inWebo API Documentation

Updated on 03/03/2017

Introduction

This document describes the list of Web Services forming inWebo API. The SOAP API is described by 2 WSDL files:

  • Authenticate.wsdl used for authentication requests
  • Provisioning.wsdl used for user management tasks

Access to inWebo API is 2-factor secured. Configuration is done in inWebo Administration Console:

  • Restrict authorized IP addresses allowed to submit SOAP requests
  • Implement SSL client certificate authentication

Some API methods are also proposed in REST format.

Warning: depending on the offer you subscribed to (Identity Guard, Safe Transactions, Enterprise), some functions will not be available.



Authentication with SOAP API

There are 2 possible authentication methods: authenticate and authenticateWithIP. The first one will just validate a login and an OTP. The second one will allow, for authentication with inWebo Helium only, to verify the source IP Address of the end-user.


Authenticate

authenticate(string login, string serviceId, string token)

Returns a string

authenticateResponse

This is an object with the following properties:

public string authenticateReturn;

This function allows validating a One-Time Password for a given login. The string returned is a code which can be “OK” (success) or “NOK:<cause>” (error).

'login' will be the login name

AuthenticateWithIp

authenticateWithIp(string userId, string serviceId, string token, string ip)

Returns:

authenticateWithIpResponse

This is an object with the following properties:

public string authenticateReturn;

AuthenticateWithIp provides an additional MITM detection for OTP generated by inWebo. The behavior of this function is as follows:

  • If the OTP is generated by inWebo Helium, inWebo server first compares the IP address with the one it knows, then verifies the OTP
  • If the OTP is generated inWebo Authenticator, inWebo server ignores the IP address

The string returned is a code which can be “OK” (success) or “NOK:<cause>” (error).



Authentication with REST API

authenticateExtended

URL:

https://api.myinwebo.com/FS?action=authenticateExtended + parameters

Mandatory parameters are:

&serviceId= <id of the service> //integer

&userId=<login name> //string

&token=<otp generated> //string

Optional parameters are:

&format=json //allows to get the API response in json format instead of XML format

Response:

By default, the API response is in XML format

The response contains the following information:

  • err : the authentication result (“OK” or “NOK:<cause>”)
  • name: name of the device that performed the authentication
  • alias: alias of the device that performed the authentication
  • version: version of the device that performed the authentication
  • platform: platform of the device (can be helium / windows / mac / android…)
  • type: type of the device - can be ma (mobile app) / ca (inWebo Helium) / mac (an application using maccess)

If the service ID sent in the URL does not reference a valid service ID, the value of “err” will be “NOK:srv unknown”.

If the login name sent in the URL does not match a valid service login name, the value of “err” will be “NOK:account unknown “.

Default response format in XML:

<authenticateExtended>
    <err></err>
    <name></name>
    <alias></alias>
    <version></version>
    <platform></platform>
    <type></type>
    <timestamp></timestamp>
</authenticateExtended>

Alternative response format in json:

{"timestamp":"",""platform":"","alias":"","name":"","err":"","type":"","version":""}


2-Step Multi-Factor Authentication using a Push request to a Smartphone

This method is used to add a security layer to an existing login / password authentication. From the user end, it is seen as the steps:

  1. Standard login / password authentication
  2. Then, mult-factor authentication (MFA) on the mobile, woken up by a Push notification

To achieve this, inWebo provides 2 REST Web Services that enable the 2nd step. The 1st call requests inWebo platform to send a Push notification to an identified user’s Smartphone. This notification will wake up inWebo Authenticator and prompt for Authorization (using a PIN or not). The 2nd call allows your server to verify whether MFA for this session was successful or not.

As it is not possible to predict how long the user will take to authenticate, we implemented an asynchronous procedure:

  1. Your server requests inWebo to notify the user’s Smartphone, and gets back a session id
  2. Your server verifies periodically with inWebo platform the authentication result of the session


PushAuthenticate

URL:

https://api.myinwebo.com/FS?action= pushAuthenticate + parameters

Mandatory parameters are:

&serviceId= <service id> //integer

&userId=<login of the previsously authenticated user> //string

Optional parameters are:

&format=json // allows to get the API response in json format instead of XML format
&tooltype=[ma | mac ] allows to specify the inWebo tool type where to send the push. 
      'ma' = inWebo Authenticator. 'mac' = mAccess device(s).
&toolalias=<alias of the tool> allows to specify the inWebo precisely the tool where to send the push, if several 
      authenticator was enrolled by the user. 'toolalias' can be obtained with 'loginQuery'. 
&context=<context information> or &context=auto // allows to send a context information in the push notification. 

