{ "swagger":"2.0", "info":{ "title":"REST API for Password Management in Oracle Access Manager", "description":"The Oracle Access Manager Password Management REST APIs are Admin delegated REST APIs for password related operations such as requests for password reset,password validation and getting password policy for an OAM user.", "version":"2025.02.19", "x-summary":"The Oracle Access Manager Password Management REST APIs are Admin delegated REST APIs for password related operations such as requests for password reset,password validation and getting password policy for an OAM user." }, "schemes":[ "https" ], "basePath":"/oam/services/rest/access/api/v1/pswdmanagement", "produces":[ "application/json" ], "paths":{ "/PasswordResetRequests/${userid}/${idstoreref}":{ "post":{ "summary":"PasswordReset using current password and userid and idstoreref", "description":"An admin authenticated web application can update the user password by using the current\nand the new password provided to update the password to a new value. The user details can be \ngiven as path parameter. Both the userid and the idstoreref needs to be specified in this case.\n", "parameters":[ { "name":"userid", "in":"path", "description":"Input to uniquely identify user", "type":"string", "required":true }, { "name":"idstoreref", "in":"path", "description":"idstore that the user belongs to", "type":"string", "required":true }, { "name":"userdetails", "in":"query", "description":"userdetails object in query parameter. The path parameter takes precedence over query parameter. The query parameter takes the input of the form systemTenant::UserDN::IDSTOREREF::UserID. For example, userdetails=systemTenant::cn=normal,ou=users,dc=ngam,dc=oracle,dc=com::oud::normal.", "type":"string", "required":false }, { "name":"PasswordResetRequest", "in":"body", "description":"The request object", "required":true, "schema":{ "$ref":"#/definitions/PasswordResetRequest" } } ], "tags":[ "PasswordReset" ], "responses":{ "200":{ "description":"Password reset response", "schema":{ "$ref":"#/definitions/ResetPasswordChallengesResponse" } }, "401":{ "description":"Unauthorized" }, "404":{ "description":"Requested entity not found" }, "500":{ "description":"Internal Server Error" } }, "x-internal-id":"PasswordResetRequests-${userid}-${idstoreref}-post", "x-filename-id":"passwordresetrequests-userid-idstoreref-post" } }, "/PasswordResetRequests/${userid}":{ "post":{ "summary":"PasswordReset using current password and userid", "description":"An admin authenticated web application can update the user password by using the current\nand the new password provided to update the password to a new value. The user details can be \ngiven as path parameter. This variation of the API is used for users belonging \nto default idstore in OAM. \n", "parameters":[ { "name":"userid", "in":"path", "description":"Input to uniquely identify user", "type":"string", "required":true }, { "name":"userdetails", "in":"query", "description":"userdetails object in query parameter.", "type":"string", "required":false }, { "name":"PasswordResetRequest", "in":"body", "description":"The request object", "required":true, "schema":{ "$ref":"#/definitions/PasswordResetRequest" } } ], "tags":[ "PasswordReset" ], "responses":{ "200":{ "description":"Password reset response", "schema":{ "$ref":"#/definitions/ResetPasswordChallengesResponse" } }, "401":{ "description":"Unauthorized" }, "404":{ "description":"Requested entity not found" }, "500":{ "description":"Internal Server Error" } }, "x-internal-id":"PasswordResetRequests-${userid}-post", "x-filename-id":"passwordresetrequests-userid-post" } }, "/PasswordResetRequests":{ "post":{ "summary":"PasswordReset using current password and userdetails", "description":"An admin authenticated web application can update the user password by using the current\nand the new password provided to update the password to a new value. \nThe userdetails can be given as part of query parameter or as part of the request object.\nQuery parameter takes precendence over request object for userdetails.