Identity and Access Management (Mar 25, 2024 7:36:45 AM)

Download OpenAPI specification:Download

Welcome to Synerise API Reference! We hope that you'll enjoy your stay here.

If you need help with our services, feel free to contact us at support@synerise.com.

Authentication

JWT

Synerise uses JSON Web Token (JWT) as the authorization method. The token is generated by the auth/login endpoint. You need to include it in the Authorization header of your requests, with a Bearer prefix. See this simplified example of a call:

curl -X GET https://api.synerise.com/v4/clients \
-H 'Accept: application/json' \
-H 'Api-Version: 4.4' \
-H 'Authorization: Bearer eyJhbGciOiJSzZXIiLCJjdGQiOjE1NTI0NjMzMjg4NjIsImF1dGgiOiJINHNJQUFBQUFBQUFBSXVPQlFBcHUwd05BZ0FBQUE9PSIsIm5tZSI' \
-H 'Content-Type: application/json'

Remember to include a space between Bearer and the token.

The token is valid for one hour (unless configured differently). You can request a refreshed key for the session by using the auth/refresh endpoint before the current token expires.

You can verify your JWT signature by using the public key.

Security Scheme Type HTTP
HTTP Authorization Scheme bearer

TrackerKey

Authorization by tracker key sent in a token query parameter. This may be the same key as used in the tracking code of the website. For details, see this article: https://help.synerise.com/developers/web/installation-and-configuration/#creating-a-tracking-code.

Security Scheme Type API Key
Query parameter name: token

Authorization

Methods to authorize and obtain JWT token required by our API endpoints

Refresh a Profile token

Retrieve a refreshed JWT Token to prolong the session.

The current token must still be active at the time of the request.


  • API consumers who can use this method: Profile (formerly client), Anonymous profile (formerly client)

  • This method does not require a Synerise authorization token.

Authorizations:
Request Body schema: application/json
apiKey
required
string

Profile API key

Responses

Request samples

Content type
application/json
{
  • "apiKey": "string"
}

Response samples

Content type
application/json
{
  • "token": "eyJhbGciOiinvalidI6IkFQSSIsInJsbSI6ImNsaWVudCIsImN0ZCI6MTUyODM1NTgzMjEzOCwiZW1sIjoia3J6eXN6dG9mLmN6ZXJlcGFrQGdtYWlsLmNvbSIsImlzcyI6IlN5bmVyaXNlIiwiYnBpIjo1OTQsImNsSWQiOjUyNTQ0NjU3NCwinvalidx2XwJp-QBZ94d_EEKf41KtDCE33KhP_vTAYrs-JzbnIHgKRvG6ZRwsNOL8OTnbfbUZH4XYaqBB_tZTPPKfzHutP6GEGp7PLtu2E92JbChkVyrn8VCQ5v4z2e1-zsdgbmWcQk2g9RydaydO6NYO55suT3Hz2ZRv0AYLsG8rM1biZGdREWx9OaknVVuIo2ivehBiukL7VQ6Bu8ugjep3mn-z666a-nCMh6ZuASiQ6Geq0NSWmdDQIoCa5Hg44KzMfGRlCR2uKBXeHTD0SkwJ1VJM0sHNKwSfMXKpaX8OJ5wUJpgCzDzQwKVgxgWFp4eO_sbcvxWrpI7W0lfdCy1WKirnZ6Uh3uJ06v97GQDAQqVgBZFEpS47MrGZhTNuAG4ZbfYO7yyxVO8AHQbEC-UvZ-8DC1XZjvQ6S1uNqQIlVGcthnrxg8K6vKVhNzu6ifQI0bbsCl8bGsKkXOEK1pKR3ekckcSjNeeY2LrcdXs8F2gtkm0TjXU"
}

Authenticate as Profile

Obtain a new JWT token for a Profile. If an account for the Profile does not exist and the identityProvider is different than SYNERISE, this request creates an account.

  • This method does not require a Synerise authorization token.
Request Body schema: application/json
apiKey
required
string

Profile API key

identityProvider
required
string
Enum: "SYNERISE" "FACEBOOK" "OAUTH" "APPLE" "GOOGLE" "UNKNOWN"

The identity provider.

identityProviderToken
string

Third-party authentication token used to authenticate with the Identity Provider. Required if identityProvider is different than SYNERISE.

email
string

Profile email. Required if identityProvider is SYNERISE and email is the unique identifier (default setting).

customId
any

Profile customId. Required if identityProvider is SYNERISE and customId is the unique identifier (see https://help.synerise.com/docs/settings/configuration/non-unique-emails/).

password
string

Profile password. Required if identityProvider is SYNERISE.

uuid
string

Profile UUID. Required if identityProvider is SYNERISE.

deviceId
string

Unique Android or iOS device ID

object

This object contains the marketing agreements of the Profile.

You can also pass the values as strings ("true";"True"/"false";"False") or integers (1 for true and 0 for false).

object

This object contains custom attributes that can have any name (except for reserved attributes, see warning below) and data type, as required by your integration.

If you want to send a date/time attribute for use in analytics, take the following into account:

  • The date/time should be formatted according to ISO 8601.
  • The time zone of the workspace affects dates/times in the attributes that DON'T have a defined timezone. Example:
    • 2023-10-09T12:00:00 doesn't have a timezone indicator and will be considered as a time in the workspace's time zone.
    • 2023-10-09T12:00:00+02:00 has a timezone indicator (+02:00), so the timezone of the workspace doesn't affect it.
    • 2023-10-09T12:00:00Z is a time in the UTC time zone (denoted by the Z at the end), so the timezone of the workspace doesn't affect it.

WARNING: Some attributes are reserved and cannot be sent. If you send them, they are ignored.

Click to expand the list of reserved attributes email
clientId
phone
customId
uuid
firstName
lastName
displayName
company
address
city
province
zipCode
countryCode
birthDate
sex
avatarUrl
anonymous
agreements
tags
businessProfileId
time
ip
source
newsletter_agreement
custom_identify
firstname
lastname
created
updated
last_activity_date
birthdate
external_avatar_url
displayname
receive_smses
receive_push_messages
receive_webpush_messages
receive_btooth_messages
receive_rfid_messages
receive_wifi_messages
confirmation_hash
ownerId
zipCode
anonymous_type
country_id
geo_loc_city
geo_loc_country
geo_loc_as
geo_loc_country_code
geo_loc_isp
geo_loc_lat
geo_loc_lon
geo_loc_org
geo_loc_query
geo_loc_region
geo_loc_region_name
geo_loc_status
geo_loc_timezone
geo_loc_zip
club_card_id
type
confirmed
facebookId
status
tags
Array of strings

Tags can be used to group profiles.

Responses

Request samples

Content type
application/json
{
  • "apiKey": "string",
  • "identityProvider": "SYNERISE",
  • "identityProviderToken": "string",
  • "email": "string",
  • "customId": null,
  • "password": "string",
  • "uuid": "string",
  • "deviceId": "string",
  • "agreements": {
    },
  • "attributes": { },
  • "tags": [
    ]
}

Response samples

Content type
application/json
{
  • "token": "eyJhbGciOiJSUzUxMiJ9.eyJzdinvalidwYmZkM2FkNDg2ZjQ3ZGRiMjE5MSIsImF1ZCI6IkFQSSIsInJsbSI6ImFub255bW91c19jbGllbnQiLCJjdGQiOjE1NTMwMDQxNTkxNTEsImVtbCI6IjYyMjM3NmY4LTAwMDAtMjIyMi1kN2Y5LTA3MGZhOTU2ZTk2M0Bhbm9ueW1vdXMuaW52YWxpZCIsImF1dGgiOiJINHNJQUFBQUFBQUFBSXVPQlFBcHUwd05BZ0FBQUE9PSIsImlzcyI6IlN5bmVyaXNlIiwiYnBpIjo0OCwiY2xJZCI6NDMzMjMwMjg4LCJleHAiOjE1NTMwMDcxNTksImFwayI6IjVBRUFBM0Q1LUUxNDctQzdFQi1ENTlFLUJDRjUwMTA5QTNEMSJ9.QOmSqrneR4mJFv4JdxTYsw_wGcDawDsVQuB-GVTcPPwijiP7lQ_Jzqq2Mypg1BS6WFlfGB8fzqCY9iMF_TdtjmoB4xBrY95ylU8L9qto-9Cw5x5TURkfxq31eryiHe2IteRAEtoVzYg2_s9QhlH6ANVcFOVp8dMno0V9bfMYfeSQa3FkjEbxFsseHkMOiADmp9-tOGtLXO942Ir-2W_Hz3Utlpt4erz0dVJBw8a-mFavPA8EEDWR7ACJNocrVHFkS3wFISh3LqLn6KkXiowaynKlJOEHGctuahzKmF3ZOJ1BvGgKohxF9OXvQs9IdmCfWhYsLr5Q2p04TJJ-MyvTipuggKVioh8mHmOFdfnN-Zused6tXzhZtKPUWTmM8cBKoAOBHExxcMQ8SVSjxnw_7_eLKm7S2wNpu0V-tiPZPCH4wYZXtWBYjmfy0V9ydjXnNunXfgxKixLeFNnONUXxEuqPLvM_xAuonQBXVN4nYrgJv8p8U6_ZlGMPjJq1szfcuBZnzI34LSEWx_nSof0XC5Czm8iG_ihG8naivNWS8h-Q-qKMP_3PPFsLSH4Egh03pH93EJUuNAeSO4RGfUX1wzMvrv1nBC1SM660uFMbq-wkplFBbKnHKMYe-qRs1-lZPG5PwPWJJdpGqOUzbnoMOJYmiq06OHHVQyJSkcEHLCk"
}

Authenticate as Profile (conditional)

Obtain a new JWT token for a Profile.

  • If the account does not exist, an account is not created.

  • If any additional conditions are required for logging in, the response is HTTP200 and lists the conditions.

  • Note that using this endpoint requires authenticating as an anonymous Profile first.

  • This method does not require a Synerise authorization token.

Authorizations:
Request Body schema: application/json
apiKey
required
string

Profile API key

identityProvider
required
string
Enum: "SYNERISE" "FACEBOOK" "OAUTH" "APPLE" "GOOGLE" "UNKNOWN"

The identity provider.

identityProviderToken
string

Third-party authentication token used to authenticate with the Identity Provider. Required if identityProvider is different than SYNERISE.

email
string

Profile email. Required if identityProvider is SYNERISE and email is the unique identifier (default setting).

customId
any

Profile customId. Required if identityProvider is SYNERISE and customId is the unique identifier (see https://help.synerise.com/docs/settings/configuration/non-unique-emails/).

password
string

Profile password. Required if identityProvider is SYNERISE.

uuid
string

Profile UUID. Required if identityProvider is SYNERISE.

deviceId
string

Unique Android or iOS device ID

object

This object contains the marketing agreements of the Profile.

You can also pass the values as strings ("true";"True"/"false";"False") or integers (1 for true and 0 for false).

object

This object contains custom attributes that can have any name (except for reserved attributes, see warning below) and data type, as required by your integration.

If you want to send a date/time attribute for use in analytics, take the following into account:

  • The date/time should be formatted according to ISO 8601.
  • The time zone of the workspace affects dates/times in the attributes that DON'T have a defined timezone. Example:
    • 2023-10-09T12:00:00 doesn't have a timezone indicator and will be considered as a time in the workspace's time zone.
    • 2023-10-09T12:00:00+02:00 has a timezone indicator (+02:00), so the timezone of the workspace doesn't affect it.
    • 2023-10-09T12:00:00Z is a time in the UTC time zone (denoted by the Z at the end), so the timezone of the workspace doesn't affect it.

WARNING: Some attributes are reserved and cannot be sent. If you send them, they are ignored.

Click to expand the list of reserved attributes email
clientId
phone
customId
uuid
firstName
lastName
displayName
company
address
city
province
zipCode
countryCode
birthDate
sex
avatarUrl
anonymous
agreements
tags
businessProfileId
time
ip
source
newsletter_agreement
custom_identify
firstname
lastname
created
updated
last_activity_date
birthdate
external_avatar_url
displayname
receive_smses
receive_push_messages
receive_webpush_messages
receive_btooth_messages
receive_rfid_messages
receive_wifi_messages
confirmation_hash
ownerId
zipCode
anonymous_type
country_id
geo_loc_city
geo_loc_country
geo_loc_as
geo_loc_country_code
geo_loc_isp
geo_loc_lat
geo_loc_lon
geo_loc_org
geo_loc_query
geo_loc_region
geo_loc_region_name
geo_loc_status
geo_loc_timezone
geo_loc_zip
club_card_id
type
confirmed
facebookId
status
tags
Array of strings

Tags can be used to group profiles.

Responses

Request samples

Content type
application/json
{
  • "apiKey": "string",
  • "identityProvider": "SYNERISE",
  • "identityProviderToken": "string",
  • "email": "string",
  • "customId": null,
  • "password": "string",
  • "uuid": "string",
  • "deviceId": "string",
  • "agreements": {
    },
  • "attributes": { },
  • "tags": [
    ]
}

Response samples

Content type
application/json
{
  • "conditions": [
    ],
  • "status": "SUCCESS",
  • "token": "string"
}

Authenticate anonymously

Obtain a new JWT for an anonymous Profile. The token can be used and refreshed in the same way as tokens of registered Profiles.

  • This method does not require a Synerise authorization token.
Request Body schema: application/json
apiKey
string

Profile API key (same as for Profile login)

deviceId
string

Unique Android or iOS device ID

uuid
string

UUID of the Profile. It is a unique identifier.

Responses

Request samples

Content type
application/json
{
  • "apiKey": "string",
  • "deviceId": "string",
  • "uuid": "07243772-008a-42e1-ba37-c3807cebde8f"
}

Response samples

Content type
application/json
{
  • "token": "eyJhbGciOiJSUzUxMiJ9.eyJzdinvalidwYmZkM2FkNDg2ZjQ3ZGRiMjE5MSIsImF1ZCI6IkFQSSIsInJsbSI6ImFub255bW91c19jbGllbnQiLCJjdGQiOjE1NTMwMDQxNTkxNTEsImVtbCI6IjYyMjM3NmY4LTAwMDAtMjIyMi1kN2Y5LTA3MGZhOTU2ZTk2M0Bhbm9ueW1vdXMuaW52YWxpZCIsImF1dGgiOiJINHNJQUFBQUFBQUFBSXVPQlFBcHUwd05BZ0FBQUE9PSIsImlzcyI6IlN5bmVyaXNlIiwiYnBpIjo0OCwiY2xJZCI6NDMzMjMwMjg4LCJleHAiOjE1NTMwMDcxNTksImFwayI6IjVBRUFBM0Q1LUUxNDctQzdFQi1ENTlFLUJDRjUwMTA5QTNEMSJ9.QOmSqrneR4mJFv4JdxTYsw_wGcDawDsVQuB-GVTcPPwijiP7lQ_Jzqq2Mypg1BS6WFlfGB8fzqCY9iMF_TdtjmoB4xBrY95ylU8L9qto-9Cw5x5TURkfxq31eryiHe2IteRAEtoVzYg2_s9QhlH6ANVcFOVp8dMno0V9bfMYfeSQa3FkjEbxFsseHkMOiADmp9-tOGtLXO942Ir-2W_Hz3Utlpt4erz0dVJBw8a-mFavPA8EEDWR7ACJNocrVHFkS3wFISh3LqLn6KkXiowaynKlJOEHGctuahzKmF3ZOJ1BvGgKohxF9OXvQs9IdmCfWhYsLr5Q2p04TJJ-MyvTipuggKVioh8mHmOFdfnN-Zused6tXzhZtKPUWTmM8cBKoAOBHExxcMQ8SVSjxnw_7_eLKm7S2wNpu0V-tiPZPCH4wYZXtWBYjmfy0V9ydjXnNunXfgxKixLeFNnONUXxEuqPLvM_xAuonQBXVN4nYrgJv8p8U6_ZlGMPjJq1szfcuBZnzI34LSEWx_nSof0XC5Czm8iG_ihG8naivNWS8h-Q-qKMP_3PPFsLSH4Egh03pH93EJUuNAeSO4RGfUX1wzMvrv1nBC1SM660uFMbq-wkplFBbKnHKMYe-qRs1-lZPG5PwPWJJdpGqOUzbnoMOJYmiq06OHHVQyJSkcEHLCk"
}

Log in as User

Authenticate as a User.

Note: To perform operations within a Workspace, you must select a Workspace.

  • This method does not require a Synerise authorization token.
Request Body schema: application/json
username
required
string

The login (email address) of the user

password
required
string

The user's password

deviceId
string

Identifier of user's current device

externalProviderToken
string
externalProviderType
string
Value: "GOOGLE"

Responses

Request samples

Content type
application/json
{
  • "username": "string",
  • "password": "string",
  • "deviceId": "string",
  • "externalProviderToken": "string",
  • "externalProviderType": "GOOGLE"
}

Response samples

Content type
application/json
{
  • "consumer": {
    },
  • "token": "string"
}

Verify User multi-factor authentication

Authenticate as a User with multi-factor authentication.

Note: To perform operations within a Workspace, you must select a Workspace.


  • API consumer who can use this method: Synerise User

  • This method is available to all authenticated users, before and after multi-factor authentication is confirmed.

