{"info":{"version":"2.3.0.187+g27cc9b54","title":"Irdeto DWM Tenants API -","description":"OpenAPI specifications for Irdeto Distributor Watermarking (DWM) Tenants API - access token and configuration endpoints","contact":{"email":"support-dwm@irdeto.com","url":"https://irdeto.com"},"termsOfService":"https://irdeto.com/terms"},"paths":{"/oauth/token":{"post":{"tags":["API Access Token"],"summary":"Retrieve the access token for accessing /v4/jobs, /v4/identity and /v4/transfers DWM APIs","description":"OAuth 2 compatible token endpoint, serving its purpose for Client Credentials Authentication Workflow","operationId":"token_endpoint","security":[{"Basic":[]}],"requestBody":{"content":{"application/x-www-form-urlencoded":{"schema":{"type":"object","description":"sdf","properties":{"grant_type":{"type":"string","enum":["client_credentials"],"description":"OAuth 2 grant type. Only 'client_credentials' is allowed."},"audience":{"type":"string","example":"https://us-west-2.stage.dwm.irdeto.io","description":"Target 'audience' for generated token. If not specified, default audience for this DWM instance will be used"}},"required":["grant_type"]}},"application/json":{"schema":{"$ref":"#/components/schemas/AccessTokenRequestClientCredentials"}}}},"responses":{"200":{"description":"Access token for DWM API authentication is successfully generated.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/AccessTokenResponse"}}}},"400":{"description":"Invalid 'request' object supplied","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"},"examples":{"client-id-malformed":{"value":{"error":"invalid_request","error_description":"Provided client_id has invalid format"}},"client-id-missed":{"value":{"error":"invalid_request","error_description":"Missing 'client_id' in JSON"}},"client-secret-missed":{"value":{"error":"invalid_request","error_description":"Missing 'client_secret' in JSON"}},"payload-json-malformed":{"value":{"error":"invalid_request","error_description":"Request payload of type application/json cannot be parsed"}}}}}},"401":{"description":"Invalid authorization provided via Basic HTTP Authentication or 'application/json' request body fields for client credentials","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"},"examples":{"no-client-credentials":{"value":{"error":"invalid_client","error_description":"Client Credentials are not provided via Basic HTTP Auth or JSON payload"}},"wrong-secret":{"value":{"error":"invalid_client","error_description":"Provided client secret could not be verified"}},"tenant-not-existing":{"value":{"error":"invalid_client","error_description":"Tenant is not found for bb2d0f36f0db4b2bbe2fa85c062821d6"}}}}}}}}},"/tenants/configuration/{cloud_type}/storage-access":{"get":{"tags":["Storage access configuration"],"summary":"Tenant's storage access configuration","description":"Get the AWS S3 storage access configuration items list for tenant","operationId":"apiGetAccessConfigItems","security":[{"Auth0ClientCredentials":["read:manage-tenants-storage-access"]},{"BearerTokenAuth":[]}],"parameters":[{"name":"cloud_type","description":"Cloud type - aws or gcp","in":"path","required":true,"schema":{"type":"string","enum":["aws","gcp"]}},{"name":"s3BaseUri","description":"tenant's S3 storage bucket name","in":"query","required":false,"schema":{"type":"string"}}],"responses":{"200":{"description":"Return the list of previously added tenant's storage access configuration items","content":{"application/json":{"schema":{"$ref":"#/components/schemas/TenantStorageConfigurationResponse"}}}}}}},"/tenants/configuration/{cloud_type}/storage-access/{access_type}":{"put":{"tags":["Storage access configuration"],"summary":"Tenant's storage access configuration","description":"Submit the access configuration