Introduction
The LogMeOnce API is organized with REST (Representational state transfer). Our API is resource-oriented URLs, accepts form encoded request bodies and returns JSON or XML encoded responses.
The LogMeOnce API is designed to provide a simple and consistent approach to creating, reading, updating, and deleting resources. Cryptographic tasks to manage data that requires to be secure should be done at the client side to ensure a zero knowledge technology framework compliance. It is recommended to use a dedicated LogMeOnce CLI API client to work with such data.
Rest API Request
The LogMeOnce API is organized around the following details:
Request content type should be formatted as:
- Content-Type: application/x-www-form-urlencoded
- Content-Type: application/json
Response content type can be defined by Accept HTTP header:
- Accept: application/json
- Accept: application/xml
Root Endpoints:
https://<your_LogMeOnce_domain>.logmeonce.com
Rest API Endpoint:
<your_domain_url>/rest
Example: https://your_LogMeOnce_domain.logmeonce.com/rest
OAuth 2.0 Endpoints:
Authorization endpoint
<your_domain_url>/oauth2/authorize
Token endpoint
<your_domain_url>/oauth2/token
Permissions and Roles
LogMeOnce implements Least-privilege access control as default, The LogMeOnce REST API usage is not enabled as default, you can enable this feature by requesting LogMeOnce to enable this feature. To obtain access to Developer options, please contact support at support@logmeonce.com.
For better accountability, audit and compliance requirements, we recommend creating a user specifically for managing all your REST API access. All operations done by this user will be logged for the audit trail.
To begin, you need to generate API Keys for your integration. This will create the API Key and API Secret needed.
Getting Started
- Signup for LogMeOnce Enterprise account
- Request LogMeOnce support@LogMeOnce.com for developer API Access
- Generate API Key for your integration.
Authentication
The LogMeOnce API uses OAuth2 API Keys that can be managed under the Settings - Developer page. Your account must be granted Developer access before you can visit this page. To obtain access to Developer options, please contact support at support@logmeonce.com.
Once you create OAuth 2.0 API Keys - you will have to define:
- API Key - in OAuth 2.0 flow used as client_id
- API Secret - in OAuth 2.0 flow used as client_secret
LogMeOnce supports all OAuth 2.0 grant types.
Client Credentials
This OAuth 2.0 grant type users API credentials directly to retrieve an access token. This allows access to resources under your own control.
Endpoint: OAuth 2.0 Token Endpoint
Parameters:
- grant_type - client_credentials
- client_id - <your_api_key>
- client_secret - <your_api_secret>
As a response you will receive Access Token with certain expiration time:
{
"access_token": "87f245345023fd2d9a9701c2ddbe77803316fb3b",
"expires_in": 3600,
"token_type": "Bearer",
"scope": null
}
All requests to REST API must be authorized by adding Bearer token in Authorization HTTP header:
Authorization: Bearer <your_access_token>
All API requests must be made over HTTPS. API requests without authentication will fail.
Sites Management
List of requests:
- List all sites
-
Get a site
- List all sites assigned to a user
- Assign or unassign sites to a user
-
List all sites assigned to a group
- Assign or unassign sites to a group
List all sites
Request
GET <rest_endpoint>/sites
Parameters:
- search - filters the list of sites by search phrase
Sample response
{
"sites": [{
"id": 1749398,
"name": "Google",
"updated": 1586452560,
"flags": 293,
"image": "https://logmeonce-sites.s3.amazonaws.com/256_google_175x175.png",
"icon": "https://logmeonce-sites.s3.amazonaws.com/256_google_16x16.png",
"used": 0,
"login": {
"Url": "https://accounts.google.com/ServiceLogin?continue=http://www.google.com/",
"regex": "^(ftp|http|https)://([^/]+\\.)?google.com.*",
"inputs": [{
"flags": 3,
"name": "[\"identifier\", \"Email\"]",
"type": "text",
"value": "Adh/fgxV90+BoMboA+DojRSxAb7BhGpz26IrF+Nxj49QPOjc5f8swFBcpgLBKG3rRasAkf0="
},
{
"flags": 5,
"name": "[\"password\", \"Passwd\"]",
"type": "password",
"value": "Adh/fgzAxSBxlmvPL/tV+50rS1F5y5fLyp4I8zPoq+rYsR0JFFOuvlhkciNzh/ahT8pshh8="
}
],
"match": {
"username": "#profileIdentifier, #email-display",
"trim": "@gmail.com"
},
"action": {
"submit": "#identifierNext, #passwordNext"
}
}
}]
}
Get a site
Request
GET <rest_endpoint>/sites/<site_id>
List all sites assigned to a user
Request
GET <rest_endpoint>/users/<user_id>/sites
Assign or unassign sites to a user
This endpoint enables the assignment, unassignment, or modification of privileges for sites that have already been assigned to a user.
