API Developer’s

Guide

Publication Date: 25/10/2023

CROSS IDENTITY | INFANTRY TECHNO PARK, AL-RAZACK GROUP, 104, INFANTRY RD,
TASKER TOWN,SHIVAJI NAGAR, BENGALURU, KARNATAKA 560001

www.crossidentity.com 1
Table of Contents
1. Overview......................................................................................................................................... 4
2. Authentication API ......................................................................................................................... 4
2.1 API for User Authentication ....................................................................................................... 5
3. Authorization API ........................................................................................................................... 6
3.1 Authorization Code flow ............................................................................................................ 7
3.2 API for requesting an authorization code ................................................................................. 7
3.3 API for requesting Token ........................................................................................................... 8
4. User Management API ................................................................................................................... 9
4.1 API for Adding a User ................................................................................................................. 9
4.2 API for Updating a User ............................................................................................................ 10
4.3 API for Suspending a User ........................................................................................................ 11
4.4 API for Restoring a Suspended User ........................................................................................ 12
4.5 API for Deleting a User ............................................................................................................. 12
4.6 API for Listing a User ................................................................................................................ 13
5. Role Membership API................................................................................................................... 13
5.1 API for adding a role member .................................................................................................. 13
5.2 API for removing a role member ............................................................................................. 14
6. Event Management API ............................................................................................................... 14
7. Tenant Creation API ..................................................................................................................... 15
8. Passwordless MFA API ................................................................................................................. 16
9. Workflow Management API ........................................................................................................ 17
10. Other CI APIs ............................................................................................................................. 17
10.1 API for Application Attribute ................................................................................................... 17
10.2 API for User Attribute .............................................................................................................. 18
11. Custom Windows Login APIs.................................................................................................... 19
11.1 API for getUserInfo ................................................................................................................... 19
11.2 API for get AuthReq.................................................................................................................. 20
12. Cross Identity APIs Rate limits ................................................................................................. 20
13. Appendix-A: Activities to be done on Application .................................................................. 21
14. Performance Report for the CI APIs......................................................................................... 21
14.1 Authenticate User API .............................................................................................................. 22
14.2 Performance Report for OAuth APIs ....................................................................................... 22
14.2.1 Access Token Authentication API ........................................................................................ 22
14.2.2 OAuth2 Token API ................................................................................................................ 22

www.crossidentity.com 2
14.2.3 OAuth Refresh API ................................................................................................................ 23
14.2.4 OAuth Introspect API ........................................................................................................... 23
14.2.5 OAuth Revoke API ................................................................................................................ 24
14.3 GetUserInfo API ........................................................................................................................ 24
14.4 List User API .............................................................................................................................. 25
14.5 Add User API ............................................................................................................................. 25
14.6 Update User API ....................................................................................................................... 26
14.7 Suspend User API ..................................................................................................................... 26
14.8 Restore User API ....................................................................................................................... 27
14.9 Delete User API......................................................................................................................... 27

www.crossidentity.com 3
1. Overview
Cross Identity (CI) APIs are the primary way that third-party applications and services interact with
Cross Identity to perform various Identity and Access Management use-cases. Developers can use it
to implement basic authentication and authorization functions such as signing in the users CI's
centralized authentication and authorization gateway and programmatically managing IAM objects
such as User Identities and roles.

CI provides below APIs that developers can use:

➢ Authentication API
➢ Authorization API
➢ User Management API
➢ Role Membership API
➢ Event Management API
➢ Tenant Creation API
➢ Passwordless MFA API
➢ Workflow Management API
➢ Other APIs

2. Authentication API
Cross Identity Authentication API provides programmable interface to authenticate users. It can be
used as a standalone API to provide the identity layer on top of your existing application.

The API is targeted for developers who want to build their own end-to-end login experience and to
use Cross Identity User authentication as the back-end process. Primary authentication allows you to
verify username and password credentials for a user.

The third-party applications/services (for ex: custom mobile application) can invoke this API for
authentication. Once CI authenticates the user, it sends back the responses with successful message

www.crossidentity.com 4
to the app. The application can then create the session for that user and allow access to that
application.