It is then possible to display the context information on the mobile device (mAccess and inWebo Authenticator)

Information on the push context information:

  • On inWebo Authenticator the display of the context information is only available on Android and iOS
  • In text mode, the context information must be limited to 128 charachters. The context content must respect the folloginw regular expression: ^[\d$%€&@# \.\+\-_\w\p{L}]+$
  • In automatic mode this context consists of a 4 digit string randomly generated. This generated string is available in the response of the API call

Response:

By default, API response is in XML. It contains:

  • err : the notification result (“OK” or “NOK:<cause>”)
  • name: name of the device that performed the authentication
  • alias: alias of the device that performed the authentication
  • version: version of the device that performed the authentication
  • platform: platform of the device (can be iphone, android, wp8 in case of Authenticator)
  • type: will be “ma” (mobile app) or “mac” (your application developed with mAccess)
  • sessionId: the 32-char-long Session Id that will allow you to check Authentication result (to be used in checkPushResult)
  • context: the context information provided (field only exists if a context has been passed to the initial call)

Possible error codes:

  • NOK:NOPUSH: user’s mobile app does not support Push (inWebo nCode)
  • NOK:NOMA: user does not have any inWebo mobile app
  • NOK:NOLOGIN: user does not exist, or is still pending activation
  • NOK:SN: syntax error in input parameters
  • NOK:srv unknown: serviceId is wrong

JSON response format:

{"timestamp":"","platform":"","sessionId":"","alias":"","name":"","err":"","type":"","version":"", "context":""}

Note that the context field is available only if the call has been made with the context query parameter


CheckPushResult

This call is used to get the authentication result of a specific session

URL:

https://api.myinwebo.com/FS?action= checkPushResult + parameters

Mandatory parameters are:

&serviceId= <service id> //integer

&sessionId=<session id> //string

&userId=<login> //string

Optional parameters are:

&format=json // allows to get the API response in json format instead of XML format

Response:

By default, API response is in XML. It contains:

  • err : the authentication result (“OK” or “NOK:<cause>”)
  • name: name of the device that performed the authentication
  • alias: alias of the device that performed the authentication
  • version: version of the device that performed the authentication
  • platform: platform of the device (can be iphone, android, wp8 in case of Authenticator)
  • type: will be “ma” (mobile app) or “mac” (your application developed with mAccess)

Possible error codes:

  • NOK:WAITING: Request is pending, try again later (in 0.5 sec for instance)
  • NOK:REFUSED: user refused authentication
  • NOK:TIMEOUT: user did not authenticate in time (1 minute)
  • NOK:SN: syntax error in input parameters
  • NOK:srv unknown: serviceId is wrong
  • NOK: sessionId does not exist or has expired

JSON response format:

{"timestamp":"","platform":"","alias":"","name":"","err":"","type":"","version":""}



Transaction sealing with REST API

SealVerify

URL:

https://api.myinwebo.com/FS?action=sealVerify + parameters

Mandatory parameters are:

&serviceId= <id of the service> //integer

&userId=<login> //string

&token=<OTP received from the client app> //string

&data=<sealed data> //string

Optional parameters are:

&format=json // allows to get the API response in json format instead of XML format

Response:

By default, response is in XML. It contains:

  • err: operation result («&nbsp;OK&nbsp;» or «&nbsp;NOK:<cause>&nbsp;»)
  • name: name of the device that performed the sealing
  • alias: alias of the device that performed the sealing
  • version: version of the device that performed the sealing
  • platform: platform of the device (the one you passed to mAccess)
  • type: will be “mac” (your application developed with mAccess)

If the ID of the service set in the URL is not valid the returned error code is: «&nbsp;NOK:srv unknown&nbsp;». If the login set is not a valid login of the service the returned error code is: «&nbsp;NOK:account unknown&nbsp;». Other error codes:

  • NOK:NoKey: user does not have a sealing key. This means that he has not activated your app
  • NOK:BadData: The data sealing in the OTP is different from the one sent in as an input parameter. Potential MITM.
  • NOK:FORBIDDEN&nbsp;: Sealing option is not authorized for your account. Contact inWebo Sales.