\n", "parameters":[ { "name":"userdetails", "in":"query", "description":"userdetails object in query parameter. The query parameter takes the input of the form systemTenant::UserDN::IDSTOREREF::UserID. For example, userdetails=systemTenant::cn=normal,ou=users,dc=ngam,dc=oracle,dc=com::oud::normal.", "type":"string", "required":false }, { "name":"PasswordResetRequest", "in":"body", "description":"The request object", "required":true, "schema":{ "$ref":"#/definitions/PasswordResetRequest" } } ], "tags":[ "PasswordReset" ], "responses":{ "200":{ "description":"Password reset response", "schema":{ "$ref":"#/definitions/ResetPasswordChallengesResponse" } }, "401":{ "description":"Unauthorized" }, "404":{ "description":"Requested entity not found" }, "500":{ "description":"Internal Server Error" } }, "x-internal-id":"PasswordResetRequests-post", "x-filename-id":"passwordresetrequests-post" } }, "/PasswordResetRequestsWithOTP/${userid}/${idstoreref}":{ "post":{ "summary":"PasswordReset using OTP and userid and idstoreref", "description":"An authenticated web application can update the password to be reset\nfor a user using the OTP generated for the user in another rest API call to generate OTP.\nThe ValidateOTPRequest object contains the required information to validate the OTP. These\ninformation can be obtained from the REST call to generate the OTP for the user.The path parameter\nuserid and idstoreref are used to uniquely identify the user in OAM.\n", "parameters":[ { "name":"idstoreref", "in":"path", "description":"idstore that the user belongs to", "type":"string", "required":true }, { "name":"userid", "in":"path", "description":"Input to uniquely identify user", "type":"string", "required":true }, { "name":"userdetails", "in":"query", "description":"userdetails object in query parameter", "type":"string", "required":false }, { "name":"PasswordResetRequestWithOTP", "in":"body", "description":"The request object", "required":true, "schema":{ "$ref":"#/definitions/PasswordResetRequestWithOTPRequest" } } ], "tags":[ "PasswordReset" ], "responses":{ "200":{ "description":"Password policy assignment", "schema":{ "$ref":"#/definitions/PasswordResetWithOTPResponse" } }, "401":{ "description":"Unauthorized" }, "404":{ "description":"Requested entity not found" }, "500":{ "description":"Internal Server Error" } }, "x-internal-id":"PasswordResetRequestsWithOTP-${userid}-${idstoreref}-post", "x-filename-id":"passwordresetrequestswithotp-userid-idstoreref-post" } }, "/PasswordResetRequestsWithOTP/${userid}":{ "post":{ "summary":"PasswordReset using OTP and userid", "description":"An authenticated web application can update the password or challenges to be reset\nfor a user uniquely identified by canonical userid in OAM. \nThe ValidateOTPRequest object contains the required information to validate the OTP. These\ninformation can be obtained from the REST call to generate the OTP for the user.The path parameter\nuserid are used to uniquely identify the user in OAM's default idstore. This call assumes that user \nis present in the default identity store.\n", "parameters":[ { "name":"userid", "in":"path", "description":"Input to uniquely identify user", "type":"string", "required":true }, { "name":"userdetails", "in":"query", "description":"userdetails object in query parameter", "type":"string", "required":false }, { "name":"PasswordResetRequestWithOTP", "in":"body", "description":"The request object", "required":true, "schema":{ "$ref":"#/definitions/PasswordResetRequestWithOTPRequest" } } ], "tags":[ "PasswordReset" ], "responses":{ "200":{ "description":"Password policy assignment", "schema":{ "$ref":"#/definitions/PasswordResetWithOTPResponse" } }, "401":{ "description":"Unauthorized" }, "404":{ "description":"Requested entity not found" }, "500":{ "description":"Internal Server Error" } }, "x-internal-id":"PasswordResetRequestsWithOTP-${userid}-post", "x-filename-id":"passwordresetrequestswithotp-userid-post" } }, "/PasswordResetRequestsWithOTP":{ "post":{ "summary":"PasswordReset using OTP and userdetails", "description":"An authenticated web application can update the password or challenges to be reset\nfor a user uniquely identified by query parameter or the request object . The query parameter\ntakes precendence if present over the request object and is of the form systemTenant::UserDN::IDSTOREREF::UserID. \nFor example, userdetails=systemTenant::cn=normal,ou=users,dc=ngam,dc=oracle,dc=com::oud::normal.