Identity Service API
Auto-generated from NestJS controller decorators. Last synced: 2026-03-15
Base path: /api
Endpoints: 56
Api Keys
List API keys
GET
/api-keysBearer tokenuserIdstringquery parameter
Create a new API key
POST
/api-keysBearer tokenRequest Body: CreateApiKeyDto
namestringRequired—
userIdstringRequired—
Delete an API key
DELETE
/api-keys/:idBearer tokenidstringRequiredpath parameter
Audit Logs
List audit logs with filters
GET
/audit-logsBearer tokenqueryQueryAuditLogsDtoRequiredquery parameter
Create audit log entry (service-to-service only)
POST
/audit-logsBearer tokenRequest Body: CreateAuditLogDto
actorIdstringRequired—
actorType'user' | 'service' | 'system' | 'api_key'Required—
actionstringRequired—
resourcestringRequired—
resourceIdstring—
tenantIdstring—
correlationIdstring—
previousStateRecordstring, unknown—
newStateRecordstring, unknown—
metadataRecordstring, unknown—
descriptionstring—
Auth
Register a new user
POST
/auth/registerRequest Body: RegisterDto
emailstringRequired—
passwordstringRequired—
firstNamestringRequired—
lastNamestringRequired—
companyNamestring—
countrystring—
inviteTokenstring—
Login with email and password
POST
/auth/loginRequest Body: LoginDto
emailstringRequired—
passwordstringRequired—
mfaCodestring—
Refresh access token
POST
/auth/refreshRequest Body: RefreshTokenDto
refreshTokenstringRequired—
Logout current user
POST
/auth/logoutBearer tokenInitiate Google OAuth login
GET
/auth/oauth/googleGET /auth/oauth/google/callback
GET
/auth/oauth/google/callbackInitiate GitHub OAuth login
GET
/auth/oauth/githubGET /auth/oauth/github/callback
GET
/auth/oauth/github/callbackInitiate Microsoft OAuth login
GET
/auth/oauth/microsoftGET /auth/oauth/microsoft/callback
GET
/auth/oauth/microsoft/callbackService Auth
Issue a service-to-service JWT token
POST
/v1/auth/service-tokenRequest Body: ServiceTokenDto
serviceNamestringRequired—
serviceSecretstringRequired—
Gdpr
Export all personal data (GDPR Art. 20 — Data Portability)
GET
/users/me/exportBearer tokenRequest data erasure (GDPR Art. 17 — Right to be Forgotten)
DELETE
/users/me/eraseBearer tokenGet current consent status for all consent types
GET
/users/me/consentBearer tokenGet full consent change history
GET
/users/me/consent/historyBearer tokenRecord or update consent preference
POST
/users/me/consentBearer tokenRequest Body: RecordConsentDto
consentType'marketing' | 'analytics' | 'essential' | 'third_party'Required—
grantedbooleanRequired—
Health
Liveness probe
GET
/healthReadiness probe
GET
/readyPartner API
Create an OAuth2 client for partner API access
POST
/api/partner/clientsRequest Body: CreateOAuthClientDto
namestringRequired—
scopesstring[]Required—
rateLimitPerMinutenumber—
allowedIpsstring[]—
List all OAuth2 clients for this tenant
GET
/api/partner/clientsRevoke an OAuth2 client (deactivate without deleting)
POST
/api/partner/clients/:id/revokeidstringRequiredpath parameter
Permanently delete an OAuth2 client
DELETE
/api/partner/clients/:ididstringRequiredpath parameter
OAuth2 Client Credentials Grant — issue access token
POST
/api/partner/oauth/tokenRequest Body: OAuthTokenRequestDto
grant_typestringRequired—
client_idstringRequired—
client_secretstringRequired—
scopestring—
Roles
List all role definitions
GET
/rolesBearer tokenGet a role by ID
GET
/roles/:idBearer tokenidstringRequiredpath parameter
Create a new role definition
