OTDS API Endpoints

Common API Endpoints available in OpenText

Directory Services

The Information Company

 OTDS API Endpoints

Contents
1 Context .............................................................................................................. 3
2 OAuth 2.0 and OpenID Connect 1.0 ............................................................... 3
2.1 OAuth2 endpoints ...................................................................................... 3
2.2 OpenID Connect metadata endpoint ......................................................... 4
3 SCIM 2.0 ............................................................................................................ 5
3.1 Base URL .................................................................................................. 5
4 REST API .......................................................................................................... 6
About OpenText ................................................................................................ 7

The Information Company 2

 OTDS API Endpoints

1 Context
OpenText Directory Services (OTDS) is deployed and configured. See the OTDS
Administration Guide for details on configuring any of the items mentioned in this
document.

This document provides general information for integrating with OTDS using
OAuth2 for authentication and SCIM 2.0 for user/group synchronization. Specific
requirements from any OpenText product might be required. Check the
documentation for the specific product for details.

2 OAuth 2.0 and OpenID

Connect 1.0
OTDS supports the OAuth 2.0 and OpenID Connect 1.0 authentication flows to
obtain an access token that can be used with OpenText products that are
integrated with OTDS. The implementation follows IETF RFC6749 for OAuth2 and
the OIDC specification.

2.1 OAuth2 endpoints

Prerequisites:

• An OAuth client for the integration must be registered using the OTDS
Admin UI.

Auth Endpoint:
{OTDS URL}/otdsws/oauth2/auth

Token Endpoint:
{OTDS URL}/otdsws/oauth2/token

Swagger Endpoint:
{OTDS URL>}/otdsws/oauth2

The Information Company 3

 OTDS API Endpoints

Supported Authorization Grants:

• Authorization Code
• Implicit
• Resource Owner Password Credentials
o Supported only on accounts for which OTDS stores the password
or can otherwise connect directly to the user’s directory to validate
the password
• Client Credentials
• SAML Bearer Assertion
o Subject to a suitable SAML 2.0 authentication handler being
configured in OTDS
• JWT Bearer
o Subject to a suitable OIDC authentication handler being configured
in OTDS

Commonly used Scopes:

Scope Meaning
resource:<resourceID/Name> The resulting access token is limited in
scope to be used only with the specified
resource.
otdsssoticket Return a legacy “OTDS ticket” in lieu of an
OAuth2 access token.
The resulting access token will contain a
otds:groups ‘grp’ claim, containing the IDs of the groups
to which the authenticated user belongs.
The resulting access token will contain a
otds:roles ‘role’ claim, containing the IDs of the
application roles (configured in OTDS)
assigned to the user.
Restricts the groups and roles included in
rgpartition:<partitionName> the token to those in the specified partition.
This is useful to reduce the size of the
access token.

Note: These are the scopes specific to OTDS. Other scopes may be defined/used
by specific applications, as configured on the OAuth client.

2.2 OpenID Connect metadata endpoint

{OTDS URL}/otdsws/.well-known/openid-configuration

The Information Company 4

 OTDS API Endpoints

3 SCIM 2.0
OTDS supports a SCIM 2.0 server implementation for synchronizing users and
groups into a specific partition. The implementation follows IETF RFC7642,
RFC7643, and RFC7644.

Supported schemas:
urn:ietf:params:scim:schemas:core:2.0:User
urn:ietf:params:scim:schemas:extension:enterprise:2.0:User
urn:ietf:params:scim:schemas:core:2.0:Group

3.1 Base URL

Prerequisites:

• An OAuth client is registered in OTDS for the identity provider

• A partition to host the identity provider’s users and groups has been
created

SCIM 2.0 Base URL:

{OTDS URL}/otdsws/scim/{PartitionName}

Swagger Endpoint:

{OTDS URL}/otdsws/scim/{PartitionName}

Authentication:

Authentication to the OTDS SCIM endpoint is done using an OAuth2 Bearer token
obtained from the OTDS OAuth2 endpoint. The principal represented in the bearer
token must have administration rights to the partition being used in the SCIM Base
URL. This can be accomplished either by:

• Assigning the principal to be an OTDS administrator

• Assigning the principal to be an administrator the specific partition only
• The OAuth client used does not need administration rights unless the
client_credentials grant is used.

The Information Company 5

 OTDS API Endpoints

4 REST API
OTDS has a proprietary REST API that can be used to perform all administration
functions that can be done using the OTDS Admin UI.

REST API Base URL:

{OTDS URL}/otdsws/rest

Swagger Endpoint:

{OTDS URL}/otdsws/rest

The REST API supports OAuth2 bearer tokens for authentication, obtained from
the OTDS OAuth2 endpoint.

The Information Company 6

 OTDS API Endpoints

About OpenText
OpenText enables the digital world, creating a better way for organizations to work with
information, on-premises or in the cloud. For more information about OpenText
(NASDAQ/TSX: OTEX), visit opentext.com.

Connect with us:

OpenText CEO Mark Barrenechea’s blog

Twitter | LinkedIn

opentext.com/contact
Copyright © 2020 Open Text. All rights reserved. Trademarks owned by Open Text.