Steps to use OAuth access tokens for bulk user management
Article ID: KB0074671
Updated On:
| Products | Versions |
|---|---|
| TIBCO Cloud | - |
Description
Access tokens can have an expiration date and can be revoked whenever required. These tokens can be created for specific domains and can be used as Bearer tokens in the authorization header while making a REST call.
[ NOTE: Please find a link to detailed documentation on how to generate these tokens in the reference section ]
In this article, we will focus on how to use the OAuth Access tokens to use the Bulk user management APIs in TIBCO Cloud to Invite users, delete users, update user details and get user details.
To gain access to the Bulk user management APIs, please open a Support ticket with TIBCO Support.
Issue/Introduction
Resolution
Once you have the access token with you, you can make calls to the bulk user management APIs by passing access token in the header as an authorization bearer token.
API Schemas
1. Invite users schema :
{ "tenantId": "string", "tenantUsersRolesInviteDetails": [{ "firstName": "string", "lastName": "string", "company": "string", "state": "string", "country": "string", "phone": "string", "extendedUserAttributes": { "reportsTo": "string", "description": "string", "department": "string", "jobTitle": "string", "communicationEmail": "string" }, "email": "string", "tenantRoleIds": [ "string", "string" ], "teamAdmin": false }] } To invite, you need to specify the tenant ID for the team the user should be invited too (see below for available tenant IDs)
Per-user you can specify one or more roles (if available, see role tables per tenant below), this is a comma-separated list. A maximum of 50 users is allowed.
2. Delete users schema: { "tenantId": "string", "emails": [ "string" ] } To remove users, you need to specify the tenant ID from where the users need to be removed (see below for available tenant IDs)
Per tenant, you can specify up to 50 emails as a comma separated string.
3. Update users schema: { "usersDetails": [{ "email": "string", "firstName": "string", "lastName": "string", "company": "string", "country": "string", "phone": "string", "state": "string", "extendedUserAttributes": { "reportsTo": "string", "department": "string", "jobTitle": "string", "description": "string", "communicationEmail": "string" } }] } The caller (i.e. the authenticated user) of the API must be an owner of the Organization for which the users details are being updated.
The users being updated must belong to the Organization owned by the caller of this API.
To update user details, you must provide the email of the user (must be the same as in TIBCO Cloud) and then specify the other details that need to be updated.
Only those fields that are passed as the part of payload are updated. The fields that are not specified in the payload are retained.
You can update a maximum of 50 users at a time.
Nimbus
Tenant ID: NIMBUS| Role | Logical name | Description |
|---|---|---|
| ACCOUNT_ADMIN | Account administrator | Nimbus administrator |
| AUTHOR | Author | Authors new nimbus maps |
| CONTRIBUTOR | Contributor | Contributes to existing maps |
Tenant ID: BPM
| Role | Logical name | Description |
|---|---|---|
| Administrator | Live Apps administrator | Publishes Live Apps applications, and creates a custom group of the user in Live Apps |
| AllUsers | Regular user | Starts use cases in Live Apps |
| ApplicationDeveloper | Developer | Develops Live Apps applications |
Integration
Tenant ID: TCI
| Role | Logical name | Description |
|---|---|---|
| ADM | TCI Administrator | This is an elevated role that allows access to all functions except for team admin. |
| USR | Regular user | Developer user who can create, update, delete apps/solutions |
| RO | Read only user | User who can only view apps/solutions |
Auditsafe
Tenant ID: TCTA
| Role | Logical name | Description |
|---|---|---|
| ADM | Administrator | Auditsafe administrator |
| USR | User | Views and tracks transactions |
Mashery
Tenant ID: MASHERY
Roles (https://docs.mashery.com/manage/GUID-BC63BAB0-7BFE-4F0E-887F-CF32342F8F9E.html)
