Harmonized Identity API
Overview
The Harmonized Identity API enables API clients to integrate with the Harmonized Identity Management (HIDM) application.
The Harmonized Identity Management application provides a common identity management solution for all applications and solutions under the Vynamic Retail Platform, as well as any third-party software wishing to integrate with a Vynamic Retail Platform application. HIDM offers a single source of truth for user data, and controls the authentication and authorization of resource access.
An API client is any application using HIDM for its authentication and authorization needs.
Features
Harmonized Identity API supports the following use cases:
- Add a new Business Unit, retrieve all and a specific Business Unit, delete, update a Business Unit, and change a status of a Business Unit.
- Add a new Business Unit Type, retrieve a list of all Business Unit Types and a specific Business Unit Type, delete, update a Business Unit Type, and change a status of a Business Unit Type, retrieve a list of all parents of a Business Unit Type, retrieve location types.
- Add a new User, retrieve all and a specific User, update a User data, delete, lock/unlock a User, update a User status, and reset Multi-Factor Authentication (MFA) for a User.
- Create and update a User using external identifiers, provide details on a specific user based on the unique externalId.
- Create a Role, retrieve a multiple and specific Role details, update and delete a Role.
- Retrieve a list of all Applications.
- Retrieve a list of all Permissions.
- Retrieve a list of all Permission Groups.
- Enables the API client to create Permission Groups.
- Updates information about a specific Permission Group from the Harmonized Identity Management application based on the Permission Group ID.
- Retrieves information about a specific Permission Group from the Harmonized Identity Management application based on the Permission Group ID.
- Retrieve a list of all Clients.
- Retrieve a list of all Resources.
- Health Check: check the API health status including the backend service status.
- Operating HIDM data using External Identifiers.
- Retrieve and update Tenant Password Policy.
In Harmonized Identity Management, Business Units together with Applications and Roles define the scope of user permissions.
Bulk Import Feature
You can bulk load the following HIDM objects: Business Unit Types, Permission Groups, Roles and Users.
More information about the bulk-load feature:
- Maximum payload size is 30 MB.
- If the request body JSON structure is invalid or includes incorrect data types, then validation of the request fails and none of the data sent in the payload is processed. The backend system performs all the field validations.
- Using bulk import endpoints you can create or update data: if an External Id is present in a database then the data will be updated (and accordingly, if an External Id is not present in a database, the data will be created).
- When you bulk load Users with Assignments into an empty database, follow this order:
-- 1. Add Business Units Types first, then Business Units
-- 2. Add Permission Groups, then Roles
-- 3. Once the Roles and Business Units are loaded, you can import Users with Assignments.
Business Units and Business Unit Types
Business Units enable an Enterprise to manage the authentication and authorization of their Business Units according to the Enterprise's Hierarchy. HIDM enables the user to add and manage their Business Units and Business Unit Types.
Example
Let us assume an Enterprise called Spell is a legal entity that has its presence in two countries, in Poland and Germany.
In Poland, they have their presence in Katowice, while in Germany they have their presence in two cities, Paderborn, and Hamburg. They have two stores in Katowice called Dollarmart and Kartmax.
A retailer with operations in several European countries can define the following Business Units and associate them with the Business Unit Types:
| Business Unit | Business Unit Type |
|---|---|
| Spell | Enterprise |
| Germany | Country |
| Poland | Country |
| Katowice | City |
| Paderborn | City |
| Hamburg | City |
| Dollormart | Store |
| Kartmax | Store |
Here 'Enterprise' will be the root Business unit type. The root Business unit type is the only node that does not have a parent; however, it will serve as a parent for the next set of Business unit types in the hierarchy. Next, we create the Business unit type called Country and select Enterprise as its parent (Enterprise → Country), following which City is created with Country as its parent (Country → City), and Store with City as its parent (City → Store). Hence, we build a parent-child logical hierarchy of Business unit types for the enterprise in the HIDM solution as Enterprise → Country → City → Store.
The resulting hierarchy will resemble a tree-like structure:
Security
The Harmonized Identity API supports OAuth 2.0 for authentication purposes.
The supported protocol for the Harmonized Identity API is HTTPS.