Identity and Access Management (Nov 5, 2024, 1:06:06 PM)

Download OpenAPI specification:Download

Welcome to Synerise API Reference! We hope that you'll enjoy your stay here.

If you need help with our services, feel free to contact us at support@synerise.com.

Authentication

JWT

Synerise uses JSON Web Token (JWT) as the authorization method. The token is generated by the auth/login endpoint. You need to include it in the Authorization header of your requests, with a Bearer prefix. See this simplified example of a call:

curl -X GET https://api.synerise.com/v4/clients \
-H 'Accept: application/json' \
-H 'Api-Version: 4.4' \
-H 'Authorization: Bearer eyJhbGciOiJSzZXIiLCJjdGQiOjE1NTI0NjMzMjg4NjIsImF1dGgiOiJINHNJQUFBQUFBQUFBSXVPQlFBcHUwd05BZ0FBQUE9PSIsIm5tZSI' \
-H 'Content-Type: application/json'

Remember to include a space between Bearer and the token.

The token is valid for one hour (unless configured differently). You can request a refreshed key for the session by using the auth/refresh endpoint before the current token expires.

You can verify your JWT signature by using the public key.

Security Scheme Type	HTTP
HTTP Authorization Scheme	bearer

TrackerKey

Authorization by tracker key sent in a token query parameter. This may be the same key as used in the tracking code of the website. For details, see this article: https://help.synerise.com/developers/web/installation-and-configuration/#creating-a-tracking-code.

Security Scheme Type	API Key
Query parameter name:	token

Authorization

Methods to authorize and obtain JWT token required by our API endpoints

Log in as User

Authenticate as a User.

Note: To perform operations within a Workspace, you must select a Workspace.

This method does not require a Synerise authorization token.

Request Body schema: application/json

username required	string The login (email address) of the user
password required	string The user's password
deviceId	string Identifier of user's current device
externalProviderToken	string
externalProviderType	string Value: "GOOGLE"

Responses

Request samples

Content type

application/json

{"username": "string",
"password": "string",
"deviceId": "string",
"externalProviderToken": "string",
"externalProviderType": "GOOGLE"
}

Response samples

200

Content type

application/json

{"consumer": {"type": "USER",
"businessProfileId": 0,
"name": "string",
"id": 0,
"authorities": ["string"
],
"roles": "string"
},
"token": "string"
}

Verify User multi-factor authentication

Authenticate as a User with multi-factor authentication.

Note: To perform operations within a Workspace, you must select a Workspace.

API consumer who can use this method: Synerise User
This method is available to all authenticated users, before and after multi-factor authentication is confirmed.

Authorizations:

JWT

query Parameters

mfaType

required

string

Enum: "TOTP_AUTHENTICATOR" "EMAIL"

Type of multi-factor authentication

Request Body schema: application/json

verificationCode required	string Multi-factor verification code
deviceId	string
externalProviderToken	string
externalProviderType	string Value: "GOOGLE"

Responses

Request samples

Content type

application/json

{"verificationCode": "string",
"deviceId": "string",
"externalProviderToken": "string",
"externalProviderType": "GOOGLE"
}

Response samples

200

Content type

application/json

{"consumer": {"type": "USER",
"businessProfileId": 0,
"name": "string",
"id": 0,
"authorities": ["string"
],
"roles": "string"
},
"token": "string"
}

Select Workspace

After logging in as a User, select a Workspace where you want to perform operations.

API consumer who can use this method: Synerise User
This method is available to all fully-authenticated users (multifactor confirmation required, if enabled).

Authorizations:

JWT

path Parameters

businessProfileUUID

required

string <uuid>

UUID of the workspace

Responses

Request samples

curl --request POST 
  --url https://api.synerise.com/uauth/auth/login/user/profile/%7BbusinessProfileUUID%7D 
  --header 'Authorization: Bearer _YOUR_JWT_TOKEN_'

Response samples

200
423

Content type

application/json

{"consumer": {"type": "USER",
"businessProfileId": 0,
"name": "string",
"id": 0,
"authorities": ["string"
],
"roles": "string"
},
"token": "string"
}

Get Workspaces

Retrieve a list of Workspaces available to the user.

API consumer who can use this method: Synerise User
This method is available to all fully-authenticated users (multifactor confirmation required, if enabled).

Authorizations:

JWT

Responses

Request samples

curl --request GET 
  --url https://api.synerise.com/uauth/business-profile/ 
  --header 'Authorization: Bearer _YOUR_JWT_TOKEN_'

Response samples

200

Content type

application/json

[{"businessProfileGuid": "string",
"logo": "string",
"name": "string",
"id": 0,
"created": "2019-08-24T14:15:22Z",
"subdomain": "string",
"ipRestricted": true,
"mfaRequired": true
}
]

Get current Workspace

Retrieve information about the currently selected workspace.

API consumer who can use this method: Synerise User
This method is available to all fully-authenticated users (multifactor confirmation required, if enabled).

Authorizations:

JWT

Responses

Request samples

curl --request GET 
  --url https://api.synerise.com/uauth/business-profile/current 
  --header 'Authorization: Bearer _YOUR_JWT_TOKEN_'

Response samples

200

Content type

application/json

{"selected": true,
"data": {"id": 0,
"name": "string",
"logo": "string",
"businessProfileGuid": "string",
"created": "2019-08-24T14:15:22Z",
"subdomain": "string",
"ipRestriction": "OFF",
"mfaRestriction": "OFF"
}
}

Log in as Workspace

Obtain a new Workspace JWT Token.

This method does not require a Synerise authorization token.

Request Body schema: application/json

apiKey

required

string

Workspace API key

WARNING: Workspace API keys can be used to access all customer data and manage the workspace. They should only be used for server-to-server communication in integrations. DO NOT use workspace API keys in your mobile applications or websites.

Responses

Request samples

Content type

application/json

{"apiKey": "64c09614-1b2a-42f7-804d-f647243eb1ab"
}

Response samples

200
400
401

Content type

application/json

{"token": "string"
}

Refresh a Profile token

Retrieve a refreshed JWT Token to prolong the session.

The current token must still be active at the time of the request.

API consumers who can use this method: Profile (formerly client), Anonymous profile (formerly client)
This method does not require a Synerise authorization token.

Authorizations:

JWT

Request Body schema: application/json

apiKey

required

string

Profile (formerly "Client") API key

Responses

Request samples

Content type

application/json

{"apiKey": "string"
}

Response samples

200
401

Content type

application/json

{"token": "string",
"expiration": 1649283173,
"created": 1649277173668,
"origin": "SYNERISE",
"customId": "card123",
"realm": "client"
}

Authenticate as Profile

Obtain a new JWT for a Profile. If an account for the Profile does not exist and the identityProvider is different than SYNERISE, this request creates an account.

This method does not require a Synerise authorization token.

Request Body schema: application/json

apiKey required	string Profile (formerly "Client") API key
identityProvider required	string Enum: "SYNERISE" "FACEBOOK" "OAUTH" "APPLE" "GOOGLE" "UNKNOWN" The identity provider.
identityProviderToken	string Third-party authentication token used to authenticate with the Identity Provider. Required if `identityProvider` is different than `SYNERISE`.
email	string Profile email. Required if `identityProvider` is `SYNERISE` and email is the unique identifier (default setting).
customId	any Profile customId. Required if `identityProvider` is `SYNERISE` and customId is the unique identifier (see https://hub.synerise.com/docs/settings/configuration/non-unique-emails/).
password	string Profile password. Required if `identityProvider` is `SYNERISE`.
uuid	string Profile UUID. Required if `identityProvider` is `SYNERISE`.
deviceId	string Unique Android or iOS device ID
	object This object contains the marketing agreements of the Profile. You can also pass the values as strings (`"true"`;`"True"`/`"false"`;`"False"`) or integers (`1` for true and `0` for false).
	object This object contains custom attributes that can have any name (except for reserved attributes, see warning below) and data type, as required by your integration. The attribute names can't include any characters that match the pattern (ECMA flavor): `/[\r\n\u2028\u2029\u00AD\u0000\uFE00-\uFE0F]/` String values: can't include variation selectors (`[\uFE00-\uFE0F]`), unless there are other characters in the string. can't include the "null" control character (`\u0000`) If you want to send a date/time attribute for use in analytics, take the following into account: The date/time should be formatted according to ISO 8601. The time zone of the workspace affects dates/times in the attributes that DON'T have a defined timezone. Example: `2023-10-09T12:00:00` doesn't have a timezone indicator and will be considered as a time in the workspace's time zone. `2023-10-09T12:00:00+02:00` has a timezone indicator (`+02:00`), so the timezone of the workspace doesn't affect it. `2023-10-09T12:00:00Z` is a time in the UTC time zone (denoted by the `Z` at the end), so the timezone of the workspace doesn't affect it. WARNING: Some attributes are reserved and cannot be sent. If you send them, they are ignored. Click to expand the list of reserved attributes `email` `clientId` `phone` `customId` `uuid` `firstName` `lastName` `displayName` `company` `address` `city` `province` `zipCode` `countryCode` `birthDate` `sex` `avatarUrl` `anonymous` `agreements` `tags` `businessProfileId` `time` `ip` `source` `newsletter_agreement` `custom_identify` `firstname` `lastname` `created` `updated` `last_activity_date` `birthdate` `external_avatar_url` `displayname` `receive_smses` `receive_push_messages` `receive_webpush_messages` `receive_btooth_messages` `receive_rfid_messages` `receive_wifi_messages` `confirmation_hash` `ownerId` `zipCode` `anonymous_type` `country_id` `geo_loc_city` `geo_loc_country` `geo_loc_as` `geo_loc_country_code` `geo_loc_isp` `geo_loc_lat` `geo_loc_lon` `geo_loc_org` `geo_loc_query` `geo_loc_region` `geo_loc_region_name` `geo_loc_status` `geo_loc_timezone` `geo_loc_zip` `club_card_id` `type` `confirmed` `facebookId` `status`
tags	Array of strings Tags can be used to group profiles. Tag names (strings): can't include variation selectors (`[\uFE00-\uFE0F]`), unless there are other characters in the string. can't include the "null" control character (`\u0000`)

Responses

Request samples

Content type

application/json

{"apiKey": "string",
"identityProvider": "SYNERISE",
"identityProviderToken": "string",
"email": "string",
"customId": null,
"password": "string",
"uuid": "string",
"deviceId": "string",
"agreements": {"email": false,
"sms": false,
"push": false,
"webPush": false,
"bluetooth": false,
"rfid": false,
"wifi": false
},
"attributes": {"property1": null,
"property2": null
},
"tags": ["string"
]
}

Response samples

Content type

application/json

{"token": "eyJhbGciOiJSUzUxMiJ9.eyJzdinvalidwYmZkM2FkNDg2ZjQ3ZGRiMjE5MSIsImF1ZCI6IkFQSSIsInJsbSI6ImFub255bW91c19jbGllbnQiLCJjdGQiOjE1NTMwMDQxNTkxNTEsImVtbCI6IjYyMjM3NmY4LTAwMDAtMjIyMi1kN2Y5LTA3MGZhOTU2ZTk2M0Bhbm9ueW1vdXMuaW52YWxpZCIsImF1dGgiOiJINHNJQUFBQUFBQUFBSXVPQlFBcHUwd05BZ0FBQUE9PSIsImlzcyI6IlN5bmVyaXNlIiwiYnBpIjo0OCwiY2xJZCI6NDMzMjMwMjg4LCJleHAiOjE1NTMwMDcxNTksImFwayI6IjVBRUFBM0Q1LUUxNDctQzdFQi1ENTlFLUJDRjUwMTA5QTNEMSJ9.QOmSqrneR4mJFv4JdxTYsw_wGcDawDsVQuB-GVTcPPwijiP7lQ_Jzqq2Mypg1BS6WFlfGB8fzqCY9iMF_TdtjmoB4xBrY95ylU8L9qto-9Cw5x5TURkfxq31eryiHe2IteRAEtoVzYg2_s9QhlH6ANVcFOVp8dMno0V9bfMYfeSQa3FkjEbxFsseHkMOiADmp9-tOGtLXO942Ir-2W_Hz3Utlpt4erz0dVJBw8a-mFavPA8EEDWR7ACJNocrVHFkS3wFISh3LqLn6KkXiowaynKlJOEHGctuahzKmF3ZOJ1BvGgKohxF9OXvQs9IdmCfWhYsLr5Q2p04TJJ-MyvTipuggKVioh8mHmOFdfnN-Zused6tXzhZtKPUWTmM8cBKoAOBHExxcMQ8SVSjxnw_7_eLKm7S2wNpu0V-tiPZPCH4wYZXtWBYjmfy0V9ydjXnNunXfgxKixLeFNnONUXxEuqPLvM_xAuonQBXVN4nYrgJv8p8U6_ZlGMPjJq1szfcuBZnzI34LSEWx_nSof0XC5Czm8iG_ihG8naivNWS8h-Q-qKMP_3PPFsLSH4Egh03pH93EJUuNAeSO4RGfUX1wzMvrv1nBC1SM660uFMbq-wkplFBbKnHKMYe-qRs1-lZPG5PwPWJJdpGqOUzbnoMOJYmiq06OHHVQyJSkcEHLCk"
}

Authenticate Profile with a server

Obtain a new JWT for a Profile. This method is designed to be used from a backend server that handles login requests and communicates with Synerise to execute them.
If an account for the Profile does not exist and the identityProvider is different than SYNERISE, this request creates an account.

API consumer who can use this method: Workspace (formerly Business Profile)
API key Permissions are assigned to API keys (for Profile and Workspace scopes) and dictate which operations are available when using a particular API key. In the application, you can manage those permissions in Settings > API Keys. Remember that Profile and Workspace API keys are separate entities.permission required: SAUTH_SERVER_LOGIN_CLIENT_CREATE

Request Body schema: application/json

ipAddress required	string The IP address of the client device that is logging in.
apiKey required	string Profile (formerly "Client") API key
identityProvider required	string Enum: "SYNERISE" "FACEBOOK" "OAUTH" "APPLE" "GOOGLE" "UNKNOWN" The identity provider.
identityProviderToken	string Third-party authentication token used to authenticate with the Identity Provider. Required if `identityProvider` is different than `SYNERISE`.
email	string Profile email. Required if `identityProvider` is `SYNERISE` and email is the unique identifier (default setting).
customId	any Profile customId. Required if `identityProvider` is `SYNERISE` and customId is the unique identifier (see https://hub.synerise.com/docs/settings/configuration/non-unique-emails/).
password	string Profile password. Required if `identityProvider` is `SYNERISE`.
uuid	string Profile UUID. Required if `identityProvider` is `SYNERISE`.
deviceId	string Unique Android or iOS device ID
	object This object contains the marketing agreements of the Profile. You can also pass the values as strings (`"true"`;`"True"`/`"false"`;`"False"`) or integers (`1` for true and `0` for false).
	object This object contains custom attributes that can have any name (except for reserved attributes, see warning below) and data type, as required by your integration. The attribute names can't include any characters that match the pattern (ECMA flavor): `/[\r\n\u2028\u2029\u00AD\u0000\uFE00-\uFE0F]/` String values: can't include variation selectors (`[\uFE00-\uFE0F]`), unless there are other characters in the string. can't include the "null" control character (`\u0000`) If you want to send a date/time attribute for use in analytics, take the following into account: The date/time should be formatted according to ISO 8601. The time zone of the workspace affects dates/times in the attributes that DON'T have a defined timezone. Example: `2023-10-09T12:00:00` doesn't have a timezone indicator and will be considered as a time in the workspace's time zone. `2023-10-09T12:00:00+02:00` has a timezone indicator (`+02:00`), so the timezone of the workspace doesn't affect it. `2023-10-09T12:00:00Z` is a time in the UTC time zone (denoted by the `Z` at the end), so the timezone of the workspace doesn't affect it. WARNING: Some attributes are reserved and cannot be sent. If you send them, they are ignored. Click to expand the list of reserved attributes `email` `clientId` `phone` `customId` `uuid` `firstName` `lastName` `displayName` `company` `address` `city` `province` `zipCode` `countryCode` `birthDate` `sex` `avatarUrl` `anonymous` `agreements` `tags` `businessProfileId` `time` `ip` `source` `newsletter_agreement` `custom_identify` `firstname` `lastname` `created` `updated` `last_activity_date` `birthdate` `external_avatar_url` `displayname` `receive_smses` `receive_push_messages` `receive_webpush_messages` `receive_btooth_messages` `receive_rfid_messages` `receive_wifi_messages` `confirmation_hash` `ownerId` `zipCode` `anonymous_type` `country_id` `geo_loc_city` `geo_loc_country` `geo_loc_as` `geo_loc_country_code` `geo_loc_isp` `geo_loc_lat` `geo_loc_lon` `geo_loc_org` `geo_loc_query` `geo_loc_region` `geo_loc_region_name` `geo_loc_status` `geo_loc_timezone` `geo_loc_zip` `club_card_id` `type` `confirmed` `facebookId` `status`
tags	Array of strings Tags can be used to group profiles. Tag names (strings): can't include variation selectors (`[\uFE00-\uFE0F]`), unless there are other characters in the string. can't include the "null" control character (`\u0000`)

Responses

Request samples

Content type

application/json

{"ipAddress": "string",
"apiKey": "string",
"identityProvider": "SYNERISE",
"identityProviderToken": "string",
"email": "string",
"customId": null,
"password": "string",
"uuid": "string",
"deviceId": "string",
"agreements": {"email": false,
"sms": false,
"push": false,
"webPush": false,
"bluetooth": false,
"rfid": false,
"wifi": false
},
"attributes": {"property1": null,
"property2": null
},
"tags": ["string"
]
}

Response samples

Content type

application/json

{"token": "eyJhbGciOiJSUzUxMiJ9.eyJzdinvalidwYmZkM2FkNDg2ZjQ3ZGRiMjE5MSIsImF1ZCI6IkFQSSIsInJsbSI6ImFub255bW91c19jbGllbnQiLCJjdGQiOjE1NTMwMDQxNTkxNTEsImVtbCI6IjYyMjM3NmY4LTAwMDAtMjIyMi1kN2Y5LTA3MGZhOTU2ZTk2M0Bhbm9ueW1vdXMuaW52YWxpZCIsImF1dGgiOiJINHNJQUFBQUFBQUFBSXVPQlFBcHUwd05BZ0FBQUE9PSIsImlzcyI6IlN5bmVyaXNlIiwiYnBpIjo0OCwiY2xJZCI6NDMzMjMwMjg4LCJleHAiOjE1NTMwMDcxNTksImFwayI6IjVBRUFBM0Q1LUUxNDctQzdFQi1ENTlFLUJDRjUwMTA5QTNEMSJ9.QOmSqrneR4mJFv4JdxTYsw_wGcDawDsVQuB-GVTcPPwijiP7lQ_Jzqq2Mypg1BS6WFlfGB8fzqCY9iMF_TdtjmoB4xBrY95ylU8L9qto-9Cw5x5TURkfxq31eryiHe2IteRAEtoVzYg2_s9QhlH6ANVcFOVp8dMno0V9bfMYfeSQa3FkjEbxFsseHkMOiADmp9-tOGtLXO942Ir-2W_Hz3Utlpt4erz0dVJBw8a-mFavPA8EEDWR7ACJNocrVHFkS3wFISh3LqLn6KkXiowaynKlJOEHGctuahzKmF3ZOJ1BvGgKohxF9OXvQs9IdmCfWhYsLr5Q2p04TJJ-MyvTipuggKVioh8mHmOFdfnN-Zused6tXzhZtKPUWTmM8cBKoAOBHExxcMQ8SVSjxnw_7_eLKm7S2wNpu0V-tiPZPCH4wYZXtWBYjmfy0V9ydjXnNunXfgxKixLeFNnONUXxEuqPLvM_xAuonQBXVN4nYrgJv8p8U6_ZlGMPjJq1szfcuBZnzI34LSEWx_nSof0XC5Czm8iG_ihG8naivNWS8h-Q-qKMP_3PPFsLSH4Egh03pH93EJUuNAeSO4RGfUX1wzMvrv1nBC1SM660uFMbq-wkplFBbKnHKMYe-qRs1-lZPG5PwPWJJdpGqOUzbnoMOJYmiq06OHHVQyJSkcEHLCk"
}

Authenticate as Profile (conditional)

Obtain a new JWT token for a Profile.

If the account does not exist, an account is not created.
If any additional conditions are required for logging in, the response is HTTP200 and lists the conditions.
Note that using this endpoint requires authenticating as an anonymous Profile first.
This method does not require a Synerise authorization token.

