{"swagger":"2.0","info":{"title":"Rainbow authentication portal","version":"1.104.0","description":"# Rainbow authentication portal API guide\n\n## Preamble\n\n[Download Postman collection][0]\n\n### Introduction\n\nThis guide describes list of API services that are provided by OT Rainbow authentication portal system. Services are used to manage OT Rainbow authentication.\n\n### Protocol\n\nREST interface is used for sending/receiving OT rainbow API messages.  \nHTTP request GET is used. Standard HTTP responses are used to provide requested information or error status. There is no session notion in OT Rainbow system, so requests could be issued according stateless model, without transport conservation between them.  \nJSON is used as a main format for data encoding in message body part. Each request is started with the following pattern /{module}/{version}/ where {module} is a portal module name to address and {version} is a version of used API, par example, “v1.0”.\n\n### Security considerations\n\nEach request should contain some credential information to authenticate itself. Standard HTTP authentication with basic/bearer modes is used. JSON Web Token mechanism is used to provide authentication information. JWT has a expire timeout that is controlled by OT Rainbow portal to prevent very long token usage. Also authentication with application token is used. The token must be provided in the request HTTP header, using a custom header: APIKey. At server side, token is verified, and if it doesn’t match, 403 Not Allowed response is sent. TLS is used as a transport protocol to support message exchanges between OT Rainbow portal and an application.\n\n\n\n[0]: AuthenticationPortalServer_postman.json","x-logo":{"url":"https://hub.openrainbow.com/img/logohub.svg","backgroundColor":"#ff4900"}},"securityDefinitions":{"Bearer":{"name":"Authorization","in":"header","type":"apiKey","description":"For accessing the API a valid JWT token or a valid OAuth\naccess token must be passed in all the queries in the 'Authorization' header.\n<ul>\n<li> JWT\n<ul>\n<li>  A valid JWT token is generated by the API and returned as answer of a call\nto the route GET /api/rainbow/authentication/v1.0/login giving a valid user & password.</li>\n<li> The following syntax must be used in the 'Authorization' header:\n<br/>      Bearer xxxxxx.yyyyyyy.zzzzzz </li>\n</ul>\n<li> OAuth access token\n<ul>\n<li>  A valid OAuth access token is generated and returned as answer of the OAuth 2.0 workflow with authorization code\ngrant. This is done by calling the route GET /api/rainbow/authentication/v1.0/oauth/authorize to get an authorization code\nand then POST /api/rainbow/authentication/v1.0/oauth/token to exchange it agains an access token and a refresh token.</li>\n<li> The following syntax must be used in the 'Authorization' header:\n<br/>      Bearer xxxxxx.yyyyyyy.zzzzzz </li>\n</li>"},"Basic":{"type":"basic","description":"Basic <base64encode(userLogin:userPassword)>"}},"x-permissions":{"public":{"name":"public","title":"Public","description":"⚠️ This Rainbow API is accessible and documented publicly for external developers.\n"},"user":{"name":"user","title":"User","description":"Standard Rainbow users\n"},"superadmin":{"name":"superadmin","title":"ALE Admin","description":"ALE Admin has high privileges on Rainbow API\n"}},"paths":{"/api/rainbow/authentication/v1.0/validator":{"get":{"tags":["Authentication"],"summary":"Validate user JWT","description":"This API allows to get a validation status on a token.","operationId":"GetApiRainbowAuthenticationV10Validator","consumes":["application/json"],"produces":["application/json"],"parameters":[{"name":"accept","in":"header","required":true,"type":"string","description":"application/json"}],"security":[{"Bearer":[]}],"x-permissions":[{"name":"public"}],"responses":{"200":{"description":"successful operation","schema":{"$ref":"#/definitions/GetApiRainbowAuthenticationV10ValidatorSuccess"},"examples":{"application/json":{"status":"OK"}}},"400":{"description":"Bad request"},"401":{"description":"Unauthorized","examples":{"application/json":{"errorCode":401,"errorMsg":"Unauthorized","errorDetails":{"errorMsg":"User user1@company.com has expired (timeToLive)","timeToLive":3600,"creationDate":"2017-09-05T13:12:51.302Z","expirationDate":"2017-09-05T14:12:51.302Z","currentDate":"2017-09-05T14:48:23.694Z"},"errorDetailsCode":401523}}},"500":{"description":"Server error","examples":{"application/json":{"errorCode":500,"errorMsg":"Internal Server Error","errorDetails":""}}}}}},"/api/rainbow/authentication/v1.0/login":{"get":{"tags":["Authentication"],"summary":"Login user","description":"This API allows Rainbow users to login.\n<br/>\n<br/> Application is also authenticated during the user login.\n<br/>\n<br/> If login is successful, the API returns a <b>JSON Web Token</b> (<abbr title=\"JSON Web Token\">JWT</abbr>) which has to be provided by clients for all Rainbow APIs requiring user authentication:\n<ul>\n    <li>The JWT is valid only for a given time period.</li>\n    <li>The JWT can be renewed a few times using API <a href=\"#api-authentication-GetRenew\">GET /api/rainbow/authentication/v1.0/renew</a>.</li>\n    <li>The maximum number of renew is given in the JWT payload, as well as the current number of time the token has been renewed (see below).</li>\n    <li>Once the JWT expired, or if the maximum of token renew has been reached, user must login again using this API.</li>\n</ul>\nThe JWT returned contains the following data in payload:\n<pre><code class=\"language-json\">{\n      \"countRenewed\": 0,  // Number of times the token has been renewed\n      \"maxTokenRenew\": 5,  // Number of times the token can be renewed\n      \"user\": {\n          \"id\": \"572756967bfbca0d0e09a6b4\",  // Logged in user id\n          \"loginEmail\": \"user@company.com\"  // Logged in user loginEmail\n      },\n      \"app\": {\n          \"id\": \"598983029db9b5b14693a6f0\",  // Application id used for the authentication\n          \"name\": \"My App\"  // Application name\n      },\n      \"iat\": 1463588327,  // (Issued At) Time at which the JWT was issued\n      \"exp\": 2183588327  // (Expiration Time) Expiration time after which the JWT won't be accepted\n}</code></pre>\n<br/>\n<br/> If login / password combination is wrong, an error 401 is return.\n<br/> If appId / appSecret combination is wrong, an error 401 is return.\n<br/>The following login protection is implemented:\n<ul>\n    <li>After a given number of login failure (5 by default), the user account is <b>locked</b> for a given time period (60 min by default).</li>\n    <li>As long as the maximum number of login failure has not been reached, a 401 error with errorDetailsCode <code>401500</code> is returned.</li>\n    <li>Once the maximum number of login attempts has been reached, a 401 error with errorDetailsCode <code>401501</code> is returned: the user account is locked for the given time period.</li>\n    <li>While the user account is locked, the same response with errorDetailsCode <code>401501</code> will be returned for each new login attempt for this user account\n    (even if a good login / password combination is provided). If the login / password combination is wrong, the locked time period restarts from this new wrong attempt.</li>\n    <li>Once the locked time period is over, a login with the good credentials will be allowed.</li>\n    <li>While the account is locked, the user can reset his password. In that case, his account will be unlocked and he will be able to login with his new password.</li>\n    <li>While the account is locked, a superadmin / support / admin (organisation or company level) user can set a new password for this account. In that case, this account will be unlocked\n    and the user will be able to login with this new password.</li>\n</ul>\n<dl>\n    <dt>Warning</dt>\n    <dd>login url is case sensitive (lowercase). For example, /Login or /LOGIN won't work.</dd>\n    <dd>login will be forbidden for a certain delay if too much consecutive wrong password errors occurs, after this user has to request a password change or just wait (see implementation details above).</dd>\n</dl>\n<br/>","operationId":"GetBasicLogin","consumes":["application/json"],"produces":["application/json"],"parameters":[{"name":"x-rainbow-app-auth","in":"header","required":true,"type":"string","description":"Basic <base64encode(appId:sha256(appSecretuserPassword))> (concatenation of appSecret and userPassword, hashed with sha256)"},{"name":"x-rainbow-client","in":"header","required":false,"type":"string","description":"the app used","enum":["web_win","desk_win","desk_osx","desk_s4b","android","ios","sdk_android","sdk_ios","sdk_node","sdk_web","sdk_net"]},{"name":"x-rainbow-client-version","in":"header","required":false,"type":"string","description":"1.10.7"},{"name":"accept","in":"header","required":true,"type":"string","description":"application/json"}],"security":[{"Basic":[]}],"x-permissions":[{"name":"public"}],"responses":{"200":{"description":"successful operation","schema":{"$ref":"#/definitions/GetBasicLoginSuccess"},"examples":{"application/json":{"token":"eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJ1c2VyIjp7ImlkIjoiNTZjNWMxOWY5NDE0MTc2NTExOWY4OTZjIiwibG9naW5FbWFpbCI6InVzZXIxQGNvbXBhbnkuY29tIn0sImlhdCI6MTQ1NjE1MTYzOCwiZXhwIjoxNDU2MTU4ODM4fQ.FlPLNcWY9pTr0QvMj3RpLZJxtqbbydNnWIEr-B2lc4Y6ea41bqJJ-e10Sk_S-1blnG71E7yT625qrkO-UCc0ywR6lWCylcAUkH7-fvjKQbET2mU-4yuNwTd-sNHGzGabgr4n5xtUSMaDunjDgF1kQDZ-dEFPF5NtbN1rdqZP9tzTXrpZ6rmrW2a1o13-hHl7sxN_FqHr_4u_8AhN4dMKUgG0qRjrc1GMJ88M8idH9zTsejU5YQyJqdYQS9T_fSoFzJtS0rmwNCJMdeF2tXj8YQeTjKAiPXoBwklm5xblHxWeCTz9tqfkw1XeNxSO0pOUmpwdpF8kbwDCCa2rgz1z3A","loggedInUser":{"id":"56c5c19f94141765119f896c","loginEmail":"user1@company.com","firstName":"Firstname","lastName":"Lastname","displayName":"Firstname Lastname","nickName":"Nickname","title":"Mr.","jobTitle":"Research and Development","emails":[{"email":"user1@company.com","type":"work"},{"email":"user1@home.com","type":"home"}],"phoneNumbers":[{"shortNumber":"1002","pbxId":"PBX712e-bd96-0c27-4350-a3ff-dc0c-83e7-c246","systemId":"57dc0644f44a97c9155cd462","country":"FRA","number":"0390676767","numberE164":"+33390676767","phoneNumberId":"58876dad81e063e01187dd24","isMonitored":true,"isFromSystem":true,"deviceType":"landline","type":"work"},{"number":"0390909090","country":"FRA","numberE164":"+33390909090","phoneNumberId":"577e2e9b86c953de7838d635","systemId":null,"isFromSystem":false,"deviceType":"landline","type":"home"},{"number":"0690909090","country":"FRA","numberE164":"+33690909090","phoneNumberId":"577e2e9b86c953de7838d636","systemId":null,"isFromSystem":false,"deviceType":"mobile","type":"home"}],"country":"FRA","language":"fr-FR","timezone":"Europe/Paris","jid_im":"2d2f1aaf5ce54a2dbae9d70490366562@openrainbow.com","jid_tel":"tel_2d2f1aaf5ce54a2dbae9d70490366562@openrainbow.com","jid_password":"3b3f6e2c927940b2875f1ec604c0363b","roles":["user","superadmin"],"adminType":"undefined","companyId":"569ce8c8f9336c471b98eda1","companyName":"My company","isInDefaultCompany":false,"organisationId":null,"siteId":null,"visibility":"same_than_company","isActive":true,"isInitialized":true,"initializationDate":"2016-01-18T13:30:44.498Z","activationDate":"2016-01-18T13:29:44.498Z","creationDate":"2016-01-18T12:45:44.498Z","lastUpdateDate":"2016-01-19T16:33:22.548Z","lastAvatarUpdateDate":"2016-01-19T11:29:11.567Z","createdBySelfRegister":true,"createdByAdmin":{"userId":"56d69d020c92b35b3041d433","loginEmail":"superadmin@localhost.fr"},"invitedBy":{"invitationId":"574ffe07170a86f3297bc35b","invitationDate":"2016-01-15T13:29:44.498Z","userId":"56d69d020c92b35b3041d533","loginEmail":"user0@company.com"},"firstLoginDate":"2016-01-18T13:29:44.498Z","lastLoginDate":"2016-02-23T09:17:42.523Z","loggedSince":"2016-02-23T09:17:42.523Z","isTerminated":false,"guestMode":false,"profiles":[{"isDefault":true,"status":"active","canBeSold":false,"businessModel":"none","businessSpecific":["NONE"],"isExclusive":false,"isPrepaid":false,"hasConference":false,"isBundle":false,"assignationDate":"2017-02-17T13:35:27.427Z","provisioningNeeded":[],"subscriptionId":"5808da2e35d795966e61f9ce","offerId":"58079ed2041fa586e92337cd","offerName":"Essential","profileId":"580777f56fbd22a442d4fb57","profileName":"Essential","offerReference":"RB-Essential","offerDescription":"Rainbow Essential offer","offerTechnicalDescription":"Essential"}]},"loggedInApplication":{"id":"08ad88a0028011e8bd1a8788ab975478","name":"My application","type":"web","activity":"J","ownerId":"573f189f774e0a428ee813a3","dateOfCreation":"2018-05-04T14:12:41.413Z","dateOfDeploymentRequest":"2018-06-18T07:22:16.530Z","dateOfDeployment":"2018-06-18T07:22:16.530Z","env":"deployed","state":"active","platform":"official"}}}},"401":{"description":"Unauthorized","examples":{"application/json":{"errorCode":401,"errorMsg":"Unauthorized","errorDetails":" Company of user user1@company.com is not active (companyId=56d6f05241255dd54b5b61b2, status=hold)","errorDetailsCode":401521}}},"500":{"description":"Server error","examples":{"application/json":{"errorCode":500,"errorMsg":"Internal Server Error","errorDetails":""}}}}}},"/api/rainbow/authentication/v1.0/logout":{"get":{"tags":["Authentication"],"summary":"Logout user","operationId":"GetLogout","consumes":["application/json"],"produces":["application/json"],"parameters":[{"name":"accept","in":"header","required":true,"type":"string","description":"application/json"}],"security":[{"Bearer":[]}],"x-permissions":[{"name":"public"}],"responses":{"200":{"description":"successful operation","schema":{"$ref":"#/definitions/GetLogoutSuccess"},"examples":{"application/json":{"status":"User user1@company.com successfully logged out","data":[]}}},"400":{"description":"Bad request"},"401":{"description":"Unauthorized","examples":{"application/json":{"errorCode":401,"errorMsg":"Unauthorized","errorDetails":{"errorMsg":"User user1@company.com has expired (timeToLive)","timeToLive":3600,"creationDate":"2017-09-05T13:12:51.302Z","expirationDate":"2017-09-05T14:12:51.302Z","currentDate":"2017-09-05T14:48:23.694Z"},"errorDetailsCode":401523}}},"500":{"description":"Server error","examples":{"application/json":{"errorCode":500,"errorMsg":"Internal Server Error","errorDetails":""}}}}}},"/api/rainbow/authentication/v1.0/renew":{"get":{"tags":["Authentication"],"summary":"Renew user JWT","description":"This API allows Rainbow users to renew their JSON Web Token (<abbr title=\"JSON Web Token\">JWT</abbr>), thus\nextending the expiration date of their current JWT.\n<br/>\n<br/> This API requires user to be authenticated with a valid non expired JWT.\n<br/> If so, a new JWT is returned, with the expiration date starting from now.\n<br/>\n<br/> <b>Warning:</b> The JWT can only be renewed a given number of times, after this user has to login again to get a new token\nusing API <a href=\"#api-authentication-GetLogin\">GET /api/rainbow/authentication/v1.0/login</a>.\n<br/> The maximum number of renew is given in the JWT, as well as the current number of time the token has been renewed.","operationId":"GetRenew","consumes":["application/json"],"produces":["application/json"],"parameters":[{"name":"accept","in":"header","required":true,"type":"string","description":"application/json"}],"security":[{"Bearer":[]}],"x-permissions":[{"name":"public"}],"responses":{"200":{"description":"successful operation","schema":{"$ref":"#/definitions/GetRenewSuccess"},"examples":{"application/json":{"token":"eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJ1c2VyIjp7ImlkIjoiNTZjNWMxOWY5NDE0MTc2NTExOWY4OTZjIiwibG9naW5FbWFpbCI6InVzZXIxQGNvbXBhbnkuY29tIn0sImlhdCI6MTQ1NjE1MTYzOCwiZXhwIjoxNDU2MTU4ODM4fQ.FlPLNcWY9pTr0QvMj3RpLZJxtqbbydNnWIEr-B2lc4Y6ea41bqJJ-e10Sk_S-1blnG71E7yT625qrkO-UCc0ywR6lWCylcAUkH7-fvjKQbET2mU-4yuNwTd-sNHGzGabgr4n5xtUSMaDunjDgF1kQDZ-dEFPF5NtbN1rdqZP9tzTXrpZ6rmrW2a1o13-hHl7sxN_FqHr_4u_8AhN4dMKUgG0qRjrc1GMJ88M8idH9zTsejU5YQyJqdYQS9T_fSoFzJtS0rmwNCJMdeF2tXj8YQeTjKAiPXoBwklm5xblHxWeCTz9tqfkw1XeNxSO0pOUmpwdpF8kbwDCCa2rgz1z3A","loggedInUser":{"id":"56c5c19f94141765119f896c","loginEmail":"user1@company.com","firstName":"Firstname","lastName":"Lastname","displayName":"Firstname Lastname","nickName":"Nickname","title":"Mr.","jobTitle":"Research and Development","emails":[{"email":"user1@company.com","type":"work"},{"email":"user1@home.com","type":"home"}],"phoneNumbers":[{"shortNumber":"1002","pbxId":"PBX712e-bd96-0c27-4350-a3ff-dc0c-83e7-c246","systemId":"57dc0644f44a97c9155cd462","country":"FRA","number":"0390676767","numberE164":"+33390676767","phoneNumberId":"58876dad81e063e01187dd24","isMonitored":true,"isFromSystem":true,"deviceType":"landline","type":"work"},{"number":"0390909090","country":"FRA","numberE164":"+33390909090","phoneNumberId":"577e2e9b86c953de7838d635","systemId":null,"isFromSystem":false,"deviceType":"landline","type":"home"},{"number":"0690909090","country":"FRA","numberE164":"+33690909090","phoneNumberId":"577e2e9b86c953de7838d636","systemId":null,"isFromSystem":false,"deviceType":"mobile","type":"home"}],"country":"FRA","language":"fr-FR","timezone":"Europe/Paris","jid_im":"2d2f1aaf5ce54a2dbae9d70490366562@openrainbow.com","jid_tel":"tel_2d2f1aaf5ce54a2dbae9d70490366562@openrainbow.com","jid_password":"3b3f6e2c927940b2875f1ec604c0363b","roles":["user","superadmin"],"adminType":"undefined","companyId":"569ce8c8f9336c471b98eda1","companyName":"My company","isInDefaultCompany":false,"organisationId":null,"siteId":null,"visibility":"same_than_company","isActive":true,"isInitialized":true,"initializationDate":"2016-01-18T13:30:44.498Z","activationDate":"2016-01-18T13:29:44.498Z","creationDate":"2016-01-18T12:45:44.498Z","lastUpdateDate":"2016-01-19T16:33:22.548Z","lastAvatarUpdateDate":"2016-01-19T11:29:11.567Z","createdBySelfRegister":true,"createdByAdmin":{"userId":"56d69d020c92b35b3041d433","loginEmail":"superadmin@localhost.fr"},"invitedBy":{"invitationId":"574ffe07170a86f3297bc35b","invitationDate":"2016-01-15T13:29:44.498Z","userId":"56d69d020c92b35b3041d533","loginEmail":"user0@company.com"},"firstLoginDate":"2016-01-18T13:29:44.498Z","lastLoginDate":"2016-02-23T09:17:42.523Z","loggedSince":"2016-02-23T09:17:42.523Z","isTerminated":false,"guestMode":false,"profiles":[{"isDefault":true,"status":"active","canBeSold":false,"businessModel":"none","businessSpecific":["NONE"],"isExclusive":false,"isPrepaid":false,"hasConference":false,"isBundle":false,"assignationDate":"2017-02-17T13:35:27.427Z","provisioningNeeded":[],"subscriptionId":"5808da2e35d795966e61f9ce","offerId":"58079ed2041fa586e92337cd","offerName":"Essential","profileId":"580777f56fbd22a442d4fb57","profileName":"Essential","offerReference":"RB-Essential","offerDescription":"Rainbow Essential offer","offerTechnicalDescription":"Essential"}]},"loggedInApplication":{"id":"08ad88a0028011e8bd1a8788ab975478","name":"My application","type":"web","activity":"J","ownerId":"573f189f774e0a428ee813a3","dateOfCreation":"2018-05-04T14:12:41.413Z","dateOfDeploymentRequest":"2018-06-18T07:22:16.530Z","dateOfDeployment":"2018-06-18T07:22:16.530Z","env":"deployed","state":"active","platform":"official"}}}},"400":{"description":"Bad request"},"401":{"description":"Unauthorized","examples":{"application/json":{"errorCode":401,"errorMsg":"Unauthorized","errorDetails":{"errorMsg":"User user1@company.com has expired (timeToLive)","timeToLive":3600,"creationDate":"2017-09-05T13:12:51.302Z","expirationDate":"2017-09-05T14:12:51.302Z","currentDate":"2017-09-05T14:48:23.694Z"},"errorDetailsCode":401523}}},"500":{"description":"Server error","examples":{"application/json":{"errorCode":500,"errorMsg":"Internal Server Error","errorDetails":""}}}}}},"/api/rainbow/authentication/v1.0/urls":{"get":{"tags":["Authentication Urls"],"summary":"Get user authentication URLs","description":"This API allows Rainbow users to know that URL they can use to perform a login.","operationId":"GetLoginUrl","consumes":["application/json"],"produces":["application/json"],"parameters":[{"name":"uid","in":"query","required":true,"type":"string","description":"Rainbow user unique identifier: typically his login email"}],"responses":{"200":{"description":"successful operation","schema":{"$ref":"#/definitions/GetLoginUrlSuccess"},"examples":{"application/json":{"data":[{"onlyUseImplicitFlow":true,"clientId":"4aca5ee9a087fb9218bfb662fe92605c","discoveryUrl":"https://oidc-provider.com/.well-known/openid-configuration","issuer":"https://oidc-provider.com","authorizationEndpoint":"https://oidc-provider.com/oauth/authorize","jwksUri":"https://oidc-provider.com/JWKS","type":"OIDC"}]}}},"400":{"description":"Bad request","examples":{"application/json":{"errorCode":400,"errorMsg":"Bad Request","errorDetails":[{"param":"uid","msg":"Field uid is mandatory."},{"param":"uid","msg":"Field uid length must be between 5 and 255 characters."}],"errorDetailsCode":400000}}},"500":{"description":"Server error","examples":{"application/json":{"errorCode":500,"errorMsg":"Internal Server Error","errorDetails":""}}}}}},"/api/rainbow/authentication/v1.0/oauth/authorize":{"get":{"tags":["Oauth Authentication"],"summary":"1 - OAuth Authorization Request","description":"This endpoints allows applications to get authorization from Rainbow users to use Rainbow APIs\nwith their account. This delegation of access can be performed using OAuth 2.0 **Authorization code** grant or **Implicit** grant.\n\nWhile both OAuth 2.0 Authorization Code grant and Implicit grant are supported by Rainbow, Authorization Code grant\nis **recommended** as it is more secure.\n\nImplicit grant is recommended for browser applications implemented in JavaScript that can't provide a backend server\nhandling the token exchange flow of OAuth Authorization Code grant. Indeed, such applications should not embed appSecret\nin their source code for security reasons, and Implicit grant allow them to retrieve the OAuth access token without\nsending the appSecret to Rainbow server (redirect_uri is the only security available with this flow). The limitation\nof implicit grant is that only an access token is returned, which has a limited lifetime and can't be renewed. Application\nhas to execute again the whole Implicit grant flow to retrieve a new access token.\n\nTo enable Implicit grant for an application, the application's setting `enableOAuthImplicitGrant` has to\nbe set to true (it is disabled by default).