\n", "parameters":[ { "name":"userdetails", "in":"query", "description":"userdetails object in query parameter.The query parameter takes the input of the form systemTenant::UserDN::IDSTOREREF::UserID. For example, userdetails=systemTenant::cn=normal,ou=users,dc=ngam,dc=oracle,dc=com::oud::normal.", "type":"string", "required":false }, { "name":"PasswordResetRequestWithOTP", "in":"body", "description":"The request object", "required":true, "schema":{ "$ref":"#/definitions/PasswordResetRequestWithOTPRequest" } } ], "tags":[ "PasswordReset" ], "responses":{ "200":{ "description":"Password policy assignment", "schema":{ "$ref":"#/definitions/PasswordResetWithOTPResponse" } }, "401":{ "description":"Unauthorized" }, "404":{ "description":"Requested entity not found" }, "500":{ "description":"Internal Server Error" } }, "x-internal-id":"PasswordResetRequestsWithOTP-post", "x-filename-id":"passwordresetrequestswithotp-post" } }, "/UserStatusChanger/${userid}/${idstoreref}":{ "put":{ "summary":"Change user status using userid and idstoreref", "description":"User status is changed as per input specifications. The specifications tells whether user is enabled/disable forcedPasswordreset, locked/unlocked. These status of the user can be changed via this API. The userid and the idstoreref\nthat the user belongs to are specified as path parameters in this API.\n", "parameters":[ { "name":"idstoreref", "in":"path", "description":"idstore that the user belongs to", "type":"string", "required":true }, { "name":"userid", "in":"path", "description":"Input to uniquely identify user", "type":"string", "required":true }, { "name":"userdetails", "in":"query", "description":"userdetails object in query parameter", "type":"string", "required":false }, { "name":"UserStatusChangeRequest", "in":"body", "description":"This is the request object which uniquely identifies the user and changes the status as per the input specification\n", "required":true, "schema":{ "$ref":"#/definitions/UserStatusChangeRequest" } } ], "tags":[ "UserStatusChanger" ], "responses":{ "200":{ "description":"The user status has been changed successfully" }, "401":{ "description":"Unauthorized" }, "404":{ "description":"Requested entity not found" }, "500":{ "description":"Internal Server Error" } }, "x-internal-id":"UserStatusChanger-${userid}-${idstoreref}-put", "x-filename-id":"userstatuschanger-userid-idstoreref-put" } }, "/UserStatusChanger/${userid}":{ "put":{ "summary":"Change user status using userid", "description":"User status is changed as per input specifications. The specifications tells whether user is enabled/disable forcedPasswordreset, locked/unlocked. These status of the user can be changed via this API. In this API, the user is assumed to be present in the default idstore. The userid is specified as a path parameter.\n", "parameters":[ { "name":"userid", "in":"path", "description":"Input to uniquely identify user", "type":"string", "required":true }, { "name":"userdetails", "in":"query", "description":"userdetails object in query parameter", "type":"string", "required":false }, { "name":"UserStatusChangeRequest", "in":"body", "description":"This is the request object which uniquely identifies the user and changes the status as per the input specification\n", "required":true, "schema":{ "$ref":"#/definitions/UserStatusChangeRequest" } } ], "tags":[ "UserStatusChanger" ], "responses":{ "200":{ "description":"The user status has been changed successfully" }, "401":{ "description":"Unauthorized" }, "404":{ "description":"Requested entity not found" }, "500":{ "description":"Internal Server Error" } }, "x-internal-id":"UserStatusChanger-${userid}-put", "x-filename-id":"userstatuschanger-userid-put" } }, "/UserStatusChanger":{ "put":{ "summary":"Change user status using userdetails", "description":"User status is changed as per input specifications. The specifications tells whether user is enabled/disable forcedPasswordreset, locked/unlocked. These status of the user can be changed via this API. In this API, the user\ndetails can be passed as a query parameter as userdetails or as part of the request object.