POST
/rolesBearer tokenRequest Body: CreateRoleDto
namestringRequired—
displayNamestringRequired—
descriptionstring—
categoryRoleCategory—
permissionsstring[]—
Update a role definition
PUT
/roles/:idBearer tokenidstringRequiredpath parameter
Request Body: UpdateRoleDto
displayNamestring—
descriptionstring—
permissionsstring[]—
isActiveboolean—
Delete a role definition (non-system only)
DELETE
/roles/:idBearer tokenidstringRequiredpath parameter
Get roles for a user (with full details)
GET
/roles/users/:userIdBearer tokenuserIdstringRequiredpath parameter
Assign roles to a user
POST
/roles/users/:userId/assignBearer tokenuserIdstringRequiredpath parameter
Request Body: AssignRolesDto
rolesstring[]Required—
Remove roles from a user
POST
/roles/users/:userId/removeBearer tokenuserIdstringRequiredpath parameter
Request Body: RemoveRolesDto
rolesstring[]Required—
Tenants
Create a new tenant
POST
/tenantsBearer tokenRequest Body: CreateTenantDto
namestringRequired—
type'customer' | 'partner' | 'internal'Required—
countrystringRequired—
configRecordstring, any—
List all tenants
GET
/tenantsBearer tokentypestringquery parameter
Get a tenant by ID
GET
/tenants/:idBearer tokenidstringRequiredpath parameter
Update a tenant
PATCH
/tenants/:idBearer tokenidstringRequiredpath parameter
Request Body: UpdateTenantDto
namestring—
type'customer' | 'partner' | 'internal'—
countrystring—
configRecordstring, any—
Delete a tenant
DELETE
/tenants/:idBearer tokenidstringRequiredpath parameter
Get the number of users in a tenant
GET
/tenants/:id/user-countBearer tokenidstringRequiredpath parameter
Get tenant settings
GET
/tenants/:id/settingsBearer tokenidstringRequiredpath parameter
Update tenant settings (partial)
PATCH
/tenants/:id/settingsBearer tokenidstringRequiredpath parameter
Request Body: UpdateSettingsDto
localestring—
timezonestring—
currencystring—
dateFormatstring—
maxUsersnumber—
maxInstancesnumber—
featuresTenantFeaturesDto—
brandingTenantBrandingDto—
Invite a user to this tenant
POST
/tenants/:id/invitesBearer tokenidstringRequiredpath parameter
Request Body: CreateInviteDto
emailstringRequired—
rolestring—
List invites for a tenant
GET
/tenants/:id/invitesBearer tokenidstringRequiredpath parameter
Revoke an invite
DELETE
/tenants/:id/invites/:inviteIdBearer tokenidstringRequiredpath parameter
inviteIdstringRequiredpath parameter
Validate an invite token (public)
GET
/tenants/invites/validate/:tokenBearer tokentokenstringRequiredpath parameter
Users
Get current user profile
GET
/users/meBearer tokenUpdate own profile (firstName, lastName)
PATCH
/users/meBearer tokenRequest Body: UpdateProfileDto
firstNamestring—
lastNamestring—
Change own password
POST
/users/me/change-passwordBearer tokenRequest Body: ChangePasswordDto
currentPasswordstringRequired—
newPasswordstringRequired—
List all users (admin, paginated)
GET
/usersBearer tokenqueryQueryUsersDtoRequiredquery parameter
Get a user by ID (admin)
GET
/users/:idBearer tokenidstringRequiredpath parameter
Update a user (admin)
PUT
/users/:idBearer tokenidstringRequiredpath parameter
Request Body: AdminUpdateUserDto
firstNamestring—
lastNamestring—
emailstring—
statusUserStatus—
rolesstring[]—
Deactivate (suspend) a user
POST
/users/:id/deactivateBearer tokenidstringRequiredpath parameter
Reactivate a user
POST
/users/:id/reactivateBearer tokenidstringRequiredpath parameter