Logo
Submit a request Sign in
  1. LogmeOnce
  2. FAQs: Team & Enterprise
  3. Getting Started - For Administrators
  • Video Tutorial
  • Submit a Request

Articles in this section

  • How to signup for A LogMeOnce Team/Enterprise edition account
  • LogMeOnce deployment and implementation overview
  • Getting started with LogMeOnce Business/Enterprise edition
  • LogMeOnce top security feature overview
  • LogMeOnce administration overview
  • LogMeOnce deployment and communication plan
  • How to add users/employees 
  • Active Directory Integration
  • Setup Azure Active Directory SSO with LogMeOnce
  • Azure SCIM Integration Configuration
See more

LogMeOnce RESTful API Design

Avatar
Support Team
February 02, 2023 14:42
Follow

Introduction

The LogMeOnce API is organized with REST (Representational state transfer). Our API is resource-oriented URLs, accepts form encoded request bodies and returns JSON or XML encoded responses.

The LogMeOnce API is designed to provide a simple and consistent approach to creating, reading, updating, and deleting resources. Cryptographic tasks to manage data that requires to be secure should be done at the client side to ensure a zero knowledge technology framework compliance. It is recommended to use a dedicated LogMeOnce CLI API client to work with such data.

Rest API Request

The LogMeOnce API is organized around the following details:

Request content type should be formatted as:

  • Content-Type: application/x-www-form-urlencoded
  • Content-Type: application/json

Response content type can be defined by Accept HTTP header:

  • Accept: application/json
  • Accept: application/xml

 

Root Endpoints:

https://<your_LogMeOnce_domain>.logmeonce.com

 

Rest API Endpoint:

<your_domain_url>/rest
Example:  https://your_LogMeOnce_domain.logmeonce.com/rest

 

OAuth 2.0 Endpoints:

Authorization endpoint
<your_domain_url>/oauth2/authorize

Token endpoint
<your_domain_url>/oauth2/token

 

Permissions and Roles

LogMeOnce implements Least-privilege access control as default, The LogMeOnce REST API usage is not enabled as default, you can enable this feature by requesting LogMeOnce to enable this feature. To obtain access to Developer options, please contact support at support@logmeonce.com.

For better accountability, audit and compliance requirements, we recommend creating a user specifically for managing all your REST API access. All operations done by this user will be logged for the audit trail.

To begin, you need to generate API Keys for your integration. This will create the API Key and API Secret needed.

Getting Started

  • Signup for LogMeOnce Enterprise account
  • Request LogMeOnce support@LogMeOnce.com for developer API Access
  • Generate API Key for your integration.

 

Authentication

The LogMeOnce API uses OAuth2 API Keys that can be managed under the Settings - Developer page. Your account must be granted Developer access before you can visit this page. To obtain access to Developer options, please contact support at support@logmeonce.com.

 Once you create OAuth 2.0 API Keys - you will have to define:

  • API Key - in OAuth 2.0 flow used as client_id
  • API Secret - in OAuth 2.0 flow used as client_secret

LogMeOnce supports all OAuth 2.0 grant types. 

Client Credentials

This OAuth 2.0 grant type users API credentials directly to retrieve an access token. This allows access to resources under your own control.

Endpoint: OAuth 2.0 Token Endpoint

Parameters:

  • grant_type - client_credentials
  • client_id - <your_api_key>
  • client_secret - <your_api_secret>

As a response you will receive Access Token with certain expiration time:

{
"access_token": "87f245345023fd2d9a9701c2ddbe77803316fb3b",
"expires_in": 3600,
"token_type": "Bearer",
"scope": null
}

 All requests to REST API must be authorized by adding Bearer token in Authorization HTTP header:

 Authorization: Bearer <your_access_token>

All API requests must be made over HTTPS. API requests without authentication will fail. 

 

Sites Management

List of requests:

  • List all sites

  • Get a site

  • List all sites assigned to a user
  • Assign or unassign sites to a user 

  • List all sites assigned to a group

  • Assign or unassign sites to a group 

 

List all sites

Request

GET <rest_endpoint>/sites

Parameters:

  • search - filters the list of sites by search phrase

Sample response

{
"sites": [{
"id": 1749398,
"name": "Google",
"updated": 1586452560,
"flags": 293,
"image": "https://logmeonce-sites.s3.amazonaws.com/256_google_175x175.png",
"icon": "https://logmeonce-sites.s3.amazonaws.com/256_google_16x16.png",
"used": 0,
"login": {
"Url": "https://accounts.google.com/ServiceLogin?continue=http://www.google.com/",
"regex": "^(ftp|http|https)://([^/]+\\.)?google.com.*",
"inputs": [{
"flags": 3,
"name": "[\"identifier\", \"Email\"]",
"type": "text",
"value": "Adh/fgxV90+BoMboA+DojRSxAb7BhGpz26IrF+Nxj49QPOjc5f8swFBcpgLBKG3rRasAkf0="
                },
                {
"flags": 5,
"name": "[\"password\", \"Passwd\"]",
"type": "password",
"value": "Adh/fgzAxSBxlmvPL/tV+50rS1F5y5fLyp4I8zPoq+rYsR0JFFOuvlhkciNzh/ahT8pshh8="
                }
            ],
"match": {
"username": "#profileIdentifier, #email-display",
"trim": "@gmail.com"
            },
"action": {
"submit": "#identifierNext, #passwordNext"
            }
        }
    }]
}

