Getting Started
The Administration API lets you manage your IDaaS account programmatically without signing in to the Administrator Portal. Use this guide to create an Administration API application, initialize a client, and make your first request.
Start here
Start with the resource that matches your task:
- Use the Administration API reference when you need endpoint details, request and response schemas, or interactive testing. Before sending test requests from the API Explorer, enter your IDaaS tenant URL and add this site's origin to your IDaaS CORS origins.
- Use Client setup when you want to install a generated client for your preferred programming language.
Download the OpenAPI file
Download the raw OpenAPI JSON file when you want to import the schema into Postman, generate a client, or validate requests locally.
Administration API OpenAPI file
Download the OpenAPI JSON file, or open it in a new tab for inspection.
Prerequisites
Before you run the examples in this guide, make sure you have:
- An Administration API application in IDaaS with a role that has the permissions your integration needs.
- The application ID, shared secret, and IDaaS hostname from the application credentials.
Create an Administration API application in IDaaS
Follow these steps to create an Administration API application:
- Go to your IDaaS Admin portal and navigate to
Security > Applications. - Click
+, and then select Administration API from the list of available applications. - In the General tab, enter the name and description of your application, and assign the role that has the permissions your application needs.
- Click Save.
- In the Application Credentials dialog, click COPY TO CLIPBOARD to copy the
applicationIdandsharedSecretcredentials to your clipboard, or click DOWNLOAD to download the credentials as a JSON file. You need these credentials to initialize the Administration API client. Example:
{
"applicationId": "b0bd854d-a415-4de8-a511-66da772dd116",
"hostname": "entrust.us.trustedauth.com",
"sharedSecret": "HUsenKfwSnZ9rQENr8vXOwMVw4U9WpjM2NAqXTg0rUc"
}
Hostname format
The hostname is the hostname of your IDaaS account and the schema is https. For example, if your IDaaS account is
entrust.us.trustedauth.com, then the hostname is https://entrust.us.trustedauth.com.
Initialize the Administration API client
To call the API, initialize the Administration API client using the applicationId and sharedSecret you copied when you created the application.
- Java
- CSharp
- Python
import com.entrustdatacard.intellitrust.admin.ApiClient;
import com.entrustdatacard.intellitrust.admin.api.*;
import com.entrustdatacard.intellitrust.admin.model.*;
public class Main {
private static final String SHARED_SECRET = "YOUR_SHARED_SECRET";
private static final String HOST_NAME = "YOUR_HOST_NAME";
private static final String APPLICATION_ID = "YOUR_APPLICATION_ID";
public static void main(String[] args) throws Exception {
ApiClient apiClient = new ApiClient();
apiClient.setBasePath(HOST_NAME);
AdminAuthApi adminAuthApi = new AdminAuthApi(apiClient);
AdminApiAuthentication authParams = new AdminApiAuthentication()
.applicationId(APPLICATION_ID)
.sharedSecret(SHARED_SECRET);
AdminApiAuthenticationResult authResult = adminAuthApi.authenticateAdminApiUsingPOST(authParams);
apiClient.setApiKey(authResult.getAuthToken());
}
}
using com.entrustdatacard.intellitrust.admin.api;
using com.entrustdatacard.intellitrust.admin.Client;
using com.entrustdatacard.intellitrust.admin.model;
namespace Samples
{
internal class AdminApiSample
{
private static readonly string SHARED_SECRET = "YOUR_SHARED_SECRET";
private static readonly string HOST_NAME = "YOUR_HOST_NAME";
private static readonly string APPLICATION_ID = "YOUR_APPLICATION_ID";
public static void Main()
{
Configuration configuration = new Configuration();
configuration.BasePath = HOST_NAME;
AdminAuthApi adminAuthApi = new AdminAuthApi(configuration);
var authParams = new AdminApiAuthentication(APPLICATION_ID, false, SHARED_SECRET);
var authResult = adminAuthApi.AuthenticateAdminApiUsingPOST(authParams);
configuration.AddApiKey("Authorization", authResult.AuthToken);
}
}
from IntelliTrust_Python_Administration import ApiClient, Configuration
import IntelliTrust_Python_Administration.api as apis
import IntelliTrust_Python_Administration.models as models
conf = Configuration(
host = "YOUR_HOST_NAME",
)
with ApiClient(conf) as api_client:
auth_api = apis.AdminAuthApi(api_client)
auth_parms = models.AdminApiAuthentication(
application_id = "YOUR_APPLICATION_ID",
shared_secret = "YOUR_SHARED_SECRET",
)
auth_result = auth_api.authenticate_admin_api_using_post(auth_parms)
api_client.set_default_header("Authorization", auth_result.auth_token)
Try API requests
After you initialize the client, you can make calls to the Administration API. The following example fetches a page of users and prints the userId, firstName, lastName, and email of each user.