Authorizations:
query Parameters
mfaType
required
string
Value: "TOTP_AUTHENTICATOR"

Type of multi-factor authentication

Request Body schema: application/json
verificationCode
required
string

Multi-factor verification code

deviceId
string
externalProviderToken
string
externalProviderType
string
Value: "GOOGLE"

Responses

Request samples

Content type
application/json
{
  • "verificationCode": "string",
  • "deviceId": "string",
  • "externalProviderToken": "string",
  • "externalProviderType": "GOOGLE"
}

Response samples

Content type
application/json
{
  • "consumer": {
    },
  • "token": "string"
}

Select Workspace

After logging in as a User, select a Workspace where you want to perform operations.


  • API consumer who can use this method: Synerise User

  • This method is available to all fully-authenticated users (multifactor confirmation required, if enabled).

Authorizations:
path Parameters
businessProfileUUID
required
string <uuid>

UUID of the workspace

Responses

Request samples

curl --request POST 
  --url https://api.synerise.com/uauth/auth/login/user/profile/%7BbusinessProfileUUID%7D 
  --header 'Authorization: Bearer _YOUR_JWT_TOKEN_'

Response samples

Content type
application/json
{
  • "consumer": {
    },
  • "token": "string"
}

Get Workspaces

Retrieve a list of Workspaces available to the user.


  • API consumer who can use this method: Synerise User

  • This method is available to all fully-authenticated users (multifactor confirmation required, if enabled).

Authorizations:

Responses

Request samples

curl --request GET 
  --url https://api.synerise.com/uauth/business-profile/ 
  --header 'Authorization: Bearer _YOUR_JWT_TOKEN_'

Response samples

Content type
application/json
[
  • {
    }
]

Get current Workspace

Retrieve information about the currently selected workspace.


  • API consumer who can use this method: Synerise User

  • This method is available to all fully-authenticated users (multifactor confirmation required, if enabled).

Authorizations:

Responses

Request samples

curl --request GET 
  --url https://api.synerise.com/uauth/business-profile/current 
  --header 'Authorization: Bearer _YOUR_JWT_TOKEN_'

Response samples

Content type
application/json
{
  • "businessProfileGuid": "string",
  • "logo": "string",
  • "name": "string",
  • "id": 0,
  • "created": "2019-08-24T14:15:22Z",
  • "subdomain": "string",
  • "ipRestricted": true,
  • "mfaRequired": true
}

Log in as Workspace

Obtain a new Workspace JWT Token.

  • This method does not require a Synerise authorization token.
Request Body schema: application/json
apiKey
required
string

Workspace API key

Responses

Request samples

Content type
application/json
{
  • "apiKey": "64c09614-1b2a-42f7-804d-f647243eb1ab"
}

Response samples

Content type
application/json
{
  • "token": "string"
}

Settings

Manage settings associated with Your Workspace

Get ban settings

Retrieve the configuration of applying bans after a number of failed logins.


  • API consumer who can use this method: Synerise User

  • API key Permissions are assigned to API keys (for Profile and Workspace scopes) and dictate which operations are available when using a particular API key. In the application, you can manage those permissions in Settings > API Keys. Remember that Profile and Workspace API keys are separate entities.permission required: SAUTH_SETTINGS_READ

  • User permissions are grouped and assigned to user roles. For each group, you can set separate permissions for the following operations: read, execute, create, edit, delete. In the application, they are available in Settings > Roles. To edit a role's permissions, hover over the role and click the "Permissions" button.User role permission group which allows access to this method: SETTINGS_CUSTOMERS_IAM_LOCKING_POLICY

Authorizations:

Responses

Request samples

curl --request GET 
  --url https://api.synerise.com/sauth/settings/ban 
  --header 'Authorization: Bearer _YOUR_JWT_TOKEN_'

Response samples

Content type
application/json
{
  • "blockingForClientEnabled": true,
  • "firstBanCollectingTime": 0,
  • "firstBanDuration": 0,
  • "firstBanThreshold": 0,
  • "secondBanCollectingTime": 0,
  • "secondBanDuration": 0,
  • "secondBanThreshold": 0,
  • "permanentBanCollectingTime": 0,
  • "permanentBanDuration": 0,
  • "permanentBanThreshold": 0
}

Update ban settings

Update the configuration of applying bans after a number of failed logins.


  • API consumer who can use this method: Synerise User

  • API key Permissions are assigned to API keys (for Profile and Workspace scopes) and dictate which operations are available when using a particular API key. In the application, you can manage those permissions in Settings > API Keys. Remember that Profile and Workspace API keys are separate entities.permission required: SAUTH_SETTINGS_UPDATE

  • User permissions are grouped and assigned to user roles. For each group, you can set separate permissions for the following operations: read, execute, create, edit, delete. In the application, they are available in Settings > Roles. To edit a role's permissions, hover over the role and click the "Permissions" button.User role permission group which allows access to this method: SETTINGS_CUSTOMERS_IAM_LOCKING_POLICY

Authorizations:
Request Body schema: application/json
blockingForClientEnabled
boolean

When TRUE, first- and second-level bans are enabled. Permanent bans are always enabled.

firstBanCollectingTime
integer <int32>

Time in seconds. If a Profile fails to log in too many times during this time, the account is banned. The number of login attempts is defined in firstBanThreshold and the duration is defined in firstBanDuration.

Note: The timer starts at the first login attempt and is common for first-level, second-level, and permanent bans.

firstBanDuration
integer <int32>

Duration of the first-level ban in seconds. The first-level ban is applied to a Profile's identifier and cancelled after a successful password reset.

firstBanThreshold
integer <int32>

The number of failed login attempts before the first-level ban is applied.

secondBanCollectingTime
integer <int32>

Time in seconds. If a Profile fails to log in too many times during this time, the account is banned. The number of login attempts is defined in secondBanThreshold and the duration is defined in secondBanDuration.

Note: The timer starts at the first login attempt and is common for first-level, second-level, and permanent bans.

secondBanDuration
integer <int32>

Duration of the second-level ban in seconds. The second-level ban is applied to a Profile's identifier and cancelled after a successful password reset.

secondBanThreshold
integer <int32>

The number of failed login attempts before the second-level ban is applied.

permanentBanCollectingTime
integer <int32>

Time in seconds. If a Profile fails to log in too many times during this time, the account is banned. The number of login attempts is defined in permanentBanThreshold and the duration is defined in permanentBanDuration.

Note: The timer starts at the first login attempt and is common for first-level, second-level, and permanent bans.

permanentBanDuration
integer <int32>

Duration of the permanent ban in seconds. The permanent ban is applied to an IP address and cancelled after a successful password reset.

permanentBanThreshold
integer <int32>

The number of failed login attempts before the permanent ban is applied.

Responses

Request samples

Content type
application/json
{
  • "blockingForClientEnabled": true,
  • "firstBanCollectingTime": 0,
  • "firstBanDuration": 0,
  • "firstBanThreshold": 0,
  • "secondBanCollectingTime": 0,
  • "secondBanDuration": 0,
  • "secondBanThreshold": 0,
  • "permanentBanCollectingTime": 0,
  • "permanentBanDuration": 0,
  • "permanentBanThreshold": 0
}

Response samples

Content type
application/json
{
  • "blockingForClientEnabled": true,
  • "firstBanCollectingTime": 0,
  • "firstBanDuration": 0,
  • "firstBanThreshold": 0,
  • "secondBanCollectingTime": 0,
  • "secondBanDuration": 0,
  • "secondBanThreshold": 0,
  • "permanentBanCollectingTime": 0,
  • "permanentBanDuration": 0,
  • "permanentBanThreshold": 0
}

Get email template settings

Get settings for email templates.


  • API consumer who can use this method: Synerise User

  • API key Permissions are assigned to API keys (for Profile and Workspace scopes) and dictate which operations are available when using a particular API key. In the application, you can manage those permissions in Settings > API Keys. Remember that Profile and Workspace API keys are separate entities.permission required: SAUTH_SETTINGS_READ

  • User permissions are grouped and assigned to user roles. For each group, you can set separate permissions for the following operations: read, execute, create, edit, delete. In the application, they are available in Settings > Roles. To edit a role's permissions, hover over the role and click the "Permissions" button.User role permission group which allows access to this method: SETTINGS_CUSTOMERS_IAM_ACCOUNT_CONFIRMATION

Authorizations:

Responses

Request samples

curl --request GET 
  --url https://api.synerise.com/sauth/settings/templates 
  --header 'Authorization: Bearer _YOUR_JWT_TOKEN_'

Response samples

Content type
application/json
{
  • "confirmationMailSubject": "string",
  • "confirmationMailBody": "string",
  • "confirmationMailTemplateId": "string",
  • "passwordResetMailTemplateId": "string",
  • "passwordResetMailSubject": "string",
  • "passwordResetMailBody": "string",
  • "clientEmailChangeRequestMailSubject": "string",
  • "clientEmailChangeRequestMailBody": "string",
  • "clientEmailChangeRequestMailTemplateId": "string",
  • "clientEmailChangeNotificationMailSubject": "string",
  • "clientEmailChangeNotificationMailBody": "string",
  • "clientEmailChangeNotificationMailTemplateId": "string",
  • "pinConfirmationMailSubject": "string",
  • "pinConfirmationMailBody": "string",
  • "pinConfirmationMailTemplateId": "string"
}

Update email template settings

Update email template settings. Omitted settings are reset to null!


  • API consumer who can use this method: Synerise User

  • API key Permissions are assigned to API keys (for Profile and Workspace scopes) and dictate which operations are available when using a particular API key. In the application, you can manage those permissions in Settings > API Keys. Remember that Profile and Workspace API keys are separate entities.permission required: SAUTH_SETTINGS_UPDATE

  • User permissions are grouped and assigned to user roles. For each group, you can set separate permissions for the following operations: read, execute, create, edit, delete. In the application, they are available in Settings > Roles. To edit a role's permissions, hover over the role and click the "Permissions" button.User role permission group which allows access to this method: SETTINGS_CUSTOMERS_IAM_ACCOUNT_CONFIRMATION

Authorizations:
Request Body schema: application/json
confirmationMailSubject
string

Subject of the account activation email

confirmationMailBody
string or null

HTML body of the account activation email. All " characters must be escaped and all the code must be a single line.

confirmationMailTemplateId
string or null

ID of the account activation email body template. If you use a template, it overrides the content sent in confirmationMailBody.

passwordResetMailTemplateId
string or null

ID of the password reset confirmation email body template

passwordResetMailSubject
string

Subject of the password reset confirmation email

passwordResetMailBody
string or null

HTML body of the password reset confirmation email. All " characters must be escaped and all the code must be a single line.

clientEmailChangeRequestMailSubject
string

Subject of the email change confirmation email. This is sent to the new address.

clientEmailChangeRequestMailBody
string or null

HTML body of the email change confirmation email. All " characters must be escaped and all the code must be a single line. This is sent to the new address.

clientEmailChangeRequestMailTemplateId
string or null

ID of the email change confirmation email body template. This email is sent to the new address. If you use a template, it overrides the content sent in clientEmailChangeRequestMailBody.

clientEmailChangeNotificationMailSubject
string

Subject of the email change notification email. This is sent to the current address.

clientEmailChangeNotificationMailBody
string or null

HTML body of the email change notification email. All " characters must be escaped and all the code must be a single line. This is sent to the current address.

clientEmailChangeNotificationMailTemplateId
string or null

ID of the email change notification email template. This email is sent to the current address. If you use a template, it overrides the content sent in clientEmailChangeNotificationMailBody.

pinConfirmationMailSubject
string

Subject of the email with the PIN needed to confirm an account.

pinConfirmationMailBody
string or null

HTML body of the email with the PIN needed to confirm an account. All " characters must be escaped and all the code must be a single line. The PIN code is inserted using the {{ pin_code }} Jinjava insert.

pinConfirmationMailTemplateId
string or null

ID of the template for the email with the PIN needed to confirm an account. If you use a template, it overrides the content sent in pinConfirmationMailBody.

Responses

Request samples

Content type
application/json
{
  • "confirmationMailSubject": "string",
  • "confirmationMailBody": "string",
  • "confirmationMailTemplateId": "string",
  • "passwordResetMailTemplateId": "string",
  • "passwordResetMailSubject": "string",
  • "passwordResetMailBody": "string",
  • "clientEmailChangeRequestMailSubject": "string",
  • "clientEmailChangeRequestMailBody": "string",
  • "clientEmailChangeRequestMailTemplateId": "string",
  • "clientEmailChangeNotificationMailSubject": "string",
  • "clientEmailChangeNotificationMailBody": "string",
  • "clientEmailChangeNotificationMailTemplateId": "string",
  • "pinConfirmationMailSubject": "string",
  • "pinConfirmationMailBody": "string",
  • "pinConfirmationMailTemplateId": "string"
}

Response samples

Content type
application/json
{
  • "confirmationMailSubject": "string",
  • "confirmationMailBody": "string",
  • "confirmationMailTemplateId": "string",
  • "passwordResetMailTemplateId": "string",
  • "passwordResetMailSubject": "string",
  • "passwordResetMailBody": "string",
  • "clientEmailChangeRequestMailSubject": "string",
  • "clientEmailChangeRequestMailBody": "string",
  • "clientEmailChangeRequestMailTemplateId": "string",
  • "clientEmailChangeNotificationMailSubject": "string",
  • "clientEmailChangeNotificationMailBody": "string",
  • "clientEmailChangeNotificationMailTemplateId": "string",
  • "pinConfirmationMailSubject": "string",
  • "pinConfirmationMailBody": "string",
  • "pinConfirmationMailTemplateId": "string"
}

Get device authorization settings

Retrieve the settings related to authorization of logins from unknown devices.


  • API consumer who can use this method: Synerise User

  • API key Permissions are assigned to API keys (for Profile and Workspace scopes) and dictate which operations are available when using a particular API key. In the application, you can manage those permissions in Settings > API Keys. Remember that Profile and Workspace API keys are separate entities.permission required: SAUTH_SETTINGS_READ

  • User permissions are grouped and assigned to user roles. For each group, you can set separate permissions for the following operations: read, execute, create, edit, delete. In the application, they are available in Settings > Roles. To edit a role's permissions, hover over the role and click the "Permissions" button.User role permission group which allows access to this method: SETTINGS_CUSTOMERS_IAM_LOCKING_POLICY

Authorizations:

Responses

Request samples

curl --request GET 
  --url https://api.synerise.com/sauth/settings/device-control 
  --header 'Authorization: Bearer _YOUR_JWT_TOKEN_'

Response samples

Content type
application/json
{
  • "deviceControlMode": "false",
  • "hardMailBody": "string",
  • "hardMailTitle": "string",
  • "hardTemplateId": "string",
  • "softMailBody": "string",
  • "softMailTitle": "string",
  • "softTemplateId": "string"
}

Update device authorization settings

Update the settings related to authorization of logins from unknown devices.


  • API consumer who can use this method: Synerise User

  • API key Permissions are assigned to API keys (for Profile and Workspace scopes) and dictate which operations are available when using a particular API key. In the application, you can manage those permissions in Settings > API Keys. Remember that Profile and Workspace API keys are separate entities.permission required: SAUTH_SETTINGS_UPDATE

  • User permissions are grouped and assigned to user roles. For each group, you can set separate permissions for the following operations: read, execute, create, edit, delete. In the application, they are available in Settings > Roles. To edit a role's permissions, hover over the role and click the "Permissions" button.User role permission group which allows access to this method: SETTINGS_CUSTOMERS_IAM_LOCKING_POLICY

Authorizations:
Request Body schema: application/json
deviceControlMode
string
Enum: "false" "SOFT" "HARD" "CONDITIONAL_BASED_ON_LOCATION"

Defines the type of device authorization.

  • OFF: No device authorization.
  • SOFT: The Profile is notified about logins from a new device, but the access is not blocked.
  • HARD: Login attempts from the new device are blocked until the Profile authorizes the device with the link or token received by email.
  • CONDITIONAL_BASED_ON_LOCATION: If a Profile logs in from a new device in Poland, they receive a notification (same as with SOFT setting). If the new device is outside of Poland, it must be authorized with a link or token received by email (same as with HARD setting). Other countries will be supported in the future.
hardMailBody
string

HTML body of the device authorization email for hard mode. All " characters must be escaped and all the code must be a single line.

hardMailTitle
string

Subject of the device authorization email for hard mode.

hardTemplateId
string

ID of the device authorization email template for hard mode. If you use a template, it overrides the content sent in hardMailBody.

softMailBody
string

HTML body of the device authorization email for soft mode. All " characters must be escaped and all the code must be a single line.

softMailTitle
string

Subject of the device authorization email for soft mode.

softTemplateId
string

ID of the device authorization email template for soft mode. If you use a template, it overrides the content sent in softMailBody.

Responses

Request samples

Content type
application/json
{
  • "deviceControlMode": "false",
  • "hardMailBody": "string",
  • "hardMailTitle": "string",
  • "hardTemplateId": "string",
  • "softMailBody": "string",
  • "softMailTitle": "string",
  • "softTemplateId": "string"
}

Response samples

Content type
application/json
{
  • "deviceControlMode": "false",
  • "hardMailBody": "string",
  • "hardMailTitle": "string",
  • "hardTemplateId": "string",
  • "softMailBody": "string",
  • "softMailTitle": "string",
  • "softTemplateId": "string"
}

Get general settings

Retrieve the general settings of the workspace.


