External providers#

List of external providers#

Method

GET /api/v3/users/{subjectId}/fa

Getting a list of account links of external identity providers to a user account.

Required permissions: blitz_api_ufa or blitz_api_sys_ufa.

Returns

Binding type and name (fpType and fpName) and the binding identifier (sid).

Example

GET /blitz/api/v3/users/d2580c98‑e584‑4aad‑a591‑97a8cf45cd2a/fa HTTP/1.1
Authorization: Bearer m9tuVBNUnizkuwFnq95IXQm1XTplXLUFD1O5TUmGij4
Cache-Control: no-cache

[
    {
        "sid": "1000347601",
        "fpType": "esia",
        "fpName": "esia_1"
    },
    {
        "sid": "1234",
        "fpType": "tcs",
        "fpName": "tcs_1"
    }
]

Linking a provider by ID#

Method

POST /api/v3/users/{subjectId}/fa/{fpType}/{fpName}/{sid}

Linking the account of an external identity provider to a user account, if logging in through an external identity provider was previously performed by other means and the identifier (sid) of the account in the external identity provider is known.

Required permissions: blitz_api_ufa_chg or blitz_api_sys_ufa_chg.

URL parameters

The user’s guid (subjectId), the type of external provider (fpType), the name of the external provider (fpName) and the account ID in the external provider (sid).

Request body

JSON:

  • federatedAccountName: name of the external account to be bound (optional). If the parameter is not passed, the previous name is used.

Returns

If the call is successful, 204 No Content.

Example

Request#
POST /blitz/api/v3/users/d2580c98‑e584‑4aad‑a591‑97a8cf45cd2a/fa/tcs/tcs_1/1234 HTTP/1.1
Authorization: Bearer m9tuVBNUnizkuwFnq95IXQm1XTplXLUFD1O5TUmGij4

{
    "federatedAccountName": "Elle Woods"
}

Linking a provider#

Linking to an external provider account with an unknown account ID in the external provider is carried out in two stages:

  • Request for linking instructions.

  • Linking by the user in the browser.

Method

POST /api/v2/users/current/fa/bind

Request for linking instructions.

Request body

  • fp is the identifier of the provider whose profile should be linked to;

  • callback is the address to which the user should be returned after successfully linking the social network account;

  • isPopup – whether the identity provider’s page needs to be opened in the popup window (optional).

Returns

The redirectTo parameter with a link to which the user must be directed in the browser to complete the second stage and create a linking of the user account to an external identity provider.

Example

POST /blitz/api/v2/users/current/fa/bind HTTP/1.1
Authorization: Basic ZG5ldm5pay10ZXN0Lm1vcy5ydTphUU56S0JuY2VBQVQwelg
Content-Type: application/json

{
    "fp": "vk:vk_1",
    "callback": "https://app.company.com/callback"
}

200 OK
{
"redirectTo": "https://login.company.com/blitz/api/v2/users/current/fa/bind/auth/fc111c86-5193-42a2-862a-d819a4f45a86"
}

Deleting a provider linking#

Method

DELETE /api/v2/users/{subjectId}/fa/{fpType}/{fpName}/{sid}

Deleting the linking of the external provider to the user.

URL parameters

guid of the user (subjectId), type of external provider (fpType), name of the external provider (fpName) and the account ID in the external provider (sid).

Example

Header#
DELETE /blitz/api/v3/users/d2580c98‑e584‑4aad‑a591‑97a8cf45cd2a/fa/tcs/tcs_1/1234 HTTP/1.1
Authorization: Bearer m9tuVBNUnizkuwFnq95IXQm1XTplXLUFD1O5TUmGij4

Obtaining a user access token#

Method

GET /api/v3/users/${subjectId}/fedToken/${fedPointType}/${fedPointName}

Obtaining a valid user access token in an external identity provider with type ${fedPointType} and name ${fedPointName}. An access token is considered valid if its lifetime is greater than the minimum allowed lifetime (30 seconds by default). If an access token is invalid, but it was saved along with an update token, an attempt is made to update the access token. If the attempt is successful, this method produces a new access token.

Important

Obtaining a token is only possible for those providers that have the Remember tokens setting enabled.

Required permissions: fed_tkn_any or fed_tkn_${fedPointType}_${fedPointName}.

Note

In order for an application to request an access token, these permissions must be specified for it as well.

Returns

  • HTTP 404: access token not found.

  • HTTP 200 and JSON that contains user access token data in the case of success. For each token, the key sid, the token value token and the validity period expiresOn in Unix-time format are transmitted.

  • HTTP 401: no permission or wrong provider.

Example

GET /blitz/api/v3/users/d2580c98‑e584‑4aad‑a591‑97a8cf45cd2a/fedToken/tcs/tcs_1 HTTP/1.1
Authorization: Bearer m9tuVBNUnizkuwFnq95IXQm1XTplXLUFD1O5TUmGij4
Content-Type: application/json
Success#
{
    "da0c69c5-aef8-41e4-a37f-89c6d30abdfa": {
        "expiresOn": 1711125311,
        "token": "t.eFgoMik6regKsLjxfds1V0PlNEv_smx-W_x"
    },
    "00000000-1111-41e4-a37f-89c6d30abdfa": {
        "expiresOn": 1711125344,
        "token": "t.ddddddddddLjxfds1V0PlNEv_smx-W_x"
    }
}
No required permission#
{
    "type":"security_error",
    "error":"bad_access_token",
    "desc":"No enough scopes or wrong subject Id"
}