# Account Management API
**Base URL**: https://dev-cloud.acronis.com/api/2
## Security
### OAuth 2.0
Supported grant types:
* `client_credentials`
* `authorization_code`
* `password`
Authorization URI example: `/api/2/idp/authorize`
Access token URI example: `/api/2/idp/token`
### Request parameters
#### Headers
| Name | Description |
|------|-------------|
| `Authorization` | (Required) Used to send a valid OAuth 2 access token. Do not use with the "access_token" query string parameter.
**Type**: String
**Pattern**: `^Bearer [0-9a-zA-Z\-\._~+/]*=*$` |
#### Query parameters
| Name | Description |
|------|-------------|
| `access_token` | (Required) Used to send a valid OAuth 2 access token. Do not use together with the "Authorization" header.
**Type**: String |
### Responses
| Code | Description |
|------|-------------|
| `401` | The request was denied due to an invalid or missing bearer access token. |
| `403` | The request was denied due to the bearer access token having insufficient privileges. |
### Scopes
* `urn:acronis.com::account-server::root_admin`
* `urn:acronis.com::account-server::partner_admin`
* `urn:acronis.com::account-server::company_admin`
* `urn:acronis.com::account-server::unit_admin`
* `urn:acronis.com::account-server::readonly_admin`
* `urn:acronis.com::account-server::tenant_admin`
* `urn:acronis.com::account-server::tenant_viewer`
* `urn:acronis.com::account-server::user_admin`
* `urn:acronis.com::account-server::replication_manager`
* `urn:acronis.com::account-server::managed_clients_admin`
* `urn:acronis.com::account-server::oauth2_client_admin`
* `urn:acronis.com::account-server::legal_docs_signer`
* `urn:acronis.com::accounts::email_token_requester`
* `urn:acronis.com::accounts::licensing_admin`
* `urn:acronis.com::accounts::usage_reporter`
* `urn:acronis.com::backup::backup_user`
* `urn:acronis.com::backup::protection_admin`
* `urn:acronis.com::files_cloud::sync_share_user`
* `urn:acronis.com::acep::consumer`
* `urn:acronis.com::account-server::security_groups_admin`
* `urn:acronis.com::account-server::security_groups_viewer`
* `urn:acronis.com::account-server::token_introspector`
* `urn:acronis.com::account-server::custom_role_manager`
* `urn:acronis.com::account-server::custom_role_viewer`
### x-api-key
### Request parameters
#### Headers
| Name | Description |
|------|-------------|
| `Cookie` | (Required) **Type**: String |
### Responses
| Code | Description |
|------|-------------|
| `401` | The request was denied due to an invalid session token. |
| `403` | The request was denied due to the current session token<br>having insufficient privileges. |
### Basic Authentication
### Request parameters
#### Headers
| Name | Description |
|------|-------------|
| `Authorization` | (Required) Used to send the base64-encoded "client_id:client_secret" credentials.
**Type**: String
**Pattern**: `^Basic [0-9a-zA-Z\-\._~+/]*=$` |
### Responses
| Code | Description |
|------|-------------|
| `403` | The request was denied due to the credentials having insufficient privileges. |
## Endpoints
### GET /accounts/forgot_link
Get forgot password link by login.
*WARNING.* Endpoint is disabled.
#### Security
The endpoint does not require authorization.
#### Request parameters
##### Query parameters
| Name | Description |
|------|-------------|
| `login` | (Required) User login.
**Type**: String |
#### Responses
| Code | Description |
|------|-------------|
| `200` | The request was successful. |
| `400` | Bad request. |
| `404` | Not Found. |
### GET /applications
Fetches a list of all registered applications.
#### Security
The endpoint supports the following authorization methods: `x-api-key`, `Basic Authentication`, `OAuth 2.0`
For OAuth2 authorization method, one of the following scopes is required by the endpoint:
* `urn:acronis.com::account-server::tenant_viewer`
#### Request parameters
#### Responses
| Code | Description |
|------|-------------|
| `200` | The request was successful. |
| `401` | Method required an authenticated user. |
### GET /applications/{application_id}
Fetches the information about the application by ID.
#### Security
The endpoint supports the following authorization methods: `x-api-key`, `Basic Authentication`, `OAuth 2.0`
For OAuth2 authorization method, one of the following scopes is required by the endpoint:
* `urn:acronis.com::account-server::tenant_viewer`
#### Request parameters
#### Responses
| Code | Description |
|------|-------------|
| `200` | The request was successful. |
| `401` | Method required an authenticated user. |
| `404` | Not Found. |
### POST /applications/{application_id}/bindings/tenants/{tenant_id}
Turns the application on for the tenant.
#### Security
The endpoint supports the following authorization methods: `x-api-key`, `Basic Authentication`, `OAuth 2.0`
For OAuth2 authorization method, one of the following scopes is required by the endpoint:
* `urn:acronis.com::account-server::tenant_admin`
#### Request parameters
#### Responses
| Code | Description |
|------|-------------|
| `204` | Application was successfully turned on. |
| `401` | Method required an authenticated user. |
| `403` | Current user is not authorized to access this endpoint or its method. |
| `404` | Not Found. |
### DELETE /applications/{application_id}/bindings/tenants/{tenant_id}
Turns the application off for the tenant.
#### Security
The endpoint supports the following authorization methods: `x-api-key`, `Basic Authentication`, `OAuth 2.0`
For OAuth2 authorization method, one of the following scopes is required by the endpoint:
* `urn:acronis.com::account-server::tenant_admin`
#### Request parameters
#### Responses
| Code | Description |
|------|-------------|
| `204` | Application was successfully turned off. |
| `401` | Method required an authenticated user. |
| `403` | Current user is not authorized to access this endpoint or its method. |
| `404` | Not Found. |
### DELETE /applications/{application_id}/settings/tenants/{tenant_id}/{setting_name}
Deletes own setting of the tenant's application.
The setting will be inherited from parent tenants when deleted.
#### Security
The endpoint supports the following authorization methods: `x-api-key`, `Basic Authentication`, `OAuth 2.0`
For OAuth2 authorization method, one of the following scopes is required by the endpoint:
* `urn:acronis.com::account-server::tenant_admin`
#### Request parameters
#### Responses
| Code | Description |
|------|-------------|
| `204` | Own application setting was successfully deleted. |
| `401` | Method required an authenticated user. |
| `403` | Current user is not authorized to access this endpoint or its method. |
| `404` | Not Found. |
### PUT /applications/{application_id}/settings/tenants/{tenant_id}/{setting_name}
Updates a setting of the tenant's application.
#### Security
The endpoint supports the following authorization methods: `x-api-key`, `Basic Authentication`, `OAuth 2.0`
For OAuth2 authorization method, one of the following scopes is required by the endpoint:
* `urn:acronis.com::account-server::tenant_admin`
#### Request parameters
##### Request body
**Media type**: application/json
**Schema definition**:
| Name | Description |
|------|-------------|
| `value` | Value of the setting.
**Type**: any |
| `lock` | Flag that controls whether the value can be overridden at another tenant's level.
**Type**: Boolean |
| `exclusive` | If true, the value set for this tenant does not affect inheritance; this tenant's children will inherit the value from their grandparent tenant.
**Type**: Boolean |
**Example**:
```json
{
"value": "qwerty",
"lock": false
}
```
#### Responses
| Code | Description |
|------|-------------|
| `200` | Own setting was successfully updated. |
| `401` | Method required an authenticated user. |
| `403` | Current user is not authorized to access this endpoint or its method. |
| `415` | Requested type in the `Accept` request header is not supported. |
| `404` | Not Found. |
### GET /applications/{application_id}/settings/tenants/{tenant_id}/{setting_name}
Fetches a setting of the tenant's application.
#### Security
The endpoint supports the following authorization methods: `x-api-key`, `Basic Authentication`, `OAuth 2.0`
For OAuth2 authorization method, one of the following scopes is required by the endpoint:
* `urn:acronis.com::account-server::tenant_viewer`
#### Request parameters
#### Responses
| Code | Description |
|------|-------------|
| `200` | The request was successful. |
| `401` | Method required an authenticated user. |
| `403` | Current user is not authorized to access this endpoint or its method. |
| `404` | Not Found. |
### POST /clients
Creates a new client.
#### Security
The endpoint supports the following authorization methods: `x-api-key`, `Basic Authentication`, `OAuth 2.0`
For OAuth2 authorization method, one of the following scopes is required by the endpoint:
* `urn:acronis.com::account-server::tenant_admin`
* `urn:acronis.com::account-server::replication_manager`
* `urn:acronis.com::account-server::managed_clients_admin`
#### Request parameters
##### Request body
**Media type**: application/json
**Schema definition**:
| Name | Description |
|------|-------------|
| `type` | Client type.
**Type**: String
**Allowed values**:
- `api_client`
- `managed_client` |
| `tenant_id` | **Type**: String
**Min length**: 36
**Max length**: 36
**Pattern**: `[0-9a-f]{8}-([0-9a-f]{4}-){3}[0-9a-f]{12}` |
| `data` | Additional metadata, like agentType, hostname, etc...
**Type**: Object |
| `token_endpoint_auth_method` | Explicit specified auth method.
**Type**: String
**Allowed values**:
- `client_secret_basic`
- `client_secret_post`
- `none` |
| `redirect_uris` | List of possible redirect uris.
**Type**: Array of String
**Array type description:**
**Type**: String |
| `origin_id` | Client origin ID.
**Type**: String |
**Example**:
```json
{
"tenant_id": "48f86be5-c628-49c3-8575-62e78f54e4eb",
"data": {
"client_name": "Some application client",
"origin_dc_id": "ff7625c0-d649-445c-a2b3-9b59e66bfc2d"
},
"origin_id": "72403667-8e45-4dd9-bcbc-3e6047b98b3d",
"token_endpoint_auth_method": "client_secret_basic",
"type": "managed_client"
}
```
#### Responses
| Code | Description |
|------|-------------|
| `201` | Client was successfully created. |
| `401` | Method required an authenticated user. |
| `403` | Current user is not authorized to access this endpoint or its method. |
| `415` | Requested type in the `Accept` request header is not supported. |
### GET /clients
Fetches a batch of clients.
#### Security
The endpoint supports the following authorization methods: `x-api-key`, `Basic Authentication`, `OAuth 2.0`
For OAuth2 authorization method, one of the following scopes is required by the endpoint:
* `urn:acronis.com::account-server::tenant_viewer`
#### Request parameters
##### Query parameters
| Name | Description |
|------|-------------|
| `uuids` | (Optional) A filter by comma-separated list of client's UUIDs.
**Type**: String
**Min length**: 36
**Pattern**: `[0-9a-f]{8}-([0-9a-f]{4}-){3}[0-9a-f]{12}(,[0-9a-f]{8}-([0-9a-f]{4}-){3}[0-9a-f]{12})*` |
| `origin_id` | (Optional) A filter by clients origin ID. Can be used together with uuids or separately.
**Type**: String |
| `allow_deleted` | (Optional) If true, info for deleted clients may be returned.
**Type**: Boolean |
#### Responses
| Code | Description |
|------|-------------|
| `200` | The request was successful. |
| `401` | Method required an authenticated user. |
| `403` | Current user is not authorized to access this endpoint or its method. |
### DELETE /clients/{client_id}
Deletes a client by ID.
#### Security
The endpoint supports the following authorization methods: `x-api-key`, `Basic Authentication`, `OAuth 2.0`
For OAuth2 authorization method, one of the following scopes is required by the endpoint:
* `urn:acronis.com::account-server::tenant_admin`
* `urn:acronis.com::account-server::replication_manager`
* `urn:acronis.com::account-server::managed_clients_admin`
#### Request parameters
#### Responses
| Code | Description |
|------|-------------|
| `204` | Client was successfully deleted. |
| `401` | Method required an authenticated user. |
| `403` | Current user is not authorized to access this endpoint or its method. |
| `404` | Not Found. |
### PUT /clients/{client_id}
Updates a client by ID.
#### Security
The endpoint supports the following authorization methods: `x-api-key`, `Basic Authentication`, `OAuth 2.0`
For OAuth2 authorization method, one of the following scopes is required by the endpoint:
* `urn:acronis.com::account-server::tenant_admin`
* `urn:acronis.com::account-server::replication_manager`
* `urn:acronis.com::account-server::managed_clients_admin`
#### Request parameters
##### Request body
**Media type**: application/json
**Schema definition**:
| Name | Description |
|------|-------------|
| `data` | Additional metadata that will be updated.
**Type**: Object |
| `status` | Client status - either enabled or disabled. Disabled clients can no longer be used to receive Access Tokens.
**Type**: String
**Allowed values**:
- `enabled`
- `disabled` |
| `redirect_uris` | List of possible redirect uris.
**Type**: Array of String
**Array type description:**
**Type**: String |
| `origin_id` | Client origin ID.
**Type**: String |
**Example**:
```json
{
"data": {
"client_name": "Some application client"
},
"status": "disabled",
"redirect_uris": [
"com.acronis.abc://oauth"
]
}
```
#### Responses
| Code | Description |
|------|-------------|
| `200` | Client was successfully updated. |
| `401` | Method required an authenticated user. |
| `403` | Current user is not authorized to access this endpoint or its method. |
| `415` | Requested type in the `Accept` request header is not supported. |
| `404` | Not Found. |
### GET /clients/{client_id}
Fetches a client by ID.
#### Security
The endpoint supports the following authorization methods: `x-api-key`, `Basic Authentication`, `OAuth 2.0`
For OAuth2 authorization method, one of the following scopes is required by the endpoint:
* `urn:acronis.com::account-server::tenant_viewer`
#### Request parameters
#### Responses
| Code | Description |
|------|-------------|
| `200` | The request was successful. |
| `401` | Method required an authenticated user. |
| `403` | Current user is not authorized to access this endpoint or its method. |
| `404` | Not Found. |
### POST /idp/token
Requests an access token, an ID token and, optionally, a refresh token.
To additionally request a refresh token, refer to [OpenID Connect Core 1.0 Section 11](https://openid.net/specs/openid-connect-core-1_0.html#rfc.section.11).
#### Security
The endpoint does not require authorization.
#### Request parameters
##### Headers
| Name | Description |
|------|-------------|
| `Authorization` | (Optional) Used to send the base64-encoded "client_id:client_secret" credentials.
