/config/{app_id}/clients/{client_id}

API clients serve two major purposes: they make authenticated requests against the Janrain REST APIs, and they (or, more specifically, API clients that have the login_client feature set) authenticate users during login. The /config/{app_id}/clients/{client_id} endpoint enables you to:

  • Return information for a specific API client
  • Modify permissions for a specific API client
  • Delete a specific API client

This endpoint includes the following methods:


GET

Returns permission and metadata information for a specific API client, including:

  • _self. Configuration endpoint for the API client. For example, suppose your configuration domain is https://v1.api.us.janrain.com/and the _self value for a client is /config/htb8fuhxnf8e38jrzub3c7pfrr/clients/xj2dmg2mqsm6a8gx89cwn3fu929p4pd. Combining those two values gives you the configuration endpoint for managing that client (adding/modifying property values, deleting the client, etc.):

    https://v1.api.us.janrain.com/config/htb8fuhxnf8e38jrzub3c7pfrr/clients/xj2dmg2mqsm6a8gx89cwn3fu929p4pdm
     
  • _id.The API client ID.
  • _secret. The API client secret (i.e., client password). Client secrets should never be publicly exposed.
  • _settings. Configuration endpoint for the API client settings.
  • name. Name (and description) of the API client.
  • ipWhitelist. Collection of IP addresses allowed to interact with the client; for example, the address 192.168.1.0/24 allows access to IP addresses 192.168.10 through 192.168.1.255. The default value is 0.0.0.0/0, which allows access to all IP addresses.
  • features. Client features associated with this API client. Clients can be associated with more than one feature.

Your API call must have the owner permission in order to return client data.

Authentication

This endpoint supports Basic authentication. To create an authentication string, combine your API client ID, a colon (:), and your client secret into a single value. For example, if your client ID is abcdefg and your client secret is hijklmnop, that value would look like this:

abcdefg:hijklmnop

Next, take the string and base64 encode it.

For example, on a Mac, you can base encode the string using this command:

echo -n "abcdefg:hijklmnop" | base64

If you’re running Microsoft Windows, you can encode the string by using a Windows PowerShell command similar to this:

[Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes("abcdefg:hijklmn"))

The resulting value (e.g., YWJjZGVmZzpoaWprbG1ub3A=) should be used in your authentication header.

If you are making API calls using Postman, select Basic Auth as your identification type, then use the client ID as the username and the client secret as the password.

Make sure that your API client has the all the permissions (for example, the right to read user profile information) needed to complete the API call.

Base URL

The base URL for this endpoint is your Janrain Configuration API domain followed by /config/ followed by your application ID. For example, if you are in the US region and your application ID is htb8fuhxnf8e38jrzub3c7pfrr, then your base URL would be:


https://v1.api.us.janrain.com/config/htb8fuhxnf8e38jrzub3c7pfrr        

Allowed regions are:

  • us 
  • eu 
  • au 
  • sa 
  • cn

Sample Request (curl)

This command returns information about the API client with the client ID nmub5w3rru9k6rzupqaeb7bbwv6jn658:


curl -X GET \
   https://v1.api.us.janrain.com/config/htb8fuhxnf8e38jrzub3c7pfrr/clients/ nhjsdtjwvaytevc2w5sx42skggvjn7bu \
   -H 'Authorization: Basic aW1fYV...NfbXk='
          

Running Code Samples Using Postman

The Janrain REST API code samples are written using Curl, but they can easily be run from within Postman. To use one of our code samples in Postman:

  1. Click the Copy to Clipboard button located directly beneath the code sample
  2. In Postman, click Import to display the Import dialog box.
  3. In the Import dialog box, click Paste Raw Text, and then paste in the copied code. The Import dialog box should look similar to this:

  4. Click Import, and the Curl command will be converted to a format that can be run from within Postman. All you need to do now is configure the command to work with your Janrain implementation.

Responses

200 OK

If your call to this endpoint succeeds, you'll get back information for the specified API client:


{
   "_id": "nhjsdtjwvaytevc2w5sx42skggvjn7bu",
   "_secret": "343bf7reecgdskz4q3qphydw3cddy44sr2",
   "_self": "/config/73jzx34tnr5ruhsze494ssgz2b/clients/nhjsdtjwvaytevc2w5sx42skggvjn7bu",
   "_settings": "/config/73jzx34tnr5ruhsze494ssgz2b/clients/nhjsdtjwvaytevc2w5sx42skggvjn7bu/settings",
   "features": [
       "login_client"
    ],
   "ipWhitelist": [
        "0.0.0.0/0"
    ],
   "name": "This is a client description"
}
          

Error Codes

The following table includes information about some of the error codes that you could encounter when calling this endpoint.

Error Code

Description

401/403

Error Message: Authentication required.

