Single Account¶
A single entrecode Account.
The JSON Schema is https://schema.entrecode.de/schema-acc/account.
Properties¶
Property | Type | Format | Description | Writable |
---|---|---|---|---|
accountID | String | Version 4 UUID (RFC 4122) | The unique identifier for an Account | No. Gets generated on creation. |
created | String | ISO-8601 formatted UTC Date String (YYYY-MM-DDTHH:mm:ss.sssZ, RFC 3339) | Timestamp of the creation of the Account | No. Gets written on creation. |
String | valid eMail Address | The primary eMail address of the account | Yes | |
language | String | Shortened RFC5646 Syntax (en , de , …) |
The primary UI language for this account | Yes |
state | String | active , inactive , blocked , deleted |
The account state | Yes |
hasPassword | Boolean | Optional. Indicates if the user has a password set. | No | |
hasPendingEmail | Boolean | Optional. Indicates if the user has a pending email change | No | |
openID | Array | OAuth Accounts | of linked OAuth / Open ID Connect accounts. Each Array item is an object including the fields sub (subject), iss (issuer), pending (true/false), email and name (as given from the OAuth issuer) |
Yes |
permissions | Array[String] | Shiro permission string | Permissions that are directly assigned to this account (excluding group permissions). | Yes |
groups | Array | objects containing name , groupID and a permissions array |
Groups this account is assigned to, including group permissions (permissions inherited by group membership). Groups are not linked to the group resource because other members may not be disclosed. | No. Edit the group resource to change memberships. |
Note to deprecated isPrincess
field: This field is not included anymore. Just check for membership in the Princesses
group.
Relations¶
Relation Name | Target Resource | Description | Possible Methods |
---|---|---|---|
self | Account | The resource itself | GET, PUT |
collection | Account List | List of all available Accounts | GET |
ec:account/tokens | Token List | Collection of access tokens for this account | GET |
List¶
The Account List Resource is a Generic List Resource with embedded Account Resources.
Possible Actions¶
Read¶
To read a single Account Resource, clients may perform GET on a ec:account
relation.
To read the Account List Resource, clients may perform GET on a ec:accounts
relation or on the collection
relation of a single Account resource.
In both cases, the success status code is 200 OK.
Example¶
{
"accountID": "00000000-0000-4444-8888-000000000000",
"created": "2014-12-04T17:00:38.208Z",
"email": "test@abc.de",
"hasPassword": true,
"language": "en",
"openID": [ ],
"state": "active",
"permissions": [
"a:b:c",
"d:e:f
],
"groups": [
{
"name": "datamanager-user",
"groupID": "fc8aff95-fd00-4f98-ac06-61659b48657b",
"permissions": [
"dm-create"
]
},
{
"name": "appserver-user"
"groupID": "a6b78f95-fd00-4f98-ac06-61659b45f3e2",
"permissions": [
"app-create",
"app:platform-create:web"
]
}
]
"_links": {
"self": {
"href": "https://accounts.entrecode.de/account?accountID=00000000-0000-4444-8888-000000000000"
},
"curies": {
"href": "https://entrecode.de/doc/rel/{rel}",
"templated": true
},
"ec:account/tokens": {
"href": "https://accounts.entrecode.de/account/tokens?accountID=00000000-0000-4444-8888-000000000000"
},
"collection": {
"href": "https://accounts.entrecode.de/accounts"
}
}
}
Create¶
To create a new Account Resource, the Signup process has to be executed. See ec:auth/register
relation.
Edit¶
To update an existing Account Resource, clients may perform a PUT on ec:account
or self
at a single Account Resource. The JSON Schema for editing an Account is https://schema.entrecode.de/schema-acc/account-template.
All fields are optional and need their own permission. Fields where no permission is available will be ignored.
Permissions:
acc:edit:<uuid>:language,openid,password
acc:change-state:<uuid>
acc:set-permissions:acc:<uuid>
For setting permissions, additionally the permission acc:permissions:<permission>
is needed.
The permission acc:set-password:<uuid>
enables changing the password without the need for oldPassword
to be set.
Deleting an OAuth / OpenID Connect connection is only allowed if hasPassword
is true or an other connection which is not pending exists. Adding a connection is not possible via PUT, instead a signup has to be done with an authenticated access token.
For changing email address or password, the according auth relations have to be used: Change eMail, Password reset. Both require validation over email.
Editing the groups array is not possible using the Account Resource. Sending the property with a PUT request has no effect. To add accounts to a group, the group resource has to be edited.
Note to deprecated isPrincess
field: This field is not included anymore. Just add account to the Princesses
group.
The success status code is 200 OK and the response body is the updated single Account resource.
Delete¶
Deletion is not possible at the moment. However, the state
can be set to deleted
.