Authorizations:

JWT

Request Body schema: application/json

apiKey required	string Profile (formerly "Client") API key
identityProvider required	string Enum: "SYNERISE" "FACEBOOK" "OAUTH" "APPLE" "GOOGLE" "UNKNOWN" The identity provider.
identityProviderToken	string Third-party authentication token used to authenticate with the Identity Provider. Required if `identityProvider` is different than `SYNERISE`.
email	string Profile email. Required if `identityProvider` is `SYNERISE` and email is the unique identifier (default setting).
customId	any Profile customId. Required if `identityProvider` is `SYNERISE` and customId is the unique identifier (see https://hub.synerise.com/docs/settings/configuration/non-unique-emails/).
password	string Profile password. Required if `identityProvider` is `SYNERISE`.
uuid	string Profile UUID. Required if `identityProvider` is `SYNERISE`.
deviceId	string Unique Android or iOS device ID
	object This object contains the marketing agreements of the Profile. You can also pass the values as strings (`"true"`;`"True"`/`"false"`;`"False"`) or integers (`1` for true and `0` for false).
	object This object contains custom attributes that can have any name (except for reserved attributes, see warning below) and data type, as required by your integration. The attribute names can't include any characters that match the pattern (ECMA flavor): `/[\r\n\u2028\u2029\u00AD\u0000\uFE00-\uFE0F]/` String values: can't include variation selectors (`[\uFE00-\uFE0F]`), unless there are other characters in the string. can't include the "null" control character (`\u0000`) If you want to send a date/time attribute for use in analytics, take the following into account: The date/time should be formatted according to ISO 8601. The time zone of the workspace affects dates/times in the attributes that DON'T have a defined timezone. Example: `2023-10-09T12:00:00` doesn't have a timezone indicator and will be considered as a time in the workspace's time zone. `2023-10-09T12:00:00+02:00` has a timezone indicator (`+02:00`), so the timezone of the workspace doesn't affect it. `2023-10-09T12:00:00Z` is a time in the UTC time zone (denoted by the `Z` at the end), so the timezone of the workspace doesn't affect it. WARNING: Some attributes are reserved and cannot be sent. If you send them, they are ignored. Click to expand the list of reserved attributes `email` `clientId` `phone` `customId` `uuid` `firstName` `lastName` `displayName` `company` `address` `city` `province` `zipCode` `countryCode` `birthDate` `sex` `avatarUrl` `anonymous` `agreements` `tags` `businessProfileId` `time` `ip` `source` `newsletter_agreement` `custom_identify` `firstname` `lastname` `created` `updated` `last_activity_date` `birthdate` `external_avatar_url` `displayname` `receive_smses` `receive_push_messages` `receive_webpush_messages` `receive_btooth_messages` `receive_rfid_messages` `receive_wifi_messages` `confirmation_hash` `ownerId` `zipCode` `anonymous_type` `country_id` `geo_loc_city` `geo_loc_country` `geo_loc_as` `geo_loc_country_code` `geo_loc_isp` `geo_loc_lat` `geo_loc_lon` `geo_loc_org` `geo_loc_query` `geo_loc_region` `geo_loc_region_name` `geo_loc_status` `geo_loc_timezone` `geo_loc_zip` `club_card_id` `type` `confirmed` `facebookId` `status`
tags	Array of strings Tags can be used to group profiles. Tag names (strings): can't include variation selectors (`[\uFE00-\uFE0F]`), unless there are other characters in the string. can't include the "null" control character (`\u0000`)

Responses

Request samples

Content type

application/json

{"apiKey": "string",
"identityProvider": "SYNERISE",
"identityProviderToken": "string",
"email": "string",
"customId": null,
"password": "string",
"uuid": "string",
"deviceId": "string",
"agreements": {"email": false,
"sms": false,
"push": false,
"webPush": false,
"bluetooth": false,
"rfid": false,
"wifi": false
},
"attributes": {"property1": null,
"property2": null
},
"tags": ["string"
]
}

Response samples

Content type

application/json

{"conditions": ["string"
],
"status": "SUCCESS",
"token": "string",
"expiration": 1649283173,
"created": 1649277173668,
"origin": "SYNERISE",
"customId": "card123",
"realm": "client"
}

Authenticate anonymously

Obtain a new JWT for an anonymous Profile. The token can be used and refreshed in the same way as tokens of registered Profiles.

This method does not require a Synerise authorization token.

Request Body schema: application/json

apiKey required	string Profile (formerly "Client") API key
uuid required	string UUID of the Profile. It is a unique identifier. The value can't include any characters that match the pattern (ECMA flavor): `/([\uD800-\uDBFF][\uDC00-\uDFFF])\|([\r\n\u2028\u2029\u00AD]\|[\uFE00-\uFE0F]\|[\u0000])/`
deviceId	string Unique iOS or Android device identifier.

Responses

Request samples

Content type

application/json

{"apiKey": "string",
"uuid": "07243772-008a-42e1-ba37-c3807cebde8f",
"deviceId": "string"
}

Response samples

200
401

Content type

application/json

{"token": "eyJhbGciOiJSUzUxMiJ9.eyJzdinvalidwYmZkM2FkNDg2ZjQ3ZGRiMjE5MSIsImF1ZCI6IkFQSSIsInJsbSI6ImFub255bW91c19jbGllbnQiLCJjdGQiOjE1NTMwMDQxNTkxNTEsImVtbCI6IjYyMjM3NmY4LTAwMDAtMjIyMi1kN2Y5LTA3MGZhOTU2ZTk2M0Bhbm9ueW1vdXMuaW52YWxpZCIsImF1dGgiOiJINHNJQUFBQUFBQUFBSXVPQlFBcHUwd05BZ0FBQUE9PSIsImlzcyI6IlN5bmVyaXNlIiwiYnBpIjo0OCwiY2xJZCI6NDMzMjMwMjg4LCJleHAiOjE1NTMwMDcxNTksImFwayI6IjVBRUFBM0Q1LUUxNDctQzdFQi1ENTlFLUJDRjUwMTA5QTNEMSJ9.QOmSqrneR4mJFv4JdxTYsw_wGcDawDsVQuB-GVTcPPwijiP7lQ_Jzqq2Mypg1BS6WFlfGB8fzqCY9iMF_TdtjmoB4xBrY95ylU8L9qto-9Cw5x5TURkfxq31eryiHe2IteRAEtoVzYg2_s9QhlH6ANVcFOVp8dMno0V9bfMYfeSQa3FkjEbxFsseHkMOiADmp9-tOGtLXO942Ir-2W_Hz3Utlpt4erz0dVJBw8a-mFavPA8EEDWR7ACJNocrVHFkS3wFISh3LqLn6KkXiowaynKlJOEHGctuahzKmF3ZOJ1BvGgKohxF9OXvQs9IdmCfWhYsLr5Q2p04TJJ-MyvTipuggKVioh8mHmOFdfnN-Zused6tXzhZtKPUWTmM8cBKoAOBHExxcMQ8SVSjxnw_7_eLKm7S2wNpu0V-tiPZPCH4wYZXtWBYjmfy0V9ydjXnNunXfgxKixLeFNnONUXxEuqPLvM_xAuonQBXVN4nYrgJv8p8U6_ZlGMPjJq1szfcuBZnzI34LSEWx_nSof0XC5Czm8iG_ihG8naivNWS8h-Q-qKMP_3PPFsLSH4Egh03pH93EJUuNAeSO4RGfUX1wzMvrv1nBC1SM660uFMbq-wkplFBbKnHKMYe-qRs1-lZPG5PwPWJJdpGqOUzbnoMOJYmiq06OHHVQyJSkcEHLCk"
}

Settings

Manage settings associated with Your Workspace

Get ban settings

Retrieve the configuration of applying bans after a number of failed logins.

API consumer who can use this method: Synerise User
API key Permissions are assigned to API keys (for Profile and Workspace scopes) and dictate which operations are available when using a particular API key. In the application, you can manage those permissions in Settings > API Keys. Remember that Profile and Workspace API keys are separate entities.permission required: SAUTH_SETTINGS_READ
User permissions are grouped and assigned to user roles. For each group, you can set separate permissions for the following operations: read, execute, create, edit, delete. In the application, they are available in Settings > Roles. To edit a role's permissions, hover over the role and click the "Permissions" button.User role permission group which allows access to this method: SETTINGS_CUSTOMERS_IAM_LOCKING_POLICY

Authorizations:

JWT

Responses

Request samples

curl --request GET 
  --url https://api.synerise.com/sauth/settings/ban 
  --header 'Authorization: Bearer _YOUR_JWT_TOKEN_'

Response samples

200
401
403

Content type

application/json

{"blockingForClientEnabled": true,
"firstBanCollectingTime": 0,
"firstBanDuration": 0,
"firstBanThreshold": 0,
"secondBanCollectingTime": 0,
"secondBanDuration": 0,
"secondBanThreshold": 0,
"permanentBanCollectingTime": 0,
"permanentBanDuration": 0,
"permanentBanThreshold": 0
}

Update ban settings

Update the configuration of applying bans after a number of failed logins.

API consumer who can use this method: Synerise User
API key Permissions are assigned to API keys (for Profile and Workspace scopes) and dictate which operations are available when using a particular API key. In the application, you can manage those permissions in Settings > API Keys. Remember that Profile and Workspace API keys are separate entities.permission required: SAUTH_SETTINGS_UPDATE
User permissions are grouped and assigned to user roles. For each group, you can set separate permissions for the following operations: read, execute, create, edit, delete. In the application, they are available in Settings > Roles. To edit a role's permissions, hover over the role and click the "Permissions" button.User role permission group which allows access to this method: SETTINGS_CUSTOMERS_IAM_LOCKING_POLICY

Authorizations:

JWT

Request Body schema: application/json

blockingForClientEnabled	boolean When TRUE, first- and second-level bans are enabled. Permanent bans are always enabled.
firstBanCollectingTime	integer <int32> Time in seconds. If a Profile fails to log in too many times during this time, the account is banned. The number of login attempts is defined in `firstBanThreshold` and the duration is defined in `firstBanDuration`. Note: The timer starts at the first login attempt and is common for first-level, second-level, and permanent bans.
firstBanDuration	integer <int32> Duration of the first-level ban in seconds. The first-level ban is applied to a Profile's identifier and cancelled after a successful password reset.
firstBanThreshold	integer <int32> The number of failed login attempts before the first-level ban is applied.
secondBanCollectingTime	integer <int32> Time in seconds. If a Profile fails to log in too many times during this time, the account is banned. The number of login attempts is defined in `secondBanThreshold` and the duration is defined in `secondBanDuration`. Note: The timer starts at the first login attempt and is common for first-level, second-level, and permanent bans.
secondBanDuration	integer <int32> Duration of the second-level ban in seconds. The second-level ban is applied to a Profile's identifier and cancelled after a successful password reset.
secondBanThreshold	integer <int32> The number of failed login attempts before the second-level ban is applied.
permanentBanCollectingTime	integer <int32> Time in seconds. If a Profile fails to log in too many times during this time, the account is banned. The number of login attempts is defined in `permanentBanThreshold` and the duration is defined in `permanentBanDuration`. Note: The timer starts at the first login attempt and is common for first-level, second-level, and permanent bans.
permanentBanDuration	integer <int32> Duration of the permanent ban in seconds. The permanent ban is applied to an IP address and cancelled after a successful password reset.
permanentBanThreshold	integer <int32> The number of failed login attempts before the permanent ban is applied.

Responses

Request samples

Content type

application/json

{"blockingForClientEnabled": true,
"firstBanCollectingTime": 0,
"firstBanDuration": 0,
"firstBanThreshold": 0,
"secondBanCollectingTime": 0,
"secondBanDuration": 0,
"secondBanThreshold": 0,
"permanentBanCollectingTime": 0,
"permanentBanDuration": 0,
"permanentBanThreshold": 0
}

Response samples

200
401
403

Content type

application/json

{"blockingForClientEnabled": true,
"firstBanCollectingTime": 0,
"firstBanDuration": 0,
"firstBanThreshold": 0,
"secondBanCollectingTime": 0,
"secondBanDuration": 0,
"secondBanThreshold": 0,
"permanentBanCollectingTime": 0,
"permanentBanDuration": 0,
"permanentBanThreshold": 0
}

Get email template settings

Get settings for email templates.

API consumer who can use this method: Synerise User
API key Permissions are assigned to API keys (for Profile and Workspace scopes) and dictate which operations are available when using a particular API key. In the application, you can manage those permissions in Settings > API Keys. Remember that Profile and Workspace API keys are separate entities.permission required: SAUTH_SETTINGS_READ
User permissions are grouped and assigned to user roles. For each group, you can set separate permissions for the following operations: read, execute, create, edit, delete. In the application, they are available in Settings > Roles. To edit a role's permissions, hover over the role and click the "Permissions" button.User role permission group which allows access to this method: SETTINGS_CUSTOMERS_IAM_ACCOUNT_CONFIRMATION

Authorizations:

JWT

Responses

Request samples

curl --request GET 
  --url https://api.synerise.com/sauth/settings/templates 
  --header 'Authorization: Bearer _YOUR_JWT_TOKEN_'

Response samples

200

Content type

application/json

{"clientEmailChangeRequestMailSubject": "string",
"clientEmailChangeRequestMailBody": "string",
"clientEmailChangeRequestMailTemplateId": "string",
"clientEmailChangeNotificationMailSubject": "string",
"clientEmailChangeNotificationMailBody": "string",
"clientEmailChangeNotificationMailTemplateId": "string"
}

Update email template settings

Update email template settings. Omitted settings are reset to null!

API consumer who can use this method: Synerise User
API key Permissions are assigned to API keys (for Profile and Workspace scopes) and dictate which operations are available when using a particular API key. In the application, you can manage those permissions in Settings > API Keys. Remember that Profile and Workspace API keys are separate entities.permission required: SAUTH_SETTINGS_UPDATE
User permissions are grouped and assigned to user roles. For each group, you can set separate permissions for the following operations: read, execute, create, edit, delete. In the application, they are available in Settings > Roles. To edit a role's permissions, hover over the role and click the "Permissions" button.User role permission group which allows access to this method: SETTINGS_CUSTOMERS_IAM_ACCOUNT_CONFIRMATION

Authorizations:

JWT

Request Body schema: application/json

clientEmailChangeRequestMailSubject	string Subject of the email change confirmation email. This is sent to the new address.
clientEmailChangeRequestMailBody	string or null HTML body of the email change confirmation email. All `"` characters must be escaped and all the code must be a single line. This is sent to the new address.
clientEmailChangeRequestMailTemplateId	string or null ID of the email change confirmation email body template. This email is sent to the new address. If you use a template, it overrides the content sent in `clientEmailChangeRequestMailBody`.
clientEmailChangeNotificationMailSubject	string Subject of the email change notification email. This is sent to the current address.
clientEmailChangeNotificationMailBody	string or null HTML body of the email change notification email. All `"` characters must be escaped and all the code must be a single line. This is sent to the current address.
clientEmailChangeNotificationMailTemplateId	string or null ID of the email change notification email template. This email is sent to the current address. If you use a template, it overrides the content sent in `clientEmailChangeNotificationMailBody`.

Responses

Request samples

Content type

application/json

{"clientEmailChangeRequestMailSubject": "string",
"clientEmailChangeRequestMailBody": "string",
"clientEmailChangeRequestMailTemplateId": "string",
"clientEmailChangeNotificationMailSubject": "string",
"clientEmailChangeNotificationMailBody": "string",
"clientEmailChangeNotificationMailTemplateId": "string"
}

Response samples

200

Content type

application/json

{"clientEmailChangeRequestMailSubject": "string",
"clientEmailChangeRequestMailBody": "string",
"clientEmailChangeRequestMailTemplateId": "string",
"clientEmailChangeNotificationMailSubject": "string",
"clientEmailChangeNotificationMailBody": "string",
"clientEmailChangeNotificationMailTemplateId": "string"
}

Get device authorization settings

Retrieve the settings related to authorization of logins from unknown devices.

API consumer who can use this method: Synerise User
API key Permissions are assigned to API keys (for Profile and Workspace scopes) and dictate which operations are available when using a particular API key. In the application, you can manage those permissions in Settings > API Keys. Remember that Profile and Workspace API keys are separate entities.permission required: SAUTH_SETTINGS_READ
User permissions are grouped and assigned to user roles. For each group, you can set separate permissions for the following operations: read, execute, create, edit, delete. In the application, they are available in Settings > Roles. To edit a role's permissions, hover over the role and click the "Permissions" button.User role permission group which allows access to this method: SETTINGS_CUSTOMERS_IAM_LOCKING_POLICY

Authorizations:

JWT

Responses

Request samples

curl --request GET 
  --url https://api.synerise.com/sauth/settings/device-control 
  --header 'Authorization: Bearer _YOUR_JWT_TOKEN_'

Response samples

200
401
403

Content type

application/json

{"deviceControlMode": "false",
"hardMailBody": "string",
"hardMailTitle": "string",
"hardTemplateId": "string",
"softMailBody": "string",
"softMailTitle": "string",
"softTemplateId": "string"
}

Update device authorization settings

Update the settings related to authorization of logins from unknown devices.

API consumer who can use this method: Synerise User
API key Permissions are assigned to API keys (for Profile and Workspace scopes) and dictate which operations are available when using a particular API key. In the application, you can manage those permissions in Settings > API Keys. Remember that Profile and Workspace API keys are separate entities.permission required: SAUTH_SETTINGS_UPDATE
User permissions are grouped and assigned to user roles. For each group, you can set separate permissions for the following operations: read, execute, create, edit, delete. In the application, they are available in Settings > Roles. To edit a role's permissions, hover over the role and click the "Permissions" button.User role permission group which allows access to this method: SETTINGS_CUSTOMERS_IAM_LOCKING_POLICY

Authorizations:

JWT

Request Body schema: application/json

deviceControlMode	string Enum: "false" "SOFT" "HARD" "CONDITIONAL_BASED_ON_LOCATION" Defines the type of device authorization. OFF: No device authorization. SOFT: The Profile is notified about logins from a new device, but the access is not blocked. HARD: Login attempts from the new device are blocked until the Profile authorizes the device with the link or token received by email. CONDITIONAL_BASED_ON_LOCATION: If a Profile logs in from a new device in Poland, they receive a notification (same as with SOFT setting). If the new device is outside of Poland, it must be authorized with a link or token received by email (same as with HARD setting). Other countries will be supported in the future.
hardMailBody	string HTML body of the device authorization email for hard mode. All `"` characters must be escaped and all the code must be a single line.
hardMailTitle	string Subject of the device authorization email for hard mode.
hardTemplateId	string ID of the device authorization email template for hard mode. If you use a template, it overrides the content sent in `hardMailBody`.
softMailBody	string HTML body of the device authorization email for soft mode. All `"` characters must be escaped and all the code must be a single line.
softMailTitle	string Subject of the device authorization email for soft mode.
softTemplateId	string ID of the device authorization email template for soft mode. If you use a template, it overrides the content sent in `softMailBody`.

Responses

Request samples

Content type

application/json

{"deviceControlMode": "false",
"hardMailBody": "string",
"hardMailTitle": "string",
"hardTemplateId": "string",
"softMailBody": "string",
"softMailTitle": "string",
"softTemplateId": "string"
}

Response samples

200
401
403

Content type

application/json

{"deviceControlMode": "false",
"hardMailBody": "string",
"hardMailTitle": "string",
"hardTemplateId": "string",
"softMailBody": "string",
"softMailTitle": "string",
"softTemplateId": "string"
}

Get general settings

Retrieve the general settings of the workspace.

API consumer who can use this method: Synerise User
API key Permissions are assigned to API keys (for Profile and Workspace scopes) and dictate which operations are available when using a particular API key. In the application, you can manage those permissions in Settings > API Keys. Remember that Profile and Workspace API keys are separate entities.permission required: SAUTH_SETTINGS_READ
User permissions are grouped and assigned to user roles. For each group, you can set separate permissions for the following operations: read, execute, create, edit, delete. In the application, they are available in Settings > Roles. To edit a role's permissions, hover over the role and click the "Permissions" button.User role permission group which allows access to this method: SETTINGS_CUSTOMERS_IAM_ACCOUNT_CONFIRMATION

Authorizations:

JWT

Responses

Request samples

curl --request GET 
  --url https://api.synerise.com/sauth/settings/general 
  --header 'Authorization: Bearer _YOUR_JWT_TOKEN_'

Response samples

200

Content type

application/json

{"tokenLifetimeInSeconds": 0,
"voucherPoolUuid": "string",
"allowOverwriteCustomIdentify": false,
"allowOverwriteExternalId": false,
"allowEmailChangeFromWebForm": false,
"allowToPassCustomIdentifyWithVoucherPool": false
}

Update general settings

Update general settings. Settings omitted in the request are reset to default!.

API consumer who can use this method: Synerise User
API key Permissions are assigned to API keys (for Profile and Workspace scopes) and dictate which operations are available when using a particular API key. In the application, you can manage those permissions in Settings > API Keys. Remember that Profile and Workspace API keys are separate entities.permission required: SAUTH_SETTINGS_UPDATE
User permissions are grouped and assigned to user roles. For each group, you can set separate permissions for the following operations: read, execute, create, edit, delete. In the application, they are available in Settings > Roles. To edit a role's permissions, hover over the role and click the "Permissions" button.User role permission group which allows access to this method: SETTINGS_CUSTOMERS_IAM_ACCOUNT_CONFIRMATION

Authorizations:

JWT

Request Body schema: application/json

tokenLifetimeInSeconds required	integer <int64> Default: 0 The time in seconds before the authorization tokens expire. If set to `0` (default), the global Synerise setting is applied: 60 minutes.
voucherPoolUuid	string UUID of the voucher pool that stores `customId` values available for assignment to new Profiles, if applicable in your implementation.
allowOverwriteCustomIdentify	boolean Default: false When set to TRUE, customers' `customId` values may be modified. By default, the `customId` cannot be changed.
allowOverwriteExternalId	boolean Default: false When set to TRUE, a profile's `externalId` value may be modified. This may be useful, for example, if someone deletes their account with an external authentication provider, and then registers a new account with the same email. The external provider assigns a new ID and you need to allow overwriting the existing external ID in Synerise in order to link the existing profile in Synerise with the newly created account from the external provider.
allowEmailChangeFromWebForm	boolean Default: false When set to TRUE, email change can be requested/confirmed using a web form.
allowToPassCustomIdentifyWithVoucherPool	boolean Default: false When set to TRUE, `customId` can be provided even if `voucher pool` is configured. In this case voucher will not be assigned.