You either failed to provide credentials or provided invalid credentials. This endpoint requires Basic authentication.

404

Error Message: Client ID not found.
Error Message: Application ID not found.

You did not provide a valid application and/or client ID.

If you encounter an error when calling this endpoint that error message will look similar to this:


{
   "errors": "Authentication required."
}
          


PUT

Updates permissions and settings for an existing API client.  To update an API client, you must specify the client properties in the request body of your API call. Those client properties include:

  • name. The only required property. If you do not specify a name your API call will fail.

  • ipWhitelist. JSON array of Classless Inter-Domain Routing IP addresses; only the addresses included on the whitelist will be able to interact with the client. If you do not include the ipWhitelist property then the value will automatically be set to 0.0.0.0/0, which allows any IP address to interact with the client. 
     
  • features. Specifies the client feature(or features) associated with the API client. Available feature sets include:
     
    • access_issuer. Issues access tokens scoped for use will all API clients.
    • direct_access. Has read/write access to all user records.
    • direct_read_access. Has read-only access to all user records.
    • login_client. Has read/write access to the user record for the current user. Login_clients are typically used for login and registration. Clients with the login_client feature cannot be associated with any other feature; for example, you cannot have a client that has both the login_client and, say, the direct_access features.
    • owner. Has full administrative access to the application.
    • Metadata. Does not update the lastUpdated attribute when updating other attributes in a user profile. For example, suppose the lastUpdated attribute has a value of 7/5/2018. On 7/12/2018, you use a property that has the metadata attribute to change the displayName in a user profile from Bob Johnson to Robert Johnson. The displayName will now be set to Robert Johnson. However, the lastUpdated attribute will still be set to 7/5/2018.

You do not have to assign a feature when you update a client. However, doing so deletes all existing features from the client. In turn, that client will not have permission to do anything until it has been assigned a feature.

Both ipWhitelist and features must be passed as JSON arrays. In a JSON array, individual values are enclosed in double quote marks and separated by using commas. In addition, the entire set of values is surrounded square brackets:


["access_issuer", "direct_access"]
          

Your API call must have owner permissions in order to update a new client.

Authentication

This endpoint supports Basic authentication. To create an authentication string, combine your API client ID, a colon (:), and your client secret into a single value. For example, if your client ID is abcdefg and your client secret is hijklmnop, that value would look like this:

abcdefg:hijklmnop

Next, take the string and base64 encode it.

For example, on a Mac, you can base encode the string using this command:

echo -n "abcdefg:hijklmnop" | base64

If you’re running Microsoft Windows, you can encode the string by using a Windows PowerShell command similar to this:

[Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes("abcdefg:hijklmn"))

The resulting value (e.g., YWJjZGVmZzpoaWprbG1ub3A=) should be used in your authentication header.

If you are making API calls using Postman, select Basic Auth as your identification type, then use the client ID as the username and the client secret as the password.

Make sure that your API client has the all the permissions (for example, the right to read user profile information) needed to complete the API call.

Base URL

The base URL for this endpoint is your Janrain Configuration API domain followed by /config/ followed by your application ID. For example, if you are in the US region and your application ID is htb8fuhxnf8e38jrzub3c7pfrr, then your base URL would be:


https://v1.api.us.janrain.com/config/htb8fuhxnf8e38jrzub3c7pfrr       

Allowed regions are:

  • us 
  • eu 
  • au 
  • sa 
  • cn

Sample Request (curl)

This command updates the API client with the client ID nmub5w3rru9k6rzupqaeb7bbwv6jn658. The client will be renamed Documentation Login Client and will have the login_client feature. Because the ipWhitelist property is not included, that value will be reset to the default value of 0.0.0.0/0. This means that any IP address can interact with the client.


curl -X PUT \
  https://v1.api.us.janrain.com/config/htb8fuhxnf8e38jrzub3c7pfrr/clients/2grgd9hc949kg7ehqzwzvjgvhddex3rb \
  -H 'Authorization: Basic aW1fYV...NfbXk=' \
  -H 'Content-Type: application/json' \
  -d '{    
     "name": "Documentation Login Client", 
     "features": ["login_client"] 
}'
          

Running Code Samples Using Postman

The Janrain REST API code samples are written using Curl, but they can easily be run from within Postman. To use one of our code samples in Postman:

  1. Click the Copy to Clipboard button located directly beneath the code sample
  2. In Postman, click Import to display the Import dialog box.
  3. In the Import dialog box, click Paste Raw Text, and then paste in the copied code. The Import dialog box should look similar to this:

  4. Click Import, and the Curl command will be converted to a format that can be run from within Postman. All you need to do now is configure the command to work with your Janrain implementation.