  • API consumer who can use this method: Synerise User

  • API key Permissions are assigned to API keys (for Profile and Workspace scopes) and dictate which operations are available when using a particular API key. In the application, you can manage those permissions in Settings > API Keys. Remember that Profile and Workspace API keys are separate entities.permission required: SAUTH_SETTINGS_READ

  • User permissions are grouped and assigned to user roles. For each group, you can set separate permissions for the following operations: read, execute, create, edit, delete. In the application, they are available in Settings > Roles. To edit a role's permissions, hover over the role and click the "Permissions" button.User role permission group which allows access to this method: SETTINGS_CUSTOMERS_IAM_ACCOUNT_CONFIRMATION

Authorizations:

Responses

Request samples

curl --request GET 
  --url https://api.synerise.com/sauth/settings/general 
  --header 'Authorization: Bearer _YOUR_JWT_TOKEN_'

Response samples

Content type
application/json
{
  • "tokenLifetimeInSeconds": 0,
  • "voucherPoolUuid": "string",
  • "allowOverwriteCustomIdentify": false,
  • "allowOverwriteExternalId": false,
  • "allowEmailChangeFromWebForm": false
}

Update general settings

Update general settings. Settings omitted in the request are reset to default!.


  • API consumer who can use this method: Synerise User

  • API key Permissions are assigned to API keys (for Profile and Workspace scopes) and dictate which operations are available when using a particular API key. In the application, you can manage those permissions in Settings > API Keys. Remember that Profile and Workspace API keys are separate entities.permission required: SAUTH_SETTINGS_UPDATE

  • User permissions are grouped and assigned to user roles. For each group, you can set separate permissions for the following operations: read, execute, create, edit, delete. In the application, they are available in Settings > Roles. To edit a role's permissions, hover over the role and click the "Permissions" button.User role permission group which allows access to this method: SETTINGS_CUSTOMERS_IAM_ACCOUNT_CONFIRMATION

Authorizations:
Request Body schema: application/json
tokenLifetimeInSeconds
required
integer <int64>
Default: 0

The time in seconds before the authorization tokens expire. If set to 0 (default), the global Synerise setting is applied: 60 minutes.

voucherPoolUuid
string

UUID of the voucher pool that stores customId values available for assignment to new Profiles, if applicable in your implementation.

allowOverwriteCustomIdentify
boolean
Default: false

When set to TRUE, customers' customId values may be modified. By default, the customId cannot be changed.

allowOverwriteExternalId
boolean
Default: false

When set to TRUE, a profile's externalId value may be modified.

This may be useful, for example, if someone deletes their account with an external authentication provider, and then registers a new account with the same email. The external provider assigns a new ID and you need to allow overwriting the existing external ID in Synerise in order to link the existing profile in Synerise with the newly created account from the external provider.

allowEmailChangeFromWebForm
boolean
Default: false

When set to TRUE, email change can be requested/confirmed using a web form.

Responses

Request samples

Content type
application/json
{
  • "tokenLifetimeInSeconds": 0,
  • "voucherPoolUuid": "string",
  • "allowOverwriteCustomIdentify": false,
  • "allowOverwriteExternalId": false,
  • "allowEmailChangeFromWebForm": false
}

Response samples

Content type
application/json
{
  • "tokenLifetimeInSeconds": 0,
  • "voucherPoolUuid": "string",
  • "allowOverwriteCustomIdentify": false,
  • "allowOverwriteExternalId": false,
  • "allowEmailChangeFromWebForm": false
}

Get OAuth settings

Retrieve OAuth authentication settings


  • API consumer who can use this method: Synerise User

  • API key Permissions are assigned to API keys (for Profile and Workspace scopes) and dictate which operations are available when using a particular API key. In the application, you can manage those permissions in Settings > API Keys. Remember that Profile and Workspace API keys are separate entities.permission required: SAUTH_SETTINGS_READ

  • User permissions are grouped and assigned to user roles. For each group, you can set separate permissions for the following operations: read, execute, create, edit, delete. In the application, they are available in Settings > Roles. To edit a role's permissions, hover over the role and click the "Permissions" button.User role permission group which allows access to this method: SETTINGS_CUSTOMERS_IAM_OAUTH

Authorizations:

Responses

Request samples

curl --request GET 
  --url https://api.synerise.com/sauth/settings/oauth 
  --header 'Authorization: Bearer _YOUR_JWT_TOKEN_'

Response samples

Content type
application/json
{
  • "enabled": true,
  • "mode": "JWT_TOKEN",
  • "endpoint": "string",
  • "jwkEndpoint": "string",
  • "headers": {
    },
  • "mapping": {
    },
  • "name": "string",
  • "mappedExternal": true,
  • "syncDataOnLogin": false,
  • "validation": {
    }
}

Update OAuth settings

Update OAuth authentication settings


  • API consumer who can use this method: Synerise User

  • API key Permissions are assigned to API keys (for Profile and Workspace scopes) and dictate which operations are available when using a particular API key. In the application, you can manage those permissions in Settings > API Keys. Remember that Profile and Workspace API keys are separate entities.permission required: SAUTH_SETTINGS_UPDATE

  • User permissions are grouped and assigned to user roles. For each group, you can set separate permissions for the following operations: read, execute, create, edit, delete. In the application, they are available in Settings > Roles. To edit a role's permissions, hover over the role and click the "Permissions" button.User role permission group which allows access to this method: SETTINGS_CUSTOMERS_IAM_OAUTH

Authorizations:
Request Body schema: application/json
Any of
enabled
boolean
mode
string
Enum: "JWT_TOKEN" "SERVER"

The mode of authentication:

  • SERVER: Your OAuth server returns a token to the client device; the client device passes it to the Synerise backend; Synerise backend verifies the token with your OAuth backend
  • JWT_TOKEN: Your OAuth server returns a JWT to the client device; the client device passes it to the Synerise backend; the Synerise backends verifies it with the provided JWK. This mode requires fewer resources from your backend.
name
string

Name of the integration

endpoint
string

URL of the OAuth authorization endpoint when the SERVER mode is selected.
If you want to pass the token from your backend in the URL, use the {{_snrs_access_token}} insert.

object

'Headers for the authorization request when SERVER mode is selected. For example, "X-Custom-Header": "someValue"
If you want to pass the token from your backend in a header, use the {{_snrs_access_token}} insert'

object

A mapping of fields from the Synerise endpoint to your OAuth endpoint. For example, if your field is called token and its counterpart in Synerise is accessToken, the mapping is "accessToken": "token"

mappedExternal
boolean
Default: true

If set to FALSE, the authentication request must include the customer's customId in the body.

syncDataOnLogin
boolean
Default: false

When set to TRUE, profile data from an external authentication provider is uploaded into the Synerise database every time the profile logs in. When FALSE, the data is saved only the first time a profile logs in, so that the amount of data is reduced in later authentication requests.

Responses

Request samples

Content type
application/json
Example
{
  • "enabled": true,
  • "mode": "JWT_TOKEN",
  • "name": "string",
  • "endpoint": "string",
  • "headers": {
    },
  • "mapping": {
    },
  • "mappedExternal": true,
  • "syncDataOnLogin": false
}

Response samples

Content type
application/json
{
  • "enabled": true,
  • "mode": "JWT_TOKEN",
  • "endpoint": "string",
  • "jwkEndpoint": "string",
  • "headers": {
    },
  • "mapping": {
    },
  • "name": "string",
  • "mappedExternal": true,
  • "syncDataOnLogin": false,
  • "validation": {
    }
}

getSyneriseAuthConfig


  • API consumer who can use this method: Synerise User

  • API key Permissions are assigned to API keys (for Profile and Workspace scopes) and dictate which operations are available when using a particular API key. In the application, you can manage those permissions in Settings > API Keys. Remember that Profile and Workspace API keys are separate entities.permission required: SAUTH_SETTINGS_READ

  • User permissions are grouped and assigned to user roles. For each group, you can set separate permissions for the following operations: read, execute, create, edit, delete. In the application, they are available in Settings > Roles. To edit a role's permissions, hover over the role and click the "Permissions" button.User role permission group which allows access to this method: SETTINGS_CUSTOMERS_IAM

Responses

Request samples

curl --request GET 
  --url https://api.synerise.com/sauth/settings/synerise-auth

Response samples

Content type
application/json
{
  • "enabled": true,
  • "registrationType": "REQUIRE_ACTIVATION",
  • "pinConfirmationType": "EVERYONE",
  • "pinConfirmationLength": 6,
  • "pinConfirmationValidInSeconds": 300,
  • "allowPinResendFromDifferentDeviceId": false,
  • "confirmationRedirectLink": "string"
}

updateSyneriseAuthSettings


  • API consumer who can use this method: Synerise User

  • API key Permissions are assigned to API keys (for Profile and Workspace scopes) and dictate which operations are available when using a particular API key. In the application, you can manage those permissions in Settings > API Keys. Remember that Profile and Workspace API keys are separate entities.permission required: SAUTH_SETTINGS_UPDATE

  • User permissions are grouped and assigned to user roles. For each group, you can set separate permissions for the following operations: read, execute, create, edit, delete. In the application, they are available in Settings > Roles. To edit a role's permissions, hover over the role and click the "Permissions" button.User role permission group which allows access to this method: SETTINGS_CUSTOMERS_IAM

Request Body schema: application/json
enabled
required
boolean
registrationType
required
string
Enum: "REQUIRE_ACTIVATION" "REQUIRE_EMAIL_CONFIRMATION" "AUTOMATIC" "REQUIRE_PIN_CONFIRMATION"
pinConfirmationType
string
Default: "ON_CONFLICT_WITH_EXTERNAL_ACCOUNT"
Enum: "EVERYONE" "ON_CONFLICT_WITH_EXTERNAL_ACCOUNT"

Defines if PIN confirmation (if enabled) is required for all new accounts or only if there is a conflict with an existing account registered by using third-party Identity Providers.

pinConfirmationLength
integer
Default: 6

The number of characters in the PIN

pinConfirmationValidInSeconds
integer
Default: 300

TTL of the PIN code before it expires and cannot be used

allowPinResendFromDifferentDeviceId
boolean
Default: false

When TRUE, a PIN email re-send can be requested from a different device than the last device that requested a PIN email.

NOTE: Regardless of this setting, the activation request can only be sent from the last device that requested a PIN email.

confirmationRedirectLink
string

Redirect URL of the confirmation link

Responses

Request samples

Content type
application/json
{
  • "enabled": true,
  • "registrationType": "REQUIRE_ACTIVATION",
  • "pinConfirmationType": "EVERYONE",
  • "pinConfirmationLength": 6,
  • "pinConfirmationValidInSeconds": 300,
  • "allowPinResendFromDifferentDeviceId": false,
  • "confirmationRedirectLink": "string"
}

Response samples

Content type
application/json
{
  • "enabled": true,
  • "registrationType": "REQUIRE_ACTIVATION",
  • "pinConfirmationType": "EVERYONE",
  • "pinConfirmationLength": 6,
  • "pinConfirmationValidInSeconds": 300,
  • "allowPinResendFromDifferentDeviceId": false,
  • "confirmationRedirectLink": "string"
}

getFacebookOauthSettings


  • API consumer who can use this method: Synerise User

  • API key Permissions are assigned to API keys (for Profile and Workspace scopes) and dictate which operations are available when using a particular API key. In the application, you can manage those permissions in Settings > API Keys. Remember that Profile and Workspace API keys are separate entities.permission required: SAUTH_SETTINGS_READ

  • User permissions are grouped and assigned to user roles. For each group, you can set separate permissions for the following operations: read, execute, create, edit, delete. In the application, they are available in Settings > Roles. To edit a role's permissions, hover over the role and click the "Permissions" button.User role permission group which allows access to this method: SETTINGS_CUSTOMERS_IAM_OAUTH

Responses

Request samples

curl --request GET 
  --url https://api.synerise.com/sauth/settings/oauth/facebook

Response samples

Content type
application/json
{
  • "enabled": true
}

updateFacebookOauthSettings


  • API consumer who can use this method: Synerise User

  • API key Permissions are assigned to API keys (for Profile and Workspace scopes) and dictate which operations are available when using a particular API key. In the application, you can manage those permissions in Settings > API Keys. Remember that Profile and Workspace API keys are separate entities.permission required: SAUTH_SETTINGS_UPDATE

  • User permissions are grouped and assigned to user roles. For each group, you can set separate permissions for the following operations: read, execute, create, edit, delete. In the application, they are available in Settings > Roles. To edit a role's permissions, hover over the role and click the "Permissions" button.User role permission group which allows access to this method: SETTINGS_CUSTOMERS_IAM_OAUTH

Request Body schema: application/json
enabled
required
boolean

Responses

Request samples

Content type
application/json
{
  • "enabled": true
}

getGoogleOauthSettings


  • API consumer who can use this method: Synerise User

  • API key Permissions are assigned to API keys (for Profile and Workspace scopes) and dictate which operations are available when using a particular API key. In the application, you can manage those permissions in Settings > API Keys. Remember that Profile and Workspace API keys are separate entities.permission required: SAUTH_SETTINGS_READ

  • User permissions are grouped and assigned to user roles. For each group, you can set separate permissions for the following operations: read, execute, create, edit, delete. In the application, they are available in Settings > Roles. To edit a role's permissions, hover over the role and click the "Permissions" button.User role permission group which allows access to this method: SETTINGS_CUSTOMERS_IAM_OAUTH

Responses

Request samples

curl --request GET 
  --url https://api.synerise.com/sauth/settings/oauth/google

Response samples

Content type
application/json
{
  • "enabled": true
}

updateGoogleOauthSettings


  • API consumer who can use this method: Synerise User

  • API key Permissions are assigned to API keys (for Profile and Workspace scopes) and dictate which operations are available when using a particular API key. In the application, you can manage those permissions in Settings > API Keys. Remember that Profile and Workspace API keys are separate entities.permission required: SAUTH_SETTINGS_UPDATE

  • User permissions are grouped and assigned to user roles. For each group, you can set separate permissions for the following operations: read, execute, create, edit, delete. In the application, they are available in Settings > Roles. To edit a role's permissions, hover over the role and click the "Permissions" button.User role permission group which allows access to this method: SETTINGS_CUSTOMERS_IAM_OAUTH

Request Body schema: application/json
enabled
required
boolean

Responses

Request samples

Content type
application/json
{
  • "enabled": true
}

Get Sign in with Apple settings

Retrieve Sign in with Apple settings.


  • API consumer who can use this method: Synerise User

  • API key Permissions are assigned to API keys (for Profile and Workspace scopes) and dictate which operations are available when using a particular API key. In the application, you can manage those permissions in Settings > API Keys. Remember that Profile and Workspace API keys are separate entities.permission required: SAUTH_SETTINGS_READ

  • User permissions are grouped and assigned to user roles. For each group, you can set separate permissions for the following operations: read, execute, create, edit, delete. In the application, they are available in Settings > Roles. To edit a role's permissions, hover over the role and click the "Permissions" button.User role permission group which allows access to this method: SETTINGS_CUSTOMERS_IAM_OAUTH

Authorizations:

Responses

Request samples

curl --request GET 
  --url https://api.synerise.com/sauth/settings/oauth/apple 
  --header 'Authorization: Bearer _YOUR_JWT_TOKEN_'

Response samples

Content type
application/json
{
  • "enabled": true,
  • "bundle": "com.synerise.sdk.sample-swift"
}

Update Sign in with Apple settings

Update Sign in with Apple settings.


  • API consumer who can use this method: Synerise User

  • API key Permissions are assigned to API keys (for Profile and Workspace scopes) and dictate which operations are available when using a particular API key. In the application, you can manage those permissions in Settings > API Keys. Remember that Profile and Workspace API keys are separate entities.permission required: SAUTH_SETTINGS_UPDATE

  • User permissions are grouped and assigned to user roles. For each group, you can set separate permissions for the following operations: read, execute, create, edit, delete. In the application, they are available in Settings > Roles. To edit a role's permissions, hover over the role and click the "Permissions" button.User role permission group which allows access to this method: SETTINGS_CUSTOMERS_IAM_OAUTH

Authorizations:
Request Body schema: application/json
enabled
boolean

Defines if Sign in with Apple is enabled in this workspace.

bundle
string

Name of your application package

Responses

Request samples

Content type
application/json
{
  • "enabled": true,
  • "bundle": "com.synerise.sdk.sample-swift"
}

Response samples

Content type
application/json
{
  • "enabled": true,
  • "bundle": "com.synerise.sdk.sample-swift"
}

Access control

Security settings of a workspace: MFA, IP policies, etc.

Get user password policy

Retrieve the user password policy of the workspace.


  • API consumer who can use this method: Synerise User

  • API key Permissions are assigned to API keys (for Profile and Workspace scopes) and dictate which operations are available when using a particular API key. In the application, you can manage those permissions in Settings > API Keys. Remember that Profile and Workspace API keys are separate entities.permission required: UAUTH_SETTINGS_PASSWORD_POLICY_READ

  • User permissions are grouped and assigned to user roles. For each group, you can set separate permissions for the following operations: read, execute, create, edit, delete. In the application, they are available in Settings > Roles. To edit a role's permissions, hover over the role and click the "Permissions" button.User role permission group which allows access to this method: SETTINGS_USERS_AM_PASSWORD_POLICY

Authorizations:

Responses

Request samples

curl --request GET 
  --url https://api.synerise.com/uauth/settings/password-policy 
  --header 'Authorization: Bearer _YOUR_JWT_TOKEN_'

Response samples

Content type
application/json
{
  • "attempts": 0,
  • "block": 0,
  • "different": 0,
  • "digits": 0,
  • "expiration": 0,
  • "lowerLetters": 0,
  • "maxIdleTime": 0,
  • "maxLength": 0,
  • "minLength": 0,
  • "nextChange": 0,
  • "specialChars": 0,
  • "upperLetters": 0
}

Update user password policy

Update the user password policy. Entering 0 as the value disables a requirement.


