Security API

Overview

The Security API is responsible for managing users, roles, groups, and devices. All relationships between users, roles groups, and devices are managed with the Security API. In an on-premises scenario, a PostgreSQL database is used for storing this data. In a cloud scenario, a variety of technologies are used, including Azure Active Directory, Azure IoT Hub, Azure DocumentDB, and Azure Tables.

Sub APIs

• – Intended for interacting with users
• – Intended for interacting with devices in IoT Hub/DocumentDB
• – Intended for interacting with user roles
• – Intended for interacting with groups of users or devices

IMS Scopes

Scopes let you specify exactly what type of access you need. Scopes limit access for OAuth tokens and do not grant additional permissions beyond what the user or resource owner already have.

• securityapi_all – Access to all endpoints, ideal and simple to use for trusted JCI back end services
• securityapi_register – Special scope to allow devices in the field to create themselves in IoT Hub and ideal to use in ‘device factories’
• securityapi_identity – Grants access to the Identity portion of the APIs and ideal to use for customer-facing websites or mobile devices
• securityapi_changepassword – Grants access to allow the user to change their account password
• securityapi_createuser #Developer: NOT USED(?) Grants access to create user
• securityapi_linkdevice #Developer: NOT USED(?) Grants access to link device to user
• securityapi_org – Grants MCA (multiple customer access) access to Org endpoints