Search Results

User Management APIs

To manage large teams in TIBCO Cloud, you can use APIs to manage users in bulk. You can perform tasks such as inviting new users, removing users, and getting or updating their information.

Enabling Access to Bulk User Management APIs

Bulk user management enables you to invite multiple users at a time to join your organization by using REST APIs. By default, an email is sent to each invited user. It contains an activation link which allows to set up a password needed to access the account. These emails are not sent if Enterprise SSO has already been configured and enabled. To get access to the bulk user management APIs for your organization, contact the TIBCO Support team. For more information about contacting TIBCO Support, see Contacting Support.

Assuming you have obtained access to the bulk user management APIs for your organization, now an owner or any Team Administrator for the domain can execute the APIs as instructed in the following paragraphs.

All the API calls are secure; hence, you need to sign in to TIBCO Cloud and generate the Connected Intelligence Cloud access token. For more information, see OAuth Access Token Management.

Note: Use the Connected Intelligence Cloud access token in the respective regions to invite members to that region. The host names are as follows:

  • us-west-2 (Oregon): account.cloud.tibco.com
  • eu-west-1 (Ireland): eu.account.cloud.tibco.com
  • ap-southeast-2 (Sydney): au.account.cloud.tibco.com
  • westus2 (Washington): account.us.azure.cloud.tibco.com

API Schemas

The schemas used to invite, delete, and update users are as follows:

Invite Schema

To invite, you must specify the tenant ID of the domain to which you want to invite the user to join. For tenant IDs, see the Tenant IDs and Roles section.

You can specify one or more roles, if available, for every user as a comma-separated list. You can invite a maximum of 50 users in bulk.

{
	"tenantId": "string",
	"tenantUsersRolesInviteDetails": [{
		"firstName": "string",
		"lastName": "string",
		"company": "string",
		"state": "string",
		"country": "string",
		"phone": "string",
		"extendedUserAttributes": {
			"reportsTo": "string",
			"description": "string",
			"department": "string",
			"jobTitle": "string",
			"communicationEmail": "string"
		},
		"email": "string",
		"tenantRoleIds": [
			"string", "string"
		],
		"teamAdmin": false
	}]
}

Delete Schema

To remove users, you must specify the tenant ID of the domain from where you want to remove users. For tenant IDs, see the Tenant IDs and Roles section.

For every user, you can specify up to 50 emails as a comma separated string.

{
  "tenantId": "string",
  "emails": [
    "string"
  ]
}

Update User Schema

Only an authenticated user of the API who is also an owner of the organization can update the user details. The users being updated must belong to the organization owned by the caller of this API.

To update user details, you must provide the email of the user (must be the same as in TIBCO Cloud) and then specify the other details that need to be updated.

Only those fields that are passed as part of payload are updated. The fields that are not specified in the payload are retained.

You can update a maximum of 50 users at a time.

{
	"usersDetails": [{
		"email": "string",
		"firstName": "string",
		"lastName": "string",
		"company": "string",
		"country": "string",
		"phone": "string",
		"state": "string",
		"extendedUserAttributes": {
			"reportsTo": "string",
			"department": "string",
			"jobTitle": "string",
			"description": "string",
			"communicationEmail": "string"
		}
	}]
}

Tenant IDs and Roles

Nimbus

Tenant ID: NIMBUS

Roles Logical name Description
ACCOUNT_ADMIN Account-administrator Creates, edits, and manages custom group memberships for the user base. Also owns, creates, edits, and governs content and comments on it. Is a part of review, authorization, and other collaboration cycles.
AUTHOR Author Owns, creates, edits, and governs content. Comments on it too. Is also a part of review, authorization, and other collaboration cycles.
CONTRIBUTOR Contributor Owns, views, and comments on content. Is also a part of review, authorization, and other collaboration cycles.

Live Apps

Tenant ID: BPM

Roles Logical name Description
Administrator Live Apps administrator This is an elevated role that allows access to all functions except for team administrator
AllUsers Regular user Starts use cases in Live Apps
ApplicationDeveloper Developer Develops Live Apps applications

Integration

Tenant ID: TCI

Roles Logical name Description
ADM TCI administrator Has a complete control of all settings, including the management of all applications and team members.
USR Regular user Can create, modify, and delete applications owned by the user. Access to a number of security features is restricted.
RO Read-only user User who can only view apps or solutions.

AuditSafe

Tenant ID: TCTA

Roles Logical name Description
TADM Team Administrator Completely controls all settings, including the management of all applications, user roles, and team members.
ADM Administrator Moderates data and configures applications such as workflows, event validation, and detailed access rights.
USR User Views data, posts, and queries audit events.

Mashery

Tenant ID: MASHERY

Roles Logical name Description
ADMIN Mashery administrator Performs all tasks that can be done in the Mashery control center
APIMGR API manager Creates and manages APIs, packages, and plans
CIADMIN Call inspector administrator Manages and sets up call inspector
CIUSER Call inspector user Uses call inspector
CMMGR Community manager Manages the community
CTMGR Content manager Manages content of the portal
POMT Portal manager Manages the complete portal
PRMGT Program manager Manages API programs
REPMGT Reports user Views API usage reports
SUPMGR Support user View-only role
ORGUSR Organization user A user who can be used for DAPI

Events

Tenant ID: TCE

Roles Logical name Description
ADM Administrator Performs management tasks, administrator tasks on the operational sandbox, and all WebStudio operations. See the Users and Roles in TIBCO Cloud Events topic in the documentation for details.
DEV Developer Develops and manages own TCE applications and WebStudio operations based on project ownership. For more information, see Users and Roles in TIBCO Cloud Events WebStudio.

