# Method Reference

This section documents the **IAM API Version 1** endpoints used for authentication, identity lookup, permission resolution, and object access control.

IAM API v1 uses an **IAM access token** for authentication and is maintained primarily for **backward compatibility**.\
For new integrations, **IAM API Version 2 (OAuth‑based)** is recommended.

***

### Login

Authenticates a user and returns an IAM access token.

#### Endpoint

```
POST /IAM2RESTService/services/v1/login
```

#### Request Header

```
Content-Type: application/json
```

#### Request Body

```
{
    "username": "string",
    "password": "string",
    "system_id": "string",
    "system_secret": "string"
}
```

#### Response Body

```
{
    "accessToken": "IAM_ACCESS_TOKEN"
}
```

The returned `accessToken` must be provided in subsequent API requests.

***

### Permission Lookup

Retrieves all roles and object permissions associated with the authenticated user.

#### Endpoint

```
GET /IAM2RESTService/services/v1/perms/{accessToken}
```

#### Response Body (Example)

```
{
    "Permission": {
        "role": [
            {
                "role_id": -2,
                "role_name": "user"
            }
        ],
        "objectAccesses": [
            {
                "object_id": -9,
                "object_name": "USER_PROFILE_USERMODE",
                "access": [
                    {
                        "access_type": "view"
                    }
                ]
            }
        ]
    }
}
```

***

### User Information

Retrieves profile information for the authenticated user.

#### Endpoint

```
GET /IAM2RESTService/services/v1/userinfo/{accessToken}
```

#### Response Body (Partial Example)

```
{
    "User_info": {
        "username": "username",
        "th_firstname": "ThaiFirstName",
        "th_lastname": "ThaiLastName",
        "en_firstname": "FirstName",
        "en_lastname": "LastName",
        "email": "user@email.com",
        "mobile": "mobile_number",
        "avatar": "base64EncodedImage"
    }
}
```

***

### Get Objects

Retrieves all objects accessible to the authenticated user.

#### Endpoint

```
GET /IAM2RESTService/services/v1/objects
```

#### Request Header

```
Content-Type: application/json
IAMToken: <accessToken>
```

#### Response Body (Example)

```
{
    "content": [
        {
            "object_id": -14,
            "object_name": "SETTING",
            "path": "/SETTING",
            "protect": "Y"
        }
    ],
    "totalElements": 27
}
```

***

### Get Object Types

Retrieves all object types available to the authenticated user.

#### Endpoint

```
GET /IAM2RESTService/services/v1/objectTypes
```

#### Response Body (Example)

```
{
    "content": [
        {
            "object_type_name": "MENU_USER",
            "object_type_desc": "Menu User",
            "protect": "Y"
        }
    ]
}
```

***

### Get All Permissions

Retrieves all permissions across systems accessible to the user.

#### Endpoint

```
GET /IAM2RESTService/services/v1/permissions
```

#### Response Body (Example)

```
{
    "content": [
        {
            "permission_name": "develop",
            "path": "/develop"
        }
    ],
    "totalElements": 154
}
```

***

### Get All Users

Retrieves all users across accessible systems.

#### Endpoint

```
GET /IAM2RESTService/services/v1/users
```

#### Response Body (Example)

```
{
    "content": [
        {
            "id": 1,
            "username": "username",
            "fname": "FirstName",
            "lname": "LastName"
        }
    ],
    "totalElements": 27
}
```

***

### Logout

Logs out the user session and invalidates the access token.

#### Endpoint

```
GET /IAM2RESTService/services/v1/logout/{accessToken}
```

#### Response

```
SUCCESS
```

***

### Notes on IAM API Version 1

* Authentication is **token‑based**, not OAuth‑based
* Designed for legacy integrations
* Maintained for compatibility with existing systems
* New development should use **IAM API Version 2**

***

### Summary

**IAM API Version 1** provides REST endpoints for:

* User authentication
* Permission and role resolution
* Object and object‑type lookup
* Basic identity management
* Session termination

While fully supported, it is recommended to adopt **IAM API Version 2 with OAuth 2.0** for all new integrations.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.onewebstack.com/api-reference/iam2-api/method-reference.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.