openapi.yaml

openapi: 3.0.2
info:
  title: Konnect Identity
  version: 3.0.1
  description: The management API for Kong Konnect Identity resources.
  contact:
    name: Kong
    url: 'https://konghq.com'
  x-oas-source: kong/platform-api@a3242e0831b3701ebb62066c39c05da0ce00bee8
  x-oas-source-link: 'https://github.com/Kong/platform-api/commit/a3242e0831b3701ebb62066c39c05da0ce00bee8'
servers:
  - url: 'https://global.api.konghq.com/v3'
    description: Global Base URL
paths:
  /organizations/impersonation:
    get:
      operationId: get-impersonation-settings
      summary: Get Impersonation Settings
      description: 'Returns Impersonation Settings, which determines if user impersonation is allowed for an organization.'
      responses:
        '200':
          $ref: '#/components/responses/GetImpersonationSettingsResponse'
        '401':
          $ref: '#/components/responses/IdentityUnauthenticated'
        '404':
          $ref: '#/components/responses/IdentityNotFound'
      tags:
        - Impersonation Settings
    patch:
      operationId: update-impersonation-settings
      summary: Update Impersonation Settings
      description: Updates Impersonation Settings.
      requestBody:
        $ref: '#/components/requestBodies/UpdateImpersonationSettingsRequest'
      responses:
        '200':
          $ref: '#/components/responses/UpdateImpersonationSettingsResponse'
        '400':
          $ref: '#/components/responses/IdentityBadRequest'
        '401':
          $ref: '#/components/responses/IdentityUnauthenticated'
        '403':
          $ref: '#/components/responses/Unauthorized'
        '404':
          $ref: '#/components/responses/IdentityNotFound'
      tags:
        - Impersonation Settings
  /authentication-settings:
    get:
      operationId: get-authentication-settings
      summary: Get Auth Settings
      description: 'Returns authentication configuration, which determines how users can log in and how they are assigned to teams.'
      responses:
        '200':
          $ref: '#/components/responses/AuthenticationSettings'
        '401':
          $ref: '#/components/responses/IdentityUnauthenticated'
      tags:
        - Auth Settings
    patch:
      operationId: update-authentication-settings
      summary: Update Auth Settings
      description: Updates authentication configuration.
      requestBody:
        $ref: '#/components/requestBodies/UpdateAuthenticationSettings'
      responses:
        '200':
          $ref: '#/components/responses/AuthenticationSettings'
        '400':
          $ref: '#/components/responses/IdentityBadRequest'
        '401':
          $ref: '#/components/responses/IdentityUnauthenticated'
        '403':
          $ref: '#/components/responses/Unauthorized'
      tags:
        - Auth Settings
  /invites:
    post:
      operationId: invite-user
      summary: Invite User
      description: 'Sends an invitation email to invite a user to the Konnect organization. The email contains a link with a one time token to accept the invitation. Upon accepting the invitation, the user is directed to https://cloud.konghq.com/login to complete registration.'
      requestBody:
        $ref: '#/components/requestBodies/InviteUser'
      responses:
        '201':
          description: Created
        '400':
          $ref: '#/components/responses/IdentityBadRequest'
        '409':
          $ref: '#/components/responses/IdentityConflict'
        '429':
          $ref: '#/components/responses/RateLimited'
      tags:
        - Invites
  /identity-providers:
    get:
      operationId: get-identity-providers
      summary: List Identity Providers
      description: |
        Retrieves the identity providers available within the organization. This operation provides information about 
        various identity providers for SAML or OIDC authentication integrations.
      parameters:
        - name: filter
          in: query
          description: Filter identity providers returned in the response.
          required: false
          schema:
            type: object
            properties:
              type:
                $ref: '#/components/schemas/StringFieldEqualsFilter'
          style: deepObject
      responses:
        '200':
          $ref: '#/components/responses/IdentityProviders'
        '401':
          $ref: '#/components/responses/IdentityUnauthenticated'
        '403':
          $ref: '#/components/responses/IdentityPermissionDenied'
      tags:
        - Auth Settings
    post:
      operationId: create-identity-provider
      summary: Create Identity Provider
      description: |
        Creates a new identity provider. This operation allows the creation of a new identity provider for 
        authentication purposes.
      requestBody:
        $ref: '#/components/requestBodies/CreateIdentityProviderRequest'
      responses:
        '201':
          $ref: '#/components/responses/IdentityProvider'
        '400':
          $ref: '#/components/responses/IdentityBadRequest'
        '401':
          $ref: '#/components/responses/IdentityUnauthenticated'
        '403':
          $ref: '#/components/responses/CreateIdentityProviderPermissionDenied'
        '409':
          $ref: '#/components/responses/Conflict'
      tags:
        - Auth Settings
  '/identity-providers/{id}':
    parameters:
      - name: id
        in: path
        description: ID of the identity provider.
        required: true
        schema:
          type: string
          format: uuid
          example: d32d905a-ed33-46a3-a093-d8f536af9a8a
    get:
      operationId: get-identity-provider
      summary: Get Identity Provider
      description: |
        Retrieves the configuration of a single identity provider. This operation returns information about a 
        specific identity provider's settings and authentication integration details.
      responses:
        '200':
          $ref: '#/components/responses/IdentityProvider'
        '400':
          $ref: '#/components/responses/IdentityBadRequest'
        '401':
          $ref: '#/components/responses/IdentityUnauthenticated'
        '403':
          $ref: '#/components/responses/IdentityPermissionDenied'
        '404':
          $ref: '#/components/responses/IdentityNotFound'
      tags:
        - Auth Settings
    patch:
      operationId: update-identity-provider
      summary: Update Identity Provider
      description: |
        Updates the configuration of an existing identity provider. This operation allows modifications to be made 
        to an existing identity provider's configuration.
      requestBody:
        $ref: '#/components/requestBodies/UpdateIdentityProviderRequest'
      responses:
        '200':
          $ref: '#/components/responses/IdentityProvider'
        '400':
          $ref: '#/components/responses/IdentityBadRequest'
        '401':
          $ref: '#/components/responses/IdentityUnauthenticated'
        '403':
          $ref: '#/components/responses/IdentityPermissionDenied'
        '404':
          $ref: '#/components/responses/IdentityNotFound'
        '409':
          $ref: '#/components/responses/Conflict'
      tags:
        - Auth Settings
    delete:
      operationId: delete-identity-provider
      summary: Delete Identity Provider
      description: |
        Deletes an existing identity provider configuration. This operation removes a specific identity provider 
        from the organization.
      responses:
        '204':
          description: No Content
        '400':
          $ref: '#/components/responses/IdentityBadRequest'
        '401':
          $ref: '#/components/responses/IdentityUnauthenticated'
        '403':
          $ref: '#/components/responses/IdentityPermissionDenied'
        '404':
          $ref: '#/components/responses/IdentityNotFound'
      tags:
        - Auth Settings
  /identity-provider:
    get:
      operationId: get-idp-configuration
      summary: Get the IdP Configuration
      description: Fetch the IdP configuration.
      responses:
        '200':
          $ref: '#/components/responses/IdPConfiguration'
        '400':
          $ref: '#/components/responses/IdentityBadRequest'
        '401':
          $ref: '#/components/responses/IdentityUnauthenticated'
        '403':
          $ref: '#/components/responses/IdentityPermissionDenied'
        '404':
          $ref: '#/components/responses/IdentityNotFound'
      tags:
        - Auth Settings
    patch:
      operationId: update-idp-configuration
      summary: Update IdP Configuration
      description: Update the IdP configuration.
      requestBody:
        $ref: '#/components/requestBodies/UpdateIdPConfiguration'
      responses:
        '200':
          $ref: '#/components/responses/IdPConfiguration'
        '400':
          $ref: '#/components/responses/IdentityBadRequest'
        '401':
          $ref: '#/components/responses/IdentityUnauthenticated'
        '403':
          $ref: '#/components/responses/Unauthorized'
      tags:
        - Auth Settings
  /identity-provider/team-mappings:
    put:
      operationId: update-idp-team-mappings
      summary: Update Team Mappings
      description: Updates the IdP group to Konnect team mapping.
      requestBody:
        $ref: '#/components/requestBodies/UpdateTeamMappings'
      responses:
        '200':
          $ref: '#/components/responses/TeamMappingCollection'
        '400':
          $ref: '#/components/responses/IdentityBadRequest'
        '401':
          $ref: '#/components/responses/IdentityPermissionDenied'
        '404':
          $ref: '#/components/responses/IdentityNotFound'
        '412':
          $ref: '#/components/responses/PreconditionFailed'
      tags:
        - Auth Settings
    get:
      operationId: get-idp-team-mappings
      summary: Get a Team Mapping
      description: Fetch the IdP group to Konnect team mapping.
      parameters:
        - $ref: '#/components/parameters/PageSize'
        - $ref: '#/components/parameters/PageNumber'
      responses:
        '200':
          $ref: '#/components/responses/TeamMappingResponse'
        '401':
          $ref: '#/components/responses/IdentityUnauthenticated'
        '403':
          $ref: '#/components/responses/IdentityPermissionDenied'
        '404':
          $ref: '#/components/responses/IdentityNotFound'
        '412':
          $ref: '#/components/responses/PreconditionFailed'
      tags:
        - Auth Settings
  /identity-provider/team-group-mappings:
    get:
      operationId: get-team-group-mappings
      summary: Get a Team Group Mappings
      description: |-
        Retrieves the mappings between Konnect Teams and Identity Provider Groups.
        Returns a 400 error if an Identity Provider has not yet been configured.
      parameters:
        - $ref: '#/components/parameters/PageSize'
        - $ref: '#/components/parameters/PageNumber'
      responses:
        '200':
          $ref: '#/components/responses/TeamGroupMappingCollection'
        '400':
          $ref: '#/components/responses/IdentityBadRequest'
        '401':
          $ref: '#/components/responses/IdentityUnauthenticated'
        '403':
          $ref: '#/components/responses/IdentityPermissionDenied'
      tags:
        - Auth Settings
    patch:
      operationId: patch-team-group-mappings
      summary: Patch Mappings by Team ID
      description: |-
        Allows partial updates to the mappings between Konnect Teams and Identity Provider Groups.
        The request body must be keyed on team ID. For a given team ID, the given group list is a
        complete replacement. To remove all mappings for a given team, provide an empty group list.

        Returns a 400 error if an Identity Provider has not yet been configured, or if a team ID in
        the request body is not found or is not a UUID.
      requestBody:
        $ref: '#/components/requestBodies/PatchTeamGroupMappings'
      responses:
        '200':
          $ref: '#/components/responses/TeamGroupMappingCollection'
        '400':
          $ref: '#/components/responses/IdentityBadRequest'
        '401':
          $ref: '#/components/responses/IdentityUnauthenticated'
        '403':
          $ref: '#/components/responses/IdentityPermissionDenied'
      tags:
        - Auth Settings
  /roles:
    get:
      operationId: get-predefined-roles
      summary: Get Predefined Roles
      description: 'Retrieves the predefined, or system managed, roles.'
      responses:
        '200':
          $ref: '#/components/responses/Roles'
        '400':
          $ref: '#/components/responses/IdentityBadRequest'
        '401':
          $ref: '#/components/responses/IdentityUnauthenticated'
      tags:
        - Roles
  /teams:
    get:
      operationId: list-teams
      summary: List Teams
      description: Returns an array of team objects containing information about the Konnect Teams.
      parameters:
        - $ref: '#/components/parameters/PageSize'
        - $ref: '#/components/parameters/PageNumber'
        - name: filter
          in: query
          description: Filter teams returned in the response.
          required: false
          schema:
            type: object
            properties:
              name:
                $ref: '#/components/schemas/LegacyStringFieldFilter'
          style: deepObject
      responses:
        '200':
          $ref: '#/components/responses/TeamCollection'
        '400':
          $ref: '#/components/responses/IdentityBadRequest'
        '404':
          $ref: '#/components/responses/IdentityNotFound'
      tags:
        - Teams
    post:
      operationId: create-team
      summary: Create Team
      description: 'Creates a team in the Konnect Organization. '
      requestBody:
        $ref: '#/components/requestBodies/CreateTeam'
      responses:
        '201':
          $ref: '#/components/responses/TeamSingle'
        '400':
          $ref: '#/components/responses/IdentityBadRequest'
        '403':
          $ref: '#/components/responses/IdentityPermissionDenied'
      tags:
        - Teams
  '/teams/{teamId}/users':
    parameters:
      - name: teamId
        in: path
        description: ID of the team.
        required: true
        schema:
          type: string
          format: uuid
          example: d32d905a-ed33-46a3-a093-d8f536af9a8a
    get:
      operationId: list-team-users
      summary: List Team Users
      description: Returns a paginated list of users that belong to the team specified in the path parameter.
      parameters:
        - $ref: '#/components/parameters/PageSize'
        - $ref: '#/components/parameters/PageNumber'
        - name: filter
          in: query
          description: Filter users returned in the response.
          required: false
          schema:
            type: object
            properties:
              id:
                $ref: '#/components/schemas/StringFieldEqualsFilter'
              email:
                $ref: '#/components/schemas/LegacyStringFieldFilter'
              full_name:
                $ref: '#/components/schemas/LegacyStringFieldFilter'
              active:
                $ref: '#/components/schemas/BooleanFieldFilter'
          style: deepObject
      responses:
        '200':
          $ref: '#/components/responses/UserCollection'
        '400':
          $ref: '#/components/responses/IdentityBadRequest'
        '404':
          $ref: '#/components/responses/IdentityNotFound'
      tags:
        - Team Membership
    post:
      operationId: add-user-to-team
      summary: Add User
      description: Adds a user to a team.
      requestBody:
        $ref: '#/components/requestBodies/AddUserToTeam'
      responses:
        '201':
          description: Created
        '400':
          $ref: '#/components/responses/IdentityBadRequest'
        '404':
          $ref: '#/components/responses/IdentityNotFound'
        '409':
          $ref: '#/components/responses/IdentityConflict'
      tags:
        - Team Membership
  '/teams/{teamId}':
    parameters:
      - name: teamId
        in: path
        description: The team ID
        required: true
        schema:
          type: string
          format: uuid
          example: d32d905a-ed33-46a3-a093-d8f536af9a8a
    get:
      operationId: get-team
      summary: Get a Team
      description: Returns information about a team from a given team ID.
      responses:
        '200':
          $ref: '#/components/responses/TeamSingle'
        '400':
          $ref: '#/components/responses/IdentityBadRequest'
        '404':
          $ref: '#/components/responses/IdentityNotFound'
      tags:
        - Teams
    patch:
      operationId: update-team
      summary: Update Team
      description: Updates an individual team.
      requestBody:
        $ref: '#/components/requestBodies/UpdateTeam'
      responses:
        '200':
          $ref: '#/components/responses/TeamSingle'
        '400':
          $ref: '#/components/responses/IdentityBadRequest'
        '404':
          $ref: '#/components/responses/IdentityNotFound'
      tags:
        - Teams
    delete:
      operationId: delete-team
      summary: Delete Team
      description: Deletes an individual team. Returns 404 if the team is not found.
      responses:
        '204':
          description: No Content
        '400':
          $ref: '#/components/responses/IdentityBadRequest'
        '404':
          $ref: '#/components/responses/IdentityNotFound'
      tags:
        - Teams
  '/teams/{teamId}/users/{userId}':
    parameters:
      - name: userId
        in: path
        description: User ID
        required: true
        schema:
          type: string
          format: uuid
          example: d32d905a-ed33-46a3-a093-d8f536af9a8a
      - name: teamId
        in: path
        description: Team ID.
        required: true
        schema:
          type: string
          format: uuid
          example: d32d905a-ed33-46a3-a093-d8f536af9a8a
    delete:
      operationId: remove-user-from-team
      summary: Remove User
      description: |-
        Removes a user from a team.
