List of Identity Providers
GET/iam/v2/identity-providers
Retrieve a sorted, filtered, paginated list of all identity providers.
Request
Responses
- 200
- 400
- 401
- 403
- 429
- 500
Identity Provider.
Response Headers
The unique identifier for the API request.
The maximum number of requests you're permitted to make per time period.
The number of requests remaining in the current rate limit window.
The relative time in seconds until the current rate-limit window resets.
Important: This differs from Github and Twitter's same-named header which uses UTC epoch seconds. We use relative time to avoid client/server time synchronization issues.
Bad Request
Response Headers
The unique identifier for the API request.
The request lacks valid authentication credentials for this resource.
Response Headers
The unique identifier for the API request.
The unique identifier for the API request.
Basic error="invalid_key", error_description="The API Key is invalid"The access credentials were considered insufficient to grant access
Response Headers
The unique identifier for the API request.
Rate Limit Exceeded
Response Headers
The unique identifier for the API request.
The maximum number of requests you're permitted to make per time period.
The number of requests remaining in the current rate limit window.
The relative time in seconds until the current rate-limit window resets.
Important: This differs from Github and Twitter's same-named header which uses UTC epoch seconds. We use relative time to avoid client/server time synchronization issues.
The number of seconds to wait until the rate limit window resets. Only sent when the rate limit is reached.
Oops, something went wrong!
Response Headers
The unique identifier for the API request.
OpenAPI definition (YAML)
paths:
/iam/v2/identity-providers:
get:
x-lifecycle-stage: General Availability
x-self-access: true
operationId: listIamV2IdentityProviders
description: '[](#section/Versioning/API-Lifecycle-Policy)
Retrieve a sorted, filtered, paginated list of all identity providers.'
parameters:
- name: page_size
in: query
required: false
schema:
type: integer
default: 10
maximum: 100
x-max-page-items: 255
description: A pagination size for collection requests.
- name: page_token
in: query
required: false
schema:
type: string
maxLength: 255
description: An opaque pagination token for collection requests.
tags:
- Identity Providers (iam/v2)
security:
- cloud-api-key: []
- confluent-sts-access-token: []
responses:
'200':
description: Identity Provider.
content:
application/json:
schema:
allOf:
- type: object
description: '`IdentityProvider` objects represent external OAuth-OIDC providers in
Confluent Cloud.
The API allows you to list, create, read, update, and delete your Identity Provider.
Related guide: [OAuth for Confluent Cloud](https://docs.confluent.io/cloud/current/access-management/authenticate/oauth/overview.html).
## The Identity Providers Model
<SchemaDefinition schemaRef="#/components/schemas/iam.v2.IdentityProvider" />
## Quotas and Limits
This resource is subject to the [following quotas](https://docs.confluent.io/cloud/current/quotas/overview.html):
| Quota | Description |
| --- | --- |
| `identity_providers_per_org` | Number of OAuth identity providers per organization
|
| `public_keys_per_provider` | Number of public keys saved per identity provider |'
required:
- api_version
- kind
- metadata
- data
properties:
api_version:
type: string
enum:
- iam/v2
description: APIVersion defines the schema version of this representation of a resource.
readOnly: true
kind:
type: string
description: Kind defines the object this REST resource represents.
readOnly: true
enum:
- IdentityProviderList
metadata:
allOf:
- type: object
description: ListMeta describes metadata that resource collections may have
properties:
first:
description: A link to the first page of results. If a response does not contain
a first link, then direct navigation to the first page is not supported.
type: string
format: uri
nullable: true
example: https://api.confluent.cloud/v2/resourcekinds
last:
description: A link to the last page of results. If a response does not contain
a last link, then direct navigation to the last page is not supported.
type: string
format: uri
nullable: true
example: https://api.confluent.cloud/v2/resourcekinds?page_token=bcAOehAY8F16YD84Z1wT
prev:
description: A link to the previous page of results. If a response does not
contain a prev link, then either there is no previous data or backwards
traversal through the result set is not supported.
type: string
format: uri
nullable: true
example: https://api.confluent.cloud/v2/resourcekinds?page_token=YIXRY97wWYmwzrax4dld
next:
description: A link to the next page of results. If a response does not contain
a next link, then there is no more data available.
type: string
format: uri
nullable: true
example: https://api.confluent.cloud/v2/resourcekinds?page_token=UvmDWOB1iwfAIBPj6EYb
total_size:
description: Number of records in the full result set. This response may be
paginated and have a smaller number of records.
type: integer
format: int32
minimum: 0
example: 123
title: ListMeta
- properties:
first:
example: https://api.confluent.cloud/iam/v2/identity-providers
last:
example: https://api.confluent.cloud/iam/v2/identity-providers?page_token=bcAOehAY8F16YD84Z1wT
prev:
example: https://api.confluent.cloud/iam/v2/identity-providers?page_token=YIXRY97wWYmwzrax4dld
next:
example: https://api.confluent.cloud/iam/v2/identity-providers?page_token=UvmDWOB1iwfAIBPj6EYb
data:
type: array
description: A data property that contains an array of resource items. Each entry
in the array is a separate resource.
items:
allOf:
- type: object
description: '`IdentityProvider` objects represent external OAuth-OIDC providers
in Confluent Cloud.