Responses

Request samples

Content type

application/json

{"tokenLifetimeInSeconds": 0,
"voucherPoolUuid": "string",
"allowOverwriteCustomIdentify": false,
"allowOverwriteExternalId": false,
"allowEmailChangeFromWebForm": false,
"allowToPassCustomIdentifyWithVoucherPool": false
}

Response samples

200

Content type

application/json

{"tokenLifetimeInSeconds": 0,
"voucherPoolUuid": "string",
"allowOverwriteCustomIdentify": false,
"allowOverwriteExternalId": false,
"allowEmailChangeFromWebForm": false,
"allowToPassCustomIdentifyWithVoucherPool": false
}

Get OAuth settings

Retrieve OAuth authentication settings

API consumer who can use this method: Synerise User
API key Permissions are assigned to API keys (for Profile and Workspace scopes) and dictate which operations are available when using a particular API key. In the application, you can manage those permissions in Settings > API Keys. Remember that Profile and Workspace API keys are separate entities.permission required: SAUTH_SETTINGS_READ
User permissions are grouped and assigned to user roles. For each group, you can set separate permissions for the following operations: read, execute, create, edit, delete. In the application, they are available in Settings > Roles. To edit a role's permissions, hover over the role and click the "Permissions" button.User role permission group which allows access to this method: SETTINGS_CUSTOMERS_IAM_OAUTH

Authorizations:

JWT

Responses

Request samples

curl --request GET 
  --url https://api.synerise.com/sauth/settings/oauth 
  --header 'Authorization: Bearer _YOUR_JWT_TOKEN_'

Response samples

200
401
403

Content type

application/json

{"enabled": true,
"mode": "JWT_TOKEN",
"endpoint": "string",
"jwkEndpoint": "string",
"headers": {"Content-Type": "application/json",
"Authorization": "Bearer {{_snrs_access_token}}",
"Cache-control": "no-cache"
},
"mapping": {"property1": "string",
"property2": "string"
},
"name": "string",
"mappedExternal": true,
"syncDataOnLogin": false,
"validation": {"property1": "string",
"property2": "string"
}
}

Update OAuth settings

Update OAuth authentication settings

API consumer who can use this method: Synerise User
API key Permissions are assigned to API keys (for Profile and Workspace scopes) and dictate which operations are available when using a particular API key. In the application, you can manage those permissions in Settings > API Keys. Remember that Profile and Workspace API keys are separate entities.permission required: SAUTH_SETTINGS_UPDATE
User permissions are grouped and assigned to user roles. For each group, you can set separate permissions for the following operations: read, execute, create, edit, delete. In the application, they are available in Settings > Roles. To edit a role's permissions, hover over the role and click the "Permissions" button.User role permission group which allows access to this method: SETTINGS_CUSTOMERS_IAM_OAUTH

Authorizations:

JWT

Request Body schema: application/json

Any of

enabled	boolean
mode	string Enum: "JWT_TOKEN" "SERVER" The mode of authentication: SERVER: Your OAuth server returns a token to the client device; the client device passes it to the Synerise backend; Synerise backend verifies the token with your OAuth backend JWT_TOKEN: Your OAuth server returns a JWT to the client device; the client device passes it to the Synerise backend; the Synerise backends verifies it with the provided JWK. This mode requires fewer resources from your backend.
name	string Name of the integration
endpoint	string URL of the OAuth authorization endpoint when the `SERVER` mode is selected. If you want to pass the token from your backend in the URL, use the `{{_snrs_access_token}}` insert.
	object 'Headers for the authorization request when `SERVER` mode is selected. For example, `"X-Custom-Header": "someValue"` If you want to pass the token from your backend in a header, use the `{{_snrs_access_token}}` insert'
	object A mapping of fields from the Synerise endpoint to your OAuth endpoint. For example, if your field is called `token` and its counterpart in Synerise is `accessToken`, the mapping is `"accessToken": "token"`
mappedExternal	boolean Default: true If set to FALSE, the authentication request must include the customer's `customId` in the body.
syncDataOnLogin	boolean Default: false When set to TRUE, profile data from an external authentication provider is uploaded into the Synerise database every time the profile logs in. When FALSE, the data is saved only the first time a profile logs in, so that the amount of data is reduced in later authentication requests.

Responses

Request samples

Content type

application/json

Example

{"enabled": true,
"mode": "JWT_TOKEN",
"name": "string",
"endpoint": "string",
"headers": {"Content-Type": "application/json",
"Authorization": "Bearer {{_snrs_access_token}}",
"Cache-control": "no-cache"
},
"mapping": {"property1": "string",
"property2": "string"
},
"mappedExternal": true,
"syncDataOnLogin": false
}

Response samples

200
401
403

Content type

application/json

{"enabled": true,
"mode": "JWT_TOKEN",
"endpoint": "string",
"jwkEndpoint": "string",
"headers": {"Content-Type": "application/json",
"Authorization": "Bearer {{_snrs_access_token}}",
"Cache-control": "no-cache"
},
"mapping": {"property1": "string",
"property2": "string"
},
"name": "string",
"mappedExternal": true,
"syncDataOnLogin": false,
"validation": {"property1": "string",
"property2": "string"
}
}

getSyneriseAuthConfig

API consumer who can use this method: Synerise User
API key Permissions are assigned to API keys (for Profile and Workspace scopes) and dictate which operations are available when using a particular API key. In the application, you can manage those permissions in Settings > API Keys. Remember that Profile and Workspace API keys are separate entities.permission required: SAUTH_SETTINGS_READ
User permissions are grouped and assigned to user roles. For each group, you can set separate permissions for the following operations: read, execute, create, edit, delete. In the application, they are available in Settings > Roles. To edit a role's permissions, hover over the role and click the "Permissions" button.User role permission group which allows access to this method: SETTINGS_CUSTOMERS_IAM

Responses

Request samples

curl --request GET 
  --url https://api.synerise.com/sauth/settings/synerise-auth

Response samples

200

Content type

application/json

{"enabled": true,
"registrationType": "REQUIRE_ACTIVATION",
"pinConfirmationType": "EVERYONE",
"pinConfirmationLength": 6,
"pinConfirmationValidInSeconds": 300,
"allowPinResendFromDifferentDeviceId": false,
"confirmationRedirectLink": "string",
"confirmationMailSubject": "string",
"confirmationMailBody": "string",
"confirmationMailTemplateId": "string",
"passwordResetMailTemplateId": "string",
"passwordResetMailSubject": "string",
"passwordResetMailBody": "string",
"pinConfirmationMailSubject": "string",
"pinConfirmationMailBody": "string",
"pinConfirmationMailTemplateId": "string",
"maxLength": 0,
"minLength": 0,
"requireAtLeastOneLowercaseLetter": false,
"requireAtLeastOneNonAlphaNumericCharacter": false,
"requireAtLeastOneNumber": false,
"requireAtLeastOneUppercaseLetter": false
}

updateSyneriseAuthSettings

API consumer who can use this method: Synerise User
API key Permissions are assigned to API keys (for Profile and Workspace scopes) and dictate which operations are available when using a particular API key. In the application, you can manage those permissions in Settings > API Keys. Remember that Profile and Workspace API keys are separate entities.permission required: SAUTH_SETTINGS_UPDATE
User permissions are grouped and assigned to user roles. For each group, you can set separate permissions for the following operations: read, execute, create, edit, delete. In the application, they are available in Settings > Roles. To edit a role's permissions, hover over the role and click the "Permissions" button.User role permission group which allows access to this method: SETTINGS_CUSTOMERS_IAM

Request Body schema: application/json

enabled required	boolean
registrationType required	string Enum: "REQUIRE_ACTIVATION" "REQUIRE_EMAIL_CONFIRMATION" "AUTOMATIC" "REQUIRE_PIN_CONFIRMATION"
pinConfirmationType	string Default: "ON_CONFLICT_WITH_EXTERNAL_ACCOUNT" Enum: "EVERYONE" "ON_CONFLICT_WITH_EXTERNAL_ACCOUNT" Defines if PIN confirmation (if enabled) is required for all new accounts or only if there is a conflict with an existing account registered by using third-party Identity Providers.
pinConfirmationLength	integer Default: 6 The number of characters in the PIN
pinConfirmationValidInSeconds	integer Default: 300 TTL of the PIN code before it expires and cannot be used
allowPinResendFromDifferentDeviceId	boolean Default: false When TRUE, a PIN email re-send can be requested from a different device than the last device that requested a PIN email. NOTE: Regardless of this setting, the activation request can only be sent from the last device that requested a PIN email.
confirmationRedirectLink	string Redirect URL of the confirmation link
confirmationMailSubject	string Subject of the account activation email
confirmationMailBody	string or null HTML body of the account activation email. All `"` characters must be escaped and all the code must be a single line.
confirmationMailTemplateId	string or null ID of the account activation email body template. If you use a template, it overrides the content sent in `confirmationMailBody`.
passwordResetMailTemplateId	string or null ID of the password reset confirmation email body template
passwordResetMailSubject	string Subject of the password reset confirmation email
passwordResetMailBody	string or null HTML body of the password reset confirmation email. All `"` characters must be escaped and all the code must be a single line.
pinConfirmationMailSubject	string Subject of the email with the PIN needed to confirm an account.
pinConfirmationMailBody	string or null HTML body of the email with the PIN needed to confirm an account. All `"` characters must be escaped and all the code must be a single line. The PIN code is inserted using the `{{ pin_code }}` Jinjava insert.
pinConfirmationMailTemplateId	string or null ID of the template for the email with the PIN needed to confirm an account. If you use a template, it overrides the content sent in `pinConfirmationMailBody`.
maxLength	integer <int32> Maximum length of the password
minLength	integer <int32> Minimum length of the password
requireAtLeastOneLowercaseLetter	boolean Default: false When TRUE, the password must include at least one lowercase letter.
requireAtLeastOneNonAlphaNumericCharacter	boolean Default: false When TRUE, the password must include at least one non-alphanumeric character.
requireAtLeastOneNumber	boolean Default: false When TRUE, the password must include at least one number.
requireAtLeastOneUppercaseLetter	boolean Default: false When TRUE, the password must include at least one uppercase letter.

Responses

Request samples

Content type

application/json

{"enabled": true,
"registrationType": "REQUIRE_ACTIVATION",
"pinConfirmationType": "EVERYONE",
"pinConfirmationLength": 6,
"pinConfirmationValidInSeconds": 300,
"allowPinResendFromDifferentDeviceId": false,
"confirmationRedirectLink": "string",
"confirmationMailSubject": "string",
"confirmationMailBody": "string",
"confirmationMailTemplateId": "string",
"passwordResetMailTemplateId": "string",
"passwordResetMailSubject": "string",
"passwordResetMailBody": "string",
"pinConfirmationMailSubject": "string",
"pinConfirmationMailBody": "string",
"pinConfirmationMailTemplateId": "string",
"maxLength": 0,
"minLength": 0,
"requireAtLeastOneLowercaseLetter": false,
"requireAtLeastOneNonAlphaNumericCharacter": false,
"requireAtLeastOneNumber": false,
"requireAtLeastOneUppercaseLetter": false
}

Response samples

200

Content type

application/json

{"enabled": true,
"registrationType": "REQUIRE_ACTIVATION",
"pinConfirmationType": "EVERYONE",
"pinConfirmationLength": 6,
"pinConfirmationValidInSeconds": 300,
"allowPinResendFromDifferentDeviceId": false,
"confirmationRedirectLink": "string",
"confirmationMailSubject": "string",
"confirmationMailBody": "string",
"confirmationMailTemplateId": "string",
"passwordResetMailTemplateId": "string",
"passwordResetMailSubject": "string",
"passwordResetMailBody": "string",
"pinConfirmationMailSubject": "string",
"pinConfirmationMailBody": "string",
"pinConfirmationMailTemplateId": "string",
"maxLength": 0,
"minLength": 0,
"requireAtLeastOneLowercaseLetter": false,
"requireAtLeastOneNonAlphaNumericCharacter": false,
"requireAtLeastOneNumber": false,
"requireAtLeastOneUppercaseLetter": false
}

getFacebookOauthSettings

API consumer who can use this method: Synerise User
API key Permissions are assigned to API keys (for Profile and Workspace scopes) and dictate which operations are available when using a particular API key. In the application, you can manage those permissions in Settings > API Keys. Remember that Profile and Workspace API keys are separate entities.permission required: SAUTH_SETTINGS_READ
User permissions are grouped and assigned to user roles. For each group, you can set separate permissions for the following operations: read, execute, create, edit, delete. In the application, they are available in Settings > Roles. To edit a role's permissions, hover over the role and click the "Permissions" button.User role permission group which allows access to this method: SETTINGS_CUSTOMERS_IAM_OAUTH

Responses

Request samples

curl --request GET 
  --url https://api.synerise.com/sauth/settings/oauth/facebook

Response samples

200

Content type

application/json

{"enabled": true
}

updateFacebookOauthSettings

API consumer who can use this method: Synerise User
API key Permissions are assigned to API keys (for Profile and Workspace scopes) and dictate which operations are available when using a particular API key. In the application, you can manage those permissions in Settings > API Keys. Remember that Profile and Workspace API keys are separate entities.permission required: SAUTH_SETTINGS_UPDATE
User permissions are grouped and assigned to user roles. For each group, you can set separate permissions for the following operations: read, execute, create, edit, delete. In the application, they are available in Settings > Roles. To edit a role's permissions, hover over the role and click the "Permissions" button.User role permission group which allows access to this method: SETTINGS_CUSTOMERS_IAM_OAUTH

Request Body schema: application/json

enabled

required

boolean

Responses

Request samples

Content type

application/json

{"enabled": true
}

getGoogleOauthSettings

API consumer who can use this method: Synerise User
API key Permissions are assigned to API keys (for Profile and Workspace scopes) and dictate which operations are available when using a particular API key. In the application, you can manage those permissions in Settings > API Keys. Remember that Profile and Workspace API keys are separate entities.permission required: SAUTH_SETTINGS_READ
User permissions are grouped and assigned to user roles. For each group, you can set separate permissions for the following operations: read, execute, create, edit, delete. In the application, they are available in Settings > Roles. To edit a role's permissions, hover over the role and click the "Permissions" button.User role permission group which allows access to this method: SETTINGS_CUSTOMERS_IAM_OAUTH

Responses

Request samples

curl --request GET 
  --url https://api.synerise.com/sauth/settings/oauth/google

Response samples

200

Content type

application/json

{"enabled": true
}

updateGoogleOauthSettings

API consumer who can use this method: Synerise User
API key Permissions are assigned to API keys (for Profile and Workspace scopes) and dictate which operations are available when using a particular API key. In the application, you can manage those permissions in Settings > API Keys. Remember that Profile and Workspace API keys are separate entities.permission required: SAUTH_SETTINGS_UPDATE
User permissions are grouped and assigned to user roles. For each group, you can set separate permissions for the following operations: read, execute, create, edit, delete. In the application, they are available in Settings > Roles. To edit a role's permissions, hover over the role and click the "Permissions" button.User role permission group which allows access to this method: SETTINGS_CUSTOMERS_IAM_OAUTH

Request Body schema: application/json

enabled

required

boolean

Responses

Request samples

Content type

application/json

{"enabled": true
}

Get Sign in with Apple settings

Retrieve Sign in with Apple settings.

API consumer who can use this method: Synerise User
API key Permissions are assigned to API keys (for Profile and Workspace scopes) and dictate which operations are available when using a particular API key. In the application, you can manage those permissions in Settings > API Keys. Remember that Profile and Workspace API keys are separate entities.permission required: SAUTH_SETTINGS_READ
User permissions are grouped and assigned to user roles. For each group, you can set separate permissions for the following operations: read, execute, create, edit, delete. In the application, they are available in Settings > Roles. To edit a role's permissions, hover over the role and click the "Permissions" button.User role permission group which allows access to this method: SETTINGS_CUSTOMERS_IAM_OAUTH

Authorizations:

JWT

Responses

Request samples

curl --request GET 
  --url https://api.synerise.com/sauth/settings/oauth/apple 
  --header 'Authorization: Bearer _YOUR_JWT_TOKEN_'

Response samples

200
401
403

Content type

application/json

{"enabled": true,
"bundle": "com.synerise.sdk.sample-swift"
}

Update Sign in with Apple settings

Update Sign in with Apple settings.

API consumer who can use this method: Synerise User
API key Permissions are assigned to API keys (for Profile and Workspace scopes) and dictate which operations are available when using a particular API key. In the application, you can manage those permissions in Settings > API Keys. Remember that Profile and Workspace API keys are separate entities.permission required: SAUTH_SETTINGS_UPDATE
User permissions are grouped and assigned to user roles. For each group, you can set separate permissions for the following operations: read, execute, create, edit, delete. In the application, they are available in Settings > Roles. To edit a role's permissions, hover over the role and click the "Permissions" button.User role permission group which allows access to this method: SETTINGS_CUSTOMERS_IAM_OAUTH

Authorizations:

JWT

Request Body schema: application/json

enabled	boolean Defines if Sign in with Apple is enabled in this workspace.
bundle	string Name of your application package

Responses

Request samples

Content type

application/json

{"enabled": true,
"bundle": "com.synerise.sdk.sample-swift"
}

Response samples

200
401
403

Content type

application/json

{"enabled": true,
"bundle": "com.synerise.sdk.sample-swift"
}

Access control

Security settings of a workspace: MFA, IP policies, etc.

Enable MFA requirement for workspace

This request enables multi-factor authentication requirement for the currently selected workspace. After enabling this setting, only users with MFA can access the workspace.

API consumer who can use this method: Synerise User
This method is available to all fully-authenticated users (multifactor confirmation required, if enabled).

Authorizations:

JWT

Responses

Request samples

curl --request POST 
  --url https://api.synerise.com/uauth/business-profile/mfa/requirements 
  --header 'Authorization: Bearer _YOUR_JWT_TOKEN_'

Disable MFA requirement for workspace

This request disables multi-factor authentication requirement for the currently selected workspace. After disabling this setting, users without MFA can access the workspace.

API consumer who can use this method: Synerise User
This method is available to all fully-authenticated users (multifactor confirmation required, if enabled).

Authorizations:

JWT

Responses

Request samples

curl --request DELETE 
  --url https://api.synerise.com/uauth/business-profile/mfa/requirements 
  --header 'Authorization: Bearer _YOUR_JWT_TOKEN_'

Get own strongest password policy

If a user has access to more than one workspace, you can use this endpoint to find the strictest password policy of all the policies in these workspaces. The user's password must meet the requirements of that strictest policy.

API consumer who can use this method: Synerise User
This method is available to all authenticated users, before and after multi-factor authentication is confirmed.

Responses

Request samples

curl --request GET 
  --url https://api.synerise.com/uauth/users/my-account/strongest-password-settings

Get IP allowlist policy

Retrieve the details of IP allowlisting policy of the workspace.

API consumer who can use this method: Synerise User
API key Permissions are assigned to API keys (for Profile and Workspace scopes) and dictate which operations are available when using a particular API key. In the application, you can manage those permissions in Settings > API Keys. Remember that Profile and Workspace API keys are separate entities.permission required: UAUTH_SETTINGS_USER_IP_READ
User permissions are grouped and assigned to user roles. For each group, you can set separate permissions for the following operations: read, execute, create, edit, delete. In the application, they are available in Settings > Roles. To edit a role's permissions, hover over the role and click the "Permissions" button.User role permission group which allows access to this method: SETTINGS_BP

Authorizations:

JWT

Responses

Request samples

curl --request GET 
  --url https://api.synerise.com/uauth/settings/user-bp-ip-policy 
  --header 'Authorization: Bearer _YOUR_JWT_TOKEN_'

Response samples

200

Content type

application/json

{"enabled": true,
"enableSupportSubnets": true,
"ipPolicy": ["string"
]
}

Update IP allowlist policy

Update the details of IP allowlisting policy of the workspace.

API consumer who can use this method: Synerise User
API key Permissions are assigned to API keys (for Profile and Workspace scopes) and dictate which operations are available when using a particular API key. In the application, you can manage those permissions in Settings > API Keys. Remember that Profile and Workspace API keys are separate entities.permission required: UAUTH_SETTINGS_USER_IP_UPDATE
User permissions are grouped and assigned to user roles. For each group, you can set separate permissions for the following operations: read, execute, create, edit, delete. In the application, they are available in Settings > Roles. To edit a role's permissions, hover over the role and click the "Permissions" button.User role permission group which allows access to this method: SETTINGS_BP

Authorizations:

JWT

Request Body schema: application/json

enabled	boolean When TRUE, the policy is active and only the included addresses are allowed to connect.
enableSupportSubnets	boolean Default: true When TRUE, the IP addresses used by Synerise for service work are added to the allowlist. These addresses depend on the configuration.
ipPolicy	Array of strings List of allowed IPv4 addresses

Responses

Request samples

Content type

application/json

{"enabled": true,
"enableSupportSubnets": true,
"ipPolicy": ["string"
]
}

Response samples

200

Content type

application/json

{"enabled": true,
"enableSupportSubnets": true,
"ipPolicy": ["string"
]
}

Get strongest password policy of a User

If a user has access to more than one workspace, you can use this endpoint to find the strictest password policy of all the policies in these workspaces. The user's password must meet the requirements of that strictest policy.

This method does not require a Synerise authorization token.

Authorizations:

JWT

path Parameters

email

required

string

User's email address

Responses

Request samples

curl --request GET 
  --url https://api.synerise.com/uauth/strongest-password-settings-by-email/%7Bemail%7D 
  --header 'Authorization: Bearer _YOUR_JWT_TOKEN_'

Response samples

200

Content type

application/json

{"attempts": 0,
"block": 0,
"businessProfileId": 0,
"different": 0,
"digits": 0,
"expiration": 0,
"lowerLetters": 0,
"maxIdleTime": 0,
"maxLength": 0,
"minLength": 0,
"nextChange": 0,
"specialChars": 0,
"upperLetters": 0
}

Initiate multi-factor authentication for user

Begins the process of enabling multi-factor authentication for a user by initiating it.

API consumer who can use this method: Synerise User
This method is available to all authenticated users, before and after multi-factor authentication is confirmed.

Authorizations:

JWT

query Parameters

mfaType

required

string

Enum: "TOTP_AUTHENTICATOR" "EMAIL"

Type of multi-factor authentication

Responses

Request samples

curl --request POST 
  --url 'https://api.synerise.com/uauth/users/mfa/initialization?mfaType=SOME_STRING_VALUE' 
  --header 'Authorization: Bearer _YOUR_JWT_TOKEN_'

Response samples

200

Content type

application/json

{"url": "string",
"secret": "string"
}

Confirm multi-factor authentication for user

Continues the process of enabling multi-factor authentication for a user by confirming it.

API consumer who can use this method: Synerise User
This method is available to all authenticated users, before and after multi-factor authentication is confirmed.

Authorizations:

JWT

query Parameters

mfaType

required

string

Enum: "TOTP_AUTHENTICATOR" "EMAIL"

Type of multi-factor authentication

Request Body schema: application/json

verificationCode

required

string

Multi-factor verification code

Responses

Request samples

Content type

application/json

{"verificationCode": "string"
}

Response samples

200

Content type

application/json

{"backupCode": "string"
}

Remove multi-factor authentication for user

Removes user multi-factor authentication.

API consumer who can use this method: Synerise User
This method is available to all authenticated users, before and after multi-factor authentication is confirmed.