for DWM system to access the tenant's storage objects","operationId":"upsertAccessConfigItem","security":[{"Auth0ClientCredentials":["update:manage-tenants-storage-access"]},{"BearerTokenAuth":[]}],"parameters":[{"name":"cloud_type","description":"Cloud type - aws or gcp","in":"path","required":true,"schema":{"type":"string","enum":["aws","gcp"]}},{"name":"access_type","description":"Access 'direction' - read or write","in":"path","required":true,"schema":{"type":"string","enum":["read","write"]}}],"requestBody":{"content":{"application/json; charset=UTF-8":{"schema":{"type":"array","uniqueItems":true,"items":{"$ref":"#/components/schemas/TenantStorageConfiguration"}}}}},"responses":{"200":{"description":"Updated existing access configuration entry when it was already present for given 'bucketName'. The already started (IN_PROGRESS) processing tasks in DWM will not be affected by this request, thus access configuration will be applied to only the newer tasks picked up."},"400":{"description":"Invalid 'request' object supplied","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"},"examples":{"invalid-request-object":{"value":{"error":"invalid-request","error_description":"Invalid request payload value or invalid request object properties supplied"}},"invalid-query-parameter":{"value":{"error":"invalid-parameter","error_description":"Invalid query parameter supplied"}}}}}}}}},"/tenants/configuration/{cloud_type}/storage-access/{access_type}/{item_id}":{"delete":{"tags":["Storage access configuration"],"summary":"Tenant's storage access configuration","description":"Delete an access configuration item for DWM system to access the tenant's storage objects","operationId":"apiDeleteAccessConfigItem","security":[{"Auth0ClientCredentials":["update:manage-tenants-storage-access"]},{"BearerTokenAuth":[]}],"parameters":[{"name":"cloud_type","description":"Cloud type - aws or gcp","in":"path","required":true,"schema":{"type":"string","enum":["aws","gcp"]}},{"name":"access_type","description":"Access 'direction' - read or write","in":"path","required":true,"schema":{"type":"string","enum":["read","write"]}},{"name":"item_id","description":"The id of config item to be deleted","in":"path","required":true,"schema":{"type":"string"}}],"responses":{"200":{"description":"Deleted a specific item successfully. The already started (IN_PROGRESS) processing tasks in DWM will not be affected by this request, thus access configuration will be applied to only the newer tasks picked up."},"400":{"description":"Invalid 'request' parameters supplied","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}}}}}},"/tenants/configuration/on-premise/sites":{"get":{"tags":["On-premise storage"],"summary":"Get tenant's on-premise storage sites (locations)","description":"Get tenant's on-premise storage sites (locations) list","operationId":"getOnpremiseSitesItems","security":[{"Auth0ClientCredentials":["read:manage-tenants-storage-access"]},{"BearerTokenAuth":[]}],"responses":{"200":{"description":"Existing on-premise sites list","content":{"application/json":{"schema":{"type":"array","uniqueItems":true,"items":{"$ref":"#/components/schemas/TenantOnPremiseSiteConfiguration"}},"examples":{"empty-list":{"value":[]},"sites-list":{"value":[{"siteId":"installation-a","basePathMedia":"/mnt/dwm/installation-a"},{"siteId":"installation-b","basePathMedia":"/mnt/dwm/installation-b"},{"siteId":"location_x","basePathMedia":"/mnt/dwm/location_x"}]}}}}}}},"put":{"tags":["On-premise storage"],"summary":"Tenant's on-premise storage sites (locations)","description":"Put tenant's on-premise storage sites (locations)","operationId":"upsertOnpremiseSitesItems","security":[{"Auth0ClientCredentials":["update:manage-tenants-storage-access"]},{"BearerTokenAuth":[]}],"requestBody":{"content":{"application/json; charset=UTF-8":{"schema":{"type":"array","uniqueItems":true,"items":{"$ref":"#/components/schemas/TenantOnPremiseSiteIdConfiguration"}}}}},"responses":{"200":{"description":"entries with new 'siteId' values in the request were inserted; entries matching previously added 'siteId' values are ignored."