Format of XML response:

<authenticateExtended>
    <err></err>
    <name></name>
    <alias></alias>
    <version></version>
    <platform></platform>
    <type></type>
    <timestamp></timestamp >
</authenticateExtended>

Format of JSON response:

{ "timestamp":"","platform":"","alias":"","name":"","err":"","type":"","version":""}



User Management with SOAP API

Important notice : for all the following provisionning requests, the 'userid' parameter must be forced to 0.


loginsQuery

loginsQuery(long userid, long serviceid, long offset, long nmax, long sort)

Returns:

LoginsQueryResult

This is an object with the following properties:

public string err;                    // 'OK' or 'NOK:<cause>'

public int n;                         // see below

public long[] id;                     // Unique ID of each users 

public long[] count;                  // see below

public string[] login;                // login name

public string[] code;                 // see below

public long[] status;                 // see below

public long[] role;                   // see below

public string[] firstname; 

public string[] name;

public string[] mail;

public string[] phone;

public string[] extrafields;          // see below

public long[] createdby;              // see below

public long[] lastauthdate;            // see below

This function returns the list of logins for the requested Service.

Input parameters :

Parameters “offset” and “nmax” are used to page requests: “offset” is the first line of the page to request (can start at 0), “nmax” is the number of lines per page.

Parameter “sort” can be set to:

  • 0: no sorting
  • 1: sort by login (ascending)
  • 2: sort by login (descending)
  • 3: sort by name (ascending)
  • 4: sort by name (descending)
  • 5: sort by mail (ascending)
  • 6: sort by mail (descending)

Output values :

Parameter “n” returns the number of listed entries.

Parameter “count” returns the total number of logins, whereas parameter “n” returns the number of logins of the request.

Possible values for “code”:

  • “ok”: The code has been used. This login should be considered as active.
  • “expired”: The code was never used and has expired. There is no more valid activation code for this login.
  • “in:<9-digit code>”: The code has not been used yet, and is inactive. Use loginActivateCode to switch the code to “active” state (see loginCreate with codetype=1)
  • “link”: The code has not been used yet, an activation link (valid for 3 weeks) was sent to the email address given at loginCreate time (see loginCreate with codetype=2)
  • “<9-digit code>”: The code is valid at present time and has not been used yet

Parameter “status”:

  • 0: login is active
  • 1: login is blocked (authentication requests will be rejected)

Parameter “role” defines the rights for this login:

  • 0: user
  • 1: manager of the service (can create, modify and delete users)
  • 2: administrator of the service (can also modify parameters of the service in the Administration Console)

Parameter “extrafields” is reserved for future use.

Parameter “createdby” is used to distinguish logins created by inWebo Aministration console from logins created by the API. Possible values:

  • 0: login created by WebConsole
  • 1: login created by API

Parameter “lastauthdate” gives the last authentication date for each login returned by the query as a timestamp

loginQuery

loginQuery(long userid, long loginid)

Returns:

LoginQueryResult

This is an object with the following properties:

public string err;

public string login;             // Login Name

public string code;  

public long status;  

public long role;

public string firstname;

public string name;

public string mail;

public long createdby;

public long lastauthdate;       // timestamp of the last successful authentication (0 if none)

public long nca;                //no. of inWebo Helium / Virtual Authenticator (browser tokens)

public long caid[];             //id of the tool

public long castate[];          //state of the tool (0:active, 1:locked; 2:pin locked)

public string caname[];           //name of the tool

public string caalias[];          //alias of the tool (can be correlated with authenticateExtended)

public long cault[];            //type of tool (0 : application (toolbar); 1:Helium/Virtual Authenticator)
  
public long nma;                //no. mobile applications (= InWebo Authenticator, can be 0 or 1)

public long maid[];             //id of the mobile application

public long mastate[];          //state of the tool (0:active, 1:locked; 2:pin locked)

public string maname[];           //name of the mobile application

public string maalias[];          //alias of the mobile application

public long mapushenabled[];    //the mobile application has successfully registered for push notifications

public long nmac;               //no. of mAccess

public long macid[];            //id of the mAccess

public long macstate[];         //state of the tool (0:active, 1:locked; 2:pin locked)

public string macname[];          //name of the maccess

public string macalias[];         //alias of the maccess

public long macpushenabled[];   //the mobile app based on mAccess has successfully registered for push notifications

public long nva;               //no. of Virtual Authenticator (VA)

public long vaid[];            //id of the VA

public long vastate[];         //state of the tool (0:active, 1:locked; 2:pin locked)

public string vaname[];          //name of the tool

public string vaalias[];         //alias of the tool

public string longcode[];         //long code if loginCreate with codetype=2 used to reconstruct the activation url
                                  // https://www.myinwebo.com/console/activate?code=<longcode>

This function returns attributes of a particular login.