Authorizations:

JWT

query Parameters

mfaType required	string Enum: "TOTP_AUTHENTICATOR" "EMAIL" Type of multi-factor authentication
backupCode required	string User's backup code

Responses

Request samples

curl --request DELETE 
  --url 'https://api.synerise.com/uauth/users/mfa?mfaType=SOME_STRING_VALUE&backupCode=SOME_STRING_VALUE' 
  --header 'Authorization: Bearer _YOUR_JWT_TOKEN_'

Get user password policy

Retrieve the user password policy of the workspace.

API consumer who can use this method: Synerise User
API key Permissions are assigned to API keys (for Profile and Workspace scopes) and dictate which operations are available when using a particular API key. In the application, you can manage those permissions in Settings > API Keys. Remember that Profile and Workspace API keys are separate entities.permission required: UAUTH_SETTINGS_PASSWORD_POLICY_READ
User permissions are grouped and assigned to user roles. For each group, you can set separate permissions for the following operations: read, execute, create, edit, delete. In the application, they are available in Settings > Roles. To edit a role's permissions, hover over the role and click the "Permissions" button.User role permission group which allows access to this method: SETTINGS_USERS_AM_PASSWORD_POLICY

Authorizations:

JWT

Responses

Request samples

curl --request GET 
  --url https://api.synerise.com/uauth/settings/password-policy 
  --header 'Authorization: Bearer _YOUR_JWT_TOKEN_'

Response samples

200

Content type

application/json

{"attempts": 0,
"block": 0,
"different": 0,
"digits": 0,
"expiration": 0,
"lowerLetters": 0,
"maxIdleTime": 0,
"maxLength": 0,
"minLength": 0,
"nextChange": 0,
"specialChars": 0,
"upperLetters": 0
}

Update user password policy

Update the user password policy. Entering 0 as the value disables a requirement.

API consumer who can use this method: Synerise User
API key Permissions are assigned to API keys (for Profile and Workspace scopes) and dictate which operations are available when using a particular API key. In the application, you can manage those permissions in Settings > API Keys. Remember that Profile and Workspace API keys are separate entities.permission required: UAUTH_SETTINGS_PASSWORD_POLICY_UPDATE
User permissions are grouped and assigned to user roles. For each group, you can set separate permissions for the following operations: read, execute, create, edit, delete. In the application, they are available in Settings > Roles. To edit a role's permissions, hover over the role and click the "Permissions" button.User role permission group which allows access to this method: SETTINGS_USERS_AM_PASSWORD_POLICY

Authorizations:

JWT

Request Body schema: application/json

attempts	integer <int32> The number of failed sign-in attempts after which an account is blocked
block	integer <int32> The number of days after which an account is blocked after the password expires.
different	integer <int32> Defines how many previous passwords are compared. For example, if set to 3, the new password must be different than the 3 last passwords.
digits	integer <int32> The minimum number of digits in a password
expiration	integer <int32> The number of days after which the passwords expire
lowerLetters	integer <int32> The minimum number of lower-case letters in a password
maxIdleTime	integer <int32> Time (in seconds) after which an idle user is signed out
maxLength	integer <int32> The maximum number of characters in a password
minLength	integer <int32> The minimum number of characters in a password
nextChange	integer <int32> Currently not used
specialChars	integer <int32> The minimum number of special characters in a password
upperLetters	integer <int32> The minimum number of upper-case letters in a password

Responses

Request samples

Content type

application/json

{"attempts": 0,
"block": 0,
"different": 0,
"digits": 0,
"expiration": 0,
"lowerLetters": 0,
"maxIdleTime": 0,
"maxLength": 0,
"minLength": 0,
"nextChange": 0,
"specialChars": 0,
"upperLetters": 0
}

Response samples

200

Content type

application/json

{"attempts": 0,
"block": 0,
"different": 0,
"digits": 0,
"expiration": 0,
"lowerLetters": 0,
"maxIdleTime": 0,
"maxLength": 0,
"minLength": 0,
"nextChange": 0,
"specialChars": 0,
"upperLetters": 0
}

User management

Manage user accounts in your workspace

Find user by invitation token

You can retrieve the details of an account by providing the invitation token generated for that account.

This method does not require a Synerise authorization token.

path Parameters

invitationToken

required

string

Invitation token

Responses

Request samples

curl --request GET 
  --url https://api.synerise.com/uauth/user/register/invitation/%7BinvitationToken%7D

Response samples

200

Content type

application/json

{"email": "string",
"firstName": "string",
"lastName": "string"
}

Invite user

Invite a user to join a workspace. The user receives an email with an invitation token.

API consumer who can use this method: Synerise User
API key Permissions are assigned to API keys (for Profile and Workspace scopes) and dictate which operations are available when using a particular API key. In the application, you can manage those permissions in Settings > API Keys. Remember that Profile and Workspace API keys are separate entities.permission required: UAUTH_INVITATIONS_CREATE
User permissions are grouped and assigned to user roles. For each group, you can set separate permissions for the following operations: read, execute, create, edit, delete. In the application, they are available in Settings > Roles. To edit a role's permissions, hover over the role and click the "Permissions" button.User role permission group which allows access to this method: SETTINGS_USERS

Authorizations:

JWT

Request Body schema: application/json

All the data sent in this request applies to the user being invited.

email	string User's email address
firstName	string First name of the user
lastName	string Last name of the user
roles	Array of integers <int64> [ items <int64 > ] An array of roles (IDs) assigned to the user in the currently selected workspace

Responses

Request samples

Content type

application/json

{"email": "string",
"firstName": "string",
"lastName": "string",
"roles": [0
]
}

Invite many users

Invite a number of users to the workspace at once. The users receive emails with invitation tokens.

API consumer who can use this method: Synerise User
API key Permissions are assigned to API keys (for Profile and Workspace scopes) and dictate which operations are available when using a particular API key. In the application, you can manage those permissions in Settings > API Keys. Remember that Profile and Workspace API keys are separate entities.permission required: UAUTH_INVITATIONS_CREATE
User permissions are grouped and assigned to user roles. For each group, you can set separate permissions for the following operations: read, execute, create, edit, delete. In the application, they are available in Settings > Roles. To edit a role's permissions, hover over the role and click the "Permissions" button.User role permission group which allows access to this method: SETTINGS_USERS

Authorizations:

JWT

Request Body schema: application/json

All the data sent in this request refers to the users being invited.

Array of objects[ items ]

An array of users to invite

Responses

Request samples

Content type

application/json

{"invitations": [{"email": "string",
"firstName": "string",
"lastName": "string",
"roles": [0
]
}
]
}

Delete invitations

Delete invitations that were not yet accepted.

API consumer who can use this method: Synerise User
API key Permissions are assigned to API keys (for Profile and Workspace scopes) and dictate which operations are available when using a particular API key. In the application, you can manage those permissions in Settings > API Keys. Remember that Profile and Workspace API keys are separate entities.permission required: UAUTH_INVITATIONS_DELETE
User permissions are grouped and assigned to user roles. For each group, you can set separate permissions for the following operations: read, execute, create, edit, delete. In the application, they are available in Settings > Roles. To edit a role's permissions, hover over the role and click the "Permissions" button.User role permission group which allows access to this method: SETTINGS_USERS

Authorizations:

JWT

path Parameters

invitationIds

required

string

Comma-separated list of invitation IDs. To obtain the invitation ID, check the list of users with PENDING status. The invitation ID for a user is the same as the ID of that user.

Responses

Request samples

curl --request DELETE 
  --url https://api.synerise.com/uauth/users/invitations/%7BinvitationIds%7D 
  --header 'Authorization: Bearer _YOUR_JWT_TOKEN_'

Update invitation

Update the details of an invitation.

API consumer who can use this method: Synerise User
API key Permissions are assigned to API keys (for Profile and Workspace scopes) and dictate which operations are available when using a particular API key. In the application, you can manage those permissions in Settings > API Keys. Remember that Profile and Workspace API keys are separate entities.permission required: UAUTH_INVITATIONS_UPDATE
User permissions are grouped and assigned to user roles. For each group, you can set separate permissions for the following operations: read, execute, create, edit, delete. In the application, they are available in Settings > Roles. To edit a role's permissions, hover over the role and click the "Permissions" button.User role permission group which allows access to this method: SETTINGS_USERS

Authorizations:

JWT

path Parameters

invitationId

required

integer <int64>

To obtain the invitation ID, check the list of users with PENDING status. The invitation ID for a user is the same as the ID of that user.

Request Body schema: application/json

All the data sent in this request refers to the user being invited.

firstName	string First name of the user
lastName	string Last name of the user
roles	Array of integers <int64> [ items <int64 > ] An array of roles (IDs) assigned to the user in the currently selected workspace

Responses

Request samples

Content type

application/json

{"firstName": "string",
"lastName": "string",
"roles": [0
]
}

List users

List users from the current workspace

API consumer who can use this method: Synerise User
API key Permissions are assigned to API keys (for Profile and Workspace scopes) and dictate which operations are available when using a particular API key. In the application, you can manage those permissions in Settings > API Keys. Remember that Profile and Workspace API keys are separate entities.permission required: UAUTH_USERS_LISTING_READ
User permissions are grouped and assigned to user roles. For each group, you can set separate permissions for the following operations: read, execute, create, edit, delete. In the application, they are available in Settings > Roles. To edit a role's permissions, hover over the role and click the "Permissions" button.User role permission group which allows access to this method: SETTINGS_USERS

Authorizations:

JWT

query Parameters

page required	integer <int32> The page of results to retrieve. The first page has the index `0`.
size required	integer <int32> The number of entries on a page
status required	string Enum: "ACTIVE" "PENDING" "EXPIRED" Filters the results by status of the users
search required	string String to search for in the first names, surnames, and email addresses

Responses

Request samples

curl --request GET 
  --url 'https://api.synerise.com/uauth/users/listing?page=SOME_INTEGER_VALUE&size=SOME_INTEGER_VALUE&status=SOME_STRING_VALUE&search=SOME_STRING_VALUE' 
  --header 'Authorization: Bearer _YOUR_JWT_TOKEN_'

Response samples

200

Content type

application/json

{"data": [{"avatar": "string",
"created": "2019-08-24T14:15:22Z",
"displayName": "string",
"email": "string",
"firstName": "string",
"id": 0,
"lastLogin": "2019-08-24T14:15:22Z",
"lastName": "string",
"roleNames": ["string"
],
"roles": [0
],
"status": "ACTIVE",
"updated": "2019-08-24T14:15:22Z"
}
],
"meta": {"pagination": {"limit": 0,
"page": 0,
"pages": 0,
"total": 0
}
}
}

Autocomplete user search result

You can use this endpoint to obtain data for search autocomplete.

API consumer who can use this method: Synerise User
API key Permissions are assigned to API keys (for Profile and Workspace scopes) and dictate which operations are available when using a particular API key. In the application, you can manage those permissions in Settings > API Keys. Remember that Profile and Workspace API keys are separate entities.permission required: UAUTH_USERS_LISTING_AUTOCOMPLETE_READ
User permissions are grouped and assigned to user roles. For each group, you can set separate permissions for the following operations: read, execute, create, edit, delete. In the application, they are available in Settings > Roles. To edit a role's permissions, hover over the role and click the "Permissions" button.User role permission group which allows access to this method: SETTINGS_USERS

Authorizations:

JWT

query Parameters

email

required

string

User's email address

Responses

Request samples

curl --request GET 
  --url 'https://api.synerise.com/uauth/users/listing/autocomplete?email=SOME_STRING_VALUE' 
  --header 'Authorization: Bearer _YOUR_JWT_TOKEN_'

Response samples

200

Content type

application/json

[{"avatarUrl": "string",
"displayName": "string",
"email": "string",
"userId": 0
}
]

Remove users from workspace

Delete user associations from a workspace. This does not delete the user accounts.

API consumer who can use this method: Synerise User
API key Permissions are assigned to API keys (for Profile and Workspace scopes) and dictate which operations are available when using a particular API key. In the application, you can manage those permissions in Settings > API Keys. Remember that Profile and Workspace API keys are separate entities.permission required: UAUTH_USERS_DELETE
User permissions are grouped and assigned to user roles. For each group, you can set separate permissions for the following operations: read, execute, create, edit, delete. In the application, they are available in Settings > Roles. To edit a role's permissions, hover over the role and click the "Permissions" button.User role permission group which allows access to this method: SETTINGS_USERS

Authorizations:

JWT

path Parameters

ids

required

string

Example: 11405,11406,11407

Comma-separated user IDs

Responses

Request samples

curl --request DELETE 
  --url https://api.synerise.com/uauth/users/profile-association/%7Bids%7D 
  --header 'Authorization: Bearer _YOUR_JWT_TOKEN_'

Get user data

API consumer who can use this method: Synerise User
This method is available to all fully-authenticated users (multifactor confirmation required, if enabled).

Authorizations:

JWT

path Parameters

userId

required

integer

User ID

Responses

Request samples

curl --request GET 
  --url https://api.synerise.com/uauth/users/%7BuserId%7D 
  --header 'Authorization: Bearer _YOUR_JWT_TOKEN_'

Response samples

200

Content type

application/json

{"avatar": "string",
"confirmed": true,
"created": "2019-08-24T14:15:22Z",
"description": "string",
"displayName": "string",
"email": "string",
"firstName": "string",
"id": 0,
"introduction": "string",
"isTheSameUserAsLoggedIn": true,
"language": "string",
"lastLogin": "2019-08-24T14:15:22Z",
"lastName": "string",
"mailAccountId": 0,
"organizationRole": "string",
"phone": "string",
"roles": [0
],
"status": "ACTIVE",
"superAdmin": true,
"updated": "2019-08-24T14:15:22Z",
"isMfaEnabled": true,
"passwordLastModificationDate": "2019-08-24T14:15:22Z",
"dateFormatNotation": "string",
"timeFormatNotation": "string",
"numberFormatNotation": "string"
}

Update user data

API consumer who can use this method: Synerise User
This method is available to all fully-authenticated users (multifactor confirmation required, if enabled).

Authorizations:

JWT

path Parameters

userId

required

integer

User ID

Request Body schema: application/json

firstName	string First name of the user
lastName	string Last name of the user
avatar	string URL of the user's avatar
phone	string User's phone number
language	string User's interface language
organizationRole	string User's role in the organization
introduction	string User's introduction
confirmed	boolean Informs if the account is confirmed
mailAccountId	integer Unused field
roles	Array of integers <int64> [ items <int64 > ] An array of roles (IDs) assigned to the user in the currently selected workspace
description	string User's description
dateFormatNotation	string
timeFormatNotation	string
numberFormatNotation	string

Responses

Request samples

Content type

application/json

{"firstName": "string",
"lastName": "string",
"avatar": "string",
"phone": "string",
"language": "string",
"organizationRole": "string",
"introduction": "string",
"confirmed": true,
"mailAccountId": 0,
"roles": [0
],
"description": "string",
"dateFormatNotation": "string",
"timeFormatNotation": "string",
"numberFormatNotation": "string"
}

Response samples

200

Content type

application/json

{"avatar": "string",
"confirmed": true,
"created": "2019-08-24T14:15:22Z",
"description": "string",
"displayName": "string",
"email": "string",
"firstName": "string",
"id": 0,
"introduction": "string",
"isTheSameUserAsLoggedIn": true,
"language": "string",
"lastLogin": "2019-08-24T14:15:22Z",
"lastName": "string",
"mailAccountId": 0,
"organizationRole": "string",
"phone": "string",
"roles": [0
],
"status": "ACTIVE",
"superAdmin": true,
"updated": "2019-08-24T14:15:22Z",
"isMfaEnabled": true,
"passwordLastModificationDate": "2019-08-24T14:15:22Z",
"dateFormatNotation": "string",
"timeFormatNotation": "string",
"numberFormatNotation": "string"
}

Activate users

Activate access to the workspace for a number of users

API consumer who can use this method: Synerise User
API key Permissions are assigned to API keys (for Profile and Workspace scopes) and dictate which operations are available when using a particular API key. In the application, you can manage those permissions in Settings > API Keys. Remember that Profile and Workspace API keys are separate entities.permission required: UAUTH_USERS_DELETE
User permissions are grouped and assigned to user roles. For each group, you can set separate permissions for the following operations: read, execute, create, edit, delete. In the application, they are available in Settings > Roles. To edit a role's permissions, hover over the role and click the "Permissions" button.User role permission group which allows access to this method: SETTINGS_USERS

Authorizations:

JWT

Request Body schema: application/json

ids	Array of integers <int64> [ items <int64 > ] An array of user IDs

Responses

Request samples

Content type

application/json

{"ids": [0
]
}

De-activate users

De-activate access to the workspace for a number of users

API consumer who can use this method: Synerise User
API key Permissions are assigned to API keys (for Profile and Workspace scopes) and dictate which operations are available when using a particular API key. In the application, you can manage those permissions in Settings > API Keys. Remember that Profile and Workspace API keys are separate entities.permission required: UAUTH_USERS_UPDATE
User permissions are grouped and assigned to user roles. For each group, you can set separate permissions for the following operations: read, execute, create, edit, delete. In the application, they are available in Settings > Roles. To edit a role's permissions, hover over the role and click the "Permissions" button.User role permission group which allows access to this method: SETTINGS_USERS

Authorizations:

JWT

Request Body schema: application/json

ids	Array of integers <int64> [ items <int64 > ] An array of user IDs

Responses

Request samples

Content type

application/json

{"ids": [0
]
}

Change access expiration time

Change the date when a user's access to the workspace is cancelled.

API consumer who can use this method: Synerise User
API key Permissions are assigned to API keys (for Profile and Workspace scopes) and dictate which operations are available when using a particular API key. In the application, you can manage those permissions in Settings > API Keys. Remember that Profile and Workspace API keys are separate entities.permission required: UAUTH_USERS_UPDATE
User permissions are grouped and assigned to user roles. For each group, you can set separate permissions for the following operations: read, execute, create, edit, delete. In the application, they are available in Settings > Roles. To edit a role's permissions, hover over the role and click the "Permissions" button.User role permission group which allows access to this method: SETTINGS_USERS

Authorizations:

JWT

path Parameters

userId

required

integer

User ID

Request Body schema: application/json

expirationDate

string <date-time>

New access expiration time (ISO 8601, UTC time unless timezone is specified)

Responses

Request samples

Content type

application/json

{"expirationDate": "2019-08-24T14:15:22Z"
}

Response samples

200

Content type

application/json

{"avatar": "string",
"confirmed": true,
"created": "2019-08-24T14:15:22Z",
"description": "string",
"displayName": "string",
"email": "string",
"firstName": "string",
"id": 0,
"introduction": "string",
"isTheSameUserAsLoggedIn": true,
"language": "string",
"lastLogin": "2019-08-24T14:15:22Z",
"lastName": "string",
"mailAccountId": 0,
"organizationRole": "string",
"phone": "string",
"roles": [0
],
"status": "ACTIVE",
"superAdmin": true,
"updated": "2019-08-24T14:15:22Z",
"isMfaEnabled": true,
"passwordLastModificationDate": "2019-08-24T14:15:22Z",
"dateFormatNotation": "string",
"timeFormatNotation": "string",
"numberFormatNotation": "string"
}

Reset another user's password

Request a password reset for another user. That user receives an email with a password reset token. Their account is locked until the new password is set.

API consumer who can use this method: Synerise User
API key Permissions are assigned to API keys (for Profile and Workspace scopes) and dictate which operations are available when using a particular API key. In the application, you can manage those permissions in Settings > API Keys. Remember that Profile and Workspace API keys are separate entities.permission required: UAUTH_USERS_UPDATE
User permissions are grouped and assigned to user roles. For each group, you can set separate permissions for the following operations: read, execute, create, edit, delete. In the application, they are available in Settings > Roles. To edit a role's permissions, hover over the role and click the "Permissions" button.User role permission group which allows access to this method: SETTINGS_USERS

path Parameters

userId

required

integer

User ID

Responses

Request samples

curl --request POST 
  --url https://api.synerise.com/uauth/users/%7BuserId%7D/password-reset

Reset another user's multi-factor authentication

You can reset the settings of another user's multi-factor authentication. This can be used, for example, if the user has lost both their device with the MFA application and the recovery code. The user will need to re-enable MFA in the same way as when setting it up for the first time.

API consumer who can use this method: Synerise User
API key Permissions are assigned to API keys (for Profile and Workspace scopes) and dictate which operations are available when using a particular API key. In the application, you can manage those permissions in Settings > API Keys. Remember that Profile and Workspace API keys are separate entities.permission required: UAUTH_USERS_UPDATE
User permissions are grouped and assigned to user roles. For each group, you can set separate permissions for the following operations: read, execute, create, edit, delete. In the application, they are available in Settings > Roles. To edit a role's permissions, hover over the role and click the "Permissions" button.User role permission group which allows access to this method: SETTINGS_USERS

path Parameters

userId

required

integer

User ID

Responses

Request samples

curl --request PUT 
  --url https://api.synerise.com/uauth/users/%7BuserId%7D/mfa-reset

Delete user account

Permanently deletes a user account.

API consumer who can use this method: Synerise User
API key Permissions are assigned to API keys (for Profile and Workspace scopes) and dictate which operations are available when using a particular API key. In the application, you can manage those permissions in Settings > API Keys. Remember that Profile and Workspace API keys are separate entities.permission required: UAUTH_USERS_DELETE
User permissions are grouped and assigned to user roles. For each group, you can set separate permissions for the following operations: read, execute, create, edit, delete. In the application, they are available in Settings > Roles. To edit a role's permissions, hover over the role and click the "Permissions" button.User role permission group which allows access to this method: SETTINGS_USERS

Authorizations:

JWT

path Parameters

ids

required

string

Example: 11405,11406,11407

Comma-separated user IDs

Responses

Request samples

curl --request DELETE 
  --url https://api.synerise.com/uauth/users/%7Bids%7D 
  --header 'Authorization: Bearer _YOUR_JWT_TOKEN_'

Access groups

Create roles that give users permissions

List grouped permissions

List all permissions for a role, including information about permission grouping.