\n\nFor more information, see the OAuth 2.0 RFC related to authorization endpoint:\n- <a href=\"https://tools.ietf.org/html/rfc6749#section-4.1.1\">section 4.1.1</a> for Authorization Code grant,\n- <a href=\"https://tools.ietf.org/html/rfc6749#section-4.2.1\">section 4.2.1</a> for Implicit grant.\n\nNote that Rainbow applications are named **client** in OAuth 2.0 RFC.\n\n\n### 1. Authorize request for Authorization code grant\n\n\nThe OAuth **Authorization Code** Grant flow is detailed in the following sequence diagram.\n\nThis GET /api/rainbow/authentication/v1.0/oauth/authorize endpoint addresses points 1 to 7 of this diagram for Authorization code grant flow\n(points 8 to 9 are addressed by POST /api/rainbow/authentication/v1.0/oauth/token endpoint, see related <a href=\"#api-OAuth_Authentication-OAuthToken\">documentation</a>).\n![Failed to load diagram :-(](img/oauth_authorization_code_flow_sd.png \"OAuth Authorization Code Grant sequence diagram\")\n\nDetails about the sequence diagram:\n- (1) User is on application website\n- (1) User accesses to application content that needs data from Rainbow, or application allows to login with Rainbow,\n\n  … (use case depends of the application needs)\n- (2) Application redirects to OAuth authorize endpoint on Rainbow authentication server.\n\n     Some query string parameters are provided in the query (defined by <a href=\"https://tools.ietf.org/html/rfc6749#section-4.1.1\">OAuth 2.0 RFC</a>):\n     - `response_type`: \"**code**\" for requesting an authorization code (authorization code grant)\n     - `client_id`: the application identifier (appId)\n     - `redirect_uri`: application\\'s backend endpoint where the authorization code will be sent.\n       <br/> It has to use TLS for security reasons, as the authorization code is exchanged between Rainbow and the application\\'s backend through the browser.\n     - `scope`: scope of the access requested by the application.\n       <br/> Currently, only \"all\" is supported (meaning that the application will have full access on all the Rainbow APIs).\n       <br/> In a next step, scopes will be defined so that the application can request restricted scopes (filestorage, bubble management, channels, …)\n     - `state`: a \"random\" value sent by the client to maintain a state between the request and the callback.\n       Can be used to protect against cross-site request forgery attacks (CSRF).\n- (3) Rainbow authentication server checks that the `client_id` sent in query parameter in (2) corresponds to a valid application in the database.\n     - If so, Rainbow authentication server redirects user\\'s browser to Rainbow login page\n     - Otherwise, an error is returned (if redirect_uri is provided, user\\'s browser is redirected to this uri and the error is sent in query parameters)\n- (4) User enters his credentials on login page and submit the form. Rainbow authentication server checks in the database if user credentials are valid.\n     - (5) If so, Rainbow authentication server redirects user\\'s browser to consent page\n     - Otherwise, Rainbow authentication server redirects again user\\'s browser to login page with an error which is displayed for the user\n- (6) User authorize the application to access Rainbow APIs in his name. The form is submitted on Rainbow authentication server.\n     - (7) If the user authorized, Rainbow authentication server generates an authorization code and redirects user\\'s browser to application backend\\'s `redirect_uri` (the one provided in query parameters in (2)).\n\n\t    Note that `redirect_uri` must be one of the configured `oauthRedirectUris` in the application, otherwise an error is returned.\n\n\t    The following data are returned in query parameters of the redirection uri (defined by <a href=\"https://tools.ietf.org/html/rfc6749#section-4.1.2\">OAuth 2.0 RFC</a>):\n\t     - `code`: the authorization code that can be exchanged against an access token and a refresh token using <a href=\"#api-OAuth_Authentication-OAuthToken\">token endpoint</a>.\n           Authorization code has a short lifetime (10 minutes) and can only be used once.\n\t     - `state`: if state was provided in (2), this value is returned (otherwise a random value is returned).\n     - If the user declined, Rainbow authentication server redirects user\\'s browser to application backend\\'s `redirect_uri` with an error in query parameters.\n\nOnce the application has the authorization code, it has to exchange it against an access token and a refresh token using\nPOST /api/rainbow/authentication/v1.0/oauth/token endpoint, points 8 and 9 of the sequence diagram\n(see <a href=\"#api-OAuth_Authentication-OAuthToken\">documentation</a> of this endpoint for more information).\n\n### 2. Authorize request for Implicit grant\n\nThe OAuth **Implicit** Grant flow is detailed in the following sequence diagram.\n\nUnlike Authorization Code grant flow, this GET /api/rainbow/authentication/v1.0/oauth/authorize endpoint is the\nonly one to be used by the application to retrieve the OAuth access token.\n\n![Failed to load diagram :-(](img/oauth_implicit_flow_sd.png \"OAuth Implicit Grant sequence diagram\")\n\nDetails about the sequence diagram:\n- (1) User uses the web application on his browser\n- (1) User accesses to web application content that needs data from Rainbow, or web application allows to login with Rainbow, … (use case depends of the application needs)\n- (2) Application redirects to OAuth authorize endpoint on Rainbow authentication server.\n\n     Some query string parameters are provided in the query (defined by <a href=\"https://tools.ietf.org/html/rfc6749#section-4.2.1\">OAuth 2.0 RFC</a>):\n     - `response_type`: \"**token**\" for requesting an access token (implicit grant)\n     - `client_id`: the application identifier (appId)\n     - `redirect_uri`: web application\\'s endpoint where the authorization code will be sent.\n     - `scope`: scope of the access requested by the application.\n       <br/> Currently, only \"all\" is supported (meaning that the application will have full access on all the Rainbow APIs).\n       <br/> In a next step, scopes will be defined so that the application can request restricted scopes (filestorage, bubble management, channels, …)\n     - `state`: a \"random\" value sent by the client to maintain a state between the request and the callback.\n       Can be used to protect against cross-site request forgery attacks (CSRF).\n- (3) Rainbow authentication server checks that the `client_id` sent in query parameter in (2) corresponds to a valid application in the database.\n     - If so, Rainbow authentication server redirects user\\'s browser to Rainbow login page\n     - Otherwise, an error is returned (if redirect_uri is provided, user\\'s browser is redirected to this uri and the error is sent in fragment component of\n       this redirection uri)\n- (4) User enters his credentials on login page and submit the form. Rainbow authentication server checks in the database if user credentials are valid.\n     - (5) If so, Rainbow authentication server redirects user\\'s browser to consent page\n     - Otherwise, Rainbow authentication server redirects again user\\'s browser to login page with an error which is displayed for the user\n- (6) User authorize the application to access Rainbow APIs in his name. The form is submitted on Rainbow authentication server.\n     - (7) If the user authorized, Rainbow authentication server generates an access token and redirects user\\'s browser to web application\\'s `redirect_uri` (the one provided in query parameters in (2)).\n\n\t\t  Note that `redirect_uri` must be one of the configured `oauthRedirectUris` in the application, otherwise an error is returned.\n\n       The following data are returned in **fragment** component of the redirection uri (defined by <a href=\"https://tools.ietf.org/html/rfc6749#section-4.2.2\">OAuth 2.0 RFC</a>):\n         - `access_token`: the access token that can be used by the application to use Rainbow APIs,\n         - `token_type`: the type of token returned (\"**access_token**\"),\n         - `expires_in`: the lifetime of the access token (in seconds),\n         - `state`: if state was provided in (2), this value is returned (otherwise a random value is returned).\n     - If the user declined, Rainbow authentication server redirects user\\'s browser to application\\'s `redirect_uri` with an error in fragment component.\n\n> Once the application has the access token, it can use it to use Rainbow APIs with the account of the related Rainbow user.","operationId":"OAuthAuthorize","consumes":["application/json"],"produces":["application/json"],"parameters":[{"name":"content-type","in":"header","required":true,"type":"string","description":"application/x-www-form-urlencoded"},{"name":"response_type","in":"query","required":true,"type":"string","description":"Desired grant type to use for authorize endpoint.\n<br/> To be set to:\n- ```code``` if Authorization Code grant is used,\n- ```token``` if Implicit grant is used.\n\nFor more information, details are available in the OAuth 2.0 RFC, <a href=\"https://tools.ietf.org/html/rfc6749#section-3.1.1\">section 3.1.1</a>\nand <a href=\"https://tools.ietf.org/html/rfc6749#section-4.1.1\">section 4.1.1 (Authorization Code grant)</a> or\n<a href=\"https://tools.ietf.org/html/rfc6749#section-4.2.1\">section 4.2.1 (Implicit grant)</a>."},{"name":"client_id","in":"query","required":true,"type":"string","description":"Unique identifier of the application requesting the authorization\n(also documented as ```appId``` in Rainbow APIs documentation).\n<br/>\n<br/> For more information, details are available in the OAuth 2.0 RFC, <a href=\"https://tools.ietf.org/html/rfc6749#section-2.2\">section 2.2</a>\n      and <a href=\"https://tools.ietf.org/html/rfc6749#section-4.1.1\">section 4.1.1 (Authorization Code grant)</a> or\n      <a href=\"https://tools.ietf.org/html/rfc6749#section-4.2.1\">section 4.2.1 (Implicit grant)</a>."},{"name":"redirect_uri","in":"query","required":false,"type":"string","description":"Application's endpoint URI where the user-agent will be redirected with the\nauthorization code (Authorization Code grant) or access token (Implicit grant) if the user grants access to the application.\n<br/> Errors are redirected to this endpoint as well, for example in the case the user declines access to the application.\n<br/>\n<br/> If ```redirect_uri``` parameter is specified, it must be one of the URIs defined in application's ```oauthRedirectUris``` parameter,\n      otherwise the user-agent is redirected to the specified redirect_uri with an error and error_description parameters in query string\n      (error=invalid_client&error_description=Invalid client: `redirect_uri` does not match client value).\n<br/>\n<br/> If ```redirect_uri``` parameter is not specified, the first URI defined in application's ```oauthRedirectUris``` parameter is used.\n<br/> => Application's ```oauthRedirectUris``` parameter must be configured to allow the application to use OAuth 2.0 authorization grant.\n<br/>\n<br/> If Authorization Code grant is used, this endpoint should use TLS for security reasons, as sensitive data are sent to application's endpoint through a public network.\n<br/>\n<br/> For more information, details are available in the OAuth 2.0 RFC, <a href=\"https://tools.ietf.org/html/rfc6749#section-3.1.2\">section 3.1.2</a>\n      and <a href=\"https://tools.ietf.org/html/rfc6749#section-4.1.1\">section 4.1.1 (Authorization Code grant)</a> or\n      <a href=\"https://tools.ietf.org/html/rfc6749#section-4.2.1\">section 4.2.1 (Implicit grant)</a>."},{"name":"scope","in":"query","required":false,"type":"string","description":"The scope of the Rainbow API access requested by the application.\n<br/> For now, only ```all``` is implemented (i.e. application has access to all the Rainbow APIs).\n<br/>\n<br/> For more information, details are available in the OAuth 2.0 RFC, <a href=\"https://tools.ietf.org/html/rfc6749#section-3.3\">section 3.3</a>\n      and <a href=\"https://tools.ietf.org/html/rfc6749#section-4.1.1\">section 4.1.1 (Authorization Code grant)</a> or\n      <a href=\"https://tools.ietf.org/html/rfc6749#section-4.2.1\">section 4.2.1 (Implicit grant)</a>."},{"name":"state","in":"query","required":false,"type":"string","description":"A random string that can be provided by the application to maintain state between the authorize request and the\nredirection to redirect_uri endpoint (state is sent back by Rainbow authentication server to redirect_uri endpoint).\n<br/> This should be used by the application to prevent against cross-site request forgery (CSRF).\n<br/>\n<br/> For more information, details are available in the OAuth 2.0 RFC, <a href=\"https://tools.ietf.org/html/rfc6749#section-4.1.1\">section 4.1.1</a>.\n<br/> For more information regarding cross-site request forgery (CSRF) threat, details are available in the\n      <a href=\"https://tools.ietf.org/html/rfc6749#section-10.12\">section 10.12</a>."}],"responses":{"200":{"description":"successful operation","schema":{"$ref":"#/definitions/OAuthAuthorizeSuccess"},"examples":{"application/unknown":"HTTP/1.1 302 Found\nLocation: https://myapp.domain.com/oauth/callback#access_token=eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJ1c2VyIjp7ImlkIjoiNTcyNzU2OTY3YmZiY2EwZDBlMDlhNmI0IiwibG9naW5FbWFpbCI6Im5pY29sYXMudml2aWVuQGFsLWVudGVycHJpc2UuY29tIn0sImFwcCI6eyJpZCI6Ijc4ZTk4ZWUwOWJhZDExZThiOGVkZWJiNTBkNjc5ZGY2IiwibmFtZSI6IkFwcF9SYWluYm93XzEifSwib2F1dGgiOnsidHlwZSI6ImFjY2Vzc190b2tlbiIsInNjb3BlIjoiYWxsIn0sImlhdCI6MTU1MzUyMDgzOX0.QiaeT7Ut5QFDqc79iTLBmesnqgBTVpQP3NEgbfWQmT5Ns3K1lmvjGEsA8rzC24M2S4G23SVOwJjrJRayLjJcfpGJFpbfV7xe9MPKkzh8x-46xH7d3BXolw1RcPEXR_-DSGaztORk3ynsZbZ5X8qCgFXPggcdWAvIR85CMxtUvAaaKl2djdLS2Dx-i36qCeHshfqNHDJHDWqTN9tMje2iRirxMOf928mSUwZKZOjk7bH1skkZeh5UpuDTBgt2v-ctZPrGbFIAR6KlWSXo6yUk6DPPvCx1saQyGx3Eerj-2Qmk5BLgq7EvJ44ADaqgaQ8kxWJBFm6lFjnTJOkPe99tCA&token_type=access_token&expires_in=3600&state=f5KCWVvzl"}}}}},"/api/rainbow/authentication/v1.0/oauth/token":{"post":{"tags":["Oauth Authentication"],"summary":"2 - OAuth Access Token Request","description":"This endpoints allows applications to get an access token allowing them to use Rainbow APIs with\nthe account of the related Rainbow user.\n\nAccess token has a short lifetime (1 hour). A refresh token is issued as well, allowing applications to\nrefresh their access token (and such avoiding the application to request user authorization again with\nGET /api/rainbow/authentication/v1.0/oauth/authorize).\n\nThe token endpoint can be used:\n1. To exchange the authorization code against an access token and a refresh token,\n2. To get a new access token using the refresh token (to be used when the access token has expired).\n\n\n## 1. Exchange the authorization code against an access token and a refresh token\n\nFor more information, see the <a href=\"https://tools.ietf.org/html/rfc6749#section-4.1.3\">OAuth 2.0 RFC, section 4.1.3</a> related to the use of this\nendpoint to exchange the authorization code against an access token and a refresh token.\n\nThe OAuth Access Token Request flow is detailed in the following sequence diagram.\n\nThis POST /api/rainbow/authentication/v1.0/oauth/token endpoint addresses points 8 to 9 of this diagram\n(points 1 to 7 are addressed by GET /api/rainbow/authentication/v1.0/oauth/authorize endpoint, see related <a href=\"#api-OAuth_Authentication-OAuthAuthorize\">documentation</a>).\n![Failed to load diagram :-(](img/oauth_authorization_code_flow_sd.png \"OAuth Authorization Code Grant sequence diagram\")\n\nDetails about the sequence diagram:\n- (8) application\\'s backend exchanges the authorization code it retrieved in (7) against an access token and a refresh token.\n\n\t For that, it calls the OAuth token endpoint on Rainbow authentication server. It has to provide:\n    - The header Authorization with Basic &lt;base64encode(`client_id`:`client_secret`)&gt;.\n\n\t   This request has to be done from the application''s backend so that the client_secret (appSecret) remains confidential.\n\n\t   Example of base64 calculation:\n     ```\n\t    base64(\"78e98ee09bad11e8b8edebb50d679df6:2UrOcs3agk34zaV3Jsf01vM54iLyqwBEpnv5vJr72D9cE5wMVQeEe3BM7IxzyyJD\") =\n\t       <i>NzhlOThlZTA5YmFkMTFlOGI4ZWRlYmI1MGQ2NzlkZjY6MlVyT2NzM2FnazM0emFWM0pzZjAxdk01NGlMeXF3QkVwbnY1dkpyNzJEOWNFNXdNVlFlRWUzQk03SXh6eXlKRA==</i>\n     ```\n\n\n  - In the body the parameters (x-www-form-urlencoded):\n  - `grant_type`: must be set to \"**authorization_code**\" for an exchange of an authorization code against an access token and a refresh token\n  - `code`: the authorization code sent by Rainbow authentication server in (7)\n  - `redirect_uri`: the redirect_uri parameter, must be the same than the one used to retrieve the authorization code (the one sent in (2))\n- (9) Rainbow authentication server checks that the application\\'s credentials are valid by extracting client_id and client_secret from the Authorization header\nand comparing them to the appId and appSecret stored in the database. Then it checks that the provided authorization code is valid, has well been generated\nfor this application and redirect_uri matches the one sent in (2). Provided authorization code is revoked, as it can only be used once.\n    - If everything is valid, Rainbow authentication server generates an access token and a refresh token that it stores in the database and returns in the body of\n      the HTTP response to the application\\'s backend.\n    - Otherwise, a body with an error message is returned to the application\\'s backend.\n- (10) With the access token received from the Rainbow authentication server in (9), the application can use it to call Rainbow APIs in the name of the user.\n\n  For that, it calls the Rainbow APIs with the header Authorization Bearer <access_token>.\n\n\n### 2. Refresh an access token\n\nAccess token has a short lifetime (1 hour). If the application tries to use an expired access token for a request on Rainbow API,\nan error 401 Unauthorized is returned.\nAccess token can be renewed using the refresh token, this avoids the application to redo the whole OAuth authorization code flow.\n\nFor more information, see the <a href=\"https://tools.ietf.org/html/rfc6749#section-6\">OAuth 2.0 RFC, section 6</a> related to the refresh of an access token.\n\nThe OAuth Refresh Access Token flow is detailed in the following sequence diagram.\n![Failed to load diagram :-(](img/oauth_refresh_token_flow_sd.png \"OAuth Refresh Access Token sequence diagram\")\nDetails about the sequence diagram:\n-  (1) User is on application website\n-  (1) User accesses to application content that needs data from Rainbow (use case depends of the application needs).\n\n The application has already an OAuth access token and a refresh token retrieved using the authorization code grant\n described in \"*OAuth Authorization Code Grant sequence diagram*\".\n-  (1) Application calls the Rainbow API (whatever the portal is) to access Rainbow user data.\n   It provides the header `Authorization: Bearer &lt;access_token&gt;` in the request.\n-  (2) Rainbow API portal checks the validity of the access token (existing, not expired).\n-  (2) If the access token is expired, an error 401 Unauthorized is returned. The application needs to renew the access token.\n-  (3) [optional, depends of the application implementation] If the application is executed in the browser (JavaScript), it needs to request its backend to get a new access token.\n\n If the request to Rainbow API is already performed in the application\\'s backend, the backend itself can renew the access token.\n-  (4) Application\\'s backend calls the OAuth token endpoint on Rainbow authentication server. It has to provide:\n    -  The header Authorization with Basic &lt;base64(`client_id`:`client_secret`)&gt;.\n       This request has to be done from the application\\'s backend so that the client_secret (appSecret) remains confidential.\n\n\n\t\tExample of base64 calculation:\n\t```\n\tbase64(\"78e98ee09bad11e8b8edebb50d679df6:2UrOcs3agk34zaV3Jsf01vM54iLyqwBEpnv5vJr72D9cE5wMVQeEe3BM7IxzyyJD\") =\n\t       <i>NzhlOThlZTA5YmFkMTFlOGI4ZWRlYmI1MGQ2NzlkZjY6MlVyT2NzM2FnazM0emFWM0pzZjAxdk01NGlMeXF3QkVwbnY1dkpyNzJEOWNFNXdNVlFlRWUzQk03SXh6eXlKRA==</i>\n\t```\n\n   -  In the body the parameters (x-www-form-urlencoded)\n        - `grant_type`: must be set to \"**refresh_token**\" to request a new access token using the refresh token\n        - `refresh_token`: the refresh token sent by Rainbow authentication server\n-  (5) Rainbow authentication server checks that the client credentials are valid by extracting client_id and client_secret from the Authorization header\n       and comparing them to the appId and appSecret stored in the database.\n       Then it checks that the provided refresh token is valid, not expired, and has well been generated for this application.\n    -  If everything is valid, Rainbow authentication server generates a new access token and a new refresh token\n       and return them in the body of the HTTP response to the application\\'s backend.\n    -  Otherwise, a body with an error message is returned to the application\\'s backend.\n-  (6) The application updates its access token and refresh token in its own storage.\n\n      In the case the applicationD is running in the browser, the backend returns the new access token to its frontend.\n-  (7) The application redo the same API request to Rainbow portal done in (1), with the newly generated access token.