Shadows Type REST Endpoint

Last modified 13 Mar 2024 13:32 +01:00


Here we are describing the Shadows object type in relation to midPoints REST API. The Shadows objects are a part of the REST API web resources.


Shadow objects are a quite advanced topic.

Modification and deletion operations executed for a shadow type object might end up changing objects on the remote system or other objects in midPoint.

Proceed with caution.

Operations And Examples

The Shadow web endpoint provides us with information regarding resource shadows. Resource shadow objects are usually created and modified automatically by midPoint, most often the use cases will resolve around fetching and reading the shadow object data.

In our examples we are authenticating with the credentials, name "administrator" and password "y0uR_P455woR*d" on a localhost instance running on port 8080.

For some help regarding the REST examples please see this link:

Get Shadow Object

Get operation for fetching a single specific object. In this case a concrete shadow objects.

Search for Shadow Objects

Search operation usable for fetching the full list of objects or a list based on filter.

Modify Shadow Objects

Modifications of shadow objects are usually done by midPoint itself yet there is a possibility to change them via the REST interface.

Delete Shadow Objects

Shadow object deletion.

The deletion of a shadows object might result in the removal of this object from the remote system.

Shadow Object Specific Operations

A set of operations specific for the Shadow REST objects.

Generate and Validate operations for Shadow Objects

JSON Example

Example output of information regarding a specific Shadows object. Metadata is usually a part of the output, yet it was removed for the purpose of the example.

Show JSON Example
  "shadow" : {
    "oid" : "062ac29f-f296-4824-aeab-9a0feb9e8bd3",
    "version" : "",
    "name" : "Jack",
    "description" : "",
    "metadata" : {},
    "operationExecution" : {},
    "resourceRef" : {
      "oid" : "ef2bc95b-76e0-59e2-86d6-9999cccccccc",
      "relation" : "org:default",
      "type" : "c:ResourceType"
    "synchronizationSituation" : "linked",
    "synchronizationTimestamp" : "",
    "fullSynchronizationTimestamp" : "",
    "synchronizationSituationDescription" : {},
    "objectClass" : "ri:AccountObjectClass",
    "primaryIdentifierValue" : "Jack",
    "kind" : "account",
    "intent" : "default",
    "iteration" : 0,
    "iterationToken" : "",
    "attributes" : {
      "@ns" : "",
      "username" : {
        "@type" : "xsd:string",
        "@value" : "Jack"
    "activation" : {
      "enableTimestamp" : ""
    "credentials" : {}
Was this page helpful?
Thanks for your feedback