See loginsQuery above for parameters details.

loginSearch

loginSearch(long userid, long serviceid, string loginname, long exactmatch, long offset, long nmax, long sort)

Returns:

LoginSearchResult

This is an object with the following properties:

public string err;

public int n;

public long[] id;

public string[] login;

public string[] code;

public long[] status;

public long[] role;

public string[] firstname;

public string[] name;

public string[] mail;

public string[] phone;

public long[] activation_status;

This function allows looking for a user based on its login (loginname). No wildcard or regexp are permitted for the searchstring 'loginname'.

Parameter “exactmatch” can be:

  • 0: The search request will return all the logins containing the string ‘loginname’
  • 1: The search request will return the login exactly matching ‘loginname’

The return parameter “activation_status” is a mask:

  • 0: The user has not activated a device yet
  • 1: The user's mobile application (inWebo Authenticator) is active (and is not blocked)
  • 2: The user has at least one instance of inWebo Helium active (and is not blocked)
  • 3: The user's mobile application is active and the user has at least one instance of inWebo Helium active (both not blocked)

Usage of parameters “offset”, “nmax” and “sort” are identical to loginsQuery.


loginCreate

loginCreate(long userid, long serviceid, string login, string firstname, string name, string mail,
            string phone, long status, long role, long access, long codetype, string lang, string extrafields)

Returns:

LoginCreateResult

This is an object with the following properties:

public string err;

public string code;

public long loginid;

This function creates a login identified by the returned “loginid” value for the requested service. It also generates an activation code, which can be either retrieved in the “code” return parameter, or sent by Email using loginSendByMail.

This activation code should be entered by the end-user in one of the inWebo authentication tools. The tool will then become activated for this service, and available to generate OTPs for this service.

The behavior depends on the “codetype” parameter:

  • 0: An activation code is generated, valid immediately for 15 minutes
  • 1: An “inactive” activation code, valid for 3 weeks, is generated (it will become active later on, thanks to loginActivateCode)
  • 2: An activation link, valid for 3 weeks, is generated. LoginSendByMail must be used immediately after

Parameter “lang” can be “fr” or “en”.

  • With inWebo Identity Guard, you can only use codetype=0
  • With inWebo Safe Transactions, you can use codetype=0 or 1
  • With inWebo Enterprise, you can use codetype=0, 1 or 2

Parameter “access” can be:

  • 0: service bookmarks are not associated to this user
  • 1: all service bookmarks are associated to this user

loginCreate will return “NOK:full” if the maximum number of users for the service has been reached, and “NOK:loginexists” if the login already exists.


Input parameters constraints and limitations

All of the input parameters must fit the following constraints and allowed characteres:

  • 'login': a-z A-Z 0-9 @ \ . _ - and space (max length allowed = 255)
  • 'firstname' and 'name': alphanumeric unicode characteres space . + - _ ' (max length allowed = 255)
  • 'email': a-z A-Z 0-9 @ \ . _ - (max length allowed = 255)
  • 'extrafields':
    • key: alphanumeric unicode characters . _ - (max length allowed = 60)
    • value: alphanumeric unicode characters @ # { } . + - _ ' (max length allowed = 60)
    • overall max size for all extrafields = 4096


loginUpdate

loginUpdate(long userid, long serviceid, long loginid, string login, string firstname, string name, 
           string mail, string phone, long status, long role, string extrafields)

Returns:

loginUpdateResponse

This is an object with the following properties:

public string loginUpdateReturn

This function allows to update a service user (a login).

The string returned is a result code which can be “OK’ (success) or “NOK:<cause>” (error). The function will return “NOK:login already used” if you tried to update the login name and that login name already exists.

The input parameters constraints and limitations are the same as for loginCreate (see above)


loginSendByMail

loginSendByMail(long userid, long serviceid, long loginid)

Returns:

loginSendByMailResponse

This is an object with the following properties:

public string loginSendByMailReturn

This function sends the activation code to the requested login per email. The login must have a valid email address previously configured with loginCreate or loginUpdate.

The string returned is a result code which can be “OK”(success) or “NOK” (error).

Available only with inWebo Enterprise.


loginActivateCode

loginActivateCode(long userid, long serviceid, long loginid)

Returns:

loginActivateCodeResponse

This is an object with the following properties:

public string loginActivateCodeReturn

The string returned can be “NOK” (error) or the inWebo activation code of the login.

To be used with logins created with codetype=1.