\n-  (8) Rainbow API portal checks the validity of the access token. As the access token is now valid,\n       the Rainbow API performs the requested operation / returns the requested data.","operationId":"OAuthToken","consumes":["application/json"],"produces":["application/json"],"parameters":[{"in":"body","name":"body","required":true,"schema":{"$ref":"#/definitions/OAuthToken"}}],"responses":{"200":{"description":"successful operation","schema":{"$ref":"#/definitions/OAuthTokenSuccess"},"examples":{"application/unknown":"HTTP/1.1 200 OK\n{\n  \"access_token\": \"eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJ1c2VyIjp7ImlkIjoiNTcyNzU2OTY3YmZiY2EwZDBlMDlhNmI0In0sImFwcCI6eyJpZCI6Ijc4ZTk4ZWUwOWJhZDExZThiOGVkZWJiNTBkNjc5ZGY2IiwibmFtZSI6IkFwcF9SYWluYm93XzEifSwib2F1dGgiOnsidHlwZSI6ImFjY2Vzc190b2tlbiIsInNjb3BlIjoiYWxsIn0sImlhdCI6MTU1MzUyMDE2NH0.pKyIDJWWk6N3Ee0slCF2tZNGzGmX5xpzPAgYaDQ93pohVjpHaOdAgIDE0LEK68DudQSIZnUUi3DklpbrS75tQBRJX95e-zYiQTa2fARBVPxwwOnx3PROtVh1eJvZrBsJK3MiPi-mQCGL8RZICJux1_igKy7f_Bhl7hdswJ7gZMW1WSqRYJWD93Fdlchj-qrquO0dKxzkfJMDjKyQzVCGEb8ChUvtTO7QFKeyhgHfP5nXEgkDd4LPMr9hjfJ1rqtEl3sbWJvo6DWuRZqTd3AvWgIKgprtQePC8QEtdpl-1LBBhrAI_y0RNs0u67ODKXQjZPdIBM07XnVAAD6JrHGGhg\",\n  \"expires_in\": 3600,\n  \"token_type\": \"Bearer\",\n  \"refresh_token\":\"eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJ1c2VyIjp7ImlkIjoiNTcyNzU2OTY3YmZiY2EwZDBlMDlhNmI0In0sImFwcCI6eyJpZCI6Ijc4ZTk4ZWUwOWJhZDExZThiOGVkZWJiNTBkNjc5ZGY2IiwibmFtZSI6IkFwcF9SYWluYm93XzEifSwib2F1dGgiOnsidHlwZSI6InJlZnJlc2hfdG9rZW4iLCJzY29wZSI6ImFsbCJ9LCJpYXQiOjE1NTM1MjAxNjR9.hauDetfLAglWLiBTwPg8ArCSolAN4S9BIjl_vJ5D5mNpduPWEvDjjcuiRSfVYg9rNmowSSlhk2ISDPvqPkViuLlGeYbaBdPqea4NZCYI1mK-wwJcDw1VyT4f2JagNJaAI-vmadxj9en2MLjXekGSAIQ79cObElJI0L8vezEPPcloupvMLmFzCTCThRNZuEM1aaTF4-Ov-lEy3DrDOpNigPwXpT0JA4GtN4w7GTXCu2YAC0RswA8y3x_uwWx7IHe76haW2b22V6euwYQ2zd2Wb8Hq2aSz7afGKGWgWXJycotlZz9ZSwx4NkDT4XY_Nqy2wZgijcgqq21xq9S5E7puOQ\",\n  \"scope\":\"all\"\n}"}}}}},"/api/rainbow/authentication/v1.0/oauth/tokens/{tokenId}":{"delete":{"tags":["Oauth Tokens"],"summary":"Delete an OAuth token","description":"This API allows users to revoke OAuth token they have previously granted for applications.\n<br/>\n<br/> Once an OAuth token is revoked, the application for which this token has been issued will no longer be\nable to use Rainbow APIs in the name of the user.","operationId":"DeleteOAuthToken","consumes":["application/json"],"produces":["application/json"],"parameters":[{"name":"tokenId","in":"path","required":true,"type":"string","description":"OAuth token unique identifier (like 5c6c32532204570d233816d2)"},{"name":"accept","in":"header","required":true,"type":"string","description":"application/json"}],"security":[{"Bearer":[]}],"x-permissions":[{"name":"user"}],"responses":{"200":{"description":"successful operation","schema":{"$ref":"#/definitions/DeleteOAuthTokenSuccess"},"examples":{"application/json":{"status":"OAuthToken 5c6c32532204570d233816d2 successfully deleted","data":{"id":"5c6c32532204570d233816d2","appId":"27033b1001bd11e8843d6f00134e5189","appName":"A wonderful application","userId":"572756967bfbca0d0e09a6b4","creationDate":"2019-02-19T16:44:03.851Z","accessTokenIssuedAt":"2019-02-19T16:48:07.741Z","accessTokenExpiresAt":"2019-02-19T17:48:07.738Z","refreshTokenIssuedAt":"2019-02-19T16:44:03.836Z","refreshTokenExpiresAt":"2019-03-05T16:44:01.184Z","scope":"all"}}}},"400":{"description":"Bad request"},"401":{"description":"Unauthorized","examples":{"application/json":{"errorCode":401,"errorMsg":"Unauthorized","errorDetails":{"errorMsg":"User user1@company.com has expired (timeToLive)","timeToLive":3600,"creationDate":"2017-09-05T13:12:51.302Z","expirationDate":"2017-09-05T14:12:51.302Z","currentDate":"2017-09-05T14:48:23.694Z"},"errorDetailsCode":401523}}},"404":{"description":"Not found","examples":{"application/json":{"errorCode":404,"errorMsg":"Resource Not Found","errorDetails":"OAuthToken with id 5c6c32532204570d233816d2 does not exist, not able to delete it.","errorDetailsCode":404002}}},"500":{"description":"Server error","examples":{"application/json":{"errorCode":500,"errorMsg":"Internal Server Error","errorDetails":""}}}}},"get":{"tags":["Oauth Tokens"],"summary":"Get an OAuth token","description":"This API allows users to get an OAuth token.","operationId":"GetOAuthTokenById","consumes":["application/json"],"produces":["application/json"],"parameters":[{"name":"tokenId","in":"path","required":true,"type":"string","description":"OAuth token unique identifier (like 5c6c32532204570d233816d2)"},{"name":"accept","in":"header","required":true,"type":"string","description":"application/json"}],"security":[{"Bearer":[]}],"x-permissions":[{"name":"user"}],"responses":{"200":{"description":"successful operation","schema":{"$ref":"#/definitions/GetOAuthTokenByIdSuccess"},"examples":{"application/json":{"data":{"id":"5c6c32532204570d233816d2","appId":"27033b1001bd11e8843d6f00134e5189","appName":"A wonderful application","userId":"572756967bfbca0d0e09a6b4","creationDate":"2019-02-19T16:44:03.851Z","accessTokenIssuedAt":"2019-02-19T16:48:07.741Z","accessTokenExpiresAt":"2019-02-19T17:48:07.738Z","refreshTokenIssuedAt":"2019-02-19T16:44:03.836Z","refreshTokenExpiresAt":"2019-03-05T16:44:01.184Z","scope":"all"}}}},"400":{"description":"Bad request"},"401":{"description":"Unauthorized","examples":{"application/json":{"errorCode":401,"errorMsg":"Unauthorized","errorDetails":{"errorMsg":"User user1@company.com has expired (timeToLive)","timeToLive":3600,"creationDate":"2017-09-05T13:12:51.302Z","expirationDate":"2017-09-05T14:12:51.302Z","currentDate":"2017-09-05T14:48:23.694Z"},"errorDetailsCode":401523}}},"404":{"description":"Not found","examples":{"application/json":{"errorCode":404,"errorMsg":"Resource Not Found","errorDetails":"OAuthToken with id 5c6c32532204570d233816d2 does not exist.","errorDetailsCode":404000}}},"500":{"description":"Server error","examples":{"application/json":{"errorCode":500,"errorMsg":"Internal Server Error","errorDetails":""}}}}}},"/api/rainbow/authentication/v1.0/oauth/tokens":{"get":{"tags":["Oauth Tokens"],"summary":"Get all OAuth token","description":"This API allows users to list all OAuth tokens they have generated.\n<br/>\n<br/> An OAuth token is generated when an application logs a user using OAuth 2.0 protocol. An OAuth token gives\nthe possibility for the application to use Rainbow APIs in the name of the user (delegation).","operationId":"GetOAuthToken","consumes":["application/json"],"produces":["application/json"],"parameters":[{"name":"accept","in":"header","required":true,"type":"string","description":"application/json"},{"name":"format","in":"query","required":false,"type":"string","description":"Allows to retrieve more or less OAuth token details in response.\n<br/> - `small`: id, appId, appName, userId\n<br/> - `medium`: id, appId, appName, userId, scope, creationDate, accessTokenIssuedAt, refreshTokenExpiresAt\n<br/> - `full`: all OAuth token fields","enum":["small","medium","full"],"default":"small"},{"name":"limit","in":"query","required":false,"type":"number","description":"Allow to specify the number of OAuth tokens to retrieve.","default":"100"},{"name":"offset","in":"query","required":false,"type":"number","description":"Allow to specify the position of first OAuth token to retrieve (first OAuth token if not specified).\nWarning: if offset > total, no results are returned."},{"name":"sortField","in":"query","required":false,"type":"string","description":"Sort OAuth tokens list based on the given field.","default":"appName"},{"name":"sortOrder","in":"query","required":false,"type":"number","description":"Specify order when sorting OAuth tokens list.","enum":["-1","1"],"default":"1"}],"security":[{"Bearer":[]}],"x-permissions":[{"name":"user"}],"responses":{"200":{"description":"successful operation","schema":{"$ref":"#/definitions/GetOAuthTokenSuccess"},"examples":{"application/json":{"data":[{"id":"5c6c32532204570d233816d2","appId":"27033b1001bd11e8843d6f00134e5189","appName":"A wonderful application","userId":"572756967bfbca0d0e09a6b4","creationDate":"2019-02-19T16:44:03.851Z","accessTokenIssuedAt":"2019-02-19T16:48:07.741Z","accessTokenExpiresAt":"2019-02-19T17:48:07.738Z","refreshTokenIssuedAt":"2019-02-19T16:44:03.836Z","refreshTokenExpiresAt":"2019-03-05T16:44:01.184Z","scope":"all"},{"id":"5c6ead547f3cab72dce5c83d","appId":"d4242f40080511e886d9b5bbd3260792","appName":"Top plugin","userId":"572756967bfbca0d0e09a6b4","creationDate":"2019-02-21T13:53:24.884Z","accessTokenIssuedAt":"2019-02-25T08:42:41.135Z","accessTokenExpiresAt":"2019-02-25T09:42:41.132Z","refreshTokenIssuedAt":"2019-02-25T08:42:41.135Z","refreshTokenExpiresAt":"2019-03-11T08:42:41.132Z","scope":"all"}],"limit":100,"offset":0,"total":2}}},"400":{"description":"Bad request"},"401":{"description":"Unauthorized","examples":{"application/json":{"errorCode":401,"errorMsg":"Unauthorized","errorDetails":{"errorMsg":"User user1@company.com has expired (timeToLive)","timeToLive":3600,"creationDate":"2017-09-05T13:12:51.302Z","expirationDate":"2017-09-05T14:12:51.302Z","currentDate":"2017-09-05T14:48:23.694Z"},"errorDetailsCode":401523}}},"500":{"description":"Server error","examples":{"application/json":{"errorCode":500,"errorMsg":"Internal Server Error","errorDetails":""}}}}}},"/api/rainbow/authentication/v1.0/oidc-client/jwt":{"get":{"tags":["Oidc Client"],"summary":"Get a JWT from an id_token","description":"This endpoints allows applications to get a Rainbow JWT from an OpenID Connect (OIDC) id_token.\n\nThis API has to be used when OIDC implicit flow is used (see details in OpenID Connect Core 1.0 specifications,\n[section 3.2](https://openid.net/specs/openid-connect-core-1_0.html#ImplicitFlowAuth)) or when the OIDC\nid_token is retrieved by other way than using [GET /api/rainbow/authentication/v1.0/oidc-client/login](#api-OIDC_Client-GetOidcLogin) API.\n\nAuthorization code grant is **recommended** as it is more secure than Implicit grant (it involves a clientSecret\nfrom Rainbow application).\n<br/> However, some applications may prefer to implement the OIDC flow directly in their application, or some OIDC\nproviders may not support authorization code grant.\n<br/> This API is dedicated to such cases, where the OIDC flow is completely handled outside of Rainbow plateform\nand the obtained id_token is used to generate a Rainbow JWT in order to use the Rainbow APIs.\n\nIn order to use this API, the OIDC SingleSignOn settings of the company must contain:\n - `clientId`: the client_id for the Rainbow application created on the company's OIDC provider,\n - `issuer`: the company's OIDC provider issuer (should has been got from discoveryUrl if OIDC\n   settings has been configured with this parameter).\n - `jwksUri`: the company's OIDC provider jwks_uri endpoint (should has been got from discoveryUrl if OIDC\n   settings has been configured with this parameter).\n\nThe id_token must be valid and contain an `email` field corresponding to the `loginEmail` of a Rainbow user.\n\nThe full OIDC flow using Implicit grant is detailed in the following sequence diagram.\n<br/> This GET /api/rainbow/authentication/v1.0/oidc-client/jwt endpoint addresses point 8 of this diagram\n(point 1 to 7 are addressed outside of Rainbow platform).\n![Failed to load diagram :-(](img/oidc-client_implicit_grant_flow_sd.png \"OIDC client Implicit Flow grant sequence diagram\")\n\nDetails about the sequence diagram:\n- (1) User starts application\n- [optional] (2) Application requests Rainbow Authentication portal’s API [GET /api/rainbow/authentication/v1.0/urls?uid=user@company.com](#api-Authentication_Urls-GetLoginUrl)\n  to know what is the authentication type to use for this user.\n- (3) In the case the authentication type is OIDC for this user and company SSO setting `onlyUseImplicitFlow` is\n  set to true, or the developer wants to handle the OIDC flow directly in his application, the OIDC implicit flow is\n  handled outside of Rainbow platform.\n    - (3) The application redirects the browser / open a webview to the OIDC server’s authorize endpoint,\n    - (4) OIDC server display the login page,\n    - (5) The user enter his credentials in the OIDC server’s login page,\n    - (6) OIDC server redirects to client's redirect_uri (configured in OIDC server) with an id_token,\n    - (7) The application verifies the received id_token (see details in OpenID Connect Core 1.0 specifications,\n[section 3.1.3.7](https://openid.net/specs/openid-connect-core-1_0.html#IDTokenValidation)),\n- (8) The application calls API GET /api/rainbow/authentication/v1.0/oidc-client/jwt with the id_token to get\n  a Rainbow JWT. This API performs the following validations:\n    - verify the application using x-rainbow-app-auth header\n    - ensure id_token is well a JWT and decode it to extract the user email\n    - ensure a user exists in Rainbow with this email as loginEmail and ensure his company has SSO OIDC settings\n    - validate the signature, issuer and audience of the id_token using company SSO OIDC settings\n    - If the validation succeed, a Rainbow JWT is returned in response, with the loggedInUser and loggedInApplication\n      objects (same response than the one returned by [GET /api/rainbow/authentication/v1.0/login API](#api-Authentication-GetBasicLogin)\n- (9) Rainbow JWT can be use to call Rainbow APIs","operationId":"GetJwt","consumes":["application/json"],"produces":["application/json"],"parameters":[{"name":"content-type","in":"header","required":true,"type":"string","description":"application/x-www-form-urlencoded"},{"name":"x-rainbow-app-auth","in":"header","required":true,"type":"string","description":"Basic <base64encode(appId:sha256(appSecretchallenge))>\n<br/> Concatenation of appSecret and provided challenge, hashed with sha256."},{"name":"accept","in":"header","required":true,"type":"string","description":"application/json"},{"name":"id_token","in":"query","required":true,"type":"string","description":"The id_token obtained from the OIDC provider"},{"name":"nonce","in":"query","required":false,"type":"string","description":"If provided, the nonce value (provided by application to OIDC provider\nwhen requesting the id_token using implicit flow) is validated to have the same value in the decoded id_token"},{"name":"challenge","in":"query","required":true,"type":"string","description":"challenge for application authentication.\n<br/> This value can be retrieve using GET /api/rainbow/authentication/v1.0/urls?uid=user1@company.com,\nor be randomly generated by the application."}],"responses":{"200":{"description":"successful operation","schema":{"$ref":"#/definitions/GetJwtSuccess"},"examples":{"application/json":{"token":"eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJ1c2VyIjp7ImlkIjoiNTZjNWMxOWY5NDE0MTc2NTExOWY4OTZjIiwibG9naW5FbWFpbCI6InVzZXIxQGNvbXBhbnkuY29tIn0sImlhdCI6MTQ1NjE1MTYzOCwiZXhwIjoxNDU2MTU4ODM4fQ.FlPLNcWY9pTr0QvMj3RpLZJxtqbbydNnWIEr-B2lc4Y6ea41bqJJ-e10Sk_S-1blnG71E7yT625qrkO-UCc0ywR6lWCylcAUkH7-fvjKQbET2mU-4yuNwTd-sNHGzGabgr4n5xtUSMaDunjDgF1kQDZ-dEFPF5NtbN1rdqZP9tzTXrpZ6rmrW2a1o13-hHl7sxN_FqHr_4u_8AhN4dMKUgG0qRjrc1GMJ88M8idH9zTsejU5YQyJqdYQS9T_fSoFzJtS0rmwNCJMdeF2tXj8YQeTjKAiPXoBwklm5xblHxWeCTz9tqfkw1XeNxSO0pOUmpwdpF8kbwDCCa2rgz1z3A","loggedInUser":{"id":"56c5c19f94141765119f896c","loginEmail":"user1@company.com","firstName":"Firstname","lastName":"Lastname","displayName":"Firstname Lastname","nickName":"Nickname","title":"Mr.","jobTitle":"Research and Development","emails":[{"email":"user1@company.com","type":"work"},{"email":"user1@home.com","type":"home"}],"phoneNumbers":[{"shortNumber":"1002","pbxId":"PBX712e-bd96-0c27-4350-a3ff-dc0c-83e7-c246","systemId":"57dc0644f44a97c9155cd462","country":"FRA","number":"0390676767","numberE164":"+33390676767","phoneNumberId":"58876dad81e063e01187dd24","isMonitored":true,"isFromSystem":true,"deviceType":"landline","type":"work"},{"number":"0390909090","country":"FRA","numberE164":"+33390909090","phoneNumberId":"577e2e9b86c953de7838d635","systemId":null,"isFromSystem":false,"deviceType":"landline","type":"home"},{"number":"0690909090","country":"FRA","numberE164":"+33690909090","phoneNumberId":"577e2e9b86c953de7838d636","systemId":null,"isFromSystem":false,"deviceType":"mobile","type":"home"}],"country":"FRA","language":"fr-FR","timezone":"Europe/Paris","jid_im":"2d2f1aaf5ce54a2dbae9d70490366562@openrainbow.com","jid_tel":"tel_2d2f1aaf5ce54a2dbae9d70490366562@openrainbow.com","jid_password":"3b3f6e2c927940b2875f1ec604c0363b","roles":["user","superadmin"],"adminType":"undefined","companyId":"569ce8c8f9336c471b98eda1","companyName":"My company","isInDefaultCompany":false,"organisationId":null,"siteId":null,"visibility":"same_than_company","isActive":true,"isInitialized":true,"initializationDate":"2016-01-18T13:30:44.498Z","activationDate":"2016-01-18T13:29:44.498Z","creationDate":"2016-01-18T12:45:44.498Z","lastUpdateDate":"2016-01-19T16:33:22.548Z","lastAvatarUpdateDate":"2016-01-19T11:29:11.567Z","createdBySelfRegister":true,"createdByAdmin":{"userId":"56d69d020c92b35b3041d433","loginEmail":"superadmin@localhost.fr"},"invitedBy":{"invitationId":"574ffe07170a86f3297bc35b","invitationDate":"2016-01-15T13:29:44.498Z","userId":"56d69d020c92b35b3041d533","loginEmail":"user0@company.com"},"firstLoginDate":"2016-01-18T13:29:44.498Z","lastLoginDate":"2016-02-23T09:17:42.523Z","loggedSince":"2016-02-23T09:17:42.523Z","isTerminated":false,"guestMode":false,"profiles":[{"isDefault":true,"status":"active","canBeSold":false,"businessModel":"none","businessSpecific":["NONE"],"isExclusive":false,"isPrepaid":false,"hasConference":false,"isBundle":false,"assignationDate":"2017-02-17T13:35:27.427Z","provisioningNeeded":[],"subscriptionId":"5808da2e35d795966e61f9ce","offerId":"58079ed2041fa586e92337cd","offerName":"Essential","profileId":"580777f56fbd22a442d4fb57","profileName":"Essential","offerReference":"RB-Essential","offerDescription":"Rainbow Essential offer","offerTechnicalDescription":"Essential"}]},"loggedInApplication":{"id":"08ad88a0028011e8bd1a8788ab975478","name":"My application","type":"web","activity":"J","ownerId":"573f189f774e0a428ee813a3","dateOfCreation":"2018-05-04T14:12:41.413Z","dateOfDeploymentRequest":"2018-06-18T07:22:16.530Z","dateOfDeployment":"2018-06-18T07:22:16.530Z","env":"deployed","state":"active","platform":"official"}}}},"400":{"description":"Bad request","examples":{"application/json":{"errorCode":400,"errorMsg":"Bad Request","errorDetails":{"param":"id_token","msg":"email is missing from id_token","value":"eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJjb3VudFJlbmV3ZWQiOjAsIm1heFRva2VuUmVuZXciOjMsInVzZXIiOnsiaWQiOiI1ZDFmNDQ0NzRiNzJhNTNlMWExYzBhNzYiLCJsb2dpbkVtYWlsIjoiZWNhZG1pbnNzb29pZGNAY29tcGFueS5jb20ifSwiYXBwIjp7ImlkIjoiMzA0NTk2MDA2ZTNjMTFlODgyMDVlMTlkMzlmMTI0ODEiLCJuYW1lIjoiQXBwIE5pY28ifSwiaWF0IjoxNTYyNzUyNDQ1LCJleHAiOjg3NjI3NTI0NDV9.ADzA8gfBz8b3H_rNAqdPOH-kl6EXZ4cjbK5Qyhxz9Ks0sE6UVNrlXF6kEshdEjr3ryVYK-eq7wFyPoMl4ctcb0uED0_Pp7a7mGSTZrEzOwlCbvgdeSZ6sG2yA5stmPS99KN2vFIcsbM9oUWs__JalD31VVCcwfl4-ZuSI3d4oBnYo9LjNC6qgIJpE0yzpstiEysMHIlYgwJ2OxA3efIYOsRLORTPoolA6nfoYn_mUjyIS7gGIpHi7gSGNN2rizYeZkhcyCuxsokuzVQxBvmPl6NldRBWllHQ4K0YSh4YQrPNBjaaIMmCNTebJqMX3zHTfNiQ8bmJgnyOnPrsyYaCaQ"},"errorDetailsCode":400000}}},"401":{"description":"Unauthorized","examples":{"application/json":{"errorCode":401,"errorMsg":"Unauthorized","errorDetails":"Verification of id_token failed. Error is: 'PEM_read_bio_PUBKEY failed'","errorDetailsCode":401203,"errorDetailsData":{"error":"PEM_read_bio_PUBKEY failed","errorData":{}}}}},"403":{"description":"Forbidden","examples":{"application/json":{"errorCode":403,"errorMsg":"Forbidden","errorDetails":"Access denied: this API can only be called by user himself (tried to access resource with userId 56d6f05241255dd54b5b61b2, while id of logged in user is 56d6f05241255dd54b5b61b1)","errorDetailsCode":403100}}},"404":{"description":"Not found","examples":{"application/json":{"errorCode":404,"errorMsg":"Resource Not Found","errorDetails":"User with id unknownemail@company.com does not exist.","errorDetailsCode":404000}}},"500":{"description":"Server error","examples":{"application/json":{"errorCode":500,"errorMsg":"Internal Server Error","errorDetails":""}}}}}},"/api/rainbow/authentication/v1.0/oidc-client/login":{"get":{"tags":["Oidc Client"],"summary":"Initiate an OIDC authentication","description":"This API allows Rainbow users to login using OpenID Connect (OIDC) authentication (using authorization code grant)\nif this type of authentication is provided by their company.\n\nAuthorization code grant is **recommended** as it is more secure than Implicit grant (it involves a clientSecret\nfrom Rainbow application). This API is dedicated to Authorization code grant, the OIDC flow being completely\nhandled by Rainbow authentication server.\n\nIn order to use this API, the OIDC SingleSignOn settings of the company must contain:\n - `clientId`: the client_id for the Rainbow application created on the company's OIDC provider,\n - `clientSecret`: the client_secret for the Rainbow application created on the company's OIDC provider,\n - `issuer`: the company's OIDC provider issuer (should has been got from discoveryUrl if OIDC\n   settings has been configured with this parameter).\n - `authorizationEndpoint`: the company's OIDC provider authorization endpoint (should has been got from\n   discoveryUrl if OIDC settings has been configured with this parameter).\n - `tokenEndpoint`: the company's OIDC provider token endpoint (should has been got from discoveryUrl if OIDC\n   settings has been configured with this parameter).\n - `jwksUri`: the company's OIDC provider jwks_uri endpoint (should has been got from discoveryUrl if OIDC\n   settings has been configured with this parameter).\n\nThe full OIDC flow using Authorization Code grant is detailed in the following sequence diagram.\n\nThis GET /api/rainbow/authentication/v1.0/oidc-client/login endpoint addresses points 3 to 7 of this diagram\n(point 2 is addressed by GET /api/rainbow/authentication/v1.0/urls?uid=user@company.com endpoint, see related [documentation](#api-Authentication_Urls-GetLoginUrl)).\n![Failed to load diagram :-(](img/oidc-client_authorization_code_flow_sd.png \"OIDC client Authorization Code grant sequence diagram\")\n\nDetails about the sequence diagram:\n- (1) User starts application\n- (2) Application requests Rainbow Authentication portal’s API [GET /api/rainbow/authentication/v1.0/urls?uid=user@company.com](#api-Authentication_Urls-GetLoginUrl)\n      to know what is the authentication type to use for this user.\n- (3) In the case the authentication type is OIDC for this user, the application has to redirect the browser / open a web view to this URL.