API ReferenceService Account

Retrieve Service Account status for current org

View as Markdown
Retrieve Service Account status for current org API service must be configured for Service Account access at the time of deployment. It cannot be enabled or disabled via API.

Authentication

AuthorizationBearer
``` export JWT_BEARER_TOKEN="<jwt-bearer-token>" # Example org name: "acme-inc export ORG_NAME=<org-name> # Use the JWT bearer token in your API request auth header: curl -v -X GET -H "Content-Type: application/json" -H "Authorization: Bearer $JWT_BEARER_TOKEN" https://nico-rest-api.nico.svc.cluster.local/v2/org/$ORG_NAME/nico/user/current ```

Path parameters

orgstringRequired
Name of the Org

Response

OK
enabledboolean

Indicates whether the calling token is authenticated as a Service Account. This is determined per request from how the token’s issuer is configured at deployment time (the issuer config in the nico-rest-api-config ConfigMap); it cannot be toggled via the API. Rules by issuer origin:

  • keycloak: true for a client-credentials (service-to-service) token — i.e. the token carries a client ID — when the issuer is deployed with keycloak.serviceAccount: true.
  • custom: true when the claimMapping matched for this org sets isServiceAccount: true. Only permitted when the API runs in disconnected mode.
  • kas-ssa / kas-legacy: always false; service accounts are not supported for these origins.

For details on issuer origins and configuration, see the NICo REST auth module README.

infrastructureProviderIdstring or nullformat: "uuid"
ID of the Infrastructure Provider associated with Service Account
tenantIdstring or nullformat: "uuid"
ID of the Tenant associated with Service Account

Errors

403
Forbidden Error