User groups#
Attention
To call services, the system must obtain an access token to system permission blitz_groups and include it in all called services.
Groups in Blitz Identity Provider are described by the following attributes:
idis the ID of the group in Blitz Identity Provider;nameis the name of the user group.
Getting group attributes by id#
GET https://login.company.com/blitz/api/v2/grps/{id}
Getting the attributes of the group, if the id of the group is known.
profileis the name of the profile of user groups (for example,orgs);expandis the valuetrue, indicating that it is necessary to return all the attributes of the group.
Example
GET /blitz/api/v2/grps/14339e8e-a665-4556-92f1-5c348eff6696?profile=orgs HTTP/1.1
Authorization: Bearer cNwIXatB0wk5ZHO0xG5kxuuLubesWcb_yPPqLOFWDuwzMDc0Nz
Cache-Control: no-cache
{
"instanceId": "Mzg…nU",
"id": "14339e8e-a665-4556-92f1-5c348eff6696",
"OGRN": "1234567890329",
"INN": "7743151614",
"name": "ООО Тестовая компания",
"profile": "orgs"
}
Search for a group by attribute#
GET https://login.company.com/blitz/api/v2/grps
Search for a group by attribute and getting all its attributes if the id of the group is unknown.
profileis the name of the user groups profile;rqlis a search query for group attributes in the format Resource Query Language (RQL).Operations:
and- simultaneous execution of search conditions;or– alternative fulfillment of search conditions (for example, search by different attributes);eq– checking the equality condition;limit– a limit on the number of records to be returned.
expand(optional parameter):true: include group attributes in the received response;false: return only the IDs of the found groups.
JSON, containing a list of groups that meet the specified search conditions, indicating their identifier (id), as well as the values of the other attributes of the groups (in the case of expand=true).
Example
GET /blitz/api/v2/grps?profile=orgs&expand=true&rql=or(eq(OGRN,string:1230123456789),eq(INN,string:7743151614)) HTTP/1.1
Authorization: Bearer cNwIXatB0wk5ZHO0xG5kxuuLubesWcb_yPPqLOFWDuwzMDc0Nz
Cache-Control: no-cache
[
{
"instanceId": "Mzg5L…nU",
"id": "14339e8e-a665-4556-92f1-5c348eff6696",
"OGRN": "1234567890329",
"INN": "7743151614",
"name": "ООО Тестовая компания",
"profile": "orgs"
}
]
Creating a group#
POST https://login.company.com/blitz/api/v2/grps
Creating a user group.
profileis the name of the user groups profile;idis the unique identifier of the group;the rest of the group’s attributes and their values.
Example
POST /blitz/api/v2/grps HTTP/1.1
Authorization: Bearer cNwIXatB0wk5ZHO0xG5kxuuLubesWcb_yPPqLOFWDuwzMDc0Nz
Content-Type: application/json
{
"id":"95339e8e-a665-4556-92f1-5c348eff6696",
"OGRN":"9876543210321",
"INN":"5012345678",
"name":"ООО Тестовая компания 2",
"profile":"orgs"
}
{
"instanceId": "b3Jnc…dQ",
"name": "ООО Тестовая компания 2",
"OGRN": "9876543210321",
"id": "95339e8e-a665-4556-92f1-5c348eff6696",
"profile": "orgs",
"INN": "5012345678"
}
Changing group attributes#
POST https://login.company.com/blitz/api/v2/grps/{id}?profile=orgs
Changing group attributes.
New set of attributes:
profile– the name of the group profile (must be passed both as part of the URL and in the request body);id– group identifier;the rest of the group’s attributes and their values.
Example
POST /blitz/api/v2/grps/5f7b0580-cd2e-4146-8fc5-6eb5a95c7b42?profile=orgs HTTP/1.1
Authorization: Bearer cNwIXatB0wk5ZHO0xG5kxuuLubesWcb_yPPqLOFWDuwzMDc0Nz
Content-Type: application/json
{
"id": "5f7b0580-cd2e-4146-8fc5-6eb5a95c7b42",
"OGRN": "1147746651733",
"INN": "7715434658",
"name": "Новое название",
"profile": "orgs"
}
{
"instanceId": "Mzg5L…nU",
"id": "5f7b0580-cd2e-4146-8fc5-6eb5a95c7b42",
"OGRN": "1147746651733",
"INN": "7715434658",
"name": "Новое название",
"profile": "orgs"
}
{
"errors": [
{
"code": "group_not_found",
"desc": "Group with '95339e8e-…97' id not found in '389-ds' LDAP group store",
"params": {}
}
]
}
Deleting a group#
DELETE https://login.company.com/blitz/api/v2/grps/{id}?profile=orgs
Deleting a group.