May be required depending on the grant type and 'token_endpoint_auth_method'
**Type**: String
**Pattern**: `^Basic [0-9a-zA-Z\-\._~+/]*=$` |
##### Request body
**Media type**: application/x-www-form-urlencoded
**Schema definition**:
| Name | Description |
|------|-------------|
| `grant_type` | The following authorization grant types are supported:
- `password` grant type implementation is in accordance with [RFC6749 Section 4.3](https://datatracker.ietf.org/doc/html/rfc6749#section-4.3).
- `md5_password` grant type is the same as `password` grant type, but password provided as MD5 hashsum.
- `authorization_code`, `refresh_token` and `client_credentials` grant types implementation is in accordance with [OpenID Connect Core 1.0 Section 3.1.3](https://openid.net/specs/openid-connect-core-1_0.html#TokenEndpoint).
- `authorization_code` grant type implementation also supports PKCE extension in accordance with [RFC7636](https://datatracker.ietf.org/doc/html/rfc7636)
- `urn:ietf:params:oauth:grant-type:device_code` grant type implementation is in accordance with [RFC8628](https://datatracker.ietf.org/doc/html/rfc8628).
- `urn:ietf:params:oauth:grant-type:jwt-bearer` grant type implementation is in accordance with [RFC7523](https://datatracker.ietf.org/doc/html/rfc7523).
**Type**: String
**Allowed values**:
- `password`
- `md5_password`
- `authorization_code`
- `refresh_token`
- `client_credentials`
- `urn:ietf:params:oauth:grant-type:device_code`
- `urn:ietf:params:oauth:grant-type:jwt-bearer` |
| `client_id` | OAuth 2.0 / OpenID Connect client's identifier (UUID).
Required for the `urn:ietf:params:oauth:grant-type:device_code` grant type.
Required for `authorization_code` and `client_credentials` grant types if the client was created with `token_endpoint_auth_method` set to `client_secret_post`.
**Type**: String |
| `client_secret` | OAuth 2.0 / OpenID Connect clients secret.
Required for `authorization_code` and `client_credentials` grant types if the client was created with `token_endpoint_auth_method` set to `client_secret_post`.
**Type**: String |
| `username` | Required for the `password` and `md5_password` grant types.
**Type**: String |
| `password` | Required for the `password` and `md5_password` grant types.
**Type**: String |
| `refresh_token` | Required for the `refresh_token` grant type.
**Type**: String |
| `code` | Required for the `authorization_code` grant type.
**Type**: String |
| `scope` | Not used for the `authorization_code` grant type. Optional for all other supported grant types.
**Type**: String
**Pattern**: `^[\w_]+(\s+[\w_]+)*$` |
| `assertion` | Required for the `urn:ietf:params:oauth:grant-type:jwt-bearer` grant type.
**Type**: String |
| `device_code` | Required for the `urn:ietf:params:oauth:grant-type:device_code` grant type.
**Type**: String |
| `totp_code` | Required for the `password` grant type with TOTP authentication.
**Type**: String |
| `code_verifier` | A cryptographically random string that is used to correlate the authorization request to the token request.
Required for the `authorization_code` grant type if `code_challenge` was provided during the authorization request.
**Type**: String
**Pattern**: `^[A-Za-z0-9\-\._~]{43,128}$` |
| `not_required_introspection` | Determines what kind of the access token will be issued: that require introspection or that do not require it.
Tokens that require introspection we call "hybrid" because we use combined approach to work with them: one part of the tokens' data could be obtained from the token itself but another part requires making a request to the introspection endpoint.
They contain not the full list of associated access policies in the scope and their introspection is required by the resource server for proper authorization.
If `not_required_introspection` is set to `true`, the issued token will contain all associated access policies in the scope and its introspection will not be required.
Such JWT token has `"nri": 1` in the header section ("nri" - not required introspection).
If `not_required_introspection` is not set or set to `false`, Account Server will decide whether to issue a "hybrid" token or not based on the its internal logic and roles configuration.
Non "hybrid" JWT token has `"nri": 0` in the header section or does not have this field at all.
**Type**: Boolean |
**Example**:
```
[object Object]
```
#### Responses
| Code | Description |
|------|-------------|
| `200` | Authentication was successful and the tokens were issued. |
| `400` | Failed authentication factors check and when `redirect_uri` form parameter is not defined. |
| `401` | Failed authentication factors check and when `redirect_uri` form parameter is not defined. |
| `403` | Requested scope is not allowed. |
### POST /idp/revoke_token
Revokes an access token and, if any, a refresh token in accordance with [RFC7009](https://datatracker.ietf.org/doc/html/rfc7009).
Confidential clients must either follow Basic authentication scheme or provide credentials in the request body.
Public clients must provide `client_id` in the request body.
If `access_token` revocation is requested, the refresh token, if any, issued together with provided access token will also be revoked.
If `refresh_token` revocation is requested, the access token issued together with provided refresh token will also be revoked.
#### Security
The endpoint does not require authorization.
#### Request parameters
##### Headers
| Name | Description |
|------|-------------|
| `Authorization` | (Optional) Used to send the base64-encoded "client_id:client_secret" credentials.
**Type**: String
**Pattern**: `^Basic [0-9a-zA-Z\-\._~+/]*=$` |
##### Request body
**Media type**: application/x-www-form-urlencoded
**Schema definition**:
| Name | Description |
|------|-------------|
| `token` | The token that the client wants to revoke.
**Type**: String |
| `token_type_hint` | A hint about the token type submitted for revocation.
**Type**: String
**Allowed values**:
- `access_token`
- `refresh_token` |
| `client_id` | OAuth 2.0 / OpenID Connect client's identifier (UUID).
Required for public clients.
**Type**: String |
| `client_secret` | OAuth 2.0 / OpenID Connect clients secret.
Can be used by confidential clients for authentication.
**Type**: String |
**Example**:
```
[object Object]
```
#### Responses
| Code | Description |
|------|-------------|
| `200` | Authentication was successful and the token was revoked. |
| `400` | Invalid request. |
| `401` | Failed authentication factors check. |
### POST /idp/introspect_token
Introspect an access token in accordance with [RFC7662](https://datatracker.ietf.org/doc/html/rfc7662).
#### Security
The endpoint supports the following authorization methods: `OAuth 2.0`
For OAuth2 authorization method, one of the following scopes is required by the endpoint:
* `urn:acronis.com::account-server::token_introspector`
#### Request parameters
##### Request body
**Media type**: application/x-www-form-urlencoded
**Schema definition**:
| Name | Description |
|------|-------------|
| `token` | The token that the client wants to introspect.
**Type**: String |
**Example**:
```
[object Object]
```
#### Responses
| Code | Description |
|------|-------------|
| `200` | Authentication and authorization were successful and the token's was introspected.
Note if the token from the request body is invalid (signature verification failed, token is expired, or something else), 200 HTTP code will be returned, but the response body will contain `{"active": false}`. |
| `401` | Method required an authenticated user. |
| `403` | Current user is not authorized to access this endpoint or its method. |
| `400` | Bad request. |
### POST /idp/ott
Available in cloud version only and this method can be accessed only by OAuth 2.0 / OpenID Connect client.
Requests a one-time token for authentication on behalf of the specified user.
Either user external ID or Acronis user login or Acronis user UUID can be supplied.
#### Security
The endpoint supports the following authorization methods: `x-api-key`, `Basic Authentication`, `OAuth 2.0`
For OAuth2 authorization method, one of the following scopes is required by the endpoint:
* `urn:acronis.com::account-server::user_admin`
#### Request parameters
##### Request body
**Media type**: application/json
**Schema definition**:
| Name | Description |
|------|-------------|
| `purpose` | Purposes of one-time tokens.
**Type**: String
**Allowed values**:
- `user_login`
- `verify` |
| `login` | **Type**: String |
| `external_id` | **Type**: String |
| `user_id` | **Type**: String
**Min length**: 36
**Max length**: 36
**Pattern**: `[0-9a-f]{8}-([0-9a-f]{4}-){3}[0-9a-f]{12}` |
| `audit_data` | An arbitrary optional text field that could be later used for auditing purposes.
**Type**: String |
**Example**:
```json
{
"login": "user@mail.org",
"purpose": "user_login",
"audit_data": "external system support department user ID"
}
```
#### Responses
| Code | Description |
|------|-------------|
| `200` | One-time token was successfully issued. |
| `401` | Method required an authenticated user. |
| `403` | Current user is not authorized to access this endpoint or its method. |
| `400` | Bad request. |
### POST /idp/ott/login
Authenticates to the platform using one-time token and provides the IdP session cookie.
Available in cloud version only.
#### Security
The endpoint does not require authorization.
#### Request parameters
##### Request body
**Media type**: application/json
**Schema definition**:
| Name | Description |
|------|-------------|
| `ott` | **Type**: String |
**Example**:
```json
{
"ott": "dGhpcyBpcyB0ZXN0IG9uZS10aW1lIHRva2Vu"
}
```
#### Responses
| Code | Description |
|------|-------------|
| `200` | Authentication with one-time token was successful. |
| `401` | Method required an authenticated user. |
| `400` | Bad request. |
### POST /idp/device_authorization
Registers device codes and issues device and user codes.
#### Security
The endpoint does not require authorization.
#### Request parameters
##### Request body
**Media type**: application/x-www-form-urlencoded
**Schema definition**:
| Name | Description |
|------|-------------|
| `client_id` | OAuth 2.0 / OpenID Connect client's identifier (UUID).
**Type**: String |
| `display_name` | Device display name (machine name, cluster ID, etc.).
**Type**: String |
| `scope` | Scopes requested or authorized by the end user for the client.
Supported scopes:
- urn:acronis.com:tenant-id::backup_agent_admin - For backup agent registration
- urn:acronis.com:tenant-id::cyber_frame_registrator - For Cyber Frame Connector registration
**Type**: Array of String
**Array type description:**
**Type**: String
**Pattern**: `^urn:acronis\.com:tenant-id:(?:[0-9a-f]{8}-(?:[0-9a-f]{4}-){3}[0-9a-f]{12})?:(?:backup_agent_admin|cyber_frame_registrator)$` |
**Example**:
```
[object Object]
```
#### Responses
| Code | Description |
|------|-------------|
| `200` | Device code successfully registered. |
### GET /idp/device_authorization/approval
Returns information about existing device authorization by the user code.
#### Security
The endpoint supports the following authorization methods: `OAuth 2.0`
For OAuth2 authorization method, one of the following scopes is required by the endpoint:
* `urn:acronis.com::backup::backup_user`
* `urn:acronis.com::backup::protection_admin`
* `urn:acronis.com::files_cloud::sync_share_user`
#### Request parameters
##### Query parameters
| Name | Description |
|------|-------------|
| `code` | (Required) The end-user verification code.
**Type**: String |
| `tenant_uuid` | (Optional) Personal tenant UUID for which the device code will be approved.
**Type**: String
**Min length**: 36
**Max length**: 36
**Pattern**: `[0-9a-f]{8}-([0-9a-f]{4}-){3}[0-9a-f]{12}` |
#### Responses
| Code | Description |
|------|-------------|
| `200` | Device authorization exists. |
| `400` | Invalid request parameters, device code expired or associated public client not found.
Scoped tenant or its owner not satisfied the requirements. |
| `403` | Current user is not authorized to access this endpoint or its method.
Current user has no access to the scoped tenant.
User code is invalid or the related device code already deleted. |
### POST /idp/device_authorization/approval
Approves existing device code.
In case of setting tenant_uuid parameter in the request body or in the scope
the current user and target tenant should satisfy next requirements:
user should be a partner_admin,
user should have RW access to the target tenant,
target tenant should be personal,
target tenant's owner should have protection_admin or backup_user roles.
#### Security
The endpoint supports the following authorization methods: `OAuth 2.0`
For OAuth2 authorization method, one of the following scopes is required by the endpoint:
* `urn:acronis.com::backup::backup_user`
* `urn:acronis.com::backup::protection_admin`
* `urn:acronis.com::files_cloud::sync_share_user`
#### Request parameters
##### Request body
**Media type**: application/json
**Schema definition**:
| Name | Description |
|------|-------------|
| `code` | The end-user verification code.
**Type**: String |
| `tenant_uuid` | **Type**: String
**Min length**: 36
**Max length**: 36
**Pattern**: `[0-9a-f]{8}-([0-9a-f]{4}-){3}[0-9a-f]{12}` |
**Example**:
```json
{
"code": "RDRD-WNDB",
"tenant_uuid": "ab7869a9-f5e1-4faf-a56c-5a0ae866dc41"
}
```
#### Responses
| Code | Description |
|------|-------------|
| `204` | Device code successfully approved. |
| `400` | Invalid request parameters, device code expired or associated public client not found.
Scoped tenant or its owner not satisfied the requirements. |
| `403` | Current user is not authorized to access this endpoint or its method.
Current user has no access to the scoped tenant.
User code is invalid or the related device code already deleted. |
### GET /idp/external-login
Fetches an HTML page that handles the login flow from external systems with one-time tokens and redirects users to the provided
`targetURI`. The legacy way to provide one-time token and target URI is via the following URL fragment parameters:
- `ott` - a URL-encoded one-time token.
- `targetURI` - a URI the user should be redirected to on successful authentication.
Example: `/idp/external-login#ott=dG9rZW4gd2l0aCBzYWZlIGVuY29kaW5n&targetURI=https://example.com/app`.
Please use the query parameters instead to access up-to-date features like branding.
#### Security
The endpoint supports the following authorization methods: `x-api-key`
#### Request parameters
##### Query parameters
| Name | Description |
|------|-------------|
| `ott` | (Optional) a URL-encoded one-time token.
**Type**: String |
| `targetURI` | (Optional) a URI the user should be redirected to on successful authentication.
**Type**: String |
#### Responses
| Code | Description |
|------|-------------|
| `200` | The request was successful. |
### GET /infra
Fetches batch of infrastructure components.
#### Security
The endpoint supports the following authorization methods: `OAuth 2.0`
For OAuth2 authorization method, one of the following scopes is required by the endpoint:
* `urn:acronis.com::account-server::root_admin`
* `urn:acronis.com::account-server::partner_admin`
* `urn:acronis.com::account-server::company_admin`
* `urn:acronis.com::account-server::unit_admin`
* `urn:acronis.com::account-server::readonly_admin`
* `urn:acronis.com::account-server::tenant_viewer`
#### Request parameters
##### Query parameters
| Name | Description |
|------|-------------|
| `uuids` | (Required) Comma-separated list of infrastructures' UUIDs.
