUND</td>\n<td>No OAuth 2.0 authorization server was found for the specified ID.</td>\n</tr>\n<tr>\n<td>PRECONDITION_NOT_FULFILLED</td>\n<td>The access condition for this service is not fulfilled.</td>\n</tr>\n<tr>\n<td>NOT_AUTHORIZED</td>\n<td>The authorization condition for this service is not fulfilled, further authentication is required.</td>\n</tr>\n</table>\n</div>\n","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/protected/self-service/removeConsentsCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/protected/self-service_other"]},"parameters":[{"name":"authorizationServerId","in":"path","description":"The OAuth 2.0 authorization server ID.","required":true,"schema":{"type":"string"}},{"name":"clientId","in":"path","description":"The OAuth 2.0 client ID for which all consents will be deleted from persistence.","required":true,"schema":{"type":"string"}}]},"/protected/self-service/oauth2/client/authorization/uri/retrieve":{"post":{"tags":["/protected/self-service_OAuth 2.0/OIDC"],"summary":"Get auth URI","description":"Returns a fresh authorization request URI to initiate the OAuth 2.0 / OpenID Connect handshake on the authorization\nserver. This is needed in situations where pushed authorization requests (see\n<a href=\"https://tools.ietf.org/html/rfc9126\" target=\"_blank\">RFC 9126</a>) or similar standards are used, which\ndo not allow the authorization request URI to be re-used.\n<div class=\"iam-resource-return\">A fresh request authorization URI.</div>","operationId":"/protected/self-service/retrieveAuthorizationRequestUri","responses":{"200":{"description":"Authorization Request URI successfully retrieved.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/SelfServiceOAuth2AuthorizationUriDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/SelfServiceOAuth2AuthorizationUriDataResourceDocument"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/protected/self-service/retrieveAuthorizationRequestUriCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/protected/self-service_other"]}},"/protected/self-service/oauth2/client/authorization/check":{"post":{"tags":["/protected/self-service_OAuth 2.0/OIDC"],"summary":"Check auth response","description":"Checks the OAuth 2.0 authorization response. The OAuth 2.0 authorization response\n(see <a href=\"https://tools.ietf.org/html/rfc6749#section-4.1.2\" target=\"_blank\">RFC 6749, Chapter 4.1.2</a>\nrespectively\n<a href=\"https://tools.ietf.org/html/rfc6749#section-4.1.2.1\" target=\"_blank\">RFC 6749, Chapter 4.1.2.1</a> for\nauthorization response errors) has to be submitted in the body as query string from the received OAuth 2.0\nauthorization response request.\n<div class=\"iam-resource-return\">Whether the step successfully completed. If the attribute <tt>nextStep</tt> is present in the response,\n further steps are required to proceed the flow. If the attribute is missing, the flow has successfully completed.</div>","operationId":"/protected/self-service/verifyAuthorizationResponse","requestBody":{"description":"Containing the query string of the authorization response.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/OAuth2AuthorizationResponseQueryRequest"}}},"required":true},"responses":{"200":{"description":"Check successfully completed.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/SelfServiceFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/SelfServiceFlowResultDataResourceDocument"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>OAUTH2_CLIENT_AUTHORIZATION_FAILED</td>\n<td>OAuth 2.0 authorization failed. No retries allowed.</td>\n</tr>\n</table>\n</div>\n<br>The current self-service flow has been aborted.\n<br>Possible next step: none.\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/protected/self-service/verifyAuthorizationResponseCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/protected/self-service_other"]}},"/protected/self-service/oauth2/consents/{consentId}/deny":{"post":{"tags":["/protected/self-service_OAuth 2.0/OIDC"],"summary":"Deny consent","description":"Marks an OAuth 2.0 consent as denied.\n<div class=\"iam-resource-return\">An empty response</div>","operationId":"/protected/self-service/denyConsent","responses":{"200":{"description":"Consent marked as denied.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/SelfServiceFlowResultDataResourceDocument"}},"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/SelfServiceFlowResultDataResourceDocument"}}}},"400":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>OAUTH2_CONSENT_ID_NOT_FOUND</td>\n<td>No consent was found for the specified ID.</td>\n</tr>\n<tr>\n<td>PRECONDITION_NOT_FULFILLED</td>\n<td>The access condition for this service is not fulfilled.</td>\n</tr>\n<tr>\n<td>NOT_AUTHORIZED</td>\n<td>The authorization condition for this service is not fulfilled, further authentication is required.</td>\n</tr>\n</table>\n</div>\n","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/protected/self-service/denyConsentCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/protected/self-service_other"]},"parameters":[{"name":"consentId","in":"path","description":"The ID of the consent to deny.","required":true,"schema":{"type":"string"}}]},"/protected/self-service/oauth2/consents/{consentId}/grant":{"post":{"tags":["/protected/self-service_OAuth 2.0/OIDC"],"summary":"Grant consent","description":"Marks an OAuth 2.0 consent as granted.\n<div class=\"iam-resource-return\">An empty response</div>","operationId":"/protected/self-service/grantConsent","responses":{"200":{"description":"Consent marked as granted.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/SelfServiceFlowResultDataResourceDocument"}},"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/SelfServiceFlowResultDataResourceDocument"}}}},"400":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>OAUTH2_CONSENT_ID_NOT_FOUND</td>\n<td>No consent was found for the specified ID.</td>\n</tr>\n<tr>\n<td>PRECONDITION_NOT_FULFILLED</td>\n<td>The access condition for this service is not fulfilled.</td>\n</tr>\n<tr>\n<td>NOT_AUTHORIZED</td>\n<td>The authorization condition for this service is not fulfilled, further authentication is required.</td>\n</tr>\n</table>\n</div>\n","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/protected/self-service/grantConsentCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/protected/self-service_other"]},"parameters":[{"name":"consentId","in":"path","description":"The ID of the consent to grant.","required":true,"schema":{"type":"string"}}]},"/protected/self-service/oauth2/sessions/{sessionId}/remove":{"post":{"tags":["/protected/self-service_OAuth 2.0/OIDC"],"summary":"Mark for deletion","description":"Marks the OAuth 2.0 session identified by the given ID for deletion.\n<div class=\"iam-resource-return\">Whether the operation was successful.</div>","operationId":"/protected/self-service/removeSession","responses":{"200":{"description":"The session has been marked for deletion.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/SelfServiceFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/SelfServiceFlowResultDataResourceDocument"}}}},"400":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>OAUTH2_SESSION_NOT_FOUND</td>\n<td>OAuth 2.0 session not found.</td>\n</tr>\n</table>\n</div>\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/protected/self-service/removeSessionCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/protected/self-service_other"]},"parameters":[{"name":"sessionId","in":"path","description":"The ID of the session to be deleted.","required":true,"schema":{"type":"string"}}]},"/protected/self-service/oath/activation/complete":{"post":{"tags":["/protected/self-service_OATH OTP"],"summary":"Verify OTP","description":"Verify submitted OATH OTP.\n<br>\nThe corresponding shared secret has been communicated as an additional attribute after step initialization.\n<div class=\"iam-resource-return\">Whether the check was successful.</div>","operationId":"/protected/self-service/checkOathOtp","requestBody":{"description":"Request containing the OATH OTP.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/GenericOtpCheckRequest"}}},"required":true},"responses":{"200":{"description":"OTP successfully verified and self-registration completed if no further steps required.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/SelfServiceFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/SelfServiceFlowResultDataResourceDocument"}}}},"400":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>OATH_OTP_WRONG</td>\n<td>The OTP could not be validated successfully. Retry with the correct OTP.</td>\n</tr>\n</table>\n</div>\n<br>Possible next steps: <tt>OATH_OTP_ACTIVATION_REQUIRED</tt> (as documented <a href=\"#nextSelfRegStepCodes\">here</a>).\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>OATH_OTP_ACTIVATION_FAILED</td>\n<td>OATH OTP activation is not possible.</td>\n</tr>\n</table>\n</div>\n<br>The current user self-registration flow has been aborted.\n<br>Possible next step: none.\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/protected/self-service/checkOathOtpCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/protected/self-service_other"]}},"/protected/self-service/password/change":{"post":{"tags":["/protected/self-service_Password"],"summary":"Change password","description":"Voluntary password change during a self-service flow.\n<div class=\"iam-resource-return\">Whether the password change was successful.</div>","operationId":"/protected/self-service/changePassword","requestBody":{"description":"Contains the user's current and new password.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/PasswordChangeSelfServiceRequest"}}},"required":true},"responses":{"200":{"description":"Password successfully changed and self-service flow completed if no further steps required.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/SelfServiceFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/SelfServiceFlowResultDataResourceDocument"}}}},"400":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>EXISTING_PASSWORD_WRONG</td>\n<td>The existing password is wrong.</td>\n</tr>\n<tr>\n<td>PASSWORD_POLICY_VIOLATED</td>\n<td>The new password violates the password policy. See <a href=\"#passwordPolicyDetailCodes\">password policy violation detail codes</a>.</td>\n</tr>\n</table>\n</div>\n<br>Possible next step: <tt>PASSWORD_CHANGE_REQUIRED</tt> (as documented <a href=\"#nextSelfServiceStepCodes\">here</a>).\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"The current self-service flow has been aborted.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/protected/self-service/changePasswordCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/protected/self-service_other"]}},"/protected/self-service/remember-me/devices/{id}/remove":{"post":{"tags":["/protected/self-service_Remember-Me"],"summary":"Mark device for deletion","description":"Marks the Remember-Me device identified by the given ID for deletion.\n<div class=\"iam-resource-return\">Whether the operation was successful.</div>","operationId":"/protected/self-service/selectForRemoval_3","responses":{"200":{"description":"The device was marked for deletion.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/SelfServiceFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/SelfServiceFlowResultDataResourceDocument"}}}},"400":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>REMEMBER_ME_DEVICE_NOT_FOUND</td>\n<td>No device with the requested ID was found.</td>\n</tr>\n</table>\n</div>\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/protected/self-service/selectForRemoval_3CorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/protected/self-service_other"]},"parameters":[{"name":"id","in":"path","description":"The ID of the device to be deleted.","required":true,"schema":{"type":"string"}}]},"/protected/self-service/message/acknowledge":{"post":{"tags":["/protected/self-service_Message Acknowledgement"],"summary":"Acknowledge message","description":"Acknowledges a previously received message.\nThe message can be a pre-configured message ID or server-generated message, depending on the step configuration.\nIt has been received as an additional in a previous step response (as documented <a href=\"#additionalSelfServiceAttributes\">here</a>).\n<div class=\"iam-resource-return\">If the attribute <tt>nextStep</tt> is present in the response,\n further steps are required to successfully continue with the flow. If the attribute is missing, the self-service flow\n is successfully terminated.</div>","operationId":"/protected/self-service/acknowledgeMessageId","responses":{"200":{"description":"Message successfully acknowledged or further steps required (as documented <a href=\"#nextSelfServiceStepCodes\">here</a>).","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/SelfServiceFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/SelfServiceFlowResultDataResourceDocument"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/protected/self-service/acknowledgeMessageIdCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/protected/self-service_other"]}},"/protected/self-service/dynamic-steps/{stepId}/activate":{"post":{"tags":["/protected/self-service_Flow Control"],"summary":"Activate step","description":"Activates a flow step.\n<div class=\"iam-resource-return\">The required next step action or an error if the step ID is invalid or the step could not be activated.</div>","operationId":"/protected/self-service/activate","responses":{"200":{"description":"Self-service flow successful or further steps required.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/SelfServiceFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/SelfServiceFlowResultDataResourceDocument"}}}},"400":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>INVALID_STEP_ID</td>\n<td>The selected step ID is not available.</td>\n</tr>\n<tr>\n<td>STEP_ACTIVATION_NOT_ALLOWED</td>\n<td>The selected step cannot be activated.</td>\n</tr>\n</table>\n</div>\n<br>Possible next step: always the same as before the activate call.\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/protected/self-service/activateCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/protected/self-service_other"]},"parameters":[{"name":"stepId","in":"path","description":"The ID of the step to be activated.","required":true,"schema":{"type":"string"}}]},"/protected/self-service/dynamic-steps/{stepId}/deactivate":{"post":{"tags":["/protected/self-service_Flow Control"],"summary":"Deactivate step","description":"Deactivates a flow step.\n<div class=\"iam-resource-return\">The required next step action or an error if the step ID is invalid or the step could not be deactivated.</div>","operationId":"/protected/self-service/deactivate","responses":{"200":{"description":"Self-service flow successful or further steps required.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/SelfServiceFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/SelfServiceFlowResultDataResourceDocument"}}}},"400":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>INVALID_STEP_ID</td>\n<td>The selected step ID is not available.</td>\n</tr>\n<tr>\n<td>STEP_DEACTIVATION_NOT_ALLOWED</td>\n<td>The selected step cannot be deactivated.</td>\n</tr>\n</table>\n</div>\n<br>Possible next step: always the same as before the deactivate call.\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/protected/self-service/deactivateCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/protected/self-service_other"]},"parameters":[{"name":"stepId","in":"path","description":"The ID of the step to be deactivated","required":true,"schema":{"type":"string"}}]},"/protected/self-service/dynamic-steps/retrieve":{"post":{"tags":["/protected/self-service_Flow Control"],"summary":"List dynamic steps","description":"Retrieves list of all steps that can be dynamically activated or deactivated on the current step.\n<div class=\"iam-resource-return\">A list of dynamic steps with their activation information.</div>","operationId":"/protected/self-service/retrieve","responses":{"200":{"description":"The information has been successfully returned.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/SelfServiceDynamicStepActivationDataCollectionDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/SelfServiceDynamicStepActivationDataCollectionDocument"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/protected/self-service/retrieveCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/protected/self-service_other"]}},"/protected/self-service/approval/fido/failure/report":{"post":{"tags":["/protected/self-service_FIDO"],"summary":"Report FIDO failure","description":"Report a FIDO client failure.<p>Allows the client to report a FIDO failure, resulting in a step failure.</p>\n<div class=\"iam-resource-return\">The status of the flow. If the attribute <tt>nextStep</tt> is present in the response,\n further steps are required to successfully complete the flow.</div>","operationId":"/protected/self-service/handleClientFailure_1","requestBody":{"description":"Contains information (name and message) describing the failure.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/FidoClientFailureRequest"}}},"required":true},"responses":{"200":{"description":"Approval successful or further steps required. This is only possible if \"On Failure Gotos\" are configured on the step.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/SelfServiceFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/SelfServiceFlowResultDataResourceDocument"}}}},"400":{"description":"The request was invalid.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>FIDO_APPROVAL_ABORTED</td>\n\t<td>The FIDO approval has been aborted in the client. Returned if the <tt>reason</tt> in the request was \"ABORTED\".</td>\n</tr>\n<tr>\n\t<td>FIDO_APPROVAL_NOT_ALLOWED</td>\n\t<td>FIDO approval was not allowed in the client. Returned if the <tt>reason</tt> in the request was \"NOT_ALLOWED\".</td>\n</tr>\n<tr>\n\t<td>FIDO_WEB_AUTHN_NOT_AVAILABLE</td>\n\t<td>The browser/client does not support WebAuthn/FIDO. Returned if the <tt>reason</tt> in the request was \"NO_WEB_AUTHN\".</td>\n</tr>\n<tr>\n\t<td>FIDO_APPROVAL_FAILED</td>\n\t<td>Returned if any other error occurred in the client. Returned if the <tt>reason</tt> in the request was \"UNKNOWN\".</td>\n</tr>\n</table>\n</div>\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/protected/self-service/handleClientFailure_1CorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/protected/self-service_other"]}},"/protected/self-service/approval/fido/assertion-response/check":{"post":{"tags":["/protected/self-service_FIDO"],"summary":"Verify response","description":"Verify the FIDO authenticator's response.\n<p>The FIDO authenticator's response to the challenge (obtained previously as <a href=\"#additionalSelfServiceAttributes\">additional attribute</a>\nwith the <tt>FIDO_APPROVAL_CHALLENGE_RETRIEVAL_REQUIRED</tt> next step code) contains information about the FIDO credential\nused for this approval attempt as well as metadata that will be verified by IAM.</p>\n<div class=\"iam-resource-return\">Whether the check was successful. If the attribute <tt>nextStep</tt> is present in the response,\n further steps are required.</div>","operationId":"/protected/self-service/verify_1","requestBody":{"description":"Contains the FIDO authenticator's response to the previously obtained challenge.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/FidoAuthenticationPublicKeyCredentialRequest"}}},"required":true},"responses":{"200":{"description":"Approval successful or further steps required.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/SelfServiceFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/SelfServiceFlowResultDataResourceDocument"}}}},"400":{"description":"The request was invalid.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>FIDO_APPROVAL_FAILED</td>\n<td>The response of the FIDO authenticator to the previously obtained challenge could not be successfully verified.\nAs a result, the approval has failed and the flow has been terminated. No retries are possible.</td>\n</tr>\n<tr>\n<td>FIDO_APPROVAL_TIMEOUT</td>\n<td>The response of the FIDO authenticator has timed out.</td>\n</tr>\n</table>\n</div>\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/protected/self-service/verify_1CorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/protected/self-service_other"]}},"/protected/self-service/flows/{flowId}/select":{"post":{"tags":["/protected/self-service_Flow Control"],"summary":"Start flow","description":"Starts a self-service flow.\n<div class=\"iam-resource-return\">A success response with a next step indicating the required next action.</div>","operationId":"/protected/self-service/startFlow","responses":{"200":{"description":"Self-service flow successfully started.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/SelfServiceFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/SelfServiceFlowResultDataResourceDocument"}}}},"400":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>UNEXPECTED_CALL</td>\n<td>Another flow is already in progress.</td>\n</tr>\n</table>\n</div>\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>PRECONDITION_NOT_FULFILLED</td>\n<td>The access condition for this flow is not fulfilled.</td>\n</tr>\n<tr>\n<td>NOT_AUTHORIZED</td>\n<td>The authorization condition for this flow is not fulfilled, further authentication is required.</td>\n</tr>\n</table>\n</div>\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/protected/self-service/startFlowCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/protected/self-service_other"]},"parameters":[{"name":"flowId","in":"path","description":"the ID of the selected flow to be accessed","required":true,"schema":{"type":"string"}}]},"/protected/self-service/goto-targets/{stepId}/goto":{"post":{"tags":["/protected/self-service_Flow Control"],"summary":"Go to step","description":"Go to the selected flow step.\n<div class=\"iam-resource-return\">The required next step action or an error if the step ID is invalid.</div>","operationId":"/protected/self-service/doGoto","responses":{"200":{"description":"Self-service flow successful or further steps required.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/SelfServiceFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/SelfServiceFlowResultDataResourceDocument"}}}},"400":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>GOTO_FAILED</td>\n<td>The selected step ID is not available.</td>\n</tr>\n</table>\n</div>\n<br>Possible next step: always the same as before the goto call.\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/protected/self-service/doGotoCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/protected/self-service_other"]},"parameters":[{"name":"stepId","in":"path","description":"The goto target's step ID.","required":true,"schema":{"type":"string"}}]},"/protected/self-service/goto-targets/retrieve":{"post":{"tags":["/protected/self-service_Flow Control"],"summary":"List goto steps","description":"Retrieves possible target steps of an interactive goto.\n<div class=\"iam-resource-return\">A list of target steps.</div>","operationId":"/protected/self-service/retrieve_1","responses":{"200":{"description":"The information has been successfully returned.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/SelfServiceGotoTargetAttributesDataCollectionDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/SelfServiceGotoTargetAttributesDataCollectionDocument"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/protected/self-service/retrieve_1CorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/protected/self-service_other"]}},"/protected/self-service/selection/options/{id}/select":{"post":{"tags":["/protected/self-service_Flow Control"],"summary":"Select option","description":"Selects the given option if available.\n<div class=\"iam-resource-return\">The selected next step or an error if the option is invalid.</div>","operationId":"/protected/self-service/selectOption","responses":{"200":{"description":"Selected the chosen step and requires next step actions.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/SelfServiceFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/SelfServiceFlowResultDataResourceDocument"}}}},"400":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>SELECTION_FAILED</td>\n<td>The selected option is not available.</td>\n</tr>\n</table>\n</div>\n<br>Possible next step: <tt>SELECTION_REQUIRED</tt> (as documented <a href=\"#nextSelfServiceStepCodes\">here</a>).\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/protected/self-service/selectOptionCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/protected/self-service_other"]},"parameters":[{"name":"id","in":"path","description":"option to select.","required":true,"schema":{"type":"string"}}]},"/protected/self-service/approval/matrix/check":{"post":{"tags":["/protected/self-service_Matrix Cards"],"summary":"Verify response","description":"Verifies the submitted challenge response.\n<div class=\"iam-resource-return\">Whether the check was successful. Gives information about the next step required.</div>","operationId":"/protected/self-service/checkMtanOtp_1","requestBody":{"description":"Contains the challenge response(s).","content":{"application/json":{"schema":{"$ref":"#/components/schemas/MatrixChallengeCheckRequest"}}},"required":true},"responses":{"200":{"description":"Challenge successfully verified.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/SelfServiceFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/SelfServiceFlowResultDataResourceDocument"}}}},"400":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>MATRIX_RESPONSE_WRONG</td>\n<td>One or more responses could not be validated successfully. Retry again.<br>\nSince challenge coordinates may change after failed attempts (depending on configuration),\nthe new ones might have to be requested again.</td>\n</tr>\n</table>\n</div>\n<br>Possible next step: <tt>MATRIX_RESPONSE_REQUIRED</tt> (as documented <a href=\"#nextSelfServiceStepCodes\">here</a>).\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>MATRIX_RESPONSE_WRONG</td>\n<td>One or more responses could not be validated successfully.</td>\n</tr>\n<tr>\n<td>TOO_MANY_UNANSWERED_CHALLENGES</td>\n<td>Too many challenges were requested but not answered. Try again later.</td>\n</tr>\n</table>\n</div>\n<br>The current self-service flow has been aborted.\n<br>Possible next step: none.\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/protected/self-service/checkMtanOtp_1CorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/protected/self-service_other"]}},"/protected/self-service/mtan/registration/iak/check":{"post":{"tags":["/protected/self-service_SMS/mTAN"],"summary":"Verify IAK","description":"Verifies the submitted IAK.\nThe IAK is typically sent to the user by letter and can only be used once.\n<div class=\"iam-resource-return\">Whether the check was successful. If the attribute <tt>nextStep</tt> is present in the response,\n further steps are required. If the attribute is missing, the flow has completed successfully.</div>","operationId":"/protected/self-service/checkIak","requestBody":{"description":"Request containing the IAK.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/CheckIakRequest"}}},"required":true},"responses":{"200":{"description":"Flow complete or further steps required.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/SelfServiceFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/SelfServiceFlowResultDataResourceDocument"}}}},"400":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>IAK_WRONG</td>\n<td>IAK could not be validated successfully. Retry with correct IAK.</td>\n</tr>\n</table>\n</div>\n<br>Possible next step: <tt>MTAN_REGISTRATION_IAK_REQUIRED</tt> (as documented <a href=\"#nextSelfServiceStepCodes\">here</a>).\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>IAK_WRONG</td>\n<td>IAK could not be validated successfully and no retries are allowed.</td>\n</tr>\n</table>\n</div>\n<br>The current self-service flow has been aborted.\n<br>Possible next step: none.\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/protected/self-service/checkIakCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/protected/self-service_other"]}},"/protected/self-service/mtan/registration/otp/check":{"post":{"tags":["/protected/self-service_SMS/mTAN"],"summary":"Verify mTAN OTP","description":"Verifies the submitted mTAN OTP.\n<div class=\"iam-resource-return\">Whether the check was successful. If the attribute <tt>nextStep</tt> is present in the response,\n further steps are required. If the attribute is missing, the flow has completed successfully.</div>","operationId":"/protected/self-service/checkVerificationOtp","requestBody":{"description":"Request containing the mTAN OTP.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/GenericOtpCheckRequest"}}},"required":true},"responses":{"200":{"description":"Flow complete or further steps required.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/SelfServiceFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/SelfServiceFlowResultDataResourceDocument"}}}},"400":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>MTAN_OTP_WRONG</td>\n<td>OTP could not be validated successfully. Retry with correct OTP.</td>\n</tr>\n</table>\n</div>\n<br>Possible next step: <tt>MTAN_REGISTRATION_OTP_REQUIRED</tt> (as documented <a href=\"#nextSelfServiceStepCodes\">here</a>).\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>MTAN_OTP_WRONG</td>\n<td>OTP could not be validated successfully and no retries are allowed.</td>\n</tr>\n<tr>\n<td>MTAN_OTP_EXPIRED</td>\n<td>The OTP has expired.</td>\n</tr>\n</table>\n</div>\n<br>The current self-service flow has been aborted.\n<br>Possible next step: none.\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/protected/self-service/checkVerificationOtpCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/protected/self-service_other"]}},"/protected/self-service/mtan/registration/otp/resend":{"post":{"tags":["/protected/self-service_SMS/mTAN"],"summary":"Resend OTP","description":"Resends the mTAN OTP by SMS.\n<div class=\"iam-resource-return\">Whether the resend was successful and informs about the <tt>nextStep</tt>.\n Additionally, the response includes information about the possibility of an OTP resend.</div>","operationId":"/protected/self-service/resendMtanOtp_1","responses":{"200":{"description":"The OTP has been resent.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/SelfServiceFlowResultDataResourceDocument"},"examples":{"Flow result":{"description":"Flow result","value":{"meta":{"type":"jsonapi.metadata.document","timestamp":"2025-07-03T11:14:37.085+02:00"},"included":[{"type":"self-service.mtan.otp.resend.information","id":"1434690619","attributes":{"otpResendPossible":true}}],"data":{"type":"self-service.session","id":"633418980328204347","attributes":{"nextStep":"MTAN_REGISTRATION_OTP_REQUIRED","phoneNumber":"+41761234567","resendPossible":true}}}}}},"application/json":{"schema":{"$ref":"#/components/schemas/SelfServiceFlowResultDataResourceDocument"},"examples":{"Flow result":{"description":"Flow result","value":{"meta":{"type":"jsonapi.metadata.document","timestamp":"2025-07-03T11:14:37.085+02:00"},"included":[{"type":"self-service.mtan.otp.resend.information","id":"1434690619","attributes":{"otpResendPossible":true}}],"data":{"type":"self-service.session","id":"633418980328204347","attributes":{"nextStep":"MTAN_REGISTRATION_OTP_REQUIRED","phoneNumber":"+41761234567","resendPossible":true}}}}}}}},"400":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>MTAN_OTP_RESEND_REFUSED</td>\n<td>The OTP could not be resent.</td>\n</tr>\n</table>\n</div>\n<br>Possible next step: <tt>MTAN_REGISTRATION_OTP_REQUIRED</tt> (as documented <a href=\"#nextSelfServiceStepCodes\">here</a>).\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Resend failed. The current self-service flow has been aborted.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/protected/self-service/resendMtanOtp_1CorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/protected/self-service_other"]}},"/protected/self-service/mtan/registration/otp/resend-info/retrieve":{"post":{"tags":["/protected/self-service_SMS/mTAN"],"summary":"Verify OTP resend possible","description":"Returns whether a new OTP can be resent by SMS.\n<div class=\"iam-resource-return\">Whether an OTP resend is possible or not.</div>","operationId":"/protected/self-service/retrieveResendInfo_1","responses":{"200":{"description":"Returns information about a possible OTP resend.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/SelfServiceResendMtanOtpPossibleDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/SelfServiceResendMtanOtpPossibleDataResourceDocument"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/protected/self-service/retrieveResendInfo_1CorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/protected/self-service_other"]}},"/protected/self-service/mtan/registration/start":{"post":{"tags":["/protected/self-service_SMS/mTAN"],"summary":"Start token registration","description":"Starts mTAN token registration. Allows setting the number and/or label of an mTAN token.\n<div class=\"iam-resource-return\">Whether the fields have been accepted and set. This endpoint returns a <tt>nextStep</tt> with\n value <tt>MTAN_REGISTRATION_START_REQUIRED</tt> if the token data is not yet valid.\n <p>\n On error, this endpoint returns a detailed list of validation failures.\n </p></div>","operationId":"/protected/self-service/start","requestBody":{"description":"the mTAN token to register","content":{"application/json":{"schema":{"$ref":"#/components/schemas/MtanTokenRegistrationRequest"}}},"required":true},"responses":{"200":{"description":"Token fields successfully set.  If the attribute <tt>nextStep</tt> is present in the response,\nfurther steps are required. If the attribute is missing, the flow has completed successfully.\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/SelfServiceFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/SelfServiceFlowResultDataResourceDocument"}}}},"400":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>VALIDATION_FAILED</td>\n<td>The supplied fields could not be validated successfully. See <a href=\"#validationFailures\">validation failures</a> for detail codes.</td>\n</tr>\n</table>\n</div>\n<br>Possible next steps: <tt>MTAN_REGISTRATION_START_REQUIRED</tt> (as documented <a href=\"#nextSelfServiceStepCodes\">here</a>).\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"The current self-service flow has been aborted.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/protected/self-service/startCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/protected/self-service_other"]}},"/protected/self-service/approval/vasco/otp/check":{"post":{"tags":["/protected/self-service_Vasco OTP"],"summary":"Check Vasco OTP","description":"Checks the submitted Vasco OTP. Note that unlike identity verification, approval REST calls require an existing user\nand cannot prevent username enumeration\n<div class=\"iam-resource-return\">Whether the check was successful. Gives information about the next step required.</div>","operationId":"/protected/self-service/checkVascoOtp","requestBody":{"description":"Request containing the Vasco OTP.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/GenericOtpCheckRequest"}}},"required":true},"responses":{"200":{"description":"OTP successfully verified.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/SelfServiceFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/SelfServiceFlowResultDataResourceDocument"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>VASCO_OTP_WRONG</td>\n<td>The OTP could not be validated successfully.</td>\n</tr>\n</table>\n</div>\n<br>The current protected self-service flow has been aborted.\n<br>Possible next step: none.\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/protected/self-service/checkVascoOtpCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/protected/self-service_other"]}},"/protected/self-service/ssi/issuance/poll":{"post":{"tags":["/protected/self-service_SSI"],"summary":"Poll credential offer","description":"> [!warning]\n> <strong>EXPERIMENTAL</strong>: This endpoint is under active development and subject to change. Avoid using it in production clients.\n<p>Allows polling whether the credential offer has been accepted.</p>\n<div class=\"iam-resource-return\">The status of the issuance.\n The attribute <tt>nextStep</tt> defines the next flow step (can be the current step, if further polling is required).</div>","operationId":"/protected/self-service/pollOfferAcceptance","responses":{"200":{"description":"Issuance not yet completed (retry later), self-service completed or further steps required.\n<br>Possible next step: <tt>SSI_CREDENTIAL_ACCEPTANCE_REQUIRED</tt>.\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/SelfServiceFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/SelfServiceFlowResultDataResourceDocument"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>SSI_ISSUANCE_FAILED</td>\n<td>Credential issuance has failed.</td>\n</tr>\n</table>\n</div>\n<br>The current self-service flow has been aborted.\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-scalar-stability":"experimental"},"options":{"operationId":"/protected/self-service/pollOfferAcceptanceCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/protected/self-service_other"]},"parameters":[{"name":"queryOnly","in":"query","description":"Whether the final result should be returned (optional, default <tt>false</tt>). See <a href=\"#pollingEndpoints\">polling endpoints</a> for details.","schema":{"type":"boolean"}}]},"/protected/self-service/ssi/verification/poll":{"post":{"tags":["/protected/self-service_SSI"],"summary":"Poll presentation","description":"> [!warning]\n> <strong>EXPERIMENTAL</strong>: This endpoint is under active development and subject to change. Avoid using it in production clients.\n<p>Allows polling whether the presentation has been received and verified.</p>\n<div class=\"iam-resource-return\">The proof verification status.\n The attribute <tt>nextStep</tt> defines the next flow step (can be the current step, if further polling is required).","operationId":"/protected/self-service/pollProofVerification","responses":{"200":{"description":"issuance not yet completed (retry later), self-service completed or further steps required.\n<br>Possible next step: <tt>SSI_PROOF_VERIFICATION_REQUIRED</tt>.\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/SelfServiceFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/SelfServiceFlowResultDataResourceDocument"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>SSI_VERIFICATION_FAILED</td>\n<td>The SSI verification has failed.</td>\n</tr>\n</table>\n</div>\n<br>The current self-service flow has been aborted.\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-scalar-stability":"experimental"},"options":{"operationId":"/protected/self-service/pollProofVerificationCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/protected/self-service_other"]},"parameters":[{"name":"queryOnly","in":"query","description":"Whether the final result should be returned (optional, default <tt>false</tt>). See <a href=\"#pollingEndpoints\">polling endpoints</a> for details.","schema":{"type":"boolean"}}]},"/protected/self-service/representation/start":{"post":{"tags":["/protected/self-service_Representation"],"summary":"Start session","description":"Starts a new user representation session for the representee provided.\n<p>\nTo stop the user representation, start the corresponding flow containing a non-interactive \"Stop User Representation Step\" by calling\n<tt><span class=\"httpMethod small POST\">POST</span>/protected/self-service/flows/{flowId}/select/</tt>.\n</p>\n<div class=\"iam-resource-return\">Whether a new user representation session was successfully initiated. If this endpoint returns a <tt>nextStep</tt>, further\n actions are required. If this attribute is missing, the representation session has successfully started and the client can follow the redirect URI\n contained therein.\n <p>\n On failure, an error code is returned.\n </p></div>","operationId":"/protected/self-service/startRepresentation","requestBody":{"description":"Contains parameters required to represent a user.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/StartUserRepresentationRequest"}}},"required":true},"responses":{"200":{"description":"New representation session started or further steps required. In the first case, the response\ncontains an additional attribute <tt>representeeAccessUri</tt>. The redirect URI contains an SSO ticket to start\nthe session on the representee IAM.\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/SelfServiceFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/SelfServiceFlowResultDataResourceDocument"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>USER_REPRESENTATION_NOT_ALLOWED</td>\n<td>The authenticated user is not allowed to represent the given representee.</td>\n</tr>\n<tr>\n<td>USER_REPRESENTATION_ALREADY_IN_PROGRESS</td>\n<td>A representation session is already in progress.</td>\n</tr>\n<tr>\n<td>USER_REPRESENTATION_INVALID_TARGET_LOCATION</td>\n<td>The given target location is invalid / not whitelisted by configuration.</td>\n</tr>\n</table>\n<br>\nThe current self-service flow has been aborted.\n</div>\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/protected/self-service/startRepresentationCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/protected/self-service_other"]}},"/protected/self-service/data/edit":{"post":{"tags":["/protected/self-service_User Context Data"],"summary":"Edit items","description":"Edit context-data items for a user.\n<p>This endpoint updates only items sent with the request. Omitted items remain unchanged.\nContext-data items with a value of <tt>null</tt> are removed. </p>\n<div class=\"iam-resource-return\">Whether the data items were accepted and set. If a request contains both valid and invalid items, the valid items will be processed.\n This endpoint returns a <tt>nextStep</tt> with\n value <tt>USER_DATA_EDIT_REQUIRED</tt> if the step's data is not yet valid. It returns a <tt>nextStep</tt> with\n value <tt>USER_DATA_EDIT_POSSIBLE</tt> if the step's data is valid and a follow-up call to the <tt>continue</tt> endpoint\n will advance the flow.\n <p>\n On error, this endpoint returns a detailed list of validation failures.\n </p></div>","operationId":"/protected/self-service/editData","requestBody":{"description":"<div class=\"iam-docu\">\nContains the data items to be edited. The format of an individual data item's value depends on its configured type:\n<table>\n<tr><th>Item Type</th><th>Format</th></tr>\n<tr><td><i>Boolean</i></td><td>One of the literals <tt>true</tt> or <tt>false</tt></td></tr>\n<tr><td><i>String</i></td><td>A double-quoted string</td></tr>\n<tr><td><i>Date</i></td><td>The format <tt>full-date</tt> as defined in <a href=\"#dateAndTimeFormat\">Date and time format</a> (e.g. <tt>2018-02-06</tt>).</td></tr>\n<tr><td><i>Date And Time</i></td><td>The format <tt>date-time</tt> as defined in <a href=\"#dateAndTimeFormat\">Date and time format</a> (e.g. <tt>2018-02-06T15:58:53.661Z</tt>)</td></tr>\n</table>\n</div>","content":{"application/json":{"schema":{"$ref":"#/components/schemas/UserDataEditRequestOverride"},"examples":{"Set street number":{"description":"Set street number","value":{"streetNumber":"123"}},"Remove street number":{"description":"Remove street number","value":{"streetNumber":null}}}}}},"responses":{"200":{"description":"Data items successfully set. The <tt>nextStep</tt> informs about the step's data validity.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/SelfServiceFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/SelfServiceFlowResultDataResourceDocument"}}}},"400":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>VALIDATION_FAILED</td>\n<td>The supplied attributes could not be validated successfully. See <a href=\"#validationFailures\">validation failures</a> for detail codes.</td>\n</tr>\n</table>\n</div>\n<br>Possible next steps: <tt>USER_DATA_EDIT_REQUIRED</tt> or <tt>USER_DATA_EDIT_POSSIBLE</tt> (as documented\n<a href=\"#nextSelfServiceStepCodes\">here</a>).\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"The current self-service flow has been aborted.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/protected/self-service/editDataCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/protected/self-service_other"]}},"/protected/self-service/data/info/retrieve":{"post":{"tags":["/protected/self-service_User Context Data"],"summary":"Get info","description":"Retrieves information about context data items to be edited.\n<div class=\"iam-resource-return\">A list containing information for each context-data item that can be edited in the current step.</div>","operationId":"/protected/self-service/retrieveInfo_1","responses":{"200":{"description":"The information has successfully been returned.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/UserDataEditItemInfoResponseAttributesDataCollectionDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/UserDataEditItemInfoResponseAttributesDataCollectionDocument"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/protected/self-service/retrieveInfo_1CorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/protected/self-service_other"]}},"/protected/self-service/data/validate":{"post":{"tags":["/protected/self-service_User Context Data"],"summary":"Validate data","description":"Validate all data on the current context-data edit step.\n<div class=\"iam-resource-return\">Whether the data validated successfully. On success, this endpoint returns a <tt>nextStep</tt> with\n value <tt>USER_DATA_EDIT_POSSIBLE</tt>.\n <p>\n On error, this endpoint returns a detailed list of validation failures.\n </p></div>","operationId":"/protected/self-service/validate","responses":{"200":{"description":"All data successfully set. A call to the <tt>continue</tt> endpoint will advance the flow.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/SelfServiceFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/SelfServiceFlowResultDataResourceDocument"}}}},"400":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>VALIDATION_FAILED</td>\n<td>The supplied attributes could not be validated successfully. See <a href=\"#validationFailures\">validation failures</a> for detail codes.</td>\n</tr>\n</table>\n</div>\n<br>Possible next steps: <tt>USER_DATA_EDIT_REQUIRED</tt> or <tt>USER_DATA_EDIT_POSSIBLE</tt> (as documented <a href=\"#nextSelfServiceStepCodes\">here</a>).\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"The current self-service flow has been aborted.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/protected/self-service/validateCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/protected/self-service_other"]}},"/protected/self-service/data/continue":{"post":{"tags":["/protected/self-service_User Context Data"],"summary":"Validate and continue","description":"Validate all data on the current context-data edit step and continue to the next step if possible.\n<div class=\"iam-resource-return\">If the attribute <tt>nextStep</tt> is\n present in the response, further steps are required to successfully edit the context-data. If the attribute is missing, the\n user has successfully completed the self-service flow.\n <p>\n On error, this endpoint returns a detailed list of validation failures.\n </p></div>","operationId":"/protected/self-service/validateAndContinue_4","responses":{"200":{"description":"All data successfully received and self-service flow completed if no further steps required.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/SelfServiceFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/SelfServiceFlowResultDataResourceDocument"}}}},"400":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>VALIDATION_FAILED</td>\n<td>The supplied attributes could not be validated successfully. See <a href=\"#validationFailures\">validation failures</a> for detail codes.</td>\n</tr>\n</table>\n</div>\n<br>Possible next steps: <tt>USER_DATA_EDIT_REQUIRED</tt> or <tt>USER_DATA_EDIT_POSSIBLE</tt> (as documented <a href=\"#nextSelfServiceStepCodes\">here</a>).\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"The current self-service flow has been aborted.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/protected/self-service/validateAndContinue_4CorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/protected/self-service_other"]}},"/protected/self-service/vasco/devices/{id}/activate":{"post":{"tags":["/protected/self-service_Vasco OTP"],"summary":"Validate OTP","description":"Validates the submitted Vasco OTP and if successful sets the Vasco OTP device active.\n<div class=\"iam-resource-return\">Whether the device activation was successful</div>","operationId":"/protected/self-service/validateOtp","requestBody":{"description":"Request containing the Vasco OTP","content":{"application/json":{"schema":{"$ref":"#/components/schemas/GenericOtpCheckRequest"}}},"required":true},"responses":{"200":{"description":"Vasco device activation completed. Self-service successful or further steps required.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/SelfServiceFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/SelfServiceFlowResultDataResourceDocument"}}}},"400":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>VASCO_DEVICE_CHOICE_FAILED</td>\n<td>Device ID could not be validated successfully. Retry with correct device ID.</td>\n</tr>\n<tr>\n<td>VASCO_OTP_WRONG</td>\n<td>OTP could not be validated successfully. Retry with correct OTP.