Use this API documentation for:
The base uri for the api:
https://apps.cirrusidentity.com/console/api/v1
The API uses standard http Basic Auth. Cirrus will supply you with a username/password pair. If the authentication/authorization fails, an http 403 response code is returned.
Data supplied in the body of a request (ie. in a POST request) must be in the form of a json document, and you should set the Content-Type header to application/json.
The response body will always be a json document, containing either the result of the operation if successful, or an errors object. (See examples)
If an operation is successful the http response code will be an appropriate 2xx code.
If the operation fails for some reason, an appropriate http 4xx or 5xx response code will be returned, and the error(s) will be provided in the response body.
uri |
/guest/invite |
http operation |
POST |
success response |
201 |
error response |
400 The invitation could not be created due to error in the supplied data 403 authentication/authorization error 404 A supplied SP entity id was not found; or a supplied sponsor was not found and could not be created |
Name |
Description |
Format |
spEntityId |
Entity id of the SP for which you want to invite a guest |
An entity id. |
serviceName |
Short name of the SP |
Alphanumeric. |
emailAddress |
Email address of the guest |
rfc2822. |
emailSubject |
Subject line of the email invitation |
Alphanumeric; 1-256 chars. |
A Sponsor |
Either:
|
|
Name |
Description |
Format |
clientRequestID |
A client supplied unique identifier for the request. If supplied, will be returned in response. |
Alphanumeric; 1-256 chars. |
emailText |
Text of the email invite. (See email template options) |
Alphanumeric; Can be null. Max 4000 chars. |
sponsorGivenname |
Given name of the sponsor. |
Alphanumeric; 1-256 chars. |
expirationDate |
Date the guest login will expire. Default 1 year. |
ISO8601 date. Must be at least 24 hours. |
validityPeriod |
Number of days the invitation will be valid. Default 3 days. |
Numeric. Must be > 0. |
applicationName |
Name of the application, which will appear in the email invite, and on claim page. |
Alphanumeric; Can be null. Max 256 chars |
applicationLink |
Link to the application. (See email template options) |
URL. |
sendEmail |
A flag to control the sending of the invitation email -- used in connection with self-assertion claiming. |
Boolean (true or false), Default - true |
customData |
A set of key/value pairs that will be saved with the guest, and asserted back during login. |
JSON object. |
The following is a valid request which contains all required, and some optional, parameters.
{
"spEntityId": "http://apps-dev2.cirrusidentity.com/shibboleth",
"clientRequestId": "x0021",
"serviceName": "Cloud Research Wiki",
"emailAddress": "some.person@gmail.com",
"emailSubject": "Invitation to join Cloud research",
"emailText": "This is a sample body for the email.",
"sponsorEppn": "irene@cirrusidentity.com",
"expirationDate": "2030-08-01T07:00:00Z",
"validityPeriod": 5
}
Sample Response
Here is the response that would be returned from the previous request. The response code is 201 to indicate that a new guest object has been created. The Location header will have a uri to the new guest object.
HTTP 201 Created
Date: Fri, 04 Sep 2015 07:40:18 GMT
Transfer-Encoding: Identity
Content-Type: application/json;charset=UTF-8
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=***REDACTED***
Location: https://apps.cirrusidentity.com/console/api/v1/guest/c9854ba210264d3db40e1a166fe88076
The body of the response contains a json document with keys ‘spEntityId’, ‘guest’, and ‘clientRequestId’ (if it was specified in the request). The ‘guest’ key returns a json map of the new guest object.
{
"spEntityId": "http://apps-dev2.cirrusidentity.com/shibboleth",
"guest": {
"mail": null,
"uid": "c9854ba210264d3db40e1a166fe88076",
"domain": "cirrusidentity.com",
"status": "invited",
"validityPeriod": 5,
"expirationDate": "2016-09-04T07:40:17Z",
"invitationAcceptedDate": null,
"sn": "",
"givenName": "",
"createDate": "2015-09-04T07:40:17Z",
"mailForInvite": "some.person@gmail.com",
"modifyDate": "2015-09-04T07:40:17Z",
"eppn": "",
"spEntityID": "http://apps-dev2.cirrusidentity.com/shibboleth",
"spName": "apps-dev2"
"customData": {
"universityId": "992012345"
}
},
"clientRequestId": "x0021"
}
Here is the response that would be returned from a request that was missing the spEntityId parameter.
