- Created by Karolin Hemmingsson, last modified by Ann Base on Jun 10, 2022
This article describes the Identity Manager Process REST API which can be used to control processes in Smart ID Identity Manager.
The API provides a simple RESTful interface for starting and proceeding processes and for exchanging data with it. The Identity Manager Process REST API is part of the Identity Manager main application and will be available automatically after starting the server that hosts the application.
How to use the Identity Manager Process REST API
See the following topics for more information on how to use the Identity Manager Process REST API:
The REST API is secured by default. Therefore it is not possible for intruders to access data and functionality of the REST interface. The default configuration uses our internal authentication profile to authenticate the user and to perform the authorization.
By default, the HTTP Basic Authentication is used. The client calling our service is responsible to fill the Authorization Header of the HTTP request.
Never use the HTTP Basic Authentication without securing the communication channel using SSL, so make sure you access the server using HTTPS.
To configure the authentication process and the security settings, see the Spring Security filter settings in the security-beans.xml.
The root context is the base context for all webservice requests. Specific requests must construct a path consisting of this base context plus the specific functionality.
context | URL |
---|---|
root context with https | [root_context] = https://[host]:[port]/[application_name]/ws |
process interface | [root_context]/processes/ |
task interface | [root_context]/tasks/ |
tenant selection |
Depending on the configuration of your server and authorization mechanism, the protocol can be HTTP or HTTPS. For more information, see the previous section.
Make sure you specify the right port for your application server.
To select the tenant id, append the tenant id to the URL, that is, the primary key of the tenant in the database:
- [URL]?tenantId=xxx
http://myServer:8080/idm-operator/ws/processes/MyProcess/start?tenantId=1234
By default, no secrets are resolved when querying for example the data map of a certain process step.
If the user which calls the REST API has the EXECUTION permission api.resolveSecrets
, which can be defined in the designer, then secrets are resolved. The field is the same as the one which would contain the UUID
of the secretFieldStore
, for example Person_PasswordRef
.
To run a command on a specific task, you will need a taskId
.
To find the taskId
, look up the value of the id
attribute of the specific process in the BPMN 2.0 process definition, in the file process.xml.
Or, if you rather want to get the information from the database, look into the table ACT_RU_TASK in the column Task_Def_Key_. Don´t use ID_.
Available commands
Start process
Description
Starts the process defined by processDefinitionKey
.
URL
[root_context]/processes/{processDefinitionKey}/start?tenantId=xxx
where processDefinitionKey
is the ID of the BPMN process.
Method
POST
Content Type
application/xml
Header Parameters
Parameter | Description | Required or Optional |
---|---|---|
Authorization | To pass authentication information to the server, we use the HTTP basic authentication. The authorization information is passed as HTTP header parameter in the form username:password Base64 encoded (admin:admin in the following example): Authorization: Basic YWRtaW46YWRtaW4= | Required |
Accept-Language | If the exception which can occur on the server is translatable you can determine the output language of the exception message with this parameter: Accept-Language: en | Optional |
Request Parameters
Multiple Request Parameters can be concatenated with "&"
Parameter | Description | Required or Optional |
---|---|---|
?searchConfigName=myName | This query parameter identifies the search configuration for searching for one core object. | Optional |
?tenantId=myTenant | This query parameter identifies the tenant for which the process should be started. This information is also used to authenticate the user (depending on the authorization mechanism). | Required |
?requiredUserTask=myTask | This query parameter identifies a user task task has to be present in the given top-level process for the process to be started. | Optional |
Body
The request body can be used to fill the data map for the process which shall be started. The form should be like:
<data> <field name="BaseDpEmployee_FirstName">Max</field> <field name="BaseDbEmployee_Photo">{base64EncodedPhoto}</field> </data>
Response
Possible response codes:
Status Code | Description |
---|---|
200 | OK |
400 | Bad Request: see RestError in response body for details |
401 | Unauthorized: no valid authentication provided |
403 | Forbidden: the user does not have the permissions to execute/acccess the user task |
500 | Internal Server Error: see RestError in response body for details |
Example responses
process definition [myProcess] with required user-task [myTask] does not exist
<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <restError> <message>No core template with name "null" was found.</message> </restError>
<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <process instanceId="4711"/>
Execute task
Description
Executes a task for a process instance. The process instance for which the task should be executed is given by the passed processInstanceId. The task to execute is given by the passed task id.