  • API consumer who can use this method: Synerise User

  • API key Permissions are assigned to API keys (for Profile and Workspace scopes) and dictate which operations are available when using a particular API key. In the application, you can manage those permissions in Settings > API Keys. Remember that Profile and Workspace API keys are separate entities.permission required: UAUTH_SETTINGS_PASSWORD_POLICY_UPDATE

  • User permissions are grouped and assigned to user roles. For each group, you can set separate permissions for the following operations: read, execute, create, edit, delete. In the application, they are available in Settings > Roles. To edit a role's permissions, hover over the role and click the "Permissions" button.User role permission group which allows access to this method: SETTINGS_USERS_AM_PASSWORD_POLICY

Authorizations:
Request Body schema: application/json
attempts
integer <int32>

The number of failed sign-in attempts after which an account is blocked

block
integer <int32>

The number of days after which an account is blocked after the password expires.

different
integer <int32>

Defines how many previous passwords are compared.

For example, if set to 3, the new password must be different than the 3 last passwords.

digits
integer <int32>

The minimum number of digits in a password

expiration
integer <int32>

The number of days after which the passwords expire

lowerLetters
integer <int32>

The minimum number of lower-case letters in a password

maxIdleTime
integer <int32>

Time (in seconds) after which an idle user is signed out

maxLength
integer <int32>

The maximum number of characters in a password

minLength
integer <int32>

The minimum number of characters in a password

nextChange
integer <int32>

Currently not used

specialChars
integer <int32>

The minimum number of special characters in a password

upperLetters
integer <int32>

The minimum number of upper-case letters in a password

Responses

Request samples

Content type
application/json
{
  • "attempts": 0,
  • "block": 0,
  • "different": 0,
  • "digits": 0,
  • "expiration": 0,
  • "lowerLetters": 0,
  • "maxIdleTime": 0,
  • "maxLength": 0,
  • "minLength": 0,
  • "nextChange": 0,
  • "specialChars": 0,
  • "upperLetters": 0
}

Response samples

Content type
application/json
{
  • "attempts": 0,
  • "block": 0,
  • "different": 0,
  • "digits": 0,
  • "expiration": 0,
  • "lowerLetters": 0,
  • "maxIdleTime": 0,
  • "maxLength": 0,
  • "minLength": 0,
  • "nextChange": 0,
  • "specialChars": 0,
  • "upperLetters": 0
}

Enable MFA requirement for workspace

This request enables multi-factor authentication requirement for the currently selected workspace. After enabling this setting, only users with MFA can access the workspace.


  • API consumer who can use this method: Synerise User

  • This method is available to all fully-authenticated users (multifactor confirmation required, if enabled).

Authorizations:

Responses

Request samples

curl --request POST 
  --url https://api.synerise.com/uauth/business-profile/mfa/requirements 
  --header 'Authorization: Bearer _YOUR_JWT_TOKEN_'

Disable MFA requirement for workspace

This request disables multi-factor authentication requirement for the currently selected workspace. After disabling this setting, users without MFA can access the workspace.


  • API consumer who can use this method: Synerise User

  • This method is available to all fully-authenticated users (multifactor confirmation required, if enabled).

Authorizations:

Responses

Request samples

curl --request DELETE 
  --url https://api.synerise.com/uauth/business-profile/mfa/requirements 
  --header 'Authorization: Bearer _YOUR_JWT_TOKEN_'

Get own strongest password policy

If a user has access to more than one workspace, you can use this endpoint to find the strictest password policy of all the policies in these workspaces. The user's password must meet the requirements of that strictest policy.


  • API consumer who can use this method: Synerise User

  • This method is available to all authenticated users, before and after multi-factor authentication is confirmed.

Responses

Request samples

curl --request GET 
  --url https://api.synerise.com/uauth/users/my-account/strongest-password-settings

Get IP allowlist policy

Retrieve the details of IP allowlisting policy of the workspace.


  • API consumer who can use this method: Synerise User

  • API key Permissions are assigned to API keys (for Profile and Workspace scopes) and dictate which operations are available when using a particular API key. In the application, you can manage those permissions in Settings > API Keys. Remember that Profile and Workspace API keys are separate entities.permission required: UAUTH_SETTINGS_USER_IP_READ

  • User permissions are grouped and assigned to user roles. For each group, you can set separate permissions for the following operations: read, execute, create, edit, delete. In the application, they are available in Settings > Roles. To edit a role's permissions, hover over the role and click the "Permissions" button.User role permission group which allows access to this method: SETTINGS_BP

Authorizations:

Responses

Request samples

curl --request GET 
  --url https://api.synerise.com/uauth/settings/user-bp-ip-policy 
  --header 'Authorization: Bearer _YOUR_JWT_TOKEN_'

Response samples

Content type
application/json
{
  • "enabled": true,
  • "enableSupportSubnets": true,
  • "ipPolicy": [
    ]
}

Update IP allowlist policy

Update the details of IP allowlisting policy of the workspace.


  • API consumer who can use this method: Synerise User

  • API key Permissions are assigned to API keys (for Profile and Workspace scopes) and dictate which operations are available when using a particular API key. In the application, you can manage those permissions in Settings > API Keys. Remember that Profile and Workspace API keys are separate entities.permission required: UAUTH_SETTINGS_USER_IP_UPDATE

  • User permissions are grouped and assigned to user roles. For each group, you can set separate permissions for the following operations: read, execute, create, edit, delete. In the application, they are available in Settings > Roles. To edit a role's permissions, hover over the role and click the "Permissions" button.User role permission group which allows access to this method: SETTINGS_BP

Authorizations:
Request Body schema: application/json
enabled
boolean

When TRUE, the policy is active and only the included addresses are allowed to connect.

enableSupportSubnets
boolean
Default: true

When TRUE, the IP addresses used by Synerise for service work are added to the allowlist. These addresses depend on the configuration.

ipPolicy
Array of strings

List of allowed IPv4 addresses

Responses

Request samples

Content type
application/json
{
  • "enabled": true,
  • "enableSupportSubnets": true,
  • "ipPolicy": [
    ]
}

Response samples

Content type
application/json
{
  • "enabled": true,
  • "enableSupportSubnets": true,
  • "ipPolicy": [
    ]
}

Get strongest password policy of a User

If a user has access to more than one workspace, you can use this endpoint to find the strictest password policy of all the policies in these workspaces. The user's password must meet the requirements of that strictest policy.

  • This method does not require a Synerise authorization token.
Authorizations:
path Parameters
email
required
string

User's email address

Responses

Request samples

curl --request GET 
  --url https://api.synerise.com/uauth/strongest-password-settings-by-email/%7Bemail%7D 
  --header 'Authorization: Bearer _YOUR_JWT_TOKEN_'

Response samples

Content type
application/json
{
  • "attempts": 0,
  • "block": 0,
  • "businessProfileId": 594,
  • "different": 0,
  • "digits": 0,
  • "expiration": 0,
  • "lowerLetters": 0,
  • "maxIdleTime": 0,
  • "maxLength": 0,
  • "minLength": 0,
  • "nextChange": 0,
  • "specialChars": 0,
  • "upperLetters": 0
}

Initiate multi-factor authentication for user

Begins the process of enabling multi-factor authentication for a user by initiating it.


  • API consumer who can use this method: Synerise User

  • This method is available to all authenticated users, before and after multi-factor authentication is confirmed.

Authorizations:
query Parameters
mfaType
required
string
Value: "TOTP_AUTHENTICATOR"

Type of multi-factor authentication

Responses

Request samples

curl --request POST 
  --url 'https://api.synerise.com/uauth/users/mfa/initialization?mfaType=SOME_STRING_VALUE' 
  --header 'Authorization: Bearer _YOUR_JWT_TOKEN_'

Response samples

Content type
application/json
{
  • "url": "string",
  • "secret": "string"
}

Confirm multi-factor authentication for user

Continues the process of enabling multi-factor authentication for a user by confirming it.


  • API consumer who can use this method: Synerise User

  • This method is available to all authenticated users, before and after multi-factor authentication is confirmed.

Authorizations:
query Parameters
mfaType
required
string
Value: "TOTP_AUTHENTICATOR"

Type of multi-factor authentication

Request Body schema: application/json
verificationCode
required
string

Multi-factor verification code

Responses

Request samples

Content type
application/json
{
  • "verificationCode": "string"
}

Response samples

Content type
application/json
{
  • "backupCode": "string"
}

Remove multi-factor authentication for user

Removes user multi-factor authentication.


  • API consumer who can use this method: Synerise User

  • This method is available to all authenticated users, before and after multi-factor authentication is confirmed.

Authorizations:
query Parameters
mfaType
required
string
Value: "TOTP_AUTHENTICATOR"

Type of multi-factor authentication

backupCode
required
string

User's backup code

Responses

Request samples

curl --request DELETE 
  --url 'https://api.synerise.com/uauth/users/mfa?mfaType=SOME_STRING_VALUE&backupCode=SOME_STRING_VALUE' 
  --header 'Authorization: Bearer _YOUR_JWT_TOKEN_'

User management

Manage user accounts in your workspace

Find user by invitation token

You can retrieve the details of an account by providing the invitation token generated for that account.

  • This method does not require a Synerise authorization token.
path Parameters
invitationToken
required
string

Invitation token

Responses

Request samples

curl --request GET 
  --url https://api.synerise.com/uauth/user/register/invitation/%7BinvitationToken%7D

Response samples

Content type
application/json
{
  • "email": "string",
  • "firstName": "string",
  • "lastName": "string"
}

Invite user

Invite a user to join a workspace. The user receives an email with an invitation token.


  • API consumer who can use this method: Synerise User

  • API key Permissions are assigned to API keys (for Profile and Workspace scopes) and dictate which operations are available when using a particular API key. In the application, you can manage those permissions in Settings > API Keys. Remember that Profile and Workspace API keys are separate entities.permission required: UAUTH_INVITATIONS_CREATE

  • User permissions are grouped and assigned to user roles. For each group, you can set separate permissions for the following operations: read, execute, create, edit, delete. In the application, they are available in Settings > Roles. To edit a role's permissions, hover over the role and click the "Permissions" button.User role permission group which allows access to this method: SETTINGS_USERS

Authorizations:
Request Body schema: application/json

All the data sent in this request applies to the user being invited.

email
string

User's email address

firstName
string

First name of the user

lastName
string

Last name of the user

roles
Array of integers <int64> [ items <int64 > ]

An array of roles (IDs) assigned to the user in the currently selected workspace

Responses

Request samples

Content type
application/json
{
  • "email": "string",
  • "firstName": "string",
  • "lastName": "string",
  • "roles": [
    ]
}

Invite many users

Invite a number of users to the workspace at once. The users receive emails with invitation tokens.


  • API consumer who can use this method: Synerise User

  • API key Permissions are assigned to API keys (for Profile and Workspace scopes) and dictate which operations are available when using a particular API key. In the application, you can manage those permissions in Settings > API Keys. Remember that Profile and Workspace API keys are separate entities.permission required: UAUTH_INVITATIONS_CREATE

  • User permissions are grouped and assigned to user roles. For each group, you can set separate permissions for the following operations: read, execute, create, edit, delete. In the application, they are available in Settings > Roles. To edit a role's permissions, hover over the role and click the "Permissions" button.User role permission group which allows access to this method: SETTINGS_USERS

Authorizations:
Request Body schema: application/json

All the data sent in this request refers to the users being invited.

Array of objects[ items ]

An array of users to invite

Responses

Request samples

Content type
application/json
{
  • "invitations": [
    ]
}

Delete invitations

Delete invitations that were not yet accepted.


  • API consumer who can use this method: Synerise User

  • API key Permissions are assigned to API keys (for Profile and Workspace scopes) and dictate which operations are available when using a particular API key. In the application, you can manage those permissions in Settings > API Keys. Remember that Profile and Workspace API keys are separate entities.permission required: UAUTH_INVITATIONS_DELETE

  • User permissions are grouped and assigned to user roles. For each group, you can set separate permissions for the following operations: read, execute, create, edit, delete. In the application, they are available in Settings > Roles. To edit a role's permissions, hover over the role and click the "Permissions" button.User role permission group which allows access to this method: SETTINGS_USERS

Authorizations:
path Parameters
invitationIds
required
string

Comma-separated list of invitation IDs. To obtain the invitation ID, check the list of users with PENDING status. The invitation ID for a user is the same as the ID of that user.

Responses

Request samples

curl --request DELETE 
  --url https://api.synerise.com/uauth/users/invitations/%7BinvitationIds%7D 
  --header 'Authorization: Bearer _YOUR_JWT_TOKEN_'

Update invitation

Update the details of an invitation.


  • API consumer who can use this method: Synerise User

  • API key Permissions are assigned to API keys (for Profile and Workspace scopes) and dictate which operations are available when using a particular API key. In the application, you can manage those permissions in Settings > API Keys. Remember that Profile and Workspace API keys are separate entities.permission required: UAUTH_INVITATIONS_UPDATE

  • User permissions are grouped and assigned to user roles. For each group, you can set separate permissions for the following operations: read, execute, create, edit, delete. In the application, they are available in Settings > Roles. To edit a role's permissions, hover over the role and click the "Permissions" button.User role permission group which allows access to this method: SETTINGS_USERS

Authorizations:
path Parameters
invitationId
required
integer <int64>

To obtain the invitation ID, check the list of users with PENDING status. The invitation ID for a user is the same as the ID of that user.

Request Body schema: application/json

All the data sent in this request refers to the user being invited.

firstName
string

First name of the user

lastName
string

Last name of the user

roles
Array of integers <int64> [ items <int64 > ]

An array of roles (IDs) assigned to the user in the currently selected workspace

Responses

Request samples

Content type
application/json
{
  • "firstName": "string",
  • "lastName": "string",
  • "roles": [
    ]
}

List users

List users from the current workspace


  • API consumer who can use this method: Synerise User

  • API key Permissions are assigned to API keys (for Profile and Workspace scopes) and dictate which operations are available when using a particular API key. In the application, you can manage those permissions in Settings > API Keys. Remember that Profile and Workspace API keys are separate entities.permission required: UAUTH_USERS_LISTING_READ

  • User permissions are grouped and assigned to user roles. For each group, you can set separate permissions for the following operations: read, execute, create, edit, delete. In the application, they are available in Settings > Roles. To edit a role's permissions, hover over the role and click the "Permissions" button.User role permission group which allows access to this method: SETTINGS_USERS

Authorizations:
query Parameters
page
required
integer <int32>

The page of results to retrieve. The first page has the index 0.

size
required
integer <int32>

The number of entries on a page

status
required
string
Enum: "ACTIVE" "PENDING" "EXPIRED"

Filters the results by status of the users

search
required
string

String to search for in the first names, surnames, and email addresses

Responses

Request samples

curl --request GET 
  --url 'https://api.synerise.com/uauth/users/listing?page=SOME_INTEGER_VALUE&size=SOME_INTEGER_VALUE&status=SOME_STRING_VALUE&search=SOME_STRING_VALUE' 
  --header 'Authorization: Bearer _YOUR_JWT_TOKEN_'

Response samples

Content type
application/json
{
  • "data": [
    ],
  • "meta": {
    }
}

Autocomplete user search result

You can use this endpoint to obtain data for search autocomplete.


  • API consumer who can use this method: Synerise User

  • API key Permissions are assigned to API keys (for Profile and Workspace scopes) and dictate which operations are available when using a particular API key. In the application, you can manage those permissions in Settings > API Keys. Remember that Profile and Workspace API keys are separate entities.permission required: UAUTH_USERS_LISTING_AUTOCOMPLETE_READ

  • User permissions are grouped and assigned to user roles. For each group, you can set separate permissions for the following operations: read, execute, create, edit, delete. In the application, they are available in Settings > Roles. To edit a role's permissions, hover over the role and click the "Permissions" button.User role permission group which allows access to this method: SETTINGS_USERS

Authorizations:
query Parameters
email
required
string

User's email address

Responses

Request samples

curl --request GET 
  --url 'https://api.synerise.com/uauth/users/listing/autocomplete?email=SOME_STRING_VALUE' 
  --header 'Authorization: Bearer _YOUR_JWT_TOKEN_'

Response samples

Content type
application/json
[
  • {
    }
]

Remove users from workspace

Delete user associations from a workspace. This does not delete the user accounts.


  • API consumer who can use this method: Synerise User

  • API key Permissions are assigned to API keys (for Profile and Workspace scopes) and dictate which operations are available when using a particular API key. In the application, you can manage those permissions in Settings > API Keys. Remember that Profile and Workspace API keys are separate entities.permission required: UAUTH_USERS_DELETE

  • User permissions are grouped and assigned to user roles. For each group, you can set separate permissions for the following operations: read, execute, create, edit, delete. In the application, they are available in Settings > Roles. To edit a role's permissions, hover over the role and click the "Permissions" button.User role permission group which allows access to this method: SETTINGS_USERS

Authorizations:
path Parameters
ids
required
string
Example: 11405,11406,11407

Comma-separated user IDs

Responses

Request samples

curl --request DELETE 
  --url https://api.synerise.com/uauth/users/profile-association/%7Bids%7D 
  --header 'Authorization: Bearer _YOUR_JWT_TOKEN_'

Get user data


  • API consumer who can use this method: Synerise User

  • This method is available to all fully-authenticated users (multifactor confirmation required, if enabled).