HTTP 400 Bad Request
Date: Fri, 04 Sep 2015 07:40:18 GMT
Transfer-Encoding: Identity
Content-Type: application/json;charset=UTF-8
Connection: close
Server: Apache-Coyote/1.1
Set-Cookie: ***REDACTED***
{
"errors": [
{
"object": "com.socialidp.spadmin.api.GuestInviteCommand",
"message": "Property [spEntityId] of class [class
com.socialidp.spadmin.api.GuestInviteCommand] cannot be null",
"rejected-value": null,
"field": "spEntityId"
}
]
}
uri |
/guest/id |
http operation |
GET |
success response |
200 |
error response |
403 authentication/authorization error. 404 The guest with the supplied id was not found. |
The only parameter is the guest id which is specified in the uri.
Name |
Description |
Format |
id |
Id of the guest. |
An id as returned in the body of a guest/invite response. |
GET https://apps.cirrusidentity.com/console/api/v1/guest/c9854ba210264d3db40e1a166fe88076
HTTP 200 OK
Date: Fri, 04 Sep 2015 07:40:18 GMT
Transfer-Encoding: Identity
Content-Type: application/json;charset=UTF-8
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=***REDACTED***
Location: https://apps.cirrusidentity.com/console/api/v1/guest/c9854ba210264d3db40e1a166fe88076
{
"mail": null,
"uid": "c9854ba210264d3db40e1a166fe88076",
"domain": "cirrusidentity.com",
"status": "invited",
"validityPeriod": 5,
"expirationDate": "2016-09-04T07:40:17Z",
"invitationAcceptedDate": null,
"sn": "",
"givenName": "",
"createDate": "2015-09-04T07:40:17Z",
"mailForInvite": "some.person@gmail.com",
"modifyDate": "2015-09-04T07:40:17Z",
"eppn": "",
"spEntityID": "http://apps-dev2.cirrusidentity.com/shibboleth",
"spName": "apps-dev2"
"customData": {
"universityId": "992012345"
}
}
Note that after the person has accepted the invite and it has been validated, the status will be "valid", and the surname, given name, mail, invitationAccepted, and eppn fields will be filled in. The mail field may be different from the email address used in the invitation, as the guest can choose to assert a different email address.
HTTP 200 OK
Date: Fri, 04 Sep 2015 07:40:18 GMT
Transfer-Encoding: Identity
Content-Type: application/json;charset=UTF-8
Server: Apache-Coyote/1.1
Set-Cookie: ***REDACTED***
Location: https://apps.cirrusidentity.com/console/api/v1/guest/c9854ba210264d3db40e1a166fe88076
{
"mail": "joe.doe@gmail.com",
"uid": "c9854ba210264d3db40e1a166fe88076",
"domain": "cirrusidentity.com",
"status": "valid",
"expirationDate": "2016-09-04T07:40:17Z",
"invitationAcceptedDate": "2015-09-04T07:40:17Z",
"sn": "Doe",
"givenName": "Joe",
"createDate": "2015-09-04T07:40:17Z",
"mailForInvite": "some.person@gmail.com",
"modifyDate": "2015-09-04T07:40:17Z",
"validityPeriod": 3,
"eppn": "alsdlkasdlgko@gmail.com",
"spEntityID": "http://apps-dev2.cirrusidentity.com/shibboleth",
"spName": "apps-dev2"
"customData": {
"universityId": "992012345"
}
}
Here is the response that would be returned from a request that had an invalid id.