2.1 API for User Authentication

POST /api/v1/userAuthn

Every authentication transaction starts with primary authentication which validates a user’s
password credential. Authentication Policy, and MFA Policy are evaluated during primary
authentication to determine if the user's password is expired, an additional authentication
verification is required. The transaction state of the response depends on the user's status, group
memberships and assigned policies.

Request example for registered application:

curl -v -X POST \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
-H "Authorization: SSWS ${api_token}" \
-H "User-Agent: Mozilla/5.0 (Windows NT 10.0;
Win64; x64) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/102.0.0.0 Safari/537.36" \
-H "X-Forwarded-For: 49.137.66.23" \
-d '{
"username": "john.doe@abc.com",
"password": "realpassword"
}' "https://${CI_Tenant}/api/v1/userAuthn"

Response example for registered application:

www.crossidentity.com 5
 {
"status": "SUCCESS",
"sessionToken":
"AxFpz124n68pCXTsMjcX8JPMcgfT2Wiw4LDOhk7YT_",
"user": {
"id": "192562HJYERATNLB12",
"passwordChanged": "2022-01-08T20:14:45.000Z",
"lastLogin": "2022-03-08T20:14:45.000Z",
"profile": {
"login": "john.doe@abc.com",
"firstName": "John",
"lastName": "Doe"
}
}
}

Before developers uses this API, they need to register the application in CI and to generate the API
tokens.

Registered applications

To use CI’s APIs, the applications and services need to be registered with Cross Identity.

Registered applications are the applications and/or servers that are registered in Cross Identity IAM
portal as trusted application and has the privilege to invoke CI APIs using the valid CI API Token.

Cross Identity API tokens

Cross Identity API tokens are used to authenticate requests to CI APIs. It needs to supply a valid API
token in the HTTP Authorization header with a valid token specified as the header value, when
invoking an CI API endpoint.

3. Authorization API
Cross Identity Authorization APIs provides programmable interface to authorize users access various
resources in the application. If you would like to protect the resources in the application and grant
access to these resources to corresponding users, you can use the CI’s Authorization APIs. These APIs
are implemented based on OAuth and OpenID Connect Protocol. The OAuth 2.0 protocol provides
API security via scoped access tokens, and OpenID Connect provides user authentication and single
sign-on (SSO) functionality.

CI supports four different grant types:

1. Authorization Code
2. Implicit grant type
3. Resource Owner Password
4. Client Credentials

Based on the application design, you can choose which OAuth/OIDC flow & grant type that you need
to select for authorization.

www.crossidentity.com 6
 3.1 Authorization Code flow
At a high-level, this flow has the following steps:

1. Your application (app) directs the browser to the Cross Identity's End-User sign-in page.

Before implementing this redirect request to the Cross Identity Authentication, you need to
on-board your app in CI as OAuth application or OIDC Application to obtain a client ID to
embed in your request. See API for requesting an authorization code.

2. CI redirects the authentication prompt to the user and authenticates the user.

For CI to authenticate the user credentials, the user identity data should be in CI. Refer Add
Users, Import Users from Identity Sources, and imports users using CSV in documentation
portal to on-abord users into CI’s Universal Identity Directory:

➢ https://docs.crossidentity.com/docs/5-manage-identities
➢ https://docs.crossidentity.com/docs/91-identity-sources-3
➢ https://docs.crossidentity.com/docs/46-import-from-csv
3. CI sends the Authorization code to the app.
After the user is authenticated, the browser receives an authorization code from Cross
Identity. The authorization code is passed to your app.
4. The app sends this code and the client secret to CI.
See Exchange the code for tokens.
5. CI returns access and ID tokens, and optionally a refresh token.
Your app can now use these tokens to call the resource server (for example an API) on behalf
of the user. The resource server validates the token before responding to the request.

3.2 API for requesting an authorization code

GET <tenant_URL>/oauth2

This is a starting point for browser-based OAuth/OIDC flows such as the implicit and authorization
code flows. This request authenticates the user and returns tokens along with an authorization grant
to the client application as a part of the callback response.