Messaging

Tenant ID: TCM

No roles needed

Spotfire

Tenant ID: SPOTFIRE

Roles Logical name Description
CLOUD_ANALYST Analyst Prepares dashboards and applications that can be used by self and other users.
CLOUD_BUSINESS_AUTHOR Business Author Visualizes and analyzes data to uncover information to be used by self.
CLOUD_CONSUMER Consumer Uses dashboards and applications to make data-informed decisions.

For more information about Roles in TIBCO Cloud Spotfire, see Roles in TIBCO Cloud Spotfire.

Using curl

You can use curl to perform the following tasks:

Note: When using curl, the API domains for different regions are as follows:

  • us-west-2 (Oregon): account.cloud.tibco.com
  • eu-west-1 (Ireland): eu.account.cloud.tibco.com
  • ap-southeast-2 (Sydney): au.account.cloud.tibco.com
  • westus2 (Washington): account.us.azure.cloud.tibco.com

Inviting Members

After you have the access token, you must pass it in the “Authorization” header as a Bearer token while invoking Invite Users API.

You can use this API to invite users (maximum 50 users per request) and update the roles of the existing members of the domain. After you invite a new or existing user to a domain, an email is sent from TIBCO to the user’s email address with instructions on how to sign in. Such emails are not sent if Enterprise SSO is already configured and enabled. Users always receive an email whenever their roles change.

curl -X PUT \
 "https://account.cloud.tibco.com/api/v1/members" \
 -H 'Content-Type: application/json' \
 -H 'Authorization: Bearer ' \
 -d '{
	"tenantId": "string",
	"tenantUsersRolesInviteDetails": [{
		"firstName": "string",
		"lastName": "string",
		"company": "string",
		"state": "string",
		"country": "string",
		"phone": "string",
		"extendedUserAttributes": {
			"reportsTo": "string",
			"description": "string",
			"department": "string",
			"jobTitle": "string",
			"communicationEmail": "string"
		},
		"email": "string",
		"tenantRoleIds": [
			"someRole", "maybeAnotherRole"
		],
		"teamAdmin": false
	}]
}'

Example: To add a user as an API manager in Mashery while also allowing the user to add team members, the JSON is as follows:

{
	"tenantId": "MASHERY",
	"tenantUsersRolesInviteDetails": [{
		"firstName": "Jane",
		"lastName": "Doe",
		"company": "Jane Doe Inc.",
		"state": "CA",
		"country": "US",
		"phone": "+1345678654",
		"extendedUserAttributes": {
			"reportsTo": "CEO",
			"description": "Executive VP",
			"department": "Sales",
			"jobTitle": "EVP",
			"communicationEmail": "jane@doe.com"
		},
		"email": "jane1@doe.com",
		"tenantRoleIds": [
			"APIMGR", "SUPMGR"
		],
		"teamAdmin": true
	}]
}

Removing Members

After you have the access token, you must pass it in the “Authorization” header as a Bearer token while invoking Remove Users API.

You can use this API to remove users from a domain or an organization (maximum 50 users per request) and remove users whose are in “invited” status and have not yet accepted the invitation to join the domain or the organization.

curl -X DELETE \
 "https://account.cloud.tibco.com/api/v1/members" \
 -H 'Content-Type: application/json' \
 -H 'Authorization: Bearer ' \
 -d '{
  "tenantId": "string",
  "emails": [
    "remove@example.com",
    "delete@example.com"
  ]
}'

Retrieving Member Details

After you have the access token, you must pass it in the “Authorization” header as a Bearer token while invoking Retrieve Users API.

You can use this API to retrieve member details from the domain teams. This is a paginated API and so you can specify the number of pages and records per page by using the page and the limit query parameters while retrieving the details. For tenant IDs, see the Tenant IDs and Roles section.

curl -X GET \
 "https://account.cloud.tibco.com/api/v1/members?tenant-id=<tenantId>&region=<region>" \
 -H 'Content-Type: application/json' \
 -H 'Authorization: Bearer '

Updating Member Details

After you have the access token, you must pass it in the “Authorization” header as a Bearer token while Update Users API.

You can use this API to update user details. Send only those fields which you want to update as a payload. Fields that are not part of the payload are retained. However, the email field is mandatory.

curl -X PUT \
 "https://account.cloud.tibco.com/api/v1/users" \
 -H 'Content-Type: application/json' \
 -H 'Authorization: Bearer ' \
 -d '{
	"usersDetails": [{
		"email": "jane1@doe.com",
		"firstName": "Jane",
		"lastName": "Doe",
		"company": "Jane Doe Inc.",
		"country": "US",
		"phone": "+1345678654",
		"state": "CA",
		"extendedUserAttributes": {
			"reportsTo": "CEO",
			"department": "Sales",
			"jobTitle": "EVP",
			"description": "Executive VP",
			"communicationEmail": "jane@doe.com"
		}
	}]
}'