Security Rules

Autologyx allows clients to configure security rules:
Password Complexity
Prevent password re-use
Password rotation interval
Activation link valid period

Password Complexity
Autologyx allows clients to configure their own password complexity rules. They do it by turning on/off rules supported by the system. The rules are used globally across the system:
Account activation.
Password reset.
Editing users.
The rules must be enforced both in the backend (API endpoints) and in the frontend (GUI). This enforcement must be consistent. This document covers technical requirements and implementation details that ensure this consistency.

Prevent password re-use
It takes two states: True/False (on/off). When switched on then user cannot use password used by him before.

Password rotation interval
Specifies time period in days to force password change.

Activation link valid period
Specifies time period in days to expiry activation link (activation token).

References

Security Rules Technical Dock

GET /api/security/

Returns security rules.

Permissions

Requires authentication and standard_authentication.list permission.

Request

Headers

Content-Type: application/json
Authorization: JWT access_token

Schema

GET /api/security/

json

Response

Key	Type	Notes
password_complexity	Object
systemconf	Object
authentication_method	Object
_meta	Object

Response `password_complexity` object

Key	Type	Notes
max_repeating_chars	int
min_letters	int
min_numbers	int
min_symbols	int
min_lower_case	int
min_upper_case	int
min_length	int

Response `systemconf` object

Key	Type	Notes
password_prevent_reuse	bool
password_rotation_interval	int
activation_link_valid_period	int

Response `authentication_method` object

Key	Type	Notes
internal	enum	available values: any, password, sso
external	enum
full	enum
super_admin	enum

Successful status 200 OK
Response body schema

json

{
  "password_complexity": {
    "max_repeating_chars": 0,
    "min_letters": 2,
    "min_numbers": 1,
    "min_symbols": 0,
    "min_lower_case": 1,
    "min_upper_case": 1,
    "min_length": 8
  },
  "systemconf": {
    "password_prevent_reuse": true,
    "password_rotation_interval": 90,
    "activation_link_valid_period": 7
  },
  "authentication_method": {
    "internal": "any",
    "external": "sso",
    "full": "password",
    "super_admin": "password"
  },
  "_meta": {
    "permissions": {
      "view": true,
      "edit": true
    }
  }
}

PATCH /api/security/

Updates security rules.

Permissions

Requires authentication and standard_authentication.edit permission.

Request

Body parameters

Key	Type	Notes
password_complexity	Object
systemconf	Object
authentication_method	Object

Request `password_complexity` object

Key	Type	Notes
max_repeating_chars	int
min_letters	int
min_numbers	int
min_symbols	int
min_lower_case	int
min_upper_case	int
min_length	int

Request `systemconf` object

Key	Type	Notes
password_prevent_reuse	bool
password_rotation_interval	int
activation_link_valid_period	int

Request `authentication_method` object

Key	Type	Notes
internal	enum	available values: any, password, sso
external	enum
service_internal	enum
service_external	enum
full	enum
super_admin	enum

Headers

Content-Type: application/json
Authorization: JWT access_token

Schema

PATCH /api/security/

json

{ 
    "password_complexity": { 
       "max_repeating_chars": 0, 
       "min_letters": 2, 
       "min_numbers": 1, 
       "min_symbols": 0, 
       "min_lower_case": 1, 
       "min_upper_case": 1, 
       "min_length": 8 
    }, 
    "systemconf": { 
       "password_prevent_reuse": true, 
       "password_rotation_interval": 90, 
       "activation_link_valid_period": 7
    },
    "authentication_method": { 
        "internal": "any", 
        "external": "sso", 
        "full": "password", 
        "super_admin": "password" 
    }
}

Validations

password_complexity
- max_repeating_chars
  - min 0, max 128
- min_letters
  - min 0, max 128
- min_numbers
  - min 0, max 128
- min_symbols
  - min 0, max 128
- min_lower_case
  - min 0, max 128
- min_upper_case
  - min 0, max 128
- min_length
  - min 0, max 128
systemconf
- password_rotation_interval
  - min 0, max 32767
- activation_link_valid_period
  - min 0, max 32767
authentication_method
- Valid enum value for method: any, password, sso
- Null value is not allowed
- Proper dictionary structure is required
- Authentication_method for service_external and service_internal account type cannot be modified

Response

Key	Type	Notes
password_complexity	Object
systemconf	Object
authentication_method	Object

Response `password_complexity` object

Key	Type	Notes
max_repeating_chars	int
min_letters	int
min_numbers	int
min_symbols	int
min_lower_case	int
min_upper_case	int
min_length	int

Response `systemconf` object

Key	Type	Notes
password_prevent_reuse	bool
password_rotation_interval	int
activation_link_valid_period	int

Response `authentication_method` object

Key	Type	Notes
internal	enum
external	enum
service_internal	enum
service_external	enum
full	enum
super_admin	enum

Successful status 200 OK
Response body schema:

json

{ 
    "password_complexity": { 
       "max_repeating_chars": 0, 
       "min_letters": 2, 
       "min_numbers": 1, 
       "min_symbols": 0, 
       "min_lower_case": 1, 
       "min_upper_case": 1, 
       "min_length": 8 
    }, 
    "systemconf": { 
       "password_prevent_reuse": true, 
       "password_rotation_interval": 90, 
       "activation_link_valid_period": 7
    },
    "authentication_method": { 
        "internal": "any", 
        "external": "sso", 
        "service_internal": "any", 
        "service_external": "any", 
        "full": "password", 
        "super_admin": "password" 
    },
    "_meta": {
        "permissions": {
            "view": true,
            "edit": true
        }
    }
}

Errors

Please check for Standard Errors.