URL
[root_context]/tasks/{processInstanceId}/{taskId}?tenantId=xxx
To find the task id, look up the id of the task in the BPMN 2.0 process definition.
Method
POST
Content Type
application/xml
Header Parameters
Parameter | Description | Required or Optional |
---|---|---|
Authorization | To pass authentication information to the server, we use the HTTP basic authentication. The authorization information is passed as HTTP header parameter in the form username:password Base64 encoded (admin:admin in the following example): Authorization: Basic YWRtaW46YWRtaW4= | Required |
Accept-Language | If the exception which can occur on the server is translatable you can determine the output language of the exception message with this parameter: Accept-Language: en | Optional |
Response
Possible response codes:
Status Code | Description |
---|---|
200 | OK |
400 | Bad Request: see RestError in response body for details |
401 | Unauthorized: no valid authentication provided |
403 | Forbidden: the user does not have the permissions to execute/acccess the user task |
500 | Internal Server Error: see RestError in response body for details |
Example responses
<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <restError> <message>No core template with name "null" was found.</message> </restError>
<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <process instanceId="4711"/>
Obtain task data
Description
Obtains the data map a the start of a task for a given process instance. The process instance is given by the parameter processInstanceId
. The task which data has to be obtained is given by the passed taskId
.
URL
[root_context]/tasks/{processInstanceId}/{taskId}/data?tenantId=xxx
Method
GET
Header Parameters
Parameter | Description | Required or Optional |
---|---|---|
Authorization | To pass authentication information to the server, we use the HTTP basic authentication. The authorization information is passed as HTTP header parameter in the form username:password Base64 encoded (admin:admin in the following example): Authorization: Basic YWRtaW46YWRtaW4= | Required |
Accept-Language | If the exception which can occur on the server is translatable you can determine the output language of the exception message with this parameter: Accept-Language: en | Optional |
Example response
<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <data> <field name="Person_Email">max.muster@nexusgroup.de</field> <field name="Person_FirstName">Max</field> <field name="Person_Id">5678</field> <field name="Person_LastName">Muster</field> <field name="Meta_CoreTemplateName_Person">Person</field> <field name="Person_PersonnelNumber">123456</field> </data>
Start process, poll for data and execute task
Description
This command will start a process. The process is expected to reach a user task without further interaction. Also,the user task is intended merely as a waiting point and must not make any changes. The command will try to fetch the process data before the user task and then execute the user task (like clicking "Next").
URL
[root_context]/processes/{processDefinitionKey}/startGetDataAndExecute/{taskId}?tenantId=xxx
where processDefinitionKey
is the ID of the BPMN process and taskId
is the ID of the user task at which to get the data and which to execute.
To find the task id, look up the id of the task in the BPMN 2.0 process definition.