\n    - `x-rainbow-app-auth` field has to be provided in query parameters to authenticate the application (sha256 hash is computed using the challenge)\n- Rainbow Authentication portal implements the OIDC authorization code grant flow:\n    - (4) Rainbow Authentication portal redirects the browser to the OIDC server’s authorize endpoint,\n    - (5) user enter his credentials in the OIDC server’s login page,\n    - (6) OIDC server send an authorization_code to a redirect_uri on Rainbow Authentication portal,\n    - (6) Rainbow Authentication portal calls OIDC server’s token endpoint to exchange this authorization_code against an id_token,\n    - (6) Rainbow Authentication portal decodes the id_token, looks for a Rainbow user with this email as loginEmail,\n          finds the OIDC SSO setting of his company and validates the id_token\n          (validation of id_token signature, id_token expiration, issuer and audience fields).\n- (7) Rainbow Authentication portal generates a Rainbow JWT and redirects the browser to the application’s\n      ssoAuthenticationRedirectUrl (default to Official Rainbow web client) with this jwt in query string (tkn query parameter).\n- (8) Rainbow JWT can be use to call Rainbow APIs\n\nIn the case errors occur during the OIDC client login flow, the browser is redirected to the application’s\nssoAuthenticationRedirectUrl (default to Official Rainbow web client) with the following query parameters:\n- `errtype`: always set to OIDC for errors returned by this API,\n- `errcode`: an error detailed code associated to the error (ex: 401500)\n- `errmsg`: an error message code associated to the error (ex: Unknown application or wrong token for application id 204583b32039df11e9a07425538fb36c74)","operationId":"GetOidcLogin","consumes":["application/json"],"produces":["application/json"],"parameters":[{"name":"companyId","in":"query","required":true,"type":"string","description":"User company identifier\n<br/> This value is automatically set in the loginUrl which can be retrieved using [GET /api/rainbow/authentication/v1.0/urls?uid=user1@company.com](#api-Authentication_Urls-GetLoginUrl)"},{"name":"challenge","in":"query","required":true,"type":"string","description":"Challenge for application authentication\n<br/> This value can be retrieved using [GET /api/rainbow/authentication/v1.0/urls?uid=user1@company.com](#api-Authentication_Urls-GetLoginUrl)"},{"name":"x-rainbow-app-auth","in":"query","required":true,"type":"string","description":"Application authentication\n<br/> It has to be computed as follow: <base64encode(appId:sha256(appSecretchallenge))> (concatenation of appSecret and challenge, hashed with sha256).\n<br/> The challenge used to compute the `x-rainbow-app-auth` value must be the same than the one provided in query parameter `challenge`."}],"responses":{"200":{"description":"successful operation","schema":{"$ref":"#/definitions/GetOidcLoginSuccess"},"examples":{"application/unknown":"HTTP/1.1 302 Found\nLocation: https://myapp.domain.com/<ssoAuthenticationRedirectUrl>?tkn=eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJ1c2VyIjp7ImlkIjoiNTZjNWMxOWY5NDE0MTc2NTExOWY4OTZjIiwibG9naW5FbWFpbCI6InVzZXIxQGNvbXBhbnkuY29tIn0sImlhdCI6MTQ1NjE1MTYzOCwiZXhwIjoxNDU2MTU4ODM4fQ.FlPLNcWY9pTr0QvMj3RpLZJxtqbbydNnWIEr-B2lc4Y6ea41bqJJ-e10Sk_S-1blnG71E7yT625qrkO-UCc0ywR6lWCylcAUkH7-fvjKQbET2mU-4yuNwTd-sNHGzGabgr4n5xtUSMaDunjDgF1kQDZ-dEFPF5NtbN1rdqZP9tzTXrpZ6rmrW2a1o13-hHl7sxN_FqHr_4u_8AhN4dMKUgG0qRjrc1GMJ88M8idH9zTsejU5YQyJqdYQS9T_fSoFzJtS0rmwNCJMdeF2tXj8YQeTjKAiPXoBwklm5xblHxWeCTz9tqfkw1XeNxSO0pOUmpwdpF8kbwDCCa2rgz1z3A"}}}}},"/api/rainbow/authentication/v1.0/saml/{companyId}/assert":{"get":{"tags":["Saml Authentication"],"summary":"IDP logout response","description":"This API allows IDP server to respond to SAML logout request or ask for SAML logout.","operationId":"GetSamlAssertion","consumes":["application/json"],"produces":["application/json"],"parameters":[{"name":"companyId","in":"path","required":true,"type":"string","description":"Company unique identifier (like 569ce8c8f9336c471b98eda1)"},{"name":"accept","in":"header","required":true,"type":"string","description":"application/json"}],"responses":{"302":{"description":"successful operation","schema":{"$ref":"#/definitions/GetSamlAssertionSuccess"},"examples":{"application/unknown":"HTTP/1.1 302 REDIRECT"}}}},"post":{"tags":["Saml Authentication"],"summary":"IDP authentication response","description":"This API allows IDP server to provide the identity of a user which have performed an SAML authentication (If the user suceeded in the authentication process).\nThis identity provided by the IDP will be used to retrieve the associated Rainbow user.","operationId":"PostSamlAssertion","consumes":["application/json"],"produces":["application/json"],"parameters":[{"name":"companyId","in":"path","required":true,"type":"string","description":"Company unique identifier (like 569ce8c8f9336c471b98eda1)"},{"in":"body","name":"body","required":true,"schema":{"$ref":"#/definitions/PostSamlAssertion"}}],"responses":{"200":{"description":"successful operation","schema":{"$ref":"#/definitions/PostSamlAssertionSuccess"},"examples":{"application/json":{"token":"eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJ1c2VyIjp7ImlkIjoiNTZjNWMxOWY5NDE0MTc2NTExOWY4OTZjIiwibG9naW5FbWFpbCI6InVzZXIxQGNvbXBhbnkuY29tIn0sImlhdCI6MTQ1NjE1MTYzOCwiZXhwIjoxNDU2MTU4ODM4fQ.FlPLNcWY9pTr0QvMj3RpLZJxtqbbydNnWIEr-B2lc4Y6ea41bqJJ-e10Sk_S-1blnG71E7yT625qrkO-UCc0ywR6lWCylcAUkH7-fvjKQbET2mU-4yuNwTd-sNHGzGabgr4n5xtUSMaDunjDgF1kQDZ-dEFPF5NtbN1rdqZP9tzTXrpZ6rmrW2a1o13-hHl7sxN_FqHr_4u_8AhN4dMKUgG0qRjrc1GMJ88M8idH9zTsejU5YQyJqdYQS9T_fSoFzJtS0rmwNCJMdeF2tXj8YQeTjKAiPXoBwklm5xblHxWeCTz9tqfkw1XeNxSO0pOUmpwdpF8kbwDCCa2rgz1z3A","loggedInUser":{"id":"56c5c19f94141765119f896c","loginEmail":"user1@company.com","firstName":"Firstname","lastName":"Lastname","displayName":"Firstname Lastname","nickName":"Nickname","title":"Mr.","jobTitle":"Research and Development","emails":[{"email":"user1@company.com","type":"work"},{"email":"user1@home.com","type":"home"}],"phoneNumbers":[{"shortNumber":"1002","pbxId":"PBX712e-bd96-0c27-4350-a3ff-dc0c-83e7-c246","systemId":"57dc0644f44a97c9155cd462","country":"FRA","number":"0390676767","numberE164":"+33390676767","phoneNumberId":"58876dad81e063e01187dd24","isMonitored":true,"isFromSystem":true,"deviceType":"landline","type":"work"},{"number":"0390909090","country":"FRA","numberE164":"+33390909090","phoneNumberId":"577e2e9b86c953de7838d635","systemId":null,"isFromSystem":false,"deviceType":"landline","type":"home"},{"number":"0690909090","country":"FRA","numberE164":"+33690909090","phoneNumberId":"577e2e9b86c953de7838d636","systemId":null,"isFromSystem":false,"deviceType":"mobile","type":"home"}],"country":"FRA","language":"fr-FR","timezone":"Europe/Paris","jid_im":"2d2f1aaf5ce54a2dbae9d70490366562@openrainbow.com","jid_tel":"tel_2d2f1aaf5ce54a2dbae9d70490366562@openrainbow.com","jid_password":"3b3f6e2c927940b2875f1ec604c0363b","roles":["user","superadmin"],"adminType":"undefined","companyId":"569ce8c8f9336c471b98eda1","companyName":"My company","isInDefaultCompany":false,"organisationId":null,"siteId":null,"visibility":"same_than_company","isActive":true,"isInitialized":true,"initializationDate":"2016-01-18T13:30:44.498Z","activationDate":"2016-01-18T13:29:44.498Z","creationDate":"2016-01-18T12:45:44.498Z","lastUpdateDate":"2016-01-19T16:33:22.548Z","lastAvatarUpdateDate":"2016-01-19T11:29:11.567Z","createdBySelfRegister":true,"createdByAdmin":{"userId":"56d69d020c92b35b3041d433","loginEmail":"superadmin@localhost.fr"},"invitedBy":{"invitationId":"574ffe07170a86f3297bc35b","invitationDate":"2016-01-15T13:29:44.498Z","userId":"56d69d020c92b35b3041d533","loginEmail":"user0@company.com"},"firstLoginDate":"2016-01-18T13:29:44.498Z","lastLoginDate":"2016-02-23T09:17:42.523Z","loggedSince":"2016-02-23T09:17:42.523Z","isTerminated":false,"guestMode":false,"profiles":[{"isDefault":true,"status":"active","canBeSold":false,"businessModel":"none","businessSpecific":["NONE"],"isExclusive":false,"isPrepaid":false,"hasConference":false,"isBundle":false,"assignationDate":"2017-02-17T13:35:27.427Z","provisioningNeeded":[],"subscriptionId":"5808da2e35d795966e61f9ce","offerId":"58079ed2041fa586e92337cd","offerName":"Essential","profileId":"580777f56fbd22a442d4fb57","profileName":"Essential","offerReference":"RB-Essential","offerDescription":"Rainbow Essential offer","offerTechnicalDescription":"Essential"}]},"loggedInApplication":{"id":"08ad88a0028011e8bd1a8788ab975478","name":"My application","type":"web","activity":"J","ownerId":"573f189f774e0a428ee813a3","dateOfCreation":"2018-05-04T14:12:41.413Z","dateOfDeploymentRequest":"2018-06-18T07:22:16.530Z","dateOfDeployment":"2018-06-18T07:22:16.530Z","env":"deployed","state":"active","platform":"official"}}}}}}},"/api/rainbow/authentication/v1.0/saml/{companyId}/metadata.xml":{"get":{"tags":["Saml Authentication"],"summary":"Get assertion configuration for a company","description":"This API allows an IDP server to retrieve ASSERTION configuration to callback Rainbow SP after an SAML authentication request","operationId":"GetSamlAssertionConfiguration","consumes":["application/json"],"produces":["application/json"],"parameters":[{"name":"companyId","in":"path","required":true,"type":"string","description":"Company unique identifier (like 569ce8c8f9336c471b98eda1)"},{"name":"accept","in":"header","required":true,"type":"string","description":"application/json"}],"responses":{"200":{"description":"successful operation","schema":{"$ref":"#/definitions/GetSamlAssertionConfigurationSuccess"},"examples":{"text/xml":"HTTP/1.1 200 OK\n<pre><code class=\"language-html\">\n&lt;?xml version=\"1.0\"?&gt;\n&lt;md:EntityDescriptor xmlns:md=\"urn:oasis:names:tc:SAML:2.0:metadata\" xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\" entityID=\"https://www.openrainbow.com/api/rainbow/authentication/v1.0/saml/metadata.xml\" validUntil=\"2017-10-31T16:31:41.633Z\"&gt;\n    &lt;md:SPSSODescriptor protocolSupportEnumeration=\"urn:oasis:names:tc:SAML:1.1:protocol urn:oasis:names:tc:SAML:2.0:protocol\"&gt;\n        &lt;md:KeyDescriptor use=\"signing\"&gt;\n            &lt;ds:KeyInfo xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\"&gt;\n                &lt;ds:X509Data&gt;\n                     &lt;ds:X509Certificate&gt;MIIDxTCCAq2gAwIBAgIJA...y77FaBcRwEAP&lt;/ds:X509Certificate&gt;\n                &lt;/ds:X509Data&gt;\n            &lt;/ds:KeyInfo&gt;\n        &lt;/md:KeyDescriptor&gt;\n        &lt;md:KeyDescriptor use=\"encryption\"&gt;\n            &lt;ds:KeyInfo xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\"&gt;\n                &lt;ds:X509Data&gt;\n                    &lt;ds:X509Certificate&gt;MIIDxTCCAq2gAwIBAgIJA...y77FaBcRwEAP&lt;/ds:X509Certificate&gt;\n                &lt;/ds:X509Data&gt;\n            &lt;/ds:KeyInfo&gt;\n        &lt;/md:KeyDescriptor&gt;\n        &lt;md:SingleLogoutService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect\" Location=\"https://www.openrainbow.com/api/rainbow/authentication/v1.0/saml/59006c57f374fabe0117083c/assert\"/&gt;\n        &lt;md:AssertionConsumerService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\" Location=\"https://www.openrainbow.com/api/rainbow/authentication/v1.0/saml/59006c57f374fabe0117083c/assert\" index=\"0\"/&gt;\n    &lt;/md:SPSSODescriptor&gt;\n&lt;/md:EntityDescriptor&gt;\n</code></pre>"}}}}},"/api/rainbow/authentication/v1.0/saml/login":{"get":{"tags":["Saml Authentication"],"summary":"Initiate an SAML authentication","description":"This API allows Rainbow users to login using SAML authentication if this type of authentication is provided by their company.","operationId":"GetSamlLogin","consumes":["application/json"],"produces":["application/json"],"parameters":[{"name":"companyId","in":"query","required":true,"type":"string","description":"User company identifier: this value can be retrieve using GET /api/rainbow/authentication/v1.0/urls?uid=user1@company.com"},{"name":"challenge","in":"query","required":true,"type":"string","description":"challenge for application authentication: this value can be retrieve using GET /api/rainbow/authentication/v1.0/urls?uid=user1@company.com"}],"responses":{"302":{"description":"successful operation","schema":{"$ref":"#/definitions/GetSamlLoginSuccess"},"examples":{"application/unknown":"HTTP/1.1 302 REDIRECT\nLocation: https://idp-server.company.com/login"}},"400":{"description":"Bad Request","examples":{"application/json":{"errorCode":400,"errorMsg":"Bad Request","errorDetails":[{"param":"companyId","msg":"Field companyId is mandatory."},{"param":"companyId","msg":"Invalid resource identifiers, expected UUID: identifier must be alpha-numeric and have a length of 24 chars"}],"errorDetailsCode":400000}}},"404":{"description":"Not found","examples":{"application/json":{"errorCode":404,"errorMsg":"Resource Not Found","errorDetails":"Company with id 569ce8c8f9336c471b98eda1 does not exist.","errorDetailsCode":404000}}},"500":{"description":"Server error","examples":{"application/json":{"errorCode":500,"errorMsg":"Internal Server Error","errorDetails":""}}},"503":{"description":"Service Unvailable","examples":{"application/json":{"errorCode":503,"errorMsg":"Service Unavailable","errorDetails":"No SAML configuration found","errorDetailsCode":503000}}}}}},"/api/rainbow/authentication/v1.0/saml/logout":{"get":{"tags":["Saml Authentication"],"summary":"Close SAML session","description":"This API allows Rainbow users to login using SAML authentication if this type of authentication is provided by their company.","operationId":"GetSamlLogout","consumes":["application/json"],"produces":["application/json"],"parameters":[],"responses":{"302":{"description":"successful operation","schema":{"$ref":"#/definitions/GetSamlLogoutSuccess"},"examples":{"application/unknown":"HTTP/1.1 302 REDIRECT"}}}}},"/api/rainbow/metrics":{"delete":{"tags":["Common"],"summary":"Clear performance metrics","description":"Clear metrics","operationId":"DeleteMetrics","consumes":["application/json"],"produces":["application/json"],"parameters":[{"name":"accept","in":"header","required":true,"type":"string","description":"application/json.  Then the result is in JSON format. For other cases the result is in text format."}],"responses":{"200":{"description":"successful operation","schema":{"$ref":"#/definitions/DeleteMetricsSuccess"},"examples":{"text/plain":"HTTP/1.1 200 OK\n// text format\nOK","application/json":{"status":"OK"}}}}},"get":{"tags":["Common"],"summary":"Get performance metrics","description":"Get portal performance metrics<br/>\n<br/>\nIt allows to show Node specific metrics like:\n<ul>\n    <li>processCpuTotal</li>\n    <li>processStartTime</li>\n    <li>osMemoryHeap</li>\n    <li>processOpenFileDescriptors</li>\n    <li>processMaxFileDescriptors</li>\n    <li>eventLoopLag</li>\n    <li>processHandles</li>\n    <li>processRequests</li>\n    <li>heapSizeAndUsed</li>\n    <li>heapSpacesSizeAndUsed</li>\n    <li>version</li>\n</ul>\nNode metrics probes are launched every 10 seconds.<br/><br/>\n\nA first custom metric is available to probe portal Rest API performance (an histogram of response time)<br/>\n<br/> When 'content-type' header field is set to 'application/json', the result is in JSON format. For other cases the result is in text format.","operationId":"GetMetrics","consumes":["application/json"],"produces":["application/json"],"parameters":[{"name":"accept","in":"header","required":true,"type":"string","description":"application/json.  Then the result is in  JSON format. For other cases the result is in text format."}],"responses":{"200":{"description":"successful operation","schema":{"$ref":"#/definitions/GetMetricsSuccess"},"examples":{"text/plain":"HTTP/1.1 200 OK\n// text format\n// Node metrics\n# HELP process_cpu_user_seconds_total Total user CPU time spent in seconds.\n# TYPE process_cpu_user_seconds_total counter\nprocess_cpu_user_seconds_total 2.292 1501847794097\n\n// custom metrics\n# HELP process_cpu_system_seconds_total Total system CPU time spent in seconds.\n# TYPE process_cpu_system_seconds_total counter\nprocess_cpu_system_seconds_total 0.116 1501847794097\n..... etc\n\n# HELP http_request_duration_ms Duration of HTTP requests in ms\n# TYPE http_request_duration_ms histogram\nhttp_request_duration_ms_bucket{le=\"0.1\",method=\"GET\",route=\"/authentication/v1.0/login\",code=\"200\"} 0\nhttp_request_duration_ms_bucket{le=\"1\",method=\"GET\",route=\"/authentication/v1.0/login\",code=\"200\"} 0\nhttp_request_duration_ms_bucket{le=\"2\",method=\"GET\",route=\"/authentication/v1.0/login\",code=\"200\"} 0\nhttp_request_duration_ms_bucket{le=\"5\",method=\"GET\",route=\"/authentication/v1.0/login\",code=\"200\"} 0\nhttp_request_duration_ms_bucket{le=\"10\",method=\"GET\",route=\"/authentication/v1.0/login\",code=\"200\"} 0\nhttp_request_duration_ms_bucket{le=\"15\",method=\"GET\",route=\"/authentication/v1.0/login\",code=\"200\"} 0\nhttp_request_duration_ms_bucket{le=\"50\",method=\"GET\",route=\"/authentication/v1.0/login\",code=\"200\"} 0\nhttp_request_duration_ms_bucket{le=\"100\",method=\"GET\",route=\"/authentication/v1.0/login\",code=\"200\"} 0\nhttp_request_duration_ms_bucket{le=\"200\",method=\"GET\",route=\"/authentication/v1.0/login\",code=\"200\"} 0\nhttp_request_duration_ms_bucket{le=\"300\",method=\"GET\",route=\"/authentication/v1.0/login\",code=\"200\"} 0\nhttp_request_duration_ms_bucket{le=\"400\",method=\"GET\",route=\"/authentication/v1.0/login\",code=\"200\"} 0\nhttp_request_duration_ms_bucket{le=\"500\",method=\"GET\",route=\"/authentication/v1.0/login\",code=\"200\"} 1\nhttp_request_duration_ms_bucket{le=\"1000\",method=\"GET\",route=\"/authentication/v1.0/login\",code=\"200\"} 3\nhttp_request_duration_ms_bucket{le=\"2000\",method=\"GET\",route=\"/authentication/v1.0/login\",code=\"200\"} 3\nhttp_request_duration_ms_bucket{le=\"5000\",method=\"GET\",route=\"/authentication/v1.0/login\",code=\"200\"} 3\nhttp_request_duration_ms_bucket{le=\"+Inf\",method=\"GET\",route=\"/authentication/v1.0/login\",code=\"200\"} 3\nhttp_request_duration_ms_sum{method=\"GET\",route=\"/authentication/v1.0/login\",code=\"200\"} 1584\nhttp_request_duration_ms_count{method=\"GET\",route=\"/authentication/v1.0/login\",code=\"200\"} 3","application/json":{"metrics":[{"help":"Total user CPU time spent in seconds.","name":"process_cpu_user_seconds_total","type":"counter","values":[{"value":2.604,"labels":{},"timestamp":1501847934116}]},{"name":"http_request_duration_ms","help":"Duration of HTTP requests in ms","type":"histogram","values":[{"labels":{"le":0.1,"method":"GET","route":"/authentication/v1.0/login","code":200},"value":0,"metricName":"http_request_duration_ms_bucket"}]}]}}}}}},"/api/rainbow/authentication/v1.0/about":{"get":{"tags":["Common"],"summary":"About authentication portal","description":"Get portal information (module name, version)","operationId":"GetApiRainbowAuthenticationV10About","consumes":["application/json"],"produces":["application/json"],"parameters":[{"name":"accept","in":"header","required":true,"type":"string","description":"application/json"}],"responses":{"200":{"description":"successful operation","schema":{"$ref":"#/definitions/GetApiRainbowAuthenticationV10AboutSuccess"},"examples":{"application/json":{"version":"1.11.0","description":"OTLite Authentication Portal"}}}}}},"/api/rainbow/ping":{"get":{"tags":["Common"],"summary":"Get authentication portal status report","description":"This API allows to check authentication portal status.\n<br/>\n<br/> If no database connection is available, an error 503 Service Unavailable is returned.","operationId":"GetApiRainbowPing","consumes":["application/json"],"produces":["application/json"],"parameters":[{"name":"accept","in":"header","required":true,"type":"string","description":"application/json"}],"responses":{"200":{"description":"successful operation","schema":{"$ref":"#/definitions/GetApiRainbowPingSuccess"},"examples":{"application/json":{"status":"OK"}}}}}},"/api/rainbow/logs/levels":{"put":{"tags":["Common"],"summary":"Change log level","description":"Allow to change the log level of the portal.