Hello there!

Need Help? We are right here!

support
miniOrange Support

Thanks for your inquiry.
One of our representatives will get in touch with you shortly via email.







Super Admin API Guide

Overview

Integrating Super Admin API in the system provides additional priviledges to the user. It helps in allocating control over admin access. miniOrange has created a provision for integrating super admin API in your system. The guide below gives step by step instructions of integrating miniOrange Super Admin APIs to your system.

User Provisioning Guide

Step 1:​ ​Create Authentication Header

Creating Authorization Header is necessary so that the valid user is accessing the system. After setting this the call for challenge and valid Rest APIs are set up.The values provided below need to be set in the Header of the HTTP Request being made. This will be common for both your OTP​ ​request​ ​and​ ​OTP​ ​validation​ ​calls.

Note: Check the sample JAVA and PHP code below to get an idea on​ ​how​ ​you​ ​can​ ​create​ ​the​ ​authorization​ ​headers.

AttributeDescription
Customer-KeyYour customer Key
Api-KeyYour Api Key
TimestampTime in milliseconds when the request is being made
AuthorizationSha​ ​512​ ​Hash​ ​Value​ ​consisting​ ​of​ ​the​ ​customer​ ​key​ ​,​ ​current​ ​timestamp​ ​and​ ​api​ ​key.

Obtain the ​Customer-Key​ ​and​ ​Api​ ​Key​ ​by​ ​following​ ​these​ ​steps:

1. Go​ ​to​ ​​https://login.xecurify.com/moas/login

2. Log​ ​in​ ​using​ ​your​ ​miniOrange​ ​credentials.

3. Go​ ​to​ ​​ Integrations >>​ ​Custom ​ App​ ​ Integrations​​ from​ ​the​ ​left​ ​hand​ ​side​ ​menu​ ​bar.

4. You​ ​will​ ​find​ ​all​ ​the​ ​necessary​ ​information​ ​from​ ​the​ ​table​ ​under​ ​the​ ​​Custom ​Application ​Integration ​​section.

Sample Code

   /*​ ​You​ ​can​ ​get​ ​​customer​ ​Key​​ ​and​ ​​customer​ ​Api​ ​Key​​ ​from https://login.xecurify.com/moas/
   customerconfigurations*/ String​ ​customerKey​ ​=​ ​""; String​ ​apiKey​ ​=​ ​"";

   /*​ ​Current​ ​time​ ​in​ ​milliseconds​ ​since​ ​midnight,​ ​January​ ​1,​ ​1970​ ​UTC.​ ​*/ String​ ​currentTimeInMillis​ ​=​
   ​String.valueOf(System.currentTimeMillis());

   /*​ ​Creating​ ​the​ ​Hash​ ​using​ ​SHA-512​ ​algorithm​ ​(Apache​ ​Shiro​ ​library)​ ​*/ String​ ​stringToHash​ ​=​
   ​customerKey​ ​+​ ​currentTimeInMillis​ ​+​ ​apiKey; String​ ​hashValue​ ​=​ ​new​ ​Sha512Hash(stringToHash).toHex().
   toLowerCase();

   HttpPost​ ​postRequest​ ​=​ ​new​ ​HttpPost("");

   /*​ ​Setting​ ​the​ ​Authorization​ ​Header​ ​values​ ​*/ postRequest.setHeader("Customer-Key",​ ​customerKey);
    postRequest.setHeader("Timestamp",​ ​currentTimeInMillis); postRequest.setHeader
   ("Authorization",​ ​hashValue)



PHP

   /*​ ​You​ ​can​ ​get​ ​​customer​ ​Key​​ ​and​ ​​customer​ ​Api​ ​Key​​ ​from https://login.xecurify.com/moas/
   customerconfigurations*/ $customerKey​ ​=​ ​"";
   $apiKey​ ​=​ ​"";

   /*​ ​Current​ ​time​ ​in​ ​milliseconds​ ​since​ ​midnight,​ ​January​ ​1,​ ​1970​ ​UTC.​ ​*/ $currentTimeInMillis​ ​=​
    ​round(microtime(true)​ ​*​ ​1000);