Request Syntax:

curl -v -X GET ${CI_Tenant}/oauth2 \

?client_id=${clientID} \
&redirect_uri=${appURL} \
&scope=${scope} \
&response_type=code \
&response_mode=fragment \
&state=${state} \
&nonce=${nonce}

www.crossidentity.com 7
Request Parameters:

The following parameters can be passed as a part of the URL-encoded form values to the API:

Parameter Description
clientID Obtained when you on-board this application in CI
appURL Callback location where the authorization code or tokens should be
sent. It must match the value preregistered in CI when you on-board
this application in CI.
scope openid, profile, email, address, and phone are available to ID tokens
and access tokens.
response_type Any combination of code, token, and id_token.
response_mode How the authorization response should be returned. Valid values:
fragment, form_post, or query.
state A value to be returned in the token.
nonce The value is required for Implicit and Hybrid flows, but optional for
Auth Code flows.

Response Syntax:

Authorization Code: " eIJ5rRbL4dQHxpXe2XvtRbhFh466o1"

3.3 API for requesting Token

POST <tenant_URL>/oauth2token

This endpoint returns access tokens, ID tokens, and refresh tokens depending on the request
parameters.

Request Syntax:

curl -v -X POST \
-H "Content-type:application/x-www-form-
urlencoded" \
"https://${CI_Tenant}/oauth2token" \
-d "client_id=${clientId}
&client_secret=${clientSecret}
&grant_type=authorization_code
&redirect_uri=${redirectUri}
&code=${code}"

Request Parameters:
Parameters Description
clientID Obtained when you on-board this application in CI
clientSecret Obtained when you on-board this application in CI.
redirectUri Callback location where the authorization code or tokens should be sent. It
must match the value preregistered in CI when you on-board this
application in CI.

www.crossidentity.com 8
 grant_type Can be one of the following: authorization_code, password,
client_credentials, or refresh_token.
code Required if grant_type is authorization_code. The value is what was
returned from the authorization endpoint (API for requesting Authorization
Code). The code has a lifetime of 300 seconds.

Response Syntax:

{
"access_token" : "MIPAqvFFLpIIBIllzv6FPsFjPEsB2N",
"token_type" : "bearer",
"expires" : "3600",
"scope" : "openid",
"id_token" :
"eyJhbGciOiJub25lIn0.eyJhdWQiOiJqUnB4TFZWNzYyT3YzWHR5YW
5mTyIsInN1YiI6InByYW1vZC5iaGFza2FyIiwiYXpwIjoialJweExWV
jc2Mk92M1h0eWFuZk8iLCJpc3MiOiJodHRwOlwvXC9xYS1pZ2EtYW1t
LWNiLmNvbXBhY3RpZGVudGl0eXFhLmNvbVweyJhdWQiOiJqUnB4TFZW
NzYyT3YzWHR5YW5mTyIsInN1YiI6InByYW1vZC5iaGFza2FyIiwiYXp
wIjoialJweExWVjc2Mk92M1h0eWFuZk8iLCJpc3MiOiJodHRwOlwvXC
9xYS1pZ2EtYW1tLWNiLmNvbXBhY3RpZGVudGl0eXFhLmNvbVwvIiwiZ
XhwIjoxNjU3ODA1ODQwLCJpYXQiOjE2NTc4MDQwNDB9."
}

4. User Management API

The User Management APIs provide operations to manage users in the organization. These users are
managed and maintained in Cross Identity's Universal Identity Directory.

User operations:

➢ Add User
➢ Edit User
➢ Suspend User
➢ Restore User
➢ Delete User

4.1 API for Adding a User

POST /CIDSaas/<tenant_id>/api/addUser

Creates a new user in Cross Identity's Universal Identity Store. The user details need to be provided
in JSON format to this API.

