Skip to content

oauth-tokens

This API is used to interact with Edge Auth resources in Qlik elastic environments.

Endpoints

Skip to section
GET/oauth-tokens
DELETE/oauth-tokens/{tokenId}

list oauth tokens

Query Parameters GET /oauth-tokens

limit
optional, minimum=1, maximum=100
number

The maximum number of tokens to return

userId
optional
string

The ID of the user to limit results to

page
optional
string

The target page

sort
optional, default='userId'
string

The field to sort by

Enum:

userId

Responses GET /oauth-tokens

200
application/json

The page result

400
application/json

Invalid request parameter for querying tokens

401
application/json

Authentication failed.

GET/oauth-tokens

curl "https://your-tenant.us.qlikcloud.com/api/v1/oauth-tokens" \
 -H "Authorization: Bearer <API-key>"

Response GET /oauth-tokens

{
  "data": [
    {
      "tenantId": "string",
      "userId": "string",
      "id": "string",
      "description": "string",
      "deviceType": "string",
      "lastUsed": "2022-01-27T08:37:59.914Z"
    }
  ],
  "links": {
    "self": {
      "href": "http://example.com"
    },
    "next": {
      "href": "http://example.com"
    },
    "prev": {
      "href": "http://example.com"
    }
  }
}

Revoke an OAuth token by ID

Path Parameters DELETE /oauth-tokens/{tokenId}

tokenId
string<uid>

The ID of the token to revoke

Responses DELETE /oauth-tokens/{tokenId}

204
application/json
object

Token deleted successfully

401
application/json

Authentication failed.

default
application/json

Unexpected error.

DELETE/oauth-tokens/{tokenId}

curl "https://your-tenant.us.qlikcloud.com/api/v1/oauth-tokens/{tokenId}" \
 -X DELETE \
 -H "Authorization: Bearer <API-key>"

Errors

object

A representation of the errors encountered from the HTTP request.

Properties

errors

No description

Error

object

An error object.

Properties

code
string

The error code.

title
string

The error title.

status
optional
string

The http status code.

detail
optional
string

The detailed error message

meta
optional
object

Non-standard information about the error

Diagnose-claims

object

Diagnostic claims object.

Properties

subType
string

The token type.

claimsFromIdp
object

The claims from idp.

mappedClaims
object

The mapped claims.

internalClaims
optional
object

The claims used internally for requests from the entity

claimSource
optional
string

No description

Enum:

idp-userinfo

id-token

idp-introspection

external-token

SessionInfo

object

Information about the current user session

Properties

roles
Array<string>

The names of the roles resolved for the current user including the ones he obtains through his groups' membership.

ClaimsInfo

object

Information about the claims obtained from the internal JWT that got created while performing authentication.

Properties

roles
Array<string>

The names of the roles resolved for the current user including the ones he obtains through his groups' membership.

service-token-request

The request body for a service to service token

Properties

grant_type
string

The grant type of the token request

Enum:

qlik:service-token

service_token
string

The token identifying the service

service_token_type
optional, default='jwt'
string

The type of service token

Enum:

jwt

audience
string

The audience of the token, must be locked down to a specific resource

tenantId
optional
string

Optional (but strongly suggested) tenantId to limit the resultant token to

token-renewal-request

The request body for a token renewal

Properties

grant_type
string

The grant type of the token request

Enum:

qlik:token-renewal

renewer_token
string

The token identifying the entity renewing the token

renewer_token_type
optional, default='jwt'
string

The type of renewer token

Enum:

jwt

subject_token
string

The token being renewed

subject_token_type
optional, default='jwt'
string

The type of subject token

Enum:

jwt

user-impersonation-request

The request body for a token impersonation

Properties

grant_type
string

The grant type of the token request

Enum:

qlik:user-impersonation

actor_token
string

The token identifying the entity to impersonate the token

actor_token_type
optional, default='jwt'
string

The type of actor token

Enum:

jwt

user_id
string

The ID of the user to impersonate

request_tenant_id
optional
string

ID of tenant associated with the original API request

elevate
optional, default=false
boolean

Whether to include elevated permissions, requires ELEVATE service permission

token-response

object

Response containing an internal token

Properties

access_token
string

The internal token

token_type
string

The token type

Enum:

Bearer

expires_in
number

The number of seconds the token is valid for

expiry
number

The Unix time in seconds that the token will expire at

oauth-refresh-request

Properties

grant_type
string

No description

Enum:

refresh_token

refresh_token
string

The refresh token to use.

client_secret
optional
string

The client secret.

oauth-authorization-code-request

Properties

grant_type
string

No description

Enum:

authorization_code

code
string

The authorization code created by the server.

code_verifier
string

Required when grant_type is "authorization_code". The code verifier to verify original code challenge created by the client.

redirect_uri
string

The original redirect URI provided during authorization. For verification purposes only.

client_id
string

The client identifier.

client_secret
optional
string

The client secret.

description
optional
string

A user-friendly description to distinguish between multiple tokens

deviceType
optional
string

The type of the user device the authorization token is generated for (Tablet, Phone etc.)

oauth-token-response

object

Properties

access_token
string

The access token granted

refresh_token
optional
string

Refresh token to be used to obtain a new access token without user intervention

token_type
string

The type of the token issued

Enum:

bearer

expires_at
optional
string<date-time>

The date and time in ISO format for when the access token will expire

auth_time
optional
number

Unix time of when the last authentication occurred

scope
optional
string

The scope of access that is being granted, delimited by space

object

Properties

state
string

The state Id

approve
boolean

the user's approval

oauth-revoke-request

object

Properties

token
string

The token to revoke

token_type_hint
optional
string

Type of the provided token

Enum:

access_token

refresh_token

oauth-token

Properties

tenantId
string

The ID of the owning tenant

userId
string

The ID of the owning user

id
string

The token ID

description
optional
string

The description of the token

deviceType
optional
string

The type of the user device the authorization token is generated for (Tablet, Phone etc.)

lastUsed
optional
string<date-time>

The last time the token was used

Properties

href
string<uri>

The URL for the link

oauth-token-page

object

Properties

data

No description

links

No description

v1.27.6
Was this page helpful?