   /*​ ​Creating​ ​the​ ​Hash​ ​using​ ​SHA-512​ ​algorithm​ ​*/ $stringToHash​ ​=​ ​$customerKey​ ​.​ ​number_format​
​   (​ ​$currentTimeInMillis,​ ​0,​ ​'',​ ​''​ ​)​ ​. $apiKey;
    $hashValue​ ​=​ ​hash("sha512",​ ​$stringToHash);

   /*​ ​Add​ ​$customerKeyHeader,$timestampHeader​ ​and​ ​$authorizationHeader​ ​in​ ​the httpheader​ ​*/
   $customerKeyHeader​ ​=​ ​"Customer-Key:​ ​"​ ​.​ ​$customerKey; $timestampHeader​ ​=​ ​"Timestamp:​ ​"​ ​.​
   ​number_format​    ​(​ ​$currentTimeInMillis,​ ​0,​ ​'',​ ​'' ); $authorizationHeader​ ​=​ ​"Authorization:​ ​"​
   ​.​ ​$hashValue;


STEP​ ​2:​ ​API​ ​DETAILS

Get ​All ​Admins

EndPoint:​ https://login.xecurify.com/moas/api/superadmin/admins/getall

This endpoint is used by SuperAdmin to fetch all Customer Admins. Customer Admins will be fetched in batches and a maximum of 500 admins can be fetched in 1 call. You will have to call this endPoint multiple times till you have​ ​fetched​ ​all​ ​of​ ​the​ ​admins.

.​

​The​ ​following​ ​JSON​ ​data​ ​is needed ​to​ ​pass ​in​ ​the​ ​request:

/*​ ​JSON​ ​Object​ ​format​ ​which​ ​will​ ​be​ ​sent​ ​for​ ​fetching​ ​all​ ​admins*/ { ​​"customerKey":​​"","batchNo":​ }


AttributeDescription
Customer Key*Your customer key.
BatchNoThe​ ​batch​ ​number​ ​to​ ​fetch​ ​user’s​ ​in​ ​batches.​ ​You​ ​can​ ​increment​ ​this​ ​by​ ​1​ ​each​ ​time you​ ​are​ ​fetching​ ​500​ ​users.​ ​If​ ​the​ ​response​ ​from​ ​the​ ​server​ ​has​ ​batch​ ​number​ ​as​ ​-1 then​ ​that​ ​means​ ​there​ ​are​ ​no​ ​more​ ​admins​ ​to​ ​be​ ​fetched.

In​ ​response​ ​​list​ ​of​ ​Admins​ ​and​ ​their​ ​details​ ​as​ ​JSON​ ​data are sent.​ ​Here’s​ ​an​ ​example​ ​:

   /*​ ​JSON​ ​Object​ ​format​ ​in​ ​response​ ​to​ ​the​ ​get​ ​all​ ​admin​ ​api​ ​call​ ​*/

   {"status":​​"SUCCESS","message":​ ​"Customer​ ​Admins​ ​retrieved​ ​successfully.",
    "users":​ ​[{​"customerId":​ ​,​"fname":​"", ​"lname":​ ","primaryPhone":​ ​"", "secondFactorAuthType":​"",
​    "primaryEmail":​ ​"","username":​ ​"",​"companyName":​"",​"customAttribute1":​ ​"",
​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​. ​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​. ​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​. ​ ​​ ​​ ​​ ​​ ​​ ​​ ​},
    {"customerId":​ ​,​"fname":​ ​"", ​"lname":​ ​",​"primaryPhone":​​"",ensp;ensp;​"secondFactorAuthType":​ ​"",
    "primaryEmail":​ ​"","username":​ ​"",​"companyName":​ ​"",
    ​"lastUpdatedDttm":​"", ​ ​​ ​​ ​​ ​"creationDttm":​ ​"",​"customAttribute1":​ ​"", ​ ​. ​ ​​ ​. ​ ​​ ​​.​},
     ​{​"customerId":​ ​,​"fname":​ ​"", ​​"lname":​ ​",​"primaryPhone":​ ​"",
​    "secondFactorAuthType":​ ​"", ​"primaryEmail":​ ​"", ​ ​​ ​​​"username":​ ​"",
    ​"companyName":​ ​"", ​ ​​ ​​ ​​ ​"lastUpdatedDttm":​ ​"", ​ ​​ ​​ ​​ ​"creationDttm":​ ​"", ​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​​
     ​"customAttribute1":​ ​"", ​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​. ​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​. ​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​. ​ ​​ ​​ ​​ ​​ ​​ ​​ ​} ​ ​​ ​​ ​],​"fetchedCount":​ ​3, ​
​​     ​"nextBatch":​ ​-1 }