</td>\n</tr>\n</table>\n</div>\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/protected/self-service/validateOtpCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/protected/self-service_other"]},"parameters":[{"name":"id","in":"path","description":"Device ID of the activatable Vasco OTP device","required":true,"schema":{"type":"string"}}]},"/protected/self-service/airlock-2fa/activation/challenge/retrieve":{"post":{"tags":["/protected/self-service_Airlock 2FA"],"summary":"Get activation challenge","description":"> [!caution]\n> This endpoint is deprecated. The activation challenge is returned as\n<a href=\"#additionalSelfServiceAttributes\">additional attribute</a> with the <tt>AIRLOCK_2FA_DEVICE_ACTIVATION_REQUIRED</tt>\nand <tt><s>AIRLOCK_2FA_DEVICE_ACTIVATION_POLLING_REQUIRED</s></tt> next step codes.\n<p>Retrieves the Airlock 2FA activation challenge.</p>\n<div class=\"iam-resource-return\">The activation challenge.</div>","operationId":"/protected/self-service/retrieveActivationChallenge","responses":{"200":{"description":"Further steps required.\n<br>Next step: <tt>AIRLOCK_2FA_DEVICE_ACTIVATION_POLLING_REQUIRED</tt> (as documented <a href=\"#nextSelfServiceStepCodes\">here</a>).\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/SelfServiceAirlock2FAActivationChallengeDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/SelfServiceAirlock2FAActivationChallengeDataResourceDocument"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication.\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"deprecated":true},"options":{"operationId":"/protected/self-service/retrieveActivationChallengeCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/protected/self-service_other"]}},"/protected/self-service/airlock-2fa/device-edit/data/retrieve":{"post":{"tags":["/protected/self-service_Airlock 2FA"],"summary":"List attributes","description":"> [!caution]\n> This endpoint is deprecated. The current display name is returned as\n<a href=\"#additionalSelfServiceAttributes\">additional attribute</a> with the <tt>AIRLOCK_2FA_DEVICE_EDIT_POSSIBLE</tt> next step code.\n<p>Retrieves editable attributes of the activated Airlock 2FA device.</p>\n<div class=\"iam-resource-return\">information about the activated Airlock 2FA device.</div>","operationId":"/protected/self-service/retrieveCurrentDisplayName","responses":{"200":{"description":"The information has successfully been returned.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/Airlock2FADeviceEditSelfServiceResponseAttributesDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/Airlock2FADeviceEditSelfServiceResponseAttributesDataResourceDocument"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"deprecated":true},"options":{"operationId":"/protected/self-service/retrieveCurrentDisplayNameCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/protected/self-service_other"]}},"/protected/self-service/approval/airlock-2fa/devices/retrieve":{"post":{"tags":["/protected/self-service_Airlock 2FA"],"summary":"List devices","description":"> [!caution]\n> This endpoint is deprecated. The device choices are returned as\n<a href=\"#additionalSelfServiceAttributes\">additional attribute</a> with the <tt>AIRLOCK_2FA_DEVICE_CHOICE_REQUIRED</tt> next step code.\n<p>Retrieves all applicable Airlock 2FA devices.</p>\n<div class=\"iam-resource-return\">The collection of applicable Airlock 2FA devices</div>","operationId":"/protected/self-service/retrieveDeviceChoices","responses":{"200":{"description":"Available devices retrieved.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/SelfServiceAirlock2FADeviceDataCollectionDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/SelfServiceAirlock2FADeviceDataCollectionDocument"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"deprecated":true},"options":{"operationId":"/protected/self-service/retrieveDeviceChoicesCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/protected/self-service_other"]}},"/protected/self-service/approval/airlock-2fa/mobile-only/challenge/retrieve":{"post":{"tags":["/protected/self-service_Airlock 2FA"],"summary":"Get mobile-only challenge","description":"> [!caution]\n> This endpoint is deprecated. The mobile authentication URI is returned as <a href=\"#additionalSelfServiceAttributes\">additional attribute</a>\nwith the <tt><s>AIRLOCK_2FA_MOBILE_ONLY_CHALLENGE_RETRIEVAL_REQUIRED</s></tt> or <tt>AIRLOCK_2FA_POLLING_REQUIRED</tt> next step codes.\n<p>Retrieves the challenge in case of mobile-only.</p>\n<div class=\"iam-resource-return\">a challenge in the form of a URI.</div>","operationId":"/protected/self-service/retrieveMobileOnlyChallenge","responses":{"200":{"description":"A challenge has been returned.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/SelfServiceAirlock2FAMobileOnlyChallengeDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/SelfServiceAirlock2FAMobileOnlyChallengeDataResourceDocument"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"deprecated":true},"options":{"operationId":"/protected/self-service/retrieveMobileOnlyChallengeCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/protected/self-service_other"]}},"/protected/self-service/approval/airlock-2fa/offline-qr-code/challenge/retrieve":{"post":{"tags":["/protected/self-service_Airlock 2FA"],"summary":"Get QR challenge","description":"> [!caution]\n> This endpoint is deprecated. The challenge is returned as <a href=\"#additionalSelfServiceAttributes\">additional attribute</a>\nwith the <tt>AIRLOCK_2FA_QR_CODE_OTP_REQUIRED</tt> next step code.\n<p>Returns the Offline QR Code challenge for Airlock 2FA.</p>\n<p>The challenge is delivered as a base64-encoded image.\nThe OTP returned by the user after scanning the image needs to be checked manually (<tt>POST /airlock-2fa/otp/check</tt>).</p>\n<div class=\"iam-resource-return\">A challenge for Airlock 2FA.</div>","operationId":"/protected/self-service/retrieveOfflineQrCodeChallenge","responses":{"200":{"description":"A challenge has been returned.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/SelfServiceAirlock2FAOfflineChallengeDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/SelfServiceAirlock2FAOfflineChallengeDataResourceDocument"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"deprecated":true},"options":{"operationId":"/protected/self-service/retrieveOfflineQrCodeChallengeCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/protected/self-service_other"]}},"/protected/self-service/cronto/activation/start-challenge/retrieve":{"post":{"tags":["/protected/self-service_Cronto"],"summary":"Get cryptogram","description":"> [!caution]\n> This endpoint is deprecated. The challenge information is returned as\n<a href=\"#additionalSelfServiceAttributes\">additional attribute</a> with the <tt>CRONTO_ACTIVATION_START_WITHOUT_LETTER_REQUIRED</tt> next step code.\n<p>Retrieves the start Cronto activation cryptogram for an activation without letter.</p>\n<p>The retrieved Cronto activation challenge can be used to start the Cronto activation.\n<br>The following preconditions must be fulfilled to make this step available:\n<br>Config-related settings:</p>\n<ul>\n<li>The Cronto Activation step must have a \"Strong Authentication Tag\" configured (Advanced Settings).</li>\n<li>The Cronto Handler plugin must have \"Allow Activation Without Letter\" enabled (Activation Settings).</li>\n</ul>\nUser-related conditions:\n<ul>\n<li>The user must not have an activation letter (can be checked on the Adminapp user details page).</li>\n</ul>\n<div class=\"iam-resource-return\">The Cronto activation challenge to start the Cronto device activation process.</div>","operationId":"/protected/self-service/retrieveFirstActivationChallenge","responses":{"200":{"description":"Cronto activation challenge created.\n<br>Next step: <tt>CRONTO_ACTIVATION_START_WITHOUT_LETTER_REQUIRED</tt> (as documented <a href=\"#nextSelfServiceStepCodes\">here</a>).\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/SelfServiceCrontoActivationChallengeDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/SelfServiceCrontoActivationChallengeDataResourceDocument"}}}},"400":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>UNEXPECTED_CALL</td>\n<td>This is not a Cronto activation without letter use case.</td>\n</tr>\n</table>\n</div>\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"deprecated":true},"options":{"operationId":"/protected/self-service/retrieveFirstActivationChallengeCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/protected/self-service_other"]}},"/protected/self-service/cronto/activation/challenge/retrieve":{"post":{"tags":["/protected/self-service_Cronto"],"summary":"Get second cryptogram","description":"> [!caution]\n> This endpoint is deprecated. The challenge information is returned as\n<a href=\"#additionalSelfServiceAttributes\">additional attribute</a> with the <tt>CRONTO_ACTIVATION_COMPLETE_REQUIRED</tt> next step code.\n<p>Provides the second Cronto activation cryptogram, which is used to complete the device activation\nprocess. This can be retrieved once the OTP from the first cryptogram has successfully been\nverified.</p>\n<div class=\"iam-resource-return\">The second Cronto cryptogram required to complete the Cronto device activation process.</div>","operationId":"/protected/self-service/retrieveSecondActivationChallenge","responses":{"200":{"description":"Retrieved new Cronto challenge.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/SelfServiceCrontoActivationChallengeDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/SelfServiceCrontoActivationChallengeDataResourceDocument"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"deprecated":true},"options":{"operationId":"/protected/self-service/retrieveSecondActivationChallengeCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/protected/self-service_other"]}},"/protected/self-service/cronto/push-devices/activation/challenge/retrieve":{"post":{"tags":["/protected/self-service_Cronto"],"summary":"Get cryptogram","description":"> [!caution]\n> This endpoint is deprecated. The challenge information is returned as\n<a href=\"#additionalSelfServiceAttributes\">additional attribute</a> with the <tt>CRONTO_PUSH_ACTIVATION_POSSIBLE</tt> next step code.\n<p>Retrieves the Cronto push activation cryptogram.</p>\n<p>The retrieved Cronto activation challenge can be used to activate push notifications\nin the CrontoSign Swiss app.</p>\n<div class=\"iam-resource-return\">The Cronto push activation challenge.</div>","operationId":"/protected/self-service/retrievePushActivationChallenge","responses":{"200":{"description":"Cronto push activation challenge created.\n<br>Next step: <tt>CRONTO_PUSH_ACTIVATION_POSSIBLE</tt> (as documented <a href=\"#nextSelfServiceStepCodes\">here</a>).\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/CrontoPushActivationChallengeSelfServiceDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/CrontoPushActivationChallengeSelfServiceDataResourceDocument"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"deprecated":true},"options":{"operationId":"/protected/self-service/retrievePushActivationChallengeCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/protected/self-service_other"]}},"/protected/self-service/approval/cronto/challenge/retrieve":{"post":{"tags":["/protected/self-service_Cronto"],"summary":"Get challenge","description":"> [!caution]\n> This endpoint is deprecated. The challenge information is returned as\n<a href=\"#additionalSelfServiceAttributes\">additional attribute</a> with the <tt>CRONTO_OTP_REQUIRED</tt> next step code.\n<p>Returns a challenge for Cronto.</p>\n<p>The challenge is delivered as a base64-encoded image ('cryptogram') and as a string representation for\napp-to-app authentication.</p>\n<p>\nThe two attributes \"onlineValidation\" and \"pushed\" have only informative character and indicate\nthe recommended behavior for clients:\n<ul>\n<li>If the \"onlineValidation\" attribute is true, the client application should not ask the user for the\nresponse OTP, as the app will send the response directly to the server (Scan&amp;Login or Push use-cases).\nInstead, the client application should regularly poll (<tt>POST /cronto/otp/poll</tt>) to check if a response\nhas been received. There should be an option for the user to fall back to entering the OTP manually. Sending the\nmanually entered OTP to (<tt>POST /cronto/otp/check</tt>) cancels the online validation</li>\n<li>If also the \"pushed\" attribute is true, the challenge has been pushed to a Cronto app. In this case also\nthe cryptogram should not be displayed. Instead, the user should be informed about this and asked to confirm\nthe operation on their Cronto app. Again, a fallback for offline situations should be available.\nIf \"pushed\" is true, \"onlineValidation\" is always true.</li>\n</ul>\n</p>\n<div class=\"iam-resource-return\">A Cronto challenge.</div>","operationId":"/protected/self-service/retrieveChallenge","responses":{"200":{"description":"A challenge has been returned.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/SelfServiceCrontoChallengeDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/SelfServiceCrontoChallengeDataResourceDocument"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"deprecated":true},"options":{"operationId":"/protected/self-service/retrieveChallengeCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/protected/self-service_other"]}},"/protected/self-service/approval/cronto/push-devices/retrieve":{"post":{"tags":["/protected/self-service_Cronto"],"summary":"List devices","description":"> [!caution]\n> This endpoint is deprecated. The device choices are returned as\n<a href=\"#additionalSelfServiceAttributes\">additional attributes</a> with the <tt>CRONTO_DEVICE_CHOICE_REQUIRED</tt> next step code.\n<p>Retrieves the set of active Cronto push devices.</p>\n<div class=\"iam-resource-return\">The collection of active Cronto push devices</div>","operationId":"/protected/self-service/retrievePushDeviceChoices","responses":{"200":{"description":"Available push devices retrieved.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/DeviceLabelDataCollectionDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/DeviceLabelDataCollectionDocument"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"deprecated":true},"options":{"operationId":"/protected/self-service/retrievePushDeviceChoicesCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/protected/self-service_other"]}},"/protected/self-service/cronto/device/info/retrieve":{"post":{"tags":["/protected/self-service_Cronto"],"summary":"Get device info","description":"> [!caution]\n> This endpoint is deprecated. The current device name is returned as\n<a href=\"#additionalSelfServiceAttributes\">additional attribute</a> with the <tt>CRONTO_DEVICE_RENAMING_POSSIBLE</tt>\nand <tt>CRONTO_DEVICE_RENAMING_REQUIRED</tt> next step codes.\n<p>Retrieve information about the device name to be edited.</p>\n<div class=\"iam-resource-return\">A response containing information about the device name that is currently being edited.\n This endpoint returns a <tt>nextStep</tt> <tt>CRONTO_DEVICE_RENAMING_REQUIRED</tt> if the name\n is not yet valid. It returns a <tt>nextStep</tt> <tt>CRONTO_DEVICE_RENAMING_POSSIBLE</tt> if the name\n is valid and a follow-up call to the <tt>continue</tt> endpoint will advance the flow.</div>","operationId":"/protected/self-service/retriveInfo","responses":{"200":{"description":"Information successfully retrieved.\n<br>Possible next step: <tt>CRONTO_DEVICE_RENAMING_REQUIRED</tt> (as documented <a href=\"#nextSelfServiceStepCodes\">here</a>).\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/CrontoDeviceEditInfoDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/CrontoDeviceEditInfoDataResourceDocument"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"The current self-service flow has been aborted.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"deprecated":true},"options":{"operationId":"/protected/self-service/retriveInfoCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/protected/self-service_other"]}},"/protected/self-service/fido/credential/info/retrieve":{"post":{"tags":["/protected/self-service_FIDO"],"summary":"Get credential info","description":"> [!caution]\n> This endpoint is deprecated. The display name is returned as\n<a href=\"#additionalSelfServiceAttributes\">additional attribute</a> with the <tt>FIDO_CREDENTIAL_EDIT_POSSIBLE</tt> next step code.\n<p>Retrieve information about the display name to be edited.</p>\n<div class=\"iam-resource-return\">A response containing information about the credential display name that is currently being edited.\n This endpoint returns a <tt>nextStep</tt> <tt>FIDO_CREDENTIAL_EDIT_POSSIBLE</tt> and a follow-up\n call to the <tt>continue</tt> endpoint will advance the flow.</div>","operationId":"/protected/self-service/retriveInfo_1","responses":{"200":{"description":"Information successfully retrieved.\n<br>Possible next step: <tt>FIDO_CREDENTIAL_EDIT_POSSIBLE</tt> (as documented <a href=\"#nextSelfServiceStepCodes\">here</a>).\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/FidoCredentialEditInfoDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/FidoCredentialEditInfoDataResourceDocument"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"The current self-service flow has been aborted.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"deprecated":true},"options":{"operationId":"/protected/self-service/retriveInfo_1CorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/protected/self-service_other"]}},"/protected/self-service/approval/mtan/tokens/retrieve":{"post":{"tags":["/protected/self-service_SMS/mTAN"],"summary":"List tokens","description":"> [!caution]\n> This endpoint is deprecated. The number choices are returned as\n<a href=\"#additionalSelfServiceAttributes\">additional attributes</a> with the <tt>MTAN_TOKEN_CHOICE_REQUIRED</tt> next step code.\n<p>Retrieves the set of active mTAN tokens.</p>\n<div class=\"iam-resource-return\">The collection of active mTAN tokens.</div>","operationId":"/protected/self-service/retrieveMtanTokens","responses":{"200":{"description":"Available mTAN tokens retrieved.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/SelfServiceMtanTokenDataCollectionDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/SelfServiceMtanTokenDataCollectionDocument"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"deprecated":true},"options":{"operationId":"/protected/self-service/retrieveMtanTokensCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/protected/self-service_other"]}},"/protected/self-service/approval/mtan/otp/resend-info/retrieve":{"post":{"tags":["/protected/self-service_SMS/mTAN"],"summary":"Verify OTP resend possible","description":"> [!caution]\n> This endpoint is deprecated. The resend information is returned as\n<a href=\"#additionalSelfServiceAttributes\">additional attribute</a> with the <tt>MTAN_OTP_REQUIRED</tt> next step code.\n<p>Returns whether a new OTP can be resent by SMS.</p>\n<div class=\"iam-resource-return\">Whether an OTP resend is possible or not.</div>","operationId":"/protected/self-service/retrieveResendInfo","responses":{"200":{"description":"Returns information about a possible OTP resend.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/SelfServiceResendMtanOtpPossibleDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/SelfServiceResendMtanOtpPossibleDataResourceDocument"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"deprecated":true},"options":{"operationId":"/protected/self-service/retrieveResendInfoCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/protected/self-service_other"]}},"/protected/self-service/approval/fido/challenge/retrieve":{"post":{"tags":["/protected/self-service_FIDO"],"summary":"Get challenge","description":"> [!caution]\n> This endpoint is deprecated. The challenge information is returned as <a href=\"#additionalSelfServiceAttributes\">additional attribute</a>\nwith the <tt>FIDO_APPROVAL_CHALLENGE_RETRIEVAL_REQUIRED</tt> next step code.\n<p>Retrieve FIDO challenge to be passed to FIDO authenticator.</p>\n<div class=\"iam-resource-return\">the Approval challenge</div>","operationId":"/protected/self-service/retrieveAuthenticationChallenge","responses":{"200":{"description":"Further steps required.\n<br>Possible next step: <tt>FIDO_APPROVAL_ASSERTION_RESPONSE_REQUIRED</tt> (as documented <a href=\"#nextSelfServiceStepCodes\">here</a>).\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/SelfServiceFidoApprovalChallengeDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/SelfServiceFidoApprovalChallengeDataResourceDocument"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"deprecated":true},"options":{"operationId":"/protected/self-service/retrieveAuthenticationChallengeCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/protected/self-service_other"]}},"/protected/self-service/selection/options/retrieve":{"post":{"tags":["/protected/self-service_Flow Control"],"summary":"List options","description":"> [!caution]\n> This endpoint is deprecated. The selection options are returned as\n<a href=\"#additionalSelfServiceAttributes\">additional attribute</a> with the <tt>SELECTION_REQUIRED</tt> next step code.\n<p>Retrieves the available options the user can choose from to proceed in one of the self-service subflows.</p>\n<div class=\"iam-resource-return\">The available options.</div>","operationId":"/protected/self-service/retrieveOptions","responses":{"200":{"description":"Available selection options retrieved.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/SelfServiceSelectionOptionDataCollectionDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/SelfServiceSelectionOptionDataCollectionDocument"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"deprecated":true},"options":{"operationId":"/protected/self-service/retrieveOptionsCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/protected/self-service_other"]}},"/protected/self-service/approval/matrix/challenge/retrieve":{"post":{"tags":["/protected/self-service_Matrix Cards"],"summary":"Get challenges","description":"> [!caution]\n> This endpoint is deprecated. The challenges are returned as\n<a href=\"#additionalSelfServiceAttributes\">additional attribute</a> with the <tt>MATRIX_RESPONSE_REQUIRED</tt> next step code.\n<p>Returns one or more challenges for matrix/index list approval.</p>\n<div class=\"iam-resource-return\">A list of one or more matrix coordinates or index list indexes.</div>","operationId":"/protected/self-service/retrieveChallenge_1","responses":{"200":{"description":"The challenge has been returned.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/SelfServiceMatrixChallengeDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/SelfServiceMatrixChallengeDataResourceDocument"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"deprecated":true},"options":{"operationId":"/protected/self-service/retrieveChallenge_1CorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/protected/self-service_other"]}},"/public/user-self-registration/flow":{"delete":{"tags":["/public/user-self-registration_Flow Control"],"summary":"Abort flow","description":"Aborts the current user self-registration flow.\n<div class=\"iam-resource-return\">response</div>","operationId":"/public/user-self-registration/abortFlow","responses":{"204":{"description":"User self-registration flow successfully terminated."},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/public/user-self-registration/abortFlowCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/user-self-registration_other"]}},"/public/user-self-registration/ui/default/flow/id":{"get":{"tags":["/public/user-self-registration_UI"],"summary":"Get flow ID","description":"Returns the default flow ID for user self-registration.\n<div class=\"iam-resource-return\">A JSON containing the default flow ID</div>","operationId":"/public/user-self-registration/getDefaultFlowId","responses":{"200":{"description":"The response contains the default flow ID.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/FlowIdData"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"404":{"description":"If no UI is available.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-internal":"true"},"options":{"operationId":"/public/user-self-registration/getDefaultFlowIdCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/user-self-registration_other"]}},"/public/user-self-registration/ui/on-completed/{flowId}":{"get":{"operationId":"/public/user-self-registration/getOnCompletedInfo","responses":{"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"default":{"description":"default response","content":{"application/vnd.api+json":{},"application/json;qs=0.9":{}}}},"x-internal":"true","tags":["/public/user-self-registration_other"]},"options":{"operationId":"/public/user-self-registration/getOnCompletedInfoCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/user-self-registration_other"]},"parameters":[{"name":"flowId","in":"path","required":true,"schema":{"maxLength":30,"minLength":1,"type":"string"}}]},"/public/user-self-registration/ui/on-failure/{flowId}":{"get":{"operationId":"/public/user-self-registration/getOnFailureInfo","responses":{"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"default":{"description":"default response","content":{"application/vnd.api+json":{},"application/json;qs=0.9":{}}}},"x-internal":"true","tags":["/public/user-self-registration_other"]},"options":{"operationId":"/public/user-self-registration/getOnFailureInfoCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/user-self-registration_other"]},"parameters":[{"name":"flowId","in":"path","required":true,"schema":{"maxLength":30,"minLength":1,"type":"string"}}]},"/public/user-self-registration/airlock-2fa/activation/status/poll":{"post":{"tags":["/public/user-self-registration_Airlock 2FA"],"summary":"Poll activation","description":"Polls the Airlock 2FA activation status.\n<div class=\"iam-resource-return\">The status of the Airlock 2FA activation.\n The attribute <tt>nextStep</tt> defines the next flow step (can be the current step, if further polling is required).\n If the attribute is missing, the activation has successfully completed.</div>","operationId":"/public/user-self-registration/pollActivationStatus","responses":{"200":{"description":"Step completed or further steps required, such as further polling.\n<br>Possible next step: <tt><s>AIRLOCK_2FA_DEVICE_ACTIVATION_POLLING_REQUIRED</s></tt> (will be removed with 9.0,\nclients should be prepared to expect <tt>AIRLOCK_2FA_DEVICE_ACTIVATION_REQUIRED</tt> instead,\nas documented <a href=\"#nextSelfRegStepCodes\">here</a>).\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/UserSelfRegFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/UserSelfRegFlowResultDataResourceDocument"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>AIRLOCK_2FA_DEVICE_ACTIVATION_FAILED</td>\n<td>The activation code corresponds to a valid activation of the user but it is expired.</td>\n</tr>\n</table>\n</div>\n<br>The current authentication flow has been aborted.\n<br>Possible next step: none.\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/public/user-self-registration/pollActivationStatusCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/user-self-registration_other"]},"parameters":[{"name":"queryOnly","in":"query","description":"Whether the final result should be returned (optional, default <tt>false</tt>). See <a href=\"#pollingEndpoints\">polling endpoints</a> for details.","schema":{"type":"boolean"}}]},"/public/user-self-registration/verification/email/otp/check":{"post":{"tags":["/public/user-self-registration_Email OTP"],"summary":"Verify OTP","description":"> [!important]\n> <strong>CAPTCHA</strong>: When protection is enabled, a challenge is included in the previous response.\n<p>Checks the OTP for the email channel verification.</p>\n<div class=\"iam-resource-return\">Whether the OTP was accepted.</div>","operationId":"/public/user-self-registration/verifyEmailOtp","requestBody":{"description":"Contains the OTP to be verified.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/GenericOtpCheckRequest"}}},"required":true},"responses":{"200":{"description":"OTP successfully verified and self-registration completed if no further steps required.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/UserSelfRegFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/UserSelfRegFlowResultDataResourceDocument"}}}},"400":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>EMAIL_OTP_WRONG</td>\n<td>OTP could not be validated successfully. Retry with correct OTP.</td>\n</tr>\n<tr>\n<td>CAPTCHA_CHECK_FAILED</td>\n<td>The CAPTCHA could not be validated successfully. Retry with a correctly solved CAPTCHA.</td>\n</tr>\n</table>\n</div>\n<br>Possible next step: <tt>EMAIL_OTP_REQUIRED</tt> (as documented <a href=\"#nextSelfRegStepCodes\">here</a>).\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>EMAIL_OTP_WRONG</td>\n<td>OTP could not be validated successfully and no retries are allowed.</td>\n</tr>\n<tr>\n<td>EMAIL_OTP_EXPIRED</td>\n<td>OTP has expired.</td>\n</tr>\n</table>\n</div>\n<br>The current self-registration flow has been aborted.\n<br>Possible next step: none.\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/public/user-self-registration/verifyEmailOtpCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/user-self-registration_other"]}},"/public/user-self-registration/oath/activation/complete":{"post":{"tags":["/public/user-self-registration_OATH OTP"],"summary":"Verify OTP","description":"Verify submitted OATH OTP.\n<br>\nThe corresponding shared secret has been communicated as an additional attribute after step initialization.\n<div class=\"iam-resource-return\">Whether the check was successful.</div>","operationId":"/public/user-self-registration/checkOathOtp","requestBody":{"description":"Request containing the OATH OTP.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/GenericOtpCheckRequest"}}},"required":true},"responses":{"200":{"description":"OTP successfully verified and self-registration completed if no further steps required.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/UserSelfRegFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/UserSelfRegFlowResultDataResourceDocument"}}}},"400":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>OATH_OTP_WRONG</td>\n<td>The OTP could not be validated successfully. Retry with the correct OTP.</td>\n</tr>\n</table>\n</div>\n<br>Possible next steps: <tt>OATH_OTP_ACTIVATION_REQUIRED</tt> (as documented <a href=\"#nextSelfRegStepCodes\">here</a>).\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>OATH_OTP_ACTIVATION_FAILED</td>\n<td>OATH OTP activation is not possible.</td>\n</tr>\n</table>\n</div>\n<br>The current user self-registration flow has been aborted.\n<br>Possible next step: none.\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/public/user-self-registration/checkOathOtpCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/user-self-registration_other"]}},"/public/user-self-registration/verification/phone-number/otp/resend":{"post":{"tags":["/public/user-self-registration_SMS/mTAN"],"summary":"Resend OTP","description":"Resends the mTAN OTP by SMS.\n<div class=\"iam-resource-return\">Whether the resend was successful and informs about the <tt>nextStep</tt>.\n Additionally, the response includes information about the possibility of an OTP resend.</div>","operationId":"/public/user-self-registration/resendMtanOtp","responses":{"200":{"description":"The OTP has been resent.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/UserSelfRegFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/UserSelfRegFlowResultDataResourceDocument"}}}},"400":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>SMS_OTP_RESEND_REFUSED</td>\n<td>The OTP could not be resent.</td>\n</tr>\n</table>\n</div>\n<br>Possible next step: <tt>SMS_OTP_REQUIRED</tt> (as documented <a href=\"#nextSelfRegStepCodes\">here</a>).\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Resend failed. The current self-service flow has been aborted.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/public/user-self-registration/resendMtanOtpCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/user-self-registration_other"]}},"/public/user-self-registration/verification/phone-number/otp/check":{"post":{"tags":["/public/user-self-registration_SMS/mTAN"],"summary":"Verify OTP","description":"> [!important]\n> <strong>CAPTCHA</strong>: When protection is enabled, a challenge is included in the previous response.\n<p>Checks the OTP for the phone number channel verification.</p>\n<div class=\"iam-resource-return\">Whether the OTP was accepted.</div>","operationId":"/public/user-self-registration/verifySmsOtp","requestBody":{"description":"Contains the OTP to be verified.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/GenericOtpCheckRequest"}}},"required":true},"responses":{"200":{"description":"OTP successfully verified and self-registration completed if no further steps required.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/UserSelfRegFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/UserSelfRegFlowResultDataResourceDocument"}}}},"400":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>SMS_OTP_WRONG</td>\n<td>OTP could not be validated successfully. Retry with correct OTP.</td>\n</tr>\n<tr>\n<td>CAPTCHA_CHECK_FAILED</td>\n<td>The CAPTCHA could not be validated successfully. Retry with a correctly solved CAPTCHA.</td>\n</tr>\n</table>\n</div>\n<br>Possible next step: <tt>SMS_OTP_REQUIRED</tt> (as documented <a href=\"#nextSelfRegStepCodes\">here</a>).\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>SMS_OTP_WRONG</td>\n<td>OTP could not be validated successfully and no retries are allowed.</td>\n</tr>\n<tr>\n<td>SMS_OTP_EXPIRED</td>\n<td>OTP has expired.</td>\n</tr>\n</table>\n</div>\n<br>The current self-registration flow has been aborted.\n<br>Possible next step: none.\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/public/user-self-registration/verifySmsOtpCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/user-self-registration_other"]}},"/public/user-self-registration/ssi/issuance/poll":{"post":{"tags":["/public/user-self-registration_SSI"],"summary":"Poll credential offer","description":"> [!warning]\n> <strong>EXPERIMENTAL</strong>: This endpoint is under active development and subject to change. Avoid using it in production clients.\n<p>Allows polling whether the credential offer has been accepted.</p>\n<div class=\"iam-resource-return\">The status of the issuance.\nThe attribute <tt>nextStep</tt> defines the next flow step (can be the current step, if further polling is required).</div>","operationId":"/public/user-self-registration/pollOfferAcceptance","responses":{"200":{"description":"Issuance not yet completed (retry later), self-registration successful or further steps required.\n<br><tt>SSI_CREDENTIAL_ACCEPTANCE_REQUIRED.</tt>\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/UserSelfRegFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/UserSelfRegFlowResultDataResourceDocument"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>SSI_ISSUANCE_FAILED</td>\n<td>Credential issuance has failed.</td>\n</tr>\n</table>\n</div>\n<br>The current self-registration flow has been aborted.\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-scalar-stability":"experimental"},"options":{"operationId":"/public/user-self-registration/pollOfferAcceptanceCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/user-self-registration_other"]},"parameters":[{"name":"queryOnly","in":"query","description":"Whether the final result should be returned (optional, default <tt>false</tt>). See <a href=\"#pollingEndpoints\">polling endpoints</a> for details.","schema":{"type":"boolean"}}]},"/public/user-self-registration/ssi/verification/poll":{"post":{"tags":["/public/user-self-registration_SSI"],"summary":"Poll presentation","description":"> [!warning]\n> <strong>EXPERIMENTAL</strong>: This endpoint is under active development and subject to change. Avoid using it in production clients.\n<p>Allows polling whether the presentation has been received and verified.</p>\n<div class=\"iam-resource-return\">The proof verification status.\n The attribute <tt>nextStep</tt> defines the next flow step (can be the current step, if further polling is required).</div>","operationId":"/public/user-self-registration/pollProofVerification","responses":{"200":{"description":"Verification not yet completed (retry later), self-registration successful or further steps required.\n<br>Possible next step: <tt>SSI_PROOF_VERIFICATION_REQUIRED</tt> (as documented <a href=\"#nextSelfRegStepCodes\">here</a>).\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/UserSelfRegFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/UserSelfRegFlowResultDataResourceDocument"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>SSI_VERIFICATION_FAILED</td>\n<td>The SSI verification has failed.</td>\n</tr>\n</table>\n</div>\n<br>The current self-registration flow has been aborted.\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-scalar-stability":"experimental"},"options":{"operationId":"/public/user-self-registration/pollProofVerificationCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/user-self-registration_other"]},"parameters":[{"name":"queryOnly","in":"query","description":"Whether the final result should be returned (optional, default <tt>false</tt>). See <a href=\"#pollingEndpoints\">polling endpoints</a> for details.","schema":{"type":"boolean"}}]},"/public/user-self-registration/registration/data":{"post":{"tags":["/public/user-self-registration_Data Registration"],"summary":"Register items","description":"> [!important]\n> <strong>CAPTCHA</strong>: When protection is enabled, a challenge is included in the previous response.\n<p>Register data items for a self-registering user.</p>\n<p>\nData items can be login names or user context data.\nThis endpoint updates only items sent with the request. Omitted items remain unchanged.\nItems with a value of <tt>null</tt> are removed.\n</p>\n<div class=\"iam-resource-return\">Whether the data items were accepted and set. If a request contains both valid and invalid items, the valid items will be processed.\n This endpoint returns a <tt>nextStep</tt> with\n value <tt>USER_DATA_REGISTRATION_REQUIRED</tt> if the step's data is not yet valid. It returns a <tt>nextStep</tt> with\n value <tt>USER_DATA_REGISTRATION_POSSIBLE</tt> if the step's data is valid and a follow-up call to the <tt>continue</tt> endpoint\n will advance the flow.\n <p>\n On error, this endpoint returns a detailed list of validation failures.\n </p></div>","operationId":"/public/user-self-registration/registerData","requestBody":{"description":"<div class=\"iam-docu\">\nContains the data items to be registered/updated. Special keys are:\n<ul>\n<li><tt>username</tt> - is interpreted as the user's username, which is also used as the technical user ID.</li>\n<li><tt>password</tt> - is interpreted as the user's password.</li>\n</ul>\nThe format of an individual data item's value depends on its configured type:\n<table>\n<tr><th>Item Type</th><th>Format</th></tr>\n<tr><td><i>Boolean</i></td><td>One of the literals <tt>true</tt> and <tt>false</tt></td></tr>\n<tr><td><i>String</i></td><td>A double-quoted string</td></tr>\n<tr><td><i>Date</i></td><td>The format <tt>full-date</tt> as defined in <a href=\"#dateAndTimeFormat\">Date and time format</a> (e.g. <tt>2018-02-06</tt>).</td></tr>\n<tr><td><i>Date And Time</i></td><td>The format <tt>date-time</tt> as defined in <a href=\"#dateAndTimeFormat\">Date and time format</a> (e.g. <tt>2018-02-06T15:58:53.661Z</tt>)</td></tr>\n</table>\n</div>","content":{"application/json":{"schema":{"$ref":"#/components/schemas/UserDataRegistrationRequestOverride"}}}},"responses":{"200":{"description":"Data items successfully set. The <tt>nextStep</tt> informs about the step's data validity.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/UserSelfRegFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/UserSelfRegFlowResultDataResourceDocument"}}}},"400":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>VALIDATION_FAILED</td>\n<td>The supplied attributes could not be validated successfully. See <a href=\"#validationFailures\">validation failures</a> for detail codes.</td>\n</tr>\n<tr>\n<td>CAPTCHA_CHECK_FAILED</td>\n<td>The CAPTCHA could not be validated successfully. Retry with a correctly solved CAPTCHA.</td>\n</tr>\n</table>\n</div>\n<br>Possible next steps: <tt>USER_DATA_REGISTRATION_REQUIRED</tt> or <tt>USER_DATA_REGISTRATION_POSSIBLE</tt> (as documented\n<a href=\"#nextSelfRegStepCodes\">here</a>).\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"The current self-registration flow has been aborted.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/public/user-self-registration/registerDataCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/user-self-registration_other"]}},"/public/user-self-registration/registration/info/retrieve":{"post":{"tags":["/public/user-self-registration_Data Registration"],"summary":"Get info","description":"Retrieves information about registrable data items.\n<div class=\"iam-resource-return\"><div class=\"iam-docu\">\n A list containing information for each user data item that can be registered in the current step.\n This endpoint is still accessible when a CAPTCHA solution is required but not provided.\n <p>\n The type of each item is defined by the attribute <tt>itemType</tt>, which may be one from the following\n non-exhaustive list:\n <table class=\"iam-item-types\">\n <tr><th>Item Type</th><th>Description</th><th>Registration Endpoint</th></tr>\n <tr>\n <td><tt>string</tt></td>\n <td>A context data item with data type <i>String</i></td>\n <td><a href=\"#tag/publicuser-self-registration_data-registration/POST/public/user-self-registration/registration/data\"><tt>.../registration/data</tt></a></td>\n </tr>\n <tr>\n <td><tt>boolean</tt></td>\n <td>A context data item with data type <i>Boolean</i></td>\n <td><a href=\"#tag/publicuser-self-registration_data-registration/POST/public/user-self-registration/registration/data\"><tt>.../registration/data</tt></a></td>\n </tr>\n <tr>\n <td><tt>date</tt></td>\n <td>A context data item with data type <i>Date</i></td>\n <td><a href=\"#tag/publicuser-self-registration_data-registration/POST/public/user-self-registration/registration/data\"><tt>.../registration/data</tt></a></td>\n </tr>\n <tr>\n <td><tt>date-and-time</tt></td>\n <td>A context data item with data type <i>Date And Time</i></td>\n <td><a href=\"#tag/publicuser-self-registration_data-registration/POST/public/user-self-registration/registration/data\"><tt>.../registration/data</tt></a></td>\n </tr>\n <tr>\n <td><tt>enum</tt></td>\n <td>A context data item with data type <i>Enumeration of Strings</i></td>\n <td><a href=\"#tag/publicuser-self-registration_data-registration/POST/public/user-self-registration/registration/data\"><tt>.../registration/data</tt></a></td>\n </tr>\n <tr>\n <td><tt>login-name</tt></td>\n <td>The username or one of the aliases</td>\n <td><a href=\"#tag/publicuser-self-registration_data-registration/POST/public/user-self-registration/registration/data\"><tt>.../registration/data</tt></a></td>\n </tr>\n <tr>\n <td><tt>password</tt></td>\n <td>The password</td>\n <td><a href=\"#tag/publicuser-self-registration_data-registration/POST/public/user-self-registration/registration/data\"><tt>.../registration/data</tt></a></td>\n </tr>\n </table>\n </p>\n <p>\n If present, the attribute <tt>additionalValidations</tt> lists additional validations known to be performed on\n the item, e.g. due to configured validators. Note that further validations may be in effect. The information may\n be used for client-side validations. The type of the validation is determined by its attribute <tt>type</tt>.\n Depending on the type, different parameters are returned, which describe the validation in more detail.\n Validations may be from the following non-exhaustive list:\n <table class=\"iam-validation-types\">\n <tr><th>Validation Type</th><th>Applicable Item Types</th><th>Description</th></tr>\n <tr>\n <td><tt>constant</tt></td>\n <td>(any)</td>\n <td>The value must be exactly equal to what is specified in the parameter <tt>value</tt>.</td>\n </tr>\n <tr>\n <td><tt>regex</tt></td>\n <td><tt>string</tt>,<br/><tt>login-name</tt></td>\n <td>The string has to match the regex pattern specified in the parameter <tt>pattern</tt>. The attribute\n <tt>caseSensitive</tt> defines whether the pattern should be interpreted in a case-sensitive manner.</td>\n </tr>\n <tr>\n <td><tt>range</tt></td>\n <td><tt>date</tt>,<br/><tt>date-and-time</tt></td>\n <td>The date/time value has to fall within the inclusive range specified by the boundary parameters\n <tt>min</tt> and <tt>max</tt>. Either of the boundaries may be absent in case of open ranges. Depending on\n the item type the boundaries are returned in the format <tt>full-date</tt> or <tt>date-time</tt>,\n respectively, as defined in <a href=\"#dateAndTimeFormat\">Date and time format</a>.<br/>\n Note that if one of the configured validations relies on relative time ranges, the boundaries returned by\n this endpoint are calculated with respect to the time of the call. REST clients are advised to fetch updated\n boundary values at regular intervals.\n </td>\n </tr>\n <tr>\n <td><tt>length</tt></td>\n <td><tt>string</tt>,<br/><tt>login-name</tt></td>\n <td>The number of characters of the string has to fall within the inclusive range specified by <tt>min</tt>\n and <tt>max</tt>.</td>\n </tr>\n <tr>\n <td><tt>enum</tt></td>\n <td><tt>enum</tt></td>\n <td>The value must be equal to one of the strings in parameter <tt>values</tt></td>\n </tr>\n </table>\n </p>\n </div></div>","operationId":"/public/user-self-registration/retrieveInfo","responses":{"200":{"description":"The information has been successfully returned.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/UserSelfRegRegistrableItemInfoResponseAttributesDataCollectionDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/UserSelfRegRegistrableItemInfoResponseAttributesDataCollectionDocument"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/public/user-self-registration/retrieveInfoCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/user-self-registration_other"]}},"/public/user-self-registration/registration/validate":{"post":{"tags":["/public/user-self-registration_Data Registration"],"summary":"Validate data","description":"> [!important]\n> <strong>CAPTCHA</strong>: When protection is enabled, a challenge is included in the previous response.\n<p>Validate all data on the current user data registration step.</p>\n<div class=\"iam-resource-return\">Whether the data validated successfully. On success, this endpoint returns a <tt>nextStep</tt> with\n value <tt>USER_DATA_REGISTRATION_POSSIBLE</tt>.\n <p>\n On error, this endpoint returns a detailed list of validation failures.\n </p></div>","operationId":"/public/user-self-registration/validate","responses":{"200":{"description":"All data successfully set. A call to the <tt>continue</tt> endpoint will advance the flow.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/UserSelfRegFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/UserSelfRegFlowResultDataResourceDocument"}}}},"400":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>VALIDATION_FAILED</td>\n<td>The supplied attributes could not be validated successfully. See <a href=\"#validationFailures\">validation failures</a> for detail codes.</td>\n</tr>\n<tr>\n<td>PASSWORD_POLICY_VIOLATED</td>\n<td>The password violates the password policy. See <a href=\"#passwordPolicyDetailCodes\">password policy violation detail codes</a>.</td>\n</tr>\n</table>\n</div>\n<br>Possible next steps: <tt>USER_DATA_REGISTRATION_REQUIRED</tt> or <tt>USER_DATA_REGISTRATION_POSSIBLE</tt> (as documented <a href=\"#nextSelfRegStepCodes\">here</a>).\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"The current self-registration flow has been aborted.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/public/user-self-registration/validateCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/user-self-registration_other"]}},"/public/user-self-registration/registration/continue":{"post":{"tags":["/public/user-self-registration_Data Registration"],"summary":"Validate and continue","description":"> [!important]\n> <strong>CAPTCHA</strong>: When protection is enabled, a challenge is included in the previous response.\n<p>Validate all data on the current user data registration step and continue to the next step if possible.</p>\n<div class=\"iam-resource-return\">If the attribute <tt>nextStep</tt> is\n present in the response, further steps are required to successfully register. If the attribute is missing, the\n user has successfully completed the self-registration process.\n <p>\n On error, this endpoint returns a detailed list of validation failures.\n </p></div>","operationId":"/public/user-self-registration/validateAndContinue","responses":{"200":{"description":"All data successfully set and self-registration completed if no further steps required.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/UserSelfRegFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/UserSelfRegFlowResultDataResourceDocument"}}}},"400":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>VALIDATION_FAILED</td>\n<td>The supplied attributes could not be validated successfully. See <a href=\"#validationFailures\">validation failures</a> for detail codes.</td>\n</tr>\n<tr>\n<td>PASSWORD_POLICY_VIOLATED</td>\n<td>The password violates the password policy. See <a href=\"#passwordPolicyDetailCodes\">password policy violation detail codes</a>.</td>\n</tr>\n</table>\n</div>\n<br>Possible next steps: <tt>USER_DATA_REGISTRATION_REQUIRED</tt> or <tt>USER_DATA_REGISTRATION_POSSIBLE</tt> (as documented <a href=\"#nextSelfRegStepCodes\">here</a>).\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"The current self-registration flow has been aborted.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/public/user-self-registration/validateAndContinueCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/user-self-registration_other"]}},"/public/user-self-registration/message/acknowledge":{"post":{"tags":["/public/user-self-registration_Message Acknowledgement"],"summary":"Acknowledge message","description":"Acknowledges a previously received message.\nThe message can be a pre-configured message ID or server-generated message, depending on the step configuration.