Request Syntax:

www.crossidentity.com 9
 curl -v -X POST \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
-H "Authorization: SSWS ${api_token}" \
-H "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64;
x64) AppleWebKit/537.36 (KHTML, like Gecko)
Chrome/102.0.0.0 Safari/537.36" \
-H "X-Forwarded-For: 49.137.66.23" \
-d '{user:{
"username": ${username},
"firstName": ${FirstName},
"lastName": ${LastName},
"fullName": ${FullName},
"emailAddress": ${email},
"mobile": ${mobile},
"department": ${dept},
"jobTitle": ${title},
"location":${locatoin}
}' "https://${CI_Tenant}/api/v1/addUser"

Below is the sample AJAX request:

var user = {};

user.username="test.user";
user.firstName="test";
user.lastName="user";
user.fullName="test user";
user.emailAddress="test.user@ilan.com";
user.mobile="919886396213";
var userstr = JSON.stringify(user);
$.ajax({
url: "https://ci-
demo.ilantus.com/CIDSaas/api/v1/addUser",
type: "POST",
data:{user:userstr},
headers: { 'X-CSRF-TOKEN' :csrfToken },
success: function(response){alert("success");},
error:function(response){ alert("error");}
});

Below is the sample response:

{result:succ} or {result:fail}

4.2 API for Updating a User

POST /CIDSaas/<tenant_id>/api/editUser

Updates the user profile in Cross Identity's Universal Identity Store. The user details that need to be
updated should be provided in JSON format to this API.

www.crossidentity.com 10
Request Syntax:

curl -v -X POST \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
-H "Authorization: SSWS ${api_token}" \
-H "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64;
x64) AppleWebKit/537.36 (KHTML, like Gecko)
Chrome/102.0.0.0 Safari/537.36" \
-H "X-Forwarded-For: 49.137.66.23" \
-d '{"username": ${username},
user:{
"firstName": ${FirstName},
"lastName": ${LastName},
"fullName": ${FullName},
"emailAddress": ${email},
"mobile": ${mobile},
"department": ${dept},
"jobTitle": ${title},
"location":${locatoin}
}
}' "https://${CI_Tenant}/api/v1/editUser"

Below is the sample AJAX request:

var user = {};

username="test.user";
user.firstName="test";
user.lastName="user";
user.fullName="test user";
user.emailAddress="test.user@ilan.com";
user.mobile="919886396213";
var userstr = JSON.stringify(user);
$.ajax({
url: "https://ci-
demo.ilantus.com/CIDSaas/api/v1/editUser",
type: "POST",
data:{ "username":username, user:userstr},
headers: { 'X-CSRF-TOKEN' :csrfToken },
success: function(response){alert("success");},
error:function(response){ alert("error");}
});

Below is the sample response:

{result:succ} or {result:fail}

4.3 API for Suspending a User

POST /CIDSaas/<tenant_id>/api/suspendUser

www.crossidentity.com 11
Suspending a user in Cross Identity's Universal Identity Store. The user details need to be provided in
JSON format to this API.

Request Syntax:

curl -v -X POST \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
-H "Authorization: SSWS ${api_token}" \
-H "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64;
x64) AppleWebKit/537.36 (KHTML, like Gecko)
Chrome/102.0.0.0 Safari/537.36" \
-H "X-Forwarded-For: 49.137.66.23" \
-d '{
"username": ${username}
}' "https://${CI_Tenant}/api/v1/suspendUser"

Below is the sample response:

{result:succ} or {result:fail}

4.4 API for Restoring a Suspended User

POST /CIDSaas/<tenant_id>/api/restoreUser

Restores a suspended user in Cross Identity's Universal Identity Store. The user details need to be
provided in JSON format to this API.

Request Syntax:

curl -v -X POST \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
-H "Authorization: SSWS ${api_token}" \
-H "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64;
x64) AppleWebKit/537.36 (KHTML, like Gecko)
Chrome/102.0.0.0 Safari/537.36" \
-H "X-Forwarded-For: 49.137.66.23" \
-d '{
"username": ${username}
}' "https://${CI_Tenant}/api/v1/restoreUser"

Below is the sample response:

{result:succ} or {result:fail}

4.5 API for Deleting a User

POST /CIDSaas/<tenant_id>/api/deleteUser

www.crossidentity.com 12
Deletes a user in Cross Identity's Universal Identity Store. The user details need to be provided in
JSON format to this API.