HTTP 404 Not Found
Date: Fri, 04 Sep 2015 07:40:18 GMT
Transfer-Encoding: Identity
Content-Type: application/json;charset=UTF-8
Connection: close
Server: Apache-Coyote/1.1
Set-Cookie: ***REDACTED***
{
"errors": [
"No person with id: 123456789"
]
}
You can provide a batch of invites by submitting an http POST with a content-type of "multipart/form" and a csv file as one of the form elements. The required form elements and csv format are described below. See the example below which shows how to do this using the "curl" command.
uri |
/batchInviteCsv |
http operation |
POST |
content-type |
multipart/form |
success response |
201 |
error response |
400 The invitation could not be created due to error in the supplied data 403 authentication/authorization error 404 A supplied SP entity id was not found; or a supplied sponsor was not found and could not be created |
Name |
Description |
Format |
spEntityId |
Entity id of the SP for which you want to invite a guest |
An entity id. |
sponsorEppn |
eduPersonPrincipalName of the default sponsor for the batch. |
|
sponsorMail |
Email address of the sponsor. (optional if sponsorEppn exists) |
|
sponsorSurname |
Surname of the sponsor. (optional if sponsorEppn exists) |
Alphanumeric; 1-256 chars. |
clientRequestID |
A client supplied unique identifier for the invitation. |
Alphanumeric; 1-256 chars. |
cfile |
csv file. Each row in the file is one invitation. |
Plain text file; comma separated values enclosed in double-quotes; headers matching the names of the invitation parameters below. |
Name |
Description |
Format |
emailText |
Text of the email invite. (See email template options) |
Alphanumeric; Can be null. Max 4000 chars. |
emailSubject |
Subject line of the email invitation |
Alphanumeric; 1-256 chars. |
sponsorGivenname |
Given name of the sponsor |
Alphanumeric; 1-256 chars. |
expirationDate |
Date the guest login will expire. Default 1 year. |
ISO8601 date. Must be at least 24 hours. |
validityPeriod |
Number of days the invitation will be valid. Default 3 days. |
Numeric. Must be > 0. |
applicationName |
Name of the application, which will appear in the email invite, and on claim page. |
Alphanumeric; Can be null. Max 256 chars. |
applicationLink |
Link to the application. (See email template options) |
URL. |
Each row of the csv file must have the following required parameters.
Name |
Description |
Format |
emailAddress |
Email address of the guest |
rfc2822. |
Each row of the csv file may have the following optional parameters.
Name |
Description |
Format |
customData |
You can provide your own custom key:value pairs with this parameter. |
A string containing key:value pairs, separated by commas. e.g. "bannerId:12345678,other_key:other_value" |
sponsorEppn |
You can provide a per-invite sponsor which overrides the default sponsor. |
eppn |
applicationName |
Name of the application, which will appear in the email invite, and on the claim page. Overrides the applicationName value from the batch form, and the service provider. |
Alphanumeric; Can be null. Max 256 chars. |
applicationLink |
Link to the application. (See email template options) Overrides the applicationLink value from the batch form. |
URL. |
The following is a valid request which contains all required, and some optional, parameters.
Here is the response that would be returned from the previous request. The response code is 201 to indicate that a new invitation batch has been created. The Location header will have a uri to the status object of the batch. (See batchStatus endpoint.)
The body of the response contains a json document with a key: ‘batchId’ which is required to query the processing status of the batch.
Headers
HTTP 201 Created
Date: Fri, 04 Sep 2015 07:40:18 GMT
Transfer-Encoding: Identity
Content-Type: application/json;charset=UTF-8
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=***REDACTED***
Location: https://apps.cirrusidentity.com/console/api/v1/batchStatus/c9854ba210264d3db40e1a166fe88076
Body
{
"clientRequestID":"1",
"spEntityId":"http://sp.myorg.edu",
"batchId": "c9854ba210264d3db40e1a166fe88076",
"errors": []
}
Here is the response that would be returned from a request that was missing the spEntityId parameter.
HTTP 400 Bad Request
Date: Fri, 04 Sep 2015 07:40:18 GMT
Transfer-Encoding: Identity
Content-Type: application/json;charset=UTF-8
Connection: close
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=***REDACTED***
{
"errors": ["Required parameter was not supplied: spEntityId."]
