These endpoints can be used to retrieve information from the identity provider. Role and user management for a tenant and to create and delete tenants in Keycloak.

This API is provided by the TENANT-MANAGEMENT Service and expects the corresponding requirements.

A Swagger-UI is available to call the API endpoints manually for testing purposes: https://<domain>/tenant-management/swagger-ui.html.

Endpoint Overview

To use this API for user management, you must have the required access permissions as mentioned below. This means that you must have specific authorizations. To use this API to create and delete tenants, you must be a system integrator.

Endpoints for Identity Provider Connection: idm-controller

The endpoints of the Identity Management Controller (idm-controller) provide an interface for retrieving user and role information from the connected identity provider.

They are provided by the TENANT-MANAGEMENT service.

In the default configuration, the endpoints are available for any user logged-in to yuuvis® Momentum.

HTTP Method as of product version	Purpose	Response Format	Description
GET 2021 Winter	whoAmI	JSON	Retrieves the representation of the currently logged-in user. /tenant-management/api/idm/me
GET 2021 Winter	getUsers	JSON	Retrieves a list of all users within the same tenant as the currently logged-in user. /tenant-management/api/idm/users
GET 2021 Winter	getUsersByRole	JSON	Retrieves a list of users that have the specified `role` assigned to them. /tenant-management/api/idm/roles/{role}/users
GET 2021 Winter	getUserInfo	JSON	Retrieves the representation of the user specified by `id`. Only users within the tenant of the logged-in user are available. /tenant-management/api/idm/users/{id}
GET 2022 Spring	getRoles	JSON	Gets all roles of the tenant of the requesting user. /tenant-management/api/idm/roles

Endpoints for System Integrators: system-controller

These endpoints can be used for role, group and user management for a tenant and to create and delete tenants in Keycloak.

They are provided by the TENANT-MANAGEMENT service.

The access to the endpoints has to be limited to administrative users as specified with the permission for /tenant-management/api/system/** endpoints in the authentication-prod.yml configuration file.

The endpoints are used by the ARCHITECT Service that provides yuuvis® architect. If you want to use this service, do not change the default access condition that is matched with the YUUVIS_SYSTEM_INTEGRATOR role.

HTTP Method as of product version	Purpose	Response Format	Description
	Manage Tenant Creation Profile
GET 2020 Winter	Retrieve the Keycloak System Settings	JSON	Retrieves the top-level representation of the identity provider Keycloak. `/tenant-management/api/system/info`
POST 2020 Winter	Update the Profile	HTTP status code	Updates the tenant creation profile that is used while creating a tenant of a customer with all the information that should be set up, e.g., additional roles, users, schema and client settings. Each SaaS application has its own tenant creation profile. `/tenant-management/api/system/profile`
GET 2020 Winter	Retrieve the Profile	JSON	Retrieves the profile data to be used when creating new tenants. Reads the tenant creation profile. `/tenant-management/api/system/profile`
	Manage Tenants
POST 2020 Winter	Create a Tenant	HTTP status code	Creates a new tenant with the values for the corresponding parameters specified in JSON format. Required settings for Keycloak and yuuvis® Momentum core are passed as well as custom (= product application) settings. `/tenant-management/api/system/tenants`
PUT 2020 Winter	Update the Data of a Tenant	HTTP status code	Update the data of the tenant specified by `tenant`. `/tenant-management/api/system/tenants/{tenant}`
GET 2020 Winter	Retrieve the Tenant data	JSON	Retrieves the top-level representation of the Keycloak realm specified by `tenant`. It will not include nested information like User and Client representations. Reads the tenant data of the specified `tenant`. `/tenant-management/api/system/tenants/{tenant}`
GET 2020 Winter	Retrieve the Data of all Tenants	JSON	Retrieves the top-level representation of all realms. It will not include nested information like User and Client representations. Reads the list of all tenants. `/tenant-management/api/system/tenants`
DELETE 2020 Winter	Delete a Tenant	JSON	Deletes the specified `tenant`. `/tenant-management/api/system/tenants/{tenant}`
PATCH 2021 Summer	Update a Tenant	HTTP status code	Update a new tenant with the values for the corresponding parameters specified in JSON format. `/tenant-management/api/system/tenants/{tenant}`
GET 2020 Winter	Retrieve the Number of Users	TXT	Retrieves the number of all users of the specified `tenant`. `/tenant-management/api/system/tenants/{tenant}/users/count`
POST 2020 Winter	Create a User	JSON	Creates a new user with the given properties for the specified tenant. `/tenant-management/api/system/tenants/{tenant}/users`
PUT 2020 Winter	Update the Data of a User	HTTP status code	Update the data of the user specified by `tenant` and `id`. `/tenant-management/api/system/tenants/{tenant}/users/{id}`
GET 2020 Winter	Request a List of Users	JSON	Retrieves a list of all users of the specified `tenant`. As 2021 Autumn, the list can be filtered by applying query parameters. `/tenant-management/api/system/tenants/{tenant}/users`
GET 2020 Winter	Retrieve the Data of a User	JSON	Retrieves the data of the user specified by `tenant` and `id`. `/tenant-management/api/system/tenants/{tenant}/users/{id}`
DELETE 2020 Winter	Delete a User	HTTP status code	Deletes the user specified by `id` of the specified `tenant`. `/tenant-management/api/system/tenants/{tenant}/users/{id}`
GET 2020 Winter	Retrieve the Roles	JSON	Gets all roles of the specified `tenant`. `/tenant-management/api/system/tenants/{tenant}/roles`
POST 2021 Autumn	Create a Role	JSON	Creates a new role for the specified tenant with the properties specified in JSON format in the request body. `/tenant-management/api/system/tenants/{tenant}/roles`
DELETE 2021 Autumn	Delete a Role	JSON	Deletes the role specified by `name` for the specified `tenant`. `/tenant-management/api/system/tenants/{tenant}/role/{name}`
GET 2021 Autumn	Retrieve the Groups	JSON	Retrieves all groups of the specified `tenant` with the assigned roles and members. `/tenant-management/api/system/tenants/{tenant}/groups`
POST 2021 Autumn	Create a Group	JSON	Creates a new group with the given properties for the specified tenant. `/tenant-management/api/system/tenants/{tenant}/groups`
GET 2021 Autumn	Retrieve a Group	JSON	Retrieves the group specified by `id` of the specified `tenant` with the assigned roles and members. `/tenant-management/api/system/tenants/{tenant}/groups/{id}`
PUT 2021 Autumn	Update a Group	JSON	Updates the data of the group specified by id that is given for the specified tenant. `/tenant-management/api/system/tenants/{tenant}/groups/{id}`
DELETE 2021 Autumn	Delete a Group	HTTP status code	Deletes the group specified by `id` in the specified tenant. `/tenant-management/api/system/tenants/{tenant}/groups/{id}`
GET 2021 Summer deprecated as of 2023 Autumn	Retrieve the Current Metrics	JSON	Reads the current metrics of the specified tenant. `/tenant-management/api/system/tenants/{tenant}/metrics`