Request Syntax:

curl -v -X POST \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
-H "Authorization: SSWS ${api_token}" \
-H "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64;
x64) AppleWebKit/537.36 (KHTML, like Gecko)
Chrome/102.0.0.0 Safari/537.36" \
-H "X-Forwarded-For: 49.137.66.23" \
-d '{
"username": ${username}
}' "https://${CI_Tenant}/api/v1/deleteUser"

Below is the sample response:

{result:succ} or {result:fail}

4.6 API for Listing a User

POST /CIDSaas/<tenant_id>/api/listusers

Lists all user in Cross Identity's Universal Identity Store.

Below is the sample AJAX request:

var users = {};

user.username="test";
var userstr = JSON.stringify(users);
$.ajax({
url: "http://localhost:8080/Fluid/100/api/listusers",
type: "POST",
data:{user:userstr},headers: { 'X-CSRF-TOKEN' :csrfToken
},
success: function(response){
alert("success");
}, error:function(response){ alert("error");
} });

Below is the sample response:

{result:succ} or {result:fail}

5. Role Membership API

5.1 API for adding a role member
To add a member into the role, you can use the POST method and provide the necessary payload.
The payload typically includes the requestedBy, requestedFor, rolelist and any additional input
variables required by the workflow.

www.crossidentity.com 13
POST <tenant_URL>/CIDSaas/default/user/addrolememberapi

HTTP/1.1 Content-Type: application/json

{
"requestedBy":"API",
"requestedFor":"Chethan",
"trigerprove":"true",
"rolelist":[{"rolename":"MVPtest"}],
"duration":"20",
"Comments":"Specific comments",
"authToken":"k4mLGqIKocGWlLwTtUyc29KhvED83gpvgcmHnh4JmLomt0hm
yQ489TsMmcTT46DGJ5b7"
}

5.2 API for removing a role member

To remove member from the role, you can use the POST method and provide the necessary payload.
The payload typically includes the requestedBy, requestedFor, rolelist and any additional input
variables required by the workflow.

POST <tenant_URL>/CIDSaas/default/user/removerolememberapi

HTTP/1.1 Content-Type: application/json

{
"requestedBy":"API",
"requestedFor":"Chethan",
"trigerprove":"true",
"rolelist":[{"rolename":"MVPtest"}],
"duration":"20",
"Comments":"Specific comments",
"authToken":"k4mLGqIKocGWlLwTtUyc29KhvED83gpvgcmHnh4JmLomt0hm
yQ489TsMmcTT46DGJ5b7"
}

6. Event Management API

This module is used to fetch events data with help of API, This Module provides OAUTH2 Security.
The Cross Identity Events API provides read access to your organization's system log.

POST <tenant_URL>/ciapi/events

www.crossidentity.com 14
 curl -–location
'https://crossidentity.crossidentityqa.com/ciapi/events?
eventName=&eventStartDate=&eventEndDate=&pageNumber=0&pa
geSize=10'

--
header 'Authorization: Bearer HTUDY0j3sC7rwrZlLF0oAUm3cC
yOJs'

Body:
{
"eventName": "Lock",
"eventStartDate": "",
"eventEndDate": "",
"pageNumber": 0,
"pageSize": 100
}

Below is the sample response:

Event data will be generated.

7. Tenant Creation API

To create a client using the Cross Identity API, you typically need to make an HTTP request to the
appropriate endpoint with the required parameters and authorization credentials.

www.crossidentity.com 15
In this example, the endpoint is https://crossid.example.com/ClientCreation/cient/apiaddclient
You can replace ‘crossid.example.com’ with the respective tenant URLs while using the API.