 

Get a site

Request

GET <rest_endpoint>/sites/<site_id>

 

List all sites assigned to a user

Request

GET <rest_endpoint>/users/<user_id>/sites

 

Assign or unassign sites to a user

This endpoint enables the assignment, unassignment, or modification of privileges for sites that have already been assigned to a user.

Request

POST <rest_endpoint>/users/<user_id>/sites

Parameters:

  • Assign - single site id - or array of site ids
    • The 'assign' parameter can be used on its own to assign one or multiple sites to a user without granting any additional privileges.
  • Unassign - single site id - or array of site ids
    • The 'unassign' parameter can be used on its own to remove one or multiple sites from a user.
    • Privileges - array of site ids
      • read - (optional) 1 or -1
      • update - (optional) 1 or -1
      • delete - (optional) 1 or -1
    • The 'privileges' parameter can be used alone or in combination with read, update, or delete permissions. A positive value for a permission will set it, while a negative value will unset it. When applied to multiple sites specified in the parameter, the changes will affect all of them. When used alone, the 'privileges' parameter will return the privileges for the requested sites, including both overall permissions and any inherited permissions from group membership.

Sample Request:

{"assign": 1749398}

 

List all sites assigned to a group

Request

GET <rest_endpoint>/groups/<group_id>/sites

 

Assign or unassign sites to a group

This endpoint enables the assignment, unassignment, or modification of privileges for sites that have already been assigned to a user.

Request

POST <rest_endpoint>/groups/<group_id>/sites

Parameters:

  • Assign - single site id - or array of site ids
    • The 'assign' parameter can be used alone to assign one or multiple sites to a single group, with default group permissions being applied.
  • Unassign - single site id - or array of site ids
    • The 'unassign' parameter can be used alone to remove one or multiple sites from a single group.
    • Privileges - array of site ids
      • read - (optional) 1 or -1
      • update - (optional) 1 or -1
      • delete - (optional) 1 or -1
    • The 'privileges' parameter can be used alone or in combination with read, update, or delete permissions. A positive value for a permission will set it, while a negative value will unset it. When applied to multiple sites specified in the parameter, the changes will affect all of them. When used alone, the 'privileges' parameter will return the privileges for the requested sites, including overall permissions and any inherited permissions from child groups. (Note that nested groups are only available in the Enterprise version.)

Sample Request:

{"assign": 1749398}

 

Permissions

  • Read - Allow to see credentials, secure note and files
  • Update - Allow to modify app
  • Delete - Allow to delete app

 

Users Management

List of requests:

  • List all users

  • Get a user

  • Update a user

  • Delete a user

  • Activate a user

  • Deactivate a user

  • List all members of a group

  • Add or remove members of a group
  • List all users assigned to a site
  • Assign or unassign users to a site

 

List all users

Request

GET <rest_endpoint>/users

Sample response

{
"users": [{
"id": 1,
"username": "michaelm@logmeonce.com",
"email": "michaelm@logmeonce.com",
"firstname": "Michael",
"lastname": "Miller",
"picture": "http://m-s3.logmeonce.com/48.jpg",
"active": true,
"confirmed": false,
"license": 102,
"roles": [],
"birthdate": "1950-01-01",
"gender": "m",
"address": "Address",
"city": "City",
"zip": "11-222",
"country": "US",
"phone": "+1123",
"company": "LogMeOnce",
"website": "https://LogMeOnce.com"
    }]
}

 

Get a user

Request

GET <rest_endpoint>/users/<user_id>

 

Update a user

Request

PUT <rest_endpoint>/users/<user_id>

Possible parameters:

  • firstName
  • lastName
  • email
  • birthdate
  • gender
  • address
  • city
  • state
  • zip
  • country
  • phone
  • company
  • jobTitle
  • website

 

Delete a user

Request

DELETE <rest_endpoint>/users/<user_id>

 

Activate a user

Request

POST <rest_endpoint>/users/<user_id>/activate

Note: Activating users that were not activated yet requires passing an encryption key which is part of this document.

 

Deactivate a user

Request

POST <rest_endpoint>/users/<user_id>/deactivate

 

List all members of a group

Request

GET <rest_endpoint>/groups/<group_id>/users

 

Add or remove members of a group

This endpoint allows for the addition, removal, or modification of privileges for existing members.

