You are viewing the documentation for an outdated or unreleased devel version.
This page is also available in versions: 7.3, 7.4, 7.5, 7.6, 7.7, 7.8, 8.0, 8.1, 9.0, 9.1, 9.2, 9.3, 9.4, 9.5, 9.7 (current), devel

API Reference

Name Base path Description
Identity /api/v1/identities Working with identities/users
Role /api/v1/roles Working with roles
Role change request /api/v1/role-requests Working with request for change assigned roles on identity
Role concept /api/v1/concept-role-requests Create individual role concept for Role change request


Basic rules The API for CzechIdM is based on the REST principles. To use the API, you must be authenticated to CzechIdM.

  • GET - Obtain an object or a list of objects
  • POST - Creates an object
  • PUT - Updates the object - overwrites the whole object
  • DELETE - Delete an object
  • GET /api/v1/identities/ - Gets a list of all identities
  • GET /api/v1/identities/john_doe - acquires the "john_doe" identity entity


  • POST /api/v1/identities/ - Creates a new identity
  • POST /api/v1/identities/john_doe - returns 405
  • PUT /api/v1/identities/john_doe - identity change john_doe, if there is no error returned 404
  • DELETE /api/v1/identities/john_doe - deleting identity john_doe, if there is no error returned 404

API uses three basic URL levels

  • /api/v1/identities/john_doe
    • entity detail with convention /api/v1/identities/${backendId} - where ${backendId} is entity uuid identifier or unique code, if entity supports Codeable interface.
  • /api/v1/identities/john_doe/accounts/1
    • sub entity detail
  • /api/v1/identities/john_doe/accounts/1/attribute/homeDirectory

The default data format returned by the application interface is JSON. The change can be done in the HTTP request header.

  • Accept: application / json

Supported formats:

  • JSON - default format

Date format (iso-8601):

  • yyyy-MM-dd - date
  • yyyy-MM-dd'T'HH: mm: ss.SSS'Z'- date including time
  • 200 OK - The request was processed correctly.
  • 201 Created - The request was processed correctly and the object was created.
  • 202 Accepted - The request has been accepted correctly but has not yet been processed.
  • 204 OK - The request was processed correctly and the operation returns no response (eg delete operation)
  • 400 Bad Request - The request is not correct or all parameters are not entered.
  • 401 Unauthorized - Authentication error or user not authorized to perform this operation.
  • 403 Forbidden - Access denied.
  • 404 Not Found - Not Found.
  • 400 (405) 'Method Not Allowed - The requested method is not supported for the selected object type. This code is currently not supported. In this case, code 400 is returned with Method Not Allowed.
  • 409 Object already exists - The created object already exists. This value returns the server if someone attempts to create an object of the same type with an existing name.
  • 500 Internal server error - Internal server error