**Type**: String |
#### Responses
| Code | Description |
|------|-------------|
| `200` | The request was successful. |
| `401` | Method required an authenticated user. |
| `403` | Current user is not authorized to access this endpoint or its method. |
| `404` | Not Found. |
### POST /infra
Registers a new infrastructure component.
#### Security
The endpoint supports the following authorization methods: `OAuth 2.0`
For OAuth2 authorization method, one of the following scopes is required by the endpoint:
* `urn:acronis.com::account-server::root_admin`
* `urn:acronis.com::account-server::partner_admin`
#### Request parameters
##### Request body
**Media type**: application/json
**Schema definition**:
| Name | Description |
|------|-------------|
| `owner_tenant_id` | **Type**: String
**Min length**: 36
**Max length**: 36
**Pattern**: `[0-9a-f]{8}-([0-9a-f]{4}-){3}[0-9a-f]{12}` |
| `location_id` | **Type**: String
**Min length**: 36
**Max length**: 36
**Pattern**: `[0-9a-f]{8}-([0-9a-f]{4}-){3}[0-9a-f]{12}` |
| `name` | Human-readable name of infrastructure component that will be displayed to the users.
**Type**: String |
| `url` | URL.
**Type**: String
**Pattern**: `^[a-z0-9\+]+:\/\/[^\s\/$.?#].[^\s]*` |
| `capabilities` | Capabilities of infrastructure component.
**Type**: Array of String
**Array type description:**
Capability of infrastructure component.
**Type**: String
**Allowed values**:
- `backup`
- `disaster_recovery`
- `files_cloud`
- `vcd` |
| `content_url` | URL.
**Type**: String
**Pattern**: `^[a-z0-9\+]+:\/\/[^\s\/$.?#].[^\s]*` |
| `content_mobile_url` | URL.
**Type**: String
**Pattern**: `^[a-z0-9\+]+:\/\/[^\s\/$.?#].[^\s]*` |
| `backend_type` | **Type**: any |
**Example**:
```json
{
"capabilities": [
"backup",
"disaster_recovery"
],
"name": "Default Infrastructure Component",
"url": "acronis+fes://storage20.acronis.com:44445",
"owner_tenant_id": "0bb386ae-e66d-4e7b-84fb-cddcf60002de",
"location_id": "bfdf24b0-5a72-49a8-a2bd-2fc7c085ff7b",
"content_url": "https://browse.storage20.acronis.com/",
"backend_type": "azure",
"content_mobile_url": "https://browse.storage20.acronis.com/mobile/"
}
```
#### Responses
| Code | Description |
|------|-------------|
| `201` | Infrastructure component was successfully registered. |
| `401` | Method required an authenticated user. |
| `403` | Current user is not authorized to access this endpoint or its method. |
| `415` | Requested type in the `Accept` request header is not supported. |
### DELETE /infra/{infra_id}
Unregisters infrastructure component.
#### Security
The endpoint supports the following authorization methods: `OAuth 2.0`
For OAuth2 authorization method, one of the following scopes is required by the endpoint:
* `urn:acronis.com::account-server::root_admin`
* `urn:acronis.com::account-server::partner_admin`
#### Request parameters
##### Query parameters
| Name | Description |
|------|-------------|
| `force` | (Optional) If true, existing usage will be ignored in case there are no customer tenants having offering items associated with this infrastructure component turned on.
**Type**: Boolean |
| `version` | (Required) Growing number of object internal version.
**Type**: Integer |
#### Responses
| Code | Description |
|------|-------------|
| `204` | Infrastructure component was successfully unregistered. |
| `401` | Method required an authenticated user. |
| `403` | Current user is not authorized to access this endpoint or its method. |
| `404` | Not Found. |
| `409` | Another object of the same type already exists. |
### PUT /infra/{infra_id}
Updates infrastructure component.
#### Security
The endpoint supports the following authorization methods: `OAuth 2.0`
For OAuth2 authorization method, one of the following scopes is required by the endpoint:
* `urn:acronis.com::account-server::root_admin`
* `urn:acronis.com::account-server::partner_admin`
#### Request parameters
##### Request body
**Media type**: application/json
**Schema definition**:
| Name | Description |
|------|-------------|
| `name` | Human-readable name of infrastructure component that will be displayed to the users.
**Type**: String |
| `location_id` | **Type**: String
**Min length**: 36
**Max length**: 36
**Pattern**: `[0-9a-f]{8}-([0-9a-f]{4}-){3}[0-9a-f]{12}` |
| `url` | URL.
**Type**: String
**Pattern**: `^[a-z0-9\+]+:\/\/[^\s\/$.?#].[^\s]*` |
| `capabilities` | Capabilities of infrastructure component.
**Type**: Array of String
**Array type description:**
Capability of infrastructure component.
**Type**: String
**Allowed values**:
- `backup`
- `disaster_recovery`
- `files_cloud`
- `vcd` |
| `content_url` | URL.
**Type**: String
**Pattern**: `^[a-z0-9\+]+:\/\/[^\s\/$.?#].[^\s]*` |
| `content_mobile_url` | URL.
**Type**: String
**Pattern**: `^[a-z0-9\+]+:\/\/[^\s\/$.?#].[^\s]*` |
| `backend_type` | **Type**: any |
| `version` | Auto-incremented infrastructure component version.
**Type**: Integer |
**Example**:
```json
{
"capabilities": [
"files_cloud"
],
"name": "Infrastructure Component",
"url": "acronis+fes://storage20.corp.acronis.com:44445",
"version": 10,
"content_url": "https://browse.storage20.corp.acronis.com/",
"backend_type": "azure",
"content_mobile_url": "https://browse.storage20.corp.acronis.com/mobile/"
}
```
#### Responses
| Code | Description |
|------|-------------|
| `200` | Infrastructure component was successfully updated. |
| `401` | Method required an authenticated user. |
| `403` | Current user is not authorized to access this endpoint or its method. |
| `415` | Requested type in the `Accept` request header is not supported. |
| `404` | Not Found. |
| `409` | Another object of the same type already exists. |
### GET /infra/{infra_id}
Fetches infrastructure component.
#### Security
The endpoint supports the following authorization methods: `OAuth 2.0`
For OAuth2 authorization method, one of the following scopes is required by the endpoint:
* `urn:acronis.com::account-server::root_admin`
* `urn:acronis.com::account-server::partner_admin`
* `urn:acronis.com::account-server::company_admin`
* `urn:acronis.com::account-server::unit_admin`
* `urn:acronis.com::account-server::readonly_admin`
#### Request parameters
#### Responses
| Code | Description |
|------|-------------|
| `200` | The request was successful. |
| `401` | Method required an authenticated user. |
| `403` | Current user is not authorized to access this endpoint or its method. |
| `404` | Not Found. |
### GET /locations
Fetches a batch of infrastructure locations.
#### Security
The endpoint supports the following authorization methods: `OAuth 2.0`
For OAuth2 authorization method, one of the following scopes is required by the endpoint:
* `urn:acronis.com::account-server::root_admin`
* `urn:acronis.com::account-server::partner_admin`
* `urn:acronis.com::account-server::company_admin`
* `urn:acronis.com::account-server::unit_admin`
* `urn:acronis.com::account-server::readonly_admin`
#### Request parameters
##### Query parameters
| Name | Description |
|------|-------------|
| `uuids` | (Required) Comma-separated list of infrastructures locations' UUIDs.
**Type**: String |
#### Responses
| Code | Description |
|------|-------------|
| `200` | The request was successful. |
| `401` | Method required an authenticated user. |
| `403` | Current user is not authorized to access this endpoint or its method. |
| `404` | Not Found. |
### POST /locations
Creates a new infrastructures location.
#### Security
The endpoint supports the following authorization methods: `OAuth 2.0`
For OAuth2 authorization method, one of the following scopes is required by the endpoint:
* `urn:acronis.com::account-server::root_admin`
* `urn:acronis.com::account-server::partner_admin`
#### Request parameters
##### Request body
**Media type**: application/json
**Schema definition**:
| Name | Description |
|------|-------------|
| `owner_tenant_id` | **Type**: String
**Min length**: 36
**Max length**: 36
**Pattern**: `[0-9a-f]{8}-([0-9a-f]{4}-){3}[0-9a-f]{12}` |
| `name` | Human-readable name of infrastructure location that will be displayed to the users.
**Type**: String |
**Example**:
```json
{
"owner_tenant_id": "0bb386ae-e66d-4e7b-84fb-cddcf60002de",
"name": "Boston Infrastructure"
}
```
#### Responses
| Code | Description |
|------|-------------|
| `201` | Infrastructure location was successfully created. |
| `401` | Method required an authenticated user. |
| `403` | Current user is not authorized to access this endpoint or its method. |
| `415` | Requested type in the `Accept` request header is not supported. |
### DELETE /locations/{location_id}
Deletes an infrastructure location by ID.
#### Security
The endpoint supports the following authorization methods: `OAuth 2.0`
For OAuth2 authorization method, one of the following scopes is required by the endpoint:
* `urn:acronis.com::account-server::root_admin`
* `urn:acronis.com::account-server::partner_admin`
#### Request parameters
##### Query parameters
| Name | Description |
|------|-------------|
| `version` | (Required) Growing number of object internal version.
**Type**: Integer |
#### Responses
| Code | Description |
|------|-------------|
| `204` | Infrastructure location was successfully removed. |
| `401` | Method required an authenticated user. |
| `403` | Current user is not authorized to access this endpoint or its method. |
| `404` | Not Found. |
| `409` | Another object of the same type already exists. |
### PUT /locations/{location_id}
Updates an infrastructure location by ID.
#### Security
The endpoint supports the following authorization methods: `OAuth 2.0`
For OAuth2 authorization method, one of the following scopes is required by the endpoint:
* `urn:acronis.com::account-server::root_admin`
* `urn:acronis.com::account-server::partner_admin`
#### Request parameters
##### Request body
**Media type**: application/json
**Schema definition**:
| Name | Description |
|------|-------------|
| `name` | Human-readable name of infrastructure location that will be displayed to the users.
**Type**: String |
| `version` | Auto-incremented infrastructure location version.
**Type**: Integer |
**Example**:
```json
{
"name": "Boston Infrastructure",
"version": 10
}
```
#### Responses
| Code | Description |
|------|-------------|
| `200` | Infrastructure location was successfully updated. |
| `401` | Method required an authenticated user. |
| `403` | Current user is not authorized to access this endpoint or its method. |
| `415` | Requested type in the `Accept` request header is not supported. |
| `404` | Not Found. |
| `409` | Another object of the same type already exists. |
### GET /locations/{location_id}
Fetches an infrastructure location by ID.
#### Security
The endpoint supports the following authorization methods: `OAuth 2.0`
For OAuth2 authorization method, one of the following scopes is required by the endpoint:
* `urn:acronis.com::account-server::root_admin`
* `urn:acronis.com::account-server::partner_admin`
* `urn:acronis.com::account-server::company_admin`
* `urn:acronis.com::account-server::unit_admin`
* `urn:acronis.com::account-server::readonly_admin`
#### Request parameters
#### Responses
| Code | Description |
|------|-------------|
| `200` | The request was successful. |
| `401` | Method required an authenticated user. |
| `403` | Current user is not authorized to access this endpoint or its method. |
| `404` | Not Found. |
### GET /locations/{location_id}/infra
Fetches batch of infrastructure components of the provided location.
#### Security
The endpoint supports the following authorization methods: `OAuth 2.0`
For OAuth2 authorization method, one of the following scopes is required by the endpoint:
* `urn:acronis.com::account-server::root_admin`
* `urn:acronis.com::account-server::partner_admin`
* `urn:acronis.com::account-server::company_admin`
* `urn:acronis.com::account-server::unit_admin`
* `urn:acronis.com::account-server::readonly_admin`
#### Request parameters
#### Responses
| Code | Description |
|------|-------------|
| `200` | The request was successful. |
| `401` | Method required an authenticated user. |
| `403` | Current user is not authorized to access this endpoint or its method. |
| `404` | Not Found. |
### POST /registration_tokens
*DEPRECATED.* Use /api/2/tenants//registration_tokens.
Creates a registration token.
#### Security
The endpoint supports the following authorization methods: `x-api-key`, `Basic Authentication`, `OAuth 2.0`
For OAuth2 authorization method, one of the following scopes is required by the endpoint:
* `urn:acronis.com::account-server::oauth2_client_admin`
#### Request parameters
##### Request body
**Media type**: application/json
**Schema definition**:
| Name | Description |
|------|-------------|
| `tenant_id` | **Type**: String
**Min length**: 36
**Max length**: 36
**Pattern**: `[0-9a-f]{8}-([0-9a-f]{4}-){3}[0-9a-f]{12}` |
| `expires_in` | Token expiration time in seconds. Should be less than or equal to one year.
**Type**: Integer |
| `scopes` | Access scopes that are applied to the registered resource. The following access scope patterns are available:
- `urn:acronis.com:tenant-id:{personal_tenant_id}:backup_agent_admin` - binds the resource to the user by personal tenant ID specified in `{personal_tenant_id}`.
- `urn:acronis.com::policy_management:{tenant_id}|{policy_id}:apply_revoke` - applies a protection plan to a resource by policy ID specified in `{policy_id}` from a resource owner tenant specified in `{tenant_id}`.
**Type**: Array of String
**Array type description:**
**Type**: String |
**Example**:
```json
{
"tenant_id": "72acaf6a-b15a-11e6-80f5-76304dec7eb7",
"expires_in": 3600,
"scopes": [
"urn:acronis.com:tenant-id:734fe814-748a-41cb-8a94-60e18fb3c442:backup_agent_admin"
]
}
```
#### Responses
| Code | Description |
|------|-------------|
| `201` | Registration token was successfully created. |
| `403` | Current user is not authorized to access this endpoint or its method. |
| `401` | Method required an authenticated user. |
| `415` | Requested type in the `Accept` request header is not supported. |
### POST /reports
Creates a new usage report.
