Users
Users in Contendo Server are explicitly defined and play a crucial role in authentication and access control. Every operation in Contendo Server must be performed by an authenticated user with the appropriate groups assigned.
User access and permissions are controlled through Access Control Lists (ACL). Read and/or write access for a user can be assigned directly to an object or via Groups.
While users may have direct ACL assignments, it is recommended that their permissions are derived from their group memberships. This approach ensures flexible and scalable access management, as modifying group memberships automatically adjusts user permissions across multiple objects.
Authentication
Users in Contendo Server can currently authenticate using:
- Basic Authentication
- API key
- calling login endpoint
- LtpaToken2
Other authentication mechanisms will be available in the future.
Basic Authentication
Basic Authentication requires providing the username and password in the request headers using the standard HTTP
Authorization header with the Basic scheme.
Example Request:
curl -X 'GET' -k
'{REPOSITORY_URL}/root/Animals/Dogs/Rex?operation=object' \
-H 'Authorization: Basic {BASE64_ENCODED_CREDENTIALS}'
Replace {BASE64_ENCODED_CREDENTIALS} with the base64-encoded username:password string.
API Key Authentication
API key authentication is primarily for demo purposes. An API key can be obtained here.
Example Request:
curl -X 'GET' -k
'{REPOSITORY_URL}/root/Animals/Dogs/Rex?operation=object' \
-H 'X-API-KEY: {API_KEY}'
Login Endpoint
A special login url is available for performing a login operation explicitly. A successful login will produce an LtpaToken2 cookie which should then be used for future operations.
- HTTP method:
POST - Content-Type: none,
application/json,application/x-www-form-urlencoded
Parameters
| Name | Required | Description |
|---|---|---|
username |
Yes | Username of the user to log in. |
password |
Yes | Password of the user to log in, |
Example:
curl -X 'POST' \
'{DOMAIN_LOGIN_URL}' \
-H 'Content-Type: application/json' \
-d '{
"username": "jdoe",
"password": "JohnsPassword1@"
}'
LtpaToken2
Every form of authentication will result in an LtpaToken2 cookie header being included in the response.
This cookie can be included in future calls and serve as authentication while other authentication mechanisms (Basic
Auth, API-KEY) can be omitted.
Logout Endpoint
A user can be explicitly logged out and their LtpaToken2 invalidated by calling the logout endpoint.
- HTTP method:
POST - Content-Type: none
curl -X 'POST' \
'{DOMAIN_LOGOUT_URL}' \
-b 'LtpaToken2=<token>'
User Management Operations
| Name | Description |
|---|---|
| Create User | Creates a new user in the domain. |
| Retrieve All Users | Retrieves the list of all users in the domain. |
| Disable User | Disables a user, preventing them from performing any operations. |
| Enable User | Enables a previously disabled user. |
| Update Password | Updates the password for a user. |
Create User
Creates a new user in the domain.
Request Format
- Operation:
createUser - HTTP method:
POST - URL:
{DOMAIN_URL} - Content-Type:
application/json,multipart/form-data,application/x-www-form-urlencoded
Parameters
| Name | Required | Description |
|---|---|---|
username |
Yes | Username of the new user |
password |
Yes | Password for the user |
confirmedPassword |
Yes | Must match the provided password |
Example Request:
curl -X 'POST'
'{DOMAIN_URL}' \
-H 'Content-Type: application/json' \
-d '{
"operation": "createUser",
"username": "john_doe",
"password": "secure_password",
"confirmedPassword": "secure_password"
}'
Response Format
- No response body.
Retrieve All Users
Retrieves the list of all users in the domain.
Request Format
- Operation:
users - HTTP method:
GET - URL:
{DOMAIN_URL}
Example Request:
curl -X 'GET'
'{DOMAIN_URL}?operation=users'
Response Format
- Content-Type:
application/json - Response body: Array of user objects. Each user object has these fields:
| Name | Type | Description |
|---|---|---|
username |
string | The username of the user |
enabled |
boolean | Whether the user is enabled |
createdOn |
datetime | Timestamp of user creation (ms) |
Example Response:
[
{
"username": "john_doe",
"enabled": true,
"createdOn": 1742285736000
}
]
Disable User
Disables a user - a disabled user can't perform any operations.
Request Format
- Operation:
disableUser - HTTP method:
POST - URL:
{DOMAIN_URL} - Content-Type:
application/json
Parameters
| Name | Required | Description |
|---|---|---|
username |
Yes | Username of the user to disable |
Example Request:
curl -X 'POST'
'{DOMAIN_URL}' \
-H 'Content-Type: application/json' \
-d '{
"operation": "disableUser",
"username": "john_doe"
}'
Response Format
- No response body.
Enable User
Enables a previously disabled user.
Request Format
- Operation:
enableUser - HTTP method:
POST - URL:
{DOMAIN_URL} - Content-Type:
application/json
Parameters
| Name | Required | Description |
|---|---|---|
username |
Yes | Username to enable |
Example Request:
curl -X 'POST'
'{DOMAIN_URL}' \
-H 'Content-Type: application/json' \
-d '{
"operation": "enableUser",
"username": "john_doe"
}'
Response Format
- No response body.
Update Password
Updates the password for a user.
Request Format
- Operation:
updatePassword - HTTP method:
POST - URL:
{DOMAIN_URL} - Content-Type:
application/json
Parameters
| Name | Required | Description |
|---|---|---|
username |
No | Username of the user whose password should be updated (if empty, updates the authenticated user's password) |
password |
Yes | New password for the user |
confirmedPassword |
Yes | Must match the new password |
Example Request:
curl -X 'POST'
'{DOMAIN_URL}' \
-H 'Content-Type: application/json' \
-d '{
"operation": "updatePassword",
"username": "john_doe",
"password": "new_secure_password",
"confirmedPassword": "new_secure_password"
}'
Response Format
- No response body.