        If the user was removed, returns a 204 empty response. Returns 404 if the user or team were not found.
      responses:
        '204':
          description: No Content
        '400':
          $ref: '#/components/responses/IdentityBadRequest'
        '404':
          $ref: '#/components/responses/IdentityNotFound'
      tags:
        - Team Membership
  '/teams/{teamId}/assigned-roles':
    parameters:
      - name: teamId
        in: path
        description: The team ID
        required: true
        schema:
          type: string
          format: uuid
          example: e81bc3e5-e9db-4764-b7dd-e81e39072cbe
    get:
      operationId: list-team-roles
      summary: List Team Roles
      description: Lists the roles belonging to a team. Returns 400 if any filter parameters are invalid.
      parameters:
        - name: filter
          in: query
          description: Filter roles returned in the response.
          required: false
          schema:
            type: object
            properties:
              role_name:
                $ref: '#/components/schemas/StringFieldEqualsFilter'
              entity_type_name:
                $ref: '#/components/schemas/StringFieldEqualsFilter'
          style: deepObject
      responses:
        '200':
          $ref: '#/components/responses/AssignedRoleCollection'
        '400':
          $ref: '#/components/responses/IdentityBadRequest'
        '401':
          $ref: '#/components/responses/IdentityUnauthenticated'
        '403':
          $ref: '#/components/responses/IdentityPermissionDenied'
        '404':
          $ref: '#/components/responses/IdentityNotFound'
      tags:
        - Roles
    post:
      operationId: teams-assign-role
      summary: Assign Team Role
      description: Assigns a role to a team. Returns 409 if role is already assigned.
      requestBody:
        $ref: '#/components/requestBodies/AssignRole'
      responses:
        '201':
          $ref: '#/components/responses/AssignedRoleSingle'
        '400':
          $ref: '#/components/responses/IdentityBadRequest'
        '401':
          $ref: '#/components/responses/IdentityUnauthenticated'
        '403':
          $ref: '#/components/responses/IdentityPermissionDenied'
        '404':
          $ref: '#/components/responses/IdentityNotFound'
        '409':
          $ref: '#/components/responses/IdentityConflict'
      tags:
        - Roles
  '/teams/{teamId}/assigned-roles/{roleId}':
    parameters:
      - name: teamId
        in: path
        description: The team ID.
        required: true
        schema:
          type: string
          format: uuid
          example: e81bc3e5-e9db-4764-b7dd-e81e39072cbe
      - name: roleId
        in: path
        description: The role ID.
        required: true
        schema:
          type: string
          format: uuid
          example: 8350205f-a305-4e39-abe9-bc082a80091a
    delete:
      operationId: teams-remove-role
      summary: Remove Team Role
      description: Removes an assigned role from a team. Returns 404 if the requested team or assigned role were not found.
      responses:
        '204':
          description: No Content
        '400':
          $ref: '#/components/responses/IdentityBadRequest'
        '401':
          $ref: '#/components/responses/IdentityUnauthenticated'
        '403':
          $ref: '#/components/responses/IdentityPermissionDenied'
        '404':
          $ref: '#/components/responses/IdentityNotFound'
      tags:
        - Roles
  /users:
    get:
      operationId: list-users
      summary: List Users
      description: Returns a paginated list of user objects.
      parameters:
        - $ref: '#/components/parameters/PageSize'
        - $ref: '#/components/parameters/PageNumber'
        - name: filter
          in: query
          description: Filter users returned in the response.
          required: false
          schema:
            type: object
            properties:
              id:
                $ref: '#/components/schemas/StringFieldEqualsFilter'
              email:
                $ref: '#/components/schemas/LegacyStringFieldFilter'
              full_name:
                $ref: '#/components/schemas/LegacyStringFieldFilter'
              active:
                $ref: '#/components/schemas/BooleanFieldFilter'
          style: deepObject
      responses:
        '200':
          $ref: '#/components/responses/UserCollection'
        '400':
          $ref: '#/components/responses/IdentityBadRequest'
      tags:
        - Users
  '/users/{userId}':
    parameters:
      - name: userId
        in: path
        description: The ID of the user being deleted.
        required: true
        schema:
          type: string
          format: uuid
          example: d32d905a-ed33-46a3-a093-d8f536af9a8a
    get:
      operationId: get-user
      summary: Get a User
      description: Returns the user object for the user ID specified as a path parameter.
      responses:
        '200':
          $ref: '#/components/responses/UserSingle'
        '400':
          $ref: '#/components/responses/IdentityBadRequest'
        '404':
          $ref: '#/components/responses/IdentityNotFound'
      tags:
        - Users
    patch:
      operationId: update-user
      summary: Update User
      description: Update an individual user.
      requestBody:
        $ref: '#/components/requestBodies/UpdateUser'
      responses:
        '200':
          $ref: '#/components/responses/UserSingle'
        '401':
          $ref: '#/components/responses/IdentityUnauthenticated'
        '403':
          $ref: '#/components/responses/IdentityPermissionDenied'
        '404':
          $ref: '#/components/responses/IdentityNotFound'
      tags:
        - Users
    delete:
      operationId: delete-user
      summary: Delete User
      description: Deletes an individual user. Returns 404 if the requested user was not found.
      responses:
        '204':
          description: No Content
        '404':
          $ref: '#/components/responses/IdentityNotFound'
      tags:
        - Users
  '/users/{userId}/teams':
    parameters:
      - name: userId
        in: path
        description: The user ID.
        required: true
        schema:
          type: string
          format: uuid
          example: d32d905a-ed33-46a3-a093-d8f536af9a8a
    get:
      operationId: list-user-teams
      summary: List User Teams
      description: Returns a paginated list of a teams that the user belongs to.
      parameters:
        - $ref: '#/components/parameters/PageSize'
        - $ref: '#/components/parameters/PageNumber'
        - name: filter
          in: query
          description: Filter teams returned in the response.
          required: false
          schema:
            type: object
            properties:
              name:
                $ref: '#/components/schemas/LegacyStringFieldFilter'
          style: deepObject
      responses:
        '200':
          $ref: '#/components/responses/TeamCollection'
        '404':
          $ref: '#/components/responses/IdentityNotFound'
      tags:
        - Team Membership
  '/users/{userId}/assigned-roles':
    parameters:
      - name: userId
        in: path
        description: The user ID
        required: true
        schema:
          type: string
          format: uuid
          example: e81bc3e5-e9db-4764-b7dd-e81e39072cbe
    get:
      operationId: list-user-roles
      summary: List User Roles
      description: Lists the roles assigned to a user.  Returns 400 if any filter parameters are invalid.
      parameters:
        - name: filter
          in: query
          description: Filter roles returned in the response.
          required: false
          schema:
            type: object
            properties:
              entity_id:
                $ref: '#/components/schemas/StringFieldEqualsFilter'
              role_name:
                $ref: '#/components/schemas/StringFieldEqualsFilter'
              entity_type_name:
                $ref: '#/components/schemas/StringFieldEqualsFilter'
          style: deepObject
      responses:
        '200':
          $ref: '#/components/responses/AssignedRoleCollection'
        '400':
          $ref: '#/components/responses/IdentityBadRequest'
        '404':
          $ref: '#/components/responses/IdentityNotFound'
      tags:
        - Roles
    post:
      operationId: users-assign-role
      summary: Assign Role
      description: Assigns a role to a user. Returns 409 if role is already assigned.
      requestBody:
        $ref: '#/components/requestBodies/AssignRole'
      responses:
        '201':
          $ref: '#/components/responses/AssignedRoleSingle'
        '400':
          $ref: '#/components/responses/IdentityBadRequest'
        '401':
          $ref: '#/components/responses/IdentityUnauthenticated'
        '403':
          $ref: '#/components/responses/IdentityPermissionDenied'
        '404':
          $ref: '#/components/responses/IdentityNotFound'
        '409':
          $ref: '#/components/responses/IdentityConflict'
      tags:
        - Roles
  '/users/{userId}/assigned-roles/{roleId}':
    parameters:
      - name: userId
        in: path
        description: ID of the user.
        required: true
        schema:
          type: string
          format: uuid
          example: e81bc3e5-e9db-4764-b7dd-e81e39072cbe
      - name: roleId
        in: path
        description: ID of the role.
        required: true
        schema:
          type: string
          format: uuid
          example: 8350205f-a305-4e39-abe9-bc082a80091a
    delete:
      operationId: users-remove-role
      summary: Remove Role
      description: Removes an assigned role from a user. Returns 404 if the requested user or assigned role were not found.
      responses:
        '204':
          description: No Content
        '400':
          $ref: '#/components/responses/IdentityBadRequest'
        '401':
          $ref: '#/components/responses/IdentityUnauthenticated'
        '404':
          $ref: '#/components/responses/IdentityNotFound'
      tags:
        - Roles
  /system-accounts:
    get:
      operationId: get-system-accounts
      summary: List System Accounts
      description: Returns an array of system accounts (SA) in the organization. Returns 400 if any filter parameters are invalid.
      parameters:
        - $ref: '#/components/parameters/PageSize'
        - $ref: '#/components/parameters/PageNumber'
        - name: filter
          in: query
          description: Filter system accounts returned in the response.
          required: false
          schema:
            type: object
            properties:
              name:
                $ref: '#/components/schemas/LegacyStringFieldFilter'
              description:
                $ref: '#/components/schemas/LegacyStringFieldFilter'
              konnect_managed:
                $ref: '#/components/schemas/BooleanFieldFilter'
          style: deepObject
      responses:
        '200':
          $ref: '#/components/responses/SystemAccountCollection'
        '400':
          $ref: '#/components/responses/IdentityBadRequest'
        '401':
          $ref: '#/components/responses/IdentityUnauthenticated'
        '403':
          $ref: '#/components/responses/Unauthorized'
      tags:
        - System Accounts
    post:
      operationId: post-system-accounts
      summary: Create System Account
      description: Creates a system account. Returns a 409 if a system account with the same name already exists.
      requestBody:
        $ref: '#/components/requestBodies/CreateSystemAccount'
      responses:
        '201':
          $ref: '#/components/responses/SystemAccountSingle'
        '401':
          $ref: '#/components/responses/IdentityUnauthenticated'
        '403':
          $ref: '#/components/responses/Unauthorized'
        '409':
          $ref: '#/components/responses/IdentityConflict'
      tags:
        - System Accounts
  '/system-accounts/{accountId}':
    get:
      operationId: get-system-accounts-id
      summary: Get a System Account
      description: Returns the system account (SA) for the SA ID specified as a path parameter.
      responses:
        '200':
          $ref: '#/components/responses/SystemAccountSingle'
        '401':
          $ref: '#/components/responses/IdentityUnauthenticated'
        '403':
          $ref: '#/components/responses/Unauthorized'
        '404':
          $ref: '#/components/responses/IdentityNotFound'
      tags:
        - System Accounts
    parameters:
      - name: accountId
        in: path
        description: ID of the system account.
        required: true
        schema:
          type: string
    patch:
      operationId: patch-system-accounts-id
      summary: Update System Account
      description: Updates the specified system account. Returns a 409 if the updated name is the same as another system account in the organization.
      requestBody:
        $ref: '#/components/requestBodies/UpdateSystemAccount'
      responses:
        '200':
          $ref: '#/components/responses/SystemAccountSingle'
        '401':
          $ref: '#/components/responses/IdentityUnauthenticated'
        '403':
          $ref: '#/components/responses/Unauthorized'
        '404':
          $ref: '#/components/responses/IdentityNotFound'
        '409':
          $ref: '#/components/responses/IdentityConflict'
      tags:
        - System Accounts
    delete:
      operationId: delete-system-accounts-id
      summary: Delete System Account
      description: Deletes the specified system account. Returns 404 if the requested account was not found.
      responses:
        '204':
          description: No Content
        '401':
          $ref: '#/components/responses/IdentityUnauthenticated'
        '403':
          $ref: '#/components/responses/Unauthorized'
        '404':
          $ref: '#/components/responses/IdentityNotFound'
      tags:
        - System Accounts
  '/system-accounts/{accountId}/access-tokens':
    get:
      operationId: get-system-account-id-access-tokens
      summary: List System Account Access Tokens
      description: Returns the access tokens for the specified system account. Returns 400 if any filter parameters are invalid.
      parameters:
        - $ref: '#/components/parameters/PageSize'
        - $ref: '#/components/parameters/PageNumber'
        - name: filter
          in: query
          description: Filter access tokens returned in the response.
          required: false
          schema:
            type: object
            properties:
              name:
                $ref: '#/components/schemas/LegacyStringFieldFilter'
          style: deepObject
      responses:
        '200':
          $ref: '#/components/responses/SystemAccountAccessTokenCollection'
        '400':
          $ref: '#/components/responses/IdentityBadRequest'
        '401':
          $ref: '#/components/responses/IdentityUnauthenticated'
        '403':
          $ref: '#/components/responses/Unauthorized'
        '404':
          $ref: '#/components/responses/IdentityNotFound'
      tags:
        - System Accounts - Access Tokens
    parameters:
      - name: accountId
        in: path
        description: ID of the system account.
        required: true
        schema:
          type: string
    post:
      operationId: post-system-accounts-id-access-tokens
      summary: Create System Account Access Token
      description: Creates an access token for the specified system account (SA). The access token can be used for authenticating API and CLI requests. The token will only be displayed once on creation. Returns a 409 if the system account already has a token with the same name.
      requestBody:
        $ref: '#/components/requestBodies/CreateSystemAccountAccessToken'
      responses:
        '201':
          $ref: '#/components/responses/SystemAccountAccessTokenCreated'
        '401':
          $ref: '#/components/responses/IdentityUnauthenticated'
        '403':
          $ref: '#/components/responses/Unauthorized'
        '404':
          $ref: '#/components/responses/IdentityNotFound'
        '409':
          $ref: '#/components/responses/IdentityConflict'
      tags:
        - System Accounts - Access Tokens
  '/system-accounts/{accountId}/access-tokens/{tokenId}':
    get:
      operationId: get-system-accounts-id-access-tokens-id
      summary: Get a System Account Access Token
      description: Returns the system account (SA) access token for the SA Access Token ID specified as a path parameter.
      responses:
        '200':
          $ref: '#/components/responses/SystemAccountAccessTokenSingle'
        '401':
          $ref: '#/components/responses/IdentityUnauthenticated'
        '403':
          $ref: '#/components/responses/Unauthorized'
        '404':
          $ref: '#/components/responses/IdentityNotFound'
      tags:
        - System Accounts - Access Tokens
    parameters:
      - name: accountId
        in: path
        description: ID of the system account.
        required: true
        schema:
          type: string
      - name: tokenId
        in: path
        description: ID of the system account access token.
        required: true
        schema:
          type: string
    patch:
      operationId: patch-system-accounts-id-access-tokens-id
      summary: Update System Account Access Token
      description: Updates the specified access token. Returns a 409 if the updated name is the same as another token belonging to the specified system user.
      requestBody:
        $ref: '#/components/requestBodies/UpdateSystemAccountAccessToken'
      responses:
        '200':
          $ref: '#/components/responses/SystemAccountAccessTokenSingle'
        '401':
          $ref: '#/components/responses/IdentityUnauthenticated'
        '403':
          $ref: '#/components/responses/Unauthorized'
        '404':
          $ref: '#/components/responses/IdentityNotFound'
        '409':
          $ref: '#/components/responses/IdentityConflict'
      tags:
        - System Accounts - Access Tokens
    delete:
      operationId: delete-system-accounts-id-access-tokens-id
      summary: Delete System Account Access Token
      description: Deletes the specified token. Returns 404 if the token was not found.
      responses:
        '204':
          description: No Content
        '401':
          $ref: '#/components/responses/IdentityUnauthenticated'
        '403':
          $ref: '#/components/responses/Unauthorized'
        '404':
          $ref: '#/components/responses/IdentityNotFound'
      tags:
        - System Accounts - Access Tokens
  '/system-accounts/{accountId}/assigned-roles':
    parameters:
      - name: accountId
        in: path
        description: ID of the system account.
        required: true
        schema:
          type: string
    get:
      operationId: get-system-accounts-accountId-assigned-roles
      summary: List Assigned Roles for System Account
      description: Lists the roles belonging to a system account. Returns 400 if any filter parameters are invalid.
      parameters:
        - name: filter
          in: query
          description: Filter roles returned in the response.
          required: false
          schema:
            type: object
            properties:
              entity_id:
                $ref: '#/components/schemas/StringFieldEqualsFilter'
              role_name:
                $ref: '#/components/schemas/StringFieldEqualsFilter'
              entity_type_name:
                $ref: '#/components/schemas/StringFieldEqualsFilter'
          style: deepObject
      responses:
        '200':
          $ref: '#/components/responses/AssignedRoleCollection'
        '400':
          $ref: '#/components/responses/IdentityBadRequest'
        '401':
          $ref: '#/components/responses/IdentityUnauthenticated'
        '403':
          $ref: '#/components/responses/Unauthorized'
        '404':
          $ref: '#/components/responses/IdentityNotFound'
      tags:
        - System Accounts - Roles
    post:
      operationId: post-system-accounts-accountId-assigned-roles
      summary: Create Assigned Role for System Account
      description: Assigns a role to a system account. Returns 409 if role is already assigned.
      requestBody:
        $ref: '#/components/requestBodies/AssignRole'
      responses:
        '201':
          $ref: '#/components/responses/AssignedRoleSingle'
        '401':
          $ref: '#/components/responses/IdentityUnauthenticated'
        '403':
          $ref: '#/components/responses/Unauthorized'
        '404':
          $ref: '#/components/responses/IdentityNotFound'
        '409':
          $ref: '#/components/responses/IdentityConflict'
      tags:
        - System Accounts - Roles
  '/system-accounts/{accountId}/assigned-roles/{roleId}':
    parameters:
      - name: accountId
        in: path
        description: ID of the system account.