\nIt has been received as an additional in a previous step response (as documented <a href=\"#additionalSelfRegAttributes\">here</a>).\n<div class=\"iam-resource-return\">If the attribute <tt>nextStep</tt> is present in the response,\n further steps are required to successfully continue with the flow. If the attribute is missing, the user self-registration flow\n is successfully terminated.</div>","operationId":"/public/user-self-registration/acknowledgeMessageId","responses":{"200":{"description":"Message successfully acknowledged or further steps required (as documented <a href=\"#nextSelfRegStepCodes\">here</a>).","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/UserSelfRegFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/UserSelfRegFlowResultDataResourceDocument"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/public/user-self-registration/acknowledgeMessageIdCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/user-self-registration_other"]}},"/public/user-self-registration/dynamic-steps/{stepId}/activate":{"post":{"tags":["/public/user-self-registration_Flow Control"],"summary":"Activate step","description":"Activates a flow step.\n<div class=\"iam-resource-return\">The required next step action or an error if the step ID is invalid or the step could not be activated.</div>","operationId":"/public/user-self-registration/activate","responses":{"200":{"description":"Self-registration successful or further steps required.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/UserSelfRegFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/UserSelfRegFlowResultDataResourceDocument"}}}},"400":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>INVALID_STEP_ID</td>\n<td>The selected step ID is not available.</td>\n</tr>\n<tr>\n<td>STEP_ACTIVATION_NOT_ALLOWED</td>\n<td>The selected step cannot be activated.</td>\n</tr>\n</table>\n</div>\n<br>Possible next step: always the same as before the activate call.\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/public/user-self-registration/activateCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/user-self-registration_other"]},"parameters":[{"name":"stepId","in":"path","description":"The ID of the step to be activated.","required":true,"schema":{"maxLength":30,"minLength":1,"type":"string"}}]},"/public/user-self-registration/dynamic-steps/{stepId}/deactivate":{"post":{"tags":["/public/user-self-registration_Flow Control"],"summary":"Deactivate step","description":"Deactivates a flow step.\n<div class=\"iam-resource-return\">The required next step action or an error if the step ID is invalid or the step could not be deactivated.</div>","operationId":"/public/user-self-registration/deactivate","responses":{"200":{"description":"Self-registration successful or further steps required.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/UserSelfRegFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/UserSelfRegFlowResultDataResourceDocument"}}}},"400":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>INVALID_STEP_ID</td>\n<td>The selected step ID is not available.</td>\n</tr>\n<tr>\n<td>STEP_DEACTIVATION_NOT_ALLOWED</td>\n<td>The selected step cannot be deactivated.</td>\n</tr>\n</table>\n</div>\n<br>Possible next step: always the same as before the deactivate call.\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/public/user-self-registration/deactivateCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/user-self-registration_other"]},"parameters":[{"name":"stepId","in":"path","description":"The ID of the step to be deactivated","required":true,"schema":{"maxLength":30,"minLength":1,"type":"string"}}]},"/public/user-self-registration/dynamic-steps/retrieve":{"post":{"tags":["/public/user-self-registration_Flow Control"],"summary":"List dynamic steps","description":"Retrieves list of all steps that can be dynamically activated or deactivated on the current step.\n<div class=\"iam-resource-return\">A list of dynamic steps with their activation information.</div>","operationId":"/public/user-self-registration/retrieve","responses":{"200":{"description":"The information has been successfully returned.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/UserSelfRegDynamicStepActivationDataCollectionDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/UserSelfRegDynamicStepActivationDataCollectionDocument"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/public/user-self-registration/retrieveCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/user-self-registration_other"]}},"/public/user-self-registration/default-flow/select":{"post":{"tags":["/public/user-self-registration_Flow Control"],"summary":"Select default flow","description":"Selects the default user self-registration flow.\n<div class=\"iam-resource-return\">A success response with a next step indicating the required next action.</div>","operationId":"/public/user-self-registration/selectDefaultFlow","responses":{"200":{"description":"Default self-registration successfully selected.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/UserSelfRegFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/UserSelfRegFlowResultDataResourceDocument"}}}},"400":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>UNEXPECTED_CALL</td>\n<td>A flow for another self-registration is already in progress.</td>\n</tr>\n</table>\n</div>\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/public/user-self-registration/selectDefaultFlowCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/user-self-registration_other"]}},"/public/user-self-registration/flows/{flowId}/select":{"post":{"tags":["/public/user-self-registration_Flow Control"],"summary":"Select flow","description":"Selects a user self-registration flow.\n<div class=\"iam-resource-return\">A success response with a next step indicating the required next action.</div>","operationId":"/public/user-self-registration/selectFlow","responses":{"200":{"description":"Self-registration flow selection successful.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/UserSelfRegFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/UserSelfRegFlowResultDataResourceDocument"}}}},"400":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>UNEXPECTED_CALL</td>\n<td>A flow for another self-registration is already in progress.</td>\n</tr>\n</table>\n</div>\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"404":{"description":"No flow with the requested ID exists.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/public/user-self-registration/selectFlowCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/user-self-registration_other"]},"parameters":[{"name":"flowId","in":"path","description":"the ID of the selected flow as configured.","required":true,"schema":{"maxLength":30,"minLength":1,"type":"string"}}]},"/public/user-self-registration/goto-targets/{stepId}/goto":{"post":{"tags":["/public/user-self-registration_Flow Control"],"summary":"Go to step","description":"Go to the selected flow step.\n<div class=\"iam-resource-return\">The required next step action or an error if the step ID is invalid.</div>","operationId":"/public/user-self-registration/doGoto","responses":{"200":{"description":"Self-registration successful or further steps required.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/UserSelfRegFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/UserSelfRegFlowResultDataResourceDocument"}}}},"400":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>GOTO_FAILED</td>\n<td>The selected step ID is not available.</td>\n</tr>\n</table>\n</div>\n<br>Possible next step: always the same as before the goto call.\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/public/user-self-registration/doGotoCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/user-self-registration_other"]},"parameters":[{"name":"stepId","in":"path","description":"The goto target's step ID.","required":true,"schema":{"maxLength":30,"minLength":1,"type":"string"}}]},"/public/user-self-registration/goto-targets/retrieve":{"post":{"tags":["/public/user-self-registration_Flow Control"],"summary":"List goto steps","description":"Retrieves possible target steps of an interactive goto.\n<div class=\"iam-resource-return\">A list of target steps.</div>","operationId":"/public/user-self-registration/retrieve_1","responses":{"200":{"description":"The information has been successfully returned.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/UserSelfRegGotoTargetAttributesDataCollectionDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/UserSelfRegGotoTargetAttributesDataCollectionDocument"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/public/user-self-registration/retrieve_1CorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/user-self-registration_other"]}},"/public/user-self-registration/selection/options/{id}/select":{"post":{"tags":["/public/user-self-registration_Flow Control"],"summary":"Select option","description":"Selects the given option if available.\n<div class=\"iam-resource-return\">The selected next step or an error if the option is invalid.</div>","operationId":"/public/user-self-registration/selectOption","responses":{"200":{"description":"Selected the chosen step and requires next step actions.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/UserSelfRegFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/UserSelfRegFlowResultDataResourceDocument"}}}},"400":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>SELECTION_FAILED</td>\n<td>The selected option is not available.</td>\n</tr>\n</table>\n</div>\n<br>Possible next step: <tt>SELECTION_REQUIRED</tt> (as documented <a href=\"#nextSelfRegStepCodes\">here</a>).\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/public/user-self-registration/selectOptionCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/user-self-registration_other"]},"parameters":[{"name":"id","in":"path","description":"option to select.","required":true,"schema":{"maxLength":1000,"minLength":1,"type":"string"}}]},"/public/user-self-registration/terms-of-services/accept-retrieved":{"post":{"tags":["/public/user-self-registration_Terms of Services"],"summary":"Accept terms","description":"Accepts all previously retrieved terms of services.\n<div class=\"iam-resource-return\">Whether the terms of services have been successfully marked as accepted. If the attribute <tt>nextStep</tt>\n is present in the response, further steps are required to successfully complete self-registration. If the attribute is missing,\n the user has successfully completed self-registration.</div>","operationId":"/public/user-self-registration/acceptRetrieved","responses":{"200":{"description":"All open terms of services that were previously retrieved have been successfully marked as accepted.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/UserSelfRegFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/UserSelfRegFlowResultDataResourceDocument"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Called accept-retrieved before retrieve. The current user self-registration flow has been aborted.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/public/user-self-registration/acceptRetrievedCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/user-self-registration_other"]}},"/public/user-self-registration/terms-of-services/deny-retrieved":{"post":{"tags":["/public/user-self-registration_Terms of Services"],"summary":"Deny terms","description":"Denies any of the previously retrieved terms of service.\nThis operation aborts the current flow.","operationId":"/public/user-self-registration/deny","responses":{"204":{"description":"Denial of the terms of services has been registered and the current user self-registration flow has been successfully aborted."},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/public/user-self-registration/denyCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/user-self-registration_other"]}},"/public/user-self-registration/terms-of-services/retrieve":{"post":{"tags":["/public/user-self-registration_Terms of Services"],"summary":"Get terms","description":"Returns a list of terms of services that need to be accepted.\nThe language of the text is chosen by the specified Accept-Language request header. If a text is configured for the given language,\nthe text will contain the message in the desired language. Otherwise, the text will contain the message in the\nconfigured default language.\n<div class=\"iam-resource-return\">A list of terms of services</div>","operationId":"/public/user-self-registration/retrieveOpenTermsOfService","responses":{"200":{"description":"A list of terms of services has been returned.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/UserSelfRegTermsOfServiceResultDataCollectionDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/UserSelfRegTermsOfServiceResultDataCollectionDocument"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/public/user-self-registration/retrieveOpenTermsOfServiceCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/user-self-registration_other"]}},"/public/user-self-registration/airlock-2fa/activation/challenge/retrieve":{"post":{"tags":["/public/user-self-registration_Airlock 2FA"],"summary":"Get activation challenge","description":"> [!caution]\n> This endpoint is deprecated. The activation challenge is returned as <a href=\"#additionalSelfRegAttributes\">additional attribute</a>\nwith the <tt>AIRLOCK_2FA_DEVICE_ACTIVATION_REQUIRED</tt> and <tt><s>AIRLOCK_2FA_DEVICE_ACTIVATION_POLLING_REQUIRED</s></tt> next step codes.\n<p>Retrieves the Airlock 2FA activation challenge.</p>\n<div class=\"iam-resource-return\">The activation challenge.</div>","operationId":"/public/user-self-registration/retrieveActivationChallenge","responses":{"200":{"description":"Further steps required.\n<br>Next step: <tt>AIRLOCK_2FA_DEVICE_ACTIVATION_POLLING_REQUIRED</tt> (as documented <a href=\"#nextSelfRegStepCodes\">here</a>).\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/Airlock2FAActivationChallengeDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/Airlock2FAActivationChallengeDataResourceDocument"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"deprecated":true},"options":{"operationId":"/public/user-self-registration/retrieveActivationChallengeCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/user-self-registration_other"]}},"/public/user-self-registration/selection/options/retrieve":{"post":{"tags":["/public/user-self-registration_Flow Control"],"summary":"List options","description":"> [!caution]\n> This endpoint is deprecated. The selection options are returned as\n<a href=\"#additionalSelfRegAttributes\">additional attribute</a> with the <tt>SELECTION_REQUIRED</tt> next step code.\n<p>Retrieves the available options the user can choose from to proceed in the self-registration process.</p>\n<div class=\"iam-resource-return\">The available options.</div>","operationId":"/public/user-self-registration/retrieveOptions","responses":{"200":{"description":"Available selection options retrieved.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/SelfRegSelectionOptionDataCollectionDocument"}},"application/json;qs=0.9":{"schema":{"$ref":"#/components/schemas/SelfRegSelectionOptionDataCollectionDocument"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"deprecated":true},"options":{"operationId":"/public/user-self-registration/retrieveOptionsCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/public/user-self-registration_other"]}},"/oauth2/authorization-servers/{authorizationServerId}/sessions/{sessionId}":{"delete":{"tags":["/oauth2_OAuth 2.0/OIDC"],"summary":"Delete session","description":"Deletes the specified OAuth 2.0 session of a user for a given access token. An access token in the bearer token\nformat must be provided as authorization.","operationId":"/oauth2/deleteSession","responses":{"204":{"description":"The session has been deleted."},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"The access token is missing or invalid.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/OAuth2ErrorResponse"}}}},"404":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>AUTHORIZATION_SERVER_NOT_FOUND</td>\n<td>The authorization server ID does not exist.</td>\n</tr>\n<tr>\n<td>SESSION_NOT_FOUND</td>\n<td>The user of the given access token does not have a session with the specified ID.</td>\n</tr>\n</table>\n</div>\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/OAuth2ErrorResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The session management endpoint is not configured."}}},"options":{"operationId":"/oauth2/deleteSessionCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/oauth2_other"]},"parameters":[{"name":"sessionId","in":"path","description":"The session ID.","required":true,"schema":{"maxLength":1000,"minLength":1,"type":"string"}},{"name":"authorizationServerId","in":"path","description":"The authorization server ID.","required":true,"schema":{"type":"string"}}]},"/oauth2/authorization-servers/{authorizationServerId}/session":{"get":{"tags":["/oauth2_OAuth 2.0/OIDC"],"summary":"Get session","description":"Retrieves the current OAuth 2.0 session. An access token in the bearer token format\nmust be provided as authorization.\n<div class=\"iam-resource-return\">A document containing the OAuth 2.0 session.</div>","operationId":"/oauth2/retrieveSession","responses":{"200":{"description":"The retrieved OAuth 2.0 session.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/OAuth2SessionDataResourceDocument"},"examples":{"Get session":{"description":"Get session","value":{"meta":{"type":"jsonapi.metadata.document","timestamp":"2025-10-23T13:48:13.428+02:00"},"data":{"type":"oauth2-session","id":"ii0t9QfQDZ50u7tx1yvGGViG5WZ1dBqpFHSwt7vo","attributes":{"customAttributes":{"someAttribute":"someValue"},"clientId":"oauth2-client","consentTimestamp":"2025-10-23T13:38:09.213+02:00","authenticationTimestamp":"2025-10-23T13:38:09.213+02:00"}}}}}},"application/json":{"schema":{"$ref":"#/components/schemas/OAuth2SessionDataResourceDocument"},"examples":{"Get session":{"description":"Get session","value":{"meta":{"type":"jsonapi.metadata.document","timestamp":"2025-10-23T13:48:13.428+02:00"},"data":{"type":"oauth2-session","id":"ii0t9QfQDZ50u7tx1yvGGViG5WZ1dBqpFHSwt7vo","attributes":{"customAttributes":{"someAttribute":"someValue"},"clientId":"oauth2-client","consentTimestamp":"2025-10-23T13:38:09.213+02:00","authenticationTimestamp":"2025-10-23T13:38:09.213+02:00"}}}}}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"The access token is missing or invalid.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"404":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>AUTHORIZATION_SERVER_NOT_FOUND</td>\n<td>The authorization server ID does not exist.</td>\n</tr>\n</table>\n</div>\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The session management endpoint is required."}}},"options":{"operationId":"/oauth2/retrieveSessionCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/oauth2_other"]},"parameters":[{"name":"authorizationServerId","in":"path","description":"The authorization server ID.","required":true,"schema":{"type":"string"}}]},"/oauth2/authorization-servers/{authorizationServerId}/.well-known/openid-configuration":{"get":{"tags":["/oauth2_OAuth 2.0/OIDC"],"summary":"Get discovery info","description":"Returns the OpenID Connect Discovery information about this authorization server.\nRefer to the <a href=\"https://openid.net/specs/openid-connect-discovery-1_0.html\" target=\"_blank\">OpenID Connect Discovery</a> specification\nfor a more detailed description of the endpoint.\n<div class=\"iam-resource-return\">The set of claims about the OpenID Provider's configuration.\n Depending on the supported specifications, other claims may also be returned.</div>","operationId":"/oauth2/discoveryEndpoint","responses":{"200":{"description":"Retrieved the discovery information.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/OAuth2DiscoveryAndMetadataResponseOverride"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"404":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>-</td>\n<td>No discovery endpoint available.</td>\n</tr>\n<tr>\n<td>AUTHORIZATION_SERVER_NOT_FOUND</td>\n<td>The authorization server ID does not exist.</td>\n</tr>\n</table>\n</div>\n"},"500":{"description":"The discovery endpoint is not configured correctly."},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/oauth2/discoveryEndpointCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/oauth2_other"]},"parameters":[{"name":"authorizationServerId","in":"path","description":"The authorization server ID.","required":true,"schema":{"type":"string"}}]},"/oauth2/authorization-servers/{authorizationServerId}/jwks":{"get":{"tags":["/oauth2_Signing Keys"],"summary":"Get JWK Set","description":"Returns the JSON Web Key (JWK) Set document of the authorization server.\n<div class=\"iam-resource-return\">A JWK Set document containing the signing key(s) the RP can use to validate signatures (e.g. ID Token or\n JWT Access Token signatures) from the OP.</div>","operationId":"/oauth2/jwks","responses":{"200":{"description":"Retrieved the JWK Set document.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/OAuth2JwksResponseData"},"examples":{"A JWK Set":{"description":"A JWK Set","value":{"keys":[{"kty":"EC","use":"sig","crv":"P-521","kid":"489600a1536e946749ed99e59105018d84713a90","x":"AQvgoB_NfBuBOWZE_3ONQUxLRiE02uekRxLgQTfTXZuEvYAOGUWZX2OHAyR-n9jM0gKEyQjArl7OhZEB8aNMmpqo","y":"Aftx9XvorV7I7tvfP1doqjzJLnFacSPGYDwNXA1icvGhtObjA1zsUHOQfzP5zeIzC9hSKgqcpdjmrEWipFiN9JTA","alg":"ES512"},{"kty":"RSA","e":"AQAB","use":"sig","kid":"729649aacb86a3af49f7bcfeeb2b018d83c410e4","alg":"RS256","n":"6NWRqi5AuwbjN8-PdkXHmH9Irtr8xlYZmAQtvXVPOX4Q6I_wQA05v2Zwpu8glm_cqHMRPUDywjDMFxCszoeFf9kViQ-bXt-xi-pZyfAo5Nu0KPtu1zaz1vF4aSqXybUV-6xq2L5P2uL_RSScUaJ-cqj09wHya6SXHEtl9WUqqYqcoP2as351PeguktunXxmqjVxfYuXzk6w5KuKunNfT1pgk9Z8hCgmaArHVc9Ane6xlMr4Nkz7hrJoBaoxi7MXBdGitpeBzNQhx5JR1ISN9CIbcsNaY5mJS4j7T6QbUXkNDKQz7cfKQQ5JHYl0gHTxDNvBVXNAXokCZlz_wutHdXw"}]}}}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"404":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>AUTHORIZATION_SERVER_NOT_FOUND</td>\n<td>The authorization server ID does not exist.</td>\n</tr>\n</table>\n</div>\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/OAuth2ErrorResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/oauth2/jwksCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/oauth2_other"]},"parameters":[{"name":"authorizationServerId","in":"path","description":"The authorization server ID.","required":true,"schema":{"type":"string"}}]},"/oauth2/authorization-servers/{authorizationServerId}/.well-known/oauth-authorization-server":{"get":{"tags":["/oauth2_OAuth 2.0/OIDC"],"summary":"Get metadata","description":"Returns the metadata that an OAuth 2.0 or OpenID Connect client can use to obtain the information needed\nto interact with an authorization server, including its endpoint locations and authorization server capabilities.\nRefer to the <a href=\"https://tools.ietf.org/html/rfc8414\" target=\"_blank\">RFC 8414</a> specification\nfor a more detailed description of the endpoint.\n<div class=\"iam-resource-return\">The set of claims about the OAuth 2.0 or OpenID Provider's configuration.\n Depending on the supported specifications, other claims may also be returned.</div>","operationId":"/oauth2/metadataEndpoint","responses":{"200":{"description":"The metadata information have been returned.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/OAuth2DiscoveryAndMetadataResponseOverride"}}}},"400":{"description":"The request was invalid.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/OAuth2ErrorResponse"}}}},"404":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>-</td>\n<td>No metadata endpoint available.</td>\n</tr>\n<tr>\n<td>AUTHORIZATION_SERVER_NOT_FOUND</td>\n<td>The authorization server ID does not exist.</td>\n</tr>\n</table>\n</div>\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/OAuth2ErrorResponse"}}}},"500":{"description":"The metadata endpoint is not configured correctly."},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/oauth2/metadataEndpointCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/oauth2_other"]},"parameters":[{"name":"authorizationServerId","in":"path","description":"The authorization server ID.","required":true,"schema":{"type":"string"}}]},"/oauth2/authorization-servers/{authorizationServerId}/resources/{resourceName}":{"get":{"tags":["/oauth2_OAuth 2.0/OIDC"],"summary":"Get resource","description":"Retrieves the specified OAuth 2.0 resource. An access token in the bearer token format must be provided as authorization.\n<div class=\"iam-resource-return\">The resource.</div>","operationId":"/oauth2/retrieveResourceUsingGet","responses":{"200":{"description":"Retrieved the OAuth 2.0 resource.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/OAuth2ResourceEndpointResponseDataOverride"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"The access token is missing or invalid.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/OAuth2ErrorResponse"}}}},"404":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>-</td>\n<td>No resource endpoint with the specified name available.</td>\n</tr>\n<tr>\n<td>AUTHORIZATION_SERVER_NOT_FOUND</td>\n<td>The authorization server ID does not exist.</td>\n</tr>\n</table>\n</div>\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/OAuth2ErrorResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"post":{"tags":["/oauth2_OAuth 2.0/OIDC"],"summary":"Get resource","description":"Retrieves the specified OAuth 2.0 resource. An access token in the bearer token format must be provided as authorization.\n<div class=\"iam-resource-return\">The resource.</div>","operationId":"/oauth2/retrieveResourceUsingPost","responses":{"200":{"description":"Retrieved the OAuth 2.0 resource.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/OAuth2ResourceEndpointResponseDataOverride"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"The access token is missing or invalid.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"404":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>-</td>\n<td>No resource endpoint with the specified name available.</td>\n</tr>\n<tr>\n<td>AUTHORIZATION_SERVER_NOT_FOUND</td>\n<td>The authorization server ID does not exist.</td>\n</tr>\n</table>\n</div>\n","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/oauth2/retrieveResourceUsingGetCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/oauth2_other"]},"parameters":[{"name":"resourceName","in":"path","description":"The name to the resource.","required":true,"schema":{"type":"string"}},{"name":"authorizationServerId","in":"path","description":"The authorization server ID.","required":true,"schema":{"type":"string"}}]},"/oauth2/authorization-servers/{authorizationServerId}/sessions":{"get":{"tags":["/oauth2_OAuth 2.0/OIDC"],"summary":"List sessions","description":"Retrieves all valid OAuth 2.0 sessions of a user for a given access token. An access token in the bearer token format\nmust be provided as authorization.\n<p>\n<ul>\n<li><b>filter</b>: Restricts the sessions to be deleted. See <a href=\"#filtering\">Filtering</a>.\nThe following filters are available:\n<ul>\n<li><tt>clientId==client1</tt>: Get all sessions of a particular client.</li>\n</ul>\n</li>\n</ul>\n</p>\n<div class=\"iam-resource-return\">A collection document with all OAuth 2.0 sessions.</div>","operationId":"/oauth2/retrieveSessions","responses":{"200":{"description":"The retrieved OAuth 2.0 sessions.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/OAuth2SessionDataCollectionDocument"},"examples":{"List Sessions":{"description":"List Sessions","value":{"meta":{"type":"jsonapi.metadata.document","timestamp":"2025-10-23T13:59:43.075+02:00"},"data":[{"type":"oauth2-session","id":"rB8WpbiaX0lYwFJpirHkZjSJoklNp5EJ3Skt85aq","attributes":{"customAttributes":{"someAttribute":"someValue"},"clientId":"oauth2-client","consentTimestamp":"2025-10-23T13:55:42.974+02:00","authenticationTimestamp":"2025-10-23T13:55:42.974+02:00"}},{"type":"oauth2-session","id":"l8JfiS03azNxLiADlt5guwzPk0N0PEYOk9yS0wmA","attributes":{"customAttributes":{},"clientId":"openid-client","consentTimestamp":"2025-10-23T12:15:44.826+02:00","authenticationTimestamp":"2025-10-23T12:15:44.826+02:00"}}]}}}},"application/json":{"schema":{"$ref":"#/components/schemas/OAuth2SessionDataCollectionDocument"},"examples":{"List Sessions":{"description":"List Sessions","value":{"meta":{"type":"jsonapi.metadata.document","timestamp":"2025-10-23T13:59:43.075+02:00"},"data":[{"type":"oauth2-session","id":"rB8WpbiaX0lYwFJpirHkZjSJoklNp5EJ3Skt85aq","attributes":{"customAttributes":{"someAttribute":"someValue"},"clientId":"oauth2-client","consentTimestamp":"2025-10-23T13:55:42.974+02:00","authenticationTimestamp":"2025-10-23T13:55:42.974+02:00"}},{"type":"oauth2-session","id":"l8JfiS03azNxLiADlt5guwzPk0N0PEYOk9yS0wmA","attributes":{"customAttributes":{},"clientId":"openid-client","consentTimestamp":"2025-10-23T12:15:44.826+02:00","authenticationTimestamp":"2025-10-23T12:15:44.826+02:00"}}]}}}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"The access token is missing or invalid.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/OAuth2ErrorResponse"}}}},"404":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>AUTHORIZATION_SERVER_NOT_FOUND</td>\n<td>The authorization server ID does not exist.</td>\n</tr>\n</table>\n</div>\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/OAuth2ErrorResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The session management endpoint is not configured."}}},"delete":{"tags":["/oauth2_OAuth 2.0/OIDC"],"summary":"Delete sessions","description":"Deletes all sessions of a user for a given access token. An access token in the bearer token format\nmust be provided as authorization.\n<p>\n<ul>\n<li><b>filter</b>: Restricts the sessions to be deleted. See <a href=\"#filtering\">Filtering</a>.\nThe following filters are available:\n<ul>\n<li><tt>excludeCurrent==true</tt>: Delete all sessions except the one of the given access token.</li>\n</ul>\n</li>\n</ul>\n</p>\n<div class=\"iam-resource-return\">A response indicating whether the sessions were successfully deleted or not.</div>","operationId":"/oauth2/deleteAllSessions","responses":{"204":{"description":"All sessions successfully deleted."},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"The access token is missing or invalid.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"404":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>AUTHORIZATION_SERVER_NOT_FOUND</td>\n<td>The authorization server ID does not exist.</td>\n</tr>\n</table>\n</div>\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The session management endpoint is not configured."}}},"options":{"operationId":"/oauth2/retrieveSessionsCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/oauth2_other"]},"parameters":[{"name":"filter","in":"query","schema":{"type":"array","description":"Applies filtering operations on the resource data set.","items":{"type":"string","description":"Applies filtering operations on the resource data set."}}},{"name":"authorizationServerId","in":"path","description":"The authorization server ID.","required":true,"schema":{"type":"string"}}]},"/oauth2/authorization-servers/{authorizationServerId}/userinfo":{"get":{"tags":["/oauth2_OAuth 2.0/OIDC"],"summary":"Get UserInfo","description":"Retrieves the OpenID Connect UserInfo Endpoint resource with claims about the End-User. An access token in the\nbearer token format must be provided as authorization.\nRefer to the <a href=\"https://openid.net/specs/openid-connect-core-1_0.html#UserInfo\" target=\"_blank\">UserInfo Endpoint</a> specification\nfor a more detailed description of the endpoint.\n<div class=\"iam-resource-return\">The standard claims about the authenticated End-User.\n Depending on the configuration of the authorization server, additional custom claims may also be present.</div>","operationId":"/oauth2/retrieveResourceUsingGet_1","responses":{"200":{"description":"Retrieved the UserInfo claims.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/OpenIdConnectUserInfoResponseDataOverride"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"The access token is missing or invalid.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/OAuth2ErrorResponse"}}}},"404":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>-</td>\n<td>No UserInfo Endpoint available.</td>\n</tr>\n<tr>\n<td>AUTHORIZATION_SERVER_NOT_FOUND</td>\n<td>The authorization server ID does not exist.</td>\n</tr>\n</table>\n</div>\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/OAuth2ErrorResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"post":{"tags":["/oauth2_OAuth 2.0/OIDC"],"summary":"Get UserInfo","description":"Retrieves the OpenID Connect UserInfo Endpoint resource with claims about the End-User. An access token in the\nbearer token format must be provided as authorization.\nRefer to the <a href=\"https://openid.net/specs/openid-connect-core-1_0.html#UserInfo\" target=\"_blank\">UserInfo Endpoint</a> specification\nfor a more detailed description of the endpoint.\n<div class=\"iam-resource-return\">The standard claims about the authenticated End-User.\n Depending on the configuration of the authorization server, additional custom claims may also be present.</div>","operationId":"/oauth2/retrieveResourceUsingPost_1","responses":{"200":{"description":"Retrieved the UserInfo claims.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/OpenIdConnectUserInfoResponseDataOverride"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"The access token is missing or invalid.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"404":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>-</td>\n<td>No UserInfo Endpoint available.</td>\n</tr>\n<tr>\n<td>AUTHORIZATION_SERVER_NOT_FOUND</td>\n<td>The authorization server ID does not exist.</td>\n</tr>\n</table>\n</div>\n","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/oauth2/retrieveResourceUsingGet_1CorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/oauth2_other"]},"parameters":[{"name":"authorizationServerId","in":"path","description":"The authorization server ID.","required":true,"schema":{"type":"string"}}]},"/oauth2/authorization-servers/{authorizationServerId}/session/custom-attributes":{"options":{"operationId":"/oauth2/updateSessionCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/oauth2_other"]},"patch":{"tags":["/oauth2_OAuth 2.0/OIDC"],"summary":"Update attributes","description":"Updates custom attributes of the current OAuth 2.0 session. The JSON:API request resource object must include\nthe session ID as top-level <tt>id</tt> member. An access token in the bearer token format\nmust be provided as authorization.\n<div class=\"iam-resource-return\">The updated OAuth 2.0 session or an error document.</div>","operationId":"/oauth2/updateSession","requestBody":{"description":"The document containing the custom attributes that should be updated. See example for details.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/RequestDocumentOAuth2SessionUpdateRequest"},"examples":{"Session data":{"description":"Session data","value":{"data":{"type":"oauth2-session-custom-attributes","id":"kr01EzwkLbEM9mOyz5yRQQp3foUmxpCnfkyPw6sQ","attributes":{"UpdatableAttribute":"someAllowedValue","NotUpdatableAttribute":"someAllowedValue"}}}}}},"application/json":{"schema":{"$ref":"#/components/schemas/RequestDocumentOAuth2SessionUpdateRequest"},"examples":{"Session data":{"description":"Session data","value":{"data":{"type":"oauth2-session-custom-attributes","id":"kr01EzwkLbEM9mOyz5yRQQp3foUmxpCnfkyPw6sQ","attributes":{"UpdatableAttribute":"someAllowedValue","NotUpdatableAttribute":"someAllowedValue"}}}}}}}},"responses":{"200":{"description":"The OAuth 2.0 session was updated successfully.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/OAuth2CustomAttributesDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/OAuth2CustomAttributesDataResourceDocument"}}}},"204":{"description":"The OAuth 2.0 session has not been changed."},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"The access token is missing or invalid."},"404":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>AUTHORIZATION_SERVER_NOT_FOUND</td>\n<td>The authorization server ID does not exist.</td>\n</tr>\n</table>\n</div>\n"},"409":{"description":"The given session ID in the request document does not match the session of the access token."},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The session management endpoint is not configured."}}},"parameters":[{"name":"authorizationServerId","in":"path","description":"The authorization server ID.","required":true,"schema":{"type":"string"}}]},"/oauth2/authorization-servers/{authorizationServerId}/par":{"post":{"tags":["/oauth2_OAuth 2.0/OIDC"],"summary":"Start PAR","description":"The endpoint used by the client to start a Pushed Authorization Requests (PAR).\nSee also <a href=\"https://datatracker.ietf.org/doc/html/rfc9126\" target=\"_blank\">RFC 9126, OAuth 2.0 Pushed Authorization Requests</a>","operationId":"/oauth2/parEndpoint","requestBody":{"description":"A PAR request according to <a href=\"https://datatracker.ietf.org/doc/html/rfc9126\" target=\"_blank\">RFC 9126, OAuth 2.0 Pushed Authorization Requests</a>","content":{"application/x-www-form-urlencoded":{"schema":{"type":"object","additionalProperties":{"nullable":true}}}},"required":true},"responses":{"201":{"description":"The request was processed successfully and the response contains the <a href=\"https://datatracker.ietf.org/doc/html/rfc9126#name-successful-response\" target=\"_blank\">PAR\nresponse</a>\n","content":{"application/json":{"schema":{"$ref":"#/components/schemas/OAuth2ParData"}}}},"400":{"description":"The request could not be validated. The <a href=\"https://datatracker.ietf.org/doc/html/rfc9126#section-2.3\" target=\"_blank\">error response</a> contains more details","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/OAuth2ErrorResponse"}}}},"404":{"description":"The PAR endpoint is not configured for the specified authorization server","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/OAuth2ErrorResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/oauth2/parEndpointCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/oauth2_other"]},"parameters":[{"name":"authorizationServerId","in":"path","description":"The authorization server ID","required":true,"schema":{"type":"string"}}]},"/oauth2/authorization-servers/{authorizationServerId}/token":{"post":{"tags":["/oauth2_OAuth 2.0/OIDC"],"summary":"Get tokens","description":"The token endpoint is used by the client to obtain an access token\nand refresh token by presenting its authorization grant or refresh token.\nThe token endpoint is used with every authorization grant except for the\nimplicit grant type (since an access token is issued directly).\n<div class=\"iam-docu\">\n<table>\n<tr><th>Use-Case</th><th>Format</th><th>RFC Reference</th></tr>\n<tr><td>OAuth 2.0 / OpenID Connect: Authorization Code Grant</td><td>Access Token Request</td><td>see <a href=\"https://tools.ietf.org/html/rfc6749#section-4.1.3\" target=\"_blank\">RFC 6749, Chapter 4.1.3</a></td></tr>\n<tr><td>OAuth 2.0 / OpenID Connect: Authorization Code Grant</td><td>Access Token Refresh</td><td>see <a href=\"https://tools.ietf.org/html/rfc6749#section-6\" target=\"_blank\">RFC 6749, Chapter 6</a></td></tr>\n<tr><td>OAuth 2.0 Client Credentials Grant</td><td>Access Token Request</td><td>see <a href=\"https://tools.ietf.org/html/rfc6749#section-4.4.2\" target=\"_blank\">RFC 6749, Chapter 4.4.2</a></td></tr>\n</table>\n</div>","operationId":"/oauth2/tokenEndpoint","requestBody":{"description":"Refer to the referenced RFCs in the use-case table above to see which form parameters must be provided.","content":{"application/x-www-form-urlencoded":{"schema":{"type":"object","additionalProperties":{"nullable":true}}}}},"responses":{"200":{"description":"The request was processed successfully and the response contains the requested token(s)."},"400":{"description":"An error has occurred and the response body may contain an error object.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/OAuth2ErrorResponse"}}}},"404":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>AUTHORIZATION_SERVER_NOT_FOUND</td>\n<td>The authorization server ID does not exist.</td>\n</tr>\n</table>\n</div>\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/OAuth2ErrorResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/oauth2/tokenEndpointCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/oauth2_other"]},"parameters":[{"name":"authorizationServerId","in":"path","description":"The authorization server ID.","required":true,"schema":{"type":"string"}}]},"/oauth2/authorization-servers/{authorizationServerId}/introspect":{"post":{"tags":["/oauth2_OAuth 2.0/OIDC"],"summary":"Introspect token","description":"Introspects the specified token. Authentication must be performed with basic authentication using the explicitly\nconfigured credentials. Refer to the <a href=\"https://tools.ietf.org/html/rfc7662\" target=\"_blank\">RFC 7662</a> specification\nfor a more detailed description of the endpoint.\n<div class=\"iam-resource-return\">The metadata of the given token.</div>","operationId":"/oauth2/introspect","requestBody":{"content":{"application/x-www-form-urlencoded":{"schema":{"type":"object","properties":{"token":{"maxLength":10000,"minLength":1,"type":"string","description":"The access or refresh token (mandatory)."},"token_type_hint":{"maxLength":1000,"minLength":0,"type":"string","description":"The token type hint."}}}}}},"responses":{"200":{"description":"Retrieved the token metadata.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/OAuth2TokenIntrospectionResponseData"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing basic authentication credentials.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/OAuth2ErrorResponse"}}}},"404":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>AUTHORIZATION_SERVER_NOT_FOUND</td>\n<td>The authorization server ID does not exist.</td>\n</tr>\n</table>\n</div>\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/OAuth2ErrorResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/oauth2/introspectCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/oauth2_other"]},"parameters":[{"name":"authorizationServerId","in":"path","description":"The authorization server ID.","required":true,"schema":{"type":"string"}}]},"/oauth2/authorization-servers/{authorizationServerId}/revoke":{"post":{"tags":["/oauth2_OAuth 2.0/OIDC"],"summary":"Revoke tokens","description":"Revokes the specified token(s). Client credentials may have to be provided as authorization, if configured.\nRefer to the <a href=\"https://tools.ietf.org/html/rfc7009\" target=\"_blank\">RFC 7009</a> specification\nfor a more detailed description of the endpoint.\n<div class=\"iam-resource-return\">response indicating the success.</div>","operationId":"/oauth2/revoke","requestBody":{"content":{"application/x-www-form-urlencoded":{"schema":{"required":["token"],"type":"object","properties":{"token":{"type":"string","description":"The access or refresh token."},"token_type_hint":{"type":"string","description":"The token type hint."}}}}}},"responses":{"200":{"description":"Successfully revoked the token(s) or invalid token submitted."},"400":{"description":"The request was invalid. Includes an error object as specified in <a href=\"https://tools.ietf.org/html/rfc6749#section-5.2\" target=\"_blank\">RFC6749#5.2</a>.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/OAuth2ErrorResponse"}}}},"401":{"description":"The client credentials are invalid.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/OAuth2ErrorResponse"}}}},"404":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>-</td>\n<td>No token revocation endpoint configured.</td>\n</tr>\n<tr>\n<td>AUTHORIZATION_SERVER_NOT_FOUND</td>\n<td>The authorization server ID does not exist.</td>\n</tr>\n</table>\n</div>\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/OAuth2ErrorResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"/oauth2/revokeCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/oauth2_other"]},"parameters":[{"name":"authorizationServerId","in":"path","description":"The authorization server ID.","required":true,"schema":{"type":"string"}}]},"/oauth2/authorization-servers/{authorizationServerId}/check-origin":{"post":{"tags":["/oauth2_OAuth 2.0/OIDC"],"summary":"Check RP origin","description":"Checks if the provided RP origin is allowed for this authorization server.\n<div class=\"iam-resource-return\">response indicating the success.</div>","operationId":"/oauth2/checkOrigin","requestBody":{"description":"Contains the origin to be verified.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/OpenIdConnectCheckOriginRequest"}}},"required":true},"responses":{"200":{"description":"Result indicating if the provided origin is valid.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/OpenIdConnectOriginCheckDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/OpenIdConnectOriginCheckDataResourceDocument"}}}},"400":{"description":"The request was invalid.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/OAuth2ErrorResponse"}}}},"404":{"description":"<div class=\"iam-error-code\"><table>\n<tr>\n<td>AUTHORIZATION_SERVER_NOT_FOUND</td>\n<td>The authorization server ID does not exist.</td>\n</tr>\n</table>\n</div>\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/OAuth2ErrorResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The OIDC session management is not configured."}},"x-internal":"true"},"options":{"operationId":"/oauth2/checkOriginCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}},"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["/oauth2_other"]},"parameters":[{"name":"authorizationServerId","in":"path","description":"The authorization server ID.","required":true,"schema":{"type":"string"}}]}},"components":{"schemas":{"OAuth2JwkResponseDataOverride":{"type":"object","additionalProperties":{"nullable":true},"description":"Key/value pairs describing the specified resource."},"FlowInformationData":{"required":["flowType","nextStep"],"type":"object","properties":{"flowType":{"type":"string","description":"Type of the current flow.","enum":["authentication","protected-self-service","public-self-service","tech-client-registration","user-self-registration"]},"nextStep":{"type":"string","description":"The next step action."}},"description":"Attributes of this resource."},"FlowInformationDataResourceDocument":{"type":"object","properties":{"data":{"$ref":"#/components/schemas/FlowInformationDataResourceObject"},"included":{"uniqueItems":true,"type":"array","description":"To reduce the number of HTTP requests, servers **MAY** allow responses that include related resources along with the requested primary resources. Such responses are called \"compound documents\".","items":{"$ref":"#/components/schemas/ResourceObjectBase"}},"jsonapi":{"$ref":"#/components/schemas/Jsonapi"},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"}}},"FlowInformationDataResourceObject":{"required":["id","type"],"type":"object","properties":{"attributes":{"$ref":"#/components/schemas/FlowInformationData"},"id":{"type":"string","description":"Identifies the instance of this resource; type and id together make a resource unique.\nWhile the server always returns a valid ID value, it MAY accept a client-generated ID in a request to create\na resource."},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"},"relationships":{"$ref":"#/components/schemas/Relationships"},"type":{"type":"string","description":"Identifies the type of this resource; type and id together make a resource unique.","enum":["flow.information"]}},"description":"An included resource to which the primary data refers."},"Links":{"type":"object","description":"Represents links.","additionalProperties":{"$ref":"#/components/schemas/Link"}},"Relationships":{"description":"Members of the relationships object (\"relationships\") represent references from the resource object in which it's defined to other resource objects.","type":"object","additionalProperties":{"$ref":"#/components/schemas/Relationship"}},"JwksResponseData":{"required":["keys"],"type":"object","properties":{"keys":{"type":"array","items":{"$ref":"#/components/schemas/OAuth2JwkResponseDataOverride"}}},"description":"Set of JWKs as defined in <a href=\"https://tools.ietf.org/html/rfc7517\">RFC 7517</a>"},"MaintenanceMessageData":{"required":["systemAvailable","validFrom","validTo"],"type":"object","properties":{"systemAvailable":{"type":"boolean","description":"Whether the system is available when this message is displayed or not."},"location":{"type":"string","description":"The location (optional, depending on configuration)."},"validFrom":{"type":"string","description":"The validity start date of this message.","format":"date-time"},"validTo":{"type":"string","description":"The validity end date of this message.","format":"date-time"},"language":{"type":"string","description":"Display language (optional, if default language has no translation configured)."},"text":{"type":"string","description":"Translated message (optional, if default language has no translation configured)."}},"description":"Attributes of this resource."},"MaintenanceMessageDataCollectionDocument":{"type":"object","properties":{"data":{"type":"array","items":{"$ref":"#/components/schemas/MaintenanceMessageDataResourceObject"}},"included":{"uniqueItems":true,"type":"array","description":"To reduce the number of HTTP requests, servers **MAY** allow responses that include related resources along with the requested primary resources. Such responses are called \"compound documents\".","items":{"$ref":"#/components/schemas/ResourceObjectBase"}},"jsonapi":{"$ref":"#/components/schemas/Jsonapi"},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"}}},"MaintenanceMessageDataResourceObject":{"required":["id","type"],"type":"object","properties":{"attributes":{"$ref":"#/components/schemas/MaintenanceMessageData"},"id":{"type":"string","description":"Identifies the instance of this resource; type and id together make a resource unique.