#### Security
The endpoint supports the following authorization methods: `OAuth 2.0`
For OAuth2 authorization method, one of the following scopes is required by the endpoint:
* `urn:acronis.com::account-server::root_admin`
* `urn:acronis.com::account-server::partner_admin`
* `urn:acronis.com::account-server::company_admin`
* `urn:acronis.com::account-server::unit_admin`
#### Request parameters
##### Request body
**Media type**: application/json
**Schema definition**:
| Name | Description |
|------|-------------|
| `recipients` | IDs of subscribed users.
**Type**: Array of String
**Array type description:**
**Type**: String
**Min length**: 36
**Max length**: 36
**Pattern**: `[0-9a-f]{8}-([0-9a-f]{4}-){3}[0-9a-f]{12}` |
| `result_action` | What to do with report.
**Type**: String
**Allowed values**:
- `save`
- `send` |
| `parameters` | **Type**: Object |
| `schedule` | **Type**: Object |
| `generation_date` | Formatted date: YYYY-MM-DD.
**Type**: String
**Min length**: 10
**Max length**: 10
**Pattern**: `\d{4}-\d{2}-\d{2}` |
**Example**:
```json
{
"result_action": "send",
"recipients": [
"ca451758-b48a-45d9-9ae6-8f1059f67619",
"ab00e527-219b-481b-b01b-311b5be0ed3c"
],
"schedule": {
"type": "once"
},
"generation_date": "2017-05-08",
"parameters": {
"tenant_id": "2a91a14d-ffd3-4ac1-9b4d-3990162c5acc",
"formats": [
"csv",
"json_v1",
"csv_v2_0",
"json_v2_0"
],
"show_skus": false,
"hide_zero_usage": true,
"kind": "usage_summary",
"period": {
"start": "2017-05-01",
"end": "2017-05-07"
},
"level": "accounts"
}
}
```
#### Responses
| Code | Description |
|------|-------------|
| `200` | Usage report was successfully created |
| `400` | Usage history is not ready and shouldn't be ready yet (from 1 to 6 am). |
| `500` | Usage history is not ready but should be available already (after 6 am). |
| `401` | Method required an authenticated user. |
| `403` | Current user is not authorized to access this endpoint or its method. |
| `415` | Requested type in the `Accept` request header is not supported. |
### DELETE /reports/{report_id}
Deletes a usage report by ID.
#### Security
The endpoint supports the following authorization methods: `OAuth 2.0`
For OAuth2 authorization method, one of the following scopes is required by the endpoint:
* `urn:acronis.com::account-server::root_admin`
* `urn:acronis.com::account-server::partner_admin`
* `urn:acronis.com::account-server::company_admin`
* `urn:acronis.com::account-server::unit_admin`
#### Request parameters
##### Query parameters
| Name | Description |
|------|-------------|
| `version` | (Required) Growing number of object internal version.
**Type**: Integer |
#### Responses
| Code | Description |
|------|-------------|
| `204` | Usage report was successfully deleted. |
| `401` | Method required an authenticated user. |
| `403` | Current user is not authorized to access this endpoint or its method. |
### PUT /reports/{report_id}
Updates a usage report configuration. Only scheduled reports can be updated.
#### Security
The endpoint supports the following authorization methods: `OAuth 2.0`
For OAuth2 authorization method, one of the following scopes is required by the endpoint:
* `urn:acronis.com::account-server::root_admin`
* `urn:acronis.com::account-server::partner_admin`
* `urn:acronis.com::account-server::company_admin`
* `urn:acronis.com::account-server::unit_admin`
#### Request parameters
##### Request body
**Media type**: application/json
**Schema definition**:
| Name | Description |
|------|-------------|
| `recipients` | IDs of subscribed users.
**Type**: Array of String
**Array type description:**
**Type**: String
**Min length**: 36
**Max length**: 36
**Pattern**: `[0-9a-f]{8}-([0-9a-f]{4}-){3}[0-9a-f]{12}` |
| `parameters` | **Type**: Object |
| `schedule` | **Type**: Object |
**Example**:
```json
{
"recipients": [
"ca451758-b48a-45d9-9ae6-8f1059f67619"
],
"parameters": {
"tenant_id": "2a91a14d-ffd3-4ac1-9b4d-3990162c5acc",
"show_skus": false,
"hide_zero_usage": true,
"kind": "usage_current",
"level": "direct_partners"
}
}
```
#### Responses
| Code | Description |
|------|-------------|
| `200` | Usage report was successfully updated. |
| `401` | Method required an authenticated user. |
| `403` | Current user is not authorized to access this endpoint or its method. |
| `415` | Requested type in the `Accept` request header is not supported. |
| `404` | Not Found. |
### GET /reports/{report_id}
Fetches a usage report configuration.
#### Security
The endpoint supports the following authorization methods: `OAuth 2.0`
For OAuth2 authorization method, one of the following scopes is required by the endpoint:
* `urn:acronis.com::account-server::root_admin`
* `urn:acronis.com::account-server::partner_admin`
* `urn:acronis.com::account-server::company_admin`
* `urn:acronis.com::account-server::unit_admin`
* `urn:acronis.com::account-server::readonly_admin`
#### Request parameters
#### Responses
| Code | Description |
|------|-------------|
| `200` | The request was successful. |
| `401` | Method required an authenticated user. |
| `403` | Current user is not authorized to access this endpoint or its method. |
| `404` | Not Found. |
### GET /reports/{report_id}/stored
Fetches all stored reports related to the usage report.
#### Security
The endpoint supports the following authorization methods: `OAuth 2.0`
For OAuth2 authorization method, one of the following scopes is required by the endpoint:
* `urn:acronis.com::account-server::root_admin`
* `urn:acronis.com::account-server::partner_admin`
* `urn:acronis.com::account-server::company_admin`
* `urn:acronis.com::account-server::unit_admin`
* `urn:acronis.com::account-server::readonly_admin`
#### Request parameters
#### Responses
| Code | Description |
|------|-------------|
| `200` | The request was successful. |
| `401` | Method required an authenticated user. |
| `403` | Current user is not authorized to access this endpoint or its method. |
### GET /reports/{report_id}/stored/{stored_report_id}
Downloads stored report data.
#### Security
The endpoint supports the following authorization methods: `OAuth 2.0`
For OAuth2 authorization method, one of the following scopes is required by the endpoint:
* `urn:acronis.com::account-server::root_admin`
* `urn:acronis.com::account-server::partner_admin`
* `urn:acronis.com::account-server::company_admin`
* `urn:acronis.com::account-server::unit_admin`
* `urn:acronis.com::account-server::readonly_admin`
#### Request parameters
#### Responses
| Code | Description |
|------|-------------|
| `200` | A file in the format that was used to generate the stored report. |
| `401` | Method required an authenticated user. |
| `403` | Current user is not authorized to access this endpoint or its method. |
### GET /search
Searches for tenants and users.
Tenants are searched by `name`, `custom_id`, `first_name`, `last_name` and `email` from contact info.
Users are searched by `login`, `email`, `first_name` and `last_name`.
Search is case-insensitive.
#### Security
The endpoint supports the following authorization methods: `x-api-key`, `Basic Authentication`, `OAuth 2.0`
For OAuth2 authorization method, one of the following scopes is required by the endpoint:
* `urn:acronis.com::account-server::tenant_viewer`
#### Request parameters
##### Query parameters
| Name | Description |
|------|-------------|
| `tenant` | (Required) An ID of the tenant where the search will be performed.
**Type**: String |
| `text` | (Required) Search in all available properties for the supplied text.
**Type**: String |
| `limit` | (Optional) Limit the number of found objects.
**Type**: Integer
**Default**: 10 |
| `allow_deleted` | (Optional) If true, deleted tenants and users may be returned.
**Type**: Boolean |
#### Responses
| Code | Description |
|------|-------------|
| `200` | The request was successful. |
| `401` | Method required an authenticated user. |
| `403` | Current user is not authorized to access this endpoint or its method. |
| `415` | Requested type in the `Accept` request header is not supported. |
| `404` | Not Found. |
### GET /tenants
Available in cloud version only.
Fetches details about multiple tenants specified by their UUIDs or about child tenants of a specific tenant specified by its UUID.
#### Security
The endpoint supports the following authorization methods: `x-api-key`, `Basic Authentication`, `OAuth 2.0`
For OAuth2 authorization method, one of the following scopes is required by the endpoint:
* `urn:acronis.com::account-server::tenant_viewer`
#### Request parameters
##### Query parameters
| Name | Description |
|------|-------------|
| `uuids` | (Optional) A filter by comma-separated list of tenants' UUIDs. Maximum of 100 UUIDs.
Is mutually exclusive with `subtree_root_id` and `parent_id`.
**Type**: String
**Min length**: 36
**Pattern**: `[0-9a-f]{8}-([0-9a-f]{4}-){3}[0-9a-f]{12}(,[0-9a-f]{8}-([0-9a-f]{4}-){3}[0-9a-f]{12})*` |
| `parent_id` | (Optional) The UUID of a tenant which child tenants will be fetched.
Is mutually exclusive with `subtree_root_id` and `uuids`.
**Type**: String
**Min length**: 36
**Max length**: 36
**Pattern**: `[0-9a-f]{8}-([0-9a-f]{4}-){3}[0-9a-f]{12}` |
| `subtree_root_id` | (Optional) Filter to fetch tenants hierarchy starting from (including) the specified one. Sorting by tenant level is always assumed.
Is mutually exclusive with `uuids` and `parent_id`.
**Type**: String
**Min length**: 36
**Max length**: 36
**Pattern**: `[0-9a-f]{8}-([0-9a-f]{4}-){3}[0-9a-f]{12}` |
| `updated_since` | (Optional) A filter by tenants that were updated after the specified RFC3339 timestamp in UTC time zone.
**Type**: DateTime |
| `limit` | (Optional) Number of elements to return in current offering items page of the response.
**Type**: Integer
**Minimum**: 1
**Default**: 5000 |
| `after` | (Optional) Cursor to fetch the next tenants page. The cursor encodes all the filtering and sorting arguments, thus client does not need to provide all them for the next page, only cursor should be provided. Client can get the cursor from `paging.cursors.after` field of the previous page response.
**Type**: String |
| `lod` | (Optional) A predefined level of details for the tenant object to return.
The following levels of details can be specified:
- `stamps` - includes `id`, `parent_id`, `version`, `created_at`, `updated_at`, `deleted_at`, `contacts`, `offering_items`.
- `basic` - includes all stamps fields plus `name`, `kind`, `enabled`.
- `full` - includes all basic fields plus `customer_type`, `customer_id`, `brand_id`, `brand_uuid`, `brand_enabled`, `barrier`, `internal_tag`, `language`, `owner_id`, `has_children`, `default_idp_id`, `update_lock`, `ancestral_access`, `mfa_status`, `pricing_mode`, `contact`, `external_operation_status`, `production_start_date`.
**Type**: String
**Allowed values**:
- `stamps`
- `basic`
- `full`
**Default**: full |
| `with_contacts` | (Optional) If true, all tenants' referencing contacts will be returned in the response.
**Type**: Boolean |
| `with_offering_items` | (Optional) If true, only tenants with count offering items will be returned in the response.
**Type**: Boolean |
| `with_infra_offering_items` | (Optional) If true, only tenants with infra offering items will be returned in the response.
**Type**: Boolean |
| `expand_offering_items` | (Optional) If true, all tenants' offering items will be returned in the response.
**Type**: Boolean |
| `include_relative_path` | (Optional) If true, fetches the hierarchy of tenants starting from (and including) the trustee tenant up to the tenants with the specified UUIDs. Only tenants in the path between the trustee and the target tenants will be returned.
Is mutually exclusive with `subtree_root_id` and `parent_id`.
**Type**: Boolean |
| `allow_deleted` | (Optional) If true, deleted tenants may be returned.
**Type**: Boolean |
#### Responses
| Code | Description |
|------|-------------|
| `200` | The request was successful. |
| `400` | Bad request. |
| `403` | Current user is not authorized to access this endpoint or its method. |
| `401` | Method required an authenticated user. |
| `404` | Not Found. |
### POST /tenants
Creates a new tenant.
#### Security
The endpoint supports the following authorization methods: `x-api-key`, `Basic Authentication`, `OAuth 2.0`
For OAuth2 authorization method, one of the following scopes is required by the endpoint:
* `urn:acronis.com::account-server::tenant_admin`
#### Request parameters
##### Request body
**Media type**: application/json
**Schema definition**:
| Name | Description |
|------|-------------|
| `name` | Human-readable name that will be displayed to the users.
**Type**: String |
| `parent_id` | **Type**: String
**Min length**: 36
**Max length**: 36
**Pattern**: `[0-9a-f]{8}-([0-9a-f]{4}-){3}[0-9a-f]{12}` |
| `kind` | A tenant kind.
**Type**: String
**Allowed values**:
- `root`
- `partner`
- `folder`
- `customer`
- `unit` |
| `contact` | **Type**: Object |
| `company_billing_contact` | **Type**: Object |
| `enabled` | Flag, indicates whether the tenant is enabled or disabled.
**Type**: Boolean |
| `customer_id` | ID from external system; for reporting purposes.
**Type**: String |
| `internal_tag` | Internal tag. This field can have a null value.
**Type**: any |
| `language` | Preferred locale.
**Type**: String |
| `default_idp_id` | **Type**: String
**Min length**: 36
**Max length**: 36
**Pattern**: `[0-9a-f]{8}-([0-9a-f]{4}-){3}[0-9a-f]{12}` |
| `update_lock` | **Type**: Object |
| `ancestral_access` | Access to newly created tenant from ancestors.
**Type**: Boolean |
| `settings` | **Type**: Object |
**Example**:
```json
{
"internal_tag": null,
"name": "The Qwerty Tenant",
"customer_id": "123asd",
"parent_id": "fa6859a9-f5e1-4faf-a56c-5a0ae866dc4f",
"contact": {
"email": "su@test.com",
"address1": "Home",
"phone": "123456789"
},
"language": "pt_BR",
"kind": "partner",
"settings": {
"enhanced_security": false
}
}
```
#### Responses
| Code | Description |
|------|-------------|
| `201` | Tenant was successfully created. |
| `401` | Method required an authenticated user. |
| `403` | Current user is not authorized to access this endpoint or its method. |
| `415` | Requested type in the `Accept` request header is not supported. |
### GET /tenants/applications
Fetches a batch of applications' UUIDs for the provided list of tenants.