- Java
- CSharp
- Python
UsersApi usersApi = new UsersApi(apiClient);
System.out.println("userId,firstName,lastName,email");
SearchParms searchParms = new SearchParms();
UsersPage usersPage = usersApi.usersPagedUsingPOST(searchParms);
while (true) {
if (usersPage.getResults() != null) {
for (User user : usersPage.getResults()) {
System.out.println(user.getId() + "," + user.getFirstName() + "," + user.getLastName() + "," + user.getEmail());
}
}
if (usersPage.getPaging() != null && usersPage.getPaging().getNextCursor() == null) {
break;
}
searchParms.setCursor(usersPage.getPaging().getNextCursor());
usersPage = usersApi.usersPagedUsingPOST(searchParms);
}
var usersApi = new UsersApi(configuration);
Console.WriteLine("userId,firstName,lastName,email");
var searchParms = new SearchParms();
var usersPaged = usersApi.UsersPagedUsingPOST(searchParms);
while (true)
{
if (usersPaged.Results != null)
{
foreach (var user in usersPaged.Results)
{
Console.WriteLine("{0},{1},{2},{3}", user.UserId, user.FirstName, user.LastName, user.Email);
}
}
if (usersPaged.Paging == null || usersPaged.Paging != null && usersPaged.Paging.NextCursor == null)
{
break;
}
searchParms.Cursor = usersPaged?.Paging?.NextCursor;
usersPaged = usersApi.UsersPagedUsingPOST(searchParms);
}
users_api = apis.UsersApi(api_client)
print("userId,firstName,lastName,email")
order_by_attribute = models.OrderByAttribute(
ascending = True,
name = "userId",
)
search_parms = models.SearchParms()
users_page = users_api.users_paged_using_post(search_parms=search_parms)
while True:
for user in users_page.results:
print("{},{},{},{}".format(
user.get("userId"),
user.get("firstName"),
user.get("lastName"),
user.get("email"),
))
if users_page['paging']['nextCursor'] == None:
break
search_parms['cursor'] = users_page['paging']['nextCursor']
users_page = users_api.users_paged_using_post(search_parms)
Full example snippet
- Java
- CSharp
- Python
package com.entrust.idaas.userValidate;
import com.entrustdatacard.intellitrust.admin.ApiClient;
import com.entrustdatacard.intellitrust.admin.api.AdminAuthApi;
import com.entrustdatacard.intellitrust.admin.api.UsersApi;
import com.entrustdatacard.intellitrust.admin.model.*;
public class UserValidate {
private static final String SHARED_SECRET = "YOUR_SHARED_SECRET";
private static final String HOST_NAME = "YOUR_HOST_NAME";
private static final String APPLICATION_ID = "YOUR_APPLICATION_ID";
public static void main(String[] args) throws Exception {
ApiClient apiClient = new ApiClient();
apiClient.setBasePath(HOST_NAME);
AdminAuthApi adminAuthApi = new AdminAuthApi(apiClient);
AdminApiAuthentication authParams = new AdminApiAuthentication()
.applicationId(APPLICATION_ID)
.sharedSecret(SHARED_SECRET);
AdminApiAuthenticationResult authResult = adminAuthApi.authenticateAdminApiUsingPOST(authParams);
apiClient.setApiKey(authResult.getAuthToken());
UsersApi usersApi = new UsersApi(apiClient);
System.out.println("userId,firstName,lastName,email");
SearchParms searchParms = new SearchParms();
UsersPage usersPage = usersApi.usersPagedUsingPOST(searchParms);
while (true) {
if (usersPage.getResults() != null) {
for (User user : usersPage.getResults()) {
System.out.println(user.getId() + "," + user.getFirstName() + "," + user.getLastName() + "," + user.getEmail());
}
}
if (usersPage.getPaging() != null && usersPage.getPaging().getNextCursor() == null) {
break;
}
searchParms.setCursor(usersPage.getPaging().getNextCursor());