},"400":{"description":"Invalid 'request' object supplied (invalid structure, duplicating entries, unsupported characters used within item values)","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"},"examples":{"bad-site-id":{"value":{"error":"Entry present in the request that contains 'siteId' property with invalid value"}}}}}}}}},"/tenants/configuration/on-premise/sites/{site_id}":{"get":{"tags":["On-premise storage"],"summary":"Get entry from tenant's on-premise storage sites (locations) list selected by 'site_id'","description":"Get entry selected by 'site_id' value from tenant's on-premise storage sites (locations) list","operationId":"getOnpremiseSitesItem","security":[{"Auth0ClientCredentials":["read:manage-tenants-storage-access"]},{"BearerTokenAuth":[]}],"parameters":[{"name":"site_id","description":"site_id parameter for matching the entry from tenant's on-premise storage sites (locations) list. The value can contain only alphanumeric, '.', '-', and '_' ASCII characters.","in":"path","required":true,"schema":{"type":"string"}}],"responses":{"200":{"description":"Sites list entry matched by 'site_id' parameter","content":{"application/json":{"schema":{"$ref":"#/components/schemas/TenantOnPremiseSiteConfiguration"},"examples":{"entry-found":{"value":{"siteId":"installation-a","basePathMedia":"/mnt/dwm/installation-a"}}}}}},"400":{"description":"Invalid request parameters","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"},"examples":{"bad-site-id":{"value":{"error":"Request URI contains invalid value for 'site_id' parameter"}}}}}},"404":{"description":"On-premise sites entry not found by 'site_id' value","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"},"examples":{"not-found-site-id":{"value":{"error":"Request URI contains 'site_id' parameter with value referring to the non-existing entry in the system"}}}}}}}},"delete":{"tags":["On-premise storage"],"summary":"Delete entry from tenant's on-premise storage sites (locations) list","description":"Delete entry selected by 'site_id' value from tenant's on-premise storage sites (locations) list","operationId":"deleteOnpremiseSitesItem","security":[{"Auth0ClientCredentials":["update:manage-tenants-storage-access"]},{"BearerTokenAuth":[]}],"parameters":[{"name":"site_id","description":"site_id parameter for matching the entry from tenant's on-premise storage sites (locations) list. The value can contain only alphanumeric, '.', '-', and '_' ASCII characters.","in":"path","required":true,"schema":{"type":"string"}}],"responses":{"200":{"description":"Deleted on-premise sites list entry matched by 'site_id' parameter"},"400":{"description":"Invalid request parameters","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"},"examples":{"bad-site-id":{"value":{"error":"Entry present in the request that contains 'siteId' property with invalid value"}}}}}},"404":{"description":"On-premise sites entry not found by 'site_id'","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"},"examples":{"not-found-site-id":{"value":{"error":"Entry present in the request that contains 'siteId' property referring to the non-existing entry in the system"}}}}}}}}},"/configuration/templates/aws/access-policy":{"get":{"tags":["Storage access configuration"],"summary":"Get tenant's storage access configuration IAM policy JSON","description":"Generates IAM policy JSON for granting required S3 bucket access