}
The following is a curl command which submits a file (test.csv). For readability, '\' characters are used to split the command onto multiple lines. This generates a standard multi-part form submit. Each "-F" element is a form element.
curl command
curl -L -v -u 'apikey:apisecret' \
-F cfile=@test.csv \
-F spEntityId=http://sp.myorg.edu/ \
-F sponsorEppn=admin@myorg.edu \
-F clientRequestID=a1 \
https://apps.cirrusidentity.com/console/api/v1/batchInviteCsv
Here is an example of a minimal csv file supplied to the curl command above.
Sample csv file
"emailAddress","customData"
"cindy.cirrus@gmail.com","bannerid:11111111"
"steve.stratus@gmail.com","bannerid:12345678"
Get the status of a batch invite process. This will return the total number of invitations in the batch, the number currently processed, and a list of errors encountered.
uri |
/batchStatus/batchId |
http operation |
GET |
success response |
200 |
error response |
403 authentication/authorization error 404 No invitation batch matched the supplied id. |
The only parameter is the batch id which is specified in the uri.
Name |
Description |
Format |
batchId |
Id of the batch. |
A batchId as returned in the body of a batchInvite or batchInviteCsv response. |
GET https://apps.cirrusidentity.com/console/api/v1/batchStatus/c9854ba210264d3db40e1a166fe88076
Headers
HTTP 200 OK
Date: Fri, 04 Sep 2015 07:40:18 GMT
Transfer-Encoding: Identity
Content-Type: application/json;charset=UTF-8
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=***REDACTED***
Location: https://apps.cirrusidentity.com/console/api/v1/batchStatus/c9854ba210264d3db40e1a166fe88076
Body
{
"batchId": "c9854ba210264d3db40e1a166fe88076",
"batchSize": 1000,
"numberProcessed": 20,
"errors": [
{
"clientRequestId": "x0099",
"emailAddress": "foo@",
"message": "Invalid email address"
}
]
}
Here is the response that would be returned from a request that had an invalid batch id.
HTTP 404 Not Found
Date: Fri, 04 Sep 2015 07:40:18 GMT
Transfer-Encoding: Identity
Content-Type: application/json;charset=UTF-8
Connection: close
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=***REDACTED***
{
"errors": [
"No batch with id: 123456789"
]
}
uri |
/guest/id |
http operation |
DELETE |
success response |
204 |
error response |
403 authentication/authorization error. 404 The guest with the supplied id was not found. |
The only parameter is the guest id which is specified in the uri.
Name |
Description |
Format |
id |
Id of the guest. |
An id as returned in the body of a guest/invite response. |
DELETE https://apps.cirrusidentity.com/console/api/v1/guest/c9854ba210264d3db40e1a166fe88076
{
"mail": "joe.doe@gmail.com",
"uid": "c9854ba210264d3db40e1a166fe88076",
"domain": "cirrusidentity.com",
"status": "valid",
"expirationDate": "2016-09-04T07:40:17Z",
"invitationAcceptedDate": "2015-09-04T07:40:17Z",
"sn": "Doe",
"givenName": "Joe",
"createDate": "2015-09-04T07:40:17Z",
"mailForInvite": "some.person@gmail.com",
"modifyDate": "2015-09-04T07:40:17Z",
"validityPeriod": 3,
"eppn": "alsdlkasdlgko@gmail.com",
"spEntityID": "http://apps-dev2.cirrusidentity.com/shibboleth",
"spName": "apps-dev2"
}
HTTP 204 No Content
Date: Fri, 04 Sep 2015 07:40:18 GMT
Transfer-Encoding: Identity
Content-Type: application/json;charset=UTF-8
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=***REDACTED***
Location: https://apps.cirrusidentity.com/console/api/v1/guest/c9854ba210264d3db40e1a166fe88076
Sample Error Response
Here is the response that would be returned from a request that had an invalid id.
HTTP 404 Not Found
Date: Fri, 04 Sep 2015 07:40:18 GMT
Transfer-Encoding: Identity
Content-Type: application/json;charset=UTF-8
Connection: close
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=***REDACTED***
{
"errors": [
"No person with id: 123456789"
]
}
© Copyright Cirrus Identity, Inc.