Method
POST
Content Type
application/xml
Header Parameters
Parameter | Description | Required or Optional |
---|---|---|
Authorization | To pass authentication information to the server, we use the HTTP basic authentication. The authorization information is passed as HTTP header parameter in the form username:password Base64 encoded (admin:admin in the following example): Authorization: Basic YWRtaW46YWRtaW4= | Required |
Accept-Language | If the exception which can occur on the server is translatable you can determine the output language of the exception message with this parameter: Accept-Language: en | Optional |
Request Parameters
Multiple Request Parameters can be concatenated with "&"
Parameter | Description | Required or Optional |
---|---|---|
?searchConfigName=myName | This query parameter identifies the search configuration for searching for one core object. | Optional |
?tenantId=myTenant | This query parameter identifies the tenant for which the process should be started. This information is also used to authenticate the user (depending on the authorization mechanism). | Required |
?maxAttempts=10 | This query parameter defines how often to poll for data at the given task before giving up. Minimum value: 1 | Required |
?interval=5000 | This query parameter defines the polling interval in msec. Minimum value: 100 | Required |
Body
The request body can be used to fill the data map for the process which shall be started. The form should be like:
<data> <field name="BaseDpEmployee_FirstName">Max</field> <field name="BaseDbEmployee_Photo">{base64EncodedPhoto}</field> </data>
Response
Possible response codes:
Status Code | Description |
---|---|
200 | OK |
400 | Bad Request: see RestError in response body for details |
401 | Unauthorized: no valid authentication provided |
403 | Forbidden: the user does not have the permissions to execute/acccess the user task |
500 | Internal Server Error: see RestError in response body for details |
Example responses
process definition [myProcess] with user-task [myTask] does not exist
maxAttempts must be at least 1
<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <restError> <message>All [10] data fetch attempts attempts with interval [5000]msec for task [myTask] of process [myProcessDefinition] failed. Process instance[4711] might be stuck!</message> </restError>
<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <restError> <message>No core template with name "null" was found.</message> </restError>
<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <data> <!-- note the additional field "RestError" compared to a successful response --> <field name="RestError>some error happened trying to execute the task</field> <field name="Person_Email">max.muster@nexusgroup.de</field> <field name="Person_FirstName">Max</field> <field name="Person_Id">5678</field> <field name="Person_LastName">Muster</field> <field name="Meta_CoreTemplateName_Person">Person</field> <field name="Person_PersonnelNumber">123456</field> </data>
<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <data> <field name="Person_Email">max.muster@nexusgroup.de</field> <field name="Person_FirstName">Max</field> <field name="Person_Id">5678</field> <field name="Person_LastName">Muster</field> <field name="Meta_CoreTemplateName_Person">Person</field> <field name="Person_PersonnelNumber">123456</field> </data>
Obtain task data and execute task if data available
Description
Obtains the data map at the start of a task for a given process instance. If data could be obtained, the task will then be executed (like clicking "Next"). The process instance is given by the parameter processInstanceId
. The task which data has to be obtained is given by the passed taskId
.
URL
[root_context]/tasks/{processInstanceId}/{taskId}/dataExec?tenantId=xxx
Method
POST
Header Parameters
Parameter | Description | Required or Optional |
---|---|---|
Authorization | To pass authentication information to the server, we use the HTTP basic authentication. The authorization information is passed as HTTP header parameter in the form username:password Base64 encoded (admin:admin in the following example): Authorization: Basic YWRtaW46YWRtaW4= | Required |
Accept-Language | If the exception which can occur on the server is translatable you can determine the output language of the exception message with this parameter: Accept-Language: en | Optional |
Response
If no data is available, you get the following status code:
Status Code | Description |
---|---|
204 | No Content |
Possible response codes:
Status Code | Description |
---|---|
200 | OK |
400 | Bad Request: see RestError in response body for details |
401 | Unauthorized: no valid authentication provided |
403 | Forbidden: the user does not have the permissions to execute/acccess the user task |
500 | Internal Server Error: see RestError in response body for details |
Example responses
no running process with instance id [4711] exists
no task [myTask] exists on process with instance id [4711]
<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <data> <!-- note the additional field "RestError" compared to a successful response --> <field name="RestError>some error happened trying to execute the task</field> <field name="Person_Email">max.muster@nexusgroup.de</field> <field name="Person_FirstName">Max</field> <field name="Person_Id">5678</field> <field name="Person_LastName">Muster</field> <field name="Meta_CoreTemplateName_Person">Person</field> <field name="Person_PersonnelNumber">123456</field> </data>
<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <data> <field name="Person_Email">max.muster@nexusgroup.de</field> <field name="Person_FirstName">Max</field> <field name="Person_Id">5678</field> <field name="Person_LastName">Muster</field> <field name="Meta_CoreTemplateName_Person">Person</field> <field name="Person_PersonnelNumber">123456</field> </data>
article is valid for Smart ID 22.04.1 and later.