@lap v0.3
# Machine-readable API spec. Each @endpoint block is one API call.
@api AWS SSO Identity Store
@version 2020-06-15
@auth AWS SigV4
@endpoints 19
@toc root(19)

@endpoint POST /
@desc Creates a group within the specified identity store.
@required {IdentityStoreId: str}
@optional {DisplayName: str, Description: str}
@returns(200) {GroupId: str, IdentityStoreId: str}

@endpoint POST /
@desc Creates a relationship between a member and a group. The following identifiers must be specified: GroupId, IdentityStoreId, and MemberId.
@required {IdentityStoreId: str, GroupId: str, MemberId: MemberId}
@returns(200) {MembershipId: str, IdentityStoreId: str}

@endpoint POST /
@desc Creates a user within the specified identity store.
@required {IdentityStoreId: str}
@optional {UserName: str, Name: Name, DisplayName: str, NickName: str, ProfileUrl: str, Emails: [Email], Addresses: [Address], PhoneNumbers: [PhoneNumber], UserType: str, Title: str, PreferredLanguage: str, Locale: str, Timezone: str}
@returns(200) {UserId: str, IdentityStoreId: str}

@endpoint POST /
@desc Delete a group within an identity store given GroupId.
@required {IdentityStoreId: str, GroupId: str}

@endpoint POST /
@desc Delete a membership within a group given MembershipId.
@required {IdentityStoreId: str, MembershipId: str}

@endpoint POST /
@desc Deletes a user within an identity store given UserId.
@required {IdentityStoreId: str, UserId: str}

@endpoint POST /
@desc Retrieves the group metadata and attributes from GroupId in an identity store.  If you have administrator access to a member account, you can use this API from the member account. Read about member accounts in the Organizations User Guide.
@required {IdentityStoreId: str, GroupId: str}
@returns(200) {GroupId: str, DisplayName: str?, ExternalIds: [ExternalId]?, Description: str?, IdentityStoreId: str}

@endpoint POST /
@desc Retrieves membership metadata and attributes from MembershipId in an identity store.  If you have administrator access to a member account, you can use this API from the member account. Read about member accounts in the Organizations User Guide.
@required {IdentityStoreId: str, MembershipId: str}
@returns(200) {IdentityStoreId: str, MembershipId: str, GroupId: str, MemberId: MemberId{UserId: str?}}

@endpoint POST /
@desc Retrieves the user metadata and attributes from the UserId in an identity store.  If you have administrator access to a member account, you can use this API from the member account. Read about member accounts in the Organizations User Guide.
@required {IdentityStoreId: str, UserId: str}
@returns(200) {UserName: str?, UserId: str, ExternalIds: [ExternalId]?, Name: Name?{Formatted: str?, FamilyName: str?, GivenName: str?, MiddleName: str?, HonorificPrefix: str?, HonorificSuffix: str?}, DisplayName: str?, NickName: str?, ProfileUrl: str?, Emails: [Email]?, Addresses: [Address]?, PhoneNumbers: [PhoneNumber]?, UserType: str?, Title: str?, PreferredLanguage: str?, Locale: str?, Timezone: str?, IdentityStoreId: str}

@endpoint POST /
@desc Retrieves GroupId in an identity store.  If you have administrator access to a member account, you can use this API from the member account. Read about member accounts in the Organizations User Guide.
@required {IdentityStoreId: str, AlternateIdentifier: AlternateIdentifier}
@returns(200) {GroupId: str, IdentityStoreId: str}

@endpoint POST /
@desc Retrieves the MembershipId in an identity store.  If you have administrator access to a member account, you can use this API from the member account. Read about member accounts in the Organizations User Guide.
@required {IdentityStoreId: str, GroupId: str, MemberId: MemberId}
@returns(200) {MembershipId: str, IdentityStoreId: str}

@endpoint POST /
@desc Retrieves the UserId in an identity store.  If you have administrator access to a member account, you can use this API from the member account. Read about member accounts in the Organizations User Guide.
@required {IdentityStoreId: str, AlternateIdentifier: AlternateIdentifier}
@returns(200) {UserId: str, IdentityStoreId: str}

@endpoint POST /
@desc Checks the user's membership in all requested groups and returns if the member exists in all queried groups.  If you have administrator access to a member account, you can use this API from the member account. Read about member accounts in the Organizations User Guide.
@required {IdentityStoreId: str, MemberId: MemberId, GroupIds: [str]}
@returns(200) {Results: [GroupMembershipExistenceResult]}

@endpoint POST /
@desc For the specified group in the specified identity store, returns the list of all GroupMembership objects and returns results in paginated form.  If you have administrator access to a member account, you can use this API from the member account. Read about member accounts in the Organizations User Guide.
@required {IdentityStoreId: str, GroupId: str}
@optional {MaxResults: int, NextToken: str}
@returns(200) {GroupMemberships: [GroupMembership], NextToken: str?}

@endpoint POST /
@desc For the specified member in the specified identity store, returns the list of all GroupMembership objects and returns results in paginated form.  If you have administrator access to a member account, you can use this API from the member account. Read about member accounts in the Organizations User Guide.
@required {IdentityStoreId: str, MemberId: MemberId}
@optional {MaxResults: int, NextToken: str}
@returns(200) {GroupMemberships: [GroupMembership], NextToken: str?}

@endpoint POST /
@desc Lists all groups in the identity store. Returns a paginated list of complete Group objects. Filtering for a Group by the DisplayName attribute is deprecated. Instead, use the GetGroupId API action.  If you have administrator access to a member account, you can use this API from the member account. Read about member accounts in the Organizations User Guide.
@required {IdentityStoreId: str}
@optional {MaxResults: int, NextToken: str, Filters: [Filter]}
@returns(200) {Groups: [Group], NextToken: str?}

@endpoint POST /
@desc Lists all users in the identity store. Returns a paginated list of complete User objects. Filtering for a User by the UserName attribute is deprecated. Instead, use the GetUserId API action.  If you have administrator access to a member account, you can use this API from the member account. Read about member accounts in the Organizations User Guide.
@required {IdentityStoreId: str}
@optional {MaxResults: int, NextToken: str, Filters: [Filter]}
@returns(200) {Users: [User], NextToken: str?}

@endpoint POST /
@desc For the specified group in the specified identity store, updates the group metadata and attributes.
@required {IdentityStoreId: str, GroupId: str, Operations: [AttributeOperation]}

@endpoint POST /
@desc For the specified user in the specified identity store, updates the user metadata and attributes.
@required {IdentityStoreId: str, UserId: str, Operations: [AttributeOperation]}

@end