Authorizations:
path Parameters
userId
required
integer

User ID

Responses

Request samples

curl --request GET 
  --url https://api.synerise.com/uauth/users/%7BuserId%7D 
  --header 'Authorization: Bearer _YOUR_JWT_TOKEN_'

Response samples

Content type
application/json
{
  • "avatar": "string",
  • "confirmed": true,
  • "created": "2019-08-24T14:15:22Z",
  • "description": "string",
  • "displayName": "string",
  • "email": "string",
  • "firstName": "string",
  • "id": 0,
  • "introduction": "string",
  • "isTheSameUserAsLoggedIn": true,
  • "language": "string",
  • "lastLogin": "2019-08-24T14:15:22Z",
  • "lastName": "string",
  • "mailAccountId": 0,
  • "organizationRole": "string",
  • "phone": "string",
  • "roles": [
    ],
  • "status": "ACTIVE",
  • "superAdmin": true,
  • "updated": "2019-08-24T14:15:22Z",
  • "isMfaEnabled": true,
  • "passwordLastModificationDate": "2019-08-24T14:15:22Z",
  • "dateFormatNotation": "string",
  • "timeFormatNotation": "string",
  • "numberFormatNotation": "string"
}

Update user data


  • API consumer who can use this method: Synerise User

  • This method is available to all fully-authenticated users (multifactor confirmation required, if enabled).

Authorizations:
path Parameters
userId
required
integer

User ID

Request Body schema: application/json
firstName
string

First name of the user

lastName
string

Last name of the user

avatar
string

URL of the user's avatar

phone
string

User's phone number

language
string

User's interface language

organizationRole
string

User's role in the organization

introduction
string

User's introduction

confirmed
boolean

Informs if the account is confirmed

mailAccountId
integer

Unused field

roles
Array of integers <int64> [ items <int64 > ]

An array of roles (IDs) assigned to the user in the currently selected workspace

description
string

User's description

dateFormatNotation
string
timeFormatNotation
string
numberFormatNotation
string

Responses

Request samples

Content type
application/json
{
  • "firstName": "string",
  • "lastName": "string",
  • "avatar": "string",
  • "phone": "string",
  • "language": "string",
  • "organizationRole": "string",
  • "introduction": "string",
  • "confirmed": true,
  • "mailAccountId": 0,
  • "roles": [
    ],
  • "description": "string",
  • "dateFormatNotation": "string",
  • "timeFormatNotation": "string",
  • "numberFormatNotation": "string"
}

Response samples

Content type
application/json
{
  • "avatar": "string",
  • "confirmed": true,
  • "created": "2019-08-24T14:15:22Z",
  • "description": "string",
  • "displayName": "string",
  • "email": "string",
  • "firstName": "string",
  • "id": 0,
  • "introduction": "string",
  • "isTheSameUserAsLoggedIn": true,
  • "language": "string",
  • "lastLogin": "2019-08-24T14:15:22Z",
  • "lastName": "string",
  • "mailAccountId": 0,
  • "organizationRole": "string",
  • "phone": "string",
  • "roles": [
    ],
  • "status": "ACTIVE",
  • "superAdmin": true,
  • "updated": "2019-08-24T14:15:22Z",
  • "isMfaEnabled": true,
  • "passwordLastModificationDate": "2019-08-24T14:15:22Z",
  • "dateFormatNotation": "string",
  • "timeFormatNotation": "string",
  • "numberFormatNotation": "string"
}

Activate users

Activate access to the workspace for a number of users


  • API consumer who can use this method: Synerise User

  • API key Permissions are assigned to API keys (for Profile and Workspace scopes) and dictate which operations are available when using a particular API key. In the application, you can manage those permissions in Settings > API Keys. Remember that Profile and Workspace API keys are separate entities.permission required: UAUTH_USERS_DELETE

  • User permissions are grouped and assigned to user roles. For each group, you can set separate permissions for the following operations: read, execute, create, edit, delete. In the application, they are available in Settings > Roles. To edit a role's permissions, hover over the role and click the "Permissions" button.User role permission group which allows access to this method: SETTINGS_USERS

Authorizations:
Request Body schema: application/json
ids
Array of integers <int64> [ items <int64 > ]

An array of user IDs

Responses

Request samples

Content type
application/json
{
  • "ids": [
    ]
}

De-activate users

De-activate access to the workspace for a number of users


  • API consumer who can use this method: Synerise User

  • API key Permissions are assigned to API keys (for Profile and Workspace scopes) and dictate which operations are available when using a particular API key. In the application, you can manage those permissions in Settings > API Keys. Remember that Profile and Workspace API keys are separate entities.permission required: UAUTH_USERS_UPDATE

  • User permissions are grouped and assigned to user roles. For each group, you can set separate permissions for the following operations: read, execute, create, edit, delete. In the application, they are available in Settings > Roles. To edit a role's permissions, hover over the role and click the "Permissions" button.User role permission group which allows access to this method: SETTINGS_USERS

Authorizations:
Request Body schema: application/json
ids
Array of integers <int64> [ items <int64 > ]

An array of user IDs

Responses

Request samples

Content type
application/json
{
  • "ids": [
    ]
}

Change access expiration time

Change the date when a user's access to the workspace is cancelled.


  • API consumer who can use this method: Synerise User

  • API key Permissions are assigned to API keys (for Profile and Workspace scopes) and dictate which operations are available when using a particular API key. In the application, you can manage those permissions in Settings > API Keys. Remember that Profile and Workspace API keys are separate entities.permission required: UAUTH_USERS_UPDATE

  • User permissions are grouped and assigned to user roles. For each group, you can set separate permissions for the following operations: read, execute, create, edit, delete. In the application, they are available in Settings > Roles. To edit a role's permissions, hover over the role and click the "Permissions" button.User role permission group which allows access to this method: SETTINGS_USERS

Authorizations:
path Parameters
userId
required
integer

User ID

Request Body schema: application/json
expirationDate
string <date-time>

New access expiration time (ISO 8601, UTC time unless timezone is specified)

Responses

Request samples

Content type
application/json
{
  • "expirationDate": "2019-08-24T14:15:22Z"
}

Response samples

Content type
application/json
{
  • "avatar": "string",
  • "confirmed": true,
  • "created": "2019-08-24T14:15:22Z",
  • "description": "string",
  • "displayName": "string",
  • "email": "string",
  • "firstName": "string",
  • "id": 0,
  • "introduction": "string",
  • "isTheSameUserAsLoggedIn": true,
  • "language": "string",
  • "lastLogin": "2019-08-24T14:15:22Z",
  • "lastName": "string",
  • "mailAccountId": 0,
  • "organizationRole": "string",
  • "phone": "string",
  • "roles": [
    ],
  • "status": "ACTIVE",
  • "superAdmin": true,
  • "updated": "2019-08-24T14:15:22Z",
  • "isMfaEnabled": true,
  • "passwordLastModificationDate": "2019-08-24T14:15:22Z",
  • "dateFormatNotation": "string",
  • "timeFormatNotation": "string",
  • "numberFormatNotation": "string"
}

Reset another user's password

Request a password reset for another user. That user receives an email with a password reset token. Their account is locked until the new password is set.


  • API consumer who can use this method: Synerise User

  • API key Permissions are assigned to API keys (for Profile and Workspace scopes) and dictate which operations are available when using a particular API key. In the application, you can manage those permissions in Settings > API Keys. Remember that Profile and Workspace API keys are separate entities.permission required: UAUTH_USERS_UPDATE

  • User permissions are grouped and assigned to user roles. For each group, you can set separate permissions for the following operations: read, execute, create, edit, delete. In the application, they are available in Settings > Roles. To edit a role's permissions, hover over the role and click the "Permissions" button.User role permission group which allows access to this method: SETTINGS_USERS

path Parameters
userId
required
integer

User ID

Responses

Request samples

curl --request POST 
  --url https://api.synerise.com/uauth/users/%7BuserId%7D/password-reset

Reset another user's multi-factor authentication

You can reset the settings of another user's multi-factor authentication. This can be used, for example, if the user has lost both their device with the MFA application and the recovery code. The user will need to re-enable MFA in the same way as when setting it up for the first time.


  • API consumer who can use this method: Synerise User

  • API key Permissions are assigned to API keys (for Profile and Workspace scopes) and dictate which operations are available when using a particular API key. In the application, you can manage those permissions in Settings > API Keys. Remember that Profile and Workspace API keys are separate entities.permission required: UAUTH_USERS_UPDATE

  • User permissions are grouped and assigned to user roles. For each group, you can set separate permissions for the following operations: read, execute, create, edit, delete. In the application, they are available in Settings > Roles. To edit a role's permissions, hover over the role and click the "Permissions" button.User role permission group which allows access to this method: SETTINGS_USERS

path Parameters
userId
required
integer

User ID

Responses

Request samples

curl --request PUT 
  --url https://api.synerise.com/uauth/users/%7BuserId%7D/mfa-reset

Delete user account

Permanently deletes a user account.


  • API consumer who can use this method: Synerise User

  • API key Permissions are assigned to API keys (for Profile and Workspace scopes) and dictate which operations are available when using a particular API key. In the application, you can manage those permissions in Settings > API Keys. Remember that Profile and Workspace API keys are separate entities.permission required: UAUTH_USERS_DELETE

  • User permissions are grouped and assigned to user roles. For each group, you can set separate permissions for the following operations: read, execute, create, edit, delete. In the application, they are available in Settings > Roles. To edit a role's permissions, hover over the role and click the "Permissions" button.User role permission group which allows access to this method: SETTINGS_USERS

Authorizations:
path Parameters
ids
required
string
Example: 11405,11406,11407

Comma-separated user IDs

Responses

Request samples

curl --request DELETE 
  --url https://api.synerise.com/uauth/users/%7Bids%7D 
  --header 'Authorization: Bearer _YOUR_JWT_TOKEN_'

Access groups

Create roles that give users permissions

List grouped permissions

List all permissions for a role, including information about permission grouping.


  • API consumer who can use this method: Synerise User

  • API key Permissions are assigned to API keys (for Profile and Workspace scopes) and dictate which operations are available when using a particular API key. In the application, you can manage those permissions in Settings > API Keys. Remember that Profile and Workspace API keys are separate entities.permission required: UAUTH_PERMISSIONS_ROLE_GROUP_READ

  • User permissions are grouped and assigned to user roles. For each group, you can set separate permissions for the following operations: read, execute, create, edit, delete. In the application, they are available in Settings > Roles. To edit a role's permissions, hover over the role and click the "Permissions" button.User role permission group which allows access to this method: SETTINGS_USERS

path Parameters
roleId
required
integer <int64>

Role ID

Responses

Request samples

curl --request GET 
  --url https://api.synerise.com/uauth/permissions/group/role/%7BroleId%7D

Response samples

Content type
application/json
[
  • {
    }
]

Get role groups

Retrieve a list of user role groups.


  • API consumer who can use this method: Synerise User

  • API key Permissions are assigned to API keys (for Profile and Workspace scopes) and dictate which operations are available when using a particular API key. In the application, you can manage those permissions in Settings > API Keys. Remember that Profile and Workspace API keys are separate entities.permission required: UAUTH_PERMISSIONS_ROLES_LISTING_READ

  • User permissions are grouped and assigned to user roles. For each group, you can set separate permissions for the following operations: read, execute, create, edit, delete. In the application, they are available in Settings > Roles. To edit a role's permissions, hover over the role and click the "Permissions" button.User role permission group which allows access to this method: SETTINGS_USERS

Authorizations:

Responses

Request samples

curl --request GET 
  --url https://api.synerise.com/uauth/roles/listing 
  --header 'Authorization: Bearer _YOUR_JWT_TOKEN_'

Response samples

Content type
application/json
[
  • {
    }
]

Create role group

Create a new role group. A new group does not include any roles. To add a role to a group, update the role.


  • API consumer who can use this method: Synerise User

  • API key Permissions are assigned to API keys (for Profile and Workspace scopes) and dictate which operations are available when using a particular API key. In the application, you can manage those permissions in Settings > API Keys. Remember that Profile and Workspace API keys are separate entities.permission required: UAUTH_PERMISSIONS_ROLE_GROUP_CREATE

  • User permissions are grouped and assigned to user roles. For each group, you can set separate permissions for the following operations: read, execute, create, edit, delete. In the application, they are available in Settings > Roles. To edit a role's permissions, hover over the role and click the "Permissions" button.User role permission group which allows access to this method: SETTINGS_USERS

Authorizations:
Request Body schema: application/json
name
string

Name of the role group

description
string

Description of the role group

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "description": "string"
}

Response samples

Content type
application/json
[
  • {
    }
]

Update role group

Update a group. To add a role to a group, update the role.


  • API consumer who can use this method: Synerise User

  • API key Permissions are assigned to API keys (for Profile and Workspace scopes) and dictate which operations are available when using a particular API key. In the application, you can manage those permissions in Settings > API Keys. Remember that Profile and Workspace API keys are separate entities.permission required: UAUTH_PERMISSIONS_ROLE_GROUP_UPDATE

  • User permissions are grouped and assigned to user roles. For each group, you can set separate permissions for the following operations: read, execute, create, edit, delete. In the application, they are available in Settings > Roles. To edit a role's permissions, hover over the role and click the "Permissions" button.User role permission group which allows access to this method: SETTINGS_USERS

Authorizations:
path Parameters
groupId
required
integer <int64>

Role group ID

Request Body schema: application/json
name
string

Name of the role group

description
string

Description of the role group

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "description": "string"
}

Response samples

Content type
application/json
[
  • {
    }
]

Delete role group

Delete a role group permanently.


  • API consumer who can use this method: Synerise User

  • API key Permissions are assigned to API keys (for Profile and Workspace scopes) and dictate which operations are available when using a particular API key. In the application, you can manage those permissions in Settings > API Keys. Remember that Profile and Workspace API keys are separate entities.permission required: UAUTH_PERMISSIONS_ROLE_GROUP_DELETE

  • User permissions are grouped and assigned to user roles. For each group, you can set separate permissions for the following operations: read, execute, create, edit, delete. In the application, they are available in Settings > Roles. To edit a role's permissions, hover over the role and click the "Permissions" button.User role permission group which allows access to this method: SETTINGS_USERS

Authorizations:
path Parameters
groupId
required
integer <int64>

Role group ID

Responses

Request samples

curl --request DELETE 
  --url https://api.synerise.com/uauth/roles/role-group/%7BgroupId%7D 
  --header 'Authorization: Bearer _YOUR_JWT_TOKEN_'

Response samples

Content type
application/json
[
  • {
    }
]

Create role

Create a new user role.


  • API consumer who can use this method: Synerise User

  • API key Permissions are assigned to API keys (for Profile and Workspace scopes) and dictate which operations are available when using a particular API key. In the application, you can manage those permissions in Settings > API Keys. Remember that Profile and Workspace API keys are separate entities.permission required: UAUTH_PERMISSIONS_ROLE_UPDATE

  • User permissions are grouped and assigned to user roles. For each group, you can set separate permissions for the following operations: read, execute, create, edit, delete. In the application, they are available in Settings > Roles. To edit a role's permissions, hover over the role and click the "Permissions" button.User role permission group which allows access to this method: SETTINGS_USERS

Authorizations:
Request Body schema: application/json
group
required
integer <int64>

ID of the group that includes this role

name
required
string

The name of the role

description
string

Description of the role

Responses

Request samples

Content type
application/json
{
  • "group": 0,
  • "name": "string",
  • "description": "string"
}

Response samples

Content type
application/json
[
  • {
    }
]

Get role

Retrieve the details of a user role


  • API consumer who can use this method: Synerise User

  • API key Permissions are assigned to API keys (for Profile and Workspace scopes) and dictate which operations are available when using a particular API key. In the application, you can manage those permissions in Settings > API Keys. Remember that Profile and Workspace API keys are separate entities.permission required: UAUTH_PERMISSIONS_ROLE_READ

  • User permissions are grouped and assigned to user roles. For each group, you can set separate permissions for the following operations: read, execute, create, edit, delete. In the application, they are available in Settings > Roles. To edit a role's permissions, hover over the role and click the "Permissions" button.User role permission group which allows access to this method: SETTINGS_USERS

Authorizations:
path Parameters
roleId
required
integer <int64>

Role ID

Responses

Request samples

curl --request GET 
  --url https://api.synerise.com/uauth/roles/%7BroleId%7D 
  --header 'Authorization: Bearer _YOUR_JWT_TOKEN_'

Response samples

Content type
application/json
{
  • "businessProfileId": 594,
  • "id": 0,
  • "manageable": true,
  • "name": "string",
  • "shownAsResource": true
}

Update role

Update a user role.


  • API consumer who can use this method: Synerise User

  • API key Permissions are assigned to API keys (for Profile and Workspace scopes) and dictate which operations are available when using a particular API key. In the application, you can manage those permissions in Settings > API Keys. Remember that Profile and Workspace API keys are separate entities.permission required: UAUTH_PERMISSIONS_ROLE_UPDATE

  • User permissions are grouped and assigned to user roles. For each group, you can set separate permissions for the following operations: read, execute, create, edit, delete. In the application, they are available in Settings > Roles. To edit a role's permissions, hover over the role and click the "Permissions" button.User role permission group which allows access to this method: SETTINGS_USERS

Authorizations:
path Parameters
roleId
required
integer <int64>

Role ID

Request Body schema: application/json
group
required
integer <int64>

ID of the group that includes this role

name
required
string

The name of the role

description
string

Description of the role

Responses

Request samples

Content type
application/json
{
  • "group": 0,
  • "name": "string",
  • "description": "string"
}

Response samples

Content type
application/json
[
  • {
    }
]

Delete role

Delete a user role permanently.