Available only with inWebo Safe Transactions or Enterprise.


loginGetCodeFromLink(long code)

Returns:

loginGetCodeFromLinkResponse

This is an object with the following properties:

public string loginGetCodeFromLinkReturn

The string returned can be “NOK” (error) or the inWebo activation code of the login.

To be used with logins created with codetype=2. In this case the loginCreate returns a 3-week long code in the “code” field to be converted into a final activation code with either loginGetCodeFromLink or loginGetInfoFromLink.


loginGetInfoFromLink(long code)

Returns an object of type:

LoginCreateResult

With the following properties:

public string err;

public long id;

public string code;

The “id” field of the response returns the ID of the previously created login. It allows to execute further API calls to retrieve additional properties on the created login. For instance, a loginQuery would return the role or the group memberships, making it possible to trigger different activation scenarios.

To be used with logins created with codetype=2. In this case the loginCreate returns a 3-week long code in the “code” field to be converted into a final activation code with either loginGetCodeFromLink or loginGetInfoFromLink.


loginDelete

loginDelete(long userid, long serviceid, long loginid)

Returns:

loginDeleteResponse

This is an object with the following properties:

public string loginDeleteReturn

This function allows to delete a service user (a login).

The string returned is a result code which can be “OK” (success) or “NOK” (error).


loginResetPwd

Note : loginResetPwd is deprecated. You should use loginResetPwdExtended instead (see below)

loginResetPwd(long userid, long serviceid, long loginid)

Returns:

loginResetPwdResponse

This is an object with the following properties:

public string loginResetPwdReturn

This function allows to generate a recovery code a user will be able to use to reset its password from an inWebo device that has been blocked by 3 erroneous PIN codes or passwords.

The string returned is a result code which can be “OK” (success) or “NOK:<cause>” (error).

NB: If the user has more than one service, only the current service will be unlocked. Other services, including My inWebo, will not be available.

Available only with inWebo Safe Transactions or Enterprise.


loginResetPwdExtended

loginResetPwdExtended(long userid, long serviceid, long loginid, long codetype)

Returns:

loginResetPwdExtendedResponse

This is an object with the following properties:

public string loginResetPwdExtendedReturn

This function allows to generate a recovery code a user will be able to use to reset its password from an inWebo device that has been blocked by 3 erroneous PIN codes or passwords.

Compared to loginResetPwd, this function adds a ‘codetype’ parameter with 3 possible values:

  • 0: An unlock code is generated, valid immediately for 15 minutes
  • 2: An unlock link, valid for 3 weeks, is generated. LoginSendByMail must be used immediately after

The string returned is a result code which can be “OK” (success) or “NOK:<cause>” (error).

NB: If the user has more than one service, only the current service will be unlocked. Other services, including My inWebo, will not be available.

Available only with inWebo Safe Transactions or Enterprise.


loginResetPINErrorCounter

loginResetPINErrorCounter(long userid, long serviceid, long loginid)

Returns:

loginResetPINErrorCounterResponse

This is an object with the following properties:

public string loginResetPINErrorCounterReturn

This function allows to reset the user PIN code or password error counter. It can be used only once for a given user, until he successfully authenticates again.

The string returned is a result code which can be “OK” (success) or “NOK:<cause>” (error).

If this code means an error occurs and is equal to “NOK:MULTI”, it means that this user (login) is associated to other services that do not allow to use this function.

Available only with inWebo Safe Transactions or Enterprise.


loginRestore

loginRestore(long userid, long serviceid, long loginid)

Returns:

loginRestoreResponse

This is an object with the following properties:

public string LoginRestoreReturn

This function allows to generate a restore code (ie. an activation code with codetype=0) for a user to restore its access to the service, for example if he has blocked or lost all his inWebo authentication devices.

When the restore code is used, all other existing inWebo devices will be deleted.

Only the access to YOUR service will be restored. Accesses to other services will have to be restored one by one by contacting each service provider.

loginRestore is applicable to all possible user states (expired, activation pending and activated).

The string returned is a result code which can be either the restore code (success) or “NOK” (error).

Available only with inWebo Safe Transactions or Enterprise.


loginAddDevice

loginAddDevice(long userid, long serviceid, long loginid, long codetype)

Returns:

loginAddDeviceResponse

This is an object with the following properties:

public string loginAddDeviceReturn

This function allows to generate a code a user will use to activate the device of its choice.

The string returned is a result code which can be a numeric value (the activation code) (success) or “NOK:<cause>” (error).