Request

POST <rest_endpoint>/groups/<group_id>/users

Parameters:

  • add - single user id - or array of user ids
    • The 'add' parameter can be used alone to add one or multiple members to a single group, with default permissions being applied.
  • remove - single user id - or array of user ids
    • The 'remove' parameter can be used alone to remove one or multiple members from a single group.
    • Privileges - array of user ids
      • create - (optional) 1 or -1
      • assign - (optional) 1 or -1
    • The 'privileges' parameter can be used alone or in combination with create or assign permissions. A positive value for a permission will set it, while a negative value will unset it. When applied to multiple users specified in the parameter, the changes will affect all of them. When used alone, the 'privileges' parameter will return the privileges for the requested users.

Sample Request:

{"add": [1918, 1917]}

 

List all users assigned to a site

Request

GET <rest_endpoint>/sites/<site_id>/users

 

Assign or unassign users to a site

This endpoint enables the assignment, unassignment, or modification of privileges for sites that have already been assigned to a user or group.

Request

POST <rest_endpoint>/sites/<site_id>/users

Parameters:

  • assign - single user id - or array of user ids
    • The 'assign' parameter can be used alone to assign one or multiple users to a single site, without granting any additional privileges.
  • unassign - single user id - or array of user ids
    • The 'unassign' parameter can be used alone to remove one or multiple users from a single site.
    • Privileges - array of user ids
      • read - (optional) 1 or -1
      • update - (optional) 1 or -1
      • delete - (optional) 1 or -1
    • The 'privileges' parameter can be used alone or in combination with read, update, or delete permissions. A positive value for a permission will set it, while a negative value will unset it. When applied to multiple users specified in the parameter, the changes will affect all of them. When used alone, the 'privileges' parameter will return the privileges for the requested users, including overall permissions and any inherited permissions from group membership.

Sample Request:

{"assign": [1918, 1917]}

 

Group Management

List of requests:

  • List all groups
  • Get a group
  • Create a group
  • Update a group
  • List all group membership of a user
  • Modify groups membership of a user
  • List all groups assigned to a site
  • Assign or unassign groups to a site

 

List all groups

Request

GET <rest_endpoint>/groups

Sample response

{
"groups": [{
"id": 5717,
"name": "Canada2"
        },{
"id": 5719,
"name": "Arizona"
        },{
"id": 8762,
"name": "AAA"
        }
    ]
}

 

Get a group

Request

GET <rest_endpoint>/groups/<group_id>

 

Create a group

Request

POST <rest_endpoint>/groups

Parameters:

  • name
  • description

 Body:

{"name": "Marketing", "description": "Group used for Marketing"}

 

Update a group

Request

PUT <rest_endpoint>/groups/<group_id>

 

List all group membership of a user

Request

GET <rest_endpoint>/users/<user_id>/groups

 

Modify groups membership of a user

This endpoint enables a user to be added to or removed from multiple groups.

Request

POST <rest_endpoint>/users/<user_id>/groups

Parameters:

  • join - single group id - or array of group ids
    • The 'join' parameter can be used alone to add/join a single user to one or multiple groups.
  • leave - single group id - or array of group ids
    • The 'leave' parameter can be used alone to remove a single user from one or multiple groups.
    • Privileges - array of group ids
      • create - (optional) 1 or -1
      • assign - (optional) 1 or -1
    • The 'privileges' parameter can be used alone or in combination with create or assign permissions. A positive value for a permission will set it, while a negative value will unset it. When applied to multiple groups specified in the parameter, the changes will affect all of them. When used alone, the 'privileges' parameter will return the privileges for the requested groups.

Sample Request:

{"join": [5717, 5719]}

 

List all groups assigned to a site

Request

GET <rest_endpoint>/sites/<site_id>/groups

 

Assign or unassign groups to a site

This endpoint enables the assignment, unassignment, or modification of privileges for already assigned sites.

Request

POST <rest_endpoint>/sites/<site_id>/groups

Parameters:

  • assign - single group id - or array of group ids
    • The 'assign' parameter can be used alone to assign one or multiple groups to a single site with the default group permissions.
  • unassign - single group id - or array of group ids
    • The 'unassign' parameter can be used alone to unassign one or multiple groups from a single site.
    • privileges - array of group ids
      • read - (optional) 1 or -1
      • update - (optional) 1 or -1
      • delete - (optional) 1 or -1
    • The 'privileges' parameter can be used alone or in combination with read, update, or delete permissions. A positive value for a permission will set it, while a negative value will unset it. The changes will be applied to multiple groups specified in the 'privileges' parameter. If used alone, the 'privileges' parameter will only return the privileges for the requested groups, including overall permissions and inherited permissions from any child groups (note that nested groups are an Enterprise feature only).

 Sample Request:

{"assign": [5717, 5719]}

 

Permissions

  • Create - Allow to create apps into this group
  • Assign - Allow to assign apps, users
Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments

0 comments

Article is closed for comments.

Can't find what you're looking for?

Let us help you!

Submit a request

Copyright © 2011-2020 LogMeOnce. All rights reserved.

Made with ❤️ by viablecube