#### Security
The endpoint supports the following authorization methods: `x-api-key`, `Basic Authentication`, `OAuth 2.0`
For OAuth2 authorization method, one of the following scopes is required by the endpoint:
* `urn:acronis.com::account-server::tenant_viewer`
#### Request parameters
##### Query parameters
| Name | Description |
|------|-------------|
| `tenants` | (Required) A filter of applications by comma-separated list of tenants' UUIDs.
**Type**: String
**Min length**: 36
**Pattern**: `[0-9a-f]{8}-([0-9a-f]{4}-){3}[0-9a-f]{12}(,[0-9a-f]{8}-([0-9a-f]{4}-){3}[0-9a-f]{12})*` |
#### Responses
| Code | Description |
|------|-------------|
| `200` | The request was successful. |
| `403` | Current user is not authorized to access this endpoint or its method. |
| `401` | Method required an authenticated user. |
| `415` | Requested type in the `Accept` request header is not supported. |
### GET /tenants/offering_items
Fetches a batch of the offering items with their states and associated quotas.
#### Security
The endpoint supports the following authorization methods: `x-api-key`, `Basic Authentication`, `OAuth 2.0`
For OAuth2 authorization method, one of the following scopes is required by the endpoint:
* `urn:acronis.com::account-server::tenant_viewer`
#### Request parameters
##### Query parameters
| Name | Description |
|------|-------------|
| `subtree_root_tenant_id` | (Required) A filter by tenants tree starting from the specified tenant ID. Sorting by tenant level is always assumed.
**Type**: String
**Min length**: 36
**Max length**: 36
**Pattern**: `[0-9a-f]{8}-([0-9a-f]{4}-){3}[0-9a-f]{12}` |
| `usage_names` | (Optional) A filter of offering items by comma-separated list of usage names.
**Type**: String |
| `editions` | (Optional) A filter of offering items by comma-separated list of editions.
**Type**: String |
| `offering_items` | (Optional) A filter of offering items by comma-separated offering item names.
**Type**: String |
| `updated_since` | (Optional) A filter by offering items that were updated after the specified RFC3339 timestamp in UTC time zone.
**Type**: DateTime |
| `limit` | (Optional) Number of elements to return in current offering items page of the response.
**Type**: Integer
**Minimum**: 1
**Default**: 5000 |
| `after` | (Optional) Cursor to fetch the next offering items page. The cursor encodes all the filtering and sorting arguments, thus client does not need to provide all them for the next page, only cursor should be provided. Client can get the cursor from `paging.cursors.after` field of the previous page response.
**Type**: String |
| `allow_deleted` | (Optional) If true, deleted offering items may be returned.
**Type**: Boolean |
#### Responses
| Code | Description |
|------|-------------|
| `200` | The request was successful. |
| `400` | Bad request. |
| `403` | Current user is not authorized to access this endpoint or its method. |
| `401` | Method required an authenticated user. |
| `404` | Not Found. |
### GET /tenants/usages
Fetches a batch of usages of the tenant.
#### Security
The endpoint supports the following authorization methods: `x-api-key`, `Basic Authentication`, `OAuth 2.0`
For OAuth2 authorization method, one of the following scopes is required by the endpoint:
* `urn:acronis.com::account-server::tenant_viewer`
#### Request parameters
##### Query parameters
| Name | Description |
|------|-------------|
| `tenants` | (Required) A filter of usages by comma-separated list of tenants' UUIDs.
**Type**: String
**Min length**: 36
**Pattern**: `[0-9a-f]{8}-([0-9a-f]{4}-){3}[0-9a-f]{12}(,[0-9a-f]{8}-([0-9a-f]{4}-){3}[0-9a-f]{12})*` |
| `usage_names` | (Optional) A filter of usages by comma-separated list of usage names.
**Type**: String |
| `editions` | (Optional) A filter of usages by comma-separated list of editions.
**Type**: String |
#### Responses
| Code | Description |
|------|-------------|
| `200` | The request was successful. |
| `403` | Current user is not authorized to access this endpoint or its method. |
| `401` | Method required an authenticated user. |
| `415` | Requested type in the `Accept` request header is not supported. |
### PUT /tenants/usages
Updates the values of the usages specified in `usage_type` or
associated with the offering items specified in `offering_item`.
Depending on the combination of provided fields, the usage may be
reported either per tenant or per resource. See the descriptions of
the fields for more details.
Trustee is restricted either to be registered within root tenant kind or to have configured
CyberApp (origin_id) with fully provisioned auth-consents through Application Manager
Account server applications (not to be confused with CyberApps) are restricted
to the enablement of offering items with nested usage types marked with the acc-app (origin_id)
In case of failure the response body will contain a not-empty "error" field for each failed item.
#### Security
The endpoint supports the following authorization methods: `OAuth 2.0`
For OAuth2 authorization method, one of the following scopes is required by the endpoint:
* `urn:acronis.com::accounts::licensing_admin`
* `urn:acronis.com::accounts::usage_reporter`
#### Request parameters
##### Request body
**Media type**: application/json
**Schema definition**:
| Name | Description |
|------|-------------|
| `items` | **Type**: Array of Object
**Array type description:**
**Type**: Object |
**Example**:
```json
{
"items": [
{
"tenant_id": "",
"resource_id": "",
"usage_type": "",
"offering_item": "",
"infra_id": "",
"usage_value": 0
}
]
}
```
#### Responses
| Code | Description |
|------|-------------|
| `200` | - |
| `403` | Current user is not authorized to access this endpoint or its method. |
| `401` | Method required an authenticated user. |
| `415` | Requested type in the `Accept` request header is not supported. |
### DELETE /tenants/{tenant_id}
Deletes a tenant by ID.
#### Security
The endpoint supports the following authorization methods: `x-api-key`, `Basic Authentication`, `OAuth 2.0`
For OAuth2 authorization method, one of the following scopes is required by the endpoint:
* `urn:acronis.com::account-server::tenant_admin`
#### Request parameters
##### Query parameters
| Name | Description |
|------|-------------|
| `version` | (Required) Growing number of object internal version.
**Type**: Integer |
#### Responses
| Code | Description |
|------|-------------|
| `204` | Tenant was successfully deleted. |
| `401` | Method required an authenticated user. |
| `403` | Current user is not authorized to access this endpoint or its method. |
| `404` | Not Found. |
### PUT /tenants/{tenant_id}
Updates a tenant by ID.
#### Security
The endpoint supports the following authorization methods: `x-api-key`, `Basic Authentication`, `OAuth 2.0`
For OAuth2 authorization method, one of the following scopes is required by the endpoint:
* `urn:acronis.com::account-server::tenant_admin`
#### Request parameters
##### Request body
**Media type**: application/json
**Schema definition**:
| Name | Description |
|------|-------------|
| `name` | Human-readable name that will be displayed to the users.
**Type**: String |
| `customer_type` | A type of the customer.
**Type**: String
**Allowed values**:
- `default`
- `enterprise`
- `consumer`
- `small_office`
- `ti_unified` |
| `parent_id` | **Type**: String
**Min length**: 36
**Max length**: 36
**Pattern**: `[0-9a-f]{8}-([0-9a-f]{4}-){3}[0-9a-f]{12}` |
| `kind` | A tenant kind.
**Type**: String
**Allowed values**:
- `root`
- `partner`
- `folder`
- `customer`
- `unit` |
| `contact` | **Type**: Object |
| `enabled` | Flag, indicates whether the tenant is enabled or disabled.
**Type**: Boolean |
| `customer_id` | ID from external system; for reporting purposes. This field can have a null value.
**Type**: any |
| `version` | Tenant`s version.
**Type**: Integer |
| `brand_id` | Deprecated field. Brand cannot be changed using this.
**Type**: any |
| `internal_tag` | Internal tag. This field can have a null value.
**Type**: any |
| `language` | Tenant`s preferred language.
**Type**: String |
| `default_idp_id` | **Type**: String
**Min length**: 36
**Max length**: 36
**Pattern**: `[0-9a-f]{8}-([0-9a-f]{4}-){3}[0-9a-f]{12}` |
| `update_lock` | **Type**: Object |
| `ancestral_access` | Indicates whether tenant's indirect ancestors have access to it.
**Type**: Boolean |
| `external_operation_status` | External operation status.
**Type**: String
**Allowed values**:
- `no_operation`
- `deleting`
- `recovering` |
**Example**:
```json
{
"internal_tag": null,
"name": "Renamed Tenant",
"customer_id": null,
"parent_id": "c4878582-6e14-451e-9bda-3ff899b3f700",
"brand_id": 1111,
"contact": {
"firstname": "New Name"
},
"version": 1,
"language": "en",
"kind": "folder"
}
```
#### Responses
| Code | Description |
|------|-------------|
| `200` | Tenant was successfully updated. |
| `401` | Method required an authenticated user. |
| `403` | Current user is not authorized to access this endpoint or its method. |
| `415` | Requested type in the `Accept` request header is not supported. |
| `404` | Not Found. |
| `409` | Another object of the same type already exists. |
### GET /tenants/{tenant_id}
Fetches a tenant by ID.
#### Security
The endpoint supports the following authorization methods: `x-api-key`, `Basic Authentication`, `OAuth 2.0`
For OAuth2 authorization method, one of the following scopes is required by the endpoint:
* `urn:acronis.com::account-server::tenant_viewer`
#### Request parameters
##### Query parameters
| Name | Description |
|------|-------------|
| `embed_path` | (Optional) If true, tenant path will be embedded in the result.
**Type**: Boolean |
| `allow_deleted` | (Optional) If true, deleted tenant may be returned.
**Type**: Boolean |
#### Responses
| Code | Description |
|------|-------------|
| `200` | The request was successful. |
| `401` | Method required an authenticated user. |
| `403` | Current user is not authorized to access this endpoint or its method. |
| `404` | Not Found. |
### GET /tenants/{tenant_id}/offering_items
Fetches a list offering items with state and associated quotas.
#### Security
The endpoint supports the following authorization methods: `x-api-key`, `Basic Authentication`, `OAuth 2.0`
For OAuth2 authorization method, one of the following scopes is required by the endpoint:
* `urn:acronis.com::account-server::tenant_viewer`
#### Request parameters
##### Query parameters
| Name | Description |
|------|-------------|
| `for_ui` | (Optional) If true, the list of offering items will be returned in a form that is appropriate for the UI. Currently, offering items on a grace period will be filtered out.
**Type**: Boolean |
| `edition` | (Optional) A filter of the offering items by edition.
If "*" is provided, all editions will be returned.
Offering items without an edition are not filtered out in any case.
**Type**: String
**Default**: standard |
| `usage_names` | (Optional) A filter by comma-separated list of usage names.
**Type**: String |
| `available_only` | (Optional) If true, return only infrastructures and offering items available for the enablement according to internal business rules.
**Type**: String |
| `type` | (Optional) A filter by offering item type.
**Type**: String
**Allowed values**:
- `count`
- `feature`
- `infra` |
| `status` | (Optional) A filter by offering item status.
1 - active
0 - not active
**Type**: Integer
**Allowed values**:
- `0`
- `1` |
| `infra_uuid` | (Optional) A filter by infrastructure UUID.
**Type**: String
**Min length**: 36
**Max length**: 36
**Pattern**: `[0-9a-f]{8}-([0-9a-f]{4}-){3}[0-9a-f]{12}` |
| `include_secondary` | (Optional) If true, secondary offering items will be included in the response.
**Type**: Boolean |
#### Responses
| Code | Description |
|------|-------------|
| `200` | The request was successful. |
| `403` | Current user is not authorized to access this endpoint or its method. |
| `401` | Method required an authenticated user. |
| `409` | Another object of the same type already exists. |
| `400` | Bad request. |
| `426` | Server refuses to fulfill the request using the current protocol |
### PUT /tenants/{tenant_id}/offering_items
Sets the states and quotas of the offering items for specified applications of the tenant.
#### Security
The endpoint supports the following authorization methods: `x-api-key`, `Basic Authentication`, `OAuth 2.0`
For OAuth2 authorization method, one of the following scopes is required by the endpoint:
* `urn:acronis.com::account-server::tenant_admin`
#### Request parameters
##### Request body
**Media type**: application/json
**Schema definition**:
| Name | Description |
|------|-------------|
| `offering_items` | **Type**: Array of Object
**Array type description:**
**Type**: Object |
| `check_usage` | If true, check whether offering items being turned off have no usage.
**Type**: Boolean |
**Example**:
```json
{
"offering_items": [
{
"application_id": "a9fd8016-0e00-4ade-949e-6efe8672dac0",
"name": "vms",
"status": 1,
"quota": {
"value": 10,
"overage": 10,
"version": 1486479690324
}
},
{
"application_id": "a9fd8016-0e00-4ade-949e-6efe8672dac0",
"name": "workstations",
"status": 0
},
{
"name": "storage",
"quota": {
"value": 10000,
"overage": 100000,
"version": 1486479690324
},
"status": 1,
"infra_id": "4a2cbe2d-b7ab-4b17-9cba-10c7eb55de01",
"application_id": "a9fd8016-0e00-4ade-949e-6efe8672dac0"
},
{
"name": "fc_storage",
"quota": {
"value": 100000,
"overage": 100000,
"version": 1486479690324
},
"status": 1,
"infra_id": "4fff10c4-1378-4bfc-877d-b66a0f8805ed",
"application_id": "71739a04-177f-4603-84ad-54a326ba76e4"
},
{
"application_id": "71739a04-177f-4603-84ad-54a326ba76e4",
"name": "fc_seats",
"status": 1
}
],
"check_usage": true
}
```
#### Responses
| Code | Description |
|------|-------------|
| `200` | Offering Items states were successfully set. |
| `400` | Offering items states were not successfully set. |
| `401` | Method required an authenticated user. |
| `403` | Current user is not authorized to access this endpoint or its method. |
| `404` | Not Found. |
| `409` | Another object of the same type already exists. |
### GET /tenants/{tenant_id}/offering_items/available_for_child
Fetches available offering items for a hypothetical child tenant with provided parameters.
#### Security
The endpoint supports the following authorization methods: `x-api-key`, `Basic Authentication`, `OAuth 2.0`
For OAuth2 authorization method, one of the following scopes is required by the endpoint:
* `urn:acronis.com::account-server::tenant_viewer`
#### Request parameters
##### Query parameters
| Name | Description |
|------|-------------|
| `kind` | (Optional) A kind of hypothetical child tenant for which available offering items will be returned.