        required: true
        schema:
          type: string
      - name: roleId
        in: path
        description: ID of the role.
        required: true
        schema:
          type: string
    delete:
      operationId: delete-system-accounts-accountId-assigned-roles-roleId
      summary: Delete Assigned Role from System Account
      description: Removes an assigned role from a system account. Returns 404 if the system account or assigned role were not found.
      responses:
        '204':
          description: No Content
        '401':
          $ref: '#/components/responses/IdentityUnauthenticated'
        '403':
          $ref: '#/components/responses/Unauthorized'
        '404':
          $ref: '#/components/responses/IdentityNotFound'
      tags:
        - System Accounts - Roles
  '/teams/{teamId}/system-accounts':
    parameters:
      - name: teamId
        in: path
        description: ID of the team.
        required: true
        schema:
          type: string
    get:
      operationId: get-teams-teamId-system-accounts
      summary: List System Accounts on a Team
      description: Returns a paginated list of system accounts that belong to the team specified in the path parameter.
      parameters:
        - $ref: '#/components/parameters/PageSize'
        - $ref: '#/components/parameters/PageNumber'
        - name: filter
          in: query
          description: Filter system accounts returned in the response.
          required: false
          schema:
            type: object
            properties:
              name:
                $ref: '#/components/schemas/LegacyStringFieldFilter'
          style: deepObject
      responses:
        '200':
          $ref: '#/components/responses/SystemAccountCollection'
        '401':
          $ref: '#/components/responses/IdentityUnauthenticated'
        '403':
          $ref: '#/components/responses/Unauthorized'
        '404':
          $ref: '#/components/responses/IdentityNotFound'
      tags:
        - System Accounts - Team Membership
    post:
      operationId: post-teams-teamId-system-accounts
      summary: Add System Account to a Team
      description: Adds a system account to a team. Returns a 409 if the system account is already a member of the team.
      requestBody:
        $ref: '#/components/requestBodies/AddSystemAccountToTeam'
      responses:
        '201':
          description: Created
        '401':
          $ref: '#/components/responses/IdentityUnauthenticated'
        '403':
          $ref: '#/components/responses/Unauthorized'
        '404':
          $ref: '#/components/responses/IdentityNotFound'
        '409':
          $ref: '#/components/responses/IdentityConflict'
      tags:
        - System Accounts - Team Membership
  '/teams/{teamId}/system-accounts/{accountId}':
    parameters:
      - name: teamId
        in: path
        description: ID of the team.
        required: true
        schema:
          type: string
      - name: accountId
        in: path
        description: ID of the system account.
        required: true
        schema:
          type: string
    delete:
      operationId: delete-teams-teamId-system-accounts-accountId
      summary: Remove System Account From Team
      description: Removes a system account from a team. Returns 404 if the team or system account were not found.
      responses:
        '204':
          description: No Content
        '401':
          $ref: '#/components/responses/IdentityUnauthenticated'
        '403':
          $ref: '#/components/responses/Unauthorized'
        '404':
          $ref: '#/components/responses/IdentityNotFound'
      tags:
        - System Accounts - Team Membership
  '/system-accounts/{accountId}/teams':
    parameters:
      - name: accountId
        in: path
        description: ID of the system account.
        required: true
        schema:
          type: string
    get:
      operationId: get-system-accounts-accountId-teams
      summary: List Teams for a System Account
      description: Returns a paginated list of a teams that the system account belongs to.
      parameters:
        - $ref: '#/components/parameters/PageSize'
        - $ref: '#/components/parameters/PageNumber'
        - name: filter
          in: query
          description: Filter teams returned in the response.
          required: false
          schema:
            type: object
            properties:
              name:
                $ref: '#/components/schemas/LegacyStringFieldFilter'
          style: deepObject
      responses:
        '200':
          $ref: '#/components/responses/TeamCollection'
        '401':
          $ref: '#/components/responses/IdentityUnauthenticated'
        '403':
          $ref: '#/components/responses/Unauthorized'
        '404':
          $ref: '#/components/responses/IdentityNotFound'
      tags:
        - System Accounts - Team Membership
  /users/me:
    get:
      operationId: get-users-me
      summary: Get My User Account
      description: Returns the user account for the user identified in the token of the request.
      responses:
        '200':
          $ref: '#/components/responses/UserSingle'
        '401':
          $ref: '#/components/responses/IdentityUnauthenticated'
      security:
        - personalAccessToken: []
        - konnectAccessToken: []
      tags:
        - Me
  /organizations/me:
    get:
      operationId: get-organizations-me
      summary: Get My Organization
      description: Returns the organization of the user identified in the token of the request.
      responses:
        '200':
          $ref: '#/components/responses/MeOrganization'
        '401':
          $ref: '#/components/responses/IdentityUnauthenticated'
      tags:
        - Me
  '/authenticate/{organizationLoginPath}':
    get:
      operationId: authenticate-sso
      summary: SSO Callback
      description: Callback for authenticating via an organization's IdP
      parameters:
        - name: organizationLoginPath
          in: path
          description: The login path for the organization.
          required: true
          schema:
            type: string
        - name: return_to
          in: query
          description: Return destination for the callback.
          schema:
            type: string
      responses:
        '302':
          description: Found
        '400':
          $ref: '#/components/responses/IdentityBadRequest'
        '401':
          $ref: '#/components/responses/IdentityUnauthenticated'
      tags:
        - Authentication
  '/users/{userId}/access-tokens':
    parameters:
      - $ref: '#/components/parameters/userId'
    get:
      operationId: list-users-personal-access-tokens
      summary: List PATs
      description: List personal access tokens for a user.
      responses:
        '200':
          $ref: '#/components/responses/PersonalAccessTokenListResponse'
        '400':
          $ref: '#/components/responses/BadRequest'
        '401':
          $ref: '#/components/responses/responses-Unauthorized'
        '403':
          $ref: '#/components/responses/Forbidden'
        '404':
          $ref: '#/components/responses/NotFound'
      security:
        - personalAccessToken: []
        - konnectAccessToken: []
        - serviceAccessToken: []
      tags:
        - Personal Access Tokens
    post:
      operationId: create-personal-access-token
      summary: Create a new personal access token
      description: Create a new personal access token. A maximum of 10 personal access tokens can be created.
      requestBody:
        $ref: '#/components/requestBodies/PersonalAccessTokenCreateRequest'
      responses:
        '201':
          $ref: '#/components/responses/PersonalAccessTokenCreateResponse'
        '400':
          $ref: '#/components/responses/BadRequest'
        '401':
          $ref: '#/components/responses/responses-Unauthorized'
        '403':
          $ref: '#/components/responses/Forbidden'
        '404':
          $ref: '#/components/responses/NotFound'
        '409':
          $ref: '#/components/responses/Conflict'
      security:
        - personalAccessToken: []
        - konnectAccessToken: []
      tags:
        - Personal Access Tokens
  '/users/{userId}/access-tokens/{tokenId}':
    parameters:
      - $ref: '#/components/parameters/userId'
      - name: tokenId
        in: path
        description: ID of the personal access token.
        required: true
        schema:
          $ref: '#/components/schemas/UUID'
    get:
      operationId: get-personal-access-token-details
      summary: Get Personal Access Token details
      description: Get Personal Access Token details.
      responses:
        '200':
          $ref: '#/components/responses/PersonalAccessTokenResponse'
        '400':
          $ref: '#/components/responses/BadRequest'
        '401':
          $ref: '#/components/responses/responses-Unauthorized'
        '403':
          $ref: '#/components/responses/Forbidden'
        '404':
          $ref: '#/components/responses/NotFound'
      security:
        - personalAccessToken: []
        - konnectAccessToken: []
        - serviceAccessToken: []
      tags:
        - Personal Access Tokens
    patch:
      operationId: update-personal-access-token-details
      summary: Update personal access token details
      description: Update personal access token details.
      requestBody:
        $ref: '#/components/requestBodies/PersonalAccessTokenUpdateRequest'
      responses:
        '200':
          $ref: '#/components/responses/PersonalAccessTokenResponse'
        '400':
          $ref: '#/components/responses/BadRequest'
        '401':
          $ref: '#/components/responses/responses-Unauthorized'
        '403':
          $ref: '#/components/responses/Forbidden'
        '404':
          $ref: '#/components/responses/NotFound'
      security:
        - personalAccessToken: []
        - konnectAccessToken: []
      tags:
        - Personal Access Tokens
    delete:
      operationId: delete-personal-access-token
      summary: Delete personal access token
      description: Delete personal access token.
      responses:
        '204':
          description: No Content
        '400':
          $ref: '#/components/responses/BadRequest'
        '401':
          $ref: '#/components/responses/responses-Unauthorized'
        '403':
          $ref: '#/components/responses/Forbidden'
        '404':
          $ref: '#/components/responses/NotFound'
      security:
        - personalAccessToken: []
        - konnectAccessToken: []
      tags:
        - Personal Access Tokens
  '/users/{userId}/access-tokens/{tokenId}/revoke':
    parameters:
      - $ref: '#/components/parameters/userId'
      - name: tokenId
        in: path
        description: ID of the personal access token.
        required: true
        schema:
          $ref: '#/components/schemas/UUID'
    patch:
      operationId: revoke-personal-access-token
      summary: Revoke Personal Access Token
      description: Revoke Personal Access Token.
      responses:
        '200':
          $ref: '#/components/responses/PersonalAccessTokenResponse'
        '400':
          $ref: '#/components/responses/BadRequest'
        '401':
          $ref: '#/components/responses/responses-Unauthorized'
        '403':
          $ref: '#/components/responses/Forbidden'
        '404':
          $ref: '#/components/responses/NotFound'
      security:
        - personalAccessToken: []
        - konnectAccessToken: []
        - serviceAccessToken: []
      tags:
        - Personal Access Tokens
components:
  parameters:
    PageNumber:
      name: 'page[number]'
      description: Determines which page of the entities to retrieve.
      required: false
      in: query
      allowEmptyValue: true
      schema:
        type: integer
        example: 1
    PageSize:
      name: 'page[size]'
      description: The maximum number of items to include per page. The last page of a collection may include fewer items.
      required: false
      in: query
      allowEmptyValue: true
      schema:
        type: integer
        example: 10
    userId:
      name: userId
      in: path
      required: true
      description: ID of the user.
      x-go-name: userIdParam
      schema:
        $ref: '#/components/schemas/UUID'
  schemas:
    IdentityProviderType:
      description: Specifies the type of identity provider.
      type: string
      example: oidc
      enum:
        - oidc
        - saml
    IdentityProviderLoginPath:
      description: The path used for initiating login requests with the identity provider.
      type: string
      example: myapp
      title: Identity Provider Login Path Property
    OIDCIdentityProviderIssuer:
      description: The issuer URI of the identity provider. This is the URL where the provider's metadata can be obtained.
      type: string
      format: uri
      example: 'https://konghq.okta.com/oauth2/default'
      title: OIDC Identity Provider Issuer Property
    OIDCIdentityProviderClientId:
      description: The client ID assigned to your application by the identity provider.
      type: string
      example: YOUR_CLIENT_ID
      title: OIDC Identity Provider Login Client Id Property
    OIDCIdentityProviderClientSecret:
      description: The Client Secret assigned to your application by the identity provider.
      type: string
      example: YOUR_CLIENT_SECRET
      title: OIDC Identity Provider Login Client Secret Property
    OIDCIdentityProviderScopes:
      description: The scopes requested by your application when authenticating with the identity provider.
      type: array
      items:
        type: string
      default:
        - email
        - openid
        - profile
      title: OIDC Identity Provider Scopes Property
    OIDCIdentityProviderClaimMappings:
      description: |
        Defines the mappings between OpenID Connect (OIDC) claims and local claims used by your application for
        authentication.
      type: object
      properties:
        name:
          description: The claim mapping for the user's name.
          type: string
          example: name
          default: name
        email:
          description: The claim mapping for the user's email address.
          type: string
          example: email
          default: email
        groups:
          description: The claim mapping for the user's group membership information.
          type: string
          example: groups
          default: groups
      title: OIDC Claim Mappings
    SAMLIdentityProviderMetadataURL:
      description: The identity provider's metadata URL where the identity provider's metadata can be obtained.
      type: string
      format: uri
      example: 'https://mocksaml.com/api/saml/metadata'
      title: SAML Identity Provider Metadata URL
    SAMLIdentityProviderMetadata:
      description: |
        The identity provider's SAML metadata. If the identity provider supports a metadata URL, you can use the `idp_metadata_url` field instead.
      type: string
      example: |
        <?xml version="1.0" encoding="UTF-8"?>
        <EntityDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata">
          <!-- SAML metadata content here -->
        </EntityDescriptor>
      title: SAML Identity Provider Metadata
    CreateIdentityProvider:
      description: The identity provider that contains configuration data for creating an authentication integration.
      type: object
      properties:
        type:
          $ref: '#/components/schemas/IdentityProviderType'
        login_path:
          $ref: '#/components/schemas/IdentityProviderLoginPath'
        enabled:
          $ref: '#/components/schemas/IdentityProviderEnabled'
        config:
          type: object
          oneOf:
            - $ref: '#/components/schemas/ConfigureOIDCIdentityProviderConfig'
            - $ref: '#/components/schemas/SAMLIdentityProviderConfig'
      title: Identity Provider
    UpdateIdentityProvider:
      description: The identity provider that contains configuration data for updating an authentication integration.
      type: object
      properties:
        enabled:
          $ref: '#/components/schemas/IdentityProviderEnabled'
        login_path:
          $ref: '#/components/schemas/IdentityProviderLoginPath'
        config:
          type: object
          oneOf:
            - $ref: '#/components/schemas/ConfigureOIDCIdentityProviderConfig'
            - $ref: '#/components/schemas/SAMLIdentityProviderConfig'
      title: Identity Provider
    IdentityProvider:
      description: The identity provider that contains configuration data for authentication integration.
      type: object
      properties:
        id:
          $ref: '#/components/schemas/UUID'
        type:
          $ref: '#/components/schemas/IdentityProviderType'
        enabled:
          $ref: '#/components/schemas/IdentityProviderEnabled'
        login_path:
          $ref: '#/components/schemas/IdentityProviderLoginPath'
        config:
          type: object
          oneOf:
            - $ref: '#/components/schemas/OIDCIdentityProviderConfig'
            - $ref: '#/components/schemas/SAMLIdentityProviderConfig'
        created_at:
          $ref: '#/components/schemas/CreatedAt'
        updated_at:
          $ref: '#/components/schemas/UpdatedAt'
      title: Identity Provider
    OIDCIdentityProviderConfig:
      description: The identity provider that contains configuration data for the OIDC authentication integration.
      type: object
      properties:
        issuer_url:
          $ref: '#/components/schemas/OIDCIdentityProviderIssuer'
        client_id:
          $ref: '#/components/schemas/OIDCIdentityProviderClientId'
        scopes:
          $ref: '#/components/schemas/OIDCIdentityProviderScopes'
        claim_mappings:
          $ref: '#/components/schemas/OIDCIdentityProviderClaimMappings'
      additionalProperties: false
      required:
        - issuer_url
        - client_id
      title: OIDC Identity Provider Config
    ConfigureOIDCIdentityProviderConfig:
      description: The identity provider that contains configuration data for the OIDC authentication integration.
      type: object
      properties:
        issuer_url:
          $ref: '#/components/schemas/OIDCIdentityProviderIssuer'
        client_id:
          $ref: '#/components/schemas/OIDCIdentityProviderClientId'
        client_secret:
          $ref: '#/components/schemas/OIDCIdentityProviderClientSecret'
        scopes:
          $ref: '#/components/schemas/OIDCIdentityProviderScopes'
        claim_mappings:
          $ref: '#/components/schemas/OIDCIdentityProviderClaimMappings'
      additionalProperties: false
      required:
        - issuer_url
        - client_id
      title: OIDC Identity Provider Config
    SAMLIdentityProviderConfig:
      description: The identity provider that contains configuration data for the SAML authentication integration.
      type: object
      properties:
        idp_metadata_url:
          $ref: '#/components/schemas/SAMLIdentityProviderMetadataURL'
        idp_metadata_xml:
          $ref: '#/components/schemas/SAMLIdentityProviderMetadata'
        sp_metadata_url:
          type: string
          format: uri
          example: 'https://cloud.konghq.com/v2/authenticate/the-saml-konnect-org/saml/metadata'
          readOnly: true
        sp_entity_id:
          description: The entity ID of the service provider (SP).
          type: string
          example: 'https://cloud.konghq.com/sp/00000000-0000-0000-0000-000000000000'
          readOnly: true
        login_url:
          description: The URL to redirect users to for initiating login with the identity provider.
          type: string
          example: 'https://cloud.konghq.com/login/the-saml-konnect-org'
          readOnly: true
        callback_url:
          description: The URL where the SAML identity provider sends authentication responses after successful login attempts.
          type: string
          format: uri
          example: 'https://cloud.konghq.com/v2/authenticate/the-saml-konnect-org/saml/acs'
          readOnly: true
      additionalProperties: false
      title: SAML Identity Provider Config
    IdP:
      description: |-
        The IdP object contains the configuration data for the OIDC authentication integration.