  • API consumer who can use this method: Synerise User

  • API key Permissions are assigned to API keys (for Profile and Workspace scopes) and dictate which operations are available when using a particular API key. In the application, you can manage those permissions in Settings > API Keys. Remember that Profile and Workspace API keys are separate entities.permission required: UAUTH_PERMISSIONS_ROLE_DELETE

  • User permissions are grouped and assigned to user roles. For each group, you can set separate permissions for the following operations: read, execute, create, edit, delete. In the application, they are available in Settings > Roles. To edit a role's permissions, hover over the role and click the "Permissions" button.User role permission group which allows access to this method: SETTINGS_USERS

Authorizations:
path Parameters
roleId
required
integer <int64>

Role ID

Responses

Request samples

curl --request DELETE 
  --url https://api.synerise.com/uauth/roles/role/%7BroleId%7D 
  --header 'Authorization: Bearer _YOUR_JWT_TOKEN_'

Response samples

Content type
application/json
[
  • {
    }
]

Get available roles

Retrieve a list of user roles available in the business profile.


  • API consumer who can use this method: Synerise User

  • This method does not require a Synerise authorization token.

Responses

Request samples

curl --request GET 
  --url https://api.synerise.com/uauth/users/available-roles

Response samples

Content type
application/json
[
  • {
    }
]

User account management

Manage the account of a user as that user. Change passwords, update personal data, etc.

Change user password

Change a user's password.


  • API consumer who can use this method: Synerise User

  • This method is available to all authenticated users, before and after multi-factor authentication is confirmed.

Authorizations:
Request Body schema: application/json
currentPassword
string

The current password

newPassword
string

The new password

Responses

Request samples

Content type
application/json
{
  • "currentPassword": "string",
  • "newPassword": "string"
}

Response samples

Content type
application/json
{
  • "status": "OK"
}

Request user password reset

The user can request a password reset token sent by email.

  • This method does not require a Synerise authorization token.
Request Body schema: application/json
email
required
string

User's email address

Responses

Request samples

Content type
application/json
{
  • "email": "string"
}

Confirm user password reset

Confirm user password reset using the token received by email.

  • This method does not require a Synerise authorization token.
Request Body schema: application/json
token
string

Password reset token received by email

password
string

The new password

Responses

Request samples

Content type
application/json
{
  • "token": "string",
  • "password": "string"
}

Confirm user registration

Confirm user registration. The token is sent by email.

  • This method does not require a Synerise authorization token.
path Parameters
confirmationToken
required
string

Confirmation token

Responses

Request samples

curl --request GET 
  --url https://api.synerise.com/uauth/user/confirmation/%7BconfirmationToken%7D

Register user

Register a new user. Before the new account can be used, it must be confirmed.

  • This method does not require a Synerise authorization token.
Request Body schema: application/json
email
required
string

User's email address

password
required
string

Account password

invitationToken
string

Invitation token, received from another user

externalProviderToken
string
externalProviderType
string
Value: "GOOGLE"

Responses

Request samples

Content type
application/json
{
  • "email": "string",
  • "password": "string",
  • "invitationToken": "string",
  • "externalProviderToken": "string",
  • "externalProviderType": "GOOGLE"
}

Re-send user confirmation token

If the confirmation token does not reach the user's inbox, you can send a new one.

  • This method does not require a Synerise authorization token.
Request Body schema: application/json
email
string

User's email address

Responses

Request samples

Content type
application/json
{
  • "email": "string"
}

Get user's own data

A user can retrieve their account data.


  • API consumer who can use this method: Synerise User

  • This method is available to all fully-authenticated users (multifactor confirmation required, if enabled).

Authorizations:

Responses

Request samples

curl --request GET 
  --url https://api.synerise.com/uauth/users/my-account 
  --header 'Authorization: Bearer _YOUR_JWT_TOKEN_'

Response samples

Content type
application/json
{
  • "avatar": "string",
  • "confirmed": true,
  • "created": "2019-08-24T14:15:22Z",
  • "description": "string",
  • "displayName": "string",
  • "email": "string",
  • "firstName": "string",
  • "id": 0,
  • "introduction": "string",
  • "isTheSameUserAsLoggedIn": true,
  • "language": "string",
  • "lastLogin": "2019-08-24T14:15:22Z",
  • "lastName": "string",
  • "mailAccountId": 0,
  • "organizationRole": "string",
  • "phone": "string",
  • "roles": [
    ],
  • "status": "ACTIVE",
  • "superAdmin": true,
  • "updated": "2019-08-24T14:15:22Z",
  • "isMfaEnabled": true,
  • "passwordLastModificationDate": "2019-08-24T14:15:22Z",
  • "dateFormatNotation": "string",
  • "timeFormatNotation": "string",
  • "numberFormatNotation": "string"
}

Update user's own data

A user can update their own details.


  • API consumer who can use this method: Synerise User

  • This method is available to all fully-authenticated users (multifactor confirmation required, if enabled).

Authorizations:
Request Body schema: application/json
firstName
string

First name of the user

lastName
string

Last name of the user

avatar
string

URL of the user's avatar

phone
string

User's phone number

language
string

User's interface language

organizationRole
string

User's role in the organization

introduction
string

User's introduction

confirmed
boolean

Informs if the account is confirmed

mailAccountId
integer

Unused field

roles
Array of integers <int64> [ items <int64 > ]

An array of roles (IDs) assigned to the user in the currently selected workspace

description
string

User's description

dateFormatNotation
string
timeFormatNotation
string
numberFormatNotation
string

Responses

Request samples

Content type
application/json
{
  • "firstName": "string",
  • "lastName": "string",
  • "avatar": "string",
  • "phone": "string",
  • "language": "string",
  • "organizationRole": "string",
  • "introduction": "string",
  • "confirmed": true,
  • "mailAccountId": 0,
  • "roles": [
    ],
  • "description": "string",
  • "dateFormatNotation": "string",
  • "timeFormatNotation": "string",
  • "numberFormatNotation": "string"
}

Response samples

Content type
application/json
{
  • "avatar": "string",
  • "confirmed": true,
  • "created": "2019-08-24T14:15:22Z",
  • "description": "string",
  • "displayName": "string",
  • "email": "string",
  • "firstName": "string",
  • "id": 0,
  • "introduction": "string",
  • "isTheSameUserAsLoggedIn": true,
  • "language": "string",
  • "lastLogin": "2019-08-24T14:15:22Z",
  • "lastName": "string",
  • "mailAccountId": 0,
  • "organizationRole": "string",
  • "phone": "string",
  • "roles": [
    ],
  • "status": "ACTIVE",
  • "superAdmin": true,
  • "updated": "2019-08-24T14:15:22Z",
  • "isMfaEnabled": true,
  • "passwordLastModificationDate": "2019-08-24T14:15:22Z",
  • "dateFormatNotation": "string",
  • "timeFormatNotation": "string",
  • "numberFormatNotation": "string"
}

Delete user's own account

A user can delete their own account.


  • API consumer who can use this method: Synerise User

  • This method is available to all fully-authenticated users (multifactor confirmation required, if enabled).

Authorizations:

Responses

Request samples

curl --request DELETE 
  --url https://api.synerise.com/uauth/users/my-account 
  --header 'Authorization: Bearer _YOUR_JWT_TOKEN_'

Directory

Assign users from particular domains to a workspace where they're managed

List managed domains

Retrieve a list of all domains managed by the workspace.


  • API consumer who can use this method: Synerise User

  • API key Permissions are assigned to API keys (for Profile and Workspace scopes) and dictate which operations are available when using a particular API key. In the application, you can manage those permissions in Settings > API Keys. Remember that Profile and Workspace API keys are separate entities.permission required: UAUTH_MANAGED_DOMAINS_LISTING_READ

  • User permissions are grouped and assigned to user roles. For each group, you can set separate permissions for the following operations: read, execute, create, edit, delete. In the application, they are available in Settings > Roles. To edit a role's permissions, hover over the role and click the "Permissions" button.User role permission group which allows access to this method: MANAGED_DOMAINS

query Parameters
page
required
integer <int32>

The page of results to retrieve. The first page has the index 0.

size
required
integer <int32>

The number of entries on a page

Responses

Request samples

curl --request GET 
  --url 'https://api.synerise.com/uauth/managed-domains?page=SOME_INTEGER_VALUE&size=SOME_INTEGER_VALUE'

Response samples

Content type
application/json
{
  • "meta": {
    },
  • "data": [
    ]
}

Delete managed domain

Remove management settings for a domain.


  • API consumer who can use this method: Synerise User

  • API key Permissions are assigned to API keys (for Profile and Workspace scopes) and dictate which operations are available when using a particular API key. In the application, you can manage those permissions in Settings > API Keys. Remember that Profile and Workspace API keys are separate entities.permission required: UAUTH_MANAGED_DOMAINS_DELETE

  • User permissions are grouped and assigned to user roles. For each group, you can set separate permissions for the following operations: read, execute, create, edit, delete. In the application, they are available in Settings > Roles. To edit a role's permissions, hover over the role and click the "Permissions" button.User role permission group which allows access to this method: MANAGED_DOMAINS

Request Body schema: application/json
domain
required
string

Domain name

Responses

Request samples

Content type
application/json
{
  • "domain": "synerise.com"
}

Initialize managed domain

Generate a verification string for a domain. This string is then used in this endpoint. The verification string for a particular workspace is always the same.


  • API consumer who can use this method: Synerise User

  • API key Permissions are assigned to API keys (for Profile and Workspace scopes) and dictate which operations are available when using a particular API key. In the application, you can manage those permissions in Settings > API Keys. Remember that Profile and Workspace API keys are separate entities.permission required: UAUTH_MANAGED_DOMAINS_CREATE

  • User permissions are grouped and assigned to user roles. For each group, you can set separate permissions for the following operations: read, execute, create, edit, delete. In the application, they are available in Settings > Roles. To edit a role's permissions, hover over the role and click the "Permissions" button.User role permission group which allows access to this method: MANAGED_DOMAINS

Responses

Request samples

curl --request GET 
  --url https://api.synerise.com/uauth/managed-domains/initialize-code

Response samples

Content type
application/json
{
  • "verificationCode": "a647a306-20c1-4893-a279-35d1e9931017",
  • "businessProfileId": 594
}

Verify managed domain

Verify a managed domain to assign it to a workspace. All users who belong to the domain are managed by that workspace.


  • API consumer who can use this method: Synerise User

  • API key Permissions are assigned to API keys (for Profile and Workspace scopes) and dictate which operations are available when using a particular API key. In the application, you can manage those permissions in Settings > API Keys. Remember that Profile and Workspace API keys are separate entities.permission required: UAUTH_MANAGED_DOMAINS_CREATE

  • User permissions are grouped and assigned to user roles. For each group, you can set separate permissions for the following operations: read, execute, create, edit, delete. In the application, they are available in Settings > Roles. To edit a role's permissions, hover over the role and click the "Permissions" button.User role permission group which allows access to this method: MANAGED_DOMAINS

Request Body schema: application/json
domain
required
string

Domain name

verificationMethod
required
string
Enum: "TXT_RECORD" "FILE_CHECK" "INTERNAL" "NONE"

Verification method. The verification string can be retrieved by using this method.

  • TXT_RECORD: the verification string needs to be added to your DNS as a TXT record.
  • FILE_CHECK: the site must include an HTML file whose name is the verification string. The file does not need any content.
  • INTERNAL; NONE - currently not used

Responses

Request samples

Content type
application/json
{
  • "domain": "synerise.com",
  • "verificationMethod": "TXT_RECORD"
}

Response samples

Content type
application/json
{
  • "id": 0,
  • "domain": "synerise.com",
  • "created": "2019-08-24T14:15:22Z",
  • "verificationMethod": "TXT_RECORD",
  • "verificationStatus": "VERIFIED",
  • "updated": "2019-08-24T14:15:22Z",
  • "managedByProfile": 594,
  • "usersCount": 0
}

Authorization (deprecated)

Endpoints maintained for backwards compatibility. Do not use in new integrations.

Refresh a Workspace token Deprecated

Retrieve a refreshed JWT Token to prolong the Workspace session.


  • API consumer who can use this method: Workspace (formerly Business Profile)

  • This method does not require a Synerise authorization token.

Authorizations:
header Parameters
Content-Type
required
string
Value: "application/json"
Api-Version
required
string
Value: "4.4"

Responses

Request samples

curl --request GET 
  --url https://api.synerise.com/v4/auth/refresh/profile 
  --header 'Api-Version: SOME_STRING_VALUE' 
  --header 'Authorization: Bearer _YOUR_JWT_TOKEN_' 
  --header 'Content-Type: SOME_STRING_VALUE'

Response samples

Content type
application/json
{
  • "token": "eyJhbGciOiinvalidI6IkFQSSIsInJsbSI6ImNsaWVudCIsImN0ZCI6MTUyODM1NTgzMjEzOCwiZW1sIjoia3J6eXN6dG9mLmN6ZXJlcGFrQGdtYWlsLmNvbSIsImlzcyI6IlN5bmVyaXNlIiwiYnBpIjo1OTQsImNsSWQiOjUyNTQ0NjU3NCwinvalidx2XwJp-QBZ94d_EEKf41KtDCE33KhP_vTAYrs-JzbnIHgKRvG6ZRwsNOL8OTnbfbUZH4XYaqBB_tZTPPKfzHutP6GEGp7PLtu2E92JbChkVyrn8VCQ5v4z2e1-zsdgbmWcQk2g9RydaydO6NYO55suT3Hz2ZRv0AYLsG8rM1biZGdREWx9OaknVVuIo2ivehBiukL7VQ6Bu8ugjep3mn-z666a-nCMh6ZuASiQ6Geq0NSWmdDQIoCa5Hg44KzMfGRlCR2uKBXeHTD0SkwJ1VJM0sHNKwSfMXKpaX8OJ5wUJpgCzDzQwKVgxgWFp4eO_sbcvxWrpI7W0lfdCy1WKirnZ6Uh3uJ06v97GQDAQqVgBZFEpS47MrGZhTNuAG4ZbfYO7yyxVO8AHQbEC-UvZ-8DC1XZjvQ6S1uNqQIlVGcthnrxg8K6vKVhNzu6ifQI0bbsCl8bGsKkXOEK1pKR3ekckcSjNeeY2LrcdXs8F2gtkm0TjXU"
}

Log in as Workspace Deprecated

This endpoint is deprecated. Use this endpoint instead.

  • This method does not require a Synerise authorization token.
header Parameters
Api-Version
required
string
Value: "4.4"
Request Body schema: application/json
apiKey
required
string

Workspace (formerly Business Profile) API key

Responses

Request samples

Content type
application/json
{
  • "apiKey": "64c09614-1b2a-42f7-804d-f647243eb1ab"
}

Response samples

Content type
application/json
{
  • "token": "eyJhbGciOiinvalidI6IkFQSSIsInJsbSI6ImNsaWVudCIsImN0ZCI6MTUyODM1NTgzMjEzOCwiZW1sIjoia3J6eXN6dG9mLmN6ZXJlcGFrQGdtYWlsLmNvbSIsImlzcyI6IlN5bmVyaXNlIiwiYnBpIjo1OTQsImNsSWQiOjUyNTQ0NjU3NCwinvalidx2XwJp-QBZ94d_EEKf41KtDCE33KhP_vTAYrs-JzbnIHgKRvG6ZRwsNOL8OTnbfbUZH4XYaqBB_tZTPPKfzHutP6GEGp7PLtu2E92JbChkVyrn8VCQ5v4z2e1-zsdgbmWcQk2g9RydaydO6NYO55suT3Hz2ZRv0AYLsG8rM1biZGdREWx9OaknVVuIo2ivehBiukL7VQ6Bu8ugjep3mn-z666a-nCMh6ZuASiQ6Geq0NSWmdDQIoCa5Hg44KzMfGRlCR2uKBXeHTD0SkwJ1VJM0sHNKwSfMXKpaX8OJ5wUJpgCzDzQwKVgxgWFp4eO_sbcvxWrpI7W0lfdCy1WKirnZ6Uh3uJ06v97GQDAQqVgBZFEpS47MrGZhTNuAG4ZbfYO7yyxVO8AHQbEC-UvZ-8DC1XZjvQ6S1uNqQIlVGcthnrxg8K6vKVhNzu6ifQI0bbsCl8bGsKkXOEK1pKR3ekckcSjNeeY2LrcdXs8F2gtkm0TjXU"
}

Authenticate as Profile Deprecated

Obtain a new Profile JWT Token.

  • This method does not require a Synerise authorization token.
Request Body schema: application/json
apiKey
string

Profile API key

email
string

Profile email

password
string

Profile password

uuid
string

UUID of the Profile. It is a unique identifier.

deviceId
string

Important: deviceId is required during login if device control is enabled.