permissions","operationId":"generateIamPolicyContent","security":[],"parameters":[{"name":"bucket_name","in":"query","required":true,"description":"S3 bucket name. Access policy for data in given bucket will be generated.","schema":{"type":"string","example":"data-storage-bucket"}}],"responses":{"200":{"description":"AWS IAM Policy JSON content","content":{"application/json":{"schema":{"type":"object"},"examples":{"single-bucket":{"value":{"Version":"2012-10-17","Statement":[{"Effect":"Allow","Action":["s3:ListBucket","s3:GetBucketLocation"],"Resource":["arn:aws:s3:::data-storage-bucket"]},{"Effect":"Allow","Action":["s3:GetObject"],"Resource":["arn:aws:s3:::data-storage-bucket/*"]}]}},"more-buckets":{"value":{"Version":"2012-10-17","Statement":[{"Effect":"Allow","Action":["s3:ListBucket","s3:GetBucketLocation"],"Resource":["arn:aws:s3:::data-p1-example-eu-west-1","arn:aws:s3:::data-p2-example-eu-west-1"]},{"Effect":"Allow","Action":["s3:GetObject"],"Resource":["arn:aws:s3:::data-p1-example-eu-west-1/*","arn:aws:s3:::data-p2-example-eu-west-1/*"]}]}}}}}},"400":{"description":"Invalid query parameters specified or missing required parameters","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}}}}}},"/configuration/templates/aws/trust-policy":{"get":{"tags":["Storage access configuration"],"summary":"Get the IAM trust policy JSON for setting up role grants","description":"Generates JSON for trust IAM policy attachment","operationId":"generateTrustPolicyContent","security":[],"parameters":[{"name":"trust_external_id","in":"query","description":"External ID value","schema":{"type":"string"},"example":"qnfoz4nTM2oLdvvMAgmnLcYr4n3gMJosxWDFygyLNvYwgmDXxKAVecJUXjmPwoPw"}],"responses":{"200":{"description":"AWS IAM trust policy JSON content","content":{"application/json":{"schema":{"type":"object"},"examples":{"no-ext-id":{"value":{"Version":"2012-10-17","Statement":[{"Effect":"Allow","Principal":{"AWS":"arn:aws:iam::099664025733:role/dwm-us-west-2-primary-wmea-ecs-instance-role"},"Action":"sts:AssumeRole"}]}},"with-ext-id":{"value":{"Version":"2012-10-17","Statement":[{"Effect":"Allow","Principal":{"AWS":"arn:aws:iam::099664025733:role/dwm-us-west-2-primary-wmea-ecs-instance-role"},"Action":"sts:AssumeRole","Condition":{"StringEquals":{"sts:ExternalId":"qnfoz4nTM2oLdvvMAgmnLcYr4n3gMJosxWDFygyLNvYwgmDXxKAVecJUXjmPwoPw"}}}]}}}}}}}}}},"components":{"securitySchemes":{"Basic":{"type":"http","scheme":"basic"},"Auth0ClientCredentials":{"type":"oauth2","flows":{"clientCredentials":{"tokenUrl":"/oauth/token","scopes":{"read:manage-tenants-storage-access":"Grants access to reading tenant's AWS storage access configuration","update:manage-tenants-storage-access":"Grants access to modifying tenant's AWS storage access configuration"}}}},"BearerTokenAuth":{"type":"http","scheme":"bearer","bearerFormat":"JWT"}},"schemas":{"ClientCredentialsResponse":{"type":"object","description":"Tenant's credentials object, with properties as mentioned by OAuth2 specification in RFC 6749","properties":{"client_id":{"type":"string","example":"bb2d0f36f0db4b2bbe2fa85c062821d6@tenants"},"client_secret":{"type":"string","example":"4d34762f03b61a591ccfa3273738551b83592b45ab45"}},"required":["client_id","client_secret"]},"TenantStorageConfiguration":{"type":"object","properties":{"s3UriBucketBase":{"type":"string","description":"No more than 1024 bytes in utf-8"},"iamRoleArn":{"type":"string"},"iamRoleExternalId":{"type":"string","description":"No more than 1024 bytes in utf-8"}},"required":["s3UriBucketBase","iamRoleArn"]},"TenantStorageConfigurationResponse":{"type":"object","properties":{"sourcesAccessConfig":{"type":"array","uniqueItems":true,"items":{"$ref":"#/components/schemas/TenantStorageConfiguration"}},"destinationsAccessConfig":{"type":"array","uniqueItems":true,"items":{"$ref":"#/components/schemas/TenantStorageConfiguration"}}},"required":["sourcesAccessConfig","destinationsAccessConfig"]},"TenantOnPremiseSiteIdConfiguration":{"type":"object","properties":{"siteId":{"type":"string","description":"Identifier for on-premise installation site (location). Value must be unique among all sites entries. The value can only contain alphanumeric, '.', '-', and '_' ASCII characters."