\nWhile the server always returns a valid ID value, it MAY accept a client-generated ID in a request to create\na resource."},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"},"relationships":{"$ref":"#/components/schemas/Relationships"},"type":{"type":"string","description":"Identifies the type of this resource; type and id together make a resource unique.","enum":["maintenance-message.current"]}},"description":"A collection of included resources to which the primary data refers."},"PasswordPolicyCheckRequest":{"required":["password"],"type":"object","properties":{"password":{"maxLength":100000,"minLength":1,"type":"string","description":"The new password to be checked against the policy."}}},"LocalePreferenceConfigurationData":{"type":"object","properties":{"defaultLanguage":{"type":"string"},"availableLanguages":{"type":"array","items":{"type":"string"}}},"description":"Attributes of this resource."},"LocalePreferenceConfigurationDataResourceDocument":{"type":"object","properties":{"data":{"$ref":"#/components/schemas/LocalePreferenceConfigurationDataResourceObject"},"included":{"uniqueItems":true,"type":"array","description":"To reduce the number of HTTP requests, servers **MAY** allow responses that include related resources along with the requested primary resources. Such responses are called \"compound documents\".","items":{"$ref":"#/components/schemas/ResourceObjectBase"}},"jsonapi":{"$ref":"#/components/schemas/Jsonapi"},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"}}},"LocalePreferenceConfigurationDataResourceObject":{"required":["id","type"],"type":"object","properties":{"attributes":{"$ref":"#/components/schemas/LocalePreferenceConfigurationData"},"id":{"type":"string","description":"Identifies the instance of this resource; type and id together make a resource unique.\nWhile the server always returns a valid ID value, it MAY accept a client-generated ID in a request to create\na resource."},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"},"relationships":{"$ref":"#/components/schemas/Relationships"},"type":{"type":"string","description":"Identifies the type of this resource; type and id together make a resource unique.","enum":["ui.language"]}},"description":"An included resource to which the primary data refers."},"StaticUiConfigurationData":{"type":"object","properties":{"uiTenantId":{"type":"string"}},"description":"Attributes of this resource."},"StaticUiConfigurationDataResourceDocument":{"type":"object","properties":{"data":{"$ref":"#/components/schemas/StaticUiConfigurationDataResourceObject"},"included":{"uniqueItems":true,"type":"array","description":"To reduce the number of HTTP requests, servers **MAY** allow responses that include related resources along with the requested primary resources. Such responses are called \"compound documents\".","items":{"$ref":"#/components/schemas/ResourceObjectBase"}},"jsonapi":{"$ref":"#/components/schemas/Jsonapi"},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"}}},"StaticUiConfigurationDataResourceObject":{"required":["id","type"],"type":"object","properties":{"attributes":{"$ref":"#/components/schemas/StaticUiConfigurationData"},"id":{"type":"string","description":"Identifies the instance of this resource; type and id together make a resource unique.\nWhile the server always returns a valid ID value, it MAY accept a client-generated ID in a request to create\na resource."},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"},"relationships":{"$ref":"#/components/schemas/Relationships"},"type":{"type":"string","description":"Identifies the type of this resource; type and id together make a resource unique.","enum":["ui.static.configuration"]}},"description":"An included resource to which the primary data refers."},"Meta":{"description":"Non-standard meta-information that can not be represented as an attribute or relationship.","type":"object","additionalProperties":{"nullable":true}},"Link":{"description":"A link **MUST** be represented as either: a string containing the link's URL or a link object.","oneOf":[{"description":"A string containing the link's URL.","type":"string","format":"uri-reference"},{"type":"object","required":["href"],"properties":{"href":{"description":"A string containing the link's URL.","type":"string","format":"uri-reference"},"meta":{"$ref":"#/components/schemas/Meta"}}}]},"ResourceIdentifierRef":{"description":"An object that identifies an individual resource","type":"object","nullable":true,"required":["id","type"],"properties":{"type":{"description":"The type of the resource","type":"string"},"id":{"description":"The unique identifier of the resource","type":"string"},"meta":{"$ref":"#/components/schemas/Meta"}}},"LinkageToOne":{"oneOf":[{"$ref":"#/components/schemas/ResourceIdentifierRef"}]},"LinkageToMany":{"type":"array","items":{"$ref":"#/components/schemas/ResourceIdentifierRef"},"minItems":0,"uniqueItems":true},"Linkage":{"oneOf":[{"$ref":"#/components/schemas/LinkageToOne"},{"$ref":"#/components/schemas/LinkageToMany"}]},"Relationship":{"type":"object","properties":{"links":{"$ref":"#/components/schemas/Links"},"data":{"$ref":"#/components/schemas/Linkage"},"meta":{"$ref":"#/components/schemas/Meta"}}},"ResourceObjectBase":{"type":"object","required":["type"],"properties":{"type":{"type":"string"},"id":{"type":"string"},"attributes":{"type":"object"},"relationships":{"$ref":"#/components/schemas/Relationships"},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"}}},"Jsonapi":{"description":"An object describing the server's implementation.","type":"object","properties":{"version":{"description":"A string indicating the highest JSON:API version supported.","type":"string"},"ext":{"description":"An array of URIs for all applied extensions.","type":"array","items":{"type":"string","format":"uri-reference"}},"profile":{"description":"An array of URIs for all applied profiles.","type":"array","items":{"type":"string","format":"uri-reference"}},"meta":{"$ref":"#/components/schemas/Meta"}},"additionalProperties":false},"Pagination":{"type":"object","properties":{"first":{"$ref":"#/components/schemas/Link"},"last":{"$ref":"#/components/schemas/Link"},"prev":{"$ref":"#/components/schemas/Link"},"next":{"$ref":"#/components/schemas/Link"}}},"ResponseDocumentBase":{"type":"object","properties":{"meta":{"$ref":"#/components/schemas/Meta"},"included":{"description":"To reduce the number of HTTP requests, servers **MAY** allow responses that include related resources along with the requested primary resources. Such responses are called \"compound documents\".","type":"array","items":{"$ref":"#/components/schemas/ResourceObjectBase"},"uniqueItems":true},"links":{"description":"Link members related to the primary data.","allOf":[{"$ref":"#/components/schemas/Links"},{"$ref":"#/components/schemas/Pagination"}]},"jsonapi":{"$ref":"#/components/schemas/Jsonapi"}}},"JsonApiError":{"type":"object","description":"A list containing the specific errors.","properties":{"id":{"description":"A unique identifier for this particular occurrence of the problem.","type":"string"},"links":{"$ref":"#/components/schemas/Links"},"status":{"description":"The HTTP status code applicable to this problem, expressed as a string value.","type":"number"},"code":{"description":"An application-specific error code, expressed as a string value.","type":"string"},"title":{"description":"A short, human-readable summary of the problem. It **SHOULD NOT** change from occurrence to occurrence of the problem, except for purposes of localization.","type":"string"},"detail":{"description":"A human-readable explanation specific to this occurrence of the problem.","type":"string"},"source":{"type":"object","properties":{"pointer":{"description":"A JSON Pointer [RFC6901] to the associated entity in the request document [e.g. \"/data\" for a primary data object, or \"/data/attributes/title\" for a specific attribute].","type":"string"},"parameter":{"description":"A string indicating which query parameter caused the error.","type":"string"},"header":{"description":"A string indicating the name of a single request header which caused the error.","type":"string"}}},"meta":{"$ref":"#/components/schemas/Meta"}},"additionalProperties":false},"ErrorDocumentResponse":{"type":"object","additionalProperties":false,"allOf":[{"$ref":"#/components/schemas/ResponseDocumentBase"},{"type":"object","required":["errors"],"properties":{"errors":{"type":"array","items":{"$ref":"#/components/schemas/JsonApiError"},"uniqueItems":true}}}]},"AuthenticationFlowResultDataOverride":{"type":"object","properties":{"nextAuthStep":{"type":"string","description":"Expected next step. See <a href=\"#nextAuthStepCodes\">table</a> for corresponding endpoints."}},"additionalProperties":{"nullable":true},"description":"See <a href=\"#additionalAuthAttributes\">table</a> for possible additional properties."},"LocationInterpretationDataOverride":{"type":"object","additionalProperties":{"nullable":true},"description":"A map of interpretation names and their corresponding interpretation values."},"UserDataEditAuthRequestOverride":{"type":"object","additionalProperties":{"nullable":true},"description":"The data elements to be edited."},"UserDataItemValidationAuthDataOverride":{"required":["type"],"type":"object","properties":{"type":{"type":"string","description":"The type of validation."}},"additionalProperties":{"nullable":true}},"AuthenticationFlowResultDataResourceDocument":{"type":"object","properties":{"data":{"$ref":"#/components/schemas/AuthenticationFlowResultDataResourceObject"},"included":{"uniqueItems":true,"type":"array","description":"To reduce the number of HTTP requests, servers **MAY** allow responses that include related resources along with the requested primary resources. Such responses are called \"compound documents\".","items":{"$ref":"#/components/schemas/ResourceObjectBase"}},"jsonapi":{"$ref":"#/components/schemas/Jsonapi"},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"}}},"AuthenticationFlowResultDataResourceObject":{"required":["id","type"],"type":"object","properties":{"attributes":{"$ref":"#/components/schemas/AuthenticationFlowResultDataOverride"},"id":{"type":"string","description":"Authentication session identifier"},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"},"relationships":{"$ref":"#/components/schemas/Relationships"},"type":{"type":"string","description":"Identifies the type of this resource; type and id together make a resource unique.","enum":["authentication.session"]}},"description":"An included resource to which the primary data refers."},"AuthenticationAirlock2FADeviceEditRequest":{"required":["displayName"],"type":"object","properties":{"displayName":{"maxLength":50,"minLength":1,"type":"string","description":"The new display name of the device. <p>A valid display name is a (non-whitespace) string with maximum 50 characters, where a character can be <ul> <li>a white space</li> <li>any case-sensitive Unicode letter (Unicode L character class)</li> <li>any number</li> <li>or any characters = - + / . ( )</li> </ul> In a transition phase, display names that conform to the definition below are also accepted, but characters that do not match the more strict definition above, will be sanitized. <ul> <li>a white space</li> <li>any case-sensitive Unicode letter (Unicode L character class)</li> <li>any Unicode punctuation (Unicode P character class)</li> <li>any number</li> <li>or any characters = @ # $ +</li> </ul> </p>"}}},"Airlock2FAFlowBindingTokenRequest":{"required":["activationCode"],"type":"object","properties":{"activationCode":{"maxLength":1000,"minLength":1,"type":"string","description":"Activation code for the flow binding token to be retrieved"}}},"AuthenticationAirlock2FAActivationChallengeData":{"required":["activationQrCode","appDeviceActivationUrl"],"type":"object","properties":{"appDeviceActivationUrl":{"type":"string","description":"The URL to trigger the activation on the Airlock 2FA app device."},"activationQrCode":{"type":"string","description":"The base64 encoded PNG representing the QR code needed to activate the device."}},"description":"Attributes of this resource."},"AuthenticationAirlock2FAActivationChallengeDataResourceDocument":{"type":"object","properties":{"data":{"$ref":"#/components/schemas/AuthenticationAirlock2FAActivationChallengeDataResourceObject"},"included":{"uniqueItems":true,"type":"array","description":"To reduce the number of HTTP requests, servers **MAY** allow responses that include related resources along with the requested primary resources. Such responses are called \"compound documents\".","items":{"$ref":"#/components/schemas/ResourceObjectBase"}},"jsonapi":{"$ref":"#/components/schemas/Jsonapi"},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"}}},"AuthenticationAirlock2FAActivationChallengeDataResourceObject":{"required":["id","type"],"type":"object","properties":{"attributes":{"$ref":"#/components/schemas/AuthenticationAirlock2FAActivationChallengeData"},"id":{"type":"string","description":"Identifies the instance of this resource; type and id together make a resource unique.\nWhile the server always returns a valid ID value, it MAY accept a client-generated ID in a request to create\na resource."},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"},"relationships":{"$ref":"#/components/schemas/Relationships"},"type":{"type":"string","description":"Identifies the type of this resource; type and id together make a resource unique.","enum":["authentication.airlock-2fa.activation.challenge"]}},"description":"An included resource to which the primary data refers."},"Airlock2FADeviceEditAuthResponseAttributesData":{"required":["displayName"],"type":"object","properties":{"displayName":{"type":"string","description":"Current value of display name."}},"description":"Attributes of this resource."},"Airlock2FADeviceEditAuthResponseAttributesDataResourceDocument":{"type":"object","properties":{"data":{"$ref":"#/components/schemas/Airlock2FADeviceEditAuthResponseAttributesDataResourceObject"},"included":{"uniqueItems":true,"type":"array","description":"To reduce the number of HTTP requests, servers **MAY** allow responses that include related resources along with the requested primary resources. Such responses are called \"compound documents\".","items":{"$ref":"#/components/schemas/ResourceObjectBase"}},"jsonapi":{"$ref":"#/components/schemas/Jsonapi"},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"}}},"Airlock2FADeviceEditAuthResponseAttributesDataResourceObject":{"required":["id","type"],"type":"object","properties":{"attributes":{"$ref":"#/components/schemas/Airlock2FADeviceEditAuthResponseAttributesData"},"id":{"type":"string","description":"The Airlock 2FA device ID"},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"},"relationships":{"$ref":"#/components/schemas/Relationships"},"type":{"type":"string","description":"Identifies the type of this resource; type and id together make a resource unique.","enum":["authentication.airlock-2fa.device.data"]}},"description":"An included resource to which the primary data refers."},"Airlock2FAOfflineQrCodeCheckRequest":{"required":["otp"],"type":"object","properties":{"otp":{"maxLength":40,"minLength":0,"type":"string","description":"The Offline QR Code OTP to be checked."}}},"Airlock2FAPasscodeCheckRequest":{"required":["passcode"],"type":"object","properties":{"passcode":{"maxLength":40,"minLength":0,"type":"string","description":"The passcode to be checked."}}},"Airlock2FADeviceData":{"required":["deviceType","displayName"],"type":"object","properties":{"displayName":{"type":"string"},"deviceType":{"type":"string","enum":["ANDROID","IOS","HARDWARE"]}},"description":"Attributes of this resource."},"Airlock2FADeviceDataCollectionDocument":{"type":"object","properties":{"data":{"type":"array","items":{"$ref":"#/components/schemas/Airlock2FADeviceDataResourceObject"}},"included":{"uniqueItems":true,"type":"array","description":"To reduce the number of HTTP requests, servers **MAY** allow responses that include related resources along with the requested primary resources. Such responses are called \"compound documents\".","items":{"$ref":"#/components/schemas/ResourceObjectBase"}},"jsonapi":{"$ref":"#/components/schemas/Jsonapi"},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"}}},"Airlock2FADeviceDataResourceObject":{"required":["id","type"],"type":"object","properties":{"attributes":{"$ref":"#/components/schemas/Airlock2FADeviceData"},"id":{"type":"string","description":"The Airlock 2FA device id for device selection."},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"},"relationships":{"$ref":"#/components/schemas/Relationships"},"type":{"type":"string","description":"Identifies the type of this resource; type and id together make a resource unique.","enum":["authentication.airlock-2fa.device"]}},"description":"A collection of included resources to which the primary data refers."},"Airlock2FAMobileOnlyChallengeData":{"required":["authUri"],"type":"object","properties":{"authUri":{"type":"string","description":"URI that contains the challenge to be used by the authenticating mobile app to perform the authentication. In scenarios where the authentication is performed by a dedicated authentication app, such as the Airlock 2FA app, the URI can also be used to perform the switch from the initiating app to the authentication app."}},"description":"Attributes of this resource."},"Airlock2FAMobileOnlyChallengeDataResourceDocument":{"type":"object","properties":{"data":{"$ref":"#/components/schemas/Airlock2FAMobileOnlyChallengeDataResourceObject"},"included":{"uniqueItems":true,"type":"array","description":"To reduce the number of HTTP requests, servers **MAY** allow responses that include related resources along with the requested primary resources. Such responses are called \"compound documents\".","items":{"$ref":"#/components/schemas/ResourceObjectBase"}},"jsonapi":{"$ref":"#/components/schemas/Jsonapi"},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"}}},"Airlock2FAMobileOnlyChallengeDataResourceObject":{"required":["id","type"],"type":"object","properties":{"attributes":{"$ref":"#/components/schemas/Airlock2FAMobileOnlyChallengeData"},"id":{"type":"string","description":"Identifies the instance of this resource; type and id together make a resource unique.\nWhile the server always returns a valid ID value, it MAY accept a client-generated ID in a request to create\na resource."},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"},"relationships":{"$ref":"#/components/schemas/Relationships"},"type":{"type":"string","description":"Identifies the type of this resource; type and id together make a resource unique.","enum":["authentication.airlock-2fa.mobile-only.challenge"]}},"description":"An included resource to which the primary data refers."},"Airlock2FAOfflineQrCodeChallengeData":{"required":["challengeImage"],"type":"object","properties":{"challengeImage":{"type":"string","description":"Base64-encoded PNG image of a QR code."}},"description":"Attributes of this resource."},"Airlock2FAOfflineQrCodeChallengeDataResourceDocument":{"type":"object","properties":{"data":{"$ref":"#/components/schemas/Airlock2FAOfflineQrCodeChallengeDataResourceObject"},"included":{"uniqueItems":true,"type":"array","description":"To reduce the number of HTTP requests, servers **MAY** allow responses that include related resources along with the requested primary resources. Such responses are called \"compound documents\".","items":{"$ref":"#/components/schemas/ResourceObjectBase"}},"jsonapi":{"$ref":"#/components/schemas/Jsonapi"},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"}}},"Airlock2FAOfflineQrCodeChallengeDataResourceObject":{"required":["id","type"],"type":"object","properties":{"attributes":{"$ref":"#/components/schemas/Airlock2FAOfflineQrCodeChallengeData"},"id":{"type":"string","description":"Identifies the instance of this resource; type and id together make a resource unique.\nWhile the server always returns a valid ID value, it MAY accept a client-generated ID in a request to create\na resource."},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"},"relationships":{"$ref":"#/components/schemas/Relationships"},"type":{"type":"string","description":"Identifies the type of this resource; type and id together make a resource unique.","enum":["authentication.airlock-2fa.offline-qr-code.challenge"]}},"description":"An included resource to which the primary data refers."},"Airlock2FAZeroTouchInformationData":{"required":["zeroTouchEnabled"],"type":"object","properties":{"zeroTouchEnabled":{"type":"boolean","description":"Flag to determine if either Zero-Touch or One-Touch is enabled."},"frontEndBaseUrl":{"type":"string","description":"The external base URL of the Futurae server. Only available if Zero-Touch is enabled."},"sessionToken":{"type":"string","description":"The token that is to be supplied to the client executing Zero-Touch. Only available if Zero-Touch is enabled."},"loginId":{"type":"string","description":"The login ID is used to correlate the authentication on the client (login form) with the One-Touch push notification on the 2FA device."}},"description":"Attributes of this resource."},"Airlock2FAZeroTouchInformationDataResourceDocument":{"type":"object","properties":{"data":{"$ref":"#/components/schemas/Airlock2FAZeroTouchInformationDataResourceObject"},"included":{"uniqueItems":true,"type":"array","description":"To reduce the number of HTTP requests, servers **MAY** allow responses that include related resources along with the requested primary resources. Such responses are called \"compound documents\".","items":{"$ref":"#/components/schemas/ResourceObjectBase"}},"jsonapi":{"$ref":"#/components/schemas/Jsonapi"},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"}}},"Airlock2FAZeroTouchInformationDataResourceObject":{"required":["id","type"],"type":"object","properties":{"attributes":{"$ref":"#/components/schemas/Airlock2FAZeroTouchInformationData"},"id":{"type":"string","description":"Identifies the instance of this resource; type and id together make a resource unique.\nWhile the server always returns a valid ID value, it MAY accept a client-generated ID in a request to create\na resource."},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"},"relationships":{"$ref":"#/components/schemas/Relationships"},"type":{"type":"string","description":"Identifies the type of this resource; type and id together make a resource unique.","enum":["authentication.airlock-2fa.zero-touch.information"]}},"description":"An included resource to which the primary data refers."},"Airlock2FARecoveryFlowBindingRequest":{"required":["deviceIds"],"type":"object","properties":{"deviceIds":{"type":"array","description":"Identifiers of the devices to be recovered. Exactly one of the identifiers should correspond to a device of the current user.","items":{"maxLength":100,"minLength":1,"type":"string"}}}},"OptionalForwardLocationAccessRequest":{"type":"object","properties":{"location":{"maxLength":100000,"minLength":1,"type":"string","description":"The optional forward location to be used for identity propagation (ignored for application selection)."}}},"OAuth2AuthorizationRequest":{"required":["queryString"],"type":"object","properties":{"queryString":{"maxLength":100000,"minLength":1,"type":"string","description":"The original query string containing all OAuth 2.0/OIDC parameters; without leading question mark."}}},"ForwardLocationAccessRequest":{"required":["location"],"type":"object","properties":{"location":{"maxLength":100000,"minLength":1,"type":"string","description":"The forward location that should be used for target app selection."}}},"AuthenticationDynamicStepActivationData":{"type":"object","properties":{"activatable":{"type":"boolean","description":"Whether this step is activatable from the current step."},"deactivatable":{"type":"boolean","description":"Whether this step is deactivatable from the current step."},"activated":{"type":"boolean","description":"Whether this step is currently activated."}},"description":"Attributes of this resource."},"AuthenticationDynamicStepActivationDataCollectionDocument":{"type":"object","properties":{"data":{"type":"array","items":{"$ref":"#/components/schemas/AuthenticationDynamicStepActivationDataResourceObject"}},"included":{"uniqueItems":true,"type":"array","description":"To reduce the number of HTTP requests, servers **MAY** allow responses that include related resources along with the requested primary resources. Such responses are called \"compound documents\".","items":{"$ref":"#/components/schemas/ResourceObjectBase"}},"jsonapi":{"$ref":"#/components/schemas/Jsonapi"},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"}}},"AuthenticationDynamicStepActivationDataResourceObject":{"required":["id","type"],"type":"object","properties":{"attributes":{"$ref":"#/components/schemas/AuthenticationDynamicStepActivationData"},"id":{"type":"string","description":"The target step ID."},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"},"relationships":{"$ref":"#/components/schemas/Relationships"},"type":{"type":"string","description":"Identifies the type of this resource; type and id together make a resource unique.","enum":["authentication.dynamic-step"]}},"description":"A collection of included resources to which the primary data refers."},"AuthenticationData":{"type":"object","properties":{"latestSuccessfulAuthentication":{"type":"string","description":"The timestamp of the latest successful authentication, only if there has already been one, otherwise null.","format":"date-time"},"userId":{"type":"string","description":"The technical ID of this user.","x-internal":"true"}},"description":"Attributes of this resource."},"AuthenticationDataResourceDocument":{"type":"object","properties":{"data":{"$ref":"#/components/schemas/AuthenticationDataResourceObject"},"included":{"uniqueItems":true,"type":"array","description":"To reduce the number of HTTP requests, servers **MAY** allow responses that include related resources along with the requested primary resources. Such responses are called \"compound documents\".","items":{"$ref":"#/components/schemas/ResourceObjectBase"}},"jsonapi":{"$ref":"#/components/schemas/Jsonapi"},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"}}},"AuthenticationDataResourceObject":{"required":["id","type"],"type":"object","properties":{"attributes":{"$ref":"#/components/schemas/AuthenticationData"},"id":{"type":"string","description":"Authentication session identifier"},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"},"relationships":{"$ref":"#/components/schemas/Relationships"},"type":{"type":"string","description":"Identifies the type of this resource; type and id together make a resource unique.","enum":["authentication.data"]}},"description":"An included resource to which the primary data refers."},"AuthenticationGotoTargetAttributesData":{"type":"object","properties":{"treatedAsFailure":{"type":"boolean","description":"Whether an interactive goto to this target is treated as a failure (e.g. failed attempt counters are increased if applicable)."}},"description":"Attributes of this resource."},"AuthenticationGotoTargetAttributesDataCollectionDocument":{"type":"object","properties":{"data":{"type":"array","items":{"$ref":"#/components/schemas/AuthenticationGotoTargetAttributesDataResourceObject"}},"included":{"uniqueItems":true,"type":"array","description":"To reduce the number of HTTP requests, servers **MAY** allow responses that include related resources along with the requested primary resources. Such responses are called \"compound documents\".","items":{"$ref":"#/components/schemas/ResourceObjectBase"}},"jsonapi":{"$ref":"#/components/schemas/Jsonapi"},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"}}},"AuthenticationGotoTargetAttributesDataResourceObject":{"required":["id","type"],"type":"object","properties":{"attributes":{"$ref":"#/components/schemas/AuthenticationGotoTargetAttributesData"},"id":{"type":"string","description":"The step ID."},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"},"relationships":{"$ref":"#/components/schemas/Relationships"},"type":{"type":"string","description":"Identifies the type of this resource; type and id together make a resource unique.","enum":["authentication.goto-target"]}},"description":"A collection of included resources to which the primary data refers."},"SelectionOptionData":{"type":"object","properties":{"lastSelected":{"type":"boolean","description":"Flag indicating whether this selection was last selected. This flag is only sent if true."}},"description":"Attributes of this resource."},"SelectionOptionDataCollectionDocument":{"type":"object","properties":{"data":{"type":"array","items":{"$ref":"#/components/schemas/SelectionOptionDataResourceObject"}},"included":{"uniqueItems":true,"type":"array","description":"To reduce the number of HTTP requests, servers **MAY** allow responses that include related resources along with the requested primary resources. Such responses are called \"compound documents\".","items":{"$ref":"#/components/schemas/ResourceObjectBase"}},"jsonapi":{"$ref":"#/components/schemas/Jsonapi"},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"}}},"SelectionOptionDataResourceObject":{"required":["id","type"],"type":"object","properties":{"attributes":{"$ref":"#/components/schemas/SelectionOptionData"},"id":{"type":"string","description":"The identifier of this option."},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"},"relationships":{"$ref":"#/components/schemas/Relationships"},"type":{"type":"string","description":"Identifies the type of this resource; type and id together make a resource unique.","enum":["authentication.selection.option"]}},"description":"A collection of included resources to which the primary data refers."},"TermsOfServiceAuthResultData":{"required":["disclaimerText"],"type":"object","properties":{"disclaimerText":{"type":"string","description":"The full terms of service text translated into the requested language."}},"description":"Attributes of this resource."},"TermsOfServiceAuthResultDataCollectionDocument":{"type":"object","properties":{"data":{"type":"array","items":{"$ref":"#/components/schemas/TermsOfServiceAuthResultDataResourceObject"}},"included":{"uniqueItems":true,"type":"array","description":"To reduce the number of HTTP requests, servers **MAY** allow responses that include related resources along with the requested primary resources. Such responses are called \"compound documents\".","items":{"$ref":"#/components/schemas/ResourceObjectBase"}},"jsonapi":{"$ref":"#/components/schemas/Jsonapi"},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"}}},"TermsOfServiceAuthResultDataResourceObject":{"required":["id","type"],"type":"object","properties":{"attributes":{"$ref":"#/components/schemas/TermsOfServiceAuthResultData"},"id":{"type":"string","description":"Tag ID that identifies this terms of service instance"},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"},"relationships":{"$ref":"#/components/schemas/Relationships"},"type":{"type":"string","description":"Identifies the type of this resource; type and id together make a resource unique.","enum":["authentication.terms-of-service"]}},"description":"A collection of included resources to which the primary data refers."},"ApplicationIdData":{"type":"object","properties":{"applicationId":{"type":"string","description":"The application ID."}}},"CrontoActivationChallengeData":{"required":["challengeImage"],"type":"object","properties":{"challengeImage":{"type":"string","description":"Challenge image (cryptogram) in format \"image/png\" encoded into a base64 string."},"secureChannelChallenge":{"type":"string","description":"The secure channel challenge (for use in app-to-app scenarios)."}},"description":"Attributes of this resource."},"CrontoActivationChallengeDataResourceDocument":{"type":"object","properties":{"data":{"$ref":"#/components/schemas/CrontoActivationChallengeDataResourceObject"},"included":{"uniqueItems":true,"type":"array","description":"To reduce the number of HTTP requests, servers **MAY** allow responses that include related resources along with the requested primary resources. Such responses are called \"compound documents\".","items":{"$ref":"#/components/schemas/ResourceObjectBase"}},"jsonapi":{"$ref":"#/components/schemas/Jsonapi"},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"}}},"CrontoActivationChallengeDataResourceObject":{"required":["id","type"],"type":"object","properties":{"attributes":{"$ref":"#/components/schemas/CrontoActivationChallengeData"},"id":{"type":"string","description":"Identifies the instance of this resource; type and id together make a resource unique.\nWhile the server always returns a valid ID value, it MAY accept a client-generated ID in a request to create\na resource."},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"},"relationships":{"$ref":"#/components/schemas/Relationships"},"type":{"type":"string","description":"Identifies the type of this resource; type and id together make a resource unique.","enum":["authentication.cronto.device.activation-challenge"]}},"description":"An included resource to which the primary data refers."},"CrontoStartDeviceActivationFlowRequest":{"required":["firstOtp"],"type":"object","properties":{"firstOtp":{"maxLength":200,"minLength":1,"type":"string","description":"The OTP from the Cronto activation letter."}}},"CrontoCompleteDeviceActivationFlowRequest":{"required":["label","secondOtp"],"type":"object","properties":{"secondOtp":{"maxLength":200,"minLength":1,"type":"string","description":"The OTP obtained by scanning the challenge cryptogram."},"label":{"maxLength":100,"minLength":1,"type":"string","description":"The name of the new Cronto device, consisting of letters, digits, _, - and spaces."}}},"GenericOtpCheckRequest":{"required":["otp"],"type":"object","properties":{"otp":{"maxLength":200,"minLength":1,"type":"string","description":"The OTP to be verified."}}},"CrontoChallengeData":{"type":"object","properties":{"challengeImage":{"type":"string","description":"Challenge image (cryptogram) in format \"image/png\" encoded into a base64 string."},"secureChannelChallenge":{"type":"string","description":"The secure channel challenge (for use in app-to-app scenarios)."},"onlineValidation":{"type":"boolean","description":"Indicates whether \"online validation\" is available (if true, the Cronto app can directly send the OTP to the server)."},"pushed":{"type":"boolean","description":"Indicates whether the challenge has been pushed directly to the device / Cronto app."},"pushLoginId":{"type":"string","description":"Optional login ID that has been pushed to the device. Only set if the challenge has been pushed directly and login ID generation is enabled."},"pushDevices":{"type":"array","description":"Contains information about the device if the challenge has been pushed.","items":{"$ref":"#/components/schemas/CrontoChallengePushDeviceData"}}},"description":"Attributes of this resource."},"CrontoChallengeDataResourceDocument":{"type":"object","properties":{"data":{"$ref":"#/components/schemas/CrontoChallengeDataResourceObject"},"included":{"uniqueItems":true,"type":"array","description":"To reduce the number of HTTP requests, servers **MAY** allow responses that include related resources along with the requested primary resources. Such responses are called \"compound documents\".","items":{"$ref":"#/components/schemas/ResourceObjectBase"}},"jsonapi":{"$ref":"#/components/schemas/Jsonapi"},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"}}},"CrontoChallengeDataResourceObject":{"required":["id","type"],"type":"object","properties":{"attributes":{"$ref":"#/components/schemas/CrontoChallengeData"},"id":{"type":"string","description":"Identifies the instance of this resource; type and id together make a resource unique.\nWhile the server always returns a valid ID value, it MAY accept a client-generated ID in a request to create\na resource."},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"},"relationships":{"$ref":"#/components/schemas/Relationships"},"type":{"type":"string","description":"Identifies the type of this resource; type and id together make a resource unique.","enum":["authentication.cronto.challenge"]}},"description":"An included resource to which the primary data refers."},"CrontoChallengePushDeviceData":{"type":"object","properties":{"id":{"type":"string","description":"The device ID."},"label":{"type":"string","description":"Optional label of the push device."},"platform":{"type":"string","description":"The device platform. One of 'IOS' or 'ANDROID'."}}},"AuthenticationCrontoPushDeviceData":{"required":["defaultDevice","label"],"type":"object","properties":{"label":{"type":"string","description":"Label of the push device."},"defaultDevice":{"type":"boolean","description":"Indicates, whether this is the default device."}},"description":"Attributes of this resource."},"AuthenticationCrontoPushDeviceDataCollectionDocument":{"type":"object","properties":{"data":{"type":"array","items":{"$ref":"#/components/schemas/AuthenticationCrontoPushDeviceDataResourceObject"}},"included":{"uniqueItems":true,"type":"array","description":"To reduce the number of HTTP requests, servers **MAY** allow responses that include related resources along with the requested primary resources. Such responses are called \"compound documents\".","items":{"$ref":"#/components/schemas/ResourceObjectBase"}},"jsonapi":{"$ref":"#/components/schemas/Jsonapi"},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"}}},"AuthenticationCrontoPushDeviceDataResourceObject":{"required":["id","type"],"type":"object","properties":{"attributes":{"$ref":"#/components/schemas/AuthenticationCrontoPushDeviceData"},"id":{"type":"string","description":"The temporary id of this Cronto push device. To be used in the follow-up call to select a device."},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"},"relationships":{"$ref":"#/components/schemas/Relationships"},"type":{"type":"string","description":"Identifies the type of this resource; type and id together make a resource unique.","enum":["authentication.cronto.push-device"]}},"description":"A collection of included resources to which the primary data refers."},"CrontoPushActivationChallengeData":{"required":["challengeImage"],"type":"object","properties":{"challengeImage":{"type":"string","description":"Challenge image (cryptogram) in format \"image/png\" encoded into a base64 string."},"secureChannelChallenge":{"type":"string","description":"The secure channel challenge (for use in app-to-app scenarios)."}},"description":"Attributes of this resource."},"CrontoPushActivationChallengeDataResourceDocument":{"type":"object","properties":{"data":{"$ref":"#/components/schemas/CrontoPushActivationChallengeDataResourceObject"},"included":{"uniqueItems":true,"type":"array","description":"To reduce the number of HTTP requests, servers **MAY** allow responses that include related resources along with the requested primary resources. Such responses are called \"compound documents\".","items":{"$ref":"#/components/schemas/ResourceObjectBase"}},"jsonapi":{"$ref":"#/components/schemas/Jsonapi"},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"}}},"CrontoPushActivationChallengeDataResourceObject":{"required":["id","type"],"type":"object","properties":{"attributes":{"$ref":"#/components/schemas/CrontoPushActivationChallengeData"},"id":{"type":"string","description":"Identifies the instance of this resource; type and id together make a resource unique.\nWhile the server always returns a valid ID value, it MAY accept a client-generated ID in a request to create\na resource."},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"},"relationships":{"$ref":"#/components/schemas/Relationships"},"type":{"type":"string","description":"Identifies the type of this resource; type and id together make a resource unique.","enum":["authentication.cronto.push-device.activation-challenge"]}},"description":"An included resource to which the primary data refers."},"DeviceTokenResponseCheckRequest":{"required":["jwt"],"type":"object","properties":{"jwt":{"maxLength":100000,"minLength":1,"type":"string","description":"The JWT to be verified."}}},"DeviceTokenChallengeData":{"required":["challenge","validTo"],"type":"object","properties":{"challenge":{"type":"string","description":"Alphanumeric challenge string."},"validTo":{"type":"string","description":"The challenge can be verified up to this point in time, it will no longer be accepted afterwards.","format":"date-time"}},"description":"Attributes of this resource."},"DeviceTokenChallengeDataResourceDocument":{"type":"object","properties":{"data":{"$ref":"#/components/schemas/DeviceTokenChallengeDataResourceObject"},"included":{"uniqueItems":true,"type":"array","description":"To reduce the number of HTTP requests, servers **MAY** allow responses that include related resources along with the requested primary resources. Such responses are called \"compound documents\".","items":{"$ref":"#/components/schemas/ResourceObjectBase"}},"jsonapi":{"$ref":"#/components/schemas/Jsonapi"},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"}}},"DeviceTokenChallengeDataResourceObject":{"required":["id","type"],"type":"object","properties":{"attributes":{"$ref":"#/components/schemas/DeviceTokenChallengeData"},"id":{"type":"string","description":"Identifies the instance of this resource; type and id together make a resource unique.\nWhile the server always returns a valid ID value, it MAY accept a client-generated ID in a request to create\na resource."},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"},"relationships":{"$ref":"#/components/schemas/Relationships"},"type":{"type":"string","description":"Identifies the type of this resource; type and id together make a resource unique.","enum":["authentication.device-token.challenge"]}},"description":"An included resource to which the primary data refers."},"DeviceTokenRegistrationRequest":{"required":["publicJwk"],"type":"object","properties":{"publicJwk":{"type":"object","additionalProperties":{"type":"string","description":"The public key attributes according to the JSON web-key specification RFC7517 (at the moment only keys of type \"EC\" are supported)."},"description":"The public key attributes according to the JSON web-key specification RFC7517 (at the moment only keys of type \"EC\" are supported)."},"label":{"type":"string","description":"A device description (for example \"My office phone\") used to identify a device by the user or help desk (optional)."},"serial":{"type":"string","description":"A device serial number (for example \"XYZ10983482347\") used to identify a device by the user or help desk (optional)."}}},"FidoAuthenticationChallengeData":{"required":["publicKeyCredentialRequestOptions"],"type":"object","properties":{"publicKeyCredentialRequestOptions":{"$ref":"#/components/schemas/FidoPublicKeyCredentialRequestOptionsData"}},"description":"Attributes of this resource."},"FidoAuthenticationChallengeDataResourceDocument":{"type":"object","properties":{"data":{"$ref":"#/components/schemas/FidoAuthenticationChallengeDataResourceObject"},"included":{"uniqueItems":true,"type":"array","description":"To reduce the number of HTTP requests, servers **MAY** allow responses that include related resources along with the requested primary resources. Such responses are called \"compound documents\".","items":{"$ref":"#/components/schemas/ResourceObjectBase"}},"jsonapi":{"$ref":"#/components/schemas/Jsonapi"},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"}}},"FidoAuthenticationChallengeDataResourceObject":{"required":["id","type"],"type":"object","properties":{"attributes":{"$ref":"#/components/schemas/FidoAuthenticationChallengeData"},"id":{"type":"string","description":"Identifies the instance of this resource; type and id together make a resource unique.\nWhile the server always returns a valid ID value, it MAY accept a client-generated ID in a request to create\na resource."},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"},"relationships":{"$ref":"#/components/schemas/Relationships"},"type":{"type":"string","description":"Identifies the type of this resource; type and id together make a resource unique.","enum":["authentication.fido.challenge"]}},"description":"An included resource to which the primary data refers."},"FidoPublicKeyCredentialRequestOptionsData":{"required":["challenge","rpId","timeout","userVerification"],"type":"object","properties":{"challenge":{"type":"string","description":"A challenge that the selected authenticator signs among other data and is included in the assertion response sent back to relying party for verification."},"timeout":{"type":"integer","description":"Time in milliseconds, that relying party is willing to wait for the verification to complete. Afterwards the verification will always fail.","format":"int64"},"rpId":{"type":"string","description":"The relying party identifier claimed by IAM."},"allowCredentials":{"type":"array","description":"A list representing public key credentials acceptable for authentication, in descending order of preference. The list will be null, when such credentials cannot be determined. This is only the case, when FIDO passwordless authentication is used. When standard (non-passwordless) FIDO authentication is used, the list will never be null.","items":{"$ref":"#/components/schemas/PublicKeyCredentialDescriptorData"}},"userVerification":{"type":"string","description":"Describes the requirements regarding user verification for the authentication step. On the client side eligible authenticators are filtered to only those capable of satisfying this requirement.","enum":["required","preferred","discouraged"]}},"description":"Options to request a signed assertion of a matching FIDO public-key credential from the authenticator."},"PublicKeyCredentialDescriptorData":{"required":["id","type"],"type":"object","properties":{"type":{"type":"string","description":"The type of the credential, always \"public-key\".","enum":["public-key"]},"id":{"type":"string","description":"Base64url encoding of a credential ID identifying a public-key credential."},"transports":{"uniqueItems":true,"type":"array","description":"The types of transports, which are allowed for the user to authenticate with.","items":{"type":"string","enum":["ble","nfc","usb","internal","hybrid","smart-card"]}}}},"FidoCredentialDisplayNameChangeRequest":{"required":["displayName"],"type":"object","properties":{"displayName":{"maxLength":100,"minLength":1,"type":"string","description":"New human-rememberable name for the credential, intended only for display."}}},"FidoClientFailureRequest":{"required":["message","reason"],"type":"object","properties":{"reason":{"type":"string","description":"The reason for the client failure.","enum":["ABORTED","NOT_ALLOWED","NO_WEB_AUTHN","UNKNOWN"]},"message":{"maxLength":2000,"minLength":0,"type":"string","description":"A message describing the client failure."}}},"FidoAssertionPublicKeyCredentialData":{"required":["id","response","type"],"type":"object","properties":{"id":{"type":"string","description":"Base64url encoding of the FIDO credential ID used for this authentication attempt."},"type":{"type":"string","description":"Type of the FIDO credential."},"response":{"$ref":"#/components/schemas/FidoAuthenticatorAssertionData"}},"description":"Information about the assertion to be checked."},"FidoAuthenticationPublicKeyCredentialRequest":{"required":["publicKeyCredential"],"type":"object","properties":{"publicKeyCredential":{"$ref":"#/components/schemas/FidoAssertionPublicKeyCredentialData"}}},"FidoAuthenticatorAssertionData":{"required":["authenticatorData","clientDataJSON","signature"],"type":"object","properties":{"clientDataJSON":{"type":"string","description":"Contains the JSON-serialized client data passed to the authenticator by the client in order to generate this credential. The exact JSON serialization MUST be preserved, as the hash of the serialized client data has been computed over it."},"authenticatorData":{"type":"string","description":"This attribute contains the authenticator data returned by the authenticator."},"signature":{"type":"string","description":"This attribute contains the raw signature returned from the authenticator."},"userHandle":{"maxLength":2147483647,"minLength":1,"type":"string","description":"This attribute contains the user handle returned from the authenticator, or null if the authenticator did not return a user handle."}},"description":"Data sent by the authenticator in response to the challenge."},"FidoAuthenticatorSelectionCriteriaData":{"required":["requireResidentKey","userVerification"],"type":"object","properties":{"authenticatorAttachment":{"type":"string","description":"Specifies which type of FIDO authenticator can be used for registration.","enum":["platform","cross-platform"]},"requireResidentKey":{"type":"boolean","description":"If true, the authenticator must create a client-side-resident public key credential source when creating a public-key credential.\nThis ensures that the registered credential may also be used for passwordless login. Otherwise, passwordless login may not be\npossible depending on the authenticator."},"residentKey":{"type":"string","description":"Describes the Relying Party's requirements for client-side discoverable credentials.\nFor passwordless login, this settings must be \"required\".","enum":["required","preferred","discouraged"]},"userVerification":{"type":"string","description":"Specifies whether the FIDO authenticator should perform user verification to ensure that only the intended user authorizes the creation of a new FIDO credential (see <a href=\"https://www.w3.org/TR/webauthn/#user-verification\">Web Authentication - User Verification</a>). Note that how user verification is performed (user presence, pin code, biometric recognition, ...) is not specified and depends on the authenticator.","enum":["required","preferred","discouraged"]}},"description":"Specifies properties of a FIDO authenticator required to be used for registration."