Management API services

The management API services enable you to:

Perform basic create, read, update, and delete (CRUD) operations on existing users.
Check the health of your API and service providers.
Manage tokens.

iProov API specification

The API authentication mechanism is OAuth 2.0. A new Bearer Token can be generated using your service provider credentials.

Endpoint	`POST {api_key}/access_token`
Request Body Content-Type	application/x-www-form-urlencoded
Authentication	You must provide your: - `api_key` as the URL parameter. - OAuth username and password as a Basic Authentication header. Both were generated when your service provider was created.

Important:

Provide the OAuth username and password via the Authorization header in Basic format. These credentials are different to the service provider API key and secret, which you supply separately.
Each generated access_token is valid for one hour, or 50 requests, whichever is first.
Refresh each access_token after it expires.

### Get a user

Endpoint	`GET /users/{user_id}`
Description	Retrieve an existing, previously enrolled user, using their user_id. Required parameters include: Assigned name.
Authentication	`OAuth Bearer Token` `Scope: user-read`

Endpoint	`PUT /users/{user_id}`
Description	Update a user profile.
Authentication	`OAuth Bearer Token` `Scope: user-write`

Caution: Deleted users cannot be used during verify transactions.

Endpoint	`DELETE /users/{user_id}`
Description	Delete a user profile. Use this endpoint to implement your own data retention policy.
Authentication	`OAuth Bearer Token` `Scope: user-write`

Endpoint	`GET /availability?api_key={api_key}`
Description	Check the availability status of a service provider.
Authentication	None

Endpoint	`POST /claim/{token}/invalidate`
Description	Invalidate a generated Enroll or Verify token. The client SDK is prevented from launching with this token.
Authentication	None