Request
POST <rest_endpoint>/users/<user_id>/sites
Parameters:
- Assign - single site id - or array of site ids
- The 'assign' parameter can be used on its own to assign one or multiple sites to a user without granting any additional privileges.
- Unassign - single site id - or array of site ids
- The 'unassign' parameter can be used on its own to remove one or multiple sites from a user.
- Privileges - array of site ids
- read - (optional) 1 or -1
- update - (optional) 1 or -1
- delete - (optional) 1 or -1
- The 'privileges' parameter can be used alone or in combination with read, update, or delete permissions. A positive value for a permission will set it, while a negative value will unset it. When applied to multiple sites specified in the parameter, the changes will affect all of them. When used alone, the 'privileges' parameter will return the privileges for the requested sites, including both overall permissions and any inherited permissions from group membership.
Sample Request:
{"assign": 1749398}
List all sites assigned to a group
Request
GET <rest_endpoint>/groups/<group_id>/sites
Assign or unassign sites to a group
This endpoint enables the assignment, unassignment, or modification of privileges for sites that have already been assigned to a user.
Request
POST <rest_endpoint>/groups/<group_id>/sites
Parameters:
- Assign - single site id - or array of site ids
- The 'assign' parameter can be used alone to assign one or multiple sites to a single group, with default group permissions being applied.
- Unassign - single site id - or array of site ids
- The 'unassign' parameter can be used alone to remove one or multiple sites from a single group.
- Privileges - array of site ids
- read - (optional) 1 or -1
- update - (optional) 1 or -1
- delete - (optional) 1 or -1
- The 'privileges' parameter can be used alone or in combination with read, update, or delete permissions. A positive value for a permission will set it, while a negative value will unset it. When applied to multiple sites specified in the parameter, the changes will affect all of them. When used alone, the 'privileges' parameter will return the privileges for the requested sites, including overall permissions and any inherited permissions from child groups. (Note that nested groups are only available in the Enterprise version.)
Sample Request:
{"assign": 1749398}
Permissions
- Read - Allow to see credentials, secure note and files
- Update - Allow to modify app
- Delete - Allow to delete app
Users Management
List of requests:
-
List all users
-
Get a user
-
Update a user
-
Delete a user
-
Activate a user
-
Deactivate a user
-
List all members of a group
- Add or remove members of a group
- List all users assigned to a site
- Assign or unassign users to a site
List all users
Request
GET <rest_endpoint>/users
Sample response
{
"users": [{
"id": 1,
"username": "michaelm@logmeonce.com",
"email": "michaelm@logmeonce.com",
"firstname": "Michael",
"lastname": "Miller",
"picture": "http://m-s3.logmeonce.com/48.jpg",
"active": true,
"confirmed": false,
"license": 102,
"roles": [],
"birthdate": "1950-01-01",
"gender": "m",
"address": "Address",
"city": "City",
"zip": "11-222",
"country": "US",
"phone": "+1123",
"company": "LogMeOnce",
"website": "https://LogMeOnce.com"
}]
}
Get a user
Request
GET <rest_endpoint>/users/<user_id>
Update a user
Request
PUT <rest_endpoint>/users/<user_id>
Possible parameters:
- firstName
- lastName
- birthdate
- gender
- address
- city
- state
- zip
- country
- phone
- company
- jobTitle
- website
Delete a user
Request
DELETE <rest_endpoint>/users/<user_id>
Activate a user
Request
POST <rest_endpoint>/users/<user_id>/activate
Note: Activating users that were not activated yet requires passing an encryption key which is part of this document.
Deactivate a user
Request
POST <rest_endpoint>/users/<user_id>/deactivate
List all members of a group
Request
GET <rest_endpoint>/groups/<group_id>/users
Add or remove members of a group
This endpoint allows for the addition, removal, or modification of privileges for existing members.
Request
POST <rest_endpoint>/groups/<group_id>/users
Parameters:
- add - single user id - or array of user ids
- The 'add' parameter can be used alone to add one or multiple members to a single group, with default permissions being applied.
- remove - single user id - or array of user ids
- The 'remove' parameter can be used alone to remove one or multiple members from a single group.