\nThe requested log level is applied to the requested transports (console, file, syslog, ...)","operationId":"PutApiRainbowLogsLevels","consumes":["application/json"],"produces":["application/json"],"parameters":[{"in":"body","name":"body","required":true,"schema":{"$ref":"#/definitions/PutApiRainbowLogsLevels"}}],"x-permissions":[{"name":"superadmin"}],"responses":{"200":{"description":"successful operation","schema":{"$ref":"#/definitions/PutApiRainbowLogsLevelsSuccess"},"examples":{"application/json":{"oldLoggerLevels":{"console":"warn","syslog":"info"},"newLoggerLevels":{"console":"debug","syslog":"debug"}}}}}}}},"definitions":{"GetApiRainbowAuthenticationV10ValidatorSuccess":{"type":"object","properties":{"status":{"type":"string","description":"OK if validation successful"}},"required":["status"]},"GetBasicLoginSuccess":{"type":"object","properties":{"data":{"type":"object","properties":{}},"phoneNumbers":{"type":"object","properties":{}},"country":{"type":"string","description":"Phone number country (ISO 3166-1 alpha3 format)\n<br/>`country` field is automatically computed using the following algorithm when creating/updating a phoneNumber entry:\n- If `number` is provided and is in E164 format, `country` is computed from E164 number\n- Else if `country` field is provided in the phoneNumber entry, this one is used\n- Else user `country` field is used"},"loggedInApplication":{"type":"object","properties":{"activity":{"type":"string","description":"Application activity\n<ul>\n <li> <code>A</code>: AGRICULTURE, FORESTRY AND FISHING\n <li> <code>B</code>: MINING AND QUARRYING\n <li> <code>C</code>: MANUFACTURING\n <li> <code>D</code>: ELECTRICITY, GAS, STEAM AND AIR CONDITIONING SUPPLY\n <li> <code>E</code>: WATER SUPPLY; SEWERAGE, WASTE MANAGEMENT AND REMEDIATION ACTIVITIES\n <li> <code>F</code>: CONSTRUCTION\n <li> <code>G</code>: WHOLESALE AND RETAIL TRADE; REPAIR OF MOTOR VEHICLES AND MOTORCYCLES\n <li> <code>H</code>: TRANSPORTATION AND STORAGE\n <li> <code>I</code>: ACCOMMODATION AND FOOD SERVICE ACTIVITIES\n <li> <code>J</code>: INFORMATION AND COMMUNICATION\n <li> <code>K</code>: FINANCIAL AND INSURANCE ACTIVITIES\n <li> <code>L</code>: REAL ESTATE ACTIVITIES\n <li> <code>M</code>: PROFESSIONAL, SCIENTIFIC AND TECHNICAL ACTIVITIES\n <li> <code>N</code>: ADMINISTRATIVE AND SUPPORT SERVICE ACTIVITIES\n <li> <code>O</code>: PUBLIC ADMINISTRATION AND DEFENCE; COMPULSORY SOCIAL SECURITY\n <li> <code>P</code>: EDUCATION\n <li> <code>Q</code>: HUMAN HEALTH AND SOCIAL WORK ACTIVITIES\n <li> <code>R</code>: ARTS, ENTERTAINMENT AND RECREATION\n <li> <code>S</code>: OTHER SERVICE ACTIVITIES\n <li> <code>T</code>: ACTIVITIES OF HOUSEHOLDS AS EMPLOYERS; UNDIFFERENTIATED GOODS- AND SERVICES-PRODUCING ACTIVITIES OF HOUSEHOLDS FOR OWN USE\n <li> <code>U</code>: ACTIVITIES OF EXTRATERRITORIAL ORGANISATIONS AND BODIES\n <li> <code>NONE</code>: Undefined activity\n</ul>","enum":["A","B","C","D","E","F","G","H","I","J","K","L","M","N","O","P","Q","R","S","T","U","NONE"]},"dateOfCreation":{"type":"string","description":"Application creation date","format":"date-time"},"dateOfDeployment":{"type":"string","description":"Date of deployment of the application.","format":"date-time"},"dateOfDeploymentRequest":{"type":"string","description":"Date of deployment request of the application.","format":"date-time"},"env":{"type":"string","description":"Environment where the application is deploy","enum":["not_deployed","in_deployment","deployed"]},"id":{"type":"string","description":"Application unique identifier"},"name":{"type":"string","description":"Application name"},"ownerId":{"type":"string","description":"Unique identifier of the application owner"},"platform":{"type":"string","description":"Platform where the application is running","enum":["official","sandbox"]},"state":{"type":"string","description":"State of the application","enum":["new","active","blocked","deleted","stopped"]},"type":{"type":"string","description":"Application type","enum":["web","mobile","desktop","server","bot","iot","admin"]}},"required":["dateOfCreation","dateOfDeployment","dateOfDeploymentRequest","env","id","name","ownerId","platform","state","type"]},"loggedInUser":{"type":"object","properties":{"activationDate":{"type":"string","description":"User activation date","format":"date-time"},"adminType":{"type":"string","description":"In case of user's is 'admin', define the subtype (organisation_admin, company_admin, site_admin (default undefined)"},"companyId":{"type":"string","description":"User company unique identifier"},"companyName":{"type":"string","description":"User company name"},"country":{"type":"string","description":"User country (ISO 3166-1 alpha3 format)"},"createdByAdmin":{"type":"object","properties":{"loginEmail":{"type":"string","description":""},"userId":{"type":"string","description":""}},"required":["loginEmail","userId"]},"createdBySelfRegister":{"type":"boolean","description":"true if user has been created using self register"},"creationDate":{"type":"string","description":"User creation date","format":"date-time"},"displayName":{"type":"string","description":"User display name (firstName + lastName concatenated on server side)"},"emails":{"type":"array","description":"Array of user emails addresses objects","items":{"$ref":"#/definitions/GetBasicLoginSuccess_emails"}},"firstLoginDate":{"type":"string","description":"Date of first user login (only set the first time user logs in, null if user never logged in)","format":"date-time"},"firstName":{"type":"string","description":"User first name"},"guestMode":{"type":"boolean","description":"Indicated a user embedded in a chat or conference room, as guest, with limited rights until he finalizes his registration."},"id":{"type":"string","description":"User unique identifier"},"initializationDate":{"type":"string","description":"User initialization date","format":"date-time"},"invitedBy":{"type":"object","properties":{"loginEmail":{"type":"string","description":""},"userId":{"type":"string","description":""}},"required":["loginEmail","userId"]},"isADSearchAvailable":{"type":"boolean","description":"Is ActiveDirectory (Office365) search available for this user"},"isActive":{"type":"boolean","description":"Is user active"},"isInDefaultCompany":{"type":"boolean","description":"Is user in default company"},"isInitialized":{"type":"boolean","description":"Is user initialized"},"isTerminated":{"type":"boolean","description":"Indicates if the Rainbow account of this user has been deleted"},"jid_im":{"type":"string","description":"User Jabber IM identifier"},"jid_password":{"type":"string","description":"User Jabber TEL identifier"},"jid_tel":{"type":"string","description":"User Jabber TEL identifier"},"jobTitle":{"type":"string","description":"User job title"},"language":{"type":"string","description":"User language (ISO 639-1 code format, with possibility of regional variation. Ex: both 'en' and 'en-US' are supported)"},"lastAvatarUpdateDate":{"type":"string","description":"Date of last user avatar create/update, null if no avatar","format":"date-time"},"lastLoginDate":{"type":"string","description":"Date of last user login (defined even if user is logged out)","format":"date-time"},"lastName":{"type":"string","description":"User last name"},"lastUpdateDate":{"type":"string","description":"Date of last user update (whatever the field updated)","format":"date-time"},"loggedSince":{"type":"string","description":"Date of last user login (null if user is logged out)","format":"date-time"},"loginEmail":{"type":"string","description":"User email address (used for login)"},"nickName":{"type":"string","description":"User nickName"},"organisationId":{"type":"string","description":"In addition to User companyId, optional identifier to indicate the user belongs also to an organization"},"phoneNumbers":{"type":"array","description":"Array of user phone numbers objects.\n<br/> Phone number objects can:\n<ul>\n    <li> be created by user (information filled by user),</li>\n    <li> come from association with a system (pbx) device (association is done by admin).</li>\n</ul>","items":{"$ref":"#/definitions/GetBasicLoginSuccess_phoneNumbers"}},"profiles":{"type":"array","description":"User profile Objects.","items":{"$ref":"#/definitions/GetBasicLoginSuccess_profiles"}},"roles":{"type":"array","description":"List of user roles (Array of String)","items":{"type":"string"}},"siteId":{"type":"string","description":"In addition to User companyId, optional identifier to indicate the user belongs also to a site"},"tags":{"type":"array","description":"An Array of free tags associated to the user.\n<br/> A maximum of 5 tags is allowed, each tag can have a maximum length of 64 characters.\n<br/> `tags` can only be set by users who have administrator rights on the user. The user can't modify the tags.\n<br/> The tags are visible by the user and all users belonging to his organisation/company, and can be used with\nthe search API to search the user based on his tags.","items":{"type":"string"}},"timeToLive":{"type":"number","description":"Duration in second to wait before automatically starting a user deletion from the creation date.\n<br/> Once the timeToLive has been reached, the user won't be usable to use APIs anymore (error 401523). His account may then be deleted from the database at any moment.\n<br/> Value -1 means timeToLive is disable (i.e. user account will not expire)."},"timezone":{"type":"string","description":"User timezone name"},"title":{"type":"string","description":"User title (honorifics title, like Mr, Mrs, Sir, Lord, Lady, Dr, Prof,...)"},"userInfo1":{"type":"string","description":"Free field that admin can use to link their users to their IS/IT tools / to perform analytics (this field is output in the CDR file)"},"userInfo2":{"type":"string","description":"2nd Free field that admin can use to link their users to their IS/IT tools / to perform analytics (this field is output in the CDR file)"},"visibility":{"type":"string","description":"User visibility\n</br> Define if the user can be searched by users being in other companies and if the user can search users being in other companies.\n<br/> Visibility can be:\n- `same_than_company`: The same visibility than the user's company's is applied to the user. When this user visibility is used,\nif the visibility of the company is changed the user's visibility will use this company new visibility.\n- `public`: User can be searched by external users / can search external users. User can invite external users / can be invited by external users\n- `private`: User **can't** be searched by external users / can search external users. User can invite external users / can be invited by external users\n- `closed`: User **can't** be searched by external users / **can't** search external users. User can invite external users / can be invited by external users\n- `isolated`: User **can't** be searched by external users / **can't** search external users. User **can't** invite external users / **can't** be invited by external users\n- `none`:  Default value reserved for guest. User **can't** be searched by **any users** (even within the same company) / can search external users. User can invite external users / can be invited by external users\n\nExternal users mean public user not being in user's company nor user's organisation nor a company visible by user's company.","enum":["same_than_company","public","private","closed","isolated","none"]}},"required":["activationDate","adminType","companyId","companyName","country","createdBySelfRegister","creationDate","displayName","emails","firstLoginDate","firstName","guestMode","id","initializationDate","isADSearchAvailable","isActive","isInDefaultCompany","isInitialized","isTerminated","jid_im","jid_password","jid_tel","lastAvatarUpdateDate","lastLoginDate","lastName","lastUpdateDate","loggedSince","loginEmail","organisationId","phoneNumbers","profiles","roles","siteId","visibility"]},"token":{"type":"string","description":"JsonWebToken to use for all API requests"}},"required":["country","loggedInApplication","loggedInUser","token"]},"GetBasicLoginSuccess_emails":{"type":"object","properties":{"email":{"type":"string","description":"User email address"},"type":{"type":"string","description":"Email type, one of <code>home</code>, <code>work</code>, <code>other</code> </li>"}},"required":["email","type"]},"GetBasicLoginSuccess_phoneNumbers":{"type":"object","properties":{"deviceType":{"type":"string","description":"Phone number device type, one of <code>landline</code>, <code>mobile</code>, <code>fax</code>, <code>other</code>."},"internalNumber":{"type":"string","description":"<b>[Only for phone numbers linked to a system (pbx)]</b>\n<br/> If phone is linked to a system (pbx), internal phone number.\n<br/> Usable within a PBX group.\n<br/> Admins and users can modify this internalNumber field."},"isFromSystem":{"type":"boolean","description":"Boolean indicating if phone is linked to a system (pbx)."},"number":{"type":"string","description":"User phone number (as entered by user)"},"numberE164":{"type":"string","description":"User E.164 phone number, computed by server from `number` and\n`country` fields"},"pbxId":{"type":"string","description":"<b>[Only for phone numbers linked to a system (pbx)]</b>\n<br/> If phone is linked to a system (pbx), unique identifier of that pbx."},"phoneNumberId":{"type":"string","description":"Phone number unique id in phone-numbers directory collection."},"shortNumber":{"type":"string","description":"<b>[Only for phone numbers linked to a system (pbx)]</b>\n<br/> If phone is linked to a system (pbx), short phone number (corresponds to the number monitored by PCG).\n<br/> Only usable within the same PBX.\n<br/> Only PCG can set this field."},"systemId":{"type":"string","description":"<b>[Only for phone numbers linked to a system (pbx)]</b>\n<br/> If phone is linked to a system (pbx), unique identifier of that system in Rainbow database."},"type":{"type":"string","description":"Phone number type, one of <code>home</code>, <code>work</code>, <code>other</code>."}},"required":["deviceType","isFromSystem","phoneNumberId","type"]},"GetBasicLoginSuccess_profiles":{"type":"object","properties":{"assignationDate":{"type":"string","description":"Date when the subscription was attached to user profile"},"businessModel":{"type":"string","description":"Indicates the business model associated to this offer (number of users, usage, ...)\n- `nb_users`: Licencing business model. Subscriptions having this business model are billed according to the number of users bought for it.\n- `usage`: Subscriptions having this business model are billed based on service consumption (whatever the number of users assigned to the subscription of this offer).\n- `flat_fee`: Subscriptions having this business model are billed based on a flat fee (same price each month for the company which subscribe to this offer).\n- `none`: no business model. Should be used for offers which are not sold (like Essential...).","enum":["nb_users","usage","flat_fee","none"],"default":"none"},"businessSpecific":{"type":"array","description":"Indicates if the subscription is related to specific(s) business (for verticals like HDS)\n- `NONE`: This subscription is used if the company does not have a businessSpecific field.\n- `HDS`: This subscription is used if the company have a businessSpecific HDS (HealthCare).","enum":["NONE","HDS"],"default":"[NONE","items":{"type":"string"}},"canBeSold":{"type":"boolean","description":"Indicates if the offer is billed.\n<br/> Some offers will not be billed (Essential, Demo, ...)."},"hasConference":{"type":"boolean","description":"Indicates if the profile contains conference services"},"isDefault":{"type":"boolean","description":"Indicates if this profile is linked to user's company's subscription to default offer (i.e. Essential)"},"isDemo":{"type":"boolean","description":"Indicates if the profile is linked to a demo subscription"},"isExclusive":{"type":"boolean","description":"Indicates if the offer is exclusive for assignation to a user profile (if the user has already an exclusive offer assigned, it won't be possible to assign a second exclusive offer)."},"isPrepaid":{"type":"boolean","description":"Indicates if the profile is linked to a prepaid subscription"},"offerId":{"type":"string","description":"Id of the Rainbow offer to which company subscription is attached"},"offerName":{"type":"string","description":"Name of the Rainbow offer to which company subscription is attached"},"offerTechnicalDescription":{"type":"string","description":"Offer technical description.","minLength":1,"maxLength":512},"prepaidDuration":{"type":"number","description":"Prepaid subscription duration (in month).\n<br/>Only set if `isPrepaid` is true."},"profileId":{"type":"string","description":"Id of the Rainbow profile to which company subscription is attached"},"profileName":{"type":"string","description":"Name of the Rainbow profile to which company subscription is attached"},"provisioningNeeded":{"type":"array","description":"Array of Objects which indicates if account must be provisioned on other internal components when subscribing to this offer.","items":{"$ref":"#/definitions/GetBasicLoginSuccess_provisioningNeeded"}},"status":{"type":"string","description":"Status of the company subscription to which user profile is assigned\n<br/>\n<br/> Possible values: <code>active</code>, <code>alerting</code>, <code>hold</code>, <code>terminated</code>"},"subscriptionId":{"type":"string","description":"Id of company subscription to which user profile is assigned (one of the subscriptions available to user's company)"},"zuoraOfferId":{"type":"string","description":"ID of the related offer in Zuora (if offer can be sold)"},"zuoraProductRatePlanChargeId":{"type":"string","description":"ID of the ProductRatePlanChargeId used in Zuora (if offer can be sold)"},"zuoraProductRatePlanId":{"type":"string","description":"ID of the ProductRatePlanId to used in Zuora (if offer can be sold)"}},"required":["assignationDate","canBeSold","isDefault","offerId","offerName","profileId","profileName","status","subscriptionId"]},"GetBasicLoginSuccess_provisioningNeeded":{"type":"object","properties":{"mediaType":{"type":"string","description":"Only set if provisioningNeeded is set and the element of the array has providerType `JANUS`. Corresponds to\nthe media type to use when provisioning the company account on WebRTC Conferencing component.","enum":["webrtc"]},"pgiEnterpriseId":{"type":"string","description":"Only set if provisioningNeeded is set and the element of the array has providerType `PGI`. Corresponds to\nan enterpriseId to use when provisioning the company account on PSTN Conferencing component.","enum":["testEnterpriseId","internalEnterpriseId","genericEnterpriseId"]},"providerType":{"type":"string","description":"If provisioningNeeded is set, each element of the array must contain providerType. providerType defines the internal component on which the\nprovisioning is needed when subscribing to this offer (provisioning is launched asynchronously when the subscription is created).","enum":["PGI","JANUS"]}},"required":["providerType"]},"GetLogoutSuccess":{"type":"object","properties":{"token":{"type":"string","description":"Renewed JsonWebToken to use for all API requests"}},"required":["token"]},"GetRenewSuccess":{"type":"object","properties":{"data":{"type":"object","properties":{}},"phoneNumbers":{"type":"object","properties":{}},"country":{"type":"string","description":"Phone number country (ISO 3166-1 alpha3 format)\n<br/>`country` field is automatically computed using the following algorithm when creating/updating a phoneNumber entry:\n- If `number` is provided and is in E164 format, `country` is computed from E164 number\n- Else if `country` field is provided in the phoneNumber entry, this one is used\n- Else user `country` field is used"},"loggedInApplication":{"type":"object","properties":{"activity":{"type":"string","description":"Application activity\n<ul>\n <li> <code>A</code>: AGRICULTURE, FORESTRY AND FISHING\n <li> <code>B</code>: MINING AND QUARRYING\n <li> <code>C</code>: MANUFACTURING\n <li> <code>D</code>: ELECTRICITY, GAS, STEAM AND AIR CONDITIONING SUPPLY\n <li> <code>E</code>: WATER SUPPLY; SEWERAGE, WASTE MANAGEMENT AND REMEDIATION ACTIVITIES\n <li> <code>F</code>: CONSTRUCTION\n <li> <code>G</code>: WHOLESALE AND RETAIL TRADE; REPAIR OF MOTOR VEHICLES AND MOTORCYCLES\n <li> <code>H</code>: TRANSPORTATION AND STORAGE\n <li> <code>I</code>: ACCOMMODATION AND FOOD SERVICE ACTIVITIES\n <li> <code>J</code>: INFORMATION AND COMMUNICATION\n <li> <code>K</code>: FINANCIAL AND INSURANCE ACTIVITIES\n <li> <code>L</code>: REAL ESTATE ACTIVITIES\n <li> <code>M</code>: PROFESSIONAL, SCIENTIFIC AND TECHNICAL ACTIVITIES\n <li> <code>N</code>: ADMINISTRATIVE AND SUPPORT SERVICE ACTIVITIES\n <li> <code>O</code>: PUBLIC ADMINISTRATION AND DEFENCE; COMPULSORY SOCIAL SECURITY\n <li> <code>P</code>: EDUCATION\n <li> <code>Q</code>: HUMAN HEALTH AND SOCIAL WORK ACTIVITIES\n <li> <code>R</code>: ARTS, ENTERTAINMENT AND RECREATION\n <li> <code>S</code>: OTHER SERVICE ACTIVITIES\n <li> <code>T</code>: ACTIVITIES OF HOUSEHOLDS AS EMPLOYERS; UNDIFFERENTIATED GOODS- AND SERVICES-PRODUCING ACTIVITIES OF HOUSEHOLDS FOR OWN USE\n <li> <code>U</code>: ACTIVITIES OF EXTRATERRITORIAL ORGANISATIONS AND BODIES\n <li> <code>NONE</code>: Undefined activity\n</ul>","enum":["A","B","C","D","E","F","G","H","I","J","K","L","M","N","O","P","Q","R","S","T","U","NONE"]},"dateOfCreation":{"type":"string","description":"Application creation date","format":"date-time"},"dateOfDeployment":{"type":"string","description":"Date of deployment of the application.","format":"date-time"},"dateOfDeploymentRequest":{"type":"string","description":"Date of deployment request of the application.","format":"date-time"},"env":{"type":"string","description":"Environment where the application is deploy","enum":["not_deployed","in_deployment","deployed"]},"id":{"type":"string","description":"Application unique identifier"},"name":{"type":"string","description":"Application name"},"ownerId":{"type":"string","description":"Unique identifier of the application owner"},"platform":{"type":"string","description":"Platform where the application is running","enum":["official","sandbox"]},"state":{"type":"string","description":"State of the application","enum":["new","active","blocked","deleted","stopped"]},"type":{"type":"string","description":"Application type","enum":["web","mobile","desktop","server","bot","iot","admin"]}},"required":["dateOfCreation","dateOfDeployment","dateOfDeploymentRequest","env","id","name","ownerId","platform","state","type"]},"loggedInUser":{"type":"object","properties":{"activationDate":{"type":"string","description":"User activation date","format":"date-time"},"adminType":{"type":"string","description":"In case of user's is 'admin', define the subtype (organisation_admin, company_admin, site_admin (default undefined)"},"companyId":{"type":"string","description":"User company unique identifier"},"companyName":{"type":"string","description":"User company name"},"country":{"type":"string","description":"User country (ISO 3166-1 alpha3 format)"},"createdByAdmin":{"type":"object","properties":{"loginEmail":{"type":"string","description":""},"userId":{"type":"string","description":""}},"required":["loginEmail","userId"]},"createdBySelfRegister":{"type":"boolean","description":"true if user has been created using self register"},"creationDate":{"type":"string","description":"User creation date","format":"date-time"},"displayName":{"type":"string","description":"User display name (firstName + lastName concatenated on server side)"},"emails":{"type":"array","description":"Array of user emails addresses objects","items":{"$ref":"#/definitions/GetRenewSuccess_emails"}},"firstLoginDate":{"type":"string","description":"Date of first user login (only set the first time user logs in, null if user never logged in)","format":"date-time"},"firstName":{"type":"string","description":"User first name"},"guestMode":{"type":"boolean","description":"Indicated a user embedded in a chat or conference room, as guest, with limited rights until he finalizes his registration."