API Endpoints
Since ClearID is a microservice architecture, it's not one single API endpoint that contains all the different possible REST API.
Different type of functionalities have different API Endpoints; creating a new Identity/Cardholder isn't the same API endpoint that create a location under a site.
Behind the scene, it's probably not even the same machine that will process the API call.
ClearID Endpoints | Description | API Details |
|---|---|---|
Secure Token Service (STS) | The service is responsible to authenticate computers and return the Token required to call any other ClearID API endpoints. It's a standard OAuth endpoint. | Dev environment: Production: |
Identity Service | An Identity represents usually an employees or a contractor that has an access Control card.
| Dev environment: Production: |
Search Service | Search service can allow users to search different type of entities in the system based on different criteria.
| Dev environment: Production: |
Location Service | A location represents a physical area where you want to grant access to someone (identity) or a group of people(Role) for a certain period of time or permanently.
| Dev environment: Production: |
Site Service | A site represent a building or a campus that is composed of one or multiple locations. A Site is link to an address and one Security Center system that manage the access for that site. | Dev environment: Production: |
Role Service | A role/team represent people sharing access to the same locations in the system. A Role is represented as a cardholder group is Synergis.
| Dev environment: Production: |
Visit Request Service | A visit request must be created to invite visitors on a site. It specifies the list of guest, host, date&Time, sites, location. This endpoint is designed to invite visitors on a site. | Dev environment: Production: |
Role Provisioning Policy Service | A provisioning policy manages the identities that are part of a role based on the identities' attributes. | Dev environment: Production: |
Principal Service | The principals allows the authentication to the ClearID API endpoints | Dev environment: Production: |
Account ID in all API calls
Account ID is always a mandatory parameter
An important concept to understand is the fact that ClearID is a multi-tenant service. Each time an API request, you must specify on which ClearID account you are attempting the request and the system will very that you have the permission on this account.In every API call you will see the accountId as a required parameter. This account ID is immutable and be identified in the URI of the web interface
https://demo.clearid.io/abc12exd/... -> The account ID is: abc12exd
https://portal.clearid.io/yxwemsoer/.... -> The account ID is: yxwemsoer
Read base API URL from the JSON configuration file
As a good practice, you should put the the base URL of the API endpoints you are using in a configuration file instead of directly in the code to avoid having to recompile the code once you move from a development to a production account.
Updated 8 months ago