Responses

Request samples

Content type
application/json
{
  • "apiKey": "5AEAA3D5-E147-C7EB-invalid50109A3D1",
  • "email": "testDoc@example.com",
  • "password": "testPass1!",
  • "uuid": "b3f56868-9667-4843-a8e5-0509456baa9b"
}

Response samples

Content type
application/json
{
  • "token": "eyJhbGciOiJSUzUxMiJ9.eyJzdinvalidwYmZkM2FkNDg2ZjQ3ZGRiMjE5MSIsImF1ZCI6IkFQSSIsInJsbSI6ImFub255bW91c19jbGllbnQiLCJjdGQiOjE1NTMwMDQxNTkxNTEsImVtbCI6IjYyMjM3NmY4LTAwMDAtMjIyMi1kN2Y5LTA3MGZhOTU2ZTk2M0Bhbm9ueW1vdXMuaW52YWxpZCIsImF1dGgiOiJINHNJQUFBQUFBQUFBSXVPQlFBcHUwd05BZ0FBQUE9PSIsImlzcyI6IlN5bmVyaXNlIiwiYnBpIjo0OCwiY2xJZCI6NDMzMjMwMjg4LCJleHAiOjE1NTMwMDcxNTksImFwayI6IjVBRUFBM0Q1LUUxNDctQzdFQi1ENTlFLUJDRjUwMTA5QTNEMSJ9.QOmSqrneR4mJFv4JdxTYsw_wGcDawDsVQuB-GVTcPPwijiP7lQ_Jzqq2Mypg1BS6WFlfGB8fzqCY9iMF_TdtjmoB4xBrY95ylU8L9qto-9Cw5x5TURkfxq31eryiHe2IteRAEtoVzYg2_s9QhlH6ANVcFOVp8dMno0V9bfMYfeSQa3FkjEbxFsseHkMOiADmp9-tOGtLXO942Ir-2W_Hz3Utlpt4erz0dVJBw8a-mFavPA8EEDWR7ACJNocrVHFkS3wFISh3LqLn6KkXiowaynKlJOEHGctuahzKmF3ZOJ1BvGgKohxF9OXvQs9IdmCfWhYsLr5Q2p04TJJ-MyvTipuggKVioh8mHmOFdfnN-Zused6tXzhZtKPUWTmM8cBKoAOBHExxcMQ8SVSjxnw_7_eLKm7S2wNpu0V-tiPZPCH4wYZXtWBYjmfy0V9ydjXnNunXfgxKixLeFNnONUXxEuqPLvM_xAuonQBXVN4nYrgJv8p8U6_ZlGMPjJq1szfcuBZnzI34LSEWx_nSof0XC5Czm8iG_ihG8naivNWS8h-Q-qKMP_3PPFsLSH4Egh03pH93EJUuNAeSO4RGfUX1wzMvrv1nBC1SM660uFMbq-wkplFBbKnHKMYe-qRs1-lZPG5PwPWJJdpGqOUzbnoMOJYmiq06OHHVQyJSkcEHLCk"
}

Authenticate anonymously Deprecated

Obtain a new JWT for an anonymous Profile. The token can be used and refreshed in the same way as tokens of registered Profiles.

  • This method does not require a Synerise authorization token.
Request Body schema: application/json
apiKey
string

Profile API key (same as for Profile login)

deviceId
string

Unique Android or iOS device ID

uuid
string

UUID of the Profile. It is a unique identifier.

Responses

Request samples

Content type
application/json
{
  • "apiKey": "string",
  • "deviceId": "string",
  • "uuid": "07243772-008a-42e1-ba37-c3807cebde8f"
}

Response samples

Content type
application/json
{
  • "token": "eyJhbGciOiJSUzUxMiJ9.eyJzdinvalidwYmZkM2FkNDg2ZjQ3ZGRiMjE5MSIsImF1ZCI6IkFQSSIsInJsbSI6ImFub255bW91c19jbGllbnQiLCJjdGQiOjE1NTMwMDQxNTkxNTEsImVtbCI6IjYyMjM3NmY4LTAwMDAtMjIyMi1kN2Y5LTA3MGZhOTU2ZTk2M0Bhbm9ueW1vdXMuaW52YWxpZCIsImF1dGgiOiJINHNJQUFBQUFBQUFBSXVPQlFBcHUwd05BZ0FBQUE9PSIsImlzcyI6IlN5bmVyaXNlIiwiYnBpIjo0OCwiY2xJZCI6NDMzMjMwMjg4LCJleHAiOjE1NTMwMDcxNTksImFwayI6IjVBRUFBM0Q1LUUxNDctQzdFQi1ENTlFLUJDRjUwMTA5QTNEMSJ9.QOmSqrneR4mJFv4JdxTYsw_wGcDawDsVQuB-GVTcPPwijiP7lQ_Jzqq2Mypg1BS6WFlfGB8fzqCY9iMF_TdtjmoB4xBrY95ylU8L9qto-9Cw5x5TURkfxq31eryiHe2IteRAEtoVzYg2_s9QhlH6ANVcFOVp8dMno0V9bfMYfeSQa3FkjEbxFsseHkMOiADmp9-tOGtLXO942Ir-2W_Hz3Utlpt4erz0dVJBw8a-mFavPA8EEDWR7ACJNocrVHFkS3wFISh3LqLn6KkXiowaynKlJOEHGctuahzKmF3ZOJ1BvGgKohxF9OXvQs9IdmCfWhYsLr5Q2p04TJJ-MyvTipuggKVioh8mHmOFdfnN-Zused6tXzhZtKPUWTmM8cBKoAOBHExxcMQ8SVSjxnw_7_eLKm7S2wNpu0V-tiPZPCH4wYZXtWBYjmfy0V9ydjXnNunXfgxKixLeFNnONUXxEuqPLvM_xAuonQBXVN4nYrgJv8p8U6_ZlGMPjJq1szfcuBZnzI34LSEWx_nSof0XC5Czm8iG_ihG8naivNWS8h-Q-qKMP_3PPFsLSH4Egh03pH93EJUuNAeSO4RGfUX1wzMvrv1nBC1SM660uFMbq-wkplFBbKnHKMYe-qRs1-lZPG5PwPWJJdpGqOUzbnoMOJYmiq06OHHVQyJSkcEHLCk"
}

Authenticate with Facebook Deprecated

Use a Facebook token to obtain a Profile JWT. If a Facebook account is logging on for the first time, a self-managed account for the profile is registered in Synerise.

  • This method does not require a Synerise authorization token.
Request Body schema: application/json
facebookToken
string

Facebook authentication token

apiKey
string

Profile API key (same as for Profile login)

uuid
string

UUID of the Profile. It is a unique identifier.

deviceId
string

Unique Android or iOS device ID

object

This object contains the marketing agreements of the Profile.

You can also pass the values as strings ("true";"True"/"false";"False") or integers (1 for true and 0 for false).

object

This object contains custom attributes that can have any name (except for reserved attributes, see warning below) and data type, as required by your integration.

If you want to send a date/time attribute for use in analytics, take the following into account:

  • The date/time should be formatted according to ISO 8601.
  • The time zone of the workspace affects dates/times in the attributes that DON'T have a defined timezone. Example:
    • 2023-10-09T12:00:00 doesn't have a timezone indicator and will be considered as a time in the workspace's time zone.
    • 2023-10-09T12:00:00+02:00 has a timezone indicator (+02:00), so the timezone of the workspace doesn't affect it.
    • 2023-10-09T12:00:00Z is a time in the UTC time zone (denoted by the Z at the end), so the timezone of the workspace doesn't affect it.

WARNING: Some attributes are reserved and cannot be sent. If you send them, they are ignored.

Click to expand the list of reserved attributes email
clientId
phone
customId
uuid
firstName
lastName
displayName
company
address
city
province
zipCode
countryCode
birthDate
sex
avatarUrl
anonymous
agreements
tags
businessProfileId
time
ip
source
newsletter_agreement
custom_identify
firstname
lastname
created
updated
last_activity_date
birthdate
external_avatar_url
displayname
receive_smses
receive_push_messages
receive_webpush_messages
receive_btooth_messages
receive_rfid_messages
receive_wifi_messages
confirmation_hash
ownerId
zipCode
anonymous_type
country_id
geo_loc_city
geo_loc_country
geo_loc_as
geo_loc_country_code
geo_loc_isp
geo_loc_lat
geo_loc_lon
geo_loc_org
geo_loc_query
geo_loc_region
geo_loc_region_name
geo_loc_status
geo_loc_timezone
geo_loc_zip
club_card_id
type
confirmed
facebookId
status
tags
Array of strings

Tags can be used to group profiles.

Responses

Request samples

Content type
application/json
{
  • "facebookToken": "EAAfsMmaWLW0BAOZAqSoh8ZB5y2ZAixtSrlvvq3fpWGlcrfcoWOiAwBCZBpBDlzwHFSZB58nUBjOz2UMuopO7p2Q65QU1ZAiB2XaxRzje0bBd7Tu87f6C2pcoZAP65agWAF0ElZCNyKn4iAtFd9RhppkwU9ll0AokBZBnDroZCIaxE3IHSWGtE567AUrXkZAsQEjYsZAZAcYx0ki1w7XUToy9Wps9NA0OuBdMhruB3htuiukwOFAZDZD",
  • "apiKey": "5AEAA3D5-E147-C7EB-invalid",
  • "uuid": "91b8e035-dca3-4805-8915-2cfb01d31fde",
  • "deviceId": "deviceId",
  • "agreements": {
    },
  • "attributes": {
    }
}

Response samples

Content type
application/json
{
  • "token": "eyJhbGciOiinvalidI6IkFQSSIsInJsbSI6ImNsaWVudCIsImN0ZCI6MTUyODM1NTgzMjEzOCwiZW1sIjoia3J6eXN6dG9mLmN6ZXJlcGFrQGdtYWlsLmNvbSIsImlzcyI6IlN5bmVyaXNlIiwiYnBpIjo1OTQsImNsSWQiOjUyNTQ0NjU3NCwinvalidx2XwJp-QBZ94d_EEKf41KtDCE33KhP_vTAYrs-JzbnIHgKRvG6ZRwsNOL8OTnbfbUZH4XYaqBB_tZTPPKfzHutP6GEGp7PLtu2E92JbChkVyrn8VCQ5v4z2e1-zsdgbmWcQk2g9RydaydO6NYO55suT3Hz2ZRv0AYLsG8rM1biZGdREWx9OaknVVuIo2ivehBiukL7VQ6Bu8ugjep3mn-z666a-nCMh6ZuASiQ6Geq0NSWmdDQIoCa5Hg44KzMfGRlCR2uKBXeHTD0SkwJ1VJM0sHNKwSfMXKpaX8OJ5wUJpgCzDzQwKVgxgWFp4eO_sbcvxWrpI7W0lfdCy1WKirnZ6Uh3uJ06v97GQDAQqVgBZFEpS47MrGZhTNuAG4ZbfYO7yyxVO8AHQbEC-UvZ-8DC1XZjvQ6S1uNqQIlVGcthnrxg8K6vKVhNzu6ifQI0bbsCl8bGsKkXOEK1pKR3ekckcSjNeeY2LrcdXs8F2gtkm0TjXU"
}

Authenticate with Facebook without registration Deprecated

Use a Facebook token to obtain a Profile JWT without creating a self-managed account for this Profile in Synerise.

  • This method does not require a Synerise authorization token.
Request Body schema: application/json
facebookToken
string

Facebook Authentication Token

apiKey
string

Profile API key (same as for Profile login)

uuid
string

UUID of the Profile. It is a unique identifier.

deviceId
string

Unique Android or iOS device ID

object

This object contains the marketing agreements of the Profile.

You can also pass the values as strings ("true";"True"/"false";"False") or integers (1 for true and 0 for false).

object

This object contains custom attributes that can have any name (except for reserved attributes, see warning below) and data type, as required by your integration.

If you want to send a date/time attribute for use in analytics, take the following into account:

  • The date/time should be formatted according to ISO 8601.
  • The time zone of the workspace affects dates/times in the attributes that DON'T have a defined timezone. Example:
    • 2023-10-09T12:00:00 doesn't have a timezone indicator and will be considered as a time in the workspace's time zone.
    • 2023-10-09T12:00:00+02:00 has a timezone indicator (+02:00), so the timezone of the workspace doesn't affect it.
    • 2023-10-09T12:00:00Z is a time in the UTC time zone (denoted by the Z at the end), so the timezone of the workspace doesn't affect it.

WARNING: Some attributes are reserved and cannot be sent. If you send them, they are ignored.

Click to expand the list of reserved attributes email
clientId
phone
customId
uuid
firstName
lastName
displayName
company
address
city
province
zipCode
countryCode
birthDate
sex
avatarUrl
anonymous
agreements
tags
businessProfileId
time
ip
source
newsletter_agreement
custom_identify
firstname
lastname
created
updated
last_activity_date
birthdate
external_avatar_url
displayname
receive_smses
receive_push_messages
receive_webpush_messages
receive_btooth_messages
receive_rfid_messages
receive_wifi_messages
confirmation_hash
ownerId
zipCode
anonymous_type
country_id
geo_loc_city
geo_loc_country
geo_loc_as
geo_loc_country_code
geo_loc_isp
geo_loc_lat
geo_loc_lon
geo_loc_org
geo_loc_query
geo_loc_region
geo_loc_region_name
geo_loc_status
geo_loc_timezone
geo_loc_zip
club_card_id
type
confirmed
facebookId
status
tags
Array of strings

Tags can be used to group profiles.

Responses

Request samples

Content type
application/json
{
  • "facebookToken": "EAAfsMmaWLW0BAOZAqSoh8ZB5y2ZAixtSrlvvq3fpWGlcrfcoWOiAwBCZBpBDlzwHFSZB58nUBjOz2UMuopO7p2Q65QU1ZAiB2XaxRzje0bBd7Tu87f6C2pcoZAP65agWAF0ElZCNyKn4iAtFd9RhppkwU9ll0AokBZBnDroZCIaxE3IHSWGtE567AUrXkZAsQEjYsZAZAcYx0ki1w7XUToy9Wps9NA0OuBdMhruB3htuiukwOFAZDZD",
  • "apiKey": "5AEAA3D5-E147-C7EB-invalid",
  • "uuid": "91b8e035-dca3-4805-8915-2cfb01d31fde",
  • "deviceId": "deviceId",
  • "agreements": {
    },
  • "attributes": {
    }
}

Response samples

Content type
application/json
{
  • "token": "eyJhbGciOiinvalidI6IkFQSSIsInJsbSI6ImNsaWVudCIsImN0ZCI6MTUyODM1NTgzMjEzOCwiZW1sIjoia3J6eXN6dG9mLmN6ZXJlcGFrQGdtYWlsLmNvbSIsImlzcyI6IlN5bmVyaXNlIiwiYnBpIjo1OTQsImNsSWQiOjUyNTQ0NjU3NCwinvalidx2XwJp-QBZ94d_EEKf41KtDCE33KhP_vTAYrs-JzbnIHgKRvG6ZRwsNOL8OTnbfbUZH4XYaqBB_tZTPPKfzHutP6GEGp7PLtu2E92JbChkVyrn8VCQ5v4z2e1-zsdgbmWcQk2g9RydaydO6NYO55suT3Hz2ZRv0AYLsG8rM1biZGdREWx9OaknVVuIo2ivehBiukL7VQ6Bu8ugjep3mn-z666a-nCMh6ZuASiQ6Geq0NSWmdDQIoCa5Hg44KzMfGRlCR2uKBXeHTD0SkwJ1VJM0sHNKwSfMXKpaX8OJ5wUJpgCzDzQwKVgxgWFp4eO_sbcvxWrpI7W0lfdCy1WKirnZ6Uh3uJ06v97GQDAQqVgBZFEpS47MrGZhTNuAG4ZbfYO7yyxVO8AHQbEC-UvZ-8DC1XZjvQ6S1uNqQIlVGcthnrxg8K6vKVhNzu6ifQI0bbsCl8bGsKkXOEK1pKR3ekckcSjNeeY2LrcdXs8F2gtkm0TjXU"
}

Authenticate with OAuth Deprecated

Obtain a new JWT token by using OAuth authentication token.

  • This method does not require a Synerise authorization token.
Request Body schema: application/json
accessToken
required
string

OAuth token

apiKey
required
string

Profile API key (same as for Profile login)

uuid
required
string

UUID of the Profile. It is a unique identifier.

deviceId
string

Unique Android or iOS device ID

object

This object contains the marketing agreements of the Profile.

You can also pass the values as strings ("true";"True"/"false";"False") or integers (1 for true and 0 for false).

object

This object contains custom attributes that can have any name (except for reserved attributes, see warning below) and data type, as required by your integration.

If you want to send a date/time attribute for use in analytics, take the following into account:

  • The date/time should be formatted according to ISO 8601.
  • The time zone of the workspace affects dates/times in the attributes that DON'T have a defined timezone. Example:
    • 2023-10-09T12:00:00 doesn't have a timezone indicator and will be considered as a time in the workspace's time zone.
    • 2023-10-09T12:00:00+02:00 has a timezone indicator (+02:00), so the timezone of the workspace doesn't affect it.
    • 2023-10-09T12:00:00Z is a time in the UTC time zone (denoted by the Z at the end), so the timezone of the workspace doesn't affect it.

WARNING: Some attributes are reserved and cannot be sent. If you send them, they are ignored.

Click to expand the list of reserved attributes email
clientId
phone
customId
uuid
firstName
lastName
displayName
company
address
city
province
zipCode
countryCode
birthDate
sex
avatarUrl
anonymous
agreements
tags
businessProfileId
time
ip
source
newsletter_agreement
custom_identify
firstname
lastname
created
updated
last_activity_date
birthdate
external_avatar_url
displayname
receive_smses
receive_push_messages
receive_webpush_messages
receive_btooth_messages
receive_rfid_messages
receive_wifi_messages
confirmation_hash
ownerId
zipCode
anonymous_type
country_id
geo_loc_city
geo_loc_country
geo_loc_as
geo_loc_country_code
geo_loc_isp
geo_loc_lat
geo_loc_lon
geo_loc_org
geo_loc_query
geo_loc_region
geo_loc_region_name
geo_loc_status
geo_loc_timezone
geo_loc_zip
club_card_id
type
confirmed
facebookId
status
tags
Array of strings

Tags can be used to group profiles.

customId
string

If mappedExternal is set to FALSE in OAuth settings, this field is required.