},"FidoPublicKeyCreationOptionsData":{"required":["challenge","pubKeyCredParams","rp","timeout","user"],"type":"object","properties":{"rp":{"$ref":"#/components/schemas/FidoPublicKeyCredentialRpEntityData"},"user":{"$ref":"#/components/schemas/FidoPublicKeyCredentialUserEntityData"},"challenge":{"type":"string","description":"Base64url-encoded challenge intended to be used for generating the newly created credential's attestation object."},"pubKeyCredParams":{"type":"array","description":"Preferences relevant to the creation of FIDO credentials. The list is ordered from most preferred to least preferred.","items":{"$ref":"#/components/schemas/FidoPublicKeyCredentialParametersData"}},"timeout":{"type":"integer","description":"Time in milliseconds, that the relying party is willing to wait for the verification to complete. Afterwards the verification will always fail.","format":"int64"},"excludeCredentials":{"type":"array","description":"Specifies a list of FIDO credentials that were already registered for this user and relying party (identified by its relying party ID). This ensures that a user will not be able to register an additional FIDO credential for this relying party on the <em>same</em> FIDO authenticator that was previously used to register one of the specified credentials. Users can register several credentials for the same relying party on <em>different</em> FIDO authenticators (this is recommended for back-up reasons).","items":{"$ref":"#/components/schemas/PublicKeyCredentialDescriptorData"}},"authenticatorSelection":{"$ref":"#/components/schemas/FidoAuthenticatorSelectionCriteriaData"},"attestation":{"type":"string","description":"Preference for the conveyance of a FIDO attestation.","enum":["none","indirect","direct"]}},"description":"Options for the creation of a new FIDO public-key credential."},"FidoPublicKeyCredentialParametersData":{"required":["alg","type"],"type":"object","properties":{"type":{"type":"string","description":"Type of credential to be created.","enum":["public-key"]},"alg":{"type":"integer","description":"Number specifying the cryptographic signature algorithm with which the newly generated credential will be used, and thus also the type of asymmetric key pair to be generated, e.g., RSA or Elliptic Curve. The number used is specified by the COSE algorithms registry (see https://www.iana.org/assignments/cose/cose.xhtml#algorithms).","format":"int64"}}},"FidoPublicKeyCredentialRpEntityData":{"required":["id","name"],"type":"object","properties":{"name":{"type":"string","description":"Human-rememberable name intended for display."},"id":{"type":"string","description":"Relying party ID configured in IAM. This is a valid domain string that identifies the relying party on whose behalf the registration is being performed. A public-key credential can only be used for authentication with the same relying party (as identified by its ID) it was registered with."}},"description":"Information about the relying party for which this FIDO credential should be registered."},"FidoPublicKeyCredentialUserEntityData":{"required":["displayName","id","name"],"type":"object","properties":{"name":{"type":"string","description":"Human-rememberable name intended for display."},"id":{"type":"string","description":"User handle used to map a specific public key credential to a specific IAM user account."},"displayName":{"type":"string","description":"Name of the credential to be registered given by the user in the request. Intended only for display to help the user choose between several credentials."}},"description":"Information about the user owning the future FIDO credential."},"FidoRegistrationAuthenticationChallengeData":{"required":["publicKeyCredentialCreationOptions"],"type":"object","properties":{"publicKeyCredentialCreationOptions":{"$ref":"#/components/schemas/FidoPublicKeyCreationOptionsData"}},"description":"Attributes of this resource."},"FidoRegistrationAuthenticationChallengeDataResourceDocument":{"type":"object","properties":{"data":{"$ref":"#/components/schemas/FidoRegistrationAuthenticationChallengeDataResourceObject"},"included":{"uniqueItems":true,"type":"array","description":"To reduce the number of HTTP requests, servers **MAY** allow responses that include related resources along with the requested primary resources. Such responses are called \"compound documents\".","items":{"$ref":"#/components/schemas/ResourceObjectBase"}},"jsonapi":{"$ref":"#/components/schemas/Jsonapi"},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"}}},"FidoRegistrationAuthenticationChallengeDataResourceObject":{"required":["id","type"],"type":"object","properties":{"attributes":{"$ref":"#/components/schemas/FidoRegistrationAuthenticationChallengeData"},"id":{"type":"string","description":"Identifies the instance of this resource; type and id together make a resource unique.\nWhile the server always returns a valid ID value, it MAY accept a client-generated ID in a request to create\na resource."},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"},"relationships":{"$ref":"#/components/schemas/Relationships"},"type":{"type":"string","description":"Identifies the type of this resource; type and id together make a resource unique.","enum":["authentication.fido.registration.challenge"]}},"description":"An included resource to which the primary data refers."},"FidoRegistrationChallengeRequest":{"type":"object","properties":{"displayName":{"maxLength":100,"type":"string","description":"Human-rememberable name for the credential to be registered, intended only for display."}}},"FidoRegistrationClientFailureRequest":{"required":["message","reason"],"type":"object","properties":{"reason":{"type":"string","description":"The reason for the client failure.","enum":["ABORTED","NOT_ALLOWED","NO_WEB_AUTHN","NOT_SUPPORTED","UNKNOWN"]},"message":{"maxLength":2000,"minLength":0,"type":"string","description":"A message describing the client failure."}}},"FidoAttestationPublicKeyCredentialData":{"required":["id","response","type"],"type":"object","properties":{"id":{"type":"string","description":"Base64url encoding of the newly created FIDO credential ID."},"type":{"type":"string","description":"Type of created FIDO credential.","enum":["public-key"]},"response":{"$ref":"#/components/schemas/FidoAuthenticatorAttestationData"}},"description":"Information about the created FIDO credential."},"FidoAuthenticatorAttestationData":{"required":["attestationObject","clientDataJSON"],"type":"object","properties":{"clientDataJSON":{"type":"string","description":"JSON-serialized client data passed to the authenticator by the user's web-browser or app in order to\ngenerate this credential. The exact JSON serialization must be preserved, as the hash of the serialized\nclient data has been computed over it. This attribute is NOT base64url encoded.\n"},"attestationObject":{"type":"string","description":"Base64url encoding of the attestation object returned by the FIDO authenticator. The attestation object contains\nboth authenticator data and an attestation statement. The former contains the AAGUID, a unique credential ID,\nand the credential public key. The contents of the attestation statement are determined by the attestation statement\nformat used by the authenticator. It also contains any additional information that the Relying Party's server\nrequires to validate the attestation statement, as well as to decode and validate the authenticator data along\nwith the JSON-serialized client data. Note that the attestation object is signed to prevent any tampering.\n"},"transports":{"uniqueItems":true,"type":"array","items":{"maxLength":50,"minLength":0,"pattern":"[a-zA-Z-]+","type":"string","description":"A set of preferred transports of the authenticator."}}},"description":"Authenticator's response to the previously retrieved challenge."},"FidoRegistrationAuthenticatorResponseRequest":{"required":["publicKeyCredential"],"type":"object","properties":{"publicKeyCredential":{"$ref":"#/components/schemas/FidoAttestationPublicKeyCredentialData"}}},"LocationInterpretationDataResourceDocument":{"type":"object","properties":{"data":{"$ref":"#/components/schemas/LocationInterpretationDataResourceObject"},"included":{"uniqueItems":true,"type":"array","description":"To reduce the number of HTTP requests, servers **MAY** allow responses that include related resources along with the requested primary resources. Such responses are called \"compound documents\".","items":{"$ref":"#/components/schemas/ResourceObjectBase"}},"jsonapi":{"$ref":"#/components/schemas/Jsonapi"},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"}}},"LocationInterpretationDataResourceObject":{"required":["id","type"],"type":"object","properties":{"attributes":{"$ref":"#/components/schemas/LocationInterpretationDataOverride"},"id":{"type":"string","description":"Identifies the instance of this resource; type and id together make a resource unique.\nWhile the server always returns a valid ID value, it MAY accept a client-generated ID in a request to create\na resource."},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"},"relationships":{"$ref":"#/components/schemas/Relationships"},"type":{"type":"string","description":"Identifies the type of this resource; type and id together make a resource unique.","enum":["location.interpretation"]}},"description":"An included resource to which the primary data refers."},"LocationInterpretationRequest":{"required":["location"],"type":"object","properties":{"location":{"maxLength":100000,"minLength":1,"type":"string","description":"The forward location URI to be interpreted."}}},"MatrixChallengeCheckRequest":{"required":["challengeResponse"],"type":"object","properties":{"challengeResponse":{"type":"object","additionalProperties":{"type":"string","description":"Map of the original challenge coordinate to the respective challenge response."},"description":"Map of the original challenge coordinate to the respective challenge response."}}},"MatrixChallengeData":{"required":["challenges"],"type":"object","properties":{"listId":{"type":"string","description":"The ID of the list being used (if available)."},"challenges":{"type":"array","description":"The challenge(s) containing the matrix coordinates or indexes.","items":{"type":"string"}}},"description":"Attributes of this resource."},"MatrixChallengeDataResourceDocument":{"type":"object","properties":{"data":{"$ref":"#/components/schemas/MatrixChallengeDataResourceObject"},"included":{"uniqueItems":true,"type":"array","description":"To reduce the number of HTTP requests, servers **MAY** allow responses that include related resources along with the requested primary resources. Such responses are called \"compound documents\".","items":{"$ref":"#/components/schemas/ResourceObjectBase"}},"jsonapi":{"$ref":"#/components/schemas/Jsonapi"},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"}}},"MatrixChallengeDataResourceObject":{"required":["id","type"],"type":"object","properties":{"attributes":{"$ref":"#/components/schemas/MatrixChallengeData"},"id":{"type":"string","description":"Identifies the instance of this resource; type and id together make a resource unique.\nWhile the server always returns a valid ID value, it MAY accept a client-generated ID in a request to create\na resource."},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"},"relationships":{"$ref":"#/components/schemas/Relationships"},"type":{"type":"string","description":"Identifies the type of this resource; type and id together make a resource unique.","enum":["authentication.matrix.challenge"]}},"description":"An included resource to which the primary data refers."},"MigrationSelectionOptionsData":{"type":"object","description":"Attributes of this resource."},"MigrationSelectionOptionsDataCollectionDocument":{"type":"object","properties":{"data":{"type":"array","items":{"$ref":"#/components/schemas/MigrationSelectionOptionsDataResourceObject"}},"included":{"uniqueItems":true,"type":"array","description":"To reduce the number of HTTP requests, servers **MAY** allow responses that include related resources along with the requested primary resources. Such responses are called \"compound documents\".","items":{"$ref":"#/components/schemas/ResourceObjectBase"}},"jsonapi":{"$ref":"#/components/schemas/Jsonapi"},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"}}},"MigrationSelectionOptionsDataResourceObject":{"required":["id","type"],"type":"object","properties":{"attributes":{"$ref":"#/components/schemas/MigrationSelectionOptionsData"},"id":{"type":"string","description":"The identifier of this option."},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"},"relationships":{"$ref":"#/components/schemas/Relationships"},"type":{"type":"string","description":"Identifies the type of this resource; type and id together make a resource unique.","enum":["authentication.migration.option"]}},"description":"A collection of included resources to which the primary data refers."},"AuthMtanTokenData":{"required":["number"],"type":"object","properties":{"label":{"type":"string","description":"Optional label of the phone number."},"number":{"type":"string","description":"The phone number with masked digits."},"defaultNumber":{"type":"boolean","description":"Indicates, whether this is the default number."}},"description":"Attributes of this resource."},"AuthMtanTokenDataCollectionDocument":{"type":"object","properties":{"data":{"type":"array","items":{"$ref":"#/components/schemas/AuthMtanTokenDataResourceObject"}},"included":{"uniqueItems":true,"type":"array","description":"To reduce the number of HTTP requests, servers **MAY** allow responses that include related resources along with the requested primary resources. Such responses are called \"compound documents\".","items":{"$ref":"#/components/schemas/ResourceObjectBase"}},"jsonapi":{"$ref":"#/components/schemas/Jsonapi"},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"}}},"AuthMtanTokenDataResourceObject":{"required":["id","type"],"type":"object","properties":{"attributes":{"$ref":"#/components/schemas/AuthMtanTokenData"},"id":{"type":"string","description":"The temporary id of this mTAN token. To be used in the follow-up call to select a token."},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"},"relationships":{"$ref":"#/components/schemas/Relationships"},"type":{"type":"string","description":"Identifies the type of this resource; type and id together make a resource unique.","enum":["authentication.mtan.token"]}},"description":"A collection of included resources to which the primary data refers."},"ResendMtanOtpPossibleData":{"required":["otpResendPossible"],"type":"object","properties":{"otpResendPossible":{"type":"boolean","description":"Indicates whether an OTP resend may be requested by the client. An OTP resend is not possible, if the maximum number of resends has already been exceeded."}},"description":"Attributes of this resource."},"ResendMtanOtpPossibleDataResourceDocument":{"type":"object","properties":{"data":{"$ref":"#/components/schemas/ResendMtanOtpPossibleDataResourceObject"},"included":{"uniqueItems":true,"type":"array","description":"To reduce the number of HTTP requests, servers **MAY** allow responses that include related resources along with the requested primary resources. Such responses are called \"compound documents\".","items":{"$ref":"#/components/schemas/ResourceObjectBase"}},"jsonapi":{"$ref":"#/components/schemas/Jsonapi"},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"}}},"ResendMtanOtpPossibleDataResourceObject":{"required":["id","type"],"type":"object","properties":{"attributes":{"$ref":"#/components/schemas/ResendMtanOtpPossibleData"},"id":{"type":"string","description":"Identifies the instance of this resource; type and id together make a resource unique.\nWhile the server always returns a valid ID value, it MAY accept a client-generated ID in a request to create\na resource."},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"},"relationships":{"$ref":"#/components/schemas/Relationships"},"type":{"type":"string","description":"Identifies the type of this resource; type and id together make a resource unique.","enum":["authentication.mtan.otp.resend.information"]}},"description":"An included resource to which the primary data refers."},"AuthenticationCheckIakRequest":{"required":["iak"],"type":"object","properties":{"iak":{"maxLength":500,"minLength":1,"type":"string","description":"The IAK to be verified."}}},"AuthenticationMtanRegistrationTokenInformationData":{"required":["number"],"type":"object","properties":{"number":{"$ref":"#/components/schemas/AuthenticationMtanRegistrationTokenNumberData"},"label":{"$ref":"#/components/schemas/AuthenticationMtanRegistrationTokenLabelData"}},"description":"Attributes of this resource."},"AuthenticationMtanRegistrationTokenInformationDataResourceDocument":{"type":"object","properties":{"data":{"$ref":"#/components/schemas/AuthenticationMtanRegistrationTokenInformationDataResourceObject"},"included":{"uniqueItems":true,"type":"array","description":"To reduce the number of HTTP requests, servers **MAY** allow responses that include related resources along with the requested primary resources. Such responses are called \"compound documents\".","items":{"$ref":"#/components/schemas/ResourceObjectBase"}},"jsonapi":{"$ref":"#/components/schemas/Jsonapi"},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"}}},"AuthenticationMtanRegistrationTokenInformationDataResourceObject":{"required":["id","type"],"type":"object","properties":{"attributes":{"$ref":"#/components/schemas/AuthenticationMtanRegistrationTokenInformationData"},"id":{"type":"string","description":"Identifies the instance of this resource; type and id together make a resource unique.\nWhile the server always returns a valid ID value, it MAY accept a client-generated ID in a request to create\na resource."},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"},"relationships":{"$ref":"#/components/schemas/Relationships"},"type":{"type":"string","description":"Identifies the type of this resource; type and id together make a resource unique.","enum":["authentication.mtan.token.information"]}},"description":"An included resource to which the primary data refers."},"AuthenticationMtanRegistrationTokenLabelData":{"required":["required"],"type":"object","properties":{"currentValue":{"type":"string","description":"The current value of the label."},"required":{"type":"boolean","description":"Whether label is required."}},"description":"Label information."},"AuthenticationMtanRegistrationTokenNumberData":{"type":"object","properties":{"currentValue":{"type":"string","description":"The current value of the number."}},"description":"Number information."},"MtanTokenRegistrationAuthRequest":{"required":["number"],"type":"object","properties":{"number":{"maxLength":50,"minLength":1,"type":"string","description":"The mTAN number to be registered."},"label":{"maxLength":200,"minLength":1,"type":"string","description":"The mTAN label to be edited. Depending on the configuration, this might be required, optional or expected to be absent."}}},"OAuth2AuthorizationUriData":{"type":"object","properties":{"authorizationRequestUri":{"type":"string","description":"URI on the OAuth2.0 Authorization Server the client needs to navigate to in order to complete the auth flow."}},"description":"Attributes of this resource."},"OAuth2AuthorizationUriDataResourceDocument":{"type":"object","properties":{"data":{"$ref":"#/components/schemas/OAuth2AuthorizationUriDataResourceObject"},"included":{"uniqueItems":true,"type":"array","description":"To reduce the number of HTTP requests, servers **MAY** allow responses that include related resources along with the requested primary resources. Such responses are called \"compound documents\".","items":{"$ref":"#/components/schemas/ResourceObjectBase"}},"jsonapi":{"$ref":"#/components/schemas/Jsonapi"},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"}}},"OAuth2AuthorizationUriDataResourceObject":{"required":["id","type"],"type":"object","properties":{"attributes":{"$ref":"#/components/schemas/OAuth2AuthorizationUriData"},"id":{"type":"string","description":"Identifies the instance of this resource; type and id together make a resource unique.\nWhile the server always returns a valid ID value, it MAY accept a client-generated ID in a request to create\na resource."},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"},"relationships":{"$ref":"#/components/schemas/Relationships"},"type":{"type":"string","description":"Identifies the type of this resource; type and id together make a resource unique.","enum":["authentication.oauth2.client.authorization-request-uri"]}},"description":"An included resource to which the primary data refers."},"AuthenticationOAuth2AuthorizationResponseQueryRequest":{"required":["queryString"],"type":"object","properties":{"queryString":{"maxLength":100000,"minLength":1,"type":"string","description":"The query string from the authorization response request."}}},"OAuth2CheckConsentRequest":{"required":["consentToken"],"type":"object","properties":{"consentToken":{"maxLength":100000,"minLength":1,"type":"string","description":"The consent token (JWT)."}}},"OAuth2LocalConsentGrantRequest":{"required":["scopes"],"type":"object","properties":{"scopes":{"uniqueItems":true,"type":"array","description":"Scopes to grant. Can be empty to allow access but not grant any scopes.","items":{"maxLength":1000,"minLength":1,"type":"string"}}}},"OAuth2LocalConsentAttributeData":{"required":["clientName","grantableScopes"],"type":"object","properties":{"clientName":{"type":"string","description":"The name of the client requesting the authorization."},"grantableScopes":{"type":"array","description":"The scopes that can be granted.","items":{"$ref":"#/components/schemas/ScopeAttributeData"}}},"description":"Attributes of this resource."},"OAuth2LocalConsentAttributeDataResourceDocument":{"type":"object","properties":{"data":{"$ref":"#/components/schemas/OAuth2LocalConsentAttributeDataResourceObject"},"included":{"uniqueItems":true,"type":"array","description":"To reduce the number of HTTP requests, servers **MAY** allow responses that include related resources along with the requested primary resources. Such responses are called \"compound documents\".","items":{"$ref":"#/components/schemas/ResourceObjectBase"}},"jsonapi":{"$ref":"#/components/schemas/Jsonapi"},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"}}},"OAuth2LocalConsentAttributeDataResourceObject":{"required":["id","type"],"type":"object","properties":{"attributes":{"$ref":"#/components/schemas/OAuth2LocalConsentAttributeData"},"id":{"type":"string","description":"Identifies the instance of this resource; type and id together make a resource unique.\nWhile the server always returns a valid ID value, it MAY accept a client-generated ID in a request to create\na resource."},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"},"relationships":{"$ref":"#/components/schemas/Relationships"},"type":{"type":"string","description":"Identifies the type of this resource; type and id together make a resource unique.","enum":["authentication.oauth2.consent.local"]}},"description":"An included resource to which the primary data refers."},"ScopeAttributeData":{"required":["scope"],"type":"object","properties":{"scope":{"type":"string","description":"The granted scope (technical name)."},"translatedScope":{"type":"string","description":"A human-readable version of this scope."},"granted":{"type":"boolean","description":"True if scope was granted in a previous consent."},"updatedAt":{"type":"string","description":"Timestamp of when the scope was granted or denied. If a scope was never granted or denied this field will not be set.","format":"date-time"}}},"OpenIdConnectSessionManagementUiConfigData":{"type":"object","properties":{"debug":{"type":"boolean"}},"description":"Attributes of this resource."},"OpenIdConnectSessionManagementUiConfigDataResourceDocument":{"type":"object","properties":{"data":{"$ref":"#/components/schemas/OpenIdConnectSessionManagementUiConfigDataResourceObject"},"included":{"uniqueItems":true,"type":"array","description":"To reduce the number of HTTP requests, servers **MAY** allow responses that include related resources along with the requested primary resources. Such responses are called \"compound documents\".","items":{"$ref":"#/components/schemas/ResourceObjectBase"}},"jsonapi":{"$ref":"#/components/schemas/Jsonapi"},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"}}},"OpenIdConnectSessionManagementUiConfigDataResourceObject":{"required":["id","type"],"type":"object","properties":{"attributes":{"$ref":"#/components/schemas/OpenIdConnectSessionManagementUiConfigData"},"id":{"type":"string","description":"Identifies the instance of this resource; type and id together make a resource unique.\nWhile the server always returns a valid ID value, it MAY accept a client-generated ID in a request to create\na resource."},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"},"relationships":{"$ref":"#/components/schemas/Relationships"},"type":{"type":"string","description":"Identifies the type of this resource; type and id together make a resource unique.","enum":["ui.authentication.oidc.session-management.config"]}},"description":"An included resource to which the primary data refers."},"PasswordCheckRequest":{"required":["password"],"type":"object","properties":{"password":{"maxLength":100000,"minLength":1,"type":"string"}}},"Saml2IdpAccessRequest":{"required":["requestId"],"type":"object","properties":{"requestId":{"maxLength":1000,"minLength":1,"type":"string","description":"Request ID for SP-initiated SSO."}}},"Saml2SpAccessRequest":{"required":["continuationId"],"type":"object","properties":{"continuationId":{"maxLength":100,"minLength":1,"type":"string","description":"Continuation ID for SP- or IdP-initiated SSO."}}},"SecretQuestionsProvisionRequest":{"required":["answers"],"type":"object","properties":{"answers":{"type":"object","additionalProperties":{"type":"string","description":"Provisions secret questions. A key in the map corresponds to a secret questions resource key and the mapped value corresponds to the secret question's answer."},"description":"Provisions secret questions. A key in the map corresponds to a secret questions resource key and the mapped value corresponds to the secret question's answer."}}},"SecretQuestionStatusData":{"required":["answerProvisioned"],"type":"object","properties":{"answerProvisioned":{"type":"boolean","description":"Indicates whether the user has answered this secret question."}},"description":"Attributes of this resource."},"SecretQuestionStatusDataCollectionDocument":{"type":"object","properties":{"data":{"type":"array","items":{"$ref":"#/components/schemas/SecretQuestionStatusDataResourceObject"}},"included":{"uniqueItems":true,"type":"array","description":"To reduce the number of HTTP requests, servers **MAY** allow responses that include related resources along with the requested primary resources. Such responses are called \"compound documents\".","items":{"$ref":"#/components/schemas/ResourceObjectBase"}},"jsonapi":{"$ref":"#/components/schemas/Jsonapi"},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"}}},"SecretQuestionStatusDataResourceObject":{"required":["id","type"],"type":"object","properties":{"attributes":{"$ref":"#/components/schemas/SecretQuestionStatusData"},"id":{"type":"string","description":"Secret question id and provisioning status"},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"},"relationships":{"$ref":"#/components/schemas/Relationships"},"type":{"type":"string","description":"Identifies the type of this resource; type and id together make a resource unique.","enum":["authentication.secret-question.status"]}},"description":"A collection of included resources to which the primary data refers."},"UserDataEditItemInfoAuthResponseAttributesData":{"type":"object","properties":{"currentValue":{"type":"object","description":"Current value of this item in the data edit step. If this item was not edited, the value returned corresponds to the persisted value. Maybe absent if no value is defined or is not yet available.","oneOf":[{"type":"object"},{"type":"string"},{"type":"number"},{"type":"boolean"},{"type":"integer","format":"int64"}]},"required":{"type":"boolean","description":"Whether a value for the item has to be edit in the current data edit step. May be absent for custom data items."},"itemType":{"type":"string","description":"The type of the item. May be absent for custom data items."},"inputPurpose":{"type":"string","description":"The input purpose to be rendered in the HTML attribute \"autocomplete\"."},"additionalValidations":{"type":"array","description":"Known additional validations that will be performed on the item. May be absent. Further validations may apply.","items":{"$ref":"#/components/schemas/UserDataItemValidationAuthDataOverride"}},"allowedValues":{"type":"array","description":"The optional list of allowed values the user can choose from.","items":{"type":"string"}}},"description":"Attributes of this resource."},"UserDataEditItemInfoAuthResponseAttributesDataCollectionDocument":{"type":"object","properties":{"data":{"type":"array","items":{"$ref":"#/components/schemas/UserDataEditItemInfoAuthResponseAttributesDataResourceObject"}},"included":{"uniqueItems":true,"type":"array","description":"To reduce the number of HTTP requests, servers **MAY** allow responses that include related resources along with the requested primary resources. Such responses are called \"compound documents\".","items":{"$ref":"#/components/schemas/ResourceObjectBase"}},"jsonapi":{"$ref":"#/components/schemas/Jsonapi"},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"}}},"UserDataEditItemInfoAuthResponseAttributesDataResourceObject":{"required":["id","type"],"type":"object","properties":{"attributes":{"$ref":"#/components/schemas/UserDataEditItemInfoAuthResponseAttributesData"},"id":{"type":"string","description":"The configured context-data name"},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"},"relationships":{"$ref":"#/components/schemas/Relationships"},"type":{"type":"string","description":"Identifies the type of this resource; type and id together make a resource unique.","enum":["authentication.data-edit-item-info"]}},"description":"A collection of included resources to which the primary data refers."},"UsernameCheckRequest":{"required":["username"],"type":"object","properties":{"username":{"maxLength":500,"minLength":1,"type":"string"}}},"AuthenticationUserIdentificationRequest":{"type":"object","properties":{"username":{"maxLength":500,"minLength":1,"type":"string","description":"A unique username identifying the user. Only one field (username or any userdata item) can be set, not both."},"data":{"maxProperties":500,"type":"object","additionalProperties":{"maxProperties":500,"type":"string","description":"Data items (e.g. email) belonging to the user, which are unique when combined and thus identify the user. Only one field (username or any userdata item) can be set, not both."},"description":"Data items (e.g. email) belonging to the user, which are unique when combined and thus identify the user. Only one field (username or any userdata item) can be set, not both."}}},"PasswordChangeRequest":{"required":["newPassword"],"type":"object","properties":{"oldPassword":{"maxLength":100000,"minLength":0,"type":"string","description":"The user's existing password. Depending on configuration, the old password is required."},"newPassword":{"maxLength":100000,"minLength":1,"type":"string","description":"The desired new password."}}},"UsernamePasswordCheckRequest":{"required":["password","username"],"type":"object","properties":{"username":{"maxLength":500,"minLength":1,"type":"string"},"password":{"maxLength":100000,"minLength":1,"type":"string"},"attributes":{"type":"object","additionalProperties":{"type":"string","description":"Optional set of attributes to be considered by this authentication step."},"description":"Optional set of attributes to be considered by this authentication step."}}},"AuthenticationSetPasswordRequest":{"required":["newPassword"],"type":"object","properties":{"newPassword":{"maxLength":100000,"minLength":1,"type":"string","description":"The new password."}}},"PublicSelfServiceFlowResultDataOverride":{"type":"object","properties":{"nextStep":{"type":"string","description":"Expected next step. See <a href=\"#nextPublicSelfServiceStepCodes\">table</a> for corresponding endpoints."}},"additionalProperties":{"nullable":true}},"PublicSelfServiceFlowResultDataResourceDocument":{"type":"object","properties":{"data":{"$ref":"#/components/schemas/PublicSelfServiceFlowResultDataResourceObject"},"included":{"uniqueItems":true,"type":"array","description":"To reduce the number of HTTP requests, servers **MAY** allow responses that include related resources along with the requested primary resources. Such responses are called \"compound documents\".","items":{"$ref":"#/components/schemas/ResourceObjectBase"}},"jsonapi":{"$ref":"#/components/schemas/Jsonapi"},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"}}},"PublicSelfServiceFlowResultDataResourceObject":{"required":["id","type"],"type":"object","properties":{"attributes":{"$ref":"#/components/schemas/PublicSelfServiceFlowResultDataOverride"},"id":{"type":"string","description":"Public self-service session identifier"},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"},"relationships":{"$ref":"#/components/schemas/Relationships"},"type":{"type":"string","description":"Identifies the type of this resource; type and id together make a resource unique.","enum":["public-self-service.session"]}},"description":"An included resource to which the primary data refers."},"PublicSelfServiceMatrixChallengeData":{"required":["challenges"],"type":"object","properties":{"listId":{"type":"string","description":"The ID of the list being used (if available)."},"challenges":{"type":"array","description":"The challenge(s) containing the matrix coordinates or indexes.","items":{"type":"string"}}},"description":"Attributes of this resource."},"PublicSelfServiceMatrixChallengeDataResourceDocument":{"type":"object","properties":{"data":{"$ref":"#/components/schemas/PublicSelfServiceMatrixChallengeDataResourceObject"},"included":{"uniqueItems":true,"type":"array","description":"To reduce the number of HTTP requests, servers **MAY** allow responses that include related resources along with the requested primary resources. Such responses are called \"compound documents\".","items":{"$ref":"#/components/schemas/ResourceObjectBase"}},"jsonapi":{"$ref":"#/components/schemas/Jsonapi"},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"}}},"PublicSelfServiceMatrixChallengeDataResourceObject":{"required":["id","type"],"type":"object","properties":{"attributes":{"$ref":"#/components/schemas/PublicSelfServiceMatrixChallengeData"},"id":{"type":"string","description":"Identifies the instance of this resource; type and id together make a resource unique.\nWhile the server always returns a valid ID value, it MAY accept a client-generated ID in a request to create\na resource."},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"},"relationships":{"$ref":"#/components/schemas/Relationships"},"type":{"type":"string","description":"Identifies the type of this resource; type and id together make a resource unique.","enum":["public-self-service.matrix.challenge"]}},"description":"An included resource to which the primary data refers."},"PublicSelfServiceAirlock2FADeviceData":{"required":["deviceType","displayName"],"type":"object","properties":{"displayName":{"type":"string","description":"A short string which can be used to identify the device in a prompt."},"deviceType":{"type":"string","description":"Type of the device.","enum":["ANDROID","IOS","HARDWARE"]}},"description":"Attributes of this resource."},"PublicSelfServiceAirlock2FADeviceDataCollectionDocument":{"type":"object","properties":{"data":{"type":"array","items":{"$ref":"#/components/schemas/PublicSelfServiceAirlock2FADeviceDataResourceObject"}},"included":{"uniqueItems":true,"type":"array","description":"To reduce the number of HTTP requests, servers **MAY** allow responses that include related resources along with the requested primary resources. Such responses are called \"compound documents\".","items":{"$ref":"#/components/schemas/ResourceObjectBase"}},"jsonapi":{"$ref":"#/components/schemas/Jsonapi"},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"}}},"PublicSelfServiceAirlock2FADeviceDataResourceObject":{"required":["id","type"],"type":"object","properties":{"attributes":{"$ref":"#/components/schemas/PublicSelfServiceAirlock2FADeviceData"},"id":{"type":"string","description":"The temporary id of this Airlock 2FA device. To be used in the follow-up call to select a device."},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"},"relationships":{"$ref":"#/components/schemas/Relationships"},"type":{"type":"string","description":"Identifies the type of this resource; type and id together make a resource unique.","enum":["public-self-service.airlock-2fa.device"]}},"description":"A collection of included resources to which the primary data refers."},"PublicSelfServiceAirlock2FAMobileOnlyChallengeData":{"required":["authUri"],"type":"object","properties":{"authUri":{"type":"string","description":"URI that contains the challenge to approve by the authenticating mobile app. In scenarios where the authentication is performed by a dedicated authentication app, such as the Airlock 2FA app, the URI can also be used to perform the switch from the initiating app to the authentication app."}},"description":"Attributes of this resource."},"PublicSelfServiceAirlock2FAMobileOnlyChallengeDataResourceDocument":{"type":"object","properties":{"data":{"$ref":"#/components/schemas/PublicSelfServiceAirlock2FAMobileOnlyChallengeDataResourceObject"},"included":{"uniqueItems":true,"type":"array","description":"To reduce the number of HTTP requests, servers **MAY** allow responses that include related resources along with the requested primary resources. Such responses are called \"compound documents\".","items":{"$ref":"#/components/schemas/ResourceObjectBase"}},"jsonapi":{"$ref":"#/components/schemas/Jsonapi"},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"}}},"PublicSelfServiceAirlock2FAMobileOnlyChallengeDataResourceObject":{"required":["id","type"],"type":"object","properties":{"attributes":{"$ref":"#/components/schemas/PublicSelfServiceAirlock2FAMobileOnlyChallengeData"},"id":{"type":"string","description":"Identifies the instance of this resource; type and id together make a resource unique.\nWhile the server always returns a valid ID value, it MAY accept a client-generated ID in a request to create\na resource."},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"},"relationships":{"$ref":"#/components/schemas/Relationships"},"type":{"type":"string","description":"Identifies the type of this resource; type and id together make a resource unique.","enum":["public-self-service.airlock-2fa.mobile-only.challenge"]}},"description":"An included resource to which the primary data refers."},"PublicSelfServiceAirlock2FAOfflineChallengeData":{"required":["challengeImage"],"type":"object","properties":{"challengeImage":{"type":"string","description":"Challenge image in format \"image/png\" encoded into a base64 string."}},"description":"Attributes of this resource."},"PublicSelfServiceAirlock2FAOfflineChallengeDataResourceDocument":{"type":"object","properties":{"data":{"$ref":"#/components/schemas/PublicSelfServiceAirlock2FAOfflineChallengeDataResourceObject"},"included":{"uniqueItems":true,"type":"array","description":"To reduce the number of HTTP requests, servers **MAY** allow responses that include related resources along with the requested primary resources. Such responses are called \"compound documents\".","items":{"$ref":"#/components/schemas/ResourceObjectBase"}},"jsonapi":{"$ref":"#/components/schemas/Jsonapi"},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"}}},"PublicSelfServiceAirlock2FAOfflineChallengeDataResourceObject":{"required":["id","type"],"type":"object","properties":{"attributes":{"$ref":"#/components/schemas/PublicSelfServiceAirlock2FAOfflineChallengeData"},"id":{"type":"string","description":"Identifies the instance of this resource; type and id together make a resource unique.\nWhile the server always returns a valid ID value, it MAY accept a client-generated ID in a request to create\na resource."},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"},"relationships":{"$ref":"#/components/schemas/Relationships"},"type":{"type":"string","description":"Identifies the type of this resource; type and id together make a resource unique.","enum":["public-self-service.airlock-2fa.challenge"]}},"description":"An included resource to which the primary data refers."},"CrontoPushDeviceData":{"required":["id"],"type":"object","properties":{"id":{"type":"string","description":"The device ID."},"label":{"type":"string","description":"Optional label of the push device."},"platform":{"type":"string","description":"The device platform. One of 'IOS' or 'ANDROID'."}}},"PublicSelfServiceCrontoChallengeData":{"required":["challengeImage","onlineValidation","pushed","secureChannelChallenge"],"type":"object","properties":{"challengeImage":{"type":"string","description":"Challenge image (cryptogram) in format \"image/png\" encoded into a base64 string."},"secureChannelChallenge":{"type":"string","description":"The secure channel challenge (for use in app-to-app scenarios)."},"onlineValidation":{"type":"boolean","description":"Indicates whether \"online validation\" is available (if true, the Cronto app can directly send the OTP to the server)."},"pushed":{"type":"boolean","description":"Indicates whether the challenge has been pushed directly to the device / Cronto app."},"pushDevices":{"type":"array","description":"Contains information about the device if the challenge has been pushed.","items":{"$ref":"#/components/schemas/CrontoPushDeviceData"}}},"description":"Attributes of this resource."},"PublicSelfServiceCrontoChallengeDataResourceDocument":{"type":"object","properties":{"data":{"$ref":"#/components/schemas/PublicSelfServiceCrontoChallengeDataResourceObject"},"included":{"uniqueItems":true,"type":"array","description":"To reduce the number of HTTP requests, servers **MAY** allow responses that include related resources along with the requested primary resources. Such responses are called \"compound documents\".","items":{"$ref":"#/components/schemas/ResourceObjectBase"}},"jsonapi":{"$ref":"#/components/schemas/Jsonapi"},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"}}},"PublicSelfServiceCrontoChallengeDataResourceObject":{"required":["id","type"],"type":"object","properties":{"attributes":{"$ref":"#/components/schemas/PublicSelfServiceCrontoChallengeData"},"id":{"type":"string","description":"Identifies the instance of this resource; type and id together make a resource unique.\nWhile the server always returns a valid ID value, it MAY accept a client-generated ID in a request to create\na resource."},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"},"relationships":{"$ref":"#/components/schemas/Relationships"},"type":{"type":"string","description":"Identifies the type of this resource; type and id together make a resource unique.","enum":["public-self-service.approval.cronto.challenge"]}},"description":"An included resource to which the primary data refers."},"PublicSelfServiceCrontoPushDeviceData":{"required":["defaultDevice","label"],"type":"object","properties":{"label":{"type":"string","description":"Label of the push device."},"defaultDevice":{"type":"boolean","description":"Indicates, whether this is the default device."}},"description":"Attributes of this resource."},"PublicSelfServiceCrontoPushDeviceDataCollectionDocument":{"type":"object","properties":{"data":{"type":"array","items":{"$ref":"#/components/schemas/PublicSelfServiceCrontoPushDeviceDataResourceObject"}},"included":{"uniqueItems":true,"type":"array","description":"To reduce the number of HTTP requests, servers **MAY** allow responses that include related resources along with the requested primary resources. Such responses are called \"compound documents\".","items":{"$ref":"#/components/schemas/ResourceObjectBase"}},"jsonapi":{"$ref":"#/components/schemas/Jsonapi"},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"}}},"PublicSelfServiceCrontoPushDeviceDataResourceObject":{"required":["id","type"],"type":"object","properties":{"attributes":{"$ref":"#/components/schemas/PublicSelfServiceCrontoPushDeviceData"},"id":{"type":"string","description":"The temporary id of this Cronto push device. To be used in the follow-up call to select a device."},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"},"relationships":{"$ref":"#/components/schemas/Relationships"},"type":{"type":"string","description":"Identifies the type of this resource; type and id together make a resource unique.","enum":["public-self-service.approval.cronto.push-device"]}},"description":"A collection of included resources to which the primary data refers."},"PublicSelfServiceDeviceTokenChallengeData":{"required":["challenge","validTo"],"type":"object","properties":{"challenge":{"type":"string","description":"Alphanumeric challenge string."},"validTo":{"type":"string","description":"The challenge can be verified up to this point in time, it will no longer be accepted afterwards.","format":"date-time"}},"description":"Attributes of this resource."},"PublicSelfServiceDeviceTokenChallengeDataResourceDocument":{"type":"object","properties":{"data":{"$ref":"#/components/schemas/PublicSelfServiceDeviceTokenChallengeDataResourceObject"},"included":{"uniqueItems":true,"type":"array","description":"To reduce the number of HTTP requests, servers **MAY** allow responses that include related resources along with the requested primary resources. Such responses are called \"compound documents\".","items":{"$ref":"#/components/schemas/ResourceObjectBase"}},"jsonapi":{"$ref":"#/components/schemas/Jsonapi"},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"}}},"PublicSelfServiceDeviceTokenChallengeDataResourceObject":{"required":["id","type"],"type":"object","properties":{"attributes":{"$ref":"#/components/schemas/PublicSelfServiceDeviceTokenChallengeData"},"id":{"type":"string","description":"Identifies the instance of this resource; type and id together make a resource unique.\nWhile the server always returns a valid ID value, it MAY accept a client-generated ID in a request to create\na resource."},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"},"relationships":{"$ref":"#/components/schemas/Relationships"},"type":{"type":"string","description":"Identifies the type of this resource; type and id together make a resource unique.","enum":["public-self-service.device-token.challenge"]}},"description":"An included resource to which the primary data refers."},"PublicSelfServiceDynamicStepActivationData":{"type":"object","properties":{"activatable":{"type":"boolean","description":"Whether this step is activatable from the current step."},"deactivatable":{"type":"boolean","description":"Whether this step is deactivatable from the current step."},"activated":{"type":"boolean","description":"Whether this step is currently activated."}},"description":"Attributes of this resource."},"PublicSelfServiceDynamicStepActivationDataCollectionDocument":{"type":"object","properties":{"data":{"type":"array","items":{"$ref":"#/components/schemas/PublicSelfServiceDynamicStepActivationDataResourceObject"}},"included":{"uniqueItems":true,"type":"array","description":"To reduce the number of HTTP requests, servers **MAY** allow responses that include related resources along with the requested primary resources. Such responses are called \"compound documents\".","items":{"$ref":"#/components/schemas/ResourceObjectBase"}},"jsonapi":{"$ref":"#/components/schemas/Jsonapi"},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"}}},"PublicSelfServiceDynamicStepActivationDataResourceObject":{"required":["id","type"],"type":"object","properties":{"attributes":{"$ref":"#/components/schemas/PublicSelfServiceDynamicStepActivationData"},"id":{"type":"string","description":"The target step ID."},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"},"relationships":{"$ref":"#/components/schemas/Relationships"},"type":{"type":"string","description":"Identifies the type of this resource; type and id together make a resource unique.","enum":["public-self-service.dynamic-step"]}},"description":"A collection of included resources to which the primary data refers."},"PublicSelfServiceFidoApprovalChallengeData":{"required":["publicKeyCredentialRequestOptions"],"type":"object","properties":{"publicKeyCredentialRequestOptions":{"$ref":"#/components/schemas/FidoPublicKeyCredentialRequestOptionsData"}},"description":"Attributes of this resource."},"PublicSelfServiceFidoApprovalChallengeDataResourceDocument":{"type":"object","properties":{"data":{"$ref":"#/components/schemas/PublicSelfServiceFidoApprovalChallengeDataResourceObject"},"included":{"uniqueItems":true,"type":"array","description":"To reduce the number of HTTP requests, servers **MAY** allow responses that include related resources along with the requested primary resources. Such responses are called \"compound documents\".","items":{"$ref":"#/components/schemas/ResourceObjectBase"}},"jsonapi":{"$ref":"#/components/schemas/Jsonapi"},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"}}},"PublicSelfServiceFidoApprovalChallengeDataResourceObject":{"required":["id","type"],"type":"object","properties":{"attributes":{"$ref":"#/components/schemas/PublicSelfServiceFidoApprovalChallengeData"},"id":{"type":"string","description":"Public self-service session identifier"},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"},"relationships":{"$ref":"#/components/schemas/Relationships"},"type":{"type":"string","description":"Identifies the type of this resource; type and id together make a resource unique.","enum":["public-self-service.fido.challenge"]}},"description":"An included resource to which the primary data refers."