API consumer who can use this method: Synerise User
API key Permissions are assigned to API keys (for Profile and Workspace scopes) and dictate which operations are available when using a particular API key. In the application, you can manage those permissions in Settings > API Keys. Remember that Profile and Workspace API keys are separate entities.permission required: UAUTH_PERMISSIONS_ROLE_GROUP_READ
User permissions are grouped and assigned to user roles. For each group, you can set separate permissions for the following operations: read, execute, create, edit, delete. In the application, they are available in Settings > Roles. To edit a role's permissions, hover over the role and click the "Permissions" button.User role permission group which allows access to this method: SETTINGS_USERS

path Parameters

roleId

required

integer <int64>

Role ID

Responses

Request samples

curl --request GET 
  --url https://api.synerise.com/uauth/permissions/group/role/%7BroleId%7D

Response samples

200

Content type

application/json

[{"id": 0,
"name": "string",
"slug": "string",
"path": "Ancestor Group < Parent Group < This Group",
"left": 0,
"right": 0,
"deep": 0,
"canCreate": true,
"canRead": true,
"canUpdate": true,
"canDelete": true,
"canExecute": true,
"create": true,
"read": true,
"update": true,
"delete": true,
"execute": true,
"createDisabled": true,
"readDisabled": true,
"updateDisabled": true,
"deleteDisabled": true,
"executeDisabled": true,
"children": [{"id": 0,
"name": "string",
"slug": "string",
"path": "Ancestor Group < Parent Group < This Group",
"left": 0,
"right": 0,
"deep": 0,
"canCreate": true,
"canRead": true,
"canUpdate": true,
"canDelete": true,
"canExecute": true,
"create": true,
"read": true,
"update": true,
"delete": true,
"execute": true,
"createDisabled": true,
"readDisabled": true,
"updateDisabled": true,
"deleteDisabled": true,
"executeDisabled": true,
"children": [{ }
]
}
]
}
]

Get role groups

Retrieve a list of user role groups.

API consumer who can use this method: Synerise User
API key Permissions are assigned to API keys (for Profile and Workspace scopes) and dictate which operations are available when using a particular API key. In the application, you can manage those permissions in Settings > API Keys. Remember that Profile and Workspace API keys are separate entities.permission required: UAUTH_PERMISSIONS_ROLES_LISTING_READ
User permissions are grouped and assigned to user roles. For each group, you can set separate permissions for the following operations: read, execute, create, edit, delete. In the application, they are available in Settings > Roles. To edit a role's permissions, hover over the role and click the "Permissions" button.User role permission group which allows access to this method: SETTINGS_USERS

Authorizations:

JWT

Responses

Request samples

curl --request GET 
  --url https://api.synerise.com/uauth/roles/listing 
  --header 'Authorization: Bearer _YOUR_JWT_TOKEN_'

Response samples

200

Content type

application/json

[{"data": [{"author": {"avatar": "string",
"displayName": "string",
"firstName": "string",
"id": 0,
"lastName": "string"
},
"description": "string",
"editable": true,
"group": 0,
"id": 0,
"name": "string",
"updated": "2019-08-24T14:15:22Z"
}
],
"description": "string",
"editable": true,
"id": 0,
"name": "string"
}
]

Create role group

Create a new role group. A new group does not include any roles. To add a role to a group, update the role.

API consumer who can use this method: Synerise User
API key Permissions are assigned to API keys (for Profile and Workspace scopes) and dictate which operations are available when using a particular API key. In the application, you can manage those permissions in Settings > API Keys. Remember that Profile and Workspace API keys are separate entities.permission required: UAUTH_PERMISSIONS_ROLE_GROUP_CREATE
User permissions are grouped and assigned to user roles. For each group, you can set separate permissions for the following operations: read, execute, create, edit, delete. In the application, they are available in Settings > Roles. To edit a role's permissions, hover over the role and click the "Permissions" button.User role permission group which allows access to this method: SETTINGS_USERS

Authorizations:

JWT

Request Body schema: application/json

name	string Name of the role group
description	string Description of the role group

Responses

Request samples

Content type

application/json

{"name": "string",
"description": "string"
}

Response samples

200

Content type

application/json

[{"data": [{"author": {"avatar": "string",
"displayName": "string",
"firstName": "string",
"id": 0,
"lastName": "string"
},
"description": "string",
"editable": true,
"group": 0,
"id": 0,
"name": "string",
"updated": "2019-08-24T14:15:22Z"
}
],
"description": "string",
"editable": true,
"id": 0,
"name": "string"
}
]

Update role group

Update a group. To add a role to a group, update the role.

API consumer who can use this method: Synerise User
API key Permissions are assigned to API keys (for Profile and Workspace scopes) and dictate which operations are available when using a particular API key. In the application, you can manage those permissions in Settings > API Keys. Remember that Profile and Workspace API keys are separate entities.permission required: UAUTH_PERMISSIONS_ROLE_GROUP_UPDATE
User permissions are grouped and assigned to user roles. For each group, you can set separate permissions for the following operations: read, execute, create, edit, delete. In the application, they are available in Settings > Roles. To edit a role's permissions, hover over the role and click the "Permissions" button.User role permission group which allows access to this method: SETTINGS_USERS

Authorizations:

JWT

path Parameters

groupId

required

integer <int64>

Role group ID

Request Body schema: application/json

name	string Name of the role group
description	string Description of the role group

Responses

Request samples

Content type

application/json

{"name": "string",
"description": "string"
}

Response samples

200

Content type

application/json

[{"data": [{"author": {"avatar": "string",
"displayName": "string",
"firstName": "string",
"id": 0,
"lastName": "string"
},
"description": "string",
"editable": true,
"group": 0,
"id": 0,
"name": "string",
"updated": "2019-08-24T14:15:22Z"
}
],
"description": "string",
"editable": true,
"id": 0,
"name": "string"
}
]

Delete role group

Delete a role group permanently.

API consumer who can use this method: Synerise User
API key Permissions are assigned to API keys (for Profile and Workspace scopes) and dictate which operations are available when using a particular API key. In the application, you can manage those permissions in Settings > API Keys. Remember that Profile and Workspace API keys are separate entities.permission required: UAUTH_PERMISSIONS_ROLE_GROUP_DELETE
User permissions are grouped and assigned to user roles. For each group, you can set separate permissions for the following operations: read, execute, create, edit, delete. In the application, they are available in Settings > Roles. To edit a role's permissions, hover over the role and click the "Permissions" button.User role permission group which allows access to this method: SETTINGS_USERS

Authorizations:

JWT

path Parameters

groupId

required

integer <int64>

Role group ID

Responses

Request samples

curl --request DELETE 
  --url https://api.synerise.com/uauth/roles/role-group/%7BgroupId%7D 
  --header 'Authorization: Bearer _YOUR_JWT_TOKEN_'

Response samples

200

Content type

application/json

[{"data": [{"author": {"avatar": "string",
"displayName": "string",
"firstName": "string",
"id": 0,
"lastName": "string"
},
"description": "string",
"editable": true,
"group": 0,
"id": 0,
"name": "string",
"updated": "2019-08-24T14:15:22Z"
}
],
"description": "string",
"editable": true,
"id": 0,
"name": "string"
}
]

Create role

Create a new user role.

API consumer who can use this method: Synerise User
API key Permissions are assigned to API keys (for Profile and Workspace scopes) and dictate which operations are available when using a particular API key. In the application, you can manage those permissions in Settings > API Keys. Remember that Profile and Workspace API keys are separate entities.permission required: UAUTH_PERMISSIONS_ROLE_UPDATE
User permissions are grouped and assigned to user roles. For each group, you can set separate permissions for the following operations: read, execute, create, edit, delete. In the application, they are available in Settings > Roles. To edit a role's permissions, hover over the role and click the "Permissions" button.User role permission group which allows access to this method: SETTINGS_USERS

Authorizations:

JWT

Request Body schema: application/json

group required	integer <int64> ID of the group that includes this role
name required	string The name of the role
description	string Description of the role

Responses

Request samples

Content type

application/json

{"group": 0,
"name": "string",
"description": "string"
}

Response samples

200

Content type

application/json

[{"data": [{"author": {"avatar": "string",
"displayName": "string",
"firstName": "string",
"id": 0,
"lastName": "string"
},
"description": "string",
"editable": true,
"group": 0,
"id": 0,
"name": "string",
"updated": "2019-08-24T14:15:22Z"
}
],
"description": "string",
"editable": true,
"id": 0,
"name": "string"
}
]

Get role

Retrieve the details of a user role

API consumer who can use this method: Synerise User
API key Permissions are assigned to API keys (for Profile and Workspace scopes) and dictate which operations are available when using a particular API key. In the application, you can manage those permissions in Settings > API Keys. Remember that Profile and Workspace API keys are separate entities.permission required: UAUTH_PERMISSIONS_ROLE_READ
User permissions are grouped and assigned to user roles. For each group, you can set separate permissions for the following operations: read, execute, create, edit, delete. In the application, they are available in Settings > Roles. To edit a role's permissions, hover over the role and click the "Permissions" button.User role permission group which allows access to this method: SETTINGS_USERS

Authorizations:

JWT

path Parameters

roleId

required

integer <int64>

Role ID

Responses

Request samples

curl --request GET 
  --url https://api.synerise.com/uauth/roles/%7BroleId%7D 
  --header 'Authorization: Bearer _YOUR_JWT_TOKEN_'

Response samples

200

Content type

application/json

{"businessProfileId": 0,
"id": 0,
"manageable": true,
"name": "string",
"shownAsResource": true
}

Update role

Update a user role.

API consumer who can use this method: Synerise User
API key Permissions are assigned to API keys (for Profile and Workspace scopes) and dictate which operations are available when using a particular API key. In the application, you can manage those permissions in Settings > API Keys. Remember that Profile and Workspace API keys are separate entities.permission required: UAUTH_PERMISSIONS_ROLE_UPDATE
User permissions are grouped and assigned to user roles. For each group, you can set separate permissions for the following operations: read, execute, create, edit, delete. In the application, they are available in Settings > Roles. To edit a role's permissions, hover over the role and click the "Permissions" button.User role permission group which allows access to this method: SETTINGS_USERS

Authorizations:

JWT

path Parameters

roleId

required

integer <int64>

Role ID

Request Body schema: application/json

group required	integer <int64> ID of the group that includes this role
name required	string The name of the role
description	string Description of the role

Responses

Request samples

Content type

application/json

{"group": 0,
"name": "string",
"description": "string"
}

Response samples

200

Content type

application/json

[{"data": [{"author": {"avatar": "string",
"displayName": "string",
"firstName": "string",
"id": 0,
"lastName": "string"
},
"description": "string",
"editable": true,
"group": 0,
"id": 0,
"name": "string",
"updated": "2019-08-24T14:15:22Z"
}
],
"description": "string",
"editable": true,
"id": 0,
"name": "string"
}
]

Delete role

Delete a user role permanently.

API consumer who can use this method: Synerise User
API key Permissions are assigned to API keys (for Profile and Workspace scopes) and dictate which operations are available when using a particular API key. In the application, you can manage those permissions in Settings > API Keys. Remember that Profile and Workspace API keys are separate entities.permission required: UAUTH_PERMISSIONS_ROLE_DELETE
User permissions are grouped and assigned to user roles. For each group, you can set separate permissions for the following operations: read, execute, create, edit, delete. In the application, they are available in Settings > Roles. To edit a role's permissions, hover over the role and click the "Permissions" button.User role permission group which allows access to this method: SETTINGS_USERS

Authorizations:

JWT

path Parameters

roleId

required

integer <int64>

Role ID

Responses

Request samples

curl --request DELETE 
  --url https://api.synerise.com/uauth/roles/role/%7BroleId%7D 
  --header 'Authorization: Bearer _YOUR_JWT_TOKEN_'

Response samples

200

Content type

application/json

[{"data": [{"author": {"avatar": "string",
"displayName": "string",
"firstName": "string",
"id": 0,
"lastName": "string"
},
"description": "string",
"editable": true,
"group": 0,
"id": 0,
"name": "string",
"updated": "2019-08-24T14:15:22Z"
}
],
"description": "string",
"editable": true,
"id": 0,
"name": "string"
}
]

Get available roles

Retrieve a list of user roles available in the business profile.

API consumer who can use this method: Synerise User
This method does not require a Synerise authorization token.

Responses

Request samples

curl --request GET 
  --url https://api.synerise.com/uauth/users/available-roles

Response samples

200

Content type

application/json

[{"businessProfileId": 0,
"id": 0,
"manageable": true,
"name": "string",
"shownAsResource": true
}
]

User account management

Manage the account of a user as that user. Change passwords, update personal data, etc.

Change user password

Change a user's password.

API consumer who can use this method: Synerise User
This method is available to all authenticated users, before and after multi-factor authentication is confirmed.

Authorizations:

JWT

Request Body schema: application/json

currentPassword	string The current password
newPassword	string The new password

Responses

Request samples

Content type

application/json

{"currentPassword": "string",
"newPassword": "string"
}

Response samples

200

Content type

application/json

{"status": "OK"
}

Request user password reset

The user can request a password reset token sent by email.

This method does not require a Synerise authorization token.

Request Body schema: application/json

email

required

string

User's email address

Responses

Request samples

Content type

application/json

{"email": "string"
}

Confirm user password reset

Confirm user password reset using the token received by email.

This method does not require a Synerise authorization token.

Request Body schema: application/json

token	string Password reset token received by email
password	string The new password

Responses

Request samples

Content type

application/json

{"token": "string",
"password": "string"
}

Confirm user registration

Confirm user registration. The token is sent by email.

This method does not require a Synerise authorization token.

path Parameters

confirmationToken

required

string

Confirmation token

Responses

Request samples

curl --request GET 
  --url https://api.synerise.com/uauth/user/confirmation/%7BconfirmationToken%7D

Register user

Register a new user. Before the new account can be used, it must be confirmed.

This method does not require a Synerise authorization token.

Request Body schema: application/json

email required	string User's email address
password required	string Account password
invitationToken	string Invitation token, received from another user
externalProviderToken	string
externalProviderType	string Value: "GOOGLE"

Responses

Request samples

Content type

application/json

{"email": "string",
"password": "string",
"invitationToken": "string",
"externalProviderToken": "string",
"externalProviderType": "GOOGLE"
}

Re-send user confirmation token

If the confirmation token does not reach the user's inbox, you can send a new one.

This method does not require a Synerise authorization token.

Request Body schema: application/json

email

string

User's email address

Responses

Request samples

Content type

application/json

{"email": "string"
}

Get user's own data

A user can retrieve their account data.

API consumer who can use this method: Synerise User
This method is available to all fully-authenticated users (multifactor confirmation required, if enabled).

Authorizations:

JWT

Responses

Request samples

curl --request GET 
  --url https://api.synerise.com/uauth/users/my-account 
  --header 'Authorization: Bearer _YOUR_JWT_TOKEN_'

Response samples

200

Content type

application/json

{"id": 0,
"email": "string",
"firstName": "string",
"lastName": "string",
"displayName": "string",
"avatar": "string",
"phone": "string",
"language": "string",
"organizationRole": "string",
"introduction": "string",
"confirmed": true,
"mailAccountId": 0,
"superAdmin": true,
"created": "2019-08-24T14:15:22Z",
"updated": "2019-08-24T14:15:22Z",
"lastLogin": "2019-08-24T14:15:22Z",
"status": "ACTIVE",
"roles": [0
],
"isTheSameUserAsLoggedIn": true,
"description": "string",
"isMfaEnabled": true,
"passwordLastModificationDate": "2019-08-24T14:15:22Z",
"canBeEdited": true,
"dateFormatNotation": "string",
"timeFormatNotation": "string",
"numberFormatNotation": "string",
"mfaTokenExpirationHours": 0,
"defaultMfaMethod": "TOTP_AUTHENTICATOR"
}

Update user's own data

A user can update their own details.

API consumer who can use this method: Synerise User
This method is available to all fully-authenticated users (multifactor confirmation required, if enabled).

Authorizations:

JWT

Request Body schema: application/json

firstName	string First name of the user
lastName	string Last name of the user
avatar	string URL of the user's avatar
phone	string User's phone number
language	string User's interface language
organizationRole	string User's role in the organization
introduction	string User's introduction
confirmed	boolean Informs if the account is confirmed
mailAccountId	integer Unused field
roles	Array of integers <int64> [ items <int64 > ] An array of roles (IDs) assigned to the user in the currently selected workspace
description	string User's description
dateFormatNotation	string
timeFormatNotation	string
numberFormatNotation	string

Responses

Request samples

Content type

application/json

{"firstName": "string",
"lastName": "string",
"avatar": "string",
"phone": "string",
"language": "string",
"organizationRole": "string",
"introduction": "string",
"confirmed": true,
"mailAccountId": 0,
"roles": [0
],
"description": "string",
"dateFormatNotation": "string",
"timeFormatNotation": "string",
"numberFormatNotation": "string"
}

Response samples

200

Content type

application/json

{"id": 0,
"email": "string",
"firstName": "string",
"lastName": "string",
"displayName": "string",
"avatar": "string",
"phone": "string",
"language": "string",
"organizationRole": "string",
"introduction": "string",
"confirmed": true,
"mailAccountId": 0,
"superAdmin": true,
"created": "2019-08-24T14:15:22Z",
"updated": "2019-08-24T14:15:22Z",
"lastLogin": "2019-08-24T14:15:22Z",
"status": "ACTIVE",
"roles": [0
],
"isTheSameUserAsLoggedIn": true,
"description": "string",
"isMfaEnabled": true,
"passwordLastModificationDate": "2019-08-24T14:15:22Z",
"canBeEdited": true,
"dateFormatNotation": "string",
"timeFormatNotation": "string",
"numberFormatNotation": "string",
"mfaTokenExpirationHours": 0,
"defaultMfaMethod": "TOTP_AUTHENTICATOR"
}

Delete user's own account

A user can delete their own account.

API consumer who can use this method: Synerise User
This method is available to all fully-authenticated users (multifactor confirmation required, if enabled).

Authorizations:

JWT

Responses

Request samples

curl --request DELETE 
  --url https://api.synerise.com/uauth/users/my-account 
  --header 'Authorization: Bearer _YOUR_JWT_TOKEN_'

Authorization (deprecated)

Endpoints maintained for backwards compatibility. Do not use in new integrations.

Refresh a Workspace token Deprecated

Retrieve a refreshed JWT Token to prolong the Workspace session.

API consumer who can use this method: Workspace (formerly Business Profile)
This method does not require a Synerise authorization token.

Authorizations:

JWT

header Parameters

Content-Type required	string Value: "application/json"
Api-Version required	string Value: "4.4"

Responses

Request samples

curl --request GET 
  --url https://api.synerise.com/v4/auth/refresh/profile 
  --header 'Api-Version: SOME_STRING_VALUE' 
  --header 'Authorization: Bearer _YOUR_JWT_TOKEN_' 
  --header 'Content-Type: SOME_STRING_VALUE'

Response samples

200
401
403

Content type

application/json

{"token": "eyJhbGciOiinvalidI6IkFQSSIsInJsbSI6ImNsaWVudCIsImN0ZCI6MTUyODM1NTgzMjEzOCwiZW1sIjoia3J6eXN6dG9mLmN6ZXJlcGFrQGdtYWlsLmNvbSIsImlzcyI6IlN5bmVyaXNlIiwiYnBpIjo1OTQsImNsSWQiOjUyNTQ0NjU3NCwinvalidx2XwJp-QBZ94d_EEKf41KtDCE33KhP_vTAYrs-JzbnIHgKRvG6ZRwsNOL8OTnbfbUZH4XYaqBB_tZTPPKfzHutP6GEGp7PLtu2E92JbChkVyrn8VCQ5v4z2e1-zsdgbmWcQk2g9RydaydO6NYO55suT3Hz2ZRv0AYLsG8rM1biZGdREWx9OaknVVuIo2ivehBiukL7VQ6Bu8ugjep3mn-z666a-nCMh6ZuASiQ6Geq0NSWmdDQIoCa5Hg44KzMfGRlCR2uKBXeHTD0SkwJ1VJM0sHNKwSfMXKpaX8OJ5wUJpgCzDzQwKVgxgWFp4eO_sbcvxWrpI7W0lfdCy1WKirnZ6Uh3uJ06v97GQDAQqVgBZFEpS47MrGZhTNuAG4ZbfYO7yyxVO8AHQbEC-UvZ-8DC1XZjvQ6S1uNqQIlVGcthnrxg8K6vKVhNzu6ifQI0bbsCl8bGsKkXOEK1pKR3ekckcSjNeeY2LrcdXs8F2gtkm0TjXU"
}

Log in as Workspace Deprecated

This endpoint is deprecated. Use this endpoint instead.

This method does not require a Synerise authorization token.

header Parameters

Api-Version

required

string

Value: "4.4"

Request Body schema: application/json

apiKey

required

string

Workspace (formerly Business Profile) API key

Responses

Request samples

Content type

application/json

{"apiKey": "64c09614-1b2a-42f7-804d-f647243eb1ab"
}

Response samples

200
401

Content type

application/json

{"token": "eyJhbGciOiinvalidI6IkFQSSIsInJsbSI6ImNsaWVudCIsImN0ZCI6MTUyODM1NTgzMjEzOCwiZW1sIjoia3J6eXN6dG9mLmN6ZXJlcGFrQGdtYWlsLmNvbSIsImlzcyI6IlN5bmVyaXNlIiwiYnBpIjo1OTQsImNsSWQiOjUyNTQ0NjU3NCwinvalidx2XwJp-QBZ94d_EEKf41KtDCE33KhP_vTAYrs-JzbnIHgKRvG6ZRwsNOL8OTnbfbUZH4XYaqBB_tZTPPKfzHutP6GEGp7PLtu2E92JbChkVyrn8VCQ5v4z2e1-zsdgbmWcQk2g9RydaydO6NYO55suT3Hz2ZRv0AYLsG8rM1biZGdREWx9OaknVVuIo2ivehBiukL7VQ6Bu8ugjep3mn-z666a-nCMh6ZuASiQ6Geq0NSWmdDQIoCa5Hg44KzMfGRlCR2uKBXeHTD0SkwJ1VJM0sHNKwSfMXKpaX8OJ5wUJpgCzDzQwKVgxgWFp4eO_sbcvxWrpI7W0lfdCy1WKirnZ6Uh3uJ06v97GQDAQqVgBZFEpS47MrGZhTNuAG4ZbfYO7yyxVO8AHQbEC-UvZ-8DC1XZjvQ6S1uNqQIlVGcthnrxg8K6vKVhNzu6ifQI0bbsCl8bGsKkXOEK1pKR3ekckcSjNeeY2LrcdXs8F2gtkm0TjXU"
}

Authenticate as Profile Deprecated

Obtain a new Profile JWT Token.