Responses

Request samples

Content type
application/json
{
  • "accessToken": "string",
  • "apiKey": "string",
  • "uuid": "07243772-008a-42e1-ba37-c3807cebde8f",
  • "deviceId": "string",
  • "agreements": {
    },
  • "attributes": { },
  • "tags": [
    ],
  • "customId": "string"
}

Response samples

Content type
application/json
{
  • "token": "eyJhbGciOiinvalidI6IkFQSSIsInJsbSI6ImNsaWVudCIsImN0ZCI6MTUyODM1NTgzMjEzOCwiZW1sIjoia3J6eXN6dG9mLmN6ZXJlcGFrQGdtYWlsLmNvbSIsImlzcyI6IlN5bmVyaXNlIiwiYnBpIjo1OTQsImNsSWQiOjUyNTQ0NjU3NCwinvalidx2XwJp-QBZ94d_EEKf41KtDCE33KhP_vTAYrs-JzbnIHgKRvG6ZRwsNOL8OTnbfbUZH4XYaqBB_tZTPPKfzHutP6GEGp7PLtu2E92JbChkVyrn8VCQ5v4z2e1-zsdgbmWcQk2g9RydaydO6NYO55suT3Hz2ZRv0AYLsG8rM1biZGdREWx9OaknVVuIo2ivehBiukL7VQ6Bu8ugjep3mn-z666a-nCMh6ZuASiQ6Geq0NSWmdDQIoCa5Hg44KzMfGRlCR2uKBXeHTD0SkwJ1VJM0sHNKwSfMXKpaX8OJ5wUJpgCzDzQwKVgxgWFp4eO_sbcvxWrpI7W0lfdCy1WKirnZ6Uh3uJ06v97GQDAQqVgBZFEpS47MrGZhTNuAG4ZbfYO7yyxVO8AHQbEC-UvZ-8DC1XZjvQ6S1uNqQIlVGcthnrxg8K6vKVhNzu6ifQI0bbsCl8bGsKkXOEK1pKR3ekckcSjNeeY2LrcdXs8F2gtkm0TjXU"
}

Authenticate with OAuth without registration Deprecated

Use an OAuth token to obtain a Profile JWT. This method does not create a Profile in Synerise.

  • This method does not require a Synerise authorization token.
Request Body schema: application/json
accessToken
required
string

OAuth token

apiKey
required
string

Profile API key (same as for Profile login)

uuid
required
string

UUID of the Profile. It is a unique identifier.

deviceId
string

Unique Android or iOS device ID

object

This object contains the marketing agreements of the Profile.

You can also pass the values as strings ("true";"True"/"false";"False") or integers (1 for true and 0 for false).

object

This object contains custom attributes that can have any name (except for reserved attributes, see warning below) and data type, as required by your integration.

If you want to send a date/time attribute for use in analytics, take the following into account:

  • The date/time should be formatted according to ISO 8601.
  • The time zone of the workspace affects dates/times in the attributes that DON'T have a defined timezone. Example:
    • 2023-10-09T12:00:00 doesn't have a timezone indicator and will be considered as a time in the workspace's time zone.
    • 2023-10-09T12:00:00+02:00 has a timezone indicator (+02:00), so the timezone of the workspace doesn't affect it.
    • 2023-10-09T12:00:00Z is a time in the UTC time zone (denoted by the Z at the end), so the timezone of the workspace doesn't affect it.

WARNING: Some attributes are reserved and cannot be sent. If you send them, they are ignored.

Click to expand the list of reserved attributes email
clientId
phone
customId
uuid
firstName
lastName
displayName
company
address
city
province
zipCode
countryCode
birthDate
sex
avatarUrl
anonymous
agreements
tags
businessProfileId
time
ip
source
newsletter_agreement
custom_identify
firstname
lastname
created
updated
last_activity_date
birthdate
external_avatar_url
displayname
receive_smses
receive_push_messages
receive_webpush_messages
receive_btooth_messages
receive_rfid_messages
receive_wifi_messages
confirmation_hash
ownerId
zipCode
anonymous_type
country_id
geo_loc_city
geo_loc_country
geo_loc_as
geo_loc_country_code
geo_loc_isp
geo_loc_lat
geo_loc_lon
geo_loc_org
geo_loc_query
geo_loc_region
geo_loc_region_name
geo_loc_status
geo_loc_timezone
geo_loc_zip
club_card_id
type
confirmed
facebookId
status
tags
Array of strings

Tags can be used to group profiles.

customId
string

If mappedExternal is set to FALSE in OAuth settings, this field is required.

Responses

Request samples

Content type
application/json
{
  • "accessToken": "string",
  • "apiKey": "string",
  • "uuid": "07243772-008a-42e1-ba37-c3807cebde8f",
  • "deviceId": "string",
  • "agreements": {
    },
  • "attributes": { },
  • "tags": [
    ],
  • "customId": "string"
}

Response samples

Content type
application/json
{
  • "token": "eyJhbGciOiinvalidI6IkFQSSIsInJsbSI6ImNsaWVudCIsImN0ZCI6MTUyODM1NTgzMjEzOCwiZW1sIjoia3J6eXN6dG9mLmN6ZXJlcGFrQGdtYWlsLmNvbSIsImlzcyI6IlN5bmVyaXNlIiwiYnBpIjo1OTQsImNsSWQiOjUyNTQ0NjU3NCwinvalidx2XwJp-QBZ94d_EEKf41KtDCE33KhP_vTAYrs-JzbnIHgKRvG6ZRwsNOL8OTnbfbUZH4XYaqBB_tZTPPKfzHutP6GEGp7PLtu2E92JbChkVyrn8VCQ5v4z2e1-zsdgbmWcQk2g9RydaydO6NYO55suT3Hz2ZRv0AYLsG8rM1biZGdREWx9OaknVVuIo2ivehBiukL7VQ6Bu8ugjep3mn-z666a-nCMh6ZuASiQ6Geq0NSWmdDQIoCa5Hg44KzMfGRlCR2uKBXeHTD0SkwJ1VJM0sHNKwSfMXKpaX8OJ5wUJpgCzDzQwKVgxgWFp4eO_sbcvxWrpI7W0lfdCy1WKirnZ6Uh3uJ06v97GQDAQqVgBZFEpS47MrGZhTNuAG4ZbfYO7yyxVO8AHQbEC-UvZ-8DC1XZjvQ6S1uNqQIlVGcthnrxg8K6vKVhNzu6ifQI0bbsCl8bGsKkXOEK1pKR3ekckcSjNeeY2LrcdXs8F2gtkm0TjXU"
}

Authenticate with Sign in with Apple Deprecated

Obtain a new JWT token by using Sign in with Apple authentication token.

  • This method does not require a Synerise authorization token.
Request Body schema: application/json
accessToken
string

Apple token

apiKey
string

Profile API key (same as for Profile login)

uuid
string

UUID of the Profile. It is a unique identifier.

deviceId
string

Unique Android or iOS device ID

object

This object contains the marketing agreements of the Profile.

You can also pass the values as strings ("true";"True"/"false";"False") or integers (1 for true and 0 for false).

object

This object contains custom attributes that can have any name (except for reserved attributes, see warning below) and data type, as required by your integration.

If you want to send a date/time attribute for use in analytics, take the following into account:

  • The date/time should be formatted according to ISO 8601.
  • The time zone of the workspace affects dates/times in the attributes that DON'T have a defined timezone. Example:
    • 2023-10-09T12:00:00 doesn't have a timezone indicator and will be considered as a time in the workspace's time zone.
    • 2023-10-09T12:00:00+02:00 has a timezone indicator (+02:00), so the timezone of the workspace doesn't affect it.
    • 2023-10-09T12:00:00Z is a time in the UTC time zone (denoted by the Z at the end), so the timezone of the workspace doesn't affect it.

WARNING: Some attributes are reserved and cannot be sent. If you send them, they are ignored.

Click to expand the list of reserved attributes email
clientId
phone
customId
uuid
firstName
lastName
displayName
company
address
city
province
zipCode
countryCode
birthDate
sex
avatarUrl
anonymous
agreements
tags
businessProfileId
time
ip
source
newsletter_agreement
custom_identify
firstname
lastname
created
updated
last_activity_date
birthdate
external_avatar_url
displayname
receive_smses
receive_push_messages
receive_webpush_messages
receive_btooth_messages
receive_rfid_messages
receive_wifi_messages
confirmation_hash
ownerId
zipCode
anonymous_type
country_id
geo_loc_city
geo_loc_country
geo_loc_as
geo_loc_country_code
geo_loc_isp
geo_loc_lat
geo_loc_lon
geo_loc_org
geo_loc_query
geo_loc_region
geo_loc_region_name
geo_loc_status
geo_loc_timezone
geo_loc_zip
club_card_id
type
confirmed
facebookId
status
tags
Array of strings

Tags can be used to group profiles.

Responses

Request samples

Content type
application/json
{
  • "accessToken": "EAAfsMmaWLW0BAOZAqSoh8ZB5y2ZAixtSrlvvq3fpWGlcrfcoWOiAwBCZBpBDlzwHFSZB58nUBjOz2UMuopO7p2Q65QU1ZAiB2XaxRzje0bBd7Tu87f6C2pcoZAP65agWAF0ElZCNyKn4iAtFd9RhppkwU9ll0AokBZBnDroZCIaxE3IHSWGtE567AUrXkZAsQEjYsZAZAcYx0ki1w7XUToy9Wps9NA0OuBdMhruB3htuiukwOFAZDZD",
  • "apiKey": "5AEAA3D5-E147-C7EB-invalid",
  • "uuid": "91b8e035-dca3-4805-8915-2cfb01d31fde",
  • "deviceId": "deviceId",
  • "agreements": {
    },
  • "attributes": {
    }
}

Response samples

Content type
application/json
{
  • "token": "eyJhbGciOiinvalidI6IkFQSSIsInJsbSI6ImNsaWVudCIsImN0ZCI6MTUyODM1NTgzMjEzOCwiZW1sIjoia3J6eXN6dG9mLmN6ZXJlcGFrQGdtYWlsLmNvbSIsImlzcyI6IlN5bmVyaXNlIiwiYnBpIjo1OTQsImNsSWQiOjUyNTQ0NjU3NCwinvalidx2XwJp-QBZ94d_EEKf41KtDCE33KhP_vTAYrs-JzbnIHgKRvG6ZRwsNOL8OTnbfbUZH4XYaqBB_tZTPPKfzHutP6GEGp7PLtu2E92JbChkVyrn8VCQ5v4z2e1-zsdgbmWcQk2g9RydaydO6NYO55suT3Hz2ZRv0AYLsG8rM1biZGdREWx9OaknVVuIo2ivehBiukL7VQ6Bu8ugjep3mn-z666a-nCMh6ZuASiQ6Geq0NSWmdDQIoCa5Hg44KzMfGRlCR2uKBXeHTD0SkwJ1VJM0sHNKwSfMXKpaX8OJ5wUJpgCzDzQwKVgxgWFp4eO_sbcvxWrpI7W0lfdCy1WKirnZ6Uh3uJ06v97GQDAQqVgBZFEpS47MrGZhTNuAG4ZbfYO7yyxVO8AHQbEC-UvZ-8DC1XZjvQ6S1uNqQIlVGcthnrxg8K6vKVhNzu6ifQI0bbsCl8bGsKkXOEK1pKR3ekckcSjNeeY2LrcdXs8F2gtkm0TjXU"
}

Authenticate with Sign in with Apple without registration Deprecated

Use an Apple token to obtain a Profile JWT. This method does not create a Profile in Synerise.

  • This method does not require a Synerise authorization token.
Request Body schema: application/json
accessToken
string

Apple token

apiKey
string

Profile API key (same as for Profile login)

uuid
string

UUID of the Profile. It is a unique identifier.

deviceId
string

Unique Android or iOS device ID

object

This object contains the marketing agreements of the Profile.

You can also pass the values as strings ("true";"True"/"false";"False") or integers (1 for true and 0 for false).

object

This object contains custom attributes that can have any name (except for reserved attributes, see warning below) and data type, as required by your integration.

If you want to send a date/time attribute for use in analytics, take the following into account:

  • The date/time should be formatted according to ISO 8601.
  • The time zone of the workspace affects dates/times in the attributes that DON'T have a defined timezone. Example:
    • 2023-10-09T12:00:00 doesn't have a timezone indicator and will be considered as a time in the workspace's time zone.
    • 2023-10-09T12:00:00+02:00 has a timezone indicator (+02:00), so the timezone of the workspace doesn't affect it.
    • 2023-10-09T12:00:00Z is a time in the UTC time zone (denoted by the Z at the end), so the timezone of the workspace doesn't affect it.

WARNING: Some attributes are reserved and cannot be sent. If you send them, they are ignored.

Click to expand the list of reserved attributes email
clientId
phone
customId
uuid
firstName
lastName
displayName
company
address
city
province
zipCode
countryCode
birthDate
sex
avatarUrl
anonymous
agreements
tags
businessProfileId
time
ip
source
newsletter_agreement
custom_identify
firstname
lastname
created
updated
last_activity_date
birthdate
external_avatar_url
displayname
receive_smses
receive_push_messages
receive_webpush_messages
receive_btooth_messages
receive_rfid_messages
receive_wifi_messages
confirmation_hash
ownerId
zipCode
anonymous_type
country_id
geo_loc_city
geo_loc_country
geo_loc_as
geo_loc_country_code
geo_loc_isp
geo_loc_lat
geo_loc_lon
geo_loc_org
geo_loc_query
geo_loc_region
geo_loc_region_name
geo_loc_status
geo_loc_timezone
geo_loc_zip
club_card_id
type
confirmed
facebookId
status
tags
Array of strings

Tags can be used to group profiles.

Responses

Request samples

Content type
application/json
{
  • "accessToken": "string",
  • "apiKey": "string",
  • "uuid": "07243772-008a-42e1-ba37-c3807cebde8f",
  • "deviceId": "string",
  • "agreements": {
    },
  • "attributes": { },
  • "tags": [
    ]
}

Response samples

Content type
application/json
{
  • "token": "eyJhbGciOiinvalidI6IkFQSSIsInJsbSI6ImNsaWVudCIsImN0ZCI6MTUyODM1NTgzMjEzOCwiZW1sIjoia3J6eXN6dG9mLmN6ZXJlcGFrQGdtYWlsLmNvbSIsImlzcyI6IlN5bmVyaXNlIiwiYnBpIjo1OTQsImNsSWQiOjUyNTQ0NjU3NCwinvalidx2XwJp-QBZ94d_EEKf41KtDCE33KhP_vTAYrs-JzbnIHgKRvG6ZRwsNOL8OTnbfbUZH4XYaqBB_tZTPPKfzHutP6GEGp7PLtu2E92JbChkVyrn8VCQ5v4z2e1-zsdgbmWcQk2g9RydaydO6NYO55suT3Hz2ZRv0AYLsG8rM1biZGdREWx9OaknVVuIo2ivehBiukL7VQ6Bu8ugjep3mn-z666a-nCMh6ZuASiQ6Geq0NSWmdDQIoCa5Hg44KzMfGRlCR2uKBXeHTD0SkwJ1VJM0sHNKwSfMXKpaX8OJ5wUJpgCzDzQwKVgxgWFp4eO_sbcvxWrpI7W0lfdCy1WKirnZ6Uh3uJ06v97GQDAQqVgBZFEpS47MrGZhTNuAG4ZbfYO7yyxVO8AHQbEC-UvZ-8DC1XZjvQ6S1uNqQIlVGcthnrxg8K6vKVhNzu6ifQI0bbsCl8bGsKkXOEK1pKR3ekckcSjNeeY2LrcdXs8F2gtkm0TjXU"
}

Refresh a Profile token Deprecated

Retrieve a refreshed JWT Token to prolong the Profile session.

The current token must still be active at the time of the request.


  • API consumers who can use this method: Profile (formerly client), Anonymous profile (formerly client)

  • This method does not require a Synerise authorization token.

Authorizations:

Responses

Request samples

curl --request GET 
  --url https://api.synerise.com/sauth/auth/refresh/client 
  --header 'Authorization: Bearer _YOUR_JWT_TOKEN_'

Response samples

Content type
application/json
{
  • "token": "eyJhbGciOiinvalidI6IkFQSSIsInJsbSI6ImNsaWVudCIsImN0ZCI6MTUyODM1NTgzMjEzOCwiZW1sIjoia3J6eXN6dG9mLmN6ZXJlcGFrQGdtYWlsLmNvbSIsImlzcyI6IlN5bmVyaXNlIiwiYnBpIjo1OTQsImNsSWQiOjUyNTQ0NjU3NCwinvalidx2XwJp-QBZ94d_EEKf41KtDCE33KhP_vTAYrs-JzbnIHgKRvG6ZRwsNOL8OTnbfbUZH4XYaqBB_tZTPPKfzHutP6GEGp7PLtu2E92JbChkVyrn8VCQ5v4z2e1-zsdgbmWcQk2g9RydaydO6NYO55suT3Hz2ZRv0AYLsG8rM1biZGdREWx9OaknVVuIo2ivehBiukL7VQ6Bu8ugjep3mn-z666a-nCMh6ZuASiQ6Geq0NSWmdDQIoCa5Hg44KzMfGRlCR2uKBXeHTD0SkwJ1VJM0sHNKwSfMXKpaX8OJ5wUJpgCzDzQwKVgxgWFp4eO_sbcvxWrpI7W0lfdCy1WKirnZ6Uh3uJ06v97GQDAQqVgBZFEpS47MrGZhTNuAG4ZbfYO7yyxVO8AHQbEC-UvZ-8DC1XZjvQ6S1uNqQIlVGcthnrxg8K6vKVhNzu6ifQI0bbsCl8bGsKkXOEK1pKR3ekckcSjNeeY2LrcdXs8F2gtkm0TjXU"
}