**Type**: String |
| `edition` | (Optional) A filter of the offering items by edition.
If "*" is provided, all editions will be returned.
Offering items without an edition are not filtered out in any case.
**Type**: String
**Default**: standard |
#### Responses
| Code | Description |
|------|-------------|
| `200` | The request was successful. |
| `403` | Current user is not authorized to access this endpoint or its method. |
| `401` | Method required an authenticated user. |
| `400` | Bad request. |
### GET /tenants/{tenant_id}/offering_items/pricing
Fetches a list of prices of the offering items for the tenant.
#### Security
The endpoint supports the following authorization methods: `x-api-key`, `Basic Authentication`, `OAuth 2.0`
For OAuth2 authorization method, one of the following scopes is required by the endpoint:
* `urn:acronis.com::account-server::tenant_viewer`
#### Request parameters
#### Responses
| Code | Description |
|------|-------------|
| `200` | The request was successful. |
| `401` | Method required an authenticated user. |
| `403` | Current user is not authorized to access this endpoint or its method. |
| `404` | Not Found. |
### PUT /tenants/{tenant_id}/offering_items/pricing
Updates the prices of the offering items for the tenant.
#### Security
The endpoint supports the following authorization methods: `x-api-key`, `Basic Authentication`, `OAuth 2.0`
For OAuth2 authorization method, one of the following scopes is required by the endpoint:
* `urn:acronis.com::account-server::tenant_admin`
#### Request parameters
##### Request body
**Media type**: application/json
**Schema definition**:
| Name | Description |
|------|-------------|
| `items` | **Type**: Array of Object
**Array type description:**
**Type**: Object |
**Example**:
```json
{
"items": [
{
"name": "storage",
"price": "0.05",
"version": 1497533157730,
"infra_id": "05348371-d95e-4cab-af2a-8e2cadafc30d",
"application_id": "b037d1f6-25cf-4a9c-98f1-d3e41c100948"
},
{
"application_id": "b037d1f6-25cf-4a9c-98f1-d3e41c100948",
"name": "servers",
"price": "600",
"version": 1497533157730
},
{
"application_id": "b037d1f6-25cf-4a9c-98f1-d3e41c100948",
"name": "vms",
"price": "0",
"version": 1497533157730
}
]
}
```
#### Responses
| Code | Description |
|------|-------------|
| `200` | Prices were successfully updated. |
| `401` | Method required an authenticated user. |
| `403` | Current user is not authorized to access this endpoint or its method. |
| `404` | Not Found. |
### GET /tenants/{tenant_id}/edition
Performs edition switching check for the tenant.
#### Security
The endpoint supports the following authorization methods: `x-api-key`, `Basic Authentication`, `OAuth 2.0`
For OAuth2 authorization method, one of the following scopes is required by the endpoint:
* `urn:acronis.com::account-server::tenant_admin`
#### Request parameters
##### Query parameters
| Name | Description |
|------|-------------|
| `target_edition` | (Required) A target edition to switch to.
**Type**: String |
| `application_id` | (Required) Application UUID.
**Type**: String |
#### Responses
| Code | Description |
|------|-------------|
| `200` | Edition switch can be performed. |
| `400` | Edition switch cannot be performed due to unavailable offering items.
List of these offering items will be returned in `error.context`. |
| `401` | Method required an authenticated user. |
| `403` | Current user is not authorized to access this endpoint or its method. |
| `404` | Not Found. |
### PUT /tenants/{tenant_id}/edition
Switches the edition for the tenant.
#### Security
The endpoint supports the following authorization methods: `x-api-key`, `Basic Authentication`, `OAuth 2.0`
For OAuth2 authorization method, one of the following scopes is required by the endpoint:
* `urn:acronis.com::account-server::tenant_admin`
#### Request parameters
##### Request body
**Media type**: application/json
**Schema definition**:
| Name | Description |
|------|-------------|
| `target_edition` | Target edition to switch to.
**Type**: String |
| `application_id` | **Type**: String
**Min length**: 36
**Max length**: 36
**Pattern**: `[0-9a-f]{8}-([0-9a-f]{4}-){3}[0-9a-f]{12}` |
**Example**:
```json
{
"target_edition": "disaster_recovery",
"application_id": "c6ab7fb4-b461-4214-9257-86fbad8efb85"
}
```
#### Responses
| Code | Description |
|------|-------------|
| `200` | Edition was successfully switched. |
| `400` | Edition was not switched due to unavailable offering items.
List of these offering items will be returned in `error.context`. |
| `401` | Method required an authenticated user. |
| `403` | Current user is not authorized to access this endpoint or its method. |
| `404` | Not Found. |
### POST /tenants/{tenant_id}/registration_tokens
Creates registration token for the tenant.
#### Security
The endpoint supports the following authorization methods: `x-api-key`, `Basic Authentication`, `OAuth 2.0`
For OAuth2 authorization method, one of the following scopes is required by the endpoint:
* `urn:acronis.com::account-server::oauth2_client_admin`
#### Request parameters
##### Request body
**Media type**: application/json
**Schema definition**:
| Name | Description |
|------|-------------|
| `expires_in` | Token expiration time in seconds. Should be less than or equal to one year.
**Type**: Integer |
| `scopes` | Access scopes that are applied to the registered resource. The following access scope patterns are available:
- `urn:acronis.com:tenant-id:{personal_tenant_id}:backup_agent_admin` - binds the resource to the user by personal tenant ID specified in `{personal_tenant_id}`.
- `urn:acronis.com::policy_management:{tenant_id}|{policy_id}:apply_revoke` - applies a protection plan to a resource by policy ID specified in `{policy_id}` from a resource owner tenant specified in `{tenant_id}`.
**Type**: Array of String
**Array type description:**
**Type**: String |
**Example**:
```json
{
"expires_in": 3600,
"scopes": [
"urn:acronis.com:tenant-id:734fe814-748a-41cb-8a94-60e18fb3c442:backup_agent_admin",
"urn:acronis.com::policy_management:20435cc8-0b12-4b57-94c7-33afb28f0f34|10858a46-db9b-4725-aa60-fff6252841fd:apply_revoke"
]
}
```
#### Responses
| Code | Description |
|------|-------------|
| `200` | Registration token was successfully created. |
| `403` | Current user is not authorized to access this endpoint or its method. |
| `401` | Method required an authenticated user. |
| `415` | Requested type in the `Accept` request header is not supported. |
### GET /tenants/{tenant_id}/applications
Fetches a list of applications available to the tenant.
#### Security
The endpoint supports the following authorization methods: `x-api-key`, `Basic Authentication`, `OAuth 2.0`
For OAuth2 authorization method, one of the following scopes is required by the endpoint:
* `urn:acronis.com::account-server::tenant_viewer`
#### Request parameters
##### Query parameters
| Name | Description |
|------|-------------|
| `for_ui` | (Optional) If true, the list of applications will be returned in a form that is appropriate for the UI.
Currently, applications on a grace period will be filtered out.
**Type**: Boolean |
#### Responses
| Code | Description |
|------|-------------|
| `401` | Method required an authenticated user. |
| `403` | Current user is not authorized to access this endpoint or its method. |
| `404` | Not Found. |
| `200` | The request was successful. |
### GET /tenants/{tenant_id}/users
Fetches a list of UUIDs of the tenant's users.
#### Security
The endpoint supports the following authorization methods: `x-api-key`, `Basic Authentication`, `OAuth 2.0`
For OAuth2 authorization method, one of the following scopes is required by the endpoint:
* `urn:acronis.com::account-server::tenant_viewer`
#### Request parameters
##### Query parameters
| Name | Description |
|------|-------------|
| `include_grand_children` | (Optional) If true for a customer tenant, the UUIDs of the users from all nested unit tenants will be included in the response.
If true for a non customer tenant, the UUIDs of the users from all nested folder tenants will be included in the response.
**Type**: Boolean
**Default**: false |
| `include_hidden` | (Optional) If true, hidden users may be included in the response.
**Type**: Boolean
**Default**: false |
| `order` | (Optional) Orders the result by one of parameters: `as_is`, `login`, `status`, `name`, `roles`, `level`, `usage`, `mfa_status`, `contact_types`.
Reverse order can be performed using the `-` operator before the parameter.
To order by `usage`, the usage name should be specified after a dot, e.g. `usage.workstations`.
For storage-dependent usages, the storage UUID is not required.
Default value is `name` - order by first name and last name or login if names were not provided.
**Type**: String
**Default**: name |
| `allow_deleted` | (Optional) If true, deleted users may be returned.
**Type**: Boolean |
#### Responses
| Code | Description |
|------|-------------|
| `401` | Method required an authenticated user. |
| `403` | Current user is not authorized to access this endpoint or its method. |
| `404` | Not Found. |
| `200` | The request was successful. |
### GET /tenants/{tenant_id}/children
Fetches a list of UUIDs of the tenant's children.
#### Security
The endpoint supports the following authorization methods: `x-api-key`, `Basic Authentication`, `OAuth 2.0`
For OAuth2 authorization method, one of the following scopes is required by the endpoint:
* `urn:acronis.com::account-server::tenant_viewer`
#### Request parameters
##### Query parameters
| Name | Description |
|------|-------------|
| `order` | (Optional) Orders the result by one of parameters: `as_is`, `name`, `status`, `usage`.
Reverse order can be performed using the `-` operator before the parameter.
For order by `usage`, the usage name should be specified after a dot, e.g. `usage.workstations`.
For storage-dependent usages, the storage UUID should be added after a dot, e.g. `usage.storage.c05d399b-ba6b-41e9-a638-cd7ffc7ec87a`.
**Type**: String
**Default**: name |
| `allow_deleted` | (Optional) If true, children may be returned.
**Type**: Boolean |
| `after` | (Optional) Cursor to fetch the next children page. The cursor encodes all the filtering and sorting arguments, thus client does not need to provide all them for the next page, only cursor should be provided. Client can get the cursor from `paging.cursors.after` field of the previous page response.
**Type**: String |
#### Responses
| Code | Description |
|------|-------------|
| `200` | The request was successful. |
| `401` | Method required an authenticated user. |
| `403` | Current user is not authorized to access this endpoint or its method. |
| `404` | Not Found. |
### GET /tenants/{tenant_id}/reports
Fetches a list of reports' UUIDs available to the tenant.
#### Security
The endpoint supports the following authorization methods: `OAuth 2.0`
For OAuth2 authorization method, one of the following scopes is required by the endpoint:
* `urn:acronis.com::account-server::root_admin`
* `urn:acronis.com::account-server::partner_admin`
* `urn:acronis.com::account-server::company_admin`
* `urn:acronis.com::account-server::unit_admin`
* `urn:acronis.com::account-server::readonly_admin`
#### Request parameters
#### Responses
| Code | Description |
|------|-------------|
| `401` | Method required an authenticated user. |
| `403` | Current user is not authorized to access this endpoint or its method. |
| `404` | Not Found. |
| `200` | The request was successful. |
### GET /tenants/{tenant_id}/locations
Fetches a list of infrastructure locations owned by the tenant.
#### Security
The endpoint supports the following authorization methods: `x-api-key`, `Basic Authentication`, `OAuth 2.0`
For OAuth2 authorization method, one of the following scopes is required by the endpoint:
* `urn:acronis.com::account-server::tenant_viewer`
#### Request parameters
#### Responses
| Code | Description |
|------|-------------|
| `200` | The request was successful. |
| `401` | Method required an authenticated user. |
| `403` | Current user is not authorized to access this endpoint or its method. |
| `404` | Not Found. |
### GET /tenants/{tenant_id}/usages
Fetches a list of common usage metrics of the tenant.
#### Security
The endpoint supports the following authorization methods: `x-api-key`, `Basic Authentication`, `OAuth 2.0`
For OAuth2 authorization method, one of the following scopes is required by the endpoint:
* `urn:acronis.com::account-server::tenant_viewer`
#### Request parameters
##### Query parameters
| Name | Description |
|------|-------------|
| `usage_names` | (Optional) A filter by comma-separated list of usage names.
**Type**: String |
| `editions` | (Optional) A filter by comma-separated list of editions.
**Type**: String |
#### Responses
| Code | Description |
|------|-------------|
| `200` | The request was successful. |
| `403` | Current user is not authorized to access this endpoint or its method. |
| `401` | Method required an authenticated user. |
| `415` | Requested type in the `Accept` request header is not supported. |
### GET /tenants/{tenant_id}/pricing
Fetches pricing settings of the tenant.
#### Security
The endpoint supports the following authorization methods: `x-api-key`, `Basic Authentication`, `OAuth 2.0`
For OAuth2 authorization method, one of the following scopes is required by the endpoint:
* `urn:acronis.com::account-server::tenant_viewer`
#### Request parameters
#### Responses
| Code | Description |
|------|-------------|
| `200` | The request was successful. |
| `401` | Method required an authenticated user. |
| `403` | Current user is not authorized to access this endpoint or its method. |
| `404` | Not Found. |
### PUT /tenants/{tenant_id}/pricing
Updates pricing settings of the tenant.
#### Security
The endpoint supports the following authorization methods: `x-api-key`, `Basic Authentication`, `OAuth 2.0`
For OAuth2 authorization method, one of the following scopes is required by the endpoint:
* `urn:acronis.com::account-server::tenant_admin`
#### Request parameters
##### Request body
**Media type**: application/json
**Schema definition**:
| Name | Description |
|------|-------------|
| `mode` | Mode of tenant's pricing.
**Type**: String
**Allowed values**:
- `trial`
- `production`
- `suspended` |
| `currency` | Currency of all offering item prices for this tenant. This field can have a null value.
**Type**: any |
| `version` | Auto-incremented entity version.
**Type**: Integer |
**Example**:
```json
{
"version": 1497533157730,
"mode": "production",
"currency": "USD"
}
```
#### Responses
| Code | Description |
|------|-------------|
| `200` | Pricing settings was successfully updated. |
| `401` | Method required an authenticated user. |
| `403` | Current user is not authorized to access this endpoint or its method. |
| `404` | Not Found. |
### DELETE /tenants/{tenant_id}/brand
Disables custom branding for the tenant.
#### Security
The endpoint supports the following authorization methods: `x-api-key`, `Basic Authentication`, `OAuth 2.0`
For OAuth2 authorization method, one of the following scopes is required by the endpoint:
* `urn:acronis.com::account-server::root_admin`
* `urn:acronis.com::account-server::partner_admin`
#### Request parameters
##### Query parameters
| Name | Description |
|------|-------------|
| `version` | (Required) Growing number of object internal version.