curl -–location
'http://localhost:5599/CID_Saas/client/apiaddclient'
--form ‘clientobj=”{
\"client_name\": \"abhiDev25\",
\"client_url\": \"abhi-dev25.com\",
\"email\": \"abhishek.gs@crossidentity.com\",
\"mobile\": \"7411163311\",
\"address\": \"bellary\",
\"countryselectedtype\": \"in\",
\"username\": \"admin.abhi25\",
\"firstName\":\"admin.abhi25\",
\"lastName\":\"admin.abhi25\",
\"fullName\":\"admin.abhi25\",
\"email_id\": \"abhishek.gs@crossidentity.com\",
\"phone\": \"7411163311\",
\"password\": \"Pasw0rd@1\",
\"countryselectedtype1\": \"in\",
\"noofusers\": 1000,
\"Startdate\": \"03/05/2023\",
\"duration\": 500,
\"enddate\": \"14/9/2024\",
\"mod\": {
\"aam\": true,
\"iga\": true
},
\"license_type\": \"consumption_based\",
\"msp\": 1000,
\"maxsp\": 1000,
\"tenantId\": 100,
\"clientid\": 19,
\"uploadlogofilename\": \"pic.png\",
\"clienttype\": \"On Premise\"
}"' \

--form
'clientlogo=@"/C:/Users/abhishek.gs/Downloads/pic.png"'

8. Passwordless MFA API

By using a passwordless API for third-party application authentication, you can offer your users a
more secure and user-friendly way to log in to your application, while also reducing the risk of
password-related security breaches.

Implementing a passwordless API for third-party application authentication will execute the
following flow:

1. The user requests access for the resource.

2. The Resource is enabled with Passwordless API authentication mechanism, and it sends the
authentication request to Cross Identity (CI).
3. End-user receives the push notification to authenticate.

www.crossidentity.com 16
 4. If authentication is successful, user will get seamless application access.

POST <tenant_URL>/CIDSaas/default/authenticateuser?username=

Parameters: In above endpoint username of the user who has be authenticated should be passed.

Below is the sample response:

{“result”: “success”, “message”: “User Authenticated

Successfully”}

{“result”: “fail”, “message”: “Error Occurred while

Authenticating User” Successfully”}

9. Workflow Management API

To start a workflow programmatically, you can use the POST method and provide the necessary
payload. The payload typically includes the requestedBy, requestedFor, and any additional input
variables required by the workflow.

POST <tenant_URL>/CIDSaas/default/user/accessRequest

HTTP/1.1 Content-Type: application/json

{
"requestedBy":"API",
"requestedFor":"sss53a",
"entity": {
"entityType":"role",
"entityName":"GV2",
"parentEntity":""
},
"duration":"20",
"Comments":"Specific comments",

"authToken":"k4mLGaILoMGWnLwSskyd3dKmvkD83glohc+HvA4RmK0nt0pmyQ
489TsMmcTT46DGJ5b7"
}

10. Other CI APIs

Cross Identity has a feature where custom User/Application Attribute can be updated with help of
API. These APIs are used for the List and Dropdown type of Attributes.

10.1 API for Application Attribute

➢ For populating Application Attribute values:
POST <tenant_URL>/ CIDSaas/default/user/populateApplicationAttributeValues

www.crossidentity.com 17
 {
"attributetype":"DROPDOWN",
"attributename":"DropAPI",
"attributevalue”:
["Jan","Feb","Mar","Apr","May","Jun","Jul","Aug","Sep"] ,
"authToken":"k4mLGqIKqMGXkLwTukyf3NKgtkD62Qhqi5HcpBZbz/l87BdkwA
g1/zoOkME=",
"defaultvalue":"Jan"
}

Below is the sample response:

{"result":"Success","message":{"attribute_name":"DropAPI","sta
tus":"Success"}}

➢ Application attribute API for Attribute Type list:

POST <tenant_URL>/ CIDSaas/default/user/populateApplicationAttributeValues

{
"attributetype":"LIST",
"attributename":"TESTAPILIST",
"attributevalue":['demo1','demo2','demo3','demo4','demo5','demo
6','demo7','demo8','demo9','demo10'],
"authToken":"k4mLGqIKqMGXkLwTu0yf2NKhvkD62Qhqi5HcpBZbz/l87BdkwA
g1/zoOkME="
}

➢ Below is the sample response:

{"result":"Success","message":{"attribute_name":"TESTAPILIST",
"status":"Success"}}

10.2 API for User Attribute

➢ For populating User Attribute values:
POST <tenant_URL>/ CIDSaas/default/user/populateUserAttributeValues