Endpoints for Tenant Administrators: admin-controller

These endpoints can be used for role, group and user management in Keycloak within the own tenant. Administrative tenant-specific information can be retrieved as well.They are provided by the TENANT-MANAGEMENT service.

The access to the endpoints has to be limited to administrative users as specified with the permission for /tenant-management/api/admin/** endpoints in the authentication-prod.yml configuration file.

The endpoints are used by the ARCHITECT Service that provides yuuvis® architect. If you want to use this service, do not change the default access condition that is matched with the YUUVIS_TENANT_ADMIN role.

As of 2022 Autumn, in the default configuration, users with the YUUVIS_MANAGE_SETTINGS role are allowed to manage users of their own tenant as well. They have access to all endpoints /tenant-management/api/admin/users/**. However, the following operations are not allowed for them:

Assigning the YUUVIS_TENANT_ADMIN or YUUVIS_SYSTEM_INTEGRATOR roles.
Editing the data of users having the YUUVIS_TENANT_ADMIN or YUUVIS_SYSTEM_INTEGRATOR role.
Deleting users having the YUUVIS_TENANT_ADMIN or YUUVIS_SYSTEM_INTEGRATOR role.

HTTP Method as of product version	Purpose	Response Format	Description
GET 2020 Winter	Retrieve the Tenant data	JSON	Retrieves the tenant data as given in the Keycloak identity provider for the tenant of the calling user. `/tenant-management/api/admin/tenant`
GET 2020 Winter	Retrieve the Number of Users	TXT	Retrieves the number of all users of the tenant. `/tenant-management/api/admin/users/count`
POST 2020 Winter	Create a User	JSON	Creates a new user in the tenant with the given properties. `/tenant-management/api/admin/users`
POST 2020 Winter	Create a User via CSV	JSON	Creates users listed in a CSV-based file. `/api-tm/admin/users/batchcreate` Note: Keycloak does not offer an API for creating more than one user in one call. So you may want to create multiple users one by one by yourself.
GET 2020 Winter	Retrieve a User	JSON	Retrieves the data of the user specified by `id`. `/tenant-management/api/admin/users/{id}`
PUT 2020 Winter	Update the Data of a User	HTTP status code	Updates the data of the user specified by `id` with the data passed in the request body in JSON format. `/tenant-management/api/admin/users/{id}`
DELETE 2020 Winter	Delete a User	HTTP status code	Deletes the user specified by `id`. `/tenant-management/api/admin/users/{id}`
GET 2020 Winter	Retrieve a List of Users	JSON	Retrieves a list of all users within the tenant. As 2021 Autumn, the list can be filtered by applying query parameters. `/tenant-management/api/admin/users`
GET 2020 Winter	Retrieve the Roles	JSON	Gets all roles. `/tenant-management/api/admin/roles`
POST 2021 Autumn	Create a Role	JSON	Creates a new role for the tenant with the properties specified in the JSON request body. `/tenant-management/api/admin/roles`
DELETE 2021 Autumn	Delete a Role	JSON	Deletes the role specified by `name`. `/tenant-management/api/admin/role/{name}`
GET 2021 Autumn	Retrieve the Groups	JSON	Retrieves all groups with the assigned roles and members for the tenant. `/tenant-management/api/admin/groups`
POST 2021 Autumn	Create a Group	JSON	Creates a new group for the tenant with the properties specified in the JSON request body. `/tenant-management/api/admin/groups`
GET 2021 Autumn	Retrieve a Group	JSON	Retrieves the group specified by `id` with the assigned roles and members for the tenant. `/tenant-management/api/admin/groups/{id}`
PUT 2021 Autumn	Update a Group	JSON	Updates the data of the group specified by `id` with the data passed in the request body in JSON format.`/tenant-management/api/admin/groups/{id}`
DELETE 2021 Autumn	Delete a Group	JSON	Deletes the group specified by `id`. `/tenant-management/api/admin/groups/{id}`
GET 2021 Spring deprecated as of 2023 Autumn	Retrieve the Current Metrics	JSON	Reads the current metrics of the specified tenant. `/tenant-management/api/admin/metrics`

Browser not supported