Totogi CCAB uses a GraphQL API that allows providers to manage the Cognito user accounts of the Tenant.
This article covers the basic topics around the CCAB APIs for CRUD(Create, Read, Update, Delete) operations on User accounts along with a couple of requests as examples.
Every provider/tenant would have access to different types of users. Each of these users can access different areas of the API as shown below:
- Account Query - Read-only access to tenant accounts and devices.
- Account Admin - Read and write access to tenant accounts and devices.
- Data Admin - Read-only access to tenant accounts, devices, and EDRs.
- Plan Query - Read-only access to plans.
- Plan Designer - Read and write access to plans but no plan deployment.
- Plan Publisher - Read access to plans and deployment of plans.
- Tenant Admin - Read and write access to users.
Therefore, to invoke CRUD operations of Tenant Users - one needs to have the "Tenant Admin" role and it would be necessary to Obtain an Access Token of a Tenant Admin. The roles are defined by the API Role Group definition
CRUD Operations on Users
To perform CRUD operations on Cognito users of the Tenant one needs to know their Provider ID. Additionally, to make any requests one first needs to Obtain an Access Token. This is done through the AWS Cognito service using the respective user credentials.
Once the access token (IdToken) is obtained, one can proceed with making requests to the APIs
Below are additional resources covering the API calls for user management.
A full list of all available queries and mutations can be found in the CCAB API Docs.