{
"attributetype":"DROPDOWN",
"attributename":"TESTUSERAPI",
"attributevalue”:
[{"elename":"Jan","elevalue":"Month1"},{"elename":"Feb","eleval
ue":"Month2"},{"elename":"Mar","elevalue":"Month3"},{"elename":
"Apr","elevalue":"Month4"},{"elename":"May","elevalue":"Month5"
},{"elename":"Jun","elevalue":"Month6"}],
"authToken":"k4mLGqIKqMGXkLwTu0yf2NKhvkD62Qhqi5HcpBZbz/l87BdkwA
g1/zoOkME="
}

www.crossidentity.com 18
Below is the sample response:
➢ User attribute API for Attribute Type list:
➢ For populating User Attribute type:
POST <tenant_URL>/ CIDSaas/default/user/populateUserAttributeValues

{
"attributetype":"LIST",
"attributename":"TESTUSERLISTAPI",
"attributevalue":['demo1','demo2','demo3','demo4','demo5','demo
6','demo7','demo8','demo9','demo10'],
"authToken":"k4mLGqIKqMGXkbwTt0yc3NKhukD62Qhqi5HcpBZbz/l87BdkwA
{"result":"Sucess","message”:
g1/zoOkME=",
{"attribute_name":"TESTUSERAPI","status":"Sucess"}}
"defaultvalue":"demo1"
}

Below is the sample response:

{"result":"Sucess","message":{"attribute_name":"TESTUSERLISTAP
I","status":"Sucess"}}

11. Custom Windows Login APIs

11.1 API for getUserInfo
“<tenant_URL>/getUserInfo”: retrieves the user's authentication policy information.
You can replace ‘crossid.example.com’ with the respective tenant URLs while using the API.

curl --location
'https://crossid.example.com/CIDSaas/api/getUserInfo' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--header 'Cookie: JSESSIONID=97C118F7F0689709727915704196FB5A;
AWSALB=r6BOUiDKCRghxRY+gFapWMGElMh6uyz/QuVA369niwIp90AvL02Esu5F
MJjuEmTtoy3UAEtLCckllu7uA3ZBz1hQa6oAHhi8s6moWWhrm+GCbyYbHeS3F9n
3Q/En;
AWSALBCORS=r6BOUiDKCRghxRY+gFapWMGElMh6uyz/QuVA369niwIp90AvL02E
su5FMJjuEmTtoy3UAEtLCckllu7uA3ZBz1hQa6oAHhi8s6moWWhrm+GCbyYbHeS
3F9n3Q/En' \
--data-urlencode 'username=test.user1'

Below is the sample response:

{"username":"test.user1","userStatus":"ACTIVE","usersAuthtype"
:"CI","mfaType":{"email":"true","sms":"false","softtoken":"tru
e","cr":"false"},"secretKey":"5Izobt55przrl9B7wSzlsw==","updat
ionDate":"2023-10-17 14:57:40","result":"succ"}

www.crossidentity.com 19
 11.2 API for get AuthReq
“<tenant_URL>/AuthReq”: retrieves the user's authentication status.

curl --location
'https://crossid.example.com/CIDSaas/api/authReq' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--header 'Cookie: JSESSIONID=97C118F7F0687709727915704196FB5A;
AWSALB=tGrY5F+S5Kk/FldPJzDZ9UQhRCqcU66GTzI+6WwnyMThg0yzKLTS5qlF
ldpdV1LiYXjhTQgP5jneh6WO0fVlHiBc+8tVc6UaX6DhVVUEx9AjBf+3px8JW/S
7eFF+;
AWSALBCORS=tGrY5F+S5Kk/FldPJzDZ9UQhRCqcU66GTzI+6WwnyMThg0yzKLTS
5qlFldpdV1LiYXjhTQgP5jneh6WO0fVlHiBc+8tVc6UaX6DhVVUEx9AjBf+3px8
JW/S7eFF+' \
--data-urlencode 'username=test.user1' \
--data-urlencode 'password=4svWW+Ze0N0=' \
--data-urlencode 'authType=CI'

Below is the sample response:

{result:succ} or {result:fail}

Note: The password value should be sent in base64-encoded format for this process.

