Specifying Realms in REST API Calls
Realms can be specified in the following ways when making a REST API call to AM:
- DNS Alias
When making a REST API call, the DNS alias of a realm can be specified in the subdomain and domain name components of the REST endpoint.
To list all users in the Top Level Realm use the DNS alias of the AM instance, for example, the REST endpoint would be:
https://openam.example.com:8443/openam/json/users?_queryId=*
To list all users in a realm with DNS alias
suppliers.example.com
the REST endpoint would be:https://suppliers.example.com:8443/openam/json/users?_queryId=*
- Path
When making a REST API call, specify the realm in the path component of the endpoint. You must specify the entire hierarchy of the realm, starting at the Top Level Realm. Prefix each realm in the hierarchy with the
realms/
keyword. For example/realms/root/realms/customers/realms/europe
.To authenticate a user in the Top Level Realm, use the
root
keyword. For example:https://openam.example.com:8443/openam/json/realms/root/authenticate
To authenticate a user in a subrealm named
customers
within the Top Level Realm, the REST endpoint would be:https://openam.example.com:8443/openam/json/realms/root/realms/customers/authenticate
If realms are specified using both the DNS alias and path methods, the path is used to determine the realm.
For example, the following REST endpoint returns users in a subrealm of the Top Level Realm named europe
, not the realm with DNS alias suppliers.example.com
:
https://suppliers.example.com:8443/openam/json/realms/root/realms/europe/users?_queryId=*