Example
DELETE /blitz/api/v2/grps/5f7b0580-cd2e-4146-8fc5-6eb5a95c7b42?profile=orgs HTTP/1.1
Authorization: Bearer cNwIXatB0wk5ZHO0xG5kxuuLubesWcb_yPPqLOFWDuwzMDc0Nz
Getting a list of users in a group#
GET https://login.company.com/blitz/api/v2/grps/{id}/members
Getting a list of users from a group.
profileis the name of the user groups profile;expand(optional parameter):true: include the user’s full name in the received response;false: return only user IDs.
Example
GET /blitz/api/v2/grps/14339e8e-a665-4556-92f1-5c348eff6696/members?profile=orgs&expand=false HTTP/1.1
Authorization: Bearer cNwIXatB0wk5ZHO0xG5kxuuLubesWcb_yPPqLOFWDuwzMDc0Nz
Cache-Control: no-cache
GET /blitz/api/v2/grps/14339e8e-a665-4556-92f1-5c348eff6696/members?profile=orgs&expand=true HTTP/1.1
Authorization: Bearer cNwIXatB0wk5ZHO0xG5kxuuLubesWcb_yPPqLOFWDuwzMDc0Nz
Cache-Control: no-cache
[
{
"instanceId": "Mzg5L…J1",
"subjectId": "d434b7d4-9816-460a-83aa-0a994226cbe7"
},
{
"instanceId": "Mzg5L…J1",
"subjectId": "2cafa5f4-bc84-4f6f-91aa-080da47975f0"
}
]
[
{
"instanceId": "Mzg5L…J1",
"family_name": "Иванов",
"middle_name": "Иванович",
"given_name": "Иван",
"subjectId": "d434b7d4-9816-460a-83aa-0a994226cbe7"
},
{
"instanceId": "Mzg5L…J1",
"family_name": "Сергеев",
"middle_name": "Сергеевич",
"given_name": "Сергей",
"subjectId": "2cafa5f4-bc84-4f6f-91aa-080da47975f0"
}
]
Adding users#
POST https://.../blitz/api/v2/grps/{id}/members/add?profile=orgs
Adding users to a group.
A list of users to be added to the group with their IDs (sub) in the subjectId attribute.
POST /blitz/api/v2/grps/5f7b0580-cd2e-4146-8fc5-6eb5a95c7b42/members/add?profile=orgs HTTP/1.1
Authorization: Bearer cNwIXatB0wk5ZHO0xG5kxuuLubesWcb_yPPqLOFWDuwzMDc0Nz
Content-Type: application/json
[
{
"subjectId": "45ff69f2-6c40-418f-a21d-cbe6f07b88c9"
},
{
"subjectId": "cc8c4589-b2f8-40b8-b351-36d643808943"
}
]
[
{
"instanceId": "Mzg5L…J1",
"storeId": "tam",
"subjectId": "45ff69f2-6c40-418f-a21d-cbe6f07b88c9"
},
{
"instanceId": "Nzg5L…J1",
"storeId": "tam",
"subjectId": "cc8c4589-b2f8-40b8-b351-36d643808943"
}
]
{
"errors": [
{
"code": "user_not_found",
"desc": "User with subjectId 'd2580c98-e584-4aad-a591-97a8cf45cd2q' not found",
"params": {}
}
]
}
{
"errors": [
{
"code": "some_members_already_in_group",
"desc": "Some of adding members are already included in group",
"params": {}
}
]
}
Removing users#
POST https://../blitz/api/v2/grps/{id}/members/rm?profile=orgs
Removing users from the group.
A list of trusted persons excluded from the organization, indicating their identifiers (sub) in the subjectId attribute.
POST /blitz/api/v2/grps/5f7b0580-cd2e-4146-8fc5-6eb5a95c7b42/members/rm?profile=orgs HTTP/1.1
Authorization: Bearer cNwIXatB0wk5ZHO0xG5kxuuLubesWcb_yPPqLOFWDuwzMDc0Nz
Content-Type: application/json
[
{
"subjectId": "d2580c98-e584-4aad-a591-97a8cf45cd2a"
}
]
[
{
"instanceId": "Mzg5L…J1",
"storeId": "389-ds",
"subjectId": "d2580c98-e584-4aad-a591-97a8cf45cd2a"
}
]
{
"errors": [
{
"code": "some_members_not_in_group",
"desc": "Some of removing members are not included in group",
"params": {}
}
]
}
{
"errors": [
{
"code": "user_not_found",
"desc": "User with subjectId 'd2580c98-e584-4aad-a591-97a8cf45cd2b' not found",
"params": {}
}
]
}