| Role | Logical name | Description |
|---|---|---|
| ADMIN | Mashery administrator | Performs all tasks that can be done in the Mashery control center |
| APIMGR | API manager | Creates and manages APIs, packages and plans |
| CIADMIN | Call inspector administrator | Manages and sets up call inspector |
| CIUSER | Call inspector user | Uses call inspector |
| CMMGR | Community manager | Manages the community |
| CTMGR | Content manager | Manages context for the portal |
| POMT | Portal manager | Manages the complete portal |
| PRMGT | Program manager | Manages API programs |
| REPMGT | Reports user | View API usage reports |
| SUPMGR | Support user | View only role |
| ORGUSER | Organization user | A user that can be used for DAPI |
Events
Tenant ID: TCE
| Role | Logical name | Description |
|---|---|---|
| ADM | Adminstrator | Events administrator |
| DEV | Developer | Develops Events applications |
Messaging
Tenant ID: TCM
No roles needed
Spotfire
Tenant ID: SPOTFIRE
Roles (http://docs.spotfire.cloud.tibco.com/spotfire/GUID-481621C9-F133-4F3F-8A59-0B154B014BF0.html)
| Role | Logical name | Description |
|---|---|---|
| CLOUD_ANALYST | Analyst | Uses the online environment, sets up connections, and uses the thick client |
| CLOUD_BUSINESS_AUTHOR | Business Author | Authors reports in the online environment |
| CLOUD_CONSUMER | Consumer | Reads reports in the online environment |
Inviting members using curl
This API allows you to invite users (at max 50 users per request) and update the roles of the existing members of the domain. Inviting a new or existing user to a domain will normally send an email from TIBCO to user's email address with instructions how to sign in. Such emails are not sent if Enterprise SSO is already configured and enabled. Users will always get an email whenever their roles change.
curl -X PUT \ "https://account.cloud.tibco.com/api/v1/members" \ -H 'Content-Type: application/json' \ -H 'Authorization: Bearer {{OAuth accessToken generated}}' \ -d '{ "tenantId": "string", "tenantUsersRolesInviteDetails": [{ "firstName": "string", "lastName": "string", "company": "string", "state": "string", "country": "string", "phone": "string", "extendedUserAttributes": { "reportsTo": "string", "description": "string", "department": "string", "jobTitle": "string", "communicationEmail": "string" }, "email": "string", "tenantRoleIds": [ "someRole", "maybeAnotherRole" ], "teamAdmin": false }] }' Removing members using curl
This API allows you to remove users from domain or organization (at max 50 users per request) and remove the users whose status is “invited” and have not accepted the invitation yet.
curl -X DELETE \ "https://account.cloud.tibco.com/api/v1/members" \ -H 'Content-Type: application/json' \ -H 'Authorization: Bearer {{OAuth accessToken }}' \ -d '{ "tenantId": "string", "emails": [ "remove@example.com", "delete@example.com" ] }' Updating user details using curl
This API allows you to update user details. Please send only those fields that you wish to update for the user.
Only those fields that are passed as the part of payload are updated. The fields that are not specified in the payload are retained.
The email field is mandatory for the user whose details are to be updated.
curl -X PUT \ "https://account.cloud.tibco.com/api/v1/users" \ -H 'Content-Type: application/json' \ -H 'Authorization: Bearer {{OAuth accessToken }}' \ -d '{ "usersDetails": [{ "email": "jane1@doe.com", "firstName": "Jane", "lastName": "Doe", "company": "Jane Doe Inc.", "country": "US", "phone": "+1345678654", "state": "CA", "extendedUserAttributes": { "reportsTo": "CEO", "department": "Sales", "jobTitle": "EVP", "description": "Executive VP", "communicationEmail": "jane@doe.com" } }] }' Note: The examples given above invoke the API in the us-west-2 (Oregon) region. If you have subscriptions in other regions, the API domains will be as follows:
-
eu-west-1 (Ireland): eu.account.cloud.tibco.com
-
ap-southeast-2 (Sydney): au.account.cloud.tibco.com
Additional Information
Feedback