},"id":{"type":"string","description":"User unique identifier"},"initializationDate":{"type":"string","description":"User initialization date","format":"date-time"},"invitedBy":{"type":"object","properties":{"loginEmail":{"type":"string","description":""},"userId":{"type":"string","description":""}},"required":["loginEmail","userId"]},"isADSearchAvailable":{"type":"boolean","description":"Is ActiveDirectory (Office365) search available for this user"},"isActive":{"type":"boolean","description":"Is user active"},"isInDefaultCompany":{"type":"boolean","description":"Is user in default company"},"isInitialized":{"type":"boolean","description":"Is user initialized"},"isTerminated":{"type":"boolean","description":"Indicates if the Rainbow account of this user has been deleted"},"jid_im":{"type":"string","description":"User Jabber IM identifier"},"jid_password":{"type":"string","description":"User Jabber TEL identifier"},"jid_tel":{"type":"string","description":"User Jabber TEL identifier"},"jobTitle":{"type":"string","description":"User job title"},"language":{"type":"string","description":"User language (ISO 639-1 code format, with possibility of regional variation. Ex: both 'en' and 'en-US' are supported)"},"lastAvatarUpdateDate":{"type":"string","description":"Date of last user avatar create/update, null if no avatar","format":"date-time"},"lastLoginDate":{"type":"string","description":"Date of last user login (defined even if user is logged out)","format":"date-time"},"lastName":{"type":"string","description":"User last name"},"lastUpdateDate":{"type":"string","description":"Date of last user update (whatever the field updated)","format":"date-time"},"loggedSince":{"type":"string","description":"Date of last user login (null if user is logged out)","format":"date-time"},"loginEmail":{"type":"string","description":"User email address (used for login)"},"nickName":{"type":"string","description":"User nickName"},"organisationId":{"type":"string","description":"In addition to User companyId, optional identifier to indicate the user belongs also to an organization"},"phoneNumbers":{"type":"array","description":"Array of user phone numbers objects.\n<br/> Phone number objects can:\n<ul>\n    <li> be created by user (information filled by user),</li>\n    <li> come from association with a system (pbx) device (association is done by admin).</li>\n</ul>","items":{"$ref":"#/definitions/GetRenewSuccess_phoneNumbers"}},"profiles":{"type":"array","description":"User profile Objects.","items":{"$ref":"#/definitions/GetRenewSuccess_profiles"}},"roles":{"type":"array","description":"List of user roles (Array of String)","items":{"type":"string"}},"siteId":{"type":"string","description":"In addition to User companyId, optional identifier to indicate the user belongs also to a site"},"tags":{"type":"array","description":"An Array of free tags associated to the user.\n<br/> A maximum of 5 tags is allowed, each tag can have a maximum length of 64 characters.\n<br/> `tags` can only be set by users who have administrator rights on the user. The user can't modify the tags.\n<br/> The tags are visible by the user and all users belonging to his organisation/company, and can be used with\nthe search API to search the user based on his tags.","items":{"type":"string"}},"timeToLive":{"type":"number","description":"Duration in second to wait before automatically starting a user deletion from the creation date.\n<br/> Once the timeToLive has been reached, the user won't be usable to use APIs anymore (error 401523). His account may then be deleted from the database at any moment.\n<br/> Value -1 means timeToLive is disable (i.e. user account will not expire)."},"timezone":{"type":"string","description":"User timezone name"},"title":{"type":"string","description":"User title (honorifics title, like Mr, Mrs, Sir, Lord, Lady, Dr, Prof,...)"},"userInfo1":{"type":"string","description":"Free field that admin can use to link their users to their IS/IT tools / to perform analytics (this field is output in the CDR file)"},"userInfo2":{"type":"string","description":"2nd Free field that admin can use to link their users to their IS/IT tools / to perform analytics (this field is output in the CDR file)"},"visibility":{"type":"string","description":"User visibility\n</br> Define if the user can be searched by users being in other companies and if the user can search users being in other companies.\n<br/> Visibility can be:\n- `same_than_company`: The same visibility than the user's company's is applied to the user. When this user visibility is used,\nif the visibility of the company is changed the user's visibility will use this company new visibility.\n- `public`: User can be searched by external users / can search external users. User can invite external users / can be invited by external users\n- `private`: User **can't** be searched by external users / can search external users. User can invite external users / can be invited by external users\n- `closed`: User **can't** be searched by external users / **can't** search external users. User can invite external users / can be invited by external users\n- `isolated`: User **can't** be searched by external users / **can't** search external users. User **can't** invite external users / **can't** be invited by external users\n- `none`:  Default value reserved for guest. User **can't** be searched by **any users** (even within the same company) / can search external users. User can invite external users / can be invited by external users\n\nExternal users mean public user not being in user's company nor user's organisation nor a company visible by user's company.","enum":["same_than_company","public","private","closed","isolated","none"]}},"required":["activationDate","adminType","companyId","companyName","country","createdBySelfRegister","creationDate","displayName","emails","firstLoginDate","firstName","guestMode","id","initializationDate","isADSearchAvailable","isActive","isInDefaultCompany","isInitialized","isTerminated","jid_im","jid_password","jid_tel","lastAvatarUpdateDate","lastLoginDate","lastName","lastUpdateDate","loggedSince","loginEmail","organisationId","phoneNumbers","profiles","roles","siteId","visibility"]},"token":{"type":"string","description":"JsonWebToken to use for all API requests"}},"required":["country","loggedInApplication","loggedInUser","token"]},"GetRenewSuccess_emails":{"type":"object","properties":{"email":{"type":"string","description":"User email address"},"type":{"type":"string","description":"Email type, one of <code>home</code>, <code>work</code>, <code>other</code> </li>"}},"required":["email","type"]},"GetRenewSuccess_phoneNumbers":{"type":"object","properties":{"deviceType":{"type":"string","description":"Phone number device type, one of <code>landline</code>, <code>mobile</code>, <code>fax</code>, <code>other</code>."},"internalNumber":{"type":"string","description":"<b>[Only for phone numbers linked to a system (pbx)]</b>\n<br/> If phone is linked to a system (pbx), internal phone number.\n<br/> Usable within a PBX group.\n<br/> Admins and users can modify this internalNumber field."},"isFromSystem":{"type":"boolean","description":"Boolean indicating if phone is linked to a system (pbx)."},"number":{"type":"string","description":"User phone number (as entered by user)"},"numberE164":{"type":"string","description":"User E.164 phone number, computed by server from `number` and\n`country` fields"},"pbxId":{"type":"string","description":"<b>[Only for phone numbers linked to a system (pbx)]</b>\n<br/> If phone is linked to a system (pbx), unique identifier of that pbx."},"phoneNumberId":{"type":"string","description":"Phone number unique id in phone-numbers directory collection."},"shortNumber":{"type":"string","description":"<b>[Only for phone numbers linked to a system (pbx)]</b>\n<br/> If phone is linked to a system (pbx), short phone number (corresponds to the number monitored by PCG).\n<br/> Only usable within the same PBX.\n<br/> Only PCG can set this field."},"systemId":{"type":"string","description":"<b>[Only for phone numbers linked to a system (pbx)]</b>\n<br/> If phone is linked to a system (pbx), unique identifier of that system in Rainbow database."},"type":{"type":"string","description":"Phone number type, one of <code>home</code>, <code>work</code>, <code>other</code>."}},"required":["deviceType","isFromSystem","phoneNumberId","type"]},"GetRenewSuccess_profiles":{"type":"object","properties":{"assignationDate":{"type":"string","description":"Date when the subscription was attached to user profile"},"businessModel":{"type":"string","description":"Indicates the business model associated to this offer (number of users, usage, ...)\n- `nb_users`: Licencing business model. Subscriptions having this business model are billed according to the number of users bought for it.\n- `usage`: Subscriptions having this business model are billed based on service consumption (whatever the number of users assigned to the subscription of this offer).\n- `flat_fee`: Subscriptions having this business model are billed based on a flat fee (same price each month for the company which subscribe to this offer).\n- `none`: no business model. Should be used for offers which are not sold (like Essential...).","enum":["nb_users","usage","flat_fee","none"],"default":"none"},"businessSpecific":{"type":"array","description":"Indicates if the subscription is related to specific(s) business (for verticals like HDS)\n- `NONE`: This subscription is used if the company does not have a businessSpecific field.\n- `HDS`: This subscription is used if the company have a businessSpecific HDS (HealthCare).","enum":["NONE","HDS"],"default":"[NONE","items":{"type":"string"}},"canBeSold":{"type":"boolean","description":"Indicates if the offer is billed.\n<br/> Some offers will not be billed (Essential, Demo, ...)."},"hasConference":{"type":"boolean","description":"Indicates if the profile contains conference services"},"isDefault":{"type":"boolean","description":"Indicates if this profile is linked to user's company's subscription to default offer (i.e. Essential)"},"isDemo":{"type":"boolean","description":"Indicates if the profile is linked to a demo subscription"},"isExclusive":{"type":"boolean","description":"Indicates if the offer is exclusive for assignation to a user profile (if the user has already an exclusive offer assigned, it won't be possible to assign a second exclusive offer)."},"isPrepaid":{"type":"boolean","description":"Indicates if the profile is linked to a prepaid subscription"},"offerId":{"type":"string","description":"Id of the Rainbow offer to which company subscription is attached"},"offerName":{"type":"string","description":"Name of the Rainbow offer to which company subscription is attached"},"offerTechnicalDescription":{"type":"string","description":"Offer technical description.","minLength":1,"maxLength":512},"prepaidDuration":{"type":"number","description":"Prepaid subscription duration (in month).\n<br/>Only set if `isPrepaid` is true."},"profileId":{"type":"string","description":"Id of the Rainbow profile to which company subscription is attached"},"profileName":{"type":"string","description":"Name of the Rainbow profile to which company subscription is attached"},"provisioningNeeded":{"type":"array","description":"Array of Objects which indicates if account must be provisioned on other internal components when subscribing to this offer.","items":{"$ref":"#/definitions/GetRenewSuccess_provisioningNeeded"}},"status":{"type":"string","description":"Status of the company subscription to which user profile is assigned\n<br/>\n<br/> Possible values: <code>active</code>, <code>alerting</code>, <code>hold</code>, <code>terminated</code>"},"subscriptionId":{"type":"string","description":"Id of company subscription to which user profile is assigned (one of the subscriptions available to user's company)"},"zuoraOfferId":{"type":"string","description":"ID of the related offer in Zuora (if offer can be sold)"},"zuoraProductRatePlanChargeId":{"type":"string","description":"ID of the ProductRatePlanChargeId used in Zuora (if offer can be sold)"},"zuoraProductRatePlanId":{"type":"string","description":"ID of the ProductRatePlanId to used in Zuora (if offer can be sold)"}},"required":["assignationDate","canBeSold","isDefault","offerId","offerName","profileId","profileName","status","subscriptionId"]},"GetRenewSuccess_provisioningNeeded":{"type":"object","properties":{"mediaType":{"type":"string","description":"Only set if provisioningNeeded is set and the element of the array has providerType `JANUS`. Corresponds to\nthe media type to use when provisioning the company account on WebRTC Conferencing component.","enum":["webrtc"]},"pgiEnterpriseId":{"type":"string","description":"Only set if provisioningNeeded is set and the element of the array has providerType `PGI`. Corresponds to\nan enterpriseId to use when provisioning the company account on PSTN Conferencing component.","enum":["testEnterpriseId","internalEnterpriseId","genericEnterpriseId"]},"providerType":{"type":"string","description":"If provisioningNeeded is set, each element of the array must contain providerType. providerType defines the internal component on which the\nprovisioning is needed when subscribing to this offer (provisioning is launched asynchronously when the subscription is created).","enum":["PGI","JANUS"]}},"required":["providerType"]},"GetLoginUrlSuccess":{"type":"object","properties":{"data":{"type":"array","description":"List of authentication type with the associated login URL.","items":{"$ref":"#/definitions/GetLoginUrlSuccess_data"}}},"required":["data"]},"GetLoginUrlSuccess_data":{"type":"object","properties":{"authorizationEndpoint":{"type":"string","description":"OIDC provider's authorization endpoint\n<br/> Only returned if `type` is `OIDC`.","minLength":1,"maxLength":255},"clientId":{"type":"string","description":"client_id used for Rainbow application in OIDC provider\n<br/> Only returned if `type` is `OIDC`.","minLength":1,"maxLength":255},"discoveryUrl":{"type":"string","description":"OIDC provider's discoveryUrl\n<br/> Only returned if `type` is `OIDC`.","minLength":1,"maxLength":255},"issuer":{"type":"string","description":"OIDC provider's Issuer Identifier\n<br/> Only returned if `type` is `OIDC`.","minLength":1,"maxLength":255},"jwksUri":{"type":"string","description":"OIDC provider's jwks_uri\n<br/> Only returned if `type` is `OIDC`.\n<br/> This setting is used to retrieve the OIDC provider's signing key(s) in order to validate the id_token's signature.","minLength":1,"maxLength":255},"loginUrl":{"type":"string","description":"URL to use to perform a login.\n<br/> Not returned if authentication type is OIDC with `onlyUseImplicitFlow`=true"},"logoutUrl":{"type":"string","description":"URL to use to perform a logout."},"onlyUseImplicitFlow":{"type":"boolean","description":"Indicates if configuration allows to use only OIDC implicit flow.\n<br/> Only returned if `type` is `OIDC`.\n<br/> If onlyUseImplicitFlow is set to true, `loginUrl` is not returned.\n<br/><br/> Implicit flow can be used instead of authorization code grant implemented by Rainbow APIs, but in that case implicit flow has to be implemented by the client.\nThe id_token retrieved by the client using implicit flow can then be used to get a Rainbow token using API GET /api/rainbow/authentication/v1.0/oidc-client/jwt."},"type":{"type":"string","description":"Authentication type.","enum":["RAINBOW","SAML","OIDC"]}},"required":["authorizationEndpoint","clientId","issuer","loginUrl","logoutUrl","onlyUseImplicitFlow","type"]},"OAuthAuthorizeSuccess":{"type":"object","properties":{"access_token":{"type":"string","description":"The access token generated by Rainbow authentication server.\n<br/> Only returned if ```Implicit``` grant is used.\n<br/>\n<br/> The access token can be used by the application to use Rainbow APIs."},"code":{"type":"string","description":"The authorization code generated by Rainbow authentication server.\n<br/> Only returned if ```Authorization Code``` grant is used."},"expires_in":{"type":"number","description":"Lifetime in seconds of the access token.\n<br/> Only returned if ```Implicit``` grant is used.\n<br/>\n<br/> Once the access token has expired, the application can no longer use it to use Rainbow APIs\n(it has to request again user authorization with Implicit grant to retrieve a new access token)"},"state":{"type":"string","description":"The state provided by the application to GET /api/rainbow/authentication/v1.0/oauth/authorize endpoint.\n<br/> Only returned if ```Authorization Code``` grant is used.\n<br/>\n<br/> To be exchanged against an access token and a refresh token using /oauth/token endpoint (see related <a href=\"#api-OAuth_Authentication-OAuthToken\">documentation</a>).\n<br/> Authorization code lifetime is 10 minutes and it can be used only once."},"token_type":{"type":"string","description":"Type of the token returned by Rainbow authentication server.\n<br/> Only returned if ```Implicit``` grant is used.\n<br/>\n<br/> It will always be \"access_token\" for Implicit grant.\n(it has to request again user authorization with Implicit grant to retrieve a new access token)"}},"required":["code","state"]},"OAuthToken":{"type":"object","properties":{"code":{"type":"string","description":"The authorization code sent by Rainbow authentication server from the\nGET /api/rainbow/authentication/v1.0/oauth/authorize endpoint.\n<br/> <b>Mandatory</b> to exchange an authorization code against an access token.\n<br/> Note that once it has been used, the authorization code is revoked.\n<br/>\n<br/> For more information, details are available in the <a href=\"https://tools.ietf.org/html/rfc6749#section-4.1.3\">OAuth 2.0 RFC, section 4.1.3</a>."},"grant_type":{"type":"string","description":"Desired grant type to use for token endpoint.\n<br/> Must be set to:\n- <strong>authorization_code</strong> to exchange an authorization code against an access token\n  (details are available in the <a href=\"https://tools.ietf.org/html/rfc6749#section-4.1.3\">OAuth 2.0 RFC, section 4.1.3</a>),\n- <strong>refresh_token</strong> to refresh an access token using the refresh token\n  (details are available in the <a href=\"https://tools.ietf.org/html/rfc6749#section-6\">OAuth 2.0 RFC, section 6</a>).","enum":["{authorization_code","refresh_token}"]},"redirect_uri":{"type":"string","description":"The redirect_uri used to retrieve the authorization code sent by Rainbow authentication server from the\nGET /api/rainbow/authentication/v1.0/oauth/authorize endpoint.\n<br/> <b>Mandatory</b> to exchange an authorization code against an access token.\n<br/>\n<br/> For more information, details are available in the <a href=\"https://tools.ietf.org/html/rfc6749#section-4.1.3\">OAuth 2.0 RFC, section 4.1.3</a>."},"refresh_token":{"type":"string","description":"The refresh token sent by Rainbow authentication server from the\nGET /api/rainbow/authentication/v1.0/oauth/authorize endpoint of from a previous refresh token performed using this\nPOST /api/rainbow/authentication/v1.0/oauth/token endpoint.\n<br/> <b>Mandatory</b> to refresh an access token.\n<br/> The provided refresh_token must not be expired. If the refresh token is expired, the application has to redo the whole OAuth authorization code flow.\n<br/> Note that once it has been used to refresh an access token, the refresh_token is revoked. The new refresh token returned in the response with the\naccess token replaces the previous one.\n<br/>\n<br/> For more information, details are available in the <a href=\"https://tools.ietf.org/html/rfc6749#section-6\">OAuth 2.0 RFC, section 6</a>."}},"required":["grant_type"]},"OAuthTokenSuccess":{"type":"object","properties":{"access_token":{"type":"string","description":"The access token generated by Rainbow authentication server.\n<br/> To be used to call Rainbow APIs (header Authorization: Bearer <access_token>, see related Rainbow API documentation).\n<br/>\n<br/> For more information, details are available in the <a href=\"https://tools.ietf.org/html/rfc6749#section-5.1\">OAuth 2.0 RFC, section 5.1</a>."},"expires_in":{"type":"string","description":"The access token lifetime.\n<br/>\n<br/> For more information, details are available in the <a href=\"https://tools.ietf.org/html/rfc6749#section-5.1\">OAuth 2.0 RFC, section 5.1</a>."},"refresh_token":{"type":"string","description":"The refresh token generated by Rainbow authentication server.\n<br/> To be used to refresh an access token using this POST /api/rainbow/authentication/v1.0/oauth/token endpoint.\n<br/> Generated refresh_token has a lifetime of 90 days.\n<br/> Note that a new refresh token is generated during \"<b>Refresh an Access Token</b>\" flow, overwriting the one used to refresh the access token\n      (this previous one is revoked). This new refresh token is regenerated with a lifetime of 90 days.\n      Therefore, as long as the application refreshes its access token during the refresh token lifetime period,\n      it can continue to use Rainbow APIs without redoing the whole OAuth authorization code flow.\n<br/>\n<br/> For more information, details are available in the <a href=\"https://tools.ietf.org/html/rfc6749#section-5.1\">OAuth 2.0 RFC, section 5.1</a>."},"token_type":{"type":"string","description":"The type of the access token issued.\n<br/> Should always be <strong>Bearer</strong> for access tokens generated by Rainbow authentication server.\n<br/>\n<br/> For more information, details are available in the <a href=\"https://tools.ietf.org/html/rfc6749#section-5.1\">OAuth 2.0 RFC, section 5.1</a>."}},"required":["access_token","expires_in","refresh_token","token_type"]},"DeleteOAuthTokenSuccess":{"type":"object","properties":{"data":{"type":"object","properties":{"accessTokenExpiresAt":{"type":"string","description":"Date when the access token expires.","format":"date-time"},"accessTokenIssuedAt":{"type":"string","description":"Date of the last access token generation. Access token is\nrequested by the application and has a short expiration time, therefore it can be considered as an indicator of\nthe application activity for the user/application associated to this OAuth token.","format":"date-time"},"appId":{"type":"string","description":"Unique identifier of the Application for which the OAuth token has been generated."},"appName":{"type":"string","description":"Name of the Application for which the OAuth token has been generated."},"creationDate":{"type":"string","description":"Date when the OAuth token has been created.\n<br/> Corresponds to the first time the user gave his consent so that the application can use Rainbow APIs in his\nname (delegation).","format":"date-time"},"id":{"type":"string","description":"OAuth token unique identifier."