**Type**: Integer |
#### Responses
| Code | Description |
|------|-------------|
| `204` | Custom branding has been disabled. |
| `400` | Bad request. |
| `409` | Another object of the same type already exists. |
### GET /tenants/{tenant_id}/brand
Fetches branding options of the tenant.
#### Security
The endpoint supports the following authorization methods: `x-api-key`, `Basic Authentication`, `OAuth 2.0`
For OAuth2 authorization method, one of the following scopes is required by the endpoint:
* `urn:acronis.com::account-server::tenant_viewer`
#### Request parameters
##### Query parameters
| Name | Description |
|------|-------------|
| `effective` | (Optional) If true, parent tenant's brand will be returned
**Type**: Integer
**Default**: 0 |
#### Responses
| Code | Description |
|------|-------------|
| `200` | The request was successful. |
### POST /tenants/{tenant_id}/brand
Enables custom branding options for the tenant.
This operation cannot be performed on customer and unit tenants.
#### Security
The endpoint supports the following authorization methods: `x-api-key`, `Basic Authentication`, `OAuth 2.0`
For OAuth2 authorization method, one of the following scopes is required by the endpoint:
* `urn:acronis.com::account-server::root_admin`
* `urn:acronis.com::account-server::partner_admin`
#### Request parameters
##### Query parameters
| Name | Description |
|------|-------------|
| `version` | (Required) Growing number of object internal version.
**Type**: Integer |
#### Responses
| Code | Description |
|------|-------------|
| `201` | Custom branding has been enabled. |
| `400` | Bad request. |
| `409` | Another object of the same type already exists. |
### PUT /tenants/{tenant_id}/brand
Modifies custom branding options.
#### Security
The endpoint supports the following authorization methods: `x-api-key`, `Basic Authentication`, `OAuth 2.0`
For OAuth2 authorization method, one of the following scopes is required by the endpoint:
* `urn:acronis.com::account-server::root_admin`
* `urn:acronis.com::account-server::partner_admin`
#### Request parameters
##### Query parameters
| Name | Description |
|------|-------------|
| `version` | (Required) Growing number of object internal version.
**Type**: Integer |
##### Request body
**Media type**: application/json
**Schema definition**:
| Name | Description |
|------|-------------|
**Example**:
```json
{
"smtp_encryption": "TLS",
"mobile_app_android_download_url": "www.mobile.com/download",
"smtp_user": "smtpuser",
"reg_server_url": "https://rs.custom-cloud.acronis.com",
"platform_terms_url": "terms.acronis.com",
"owns_custom_legal_docs": false,
"company_name": "mycompany",
"smtp_port": 465,
"upsell_url": "www.partner.com/buy",
"smtp_server": "smtp.mycompany.com",
"privacy_policy_url": "https://www.acronis.com/company/privacy.html",
"user_guide_url": "guide.acronis.com",
"color": "FFFFFF",
"service_name": "myservice",
"help_url": "help.acronis.com",
"knowledgebase_url": "kb.acronis.com/errorcode/",
"logotype": "2f8ad2e2-28f2-11e7-aad1-5ffe2ad47151",
"home_url": "www.baas.com",
"color_scheme": "default",
"smtp_reply_address": "noreply@mycompany.com",
"support_phone": "+1 1111 1111111",
"white_labeled_agent": false,
"support_url": "support.acronis.com",
"agent_gateway_url": "https://agents.custom-cloud.acronis.com",
"smtp_password": "**********",
"mobile_app_ios_download_url": "www.mobile.com/download",
"terms_url": "terms.acronis.com",
"account_server_url": "mc-cloud.acronis.com",
"smtp_override": 1,
"router_url": "cloud.acronis.com"
}
```
#### Responses
| Code | Description |
|------|-------------|
| `200` | Custom branding has been updated. |
| `400` | Bad request. |
| `415` | Requested type in the `Accept` request header is not supported. |
| `409` | Another object of the same type already exists. |
### POST /tenants/{tenant_id}/brand/logo
Uploads a new tenant's brand logo.
#### Security
The endpoint supports the following authorization methods: `x-api-key`, `Basic Authentication`, `OAuth 2.0`
For OAuth2 authorization method, one of the following scopes is required by the endpoint:
* `urn:acronis.com::account-server::root_admin`
* `urn:acronis.com::account-server::partner_admin`
#### Request parameters
##### Headers
| Name | Description |
|------|-------------|
| `Content-Length` | (Required) **Type**: Integer |
##### Query parameters
| Name | Description |
|------|-------------|
| `version` | (Required) Growing number of object internal version.
**Type**: Integer |
##### Request body
**Media type**: image/png
**Schema definition**:
| Name | Description |
|------|-------------|
| `schema` | **Type**: any |
**Example**:
```
[object Object]
```
#### Responses
| Code | Description |
|------|-------------|
| `201` | - |
| `400` | Bad request. |
### PUT /tenants/{tenant_id}/mfa/status
Toggles MFA status for the tenant.
This operation cannot be performed on folder and unit tenants.
#### Security
The endpoint supports the following authorization methods: `x-api-key`, `Basic Authentication`, `OAuth 2.0`
For OAuth2 authorization method, one of the following scopes is required by the endpoint:
* `urn:acronis.com::account-server::root_admin`
* `urn:acronis.com::account-server::partner_admin`
* `urn:acronis.com::account-server::company_admin`
#### Request parameters
##### Request body
**Media type**: application/json
**Schema definition**:
| Name | Description |
|------|-------------|
| `enabled` | Status of MFA for tenant.
**Type**: Boolean |
**Example**:
```json
{
"enabled": true
}
```
#### Responses
| Code | Description |
|------|-------------|
| `200` | MFA status was successfully changed. |
| `401` | Method required an authenticated user. |
| `403` | Current user is not authorized to access this endpoint or its method. |
| `404` | Not Found. |
| `400` | Bad request. |
### GET /tenants/{tenant_id}/mfa/status
Provides MFA status for tenant and progress of TOTP enablement by users.
#### Security
The endpoint supports the following authorization methods: `x-api-key`, `Basic Authentication`, `OAuth 2.0`
For OAuth2 authorization method, one of the following scopes is required by the endpoint:
* `urn:acronis.com::account-server::tenant_viewer`
#### Request parameters
#### Responses
| Code | Description |
|------|-------------|
| `200` | The request was successful. |
| `401` | Method required an authenticated user. |
| `403` | Current user is not authorized to access this endpoint or its method. |
| `404` | Not Found. |
### PUT /tenants/{tenant_id}/default_idp
Updates Tenant default_idp_id.
#### Security
The endpoint supports the following authorization methods: `x-api-key`, `Basic Authentication`, `OAuth 2.0`
For OAuth2 authorization method, one of the following scopes is required by the endpoint:
* `urn:acronis.com::account-server::tenant_admin`
#### Request parameters
##### Request body
**Media type**: application/json
**Schema definition**:
| Name | Description |
|------|-------------|
| `version` | Tenant`s version.
**Type**: Integer |
| `idp_id` | **Type**: String
**Min length**: 36
**Max length**: 36
**Pattern**: `[0-9a-f]{8}-([0-9a-f]{4}-){3}[0-9a-f]{12}` |
| `apply_to_children` | If True - new default identity provider ID will be set to tenant's children as well
**Type**: Boolean |
**Example**:
```json
{
"version": 1,
"idp_id": "c4878582-6e14-451e-9bda-3ff899b3f700",
"apply_to_children": true
}
```
#### Responses
| Code | Description |
|------|-------------|
| `200` | Tenant default_idp_id successfully updated |
| `401` | Method required an authenticated user. |
| `403` | Current user is not authorized to access this endpoint or its method. |
| `404` | Not Found. |
| `409` | Another object of the same type already exists. |
### POST /tenants/{tenant_id}/restore
Restores previously soft deleted tenant.
#### Security
The endpoint supports the following authorization methods: `x-api-key`, `Basic Authentication`, `OAuth 2.0`
For OAuth2 authorization method, one of the following scopes is required by the endpoint:
* `urn:acronis.com::account-server::tenant_admin`
#### Request parameters
##### Query parameters
| Name | Description |
|------|-------------|
| `force` | (Optional) Defines if tenant should be restored in in case of a conflict with another tenant or user who has taken the same name or login. In such a case restored tenant will have postfix added.
**Type**: Boolean |
#### Responses
| Code | Description |
|------|-------------|
| `204` | Tenant was successfully restored. |
| `401` | Method required an authenticated user. |
| `403` | Current user is not authorized to access this endpoint or its method. |
| `404` | Not Found. |
| `409` | Another object of the same type already exists. |
### GET /users
Fetches a batch of users.
Available in cloud version only.
#### Security
The endpoint supports the following authorization methods: `x-api-key`, `Basic Authentication`, `OAuth 2.0`
For OAuth2 authorization method, one of the following scopes is required by the endpoint:
* `urn:acronis.com::account-server::tenant_viewer`
#### Request parameters
##### Query parameters
| Name | Description |
|------|-------------|
| `uuids` | (Optional) A filter by comma-separated list of users' UUIDs. Maximum of 100 UUIDs.
Is mutually exclusive with `subtree_root_tenant_id`, `external_ids` and `tenant_id`.
**Type**: String
**Min length**: 36
**Pattern**: `[0-9a-f]{8}-([0-9a-f]{4}-){3}[0-9a-f]{12}(,[0-9a-f]{8}-([0-9a-f]{4}-){3}[0-9a-f]{12})*` |
| `origin_id` | (Optional) A filter by specific origin ID
**Type**: String |
| `external_ids` | (Optional) A filter by comma-separated list of users' UUIDs in the external Identity Provider. Maximum of 100 UUIDs.
Is mutually exclusive with `subtree_root_tenant_id` and `uuids`.
**Type**: String |
| `tenant_id` | (Optional) A filter by specific tenant ID. Required when searching the users by `external_id`. Not used otherwise.
**Type**: String
**Min length**: 36
**Max length**: 36
**Pattern**: `[0-9a-f]{8}-([0-9a-f]{4}-){3}[0-9a-f]{12}` |
| `subtree_root_tenant_id` | (Optional) A filter by tenants tree starting from the specified tenant ID. Is mutually exclusive with `uuids` and `tenant_id`.
**Type**: String
**Min length**: 36
**Max length**: 36
**Pattern**: `[0-9a-f]{8}-([0-9a-f]{4}-){3}[0-9a-f]{12}` |
| `updated_since` | (Optional) A filter by users that were updated after the specified RFC3339 timestamp in UTC time zone.
**Type**: DateTime |
| `limit` | (Optional) Number of elements in current users page of the response.
**Type**: Integer
**Minimum**: 1
**Default**: 2000 |
| `after` | (Optional) Cursor to fetch the next users page. The cursor encodes all the filtering and sorting arguments, thus client does not need to provide all them for the next page, only cursor should be provided. Client can get the cursor from `paging.cursors.after` field of the previous page response.
**Type**: String |
| `lod` | (Optional) A predefined level of details for the user object to return.
The following levels of details can be specified:
- `stamps` - includes `id`, `version`, `tenant_id`, `created_at`, `updated_at`, `deleted_at`, `access_policies`, `origin_id`, `origin_external_id`, `disable_after`.
- `basic` - includes all stamps fields plus `personal_tenant_id`, `login`, `enabled`, `session_mfa_status`, `delivery_channel`.
- `full` - includes all basic fields plus `contact`, `activated`, `language`, `business_types`, `notifications`, `idp_id`, `external_id`, `mfa_status`, `external_operation_status`.
**Type**: String
**Allowed values**:
- `stamps`
- `basic`
- `full`
**Default**: full |
| `with_access_policies` | (Optional) If true, all users' access policies will be returned in the response.
**Type**: Boolean |
| `allow_deleted` | (Optional) If true, deleted users may be returned.
**Type**: Boolean |
| `inside_organization` | (Optional) If true, only users that belong to the same organization will be returned. It requires 'subtree_root_tenant_id' to be specified.
**Type**: Boolean |
| `access_policies` | (Optional) Users in access policies will be returned. It accepts a comma-separated list. It requires 'inside_organization' to be set.
**Type**: String |
| `tenant_kinds` | (Optional) Users in tenant kinds will be returned. It accepts a comma-separated list. It requires 'inside_organization' to be set.
**Type**: String |
| `target_tenant_id` | (Optional) Users within range starting from 'subtree_root_tenant_id' to the 'target_tenant_id' will be returned. It requires 'inside_organization' to be set.
**Type**: String |
#### Responses
| Code | Description |
|------|-------------|
| `200` | The request was successful. |
| `400` | Bad request. |
| `403` | Current user is not authorized to access this endpoint or its method. |
| `401` | Method required an authenticated user. |
| `404` | Not Found. |
### POST /users
Creates a new user.
If the user is created in a customer tenant and below - a personal tenant will be created and attached to it.
#### Security
The endpoint supports the following authorization methods: `x-api-key`, `Basic Authentication`, `OAuth 2.0`
For OAuth2 authorization method, one of the following scopes is required by the endpoint:
* `urn:acronis.com::account-server::tenant_admin`
#### Request parameters
##### Request body
**Media type**: application/json
**Schema definition**:
| Name | Description |
|------|-------------|
| `tenant_id` | ID of tenant this user belongs to.
**Type**: String |
| `login` | User's login.
**Type**: String |
| `external_id` | User's ID in external identity provider (e.g. SID in AD).
**Type**: String |
| `idp_id` | **Type**: String
**Min length**: 36
**Max length**: 36
**Pattern**: `[0-9a-f]{8}-([0-9a-f]{4}-){3}[0-9a-f]{12}` |
| `contact` | **Type**: Object |
| `enabled` | Flag, indicates whether the user is enabled or disabled.
**Type**: Boolean |
| `language` | Preferred locale.
**Type**: String |
| `business_types` | Business types.
**Type**: Array of String
**Array type description:**
**Type**: String
**Allowed values**:
- `buyer` |
| `notifications` | User notifications.
**Type**: Array of String
**Array type description:**
**Type**: String
**Allowed values**:
- `maintenance`
- `quota`
- `reports`
- `backup_error`
- `backup_warning`
- `backup_info`
- `backup_daily_report`
- `backup_critical`
- `device_control_warning`
- `certificate_management_error`
- `certificate_management_warning`
- `certificate_management_info` |
| `use_existing_identity` | Use existing identity (user with same login already exists).