},"PublicSelfServiceGotoTargetAttributesData":{"type":"object","properties":{"treatedAsFailure":{"type":"boolean","description":"Whether an interactive goto to this target is treated as a failure (e.g. failed attempt counters are increased if applicable)."}},"description":"Attributes of this resource."},"PublicSelfServiceGotoTargetAttributesDataCollectionDocument":{"type":"object","properties":{"data":{"type":"array","items":{"$ref":"#/components/schemas/PublicSelfServiceGotoTargetAttributesDataResourceObject"}},"included":{"uniqueItems":true,"type":"array","description":"To reduce the number of HTTP requests, servers **MAY** allow responses that include related resources along with the requested primary resources. Such responses are called \"compound documents\".","items":{"$ref":"#/components/schemas/ResourceObjectBase"}},"jsonapi":{"$ref":"#/components/schemas/Jsonapi"},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"}}},"PublicSelfServiceGotoTargetAttributesDataResourceObject":{"required":["id","type"],"type":"object","properties":{"attributes":{"$ref":"#/components/schemas/PublicSelfServiceGotoTargetAttributesData"},"id":{"type":"string","description":"The step ID."},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"},"relationships":{"$ref":"#/components/schemas/Relationships"},"type":{"type":"string","description":"Identifies the type of this resource; type and id together make a resource unique.","enum":["public-self-service.goto-target"]}},"description":"A collection of included resources to which the primary data refers."},"PublicSelfServiceSelectionOptionData":{"type":"object","properties":{"lastSelected":{"type":"boolean","description":"Flag indicating whether this selection was last selected. This flag is only sent if true."}},"description":"Attributes of this resource."},"PublicSelfServiceSelectionOptionDataCollectionDocument":{"type":"object","properties":{"data":{"type":"array","items":{"$ref":"#/components/schemas/PublicSelfServiceSelectionOptionDataResourceObject"}},"included":{"uniqueItems":true,"type":"array","description":"To reduce the number of HTTP requests, servers **MAY** allow responses that include related resources along with the requested primary resources. Such responses are called \"compound documents\".","items":{"$ref":"#/components/schemas/ResourceObjectBase"}},"jsonapi":{"$ref":"#/components/schemas/Jsonapi"},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"}}},"PublicSelfServiceSelectionOptionDataResourceObject":{"required":["id","type"],"type":"object","properties":{"attributes":{"$ref":"#/components/schemas/PublicSelfServiceSelectionOptionData"},"id":{"type":"string","description":"The identifier of this option."},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"},"relationships":{"$ref":"#/components/schemas/Relationships"},"type":{"type":"string","description":"Identifies the type of this resource; type and id together make a resource unique.","enum":["public-self-service.selection.option"]}},"description":"A collection of included resources to which the primary data refers."},"PublicSelfServiceMtanTokenData":{"required":["number"],"type":"object","properties":{"label":{"type":"string","description":"Optional label of the phone number."},"number":{"type":"string","description":"The phone number with masked digits."},"defaultNumber":{"type":"boolean","description":"Indicates, whether this is the default number."}},"description":"Attributes of this resource."},"PublicSelfServiceMtanTokenDataCollectionDocument":{"type":"object","properties":{"data":{"type":"array","items":{"$ref":"#/components/schemas/PublicSelfServiceMtanTokenDataResourceObject"}},"included":{"uniqueItems":true,"type":"array","description":"To reduce the number of HTTP requests, servers **MAY** allow responses that include related resources along with the requested primary resources. Such responses are called \"compound documents\".","items":{"$ref":"#/components/schemas/ResourceObjectBase"}},"jsonapi":{"$ref":"#/components/schemas/Jsonapi"},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"}}},"PublicSelfServiceMtanTokenDataResourceObject":{"required":["id","type"],"type":"object","properties":{"attributes":{"$ref":"#/components/schemas/PublicSelfServiceMtanTokenData"},"id":{"type":"string","description":"The temporary id of this mTAN token. To be used in the follow-up call to select a token."},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"},"relationships":{"$ref":"#/components/schemas/Relationships"},"type":{"type":"string","description":"Identifies the type of this resource; type and id together make a resource unique.","enum":["public-self-service.approval.mtan.token"]}},"description":"A collection of included resources to which the primary data refers."},"PublicSelfServiceResendMtanOtpPossibleData":{"required":["otpResendPossible"],"type":"object","properties":{"otpResendPossible":{"type":"boolean","description":"Indicates whether an OTP resend may be requested by the client. An OTP resend is not possible, if the maximum amount of resends has already been exceeded."}},"description":"Attributes of this resource."},"PublicSelfServiceResendMtanOtpPossibleDataResourceDocument":{"type":"object","properties":{"data":{"$ref":"#/components/schemas/PublicSelfServiceResendMtanOtpPossibleDataResourceObject"},"included":{"uniqueItems":true,"type":"array","description":"To reduce the number of HTTP requests, servers **MAY** allow responses that include related resources along with the requested primary resources. Such responses are called \"compound documents\".","items":{"$ref":"#/components/schemas/ResourceObjectBase"}},"jsonapi":{"$ref":"#/components/schemas/Jsonapi"},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"}}},"PublicSelfServiceResendMtanOtpPossibleDataResourceObject":{"required":["id","type"],"type":"object","properties":{"attributes":{"$ref":"#/components/schemas/PublicSelfServiceResendMtanOtpPossibleData"},"id":{"type":"string","description":"Identifies the instance of this resource; type and id together make a resource unique.\nWhile the server always returns a valid ID value, it MAY accept a client-generated ID in a request to create\na resource."},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"},"relationships":{"$ref":"#/components/schemas/Relationships"},"type":{"type":"string","description":"Identifies the type of this resource; type and id together make a resource unique.","enum":["public-self-service.approval.mtan.otp.resend.information"]}},"description":"An included resource to which the primary data refers."},"PublicSelfServiceSecretQuestionsChallengeData":{"required":["questions"],"type":"object","properties":{"questions":{"type":"array","description":"List of resource keys of secret questions.","items":{"type":"string"}}},"description":"Attributes of this resource."},"PublicSelfServiceSecretQuestionsChallengeDataResourceDocument":{"type":"object","properties":{"data":{"$ref":"#/components/schemas/PublicSelfServiceSecretQuestionsChallengeDataResourceObject"},"included":{"uniqueItems":true,"type":"array","description":"To reduce the number of HTTP requests, servers **MAY** allow responses that include related resources along with the requested primary resources. Such responses are called \"compound documents\".","items":{"$ref":"#/components/schemas/ResourceObjectBase"}},"jsonapi":{"$ref":"#/components/schemas/Jsonapi"},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"}}},"PublicSelfServiceSecretQuestionsChallengeDataResourceObject":{"required":["id","type"],"type":"object","properties":{"attributes":{"$ref":"#/components/schemas/PublicSelfServiceSecretQuestionsChallengeData"},"id":{"type":"string","description":"Public self-service session identifier"},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"},"relationships":{"$ref":"#/components/schemas/Relationships"},"type":{"type":"string","description":"Identifies the type of this resource; type and id together make a resource unique.","enum":["public-self-service.secret-questions.challenge"]}},"description":"An included resource to which the primary data refers."},"SecretQuestionsVerificationRequest":{"required":["answers"],"type":"object","properties":{"answers":{"type":"object","additionalProperties":{"type":"string","description":"The answers to be verified."},"description":"The answers to be verified."}}},"SetPasswordRequest":{"required":["newPassword"],"type":"object","properties":{"newPassword":{"maxLength":100000,"minLength":1,"type":"string"}}},"UserIdentificationRequest":{"type":"object","properties":{"username":{"maxLength":500,"minLength":1,"type":"string","description":"A unique username identifying the user. Only one field (username or any userdata item) can be set, not both."},"data":{"maxProperties":500,"type":"object","additionalProperties":{"maxProperties":500,"type":"string","description":"Data items (e.g. email) belonging to the user, which are unique when combined and thus identify the user. Only one field (username or any userdata item) can be set, not both."},"description":"Data items (e.g. email) belonging to the user, which are unique when combined and thus identify the user. Only one field (username or any userdata item) can be set, not both."}}},"IdentifyUserRequest":{"required":["username"],"type":"object","properties":{"username":{"maxLength":500,"minLength":1,"type":"string"}}},"TechClientRegFlowResultDataOverride":{"type":"object","properties":{"nextStep":{"type":"string","description":"Expected next step. See <a href=\"#nextTechClientRegStepCodes\">table</a> for corresponding endpoints."}},"additionalProperties":{"nullable":true}},"OAuth2ClientRegistrationDataOverride":{"required":["client_id"],"type":"object","properties":{"tech_client_id":{"type":"string","description":"The technical identifier of the registered client. This ID is different from the client ID and is not part of the RFC. This identifier can be used to edit the tech client via Adminapp REST API."},"client_id":{"type":"string","description":"The client ID generated by the authorization server."},"client_secret":{"type":"string","description":"The client secret generated by the authorization server."},"client_secret_expires_at":{"type":"integer","description":"Time at which the client secret expires. Defined as seconds since epoch. Always defined if the client_secret is defined. 0 if the client secret never expires.","format":"int64"},"client_id_issued_at":{"type":"integer","description":"Time at which the client id was issued. Defined as seconds since epoch.","format":"int64"},"redirect_uris":{"type":"array","description":"Redirection URI strings for use in redirect-based flows such as the authorization code and implicit flows.","items":{"type":"string"}},"token_endpoint_auth_method":{"type":"string","description":"Authentication method for the token endpoint."},"grant_types":{"type":"array","description":"OAuth 2.0 grant type strings to be used at the token endpoint.","items":{"type":"string"}},"response_types":{"type":"array","description":"OAuth 2.0 response type strings to be used at the authorization endpoint.","items":{"type":"string"}},"client_name":{"type":"string","description":"Human-readable name of the client to be presented to the end-user during authorization. This value may be internationalized as described in section 2.2 of <a href=\"https://tools.ietf.org/html/rfc7591#section-2.2\">RFC 7591</a>."},"client_uri":{"type":"string","description":"URL of a web page providing information about the client. Must point to a valid web page. This value may be internationalized as described in section 2.2 of <a href=\"https://tools.ietf.org/html/rfc7591#section-2.2\">RFC 7591</a>."},"logo_uri":{"type":"string","description":"URL that references a logo for the client. Must point to a valid image file. This value may be internationalized as described in section 2.2 of <a href=\"https://tools.ietf.org/html/rfc7591#section-2.2\">RFC 7591</a>."},"scope":{"type":"string","description":"Space-separated list of scope values that the client can use when requesting access token."},"contacts":{"type":"array","description":"Strings representing ways to contact people responsible for this client, typically email addresses.","items":{"type":"string"}},"tos_uri":{"type":"string","description":"URL pointing to a human-readable terms of service document for the client."},"policy_uri":{"type":"string","description":"URL pointing to a human-readable privacy policy document."},"jwks_uri":{"type":"string","description":"URL referencing the client's JSON Web Key (JWK) Set <a href=\"https://tools.ietf.org/html/rfc7517\">RFC 7517</a> document, which contains the client's public keys. Must point to a valid JWK Set document."},"jwks":{"$ref":"#/components/schemas/JwkSetDataOverride"},"software_id":{"type":"string","description":"Unique identifier assigned by the client developer or software publisher."},"software_version":{"type":"string","description":"A version identifier for the client software."}},"additionalProperties":{"nullable":true}},"OAuth2ClientRegistrationRequestDataOverride":{"type":"object","properties":{"software_statement":{"type":"string","description":"Signed JWT containing client metadata values about the client software as claims. Client metadata conveyed in the software statement take precedence over those conveyed using plain JSON element."},"redirect_uris":{"type":"array","description":"Redirection URI strings for use in redirect-based flows such as the authorization code and implicit flows. Clients using flows with redirection must register their redirection URI values.","items":{"type":"string"}},"token_endpoint_auth_method":{"type":"string","description":"Requested authentication method for the token endpoint. Allowed values: <tt>none</tt>, <tt>client_secret_post</tt>, <tt>client_secret_basic</tt> If omitted the default is <tt>client_secret_basic</tt>."},"grant_types":{"type":"array","description":"OAuth 2.0 grant type strings to be used at the token endpoint. <ul> <li>authorization_code</li> <li>implicit</li> <li>password</li> <li>client_credentials</li> <li>refresh_token</li> <li>urn:ietf:params:oauth:grant-type:jwt-bearer</li> <li>urn:ietf:params:oauth:grant-type:saml2-bearer</li> </ul> If omitted, the default is <tt>authorization_code</tt>.","items":{"type":"string"}},"response_types":{"type":"array","description":"OAuth 2.0 response type strings to be used at the authorization endpoint. Allowed values: <tt>code</tt>, <tt>token</tt>","items":{"type":"string"}},"client_name":{"type":"string","description":"Human-readable name of the client to be presented to the end-user during authorization. This value may be internationalized as described in section 2.2 of <a href=\"https://tools.ietf.org/html/rfc7591#section-2.2\">RFC 7591</a>."},"client_uri":{"type":"string","description":"URL of a web page providing information about the client. Must point to a valid web page. This value may be internationalized as described in section 2.2 of <a href=\"https://tools.ietf.org/html/rfc7591#section-2.2\">RFC 7591</a>."},"logo_uri":{"type":"string","description":"URL that references a logo for the client. Must point to a valid image file. This value may be internationalized as described in section 2.2 of <a href=\"https://tools.ietf.org/html/rfc7591#section-2.2\">RFC 7591</a>."},"scope":{"type":"string","description":"Space-separated list of scope values that the client can use when requesting access token."},"contacts":{"type":"array","description":"Strings representing ways to contact people responsible for this client, typically email addresses.","items":{"type":"string"}},"tos_uri":{"type":"string","description":"URL pointing to a human-readable terms of service document for the client. It describes a contractual relationship between the end-user and the client that the end-user accepts when authorizing the client."},"policy_uri":{"type":"string","description":"URL pointing to a human-readable privacy policy document. It describes how the deployment organization collects, uses, retains, and discloses personal data. This value may be internationalized as described in section 2.2 of <a href=\"https://tools.ietf.org/html/rfc7591#section-2.2\">RFC 7591</a>."},"jwks_uri":{"type":"string","description":"URL referencing the client's JSON Web Key (JWK) Set <a href=\"https://tools.ietf.org/html/rfc7517\">RFC 7517</a> document, which contains the client's public keys. Must point to a valid JWK Set document."},"jwks":{"$ref":"#/components/schemas/JwkSetDataOverride"},"software_id":{"type":"string","description":"Unique identifier assigned by the client developer or software publisher. Used by registration endpoints to identify the client software to be dynamically registered."},"software_version":{"type":"string","description":"A version identifier for the client software."}},"additionalProperties":{"nullable":true}},"JwkSetDataOverride":{"type":"object","properties":{"keys":{"type":"array","items":{"$ref":"#/components/schemas/JwkDataOverride"}}},"description":"Set of JWKs as defined in <a href=\"https://tools.ietf.org/html/rfc7517\">RFC 7517</a>"},"JwkDataOverride":{"type":"object","additionalProperties":{"nullable":true}},"OAuth2ClientRegistrationData":{"$ref":"#/components/schemas/OAuth2ClientRegistrationDataOverride"},"OAuth2ClientRegistrationErrorResponseData":{"required":["error"],"type":"object","properties":{"error":{"type":"string"},"error_description":{"type":"string"}}},"OAuth2ClientRegistrationRequestContainer":{"type":"object","properties":{"registrationData":{"$ref":"#/components/schemas/OAuth2ClientRegistrationRequestDataOverride"}}},"TechClientRegFlowResultDataResourceDocument":{"type":"object","properties":{"data":{"$ref":"#/components/schemas/TechClientRegFlowResultDataResourceObject"},"included":{"uniqueItems":true,"type":"array","description":"To reduce the number of HTTP requests, servers **MAY** allow responses that include related resources along with the requested primary resources. Such responses are called \"compound documents\".","items":{"$ref":"#/components/schemas/ResourceObjectBase"}},"jsonapi":{"$ref":"#/components/schemas/Jsonapi"},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"}}},"TechClientRegFlowResultDataResourceObject":{"required":["id","type"],"type":"object","properties":{"attributes":{"$ref":"#/components/schemas/TechClientRegFlowResultDataOverride"},"id":{"type":"string","description":"Technical client registration session identifier"},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"},"relationships":{"$ref":"#/components/schemas/Relationships"},"type":{"type":"string","description":"Identifies the type of this resource; type and id together make a resource unique.","enum":["technical-client-registration.session"]}},"description":"An included resource to which the primary data refers."},"TechClientRegDynamicStepActivationData":{"type":"object","properties":{"activatable":{"type":"boolean","description":"Whether this step is activatable from the current step."},"deactivatable":{"type":"boolean","description":"Whether this step is deactivatable from the current step."},"activated":{"type":"boolean","description":"Whether this step is currently activated."}},"description":"Attributes of this resource."},"TechClientRegDynamicStepActivationDataCollectionDocument":{"type":"object","properties":{"data":{"type":"array","items":{"$ref":"#/components/schemas/TechClientRegDynamicStepActivationDataResourceObject"}},"included":{"uniqueItems":true,"type":"array","description":"To reduce the number of HTTP requests, servers **MAY** allow responses that include related resources along with the requested primary resources. Such responses are called \"compound documents\".","items":{"$ref":"#/components/schemas/ResourceObjectBase"}},"jsonapi":{"$ref":"#/components/schemas/Jsonapi"},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"}}},"TechClientRegDynamicStepActivationDataResourceObject":{"required":["id","type"],"type":"object","properties":{"attributes":{"$ref":"#/components/schemas/TechClientRegDynamicStepActivationData"},"id":{"type":"string","description":"The target step ID."},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"},"relationships":{"$ref":"#/components/schemas/Relationships"},"type":{"type":"string","description":"Identifies the type of this resource; type and id together make a resource unique.","enum":["technical-client-registration.dynamic-step"]}},"description":"A collection of included resources to which the primary data refers."},"TechClientRegGotoTargetAttributesData":{"type":"object","properties":{"treatedAsFailure":{"type":"boolean","description":"Whether an interactive goto to this target is treated as a failure (e.g. failed attempt counters are increased if applicable)."}},"description":"Attributes of this resource."},"TechClientRegGotoTargetAttributesDataCollectionDocument":{"type":"object","properties":{"data":{"type":"array","items":{"$ref":"#/components/schemas/TechClientRegGotoTargetAttributesDataResourceObject"}},"included":{"uniqueItems":true,"type":"array","description":"To reduce the number of HTTP requests, servers **MAY** allow responses that include related resources along with the requested primary resources. Such responses are called \"compound documents\".","items":{"$ref":"#/components/schemas/ResourceObjectBase"}},"jsonapi":{"$ref":"#/components/schemas/Jsonapi"},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"}}},"TechClientRegGotoTargetAttributesDataResourceObject":{"required":["id","type"],"type":"object","properties":{"attributes":{"$ref":"#/components/schemas/TechClientRegGotoTargetAttributesData"},"id":{"type":"string","description":"The step ID."},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"},"relationships":{"$ref":"#/components/schemas/Relationships"},"type":{"type":"string","description":"Identifies the type of this resource; type and id together make a resource unique.","enum":["technical-client-registration.goto-target"]}},"description":"A collection of included resources to which the primary data refers."},"UserDataOverride":{"type":"object","properties":{"latestSuccessfulAuthentication":{"type":"string","description":"The timestamp of the latest successful authentication.","format":"date-time"},"secondLatestSuccessfulAuthentication":{"type":"string","description":"The timestamp of the second latest authentication.","format":"date-time"},"contextData":{"type":"object","additionalProperties":{"nullable":true},"description":"Additional configurable context data."}},"description":"Attributes of this resource."},"Metadata":{"$ref":"#/components/schemas/Meta"},"SecretQuestionData":{"type":"object","description":"Attributes of this resource."},"SecretQuestionDataCollectionDocument":{"type":"object","properties":{"data":{"type":"array","items":{"$ref":"#/components/schemas/SecretQuestionDataResourceObject"}},"included":{"uniqueItems":true,"type":"array","description":"To reduce the number of HTTP requests, servers **MAY** allow responses that include related resources along with the requested primary resources. Such responses are called \"compound documents\".","items":{"$ref":"#/components/schemas/ResourceObjectBase"}},"jsonapi":{"$ref":"#/components/schemas/Jsonapi"},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"}}},"SecretQuestionDataResourceObject":{"required":["id","type"],"type":"object","properties":{"attributes":{"$ref":"#/components/schemas/SecretQuestionData"},"id":{"type":"string","description":"Identifies the instance of this resource; type and id together make a resource unique.\nWhile the server always returns a valid ID value, it MAY accept a client-generated ID in a request to create\na resource."},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"},"relationships":{"$ref":"#/components/schemas/Relationships"},"type":{"type":"string","description":"Identifies the type of this resource; type and id together make a resource unique.","enum":["secret-question"]}},"description":"A collection of included resources to which the primary data refers."},"MyCrontoDeviceActivationCompletedData":{"required":["activationDate","displayId","label","platformType"],"type":"object","properties":{"displayId":{"type":"string","description":"The device ID to be displayed."},"label":{"type":"string","description":"The custom label assigned to this device."},"activationDate":{"type":"string","description":"Timestamp indicating when the device has been activated.","format":"date-time"},"firstUsageDate":{"type":"string","description":"Timestamp of the first time this device was used.","format":"date-time"},"lastUsageDate":{"type":"string","description":"Timestamp of the most recent time this device was used.","format":"date-time"},"enabled":{"type":"boolean","description":"If this device is currently enabled."},"pushNotificationState":{"$ref":"#/components/schemas/MyCrontoDevicePushNotificationState"},"platformType":{"type":"string","description":"The platform type of this device, which can be 'device', 'ios', 'android', 'windows', 'blackberry', 'rooted-ios' or 'rooted-android'."}},"description":"Attributes of this resource."},"MyCrontoDeviceActivationCompletedDataResourceDocument":{"type":"object","properties":{"data":{"$ref":"#/components/schemas/MyCrontoDeviceActivationCompletedDataResourceObject"},"included":{"uniqueItems":true,"type":"array","description":"To reduce the number of HTTP requests, servers **MAY** allow responses that include related resources along with the requested primary resources. Such responses are called \"compound documents\".","items":{"$ref":"#/components/schemas/ResourceObjectBase"}},"jsonapi":{"$ref":"#/components/schemas/Jsonapi"},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"}}},"MyCrontoDeviceActivationCompletedDataResourceObject":{"required":["id","type"],"type":"object","properties":{"attributes":{"$ref":"#/components/schemas/MyCrontoDeviceActivationCompletedData"},"id":{"type":"string","description":"Identifies the instance of this resource; type and id together make a resource unique.\nWhile the server always returns a valid ID value, it MAY accept a client-generated ID in a request to create\na resource."},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"},"relationships":{"$ref":"#/components/schemas/Relationships"},"type":{"type":"string","description":"Identifies the type of this resource; type and id together make a resource unique.","enum":["my.token.cronto.device.activation-completed"]}},"description":"An included resource to which the primary data refers."},"MyCrontoDevicePushNotificationState":{"required":["status"],"type":"object","properties":{"status":{"type":"string","description":"Status of push notifications for this device, which can be 'disallowed', 'push-id-not-set' or 'enabled'."},"allowed":{"type":"boolean","description":"Determines whether push notifications have been allowed for this device by the user."},"pushIdSet":{"type":"boolean","description":"Determines whether the push ID is set for this device, which is done by the device itself."}},"description":"Information about the push notification state of this device."},"CrontoCompleteDeviceActivationRequest":{"required":["context","label","otp"],"type":"object","properties":{"otp":{"maxLength":200,"minLength":0,"type":"string","description":"The OTP obtained by scanning the challenge cryptogram."},"context":{"type":"string","description":"The verification context generated by the server to verify the new Cronto device."},"label":{"type":"string","description":"The name of the new Cronto device, consisting of letters, digits, _, - and spaces."}}},"MyCrontoDeviceDeletionChallengeData":{"required":["challengeImage"],"type":"object","properties":{"challengeImage":{"type":"string","description":"Challenge image (cryptogram) in format \"image/png\" encoded into a base64 string."},"secureChannelChallenge":{"type":"string","description":"The secure channel challenge (for use in app-to-app scenarios)."}},"description":"Attributes of this resource."},"MyCrontoDeviceDeletionChallengeDataResourceDocument":{"type":"object","properties":{"data":{"$ref":"#/components/schemas/MyCrontoDeviceDeletionChallengeDataResourceObject"},"included":{"uniqueItems":true,"type":"array","description":"To reduce the number of HTTP requests, servers **MAY** allow responses that include related resources along with the requested primary resources. Such responses are called \"compound documents\".","items":{"$ref":"#/components/schemas/ResourceObjectBase"}},"jsonapi":{"$ref":"#/components/schemas/Jsonapi"},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"}}},"MyCrontoDeviceDeletionChallengeDataResourceObject":{"required":["id","type"],"type":"object","properties":{"attributes":{"$ref":"#/components/schemas/MyCrontoDeviceDeletionChallengeData"},"id":{"type":"string","description":"Identifies the instance of this resource; type and id together make a resource unique.\nWhile the server always returns a valid ID value, it MAY accept a client-generated ID in a request to create\na resource."},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"},"relationships":{"$ref":"#/components/schemas/Relationships"},"type":{"type":"string","description":"Identifies the type of this resource; type and id together make a resource unique.","enum":["my.token.cronto.device.deactivation-challenge"]}},"description":"An included resource to which the primary data refers."},"MyCrontoDeviceData":{"required":["displayId"],"type":"object","properties":{"displayId":{"type":"string","description":"The device ID to be displayed."},"label":{"type":"string","description":"The custom label assigned to this device."},"activationDate":{"type":"string","description":"Timestamp indicating when the device has been activated.","format":"date-time"},"firstUsageDate":{"type":"string","description":"Timestamp of the first time this device was used.","format":"date-time"},"lastUsageDate":{"type":"string","description":"Timestamp of the most recent time this device was used.","format":"date-time"},"enabled":{"type":"boolean","description":"If this device is currently enabled."},"pushNotificationState":{"$ref":"#/components/schemas/MyCrontoDevicePushNotificationState"},"platformType":{"type":"string","description":"The platform type of this device, which can be 'device', 'ios', 'android', 'windows', 'blackberry', 'rooted-ios' or 'rooted-android'."}},"description":"Attributes of this resource."},"MyCrontoDeviceDataCollectionDocument":{"type":"object","properties":{"data":{"type":"array","items":{"$ref":"#/components/schemas/MyCrontoDeviceDataResourceObject"}},"included":{"uniqueItems":true,"type":"array","description":"To reduce the number of HTTP requests, servers **MAY** allow responses that include related resources along with the requested primary resources. Such responses are called \"compound documents\".","items":{"$ref":"#/components/schemas/ResourceObjectBase"}},"jsonapi":{"$ref":"#/components/schemas/Jsonapi"},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"}}},"MyCrontoDeviceDataResourceObject":{"required":["id","type"],"type":"object","properties":{"attributes":{"$ref":"#/components/schemas/MyCrontoDeviceData"},"id":{"type":"string","description":"Identifies the instance of this resource; type and id together make a resource unique.\nWhile the server always returns a valid ID value, it MAY accept a client-generated ID in a request to create\na resource."},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"},"relationships":{"$ref":"#/components/schemas/Relationships"},"type":{"type":"string","description":"Identifies the type of this resource; type and id together make a resource unique.","enum":["my.token.cronto.device"]}},"description":"An included resource to which the primary data refers."},"MyCrontoDeviceDataResourceDocument":{"type":"object","properties":{"data":{"$ref":"#/components/schemas/MyCrontoDeviceDataResourceObject"},"included":{"uniqueItems":true,"type":"array","description":"To reduce the number of HTTP requests, servers **MAY** allow responses that include related resources along with the requested primary resources. Such responses are called \"compound documents\".","items":{"$ref":"#/components/schemas/ResourceObjectBase"}},"jsonapi":{"$ref":"#/components/schemas/Jsonapi"},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"}}},"MyCrontoDeviceActivationChallengeData":{"required":["challengeImage","context"],"type":"object","properties":{"challengeImage":{"type":"string","description":"Challenge image (cryptogram) in format \"image/png\" encoded into a base64 string."},"secureChannelChallenge":{"type":"string","description":"The secure channel challenge (for use in app-to-app scenarios)."},"context":{"type":"string","description":"The context of the change to be sent when verifying the change."}},"description":"Attributes of this resource."},"MyCrontoDeviceActivationChallengeDataResourceDocument":{"type":"object","properties":{"data":{"$ref":"#/components/schemas/MyCrontoDeviceActivationChallengeDataResourceObject"},"included":{"uniqueItems":true,"type":"array","description":"To reduce the number of HTTP requests, servers **MAY** allow responses that include related resources along with the requested primary resources. Such responses are called \"compound documents\".","items":{"$ref":"#/components/schemas/ResourceObjectBase"}},"jsonapi":{"$ref":"#/components/schemas/Jsonapi"},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"}}},"MyCrontoDeviceActivationChallengeDataResourceObject":{"required":["id","type"],"type":"object","properties":{"attributes":{"$ref":"#/components/schemas/MyCrontoDeviceActivationChallengeData"},"id":{"type":"string","description":"Identifies the instance of this resource; type and id together make a resource unique.\nWhile the server always returns a valid ID value, it MAY accept a client-generated ID in a request to create\na resource."},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"},"relationships":{"$ref":"#/components/schemas/Relationships"},"type":{"type":"string","description":"Identifies the type of this resource; type and id together make a resource unique.","enum":["my.token.cronto.device.activation-challenge"]}},"description":"An included resource to which the primary data refers."},"CrontoStartDeviceActivationRequest":{"required":["otp"],"type":"object","properties":{"otp":{"maxLength":200,"minLength":0,"type":"string","description":"The OTP from the Cronto activation letter."}}},"CrontoDeviceDataUpdateRequest":{"required":["label"],"type":"object","properties":{"label":{"type":"string","description":"The name of the new Cronto device, consisting of letters, digits, _, - and spaces."}}},"RequestDocumentCrontoDeviceDataUpdateRequest":{"required":["data"],"type":"object","properties":{"data":{"$ref":"#/components/schemas/ResourceObjectCrontoDeviceDataUpdateRequest"}}},"ResourceObjectCrontoDeviceDataUpdateRequest":{"required":["type"],"type":"object","properties":{"type":{"type":"string"},"id":{"type":"string"},"attributes":{"$ref":"#/components/schemas/CrontoDeviceDataUpdateRequest"},"relationships":{"$ref":"#/components/schemas/Relationships"},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"}}},"MyDeviceTokenData":{"required":["validTo"],"type":"object","properties":{"validTo":{"type":"string","description":"Expiration date of the device token.","format":"date-time"},"serial":{"type":"string","description":"Serial number of the device token (optional)."},"label":{"type":"string","description":"Label of the device token (optional)."},"latestUsageDate":{"type":"string","description":"Latest usage date of the device token.","format":"date-time"}},"description":"Attributes of this resource."},"MyDeviceTokenDataCollectionDocument":{"type":"object","properties":{"data":{"type":"array","items":{"$ref":"#/components/schemas/MyDeviceTokenDataResourceObject"}},"included":{"uniqueItems":true,"type":"array","description":"To reduce the number of HTTP requests, servers **MAY** allow responses that include related resources along with the requested primary resources. Such responses are called \"compound documents\".","items":{"$ref":"#/components/schemas/ResourceObjectBase"}},"jsonapi":{"$ref":"#/components/schemas/Jsonapi"},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"}}},"MyDeviceTokenDataResourceObject":{"required":["id","type"],"type":"object","properties":{"attributes":{"$ref":"#/components/schemas/MyDeviceTokenData"},"id":{"type":"string","description":"Identifies the instance of this resource; type and id together make a resource unique.\nWhile the server always returns a valid ID value, it MAY accept a client-generated ID in a request to create\na resource."},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"},"relationships":{"$ref":"#/components/schemas/Relationships"},"type":{"type":"string","description":"Identifies the type of this resource; type and id together make a resource unique.","enum":["my.token.device-token"]}},"description":"An included resource to which the primary data refers."},"MyDeviceTokenDataResourceDocument":{"type":"object","properties":{"data":{"$ref":"#/components/schemas/MyDeviceTokenDataResourceObject"},"included":{"uniqueItems":true,"type":"array","description":"To reduce the number of HTTP requests, servers **MAY** allow responses that include related resources along with the requested primary resources. Such responses are called \"compound documents\".","items":{"$ref":"#/components/schemas/ResourceObjectBase"}},"jsonapi":{"$ref":"#/components/schemas/Jsonapi"},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"}}},"DeviceRegistrationRequest":{"required":["publicJwk"],"type":"object","properties":{"publicJwk":{"type":"object","additionalProperties":{"type":"string","description":"The public key attributes according to the JSON web-key specification RFC7517 (at the moment only keys of type \"EC\" are supported)."},"description":"The public key attributes according to the JSON web-key specification RFC7517 (at the moment only keys of type \"EC\" are supported)."},"label":{"type":"string","description":"A device description (for example \"My office phone\") used to identify a device by the user or help desk (optional)."},"serial":{"type":"string","description":"A device serial number (for example \"XYZ10983482347\") used to identify a device by the user or help desk (optional)."}}},"RequestDocumentDeviceRegistrationRequest":{"required":["data"],"type":"object","properties":{"data":{"$ref":"#/components/schemas/ResourceObjectDeviceRegistrationRequest"}}},"ResourceObjectDeviceRegistrationRequest":{"required":["type"],"type":"object","properties":{"type":{"type":"string"},"id":{"type":"string"},"attributes":{"$ref":"#/components/schemas/DeviceRegistrationRequest"},"relationships":{"$ref":"#/components/schemas/Relationships"},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"}}},"MyMtanTokenData":{"required":["number"],"type":"object","properties":{"label":{"type":"string","description":"Optional label of the phone number."},"number":{"type":"string","description":"The anonymized phone number."},"defaultNumber":{"type":"boolean","description":"Indicates, whether this is the default number."}},"description":"Attributes of this resource."},"MyMtanTokenDataCollectionDocument":{"type":"object","properties":{"data":{"type":"array","items":{"$ref":"#/components/schemas/MyMtanTokenDataResourceObject"}},"included":{"uniqueItems":true,"type":"array","description":"To reduce the number of HTTP requests, servers **MAY** allow responses that include related resources along with the requested primary resources. Such responses are called \"compound documents\".","items":{"$ref":"#/components/schemas/ResourceObjectBase"}},"jsonapi":{"$ref":"#/components/schemas/Jsonapi"},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"}}},"MyMtanTokenDataResourceObject":{"required":["id","type"],"type":"object","properties":{"attributes":{"$ref":"#/components/schemas/MyMtanTokenData"},"id":{"type":"string","description":"Identifies the instance of this resource; type and id together make a resource unique.\nWhile the server always returns a valid ID value, it MAY accept a client-generated ID in a request to create\na resource."},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"},"relationships":{"$ref":"#/components/schemas/Relationships"},"type":{"type":"string","description":"Identifies the type of this resource; type and id together make a resource unique.","enum":["my.token.mtan"]}},"description":"An included resource to which the primary data refers."},"MyMtanTokenNumberChangeData":{"type":"object","properties":{"context":{"type":"string","description":"The context of the change to be sent when verifying the change."}},"description":"Attributes of this resource."},"MyMtanTokenNumberChangeDataResourceDocument":{"type":"object","properties":{"data":{"$ref":"#/components/schemas/MyMtanTokenNumberChangeDataResourceObject"},"included":{"uniqueItems":true,"type":"array","description":"To reduce the number of HTTP requests, servers **MAY** allow responses that include related resources along with the requested primary resources. Such responses are called \"compound documents\".","items":{"$ref":"#/components/schemas/ResourceObjectBase"}},"jsonapi":{"$ref":"#/components/schemas/Jsonapi"},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"}}},"MyMtanTokenNumberChangeDataResourceObject":{"required":["id","type"],"type":"object","properties":{"attributes":{"$ref":"#/components/schemas/MyMtanTokenNumberChangeData"},"id":{"type":"string","description":"Identifies the instance of this resource; type and id together make a resource unique.\nWhile the server always returns a valid ID value, it MAY accept a client-generated ID in a request to create\na resource."},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"},"relationships":{"$ref":"#/components/schemas/Relationships"},"type":{"type":"string","description":"Identifies the type of this resource; type and id together make a resource unique.","enum":["my.token.mtan.number-change"]}},"description":"An included resource to which the primary data refers."},"MtanNumberChangeRequest":{"required":["newPhoneNumber"],"type":"object","properties":{"newPhoneNumber":{"type":"string","description":"The new phone number."}}},"MyMtanTokenDataResourceDocument":{"type":"object","properties":{"data":{"$ref":"#/components/schemas/MyMtanTokenDataResourceObject"},"included":{"uniqueItems":true,"type":"array","description":"To reduce the number of HTTP requests, servers **MAY** allow responses that include related resources along with the requested primary resources. Such responses are called \"compound documents\".","items":{"$ref":"#/components/schemas/ResourceObjectBase"}},"jsonapi":{"$ref":"#/components/schemas/Jsonapi"},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"}}},"MtanTokenDataUpdateRequest":{"type":"object","properties":{"label":{"type":"string","description":"Optional label of the phone number.","nullable":true}}},"RequestDocumentMtanTokenDataUpdateRequest":{"required":["data"],"type":"object","properties":{"data":{"$ref":"#/components/schemas/ResourceObjectMtanTokenDataUpdateRequest"}}},"ResourceObjectMtanTokenDataUpdateRequest":{"required":["type"],"type":"object","properties":{"type":{"type":"string"},"id":{"type":"string"},"attributes":{"$ref":"#/components/schemas/MtanTokenDataUpdateRequest"},"relationships":{"$ref":"#/components/schemas/Relationships"},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"}}},"MtanNumberChangeVerificationRequest":{"required":["context","otp"],"type":"object","properties":{"otp":{"maxLength":200,"minLength":0,"type":"string","description":"The plain text OTP value received by the user in an SMS."},"context":{"type":"string","description":"The verification context generated by the server to verify the number change."}}},"VoluntaryPasswordChangeRequest":{"required":["newPassword","oldPassword"],"type":"object","properties":{"oldPassword":{"type":"string","description":"The user's existing password."},"newPassword":{"type":"string","description":"The desired new password."}}},"AcceptSecretQuestionAnswerRequest":{"required":["answer"],"type":"object","properties":{"answer":{"type":"string","description":"Answer to the question as text."}}},"UserDataResourceDocument":{"type":"object","properties":{"data":{"$ref":"#/components/schemas/UserDataResourceObject"},"included":{"uniqueItems":true,"type":"array","description":"To reduce the number of HTTP requests, servers **MAY** allow responses that include related resources along with the requested primary resources. Such responses are called \"compound documents\".","items":{"$ref":"#/components/schemas/ResourceObjectBase"}},"jsonapi":{"$ref":"#/components/schemas/Jsonapi"},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"}}},"UserDataResourceObject":{"required":["id","type"],"type":"object","properties":{"attributes":{"$ref":"#/components/schemas/UserDataOverride"},"id":{"type":"string","description":"The username of the authenticated user."},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"},"relationships":{"$ref":"#/components/schemas/Relationships"},"type":{"type":"string","description":"Identifies the type of this resource; type and id together make a resource unique.","enum":["user.self"]}},"description":"An included resource to which the primary data refers."},"SelfServiceFlowResultDataOverride":{"type":"object","properties":{"nextStep":{"type":"string","description":"Expected next step. See <a href=\"#nextSelfServiceStepCodes\">table</a> for corresponding endpoints."}},"additionalProperties":{"nullable":true},"description":"See <a href=\"#additionalSelfServiceAttributes\">table</a> for possible additional properties"},"UserDataEditRequestOverride":{"type":"object","additionalProperties":{"nullable":true},"description":"The data elements to be edited."},"UserDataItemValidationDataOverride":{"required":["type"],"type":"object","properties":{"type":{"type":"string","description":"The type of validation."}},"additionalProperties":{"nullable":true}},"SelfServiceProviderData":{"type":"object","description":"Attributes of this resource."},"SelfServiceProviderDataCollectionDocument":{"type":"object","properties":{"data":{"type":"array","items":{"$ref":"#/components/schemas/SelfServiceProviderDataResourceObject"}},"included":{"uniqueItems":true,"type":"array","description":"To reduce the number of HTTP requests, servers **MAY** allow responses that include related resources along with the requested primary resources. Such responses are called \"compound documents\".","items":{"$ref":"#/components/schemas/ResourceObjectBase"}},"jsonapi":{"$ref":"#/components/schemas/Jsonapi"},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"}}},"SelfServiceProviderDataResourceObject":{"required":["id","type"],"type":"object","properties":{"attributes":{"$ref":"#/components/schemas/SelfServiceProviderData"},"id":{"type":"string","description":"The Provider Identifier"},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"},"relationships":{"$ref":"#/components/schemas/Relationships"},"type":{"type":"string","description":"Identifies the type of this resource; type and id together make a resource unique.","enum":["self-service.account-link.provider"]}},"description":"A collection of included resources to which the primary data refers."},"SelfServiceFlowResultDataResourceDocument":{"type":"object","properties":{"data":{"$ref":"#/components/schemas/SelfServiceFlowResultDataResourceObject"},"included":{"uniqueItems":true,"type":"array","description":"To reduce the number of HTTP requests, servers **MAY** allow responses that include related resources along with the requested primary resources. Such responses are called \"compound documents\".","items":{"$ref":"#/components/schemas/ResourceObjectBase"}},"jsonapi":{"$ref":"#/components/schemas/Jsonapi"},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"}}},"SelfServiceFlowResultDataResourceObject":{"required":["id","type"],"type":"object","properties":{"attributes":{"$ref":"#/components/schemas/SelfServiceFlowResultDataOverride"},"id":{"type":"string","description":"Self-service session identifier"},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"},"relationships":{"$ref":"#/components/schemas/Relationships"},"type":{"type":"string","description":"Identifies the type of this resource; type and id together make a resource unique.","enum":["self-service.session"]}},"description":"An included resource to which the primary data refers."},"SelfServiceAccountLinkData":{"required":["accountSub","establishedAt"],"type":"object","properties":{"accountSub":{"type":"string","description":"Subject of the associated provider."},"accountInfo":{"type":"string","description":"Optional account information of the user."},"establishedAt":{"type":"string","description":"Account link establishment date.","format":"date-time"}},"description":"Attributes of this resource."},"SelfServiceAccountLinkDataCollectionDocument":{"type":"object","properties":{"data":{"type":"array","items":{"$ref":"#/components/schemas/SelfServiceAccountLinkDataResourceObject"}},"included":{"uniqueItems":true,"type":"array","description":"To reduce the number of HTTP requests, servers **MAY** allow responses that include related resources along with the requested primary resources. Such responses are called \"compound documents\".","items":{"$ref":"#/components/schemas/ResourceObjectBase"}},"jsonapi":{"$ref":"#/components/schemas/Jsonapi"},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"}}},"SelfServiceAccountLinkDataResourceObject":{"required":["id","type"],"type":"object","properties":{"attributes":{"$ref":"#/components/schemas/SelfServiceAccountLinkData"},"id":{"type":"string","description":"The Provider Identifier"},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"},"relationships":{"$ref":"#/components/schemas/Relationships"},"type":{"type":"string","description":"Identifies the type of this resource; type and id together make a resource unique.","enum":["self-service.account-link"]}},"description":"A collection of included resources to which the primary data refers."