Manage cookie domains using the API
For background on cookie domains, learn more in Cookie domains.
Cookie domain API endpoint
Advanced Identity Cloud provides the Cookie Domains API endpoint to manage cookie domains.
Authenticate to the cookie domain API endpoint
To authenticate to the cookie domain API endpoint, use an access token created with the following scope:
Scope | Description |
---|---|
|
Full access to the cookie domain API endpoint. |
View cookie domains
Advanced Identity Cloud always writes session cookies to your default tenant FQDN to ensure you retain access.
Use the /environment/cookie-domain
endpoint to view the other domains or subdomains to which
your tenant environment writes session cookies.
To view the cookie domain configuration in any tenant environment:
-
Get an access token created with the
fr:idc:cookie-domain:*
scope. -
Get the cookie domain configuration from the
/environment/cookie-domains
endpoint:$ curl \ --request GET 'https://<tenant-env-fqdn>/environment/cookie-domains' \(1) --header 'Authorization: Bearer <access-token>' (2)
1 Replace <tenant-env-fqdn> with the FQDN of your tenant environment. 2 Replace <access-token> with the access token. Show response
{ "domains": [ "sso.mycompany.co.uk", "banking.mycompany.co.uk" ] }
Update cookie domains
Advanced Identity Cloud always writes session cookies to your default tenant FQDN to ensure you retain access.
Use the /environment/cookie-domain
endpoint to set the other domains or subdomains to which
your tenant environment writes session cookies.
To update the cookie domain configuration in any tenant environment:
-
Review the existing cookie domain configuration. Learn more in in View cookie domains.
-
Adapt the cookie domain configuration to suit your use case. Learn more in Cookie domains.
If you intend to remove a domain or subdomain from the configuration, you must first update any existing applications that rely on cookies set using that domain or subdomain. -
Get an access token created with the
fr:idc:cookie-domain:*
scope. -
Replace the existing cookie domain configuration with the cookie domain configuration you adapted in step 2:
$ curl \ --request PUT 'https://<tenant-env-fqdn>/environment/cookie-domains' \(1) --header 'Authorization: Bearer <access-token>' \(2) --header 'Content-Type: application/json' \ --data '<cookie-domains-configuration>' (3)
1 Replace <tenant-env-fqdn> with the FQDN of your tenant environment. 2 Replace <access-token> with the access token. 3 Replace <cookie-domains-configuration> with a JSON array of cookie domains; for example, the following configuration adds a new subdomain account.mycompany.co.uk
to the configuration example used in View cookie domains.{ "domains": [ "sso.mycompany.co.uk", "banking.mycompany.co.uk", "account.mycompany.co.uk" ] }
Show response
{ "domains": [ "sso.mycompany.co.uk", "banking.mycompany.co.uk", "account.mycompany.co.uk" ] }
-
An asynchronous process updates the environment’s cookie domain configuration. This process can take up to 10 minutes to complete.