}},"required":["siteId"]},"TenantOnPremiseSiteConfiguration":{"type":"object","properties":{"siteId":{"type":"string","description":"Identifier for on-premise installation site (location). Value must be unique among all sites entries. The value can only contain alphanumeric, '.', '-', and '_' ASCII characters."},"basePathMedia":{"type":"string","description":"Base URI for input files for watermarking, constructed following /mnt/dwm/<siteId> pattern, e.g. /mnt/dwm/abc1 if site id is \"abc1\", /mnt/dwm/defg2 if site id is \"defg2\""}},"required":["siteId","basePathMedia"]},"AccessTokenRequestClientCredentials":{"type":"object","description":"Alternative form of making request to this endpoitn, passing client credentials via 'application/json' request cody as defined by https://tools.ietf.org/html/rfc6749. The Basic HTTP authorization SHOULD not be included in that case.","properties":{"client_id":{"type":"string","example":"bb2d0f36f0db4b2bbe2fa85c062821d6"},"client_secret":{"type":"string","example":"4d34762f03b61a591ccfa3273738551b83592b45ab45"},"grant_type":{"type":"string","enum":["client_credentials"],"description":"OAuth 2 grant type. Only 'client_credentials' is allowed."},"audience":{"type":"string","format":"uri","example":"https://us-west-2.stage.dwm.irdeto.io","description":"Target 'audience' for generated token. If not specified, default audience for this DWM instance will be used"}},"required":["client_id","client_secret","grant_type"]},"AccessTokenResponse":{"type":"object","properties":{"access_token":{"type":"string","example":"eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6Ik9VTTJOalUyTVVKRE1qZzNNVU0zTWpRek9VSTBPRUpHUkRkRk9UVXlNamt5UTBVd1JEZEZRdyJ9.eyJpc3MiOiJodHRwczovL2lyZGV0by5hdXRoMC5jb20vIiwic3ViIjoiZ3NRa2g0Rkk3Y0lvS2NHS3pLUW1zRFBKQWtoZVZIc2FAY2xpZW50cyIsImF1ZCI6Imh0dHBzOi8vc3RhZ2UuZHdtLmlyZGV0by5pbyIsImlhdCI6MTYxODU3NDcwOCwiZXhwIjoxNjE4NjYxMTA4LCJhenAiOiJnc1FraDRGSTdjSW9LY0dLektRbXNEUEpBa2hlVkhzYSIsInNjb3BlIjoiZHdtOmlkZW50aXR5IGR3bTp0cmFuc2ZlcnMgZHdtOnRhc2tzIGR3bTpqb2JzIGR3bTphZG1pbiBhbGw6am9icyIsImd0eSI6ImNsaWVudC1jcmVkZW50aWFscyJ9.CJzGYxo_uVNDwZcfFxDUbMjXSj2UJGQkf6_PlokMhze2J2zbk79ECbGJaj8p7dXyHDNpuIpdYcoaa09YWEOuxEOv6UgjmafJCNP9PBLCEsnbxd-iA_kGfMs94GQdMKMAxVvIT62wxao1klP1DTeFrum_G7wvEqkNvsCTyBtTmIdX4S66zu_dkqpOGZ3YNh9xrqLL_EdETMQE0D17PQPBTv3jhOcdSw2g9flcV37nisRBrP8cdvQ9XSgfY0F7VIHejm9LPBYni4J7EfI_SWU6NLfWsxFaPI3gMHTlMllV17cK0hNO-A3t4m_KYCJmpXMuKjWjzOcsFJMLFdNE2Ao8Cg"},"scope":{"type":"string","example":"dwm:jobs dwm:identity"},"token_type":{"type":"string","enum":["Bearer"],"description":"Token payload type for passing into 'Authorization' HTTP header"},"expires_in":{"type":"integer","format":"int32","description":"Access token validity period in seconds starting off the moment of the request processing","example":86400}},"required":["access_token","scope","token_type","expires_in"]},"Error":{"type":"object","properties":{"error":{"type":"string","description":"Error code as string","example":"invalid_request"},"error_description":{"type":"string","description":"Extended error message or description","example":"Unexpected 'audience' value in request data."}},"required":["error"]}}},"openapi":"3.0.2","externalDocs":{"description":"Additional information can be accessed at Irdeto Distributor Watermarking general documentation website","url":"https://help.dwm.irdeto.io"}}