This method does not require a Synerise authorization token.

Request Body schema: application/json

apiKey	string Profile (formerly "Client") API key
email	string Profile email
password	string Profile password
uuid	string UUID of the Profile. It is a unique identifier. The value can't include any characters that match the pattern (ECMA flavor): `/([\uD800-\uDBFF][\uDC00-\uDFFF])\|([\r\n\u2028\u2029\u00AD]\|[\uFE00-\uFE0F]\|[\u0000])/`
deviceId	string Important: deviceId is required during login if device control is enabled.

Responses

Request samples

Content type

application/json

{"apiKey": "5AEAA3D5-E147-C7EB-invalid50109A3D1",
"email": "testDoc@example.com",
"password": "testPass1!",
"uuid": "b3f56868-9667-4843-a8e5-0509456baa9b"
}

Response samples

200
401
404
406
423

Content type

application/json

{"token": "eyJhbGciOiJSUzUxMiJ9.eyJzdinvalidwYmZkM2FkNDg2ZjQ3ZGRiMjE5MSIsImF1ZCI6IkFQSSIsInJsbSI6ImFub255bW91c19jbGllbnQiLCJjdGQiOjE1NTMwMDQxNTkxNTEsImVtbCI6IjYyMjM3NmY4LTAwMDAtMjIyMi1kN2Y5LTA3MGZhOTU2ZTk2M0Bhbm9ueW1vdXMuaW52YWxpZCIsImF1dGgiOiJINHNJQUFBQUFBQUFBSXVPQlFBcHUwd05BZ0FBQUE9PSIsImlzcyI6IlN5bmVyaXNlIiwiYnBpIjo0OCwiY2xJZCI6NDMzMjMwMjg4LCJleHAiOjE1NTMwMDcxNTksImFwayI6IjVBRUFBM0Q1LUUxNDctQzdFQi1ENTlFLUJDRjUwMTA5QTNEMSJ9.QOmSqrneR4mJFv4JdxTYsw_wGcDawDsVQuB-GVTcPPwijiP7lQ_Jzqq2Mypg1BS6WFlfGB8fzqCY9iMF_TdtjmoB4xBrY95ylU8L9qto-9Cw5x5TURkfxq31eryiHe2IteRAEtoVzYg2_s9QhlH6ANVcFOVp8dMno0V9bfMYfeSQa3FkjEbxFsseHkMOiADmp9-tOGtLXO942Ir-2W_Hz3Utlpt4erz0dVJBw8a-mFavPA8EEDWR7ACJNocrVHFkS3wFISh3LqLn6KkXiowaynKlJOEHGctuahzKmF3ZOJ1BvGgKohxF9OXvQs9IdmCfWhYsLr5Q2p04TJJ-MyvTipuggKVioh8mHmOFdfnN-Zused6tXzhZtKPUWTmM8cBKoAOBHExxcMQ8SVSjxnw_7_eLKm7S2wNpu0V-tiPZPCH4wYZXtWBYjmfy0V9ydjXnNunXfgxKixLeFNnONUXxEuqPLvM_xAuonQBXVN4nYrgJv8p8U6_ZlGMPjJq1szfcuBZnzI34LSEWx_nSof0XC5Czm8iG_ihG8naivNWS8h-Q-qKMP_3PPFsLSH4Egh03pH93EJUuNAeSO4RGfUX1wzMvrv1nBC1SM660uFMbq-wkplFBbKnHKMYe-qRs1-lZPG5PwPWJJdpGqOUzbnoMOJYmiq06OHHVQyJSkcEHLCk"
}

Authenticate anonymously Deprecated

Obtain a new JWT for an anonymous Profile. The token can be used and refreshed in the same way as tokens of registered Profiles.

This method does not require a Synerise authorization token.

Request Body schema: application/json

apiKey	string Profile (formerly "Client") API key
deviceId	string Unique Android or iOS device ID
uuid	string UUID of the Profile. It is a unique identifier. The value can't include any characters that match the pattern (ECMA flavor): `/([\uD800-\uDBFF][\uDC00-\uDFFF])\|([\r\n\u2028\u2029\u00AD]\|[\uFE00-\uFE0F]\|[\u0000])/`

Responses

Request samples

Content type

application/json

{"apiKey": "string",
"deviceId": "string",
"uuid": "07243772-008a-42e1-ba37-c3807cebde8f"
}

Response samples

200
401

Content type

application/json

{"token": "eyJhbGciOiJSUzUxMiJ9.eyJzdinvalidwYmZkM2FkNDg2ZjQ3ZGRiMjE5MSIsImF1ZCI6IkFQSSIsInJsbSI6ImFub255bW91c19jbGllbnQiLCJjdGQiOjE1NTMwMDQxNTkxNTEsImVtbCI6IjYyMjM3NmY4LTAwMDAtMjIyMi1kN2Y5LTA3MGZhOTU2ZTk2M0Bhbm9ueW1vdXMuaW52YWxpZCIsImF1dGgiOiJINHNJQUFBQUFBQUFBSXVPQlFBcHUwd05BZ0FBQUE9PSIsImlzcyI6IlN5bmVyaXNlIiwiYnBpIjo0OCwiY2xJZCI6NDMzMjMwMjg4LCJleHAiOjE1NTMwMDcxNTksImFwayI6IjVBRUFBM0Q1LUUxNDctQzdFQi1ENTlFLUJDRjUwMTA5QTNEMSJ9.QOmSqrneR4mJFv4JdxTYsw_wGcDawDsVQuB-GVTcPPwijiP7lQ_Jzqq2Mypg1BS6WFlfGB8fzqCY9iMF_TdtjmoB4xBrY95ylU8L9qto-9Cw5x5TURkfxq31eryiHe2IteRAEtoVzYg2_s9QhlH6ANVcFOVp8dMno0V9bfMYfeSQa3FkjEbxFsseHkMOiADmp9-tOGtLXO942Ir-2W_Hz3Utlpt4erz0dVJBw8a-mFavPA8EEDWR7ACJNocrVHFkS3wFISh3LqLn6KkXiowaynKlJOEHGctuahzKmF3ZOJ1BvGgKohxF9OXvQs9IdmCfWhYsLr5Q2p04TJJ-MyvTipuggKVioh8mHmOFdfnN-Zused6tXzhZtKPUWTmM8cBKoAOBHExxcMQ8SVSjxnw_7_eLKm7S2wNpu0V-tiPZPCH4wYZXtWBYjmfy0V9ydjXnNunXfgxKixLeFNnONUXxEuqPLvM_xAuonQBXVN4nYrgJv8p8U6_ZlGMPjJq1szfcuBZnzI34LSEWx_nSof0XC5Czm8iG_ihG8naivNWS8h-Q-qKMP_3PPFsLSH4Egh03pH93EJUuNAeSO4RGfUX1wzMvrv1nBC1SM660uFMbq-wkplFBbKnHKMYe-qRs1-lZPG5PwPWJJdpGqOUzbnoMOJYmiq06OHHVQyJSkcEHLCk"
}

Authenticate with Facebook Deprecated

Use a Facebook token to obtain a Profile JWT. If a Facebook account is logging on for the first time, a self-managed account for the profile is registered in Synerise.

This method does not require a Synerise authorization token.

Request Body schema: application/json

facebookToken	string Facebook authentication token
apiKey	string Profile (formerly "Client") API key
uuid	string UUID of the Profile. It is a unique identifier. The value can't include any characters that match the pattern (ECMA flavor): `/([\uD800-\uDBFF][\uDC00-\uDFFF])\|([\r\n\u2028\u2029\u00AD]\|[\uFE00-\uFE0F]\|[\u0000])/`
deviceId	string Unique Android or iOS device ID
	object This object contains the marketing agreements of the Profile. You can also pass the values as strings (`"true"`;`"True"`/`"false"`;`"False"`) or integers (`1` for true and `0` for false).
	object This object contains custom attributes that can have any name (except for reserved attributes, see warning below) and data type, as required by your integration. The attribute names can't include any characters that match the pattern (ECMA flavor): `/[\r\n\u2028\u2029\u00AD\u0000\uFE00-\uFE0F]/` String values: can't include variation selectors (`[\uFE00-\uFE0F]`), unless there are other characters in the string. can't include the "null" control character (`\u0000`) If you want to send a date/time attribute for use in analytics, take the following into account: The date/time should be formatted according to ISO 8601. The time zone of the workspace affects dates/times in the attributes that DON'T have a defined timezone. Example: `2023-10-09T12:00:00` doesn't have a timezone indicator and will be considered as a time in the workspace's time zone. `2023-10-09T12:00:00+02:00` has a timezone indicator (`+02:00`), so the timezone of the workspace doesn't affect it. `2023-10-09T12:00:00Z` is a time in the UTC time zone (denoted by the `Z` at the end), so the timezone of the workspace doesn't affect it. WARNING: Some attributes are reserved and cannot be sent. If you send them, they are ignored. Click to expand the list of reserved attributes `email` `clientId` `phone` `customId` `uuid` `firstName` `lastName` `displayName` `company` `address` `city` `province` `zipCode` `countryCode` `birthDate` `sex` `avatarUrl` `anonymous` `agreements` `tags` `businessProfileId` `time` `ip` `source` `newsletter_agreement` `custom_identify` `firstname` `lastname` `created` `updated` `last_activity_date` `birthdate` `external_avatar_url` `displayname` `receive_smses` `receive_push_messages` `receive_webpush_messages` `receive_btooth_messages` `receive_rfid_messages` `receive_wifi_messages` `confirmation_hash` `ownerId` `zipCode` `anonymous_type` `country_id` `geo_loc_city` `geo_loc_country` `geo_loc_as` `geo_loc_country_code` `geo_loc_isp` `geo_loc_lat` `geo_loc_lon` `geo_loc_org` `geo_loc_query` `geo_loc_region` `geo_loc_region_name` `geo_loc_status` `geo_loc_timezone` `geo_loc_zip` `club_card_id` `type` `confirmed` `facebookId` `status`
tags	Array of strings Tags can be used to group profiles. Tag names (strings): can't include variation selectors (`[\uFE00-\uFE0F]`), unless there are other characters in the string. can't include the "null" control character (`\u0000`)

Responses

Request samples

Content type

application/json

{"facebookToken": "EAAfsMmaWLW0BAOZAqSoh8ZB5y2ZAixtSrlvvq3fpWGlcrfcoWOiAwBCZBpBDlzwHFSZB58nUBjOz2UMuopO7p2Q65QU1ZAiB2XaxRzje0bBd7Tu87f6C2pcoZAP65agWAF0ElZCNyKn4iAtFd9RhppkwU9ll0AokBZBnDroZCIaxE3IHSWGtE567AUrXkZAsQEjYsZAZAcYx0ki1w7XUToy9Wps9NA0OuBdMhruB3htuiukwOFAZDZD",
"apiKey": "5AEAA3D5-E147-C7EB-invalid",
"uuid": "91b8e035-dca3-4805-8915-2cfb01d31fde",
"deviceId": "deviceId",
"agreements": {"email": true,
"sms": true,
"push": true,
"bluetooth": true,
"rfid": true,
"wifi": true
},
"attributes": {"property1": "string",
"property2": "string"
}
}

Response samples

200

Content type

application/json

{"token": "eyJhbGciOiinvalidI6IkFQSSIsInJsbSI6ImNsaWVudCIsImN0ZCI6MTUyODM1NTgzMjEzOCwiZW1sIjoia3J6eXN6dG9mLmN6ZXJlcGFrQGdtYWlsLmNvbSIsImlzcyI6IlN5bmVyaXNlIiwiYnBpIjo1OTQsImNsSWQiOjUyNTQ0NjU3NCwinvalidx2XwJp-QBZ94d_EEKf41KtDCE33KhP_vTAYrs-JzbnIHgKRvG6ZRwsNOL8OTnbfbUZH4XYaqBB_tZTPPKfzHutP6GEGp7PLtu2E92JbChkVyrn8VCQ5v4z2e1-zsdgbmWcQk2g9RydaydO6NYO55suT3Hz2ZRv0AYLsG8rM1biZGdREWx9OaknVVuIo2ivehBiukL7VQ6Bu8ugjep3mn-z666a-nCMh6ZuASiQ6Geq0NSWmdDQIoCa5Hg44KzMfGRlCR2uKBXeHTD0SkwJ1VJM0sHNKwSfMXKpaX8OJ5wUJpgCzDzQwKVgxgWFp4eO_sbcvxWrpI7W0lfdCy1WKirnZ6Uh3uJ06v97GQDAQqVgBZFEpS47MrGZhTNuAG4ZbfYO7yyxVO8AHQbEC-UvZ-8DC1XZjvQ6S1uNqQIlVGcthnrxg8K6vKVhNzu6ifQI0bbsCl8bGsKkXOEK1pKR3ekckcSjNeeY2LrcdXs8F2gtkm0TjXU"
}

Authenticate with Facebook without registration Deprecated

Use a Facebook token to obtain a Profile JWT without creating a self-managed account for this Profile in Synerise.

This method does not require a Synerise authorization token.

Request Body schema: application/json

facebookToken	string Facebook Authentication Token
apiKey	string Profile (formerly "Client") API key
uuid	string UUID of the Profile. It is a unique identifier. The value can't include any characters that match the pattern (ECMA flavor): `/([\uD800-\uDBFF][\uDC00-\uDFFF])\|([\r\n\u2028\u2029\u00AD]\|[\uFE00-\uFE0F]\|[\u0000])/`
deviceId	string Unique Android or iOS device ID
	object This object contains the marketing agreements of the Profile. You can also pass the values as strings (`"true"`;`"True"`/`"false"`;`"False"`) or integers (`1` for true and `0` for false).
	object This object contains custom attributes that can have any name (except for reserved attributes, see warning below) and data type, as required by your integration. The attribute names can't include any characters that match the pattern (ECMA flavor): `/[\r\n\u2028\u2029\u00AD\u0000\uFE00-\uFE0F]/` String values: can't include variation selectors (`[\uFE00-\uFE0F]`), unless there are other characters in the string. can't include the "null" control character (`\u0000`) If you want to send a date/time attribute for use in analytics, take the following into account: The date/time should be formatted according to ISO 8601. The time zone of the workspace affects dates/times in the attributes that DON'T have a defined timezone. Example: `2023-10-09T12:00:00` doesn't have a timezone indicator and will be considered as a time in the workspace's time zone. `2023-10-09T12:00:00+02:00` has a timezone indicator (`+02:00`), so the timezone of the workspace doesn't affect it. `2023-10-09T12:00:00Z` is a time in the UTC time zone (denoted by the `Z` at the end), so the timezone of the workspace doesn't affect it. WARNING: Some attributes are reserved and cannot be sent. If you send them, they are ignored. Click to expand the list of reserved attributes `email` `clientId` `phone` `customId` `uuid` `firstName` `lastName` `displayName` `company` `address` `city` `province` `zipCode` `countryCode` `birthDate` `sex` `avatarUrl` `anonymous` `agreements` `tags` `businessProfileId` `time` `ip` `source` `newsletter_agreement` `custom_identify` `firstname` `lastname` `created` `updated` `last_activity_date` `birthdate` `external_avatar_url` `displayname` `receive_smses` `receive_push_messages` `receive_webpush_messages` `receive_btooth_messages` `receive_rfid_messages` `receive_wifi_messages` `confirmation_hash` `ownerId` `zipCode` `anonymous_type` `country_id` `geo_loc_city` `geo_loc_country` `geo_loc_as` `geo_loc_country_code` `geo_loc_isp` `geo_loc_lat` `geo_loc_lon` `geo_loc_org` `geo_loc_query` `geo_loc_region` `geo_loc_region_name` `geo_loc_status` `geo_loc_timezone` `geo_loc_zip` `club_card_id` `type` `confirmed` `facebookId` `status`
tags	Array of strings Tags can be used to group profiles. Tag names (strings): can't include variation selectors (`[\uFE00-\uFE0F]`), unless there are other characters in the string. can't include the "null" control character (`\u0000`)

Responses

Request samples

Content type

application/json

{"facebookToken": "EAAfsMmaWLW0BAOZAqSoh8ZB5y2ZAixtSrlvvq3fpWGlcrfcoWOiAwBCZBpBDlzwHFSZB58nUBjOz2UMuopO7p2Q65QU1ZAiB2XaxRzje0bBd7Tu87f6C2pcoZAP65agWAF0ElZCNyKn4iAtFd9RhppkwU9ll0AokBZBnDroZCIaxE3IHSWGtE567AUrXkZAsQEjYsZAZAcYx0ki1w7XUToy9Wps9NA0OuBdMhruB3htuiukwOFAZDZD",
"apiKey": "5AEAA3D5-E147-C7EB-invalid",
"uuid": "91b8e035-dca3-4805-8915-2cfb01d31fde",
"deviceId": "deviceId",
"agreements": {"email": true,
"sms": true,
"push": true,
"bluetooth": true,
"rfid": true,
"wifi": true
},
"attributes": {"property1": "string",
"property2": "string"
}
}

Response samples

200

Content type

application/json

{"token": "eyJhbGciOiinvalidI6IkFQSSIsInJsbSI6ImNsaWVudCIsImN0ZCI6MTUyODM1NTgzMjEzOCwiZW1sIjoia3J6eXN6dG9mLmN6ZXJlcGFrQGdtYWlsLmNvbSIsImlzcyI6IlN5bmVyaXNlIiwiYnBpIjo1OTQsImNsSWQiOjUyNTQ0NjU3NCwinvalidx2XwJp-QBZ94d_EEKf41KtDCE33KhP_vTAYrs-JzbnIHgKRvG6ZRwsNOL8OTnbfbUZH4XYaqBB_tZTPPKfzHutP6GEGp7PLtu2E92JbChkVyrn8VCQ5v4z2e1-zsdgbmWcQk2g9RydaydO6NYO55suT3Hz2ZRv0AYLsG8rM1biZGdREWx9OaknVVuIo2ivehBiukL7VQ6Bu8ugjep3mn-z666a-nCMh6ZuASiQ6Geq0NSWmdDQIoCa5Hg44KzMfGRlCR2uKBXeHTD0SkwJ1VJM0sHNKwSfMXKpaX8OJ5wUJpgCzDzQwKVgxgWFp4eO_sbcvxWrpI7W0lfdCy1WKirnZ6Uh3uJ06v97GQDAQqVgBZFEpS47MrGZhTNuAG4ZbfYO7yyxVO8AHQbEC-UvZ-8DC1XZjvQ6S1uNqQIlVGcthnrxg8K6vKVhNzu6ifQI0bbsCl8bGsKkXOEK1pKR3ekckcSjNeeY2LrcdXs8F2gtkm0TjXU"
}

Authenticate with OAuth Deprecated

Obtain a new JWT token by using OAuth authentication token.

This method does not require a Synerise authorization token.

Request Body schema: application/json

accessToken required	string OAuth token
apiKey required	string Profile API key (same as for Profile login)
uuid required	string UUID of the Profile. It is a unique identifier. The value can't include any characters that match the pattern (ECMA flavor): `/([\uD800-\uDBFF][\uDC00-\uDFFF])\|([\r\n\u2028\u2029\u00AD]\|[\uFE00-\uFE0F]\|[\u0000])/`
deviceId	string Unique Android or iOS device ID
	object This object contains the marketing agreements of the Profile. You can also pass the values as strings (`"true"`;`"True"`/`"false"`;`"False"`) or integers (`1` for true and `0` for false).
	object This object contains custom attributes that can have any name (except for reserved attributes, see warning below) and data type, as required by your integration. The attribute names can't include any characters that match the pattern (ECMA flavor): `/[\r\n\u2028\u2029\u00AD\u0000\uFE00-\uFE0F]/` String values: can't include variation selectors (`[\uFE00-\uFE0F]`), unless there are other characters in the string. can't include the "null" control character (`\u0000`) If you want to send a date/time attribute for use in analytics, take the following into account: The date/time should be formatted according to ISO 8601. The time zone of the workspace affects dates/times in the attributes that DON'T have a defined timezone. Example: `2023-10-09T12:00:00` doesn't have a timezone indicator and will be considered as a time in the workspace's time zone. `2023-10-09T12:00:00+02:00` has a timezone indicator (`+02:00`), so the timezone of the workspace doesn't affect it. `2023-10-09T12:00:00Z` is a time in the UTC time zone (denoted by the `Z` at the end), so the timezone of the workspace doesn't affect it. WARNING: Some attributes are reserved and cannot be sent. If you send them, they are ignored. Click to expand the list of reserved attributes `email` `clientId` `phone` `customId` `uuid` `firstName` `lastName` `displayName` `company` `address` `city` `province` `zipCode` `countryCode` `birthDate` `sex` `avatarUrl` `anonymous` `agreements` `tags` `businessProfileId` `time` `ip` `source` `newsletter_agreement` `custom_identify` `firstname` `lastname` `created` `updated` `last_activity_date` `birthdate` `external_avatar_url` `displayname` `receive_smses` `receive_push_messages` `receive_webpush_messages` `receive_btooth_messages` `receive_rfid_messages` `receive_wifi_messages` `confirmation_hash` `ownerId` `zipCode` `anonymous_type` `country_id` `geo_loc_city` `geo_loc_country` `geo_loc_as` `geo_loc_country_code` `geo_loc_isp` `geo_loc_lat` `geo_loc_lon` `geo_loc_org` `geo_loc_query` `geo_loc_region` `geo_loc_region_name` `geo_loc_status` `geo_loc_timezone` `geo_loc_zip` `club_card_id` `type` `confirmed` `facebookId` `status`
tags	Array of strings Tags can be used to group profiles. Tag names (strings): can't include variation selectors (`[\uFE00-\uFE0F]`), unless there are other characters in the string. can't include the "null" control character (`\u0000`)
customId	string If `mappedExternal` is set to FALSE in OAuth settings, this field is required.