},"SelfServiceAirlock2FAActivationChallengeData":{"required":["activationQrCode","appDeviceActivationUrl"],"type":"object","properties":{"appDeviceActivationUrl":{"type":"string","description":"The URL to trigger the activation on the Airlock 2FA app device."},"activationQrCode":{"type":"string","description":"The base64 encoded PNG representing the QR code needed to activate the device."}},"description":"Attributes of this resource."},"SelfServiceAirlock2FAActivationChallengeDataResourceDocument":{"type":"object","properties":{"data":{"$ref":"#/components/schemas/SelfServiceAirlock2FAActivationChallengeDataResourceObject"},"included":{"uniqueItems":true,"type":"array","description":"To reduce the number of HTTP requests, servers **MAY** allow responses that include related resources along with the requested primary resources. Such responses are called \"compound documents\".","items":{"$ref":"#/components/schemas/ResourceObjectBase"}},"jsonapi":{"$ref":"#/components/schemas/Jsonapi"},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"}}},"SelfServiceAirlock2FAActivationChallengeDataResourceObject":{"required":["id","type"],"type":"object","properties":{"attributes":{"$ref":"#/components/schemas/SelfServiceAirlock2FAActivationChallengeData"},"id":{"type":"string","description":"Identifies the instance of this resource; type and id together make a resource unique.\nWhile the server always returns a valid ID value, it MAY accept a client-generated ID in a request to create\na resource."},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"},"relationships":{"$ref":"#/components/schemas/Relationships"},"type":{"type":"string","description":"Identifies the type of this resource; type and id together make a resource unique.","enum":["self-service.airlock-2fa.activation.challenge"]}},"description":"An included resource to which the primary data refers."},"Airlock2FADeviceEditRequest":{"required":["displayName"],"type":"object","properties":{"displayName":{"type":"string","description":"The new display name of the device. <p>A valid display name is a (non-whitespace) string with maximum 50 characters, where a character can be <ul> <li>a white space</li> <li>any case-sensitive Unicode letter (Unicode L character class)</li> <li>any number</li> <li>or any characters = - + / . ( )</li> </ul> In a transition phase, display names that conform to the definition below are also accepted, but characters that do not match the more strict definition above, will be sanitized. <ul> <li>a white space</li> <li>any case-sensitive Unicode letter (Unicode L character class)</li> <li>any Unicode punctuation (Unicode P character class)</li> <li>any number</li> <li>or any characters = @ # $ +</li> </ul> </p>"}}},"Airlock2FADeviceEditSelfServiceResponseAttributesData":{"required":["displayName"],"type":"object","properties":{"displayName":{"type":"string","description":"Current value of display name in the edit step. If the display name was not edited, the value returned corresponds to the persisted value."}},"description":"Attributes of this resource."},"Airlock2FADeviceEditSelfServiceResponseAttributesDataResourceDocument":{"type":"object","properties":{"data":{"$ref":"#/components/schemas/Airlock2FADeviceEditSelfServiceResponseAttributesDataResourceObject"},"included":{"uniqueItems":true,"type":"array","description":"To reduce the number of HTTP requests, servers **MAY** allow responses that include related resources along with the requested primary resources. Such responses are called \"compound documents\".","items":{"$ref":"#/components/schemas/ResourceObjectBase"}},"jsonapi":{"$ref":"#/components/schemas/Jsonapi"},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"}}},"Airlock2FADeviceEditSelfServiceResponseAttributesDataResourceObject":{"required":["id","type"],"type":"object","properties":{"attributes":{"$ref":"#/components/schemas/Airlock2FADeviceEditSelfServiceResponseAttributesData"},"id":{"type":"string","description":"The Airlock 2FA device ID"},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"},"relationships":{"$ref":"#/components/schemas/Relationships"},"type":{"type":"string","description":"Identifies the type of this resource; type and id together make a resource unique.","enum":["self-service.airlock-2fa.device.data"]}},"description":"An included resource to which the primary data refers."},"SelfServiceAirlock2FADeviceData":{"required":["deviceType","displayName"],"type":"object","properties":{"displayName":{"type":"string","description":"A short string which can be used to identify the device in a prompt."},"deviceType":{"type":"string","description":"Type of the device.","enum":["ANDROID","IOS","HARDWARE"]}},"description":"Attributes of this resource."},"SelfServiceAirlock2FADeviceDataCollectionDocument":{"type":"object","properties":{"data":{"type":"array","items":{"$ref":"#/components/schemas/SelfServiceAirlock2FADeviceDataResourceObject"}},"included":{"uniqueItems":true,"type":"array","description":"To reduce the number of HTTP requests, servers **MAY** allow responses that include related resources along with the requested primary resources. Such responses are called \"compound documents\".","items":{"$ref":"#/components/schemas/ResourceObjectBase"}},"jsonapi":{"$ref":"#/components/schemas/Jsonapi"},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"}}},"SelfServiceAirlock2FADeviceDataResourceObject":{"required":["id","type"],"type":"object","properties":{"attributes":{"$ref":"#/components/schemas/SelfServiceAirlock2FADeviceData"},"id":{"type":"string","description":"The temporary id of this Airlock 2FA device. To be used in the follow-up call to select a device."},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"},"relationships":{"$ref":"#/components/schemas/Relationships"},"type":{"type":"string","description":"Identifies the type of this resource; type and id together make a resource unique.","enum":["self-service.airlock-2fa.approval.device"]}},"description":"A collection of included resources to which the primary data refers."},"SelfServiceAirlock2FAMobileOnlyChallengeData":{"required":["authUri"],"type":"object","properties":{"authUri":{"type":"string","description":"URI that contains the challenge to be used by the authenticating mobile app to perform the self-service approval. In scenarios where the authentication is performed by a dedicated authentication app, such as the Airlock 2FA app, the URI can also be used to perform the switch from the initiating app to the authentication app."}},"description":"Attributes of this resource."},"SelfServiceAirlock2FAMobileOnlyChallengeDataResourceDocument":{"type":"object","properties":{"data":{"$ref":"#/components/schemas/SelfServiceAirlock2FAMobileOnlyChallengeDataResourceObject"},"included":{"uniqueItems":true,"type":"array","description":"To reduce the number of HTTP requests, servers **MAY** allow responses that include related resources along with the requested primary resources. Such responses are called \"compound documents\".","items":{"$ref":"#/components/schemas/ResourceObjectBase"}},"jsonapi":{"$ref":"#/components/schemas/Jsonapi"},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"}}},"SelfServiceAirlock2FAMobileOnlyChallengeDataResourceObject":{"required":["id","type"],"type":"object","properties":{"attributes":{"$ref":"#/components/schemas/SelfServiceAirlock2FAMobileOnlyChallengeData"},"id":{"type":"string","description":"Identifies the instance of this resource; type and id together make a resource unique.\nWhile the server always returns a valid ID value, it MAY accept a client-generated ID in a request to create\na resource."},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"},"relationships":{"$ref":"#/components/schemas/Relationships"},"type":{"type":"string","description":"Identifies the type of this resource; type and id together make a resource unique.","enum":["self-service.airlock-2fa.approval.mobile-only.challenge"]}},"description":"An included resource to which the primary data refers."},"SelfServiceAirlock2FAOfflineChallengeData":{"required":["challengeImage"],"type":"object","properties":{"challengeImage":{"type":"string","description":"Challenge image in format \"image/png\" encoded into a base64 string."}},"description":"Attributes of this resource."},"SelfServiceAirlock2FAOfflineChallengeDataResourceDocument":{"type":"object","properties":{"data":{"$ref":"#/components/schemas/SelfServiceAirlock2FAOfflineChallengeDataResourceObject"},"included":{"uniqueItems":true,"type":"array","description":"To reduce the number of HTTP requests, servers **MAY** allow responses that include related resources along with the requested primary resources. Such responses are called \"compound documents\".","items":{"$ref":"#/components/schemas/ResourceObjectBase"}},"jsonapi":{"$ref":"#/components/schemas/Jsonapi"},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"}}},"SelfServiceAirlock2FAOfflineChallengeDataResourceObject":{"required":["id","type"],"type":"object","properties":{"attributes":{"$ref":"#/components/schemas/SelfServiceAirlock2FAOfflineChallengeData"},"id":{"type":"string","description":"Identifies the instance of this resource; type and id together make a resource unique.\nWhile the server always returns a valid ID value, it MAY accept a client-generated ID in a request to create\na resource."},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"},"relationships":{"$ref":"#/components/schemas/Relationships"},"type":{"type":"string","description":"Identifies the type of this resource; type and id together make a resource unique.","enum":["self-service.airlock-2fa.approval.challenge"]}},"description":"An included resource to which the primary data refers."},"Airlock2FAAppDeviceData":{"required":["displayName","type"],"type":"object","properties":{"displayName":{"type":"string","description":"The display name."},"type":{"type":"string","description":"The type of the device.","enum":["ANDROID","IOS"]},"appVersion":{"type":"string","description":"The currently installed mobile app version."},"appVersionSupported":{"type":"boolean","description":"Whether the currently installed mobile app version is supported by the currently operating version of the Futurae server."}},"description":"Attributes of this resource."},"Airlock2FAAppDeviceDataCollectionDocument":{"type":"object","properties":{"data":{"type":"array","items":{"$ref":"#/components/schemas/Airlock2FAAppDeviceDataResourceObject"}},"included":{"uniqueItems":true,"type":"array","description":"To reduce the number of HTTP requests, servers **MAY** allow responses that include related resources along with the requested primary resources. Such responses are called \"compound documents\".","items":{"$ref":"#/components/schemas/ResourceObjectBase"}},"jsonapi":{"$ref":"#/components/schemas/Jsonapi"},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"}}},"Airlock2FAAppDeviceDataResourceObject":{"required":["id","type"],"type":"object","properties":{"attributes":{"$ref":"#/components/schemas/Airlock2FAAppDeviceData"},"id":{"type":"string","description":"Identifies the instance of this resource; type and id together make a resource unique.\nWhile the server always returns a valid ID value, it MAY accept a client-generated ID in a request to create\na resource."},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"},"relationships":{"$ref":"#/components/schemas/Relationships"},"type":{"type":"string","description":"Identifies the type of this resource; type and id together make a resource unique.","enum":["my.token.airlock-2fa.app-device"]}},"description":"A collection of included resources to which the primary data refers."},"Airlock2FAHardwareDeviceData":{"type":"object","properties":{"serialNumber":{"type":"string","description":"The serial number of the hardware token. This is a unique identifier."}},"description":"Attributes of this resource."},"Airlock2FAHardwareDeviceDataCollectionDocument":{"type":"object","properties":{"data":{"type":"array","items":{"$ref":"#/components/schemas/Airlock2FAHardwareDeviceDataResourceObject"}},"included":{"uniqueItems":true,"type":"array","description":"To reduce the number of HTTP requests, servers **MAY** allow responses that include related resources along with the requested primary resources. Such responses are called \"compound documents\".","items":{"$ref":"#/components/schemas/ResourceObjectBase"}},"jsonapi":{"$ref":"#/components/schemas/Jsonapi"},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"}}},"Airlock2FAHardwareDeviceDataResourceObject":{"required":["id","type"],"type":"object","properties":{"attributes":{"$ref":"#/components/schemas/Airlock2FAHardwareDeviceData"},"id":{"type":"string","description":"Identifies the instance of this resource; type and id together make a resource unique.\nWhile the server always returns a valid ID value, it MAY accept a client-generated ID in a request to create\na resource."},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"},"relationships":{"$ref":"#/components/schemas/Relationships"},"type":{"type":"string","description":"Identifies the type of this resource; type and id together make a resource unique.","enum":["my.token.airlock-2fa.hardware-device"]}},"description":"A collection of included resources to which the primary data refers."},"SelfServiceCrontoActivationChallengeData":{"required":["challengeImage"],"type":"object","properties":{"challengeImage":{"type":"string","description":"Challenge image (cryptogram) in format \"image/png\" encoded into a base64 string."},"secureChannelChallenge":{"type":"string","description":"The secure channel challenge (for use in app-to-app scenarios)."}},"description":"Attributes of this resource."},"SelfServiceCrontoActivationChallengeDataResourceDocument":{"type":"object","properties":{"data":{"$ref":"#/components/schemas/SelfServiceCrontoActivationChallengeDataResourceObject"},"included":{"uniqueItems":true,"type":"array","description":"To reduce the number of HTTP requests, servers **MAY** allow responses that include related resources along with the requested primary resources. Such responses are called \"compound documents\".","items":{"$ref":"#/components/schemas/ResourceObjectBase"}},"jsonapi":{"$ref":"#/components/schemas/Jsonapi"},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"}}},"SelfServiceCrontoActivationChallengeDataResourceObject":{"required":["id","type"],"type":"object","properties":{"attributes":{"$ref":"#/components/schemas/SelfServiceCrontoActivationChallengeData"},"id":{"type":"string","description":"Identifies the instance of this resource; type and id together make a resource unique.\nWhile the server always returns a valid ID value, it MAY accept a client-generated ID in a request to create\na resource."},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"},"relationships":{"$ref":"#/components/schemas/Relationships"},"type":{"type":"string","description":"Identifies the type of this resource; type and id together make a resource unique.","enum":["self-service.cronto.device.activation-challenge"]}},"description":"An included resource to which the primary data refers."},"CrontoDeviceActivationFirstOtpSelfServiceRequest":{"required":["firstOtp"],"type":"object","properties":{"firstOtp":{"type":"string","description":"The OTP from the Cronto activation letter."}}},"CrontoDeviceActivationSecondOtpSelfServiceRequest":{"required":["label","secondOtp"],"type":"object","properties":{"secondOtp":{"type":"string","description":"The OTP obtained by scanning the challenge cryptogram."},"label":{"type":"string","description":"The name of the new Cronto device, consisting of letters, digits, _, - and spaces."}}},"CrontoPushActivationChallengeSelfServiceData":{"required":["challengeImage"],"type":"object","properties":{"challengeImage":{"type":"string","description":"Challenge image (cryptogram) in format \"image/png\" encoded into a base64 string."},"secureChannelChallenge":{"type":"string","description":"The secure channel challenge (for use in app-to-app scenarios)."}},"description":"Attributes of this resource."},"CrontoPushActivationChallengeSelfServiceDataResourceDocument":{"type":"object","properties":{"data":{"$ref":"#/components/schemas/CrontoPushActivationChallengeSelfServiceDataResourceObject"},"included":{"uniqueItems":true,"type":"array","description":"To reduce the number of HTTP requests, servers **MAY** allow responses that include related resources along with the requested primary resources. Such responses are called \"compound documents\".","items":{"$ref":"#/components/schemas/ResourceObjectBase"}},"jsonapi":{"$ref":"#/components/schemas/Jsonapi"},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"}}},"CrontoPushActivationChallengeSelfServiceDataResourceObject":{"required":["id","type"],"type":"object","properties":{"attributes":{"$ref":"#/components/schemas/CrontoPushActivationChallengeSelfServiceData"},"id":{"type":"string","description":"Identifies the instance of this resource; type and id together make a resource unique.\nWhile the server always returns a valid ID value, it MAY accept a client-generated ID in a request to create\na resource."},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"},"relationships":{"$ref":"#/components/schemas/Relationships"},"type":{"type":"string","description":"Identifies the type of this resource; type and id together make a resource unique.","enum":["self-service.cronto.push-device.activation-challenge"]}},"description":"An included resource to which the primary data refers."},"SelfServiceCrontoChallengeData":{"required":["challengeImage","onlineValidation","pushed","secureChannelChallenge"],"type":"object","properties":{"challengeImage":{"type":"string","description":"Challenge image (cryptogram) in format \"image/png\" encoded into a base 64 string."},"secureChannelChallenge":{"type":"string","description":"The secure channel challenge (for use in app-to-app scenarios)."},"onlineValidation":{"type":"boolean","description":"Indicates whether \"online validation\" is available (if true, the Cronto app can directly send the OTP to the server)."},"pushed":{"type":"boolean","description":"Indicates whether the challenge has been pushed directly to the device / Cronto app."},"pushDevices":{"type":"array","description":"Contains information about the device if the challenge has been pushed.","items":{"$ref":"#/components/schemas/SelfServiceCrontoPushDeviceData"}}},"description":"Attributes of this resource."},"SelfServiceCrontoChallengeDataResourceDocument":{"type":"object","properties":{"data":{"$ref":"#/components/schemas/SelfServiceCrontoChallengeDataResourceObject"},"included":{"uniqueItems":true,"type":"array","description":"To reduce the number of HTTP requests, servers **MAY** allow responses that include related resources along with the requested primary resources. Such responses are called \"compound documents\".","items":{"$ref":"#/components/schemas/ResourceObjectBase"}},"jsonapi":{"$ref":"#/components/schemas/Jsonapi"},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"}}},"SelfServiceCrontoChallengeDataResourceObject":{"required":["id","type"],"type":"object","properties":{"attributes":{"$ref":"#/components/schemas/SelfServiceCrontoChallengeData"},"id":{"type":"string","description":"Identifies the instance of this resource; type and id together make a resource unique.\nWhile the server always returns a valid ID value, it MAY accept a client-generated ID in a request to create\na resource."},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"},"relationships":{"$ref":"#/components/schemas/Relationships"},"type":{"type":"string","description":"Identifies the type of this resource; type and id together make a resource unique.","enum":["self-service.cronto.challenge"]}},"description":"An included resource to which the primary data refers."},"SelfServiceCrontoPushDeviceData":{"required":["id"],"type":"object","properties":{"id":{"type":"string","description":"The device ID."},"label":{"type":"string","description":"Optional label of the push device."},"platform":{"type":"string","description":"The device platform. One of 'IOS' or 'ANDROID'."}}},"DeviceLabelData":{"required":["defaultDevice","label"],"type":"object","properties":{"label":{"type":"string","description":"Label of the push device."},"defaultDevice":{"type":"boolean","description":"Indicates, whether this is the default device."}},"description":"Attributes of this resource."},"DeviceLabelDataCollectionDocument":{"type":"object","properties":{"data":{"type":"array","items":{"$ref":"#/components/schemas/DeviceLabelDataResourceObject"}},"included":{"uniqueItems":true,"type":"array","description":"To reduce the number of HTTP requests, servers **MAY** allow responses that include related resources along with the requested primary resources. Such responses are called \"compound documents\".","items":{"$ref":"#/components/schemas/ResourceObjectBase"}},"jsonapi":{"$ref":"#/components/schemas/Jsonapi"},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"}}},"DeviceLabelDataResourceObject":{"required":["id","type"],"type":"object","properties":{"attributes":{"$ref":"#/components/schemas/DeviceLabelData"},"id":{"type":"string","description":"The temporary id of this Cronto push device. To be used in the follow-up call to select a device."},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"},"relationships":{"$ref":"#/components/schemas/Relationships"},"type":{"type":"string","description":"Identifies the type of this resource; type and id together make a resource unique.","enum":["self-service.cronto.push-device"]}},"description":"A collection of included resources to which the primary data refers."},"CrontoDeviceRenameRequest":{"required":["name"],"type":"object","properties":{"name":{"type":"string","description":"The new name for the selected Cronto device."}}},"CrontoDevicePushNotificationState":{"required":["status"],"type":"object","properties":{"status":{"type":"string","description":"Status of push notifications for this device, which can be 'disallowed', 'push-id-not-set' or 'enabled'."},"allowed":{"type":"boolean","description":"Determines whether push notifications have been allowed for this device by the user."},"pushIdSet":{"type":"boolean","description":"Determines whether the push ID is set for this device, which is done by the device itself."}},"description":"Information about the push notification state of this device."},"CrontoSelfServiceDeviceData":{"required":["activationDate","displayId","enabled","pushNotificationState"],"type":"object","properties":{"displayId":{"type":"string","description":"The device ID to be displayed."},"label":{"type":"string","description":"The custom label assigned to this device."},"activationDate":{"type":"string","description":"Timestamp indicating when the device has been activated.","format":"date-time"},"firstUsageDate":{"type":"string","description":"Timestamp of the first time this device was used.","format":"date-time"},"lastUsageDate":{"type":"string","description":"Timestamp of the most recent time this device was used.","format":"date-time"},"enabled":{"type":"boolean","description":"If this device is currently enabled."},"pushNotificationState":{"$ref":"#/components/schemas/CrontoDevicePushNotificationState"},"platformType":{"type":"string","description":"The platform type of this device, which can be 'device', 'ios', 'android', 'windows', 'blackberry', 'rooted-ios' or 'rooted-android'."}},"description":"Attributes of this resource."},"CrontoSelfServiceDeviceDataCollectionDocument":{"type":"object","properties":{"data":{"type":"array","items":{"$ref":"#/components/schemas/CrontoSelfServiceDeviceDataResourceObject"}},"included":{"uniqueItems":true,"type":"array","description":"To reduce the number of HTTP requests, servers **MAY** allow responses that include related resources along with the requested primary resources. Such responses are called \"compound documents\".","items":{"$ref":"#/components/schemas/ResourceObjectBase"}},"jsonapi":{"$ref":"#/components/schemas/Jsonapi"},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"}}},"CrontoSelfServiceDeviceDataResourceObject":{"required":["id","type"],"type":"object","properties":{"attributes":{"$ref":"#/components/schemas/CrontoSelfServiceDeviceData"},"id":{"type":"string","description":"Identifies the instance of this resource; type and id together make a resource unique.\nWhile the server always returns a valid ID value, it MAY accept a client-generated ID in a request to create\na resource."},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"},"relationships":{"$ref":"#/components/schemas/Relationships"},"type":{"type":"string","description":"Identifies the type of this resource; type and id together make a resource unique.","enum":["self-service.cronto.device"]}},"description":"A collection of included resources to which the primary data refers."},"CrontoDeviceEditInfoData":{"required":["name"],"type":"object","properties":{"name":{"$ref":"#/components/schemas/EditInfo"}},"description":"Attributes of this resource."},"CrontoDeviceEditInfoDataResourceDocument":{"type":"object","properties":{"data":{"$ref":"#/components/schemas/CrontoDeviceEditInfoDataResourceObject"},"included":{"uniqueItems":true,"type":"array","description":"To reduce the number of HTTP requests, servers **MAY** allow responses that include related resources along with the requested primary resources. Such responses are called \"compound documents\".","items":{"$ref":"#/components/schemas/ResourceObjectBase"}},"jsonapi":{"$ref":"#/components/schemas/Jsonapi"},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"}}},"CrontoDeviceEditInfoDataResourceObject":{"required":["id","type"],"type":"object","properties":{"attributes":{"$ref":"#/components/schemas/CrontoDeviceEditInfoData"},"id":{"type":"string","description":"self-service.cronto.device.information"},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"},"relationships":{"$ref":"#/components/schemas/Relationships"},"type":{"type":"string","description":"Identifies the type of this resource; type and id together make a resource unique.","enum":["self-service.cronto.device.information"]}},"description":"An included resource to which the primary data refers."},"EditInfo":{"type":"object","properties":{"currentValue":{"type":"string","description":"The current value."}},"description":"Information about the credential name."},"DeviceTokenData":{"required":["validTo"],"type":"object","properties":{"validTo":{"type":"string","format":"date-time"},"serial":{"type":"string"},"label":{"type":"string"},"latestUsageDate":{"type":"string","format":"date-time"},"activationDate":{"type":"string","format":"date-time"},"totalUsages":{"type":"integer","format":"int32"},"active":{"type":"boolean"},"generationDate":{"type":"string","format":"date-time"},"validFrom":{"type":"string","format":"date-time"}},"description":"Attributes of this resource."},"DeviceTokenDataCollectionDocument":{"type":"object","properties":{"data":{"type":"array","items":{"$ref":"#/components/schemas/DeviceTokenDataResourceObject"}},"included":{"uniqueItems":true,"type":"array","description":"To reduce the number of HTTP requests, servers **MAY** allow responses that include related resources along with the requested primary resources. Such responses are called \"compound documents\".","items":{"$ref":"#/components/schemas/ResourceObjectBase"}},"jsonapi":{"$ref":"#/components/schemas/Jsonapi"},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"}}},"DeviceTokenDataResourceObject":{"required":["id","type"],"type":"object","properties":{"attributes":{"$ref":"#/components/schemas/DeviceTokenData"},"id":{"type":"string","description":"Identifies the instance of this resource; type and id together make a resource unique.\nWhile the server always returns a valid ID value, it MAY accept a client-generated ID in a request to create\na resource."},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"},"relationships":{"$ref":"#/components/schemas/Relationships"},"type":{"type":"string","description":"Identifies the type of this resource; type and id together make a resource unique.","enum":["token.device-token"]}},"description":"A collection of included resources to which the primary data refers."},"FidoRegistrationSelfServiceChallengeData":{"required":["publicKeyCredentialCreationOptions"],"type":"object","properties":{"publicKeyCredentialCreationOptions":{"$ref":"#/components/schemas/FidoPublicKeyCreationOptionsData"}},"description":"Attributes of this resource."},"FidoRegistrationSelfServiceChallengeDataResourceDocument":{"type":"object","properties":{"data":{"$ref":"#/components/schemas/FidoRegistrationSelfServiceChallengeDataResourceObject"},"included":{"uniqueItems":true,"type":"array","description":"To reduce the number of HTTP requests, servers **MAY** allow responses that include related resources along with the requested primary resources. Such responses are called \"compound documents\".","items":{"$ref":"#/components/schemas/ResourceObjectBase"}},"jsonapi":{"$ref":"#/components/schemas/Jsonapi"},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"}}},"FidoRegistrationSelfServiceChallengeDataResourceObject":{"required":["id","type"],"type":"object","properties":{"attributes":{"$ref":"#/components/schemas/FidoRegistrationSelfServiceChallengeData"},"id":{"type":"string","description":"Identifies the instance of this resource; type and id together make a resource unique.\nWhile the server always returns a valid ID value, it MAY accept a client-generated ID in a request to create\na resource."},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"},"relationships":{"$ref":"#/components/schemas/Relationships"},"type":{"type":"string","description":"Identifies the type of this resource; type and id together make a resource unique.","enum":["self-service.fido.registration.challenge"]}},"description":"An included resource to which the primary data refers."},"FidoAuthenticatorData":{"required":["aaguid"],"type":"object","properties":{"aaguid":{"type":"string","description":"The AAGUID representing the FIDO authenticators make and model."},"model":{"type":"string","description":"A human-readable description of the make and model if a mapping for the AAGUID is available."}},"description":"Information about the FIDO authenticator make and model."},"FidoSelfServiceCredentialData":{"required":["authenticator","displayName","enabled","registrationDate"],"type":"object","properties":{"displayName":{"type":"string","description":"The custom display name assigned to this credential."},"registrationDate":{"type":"string","description":"Timestamp indicating when the credential has been activated.","format":"date-time"},"firstUsageDate":{"type":"string","description":"Timestamp of the first time this credential was used.","format":"date-time"},"lastUsageDate":{"type":"string","description":"Timestamp of the most recent time this credential was used.","format":"date-time"},"enabled":{"type":"boolean","description":"If this credential is currently enabled."},"authenticator":{"$ref":"#/components/schemas/FidoAuthenticatorData"}},"description":"Attributes of this resource."},"FidoSelfServiceCredentialDataCollectionDocument":{"type":"object","properties":{"data":{"type":"array","items":{"$ref":"#/components/schemas/FidoSelfServiceCredentialDataResourceObject"}},"included":{"uniqueItems":true,"type":"array","description":"To reduce the number of HTTP requests, servers **MAY** allow responses that include related resources along with the requested primary resources. Such responses are called \"compound documents\".","items":{"$ref":"#/components/schemas/ResourceObjectBase"}},"jsonapi":{"$ref":"#/components/schemas/Jsonapi"},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"}}},"FidoSelfServiceCredentialDataResourceObject":{"required":["id","type"],"type":"object","properties":{"attributes":{"$ref":"#/components/schemas/FidoSelfServiceCredentialData"},"id":{"type":"string","description":"Identifies the instance of this resource; type and id together make a resource unique.\nWhile the server always returns a valid ID value, it MAY accept a client-generated ID in a request to create\na resource."},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"},"relationships":{"$ref":"#/components/schemas/Relationships"},"type":{"type":"string","description":"Identifies the type of this resource; type and id together make a resource unique.","enum":["self-service.fido.credential"]}},"description":"A collection of included resources to which the primary data refers."},"FidoCredentialEditInfoData":{"required":["displayName"],"type":"object","properties":{"displayName":{"$ref":"#/components/schemas/EditInfo"}},"description":"Attributes of this resource."},"FidoCredentialEditInfoDataResourceDocument":{"type":"object","properties":{"data":{"$ref":"#/components/schemas/FidoCredentialEditInfoDataResourceObject"},"included":{"uniqueItems":true,"type":"array","description":"To reduce the number of HTTP requests, servers **MAY** allow responses that include related resources along with the requested primary resources. Such responses are called \"compound documents\".","items":{"$ref":"#/components/schemas/ResourceObjectBase"}},"jsonapi":{"$ref":"#/components/schemas/Jsonapi"},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"}}},"FidoCredentialEditInfoDataResourceObject":{"required":["id","type"],"type":"object","properties":{"attributes":{"$ref":"#/components/schemas/FidoCredentialEditInfoData"},"id":{"type":"string","description":"self-service.fido.credential.information"},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"},"relationships":{"$ref":"#/components/schemas/Relationships"},"type":{"type":"string","description":"Identifies the type of this resource; type and id together make a resource unique.","enum":["self-service.fido.credential.information"]}},"description":"An included resource to which the primary data refers."},"SelfServiceMtanTokenData":{"required":["number"],"type":"object","properties":{"label":{"type":"string","description":"Optional label of the phone number."},"number":{"type":"string","description":"The phone number with masked digits."},"defaultNumber":{"type":"boolean","description":"Indicates, whether this is the default number."}},"description":"Attributes of this resource."},"SelfServiceMtanTokenDataCollectionDocument":{"type":"object","properties":{"data":{"type":"array","items":{"$ref":"#/components/schemas/SelfServiceMtanTokenDataResourceObject"}},"included":{"uniqueItems":true,"type":"array","description":"To reduce the number of HTTP requests, servers **MAY** allow responses that include related resources along with the requested primary resources. Such responses are called \"compound documents\".","items":{"$ref":"#/components/schemas/ResourceObjectBase"}},"jsonapi":{"$ref":"#/components/schemas/Jsonapi"},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"}}},"SelfServiceMtanTokenDataResourceObject":{"required":["id","type"],"type":"object","properties":{"attributes":{"$ref":"#/components/schemas/SelfServiceMtanTokenData"},"id":{"type":"string","description":"The temporary id of this mTAN token. To be used in the follow-up call to select a token."},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"},"relationships":{"$ref":"#/components/schemas/Relationships"},"type":{"type":"string","description":"Identifies the type of this resource; type and id together make a resource unique.","enum":["self-service.mtan.token"]}},"description":"A collection of included resources to which the primary data refers."},"SelfServiceResendMtanOtpPossibleData":{"required":["otpResendPossible"],"type":"object","properties":{"otpResendPossible":{"type":"boolean","description":"Indicates whether an OTP resend may be requested by the client. An OTP resend is not possible, if the maximum amount of resends has already been exceeded."}},"description":"Attributes of this resource."},"SelfServiceResendMtanOtpPossibleDataResourceDocument":{"type":"object","properties":{"data":{"$ref":"#/components/schemas/SelfServiceResendMtanOtpPossibleDataResourceObject"},"included":{"uniqueItems":true,"type":"array","description":"To reduce the number of HTTP requests, servers **MAY** allow responses that include related resources along with the requested primary resources. Such responses are called \"compound documents\".","items":{"$ref":"#/components/schemas/ResourceObjectBase"}},"jsonapi":{"$ref":"#/components/schemas/Jsonapi"},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"}}},"SelfServiceResendMtanOtpPossibleDataResourceObject":{"required":["id","type"],"type":"object","properties":{"attributes":{"$ref":"#/components/schemas/SelfServiceResendMtanOtpPossibleData"},"id":{"type":"string","description":"Identifies the instance of this resource; type and id together make a resource unique.\nWhile the server always returns a valid ID value, it MAY accept a client-generated ID in a request to create\na resource."},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"},"relationships":{"$ref":"#/components/schemas/Relationships"},"type":{"type":"string","description":"Identifies the type of this resource; type and id together make a resource unique.","enum":["self-service.mtan.otp.resend.information"]}},"description":"An included resource to which the primary data refers."},"MtanTokenEditRequest":{"type":"object","properties":{"number":{"type":"string","description":"The mTAN number to be edited. The number cannot be removed, therefore, a value of <tt>null</tt> is invalid. Remains unchanged if omitted. <p>Depending on the configuration, this might be required, optional or expected to be absent.</p>"},"label":{"type":"string","description":"The mTAN label to be edited. A value of <tt>null</tt> removes the label. Remains unchanged if omitted. <p>Depending on the configuration, this might be required, optional or expected to be absent.</p>","nullable":true}}},"SelfServiceMtanTokenInformationData":{"required":["number"],"type":"object","properties":{"number":{"$ref":"#/components/schemas/SelfServiceMtanTokenNumberData"},"label":{"$ref":"#/components/schemas/SelfServiceMtanTokenLabelData"}},"description":"Attributes of this resource."},"SelfServiceMtanTokenInformationDataResourceDocument":{"type":"object","properties":{"data":{"$ref":"#/components/schemas/SelfServiceMtanTokenInformationDataResourceObject"},"included":{"uniqueItems":true,"type":"array","description":"To reduce the number of HTTP requests, servers **MAY** allow responses that include related resources along with the requested primary resources. Such responses are called \"compound documents\".","items":{"$ref":"#/components/schemas/ResourceObjectBase"}},"jsonapi":{"$ref":"#/components/schemas/Jsonapi"},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"}}},"SelfServiceMtanTokenInformationDataResourceObject":{"required":["id","type"],"type":"object","properties":{"attributes":{"$ref":"#/components/schemas/SelfServiceMtanTokenInformationData"},"id":{"type":"string","description":"Identifies the instance of this resource; type and id together make a resource unique.\nWhile the server always returns a valid ID value, it MAY accept a client-generated ID in a request to create\na resource."},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"},"relationships":{"$ref":"#/components/schemas/Relationships"},"type":{"type":"string","description":"Identifies the type of this resource; type and id together make a resource unique.","enum":["self-service.mtan.token.information"]}},"description":"An included resource to which the primary data refers."},"SelfServiceMtanTokenLabelData":{"required":["required"],"type":"object","properties":{"currentValue":{"type":"string","description":"Holds the current label."},"required":{"type":"boolean","description":"Indicates requirement for this label to be present."}},"description":"Label information."},"SelfServiceMtanTokenNumberData":{"type":"object","properties":{"currentValue":{"type":"string","description":"Holds the current number."}},"description":"Number information."},"SelfServiceMtanNumberData":{"required":["number"],"type":"object","properties":{"label":{"type":"string","description":"Optional label of the phone number."},"number":{"type":"string","description":"The phone number. Might be anonymized."}},"description":"Attributes of this resource."},"SelfServiceMtanNumberDataCollectionDocument":{"type":"object","properties":{"data":{"type":"array","items":{"$ref":"#/components/schemas/SelfServiceMtanNumberDataResourceObject"}},"included":{"uniqueItems":true,"type":"array","description":"To reduce the number of HTTP requests, servers **MAY** allow responses that include related resources along with the requested primary resources. Such responses are called \"compound documents\".","items":{"$ref":"#/components/schemas/ResourceObjectBase"}},"jsonapi":{"$ref":"#/components/schemas/Jsonapi"},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"}}},"SelfServiceMtanNumberDataResourceObject":{"required":["id","type"],"type":"object","properties":{"attributes":{"$ref":"#/components/schemas/SelfServiceMtanNumberData"},"id":{"type":"string","description":"Identifies the instance of this resource; type and id together make a resource unique.\nWhile the server always returns a valid ID value, it MAY accept a client-generated ID in a request to create\na resource."},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"},"relationships":{"$ref":"#/components/schemas/Relationships"},"type":{"type":"string","description":"Identifies the type of this resource; type and id together make a resource unique.","enum":["self-service.mtan.selection.token"]}},"description":"A collection of included resources to which the primary data refers."},"SelfServiceOAuth2AuthorizationUriData":{"type":"object","properties":{"authorizationRequestUri":{"type":"string","description":"URI on the OAuth2.0 Authorization Server the client needs to navigate to in order to complete the self-service flow."}},"description":"Attributes of this resource."},"SelfServiceOAuth2AuthorizationUriDataResourceDocument":{"type":"object","properties":{"data":{"$ref":"#/components/schemas/SelfServiceOAuth2AuthorizationUriDataResourceObject"},"included":{"uniqueItems":true,"type":"array","description":"To reduce the number of HTTP requests, servers **MAY** allow responses that include related resources along with the requested primary resources. Such responses are called \"compound documents\".","items":{"$ref":"#/components/schemas/ResourceObjectBase"}},"jsonapi":{"$ref":"#/components/schemas/Jsonapi"},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"}}},"SelfServiceOAuth2AuthorizationUriDataResourceObject":{"required":["id","type"],"type":"object","properties":{"attributes":{"$ref":"#/components/schemas/SelfServiceOAuth2AuthorizationUriData"},"id":{"type":"string","description":"Identifies the instance of this resource; type and id together make a resource unique.\nWhile the server always returns a valid ID value, it MAY accept a client-generated ID in a request to create\na resource."},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"},"relationships":{"$ref":"#/components/schemas/Relationships"},"type":{"type":"string","description":"Identifies the type of this resource; type and id together make a resource unique.","enum":["self-service.oauth2.client.authorization-request-uri"]}},"description":"An included resource to which the primary data refers."},"OAuth2AuthorizationResponseQueryRequest":{"required":["queryString"],"type":"object","properties":{"queryString":{"type":"string","description":"The query string from the authorization response request."}}},"ConsentData":{"type":"object","properties":{"scope":{"type":"string","description":"The name of the scope that was granted or denied."},"translatedScope":{"type":"string","description":"The translation of the scope. May be null if there is no translation for this scope.","nullable":true},"authorizationServerId":{"type":"string","description":"The ID of the authorization server the consent was granted or denied on."},"clientId":{"type":"string","description":"The ID of the client the consent was granted or denied to."},"status":{"type":"string","description":"The decision of the content, either 'granted' or 'denied'."},"updatedAt":{"type":"string","description":"The date and time the consent decision was stored.","format":"date-time"}},"description":"Attributes of this resource."},"ConsentDataCollectionDocument":{"type":"object","properties":{"data":{"type":"array","items":{"$ref":"#/components/schemas/ConsentDataResourceObject"}},"included":{"uniqueItems":true,"type":"array","description":"To reduce the number of HTTP requests, servers **MAY** allow responses that include related resources along with the requested primary resources. Such responses are called \"compound documents\".","items":{"$ref":"#/components/schemas/ResourceObjectBase"}},"jsonapi":{"$ref":"#/components/schemas/Jsonapi"},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"}}},"ConsentDataResourceObject":{"required":["id","type"],"type":"object","properties":{"attributes":{"$ref":"#/components/schemas/ConsentData"},"id":{"type":"string","description":"Identifies the instance of this resource; type and id together make a resource unique.\nWhile the server always returns a valid ID value, it MAY accept a client-generated ID in a request to create\na resource."},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"},"relationships":{"$ref":"#/components/schemas/Relationships"},"type":{"type":"string","description":"Identifies the type of this resource; type and id together make a resource unique.","enum":["oauth2.consent"]}},"description":"A collection of included resources to which the primary data refers."},"ScopeData":{"required":["scope"],"type":"object","properties":{"scope":{"type":"string","description":"The granted scope (technical name)."},"translatedScope":{"type":"string","description":"A human-readable version of this scope."}}},"SelfServiceOAuth2SessionData":{"required":["clientName","consentTimestamp"],"type":"object","properties":{"consentTimestamp":{"type":"string","description":"The timestamp when the flow ended where the user gave (explicitly or implicitly in case of disabled consent screen) consent to this authorization."},"clientName":{"type":"string","description":"The OAuth 2.0 client name. A locale-specific value is returned if available. If no client name is available, the OAuth 2.0 client identifier is returned."},"scopes":{"type":"array","description":"The list of granted scopes.","items":{"$ref":"#/components/schemas/ScopeData"}}},"description":"Attributes of this resource."},"SelfServiceOAuth2SessionDataCollectionDocument":{"type":"object","properties":{"data":{"type":"array","items":{"$ref":"#/components/schemas/SelfServiceOAuth2SessionDataResourceObject"}},"included":{"uniqueItems":true,"type":"array","description":"To reduce the number of HTTP requests, servers **MAY** allow responses that include related resources along with the requested primary resources. Such responses are called \"compound documents\".","items":{"$ref":"#/components/schemas/ResourceObjectBase"}},"jsonapi":{"$ref":"#/components/schemas/Jsonapi"},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"}}},"SelfServiceOAuth2SessionDataResourceObject":{"required":["id","type"],"type":"object","properties":{"attributes":{"$ref":"#/components/schemas/SelfServiceOAuth2SessionData"},"id":{"type":"string","description":"Identifies the instance of this resource; type and id together make a resource unique.\nWhile the server always returns a valid ID value, it MAY accept a client-generated ID in a request to create\na resource."},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"},"relationships":{"$ref":"#/components/schemas/Relationships"},"type":{"type":"string","description":"Identifies the type of this resource; type and id together make a resource unique.","enum":["self-service.oauth2.session"]}},"description":"A collection of included resources to which the primary data refers."},"PasswordChangeSelfServiceRequest":{"required":["newPassword","oldPassword"],"type":"object","properties":{"oldPassword":{"type":"string","description":"The user's existing password."},"newPassword":{"type":"string","description":"The desired new password."}}},"RememberMeDeviceAccessData":{"required":["accessedAt"],"type":"object","properties":{"accessedAt":{"type":"string","description":"Timestamp of access.","format":"date-time"},"userAgent":{"$ref":"#/components/schemas/RememberMeDeviceUserAgentData"},"ipAddress":{"type":"string","description":"The client's IP address."},"geolocation":{"$ref":"#/components/schemas/RememberMeGeolocationData"}},"description":"Contains data about the latest access."},"RememberMeDeviceUserAgentData":{"required":["identifier"],"type":"object","properties":{"identifier":{"type":"string","description":"The identifier of the user agent."},"displayName":{"type":"string","description":"The display name of the user agent."}},"description":"Information about the user agent."},"RememberMeGeolocationData":{"type":"object","properties":{"continent":{"type":"string"},"country":{"type":"string"},"city":{"type":"string"},"latitude":{"type":"string"},"longitude":{"type":"string"}},"description":"Geolocation information of this access."},"SelfServiceRememberMeDeviceData":{"required":["initialAccess"],"type":"object","properties":{"currentDevice":{"type":"boolean","description":"Whether this device is the currently used device."},"initialAccess":{"$ref":"#/components/schemas/RememberMeDeviceAccessData"},"latestAccess":{"$ref":"#/components/schemas/RememberMeDeviceAccessData"}},"description":"Attributes of this resource."},"SelfServiceRememberMeDeviceDataCollectionDocument":{"type":"object","properties":{"data":{"type":"array","items":{"$ref":"#/components/schemas/SelfServiceRememberMeDeviceDataResourceObject"}},"included":{"uniqueItems":true,"type":"array","description":"To reduce the number of HTTP requests, servers **MAY** allow responses that include related resources along with the requested primary resources. Such responses are called \"compound documents\".","items":{"$ref":"#/components/schemas/ResourceObjectBase"}},"jsonapi":{"$ref":"#/components/schemas/Jsonapi"},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"}}},"SelfServiceRememberMeDeviceDataResourceObject":{"required":["id","type"],"type":"object","properties":{"attributes":{"$ref":"#/components/schemas/SelfServiceRememberMeDeviceData"},"id":{"type":"string","description":"Identifies the instance of this resource; type and id together make a resource unique.