Introduction

Application security can be incredibly complicated. For most developers, it's one of the hardest part of creating an app. How can you be sure that you are protecting your users information? By integrating IBM® Cloud App ID into your apps, you can secure resources and add authentication; even when you don't have a lot of security experience. By requiring users to sign in to your app, you can store user data such as app preferences or information from the public social profiles, and then use that data to customize each experience of your app. With this API you can start building profiles on your users.

Don't see the API endpoint that you're looking for? Check out the other APIs for Management and Authentication and authorization.

Endpoint URLs

App ID supports region-specific endpoint URLs that you can use to interact with the service over public service endpoints. To make requests to the Profiles API, you supply the endpoint URL that corresponds with the location where your App ID service instance resides.

Endpoint URLs by location

  • Dallas: https://us-south.appid.cloud.ibm.com
  • Frankfurt: https://eu-de.appid.cloud.ibm.com
  • London: https://eu-gb.appid.cloud.ibm.com
  • Osaka: https://jp-osa.appid.cloud.ibm.com
  • Sao Paulo: https://br-sao.appid.cloud.ibm.com
  • Sydney: https://au-syd.appid.cloud.ibm.com
  • Tokyo: https://jp-tok.appid.cloud.ibm.com
  • Toronto: https://ca-tor.appid.cloud.ibm.com
  • Washington: https://us-east.appid.cloud.ibm.com

Base URL

https://{region}.appid.cloud.ibm.com

Authentication

This API is protected by App ID access tokens. An access token represents authorization and enables communication to protected resources. The tokens conform to JavaScript Object Signing and Encryption (JOSE) specifications and are formatted as JSON Web Tokens. There are several ways to obtain a token. For help, check out the documentation.

Auditing

You can monitor API activity within your account by using the IBM Cloud Activity Tracker service. Whenever an API method is called, an event is generated that you can then track and audit from within Activity Tracker. The specific event type is listed for each individual method.

For more information about how to track App ID activity, see Auditing events for App ID.

Don't see the API endpoint that you're looking for? Check out the other APIs for Management and Authentication and authorization.

Methods

Return all attributes

GET /api/v1/attributes

Auditing

Calling this method generates the following auditing event.

  • appid.user-profile-attributes.read

Request

Custom Headers

  • An App ID access token provided in the format 'Bearer <access_token>'. For more information, see obtaining tokens.

Response

Status Code

  • A successful response returns a JSON object that contains all of the attributes. If no attributes have been set, an empty JSON object is returned.

  • Unauthorized. Obtain a valid accesss token and try the request again.

  • The request failed. Wait a few minutes and try again.

Example responses
  • {
      "role": "User",
      "favorite-food": "Pizza",
      "nick-name": "Joe"
    }

Get an attribute

GET /api/v1/attributes/{attributeName}

Auditing

Calling this method generates the following auditing event.

  • appid.user-profile-attribute.read

Request

Custom Headers

  • An App ID access token provided in the format 'Bearer <access_token>'. For more information, see obtaining tokens.

Path Parameters

  • The name of the attribute that you want to view.

Response

Status Code

  • A JSON object that contains the requested attribute and its value.

  • Unauthorized. Obtain a valid accesss token and try the request again.

  • The attribute was not found.

Example responses
  • {
      "role": "admin"
    }

Set an attribute

PUT /api/v1/attributes/{attributeName}

Auditing

Calling this method generates the following auditing event.

  • appid.user-profile-attribute.update

Request

Custom Headers

  • An App ID access token provided in the format 'Bearer <access_token>'. For more information, see obtaining tokens.

Path Parameters

  • The name of the attribute that you want to set.

The value that you want to give the attribute. For example, if the attribute name is 'favorite-food' then the attribute value might be 'pizza'.

Response

Status Code

  • A JSON object that contains the newly created or updated attribute.

  • The attribute is created.

  • The request is not formatted correctly. Validate your JSON configuration and try the request again.

  • Unauthorized. Obtain a valid accesss token and try the request again.

Example responses
  • {
      "role": "admin"
    }

Delete an attribute

DELETE /api/v1/attributes/{attributeName}

Auditing

Calling this method generates the following auditing event.

  • appid.user-profile-attribute.delete

Request

Custom Headers

  • An App ID access token provided in the format 'Bearer <access_token>'. For more information, see obtaining tokens.

Path Parameters

  • The name of the attribute that you want to delete.

Response

Status Code

  • OK

  • When empty, the attribute was found and successfully deleted.

  • Unauthorized. Obtain a valid accesss token and try the request again.

  • The attribute was not found.

Example responses
  • OK