12. Cross Identity APIs Rate limits

The API rate limits for authentication and end-user activities, which is part of Cross Identity. The
following list of per-minute limits.

API Endpoint End Point Production Trial

Authenticate /api/v1/UserAuthn 600 100
OAuth2 requests /user/oauth2 600 100
/user/oauth2/introspect
/user/oauth2tokenrefresh
/user/oauth2tokenrevoke
/user/oauth2token
OAuth token login /user/tokenlogin 600 100
SAML request /app/templatesaml2.0/sso/saml 600 100
Create or list users /CIDSaas/<tenant_id>/api/listusers 600 100
/CIDSaas/<tenant_id>/api/addUser
Update or delete a /CIDSaas/<tenant_id>/api/editUser 600 100
user by username /CIDSaas/<tenant_id>/api/suspendUser
/CIDSaas/<tenant_id>/api/restoreUser
Get System Log <tenant_URL>/ciapi/events 50 20
data

www.crossidentity.com 20
Add/Remove a <tenant_URL>/CIDSaas/default/user/addrolememberapi 600 100
member from a <tenant_URL>/CIDSaas/default/user/removerolememberapi
role by username

13. Appendix-A: Activities to be done on Application

Below activities to be done on the application to use the User Authentication API:

➢ Call Cross Identity Authentication API with required inputs in its authentication module.
➢ Process the response from CID and create session for that user if CID provides successful
authentication response and allow user to access the application.
➢ Show the proper message to user if CID provides unsuccessful authentication response.

Detailed Steps:

Application invokes the below authentication API to delegate the authentication to Cross Identity to
achieve authentication on the mobile application (APK based application).

Follow the below steps to allow APK based application to perform authentication through Cross
Identity.

I. Application uses the Cross Identity Authentication API as given below. URL:
http://<UAT_Cross Identity URL>/api/v1/userAuthn
Example – https://ci-demo.ilantus.com/CIDSaas/api/v1/authuser
II. Below is the sample code snippet of calling the authentication API using the JavaScript.
var user = {};
user.username="test.user01";//CID
username user.cred="Password";//CID
password
user.domain = "addomain.com";//Active Directory Domain
name, if needed
var userstr = JSON.stringify(user);
$.ajax({ url:
“https://ci-demo.ilantus.com/crossidentity/api/v1/userAuthn",
type: "POST", data:{user:userstr}, success: function(response){
alert("success");
var presp = JSON.parse(response); alert(presp.auth);
},
error:function(response){ alert("error"); }
});

14. Performance Report for the CI APIs

This performance report provides an overview of the performance metrics and analysis of the APIs
implemented in Cross Identity.

www.crossidentity.com 21
14.1 Authenticate User API
API: /CIDSaas/default/authenticateuser?

14.2 Performance Report for OAuth APIs

14.2.1 Access Token Authentication API

14.2.2 OAuth2 Token API

API: /CIDSaas/default/user/oauth2token

www.crossidentity.com 22
14.2.3 OAuth Refresh API
API: /CIDSaas/default/user/oauth2refreshtoken

14.2.4 OAuth Introspect API

API: /CIDSaas/default/user/oauth2tokeninfo

www.crossidentity.com 23
14.2.5 OAuth Revoke API
API: /CIDSaas/default/user/oauth2tokenrevoke

14.3 GetUserInfo API

API: /CIDSaas/default/getuserInfo?

www.crossidentity.com 24
14.4 List User API
API: /CIDSaas/<tenant_id>/api/listusers

14.5 Add User API

API: /CIDSaas/<tenant_id>/api/addUser

www.crossidentity.com 25
14.6 Update User API
API: /CIDSaas/<tenant_id>/api/editUser

14.7 Suspend User API

API: /CIDSaas/<tenant_id>/api/suspendUser

www.crossidentity.com 26
14.8 Restore User API
API: /CIDSaas/<tenant_id>/api/restoreUser

14.9 Delete User API

API: /CIDSaas/<tenant_id>/api/deleteUser

www.crossidentity.com 27
www.crossidentity.com 28