Authorization (RBAC)
For general information about RBAC, check out this link.
The following endpoint is the base url for the APIs below.
1
https://service.mobingi.com/m/auth/rbac/
Copied!

List permissions

List all permissions supported by RBAC in all namespaces. For reference, supported permissions can be found here.
Request
1
GET /permissions HTTP1.1
2
authorization: Bearer {token}
Copied!
Response
1
HTTP/1.1 200 OK
2
3
[
4
{
5
"namespace":"wave",
6
"permissions":[
7
"Admin",
8
"ModifySettings",
9
"..."
10
]
11
},
12
{
13
"namespace":"ripple",
14
"permissions":[
15
"Admin"
16
]
17
}
18
]
Copied!

Create role

During role creation, if your permissions list contains an Admin entry, all other entries will be discarded except Admin.
Roles are root user-level. That means all roles created by the root user, or any subuser that has permissions to create roles, are available to all subusers.
Request
1
POST /roles HTTP1.1
2
authorization: Bearer {token}
3
content-type: application/json
4
5
{
6
"name":"testrole",
7
"namespace":"wave",
8
"permissions":[
9
"ModifySettings",
10
"ViewSettings",
11
...
12
]
13
}
Copied!
Role names should have at least 6 characters in length and 32 characters maximum. It should also be alphanumeric. Hyphens and underscores are allowed in between. The regular expression used for validation is below:
1
^[A-Za-z0-9][A-Za-z0-9_-]*[A-Za-z0-9]$
Copied!
Response
1
HTTP/1.1 200 OK
2
3
{
4
"name":"testrole",
5
"namespace":"wave",
6
"permissions":[
7
"ModifySettings",
8
"ViewSettings",
9
...
10
]
11
}
Copied!

List roles

Request
1
GET /roles?namespace={namespace} HTTP1.1
2
authorization: Bearer {token}
Copied!
The {namespace} parameter is optional. If not provided, all roles will be returned.
Response
1
HTTP/1.1 200 OK
2
3
[
4
{
5
"name": "testrole",
6
"namespace": "wave",
7
"permissions": [
8
"ModifySettings",
9
"ViewSettings",
10
"ModifyAccountSettings"
11
]
12
},
13
{
14
"name": "waveAdmin",
15
"namespace": "wave",
16
"permissions": [
17
"Admin"
18
]
19
},
20
...
21
]
Copied!

Update role

Update role. If role name is different, rename mapped role name.
Request
1
PATCH /roles/{namespace}/{rolename} HTTP1.1
2
authorization: Bearer {token}
3
content-type: application/json
4
5
{
6
"namespace":"wave",
7
"permissions":[
8
"ModifySettings",
9
"ViewSettings",
10
...
11
]
12
}
Copied!
Response
1
HTTP/1.1 200 OK
2
3
{
4
"name": "testrole",
5
"namespace":"wave",
6
"permissions":[
7
"ModifySettings",
8
"ViewSettings",
9
...
10
]
11
}
Copied!

Delete role

Delete role. Deleting a role will also remove all mappings.
Request
1
DELETE /roles/{namespace}/{rolename} HTTP1.1
2
authorization: Bearer {token}
Copied!

Map roles to user

You can only map (or attach) up to 5 roles to a user per namespace. There is no limit for filtering rules per user.
Valid values for type for filtering rules:
Namespace
Value
wave
linkAcct, group, tags
ripple
billingGroup
Request
1
POST /userroles HTTP1.1
2
authorization: Bearer {token}
3
content-type: application/json
4
5
{
6
"user_id":"subuser1",
7
"roles":[
8
{
9
"namespace":"wave",
10
"role": "somerole",
11
},
12
...
13
]
14
}
Copied!
Response
1
HTTP/1.1 200 OK
2
3
{
4
"success":[
5
"somerole"
6
],
7
"failed":[],
8
"filters":[]
9
}
Copied!

List user role mappings

Request
For this endpoint, the returned role mappings are those attached to the caller.
1
GET /userroles HTTP1.1
2
authorization: Bearer {token}
Copied!
For listing role mappings of other subusers, use this endpoint.
1
GET /{subuser}/userroles HTTP1.1
2
Authorization: Bearer {token}
Copied!
{subuser} is the subuser name.
Response
1
HTTP/1.1 200 OK
2
3
[
4
{
5
"root_user":"58c2297d25645",
6
"sub_user":"subuser01",
7
"namespace":"wave",
8
"role":"testrole1"
9
},
10
{
11
"root_user":"58c2297d25645",
12
"sub_user":"subuser02",
13
"namespace":"wave",
14
"filter":"billingGroup:2222"
15
},
16
...
17
]
Copied!

List user permissions

Retrieve all permissions to all roles attached to the {subuser}.
Request
1
GET /{subuser}/permissions HTTP1.1
2
authorization: Bearer {token}
Copied!
Response
1
HTTP/1.1 200 OK
2
3
[
4
{
5
"namespace":"wave",
6
"permissions":[
7
"Admin",
8
"ModifySettings",
9
"..."
10
]
11
},
12
{
13
"namespace":"ripple",
14
"permissions":[
15
"Admin"
16
]
17
}
18
]
Copied!

Update map roles to user

You can only update map (or attach) up to 5 roles to a user per namespace. There is no limit for filtering rules per user.
Valid values for type for filtering rules:
Namespace
Value
wave
linkAcct, group, tags
ripple
billingGroup
This method replaces subuser's all roles to information in the request body.
Request
1
PATCH /userroles HTTP1.1
2
authorization: Bearer {token}
3
content-type: application/json
4
5
{
6
"roles":[
7
{
8
"namespace":"wave",
9
"role": "somerole",
10
},
11
...
12
]
13
}
Copied!
1
PATCH /{subuser}/userroles HTTP1.1
2
authorization: Bearer {token}
3
content-type: application/json
4
5
{
6
"roles":[
7
{
8
"namespace":"wave",
9
"role": "somerole",
10
},
11
...
12
]
13
}
Copied!
{subuser} is the subuser id.
Response
1
HTTP/1.1 200 OK
2
3
{
4
"success":[
5
"somerole"
6
],
7
"failed":[],
8
"filters":[]
9
}
Copied!
Last modified 5mo ago