- Privileges - array of user ids
- create - (optional) 1 or -1
- assign - (optional) 1 or -1
- The 'privileges' parameter can be used alone or in combination with create or assign permissions. A positive value for a permission will set it, while a negative value will unset it. When applied to multiple users specified in the parameter, the changes will affect all of them. When used alone, the 'privileges' parameter will return the privileges for the requested users.
- The 'remove' parameter can be used alone to remove one or multiple members from a single group.
Sample Request:
{"add": [1918, 1917]}
List all users assigned to a site
Request
GET <rest_endpoint>/sites/<site_id>/users
Assign or unassign users to a site
This endpoint enables the assignment, unassignment, or modification of privileges for sites that have already been assigned to a user or group.
Request
POST <rest_endpoint>/sites/<site_id>/users
Parameters:
- assign - single user id - or array of user ids
- The 'assign' parameter can be used alone to assign one or multiple users to a single site, without granting any additional privileges.
- unassign - single user id - or array of user ids
- The 'unassign' parameter can be used alone to remove one or multiple users from a single site.
- Privileges - array of user ids
- read - (optional) 1 or -1
- update - (optional) 1 or -1
- delete - (optional) 1 or -1
- The 'privileges' parameter can be used alone or in combination with read, update, or delete permissions. A positive value for a permission will set it, while a negative value will unset it. When applied to multiple users specified in the parameter, the changes will affect all of them. When used alone, the 'privileges' parameter will return the privileges for the requested users, including overall permissions and any inherited permissions from group membership.
Sample Request:
{"assign": [1918, 1917]}
Group Management
List of requests:
- List all groups
- Get a group
- Create a group
- Update a group
- List all group membership of a user
- Modify groups membership of a user
- List all groups assigned to a site
- Assign or unassign groups to a site
List all groups
Request
GET <rest_endpoint>/groups
Sample response
{
"groups": [{
"id": 5717,
"name": "Canada2"
},{
"id": 5719,
"name": "Arizona"
},{
"id": 8762,
"name": "AAA"
}
]
}
Get a group
Request
GET <rest_endpoint>/groups/<group_id>
Create a group
Request
POST <rest_endpoint>/groups
Parameters:
- name
- description
Body:
{"name": "Marketing", "description": "Group used for Marketing"}
Update a group
Request
PUT <rest_endpoint>/groups/<group_id>
List all group membership of a user
Request
GET <rest_endpoint>/users/<user_id>/groups
Modify groups membership of a user
This endpoint enables a user to be added to or removed from multiple groups.
Request
POST <rest_endpoint>/users/<user_id>/groups
Parameters:
- join - single group id - or array of group ids
- The 'join' parameter can be used alone to add/join a single user to one or multiple groups.
- leave - single group id - or array of group ids
- The 'leave' parameter can be used alone to remove a single user from one or multiple groups.
- Privileges - array of group ids
- create - (optional) 1 or -1
- assign - (optional) 1 or -1
- The 'privileges' parameter can be used alone or in combination with create or assign permissions. A positive value for a permission will set it, while a negative value will unset it. When applied to multiple groups specified in the parameter, the changes will affect all of them. When used alone, the 'privileges' parameter will return the privileges for the requested groups.
Sample Request:
{"join": [5717, 5719]}
List all groups assigned to a site
Request
GET <rest_endpoint>/sites/<site_id>/groups
Assign or unassign groups to a site
This endpoint enables the assignment, unassignment, or modification of privileges for already assigned sites.
Request
POST <rest_endpoint>/sites/<site_id>/groups
Parameters:
- assign - single group id - or array of group ids
- The 'assign' parameter can be used alone to assign one or multiple groups to a single site with the default group permissions.
- unassign - single group id - or array of group ids
- The 'unassign' parameter can be used alone to unassign one or multiple groups from a single site.
- privileges - array of group ids
- read - (optional) 1 or -1
- update - (optional) 1 or -1
- delete - (optional) 1 or -1
- The 'privileges' parameter can be used alone or in combination with read, update, or delete permissions. A positive value for a permission will set it, while a negative value will unset it. The changes will be applied to multiple groups specified in the 'privileges' parameter. If used alone, the 'privileges' parameter will only return the privileges for the requested groups, including overall permissions and inherited permissions from any child groups (note that nested groups are an Enterprise feature only).
Sample Request:
{"assign": [5717, 5719]}
Permissions
- Create - Allow to create apps into this group
- Assign - Allow to assign apps, users
Comments
Article is closed for comments.