AttributeDescription
StatusTrue​ ​or​ ​False​ ​indicating​ ​if​ ​the​ ​operation​ ​was​ ​successful.
messageMessage​ ​from​ ​the​ ​Server
usersList​ ​of​ ​all​ ​Admins.​ ​A​ ​admin​ ​can​ ​have​ ​the​ ​following​ ​information:
AttributeDescription
CustomerIdID​ ​of​ ​the​ ​Admin
fnameFirst​ ​Name​ ​of​ ​the​ ​Admin
lnameLast​ ​Name​ ​of​ ​the​ ​Admin
mnameMiddle​ ​Name​ ​of​ ​the​ ​Admin
primaryPhoneAdmin’s​ ​Phone​ ​Number
secondFactorAuthTypeSecond​ ​Factor​ ​Type​ ​of​ ​the​ ​Admin
primaryEmailEmail​ ​of​ ​the​ ​Admin
alternateEmailAlternate​ ​Email​ ​of​ ​the​ ​Admin
creationDttmTime​ ​of​ ​Creation​ ​of​ ​the​ ​Admin
lastUpdatedDttmTime​ ​of​ ​Last​ ​Update​ ​of​ ​the​ ​Admin
usernameUsername​ ​of​ ​the​ ​Admin
companyNameName​ ​of​ ​the​ ​Company​ ​associated​ ​with the​ ​Admin
CustomerAttributes1-50 All​ ​the​ ​custom​ ​attributes​ ​set​ ​for​ ​the Admin

Get ​all End​ Users​ ​of​ ​a ​Admin

EndPoint:​ ​https://login.xecurify.com/moas/api/superadmin/admin/users/getall

This endpoint is used by SuperAdmin to fetch all End Users of a particular Admin under him or her. End Users will be fetched in batches and a maximum of 500 End Users can be fetched in 1 call. You will have to call this endPoint multiple times till you​ ​have​ ​fetched​ ​all​ ​of​ ​the​ ​users.

​The​ ​following​ ​JSON​ ​data is passed ​in​ ​the​ ​request:

/*​ ​JSON​ ​Object​ ​format​ ​which​ ​will​ ​be​ ​sent​ ​for​ ​fetching​ ​all​ ​admins*/
{ ​ ​​ ​"customerKey":​ ​"", ​ ​​ ​"username":​ ​"", ​ ​​ ​"companyName":​ ​"", ​ ​​ ​"batchNo":​ ​ }


AttributeDescription
customerKey​ ​​* Your​ ​customer​ ​key.
usernameUserName​ ​of​ ​the​ ​Admin​ ​whose​ ​end​ ​users​ ​need​ ​to​ ​be​ ​fetched
companyNameName​ ​of​ ​the​ ​company​ ​admin​ ​is​ ​associated​ ​with
batchNoThe​ ​batch​ ​number​ ​to​ ​fetch​ ​user’s​ ​in​ ​batches.​ ​You​ ​can​ ​increment​ ​this​ ​by​ ​1​ ​each​ ​time you​ ​are​ ​fetching​ ​500​ ​users.​ ​If​ ​the​ ​response​ ​from​ ​the​ ​server​ ​has​ ​batch​ ​number​ ​as​ ​-1 then​ ​that​ ​means​ ​there​ ​are​ ​no​ ​more​ ​admins​ ​to​ ​be​ ​fetched.