\nWhile the server always returns a valid ID value, it MAY accept a client-generated ID in a request to create\na resource."},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"},"relationships":{"$ref":"#/components/schemas/Relationships"},"type":{"type":"string","description":"Identifies the type of this resource; type and id together make a resource unique.","enum":["self-service.remember-me.device"]}},"description":"A collection of included resources to which the primary data refers."},"SelfServiceDynamicStepActivationData":{"type":"object","properties":{"activatable":{"type":"boolean","description":"Whether this step is activatable from the current step."},"deactivatable":{"type":"boolean","description":"Whether this step is deactivatable from the current step."},"activated":{"type":"boolean","description":"Whether this step is currently activated."}},"description":"Attributes of this resource."},"SelfServiceDynamicStepActivationDataCollectionDocument":{"type":"object","properties":{"data":{"type":"array","items":{"$ref":"#/components/schemas/SelfServiceDynamicStepActivationDataResourceObject"}},"included":{"uniqueItems":true,"type":"array","description":"To reduce the number of HTTP requests, servers **MAY** allow responses that include related resources along with the requested primary resources. Such responses are called \"compound documents\".","items":{"$ref":"#/components/schemas/ResourceObjectBase"}},"jsonapi":{"$ref":"#/components/schemas/Jsonapi"},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"}}},"SelfServiceDynamicStepActivationDataResourceObject":{"required":["id","type"],"type":"object","properties":{"attributes":{"$ref":"#/components/schemas/SelfServiceDynamicStepActivationData"},"id":{"type":"string","description":"The target step ID."},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"},"relationships":{"$ref":"#/components/schemas/Relationships"},"type":{"type":"string","description":"Identifies the type of this resource; type and id together make a resource unique.","enum":["self-service.dynamic-step"]}},"description":"A collection of included resources to which the primary data refers."},"SelfServiceFidoApprovalChallengeData":{"required":["publicKeyCredentialRequestOptions"],"type":"object","properties":{"publicKeyCredentialRequestOptions":{"$ref":"#/components/schemas/FidoPublicKeyCredentialRequestOptionsData"}},"description":"Attributes of this resource."},"SelfServiceFidoApprovalChallengeDataResourceDocument":{"type":"object","properties":{"data":{"$ref":"#/components/schemas/SelfServiceFidoApprovalChallengeDataResourceObject"},"included":{"uniqueItems":true,"type":"array","description":"To reduce the number of HTTP requests, servers **MAY** allow responses that include related resources along with the requested primary resources. Such responses are called \"compound documents\".","items":{"$ref":"#/components/schemas/ResourceObjectBase"}},"jsonapi":{"$ref":"#/components/schemas/Jsonapi"},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"}}},"SelfServiceFidoApprovalChallengeDataResourceObject":{"required":["id","type"],"type":"object","properties":{"attributes":{"$ref":"#/components/schemas/SelfServiceFidoApprovalChallengeData"},"id":{"type":"string","description":"Self-service session identifier"},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"},"relationships":{"$ref":"#/components/schemas/Relationships"},"type":{"type":"string","description":"Identifies the type of this resource; type and id together make a resource unique.","enum":["self-service.fido.challenge"]}},"description":"An included resource to which the primary data refers."},"SelfServiceFlowInformationData":{"type":"object","properties":{"accessible":{"type":"boolean","description":"Whether the access condition for this flow is fulfilled. No immediate action is possible if the condition is not fulfilled."},"authorized":{"type":"boolean","description":"Whether the user authorization condition for this flow is fulfilled. Authorization can be obtained through additional authentication (step-up)."}},"description":"Attributes of this resource."},"SelfServiceFlowInformationDataCollectionDocument":{"type":"object","properties":{"data":{"type":"array","items":{"$ref":"#/components/schemas/SelfServiceFlowInformationDataResourceObject"}},"included":{"uniqueItems":true,"type":"array","description":"To reduce the number of HTTP requests, servers **MAY** allow responses that include related resources along with the requested primary resources. Such responses are called \"compound documents\".","items":{"$ref":"#/components/schemas/ResourceObjectBase"}},"jsonapi":{"$ref":"#/components/schemas/Jsonapi"},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"}}},"SelfServiceFlowInformationDataResourceObject":{"required":["id","type"],"type":"object","properties":{"attributes":{"$ref":"#/components/schemas/SelfServiceFlowInformationData"},"id":{"type":"string","description":"Flow ID"},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"},"relationships":{"$ref":"#/components/schemas/Relationships"},"type":{"type":"string","description":"Identifies the type of this resource; type and id together make a resource unique.","enum":["self-service.flow"]}},"description":"A collection of included resources to which the primary data refers."},"SelfServiceGotoTargetAttributesData":{"type":"object","properties":{"treatedAsFailure":{"type":"boolean","description":"Whether an interactive goto to this target is treated as a failure (e.g. failed attempt counters are increased if applicable)."}},"description":"Attributes of this resource."},"SelfServiceGotoTargetAttributesDataCollectionDocument":{"type":"object","properties":{"data":{"type":"array","items":{"$ref":"#/components/schemas/SelfServiceGotoTargetAttributesDataResourceObject"}},"included":{"uniqueItems":true,"type":"array","description":"To reduce the number of HTTP requests, servers **MAY** allow responses that include related resources along with the requested primary resources. Such responses are called \"compound documents\".","items":{"$ref":"#/components/schemas/ResourceObjectBase"}},"jsonapi":{"$ref":"#/components/schemas/Jsonapi"},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"}}},"SelfServiceGotoTargetAttributesDataResourceObject":{"required":["id","type"],"type":"object","properties":{"attributes":{"$ref":"#/components/schemas/SelfServiceGotoTargetAttributesData"},"id":{"type":"string","description":"The step ID."},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"},"relationships":{"$ref":"#/components/schemas/Relationships"},"type":{"type":"string","description":"Identifies the type of this resource; type and id together make a resource unique.","enum":["self-service.goto-target"]}},"description":"A collection of included resources to which the primary data refers."},"SelfServiceSelectionOptionData":{"type":"object","properties":{"lastSelected":{"type":"boolean","description":"Flag indicating whether this selection was last selected. This flag is only sent if true."}},"description":"Attributes of this resource."},"SelfServiceSelectionOptionDataCollectionDocument":{"type":"object","properties":{"data":{"type":"array","items":{"$ref":"#/components/schemas/SelfServiceSelectionOptionDataResourceObject"}},"included":{"uniqueItems":true,"type":"array","description":"To reduce the number of HTTP requests, servers **MAY** allow responses that include related resources along with the requested primary resources. Such responses are called \"compound documents\".","items":{"$ref":"#/components/schemas/ResourceObjectBase"}},"jsonapi":{"$ref":"#/components/schemas/Jsonapi"},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"}}},"SelfServiceSelectionOptionDataResourceObject":{"required":["id","type"],"type":"object","properties":{"attributes":{"$ref":"#/components/schemas/SelfServiceSelectionOptionData"},"id":{"type":"string","description":"The identifier of this option."},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"},"relationships":{"$ref":"#/components/schemas/Relationships"},"type":{"type":"string","description":"Identifies the type of this resource; type and id together make a resource unique.","enum":["self-service.selection.option"]}},"description":"A collection of included resources to which the primary data refers."},"SelfServiceMatrixChallengeData":{"required":["challenges"],"type":"object","properties":{"listId":{"type":"string","description":"The ID of the list being used (if available)."},"challenges":{"type":"array","description":"The challenge(s) containing the matrix coordinates or indexes.","items":{"type":"string"}}},"description":"Attributes of this resource."},"SelfServiceMatrixChallengeDataResourceDocument":{"type":"object","properties":{"data":{"$ref":"#/components/schemas/SelfServiceMatrixChallengeDataResourceObject"},"included":{"uniqueItems":true,"type":"array","description":"To reduce the number of HTTP requests, servers **MAY** allow responses that include related resources along with the requested primary resources. Such responses are called \"compound documents\".","items":{"$ref":"#/components/schemas/ResourceObjectBase"}},"jsonapi":{"$ref":"#/components/schemas/Jsonapi"},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"}}},"SelfServiceMatrixChallengeDataResourceObject":{"required":["id","type"],"type":"object","properties":{"attributes":{"$ref":"#/components/schemas/SelfServiceMatrixChallengeData"},"id":{"type":"string","description":"Identifies the instance of this resource; type and id together make a resource unique.\nWhile the server always returns a valid ID value, it MAY accept a client-generated ID in a request to create\na resource."},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"},"relationships":{"$ref":"#/components/schemas/Relationships"},"type":{"type":"string","description":"Identifies the type of this resource; type and id together make a resource unique.","enum":["self-service.matrix.challenge"]}},"description":"An included resource to which the primary data refers."},"CheckIakRequest":{"required":["iak"],"type":"object","properties":{"iak":{"type":"string","description":"The IAK to be verified."}}},"MtanTokenRegistrationRequest":{"required":["number"],"type":"object","properties":{"number":{"type":"string","description":"The mTAN number to be registered."},"label":{"type":"string","description":"The mTAN label to be edited. Depending on the configuration, this might be required, optional or expected to be absent."}}},"OnCompletedSelfServiceData":{"type":"object","properties":{"showConfirmationPage":{"type":"boolean","description":"Whether the confirmation page should be shown."},"targetUri":{"type":"string","description":"Target URI after completed self-service flow."},"uiTenantId":{"type":"string","description":"Tenant ID for the UI."}},"description":"Attributes of this resource."},"OnCompletedSelfServiceDataResourceDocument":{"type":"object","properties":{"data":{"$ref":"#/components/schemas/OnCompletedSelfServiceDataResourceObject"},"included":{"uniqueItems":true,"type":"array","description":"To reduce the number of HTTP requests, servers **MAY** allow responses that include related resources along with the requested primary resources. Such responses are called \"compound documents\".","items":{"$ref":"#/components/schemas/ResourceObjectBase"}},"jsonapi":{"$ref":"#/components/schemas/Jsonapi"},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"}}},"OnCompletedSelfServiceDataResourceObject":{"required":["id","type"],"type":"object","properties":{"attributes":{"$ref":"#/components/schemas/OnCompletedSelfServiceData"},"id":{"type":"string","description":"Identifies the instance of this resource; type and id together make a resource unique.\nWhile the server always returns a valid ID value, it MAY accept a client-generated ID in a request to create\na resource."},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"},"relationships":{"$ref":"#/components/schemas/Relationships"},"type":{"type":"string","description":"Identifies the type of this resource; type and id together make a resource unique.","enum":["ui.self-service.on-completed"]}},"description":"An included resource to which the primary data refers."},"OnFailureSelfServiceData":{"type":"object","properties":{"targetUri":{"type":"string"}},"description":"Attributes of this resource."},"OnFailureSelfServiceDataResourceDocument":{"type":"object","properties":{"data":{"$ref":"#/components/schemas/OnFailureSelfServiceDataResourceObject"},"included":{"uniqueItems":true,"type":"array","description":"To reduce the number of HTTP requests, servers **MAY** allow responses that include related resources along with the requested primary resources. Such responses are called \"compound documents\".","items":{"$ref":"#/components/schemas/ResourceObjectBase"}},"jsonapi":{"$ref":"#/components/schemas/Jsonapi"},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"}}},"OnFailureSelfServiceDataResourceObject":{"required":["id","type"],"type":"object","properties":{"attributes":{"$ref":"#/components/schemas/OnFailureSelfServiceData"},"id":{"type":"string","description":"Identifies the instance of this resource; type and id together make a resource unique.\nWhile the server always returns a valid ID value, it MAY accept a client-generated ID in a request to create\na resource."},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"},"relationships":{"$ref":"#/components/schemas/Relationships"},"type":{"type":"string","description":"Identifies the type of this resource; type and id together make a resource unique.","enum":["ui.self-service.on-failure"]}},"description":"An included resource to which the primary data refers."},"AccountlinkManagementUiConfigData":{"type":"object","properties":{"flowToLinkAccount":{"type":"string"},"flowToUnlinkAccount":{"type":"string"},"pageExitTarget":{"type":"string"},"providersToConfirmBeforeLinking":{"type":"array","items":{"type":"string"}},"uiTenantId":{"type":"string"}}},"Airlock2FADeviceManagementUiConfigData":{"type":"object","properties":{"flowToDeleteDevice":{"type":"string"},"flowToChangeDisplayName":{"type":"string"},"flowToActivateAppDevice":{"type":"string"},"canUserDeleteAllDevices":{"type":"boolean"},"pageExitTarget":{"type":"string"},"uiTenantId":{"type":"string"}}},"ApplicationPortalUiData":{"type":"object","properties":{"portalGroups":{"type":"array","items":{"$ref":"#/components/schemas/PortalGroupData"}},"autoForward":{"type":"boolean"},"uiTenantId":{"type":"string"}}},"PortalGroupData":{"type":"object","properties":{"identifier":{"type":"string"},"portalTargets":{"type":"array","items":{"$ref":"#/components/schemas/PortalTargetData"}}}},"PortalTargetData":{"type":"object","properties":{"identifier":{"type":"string"},"openInNewTab":{"type":"boolean"},"redirectByAccess":{"type":"boolean"},"redirectTarget":{"type":"string"}}},"CrontoDeviceManagementUiConfigData":{"type":"object","properties":{"flowToActivateDevice":{"type":"string"},"flowToOrderActivationLetter":{"type":"string"},"flowToDeleteDevice":{"type":"string"},"flowToRenameDevice":{"type":"string"},"flowToEnableDevice":{"type":"string"},"flowToDisableDevice":{"type":"string"},"flowToEnablePush":{"type":"string"},"flowToDisablePush":{"type":"string"},"pageExitTarget":{"type":"string"},"uiTenantId":{"type":"string"}}},"DeviceTokenManagementUiConfigData":{"type":"object","properties":{"pageExitTarget":{"type":"string"},"uiTenantId":{"type":"string"}}},"FidoCredentialManagementUiConfigData":{"type":"object","properties":{"flowToRegisterCredential":{"type":"string"},"flowToChangeDisplayName":{"type":"string"},"flowToDeleteCredential":{"type":"string"},"flowToDisableCredential":{"type":"string"},"flowToEnableCredential":{"type":"string"},"pageExitTarget":{"type":"string"},"uiTenantId":{"type":"string"}}},"MtanNumberManagementUiConfigData":{"type":"object","properties":{"flowToDeleteNumber":{"type":"string"},"flowToEditNumber":{"type":"string"},"flowToRegisterNumber":{"type":"string"},"pageExitTarget":{"type":"string"},"uiTenantId":{"type":"string"}}},"OAuth2ConsentManagementUiConfigData":{"type":"object","properties":{"flowToGrantAConsent":{"type":"string"},"flowToDenyAConsent":{"type":"string"},"flowToDeleteConsentsByClient":{"type":"string"},"pageExitTarget":{"type":"string"},"uiTenantId":{"type":"string"}}},"OAuth2SessionManagementUiConfigData":{"type":"object","properties":{"flowToDeleteSession":{"type":"string"},"pageExitTarget":{"type":"string"},"uiTenantId":{"type":"string"}}},"RememberMeDeviceManagementUiConfigData":{"type":"object","properties":{"flowToDeleteDevice":{"type":"string"},"pageExitTarget":{"type":"string"},"uiTenantId":{"type":"string"}}},"UserRepresentationUiConfigData":{"type":"object","properties":{"flowToStartRepresentation":{"type":"string"},"flowToStopRepresentation":{"type":"string"},"representeeParameterName":{"type":"string"},"targetLocationParameterName":{"type":"string"},"uiTenantId":{"type":"string"}}},"StartUserRepresentationRequest":{"required":["representeeName","targetLocation"],"type":"object","properties":{"representeeName":{"minLength":1,"type":"string","description":"An identifier of the user to be represented. Either a technical identifier or an alias if username transformation is configured on the representee IAM."},"targetLocation":{"minLength":1,"type":"string","description":"The target location the representer will be redirected to."}}},"UserDataEditItemInfoResponseAttributesData":{"type":"object","properties":{"currentValue":{"type":"object","description":"Current value of this item in the data edit step. If this item was not edited, the value returned corresponds to the persisted value. Maybe absent if no value is defined or is not yet available.","oneOf":[{"type":"object"},{"type":"string"},{"type":"number"},{"type":"boolean"},{"type":"integer","format":"int64"}]},"required":{"type":"boolean","description":"Whether a value for the item has to be edit in the current data edit step. May be absent for custom data items."},"itemType":{"type":"string","description":"The type of the item. May be absent for custom data items."},"inputPurpose":{"type":"string","description":"The input purpose to be rendered in the HTML attribute \"autocomplete\"."},"additionalValidations":{"type":"array","description":"Known additional validations that will be performed on the item. May be absent. Further validations may apply.","items":{"$ref":"#/components/schemas/UserDataItemValidationDataOverride"}}},"description":"Attributes of this resource."},"UserDataEditItemInfoResponseAttributesDataCollectionDocument":{"type":"object","properties":{"data":{"type":"array","items":{"$ref":"#/components/schemas/UserDataEditItemInfoResponseAttributesDataResourceObject"}},"included":{"uniqueItems":true,"type":"array","description":"To reduce the number of HTTP requests, servers **MAY** allow responses that include related resources along with the requested primary resources. Such responses are called \"compound documents\".","items":{"$ref":"#/components/schemas/ResourceObjectBase"}},"jsonapi":{"$ref":"#/components/schemas/Jsonapi"},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"}}},"UserDataEditItemInfoResponseAttributesDataResourceObject":{"required":["id","type"],"type":"object","properties":{"attributes":{"$ref":"#/components/schemas/UserDataEditItemInfoResponseAttributesData"},"id":{"type":"string","description":"The configured context data name"},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"},"relationships":{"$ref":"#/components/schemas/Relationships"},"type":{"type":"string","description":"Identifies the type of this resource; type and id together make a resource unique.","enum":["self-service.data-edit-item-info"]}},"description":"A collection of included resources to which the primary data refers."},"UserSelfRegFlowResultDataOverride":{"type":"object","properties":{"nextStep":{"type":"string","description":"Expected next step. See <a href=\"#nextSelfRegStepCodes\">table</a> for corresponding endpoints."}},"additionalProperties":{"nullable":true}},"UserDataRegistrationRequestOverride":{"type":"object","additionalProperties":{"nullable":true},"description":"The data elements to be registered"},"UserSelfRegItemValidationDataOverride":{"required":["type"],"type":"object","properties":{"type":{"type":"string","description":"The type of validation."}},"additionalProperties":{"nullable":true}},"UserSelfRegFlowResultDataResourceDocument":{"type":"object","properties":{"data":{"$ref":"#/components/schemas/UserSelfRegFlowResultDataResourceObject"},"included":{"uniqueItems":true,"type":"array","description":"To reduce the number of HTTP requests, servers **MAY** allow responses that include related resources along with the requested primary resources. Such responses are called \"compound documents\".","items":{"$ref":"#/components/schemas/ResourceObjectBase"}},"jsonapi":{"$ref":"#/components/schemas/Jsonapi"},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"}}},"UserSelfRegFlowResultDataResourceObject":{"required":["id","type"],"type":"object","properties":{"attributes":{"$ref":"#/components/schemas/UserSelfRegFlowResultDataOverride"},"id":{"type":"string","description":"User self-registration session identifier"},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"},"relationships":{"$ref":"#/components/schemas/Relationships"},"type":{"type":"string","description":"Identifies the type of this resource; type and id together make a resource unique.","enum":["user-self-registration.session"]}},"description":"An included resource to which the primary data refers."},"Airlock2FAActivationChallengeData":{"required":["activationQrCode","appDeviceActivationUrl"],"type":"object","properties":{"appDeviceActivationUrl":{"type":"string","description":"The URL to trigger the activation on the Airlock 2FA app device."},"activationQrCode":{"type":"string","description":"The base64 encoded PNG representing the QR code needed to activate the device."}},"description":"Attributes of this resource."},"Airlock2FAActivationChallengeDataResourceDocument":{"type":"object","properties":{"data":{"$ref":"#/components/schemas/Airlock2FAActivationChallengeDataResourceObject"},"included":{"uniqueItems":true,"type":"array","description":"To reduce the number of HTTP requests, servers **MAY** allow responses that include related resources along with the requested primary resources. Such responses are called \"compound documents\".","items":{"$ref":"#/components/schemas/ResourceObjectBase"}},"jsonapi":{"$ref":"#/components/schemas/Jsonapi"},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"}}},"Airlock2FAActivationChallengeDataResourceObject":{"required":["id","type"],"type":"object","properties":{"attributes":{"$ref":"#/components/schemas/Airlock2FAActivationChallengeData"},"id":{"type":"string","description":"Identifies the instance of this resource; type and id together make a resource unique.\nWhile the server always returns a valid ID value, it MAY accept a client-generated ID in a request to create\na resource."},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"},"relationships":{"$ref":"#/components/schemas/Relationships"},"type":{"type":"string","description":"Identifies the type of this resource; type and id together make a resource unique.","enum":["user-self-registration.airlock-2fa.activation.challenge"]}},"description":"An included resource to which the primary data refers."},"UserSelfRegRegistrableItemInfoResponseAttributesData":{"type":"object","properties":{"required":{"type":"boolean","description":"Whether a value for the item has to be registered in the current data registration step. May be absent for custom data items."},"itemType":{"type":"string","description":"The type of the item. May be absent for custom data items."},"inputPurpose":{"type":"string","description":"The input purpose to be rendered in the HTML attribute \"autocomplete\"."},"additionalValidations":{"type":"array","description":"Known additional validations that will be performed on the item. May be absent. Further validations may apply.","items":{"$ref":"#/components/schemas/UserSelfRegItemValidationDataOverride"}},"allowedValues":{"type":"array","description":"The optional list of allowed values the user can choose from.","items":{"type":"string"}}},"description":"Attributes of this resource."},"UserSelfRegRegistrableItemInfoResponseAttributesDataCollectionDocument":{"type":"object","properties":{"data":{"type":"array","items":{"$ref":"#/components/schemas/UserSelfRegRegistrableItemInfoResponseAttributesDataResourceObject"}},"included":{"uniqueItems":true,"type":"array","description":"To reduce the number of HTTP requests, servers **MAY** allow responses that include related resources along with the requested primary resources. Such responses are called \"compound documents\".","items":{"$ref":"#/components/schemas/ResourceObjectBase"}},"jsonapi":{"$ref":"#/components/schemas/Jsonapi"},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"}}},"UserSelfRegRegistrableItemInfoResponseAttributesDataResourceObject":{"required":["id","type"],"type":"object","properties":{"attributes":{"$ref":"#/components/schemas/UserSelfRegRegistrableItemInfoResponseAttributesData"},"id":{"type":"string","description":"The configured context data name"},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"},"relationships":{"$ref":"#/components/schemas/Relationships"},"type":{"type":"string","description":"Identifies the type of this resource; type and id together make a resource unique.","enum":["user-self-registration.item-info"]}},"description":"A collection of included resources to which the primary data refers."},"UserSelfRegDynamicStepActivationData":{"type":"object","properties":{"activatable":{"type":"boolean","description":"Whether this step is activatable from the current step."},"deactivatable":{"type":"boolean","description":"Whether this step is deactivatable from the current step."},"activated":{"type":"boolean","description":"Whether this step is currently activated."}},"description":"Attributes of this resource."},"UserSelfRegDynamicStepActivationDataCollectionDocument":{"type":"object","properties":{"data":{"type":"array","items":{"$ref":"#/components/schemas/UserSelfRegDynamicStepActivationDataResourceObject"}},"included":{"uniqueItems":true,"type":"array","description":"To reduce the number of HTTP requests, servers **MAY** allow responses that include related resources along with the requested primary resources. Such responses are called \"compound documents\".","items":{"$ref":"#/components/schemas/ResourceObjectBase"}},"jsonapi":{"$ref":"#/components/schemas/Jsonapi"},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"}}},"UserSelfRegDynamicStepActivationDataResourceObject":{"required":["id","type"],"type":"object","properties":{"attributes":{"$ref":"#/components/schemas/UserSelfRegDynamicStepActivationData"},"id":{"type":"string","description":"The target step ID."},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"},"relationships":{"$ref":"#/components/schemas/Relationships"},"type":{"type":"string","description":"Identifies the type of this resource; type and id together make a resource unique.","enum":["user-self-registration.dynamic-step"]}},"description":"A collection of included resources to which the primary data refers."},"UserSelfRegGotoTargetAttributesData":{"type":"object","properties":{"treatedAsFailure":{"type":"boolean","description":"Whether an interactive goto to this target is treated as a failure (e.g. failed attempt counters are increased if applicable)."}},"description":"Attributes of this resource."},"UserSelfRegGotoTargetAttributesDataCollectionDocument":{"type":"object","properties":{"data":{"type":"array","items":{"$ref":"#/components/schemas/UserSelfRegGotoTargetAttributesDataResourceObject"}},"included":{"uniqueItems":true,"type":"array","description":"To reduce the number of HTTP requests, servers **MAY** allow responses that include related resources along with the requested primary resources. Such responses are called \"compound documents\".","items":{"$ref":"#/components/schemas/ResourceObjectBase"}},"jsonapi":{"$ref":"#/components/schemas/Jsonapi"},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"}}},"UserSelfRegGotoTargetAttributesDataResourceObject":{"required":["id","type"],"type":"object","properties":{"attributes":{"$ref":"#/components/schemas/UserSelfRegGotoTargetAttributesData"},"id":{"type":"string","description":"The step ID."},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"},"relationships":{"$ref":"#/components/schemas/Relationships"},"type":{"type":"string","description":"Identifies the type of this resource; type and id together make a resource unique.","enum":["user-self-registration.goto-target"]}},"description":"A collection of included resources to which the primary data refers."},"SelfRegSelectionOptionData":{"type":"object","description":"Attributes of this resource."},"SelfRegSelectionOptionDataCollectionDocument":{"type":"object","properties":{"data":{"type":"array","items":{"$ref":"#/components/schemas/SelfRegSelectionOptionDataResourceObject"}},"included":{"uniqueItems":true,"type":"array","description":"To reduce the number of HTTP requests, servers **MAY** allow responses that include related resources along with the requested primary resources. Such responses are called \"compound documents\".","items":{"$ref":"#/components/schemas/ResourceObjectBase"}},"jsonapi":{"$ref":"#/components/schemas/Jsonapi"},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"}}},"SelfRegSelectionOptionDataResourceObject":{"required":["id","type"],"type":"object","properties":{"attributes":{"$ref":"#/components/schemas/SelfRegSelectionOptionData"},"id":{"type":"string","description":"The identifier of this option."},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"},"relationships":{"$ref":"#/components/schemas/Relationships"},"type":{"type":"string","description":"Identifies the type of this resource; type and id together make a resource unique.","enum":["user-self-registration.selection.option"]}},"description":"A collection of included resources to which the primary data refers."},"UserSelfRegTermsOfServiceResultData":{"required":["disclaimerText"],"type":"object","properties":{"disclaimerText":{"type":"string","description":"The full terms of service text translated into the requested language."}},"description":"Attributes of this resource."},"UserSelfRegTermsOfServiceResultDataCollectionDocument":{"type":"object","properties":{"data":{"type":"array","items":{"$ref":"#/components/schemas/UserSelfRegTermsOfServiceResultDataResourceObject"}},"included":{"uniqueItems":true,"type":"array","description":"To reduce the number of HTTP requests, servers **MAY** allow responses that include related resources along with the requested primary resources. Such responses are called \"compound documents\".","items":{"$ref":"#/components/schemas/ResourceObjectBase"}},"jsonapi":{"$ref":"#/components/schemas/Jsonapi"},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"}}},"UserSelfRegTermsOfServiceResultDataResourceObject":{"required":["id","type"],"type":"object","properties":{"attributes":{"$ref":"#/components/schemas/UserSelfRegTermsOfServiceResultData"},"id":{"type":"string","description":"Tag ID that identifies this terms of service instance"},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"},"relationships":{"$ref":"#/components/schemas/Relationships"},"type":{"type":"string","description":"Identifies the type of this resource; type and id together make a resource unique.","enum":["user-self-registration.terms-of-service"]}},"description":"A collection of included resources to which the primary data refers."},"FlowIdData":{"type":"object","properties":{"flowId":{"type":"string","description":"The flow ID."}}},"OpenIdConnectUserInfoResponseDataOverride":{"type":"object","properties":{"sub":{"type":"string","description":"Identifier for the End-User at the Issuer."},"name":{"type":"string","description":"End-User's full name in displayable form."},"given_name":{"type":"string","description":"Given name(s) or first name(s) of the End-User."},"family_name":{"type":"string","description":"Surname(s) or last name(s) of the End-User."},"email":{"type":"string","description":"End-User's preferred email address."},"birthdate":{"type":"string","description":"End-User's birthday, represented as an ISO 8601:2004 YYYY-MM-DD format."},"phone_number":{"type":"string","description":"End-User's preferred telephone number."}},"additionalProperties":{"nullable":true},"description":"The user info."},"OAuth2DiscoveryAndMetadataResponseOverride":{"type":"object","properties":{"issuer":{"type":"string","description":"URL using the https scheme with no query or fragment component that the OP asserts as its Issuer Identifier."},"authorization_endpoint":{"type":"string","description":"URL of the OP's OAuth 2.0 Authorization Endpoint."},"token_endpoint":{"type":"string","description":"URL of the OP's OAuth 2.0 Token Endpoint"},"jwks_uri":{"type":"string","description":"URL of the OP's JSON Web Key Set document."},"registration_endpoint":{"type":"string","description":"URL of the OP's Dynamic Client Registration Endpoint."},"scopes_supported":{"type":"array","description":"List of the OAuth 2.0 scope values that this server supports.","items":{"type":"string"}},"response_types_supported":{"type":"array","description":"List of the OAuth 2.0 response_type values that this OP supports.","items":{"type":"string"}},"response_modes_supported":{"type":"array","description":"List of the OAuth 2.0 response_mode values that this OP supports.","items":{"type":"string"}},"grant_types_supported":{"type":"array","description":"List of the OAuth 2.0 Grant Type values that this OP supports.","items":{"type":"string"}},"acr_values_supported":{"type":"array","description":"List of the Authentication Context Class References that this OP supports.","items":{"type":"string"}},"subject_types_supported":{"type":"array","description":"List of the Subject Identifier types that this OP supports.","items":{"type":"string"}},"id_token_signing_alg_values_supported":{"type":"array","description":"List of the JWS signing algorithms supported by the OP for the ID Token to encode the Claims in a JWT.","items":{"type":"string"}},"token_endpoint_auth_methods_supported":{"type":"array","description":"List of Client Authentication methods supported by this Token Endpoint.","items":{"type":"string"}},"claim_types_supported":{"type":"array","description":"List of the Claim Types that the OpenID Provider supports.","items":{"type":"string"}},"claims_supported":{"type":"array","description":"List of the Claim Names of the Claims that the OpenID Provider may be able to supply values for.","items":{"type":"string"}},"ui_locales_supported":{"type":"array","description":"Languages and scripts supported for the user interface, represented as a JSON array of BCP47 [RFC5646] language tag values.","items":{"type":"string"}},"request_uri_parameter_supported":{"type":"boolean","description":"Value specifying whether the OP supports use of the request_uri parameter, with true indicating support - If omitted, the default value is true."},"backchannel_logout_supported":{"type":"boolean","description":"Value specifying whether the OP supports back-channel logout, with true indicating support - If omitted, the default value is false."},"backchannel_logout_session_supported":{"type":"boolean","description":"Value specifying whether the OP can pass a sid (session ID) Claim in the Logout Token to identify the RP session with the OP. If supported, the sid Claim is also included in ID Tokens issued by the OP - If omitted, the default value is false."}},"additionalProperties":{"nullable":true},"description":"The response is a set of claims about the authorization server's configuration according to RFC 8414."},"OAuth2ResourceEndpointResponseDataOverride":{"type":"object","additionalProperties":{"nullable":true}},"OAuth2CustomAttributesDataOverride":{"type":"object","additionalProperties":{"nullable":true},"description":"All custom attributes of an OAuth 2.0 session."},"OAuth2SessionUpdateRequestOverride":{"type":"object","additionalProperties":{"nullable":true},"description":"Attributes of an OAuth 2.0 session to be updated."},"OAuth2ErrorResponse":{"required":["error"],"type":"object","properties":{"error":{"type":"string","description":"A single ASCII error code."},"error_description":{"type":"string","description":"Human-readable ASCII text providing additional information, used to assist the client developer in understanding the error that occurred."},"error_uri":{"type":"string","description":"A URI identifying a human-readable web page with information about the error, used to provide the client developer with additional information about the error."}},"description":"An OAuth2 error response"},"OAuth2SessionData":{"type":"object","properties":{"customAttributes":{"type":"object","additionalProperties":{"type":"string","description":"All custom attributes of an OAuth 2.0 session."},"description":"All custom attributes of an OAuth 2.0 session."},"clientId":{"type":"string","description":"The OAuth 2.0 client ID."},"consentTimestamp":{"type":"string","description":"The timestamp of the end of the flow where the user gave (explicitly or implicitly in case of disabled consent screen) their consent to this authorization.","format":"date-time"},"authenticationTimestamp":{"type":"string","description":"Please use the value of 'consentTimestamp' instead (which holds the same timestamp). This parameter will be removed with IAM 9.0.The timestamp of the end of the flow where the user gave (explicitly or implicitly in case of disabled consent screen) their consent to this authorization.","format":"date-time","deprecated":true}},"description":"Attributes of this resource."},"OAuth2SessionDataResourceDocument":{"type":"object","properties":{"data":{"$ref":"#/components/schemas/OAuth2SessionDataResourceObject"},"included":{"uniqueItems":true,"type":"array","description":"To reduce the number of HTTP requests, servers **MAY** allow responses that include related resources along with the requested primary resources. Such responses are called \"compound documents\".","items":{"$ref":"#/components/schemas/ResourceObjectBase"}},"jsonapi":{"$ref":"#/components/schemas/Jsonapi"},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"}}},"OAuth2SessionDataResourceObject":{"required":["id","type"],"type":"object","properties":{"attributes":{"$ref":"#/components/schemas/OAuth2SessionData"},"id":{"type":"string","description":"Identifies the instance of this resource; type and id together make a resource unique.\nWhile the server always returns a valid ID value, it MAY accept a client-generated ID in a request to create\na resource."},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"},"relationships":{"$ref":"#/components/schemas/Relationships"},"type":{"type":"string","description":"Identifies the type of this resource; type and id together make a resource unique.","enum":["oauth2-session"]}},"description":"A collection of included resources to which the primary data refers."},"OAuth2CustomAttributesDataResourceDocument":{"type":"object","properties":{"data":{"$ref":"#/components/schemas/OAuth2CustomAttributesDataResourceObject"},"included":{"uniqueItems":true,"type":"array","description":"To reduce the number of HTTP requests, servers **MAY** allow responses that include related resources along with the requested primary resources. Such responses are called \"compound documents\".","items":{"$ref":"#/components/schemas/ResourceObjectBase"}},"jsonapi":{"$ref":"#/components/schemas/Jsonapi"},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"}}},"OAuth2CustomAttributesDataResourceObject":{"required":["id","type"],"type":"object","properties":{"attributes":{"$ref":"#/components/schemas/OAuth2CustomAttributesDataOverride"},"id":{"type":"string","description":"Identifies the instance of this resource; type and id together make a resource unique.\nWhile the server always returns a valid ID value, it MAY accept a client-generated ID in a request to create\na resource."},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"},"relationships":{"$ref":"#/components/schemas/Relationships"},"type":{"type":"string","description":"Identifies the type of this resource; type and id together make a resource unique.","enum":["oauth2-session-custom-attributes"]}},"description":"An included resource to which the primary data refers."},"RequestDocumentOAuth2SessionUpdateRequest":{"required":["data"],"type":"object","properties":{"data":{"$ref":"#/components/schemas/ResourceObjectOAuth2SessionUpdateRequest"}}},"ResourceObjectOAuth2SessionUpdateRequest":{"required":["type"],"type":"object","properties":{"type":{"type":"string"},"id":{"type":"string"},"attributes":{"$ref":"#/components/schemas/OAuth2SessionUpdateRequestOverride"},"relationships":{"$ref":"#/components/schemas/Relationships"},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"}}},"OAuth2DiscoveryAndMetadataEndpointResponseData":{"$ref":"#/components/schemas/OAuth2DiscoveryAndMetadataResponseOverride"},"OAuth2JwksResponseData":{"required":["keys"],"type":"object","properties":{"keys":{"type":"array","description":"Set of JWKs as defined in <a href=\"https://tools.ietf.org/html/rfc7517\">RFC 7517</a>.","items":{"$ref":"#/components/schemas/OAuth2JwkResponseDataOverride"}}}},"OAuth2ParData":{"type":"object","properties":{"request_uri":{"type":"string","description":"The request URI corresponding to the authorization request posted."},"expires_in":{"type":"integer","description":"A JSON number that represents the lifetime of the request URI in seconds as a positive integer.","format":"int64"}}},"OAuth2ResourceEndpointResponseData":{"$ref":"#/components/schemas/OAuth2ResourceEndpointResponseDataOverride"},"OAuth2SessionDataCollectionDocument":{"type":"object","properties":{"data":{"type":"array","items":{"$ref":"#/components/schemas/OAuth2SessionDataResourceObject"}},"included":{"uniqueItems":true,"type":"array","description":"To reduce the number of HTTP requests, servers **MAY** allow responses that include related resources along with the requested primary resources. Such responses are called \"compound documents\".","items":{"$ref":"#/components/schemas/ResourceObjectBase"}},"jsonapi":{"$ref":"#/components/schemas/Jsonapi"},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"}}},"OAuth2TokenIntrospectionResponseData":{"required":["active"],"type":"object","properties":{"active":{"type":"boolean","description":"Indicates whether or not the presented token is currently active."},"scope":{"type":"string","description":"Space-separated list of scopes associated with this token."},"sub":{"type":"string","description":"Subject of the token, usually a machine-readable identifier of the resource owner who authorized this token."},"username":{"type":"string","description":"Human-readable identifier for the resource owner who authorized this token.","x-internal":"true"},"exp":{"type":"integer","description":"Timestamp, measured in the number of seconds since January 1 1970 UTC, indicating when this token will expire.","format":"int64"},"iat":{"type":"integer","description":"Timestamp, measured in the number of seconds since January 1 1970 UTC, indicating when this token was originally issued.","format":"int64"},"nbf":{"type":"integer","description":"Timestamp, measured in the number of seconds since January 1 1970 UTC, indicating when this token is not to be used before.","format":"int64","x-internal":"true"},"aud":{"type":"string","description":"Service-specific identifier or list of identifiers representing the intended audience for this token.","x-internal":"true"},"iss":{"type":"string","description":"The issuer of this token.","x-internal":"true"},"jti":{"type":"string","description":"The identifier for the token.","x-internal":"true"},"cnf":{"type":"object","additionalProperties":{"type":"string","description":"The JWT confirmation method. Used with certificate-bound access tokens."},"description":"The JWT confirmation method. Used with certificate-bound access tokens."},"client_id":{"type":"string","description":"Client identifier for the OAuth 2.0 client that requested this token."},"token_type":{"type":"string","description":"Type of the token as defined in Section 5.1 of OAuth 2.0 [RFC6749].","x-internal":"true"}}},"OpenIdConnectOriginCheckData":{"type":"object","properties":{"allowed":{"type":"boolean","description":"Whether the origin is allowed or not for this authorization server."}},"description":"Attributes of this resource."},"OpenIdConnectOriginCheckDataResourceDocument":{"type":"object","properties":{"data":{"$ref":"#/components/schemas/OpenIdConnectOriginCheckDataResourceObject"},"included":{"uniqueItems":true,"type":"array","description":"To reduce the number of HTTP requests, servers **MAY** allow responses that include related resources along with the requested primary resources. Such responses are called \"compound documents\".","items":{"$ref":"#/components/schemas/ResourceObjectBase"}},"jsonapi":{"$ref":"#/components/schemas/Jsonapi"},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"}}},"OpenIdConnectOriginCheckDataResourceObject":{"required":["id","type"],"type":"object","properties":{"attributes":{"$ref":"#/components/schemas/OpenIdConnectOriginCheckData"},"id":{"type":"string","description":"Identifies the instance of this resource; type and id together make a resource unique.\nWhile the server always returns a valid ID value, it MAY accept a client-generated ID in a request to create\na resource."},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"},"relationships":{"$ref":"#/components/schemas/Relationships"},"type":{"type":"string","description":"Identifies the type of this resource; type and id together make a resource unique.","enum":["oidc-origin-check"]}},"description":"An included resource to which the primary data refers."},"OpenIdConnectCheckOriginRequest":{"required":["clientId","origin"],"type":"object","properties":{"origin":{"maxLength":100000,"minLength":1,"type":"string","description":"Origin to check."},"clientId":{"maxLength":10000,"minLength":1,"type":"string","description":"The ID of the registered client on this authorization server."}}},"OpenIdConnectUserInfoResponseData":{"$ref":"#/components/schemas/OpenIdConnectUserInfoResponseDataOverride"}}},"x-tagGroups":[{"name":"Public","tags":["/public_Flow Control","/public_Maintenance Messages","/public_Password","/public_Signing Keys","/public_other","/public_UI"]},{"name":"Public Authentication","tags":["/public/authentication_Airlock 2FA","/public/authentication_Cronto","/public/authentication_Device Tokens","/public/authentication_Email OTP","/public/authentication_FIDO","/public/authentication_Flow Control","/public/authentication_Generic OTP","/public/authentication_Location","/public/authentication_Matrix Cards","/public/authentication_Message Acknowledgement","/public/authentication_Migration","/public/authentication_OATH OTP","/public/authentication_OAuth 2.0/OIDC","/public/authentication_Password","/public/authentication_SAML","/public/authentication_SMS/mTAN","/public/authentication_SSI","/public/authentication_Secret Questions","/public/authentication_Terms of Services","/public/authentication_User","/public/authentication_User Context Data","/public/authentication_Vasco OTP","/public/authentication_other","/public/authentication_UI"]},{"name":"Public Self Service","tags":["/public/self-service_Airlock 2FA","/public/self-service_Cronto","/public/self-service_Device Tokens","/public/self-service_Email OTP","/public/self-service_FIDO","/public/self-service_Flow Control","/public/self-service_Matrix Cards","/public/self-service_Message Acknowledgement","/public/self-service_OATH OTP","/public/self-service_Password","/public/self-service_SMS/mTAN","/public/self-service_SSI","/public/self-service_Secret Questions","/public/self-service_User","/public/self-service_Vasco OTP","/public/self-service_other"]},{"name":"Public Tech Client Registration","tags":["/public/tech-client-registration_Flow Control","/public/tech-client-registration_OAuth 2.0/OIDC","/public/tech-client-registration_other"]},{"name":"Protected","tags":["/protected_Cronto","/protected_Device Tokens","/protected_Password","/protected_SMS/mTAN","/protected_Secret Questions","/protected_User","/protected_other"]},{"name":"Protected Self Service","tags":["/protected/self-service_Airlock 2FA","/protected/self-service_Cronto","/protected/self-service_Device Tokens","/protected/self-service_Email OTP","/protected/self-service_FIDO","/protected/self-service_Flow Control","/protected/self-service_Matrix Cards","/protected/self-service_Message Acknowledgement","/protected/self-service_OATH OTP","/protected/self-service_OAuth 2.0/OIDC","/protected/self-service_Password","/protected/self-service_Remember-Me","/protected/self-service_Representation","/protected/self-service_SMS/mTAN","/protected/self-service_SSI","/protected/self-service_User Context Data","/protected/self-service_Vasco OTP","/protected/self-service_other","/protected/self-service_UI"]},{"name":"User Self Registration","tags":["/public/user-self-registration_Airlock 2FA","/public/user-self-registration_Data Registration","/public/user-self-registration_Email OTP","/public/user-self-registration_Flow Control","/public/user-self-registration_Message Acknowledgement","/public/user-self-registration_OATH OTP","/public/user-self-registration_SMS/mTAN","/public/user-self-registration_SSI","/public/user-self-registration_Terms of Services","/public/user-self-registration_other","/public/user-self-registration_UI"]},{"name":"OAuth 2.0","tags":["/oauth2_OAuth 2.0/OIDC","/oauth2_Signing Keys","/oauth2_other"]}]}