        NOTE: The `openid` scope is required. Removing it could break the OIDC integration.
      type: object
      properties:
        issuer:
          type: string
          format: uri
          example: 'https://myidp.com/oauth2'
        login_path:
          type: string
          example: myapp
        client_id:
          type: string
          example: YOUR_CLIENT_ID
        scopes:
          type: array
          items:
            type: string
          default:
            - email
            - openid
            - profile
        claim_mappings:
          type: object
          minProperties: 3
          properties:
            name:
              type: string
              example: name
              default: name
            email:
              type: string
              example: email
              default: email
            groups:
              type: string
              example: custom-groups-claim
              default: groups
      title: IdP Configuration
    User:
      description: The user object contains information about an individual user who can use the Konnect application and API.
      type: object
      properties:
        id:
          description: The User ID.
          type: string
          format: uuid
          example: 7f9fd312-a987-4628-b4c5-bb4f4fddd5f7
          readOnly: true
        email:
          description: The email registered to the user.
          type: string
          format: email
          example: user@email.com
          maxLength: 250
        full_name:
          description: The User's full name.
          type: string
          example: Jane Doe
          maxLength: 250
          pattern: '^[\w \W]+$'
        preferred_name:
          description: The User's preferred name.
          type: string
          example: Jane
          maxLength: 250
        active:
          description: Returns True if a user has verified their email address.
          type: boolean
          default: true
          readOnly: true
        inferred_region:
          description: The Konnect region closest to the user's IP address. This property might only be set for users on signup through Konnect’s build-in native authentication.
          type: string
          example: us
          readOnly: true
        created_at:
          description: The time stamp for the date the account was registered.
          type: string
          format: date-time
          example: '2022-02-07T17:46:57.52Z'
          readOnly: true
        updated_at:
          description: A Unix timestamp representation of the most recent change to the User account.
          type: string
          format: date-time
          example: '2022-10-08T17:00:00.52Z'
          readOnly: true
      example:
        id: 7f9fd312-a987-4628-b4c5-bb4f4fddd5f7
        email: user@email.com
        full_name: Test User
        preferred_name: test
        active: true
        inferred_region: us
        created_at: '2022-02-07T17:46:57.52Z'
        updated_at: '2022-10-08T17:00:00.52Z'
      title: User
    Team:
      description: The team object contains information about a group of users.
      type: object
      properties:
        id:
          description: The team ID.
          type: string
          format: uuid
          example: 7f9fd312-a987-4628-b4c5-bb4f4fddd5f7
          readOnly: true
        name:
          description: The name of the team.
          type: string
          example: IDM - Developers
          maxLength: 250
          pattern: '^[\w \W]+$'
        description:
          description: The team description in Konnect.
          type: string
          example: The developers for the IDM API.
          maxLength: 250
        system_team:
          description: 'Returns True if a user belongs to a `system_team`. System teams are teams that can manage Konnect objects, like "Organization Admin", or "Service"'
          type: boolean
          default: false
          readOnly: true
        labels:
          $ref: '#/components/schemas/Labels'
        created_at:
          description: A Unix timestamp representation of team creation.
          type: string
          format: date-time
          example: '1992-02-07T17:46:57.52Z'
          readOnly: true
        updated_at:
          description: |
            A Unix timestamp representation of the most recent change to the team object in Konnect.
          type: string
          format: date-time
          example: '2022-02-07T17:00:00.52Z'
          readOnly: true
      example:
        id: 7f9fd312-a987-4628-b4c5-bb4f4fddd5f7
        name: IDM - Developers
        description: The developers for the IDM API.
        system_team: false
        labels:
          env: test
        created_at: '1992-02-07T17:46:57.52Z'
        updated_at: '2022-08-31T17:00:00.52Z'
      title: Team
    TeamMapping:
      description: A team assignment is a mapping of an IdP group to a Konnect Team.
      type: object
      properties:
        group:
          description: The IdP group.
          type: string
          example: Service Developers
        team_ids:
          description: An array of ID's that are mapped to the specified group.
          type: array
          items:
            type: string
            format: uuid
            example: 6801e673-cc10-498a-94cd-4271de07a0d3
          uniqueItems: true
      example:
        group: Service Developers
        team_ids:
          - 6801e673-cc10-498a-94cd-4271de07a0d3
      title: TeamMapping
    TeamGroupMapping:
      description: A map of Konnect Team to IdP groups.
      type: object
      properties:
        team_id:
          description: The Konnect team ID.
          type: string
          format: uuid
          example: 6801e673-cc10-498a-94cd-4271de07a0d3
        groups:
          description: The IdP groups that are mapped to the specified team.
          type: array
          items:
            type: string
            example: API Engineers
          uniqueItems: true
      example:
        team_id: 6801e673-cc10-498a-94cd-4271de07a0d3
        groups:
          - Tech Leads
          - API Engineers
      title: TeamGroupMapping
    AssignedRole:
      description: An assigned role is a role that has been assigned to a user or team.
      type: object
      properties:
        id:
          description: The ID of the role assignment.
          type: string
          format: uuid
          example: eaf7adf1-32c8-4bbf-b960-d1f8456afe67
        role_name:
          description: Name of the role being assigned.
          type: string
          example: Viewer
        entity_id:
          description: A RBAC entity ID.
          type: string
          format: uuid
          example: 817d0422-45c9-4d88-8d64-45aef05c1ae7
        entity_type_name:
          description: Name of the entity type the role is being assigned to.
          type: string
          example: Control Planes
        entity_region:
          description: Region of the entity.
          type: string
          example: eu
          enum:
            - us
            - eu
            - au
            - me
            - in
            - sg
            - '*'
      example:
        id: 54cc6168-ebb1-4300-8168-d62a0dd08fc8
        role_name: Viewer
        entity_id: 18ee2573-dec0-4b83-be99-fa7700bcdc61
        entity_type_name: Control Planes
        entity_region: us
      title: AssignedRole
    SystemAccount:
      description: Schema of the system account.
      type: object
      properties:
        id:
          description: ID of the system account.
          type: string
          format: uuid
          readOnly: true
        name:
          description: Name of the system account.
          type: string
        description:
          description: Description of the system account.
          type: string
        created_at:
          description: Timestamp of when the system account was created.
          type: string
          format: date-time
          readOnly: true
        updated_at:
          description: Timestamp of when the system account was last updated.
          type: string
          format: date-time
          readOnly: true
        konnect_managed:
          description: The system account is managed by Konnect (true/false).
          type: boolean
      example:
        id: 497f6eca-6276-4993-bfeb-53cbbbba6f08
        name: Example System Account
        description: This is a sample system account description.
        created_at: '2022-08-24T14:15:22Z'
        updated_at: '2022-10-05T10:33:49Z'
        konnect_managed: false
      title: System Account
    SystemAccountAccessToken:
      description: Schema of the system account access token.
      type: object
      properties:
        id:
          description: ID of the system account access token.
          type: string
          format: uuid
          readOnly: true
        name:
          description: Name of the system account access token.
          type: string
        created_at:
          description: Timestamp of when the system account access token was created.
          type: string
          format: date-time
          readOnly: true
        updated_at:
          description: Timestamp of when the system account access token was last updated.
          type: string
          format: date-time
          readOnly: true
        expires_at:
          description: Timestamp of when the system account access token will expire.
          type: string
          format: date-time
        last_used_at:
          description: Timestamp of when the system account access token was last used.
          type: string
          format: date-time
          readOnly: true
      example:
        id: 497f6eca-6276-4993-bfeb-53cbbbba6f08
        name: Sample Access Token
        created_at: '2022-08-01T14:16:09Z'
        updated_at: '2022-08-02T08:35:49Z'
        expires_at: '2022-12-31T12:52:23Z'
        last_used_at: '2022-10-24T13:05:42Z'
      title: System Account Access Token
    PATName:
      type: string
      maxLength: 256
      minLength: 1
      pattern: '^[\p{L}\p{N}][\p{L}\p{N} _\-\.'']*[\p{L}\p{N}]$'
    PersonalAccessTokenCreateResponse:
      description: Details of the created personal access token.
      type: object
      properties:
        id:
          $ref: '#/components/schemas/UUID'
        user_id:
          $ref: '#/components/schemas/UserId'
        name:
          type: string
        state:
          description: State of the personal access token.
          type: string
          enum:
            - ACTIVE
            - REVOKED
            - EXPIRED
          readOnly: true
        konnect_token:
          description: The Konnect token used to authenticate with Konnect.
          type: string
        revoked_by:
          $ref: '#/components/schemas/RevokedBy'
        created_at:
          $ref: '#/components/schemas/CreatedAt'
        updated_at:
          $ref: '#/components/schemas/UpdatedAt'
        last_used_at:
          $ref: '#/components/schemas/LastUsedAt'
        expires_at:
          $ref: '#/components/schemas/ExpiresAt'
        revoked_at:
          $ref: '#/components/schemas/RevokedAt'
      required:
        - id
        - name
        - state
        - konnect_token
        - user_id
        - created_at
        - expires_at
    BaseError:
      description: standard error
      type: object
      properties:
        status:
          description: |
            The HTTP status code of the error. Useful when passing the response
            body to child properties in a frontend UI. Must be returned as an integer.
          type: integer
          readOnly: true
        title:
          description: |
            A short, human-readable summary of the problem. It should not
            change between occurences of a problem, except for localization.
            Should be provided as "Sentence case" for direct use in the UI.
          type: string
          readOnly: true
        type:
          description: The error type.
          type: string
          readOnly: true
        instance:
          description: |
            Used to return the correlation ID back to the user, in the format
            kong:trace:<correlation_id>. This helps us find the relevant logs
            when a customer reports an issue.
          type: string
          readOnly: true
        detail:
          description: |
            A human readable explanation specific to this occurence of the problem.
            This field may contain request/entity data to help the user understand
            what went wrong. Enclose variable values in square brackets. Should be
            provided as "Sentence case" for direct use in the UI.
          type: string
          readOnly: true
      required:
        - status
        - title
        - instance
        - detail
      title: Error
    InvalidRules:
      description: invalid parameters rules
      type: string
      enum:
        - required
        - is_array
        - is_base64
        - is_boolean
        - is_date_time
        - is_integer
        - is_null
        - is_number
        - is_object
        - is_string
        - is_uuid
        - is_fqdn
        - is_arn
        - unknown_property
        - missing_reference
        - is_label
        - matches_regex
        - invalid
        - is_supported_network_availability_zone_list
        - is_supported_network_cidr_block
        - is_supported_provider_region
        - type
      nullable: true
      readOnly: true
    InvalidParameterStandard:
      type: object
      properties:
        field:
          type: string
          example: name
          readOnly: true
        rule:
          $ref: '#/components/schemas/InvalidRules'
        source:
          type: string
          example: body
        reason:
          type: string
          example: is a required field
          readOnly: true
      additionalProperties: false
      required:
        - field
        - reason
    InvalidParameterMinimumLength:
      type: object
      properties:
        field:
          type: string
          example: name
          readOnly: true
        rule:
          description: invalid parameters rules
          type: string
          enum:
            - min_length
            - min_digits
            - min_lowercase
            - min_uppercase
            - min_symbols
            - min_items
            - min
          nullable: false
          readOnly: true
        minimum:
          type: integer
          example: 8
        source:
          type: string
          example: body
        reason:
          type: string
          example: must have at least 8 characters
          readOnly: true
      additionalProperties: false
      required:
        - field
        - reason
        - rule
        - minimum
    InvalidParameterMaximumLength:
      type: object
      properties:
        field:
          type: string
          example: name
          readOnly: true
        rule:
          description: invalid parameters rules
          type: string
          enum:
            - max_length
            - max_items
            - max
          nullable: false
          readOnly: true
        maximum:
          type: integer
          example: 8
        source:
          type: string
          example: body
        reason:
          type: string
          example: must not have more than 8 characters
          readOnly: true
      additionalProperties: false
      required:
        - field
        - reason
        - rule
        - maximum
    InvalidParameterChoiceItem:
      type: object
      properties:
        field:
          type: string
          example: name
          readOnly: true
        rule:
          description: invalid parameters rules
          type: string
          enum:
            - enum
          nullable: false
          readOnly: true
        reason:
          type: string
          example: is a required field
          readOnly: true
        choices:
          type: array
          items: {}
          minItems: 1
          nullable: false
          readOnly: true
          uniqueItems: true
        source:
          type: string
          example: body
      additionalProperties: false
      required:
        - field
        - reason
        - rule
        - choices
    InvalidParameterDependentItem:
      type: object
      properties:
        field:
          type: string
          example: name
          readOnly: true
        rule:
          description: invalid parameters rules
          type: string
          enum:
            - dependent_fields
          nullable: true
          readOnly: true
        reason:
          type: string
          example: is a required field
          readOnly: true
        dependents:
          type: array
          items: {}
          nullable: true
          readOnly: true
          uniqueItems: true
        source:
          type: string
          example: body
      additionalProperties: false
      required:
        - field
        - rule
        - reason
        - dependents
    InvalidParameters:
      description: invalid parameters
      type: array
      items:
        oneOf:
          - $ref: '#/components/schemas/InvalidParameterStandard'
          - $ref: '#/components/schemas/InvalidParameterMinimumLength'
          - $ref: '#/components/schemas/InvalidParameterMaximumLength'
          - $ref: '#/components/schemas/InvalidParameterChoiceItem'
          - $ref: '#/components/schemas/InvalidParameterDependentItem'
      minItems: 1
      nullable: false
      uniqueItems: true
    BadRequestError:
      allOf:
        - $ref: '#/components/schemas/BaseError'
        - type: object
          required:
            - invalid_parameters
          properties:
            invalid_parameters:
              $ref: '#/components/schemas/InvalidParameters'
    NotFoundError:
      allOf:
        - $ref: '#/components/schemas/BaseError'
        - type: object
          properties:
            status:
              example: 404
            title:
              example: Not Found
            type:
              example: 'https://httpstatuses.com/404'
            instance:
              example: 'kong:trace:1234567890'
            detail:
              example: Not found
    PageMeta:
      description: Contains pagination query parameters and the total number of objects returned.
      type: object
      properties:
        number:
          type: number
          example: 1
        size:
          type: number
          example: 10
        total:
          type: number
          example: 100
      required:
        - number
        - size
        - total
    PaginatedMeta:
      description: returns the pagination information
      type: object
      properties:
        page:
          $ref: '#/components/schemas/PageMeta'
      required:
        - page
      title: PaginatedMeta
    UnauthorizedError:
      allOf:
        - $ref: '#/components/schemas/BaseError'
        - type: object
          properties:
            status:
              example: 401
            title:
              example: Unauthorized
            type:
              example: 'https://httpstatuses.com/401'
            instance:
              example: 'kong:trace:1234567890'
            detail:
              example: Invalid credentials
    ConflictError:
      allOf:
        - $ref: '#/components/schemas/BaseError'
        - type: object
          properties:
            status:
              example: 409
            title:
              example: Conflict
            type:
              example: 'https://httpstatuses.com/409'
            instance:
              example: 'kong:trace:1234567890'
            detail:
              example: Conflict
    StringFieldEqualsFilter:
      description: Filters on the given string field value by exact match.
      properties:
        eq:
          type: string
      title: StringFieldEqualsFilter
      x-examples:
        example-1: equals-some-value
        example-2:
          eq: some-value
    UUID:
      description: Contains a unique identifier used for this resource.
      type: string
      format: uuid
      example: 5f9fd312-a987-4628-b4c5-bb4f4fddd5f7
      readOnly: true
    IdentityProviderEnabled:
      description: |
        Indicates whether the identity provider is enabled.