},"refreshTokenExpiresAt":{"type":"string","description":"Date when the refresh token expires.","format":"date-time"},"refreshTokenIssuedAt":{"type":"string","description":"Date of the last refresh token generation.","format":"date-time"},"scope":{"type":"string","description":"Scope granted to the application.","enum":["{all}"]},"userId":{"type":"string","description":"Unique identifier of the user for which the OAuth token has been generated."}},"required":["accessTokenExpiresAt","accessTokenIssuedAt","appId","appName","creationDate","id","refreshTokenExpiresAt","refreshTokenIssuedAt","scope","userId"]},"status":{"type":"string","description":"Delete operation status message."}},"required":["data","status"]},"GetOAuthTokenByIdSuccess":{"type":"object","properties":{"data":{"type":"object","properties":{"accessTokenExpiresAt":{"type":"string","description":"Date when the access token expires.","format":"date-time"},"accessTokenIssuedAt":{"type":"string","description":"Date of the last access token generation. Access token is\nrequested by the application and has a short expiration time, therefore it can be considered as an indicator of\nthe application activity for the user/application associated to this OAuth token.","format":"date-time"},"appId":{"type":"string","description":"Unique identifier of the Application for which the OAuth token has been generated."},"appName":{"type":"string","description":"Name of the Application for which the OAuth token has been generated."},"creationDate":{"type":"string","description":"Date when the OAuth token has been created.\n<br/> Corresponds to the first time the user gave his consent so that the application can use Rainbow APIs in his\nname (delegation).","format":"date-time"},"id":{"type":"string","description":"OAuth token unique identifier."},"refreshTokenExpiresAt":{"type":"string","description":"Date when the refresh token expires.","format":"date-time"},"refreshTokenIssuedAt":{"type":"string","description":"Date of the last refresh token generation.","format":"date-time"},"scope":{"type":"string","description":"Scope granted to the application.","enum":["{all}"]},"userId":{"type":"string","description":"Unique identifier of the user for which the OAuth token has been generated."}},"required":["accessTokenExpiresAt","accessTokenIssuedAt","appId","appName","creationDate","id","refreshTokenExpiresAt","refreshTokenIssuedAt","scope","userId"]}},"required":["data"]},"GetOAuthTokenSuccess":{"type":"object","properties":{"data":{"type":"object","properties":{"accessTokenExpiresAt":{"type":"string","description":"Date when the access token expires.","format":"date-time"},"accessTokenIssuedAt":{"type":"string","description":"Date of the last access token generation. Access token is\nrequested by the application and has a short expiration time, therefore it can be considered as an indicator of\nthe application activity for the user/application associated to this OAuth token.","format":"date-time"},"appId":{"type":"string","description":"Unique identifier of the Application for which the OAuth token has been generated."},"appName":{"type":"string","description":"Name of the Application for which the OAuth token has been generated."},"creationDate":{"type":"string","description":"Date when the OAuth token has been created.\n<br/> Corresponds to the first time the user gave his consent so that the application can use Rainbow APIs in his\nname (delegation).","format":"date-time"},"id":{"type":"string","description":"OAuth token unique identifier."},"refreshTokenExpiresAt":{"type":"string","description":"Date when the refresh token expires.","format":"date-time"},"refreshTokenIssuedAt":{"type":"string","description":"Date of the last refresh token generation.","format":"date-time"},"scope":{"type":"string","description":"Scope granted to the application.","enum":["{all}"]},"userId":{"type":"string","description":"Unique identifier of the user for which the OAuth token has been generated."}},"required":["accessTokenExpiresAt","accessTokenIssuedAt","appId","appName","creationDate","id","refreshTokenExpiresAt","refreshTokenIssuedAt","scope","userId"]}},"required":["data"]},"GetJwtSuccess":{"type":"object","properties":{"data":{"type":"object","properties":{}},"phoneNumbers":{"type":"object","properties":{}},"country":{"type":"string","description":"Phone number country (ISO 3166-1 alpha3 format)\n<br/>`country` field is automatically computed using the following algorithm when creating/updating a phoneNumber entry:\n- If `number` is provided and is in E164 format, `country` is computed from E164 number\n- Else if `country` field is provided in the phoneNumber entry, this one is used\n- Else user `country` field is used"},"loggedInApplication":{"type":"object","properties":{"activity":{"type":"string","description":"Application activity\n<ul>\n <li> <code>A</code>: AGRICULTURE, FORESTRY AND FISHING\n <li> <code>B</code>: MINING AND QUARRYING\n <li> <code>C</code>: MANUFACTURING\n <li> <code>D</code>: ELECTRICITY, GAS, STEAM AND AIR CONDITIONING SUPPLY\n <li> <code>E</code>: WATER SUPPLY; SEWERAGE, WASTE MANAGEMENT AND REMEDIATION ACTIVITIES\n <li> <code>F</code>: CONSTRUCTION\n <li> <code>G</code>: WHOLESALE AND RETAIL TRADE; REPAIR OF MOTOR VEHICLES AND MOTORCYCLES\n <li> <code>H</code>: TRANSPORTATION AND STORAGE\n <li> <code>I</code>: ACCOMMODATION AND FOOD SERVICE ACTIVITIES\n <li> <code>J</code>: INFORMATION AND COMMUNICATION\n <li> <code>K</code>: FINANCIAL AND INSURANCE ACTIVITIES\n <li> <code>L</code>: REAL ESTATE ACTIVITIES\n <li> <code>M</code>: PROFESSIONAL, SCIENTIFIC AND TECHNICAL ACTIVITIES\n <li> <code>N</code>: ADMINISTRATIVE AND SUPPORT SERVICE ACTIVITIES\n <li> <code>O</code>: PUBLIC ADMINISTRATION AND DEFENCE; COMPULSORY SOCIAL SECURITY\n <li> <code>P</code>: EDUCATION\n <li> <code>Q</code>: HUMAN HEALTH AND SOCIAL WORK ACTIVITIES\n <li> <code>R</code>: ARTS, ENTERTAINMENT AND RECREATION\n <li> <code>S</code>: OTHER SERVICE ACTIVITIES\n <li> <code>T</code>: ACTIVITIES OF HOUSEHOLDS AS EMPLOYERS; UNDIFFERENTIATED GOODS- AND SERVICES-PRODUCING ACTIVITIES OF HOUSEHOLDS FOR OWN USE\n <li> <code>U</code>: ACTIVITIES OF EXTRATERRITORIAL ORGANISATIONS AND BODIES\n <li> <code>NONE</code>: Undefined activity\n</ul>","enum":["A","B","C","D","E","F","G","H","I","J","K","L","M","N","O","P","Q","R","S","T","U","NONE"]},"dateOfCreation":{"type":"string","description":"Application creation date","format":"date-time"},"dateOfDeployment":{"type":"string","description":"Date of deployment of the application.","format":"date-time"},"dateOfDeploymentRequest":{"type":"string","description":"Date of deployment request of the application.","format":"date-time"},"env":{"type":"string","description":"Environment where the application is deploy","enum":["not_deployed","in_deployment","deployed"]},"id":{"type":"string","description":"Application unique identifier"},"name":{"type":"string","description":"Application name"},"ownerId":{"type":"string","description":"Unique identifier of the application owner"},"platform":{"type":"string","description":"Platform where the application is running","enum":["official","sandbox"]},"state":{"type":"string","description":"State of the application","enum":["new","active","blocked","deleted","stopped"]},"type":{"type":"string","description":"Application type","enum":["web","mobile","desktop","server","bot","iot","admin"]}},"required":["dateOfCreation","dateOfDeployment","dateOfDeploymentRequest","env","id","name","ownerId","platform","state","type"]},"loggedInUser":{"type":"object","properties":{"activationDate":{"type":"string","description":"User activation date","format":"date-time"},"adminType":{"type":"string","description":"In case of user's is 'admin', define the subtype (organisation_admin, company_admin, site_admin (default undefined)"},"companyId":{"type":"string","description":"User company unique identifier"},"companyName":{"type":"string","description":"User company name"},"country":{"type":"string","description":"User country (ISO 3166-1 alpha3 format)"},"createdByAdmin":{"type":"object","properties":{"loginEmail":{"type":"string","description":""},"userId":{"type":"string","description":""}},"required":["loginEmail","userId"]},"createdBySelfRegister":{"type":"boolean","description":"true if user has been created using self register"},"creationDate":{"type":"string","description":"User creation date","format":"date-time"},"displayName":{"type":"string","description":"User display name (firstName + lastName concatenated on server side)"},"emails":{"type":"array","description":"Array of user emails addresses objects","items":{"$ref":"#/definitions/GetJwtSuccess_emails"}},"firstLoginDate":{"type":"string","description":"Date of first user login (only set the first time user logs in, null if user never logged in)","format":"date-time"},"firstName":{"type":"string","description":"User first name"},"guestMode":{"type":"boolean","description":"Indicated a user embedded in a chat or conference room, as guest, with limited rights until he finalizes his registration."},"id":{"type":"string","description":"User unique identifier"},"initializationDate":{"type":"string","description":"User initialization date","format":"date-time"},"invitedBy":{"type":"object","properties":{"loginEmail":{"type":"string","description":""},"userId":{"type":"string","description":""}},"required":["loginEmail","userId"]},"isADSearchAvailable":{"type":"boolean","description":"Is ActiveDirectory (Office365) search available for this user"},"isActive":{"type":"boolean","description":"Is user active"},"isInDefaultCompany":{"type":"boolean","description":"Is user in default company"},"isInitialized":{"type":"boolean","description":"Is user initialized"},"isTerminated":{"type":"boolean","description":"Indicates if the Rainbow account of this user has been deleted"},"jid_im":{"type":"string","description":"User Jabber IM identifier"},"jid_password":{"type":"string","description":"User Jabber TEL identifier"},"jid_tel":{"type":"string","description":"User Jabber TEL identifier"},"jobTitle":{"type":"string","description":"User job title"},"language":{"type":"string","description":"User language (ISO 639-1 code format, with possibility of regional variation. Ex: both 'en' and 'en-US' are supported)"},"lastAvatarUpdateDate":{"type":"string","description":"Date of last user avatar create/update, null if no avatar","format":"date-time"},"lastLoginDate":{"type":"string","description":"Date of last user login (defined even if user is logged out)","format":"date-time"},"lastName":{"type":"string","description":"User last name"},"lastUpdateDate":{"type":"string","description":"Date of last user update (whatever the field updated)","format":"date-time"},"loggedSince":{"type":"string","description":"Date of last user login (null if user is logged out)","format":"date-time"},"loginEmail":{"type":"string","description":"User email address (used for login)"},"nickName":{"type":"string","description":"User nickName"},"organisationId":{"type":"string","description":"In addition to User companyId, optional identifier to indicate the user belongs also to an organization"},"phoneNumbers":{"type":"array","description":"Array of user phone numbers objects.\n<br/> Phone number objects can:\n<ul>\n    <li> be created by user (information filled by user),</li>\n    <li> come from association with a system (pbx) device (association is done by admin).</li>\n</ul>","items":{"$ref":"#/definitions/GetJwtSuccess_phoneNumbers"}},"profiles":{"type":"array","description":"User profile Objects.","items":{"$ref":"#/definitions/GetJwtSuccess_profiles"}},"roles":{"type":"array","description":"List of user roles (Array of String)","items":{"type":"string"}},"siteId":{"type":"string","description":"In addition to User companyId, optional identifier to indicate the user belongs also to a site"},"tags":{"type":"array","description":"An Array of free tags associated to the user.\n<br/> A maximum of 5 tags is allowed, each tag can have a maximum length of 64 characters.\n<br/> `tags` can only be set by users who have administrator rights on the user. The user can't modify the tags.\n<br/> The tags are visible by the user and all users belonging to his organisation/company, and can be used with\nthe search API to search the user based on his tags.","items":{"type":"string"}},"timeToLive":{"type":"number","description":"Duration in second to wait before automatically starting a user deletion from the creation date.\n<br/> Once the timeToLive has been reached, the user won't be usable to use APIs anymore (error 401523). His account may then be deleted from the database at any moment.\n<br/> Value -1 means timeToLive is disable (i.e. user account will not expire)."},"timezone":{"type":"string","description":"User timezone name"},"title":{"type":"string","description":"User title (honorifics title, like Mr, Mrs, Sir, Lord, Lady, Dr, Prof,...)"},"userInfo1":{"type":"string","description":"Free field that admin can use to link their users to their IS/IT tools / to perform analytics (this field is output in the CDR file)"},"userInfo2":{"type":"string","description":"2nd Free field that admin can use to link their users to their IS/IT tools / to perform analytics (this field is output in the CDR file)"},"visibility":{"type":"string","description":"User visibility\n</br> Define if the user can be searched by users being in other companies and if the user can search users being in other companies.\n<br/> Visibility can be:\n- `same_than_company`: The same visibility than the user's company's is applied to the user. When this user visibility is used,\nif the visibility of the company is changed the user's visibility will use this company new visibility.\n- `public`: User can be searched by external users / can search external users. User can invite external users / can be invited by external users\n- `private`: User **can't** be searched by external users / can search external users. User can invite external users / can be invited by external users\n- `closed`: User **can't** be searched by external users / **can't** search external users. User can invite external users / can be invited by external users\n- `isolated`: User **can't** be searched by external users / **can't** search external users. User **can't** invite external users / **can't** be invited by external users\n- `none`:  Default value reserved for guest. User **can't** be searched by **any users** (even within the same company) / can search external users. User can invite external users / can be invited by external users\n\nExternal users mean public user not being in user's company nor user's organisation nor a company visible by user's company.","enum":["same_than_company","public","private","closed","isolated","none"]}},"required":["activationDate","adminType","companyId","companyName","country","createdBySelfRegister","creationDate","displayName","emails","firstLoginDate","firstName","guestMode","id","initializationDate","isADSearchAvailable","isActive","isInDefaultCompany","isInitialized","isTerminated","jid_im","jid_password","jid_tel","lastAvatarUpdateDate","lastLoginDate","lastName","lastUpdateDate","loggedSince","loginEmail","organisationId","phoneNumbers","profiles","roles","siteId","visibility"]},"token":{"type":"string","description":"JsonWebToken to use for all API requests"}},"required":["country","loggedInApplication","loggedInUser","token"]},"GetJwtSuccess_emails":{"type":"object","properties":{"email":{"type":"string","description":"User email address"},"type":{"type":"string","description":"Email type, one of <code>home</code>, <code>work</code>, <code>other</code> </li>"}},"required":["email","type"]},"GetJwtSuccess_phoneNumbers":{"type":"object","properties":{"deviceType":{"type":"string","description":"Phone number device type, one of <code>landline</code>, <code>mobile</code>, <code>fax</code>, <code>other</code>."},"internalNumber":{"type":"string","description":"<b>[Only for phone numbers linked to a system (pbx)]</b>\n<br/> If phone is linked to a system (pbx), internal phone number.\n<br/> Usable within a PBX group.\n<br/> Admins and users can modify this internalNumber field."},"isFromSystem":{"type":"boolean","description":"Boolean indicating if phone is linked to a system (pbx)."},"number":{"type":"string","description":"User phone number (as entered by user)"},"numberE164":{"type":"string","description":"User E.164 phone number, computed by server from `number` and\n`country` fields"},"pbxId":{"type":"string","description":"<b>[Only for phone numbers linked to a system (pbx)]</b>\n<br/> If phone is linked to a system (pbx), unique identifier of that pbx."},"phoneNumberId":{"type":"string","description":"Phone number unique id in phone-numbers directory collection."},"shortNumber":{"type":"string","description":"<b>[Only for phone numbers linked to a system (pbx)]</b>\n<br/> If phone is linked to a system (pbx), short phone number (corresponds to the number monitored by PCG).\n<br/> Only usable within the same PBX.\n<br/> Only PCG can set this field."},"systemId":{"type":"string","description":"<b>[Only for phone numbers linked to a system (pbx)]</b>\n<br/> If phone is linked to a system (pbx), unique identifier of that system in Rainbow database."},"type":{"type":"string","description":"Phone number type, one of <code>home</code>, <code>work</code>, <code>other</code>."}},"required":["deviceType","isFromSystem","phoneNumberId","type"]},"GetJwtSuccess_profiles":{"type":"object","properties":{"assignationDate":{"type":"string","description":"Date when the subscription was attached to user profile"},"businessModel":{"type":"string","description":"Indicates the business model associated to this offer (number of users, usage, ...)\n- `nb_users`: Licencing business model. Subscriptions having this business model are billed according to the number of users bought for it.\n- `usage`: Subscriptions having this business model are billed based on service consumption (whatever the number of users assigned to the subscription of this offer).\n- `flat_fee`: Subscriptions having this business model are billed based on a flat fee (same price each month for the company which subscribe to this offer).\n- `none`: no business model. Should be used for offers which are not sold (like Essential...).","enum":["nb_users","usage","flat_fee","none"],"default":"none"},"businessSpecific":{"type":"array","description":"Indicates if the subscription is related to specific(s) business (for verticals like HDS)\n- `NONE`: This subscription is used if the company does not have a businessSpecific field.\n- `HDS`: This subscription is used if the company have a businessSpecific HDS (HealthCare).","enum":["NONE","HDS"],"default":"[NONE","items":{"type":"string"}},"canBeSold":{"type":"boolean","description":"Indicates if the offer is billed.\n<br/> Some offers will not be billed (Essential, Demo, ...)."},"hasConference":{"type":"boolean","description":"Indicates if the profile contains conference services"},"isDefault":{"type":"boolean","description":"Indicates if this profile is linked to user's company's subscription to default offer (i.e. Essential)"},"isDemo":{"type":"boolean","description":"Indicates if the profile is linked to a demo subscription"},"isExclusive":{"type":"boolean","description":"Indicates if the offer is exclusive for assignation to a user profile (if the user has already an exclusive offer assigned, it won't be possible to assign a second exclusive offer)."},"isPrepaid":{"type":"boolean","description":"Indicates if the profile is linked to a prepaid subscription"},"offerId":{"type":"string","description":"Id of the Rainbow offer to which company subscription is attached"},"offerName":{"type":"string","description":"Name of the Rainbow offer to which company subscription is attached"},"offerTechnicalDescription":{"type":"string","description":"Offer technical description.","minLength":1,"maxLength":512},"prepaidDuration":{"type":"number","description":"Prepaid subscription duration (in month).\n<br/>Only set if `isPrepaid` is true."},"profileId":{"type":"string","description":"Id of the Rainbow profile to which company subscription is attached"},"profileName":{"type":"string","description":"Name of the Rainbow profile to which company subscription is attached"},"provisioningNeeded":{"type":"array","description":"Array of Objects which indicates if account must be provisioned on other internal components when subscribing to this offer.","items":{"$ref":"#/definitions/GetJwtSuccess_provisioningNeeded"}},"status":{"type":"string","description":"Status of the company subscription to which user profile is assigned\n<br/>\n<br/> Possible values: <code>active</code>, <code>alerting</code>, <code>hold</code>, <code>terminated</code>"},"subscriptionId":{"type":"string","description":"Id of company subscription to which user profile is assigned (one of the subscriptions available to user's company)"},"zuoraOfferId":{"type":"string","description":"ID of the related offer in Zuora (if offer can be sold)"},"zuoraProductRatePlanChargeId":{"type":"string","description":"ID of the ProductRatePlanChargeId used in Zuora (if offer can be sold)"},"zuoraProductRatePlanId":{"type":"string","description":"ID of the ProductRatePlanId to used in Zuora (if offer can be sold)"}},"required":["assignationDate","canBeSold","isDefault","offerId","offerName","profileId","profileName","status","subscriptionId"]},"GetJwtSuccess_provisioningNeeded":{"type":"object","properties":{"mediaType":{"type":"string","description":"Only set if provisioningNeeded is set and the element of the array has providerType `JANUS`. Corresponds to\nthe media type to use when provisioning the company account on WebRTC Conferencing component.","enum":["webrtc"]},"pgiEnterpriseId":{"type":"string","description":"Only set if provisioningNeeded is set and the element of the array has providerType `PGI`. Corresponds to\nan enterpriseId to use when provisioning the company account on PSTN Conferencing component.","enum":["testEnterpriseId","internalEnterpriseId","genericEnterpriseId"]},"providerType":{"type":"string","description":"If provisioningNeeded is set, each element of the array must contain providerType. providerType defines the internal component on which the\nprovisioning is needed when subscribing to this offer (provisioning is launched asynchronously when the subscription is created).","enum":["PGI","JANUS"]}},"required":["providerType"]},"GetOidcLoginSuccess":{"type":"object","properties":{"tkn":{"type":"string","description":"The JWT generated by Rainbow authentication server.