The API allows you to list, create, read, update, and delete your Identity
Provider.
Related guide: [OAuth for Confluent Cloud](https://docs.confluent.io/cloud/current/access-management/authenticate/oauth/overview.html).
## The Identity Providers Model
<SchemaDefinition schemaRef="#/components/schemas/iam.v2.IdentityProvider"
/>
## Quotas and Limits
This resource is subject to the [following quotas](https://docs.confluent.io/cloud/current/quotas/overview.html):
| Quota | Description |
| --- | --- |
| `identity_providers_per_org` | Number of OAuth identity providers per organization
|
| `public_keys_per_provider` | Number of public keys saved per identity provider
|'
properties:
api_version:
type: string
enum:
- iam/v2
description: APIVersion defines the schema version of this representation
of a resource.
readOnly: true
kind:
type: string
description: Kind defines the object this REST resource represents.
readOnly: true
enum:
- IdentityProvider
id:
description: ID is the "natural identifier" for an object within its scope/namespace;
it is normally unique across time but not space. That is, you can assume
that the ID will not be reclaimed and reused after an object is deleted
("time"); however, it may collide with IDs for other object `kinds` or
objects of the same `kind` within a different scope/namespace ("space").
type: string
maxLength: 255
readOnly: true
example: dlz-f3a90de
metadata:
allOf:
- description: ObjectMeta is metadata that all persisted resources must
have, which includes all objects users must create.
required:
- self
properties:
self:
description: Self is a Uniform Resource Locator (URL) at which an
object can be addressed. This URL encodes the service location,
API version, and other particulars necessary to locate the resource
at a point in time
type: string
format: uri
readOnly: true
example: https://api.confluent.cloud/v2/kafka-clusters/lkc-f3a90de
resource_name:
description: Resource Name is a Uniform Resource Identifier (URI)
that is globally unique across space and time. It is represented
as a Confluent Resource Name
type: string
format: uri
readOnly: true
example: crn://confluent.cloud/kafka=lkc-f3a90de
created_at:
type: string
format: date-time
example: '2006-01-02T15:04:05-07:00'
readOnly: true
description: The date and time at which this object was created. It
is represented in RFC3339 format and is in UTC.
updated_at:
type: string
format: date-time
example: '2006-01-02T15:04:05-07:00'
readOnly: true
description: The date and time at which this object was last updated.
It is represented in RFC3339 format and is in UTC.
deleted_at:
type: string
format: date-time
example: '2006-01-02T15:04:05-07:00'
readOnly: true
description: The date and time at which this object was (or will be)
deleted. It is represented in RFC3339 format and is in UTC.
readOnly: true
title: ObjectMeta
- properties:
self:
example: https://api.confluent.cloud/iam/v2/identity-providers/ip-12345
resource_name:
example: crn://confluent.cloud/organization=9bb441c4-edef-46ac-8a41-c49e44a3fd9a/identity-provider=ip-12345
display_name:
type: string
description: The human-readable name of the OAuth identity provider.
example: My OIDC Provider
description:
type: string
description: A description of the identity provider.
identity_claim:
type: string
description: 'The JSON Web Token (JWT) claim to extract the authenticating
identity to Confluent resources from
[Registered Claim Names](https://datatracker.ietf.org/doc/html/rfc7519#section-4.1).
This appears
in audit log records. Note: if the client specifies mapping to one identity
pool ID, the identity
claim configured with that pool will be used instead.
Note - The attribute is in an [Early Access lifecycle stage]
(https://docs.confluent.io/cloud/current/api.html#section/Versioning/API-Lifecycle-Policy)'
example: claims.sub
state:
type: string
description: The current state of the identity provider.
example: ENABLED
readOnly: true
enum:
- ENABLED
issuer:
type: string
format: uri
description: 'A publicly accessible URL uniquely identifying the OAuth
identity provider authorized to issue access tokens.'
example: https://login.microsoftonline.com/{tenantid}/v2.0
x-immutable: false
jwks_uri:
type: string
format: uri
description: 'A publicly accessible JSON Web Key Set (JWKS) URI for the
OAuth
identity provider. JWKS provides a set of crypotgraphic keys
used to verify the authenticity and integrity of JSON Web
Tokens (JWTs) issued by the OAuth identity provider.'