        Only one identity provider can be active at a time, such as SAML or OIDC.
      type: boolean
      example: true
      default: false
      title: Identity Provider Enabled Property
    CreatedAt:
      description: An ISO-8601 timestamp representation of entity creation date.
      type: string
      format: date-time
      example: '2022-11-04T20:10:06.927Z'
      readOnly: true
    UpdatedAt:
      description: An ISO-8601 timestamp representation of entity update date.
      type: string
      format: date-time
      example: '2022-11-04T20:10:06.927Z'
      readOnly: true
    ForbiddenError:
      allOf:
        - $ref: '#/components/schemas/BaseError'
        - type: object
          properties:
            status:
              example: 403
            title:
              example: Forbidden
            type:
              example: 'https://httpstatuses.com/403'
            instance:
              example: 'kong:trace:1234567890'
            detail:
              example: Forbidden
    LegacyStringFieldFilter:
      description: 'Filter using **one** of the following operators: `eq`, `contains`'
      type: object
      properties:
        eq:
          description: The field exactly matches the provided value.
          type: string
          example: '?filter[field_name_here][eq]=foo'
        contains:
          description: The field contains the provided value.
          type: string
          example: '?filter[field_name_here][contains]=foo'
      additionalProperties: false
      x-examples:
        example-1:
          contains: some-value
        example-2:
          eq: some-value
    Labels:
      description: |
        Labels store metadata of an entity that can be used for filtering an entity list or for searching across entity types. 

        Keys must be of length 1-63 characters, and cannot start with "kong", "konnect", "mesh", "kic", or "_".
      type: object
      example:
        env: test
      additionalProperties:
        type: string
        pattern: '^[a-z0-9A-Z]{1}([a-z0-9A-Z-._]*[a-z0-9A-Z]+)?$'
        minLength: 1
        maxLength: 63
      maxProperties: 50
      title: Labels
    BooleanFieldFilter:
      description: Filter by a boolean value (true/false).
      type: boolean
      title: BooleanFieldFilter
      x-examples:
        example-1: true
    LabelsUpdate:
      description: |
        Labels store metadata of an entity that can be used for filtering an entity list or for searching across entity types. 

        Labels are intended to store **INTERNAL** metadata.

        Keys must be of length 1-63 characters, and cannot start with "kong", "konnect", "mesh", "kic", or "_".
      type: object
      example:
        env: test
      additionalProperties:
        type: string
        pattern: '^[a-z0-9A-Z]{1}([a-z0-9A-Z-._]*[a-z0-9A-Z]+)?$'
        minLength: 1
        maxLength: 63
        nullable: true
      maxProperties: 50
      nullable: true
      writeOnly: true
    UserId:
      description: Contains a unique identifier used for a user.
      type: string
      format: uuid
      example: 5f9fd312-a987-4628-b4c5-bb4f4fddd5f7
      readOnly: true
    PersonalAccessTokenState:
      description: State of the personal access token.
      type: string
      enum:
        - ACTIVE
        - REVOKED
        - EXPIRED
    RevokedBy:
      description: Contains a unique identifier used for the user that revoked this token.
      type: string
      format: uuid
      example: 5f9fd312-a987-4628-b4c5-bb4f4fddd5f7
      nullable: true
      readOnly: true
    LastUsedAt:
      description: An ISO-8601 timestamp representation of entity last used date.
      type: string
      format: date-time
      example: '2022-11-04T20:10:06.927Z'
      nullable: true
      readOnly: true
    ExpiresAt:
      description: An ISO-8601 timestamp representation of entity expiration date.
      type: string
      format: date-time
      example: '2022-11-04T20:10:06.927Z'
      nullable: true
      readOnly: true
    RevokedAt:
      description: An ISO-8601 timestamp representation of entity revoked at date.
      type: string
      format: date-time
      example: '2022-11-04T20:10:06.927Z'
      nullable: true
      readOnly: true
    PersonalAccessToken:
      description: Properties of a personal access token.
      type: object
      properties:
        id:
          $ref: '#/components/schemas/UUID'
        user_id:
          $ref: '#/components/schemas/UserId'
        name:
          type: string
        state:
          $ref: '#/components/schemas/PersonalAccessTokenState'
        revoked_by:
          $ref: '#/components/schemas/RevokedBy'
        created_at:
          $ref: '#/components/schemas/CreatedAt'
        updated_at:
          $ref: '#/components/schemas/UpdatedAt'
        last_used_at:
          $ref: '#/components/schemas/LastUsedAt'
        expires_at:
          $ref: '#/components/schemas/ExpiresAt'
        revoked_at:
          $ref: '#/components/schemas/RevokedAt'
      additionalProperties: false
      required:
        - id
        - name
        - state
        - user_id
        - created_at
        - updated_at
        - expires_at
  examples:
    400-request-format-is-invalid:
      value:
        status: 400
        title: Bad Request
        detail: ''
        instance: 'konnect:trace:3674017986744198214'
        invalid_parameters:
          - field: body
            reason: request format is invalid
    400-cannot-be-blank:
      value:
        status: 400
        title: Bad Request
        detail: ''
        instance: 'konnect:trace:6644808935508571943'
        invalid_parameters:
          - field: name
            reason: cannot be blank
    400-invalid-id-format:
      value:
        status: 400
        title: Bad Request
        detail: ''
        instance: 'konnect:trace:8988732526256293040'
        invalid_parameters:
          - field: teamID
            reason: invalid ID format
    400-valid-uuid:
      value:
        status: 400
        title: Bad Request
        detail: ''
        instance: 'konnect:trace:7680390984800447837'
        invalid_parameters:
          - field: id
            reason: must be a valid UUID v4
    400-password-complexity:
      value:
        status: 400
        title: Bad Request
        detail: Password does not meet complexity requirements.
        instance: 'konnect:trace:1738820719742148545'
        invalid_parameters:
          - field: new_password
            reason: 'is too short (minimum length: 8)'
            rule: min_length
            minimum: 8
          - field: new_password
            reason: must contain at least 1 digit
            rule: min_digits
            minimum: 1
          - field: new_password
            reason: must contain at least 1 lower case character
            rule: min_lowercase
            minimum: 1
          - field: new_password
            reason: must contain at least 1 upper case character
            rule: min_uppercase
            minimum: 1
          - field: new_password
            reason: must contain at least 1 special character
            rule: min_symbols
            minimum: 1
    400-systems-team-modified:
      value:
        status: 400
        title: Bad Request
        detail: ''
        instance: 'konnect:trace:1738820719742148545'
        invalid_parameters:
          - field: teamID
            reason: system teams cannot be modified
    400-authentication-settings-cannot-be-all-disabled:
      value:
        status: 400
        title: Bad Request
        instance: 'konnect:trace:6644808935508571943'
        invalid_parameters:
          - field: oidc_auth_enabled
            reason: cannot be disabled when both basic auth and SAML are also disabled
          - field: basic_auth_enabled
            reason: cannot be disabled when both OIDC and SAML are also disabled
          - field: saml_auth_enabled
            reason: cannot be disabled when both OIDC and basic auth are also disabled
        detail: 'Atleast one of the authentication schemes from basic, oidc or saml needs to be enabled'
    400-oidc-auth-enabled-needs-idp:
      value:
        status: 400
        title: Bad Request
        detail: ''
        instance: 'konnect:trace:6644808935508571943'
        invalid_parameters:
          - field: oidc_auth_enabled
            reason: cannot be set before configuring an identity provider
    400-idp-config-is-required:
      value:
        status: 400
        title: Bad Request
        detail: An IdP configuration is required
        instance: 'konnect:trace:6644808935508571943'
        invalid_parameters:
          - field: data
            reason: cannot be set before configuring an identity provider
    404-not-found:
      value:
        status: 404
        title: Not Found
        instance: 'konnect:trace:2287285207635123011'
        detail: The requested team was not found
    403-permission-denied:
      value:
        status: 403
        title: Permission denied
        instance: 'konnect:trace:2822394689570210664'
        detail: Only enterprise organizations can create teams
    403-invalid-permissions:
      value:
        status: 403
        title: Invalid Permissions
        detail: 'You must have the [administrator] role to perform this action'
        instance: 'konnect:trace:6c1ef33ae5bce33634d7d7d695c7f203'
    403-auth-invalid:
      value:
        type: 'https://kongapi.info/konnect/invalid-permissions'
        status: 403
        title: Invalid Permissions
        detail: 'You must have the [administrator] role to perform this action'
        instance: 'konnect:trace:6c1ef33ae5bce33634d7d7d695c7f203'
    409-user-is-already-active:
      value:
        status: 409
        title: Resource Conflict
        instance: 'konnect:trace:6644808935508571943'
        detail: User is already active
    412-precondition-failed:
      value:
        status: 412
        title: Precondition Failed
        instance: 'konnect:trace:1896611024257578096'
        detail: IdP configuration not found
    429-rate-limited:
      value:
        status: 429
        title: Rate Limited
        instance: 'konnect:trace:6644808935508571943'
        detail: Too many requests
    collection-example:
      value:
        meta:
          page:
            number: 1
            size: 10
            total: 100
        data:
          - id: b02e23c5-8ee4-4e5a-99f4-43329923adcd
            role_name: Viewer
            entity_id: 437c7192-fea0-4f35-8478-c8d57783f8c1
            entity_type_name: Control Planes
            entity_region: eu
          - id: 869d9402-f117-4f9a-840f-69acaf70a81a
            role_name: Admin
            entity_id: 18ee2573-dec0-4b83-be99-fa7700bcdc61
            entity_type_name: Services
            entity_region: '*'
    Assigned-Role-Example:
      value:
        id: eaf7adf1-32c8-4bbf-b960-d1f8456afe67
        role_name: Viewer
        entity_id: 817d0422-45c9-4d88-8d64-45aef05c1ae7
        entity_type_name: Control Planes
        entity_region: eu
    group-collection-example:
      value:
        meta:
          page:
            number: 1
            size: 10
            total: 6
        data:
          - group: 111(@&*$)(@*#_@(gfds re gdsf dfg
            team_ids:
              - c0010105-e840-4824-b7ee-787f22267c36
          - group: '2222'
            team_ids:
              - af91db4c-6e51-403e-a2bf-33d27ae50c0a
    single-team-response:
      value:
        id: 7f9fd312-a987-4628-b4c5-bb4f4fddd5f7
        name: IDM - Developers
        description: The developers for the IDM API.
        system_team: false
        labels:
          env: test
          service: test
        created_at: '2022-02-07T17:46:57.52Z'
        updated_at: '2022-09-25T13:00:00.00Z'
    team-mapping-collection:
      value:
        meta:
          page:
            number: 1
            size: 1
            total: 10
        data:
          - group: Service Developers
            team_ids:
              - 6801e673-cc10-498a-94cd-4271de07a0d3
    team-group-mapping-collection:
      value:
        meta:
          page:
            number: 1
            size: 1
            total: 10
        data:
          - groups:
              - Service Developers
            team_id: 6801e673-cc10-498a-94cd-4271de07a0d3
    401-unauthenticated:
      value:
        status: 401
        title: Unauthenticated
        instance: 'konnect:trace:952172606039454040'
        detail: A valid token is required
    user-collection-response-example:
      value:
        meta:
          page:
            number: 1
            size: 10
            total: 10
        data:
          - id: 7f9fd312-a987-4628-b4c5-bb4f4fddd5f7
            email: james.woods@email.com
            full_name: James Woods
            preferred_name: Jimmy
            active: true
            created_at: '2022-08-17T17:46:57.52Z'
            updated_at: '2022-10-03T17:00:00.00Z'
    Get-User-Response:
      value:
        id: 7f9fd312-a987-4628-b4c5-bb4f4fddd5f7
        email: james.woods@email.com
        full_name: James Woods
        preferred_name: Jimmy
        active: true
        created_at: '1992-02-07T17:46:57.52Z'
        updated_at: '2022-02-07T17:00:00.52Z'
    GetImpersonationSettings:
      value:
        enabled: true
    UpdateImpersonationSettings:
      value:
        enabled: false
    Assign-Roles-US:
      value:
        role_name: Viewer
        entity_id: 18ee2573-dec0-4b83-be99-fa7700bcdc61
        entity_type_name: Control Planes
        entity_region: us
    Assign-Roles-Global:
      value:
        role_name: Admin
        entity_id: 18ee2573-dec0-4b83-be99-fa7700bcdc61
        entity_type_name: Control Planes
        entity_region: '*'
    CreateTeamExample:
      value:
        name: IDM - Developers
        description: The Identity Management (IDM) team.
        labels:
          env: test
          service: test
    Update-Team-Request:
      value:
        name: IDM - Developers
        description: The Identity Management (IDM) API team.