\n", "parameters":[ { "name":"userdetails", "in":"query", "description":"userdetails object in query parameter.The path parameter takes precedence over query parameter. The query parameter takes the input of the form systemTenant::UserDN::IDSTOREREF::UserID. For example, userdetails=systemTenant::cn=normal,ou=users,dc=ngam,dc=oracle,dc=com::oud::normal.", "type":"string", "required":false }, { "name":"UserStatusChangeRequest", "in":"body", "description":"This is the request object which uniquely identifies the user and changes the status as per the input specification\n", "required":true, "schema":{ "$ref":"#/definitions/UserStatusChangeRequest" } } ], "tags":[ "UserStatusChanger" ], "responses":{ "200":{ "description":"The user status has been changed successfully" }, "401":{ "description":"Unauthorized" }, "404":{ "description":"Requested entity not found" }, "500":{ "description":"Internal Server Error" } }, "x-internal-id":"UserStatusChanger-put", "x-filename-id":"userstatuschanger-put" } }, "/UserStatusRetriever/${userid}/${idstoreref}'":{ "get":{ "summary":"Get user status using userid and idstoreref", "description":"User status is retrieved for the input user. The userid and identitystoreref are specified as path parameters in this API. The idstoreref is required if user is present in a identitystore different from the default identity store in OAM. \n", "parameters":[ { "name":"idstoreref", "in":"path", "description":"idstore that the user belongs to", "type":"string", "required":true }, { "name":"userid", "in":"path", "description":"Input to uniquely identify user", "type":"string", "required":true }, { "name":"userdetails", "in":"query", "description":"userdetails object in query parameter", "type":"string", "required":false } ], "tags":[ "UserStatusChanger" ], "responses":{ "200":{ "description":"The user status has been retrieved successfully", "schema":{ "$ref":"#/definitions/UserStatusChangeRequest" } }, "401":{ "description":"Unauthorized" }, "404":{ "description":"Requested entity not found" }, "500":{ "description":"Internal Server Error" } }, "x-internal-id":"UserStatusRetriever-${userid}-${idstoreref}'-get", "x-filename-id":"userstatusretriever-userid-idstoreref-get" } }, "/UserStatusRetriever/${userid}'":{ "get":{ "summary":"Get user status using userid and idstoreref", "description":"User status is retrieved for the input user. The userid is specified as path parameters in this API. The user needs to be present in the default identity store in OAM\n", "parameters":[ { "name":"userid", "in":"path", "description":"Input to uniquely identify user", "type":"string", "required":true }, { "name":"userdetails", "in":"query", "description":"userdetails object in query parameter", "type":"string", "required":false } ], "tags":[ "UserStatusChanger" ], "responses":{ "200":{ "description":"The user status has been retrieved successfully", "schema":{ "$ref":"#/definitions/UserStatusChangeRequest" } }, "401":{ "description":"Unauthorized" }, "404":{ "description":"Requested entity not found" }, "500":{ "description":"Internal Server Error" } }, "x-internal-id":"UserStatusRetriever-${userid}'-get", "x-filename-id":"userstatusretriever-userid-get" } }, "/UserStatusRetriever'":{ "get":{ "summary":"Get user status using userdetails query parameter", "description":"User status is retrieved for the input user. The userid is specified as path parameters in this API. The user needs to be present in the default identity store in OAM\n", "parameters":[ { "name":"userdetails", "in":"query", "description":"userdetails object in query parameter", "type":"string", "required":false } ], "tags":[ "UserStatusChanger" ], "responses":{ "200":{ "description":"The user status has been retrieved successfully", "schema":{ "$ref":"#/definitions/UserStatusResponse" } }, "401":{ "description":"Unauthorized" }, "404":{ "description":"Requested entity not found" }, "500":{ "description":"Internal Server Error" } }, "x-internal-id":"UserStatusRetriever'-get", "x-filename-id":"userstatusretriever-get" } }, "/UserPasswordPolicyRetriever/${userid}/${idstoreref}":{ "get":{ "summary":"Get Password policy using userid and idstoreref", "description":"REST API for getting the applicable password policy for the user. This can be used \nin an application to display the password rules for the user that the password need to conform to.\nThe userid and the idstoreref that the user belongs to are given as a path parameters. \n", "parameters":[ { "name":"idstoreref", "in":"path", "description":"idstore that the user belongs to", "type":"string", "required":true }, { "name":"userid", "in":"path", "description":"Input to uniquely identify user", "type":"string", "required":true }, { "name":"userdetails", "in":"query", "description":"userdetails object in query parameter", "type":"string", "required":false }, { "name":"isDescription", "in":"query", "description":"Whether password rules are supposed to come as description", "required":false, "type":"boolean" } ], "tags":[ "PasswordPolicy" ], "responses":{ "200":{ "description":"Password policy assignment", "schema":{ "$ref":"#/definitions/PolicyDescriptionResponse" } }, "401":{ "description":"Unauthorized" }, "404":{ "description":"Requested entity not found" }, "500":{ "description":"Internal Server Error" } }, "x-internal-id":"UserPasswordPolicyRetriever-${userid}-${idstoreref}-get", "x-filename-id":"userpasswordpolicyretriever-userid-idstoreref-get" } }, "/UserPasswordPolicyRetriever/${userid}":{ "get":{ "summary":"Get Password policy using userid", "description":"REST API for getting the applicable password policy for the user. This can be used \nin an application to display the password rules for the user that the password need to conform to.\nThe userid that the user belongs to in the default identity store are given as a path parameters. \nThis API assumes that the user belongs to the default identity store.\n", "parameters":[ { "name":"userid", "in":"path", "description":"Input to uniquely identify user", "type":"string", "required":true }, { "name":"userdetails", "in":"query", "description":"userdetails object in query parameter", "type":"string", "required":false }, { "name":"isDescription", "in":"query", "description":"Whether password rules are supposed to come as description", "required":false, "type":"boolean" } ], "tags":[ "PasswordPolicy" ], "responses":{ "200":{ "description":"Password policy assignment", "schema":{ "$ref":"#/definitions/PolicyDescriptionResponse" } }, "401":{ "description":"Unauthorized" }, "404":{ "description":"Requested entity not found" }, "500":{ "description":"Internal Server Error" } }, "x-internal-id":"UserPasswordPolicyRetriever-${userid}-get", "x-filename-id":"userpasswordpolicyretriever-userid-get" } }, "/UserPasswordPolicyRetriever":{ "get":{ "summary":"Get Password policy using userdetails", "description":"REST API for getting the applicable password policy for the user. This can be used \nin an application to display the password rules for the user that the password need to conform to.\nThe userdetails is given as part of query parameter.