example: https://login.microsoftonline.com/common/discovery/v2.0/keys
x-immutable: false
keys:
type: array
items:
type: object
description: '`JWKS` contains the published keys for the given OpenIDProvider'
required:
- kty
- kid
- alg
properties:
kty:
type: string
description: Specifies the cryptographic algorithm family used with
the key
example: RSA
enum:
- RSA
kid:
type: string
description: Specifies the key-id issued by the OpenIDProvider for
the particular tenant
example: nOo3ZDrODXEK1jKWhXslHR_KXEg
alg:
type: string
description: Specifies the algorithm to be used to generate the public
key
example: RS256
use:
type: string
description: Specifies the intended usage of the key
example: sig
n:
type: string
description: Specifies the modulus of the RSA public key. Represented
as a Base64urlUInt-encoded value
e:
type: string
description: Specifies the exponent of the RSA public key.
example: AQAB
title: iam.v2.JwksObject
description: 'The JWKS issued by the OAuth identity provider. Only `kid`
(key ID)
and `alg` (algorithm) properties for each key set are included.'
readOnly: true
title: iam.v2.IdentityProvider
- type: object
required:
- id
- metadata
- display_name
- description
- state
- issuer
- jwks_uri
uniqueItems: true
title: iam.v2.IdentityProviderList
headers:
X-Request-Id:
schema:
type: string
description: The unique identifier for the API request.
X-RateLimit-Limit:
schema:
type: integer
description: The maximum number of requests you're permitted to make per time period.
X-RateLimit-Remaining:
schema:
type: integer
description: The number of requests remaining in the current rate limit window.
X-RateLimit-Reset:
schema:
type: integer
description: "The relative time in seconds until the current rate-limit window resets. \
\ \n \n**Important:** This differs from Github and Twitter's same-named header which\
\ uses UTC epoch seconds. We use relative time to avoid client/server time synchronization\
\ issues."
'400':
description: Bad Request
headers:
X-Request-Id:
schema:
type: string
description: The unique identifier for the API request.
content:
application/json:
schema:
type: object
description: Provides information about problems encountered while performing an operation.
required:
- errors
properties:
errors:
description: List of errors which caused this operation to fail
type: array
items:
type: object
description: Describes a particular error encountered while performing an operation.
properties:
id:
description: A unique identifier for this particular occurrence of the problem.
type: string
maxLength: 255
status:
description: The HTTP status code applicable to this problem, expressed as a
string value.
type: string
code:
description: An application-specific error code, expressed as a string value.
type: string
title:
description: A short, human-readable summary of the problem. It **SHOULD NOT**
change from occurrence to occurrence of the problem, except for purposes of
localization.
type: string
detail:
description: A human-readable explanation specific to this occurrence of the
problem.
type: string
source:
type: object
description: If this error was caused by a particular part of the API request,
the source will point to the query string parameter or request body property
that caused it.
properties:
pointer:
description: A JSON Pointer [RFC6901] to the associated entity in the request
document [e.g. "/spec" for a spec object, or "/spec/title" for a specific
field].
type: string
parameter:
description: A string indicating which query parameter caused the error.
type: string
error_code:
type: integer
format: int32
message:
type: string
nullable: true
additionalProperties: false
title: Error
uniqueItems: true
title: Failure
example:
errors:
- id: ed42afdc-f0d5-4c0d-b428-9fc6ed6e279d
status: '400'
code: invalid_filter
title: Invalid Filter
detail: The 'delorean' resource can't be filtered by 'num_doors'
source:
parameter: num_doors
'401':
x-summary: Unauthorized
description: The request lacks valid authentication credentials for this resource.
headers:
X-Request-Id:
schema:
type: string
description: The unique identifier for the API request.
WWW-Authenticate:
schema:
type: string
description: The unique identifier for the API request.
example: Basic error="invalid_key", error_description="The API Key is invalid"
content:
application/json:
schema:
type: object
description: Provides information about problems encountered while performing an operation.
required:
- errors
properties:
errors:
description: List of errors which caused this operation to fail
type: array
items:
type: object
description: Describes a particular error encountered while performing an operation.
properties:
id:
description: A unique identifier for this particular occurrence of the problem.
type: string
maxLength: 255
status:
description: The HTTP status code applicable to this problem, expressed as a
string value.
type: string
code:
description: An application-specific error code, expressed as a string value.
type: string
title:
description: A short, human-readable summary of the problem. It **SHOULD NOT**
change from occurrence to occurrence of the problem, except for purposes of
localization.
type: string
detail:
description: A human-readable explanation specific to this occurrence of the
problem.
type: string
source:
type: object
description: If this error was caused by a particular part of the API request,
the source will point to the query string parameter or request body property
that caused it.