        labels:
          env: prod
    Update-Team-Mappings:
      value:
        mappings:
          - group: API Engineers
            team_ids:
              - af91db4c-6e51-403e-a2bf-33d27ae50c0a
    Patch-Team-Group-Mappings:
      value:
        data:
          - team_id: af91db4c-6e51-403e-a2bf-33d27ae50c0a
            groups:
              - Team Leads
              - API Engineers
    Update-User-Request:
      value:
        full_name: James C Woods
        preferred_name: Jimmy
    Add-User-Request:
      value:
        id: df120cb4-f60b-47bc-a2f8-6a28e6a3c63b
    Get-Authentication-Settings:
      value:
        oidc_auth_enabled: true
        saml_auth_enabled: false
        basic_auth_enabled: false
        idp_mapping_enabled: false
        konnect_mapping_enabled: true
    Update-Authentication-Settings:
      value:
        oidc_auth_enabled: false
        saml_auth_enabled: false
        basic_auth_enabled: true
        idp_mapping_enabled: false
        konnect_mapping_enabled: true
    OIDCIdentityProvider:
      value:
        id: 66da2d42-469d-48cd-9ff3-0db135dd82d8
        type: oidc
        enabled: false
        login_path: the-oidc-konnect-org
        config:
          issuer_url: 'https://konghq.okta.com/oauth2/default'
          client_id: 0oaqhb43ckTZ02j1F357
          scopes:
            - openid
            - email
            - profile
          claim_mappings:
            email: email
            name: name
            groups: groups
        created_at: '2022-02-07T17:46:57.52Z'
        updated_at: '2022-02-07T17:46:57.52Z'
    SAMLIdentityProvider:
      value:
        id: a2c3156d-ebb1-432b-b2f1-edcc5f133c60
        type: saml
        enabled: true
        login_path: the-saml-konnect-org
        config:
          idp_metadata_url: 'https://mocksaml.com/api/saml/metadata'
          sp_entity_id: 'https://cloud.konghq.com/sp/00000000-0000-0000-0000-000000000000'
          sp_metadata_url: 'https://cloud.konghq.com/v2/authenticate/the-saml-konnect-org/saml/metadata'
          login_url: 'https://cloud.konghq.com/login/the-saml-konnect-org'
          callback_url: 'https://cloud.konghq.com/v2/authenticate/the-saml-konnect-org/saml/acs'
        created_at: '2022-02-07T17:46:57.52Z'
        updated_at: '2022-02-07T17:46:57.52Z'
    SAMLIdentityProviderWithMetadata:
      value:
        id: a2c3156d-ebb1-432b-b2f1-edcc5f133c60
        type: saml
        enabled: true
        login_path: the-saml-konnect-org
        config:
          idp_metadata_xml: |
            <?xml version="1.0" encoding="UTF-8"?>
            <EntityDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata">
            <!-- SAML metadata content here -->
            </EntityDescriptor>
          sp_entity_id: 'https://cloud.konghq.com/sp/00000000-0000-0000-0000-000000000000'
          sp_metadata_url: 'https://cloud.konghq.com/v2/authenticate/the-saml-konnect-org/saml/metadata'
          login_url: 'https://cloud.konghq.com/login/the-saml-konnect-org'
          callback_url: 'https://cloud.konghq.com/v2/authenticate/the-saml-konnect-org/saml/acs'
        created_at: '2022-02-07T17:46:57.52Z'
        updated_at: '2022-02-07T17:46:57.52Z'
    IdentityProviders:
      value:
        - id: a2c3156d-ebb1-432b-b2f1-edcc5f133c60
          type: saml
          enabled: true
          login_path: the-saml-konnect-org
          config:
            idp_metadata_url: 'https://mocksaml.com/api/saml/metadata'
            sp_entity_id: 'https://cloud.konghq.com/sp/00000000-0000-0000-0000-000000000000'
            sp_metadata_url: 'https://cloud.konghq.com/v2/authenticate/the-saml-konnect-org/saml/metadata'
            login_url: 'https://cloud.konghq.com/login/the-saml-konnect-org'
            callback_url: 'https://cloud.konghq.com/v2/authenticate/the-saml-konnect-org/saml/acs'
          created_at: '2022-02-07T17:46:57.52Z'
          updated_at: '2022-02-07T17:46:57.52Z'
        - id: 66da2d42-469d-48cd-9ff3-0db135dd82d8
          type: oidc
          enabled: false
          login_path: the-oidc-konnect-org
          config:
            issuer_url: 'https://konghq.okta.com/oauth2/default'
            client_id: 0oaqhb43ckTZ02j1F357
            scopes:
              - openid
              - email
              - profile
            claim_mappings:
              email: email
              name: name
              groups: groups
          created_at: '2022-02-07T17:46:57.52Z'
          updated_at: '2022-02-07T17:46:57.52Z'
    CreateOIDCIdentityProvider:
      value:
        type: oidc
        login_path: the-oidc-konnect-org
        enabled: true
        config:
          issuer_url: 'https://konghq.okta.com/oauth2/default'
          client_id: 0oaqhb43ckTZ02j1F357
          client_secret: BbqwI8xP9E4evOK
          scopes:
            - openid
            - email
            - profile
          claim_mappings:
            email: email
            name: name
            groups: groups
    CreateSAMLIdentityProviderWithMetadataURL:
      value:
        type: saml
        login_path: the-saml-konnect-org
        config:
          idp_metadata_url: 'https://mocksaml.com/api/saml/metadata'
    CreateSAMLIdentityProviderWithMetadata:
      value:
        type: saml
        login_path: the-saml-konnect-org
        config:
          idp_metadata_xml: |
            <?xml version="1.0" encoding="UTF-8"?>
            <EntityDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata">
            <!-- SAML metadata content here -->
            </EntityDescriptor>
    UpdateOIDCIdentityProvider:
      value:
        enabled: true
        login_path: the-oidc-konnect-org
        config:
          issuer_url: 'https://konghq.okta.com/oauth2/default'
          client_id: 0oaqhb43ckTZ02j1F357
          client_secret: BbqwI8xP9E4evOK
          scopes:
            - openid
            - email
            - profile
          claim_mappings:
            email: email
            name: name
            groups: groups
    UpdateSAMLIdentityProvider:
      value:
        enabled: true
        login_path: the-saml-konnect-org
        config:
          idp_metadata_url: 'https://mocksaml.com/api/saml/metadata'
    UpdateIdentityProviderLoginPath:
      value:
        login_path: the-konnect-org
    PersonalAccessTokenResponse:
      value:
        id: 83f8380e-7798-4566-99e3-2edf2b57d289
        name: Development Token
        state: ACTIVE
        user_id: 84f8380e-7798-4566-99e3-2edf2b57d288
        created_at: '2023-01-01T00:00:00.000Z'
        updated_at: '2023-01-01T00:00:00.000Z'
        expires_at: '2024-01-01T00:00:00.000Z'
    PersonalAccessTokenCreateResponse:
      value:
        id: 83f8380e-7798-4566-99e3-2edf2b57d289
        name: Development Token
        state: ACTIVE
        konnect_token: kpat_DoRQeLJVS6G7lwleKI77sypGi20qT5JXKBdnpHud1mOQk4Srv
        user_id: 84f8380e-7798-4566-99e3-2edf2b57d288
        created_at: '2023-01-01T00:00:00.000Z'
        updated_at: '2023-01-01T00:00:00.000Z'
        expires_at: '2024-01-01T00:00:00.000Z'
    PersonalAccessTokenListResponse:
      summary: List Personal Access Token Response
      value:
        meta:
          number: 1
          size: 2
          total: 2
        data:
          - id: 93f8380e-7798-4566-99e3-2edf2b57d289
            name: Development Token
            state: ACTIVE
            user_id: 84f8380e-7798-4566-99e3-2edf2b57d288
            created_at: '2023-01-01T00:00:00.000Z'
            updated_at: '2023-01-01T00:00:00.000Z'
            expires_at: '2024-01-01T00:00:00.000Z'
          - id: 84f8380e-7798-4566-99e3-2edf2b57d287
            name: Development Token
            state: EXPIRED
            user_id: 84f8380e-7798-4566-99e3-2edf2b57d288
            created_at: '2023-01-01T00:00:00.000Z'
            updated_at: '2023-01-01T00:00:00.000Z'
            expires_at: '2023-02-01T00:00:00.000Z'
    CreatePersonalAccessTokenRequest:
      value:
        name: Token
        expires_at: '2024-01-01T00:00:00.000Z'
    UnauthorizedExample:
      value:
        status: 401
        title: Unauthorized
        instance: 'kong:trace:8347343766220159418'
        detail: Unauthorized
    NotFoundExample:
      value:
        status: 404
        title: Not Found
        instance: 'kong:trace:6816496025408232265'
        detail: Not Found
    ForbiddenExample:
      value:
        status: 403
        title: Forbidden
        instance: 'kong:trace:2723154947768991354'
        detail: You do not have permission to perform this action
  requestBodies:
    UpdateImpersonationSettingsRequest:
      content:
        application/json:
          schema:
            type: object
            properties:
              enabled:
                description: Indicates if user impersonation is allowed for the organization.
                type: boolean
                example: true
          examples:
            Update Impersonation Settings:
              value:
                enabled: false
      description: The request schema for adding a system account to a team.
    UpdateUser:
      description: The request schema for the update user request.
      content:
        application/json:
          schema:
            type: object
            properties:
              full_name:
                description: The user's full name.
                type: string
                example: James C. Woods
                maxLength: 250
                pattern: '^[\w \W]+$'
                writeOnly: true
              preferred_name:
                description: The user's desired name.
                type: string
                example: Jimmy
                maxLength: 250
                writeOnly: true
          examples:
            Example Request Body:
              $ref: '#/components/examples/Update-User-Request'
    CreateTeam:
      description: |-
        The request schema for the create team request.

        If you pass the same `name` and `description` of an existing team in the request, a team with the same `name` and `description` will be created. The two teams will have different `team_id` values to differentiate them.
      content:
        application/json:
          schema:
            type: object
            properties:
              name:
                description: A name for the team being created.
                type: string
                example: IDM - Developers
                pattern: '^[\w \W]+$'
                writeOnly: true
              description:
                description: The description of the new team.
                type: string
                example: The Identity Management (IDM) team.
                maxLength: 250
                writeOnly: true
              labels:
                $ref: '#/components/schemas/Labels'
            required:
              - name
          examples:
            Example Request Body:
              $ref: '#/components/examples/CreateTeamExample'
    UpdateTeam:
      description: The request schema for the update team request.
      content:
        application/json:
          schema:
            type: object
            properties:
              name:
                description: The name of the team.
                type: string
                example: IDM - Developers
                pattern: '^[\w \W]+$'
                writeOnly: true
              description:
                description: The description of the team.
                type: string
                example: The Identity Management (IDM) API team.
                maxLength: 250
                writeOnly: true
              labels:
                $ref: '#/components/schemas/LabelsUpdate'
          examples:
            Example Request Body:
              $ref: '#/components/examples/Update-Team-Request'
    AddUserToTeam:
      description: The request schema for adding a user to a team.
      content:
        application/json:
          schema:
            type: object
            properties:
              id:
                description: The user ID for the user being added to a team.
                type: string
                format: uuid
                example: df120cb4-f60b-47bc-a2f8-6a28e6a3c63b
                writeOnly: true
            required:
              - id
          examples:
            Example request body:
              $ref: '#/components/examples/Add-User-Request'
    UpdateTeamMappings:
      content:
        application/json:
          schema:
            type: object
            properties:
              mappings:
                description: The mappings object.
                type: array
                items:
                  type: object
                  properties:
                    group:
                      type: string
                    team_ids:
                      type: array
                      items:
                        type: string
            example:
              mappings:
                - group: Service Developers
                  team_ids:
                    - af91db4c-6e51-403e-a2bf-33d27ae50c0a
          examples:
            Example Request Body:
              $ref: '#/components/examples/Update-Team-Mappings'
      description: The request schema for updating IdP team mappings.
    PatchTeamGroupMappings:
      content:
        application/json:
          schema:
            type: object
            properties:
              data:
                description: The IdP groups to map to the given team.
                type: array
                items:
                  type: object
                  properties:
                    team_id:
                      type: string
                      format: uuid
                    groups:
                      type: array
                      items:
                        type: string
            example:
              data:
                - team_id: af91db4c-6e51-403e-a2bf-33d27ae50c0a
                  groups:
                    - Service Developers
          examples:
            Example Request Body:
              $ref: '#/components/examples/Patch-Team-Group-Mappings'
      description: The request schema for a partial update of mappings from Konnect Teams to IdP Groups.
    AssignRole:
      content:
        application/json:
          schema:
            description: An assigned role is a role that has been assigned to a user or team.
            type: object
            properties:
              role_name:
                description: The desired role.
                type: string
                example: Viewer
                enum:
                  - Admin
                  - Appearance Maintainer
                  - Application Registration
                  - Certificate Admin
                  - Cloud Gateway Cluster Admin
                  - Cloud Gateway Cluster Viewer
                  - Consumer Admin
                  - Connector
                  - Creator
                  - Deployer
                  - Discovery Admin
                  - Discovery Viewer
                  - Gateway Service Admin
                  - Integration Admin
                  - Integration Viewer
                  - Key Admin
                  - Maintainer
                  - Network Admin
                  - Network Creator
                  - Network Viewer
                  - Plugin Admin
                  - Plugins Admin
                  - Product Publisher
                  - Publisher
                  - Route Admin
                  - SNI Admin
                  - Scorecard Admin
                  - Scorecard Viewer
                  - Service Admin
                  - Service Creator
                  - Service Viewer
                  - Upstream Admin
                  - Vault Admin
                  - Viewer
              entity_id:
                description: The ID of the entity.
                type: string
                format: uuid
                example: e67490ce-44dc-4cbd-b65e-b52c746fc26a
              entity_type_name:
                description: The type of entity.
                type: string
                example: Control Planes
                enum:
                  - APIs
                  - API Products
                  - Application Auth Strategies
                  - Audit Logs
                  - Control Planes
                  - Dashboards
                  - DCR Providers
                  - Identity
                  - Mesh Control Planes
                  - Networks
                  - Portals
                  - Service Hub
              entity_region:
                description: Region of the team.
                type: string
                example: eu
                enum:
                  - us
                  - eu
                  - au
                  - me
                  - in
                  - sg
                  - '*'
          examples:
            Assigned Roles US:
              $ref: '#/components/examples/Assign-Roles-US'
            Assigned Roles Global:
              $ref: '#/components/examples/Assign-Roles-Global'
      description: The request schema for assigning a role.
    InviteUser:
      content:
        application/json:
          schema:
            type: object
            properties:
              email:
                type: string
                format: email
                example: james.c.woods@example.com
                writeOnly: true
            required:
              - email
      description: |-
        The request schema for the invite user request.

        If you pass an `email` that is not already an active user in the request, a fresh invitation email will be created and sent to the new user.
    CreateSystemAccount:
      content:
        application/json:
          schema:
            type: object
            properties:
              name:
                description: Name of the system account.
                type: string
              description:
                description: Description of the system account. Useful when the system account name is not sufficient to differentiate one system account from another.
                type: string
              konnect_managed:
                description: The system account is managed by Konnect (true/false).
                type: boolean
            required:
              - name
              - description
          examples:
            Sample System Account:
              value:
                name: Sample System Account
                description: This is a sample system account description.
                konnect_managed: false
      description: The request schema to create a system account.
    UpdateSystemAccount:
      content:
        application/json:
          schema:
            type: object
            properties:
              name:
                description: Name of the system account.
                type: string
              description:
                description: Description of the system account.
                type: string
      description: The request schema for the update system account request.
    UpdateSystemAccountAccessToken:
      content:
        application/json:
          schema:
            type: object
            properties:
              name:
                description: Name of the system account access token.
                type: string
            required:
              - name
    CreateSystemAccountAccessToken:
      content:
        application/json:
          schema:
            type: object
            properties:
              name:
                type: string
              expires_at:
                type: string
                format: date-time
            required:
              - name
              - expires_at
          examples:
            Sample Access Token:
              value:
                name: Sample Access Token
                expires_at: '2019-08-24T14:15:22Z'
      description: The request body to create a system account access token.
    AddSystemAccountToTeam:
      content:
        application/json:
          schema:
            type: object
            properties:
              id:
                description: ID of the system account.
                type: string
                format: uuid
          examples:
            Sample System Account:
              value:
                id: 497f6eca-6276-4993-bfeb-53cbbbba6f08
      description: The request schema for adding a system account to a team.
    UpdateAuthenticationSettings:
      description: The request schema to update an organization's authentication settings.
      content:
        application/json:
          schema:
            type: object
            properties:
              basic_auth_enabled:
                description: The organization has basic auth enabled.
                type: boolean
                example: true
              oidc_auth_enabled:
                description: The organization has OIDC disabled.
                type: boolean
                example: false
              saml_auth_enabled:
                description: The organization has SAML disabled.
                type: boolean
                example: false
              idp_mapping_enabled:
                description: Whether IdP groups determine the Konnect teams a user has.
                type: boolean
                example: true
              konnect_mapping_enabled:
                description: Whether a Konnect Identity Admin assigns teams to a user.
                type: boolean
                example: false
          examples:
            Example Request Body:
              $ref: '#/components/examples/Update-Authentication-Settings'
    UpdateIdPConfiguration:
      content:
        application/json:
          schema:
            type: object
            properties:
              issuer:
                type: string
                format: uri
                example: 'https://myidp.com/oauth2'
              login_path:
                type: string
                example: myapp
              client_id:
                type: string
                example: YOUR_CLIENT_ID
              client_secret:
                type: string
                example: YOUR_CLIENT_SECRET
              scopes:
                type: array
                items:
                  type: string
                  default: openid
                default:
                  - email
                  - openid
                  - profile
              claim_mappings:
                type: object
                minProperties: 3
                properties:
                  name:
                    type: string
                    example: name
                    default: name
                  email:
                    type: string
                    example: email
                    default: email
                  groups:
                    type: string
                    example: custom-group-claim
                    default: groups
      description: The request schema for the update IdP configuration request.
    CreateIdentityProviderRequest:
      description: |
        An object representing the configuration for creating a new identity provider. This configuration may pertain  to either an OIDC or a SAML identity provider.
      required: true
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/CreateIdentityProvider'
          examples:
            OIDC Identity Provider Request:
              $ref: '#/components/examples/CreateOIDCIdentityProvider'
            SAML Identity Provider Request With MetadataURL:
              $ref: '#/components/examples/CreateSAMLIdentityProviderWithMetadataURL'
            SAML Identity Provider Request With Metadata:
              $ref: '#/components/examples/CreateSAMLIdentityProviderWithMetadata'
    UpdateIdentityProviderRequest:
      description: |
        An object representing the configuration for updating an identity provider. This configuration may pertain  to either an OIDC or a SAML identity provider.
      required: true
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/UpdateIdentityProvider'
          examples:
            Update OIDC Identity Provider:
              $ref: '#/components/examples/UpdateOIDCIdentityProvider'
            Update SAML Identity Provider:
              $ref: '#/components/examples/UpdateSAMLIdentityProvider'
            Update Identity Provider Login Path:
              $ref: '#/components/examples/UpdateIdentityProviderLoginPath'
    PersonalAccessTokenCreateRequest:
      description: Request body schema for creating personal access tokens.
      content:
        application/json:
          schema:
            type: object
            properties:
              name:
                $ref: '#/components/schemas/PATName'
              expires_at:
                description: An ISO-8601 timestamp representation of entity expiration date.
                type: string
                format: date-time
                example: '2022-11-04T20:10:06.927Z'
                readOnly: false
            required:
              - name
              - expires_at
          examples:
            Example Request Body:
              $ref: '#/components/examples/CreatePersonalAccessTokenRequest'
    PersonalAccessTokenUpdateRequest:
      description: Request body schema for updating personal access tokens.
      content:
        application/json:
          schema:
            type: object
            properties:
              name:
                $ref: '#/components/schemas/PATName'
            minProperties: 1
          examples:
            Example Request Body:
              $ref: '#/components/examples/CreatePersonalAccessTokenRequest'
  responses:
    GetImpersonationSettingsResponse:
      description: Response for Get Impersonation Settings endpoint
      content:
        application/json:
          schema:
            type: object
            properties:
              enabled:
                description: The organization has user impersonation enabled.
                type: boolean
                example: true
            title: Get Impersonation Settings Response
          examples:
            Get Impersonation Settings:
              $ref: '#/components/examples/GetImpersonationSettings'
    UpdateImpersonationSettingsResponse:
      description: Response for Update Impersonation Settings endpoint
      content:
        application/json:
          schema:
            type: object
            properties:
              enabled:
                description: The organization has user impersonation enabled.
                type: boolean
                example: true
            title: Update Impersonation Settings Response
          examples:
            Update Impersonation Settings:
              $ref: '#/components/examples/UpdateImpersonationSettings'
    UserSingle:
      description: A get action response of a single user.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/User'
          examples:
            Example:
              $ref: '#/components/examples/Get-User-Response'
    UserCollection:
      description: A paginated list response for a collection of users.