Responses

Request samples

Content type

application/json

{"accessToken": "string",
"apiKey": "string",
"uuid": "07243772-008a-42e1-ba37-c3807cebde8f",
"deviceId": "string",
"agreements": {"email": false,
"sms": false,
"push": false,
"webPush": false,
"bluetooth": false,
"rfid": false,
"wifi": false
},
"attributes": {"property1": null,
"property2": null
},
"tags": ["string"
],
"customId": "string"
}

Response samples

200

Content type

application/json

{"token": "eyJhbGciOiinvalidI6IkFQSSIsInJsbSI6ImNsaWVudCIsImN0ZCI6MTUyODM1NTgzMjEzOCwiZW1sIjoia3J6eXN6dG9mLmN6ZXJlcGFrQGdtYWlsLmNvbSIsImlzcyI6IlN5bmVyaXNlIiwiYnBpIjo1OTQsImNsSWQiOjUyNTQ0NjU3NCwinvalidx2XwJp-QBZ94d_EEKf41KtDCE33KhP_vTAYrs-JzbnIHgKRvG6ZRwsNOL8OTnbfbUZH4XYaqBB_tZTPPKfzHutP6GEGp7PLtu2E92JbChkVyrn8VCQ5v4z2e1-zsdgbmWcQk2g9RydaydO6NYO55suT3Hz2ZRv0AYLsG8rM1biZGdREWx9OaknVVuIo2ivehBiukL7VQ6Bu8ugjep3mn-z666a-nCMh6ZuASiQ6Geq0NSWmdDQIoCa5Hg44KzMfGRlCR2uKBXeHTD0SkwJ1VJM0sHNKwSfMXKpaX8OJ5wUJpgCzDzQwKVgxgWFp4eO_sbcvxWrpI7W0lfdCy1WKirnZ6Uh3uJ06v97GQDAQqVgBZFEpS47MrGZhTNuAG4ZbfYO7yyxVO8AHQbEC-UvZ-8DC1XZjvQ6S1uNqQIlVGcthnrxg8K6vKVhNzu6ifQI0bbsCl8bGsKkXOEK1pKR3ekckcSjNeeY2LrcdXs8F2gtkm0TjXU"
}

Authenticate with OAuth without registration Deprecated

Use an OAuth token to obtain a Profile JWT. This method does not create a Profile in Synerise.

This method does not require a Synerise authorization token.

Request Body schema: application/json

accessToken required	string OAuth token
apiKey required	string Profile API key (same as for Profile login)
uuid required	string UUID of the Profile. It is a unique identifier. The value can't include any characters that match the pattern (ECMA flavor): `/([\uD800-\uDBFF][\uDC00-\uDFFF])\|([\r\n\u2028\u2029\u00AD]\|[\uFE00-\uFE0F]\|[\u0000])/`
deviceId	string Unique Android or iOS device ID
	object This object contains the marketing agreements of the Profile. You can also pass the values as strings (`"true"`;`"True"`/`"false"`;`"False"`) or integers (`1` for true and `0` for false).
	object This object contains custom attributes that can have any name (except for reserved attributes, see warning below) and data type, as required by your integration. The attribute names can't include any characters that match the pattern (ECMA flavor): `/[\r\n\u2028\u2029\u00AD\u0000\uFE00-\uFE0F]/` String values: can't include variation selectors (`[\uFE00-\uFE0F]`), unless there are other characters in the string. can't include the "null" control character (`\u0000`) If you want to send a date/time attribute for use in analytics, take the following into account: The date/time should be formatted according to ISO 8601. The time zone of the workspace affects dates/times in the attributes that DON'T have a defined timezone. Example: `2023-10-09T12:00:00` doesn't have a timezone indicator and will be considered as a time in the workspace's time zone. `2023-10-09T12:00:00+02:00` has a timezone indicator (`+02:00`), so the timezone of the workspace doesn't affect it. `2023-10-09T12:00:00Z` is a time in the UTC time zone (denoted by the `Z` at the end), so the timezone of the workspace doesn't affect it. WARNING: Some attributes are reserved and cannot be sent. If you send them, they are ignored. Click to expand the list of reserved attributes `email` `clientId` `phone` `customId` `uuid` `firstName` `lastName` `displayName` `company` `address` `city` `province` `zipCode` `countryCode` `birthDate` `sex` `avatarUrl` `anonymous` `agreements` `tags` `businessProfileId` `time` `ip` `source` `newsletter_agreement` `custom_identify` `firstname` `lastname` `created` `updated` `last_activity_date` `birthdate` `external_avatar_url` `displayname` `receive_smses` `receive_push_messages` `receive_webpush_messages` `receive_btooth_messages` `receive_rfid_messages` `receive_wifi_messages` `confirmation_hash` `ownerId` `zipCode` `anonymous_type` `country_id` `geo_loc_city` `geo_loc_country` `geo_loc_as` `geo_loc_country_code` `geo_loc_isp` `geo_loc_lat` `geo_loc_lon` `geo_loc_org` `geo_loc_query` `geo_loc_region` `geo_loc_region_name` `geo_loc_status` `geo_loc_timezone` `geo_loc_zip` `club_card_id` `type` `confirmed` `facebookId` `status`
tags	Array of strings Tags can be used to group profiles. Tag names (strings): can't include variation selectors (`[\uFE00-\uFE0F]`), unless there are other characters in the string. can't include the "null" control character (`\u0000`)
customId	string If `mappedExternal` is set to FALSE in OAuth settings, this field is required.

Responses

Request samples

Content type

application/json

{"accessToken": "string",
"apiKey": "string",
"uuid": "07243772-008a-42e1-ba37-c3807cebde8f",
"deviceId": "string",
"agreements": {"email": false,
"sms": false,
"push": false,
"webPush": false,
"bluetooth": false,
"rfid": false,
"wifi": false
},
"attributes": {"property1": null,
"property2": null
},
"tags": ["string"
],
"customId": "string"
}

Response samples

200

Content type

application/json

{"token": "eyJhbGciOiinvalidI6IkFQSSIsInJsbSI6ImNsaWVudCIsImN0ZCI6MTUyODM1NTgzMjEzOCwiZW1sIjoia3J6eXN6dG9mLmN6ZXJlcGFrQGdtYWlsLmNvbSIsImlzcyI6IlN5bmVyaXNlIiwiYnBpIjo1OTQsImNsSWQiOjUyNTQ0NjU3NCwinvalidx2XwJp-QBZ94d_EEKf41KtDCE33KhP_vTAYrs-JzbnIHgKRvG6ZRwsNOL8OTnbfbUZH4XYaqBB_tZTPPKfzHutP6GEGp7PLtu2E92JbChkVyrn8VCQ5v4z2e1-zsdgbmWcQk2g9RydaydO6NYO55suT3Hz2ZRv0AYLsG8rM1biZGdREWx9OaknVVuIo2ivehBiukL7VQ6Bu8ugjep3mn-z666a-nCMh6ZuASiQ6Geq0NSWmdDQIoCa5Hg44KzMfGRlCR2uKBXeHTD0SkwJ1VJM0sHNKwSfMXKpaX8OJ5wUJpgCzDzQwKVgxgWFp4eO_sbcvxWrpI7W0lfdCy1WKirnZ6Uh3uJ06v97GQDAQqVgBZFEpS47MrGZhTNuAG4ZbfYO7yyxVO8AHQbEC-UvZ-8DC1XZjvQ6S1uNqQIlVGcthnrxg8K6vKVhNzu6ifQI0bbsCl8bGsKkXOEK1pKR3ekckcSjNeeY2LrcdXs8F2gtkm0TjXU"
}

Authenticate with Sign in with Apple Deprecated

Obtain a new JWT token by using Sign in with Apple authentication token.

This method does not require a Synerise authorization token.

Request Body schema: application/json

accessToken	string Apple token
apiKey	string Profile (formerly "Client") API key
uuid	string UUID of the Profile. It is a unique identifier. The value can't include any characters that match the pattern (ECMA flavor): `/([\uD800-\uDBFF][\uDC00-\uDFFF])\|([\r\n\u2028\u2029\u00AD]\|[\uFE00-\uFE0F]\|[\u0000])/`
deviceId	string Unique Android or iOS device ID
	object This object contains the marketing agreements of the Profile. You can also pass the values as strings (`"true"`;`"True"`/`"false"`;`"False"`) or integers (`1` for true and `0` for false).
	object This object contains custom attributes that can have any name (except for reserved attributes, see warning below) and data type, as required by your integration. The attribute names can't include any characters that match the pattern (ECMA flavor): `/[\r\n\u2028\u2029\u00AD\u0000\uFE00-\uFE0F]/` String values: can't include variation selectors (`[\uFE00-\uFE0F]`), unless there are other characters in the string. can't include the "null" control character (`\u0000`) If you want to send a date/time attribute for use in analytics, take the following into account: The date/time should be formatted according to ISO 8601. The time zone of the workspace affects dates/times in the attributes that DON'T have a defined timezone. Example: `2023-10-09T12:00:00` doesn't have a timezone indicator and will be considered as a time in the workspace's time zone. `2023-10-09T12:00:00+02:00` has a timezone indicator (`+02:00`), so the timezone of the workspace doesn't affect it. `2023-10-09T12:00:00Z` is a time in the UTC time zone (denoted by the `Z` at the end), so the timezone of the workspace doesn't affect it. WARNING: Some attributes are reserved and cannot be sent. If you send them, they are ignored. Click to expand the list of reserved attributes `email` `clientId` `phone` `customId` `uuid` `firstName` `lastName` `displayName` `company` `address` `city` `province` `zipCode` `countryCode` `birthDate` `sex` `avatarUrl` `anonymous` `agreements` `tags` `businessProfileId` `time` `ip` `source` `newsletter_agreement` `custom_identify` `firstname` `lastname` `created` `updated` `last_activity_date` `birthdate` `external_avatar_url` `displayname` `receive_smses` `receive_push_messages` `receive_webpush_messages` `receive_btooth_messages` `receive_rfid_messages` `receive_wifi_messages` `confirmation_hash` `ownerId` `zipCode` `anonymous_type` `country_id` `geo_loc_city` `geo_loc_country` `geo_loc_as` `geo_loc_country_code` `geo_loc_isp` `geo_loc_lat` `geo_loc_lon` `geo_loc_org` `geo_loc_query` `geo_loc_region` `geo_loc_region_name` `geo_loc_status` `geo_loc_timezone` `geo_loc_zip` `club_card_id` `type` `confirmed` `facebookId` `status`
tags	Array of strings Tags can be used to group profiles. Tag names (strings): can't include variation selectors (`[\uFE00-\uFE0F]`), unless there are other characters in the string. can't include the "null" control character (`\u0000`)

Responses

Request samples

Content type

application/json

{"accessToken": "EAAfsMmaWLW0BAOZAqSoh8ZB5y2ZAixtSrlvvq3fpWGlcrfcoWOiAwBCZBpBDlzwHFSZB58nUBjOz2UMuopO7p2Q65QU1ZAiB2XaxRzje0bBd7Tu87f6C2pcoZAP65agWAF0ElZCNyKn4iAtFd9RhppkwU9ll0AokBZBnDroZCIaxE3IHSWGtE567AUrXkZAsQEjYsZAZAcYx0ki1w7XUToy9Wps9NA0OuBdMhruB3htuiukwOFAZDZD",
"apiKey": "5AEAA3D5-E147-C7EB-invalid",
"uuid": "91b8e035-dca3-4805-8915-2cfb01d31fde",
"deviceId": "deviceId",
"agreements": {"email": true,
"sms": true,
"push": true,
"bluetooth": true,
"rfid": true,
"wifi": true
},
"attributes": {"property1": "string",
"property2": "string"
}
}

Response samples

200

Content type

application/json

{"token": "eyJhbGciOiinvalidI6IkFQSSIsInJsbSI6ImNsaWVudCIsImN0ZCI6MTUyODM1NTgzMjEzOCwiZW1sIjoia3J6eXN6dG9mLmN6ZXJlcGFrQGdtYWlsLmNvbSIsImlzcyI6IlN5bmVyaXNlIiwiYnBpIjo1OTQsImNsSWQiOjUyNTQ0NjU3NCwinvalidx2XwJp-QBZ94d_EEKf41KtDCE33KhP_vTAYrs-JzbnIHgKRvG6ZRwsNOL8OTnbfbUZH4XYaqBB_tZTPPKfzHutP6GEGp7PLtu2E92JbChkVyrn8VCQ5v4z2e1-zsdgbmWcQk2g9RydaydO6NYO55suT3Hz2ZRv0AYLsG8rM1biZGdREWx9OaknVVuIo2ivehBiukL7VQ6Bu8ugjep3mn-z666a-nCMh6ZuASiQ6Geq0NSWmdDQIoCa5Hg44KzMfGRlCR2uKBXeHTD0SkwJ1VJM0sHNKwSfMXKpaX8OJ5wUJpgCzDzQwKVgxgWFp4eO_sbcvxWrpI7W0lfdCy1WKirnZ6Uh3uJ06v97GQDAQqVgBZFEpS47MrGZhTNuAG4ZbfYO7yyxVO8AHQbEC-UvZ-8DC1XZjvQ6S1uNqQIlVGcthnrxg8K6vKVhNzu6ifQI0bbsCl8bGsKkXOEK1pKR3ekckcSjNeeY2LrcdXs8F2gtkm0TjXU"
}

Authenticate with Sign in with Apple without registration Deprecated

Use an Apple token to obtain a Profile JWT. This method does not create a Profile in Synerise.

This method does not require a Synerise authorization token.

Request Body schema: application/json

accessToken	string Apple token
apiKey	string Profile (formerly "Client") API key
uuid	string UUID of the Profile. It is a unique identifier. The value can't include any characters that match the pattern (ECMA flavor): `/([\uD800-\uDBFF][\uDC00-\uDFFF])\|([\r\n\u2028\u2029\u00AD]\|[\uFE00-\uFE0F]\|[\u0000])/`
deviceId	string Unique Android or iOS device ID
	object This object contains the marketing agreements of the Profile. You can also pass the values as strings (`"true"`;`"True"`/`"false"`;`"False"`) or integers (`1` for true and `0` for false).
	object This object contains custom attributes that can have any name (except for reserved attributes, see warning below) and data type, as required by your integration. The attribute names can't include any characters that match the pattern (ECMA flavor): `/[\r\n\u2028\u2029\u00AD\u0000\uFE00-\uFE0F]/` String values: can't include variation selectors (`[\uFE00-\uFE0F]`), unless there are other characters in the string. can't include the "null" control character (`\u0000`) If you want to send a date/time attribute for use in analytics, take the following into account: The date/time should be formatted according to ISO 8601. The time zone of the workspace affects dates/times in the attributes that DON'T have a defined timezone. Example: `2023-10-09T12:00:00` doesn't have a timezone indicator and will be considered as a time in the workspace's time zone. `2023-10-09T12:00:00+02:00` has a timezone indicator (`+02:00`), so the timezone of the workspace doesn't affect it. `2023-10-09T12:00:00Z` is a time in the UTC time zone (denoted by the `Z` at the end), so the timezone of the workspace doesn't affect it. WARNING: Some attributes are reserved and cannot be sent. If you send them, they are ignored. Click to expand the list of reserved attributes `email` `clientId` `phone` `customId` `uuid` `firstName` `lastName` `displayName` `company` `address` `city` `province` `zipCode` `countryCode` `birthDate` `sex` `avatarUrl` `anonymous` `agreements` `tags` `businessProfileId` `time` `ip` `source` `newsletter_agreement` `custom_identify` `firstname` `lastname` `created` `updated` `last_activity_date` `birthdate` `external_avatar_url` `displayname` `receive_smses` `receive_push_messages` `receive_webpush_messages` `receive_btooth_messages` `receive_rfid_messages` `receive_wifi_messages` `confirmation_hash` `ownerId` `zipCode` `anonymous_type` `country_id` `geo_loc_city` `geo_loc_country` `geo_loc_as` `geo_loc_country_code` `geo_loc_isp` `geo_loc_lat` `geo_loc_lon` `geo_loc_org` `geo_loc_query` `geo_loc_region` `geo_loc_region_name` `geo_loc_status` `geo_loc_timezone` `geo_loc_zip` `club_card_id` `type` `confirmed` `facebookId` `status`
tags	Array of strings Tags can be used to group profiles. Tag names (strings): can't include variation selectors (`[\uFE00-\uFE0F]`), unless there are other characters in the string. can't include the "null" control character (`\u0000`)

Responses

Request samples

Content type

application/json

{"accessToken": "string",
"apiKey": "string",
"uuid": "07243772-008a-42e1-ba37-c3807cebde8f",
"deviceId": "string",
"agreements": {"email": false,
"sms": false,
"push": false,
"webPush": false,
"bluetooth": false,
"rfid": false,
"wifi": false
},
"attributes": {"property1": null,
"property2": null
},
"tags": ["string"
]
}

Response samples

200

Content type

application/json

{"token": "eyJhbGciOiinvalidI6IkFQSSIsInJsbSI6ImNsaWVudCIsImN0ZCI6MTUyODM1NTgzMjEzOCwiZW1sIjoia3J6eXN6dG9mLmN6ZXJlcGFrQGdtYWlsLmNvbSIsImlzcyI6IlN5bmVyaXNlIiwiYnBpIjo1OTQsImNsSWQiOjUyNTQ0NjU3NCwinvalidx2XwJp-QBZ94d_EEKf41KtDCE33KhP_vTAYrs-JzbnIHgKRvG6ZRwsNOL8OTnbfbUZH4XYaqBB_tZTPPKfzHutP6GEGp7PLtu2E92JbChkVyrn8VCQ5v4z2e1-zsdgbmWcQk2g9RydaydO6NYO55suT3Hz2ZRv0AYLsG8rM1biZGdREWx9OaknVVuIo2ivehBiukL7VQ6Bu8ugjep3mn-z666a-nCMh6ZuASiQ6Geq0NSWmdDQIoCa5Hg44KzMfGRlCR2uKBXeHTD0SkwJ1VJM0sHNKwSfMXKpaX8OJ5wUJpgCzDzQwKVgxgWFp4eO_sbcvxWrpI7W0lfdCy1WKirnZ6Uh3uJ06v97GQDAQqVgBZFEpS47MrGZhTNuAG4ZbfYO7yyxVO8AHQbEC-UvZ-8DC1XZjvQ6S1uNqQIlVGcthnrxg8K6vKVhNzu6ifQI0bbsCl8bGsKkXOEK1pKR3ekckcSjNeeY2LrcdXs8F2gtkm0TjXU"
}

Refresh a Profile token Deprecated

Retrieve a refreshed JWT Token to prolong the Profile session.

The current token must still be active at the time of the request.

API consumers who can use this method: Profile (formerly client), Anonymous profile (formerly client)
This method does not require a Synerise authorization token.

Authorizations:

JWT

Responses

Request samples

curl --request GET 
  --url https://api.synerise.com/sauth/auth/refresh/client 
  --header 'Authorization: Bearer _YOUR_JWT_TOKEN_'

Response samples

200
401

Content type

application/json

{"token": "eyJhbGciOiinvalidI6IkFQSSIsInJsbSI6ImNsaWVudCIsImN0ZCI6MTUyODM1NTgzMjEzOCwiZW1sIjoia3J6eXN6dG9mLmN6ZXJlcGFrQGdtYWlsLmNvbSIsImlzcyI6IlN5bmVyaXNlIiwiYnBpIjo1OTQsImNsSWQiOjUyNTQ0NjU3NCwinvalidx2XwJp-QBZ94d_EEKf41KtDCE33KhP_vTAYrs-JzbnIHgKRvG6ZRwsNOL8OTnbfbUZH4XYaqBB_tZTPPKfzHutP6GEGp7PLtu2E92JbChkVyrn8VCQ5v4z2e1-zsdgbmWcQk2g9RydaydO6NYO55suT3Hz2ZRv0AYLsG8rM1biZGdREWx9OaknVVuIo2ivehBiukL7VQ6Bu8ugjep3mn-z666a-nCMh6ZuASiQ6Geq0NSWmdDQIoCa5Hg44KzMfGRlCR2uKBXeHTD0SkwJ1VJM0sHNKwSfMXKpaX8OJ5wUJpgCzDzQwKVgxgWFp4eO_sbcvxWrpI7W0lfdCy1WKirnZ6Uh3uJ06v97GQDAQqVgBZFEpS47MrGZhTNuAG4ZbfYO7yyxVO8AHQbEC-UvZ-8DC1XZjvQ6S1uNqQIlVGcthnrxg8K6vKVhNzu6ifQI0bbsCl8bGsKkXOEK1pKR3ekckcSjNeeY2LrcdXs8F2gtkm0TjXU"
}

Refresh a Profile token Deprecated

This method is deprecated. Use the v3 method instead.

Retrieve a refreshed JWT Token to prolong the session.

The current token must still be active at the time of the request.

API consumers who can use this method: Profile (formerly client), Anonymous profile (formerly client)
This method does not require a Synerise authorization token.

Authorizations:

JWT

Request Body schema: application/json

apiKey

required

string

Profile (formerly "Client") API key

Responses

Request samples

Content type

application/json

{"apiKey": "string"
}

Response samples

200
401

Content type

application/json

{"token": "eyJhbGciOiinvalidI6IkFQSSIsInJsbSI6ImNsaWVudCIsImN0ZCI6MTUyODM1NTgzMjEzOCwiZW1sIjoia3J6eXN6dG9mLmN6ZXJlcGFrQGdtYWlsLmNvbSIsImlzcyI6IlN5bmVyaXNlIiwiYnBpIjo1OTQsImNsSWQiOjUyNTQ0NjU3NCwinvalidx2XwJp-QBZ94d_EEKf41KtDCE33KhP_vTAYrs-JzbnIHgKRvG6ZRwsNOL8OTnbfbUZH4XYaqBB_tZTPPKfzHutP6GEGp7PLtu2E92JbChkVyrn8VCQ5v4z2e1-zsdgbmWcQk2g9RydaydO6NYO55suT3Hz2ZRv0AYLsG8rM1biZGdREWx9OaknVVuIo2ivehBiukL7VQ6Bu8ugjep3mn-z666a-nCMh6ZuASiQ6Geq0NSWmdDQIoCa5Hg44KzMfGRlCR2uKBXeHTD0SkwJ1VJM0sHNKwSfMXKpaX8OJ5wUJpgCzDzQwKVgxgWFp4eO_sbcvxWrpI7W0lfdCy1WKirnZ6Uh3uJ06v97GQDAQqVgBZFEpS47MrGZhTNuAG4ZbfYO7yyxVO8AHQbEC-UvZ-8DC1XZjvQ6S1uNqQIlVGcthnrxg8K6vKVhNzu6ifQI0bbsCl8bGsKkXOEK1pKR3ekckcSjNeeY2LrcdXs8F2gtkm0TjXU"
}

Authenticate as Profile Deprecated

This method is deprecated. Use the v3 method instead.