properties:
pointer:
description: A JSON Pointer [RFC6901] to the associated entity in the request
document [e.g. "/spec" for a spec object, or "/spec/title" for a specific
field].
type: string
parameter:
description: A string indicating which query parameter caused the error.
type: string
error_code:
type: integer
format: int32
message:
type: string
nullable: true
additionalProperties: false
title: Error
uniqueItems: true
title: Failure
example:
errors:
- id: ed42afdc-f0d5-4c0d-b428-9fc6ed6e279d
status: '401'
code: user_unauthenticated
title: Authentication Required
detail: Valid authentication credentials must be provided
'403':
x-summary: Forbidden
description: The access credentials were considered insufficient to grant access
headers:
X-Request-Id:
schema:
type: string
description: The unique identifier for the API request.
content:
application/json:
schema:
type: object
description: Provides information about problems encountered while performing an operation.
required:
- errors
properties:
errors:
description: List of errors which caused this operation to fail
type: array
items:
type: object
description: Describes a particular error encountered while performing an operation.
properties:
id:
description: A unique identifier for this particular occurrence of the problem.
type: string
maxLength: 255
status:
description: The HTTP status code applicable to this problem, expressed as a
string value.
type: string
code:
description: An application-specific error code, expressed as a string value.
type: string
title:
description: A short, human-readable summary of the problem. It **SHOULD NOT**
change from occurrence to occurrence of the problem, except for purposes of
localization.
type: string
detail:
description: A human-readable explanation specific to this occurrence of the
problem.
type: string
source:
type: object
description: If this error was caused by a particular part of the API request,
the source will point to the query string parameter or request body property
that caused it.
properties:
pointer:
description: A JSON Pointer [RFC6901] to the associated entity in the request
document [e.g. "/spec" for a spec object, or "/spec/title" for a specific
field].
type: string
parameter:
description: A string indicating which query parameter caused the error.
type: string
error_code:
type: integer
format: int32
message:
type: string
nullable: true
additionalProperties: false
title: Error
uniqueItems: true
title: Failure
example:
errors:
- id: ed42afdc-f0d5-4c0d-b428-9fc6ed6e279d
status: '403'
code: user_unauthorized
title: User Access Unauthorized
detail: The user 'mcfly' is not allowed to access the 'delorean' resource without the
'plutonium' role.
'429':
description: Rate Limit Exceeded
headers:
X-Request-Id:
schema:
type: string
description: The unique identifier for the API request.
X-RateLimit-Limit:
schema:
type: integer
description: The maximum number of requests you're permitted to make per time period.
X-RateLimit-Remaining:
schema:
type: integer
description: The number of requests remaining in the current rate limit window.
X-RateLimit-Reset:
schema:
type: integer
description: "The relative time in seconds until the current rate-limit window resets. \
\ \n \n**Important:** This differs from Github and Twitter's same-named header which\
\ uses UTC epoch seconds. We use relative time to avoid client/server time synchronization\
\ issues."
Retry-After:
schema:
type: integer
description: The number of seconds to wait until the rate limit window resets. Only sent
when the rate limit is reached.
'500':
description: Oops, something went wrong!
headers:
X-Request-Id:
schema:
type: string
description: The unique identifier for the API request.
content:
application/json:
schema:
type: object
description: Provides information about problems encountered while performing an operation.
required:
- errors
properties:
errors:
description: List of errors which caused this operation to fail
type: array
items:
type: object
description: Describes a particular error encountered while performing an operation.
properties:
id:
description: A unique identifier for this particular occurrence of the problem.
type: string
maxLength: 255
status:
description: The HTTP status code applicable to this problem, expressed as a
string value.
type: string
code:
description: An application-specific error code, expressed as a string value.
type: string
title:
description: A short, human-readable summary of the problem. It **SHOULD NOT**
change from occurrence to occurrence of the problem, except for purposes of
localization.
type: string
detail:
description: A human-readable explanation specific to this occurrence of the
problem.
type: string
source:
type: object
description: If this error was caused by a particular part of the API request,
the source will point to the query string parameter or request body property
that caused it.
properties:
pointer:
description: A JSON Pointer [RFC6901] to the associated entity in the request
document [e.g. "/spec" for a spec object, or "/spec/title" for a specific
field].
type: string
parameter:
description: A string indicating which query parameter caused the error.
type: string
error_code:
type: integer
format: int32
message:
type: string
nullable: true
additionalProperties: false
title: Error
uniqueItems: true
title: Failure
example:
errors:
- id: ed42afdc-f0d5-4c0d-b428-9fc6ed6e279d
status: '500'
code: out_of_gas
title: DeLorean Out Of Gas
detail: The DeLorean has run out of gas, but Doc Brown will fill 'er up for you asap
servers:
- url: https://api.confluent.cloud
description: Confluent Cloud API