      content:
        application/json:
          schema:
            type: object
            properties:
              meta:
                $ref: '#/components/schemas/PaginatedMeta'
              data:
                type: array
                items:
                  $ref: '#/components/schemas/User'
            title: User Collection Response
          examples:
            User Collection Response:
              $ref: '#/components/examples/user-collection-response-example'
    TeamSingle:
      description: A response including a single team.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Team'
          examples:
            Single team response:
              $ref: '#/components/examples/single-team-response'
    TeamCollection:
      description: A paginated list response for a collection of users.
      content:
        application/json:
          schema:
            type: object
            properties:
              meta:
                $ref: '#/components/schemas/PaginatedMeta'
              data:
                type: array
                items:
                  $ref: '#/components/schemas/Team'
            title: Team Collection Response
          examples:
            Team Collection:
              value:
                meta:
                  page:
                    number: 1
                    size: 1
                    total: 10
                data:
                  - id: 7f9fd312-a987-4628-b4c5-bb4f4fddd5f7
                    name: IDM - Developers
                    description: The developers for the IDM API.
                    system_team: false
                    labels:
                      env: test
                    created_at: '2022-02-07T17:46:57.52Z'
                    updated_at: '2022-09-25T13:00:00.00Z'
    TeamMappingCollection:
      description: A paginated list response for a collection of team mappings.
      content:
        application/json:
          schema:
            type: object
            properties:
              data:
                type: array
                items:
                  $ref: '#/components/schemas/TeamMapping'
            title: Team Mapping Collection Response
          examples:
            Team Mapping Collection:
              $ref: '#/components/examples/team-mapping-collection'
    TeamGroupMappingCollection:
      description: A paginated collection of mappings grouped by team_id.
      content:
        application/json:
          schema:
            type: object
            properties:
              meta:
                $ref: '#/components/schemas/PaginatedMeta'
              data:
                type: array
                items:
                  $ref: '#/components/schemas/TeamGroupMapping'
            title: Team Group Mapping Collection Response
          examples:
            Team Mapping Collection:
              $ref: '#/components/examples/team-group-mapping-collection'
    AssignedRoleSingle:
      description: A get action response of a single assigned role.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/AssignedRole'
          examples:
            Assigned Role Example:
              $ref: '#/components/examples/Assigned-Role-Example'
    AssignedRoleCollection:
      description: A paginated list response for a collection of assigned roles.
      content:
        application/json:
          schema:
            type: object
            properties:
              meta:
                $ref: '#/components/schemas/PaginatedMeta'
              data:
                description: An Array
                type: array
                items:
                  $ref: '#/components/schemas/AssignedRole'
            title: Assigned Role Collection Response
          examples:
            CollectionExample:
              $ref: '#/components/examples/collection-example'
    AuthenticationSettings:
      description: Response for authentication settings endpoint
      content:
        application/json:
          schema:
            type: object
            properties:
              basic_auth_enabled:
                description: The organization has basic auth enabled.
                type: boolean
                example: true
              oidc_auth_enabled:
                description: The organization has OIDC disabled.
                type: boolean
                example: false
              saml_auth_enabled:
                description: The organization has SAML disabled.
                type: boolean
                example: false
              idp_mapping_enabled:
                description: IdP groups determine the Konnect teams a user has.
                type: boolean
                example: true
              konnect_mapping_enabled:
                description: A Konnect Identity Admin assigns teams to a user.
                type: boolean
                example: false
            title: Authentication Settings Response
          examples:
            Get Authorization Settings:
              $ref: '#/components/examples/Get-Authentication-Settings'
    IdentityBadRequest:
      description: Bad Request
      content:
        application/problem+json:
          schema:
            $ref: '#/components/schemas/BadRequestError'
          examples:
            Request Format is Invalid:
              $ref: '#/components/examples/400-request-format-is-invalid'
            Cannot be Blank:
              $ref: '#/components/examples/400-cannot-be-blank'
            Invalid ID format:
              $ref: '#/components/examples/400-invalid-id-format'
            Must be a valid UUID v4:
              $ref: '#/components/examples/400-valid-uuid'
            System teams cannot be modified:
              $ref: '#/components/examples/400-systems-team-modified'
            Password Complexity:
              $ref: '#/components/examples/400-password-complexity'
            Authentication Settings cannot be all Disabled:
              $ref: '#/components/examples/400-authentication-settings-cannot-be-all-disabled'
            OIDC needs an IdP configuration:
              $ref: '#/components/examples/400-oidc-auth-enabled-needs-idp'
            IdP configuration is required:
              $ref: '#/components/examples/400-idp-config-is-required'
            Unsupported filter operation:
              value:
                status: 400
                title: Bad Request
                detail: ''
                instance: 'konnect:trace:3674017986744198214'
                invalid_parameters:
                  - field: '[filter][actions][contains]'
                    reason: '[contains] is not a supported filter operation'
    IdentityConflict:
      description: Conflict
      content:
        application/problem+json:
          schema:
            $ref: '#/components/schemas/ConflictError'
          examples:
            User is Already Active:
              $ref: '#/components/examples/409-user-is-already-active'
    CreateIdentityProviderPermissionDenied:
      description: Permission denied
      content:
        application/problem+json:
          schema:
            $ref: '#/components/schemas/ForbiddenError'
          examples:
            Permission Denied:
              $ref: '#/components/examples/403-permission-denied'
    IdentityPermissionDenied:
      description: Permission denied
      content:
        application/problem+json:
          schema:
            $ref: '#/components/schemas/ForbiddenError'
          examples:
            Permission Denied:
              $ref: '#/components/examples/403-permission-denied'
            Invalid Permissions:
              $ref: '#/components/examples/403-invalid-permissions'
            Username or Password invalid:
              $ref: '#/components/examples/403-auth-invalid'
    PreconditionFailed:
      description: Precondition Failed
      content:
        application/problem+json:
          schema:
            description: The error response object.
            type: object
            properties:
              status:
                description: The HTTP status code.
                type: integer
                example: 412
              title:
                description: The error response code.
                type: string
                example: Precondition Failed
              instance:
                description: The Konnect traceback code.
                type: string
                example: 'konnect:trace:1896611024257578096'
              detail:
                description: Details about the error response.
                type: string
                example: IdP configuration not found
            title: Precondition Failed Response
          examples:
            Precondition Failed:
              $ref: '#/components/examples/412-precondition-failed'
    RateLimited:
      description: Rate Limited
      content:
        application/problem+json:
          schema:
            description: The error object
            type: object
            properties:
              status:
                description: The HTTP response code
                type: integer
                example: 429
              title:
                description: The Error response
                type: string
                example: Rate Limited
              instance:
                description: The Konnect traceback ID.
                type: string
                example: 'konnect:trace:3674017986744198214'
              detail:
                description: Detailed explanation of the error response.
                type: string
                example: Too many requests
            title: Rate Limited Response
          examples:
            Rate Limited:
              $ref: '#/components/examples/429-rate-limited'
    IdentityUnauthenticated:
      description: Unauthenticated
      content:
        application/problem+json:
          schema:
            $ref: '#/components/schemas/UnauthorizedError'
          examples:
            Unauthorized:
              $ref: '#/components/examples/401-unauthenticated'
    Unauthorized:
      description: Unauthorized
      content:
        application/problem+json:
          schema:
            description: The error response object.
            type: object
            properties:
              status:
                description: The HTTP status code.
                type: integer
                example: 403
              title:
                description: The Error Response.
                type: string
                example: Unauthorized
              instance:
                description: The Konnect traceback code.
                type: string
                example: 'konnect:trace:952172606039454040'
              detail:
                description: Details about the error response.
                type: string
                example: You do not have permission to perform this action
            title: Unauthorized Response
          examples:
            Unauthorized:
              $ref: '#/components/examples/403-permission-denied'
    IdentityNotFound:
      description: Not Found
      content:
        application/problem+json:
          schema:
            $ref: '#/components/schemas/NotFoundError'
          examples:
            Not Found:
              $ref: '#/components/examples/404-not-found'
    TeamMappingResponse:
      description: A paginated list response for a collection of team mappings.
      content:
        application/json:
          schema:
            type: object
            properties:
              meta:
                description: Contains pagination data.
                type: object
                properties:
                  page:
                    description: The page object.
                    type: object
                    properties:
                      number:
                        description: Page number.
                        type: integer
                        example: 1
                      size:
                        description: Page size.
                        type: integer
                        example: 9
                      total:
                        description: Total number of results.
                        type: integer
                        example: 5
              data:
                type: array
                items:
                  type: object
                  properties:
                    group:
                      description: Group names.
                      type: string
                      example: 111(@&*$)(@*#_@(gfds re gdsf dfg
                    team_ids:
                      description: Team ID's that belong to the specified group.
                      type: array
                      items:
                        type: string
                        example: 3df49db8-39ff-490d-9fe1-251a3361fb13
            title: Team Mapping Response
          examples:
            Group Collection:
              $ref: '#/components/examples/group-collection-example'
    Roles:
      description: 'The predefined, or system managed, roles.'
      content:
        application/json:
          schema:
            type: object
            properties:
              control_planes:
                type: object
                additionalProperties: false
                properties:
                  name:
                    type: string
                    enum:
                      - Control Planes
                  roles:
                    type: object
                    properties:
                      admin:
                        type: object
                        additionalProperties: false
                        properties:
                          name:
                            type: string
                            enum:
                              - Admin
                          description:
                            type: string
                            example: This role grants full write access to all entities within a control plane.
                            enum:
                              - This role grants full write access to all entities within a control plane.
                        required:
                          - name
                          - description
                      certificate_admin:
                        type: object
                        additionalProperties: false
                        properties:
                          name:
                            type: string
                            enum:
                              - Certificate Admin
                          description:
                            type: string
                            example: This role grants full write access to administer certificates.
                            enum:
                              - This role grants full write access to administer certificates.
                        required:
                          - name
                          - description
                      consumer_admin:
                        type: object
                        additionalProperties: false
                        properties:
                          name:
                            type: string
                            enum:
                              - Consumer Admin
                          description:
                            description: This role grants full write access to administer Consumers. Can configure plugins and view plugin partials for Consumers they have access to. Cannot create or modify global plugins or plugins outside their scope.
                            type: string
                            example: This role grants full write access to administer consumers.
                            enum:
                              - This role grants full write access to administer consumers.
                        required:
                          - name
                          - description
                      creator:
                        type: object
                        additionalProperties: false
                        properties:
                          name:
                            type: string
                            enum:
                              - Creator
                          description:
                            type: string
                            example: Creates a new Control Plane in an organization. The creator becomes the owner of the Control Plane they create.
                            enum:
                              - Creates a new Control Plane in an organization. The creator becomes the owner of the Control Plane they create.
                        required:
                          - name
                          - description
                      deployer:
                        type: object
                        additionalProperties: false
                        properties:
                          name:
                            type: string
                            enum:
                              - Deployer
                          description:
                            type: string
                            example: 'This role grants full write access to administer services, routes and plugins necessary to deploy services in Service Hub.'
                            enum:
                              - 'This role grants full write access to administer services, routes and plugins necessary to deploy services in Service Hub.'
                        required:
                          - name
                          - description
                      gateway_service_admin:
                        type: object
                        additionalProperties: false
                        properties:
                          name:
                            type: string
                            enum:
                              - Gateway Service Admin
                          description:
                            description: This role grants full write access to administer Gateway Services. Can configure plugins and view plugin partials for Services they have access to. Cannot create or modify global plugins or plugins outside their scope.
                            type: string
                            example: This role grants full write access to administer gateway services.
                            enum:
                              - This role grants full write access to administer gateway services.
                        required:
                          - name
                          - description
                      plugin_admin:
                        type: object
                        additionalProperties: false
                        properties:
                          name:
                            type: string
                            enum:
                              - Plugin Admin
                          description:
                            description: 'Can configure plugins at any scope (global, Service, Route, or Consumer) within a Control Plane Group. Also has write access to plugin partials.'
                            type: string
                            example: This role grants full write access to administer plugins.
                            enum:
                              - This role grants full write access to administer plugins.
                        required:
                          - name
                          - description
                      route_admin:
                        type: object
                        additionalProperties: false
                        properties:
                          name:
                            type: string
                            enum:
                              - Route Admin
                          description:
                            description: This role grants full write access to administer Routes. Can configure plugins and view plugin partials for Routes they have access to. Cannot create or modify global plugins or plugins outside their scope.
                            type: string
                            example: This role grants full write access to administer routes.
                            enum:
                              - This role grants full write access to administer routes.
                        required:
                          - name
                          - description
                      sni_admin:
                        type: object
                        additionalProperties: false
                        properties:
                          name:
                            type: string
                            enum:
                              - SNI Admin
                          description:
                            type: string
                            example: This role grants full write access to administer SNIs.
                            enum:
                              - This role grants full write access to administer SNIs.
                        required:
                          - name
                          - description
                      upstream_admin:
                        type: object
                        additionalProperties: false
                        properties:
                          name:
                            type: string
                            enum:
                              - Upstream Admin
                          description:
                            type: string
                            example: This role grants full write access to administer upstreams.
                            enum:
                              - This role grants full write access to administer upstreams.
                        required:
                          - name
                          - description
                      viewer:
                        type: object
                        additionalProperties: false
                        properties:
                          name:
                            type: string
                            enum:
                              - Viewer
                          description:
                            description: This role grants read-only access to all the configurations of a Control Plane Group and corresponding Data Plane nodes. Includes read-only access to plugin partials within accessible scopes.
                            type: string
                            example: This role grants read only access to all entities within a control plane.
                            enum:
                              - This role grants read only access to all entities within a control plane.
                        required:
                          - name
                          - description
                required:
                  - name
                  - roles
              api_products:
                type: object
                additionalProperties: false
                properties:
                  name:
                    type: string
                    enum:
                      - API Products
                  roles:
                    type: object
                    properties:
                      admin:
                        type: object
                        additionalProperties: false
                        properties:
                          name:
                            type: string
                            enum:
                              - Admin
                          description:
                            type: string
                            example: This role grants full write access to an API product and its versions.
                            enum:
                              - This role grants full write access to an API product and its versions.
                        required:
                          - name
                          - description
                      application_registration:
                        type: object
                        additionalProperties: false
                        properties:
                          name:
                            type: string
                            enum:
                              - Application Registration
                          description:
                            type: string
                            example: This role grants permission to enable and disable application registration on an API product.
                            enum:
                              - This role grants permission to enable and disable application registration on an API product.
                        required:
                          - name
                          - description
                      creator:
                        type: object
                        additionalProperties: false
                        properties:
                          name:
                            type: string
                            enum:
                              - Creator
                          description:
                            type: string
                            example: 'This access is required to create API products. This access is not for creating sub-entities such as versions, API specs, etc.'
                            enum:
                              - 'This access is required to create API products. This access is not for creating sub-entities such as versions, API specs, etc.'
                        required:
                          - name
                          - description
                      deployer:
                        type: object
                        additionalProperties: false
                        properties:
                          name:
                            type: string
                            enum:
                              - Deployer
                          description:
                            type: string
                            example: This role grants permission to deploy and remove an API product from a control plane.
                            enum:
                              - This role grants permission to deploy and remove an API product from a control plane.
                        required:
                          - name
                          - description
                      maintainer:
                        type: object
                        additionalProperties: false
                        properties:
                          name:
                            type: string
                            enum:
                              - Maintainer
                          description:
                            type: string
                            example: This role grants all write permission to manage an API product and to administer plugins.
                            enum:
                              - This role grants all write permission to manage an API product and to administer plugins.
                        required:
                          - name
                          - description
                      plugins_admin:
                        type: object
                        additionalProperties: false
                        properties:
                          name:
                            type: string
                            enum:
                              - Plugins Admin
                          description:
                            type: string
                            example: This role grants full write permission to administer plugins.
                            enum:
                              - This role grants full write permission to administer plugins.
                        required:
                          - name
                          - description
                      publisher:
                        type: object
                        additionalProperties: false
                        properties:
                          name:
                            type: string
                            enum:
                              - Publisher
                          description:
                            type: string
                            example: This role grants permission to publish an API product to one or more portals.
                            enum:
                              - This role grants permission to publish an API product to one or more portals.
                        required:
                          - name
                          - description
                      viewer:
                        type: object
                        additionalProperties: false
                        properties:
                          name:
                            type: string
                            enum:
                              - Viewer
                          description:
                            type: string
                            example: Viewer has read-only access to an API product and its sub-entities.
                            enum:
                              - Viewer has read-only access to an API product and its sub-entities.