\n<br/> This JWT can then be used to call any Rainbow APIs."}},"required":["tkn"]},"GetSamlAssertionSuccess":{"type":"object","properties":{"None":{"type":"object","properties":{}}},"required":["None"]},"PostSamlAssertion":{"type":"object","properties":{"samlResponse":{"type":"string","description":"(XML)"}},"required":["samlResponse"]},"PostSamlAssertionSuccess":{"type":"object","properties":{"data":{"type":"object","properties":{}},"phoneNumbers":{"type":"object","properties":{}},"country":{"type":"string","description":"Phone number country (ISO 3166-1 alpha3 format)\n<br/>`country` field is automatically computed using the following algorithm when creating/updating a phoneNumber entry:\n- If `number` is provided and is in E164 format, `country` is computed from E164 number\n- Else if `country` field is provided in the phoneNumber entry, this one is used\n- Else user `country` field is used"},"loggedInApplication":{"type":"object","properties":{"activity":{"type":"string","description":"Application activity\n<ul>\n <li> <code>A</code>: AGRICULTURE, FORESTRY AND FISHING\n <li> <code>B</code>: MINING AND QUARRYING\n <li> <code>C</code>: MANUFACTURING\n <li> <code>D</code>: ELECTRICITY, GAS, STEAM AND AIR CONDITIONING SUPPLY\n <li> <code>E</code>: WATER SUPPLY; SEWERAGE, WASTE MANAGEMENT AND REMEDIATION ACTIVITIES\n <li> <code>F</code>: CONSTRUCTION\n <li> <code>G</code>: WHOLESALE AND RETAIL TRADE; REPAIR OF MOTOR VEHICLES AND MOTORCYCLES\n <li> <code>H</code>: TRANSPORTATION AND STORAGE\n <li> <code>I</code>: ACCOMMODATION AND FOOD SERVICE ACTIVITIES\n <li> <code>J</code>: INFORMATION AND COMMUNICATION\n <li> <code>K</code>: FINANCIAL AND INSURANCE ACTIVITIES\n <li> <code>L</code>: REAL ESTATE ACTIVITIES\n <li> <code>M</code>: PROFESSIONAL, SCIENTIFIC AND TECHNICAL ACTIVITIES\n <li> <code>N</code>: ADMINISTRATIVE AND SUPPORT SERVICE ACTIVITIES\n <li> <code>O</code>: PUBLIC ADMINISTRATION AND DEFENCE; COMPULSORY SOCIAL SECURITY\n <li> <code>P</code>: EDUCATION\n <li> <code>Q</code>: HUMAN HEALTH AND SOCIAL WORK ACTIVITIES\n <li> <code>R</code>: ARTS, ENTERTAINMENT AND RECREATION\n <li> <code>S</code>: OTHER SERVICE ACTIVITIES\n <li> <code>T</code>: ACTIVITIES OF HOUSEHOLDS AS EMPLOYERS; UNDIFFERENTIATED GOODS- AND SERVICES-PRODUCING ACTIVITIES OF HOUSEHOLDS FOR OWN USE\n <li> <code>U</code>: ACTIVITIES OF EXTRATERRITORIAL ORGANISATIONS AND BODIES\n <li> <code>NONE</code>: Undefined activity\n</ul>","enum":["A","B","C","D","E","F","G","H","I","J","K","L","M","N","O","P","Q","R","S","T","U","NONE"]},"dateOfCreation":{"type":"string","description":"Application creation date","format":"date-time"},"dateOfDeployment":{"type":"string","description":"Date of deployment of the application.","format":"date-time"},"dateOfDeploymentRequest":{"type":"string","description":"Date of deployment request of the application.","format":"date-time"},"env":{"type":"string","description":"Environment where the application is deploy","enum":["not_deployed","in_deployment","deployed"]},"id":{"type":"string","description":"Application unique identifier"},"name":{"type":"string","description":"Application name"},"ownerId":{"type":"string","description":"Unique identifier of the application owner"},"platform":{"type":"string","description":"Platform where the application is running","enum":["official","sandbox"]},"state":{"type":"string","description":"State of the application","enum":["new","active","blocked","deleted","stopped"]},"type":{"type":"string","description":"Application type","enum":["web","mobile","desktop","server","bot","iot","admin"]}},"required":["dateOfCreation","dateOfDeployment","dateOfDeploymentRequest","env","id","name","ownerId","platform","state","type"]},"loggedInUser":{"type":"object","properties":{"activationDate":{"type":"string","description":"User activation date","format":"date-time"},"adminType":{"type":"string","description":"In case of user's is 'admin', define the subtype (organisation_admin, company_admin, site_admin (default undefined)"},"companyId":{"type":"string","description":"User company unique identifier"},"companyName":{"type":"string","description":"User company name"},"country":{"type":"string","description":"User country (ISO 3166-1 alpha3 format)"},"createdByAdmin":{"type":"object","properties":{"loginEmail":{"type":"string","description":""},"userId":{"type":"string","description":""}},"required":["loginEmail","userId"]},"createdBySelfRegister":{"type":"boolean","description":"true if user has been created using self register"},"creationDate":{"type":"string","description":"User creation date","format":"date-time"},"displayName":{"type":"string","description":"User display name (firstName + lastName concatenated on server side)"},"emails":{"type":"array","description":"Array of user emails addresses objects","items":{"$ref":"#/definitions/PostSamlAssertionSuccess_emails"}},"firstLoginDate":{"type":"string","description":"Date of first user login (only set the first time user logs in, null if user never logged in)","format":"date-time"},"firstName":{"type":"string","description":"User first name"},"guestMode":{"type":"boolean","description":"Indicated a user embedded in a chat or conference room, as guest, with limited rights until he finalizes his registration."},"id":{"type":"string","description":"User unique identifier"},"initializationDate":{"type":"string","description":"User initialization date","format":"date-time"},"invitedBy":{"type":"object","properties":{"loginEmail":{"type":"string","description":""},"userId":{"type":"string","description":""}},"required":["loginEmail","userId"]},"isADSearchAvailable":{"type":"boolean","description":"Is ActiveDirectory (Office365) search available for this user"},"isActive":{"type":"boolean","description":"Is user active"},"isInDefaultCompany":{"type":"boolean","description":"Is user in default company"},"isInitialized":{"type":"boolean","description":"Is user initialized"},"isTerminated":{"type":"boolean","description":"Indicates if the Rainbow account of this user has been deleted"},"jid_im":{"type":"string","description":"User Jabber IM identifier"},"jid_password":{"type":"string","description":"User Jabber TEL identifier"},"jid_tel":{"type":"string","description":"User Jabber TEL identifier"},"jobTitle":{"type":"string","description":"User job title"},"language":{"type":"string","description":"User language (ISO 639-1 code format, with possibility of regional variation. Ex: both 'en' and 'en-US' are supported)"},"lastAvatarUpdateDate":{"type":"string","description":"Date of last user avatar create/update, null if no avatar","format":"date-time"},"lastLoginDate":{"type":"string","description":"Date of last user login (defined even if user is logged out)","format":"date-time"},"lastName":{"type":"string","description":"User last name"},"lastUpdateDate":{"type":"string","description":"Date of last user update (whatever the field updated)","format":"date-time"},"loggedSince":{"type":"string","description":"Date of last user login (null if user is logged out)","format":"date-time"},"loginEmail":{"type":"string","description":"User email address (used for login)"},"nickName":{"type":"string","description":"User nickName"},"organisationId":{"type":"string","description":"In addition to User companyId, optional identifier to indicate the user belongs also to an organization"},"phoneNumbers":{"type":"array","description":"Array of user phone numbers objects.\n<br/> Phone number objects can:\n<ul>\n    <li> be created by user (information filled by user),</li>\n    <li> come from association with a system (pbx) device (association is done by admin).</li>\n</ul>","items":{"$ref":"#/definitions/PostSamlAssertionSuccess_phoneNumbers"}},"profiles":{"type":"array","description":"User profile Objects.","items":{"$ref":"#/definitions/PostSamlAssertionSuccess_profiles"}},"roles":{"type":"array","description":"List of user roles (Array of String)","items":{"type":"string"}},"siteId":{"type":"string","description":"In addition to User companyId, optional identifier to indicate the user belongs also to a site"},"tags":{"type":"array","description":"An Array of free tags associated to the user.\n<br/> A maximum of 5 tags is allowed, each tag can have a maximum length of 64 characters.\n<br/> `tags` can only be set by users who have administrator rights on the user. The user can't modify the tags.\n<br/> The tags are visible by the user and all users belonging to his organisation/company, and can be used with\nthe search API to search the user based on his tags.","items":{"type":"string"}},"timeToLive":{"type":"number","description":"Duration in second to wait before automatically starting a user deletion from the creation date.\n<br/> Once the timeToLive has been reached, the user won't be usable to use APIs anymore (error 401523). His account may then be deleted from the database at any moment.\n<br/> Value -1 means timeToLive is disable (i.e. user account will not expire)."},"timezone":{"type":"string","description":"User timezone name"},"title":{"type":"string","description":"User title (honorifics title, like Mr, Mrs, Sir, Lord, Lady, Dr, Prof,...)"},"userInfo1":{"type":"string","description":"Free field that admin can use to link their users to their IS/IT tools / to perform analytics (this field is output in the CDR file)"},"userInfo2":{"type":"string","description":"2nd Free field that admin can use to link their users to their IS/IT tools / to perform analytics (this field is output in the CDR file)"},"visibility":{"type":"string","description":"User visibility\n</br> Define if the user can be searched by users being in other companies and if the user can search users being in other companies.\n<br/> Visibility can be:\n- `same_than_company`: The same visibility than the user's company's is applied to the user. When this user visibility is used,\nif the visibility of the company is changed the user's visibility will use this company new visibility.\n- `public`: User can be searched by external users / can search external users. User can invite external users / can be invited by external users\n- `private`: User **can't** be searched by external users / can search external users. User can invite external users / can be invited by external users\n- `closed`: User **can't** be searched by external users / **can't** search external users. User can invite external users / can be invited by external users\n- `isolated`: User **can't** be searched by external users / **can't** search external users. User **can't** invite external users / **can't** be invited by external users\n- `none`:  Default value reserved for guest. User **can't** be searched by **any users** (even within the same company) / can search external users. User can invite external users / can be invited by external users\n\nExternal users mean public user not being in user's company nor user's organisation nor a company visible by user's company.","enum":["same_than_company","public","private","closed","isolated","none"]}},"required":["activationDate","adminType","companyId","companyName","country","createdBySelfRegister","creationDate","displayName","emails","firstLoginDate","firstName","guestMode","id","initializationDate","isADSearchAvailable","isActive","isInDefaultCompany","isInitialized","isTerminated","jid_im","jid_password","jid_tel","lastAvatarUpdateDate","lastLoginDate","lastName","lastUpdateDate","loggedSince","loginEmail","organisationId","phoneNumbers","profiles","roles","siteId","visibility"]},"token":{"type":"string","description":"JsonWebToken to use for all API requests"}},"required":["country","loggedInApplication","loggedInUser","token"]},"PostSamlAssertionSuccess_emails":{"type":"object","properties":{"email":{"type":"string","description":"User email address"},"type":{"type":"string","description":"Email type, one of <code>home</code>, <code>work</code>, <code>other</code> </li>"}},"required":["email","type"]},"PostSamlAssertionSuccess_phoneNumbers":{"type":"object","properties":{"deviceType":{"type":"string","description":"Phone number device type, one of <code>landline</code>, <code>mobile</code>, <code>fax</code>, <code>other</code>."},"internalNumber":{"type":"string","description":"<b>[Only for phone numbers linked to a system (pbx)]</b>\n<br/> If phone is linked to a system (pbx), internal phone number.\n<br/> Usable within a PBX group.\n<br/> Admins and users can modify this internalNumber field."},"isFromSystem":{"type":"boolean","description":"Boolean indicating if phone is linked to a system (pbx)."},"number":{"type":"string","description":"User phone number (as entered by user)"},"numberE164":{"type":"string","description":"User E.164 phone number, computed by server from `number` and\n`country` fields"},"pbxId":{"type":"string","description":"<b>[Only for phone numbers linked to a system (pbx)]</b>\n<br/> If phone is linked to a system (pbx), unique identifier of that pbx."},"phoneNumberId":{"type":"string","description":"Phone number unique id in phone-numbers directory collection."},"shortNumber":{"type":"string","description":"<b>[Only for phone numbers linked to a system (pbx)]</b>\n<br/> If phone is linked to a system (pbx), short phone number (corresponds to the number monitored by PCG).\n<br/> Only usable within the same PBX.\n<br/> Only PCG can set this field."},"systemId":{"type":"string","description":"<b>[Only for phone numbers linked to a system (pbx)]</b>\n<br/> If phone is linked to a system (pbx), unique identifier of that system in Rainbow database."},"type":{"type":"string","description":"Phone number type, one of <code>home</code>, <code>work</code>, <code>other</code>."}},"required":["deviceType","isFromSystem","phoneNumberId","type"]},"PostSamlAssertionSuccess_profiles":{"type":"object","properties":{"assignationDate":{"type":"string","description":"Date when the subscription was attached to user profile"},"businessModel":{"type":"string","description":"Indicates the business model associated to this offer (number of users, usage, ...)\n- `nb_users`: Licencing business model. Subscriptions having this business model are billed according to the number of users bought for it.\n- `usage`: Subscriptions having this business model are billed based on service consumption (whatever the number of users assigned to the subscription of this offer).\n- `flat_fee`: Subscriptions having this business model are billed based on a flat fee (same price each month for the company which subscribe to this offer).\n- `none`: no business model. Should be used for offers which are not sold (like Essential...).","enum":["nb_users","usage","flat_fee","none"],"default":"none"},"businessSpecific":{"type":"array","description":"Indicates if the subscription is related to specific(s) business (for verticals like HDS)\n- `NONE`: This subscription is used if the company does not have a businessSpecific field.\n- `HDS`: This subscription is used if the company have a businessSpecific HDS (HealthCare).","enum":["NONE","HDS"],"default":"[NONE","items":{"type":"string"}},"canBeSold":{"type":"boolean","description":"Indicates if the offer is billed.\n<br/> Some offers will not be billed (Essential, Demo, ...)."},"hasConference":{"type":"boolean","description":"Indicates if the profile contains conference services"},"isDefault":{"type":"boolean","description":"Indicates if this profile is linked to user's company's subscription to default offer (i.e. Essential)"},"isDemo":{"type":"boolean","description":"Indicates if the profile is linked to a demo subscription"},"isExclusive":{"type":"boolean","description":"Indicates if the offer is exclusive for assignation to a user profile (if the user has already an exclusive offer assigned, it won't be possible to assign a second exclusive offer)."},"isPrepaid":{"type":"boolean","description":"Indicates if the profile is linked to a prepaid subscription"},"offerId":{"type":"string","description":"Id of the Rainbow offer to which company subscription is attached"},"offerName":{"type":"string","description":"Name of the Rainbow offer to which company subscription is attached"},"offerTechnicalDescription":{"type":"string","description":"Offer technical description.","minLength":1,"maxLength":512},"prepaidDuration":{"type":"number","description":"Prepaid subscription duration (in month).\n<br/>Only set if `isPrepaid` is true."},"profileId":{"type":"string","description":"Id of the Rainbow profile to which company subscription is attached"},"profileName":{"type":"string","description":"Name of the Rainbow profile to which company subscription is attached"},"provisioningNeeded":{"type":"array","description":"Array of Objects which indicates if account must be provisioned on other internal components when subscribing to this offer.","items":{"$ref":"#/definitions/PostSamlAssertionSuccess_provisioningNeeded"}},"status":{"type":"string","description":"Status of the company subscription to which user profile is assigned\n<br/>\n<br/> Possible values: <code>active</code>, <code>alerting</code>, <code>hold</code>, <code>terminated</code>"},"subscriptionId":{"type":"string","description":"Id of company subscription to which user profile is assigned (one of the subscriptions available to user's company)"},"zuoraOfferId":{"type":"string","description":"ID of the related offer in Zuora (if offer can be sold)"},"zuoraProductRatePlanChargeId":{"type":"string","description":"ID of the ProductRatePlanChargeId used in Zuora (if offer can be sold)"},"zuoraProductRatePlanId":{"type":"string","description":"ID of the ProductRatePlanId to used in Zuora (if offer can be sold)"}},"required":["assignationDate","canBeSold","isDefault","offerId","offerName","profileId","profileName","status","subscriptionId"]},"PostSamlAssertionSuccess_provisioningNeeded":{"type":"object","properties":{"mediaType":{"type":"string","description":"Only set if provisioningNeeded is set and the element of the array has providerType `JANUS`. Corresponds to\nthe media type to use when provisioning the company account on WebRTC Conferencing component.","enum":["webrtc"]},"pgiEnterpriseId":{"type":"string","description":"Only set if provisioningNeeded is set and the element of the array has providerType `PGI`. Corresponds to\nan enterpriseId to use when provisioning the company account on PSTN Conferencing component.","enum":["testEnterpriseId","internalEnterpriseId","genericEnterpriseId"]},"providerType":{"type":"string","description":"If provisioningNeeded is set, each element of the array must contain providerType. providerType defines the internal component on which the\nprovisioning is needed when subscribing to this offer (provisioning is launched asynchronously when the subscription is created).","enum":["PGI","JANUS"]}},"required":["providerType"]},"GetSamlAssertionConfigurationSuccess":{"type":"object","properties":{"xml":{"type":"array","description":"Rainbow SAML server metadata","items":{"$ref":"#/definitions/GetSamlAssertionConfigurationSuccess_xml"}}},"required":["xml"]},"GetSamlAssertionConfigurationSuccess_xml":{"type":"object","properties":{}},"GetSamlLoginSuccess":{"type":"object","properties":{"None":{"type":"object","properties":{}}},"required":["None"]},"GetSamlLogoutSuccess":{"type":"object","properties":{"None":{"type":"object","properties":{}}},"required":["None"]},"DeleteMetricsSuccess":{"type":"object","properties":{"status":{"type":"string","description":"In JSON format, status of the metrics deletion"}},"required":["status"]},"GetMetricsSuccess":{"type":"object","properties":{"metrics":{"type":"string","description":"In JSON format, all the metrics available"}},"required":["metrics"]},"GetApiRainbowAuthenticationV10AboutSuccess":{"type":"object","properties":{"description":{"type":"string","description":"Description of authentication portal server"},"version":{"type":"string","description":"Version of authentication portal server"}},"required":["description","version"]},"GetApiRainbowPingSuccess":{"type":"object","properties":{"status":{"type":"string","description":"State of authentication portal server\n<br/> <code>OK</code> if server status is good"}},"required":["status"]},"PutApiRainbowLogsLevels":{"type":"object","properties":{"console":{"type":"string","description":"Level to set for <strong>console</strong> transport","enum":["debug","info","warn","error"]},"file":{"type":"string","description":"Level to set for <strong>file</strong> transport","enum":["debug","info","warn","error"]},"syslog":{"type":"string","description":"Level to set for <strong>syslog</strong> transport","enum":["debug","info","warning","error"]}}},"PutApiRainbowLogsLevelsSuccess":{"type":"object","properties":{"newLoggerLevels":{"type":"object","properties":{"console":{"type":"string","description":"New log level of <strong>console</strong> transport (if enabled in portal's configuration)"},"file":{"type":"string","description":"New log level of <strong>file</strong> transport (if enabled in portal's configuration)"},"syslog":{"type":"string","description":"New log level of <strong>syslog</strong> transport (if enabled in portal's configuration)"}}},"oldLoggerLevels":{"type":"object","properties":{"console":{"type":"string","description":"Previous log level of <strong>console</strong> transport (if enabled in portal's configuration)"},"file":{"type":"string","description":"Previous log level of <strong>file</strong> transport (if enabled in portal's configuration)"},"syslog":{"type":"string","description":"Previous log level of <strong>syslog</strong> transport (if enabled in portal's configuration)"}}}},"required":["newLoggerLevels","oldLoggerLevels"]}},"tags":[{"name":"Authentication"},{"name":"Oauth Authentication"},{"name":"Saml Authentication"},{"name":"Common"}],"x-servers":[{"url":"https://openrainbow.com","description":"Production server"},{"url":"https://sandbox.openrainbow.com","description":"Development server"}],"x-tagGroups":[{"name":"Authentication","tags":["Authentication","Oauth Authentication","Saml Authentication"]},{"name":"Common","tags":["Common"]}]}