Obtain a new JWT token for a Profile. If an account for the Profile does not exist and the identityProvider is different than SYNERISE, this request creates an account.

This method does not require a Synerise authorization token.

Request Body schema: application/json

apiKey required	string Profile (formerly "Client") API key
identityProvider required	string Enum: "SYNERISE" "FACEBOOK" "OAUTH" "APPLE" "GOOGLE" "UNKNOWN" The identity provider.
identityProviderToken	string Third-party authentication token used to authenticate with the Identity Provider. Required if `identityProvider` is different than `SYNERISE`.
email	string Profile email. Required if `identityProvider` is `SYNERISE` and email is the unique identifier (default setting).
customId	any Profile customId. Required if `identityProvider` is `SYNERISE` and customId is the unique identifier (see https://hub.synerise.com/docs/settings/configuration/non-unique-emails/).
password	string Profile password. Required if `identityProvider` is `SYNERISE`.
uuid	string Profile UUID. Required if `identityProvider` is `SYNERISE`.
deviceId	string Unique Android or iOS device ID
	object This object contains the marketing agreements of the Profile. You can also pass the values as strings (`"true"`;`"True"`/`"false"`;`"False"`) or integers (`1` for true and `0` for false).
	object This object contains custom attributes that can have any name (except for reserved attributes, see warning below) and data type, as required by your integration. The attribute names can't include any characters that match the pattern (ECMA flavor): `/[\r\n\u2028\u2029\u00AD\u0000\uFE00-\uFE0F]/` String values: can't include variation selectors (`[\uFE00-\uFE0F]`), unless there are other characters in the string. can't include the "null" control character (`\u0000`) If you want to send a date/time attribute for use in analytics, take the following into account: The date/time should be formatted according to ISO 8601. The time zone of the workspace affects dates/times in the attributes that DON'T have a defined timezone. Example: `2023-10-09T12:00:00` doesn't have a timezone indicator and will be considered as a time in the workspace's time zone. `2023-10-09T12:00:00+02:00` has a timezone indicator (`+02:00`), so the timezone of the workspace doesn't affect it. `2023-10-09T12:00:00Z` is a time in the UTC time zone (denoted by the `Z` at the end), so the timezone of the workspace doesn't affect it. WARNING: Some attributes are reserved and cannot be sent. If you send them, they are ignored. Click to expand the list of reserved attributes `email` `clientId` `phone` `customId` `uuid` `firstName` `lastName` `displayName` `company` `address` `city` `province` `zipCode` `countryCode` `birthDate` `sex` `avatarUrl` `anonymous` `agreements` `tags` `businessProfileId` `time` `ip` `source` `newsletter_agreement` `custom_identify` `firstname` `lastname` `created` `updated` `last_activity_date` `birthdate` `external_avatar_url` `displayname` `receive_smses` `receive_push_messages` `receive_webpush_messages` `receive_btooth_messages` `receive_rfid_messages` `receive_wifi_messages` `confirmation_hash` `ownerId` `zipCode` `anonymous_type` `country_id` `geo_loc_city` `geo_loc_country` `geo_loc_as` `geo_loc_country_code` `geo_loc_isp` `geo_loc_lat` `geo_loc_lon` `geo_loc_org` `geo_loc_query` `geo_loc_region` `geo_loc_region_name` `geo_loc_status` `geo_loc_timezone` `geo_loc_zip` `club_card_id` `type` `confirmed` `facebookId` `status`
tags	Array of strings Tags can be used to group profiles. Tag names (strings): can't include variation selectors (`[\uFE00-\uFE0F]`), unless there are other characters in the string. can't include the "null" control character (`\u0000`)

Responses

Request samples

Content type

application/json

{"apiKey": "string",
"identityProvider": "SYNERISE",
"identityProviderToken": "string",
"email": "string",
"customId": null,
"password": "string",
"uuid": "string",
"deviceId": "string",
"agreements": {"email": false,
"sms": false,
"push": false,
"webPush": false,
"bluetooth": false,
"rfid": false,
"wifi": false
},
"attributes": {"property1": null,
"property2": null
},
"tags": ["string"
]
}

Response samples

Content type

application/json

{"token": "eyJhbGciOiJSUzUxMiJ9.eyJzdinvalidwYmZkM2FkNDg2ZjQ3ZGRiMjE5MSIsImF1ZCI6IkFQSSIsInJsbSI6ImFub255bW91c19jbGllbnQiLCJjdGQiOjE1NTMwMDQxNTkxNTEsImVtbCI6IjYyMjM3NmY4LTAwMDAtMjIyMi1kN2Y5LTA3MGZhOTU2ZTk2M0Bhbm9ueW1vdXMuaW52YWxpZCIsImF1dGgiOiJINHNJQUFBQUFBQUFBSXVPQlFBcHUwd05BZ0FBQUE9PSIsImlzcyI6IlN5bmVyaXNlIiwiYnBpIjo0OCwiY2xJZCI6NDMzMjMwMjg4LCJleHAiOjE1NTMwMDcxNTksImFwayI6IjVBRUFBM0Q1LUUxNDctQzdFQi1ENTlFLUJDRjUwMTA5QTNEMSJ9.QOmSqrneR4mJFv4JdxTYsw_wGcDawDsVQuB-GVTcPPwijiP7lQ_Jzqq2Mypg1BS6WFlfGB8fzqCY9iMF_TdtjmoB4xBrY95ylU8L9qto-9Cw5x5TURkfxq31eryiHe2IteRAEtoVzYg2_s9QhlH6ANVcFOVp8dMno0V9bfMYfeSQa3FkjEbxFsseHkMOiADmp9-tOGtLXO942Ir-2W_Hz3Utlpt4erz0dVJBw8a-mFavPA8EEDWR7ACJNocrVHFkS3wFISh3LqLn6KkXiowaynKlJOEHGctuahzKmF3ZOJ1BvGgKohxF9OXvQs9IdmCfWhYsLr5Q2p04TJJ-MyvTipuggKVioh8mHmOFdfnN-Zused6tXzhZtKPUWTmM8cBKoAOBHExxcMQ8SVSjxnw_7_eLKm7S2wNpu0V-tiPZPCH4wYZXtWBYjmfy0V9ydjXnNunXfgxKixLeFNnONUXxEuqPLvM_xAuonQBXVN4nYrgJv8p8U6_ZlGMPjJq1szfcuBZnzI34LSEWx_nSof0XC5Czm8iG_ihG8naivNWS8h-Q-qKMP_3PPFsLSH4Egh03pH93EJUuNAeSO4RGfUX1wzMvrv1nBC1SM660uFMbq-wkplFBbKnHKMYe-qRs1-lZPG5PwPWJJdpGqOUzbnoMOJYmiq06OHHVQyJSkcEHLCk"
}

Authenticate as Profile (conditional) Deprecated

This method is deprecated. Use the v3 method instead.

Obtain a new JWT token for a Profile.

If the account does not exist, an account is not created.
If any additional conditions are required for logging in, the response is HTTP200 and lists the conditions.
Note that using this endpoint requires authenticating as an anonymous Profile first.
This method does not require a Synerise authorization token.

Authorizations:

JWT

Request Body schema: application/json

apiKey required	string Profile (formerly "Client") API key
identityProvider required	string Enum: "SYNERISE" "FACEBOOK" "OAUTH" "APPLE" "GOOGLE" "UNKNOWN" The identity provider.
identityProviderToken	string Third-party authentication token used to authenticate with the Identity Provider. Required if `identityProvider` is different than `SYNERISE`.
email	string Profile email. Required if `identityProvider` is `SYNERISE` and email is the unique identifier (default setting).
customId	any Profile customId. Required if `identityProvider` is `SYNERISE` and customId is the unique identifier (see https://hub.synerise.com/docs/settings/configuration/non-unique-emails/).
password	string Profile password. Required if `identityProvider` is `SYNERISE`.
uuid	string Profile UUID. Required if `identityProvider` is `SYNERISE`.
deviceId	string Unique Android or iOS device ID
	object This object contains the marketing agreements of the Profile. You can also pass the values as strings (`"true"`;`"True"`/`"false"`;`"False"`) or integers (`1` for true and `0` for false).
	object This object contains custom attributes that can have any name (except for reserved attributes, see warning below) and data type, as required by your integration. The attribute names can't include any characters that match the pattern (ECMA flavor): `/[\r\n\u2028\u2029\u00AD\u0000\uFE00-\uFE0F]/` String values: can't include variation selectors (`[\uFE00-\uFE0F]`), unless there are other characters in the string. can't include the "null" control character (`\u0000`) If you want to send a date/time attribute for use in analytics, take the following into account: The date/time should be formatted according to ISO 8601. The time zone of the workspace affects dates/times in the attributes that DON'T have a defined timezone. Example: `2023-10-09T12:00:00` doesn't have a timezone indicator and will be considered as a time in the workspace's time zone. `2023-10-09T12:00:00+02:00` has a timezone indicator (`+02:00`), so the timezone of the workspace doesn't affect it. `2023-10-09T12:00:00Z` is a time in the UTC time zone (denoted by the `Z` at the end), so the timezone of the workspace doesn't affect it. WARNING: Some attributes are reserved and cannot be sent. If you send them, they are ignored. Click to expand the list of reserved attributes `email` `clientId` `phone` `customId` `uuid` `firstName` `lastName` `displayName` `company` `address` `city` `province` `zipCode` `countryCode` `birthDate` `sex` `avatarUrl` `anonymous` `agreements` `tags` `businessProfileId` `time` `ip` `source` `newsletter_agreement` `custom_identify` `firstname` `lastname` `created` `updated` `last_activity_date` `birthdate` `external_avatar_url` `displayname` `receive_smses` `receive_push_messages` `receive_webpush_messages` `receive_btooth_messages` `receive_rfid_messages` `receive_wifi_messages` `confirmation_hash` `ownerId` `zipCode` `anonymous_type` `country_id` `geo_loc_city` `geo_loc_country` `geo_loc_as` `geo_loc_country_code` `geo_loc_isp` `geo_loc_lat` `geo_loc_lon` `geo_loc_org` `geo_loc_query` `geo_loc_region` `geo_loc_region_name` `geo_loc_status` `geo_loc_timezone` `geo_loc_zip` `club_card_id` `type` `confirmed` `facebookId` `status`
tags	Array of strings Tags can be used to group profiles. Tag names (strings): can't include variation selectors (`[\uFE00-\uFE0F]`), unless there are other characters in the string. can't include the "null" control character (`\u0000`)

Responses

Request samples

Content type

application/json

{"apiKey": "string",
"identityProvider": "SYNERISE",
"identityProviderToken": "string",
"email": "string",
"customId": null,
"password": "string",
"uuid": "string",
"deviceId": "string",
"agreements": {"email": false,
"sms": false,
"push": false,
"webPush": false,
"bluetooth": false,
"rfid": false,
"wifi": false
},
"attributes": {"property1": null,
"property2": null
},
"tags": ["string"
]
}

Response samples

Content type

application/json

{"conditions": ["string"
],
"status": "SUCCESS",
"token": "string"
}

Authenticate anonymously Deprecated

This method is deprecated. Use the v3 method instead.

Obtain a new JWT for an anonymous Profile. The token can be used and refreshed in the same way as tokens of registered Profiles.

This method does not require a Synerise authorization token.

Request Body schema: application/json

apiKey	string Profile (formerly "Client") API key
deviceId	string Unique Android or iOS device ID
uuid	string UUID of the Profile. It is a unique identifier. The value can't include any characters that match the pattern (ECMA flavor): `/([\uD800-\uDBFF][\uDC00-\uDFFF])\|([\r\n\u2028\u2029\u00AD]\|[\uFE00-\uFE0F]\|[\u0000])/`

Responses

Request samples

Content type

application/json

{"apiKey": "string",
"deviceId": "string",
"uuid": "07243772-008a-42e1-ba37-c3807cebde8f"
}

Response samples

200
401

Content type

application/json

{"token": "eyJhbGciOiJSUzUxMiJ9.eyJzdinvalidwYmZkM2FkNDg2ZjQ3ZGRiMjE5MSIsImF1ZCI6IkFQSSIsInJsbSI6ImFub255bW91c19jbGllbnQiLCJjdGQiOjE1NTMwMDQxNTkxNTEsImVtbCI6IjYyMjM3NmY4LTAwMDAtMjIyMi1kN2Y5LTA3MGZhOTU2ZTk2M0Bhbm9ueW1vdXMuaW52YWxpZCIsImF1dGgiOiJINHNJQUFBQUFBQUFBSXVPQlFBcHUwd05BZ0FBQUE9PSIsImlzcyI6IlN5bmVyaXNlIiwiYnBpIjo0OCwiY2xJZCI6NDMzMjMwMjg4LCJleHAiOjE1NTMwMDcxNTksImFwayI6IjVBRUFBM0Q1LUUxNDctQzdFQi1ENTlFLUJDRjUwMTA5QTNEMSJ9.QOmSqrneR4mJFv4JdxTYsw_wGcDawDsVQuB-GVTcPPwijiP7lQ_Jzqq2Mypg1BS6WFlfGB8fzqCY9iMF_TdtjmoB4xBrY95ylU8L9qto-9Cw5x5TURkfxq31eryiHe2IteRAEtoVzYg2_s9QhlH6ANVcFOVp8dMno0V9bfMYfeSQa3FkjEbxFsseHkMOiADmp9-tOGtLXO942Ir-2W_Hz3Utlpt4erz0dVJBw8a-mFavPA8EEDWR7ACJNocrVHFkS3wFISh3LqLn6KkXiowaynKlJOEHGctuahzKmF3ZOJ1BvGgKohxF9OXvQs9IdmCfWhYsLr5Q2p04TJJ-MyvTipuggKVioh8mHmOFdfnN-Zused6tXzhZtKPUWTmM8cBKoAOBHExxcMQ8SVSjxnw_7_eLKm7S2wNpu0V-tiPZPCH4wYZXtWBYjmfy0V9ydjXnNunXfgxKixLeFNnONUXxEuqPLvM_xAuonQBXVN4nYrgJv8p8U6_ZlGMPjJq1szfcuBZnzI34LSEWx_nSof0XC5Czm8iG_ihG8naivNWS8h-Q-qKMP_3PPFsLSH4Egh03pH93EJUuNAeSO4RGfUX1wzMvrv1nBC1SM660uFMbq-wkplFBbKnHKMYe-qRs1-lZPG5PwPWJJdpGqOUzbnoMOJYmiq06OHHVQyJSkcEHLCk"
}

Authenticate as Profile Deprecated

This method is deprecated. Use the v3 method instead.

Obtain a new JWT for a Profile. It is designed to be used from backend server. If an account for the Profile does not exist and the identityProvider is different than SYNERISE, this request creates an account.

API consumer who can use this method: Workspace (formerly Business Profile)
API key Permissions are assigned to API keys (for Profile and Workspace scopes) and dictate which operations are available when using a particular API key. In the application, you can manage those permissions in Settings > API Keys. Remember that Profile and Workspace API keys are separate entities.permission required: SAUTH_SERVER_LOGIN_CLIENT_CREATE

Request Body schema: application/json

ipAddress required	string The IP address of the client device that is logging in.
apiKey required	string Profile (formerly "Client") API key
identityProvider required	string Enum: "SYNERISE" "FACEBOOK" "OAUTH" "APPLE" "GOOGLE" "UNKNOWN" The identity provider.
identityProviderToken	string Third-party authentication token used to authenticate with the Identity Provider. Required if `identityProvider` is different than `SYNERISE`.
email	string Profile email. Required if `identityProvider` is `SYNERISE` and email is the unique identifier (default setting).
customId	any Profile customId. Required if `identityProvider` is `SYNERISE` and customId is the unique identifier (see https://hub.synerise.com/docs/settings/configuration/non-unique-emails/).
password	string Profile password. Required if `identityProvider` is `SYNERISE`.
uuid	string Profile UUID. Required if `identityProvider` is `SYNERISE`.
deviceId	string Unique Android or iOS device ID
	object This object contains the marketing agreements of the Profile. You can also pass the values as strings (`"true"`;`"True"`/`"false"`;`"False"`) or integers (`1` for true and `0` for false).
	object This object contains custom attributes that can have any name (except for reserved attributes, see warning below) and data type, as required by your integration. The attribute names can't include any characters that match the pattern (ECMA flavor): `/[\r\n\u2028\u2029\u00AD\u0000\uFE00-\uFE0F]/` String values: can't include variation selectors (`[\uFE00-\uFE0F]`), unless there are other characters in the string. can't include the "null" control character (`\u0000`) If you want to send a date/time attribute for use in analytics, take the following into account: The date/time should be formatted according to ISO 8601. The time zone of the workspace affects dates/times in the attributes that DON'T have a defined timezone. Example: `2023-10-09T12:00:00` doesn't have a timezone indicator and will be considered as a time in the workspace's time zone. `2023-10-09T12:00:00+02:00` has a timezone indicator (`+02:00`), so the timezone of the workspace doesn't affect it. `2023-10-09T12:00:00Z` is a time in the UTC time zone (denoted by the `Z` at the end), so the timezone of the workspace doesn't affect it. WARNING: Some attributes are reserved and cannot be sent. If you send them, they are ignored. Click to expand the list of reserved attributes `email` `clientId` `phone` `customId` `uuid` `firstName` `lastName` `displayName` `company` `address` `city` `province` `zipCode` `countryCode` `birthDate` `sex` `avatarUrl` `anonymous` `agreements` `tags` `businessProfileId` `time` `ip` `source` `newsletter_agreement` `custom_identify` `firstname` `lastname` `created` `updated` `last_activity_date` `birthdate` `external_avatar_url` `displayname` `receive_smses` `receive_push_messages` `receive_webpush_messages` `receive_btooth_messages` `receive_rfid_messages` `receive_wifi_messages` `confirmation_hash` `ownerId` `zipCode` `anonymous_type` `country_id` `geo_loc_city` `geo_loc_country` `geo_loc_as` `geo_loc_country_code` `geo_loc_isp` `geo_loc_lat` `geo_loc_lon` `geo_loc_org` `geo_loc_query` `geo_loc_region` `geo_loc_region_name` `geo_loc_status` `geo_loc_timezone` `geo_loc_zip` `club_card_id` `type` `confirmed` `facebookId` `status`
tags	Array of strings Tags can be used to group profiles. Tag names (strings): can't include variation selectors (`[\uFE00-\uFE0F]`), unless there are other characters in the string. can't include the "null" control character (`\u0000`)

Responses

Request samples

Content type

application/json

{"ipAddress": "string",
"apiKey": "string",
"identityProvider": "SYNERISE",
"identityProviderToken": "string",
"email": "string",
"customId": null,
"password": "string",
"uuid": "string",
"deviceId": "string",
"agreements": {"email": false,
"sms": false,
"push": false,
"webPush": false,
"bluetooth": false,
"rfid": false,
"wifi": false
},
"attributes": {"property1": null,
"property2": null
},
"tags": ["string"
]
}

Response samples

Content type

application/json

{"token": "eyJhbGciOiJSUzUxMiJ9.eyJzdinvalidwYmZkM2FkNDg2ZjQ3ZGRiMjE5MSIsImF1ZCI6IkFQSSIsInJsbSI6ImFub255bW91c19jbGllbnQiLCJjdGQiOjE1NTMwMDQxNTkxNTEsImVtbCI6IjYyMjM3NmY4LTAwMDAtMjIyMi1kN2Y5LTA3MGZhOTU2ZTk2M0Bhbm9ueW1vdXMuaW52YWxpZCIsImF1dGgiOiJINHNJQUFBQUFBQUFBSXVPQlFBcHUwd05BZ0FBQUE9PSIsImlzcyI6IlN5bmVyaXNlIiwiYnBpIjo0OCwiY2xJZCI6NDMzMjMwMjg4LCJleHAiOjE1NTMwMDcxNTksImFwayI6IjVBRUFBM0Q1LUUxNDctQzdFQi1ENTlFLUJDRjUwMTA5QTNEMSJ9.QOmSqrneR4mJFv4JdxTYsw_wGcDawDsVQuB-GVTcPPwijiP7lQ_Jzqq2Mypg1BS6WFlfGB8fzqCY9iMF_TdtjmoB4xBrY95ylU8L9qto-9Cw5x5TURkfxq31eryiHe2IteRAEtoVzYg2_s9QhlH6ANVcFOVp8dMno0V9bfMYfeSQa3FkjEbxFsseHkMOiADmp9-tOGtLXO942Ir-2W_Hz3Utlpt4erz0dVJBw8a-mFavPA8EEDWR7ACJNocrVHFkS3wFISh3LqLn6KkXiowaynKlJOEHGctuahzKmF3ZOJ1BvGgKohxF9OXvQs9IdmCfWhYsLr5Q2p04TJJ-MyvTipuggKVioh8mHmOFdfnN-Zused6tXzhZtKPUWTmM8cBKoAOBHExxcMQ8SVSjxnw_7_eLKm7S2wNpu0V-tiPZPCH4wYZXtWBYjmfy0V9ydjXnNunXfgxKixLeFNnONUXxEuqPLvM_xAuonQBXVN4nYrgJv8p8U6_ZlGMPjJq1szfcuBZnzI34LSEWx_nSof0XC5Czm8iG_ihG8naivNWS8h-Q-qKMP_3PPFsLSH4Egh03pH93EJUuNAeSO4RGfUX1wzMvrv1nBC1SM660uFMbq-wkplFBbKnHKMYe-qRs1-lZPG5PwPWJJdpGqOUzbnoMOJYmiq06OHHVQyJSkcEHLCk"
}

domain required	string Domain name
verificationMethod required	string Enum: "TXT_RECORD" "FILE_CHECK" "INTERNAL" "NONE" Verification method. The verification string can be retrieved by using this method. TXT_RECORD: the verification string needs to be added to your DNS as a TXT record. FILE_CHECK: the site must include an HTML file whose name is the verification string. The file does not need any content. INTERNAL; NONE - currently not used