usersPage = usersApi.usersPagedUsingPOST(searchParms);
}
}
}
using com.entrustdatacard.intellitrust.admin.api;
using com.entrustdatacard.intellitrust.admin.Client;
using com.entrustdatacard.intellitrust.admin.model;
namespace Samples
{
internal class AdminApiSample
{
private static readonly string SHARED_SECRET = "YOUR_SHARED_SECRET";
private static readonly string HOST_NAME = "YOUR_HOST_NAME";
private static readonly string APPLICATION_ID = "YOUR_APPLICATION_ID";
public static void Main()
{
Configuration configuration = new Configuration();
configuration.BasePath = HOST_NAME;
AdminAuthApi adminAuthApi = new AdminAuthApi(configuration);
var authParams = new AdminApiAuthentication(APPLICATION_ID, false, SHARED_SECRET);
var authResult = adminAuthApi.AuthenticateAdminApiUsingPOST(authParams);
configuration.AddApiKey("Authorization", authResult.AuthToken);
var usersApi = new UsersApi(configuration);
Console.WriteLine("userId,firstName,lastName,email");
var searchParms = new SearchParms();
var usersPaged = usersApi.UsersPagedUsingPOST(searchParms);
while (true)
{
if (usersPaged.Results != null)
{
foreach (var user in usersPaged.Results)
{
Console.WriteLine("{0},{1},{2},{3}", user.UserId, user.FirstName, user.LastName, user.Email);
}
}
if (usersPaged.Paging == null || usersPaged.Paging != null && usersPaged.Paging.NextCursor == null)
{
break;
}
searchParms.Cursor = usersPaged?.Paging?.NextCursor;
usersPaged = usersApi.UsersPagedUsingPOST(searchParms);
}
}
}
}
from IntelliTrust_Python_Administration import ApiClient, Configuration
import IntelliTrust_Python_Administration.api as apis
import IntelliTrust_Python_Administration.models as models
conf = Configuration(
host = "YOUR_HOST_NAME",
)
with ApiClient(conf) as api_client:
auth_api = apis.AdminAuthApi(api_client)
auth_parms = models.AdminApiAuthentication(
application_id = "YOUR_APPLICATION_ID",
shared_secret = "YOUR_SHARED_SECRET",
)
auth_result = auth_api.authenticate_admin_api_using_post(auth_parms)
api_client.set_default_header("Authorization", auth_result.auth_token)
users_api = apis.UsersApi(api_client)
print("userId,firstName,lastName,email")
order_by_attribute = models.OrderByAttribute(
ascending = True,
name = "userId",
)
search_parms = models.SearchParms()
users_page = users_api.users_paged_using_post(search_parms=search_parms)
while True:
for user in users_page.results:
print("{},{},{},{}".format(
user.get("userId"),
user.get("firstName"),
user.get("lastName"),
user.get("email"),
))
if users_page['paging']['nextCursor'] == None:
break
search_parms['cursor'] = users_page['paging']['nextCursor']
users_page = users_api.users_paged_using_post(search_parms)
Protect the shared secret
The code samples above are provided for reference only. They are not intended to be used in production.
It is dangerous to store the shared secret as plain text in your code. You should use a secure storage tool to store the shared secret and retrieve it at runtime. In case of a security breach, you should regenerate the shared secret in your IDaaS Admin portal and update your application.
More guides
- For token handling, expiration, session cookies, and support details, see Authentication and authorization.
- For an overview of each Administration API family, see Administration API categories.
- For raw HTTP examples, see REST examples.
- For SDK-based examples, see Manage User, Manage Token, and Configure Settings.