NOTE: Trivore ID Documentation has moved to https://trivoreid.com
The content on this site IS OUT OF DATE!
This space has been archived!
Please go ahead to the new site!
URI Access Paths
- Kari Mattsson
- Teresa Silvennoinen (Deactivated)
Trivore ID publishes several paths for various purposes. This document is the canonical up-to-date central repository for that information.
It is important to have all paths documented, as load-balancers and web application firewalls require this information. All relevant path information is collected to the following table.
# | URI Path | Usage notes |
|---|---|---|
General | ||
/ | The root path is normally redirected to Management UI path /ui, but could be redirected to some other address, too. If redirection is done, then the target is most often the company web home page. | |
/ui | General public WebUI access path for all organisations. The Management UI resides here. It is possible to block Management UI per source IP addresses, and allow it only from some sources. | |
/api/rest/v1 | Version 1 of general REST API access. Organisation information must be present in credentials (user_account_sign-in_name@namespaceCode). Access to REST API should normally be public, but may be limited to certain public source addresses. | |
/apidoc | OpenAPI (Swagger and Re:Doc) documentation to document the API at path /api/rest/v1 | |
/ui?ns={nsCode} | Optional Namespace private WebUI sign-in access path for namespace {nsCode}. If enabled, this access should normally be public. The alternate paths are direct paths to desired sign-in display style on desired organisation. Optional parameter examples: /ui?ns=trivore-corp | |
OpenID Connect | Paths below below are related to OAuth 2.0 and OpenID Connect 1.0. | |
/.well-known/openid-configuration | This is the OpenID Connect 1.0 service discovery metadata path. | |
/openid | This is the root path for all OpenID Connect and OAuth functionality. Sub-paths are described in the image on page "OpenID Connect". | |
/openid/register | Dynamically register the client | |
/openid/jwks.json | JWT signature keys | |
/openid/auth | Request user credentials and consent | |
/openid/token | Perform OAuth flow to obtain id_token, access_token, and refresh_token (variations exist) | |
/openid/userinfo | Get additional user attributes with access token | |
/openid/logout | Sign-out from Relyting Party (a.k.a. sign-out from single service), and optionally also from OT (this is also known as single sign-out from all services). | |
/openid/logout | Revoke user credentials. This invokes a mandatory sign-in. | |
Base functions and integrations | Paths below enable some very important and in practice mandatory use cases. | |
/resetPassword | Process for forgotten password, or lost access to 2FA credentials. Optional parameter examples after /resetPassword?:
| |
/changePassword | Process to change current user account password. Optional parameter examples after /changePassword?
| |
/verifyemail | Used for email address verification. Example path is as follows: /verifyemail?ui=5a6ad3327aad9804bb..&ru=https%3A%2F%2Fid.t5.fi | |
/implicit/callback | Redirect URI; technical use | |
/saml/idpselect | SAML information. If no SAML user directories have been enabled, the answer page is pretty empty. | |
/openid/strongidentification?successRedirectUri={URI}&failureRedirectUri={URI}&access_token={token} | Initiate strong identification (such as suomi.fi)for currently signed-in user account | |
/api/suomi.fi/valtuudet/hpa | Initiate acting on behalf of a natural person at suomi.fi-valtuudet; strong identification is required, and if there is no current session, one is initiated | |
/api/suomi.fi/valtuudet/ypa | Initiate acting on behalf of a legal entity at suomi.fi-valtuudet; strong identification is required, and if there is no current session, one is initiated | |
/rp/suomi.fi-valtuudet/callback | Callback path when returning from suomi.fi-valtuudet service | |
Diagnostics and monitoring | ||
/alive | Simple service availability diagnosis on each server node. This path is mostly for load-balancers. Normal answer is "Yes, I am alive." with HTTP 200. | |
/diagnostic.jsp | HTTP header diagnostic information. Disabled by default. | |
Miscellaneous UI paths | Paths below enable some use cases. Using any them is not mandatory in any way. | |
/#!accounts/new | Add new user account. This path is available for user accounts with role Account Admin. Obviously works only when signed in on web user interface. | |
/#!accounts/{username} | Edit user account with sign in username {username}. This path is available for user accounts with role Account Admin. Obviously works only when signed in on web user interface. | |
/?restartApplication | Restart the application to enforce synchronising browser and application. Troubleshooting usage only, not for general usage. | |
Miscellaneous service paths | ||
/dlr | SMS delivery notifications. This is for tracking the delivery of text messages sent out. | |
/VAADIN | All Vaadin framework resources used by Trivore ID. This is a fixed path and mandatory for the web user interface to work. | |
Some information might be available in more than one format. This applies to /info/ access paths. Other formats are accessible by adding “?format={json|xml|text}” to the end of the URI. Select one of the formats: json, xml, or text. For plain text, “?format=text” should be added. JSON is selected as the default data representation format.