OPTIONS /api/security/

Permissions

Requires authentication only.

Request

Headers

Content-Type: application/json
Authorization: JWT access_token

Schema

OPTIONS /api/security/

json

Response

Successful status 200 OK
Response body:

json

{
    "details": {
        "schema": [
            {
                "alias": "password_complexity",
                "schema": [
                    {
                        "alias": "max_repeating_chars",
                        "type": "int",
                        "required": false,
                        "validators": [
                            {
                                "type": "min_value",
                                "value": 0
                            }
                        ]
                    },
                    {
                        "alias": "min_letters",
                        "type": "int",
                        "required": false,
                        "validators": [
                            {
                                "type": "min_value",
                                "value": 0
                            }
                        ]
                    },
                    {
                        "alias": "min_numbers",
                        "type": "int",
                        "required": false,
                        "validators": [
                            {
                                "type": "min_value",
                                "value": 0
                            }
                        ]
                    },
                    {
                        "alias": "min_symbols",
                        "type": "int",
                        "required": false,
                        "validators": [
                            {
                                "type": "min_value",
                                "value": 0
                            }
                        ]
                    },
                    {
                        "alias": "min_lower_case",
                        "type": "int",
                        "required": false,
                        "validators": [
                            {
                                "type": "min_value",
                                "value": 0
                            }
                        ]
                    },
                    {
                        "alias": "min_upper_case",
                        "type": "int",
                        "required": false,
                        "validators": [
                            {
                                "type": "min_value",
                                "value": 0
                            }
                        ]
                    },
                    {
                        "alias": "min_length",
                        "type": "int",
                        "required": false,
                        "validators": [
                            {
                                "type": "min_value",
                                "value": 0
                            }
                        ]
                    }
                ]
            },
            {
                "alias": "systemconf",
                "schema": [
                    {
                        "alias": "password_prevent_reuse",
                        "type": "bool",
                        "required": false
                    },
                    {
                        "alias": "password_rotation_interval",
                        "type": "int",
                        "required": false,
                        "validators": [
                            {
                                "type": "min_value",
                                "value": 0
                            },
                            {
                                "type": "max_value",
                                "value": 32767
                            }
                        ]
                    },
                    {
                        "alias": "activation_link_valid_period",
                        "type": "int",
                        "required": false,
                        "validators": [
                            {
                                "type": "min_value",
                                "value": 0
                            }
                        ]
                    }
                ]
            },
            {
                "alias": "authentication_method",
                "schema": [
                    {
                        "alias": "internal",
                        "type": "enum",
                        "required": false,
                        "values": [
                            {
                                "value": "any",
                                "text": "Any"
                            },
                            {
                                "value": "password",
                                "text": "Password"
                            },
                            {
                                "value": "sso",
                                "text": "Single Sign-On"
                            }
                        ]
                    },
                    {
                        "alias": "external",
                        "type": "enum",
                        "required": false,
                        "values": [
                            {
                                "value": "any",
                                "text": "Any"
                            },
                            {
                                "value": "password",
                                "text": "Password"
                            },
                            {
                                "value": "sso",
                                "text": "Single Sign-On"
                            }
                        ]
                    },
                    {
                        "alias": "full",
                        "type": "enum",
                        "required": false,
                        "values": [
                            {
                                "value": "any",
                                "text": "Any"
                            },
                            {
                                "value": "password",
                                "text": "Password"
                            },
                            {
                                "value": "sso",
                                "text": "Single Sign-On"
                            }
                        ]
                    },
                    {
                        "alias": "super_admin",
                        "type": "enum",
                        "required": false,
                        "values": [
                            {
                                "value": "any",
                                "text": "Any"
                            },
                            {
                                "value": "password",
                                "text": "Password"
                            },
                            {
                                "value": "sso",
                                "text": "Single Sign-On"
                            }
                        ]
                    }
                ]
            }
        ]
    }
}

GET /api/security/

Returns security rules for password complexity.

Permissions

Allowed for any one - public access.

Request

Headers

Content-Type: application/json
Authorization: JWT access_token

Schema

GET /api/security/

json

Response

Key	Type	Notes
max_repeating_chars	int
min_letters	int
min_numbers	int
min_symbols	int
min_lower_case	int
min_upper_case	int
min_length	int

Successful status 200 OK
Response body schema

json

{
     "max_repeating_chars": 0, 
     "min_letters": 2, 
     "min_numbers": 1, 
     "min_symbols": 0, 
     "min_lower_case": 1, 
     "min_upper_case": 1, 
     "min_length": 8
}

Security Rules ​

References ​

GET /api/security/ ​

Permissions ​

Request ​

Response ​

Response password_complexity object ​

Response systemconf object ​

Response authentication_method object ​

PATCH /api/security/ ​

Permissions ​

Request ​

Request password_complexity object ​

Request systemconf object ​

Request authentication_method object ​

Validations ​

Response ​

Response password_complexity object ​

Response systemconf object ​

Response authentication_method object ​

Errors ​

OPTIONS /api/security/ ​

Permissions ​

Request ​

Response ​

GET /api/security/ ​

Permissions ​

Request ​

Response ​

Security Rules

References

GET /api/security/

Permissions

Request

Response

Response `password_complexity` object

Response `systemconf` object

Response `authentication_method` object

PATCH /api/security/

Permissions

Request

Request `password_complexity` object

Request `systemconf` object

Request `authentication_method` object

Validations

Response

Response `password_complexity` object

Response `systemconf` object

Response `authentication_method` object

Errors

OPTIONS /api/security/

Permissions

Request

Response

GET /api/security/

Permissions

Request

Response