\n", "parameters":[ { "name":"userdetails", "in":"query", "description":"The query parameter takes the input of the form systemTenant::UserDN::IDSTOREREF::UserID. For example, userdetails=systemTenant::cn=normal,ou=users,dc=ngam,dc=oracle,dc=com::oud::normal.", "type":"string", "required":false }, { "name":"isDescription", "in":"query", "description":"Whether password rules are supposed to come as description", "required":false, "type":"boolean" } ], "tags":[ "PasswordPolicy" ], "responses":{ "200":{ "description":"Password policy assignment", "schema":{ "$ref":"#/definitions/PolicyDescriptionResponse" } }, "401":{ "description":"Unauthorized" }, "404":{ "description":"Requested entity not found" }, "500":{ "description":"Internal Server Error" } }, "x-internal-id":"UserPasswordPolicyRetriever-get", "x-filename-id":"userpasswordpolicyretriever-get" } } }, "definitions":{ "ResetPasswordChallengesResponse":{ "type":"object", "properties":{ "isValid":{ "type":"boolean" }, "messages":{ "type":"array", "items":{ "$ref":"#/definitions/PolicyMessage" } } } }, "PasswordResetRequest":{ "type":"object", "properties":{ "username":{ "$ref":"#/definitions/userdetails" }, "originalpassword":{ "type":"string", "description":"User password" }, "newpassword":{ "type":"string", "description":"Password to be set" } } }, "userdetails":{ "type":"object", "properties":{ "tenantname":{ "type":"string", "description":"tenant name. Its always systemTenant" }, "idstoreref":{ "type":"string", "description":"idstore that the user belongs to" }, "dn":{ "type":"string", "description":"the distinguished name of the user in the identity store" }, "username":{ "type":"string", "description":"the short name of the user" } } }, "PasswordResetRequestWithOTPRequest":{ "type":"object", "properties":{ "username":{ "$ref":"#/definitions/userdetails" }, "password":{ "type":"string", "description":"User password" }, "otp":{ "$ref":"#/definitions/ValidateOTPRequest" } } }, "PasswordResetWithOTPResponse":{ "type":"object", "properties":{ "isValid":{ "type":"boolean" }, "messages":{ "type":"array", "items":{ "$ref":"#/definitions/PolicyMessage" } }, "validateOTPResponse":{ "$ref":"#/definitions/ValidateOTPResponse" } } }, "ValidateOTPRequest":{ "type":"object", "required":[ "userId", "correlationId", "otpCode", "appName" ], "properties":{ "userId":{ "description":"Username of user to generate OTP code for.", "type":"string" }, "correlationId":{ "description":"CorrelationId returned by createOTP api.", "type":"string" }, "otpCode":{ "description":"User entered otp code to be validated.", "type":"string" }, "appName":{ "description":"Name defining calling app.", "type":"string" }, "sessionId":{ "description":"SessionId associated with OTP generation.", "type":"string" } } }, "ValidateOTPResponse":{ "properties":{ "resultCode":{ "type":"string", "description":"Respose code indicating success (0) or error." }, "minorCode":{ "type":"string", "description":"Minor code indicating error details." }, "message":{ "type":"string", "description":"Message describing error, if any." } } }, "PolicyMessage":{ "properties":{ "resourceBundleKey":{ "type":"string" }, "displayValue":{ "type":"string" } } }, "UserStatusChangeRequest":{ "type":"object", "properties":{ "username":{ "$ref":"#/definitions/userdetails" }, "enabled":{ "type":"boolean", "description":"if user is enabled, set to true. If disabled, set as false" }, "unlocked":{ "type":"boolean", "description":"if user is unlocked, set to true. If user is locked, set to false" }, "forcepwdchange":{ "type":"boolean", "description":"if user is forced to change password in the next login, set to true. Else set to false." } } }, "UserStatusResponse":{ "type":"object", "properties":{ "enabled":{ "type":"boolean", "description":"if user is enabled, set to true. If disabled, set as false" }, "unlocked":{ "type":"boolean", "description":"if user is unlocked, set to true. If user is locked, set to false" }, "forcepwdchange":{ "type":"boolean", "description":"if user is forced to change password in the next login, set to true. Else set to false." } } }, "PolicyDescriptionResponse":{ "properties":{ "messages":{ "type":"array", "items":{ "$ref":"#/definitions/PolicyMessage" } } } } }, "tags":[ { "name":"PasswordPolicy", "description":"The operations from the PasswordPolicy category." }, { "name":"PasswordReset", "description":"The operations from the PasswordReset category." }, { "name":"UserStatusChanger", "description":"The operations from the UserStatusChanger category." } ] }