                        required:
                          - name
                          - description
                required:
                  - name
                  - roles
              audit_logs:
                type: object
                additionalProperties: false
                properties:
                  name:
                    type: string
                    enum:
                      - Audit Logs
                  roles:
                    type: object
                    properties:
                      admin:
                        type: object
                        additionalProperties: false
                        properties:
                          name:
                            type: string
                            enum:
                              - Admin
                          description:
                            type: string
                            example: This role grants full write access to the Audit log configuration.
                            enum:
                              - This role grants full write access to the Audit log configuration.
                        required:
                          - name
                          - description
                required:
                  - name
                  - roles
              identity:
                type: object
                additionalProperties: false
                properties:
                  name:
                    type: string
                    enum:
                      - Identity
                  roles:
                    type: object
                    properties:
                      admin:
                        type: object
                        additionalProperties: false
                        properties:
                          name:
                            type: string
                            enum:
                              - Admin
                          description:
                            type: string
                            example: This role grants full write access to the Identity configuration.
                            enum:
                              - This role grants full write access to the Identity configuration.
                        required:
                          - name
                          - description
                required:
                  - name
                  - roles
              mesh_control_planes:
                type: object
                additionalProperties: false
                properties:
                  name:
                    type: string
                    enum:
                      - Mesh Control Plane
                  roles:
                    type: object
                    properties:
                      admin:
                        type: object
                        additionalProperties: false
                        properties:
                          name:
                            type: string
                            enum:
                              - Admin
                          description:
                            type: string
                            example: This role grants full write access to the related to Mesh control planes.
                            enum:
                              - This role grants full write access to the related to Mesh control planes.
                        required:
                          - name
                          - description
                      connector:
                        type: object
                        additionalProperties: false
                        properties:
                          name:
                            type: string
                            enum:
                              - Connector
                          description:
                            type: string
                            example: This role grants a mesh zone to connect to the mesh control plane in Konnect.
                            enum:
                              - This role grants a mesh zone to connect to the mesh control plane in Konnect.
                        required:
                          - name
                          - description
                      creator:
                        type: object
                        additionalProperties: false
                        properties:
                          name:
                            type: string
                            enum:
                              - Creator
                          description:
                            type: string
                            example: This role grants access to create new Mesh control planes.
                            enum:
                              - This role grants access to create new Mesh control planes.
                        required:
                          - name
                          - description
                      viewer:
                        type: object
                        additionalProperties: false
                        properties:
                          name:
                            type: string
                            enum:
                              - Viewer
                          description:
                            type: string
                            example: This role grants access to read-only permissions to Mesh control planes.
                            enum:
                              - This role grants access to read-only permissions to Mesh control planes.
                        required:
                          - name
                          - description
                required:
                  - name
                  - roles
              dashboards:
                type: object
                additionalProperties: false
                properties:
                  name:
                    type: string
                    enum:
                      - Dashboards
                  roles:
                    type: object
                    properties:
                      viewer:
                        type: object
                        additionalProperties: false
                        properties:
                          name:
                            type: string
                            enum:
                              - Viewer
                          description:
                            type: string
                            example: Allows users to view any Dashboards content in Konnect Analytics.
                            enum:
                              - Allows users to view any Dashboards content in Konnect Analytics.
                        required:
                          - name
                          - description
                required:
                  - name
                  - roles
            title: Roles Response
          examples:
            Predefined Roles:
              value:
                control_planes:
                  name: Control Planes
                  roles:
                    admin:
                      name: Admin
                      description: This role grants full write access to all entities within a control plane.
                    certificate_admin:
                      name: Certificate Admin
                      description: This role grants full write access to administer certificates.
                    consumer_admin:
                      name: Consumer Admin
                      description: This role grants full write access to administer consumers.
                    creator:
                      name: Creator
                      description: Creates a new Control Plane in an organization. The creator becomes the owner of the Control Plane they create.
                    deployer:
                      name: Deployer
                      description: 'This role grants full write access to administer services, routes and plugins necessary to deploy services in Service Hub.'
                    gateway_service_admin:
                      name: Gateway Service Admin
                      description: This role grants full write access to administer gateway services.
                    plugin_admin:
                      name: Plugin Admin
                      description: This role grants full write access to administer plugins.
                    route_admin:
                      name: Route Admin
                      description: This role grants full write access to administer routes.
                    sni_admin:
                      name: SNI Admin
                      description: This role grants full write access to administer SNIs.
                    upstream_admin:
                      name: Upstream Admin
                      description: This role grants full write access to administer upstreams.
                    viewer:
                      name: Viewer
                      description: This role grants read only access to all entities within a control plane.
                api_products:
                  name: API Products
                  roles:
                    admin:
                      name: Admin
                      description: This role grants full write access to an API product and its versions.
                    application_registration:
                      name: Application Registration
                      description: This role grants permission to enable and disable application registration on an API product.
                    creator:
                      name: Creator
                      description: 'This access is required to create API products. This access is not for creating sub-entities such as versions, API specs, etc.'
                    deployer:
                      name: Deployer
                      description: This role grants permission to deploy and remove an API product from a control plane.
                    maintainer:
                      name: Maintainer
                      description: This role grants all write permission to manage an API product and to administer plugins.
                    plugins_admin:
                      name: Plugins Admin
                      description: This role grants full write permission to administer plugins.
                    publisher:
                      name: Publisher
                      description: This role grants permission to publish an API product to one or more portals.
                    viewer:
                      name: Viewer
                      description: Viewer has read-only access to an API product and its sub-entities.
                audit_logs:
                  name: Audit Logs
                  roles:
                    admin:
                      name: Admin
                      description: This role grants full write access to the Audit log configuration.
                identity:
                  name: Identity
                  roles:
                    admin:
                      name: Admin
                      description: This role grants full write access to the Identity configuration.
                mesh_control_planes:
                  name: Mesh Control Plane
                  roles:
                    admin:
                      name: Admin
                      description: This role grants full write access to the related to Mesh control planes.
                    connector:
                      name: Connector
                      description: This role grants a mesh zone to connect to the mesh control plane in Konnect.
                    creator:
                      name: Creator
                      description: This role grants access to create new Mesh control planes.
                    viewer:
                      name: Viewer
                      description: This role grants access to read-only permissions to Mesh control planes.
                dashboards:
                  name: Dashboards
                  roles:
                    viewer:
                      name: Viewer
                      description: Allows users to view any Dashboards content in Konnect Analytics.
    SystemAccountCollection:
      description: A paginated list response for a collection of system accounts.
      content:
        application/json:
          schema:
            type: object
            properties:
              meta:
                $ref: '#/components/schemas/PaginatedMeta'
              data:
                type: array
                items:
                  $ref: '#/components/schemas/SystemAccount'
            title: System Account Collection Response
          examples:
            Sample System Accounts:
              value:
                meta:
                  page:
                    number: 1
                    size: 10
                    total: 100
                data:
                  - id: 497f6eca-6276-4993-bfeb-53cbbbba6f08
                    name: Sample System Account
                    created_at: '2019-08-24T14:15:22Z'
                    updated_at: '2019-08-24T14:15:22Z'
                    konnect_managed: false
    SystemAccountSingle:
      description: A response including a single system account.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/SystemAccount'
          examples:
            Sample System Account:
              value:
                id: 497f6eca-6276-4993-bfeb-53cbbbba6f08
                name: Sample System Account
                description: This is a sample system account description.
                created_at: '2019-08-24T14:15:22Z'
                updated_at: '2019-08-24T14:15:22Z'
                konnect_managed: false
    SystemAccountAccessTokenSingle:
      description: A response including a single system account access token.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/SystemAccountAccessToken'
          examples:
            Sample System Account Access Token:
              value:
                id: 497f6eca-6276-4993-bfeb-53cbbbba6f08
                name: Sample Access Token
                created_at: '2019-08-24T14:15:22Z'
                updated_at: '2019-08-24T14:15:22Z'
                expires_at: '2019-08-24T14:15:22Z'
                last_used_at: '2019-08-24T14:15:22Z'
    SystemAccountAccessTokenCollection:
      description: A paginated list response for a collection of system accounts access tokens.
      content:
        application/json:
          schema:
            type: object
            properties:
              meta:
                $ref: '#/components/schemas/PaginatedMeta'
              data:
                type: array
                items:
                  $ref: '#/components/schemas/SystemAccountAccessToken'
            title: System Account Access Token Collection Reponse
          examples:
            Sample System Account Access Token:
              value:
                meta:
                  page:
                    number: 1
                    size: 10
                    total: 100
                data:
                  - id: 497f6eca-6276-4993-bfeb-53cbbbba6f08
                    name: Sample Access Token
                    created_at: '2019-08-24T14:15:22Z'
                    updated_at: '2019-08-24T14:15:22Z'
                    expires_at: '2019-08-24T14:15:22Z'
                    last_used_at: '2019-08-24T14:15:22Z'
    SystemAccountAccessTokenCreated:
      description: A response including a single system account access token with the token.
      content:
        application/json:
          schema:
            type: object
            properties:
              id:
                description: ID of the system account access token.
                type: string
                format: uuid
                readOnly: true
              name:
                description: Name of the system account access token.
                type: string
              created_at:
                description: Timestamp of when the system account access token was created.
                type: string
                format: date-time
                readOnly: true
              updated_at:
                description: Timestamp of when the system account access token was last updated.
                type: string
                format: date-time
                readOnly: true
              expires_at:
                description: Timestamp of when the system account access token will expire.
                type: string
                format: date-time
                readOnly: true
              last_used_at:
                description: Timestamp of when the system account access token was last used.
                type: string
                format: date-time
                readOnly: true
              token:
                description: The token of the system account access token.
                type: string
                readOnly: true
                x-sensitive: true
            example:
              id: 497f6eca-6276-4993-bfeb-53cbbbba6f08
              name: Sample Access Token
              created_at: '2022-08-01T14:16:09Z'
              updated_at: '2022-08-02T08:35:49Z'
              expires_at: '2022-12-31T12:52:23Z'
              last_used_at: '2022-10-24T13:05:42Z'
              token: spat_12345678901234567890123456789012345678901234567890
            title: System Account Access Token Created Response
          examples:
            Sample Access Token:
              value:
                id: 497f6eca-6276-4993-bfeb-53cbbbba6f08
                name: Sample Access Token
                created_at: '2019-08-24T14:15:22Z'
                updated_at: '2019-08-24T14:15:22Z'
                expires_at: '2019-08-24T14:15:22Z'
                last_used_at: '2019-08-24T14:15:22Z'
                token: spat_12345678901234567890123456789012345678901234567890
    MeOrganization:
      description: Me Organization
      content:
        application/json:
          schema:
            type: object
            properties:
              id:
                description: UUID of the organization.
                type: string
                format: uuid
                readOnly: true
              name:
                description: Name of the organization.
                type: string
              owner_id:
                description: Owner ID of the organization.
                type: string
              login_path:
                description: Path to organization-specific login when single sign on (SSO) is enabled. Blank otherwise.
                type: string
              created_at:
                description: Date the organization was created.
                type: string
                format: date-time
                readOnly: true
              updated_at:
                description: Date the organization was last updated.
                type: string
                format: date-time
                readOnly: true
              state:
                description: State of the organization
                type: string
                enum:
                  - active
                  - inactive
                  - deleting
                  - deleted
              retention_period_days:
                description: The number of days an organization spends inactive before being deleted.
                type: integer
            example:
              id: d99c041a-c7cf-46a2-bf3a-44bb5f75400e
              name: string
              owner_id: 1c9c3848-5897-4f2c-beed-df6f3e3adb37
              created_at: '2023-01-23T17:22:52.150Z'
              updated_at: '2023-01-23T17:22:52.150Z'
              state: active
              retention_period_days: 90
            title: Me Organization Response
          examples:
            Example:
              value:
                id: 023bfa42-3513-4cbf-b059-a9ddb4ea995d
                name: Acme Co.
                owner_id: e02c829c-0e2d-44b5-9057-07714ea613a3
                login_path: acme
                created_at: '2023-01-18T11:35:45.130Z'
                updated_at: '2023-01-23T17:22:52.150Z'
                state: active
                retention_period_days: 90
    IdentityProvider:
      description: |
        An identity provider configuration. This response represents the configuration of a specific identity provider, which can be either OIDC or SAML.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/IdentityProvider'
          examples:
            OIDC Identity Provider:
              $ref: '#/components/examples/OIDCIdentityProvider'
            SAML Identity Provider With Meta Data URL:
              $ref: '#/components/examples/SAMLIdentityProvider'
            SAML Identity Provider With Meta Data:
              $ref: '#/components/examples/SAMLIdentityProviderWithMetadata'
    IdentityProviders:
      description: |
        A collection of identity providers. This response contains a collection of identity providers, which may  include both OIDC and SAML identity providers.
      content:
        application/json:
          schema:
            type: array
            items:
              $ref: '#/components/schemas/IdentityProvider'
            title: Identity Provider Collection Response
          examples:
            Identity Provider Collection:
              $ref: '#/components/examples/IdentityProviders'
    IdPConfiguration:
      description: A get action response of the IdP configuration.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/IdP'
    PersonalAccessTokenResponse:
      description: Response containing details of a personal access token.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/PersonalAccessToken'
          examples:
            Personal Access Token Response:
              $ref: '#/components/examples/PersonalAccessTokenResponse'
    PersonalAccessTokenCreateResponse:
      description: Response containing details of the created personal access token.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/PersonalAccessTokenCreateResponse'
          examples:
            Personal Access Token Response:
              $ref: '#/components/examples/PersonalAccessTokenCreateResponse'
    PersonalAccessTokenListResponse:
      description: A list response for a collection of personal access tokens.
      content:
        application/json:
          schema:
            type: object
            properties:
              meta:
                $ref: '#/components/schemas/PageMeta'
              data:
                type: array
                items:
                  $ref: '#/components/schemas/PersonalAccessToken'
            additionalProperties: false
            required:
              - data
          examples:
            Personal Access Token List Response:
              $ref: '#/components/examples/PersonalAccessTokenListResponse'
    BadRequest:
      description: Bad Request
      content:
        application/problem+json:
          schema:
            $ref: '#/components/schemas/BadRequestError'
    responses-Unauthorized:
      description: Unauthorized
      content:
        application/problem+json:
          schema:
            $ref: '#/components/schemas/UnauthorizedError'
          examples:
            UnauthorizedExample:
              $ref: '#/components/examples/UnauthorizedExample'
    NotFound:
      description: Not Found
      content:
        application/problem+json:
          schema:
            $ref: '#/components/schemas/NotFoundError'
          examples:
            NotFoundExample:
              $ref: '#/components/examples/NotFoundExample'
    Conflict:
      description: Conflict
      content:
        application/problem+json:
          schema:
            $ref: '#/components/schemas/ConflictError'
    Forbidden:
      description: Forbidden
      content:
        application/problem+json:
          schema:
            $ref: '#/components/schemas/ForbiddenError'
          examples:
            UnauthorizedExample:
              $ref: '#/components/examples/ForbiddenExample'
  securitySchemes:
    systemAccountAccessToken:
      type: http
      scheme: bearer
      bearerFormat: Token
      description: |
        The system account access token is meant for automations and integrations that are not directly associated with a human identity.
        You can generate a system account Access Token by creating a system account and then obtaining a system account access token for that account.
        The access token must be passed in the header of a request, for example:
        `curl -X GET 'https://global.api.konghq.com/v2/users/' --header 'Authorization: Bearer spat_i2Ej...'`
    personalAccessToken:
      type: http
      scheme: bearer
      bearerFormat: Token
      description: |
        The personal access token is meant to be used as an alternative to basic-auth when accessing Konnect via APIs.
        You can generate a Personal Access Token (PAT) from the [personal access token page](https://cloud.konghq.com/global/account/tokens/) in the Konnect dashboard.
        The PAT token must be passed in the header of a request, for example:
        `curl -X GET 'https://global.api.konghq.com/v2/users/' --header 'Authorization: Bearer kpat_xgfT...'`
    konnectAccessToken:
      type: http
      scheme: bearer
      bearerFormat: JWT
      description: |
        The Konnect access token is meant to be used by the Konnect dashboard and the decK CLI authenticate with.
    serviceAccessToken:
      type: http
      scheme: bearer
      bearerFormat: JWT
      description: |
        The Service access token is meant to be used between internal services.
tags:
  - name: Auth Settings
  - name: Invites
  - name: Roles
  - name: Team Membership
  - name: Teams
  - name: Users
  - name: System Accounts
  - name: System Accounts - Access Tokens
  - name: System Accounts - Roles
  - name: System Accounts - Team Membership
  - name: Me
  - name: Authentication
  - name: Impersonation Settings
  - name: Personal Access Tokens
security:
  - personalAccessToken: []
  - systemAccountAccessToken: []
  - konnectAccessToken: []
  - serviceAccessToken: []