If an error occurs and the returned code is equal to:

  • “NOK:NoPassword”: it means the this user’s password is empty

NB: If the user has more than one service, only the current service will be activated. Other services, including My inWebo, will not be available.

Available only with inWebo Safe Transactions or Enterprise.



loginDeleteTool

loginDeleteTool(long userid, long serviceid, long toolid, string tooltype)

Returns:

loginDeleteToolResponse

This is an object with the following properties:

public string loginDeleteToolReturn

This function allows to delete a tool for a given user. ToolID and ToolType can be obtained by using loginQuery.

  • ToolType can be ‘ma’ (inWebo Authenticator), ‘ca’ (inWebo Helium) ‘va’ (Virtual Authenticator) or ‘mac’ (mAccess).
  • ToolID can be either the corresponding ‘maid’ (inWebo Authenticator), ‘caid’ (inWebo Helium) ‘vaid’ (Virtual Authenticator) or ‘macid’ (mAccess).

The string returned is a result code which can be “OK” (success) or “NOK:<cause>” (error).

Available only with inWebo Safe Transactions or Enterprise.


loginGetGroups

loginGetGroups (long userid, long loginid, long offset, long nmax)

Returns:

loginGetGroupsResponse

This is an object with the following properties:

public string err;
public int n;
public int count;
public long groupid;
public string name;
public long servicepolicy;
public long role;

This function returns, for a given loginid the list of groups (groupid and name) this user is member of, and their corresponding servicepolicy id.

The 'err' string returned is a result code which can be “OK” (success) or “NOK:<cause>” (error).

Available only with inWebo Safe Transactions or Enterprise.


loginsQueryByGroup

loginsQueryByGroup (long userid, long groupid, long offset, long nmax, long sort)

Returns:

loginsQueryByGroupResponse

This is an object with the following properties:

public string err;
public int count;
public int n;
public long id;
public string login;
public string code;
public long status;
public long role;
public string firstname;
public string name;
public string mail;
public string phone;
public string extrafields;
public long createdby;

This function returns the list of users member of this group, and their personnal informations.

The 'err' string returned is a result code which can be “OK” (success) or “NOK:<cause>” (error).


serviceGroupsQuery

serviceGroupsQuery (long userid, long serviceid, long offset, long nmax)

Returns:

serviceGroupsQueryResponse

This is an object with the following properties:

public string err;
public int n;
public int count;
public long groupid;
public string name;
public long servicepolicy;

This function returns for a given serviceid the list of known groups (groupid and name) and their corresponding servicepolicy id.

The 'err' string returned is a result code which can be “OK” (success) or “NOK:<cause>” (error).


groupAccountCreate

groupAccountCreate (long userid, long groupid, long loginid, long role)

Returns:

groupAccountCreateResponse

This function add a user identified by its 'loginid' to an existing group designed by its 'groupid'. The role of this user in the group is assigned through the integer 'role' parameter (refer to the above loginQuery section for possible values)

The string returned is a result code which can be “OK” (success) or “NOK” (error).


groupAccountDelete

groupAccountDelete (long userid, long groupid, long loginid)

Returns:

groupAccountDeleteResponse

This function allows to remove a user identified by its 'loginid' from an existing group designed by its 'groupid'.

The string returned is a result code which can be “OK” (success) or “NOK” (error).


groupAccountQuery

groupAccountQuery (long userid, long groupid, long groupid)

Returns:

groupAccountQueryResponse

This is an object with the following properties:

public string err;
public long roleid;
public long loginid;
public long groupid;

This function returns for a given 'loginid' and 'groupid' the role and if this user is member of this group

The 'err' string returned is a result code which can be “OK” (success) or “NOK” (error).


groupAccountUpdate

groupAccountUpdate (long userid, long groupid, long loginid, long role)

Returns:

groupAccountUpdateResponse

This is an object with the following properties:

string

This function is used to modify the user role inside a given group identified by its groupid. The role parameter must be a valid 'roleid' corresponding to a custom role for this group.

The string returned is a result code which can be “OK” (success) or “NOK” (error).


IWDS_check

IWDS_check()

Returns:

IWDS_checkResponse

This function returns a string which can be “OK:<ServiceId>” (success) or “NOK” (error).

Available ???.



Appendixes

Input Parameters Matrix :

This table is a sum up in one view of all the API methods detailed above, and their input parameters and possible values.

Output Data Matrix :

This table shows for all the API methods, what are the data outputs. It helps you to quickly determine which methods can provide which parameters.

Both tables used together will help you to organize and develop your InWebo provisioning worklow using the APIs.