Skip to main content

Getting Started

The OpenAPI reference documentation for the Administration API can be found here. You can also use prebuilt clients to interact with the Administration API in your preferred programming language.

The Administration API lets you manage your Entrust Identity as a Service account programmatically without signing in to the Administrator portal.

Download the OpenAPI definition

Use the raw OpenAPI JSON file with API tooling such as Postman, client generators, or local validation.

Administration API

Import the spec into Postman, generate a client, or inspect the raw schema locally.

Download JSONOpen raw file

Prerequisites

Confirm the following before executing the Administration API calls included in this guide:

  • An Admin API application has been created on your Entrust Identity as a Service account. The application must be configured with a role that has the permissions needed by your application. Entrust Identity as a Service lets you download a JSON file once the application is created.
  • The Application ID and Shared Secret parameter values are available. They must be entered into the body of the Admin API request. The required values are displayed after creating the Administration API application on Entrust Identity as a Service. After creation, you can either copy these values to your clipboard or download them as a JSON file.
  • The Admin API application configuration data has been downloaded and is available for use.

Developer guides

Use these guides based on how you plan to integrate:

Create an Administration API Application in IDaaS

Follow these steps to create an Administration API application:

  1. Go to your IDaaS Admin portal and navigate to Security > Applications.
  2. Click + and then select Administration API from the list of available applications.
  3. In the General tab, enter the name and the description of your application and give your application the role that has the permissions needed by your application. And click Save.
  4. In the Application Credentials dialog, click COPY TO CHIPBOARD to copy the applicationId and sharedSecret credentials to your clipboard, or click DOWNLOAD to download the credentials as a JSON file. You need these credentials to initialize the Administration API client. Example:
{
  "applicationId": "b0bd854d-a415-4de8-a511-66da772dd116",
  "hostname": "entrust.us.trustedauth.com",
  "sharedSecret": "HUsenKfwSnZ9rQENr8vXOwMVw4U9WpjM2NAqXTg0rUc"
}
Hostname format

The hostname is the hostname of your IDaaS account and the schema is https. For example, if your IDaaS account is entrust.us.trustedauth.com, then the hostname is https://entrust.us.trustedauth.com.

Initialize the Administration API Client

In order the make the calls to the API, you need to initialize the Administration API client using the applicationId and sharedSecret you copied in step 7 above.

import com.entrustdatacard.intellitrust.admin.ApiClient;
import com.entrustdatacard.intellitrust.admin.api.*;
import com.entrustdatacard.intellitrust.admin.model.*;

public class Main {
    private static final String SHARED_SECRET = "YOUR_SHARED_SECRET";
    private static final String HOST_NAME = "YOUR_HOST_NAME";
    private static final String APPLICATION_ID = "YOUR_APPLICATION_ID";

    public static void main(String[] args) throws Exception {
        ApiClient apiClient = new ApiClient();
        apiClient.setBasePath(HOST_NAME);

        AdminAuthApi adminAuthApi = new AdminAuthApi(apiClient);

        AdminApiAuthentication authParams = new AdminApiAuthentication()
                .applicationId(APPLICATION_ID)
                .sharedSecret(SHARED_SECRET);
        AdminApiAuthenticationResult authResult = adminAuthApi.authenticateAdminApiUsingPOST(authParams);


        apiClient.setApiKey(authResult.getAuthToken());
    }
}

Try some API Requests

After initializing the client, you can make calls to the Administration API. The following example fetches the list of paged users and prints the userId, firstName, lastName, and email of each user.

UsersApi usersApi = new UsersApi(apiClient);
System.out.println("userId,firstName,lastName,email");
SearchParms searchParms = new SearchParms();
UsersPage usersPage = usersApi.usersPagedUsingPOST(searchParms);
while (true) {
    if (usersPage.getResults() != null) {
        for (User user : usersPage.getResults()) {
            System.out.println(user.getId() + "," + user.getFirstName() + "," + user.getLastName() + "," + user.getEmail());
        }
    }
    if (usersPage.getPaging() != null && usersPage.getPaging().getNextCursor() == null) {
        break;
    }
    searchParms.setCursor(usersPage.getPaging().getNextCursor());
    usersPage = usersApi.usersPagedUsingPOST(searchParms);
}

Full Example Snippet

package com.entrust.idaas.userValidate;

import com.entrustdatacard.intellitrust.admin.ApiClient;
import com.entrustdatacard.intellitrust.admin.api.AdminAuthApi;
import com.entrustdatacard.intellitrust.admin.api.UsersApi;
import com.entrustdatacard.intellitrust.admin.model.*;

public class UserValidate {
    private static final String SHARED_SECRET = "YOUR_SHARED_SECRET";
    private static final String HOST_NAME = "YOUR_HOST_NAME";
    private static final String APPLICATION_ID = "YOUR_APPLICATION_ID";

    public static void main(String[] args) throws Exception {
        ApiClient apiClient = new ApiClient();
        apiClient.setBasePath(HOST_NAME);

        AdminAuthApi adminAuthApi = new AdminAuthApi(apiClient);

        AdminApiAuthentication authParams = new AdminApiAuthentication()
                .applicationId(APPLICATION_ID)
                .sharedSecret(SHARED_SECRET);
        AdminApiAuthenticationResult authResult = adminAuthApi.authenticateAdminApiUsingPOST(authParams);


        apiClient.setApiKey(authResult.getAuthToken());

        UsersApi usersApi = new UsersApi(apiClient);
        System.out.println("userId,firstName,lastName,email");
        SearchParms searchParms = new SearchParms();
        UsersPage usersPage = usersApi.usersPagedUsingPOST(searchParms);
        while (true) {
            if (usersPage.getResults() != null) {
                for (User user : usersPage.getResults()) {
                    System.out.println(user.getId() + "," + user.getFirstName() + "," + user.getLastName() + "," + user.getEmail());
                }
            }
            if (usersPage.getPaging() != null && usersPage.getPaging().getNextCursor() == null) {
                break;
            }
            searchParms.setCursor(usersPage.getPaging().getNextCursor());
            usersPage = usersApi.usersPagedUsingPOST(searchParms);
        }
    }
}
Protect the shared secret

The code samples above are provided for reference only. They are not intended to be used in production.

It is dangerous to store the shared secret as plain text in your code. You should use a secure storage tool to store the shared secret and retrieve it at runtime. In case of a security breach, you should regenerate the shared secret in your IDaaS Admin portal and update your application.