**Type**: Boolean |
| `origin_id` | User's origin ID, for example, ID of a Cyber Application responsible for creating this user.
**Type**: String |
| `origin_external_id` | User's external origin ID.
**Type**: String |
| `disable_after` | RFC3339 Formatted date.
**Type**: String
**Min length**: 19
**Max length**: 32
**Pattern**: `\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}(\.\d+)?([\+\-]\d{2}\:\d{2})?` |
**Example**:
```json
{
"disable_after": "2017-06-22T18:25:16",
"tenant_id": "0ef03214-6e47-4e50-87f2-a5955ba6095c",
"enabled": true,
"contact": {
"city": "Rivertown",
"zipcode": "12345",
"email": "me@mysite.com",
"state": "CA",
"firstname": "John",
"country": "USA",
"address2": "",
"lastname": "Doe",
"address1": "1440 River Drive #100",
"phone": "123456789"
},
"origin_id": "pillr.mdr",
"language": "ru",
"origin_external_id": "c66b1af2-2ac5-4764-8db6-97b054e7d27e",
"business_types": [
"buyer"
],
"login": "mylogin",
"notifications": [
"maintenance",
"quota",
"reports",
"backup_error",
"backup_warning",
"backup_info",
"backup_daily_report",
"backup_critical",
"device_control_warning",
"certificate_management_error",
"certificate_management_warning",
"certificate_management_info"
]
}
```
#### Responses
| Code | Description |
|------|-------------|
| `200` | User was successfully created. |
| `401` | Method required an authenticated user. |
| `403` | Current user is not authorized to access this endpoint or its method. |
| `415` | Requested type in the `Accept` request header is not supported. |
### GET /users/check_login
Checks whether the login name (username) is available or already taken.
#### Security
The endpoint supports the following authorization methods: `x-api-key`, `Basic Authentication`, `OAuth 2.0`
For OAuth2 authorization method, one of the following scopes is required by the endpoint:
* `urn:acronis.com::account-server::tenant_viewer`
#### Request parameters
##### Query parameters
| Name | Description |
|------|-------------|
| `username` | (Required) A login name to check.
**Type**: String |
#### Responses
| Code | Description |
|------|-------------|
| `204` | Login name is available. |
| `401` | Method required an authenticated user. |
| `406` | Provided arguments are not acceptable. |
| `409` | Another object of the same type already exists. |
### POST /users/check_password
Checks whether a password was previously exposed in data breaches.
#### Security
The endpoint does not require authorization.
#### Request parameters
##### Request body
**Media type**: application/json
**Schema definition**:
| Name | Description |
|------|-------------|
| `password` | Password (SHA-1 hash) to check.
**Type**: String |
**Example**:
```json
{
"password": "970C2D1A9869F18291D85BC389B33F0739496DE9"
}
```
#### Responses
| Code | Description |
|------|-------------|
| `200` | The request was successful. |
| `400` | Bad request. |
| `415` | Requested type in the `Accept` request header is not supported. |
### GET /users/me
Fetches information about the currently authenticated user.
#### Security
The endpoint supports the following authorization methods: `x-api-key`, `Basic Authentication`, `OAuth 2.0`
For OAuth2 authorization method, one of the following scopes is required by the endpoint:
* `urn:acronis.com::account-server::tenant_viewer`
#### Request parameters
#### Responses
| Code | Description |
|------|-------------|
| `200` | The request was successful. |
| `401` | Method required an authenticated user. |
### DELETE /users/{user_id}
Deletes a user by ID.
#### Security
The endpoint supports the following authorization methods: `x-api-key`, `Basic Authentication`, `OAuth 2.0`
For OAuth2 authorization method, one of the following scopes is required by the endpoint:
* `urn:acronis.com::account-server::tenant_admin`
#### Request parameters
##### Query parameters
| Name | Description |
|------|-------------|
| `version` | (Required) Growing number of object internal version.
**Type**: Integer |
#### Responses
| Code | Description |
|------|-------------|
| `204` | User was successfully deleted. |
| `401` | Method required an authenticated user. |
| `403` | Current user is not authorized to access this endpoint or its method. |
| `404` | Not Found. |
### PUT /users/{user_id}
Updates a user by ID.
#### Security
The endpoint supports the following authorization methods: `x-api-key`, `Basic Authentication`, `OAuth 2.0`
For OAuth2 authorization method, one of the following scopes is required by the endpoint:
* `urn:acronis.com::account-server::tenant_admin`
#### Request parameters
##### Request body
**Media type**: application/json
**Schema definition**:
| Name | Description |
|------|-------------|
| `login` | User's login.
**Type**: String |
| `external_id` | User's ID in external identity provider (e.g. SID in AD).
**Type**: String |
| `idp_id` | **Type**: String
**Min length**: 36
**Max length**: 36
**Pattern**: `[0-9a-f]{8}-([0-9a-f]{4}-){3}[0-9a-f]{12}` |
| `contact` | **Type**: Object |
| `enabled` | Flag, indicates whether the user is enabled or disabled.
**Type**: Boolean |
| `language` | Preferred locale.
**Type**: String |
| `notifications` | User notifications.
**Type**: Array of String
**Array type description:**
**Type**: String
**Allowed values**:
- `maintenance`
- `quota`
- `reports`
- `backup_error`
- `backup_warning`
- `backup_info`
- `backup_daily_report`
- `backup_critical`
- `device_control_warning`
- `certificate_management_error`
- `certificate_management_warning`
- `certificate_management_info` |
| `version` | Auto-incremented entity version.
**Type**: Integer |
| `disable_after` | RFC3339 Formatted date.
**Type**: String
**Min length**: 19
**Max length**: 32
**Pattern**: `\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}(\.\d+)?([\+\-]\d{2}\:\d{2})?` |
**Example**:
```json
{
"contact": {
"firstname": "John"
},
"notifications": [],
"disable_after": "2017-06-22T18:25:16",
"version": 2
}
```
#### Responses
| Code | Description |
|------|-------------|
| `200` | User was successfully updated. |
| `401` | Method required an authenticated user. |
| `403` | Current user is not authorized to access this endpoint or its method. |
| `415` | Requested type in the `Accept` request header is not supported. |
| `404` | Not Found. |
| `409` | Another object of the same type already exists. |
### GET /users/{user_id}
Fetches a user by ID.
#### Security
The endpoint supports the following authorization methods: `x-api-key`, `Basic Authentication`, `OAuth 2.0`
For OAuth2 authorization method, one of the following scopes is required by the endpoint:
* `urn:acronis.com::account-server::tenant_viewer`
#### Request parameters
##### Query parameters
| Name | Description |
|------|-------------|
| `allow_deleted` | (Optional) If true, deleted users may be returned.
**Type**: Boolean
**Default**: false |
#### Responses
| Code | Description |
|------|-------------|
| `200` | The request was successful. |
| `401` | Method required an authenticated user. |
| `403` | Current user is not authorized to access this endpoint or its method. |
| `404` | Not Found. |
### GET /users/{user_id}/access_policies
Fetches a list of user's access policies.
#### Security
The endpoint supports the following authorization methods: `x-api-key`, `Basic Authentication`, `OAuth 2.0`
For OAuth2 authorization method, one of the following scopes is required by the endpoint:
* `urn:acronis.com::account-server::tenant_viewer`
#### Request parameters
##### Query parameters
| Name | Description |
|------|-------------|
| `includeUserGroupPolicies` | (Optional) If set true, security group policies will be included in response.
**Type**: Boolean |
#### Responses
| Code | Description |
|------|-------------|
| `200` | The request was successful. |
| `401` | Method required an authenticated user. |
| `403` | Current user is not authorized to access this endpoint or its method. |
| `404` | Not Found. |
### PUT /users/{user_id}/access_policies
Rewrites user's access policies.
#### Security
The endpoint supports the following authorization methods: `x-api-key`, `Basic Authentication`, `OAuth 2.0`
For OAuth2 authorization method, one of the following scopes is required by the endpoint:
* `urn:acronis.com::account-server::user_admin`
#### Request parameters
##### Request body
**Media type**: application/json
**Schema definition**:
| Name | Description |
|------|-------------|
| `paging` | **Type**: Object |
| `timestamp` | RFC3339 Formatted date.
**Type**: String
**Min length**: 19
**Max length**: 32
**Pattern**: `\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}(\.\d+)?([\+\-]\d{2}\:\d{2})?` |
| `items` | **Type**: Array of Object
**Array type description:**
**Type**: Object |
**Example**:
```json
{
"timestamp": "2016-06-22T18:25:16",
"items": [
{
"trustee_type": "user",
"trustee_id": "2a0402b8-3867-4578-8ebc-e874a2864e79",
"tenant_id": "b7028817-d180-44c1-ae3d-b99f4b3f844a",
"resource_namespace": "hci",
"resource_path": "res1",
"role_id": "hci_admin",
"resource_server_id": "53a2a450-8e4e-11e7-96dd-f45c89947331",
"version": 0,
"id": "00000000-0000-0000-0000-000000000005",
"created_at": "1970-01-01T00:00:00Z",
"updated_at": "2022-03-22T21:45:47Z",
"issuer_id": "b7028817-d180-44c1-ae3d-b99f4b3f844a",
"deleted_at": null
},
{
"trustee_type": "user",
"trustee_id": "2a0402b8-3867-4578-8ebc-e874a2864e79",
"tenant_id": "b7028817-d180-44c1-ae3d-b99f4b3f844a",
"resource_namespace": "notary",
"resource_path": "res4/res5",
"role_id": "notary_admin",
"resource_server_id": "53a2a450-8e4e-11e7-96dd-f45c89947331",
"version": 0,
"id": "00000000-0000-0000-0000-000000000004",
"created_at": "1970-01-01T00:00:00Z",
"updated_at": "2022-03-22T21:45:47Z",
"issuer_id": "b7028817-d180-44c1-ae3d-b99f4b3f844a",
"deleted_at": null
},
{
"trustee_type": "user",
"trustee_id": "2a0402b8-3867-4578-8ebc-e874a2864e79",
"tenant_id": "b7028817-d180-44c1-ae3d-b99f4b3f844a",
"resource_namespace": "physical_data_shipping",
"resource_path": "res4/res5",
"role_id": "pds_operator",
"resource_server_id": "53a2a450-8e4e-11e7-96dd-f45c89947331",
"version": 0,
"id": "00000000-0000-0000-0000-000000000002",
"created_at": "1970-01-01T00:00:00Z",
"updated_at": "2022-03-22T21:45:47Z",
"issuer_id": "b7028817-d180-44c1-ae3d-b99f4b3f844a",
"deleted_at": null
},
{
"trustee_type": "user",
"trustee_id": "2a0402b8-3867-4578-8ebc-e874a2864e79",
"tenant_id": "b7028817-d180-44c1-ae3d-b99f4b3f844a",
"resource_namespace": "physical_data_shipping",
"resource_path": "res4/res5",
"role_id": "pds_support",
"resource_server_id": "53a2a450-8e4e-11e7-96dd-f45c89947331",
"version": 0,
"id": "00000000-0000-0000-0000-000000000003",
"created_at": "1970-01-01T00:00:00Z",
"updated_at": "2022-03-22T21:45:47Z",
"issuer_id": "b7028817-d180-44c1-ae3d-b99f4b3f844a",
"deleted_at": null
}
]
}
```
#### Responses
| Code | Description |
|------|-------------|
| `200` | The request was successful. |
| `401` | Method required an authenticated user. |
| `403` | Current user is not authorized to access this endpoint or its method. |
| `415` | Requested type in the `Accept` request header is not supported. |
| `409` | Another object of the same type already exists. |
### PUT /users/{user_id}/mfa/status
Manages MFA status for the user.
#### Security
The endpoint supports the following authorization methods: `x-api-key`, `Basic Authentication`, `OAuth 2.0`
For OAuth2 authorization method, one of the following scopes is required by the endpoint:
* `urn:acronis.com::account-server::tenant_admin`
#### Request parameters
##### Request body
**Media type**: application/json
**Schema definition**:
| Name | Description |
|------|-------------|
| `enabled` | Status of MFA for user.
**Type**: Boolean |
**Example**:
```json
{
"enabled": true
}
```
#### Responses
| Code | Description |
|------|-------------|
| `200` | MFA settings status was successfully changed. |
| `401` | Method required an authenticated user. |
| `403` | Current user is not authorized to access this endpoint or its method. |
| `404` | Not Found. |
| `400` | Bad request. |
### POST /users/{user_id}/password
This method can be accessed only by OAuth 2.0 / OpenID Connect client.
Sets user's password.
#### Security
The endpoint supports the following authorization methods: `x-api-key`, `Basic Authentication`, `OAuth 2.0`
For OAuth2 authorization method, one of the following scopes is required by the endpoint:
* `urn:acronis.com::account-server::user_admin`
#### Request parameters
##### Request body
**Media type**: application/json
**Schema definition**:
| Name | Description |
|------|-------------|
| `password` | Password.
**Type**: String |
**Example**:
```json
{
"password": "testSECRETpassword123"
}
```
#### Responses
| Code | Description |
|------|-------------|
| `204` | Password was successfully set. |
| `401` | Method required an authenticated user. |
| `403` | Current user is not authorized to access this endpoint or its method. |
| `404` | Not Found. |
### POST /users/{user_id}/restore
Restores previously soft-deleted user.
#### Security
The endpoint supports the following authorization methods: `x-api-key`, `Basic Authentication`, `OAuth 2.0`
For OAuth2 authorization method, one of the following scopes is required by the endpoint:
* `urn:acronis.com::account-server::tenant_admin`
#### Request parameters
##### Query parameters
| Name | Description |
|------|-------------|
| `force` | (Optional) Defines if the user should be restored in case of a conflict with another user who has taken the same login.
In such a case restored user will have a postfix added.
**Type**: Boolean |
| `enable` | (Optional) Defines if the user should be re-enabled.
**Type**: Boolean |
#### Responses
| Code | Description |
|------|-------------|
| `204` | User was successfully restored. |
| `401` | Method required an authenticated user. |
| `403` | Current user is not authorized to access this endpoint or its method. |
| `404` | Not Found. |
| `409` | Another object of the same type already exists. |