Responses

200 OK

If your API call succeeds, you'll get back the new property values for the API client:


{
   "_id": "3bchk5hsx6v58dkn288nbybmxfyk32u7",
   "_secret": "j383npa9g4hfdye9t5es72x8r374tdfh",
   "_self": "/config/73jzx34tnr5ruhsze494ssgz2b/clients/3bchk5hsx6v58dkn288nbybmxfyk32u7",
   "_settings": "/config/73jzx34tnr5ruhsze494ssgz2b/clients/3bchk5hsx6v58dkn288nbybmxfyk32u7/settings",
   "features": [
       "login_client"
    ],
   "ipWhitelist": [
       "0.0.0.0/0"
    ],
   "name": "Documentation Login Client"
}
          

Error Codes

The following table includes information about some of the error codes that you could encounter when calling this endpoint.

Error Code

Description

401/403

Error Message: Authentication required.

You either failed to provide credentials or provided invalid credentials. This endpoint requires Basic authentication.

400

Error Message: The metadata feature can only be applied to a client by Janrain.

Remove "metadata" from the list of features and try the API call again.

400

Error Message: Missing data for required field.

Error Message: Name not supplied

400

Error Message: Not a valid string.

400

Error Message: Not a valid CIDR address.

One of or more of the IP addresses on the IP whitelist has been incorrectly formatted.

400

Error Message: Not a valid feature name.

400

Error Message: Clients with the login_client feature cannot have any other features.

Remove all the features except login_client and try your API call again.

403

Error Message: Clients with the metadata feature can only be updated by Janrain.

403

Error Message: Owner feature cannot be removed from the client making the call.

After the owner feature has been added to a client, that feature can only by removed by Janrain.

404

Error Message: Client ID not found.

You did not provide a valid client ID.

409

Error Message: API client <name supplied> already exists.

Client names must be unique across an application.

If you encounter an error when calling this endpoint that error message will look similar to this:


{
   "errors": "Authentication required."
}
          


DELETE

Description 

Deletes an existing API client. Your API call must have the owner permission in order to delete a client. Note that you cannot delete any API client that has the owner feature.

Authentication

This endpoint supports Basic authentication. To create an authentication string, combine your API client ID, a colon (:), and your client secret into a single value. For example, if your client ID is abcdefg and your client secret is hijklmnop, that value would look like this:

abcdefg:hijklmnop

Next, take the string and base64 encode it.

For example, on a Mac, you can base encode the string using this command:

echo -n "abcdefg:hijklmnop" | base64

If you’re running Microsoft Windows, you can encode the string by using a Windows PowerShell command similar to this:

[Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes("abcdefg:hijklmn"))

The resulting value (e.g., YWJjZGVmZzpoaWprbG1ub3A=) should be used in your authentication header.

If you are making API calls using Postman, select Basic Auth as your identification type, then use the client ID as the username and the client secret as the password.

Make sure that your API client has the all the permissions (for example, the right to read user profile information) needed to complete the API call.

Base URL

The base URL for this endpoint is your Janrain Configuration API domain followed by /config/ followed by your application ID. For example, if you are in the US region and your application ID is htb8fuhxnf8e38jrzub3c7pfrr, then your base URL would be:


https://v1.api.us.janrain.com/config/htb8fuhxnf8e38jrzub3c7pfrr

Allowed regions are:

  • us 
  • eu 
  • au 
  • sa 
  • cn
Sample Request (curl)

This command deletes the API client with the client ID nmub5w3rru9k6rzupqaeb7bbwv6jn658:


curl -X DELETE \
  https://v1.api.us.janrain.com/config/htb8fuhxnf8e38jrzub3c7pfrr/clients/nmub5w3rru9k6rzupqaeb7bbwv6jn658 \
  -H 'Authorization: Basic aW1fYV...NfbXk=' 
          

Running Code Samples Using Postman

The Janrain REST API code samples are written using Curl, but they can easily be run from within Postman. To use one of our code samples in Postman:

  1. Click the Copy to Clipboard button located directly beneath the code sample
  2. In Postman, click Import to display the Import dialog box.
  3. In the Import dialog box, click Paste Raw Text, and then paste in the copied code. The Import dialog box should look similar to this:

  4. Click Import, and the Curl command will be converted to a format that can be run from within Postman. All you need to do now is configure the command to work with your Janrain implementation.

Responses

204 No Content

If your API call succeeds, the specified client will be deleted, and you'll see the response code 204 No Content.

Error Codes

The following table includes information about some of the error codes that you could encounter when calling this endpoint.

Error Code

Description

401/403

Error Message: Authentication required.

You either failed to provide credentials or provided invalid credentials. This endpoint requires Basic authentication.

404

Error Message: Client ID not found.
Error Message: Application ID not found.

You did not provide a valid application and/or client ID.

If you encounter an error when calling this endpoint that error message will look similar to this:


{
   "errors": "Authentication required."
}