The EDI Identity and Access Manager (IAM) provides an REST API for managing access to resources within the EDI Data Repository ecosystem. The API enables client applications to search for user identities, manage groups and group memberships, resources and access control rules.
The API follows REST principles with JSON request/response payloads. All endpoints require authentication via bearer tokens or API keys. The API supports standard HTTP methods (GET, POST, PUT, DELETE) and returns appropriate status codes. Responses include detailed error messages for troubleshooting.
- Parameters - API Parameter Details
- Profiles - Manage user profiles
- Resources - Manage resources
- Rules - Manage the ACRs for resources
- EML - Manage EML documents and associated ACRs
- Groups - Manage groups and group members
- Search - Search for profiles and groups
- Tokens and API keys - Manage tokens and API keys
Parameters (parameters.md): Documents common parameters, data types, and conventions used across all API endpoints. Includes details on query parameters, request bodies, response formats, filtering syntax, and error codes. Serves as a reference for consistent API usage.
Profiles API (profile.md): Manages user profiles and identities in the EDI system. Provides endpoints for creating, retrieving, updating, and deleting user accounts.
Resources API (resource.md): Manages the resources which in the authorization hierarchy. Provides endpoints to create, update, delete, and query resources and their associated permissions. Resources represent data packages, collections, or other entities that require access control.
Rules API (rule.md): Configures and maintains Access Control Rules (ACRs) that determine who can access specific resources. Provides endpoints to create, modify, and delete rules. Rules define permissions (read, write, changePermission) for users and groups on specific resources.
EML API (eml.md): Manages Ecological Metadata Language (EML) documents and their associated ACRs. Provides specialized endpoints for importing EML metadata and automatically creating corresponding resources with appropriate access controls.
Groups API (group.md): Manages user groups and group memberships. Provides endpoints to create groups, add/remove members, and query group memberships. Groups simplify permission management by allowing ACRs to target collections of users rather than individuals.
Search API (search.md): Enables discovery of profiles and groups through search queries.
Tokens and API Keys (token.md): Manages authentication tokens and long-lived API keys. Provides endpoints to generate, refresh, revoke, and inspect tokens.