In​ ​response​ ​you​ ​will​ ​sent​ ​a​ ​list​ ​of​ ​Admins​ ​and​ ​their​ ​details​ ​as​ ​JSON​ ​data.​ ​Here’s​ ​an​ ​example​ ​:


/*​ ​JSON​ ​Object​ ​format​ ​in​ ​response​ ​to​ ​the​ ​get​ ​all​ ​admin​ ​api​ ​call​ ​*/
{ ​ ​​ ​​ ​"status":​ ​"SUCCESS",
​ ​​ ​​ ​"message":​ ​"End​ ​Users​ ​retrieved​ ​successfully.", ​ ​​ ​​ ​"users":​
​[{ ​
​​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​"customerId":​ ​,
​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​"fname":​ ​"",
​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​"lname":​ ​",
​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​"primaryPhone":​ ​"",
​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​"secondFactorAuthType":​ ​"",
​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​"primaryEmail":​ ​"",
​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​"username":​ ​"",
​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​"companyName":​ ​"",
​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​"customAttribute1":​ ​"",
​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​. ​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​. ​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​. ​ ​​ ​​ ​​ ​​ ​​ ​​ ​},
​ ​​ ​​ ​​ ​​ ​​ ​​ ​{ ​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​"customerId":​ ​,
​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​"fname":​ ​"",
​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​"lname":​ ​",
​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​"primaryPhone":​ ​"",
​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​"secondFactorAuthType":​ ​"",
​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​"primaryEmail":​ ​"",
​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​"username":​ ​"",
​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​"companyName":​ ​"",
​ ​​ ​​ ​​ ​"lastUpdatedDttm":​ ​"
",
​ ​​ ​​ ​​ ​"creationDttm":​ ​"",
​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​"customAttribute1":​ ​"",
​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​. ​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​. ​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​. ​ ​​ ​​ ​​ ​​ ​​ ​​ ​},
​ ​​ ​​ ​​ ​​ ​​ ​​ ​{
​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​"customerId":​ ​,
​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​"fname":​ ​"",
​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​"lname":​ ​",
​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​"primaryPhone":​
​"",
​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​"secondFactorAuthType":​ ​"",
​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​"primaryEmail":​ ​"",
​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​"username":​ ​"",
​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​"companyName":​ ​"",
​ ​​ ​​ ​​ ​"lastUpdatedDttm":​ ​"",
​ ​​ ​​ ​​ ​"creationDttm":​ ​"
", ​
​​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​"customAttribute1":​ ​"",
​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​. ​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​. ​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​. ​ ​​ ​​ ​​ ​​ ​​ ​​ ​}
​ ​​ ​​ ​],
​ ​​ ​​ ​"fetchedCount":​ ​3,
​ ​​ ​​ ​"nextBatch":​ ​-1 }

AttributeDescription
statusTrue​ ​or​ ​False​ ​indicating​ ​if​ ​the​ ​operation​ ​was​ ​successful
messageMessage​ ​from​ ​the​ ​Server
users List​ ​of​ ​all​ ​Admins.​ ​A​ ​admin​ ​can​ ​have​ ​the​ ​following​ ​information:
AttributeDescription
customerIdID​ ​of​ ​the​ ​Admin
fnameFirst​ ​Name​ ​of​ ​the​ ​Admin
lnameLast​ ​Name​ ​of​ ​the​ ​Admin
mnameMiddle​ ​Name​ ​of​ ​the​ ​Admin
primaryPhoneAdmin’s​ ​Phone​ ​Number
secondFactorAuthTypeSecond​ ​Factor​ ​Type​ ​of​ ​the​ ​Admin
primaryEmailEmail​ ​of​ ​the​ ​Admin
alternateEmailAlternate​ ​Email​ ​of​ ​the​ ​Admin
creationDttmTime​ ​of​ ​Last​ ​Update​ ​of​ ​the​ ​Admin
usernameUsername​ ​of​ ​the​ ​Admin
companyNameName​ ​of​ ​the​ ​Company​ ​associated​ ​with the​ ​Admin
CustomerAttributes1-50All​ ​the​ ​custom​ ​attributes​ ​set​ ​for​ ​the Admin



We offer Security Solutions of Single Sign-On, Two Factor Authentication, Fraud Prevention and much more.

Please call us at +1978 658 9387 (US), +91 77966 99612 (India) or email us at info@xecurify.com